/srv/irclogs.ubuntu.com/2009/08/25/#ubuntu-server.txt

cheeseboy	i cant get my ethernet working :(	00:16
cheeseboy	says " eth0: link is not ready"	00:16
giovani	then either the cable isn't plugged in on one side, the cable is bad, the switch/hub is bad, or the network card is bad	00:16
cheeseboy	none of the above?	00:17
giovani	how do you know?	00:17
cheeseboy	cause ive checked em all	00:19
giovani	how did you check if the network card is bad?	00:19
KillMeNow	i'm thinking it's a cross over cable and switch tried to auto negotiate it and roll it but was made of fail	00:20
giovani	KillMeNow: out of the dozens of possible causes, why that one?	00:21
cheeseboy	giovani, because its fine	00:23
giovani	cheeseboy: that doesn't sound like a	00:23
giovani	test	00:23
cheeseboy	its fine	00:25
giovani	ok, so you're lying -- you haven't tested it	00:25
giovani	feel free to get help from someone else	00:25
cheeseboy	"it obviously doesnt work cause I say so"	00:26
=== qiyong_ is now known as qiyong
ball	Ugh. Wish users wouldn't put '*' in filenames	02:34
ball	it makes my head hurt	02:35
Sam-I-Am	or name them -rf	02:37
Sam-I-Am	or.. put carriage returns in them	02:37
ball	I get a lot of &s and 's...a few *s	02:38
ball	I'm going to have to install something like mc	02:38
* ball sighs		02:38
Sam-I-Am	what are you trying to do?	02:38
ball	Ah, it's alright. The *s weren't part of the filenames, they were ls -F showing me that some files were marked executable	02:44
ball	chmod ftw	02:44
Sam-I-Am	ah	02:45
ball	Still have files with ' and & in the names though	02:50
uvirtbot	New bug: #418396 in mysql-dfsg-5.1 (main) "need to port 38_scripts__mysqld_safe.sh__signals.dpatch from mysql server 5.0" [Undecided,New] https://launchpad.net/bugs/418396	03:16
mase_work	hi guys, i am setting up rssh to allow chrooted sftp access to users and was wondering why /bin/bash needs to be accessable in the chroot. I was under the impression the purpose of rssh was to replace the shell	03:19
giovani	mase_work: who said bash needed to be in the chroot?	03:22
mase_work	giovani: well it fails if it is not in the chroot.	03:22
giovani	did you set the user's shell to rssh?	03:22
mase_work	yes	03:23
giovani	where is the failure error message?	03:23
giovani	i.e. how did you come to know it failed?	03:23
mase_work	it is in /var/log/user and it immediately disconncts the sftp sessions	03:23
giovani	let's see the error then	03:23
mase_work	ok 10 secs	03:24
mase_work	giovani: ignore me. it seems i have one set up here without /bin/bash which is working .there is obviously something else going on as well.	03:29
mushroomtwo	anyone know a way to limit ssh login attempts to 3 per hour?	03:29
giovani	mushroomtwo: do you mean per source ip?	03:30
=== mushroomtwo is now known as mushroomblue
mushroomblue	that would work too.	03:31
giovani	there's no built-in mechanism for that -- you'd have to use a script that watches for logins (failed, presumably) and then actively bans that IP -- which is essentially an IPS (Intrusion Prevention System)	03:31
giovani	well why not describe what your goal is ...	03:31
mushroomblue	someone has compromised me over wifi	03:31
giovani	your initial description was an output ... not really a motivation	03:31
mushroomblue	and I'm pretty sure there's been a man-in-the-middle attack going on via the router.	03:31
Wicked	hello all. im wondering how i can have a user start up a program at boot....id like for it start a screen session. i tried adding this to the crontab "@reboot /usr/bin/screen &" ...but it does not work.	03:32
mushroomblue	so all my machines are more than likely compromised.	03:32
giovani	Wicked: you should add it to the proper runlevels	03:32
giovani	mushroomblue: how is this related to wifi?	03:32
Wicked	giovani, well i just want to start screen for a certain user at boot...i really dont want to add a init script or somehting like that.	03:32
mushroomblue	I've narrowed down the ways the attacker has accessed the system, and it appears it happened over wifi	03:32
Wicked	there has to be a way to have a user be able to start something at or after the machine boots	03:33
