[02:04] <sdeziel> interesting, if the Server HTTP header is to be believed, https://esm.ubuntu.com uses NGINX with HTTP2 enabled while archive.ubuntu.com uses apache2 with HTTP 1.1 and both are running Bionic
[02:05] <sdeziel> https://ppa.launchpadcontent.net uses apache2 with HTTP 1.1 and uses Xenial
[02:05] <sdeziel> that is old :)
[02:07] <sarnold> esm wanted tls to avoid leaking username/passwords/auth tokens over plaintext
[02:07] <sarnold> i've long wondered if nginx would lead to happier archivemirrors, but changing *that* is not something that you just suggest on a whim :)
[02:08] <arraybolt3> Meh, Xenial has a few years left on it.
[02:09] <arraybolt3> If they were running Trusty, that would concern me :P
[02:10] <sdeziel> my main grip with Xenial is that it doesn't have TLS 1.3
[02:10] <sdeziel> it's cool that esm has HTTP2 enabled though!
[02:11] <sdeziel> I'll have to check if apt can make HTTP2 connections ;)
[04:30] <NatSocSiD> is there a way to force apt to install the "kept back" packages?
[04:31] <NatSocSiD> beside doing "apt install packagename1 packagename2"?
[04:33] <arraybolt3> !phasedupdates | NatSocSiD
[04:33] <ubottu> NatSocSiD: Since Ubuntu 21.04, APT now implements phased updates. This can hold back updates on some systems while they are being phased in. See https://help.ubuntu.com/community/PhasedUpdates for more info.
[05:22] <NatSocSiD> thank you arraybolt3
[05:22] <NatSocSiD> I'll try the method provided on the link
=== Maik0 is now known as Maik
[09:51] <moha> Hey
[09:51] <moha> "Modern LVM has thin pools which has lightweight snapshots"
[09:52] <moha> How can I do 'LVM thin' in the ubiquity installer?
[09:53] <tomreyn> not
[09:54] <moha> My case: We have a bunch of G8 HP servers as our test lab, and we need to revert to the initial state time-to-time; It's easy to rollback to the initial state when your lab is on a virtualized env, just by taking back to the right snapshot; But what about a bare metal environment? How we can have here a functionality like a snapshot feature to put OS in a previously frozen state?
[09:55] <moha> I'm looking for a Linux-based solution against bare metals for reverting capability.
[10:25] <tomreyn> moha: you asked about ubiquity, the ubuntu desktop installer. things are different for subiquity, the ubuntu server installer (though i do not know whether that supports LVM thin provisioning). your sceanrio sounds like you could benefit from containers (lxc/lxd) on zfs
[10:29] <moha> Oh, I didn't know they are two things, [s]ubiquity. Indeed, we need to have our env, that is for OpenStack nodes, to be on bare metal. LX[C|D] is kinda using a virtualization layer.
[10:37] <JanC> you can just do snapshots on ZFS too, of course
[10:40] <JanC> or just doing the LVM thin provisioning from a live image before you install probably works too
[10:41] <moha> +1
[10:41] <moha> Is ZFS recommended for Ubuntu-based production environments these days? As far as I can remember it's something that originated in the BSD world
[10:41] <JanC> it originated in Solaris
[10:42] <ravage> i would not recomment it as a root filesystem
[10:42] <lotuspsychje> there are some bugs around zfs + ubuntu 22.04
[10:42] <ravage> as storage it is great
[10:42] <JanC> and technically, what open source OS'es use is OpenZFS
[10:43] <JanC> which is a fork of Oracle ZFS
=== Eickmeyer0 is now known as Eickmeyer
[12:43] <smoser> rbasak: Does / will git-ubuntu import sources from esm updates ?
[13:01] <rbasak> smoser: good question! No plans right now.
[13:03] <ogra> well, at least you get a deb-src entry when enabling it ... so apt-get source will work ...
[13:40] <wingarmac> Hello !
[13:41] <wingarmac> I'm looking for help with the config of my Ubuntu server 22.04. I've trouble with the PTR file db.192 and its converted data.
[13:41] <wingarmac> I'm not sure at all how to enter it like itshould
[13:41] <wingarmac> Can anyone help ?
[13:45] <sdeziel> wingarmac: asking your question is probably the best way to know if someone is able to answer it ;)
[13:45] <wingarmac>   "edns_client_subnet" refused on googledns query
[13:46] <wingarmac> I've got these errors after creating the PTR file:
[13:46] <wingarmac> zone 1.168.192.in-addr.arpa/IN: has no NS records
[13:46] <wingarmac> zone 1.168.192.in-addr.arpa/IN: not loaded due to errors.
