| faekjarz | Can i change mount options, "-o discard" in particular, WHILE the XFS remains mounted? | 01:46 |
|---|---|---|
| sarnold | check the manpage, look for "remount" | 01:47 |
| av2156 | anyone using lxd containers ? | 01:55 |
| av2156 | i am having name resolution error, kinda new to this thing | 01:56 |
| av2156 | cant ping anything, cant sync repos either | 01:57 |
| faekjarz | sarnold: thanks (Arch wiki says nope: https://bbs.archlinux.org/viewtopic.php?id=143254) | 01:58 |
| sarnold | faekjarz: dang :( | 02:00 |
| sarnold | av2156: if you're using a bridge .. adding an interface to the bridge means the interface will stop doing networking. you have to add the IP address "of the machine" to the bridge.. | 02:01 |
| sarnold | av2156: there's probably dozens of reasons why you'd be seeing the problems you're seeing, but this "assign an address to the bridge" linux behaviour is very surprising and a common stumbling block | 02:02 |
| av2156 | sarnold should I share container config ? | 02:05 |
| av2156 | and how can i add the ip to the bridge, sorry i dont know | 02:05 |
| sarnold | av2156: you can manipulate bridges with the 'bridge' command and 'ip' command, but ideally you'd get your system networking configured via netplan or systemd-networkd or /etc/network/interfaces (or whatever you're using) so it'll work on boot directly.. but fiddling around with the manual commands to debug if that's the problem is a good first step | 02:07 |
| sarnold | av2156: I'm not actually all that familiar with using lxd as an 'exposed service' sort of tool, I've mainly used it just to get shells of different releases :( | 02:08 |
| av2156 | thanks sarnold for the details, i really wish i got understand this, guess its finally time to learn about linux networking in detail | 02:12 |
| av2156 | been ignoring that from a very long time | 02:13 |
| sarnold | av2156: yeah, I say that myself from time to time :) | 02:13 |
| sarnold | av2156: I'm off for the night, good luck :) | 02:13 |
| av2156 | sure | 02:13 |
| feurig | av2156: the #lxd channel is pretty helpful | 02:24 |
| av2156 | yes they are, its just time zones | 02:24 |
| === scoobydoob is now known as scoobydoo | ||
| blackboxsw | athos: just for FYI I've cc'd you as on a cloud-init initial ansible support for ansible-pull based | 15:18 |
| athos | blackboxsw: ack! | 15:18 |
| athos | I will get to those ansible related pings asap, btw :) | 15:19 |
| blackboxsw | no rush at all just wanted you to have context of what cloud-init is thinking for the first part of ansible early boot support at https://github.com/canonical/cloud-init/pull/1579 expect this to grow to support more complex use cases | 15:19 |
| ubottu | Pull 1579 in canonical/cloud-init "Add Ansible Config Module" [Open] | 15:19 |
| athos | ack | 15:20 |
| ahasenack | sarnold: do you still have your huge mirror of all of ubuntu? | 18:25 |
| ahasenack | unpackeg source packages? | 18:25 |
| ahasenack | unpacked* | 18:25 |
| ahasenack | I was wondering if we could check how many packages offer an ufw profile. And if you have it per ubuntu release, if we see a change in that number from LTS to LTS for example | 18:32 |
| ahasenack | I don't recall seeing many new ufw profiles being added, or changed, in the distro | 18:32 |
| ahasenack | the list in the output of `apt-cache rdepends ufw` is pretty small, but I don't think ufw would ever be a hard depend in a package | 18:33 |
| ahasenack | looks like it's always Suggests perhaps? | 18:34 |
| sarnold | ahasenack: I do, but I think this one's more easily answered via apt-file: | 18:49 |
| sarnold | $ apt-file search /etc/ufw/applications.d/ | 18:49 |
