[01:46] <faekjarz> Can i change mount options, "-o discard" in particular, WHILE the XFS remains mounted?
[01:47] <sarnold> check the manpage, look for "remount"
[01:55] <av2156> anyone using lxd containers ?
[01:56] <av2156> i am having name resolution error, kinda new to this thing
[01:57] <av2156> cant ping anything, cant sync repos either
[01:58] <faekjarz> sarnold: thanks (Arch wiki says nope: https://bbs.archlinux.org/viewtopic.php?id=143254)
[02:00] <sarnold> faekjarz: dang :(
[02:01] <sarnold> av2156: if you're using a bridge .. adding an interface to the bridge means the interface will stop doing networking. you have to add the IP address "of the machine" to the bridge..
[02:02] <sarnold> av2156: there's probably dozens of reasons why you'd be seeing the problems you're seeing, but this "assign an address to the bridge" linux behaviour is very surprising and a common stumbling block
[02:05] <av2156> sarnold should I share container config ? 
[02:05] <av2156> and how can i add the ip to the bridge, sorry i dont know
[02:07] <sarnold> av2156: you can manipulate bridges with the 'bridge' command and 'ip' command, but ideally you'd get your system networking configured via netplan or systemd-networkd or /etc/network/interfaces (or whatever you're using) so it'll work on boot directly.. but fiddling around with the manual commands to debug if that's the problem is a good first step
[02:08] <sarnold> av2156: I'm not actually all that familiar with using lxd as an 'exposed service' sort of tool, I've mainly used it just to get shells of different releases :(
[02:12] <av2156> thanks sarnold for the details, i really wish i got understand this, guess its finally time to learn about linux networking in detail
[02:13] <av2156> been ignoring that from a very long time
[02:13] <sarnold> av2156: yeah, I say that myself from time to time :)
[02:13] <sarnold> av2156: I'm off for the night, good luck :)
[02:13] <av2156> sure
[02:24] <feurig> av2156: the #lxd channel is pretty helpful
[02:24] <av2156> yes they are, its just time zones
[15:18] <blackboxsw> athos: just for FYI I've cc'd you as on a cloud-init initial ansible support for ansible-pull based 
[15:18] <athos> blackboxsw: ack!
[15:19] <athos> I will get to those ansible related pings asap, btw :)
[15:19] <blackboxsw> no rush at all just wanted you to have context of what cloud-init is thinking for the first part of ansible early boot support at https://github.com/canonical/cloud-init/pull/1579 expect this to grow to support more complex use cases
[15:20] <athos> ack
[18:25] <ahasenack> sarnold: do you still have your huge mirror of all of ubuntu?
[18:25] <ahasenack> unpackeg source packages?
[18:25] <ahasenack> unpacked*
[18:32] <ahasenack> I was wondering if we could check how many packages offer an ufw profile. And if you have it per ubuntu release, if we see a change in that number from LTS to LTS for example
[18:32] <ahasenack> I don't recall seeing many new ufw profiles being added, or changed, in the distro
[18:33] <ahasenack> the list in the output of `apt-cache rdepends ufw` is pretty small, but I don't think ufw would ever be a hard depend in a package
[18:34] <ahasenack> looks like it's always Suggests perhaps?
[18:49] <sarnold> ahasenack: I do, but I think this one's more easily answered via apt-file:
[18:49] <sarnold> $ apt-file search /etc/ufw/applications.d/
[18:49] <sarnold> apache2: /etc/ufw/applications.d/apache2-utils.ufw.profile
[18:49] <sarnold> bind9: /etc/ufw/applications.d/bind9
[18:49] <sarnold> ...
[18:49] <ahasenack> ah, indeed, had forgotten about that
[18:49] <ahasenack> thx
[18:50] <sarnold> that's only 18 in focal :( the last time I went looking for this I was shocked just how small that list is. the gufw front-end has way more:
[18:50] <sarnold> $ apt-file search /etc/gufw/app_profiles/ | wc -l
[18:50] <sarnold> 256
[18:51] <sarnold> but I think the only way to consume these is to actually use that gui
[18:51] <ahasenack> if it's a frontend, how can it have more?
[18:51] <ahasenack> yeah, I was checking things we added to ubuntu a while back, and if we kept maintaining them
[18:51] <ahasenack> I've seen some fall through the cracks
[18:51] <ahasenack> I think ufw is one of them
[18:51] <sarnold> yeah
[18:52] <ahasenack> apparmor is another I think, any new profile we get is either for snaps, or comes from upstream, but is then shipped in the apparmor-profiles package, not in the package itself
[18:52] <ahasenack> or apparmor-profiles-extra
[18:52] <ahasenack> iirc
[18:52] <sarnold> *ugh* that -extras package imho should go away
[18:53] <sarnold> they're not maintained enough to suggest to folks that they're ready for use; they're "a starting point to build from", but people just blindly cp * /etc/apparmor.d/ and then gobs of stuff doesn't work
[18:53] <ahasenack> but the same for apparmor-profiles
[18:53] <ahasenack> and that one comes from src:apparmor-profiles
[18:53] <ahasenack> so to update one, you have to update apparmor, which is annoying from an SRU perspective
[18:53] <sarnold> that's not *quite* as bad, but also yeah
[19:07] <JanC> for some applications it would make more sense to have a tool create ufw/apparmor profiles based on the configuration...
[19:07] <ahasenack> also true
[19:08] <ahasenack> and to be honest, I can never remember the ufw syntax
[19:08] <ahasenack> for something just a tiny bit above the usual "ufw allow <app>"
[19:08] <ahasenack> for example, "ufw allow app from 10.10.0.0/16" would have been intuitive, but doesn't work
[19:09] <ahasenack> the command line is either super simple (ufw allow <app>) or a fork of a full iptables command line (anything other then the simple ufw allow <app>)
[19:10] <ahasenack> and I think it's also breaking lxd networking, but I would have to recheck that again
[19:10] <ahasenack> I remember that whenever I enabled ufw, containers would start having networking problems
[19:20] <ahasenack> sarnold: I counted 18 in bionic, you counted 18 in focal, and in jammy I count 19
[19:20] <ahasenack> (ufw profiles)
[19:20] <ahasenack> wonder which one is the new one
[19:20] <sarnold> ahasenack: hah, I didn't expect the list to *grow*
[19:20] <ahasenack> I'm guessing squid-openssl
[19:20] <ahasenack> just because I remember it's a new package
[19:20] <ahasenack> script is still running
[19:20] <sarnold> cat a b | sort | uniq -c | sort -n  is one of my favourite things :)
[19:21] <ahasenack> hm, not so simple, some went away, new ones came in
[19:21] <sarnold> oh dang that requires a smarter tool, heh
[19:21] <ahasenack> "coturn" disappeared
[19:21] <ahasenack> so did "nitroshare"
[19:22] <ahasenack> oh well
[19:22] <sarnold> no jammy https://launchpad.net/ubuntu/+source/coturn https://launchpad.net/ubuntu/+source/nitroshare
[19:22] <ahasenack> still, a net gain of 1 :)