[13:46] <wingarmac> _default/1.168.192.in-addr.arpa/IN: bad zone
[13:50] <sdeziel> wingarmac: can you share the db.192 file via pastebin?
[13:51] <wingarmac> I just need to paste it here right ?
[13:52] <wingarmac> Or is there a way to send it? I'm not sure what you mean by "pastebin"?
[13:52] <ogra> !paste
[13:52] <ubottu> For posting multi-line texts into the channel, please use https://dpaste.com | To post !screenshots use https://imgur.com | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
[13:53] <sdeziel> wingarmac: you can also do `nc termbin.com 9999 < db.192` and share the URL you get in return
[13:56] <wingarmac> https://termbin.com/rcz2
[14:00] <wingarmac> My Static public IP is registered at Easyhost.be in the A-records
[14:00] <sdeziel> wingarmac: please also paste your bind config file that tries to use that db.192 zone file
[14:01] <wingarmac> db.mydomain.org I presume?
[14:01] <wingarmac> https://termbin.com/5m9uk
[14:01] <wingarmac> Here it is.
[14:03] <wingarmac> Here's also the apache virtual host: https://termbin.com/zwik
[14:03] <sdeziel> wingarmac: that's another zone file. There must be a file under /etc/bind in which you reference that `db.192` file to be used as master or slave, right?
[14:04] <wingarmac> As I did understand on the website I was, I had to create the db.domain.org, and reverse the ip's to create the ptr record. Not sur I already now what it all meens
[14:05] <wingarmac> https://ubuntu.com/server/docs/service-domain-name-service-dns
[14:05] <wingarmac> https://www.ionos.fr/digitalguide/hebergement/aspects-techniques/enregistrement-ptr/
[14:05] <wingarmac> I was trying on base of this information to fix it.
[14:07] <sdeziel> wingarmac: so if I understood properly, you have the IP 91.183.239.36 assigned to you. That IP currently has its PTR set to `36.239-183-91.adsl-static.isp.belgacom.be.` and you'd like it to be something else, is that right?
[14:08] <wingarmac> I like to put my apache server online
[14:09] <wingarmac> I installed bind on it, because I couldn't get it to work with routing and virtual host only.
[14:09] <wingarmac> I've tried lot's of things
[14:09] <wingarmac> I'm busy since yesterday 1AM
[14:11] <wingarmac> It's like the ports remain closed. I made redirection for the specific port on the server input of the router itself, and entered the routing rules like I found on Askubuntu
[14:11] <sdeziel> wingarmac: OK, I understand you wanting apache, that's fine. However, apache doesn't require any specific PTR so please elaborate on that requirement
[14:12] <wingarmac> I've an Ubuntu server and a dektop with the same base but Cinnamon over it. I use webmin to setup the server
[14:12] <wingarmac> I would like to be able to access webmin later on both trough https
[14:13] <sdeziel> wingarmac: I see. I don't /think/ you need to deal with your IP's PTR for that.
[14:13] <wingarmac> I' would also like to be able to connect to other clients I've installed with Ubuntu in order to do maintenance
[14:13] <wingarmac> I' would later like to be able to mirror offial Ubuintu repos on it to
[14:14] <wingarmac> And even try things out like ipxe
[14:14] <wingarmac> over internet of course
[14:14] <sdeziel> wingarmac: so far, none of your requirements require a specific PTR so there's always that :)
[14:14] <wingarmac> I do not realy know, I jsut followed the instruction on Ubuntu to setup my server
[14:14] <wingarmac> It was part of the setup of bind
[14:15] <wingarmac> I had to try in order to understand a bit what I'm reading. I did no schooling for this
[14:15] <wingarmac> I'm self taught, and people like you are my masters
[14:15] <wingarmac> or teachers, you did understand
[14:16] <wingarmac> Sorry for my English
[14:16] <sdeziel> wingarmac: hehe, we are all here to learn
[14:16] <wingarmac> I like the idea to share wisdom
[14:16] <wingarmac> naturaly by practice, not by saying, read this book
[14:17] <wingarmac> I like examples I could have some interst to use for my dayly tasks.
[14:18] <wingarmac> So I've already tried lots of server configurations, but I feld like prisoner of the services applying to LAN only. Now I'm like a kid with his new toy ;)
[14:19] <wingarmac> I entered the big world
[14:19] <wingarmac> I do this for private purposes. I've no company.
[14:20] <sdeziel> wingarmac: so you've got a public IP, is it directly assigned to your apache machine or is it assigned to your home router?