mushroomblue	which means, I have a douche of a neighbor	03:33
giovani	Wicked: ok ... "at boot" and "for a user" are entirely different, and not compatable methods	03:33
Wicked	how about...id like a program to start under a certain user after the machine is fully booted.	03:33
giovani	the proper way to do anything like that is with an init script	03:34
giovani	it's just that simple	03:34
Wicked	hmm ok	03:35
giovani	but I really don't think that you should be doing it -- I think you should be looking for a better method to achieve the output you want	03:35
giovani	mushroomblue: fail2ban, denyhosts, etc -- a bunch of scripts to monitor failed logins	03:35
giovani	I'm not sure how limiting logins to 3 per hour has anything to do with preventing an attacker who already has a password	03:36
mushroomblue	it wouldn't. but it would discourage bruteforce	03:36
giovani	but if they already have hacked your system	03:36
giovani	there won't be any bruteforcing	03:36
giovani	so you need to define your parameters here	03:36
Wicked	i run irssi and a few other things inside a screen session. i have screen setup to start the programs when screen is started. after the machine is rebooted i would like screen to be started so then my programs will always be running...then i can connect via ssh and reconnect to the screen session	03:37
giovani	Wicked: why would the system be shut down?	03:37
Wicked	i thought setting a crontab to do that at boot would work...but it fails to start screen	03:37
Wicked	giovani, lots of reasons. mostly...power outages	03:37
Wicked	or new kernels	03:37
mushroomblue	giovani: make no mistake, I'm in the process of reinstalling all my servers atm, and flashing the router. I'm just trying to come up with ideas so that there isn't a next time.	03:38
Wicked	or someone trips over the power cord...	03:38
mushroomblue	I can't afford another full system rebuild.	03:38
mushroomblue	s/system/network/	03:38
mushroomblue	but thanks for the tips.	03:38
giovani	mushroomblue: ok -- but without understanding the attack you're trying to prevent, you're not goign to get anywhere	03:38
giovani	Wicked: alright, well if you want to use the crontab -- there's no need to add the '&' at the end -- the process isn't going to ever be in the foreground anyway	03:42
grim76	Wicked: Why not setup .bash_profile to launch screen for the user upon login?	03:42
giovani	I presume you added that to your user's crontab?	03:42
giovani	grim76: because he doesn't want a new screen session on every login, obviously	03:42
Wicked	yea	03:42
giovani	Wicked: and you tested this with a -reboot- and not a clean startup? I'm not sure if it's specific to the former	03:43
Wicked	and i just want screen to start at boot so all my programs in screen witll be running as soon as the computer boots.	03:43
Wicked	http://rpatterson.net/blog/screen-sessions-at-boot	03:43
Wicked	im trying that now	03:43
Wicked	giovani, ive tried both	03:43
giovani	both what?	03:43
giovani	ok well that url is using an rc script	03:44
giovani	like I recommended	03:44
giovani	did you remove the '&' from the end and try a reboot?	03:44
Wicked	yes	03:46
Wicked	i added the & because without it it did nothing.	03:46
giovani	that seems unlikely, but alright	03:46
giovani	it's possible that @reboot isn't supported in your version of cron	03:48
giovani	I don't see it in my manpages	03:48
Wicked	yea.	03:49
Wicked	thats what i was thinking...that its a newer feature thats not in 8.04	03:49
giovani	or a custom-compiled one in a major distro, who knows	03:50
giovani	but I don't see it documented outside of casual mentions in google	03:50
giovani	i don't see manpages containing it	03:50
Wicked	yea me neither. i actually 1st saw the @reboot mentioned on a debian page	03:52
Wicked	cant remember which one.	03:52
giovani	yeah, looks like ubuntu contains cron 3.0	03:52
giovani	and the only manpage I can find mentioning @reboot is for 4.1	03:53
ball	Is that Gnu Cron?	03:53
giovani	no ... isc/vixie	03:53
giovani	the standard one :)	03:53
Wicked	ah	03:53
ball	Thanks	03:54
giovani	gnu cron doesn't even seem to exist	03:55
giovani	except in intention	03:55
