/srv/irclogs.ubuntu.com/2023/02/03/#ubuntu-server.txt

sdezielinteresting, if the Server HTTP header is to be believed, https://esm.ubuntu.com uses NGINX with HTTP2 enabled while archive.ubuntu.com uses apache2 with HTTP 1.1 and both are running Bionic02:04
sdezielhttps://ppa.launchpadcontent.net uses apache2 with HTTP 1.1 and uses Xenial02:05
sdezielthat is old :)02:05
sarnoldesm wanted tls to avoid leaking username/passwords/auth tokens over plaintext02:07
sarnoldi've long wondered if nginx would lead to happier archivemirrors, but changing *that* is not something that you just suggest on a whim :)02:07
arraybolt3Meh, Xenial has a few years left on it.02:08
arraybolt3If they were running Trusty, that would concern me :P02:09
sdezielmy main grip with Xenial is that it doesn't have TLS 1.302:10
sdezielit's cool that esm has HTTP2 enabled though!02:10
sdezielI'll have to check if apt can make HTTP2 connections ;)02:11
NatSocSiDis there a way to force apt to install the "kept back" packages?04:30
NatSocSiDbeside doing "apt install packagename1 packagename2"?04:31
arraybolt3!phasedupdates | NatSocSiD04:33
ubottuNatSocSiD: Since Ubuntu 21.04, APT now implements phased updates. This can hold back updates on some systems while they are being phased in. See https://help.ubuntu.com/community/PhasedUpdates for more info.04:33
NatSocSiDthank you arraybolt305:22
NatSocSiDI'll try the method provided on the link05:22
=== Maik0 is now known as Maik
mohaHey09:51
moha"Modern LVM has thin pools which has lightweight snapshots"09:51
mohaHow can I do 'LVM thin' in the ubiquity installer?09:52
tomreynnot09:53
mohaMy case: We have a bunch of G8 HP servers as our test lab, and we need to revert to the initial state time-to-time; It's easy to rollback to the initial state when your lab is on a virtualized env, just by taking back to the right snapshot; But what about a bare metal environment? How we can have here a functionality like a snapshot feature to put OS in a previously frozen state?09:54
mohaI'm looking for a Linux-based solution against bare metals for reverting capability.09:55
tomreynmoha: you asked about ubiquity, the ubuntu desktop installer. things are different for subiquity, the ubuntu server installer (though i do not know whether that supports LVM thin provisioning). your sceanrio sounds like you could benefit from containers (lxc/lxd) on zfs10:25
mohaOh, I didn't know they are two things, [s]ubiquity. Indeed, we need to have our env, that is for OpenStack nodes, to be on bare metal. LX[C|D] is kinda using a virtualization layer.10:29
JanCyou can just do snapshots on ZFS too, of course10:37
JanCor just doing the LVM thin provisioning from a live image before you install probably works too10:40
moha+110:41
mohaIs ZFS recommended for Ubuntu-based production environments these days? As far as I can remember it's something that originated in the BSD world10:41
JanCit originated in Solaris10:41
ravagei would not recomment it as a root filesystem10:42
lotuspsychjethere are some bugs around zfs + ubuntu 22.0410:42
ravageas storage it is great10:42
JanCand technically, what open source OS'es use is OpenZFS10:42
JanCwhich is a fork of Oracle ZFS10:43
=== Eickmeyer0 is now known as Eickmeyer
smoserrbasak: Does / will git-ubuntu import sources from esm updates ?12:43
rbasaksmoser: good question! No plans right now.13:01
ograwell, at least you get a deb-src entry when enabling it ... so apt-get source will work ...13:03
wingarmacHello !13:40
wingarmacI'm looking for help with the config of my Ubuntu server 22.04. I've trouble with the PTR file db.192 and its converted data.13:41
wingarmacI'm not sure at all how to enter it like itshould13:41
wingarmacCan anyone help ?13:41
sdezielwingarmac: asking your question is probably the best way to know if someone is able to answer it ;)13:45
wingarmac  "edns_client_subnet" refused on googledns query13:45
wingarmacI've got these errors after creating the PTR file:13:46
wingarmaczone 1.168.192.in-addr.arpa/IN: has no NS records13:46
wingarmaczone 1.168.192.in-addr.arpa/IN: not loaded due to errors.13:46
wingarmac_default/1.168.192.in-addr.arpa/IN: bad zone13:46
sdezielwingarmac: can you share the db.192 file via pastebin?13:50
wingarmacI just need to paste it here right ?13:51
