[01:46] Can i change mount options, "-o discard" in particular, WHILE the XFS remains mounted? [01:47] check the manpage, look for "remount" [01:55] anyone using lxd containers ? [01:56] i am having name resolution error, kinda new to this thing [01:57] cant ping anything, cant sync repos either [01:58] sarnold: thanks (Arch wiki says nope: https://bbs.archlinux.org/viewtopic.php?id=143254) [02:00] faekjarz: dang :( [02:01] av2156: if you're using a bridge .. adding an interface to the bridge means the interface will stop doing networking. you have to add the IP address "of the machine" to the bridge.. [02:02] av2156: there's probably dozens of reasons why you'd be seeing the problems you're seeing, but this "assign an address to the bridge" linux behaviour is very surprising and a common stumbling block [02:05] sarnold should I share container config ? [02:05] and how can i add the ip to the bridge, sorry i dont know [02:07] av2156: you can manipulate bridges with the 'bridge' command and 'ip' command, but ideally you'd get your system networking configured via netplan or systemd-networkd or /etc/network/interfaces (or whatever you're using) so it'll work on boot directly.. but fiddling around with the manual commands to debug if that's the problem is a good first step [02:08] av2156: I'm not actually all that familiar with using lxd as an 'exposed service' sort of tool, I've mainly used it just to get shells of different releases :( [02:12] thanks sarnold for the details, i really wish i got understand this, guess its finally time to learn about linux networking in detail [02:13] been ignoring that from a very long time [02:13] av2156: yeah, I say that myself from time to time :) [02:13] av2156: I'm off for the night, good luck :) [02:13] sure [02:24] av2156: the #lxd channel is pretty helpful [02:24] yes they are, its just time zones === scoobydoob is now known as scoobydoo [15:18] athos: just for FYI I've cc'd you as on a cloud-init initial ansible support for ansible-pull based [15:18] blackboxsw: ack! [15:19] I will get to those ansible related pings asap, btw :) [15:19] no rush at all just wanted you to have context of what cloud-init is thinking for the first part of ansible early boot support at https://github.com/canonical/cloud-init/pull/1579 expect this to grow to support more complex use cases [15:19] Pull 1579 in canonical/cloud-init "Add Ansible Config Module" [Open] [15:20] ack [18:25] sarnold: do you still have your huge mirror of all of ubuntu? [18:25] unpackeg source packages? [18:25] unpacked* [18:32] I was wondering if we could check how many packages offer an ufw profile. And if you have it per ubuntu release, if we see a change in that number from LTS to LTS for example [18:32] I don't recall seeing many new ufw profiles being added, or changed, in the distro [18:33] the list in the output of `apt-cache rdepends ufw` is pretty small, but I don't think ufw would ever be a hard depend in a package [18:34] looks like it's always Suggests perhaps? [18:49] ahasenack: I do, but I think this one's more easily answered via apt-file: [18:49] $ apt-file search /etc/ufw/applications.d/ [18:49] apache2: /etc/ufw/applications.d/apache2-utils.ufw.profile [18:49] bind9: /etc/ufw/applications.d/bind9 [18:49] ... [18:49] ah, indeed, had forgotten about that [18:49] thx [18:50] that's only 18 in focal :( the last time I went looking for this I was shocked just how small that list is. the gufw front-end has way more: [18:50] $ apt-file search /etc/gufw/app_profiles/ | wc -l [18:50] 256 [18:51] but I think the only way to consume these is to actually use that gui [18:51] if it's a frontend, how can it have more? [18:51] yeah, I was checking things we added to ubuntu a while back, and if we kept maintaining them [18:51] I've seen some fall through the cracks [18:51] I think ufw is one of them [18:51] yeah [18:52] apparmor is another I think, any new profile we get is either for snaps, or comes from upstream, but is then shipped in the apparmor-profiles package, not in the package itself [18:52] or apparmor-profiles-extra [18:52] iirc [18:52] *ugh* that -extras package imho should go away [18:53] they're not maintained enough to suggest to folks that they're ready for use; they're "a starting point to build from", but people just blindly cp * /etc/apparmor.d/ and then gobs of stuff doesn't work [18:53] but the same for apparmor-profiles [18:53] and that one comes from src:apparmor-profiles [18:53] so to update one, you have to update apparmor, which is annoying from an SRU perspective [18:53] that's not *quite* as bad, but also yeah [19:07] for some applications it would make more sense to have a tool create ufw/apparmor profiles based on the configuration... [19:07] also true [19:08] and to be honest, I can never remember the ufw syntax [19:08] for something just a tiny bit above the usual "ufw allow " [19:08] for example, "ufw allow app from 10.10.0.0/16" would have been intuitive, but doesn't work [19:09] the command line is either super simple (ufw allow ) or a fork of a full iptables command line (anything other then the simple ufw allow ) [19:10] and I think it's also breaking lxd networking, but I would have to recheck that again [19:10] I remember that whenever I enabled ufw, containers would start having networking problems [19:20] sarnold: I counted 18 in bionic, you counted 18 in focal, and in jammy I count 19 [19:20] (ufw profiles) [19:20] wonder which one is the new one [19:20] ahasenack: hah, I didn't expect the list to *grow* [19:20] I'm guessing squid-openssl [19:20] just because I remember it's a new package [19:20] script is still running [19:20] cat a b | sort | uniq -c | sort -n is one of my favourite things :) [19:21] hm, not so simple, some went away, new ones came in [19:21] oh dang that requires a smarter tool, heh [19:21] "coturn" disappeared [19:21] so did "nitroshare" [19:22] oh well [19:22] no jammy https://launchpad.net/ubuntu/+source/coturn https://launchpad.net/ubuntu/+source/nitroshare [19:22] still, a net gain of 1 :)