giovani	http://www.gnu.org/software/gcron/main.html	03:55
Wicked	nice that did just what i wanted	03:56
ball	"This project has been decommissioned and is no longer developed."	03:56
ball	http://directory.fsf.org/project/gcron/	03:56
jmarsden	Ummm man 5 crontab \|less +/@reboot shows @reboot in the Ubuntu 8.04 crontab(5) manpage, for me at least...	04:12
giovani	jmarsden: I stand corrected -- you're right, somehow I missed that	04:20
twb	Debian, at least, defaults to Vixie cron	04:21
giovani	yeah, as does ubuntu	04:22
=== jtimberm1n is now known as jtimberman
=== pace_t_zulu_ is now known as pace_t_zulu
jtimberman	i think theres a vixie cron on aix even	04:33
Alex_21	I am having trouble with Webdav. I get the Error: You cannot connect to this server because it cannot be found on the network. Try again later or try a different URL.	05:06
Alex_21	Here is my Virtual Host configuration: http://paste.ubuntu.com/259068/	05:06
Alex_21	Any help is appreciated.	05:06
Alex_21	Please	05:07
slap	I have a private lan with a domain name gandalf.lan. I'm trying to configure /etc/exports with the following line /sharing *.tolkien.lan(blablabla). But it doesn't work Can someone telling me what I'm doing wrong ?	05:12
slap	If I write /sharing *(blabalbla) everything is ok	05:12
Sam-I-Am	probably a name resolution problem	05:13
slap	How can I check?	05:13
Sam-I-Am	can either host ping each other on tokien.lan and galdalf.lan?	05:14
slap	I'm able to ping the gandalf.tolkien.lan from the cleint	05:14
Sam-I-Am	whats the clients name?	05:14
slap	hal9000	05:14
Sam-I-Am	can the server resolve that to hal9000.tolkien.lan ?	05:15
Alex_21	I am using: http://www.howtoforge.com/how-to-set-up-webdav-with-apache2-on-ubuntu-8.10	05:15
slap	No !	05:15
Alex_21	To set up Apache for Webdav	05:16
Sam-I-Am	yeah, so name resolution needs to work both wats	05:16
Sam-I-Am	ways	05:16
Sam-I-Am	otherwise use IPs	05:16
slap	How can I do that both way ?	05:16
Sam-I-Am	if you dont have a dns server, make sure they're all defined in /etc/hosts	05:17
slap	I've already installed DNS.	05:17
slap	Seems to work ok	05:17
Alex_21	Any ideas about my Webdav?	05:18
Sam-I-Am	apparently its not if things arent resolving...	05:18
slap	'Cause I can ping gandalf.tolkien.lan www.tolkien.lan and tolkien.lan from the cleint	05:18
Sam-I-Am	of course, all your hosts need to point to the same dns server	05:18
Alex_21	I see no difference but the paths in my file from the tutorial's pages	05:18
Sam-I-Am	but the server..	05:18
Sam-I-Am	Alex_21: i havent messed with webdav in a long time	05:18
Alex_21	Can someone check to see if my config file is correct?	05:19
slap	Where do I start to configure the server to recognize clients	05:19
Sam-I-Am	slap: make sure it can resolve your hostnames	05:20
Alex_21	It is a mission critical webdav share	05:20
Sam-I-Am	like... either consider it to point to your dns server in /etc/resolv.conf or edit /etc/hosts ... probably the same way you configured the client	05:20
slap	Totally forgot to edit resolv! ( I remember reading something about that) Thanks a lot	05:21
Sam-I-Am	are you trying to get to the webdav server using the URL as configured?	05:24
Sam-I-Am	its going to be some.domain/base	05:25
slap	Ok, now I can ping it both way. But I still have an access denied when I triy to mount the sharing ? Any clues ?	05:32
Sam-I-Am	look in the logs	05:32
slap	It says that there is a mount request for a unknown host ??	05:36
Alex_21	I figured it out.	05:37
slap	found it	05:37
Alex_21	I shouldn't have been so chicken about looking in Apache's logs	05:38
slap	add the client's name on /etc/hosts	05:38
slap	Thanks Sam-I-Am	05:38
Alex_21	Now, I can enjoy this webda share	05:39
Sam-I-Am	logs are good	05:40
Alex_21	Yes.	05:41
Alex_21	Not plesant when you use a screen reader, but good all the same	05:41
slap2	Sam-I-Am I'm learning networking on linux. I have one thing I would like to know. If I want a sharing on a medium network with a DHCP service, how can I configure bind and nfs if I have dynamic address. Do I have to use something else ?	05:46
slap2	Is it possible ?	05:47