wingarmacOr is there a way to send it? I'm not sure what you mean by "pastebin"?13:52
ogra!paste13:52
ubottuFor posting multi-line texts into the channel, please use https://dpaste.com | To post !screenshots use https://imgur.com | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.13:52
sdezielwingarmac: you can also do `nc termbin.com 9999 < db.192` and share the URL you get in return13:53
wingarmachttps://termbin.com/rcz213:56
wingarmacMy Static public IP is registered at Easyhost.be in the A-records14:00
sdezielwingarmac: please also paste your bind config file that tries to use that db.192 zone file14:00
wingarmacdb.mydomain.org I presume?14:01
wingarmachttps://termbin.com/5m9uk14:01
wingarmacHere it is.14:01
wingarmacHere's also the apache virtual host: https://termbin.com/zwik14:03
sdezielwingarmac: that's another zone file. There must be a file under /etc/bind in which you reference that `db.192` file to be used as master or slave, right?14:03
wingarmacAs I did understand on the website I was, I had to create the db.domain.org, and reverse the ip's to create the ptr record. Not sur I already now what it all meens14:04
wingarmachttps://ubuntu.com/server/docs/service-domain-name-service-dns14:05
wingarmachttps://www.ionos.fr/digitalguide/hebergement/aspects-techniques/enregistrement-ptr/14:05
wingarmacI was trying on base of this information to fix it.14:05
sdezielwingarmac: so if I understood properly, you have the IP 91.183.239.36 assigned to you. That IP currently has its PTR set to `36.239-183-91.adsl-static.isp.belgacom.be.` and you'd like it to be something else, is that right?14:07
wingarmacI like to put my apache server online14:08
wingarmacI installed bind on it, because I couldn't get it to work with routing and virtual host only.14:09
wingarmacI've tried lot's of things14:09
wingarmacI'm busy since yesterday 1AM14:09
wingarmacIt's like the ports remain closed. I made redirection for the specific port on the server input of the router itself, and entered the routing rules like I found on Askubuntu14:11
sdezielwingarmac: OK, I understand you wanting apache, that's fine. However, apache doesn't require any specific PTR so please elaborate on that requirement14:11
wingarmacI've an Ubuntu server and a dektop with the same base but Cinnamon over it. I use webmin to setup the server14:12
wingarmacI would like to be able to access webmin later on both trough https14:12
sdezielwingarmac: I see. I don't /think/ you need to deal with your IP's PTR for that.14:13
wingarmacI' would also like to be able to connect to other clients I've installed with Ubuntu in order to do maintenance14:13
wingarmacI' would later like to be able to mirror offial Ubuintu repos on it to14:13
wingarmacAnd even try things out like ipxe14:14
wingarmacover internet of course14:14
sdezielwingarmac: so far, none of your requirements require a specific PTR so there's always that :)14:14
wingarmacI do not realy know, I jsut followed the instruction on Ubuntu to setup my server14:14
wingarmacIt was part of the setup of bind14:14
wingarmacI had to try in order to understand a bit what I'm reading. I did no schooling for this14:15
wingarmacI'm self taught, and people like you are my masters14:15
wingarmacor teachers, you did understand14:15
wingarmacSorry for my English14:16
sdezielwingarmac: hehe, we are all here to learn14:16
wingarmacI like the idea to share wisdom14:16
wingarmacnaturaly by practice, not by saying, read this book14:16
wingarmacI like examples I could have some interst to use for my dayly tasks.14:17
wingarmacSo I've already tried lots of server configurations, but I feld like prisoner of the services applying to LAN only. Now I'm like a kid with his new toy ;)14:18
wingarmacI entered the big world14:19
wingarmacI do this for private purposes. I've no company.14:19
sdezielwingarmac: so you've got a public IP, is it directly assigned to your apache machine or is it assigned to your home router?14:20
wingarmacI'm just trying to update my tools as home IT support volunteer14:20
wingarmacNAT router14:20
wingarmacfrom ISP14:20
wingarmacDSL14:20
wingarmacI can't connect directly14:21
wingarmacI've to route the lan server IP to the WAN routers IP.14:22