[14:20] <wingarmac> I'm just trying to update my tools as home IT support volunteer
[14:20] <wingarmac> NAT router
[14:20] <wingarmac> from ISP
[14:20] <wingarmac> DSL
[14:21] <wingarmac> I can't connect directly
[14:22] <wingarmac> I've to route the lan server IP to the WAN routers IP.
[14:22] <sdeziel> wingarmac: OK, so you will need to change your apache vhost config to replace the IP by 0.0.0.0 so that it looks like this: <VirtualHost 0.0.0.0:8080>
[14:22] <sdeziel> wingarmac: once done, apache will respond to any request coming to it's port 8080
[14:23] <sdeziel> wingarmac: after that, you'll need to log to your NAT router and do a port forward of TCP/8080 to the private IP address of your apache machine
[14:24] <wingarmac> Virtual Server	Any	8080	wingarmac.org	/var/www/wingarmac.org/public_html
[14:24] <wingarmac> done
[14:25] <sdeziel> wingarmac: hmm, I don't know why you are using port 8080 but you have something working on your public IP port 80 as http://wingarmac.org works for me
[14:26] <wingarmac> https://ibb.co/Tvw0VbN
[14:27] <wingarmac> I look into the files to see if I've entered this value.
[14:27] <sdeziel> wingarmac: OK so when I go to http://wingarmac.org/, my connection is handled by your internal machine with IP 192.168.1.9
[14:32] <wingarmac> but I can't get to my index page when I enter my domainname
[14:35] <wingarmac> https://dpaste.com/4TNFDHGEA
[14:36] <wingarmac> This is my results, when I look for my domain name and set my local ip of the server in google dns resolver
[14:36] <wingarmac> https://dpaste.com/4TNFDHGEA
[14:36] <wingarmac> Sorry for that
[14:38] <wingarmac> When I do ip route I only get lan routing: ip route  
[14:38] <wingarmac> default via 192.168.1.1 dev enp3s0 proto static 
[14:38] <wingarmac> 192.168.1.0/24 dev enp3s0 proto kernel scope link src 192.168.1.9
[14:38] <wingarmac> Something is not right here
[14:40] <wingarmac> Whould these do ? https://dpaste.com/ALEYK4W8P
[14:46] <sdeziel> wingarmac: I don't think you need to tweak any route, DNS config or iptables rule. It seems to just be an apache config issue if you don't get the page you expect
[14:47] <wingarmac> Maybe a restart could help ?
[14:48] <sdeziel> wingarmac: it looks like you have the default vhost in place. You can confirm by checking what you have in `/etc/apache2/sites-enabled/`
[14:49] <wingarmac> Thats correct
[14:49] <wingarmac> I do made a new page, this one was good for the test too, I just copied it into the public folder
[14:50] <wingarmac> but how can you get on it? I've tried to open wingarmac.org from my desktop and it doesn't work
[14:51] <wingarmac> from my phone on GPRS it works, without wifi. It's cool !
[14:51] <sdeziel> it is possible that you cannot access it because your router's port forward is only applied for connections coming from the LAN
[14:52] <sdeziel> err, I meant WAN, not LAN
[14:52] <wingarmac> Thank you verry much sdeziel ! it was lot's easier with someone else help !
[14:52] <wingarmac> I can maybe add to the trusted list or something like that ?
[14:53] <sdeziel> a better option would be to add a DNS in your router's config saying that wingarmac.org has the IP 192.168.1.9
[14:53] <wingarmac> ACL List in the Bind settings should help
[14:54] <wingarmac> I can't do that, It's an ISP router. I can't change its dns
[14:55] <wingarmac> I can add other dns into bind
[14:55] <wingarmac> like I did for those from Google
[14:56] <sdeziel> I'm suggesting to add a DNS alias or hostname to your router. No need to use bind for that
[14:57] <sdeziel> typically, ISP provided router also come with a DNS caching resolver (usually dnsmasq) and they sometimes let you provide some name <-> IP association for machines inside your LAN
[15:03] <wingarmac> nope, I canot edit the ip and dns data of the wan connection inside the router
[15:04] <wingarmac> Youdon't know about Belgian ISP's do you ?
[15:05] <wingarmac> They make all routes with their own rules on it. It's an all mess if you try to configure something that it's not in there ways. even if you've have legaly the right to have it. It just some commercial enoyance
[15:07] <wingarmac> If you knew what I had to do as a residential user to get this fixed IP and base pro subscription. And at top of that it's even sheeper as I payed before (without the fixed IP) option. And I've 10Gb mobile data a month more.
[15:07] <wingarmac> But when you'll truy to get the same, you'll get trough hell before you succeed.
[15:08] <wingarmac> That's the way of Belgian ISP's
[15:08] <wingarmac> and this few worst do not mention the worst ...