Sam-I-Am	you can either make sure hosts keep the same name independent of IP... using dynamic DNS... or you statically assign IPs to hosts	05:47
slap2	no, I would ike to try with dynamic IPs for hosts. So I have to take a look at dynamic DNS, right ?	05:48
Sam-I-Am	yup	05:48
Sam-I-Am	or just allow entire ranges of IPs for nfs	05:49
Sam-I-Am	or domains	05:49
slap2	Do I have to use bind9 with a different configuration, or there's another deamon	05:49
Sam-I-Am	isc dhcp talks to bind9	05:49
slap2	No. How can I do that ?	05:51
Sam-I-Am	theres documentation out there	05:53
Sam-I-Am	time for bed...	05:59
Alex_21	Thanks for all your help	06:09
Alex_21	Good night.	06:09
uvirtbot	New bug: #416093 in samba (main) "karmic hangs during booting" [Undecided,New] https://launchpad.net/bugs/416093	07:00
roxy08	Hi there, I just recover my samba server but i cannot access to all of my shared folder even if i have permisions, and still i got error such as cli_lsa_lookup_sids_noalloc(): out of memory	07:54
uvirtbot	New bug: #418276 in samba (main) "package samba-common 2:3.4.0-3ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/418276	07:55
johe\|work	short question, what time is it (in UTC)?	08:20
andol	johe\|work: date -u	08:36
johe\|work	too easy :-)	08:36
johe\|work	i have a problem here with the ldap client auth, user logging works now, but he does not get the groups	08:39
=== mdz_ is now known as mdz
soloslinger	is there a decent guide that someone can point me to regarding 9.04 and hardware raid?	10:23
garymc	Hi, anyone know anything about RAID. See im not sure what config im best using	11:01
garymc	I see RAID 1 is all drives are the same and if one goes down you just replace it. But that means that if I have 6 72gb drives in, im only gonna get about 68gb of space?	11:02
garymc	which is ok for my LTSP server, but	11:02
garymc	i need to setup an asterisk server and store lots of calls. Am i best using RAID 5 for that?	11:02
\sh	garymc: if you want raid1 over 6 drives, you use RAID10	11:08
\sh	garymc: which is a mix between raid0 and raid1	11:08
garymc	thanks, but thats my issue i dont really understand raid	11:08
garymc	so dont know which one is best to use	11:08
\sh	garymc: http://www.cuddletech.com/veritas/raidtheory/x31.html	11:09
garymc	im just looking to update the controller array 5i firmware	11:09
\sh	garymc: it depends on your work setup ... raid5 + databases could be a problem in some cases...then you have raid6 which is similar to raid5 but has two drives which could fail at the same time	11:10
\sh	garymc: HP?	11:10
garymc	yes	11:10
garymc	HP	11:10
* \sh is mostly using raid10 for more diskspace with mirroring...and having at least one more redundancy via drbd or directly using HP MSA 60/70 or iscsi solutions for lots of diskspace...		11:11
garymc	hmm lol, i better read up more on it all	11:12
garymc	im looking to download the firmware for my server, but theres that many differnt packages on the HP site not sure which one to get.	11:14
garymc	What do you think of this one?	11:14
garymc	Systems ROMPaq Firmware Upgrade Diskette for HP ProLiant DL380 G3 (P29) Servers	11:14
garymc	would that be the correct stuff to download and boot my server with?	11:14
\sh	garymc: there is normally bios firmware updates and smart array updates packages...and there is at least one CD ISO where the latest stuff is on..depending on your configuration...	11:15
\sh	smart array 5i is old afaik	11:15
garymc	so do i have to download the 5i firmwarE?	11:15
garymc	or can i upgrade my firmware to someting else	11:16
\sh	garymc: for your smart array 5i http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?lang=en&cc=us&prodNameId=266599&taskId=135&prodTypeId=329290&prodSeriesId=374803&lang=en&cc=us this is the right page	11:17
\sh	for your dl380 there is some other page....search hp...	11:17
garymc	thanks	11:17
garymc	:)	11:17
garymc	trying to load that link now	11:18
\sh	garymc: for your ROM update...you need http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=266599&prodTypeId=329290&prodSeriesId=374803&swLang=8&taskId=135&swEnvOID=1085 this page	11:18
=== mrchrisadams_ is now known as mrchrisadams