sdezielwingarmac: OK, so you will need to change your apache vhost config to replace the IP by 0.0.0.0 so that it looks like this: <VirtualHost 0.0.0.0:8080>14:22
sdezielwingarmac: once done, apache will respond to any request coming to it's port 808014:22
sdezielwingarmac: after that, you'll need to log to your NAT router and do a port forward of TCP/8080 to the private IP address of your apache machine14:23
wingarmacVirtual ServerAny8080wingarmac.org/var/www/wingarmac.org/public_html14:24
wingarmacdone14:24
sdezielwingarmac: hmm, I don't know why you are using port 8080 but you have something working on your public IP port 80 as http://wingarmac.org works for me14:25
wingarmachttps://ibb.co/Tvw0VbN14:26
wingarmacI look into the files to see if I've entered this value.14:27
sdezielwingarmac: OK so when I go to http://wingarmac.org/, my connection is handled by your internal machine with IP 192.168.1.914:27
wingarmacbut I can't get to my index page when I enter my domainname14:32
wingarmachttps://dpaste.com/4TNFDHGEA14:35
wingarmacThis is my results, when I look for my domain name and set my local ip of the server in google dns resolver14:36
wingarmachttps://dpaste.com/4TNFDHGEA14:36
wingarmacSorry for that14:36
wingarmacWhen I do ip route I only get lan routing: ip route  14:38
wingarmacdefault via 192.168.1.1 dev enp3s0 proto static 14:38
wingarmac192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.914:38
wingarmacSomething is not right here14:38
wingarmacWhould these do ? https://dpaste.com/ALEYK4W8P14:40
sdezielwingarmac: I don't think you need to tweak any route, DNS config or iptables rule. It seems to just be an apache config issue if you don't get the page you expect14:46
wingarmacMaybe a restart could help ?14:47
sdezielwingarmac: it looks like you have the default vhost in place. You can confirm by checking what you have in `/etc/apache2/sites-enabled/`14:48
wingarmacThats correct14:49
wingarmacI do made a new page, this one was good for the test too, I just copied it into the public folder14:49
wingarmacbut how can you get on it? I've tried to open wingarmac.org from my desktop and it doesn't work14:50
wingarmacfrom my phone on GPRS it works, without wifi. It's cool !14:51
sdezielit is possible that you cannot access it because your router's port forward is only applied for connections coming from the LAN14:51
sdezielerr, I meant WAN, not LAN14:52
wingarmacThank you verry much sdeziel ! it was lot's easier with someone else help !14:52
wingarmacI can maybe add to the trusted list or something like that ?14:52
sdeziela better option would be to add a DNS in your router's config saying that wingarmac.org has the IP 192.168.1.914:53
wingarmacACL List in the Bind settings should help14:53
wingarmacI can't do that, It's an ISP router. I can't change its dns14:54
wingarmacI can add other dns into bind14:55
wingarmaclike I did for those from Google14:55
sdezielI'm suggesting to add a DNS alias or hostname to your router. No need to use bind for that14:56
sdezieltypically, ISP provided router also come with a DNS caching resolver (usually dnsmasq) and they sometimes let you provide some name <-> IP association for machines inside your LAN14:57
wingarmacnope, I canot edit the ip and dns data of the wan connection inside the router15:03
wingarmacYoudon't know about Belgian ISP's do you ?15:04
wingarmacThey make all routes with their own rules on it. It's an all mess if you try to configure something that it's not in there ways. even if you've have legaly the right to have it. It just some commercial enoyance15:05
wingarmacIf you knew what I had to do as a residential user to get this fixed IP and base pro subscription. And at top of that it's even sheeper as I payed before (without the fixed IP) option. And I've 10Gb mobile data a month more.15:07
wingarmacBut when you'll truy to get the same, you'll get trough hell before you succeed.15:07
wingarmacThat's the way of Belgian ISP's15:08
wingarmacand this few worst do not mention the worst ...15:08
wingarmacwords15:10
sdezielwingarmac: yeah, you cannot tweak the WAN side for sure but I was talking about the LAN side15:12
wingarmacI could set port forwarding. Coudl you give an example of what you consider I should set ?15:14