[15:10] <wingarmac> words
[15:12] <sdeziel> wingarmac: yeah, you cannot tweak the WAN side for sure but I was talking about the LAN side
[15:14] <wingarmac> I could set port forwarding. Coudl you give an example of what you consider I should set ?
[15:19] <wingarmac> I can change rules for:
[15:19] <wingarmac> Address and Port Translation
[15:19] <wingarmac> IPv4 Portmap Rules
[15:19] <wingarmac> IPv6 Pinholes
[15:19] <wingarmac> https://ibb.co/FYmDSLp
[15:19] <wingarmac> the screenshot is for IP4, but the options are the same
[15:19] <wingarmac> When you select from the menu shown, the prot is auto selected
[15:20] <wingarmac> When you enter something it dislikes it gives an error and eject you from the entry
[15:22] <sdeziel> wingarmac: that's a minimalist interface I must admit. I'd check all tabs, maybe there is one about DHCP/DNS?
[15:22] <sdeziel> well, one that deals with DHCP/DNS config
[15:24] <wingarmac> I presume I'll have to install isc-dhcp. I will, because I would like to test iPXE two
[15:25] <wingarmac> I should first resolve this:dpaste.com/AQBNRHXQP
[15:27] <wingarmac> Ones this is solved I will subscribe for the ssl service: https://www.easyhost.be/nl/ssl-certificaat-kopen
[15:27] <wingarmac> What's your opinion about this subscription ?
[15:27] <sdeziel> I'd use Let's Encrypt that is free :)
[15:28] <sdeziel> ZeroSSL is also free but I have yet to try them
[15:28] <wingarmac> You meen I can install and configure it to work officialy like it should ?
[15:29] <sdeziel> If by that you mean a working TLS certificate that normal browsers recognize without throwing errors, then yes ;)
[15:29] <wingarmac> Will it be the same security level. I do not think I'll get much support anyway from Easyhost
[15:29] <wingarmac> So i gladly consider any options
[15:30] <wingarmac> At least as these are secure and legal
[15:30] <wingarmac> I would not like to have issues with licenses
[15:31] <wingarmac> I rather not pay fees or have my IP banned
[15:44] <wingarmac> sdeziel I've got the answer from easyhost: We do provide the encription file, but you have to set it up. We onlly give support on our own products and systems.
[15:44] <wingarmac> I'd answer that I'll maybe comme back to them when I know how, since they can't tell.
[16:48] <tanul1989> Hello, We have azure kubernetes with 8 ubuntu nodes attach to it. There OS is ubuntu 22.04.1 jammy jelly fish.... We have just upgraded the azure kubernetes to 1.25.2 version and after that all the nodes has started facing extreme memory pressure..
[16:48] <tanul1989> I have logged-in inside node to troubleshoot but unable to figure out why this is happening.. Before upgrade our nodes were on 80 to 90% of memory. But after upgrade memory consumption is reaching from 140 to 146%... We have also deleted 22 microservices but still nodes are under extreme pressure
[16:48] <tanul1989> Can any suggest the procedure to troubleshoot the reason behind memory consumption issue on ubuntu nodes
[17:07] <tanul1989> Any suggestions please?
[17:18] <smoser> rbasak, ogra it'd be really nice. ogra if i just want deb-src i can deb-src for everything. but I've been spoiled by git-ubuntu. and I don't want deb-src for anything.
[17:40] <jchittum> tanul1989 : i did some reading of backlog in #ubuntu as well. Looks like there are a few possible diffs you need to check on to understand what's happening. first is the k8s version. second is the version of the container in use (has it also changed compared the older nodes?), third is version of ubuntu (20.04 vs. 22.04). 
[17:41] <jchittum> 1. if you can narrow to version of k8s vs. version of Ubuntu while all running the same releases of the containers, you'll be able to tell if it's a K8s change or Ubuntu change
[17:42] <jchittum> and also comparing total running services between the AKS node versions -- is the dotnet app consuming the same across different nodes, and something else is consuming resources? or is your app, running the same container version, consuming different resources across different node releases?
[17:45] <wingarmac> (On Ubuntu server 22.10) Can I use OpenSSL without a mail server ? I've entered a redirection to my Gmail account on my domain name for what's concerning the emails.
[17:55] <jchittum> another helpful command : ps aux -sort=-%mem
[18:12] <evit> What is up with the pricing for Ubuntu Pro? It doesn't have an option for one using one of the smaller cloud providers. $500 per server per year is absurd. 
[18:12] <evit> Is there any option for other cloud providers or small servers? 
[18:47] <ahasenack> you mean beyond the 5 free seats?
=== Alexey_ is now known as FM
=== CodeMouse92 is now known as Guest5011