| sarnold | apache2: /etc/ufw/applications.d/apache2-utils.ufw.profile | 18:49 |
| sarnold | bind9: /etc/ufw/applications.d/bind9 | 18:49 |
| sarnold | ... | 18:49 |
| ahasenack | ah, indeed, had forgotten about that | 18:49 |
| ahasenack | thx | 18:49 |
| sarnold | that's only 18 in focal :( the last time I went looking for this I was shocked just how small that list is. the gufw front-end has way more: | 18:50 |
| sarnold | $ apt-file search /etc/gufw/app_profiles/ | wc -l | 18:50 |
| sarnold | 256 | 18:50 |
| sarnold | but I think the only way to consume these is to actually use that gui | 18:51 |
| ahasenack | if it's a frontend, how can it have more? | 18:51 |
| ahasenack | yeah, I was checking things we added to ubuntu a while back, and if we kept maintaining them | 18:51 |
| ahasenack | I've seen some fall through the cracks | 18:51 |
| ahasenack | I think ufw is one of them | 18:51 |
| sarnold | yeah | 18:51 |
| ahasenack | apparmor is another I think, any new profile we get is either for snaps, or comes from upstream, but is then shipped in the apparmor-profiles package, not in the package itself | 18:52 |
| ahasenack | or apparmor-profiles-extra | 18:52 |
| ahasenack | iirc | 18:52 |
| sarnold | *ugh* that -extras package imho should go away | 18:52 |
| sarnold | they're not maintained enough to suggest to folks that they're ready for use; they're "a starting point to build from", but people just blindly cp * /etc/apparmor.d/ and then gobs of stuff doesn't work | 18:53 |
| ahasenack | but the same for apparmor-profiles | 18:53 |
| ahasenack | and that one comes from src:apparmor-profiles | 18:53 |
| ahasenack | so to update one, you have to update apparmor, which is annoying from an SRU perspective | 18:53 |
| sarnold | that's not *quite* as bad, but also yeah | 18:53 |
| JanC | for some applications it would make more sense to have a tool create ufw/apparmor profiles based on the configuration... | 19:07 |
| ahasenack | also true | 19:07 |
| ahasenack | and to be honest, I can never remember the ufw syntax | 19:08 |
| ahasenack | for something just a tiny bit above the usual "ufw allow <app>" | 19:08 |
| ahasenack | for example, "ufw allow app from 10.10.0.0/16" would have been intuitive, but doesn't work | 19:08 |
| ahasenack | the command line is either super simple (ufw allow <app>) or a fork of a full iptables command line (anything other then the simple ufw allow <app>) | 19:09 |
| ahasenack | and I think it's also breaking lxd networking, but I would have to recheck that again | 19:10 |
| ahasenack | I remember that whenever I enabled ufw, containers would start having networking problems | 19:10 |
| ahasenack | sarnold: I counted 18 in bionic, you counted 18 in focal, and in jammy I count 19 | 19:20 |
| ahasenack | (ufw profiles) | 19:20 |
| ahasenack | wonder which one is the new one | 19:20 |
| sarnold | ahasenack: hah, I didn't expect the list to *grow* | 19:20 |
| ahasenack | I'm guessing squid-openssl | 19:20 |
| ahasenack | just because I remember it's a new package | 19:20 |
| ahasenack | script is still running | 19:20 |
| sarnold | cat a b | sort | uniq -c | sort -n is one of my favourite things :) | 19:20 |
| ahasenack | hm, not so simple, some went away, new ones came in | 19:21 |
| sarnold | oh dang that requires a smarter tool, heh | 19:21 |
| ahasenack | "coturn" disappeared | 19:21 |
| ahasenack | so did "nitroshare" | 19:21 |
| ahasenack | oh well | 19:22 |
| sarnold | no jammy https://launchpad.net/ubuntu/+source/coturn https://launchpad.net/ubuntu/+source/nitroshare | 19:22 |
| ahasenack | still, a net gain of 1 :) | 19:22 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!