wingarmacI can change rules for:15:19
wingarmacAddress and Port Translation15:19
wingarmacIPv4 Portmap Rules15:19
wingarmacIPv6 Pinholes15:19
wingarmachttps://ibb.co/FYmDSLp15:19
wingarmacthe screenshot is for IP4, but the options are the same15:19
wingarmacWhen you select from the menu shown, the prot is auto selected15:19
wingarmacWhen you enter something it dislikes it gives an error and eject you from the entry15:20
sdezielwingarmac: that's a minimalist interface I must admit. I'd check all tabs, maybe there is one about DHCP/DNS?15:22
sdezielwell, one that deals with DHCP/DNS config15:22
wingarmacI presume I'll have to install isc-dhcp. I will, because I would like to test iPXE two15:24
wingarmacI should first resolve this:dpaste.com/AQBNRHXQP15:25
wingarmacOnes this is solved I will subscribe for the ssl service: https://www.easyhost.be/nl/ssl-certificaat-kopen15:27
wingarmacWhat's your opinion about this subscription ?15:27
sdezielI'd use Let's Encrypt that is free :)15:27
sdezielZeroSSL is also free but I have yet to try them15:28
wingarmacYou meen I can install and configure it to work officialy like it should ?15:28
sdezielIf by that you mean a working TLS certificate that normal browsers recognize without throwing errors, then yes ;)15:29
wingarmacWill it be the same security level. I do not think I'll get much support anyway from Easyhost15:29
wingarmacSo i gladly consider any options15:29
wingarmacAt least as these are secure and legal15:30
wingarmacI would not like to have issues with licenses15:30
wingarmacI rather not pay fees or have my IP banned15:31
wingarmacsdeziel I've got the answer from easyhost: We do provide the encription file, but you have to set it up. We onlly give support on our own products and systems.15:44
wingarmacI'd answer that I'll maybe comme back to them when I know how, since they can't tell.15:44
tanul1989Hello, We have azure kubernetes with 8 ubuntu nodes attach to it. There OS is ubuntu 22.04.1 jammy jelly fish.... We have just upgraded the azure kubernetes to 1.25.2 version and after that all the nodes has started facing extreme memory pressure..16:48
tanul1989I have logged-in inside node to troubleshoot but unable to figure out why this is happening.. Before upgrade our nodes were on 80 to 90% of memory. But after upgrade memory consumption is reaching from 140 to 146%... We have also deleted 22 microservices but still nodes are under extreme pressure16:48
tanul1989Can any suggest the procedure to troubleshoot the reason behind memory consumption issue on ubuntu nodes16:48
tanul1989Any suggestions please?17:07
smoserrbasak, ogra it'd be really nice. ogra if i just want deb-src i can deb-src for everything. but I've been spoiled by git-ubuntu. and I don't want deb-src for anything.17:18
jchittumtanul1989 : i did some reading of backlog in #ubuntu as well. Looks like there are a few possible diffs you need to check on to understand what's happening. first is the k8s version. second is the version of the container in use (has it also changed compared the older nodes?), third is version of ubuntu (20.04 vs. 22.04). 17:40
jchittum1. if you can narrow to version of k8s vs. version of Ubuntu while all running the same releases of the containers, you'll be able to tell if it's a K8s change or Ubuntu change17:41
jchittumand also comparing total running services between the AKS node versions -- is the dotnet app consuming the same across different nodes, and something else is consuming resources? or is your app, running the same container version, consuming different resources across different node releases?17:42
wingarmac(On Ubuntu server 22.10) Can I use OpenSSL without a mail server ? I've entered a redirection to my Gmail account on my domain name for what's concerning the emails.17:45
jchittumanother helpful command : ps aux -sort=-%mem17:55
evitWhat is up with the pricing for Ubuntu Pro? It doesn't have an option for one using one of the smaller cloud providers. $500 per server per year is absurd. 18:12
evitIs there any option for other cloud providers or small servers? 18:12
ahasenackyou mean beyond the 5 free seats?18:47
=== Alexey_ is now known as FM
=== CodeMouse92 is now known as Guest5011

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!