garymc	whats a rom update?	11:18
\sh	garymc: the smart array bios firmware stuff...it's the bios of your smart array controller	11:18
garymc	that first link you gave me lists operating systems	11:18
garymc	im using ubuntu 9.04?	11:19
garymc	or Centos	11:19
\sh	garymc: yes and there is a smartstart maintaince - ROM update...that's what you need	11:19
garymc	do i just burn them to CD rom?	11:19
garymc	and boot the serveR? with it in?	11:19
\sh	garymc: dunno...I'll have a debian OOB installation for this to update..cause I'm not really convienced that HP is supporting my ubuntu 64bit setup ;)	11:20
garymc	ahh ko	11:21
garymc	ok	11:21
garymc	well im running 32bit as 64 bit wouldnt work?	11:21
garymc	or wouldnt go on	11:21
\sh	garymc: ah no...hp is supporting debian 32 + 64bit ... but as there are some kernel modules which I didn't test against ubuntu 32 or 64bit I can't say if it works...problem is that my HP supporter always tells me "You know more about this crap then I do" and I don't have the time to test it	11:22
garymc	ok lol	11:22
\sh	garymc: next target of my work is to implement HP SIM for our server infrastructure and then I have the time to test HP drivers on Ubuntu	11:23
garymc	cool, busy busy :)	11:23
Daviey	h	11:36
jpds	Daviey: ...	12:04
sergevn	hi	12:37
sergevn	i have a question, how can I install and configure truetype fonts for php?	12:37
Daviey	sergevn: I'm kinda confused what you want to achieve.. php will produce valid output, but the fonts really need to be client side..	12:44
Daviey	Unless you are trying to create images or similar sergevn ?	12:45
sergevn	Daviey: yeah images :)	12:45
Daviey	ah	12:46
sergevn	i am trying to use imagettfbbox() but getting error it cant fint the font.	12:47
Daviey	sergevn: unless i'm mistaken, it uses a full path	12:48
Daviey	you can't just say $font = "somefont.ttf";	12:48
Daviey	so you could just drop the somefont.ttf to the same location as the .php script	12:50
sergevn	yeah im doing that.	12:52
sergevn	still error	12:52
sergevn	that's the weird part	12:53
sergevn	and on "another" webhoster it does work	12:53
Daviey	sergevn: http://uk.php.net/manual/en/function.imagettftext.php#90580	12:56
Daviey	sergevn: you might get more specifc help in a #php channel.	12:57
sergevn	Daviey: you saved my day	13:00
sergevn	it works :)	13:00
Daviey	heh	13:00
soloslinger	is there a decent guide to making 9.04 work with hardware raid?	13:05
soloslinger	everything seems to want to send a person to software raid	13:06
tarekeldeeb	Hello all, I want to build an ubuntu based lab, with fat-client config. Login+home mount should be authenticated using LDAP. Can any1 guide me to the needed howto documents?	13:07
Daviey	soloslinger: to get hardware raid working is often irrelevant to the OS.	13:08
pmatulis	soloslinger: that's b/c with hardware raid the OS does not know anything about the raid configuration. it will see one drive when there are actually two (RAID1)	13:08
pmatulis	(for instance)	13:08
Daviey	soloslinger: hardware raid just presents the raid disk as a standard block device.	13:08
soloslinger	pmatulis: I have configured hardware raids for use with other operating systems, but I can't seem to get ubuntu's server installer to want to recognize it.	13:09
tarekeldeeb	Can any1 support me, please ?	13:09
pmatulis	soloslinger: k, that's different	13:09
=== cjwatson_ is now known as cjwatson
Daviey	tarekeldeeb: however, monitoring the raid device is normally the responsability of the OS.	13:09
Daviey	soloslinger: What make/model raid contoller are we taling about here?	13:10
pmatulis	soloslinger: maybe ubuntu just doesn't support that particular controller	13:10
soloslinger	pmatulis: that is my sneaking suspicion(sp?) unfortunately... Daviey: I'd hafta reboot the box and look, it's in a fairly new 1 u server, an hp dl160 g5	13:11
Daviey	soloslinger: ahh, is it hp raid?	13:11
pmatulis	The spelling of suspicion is correct	13:12
soloslinger	Daviey: yeah.	13:13
Daviey	soloslinger: Then it is probably cciss, and i dislike it :)	13:13
soloslinger	pmatulis: ty =)	13:13
Daviey	soloslinger: What version of Ubuntu are you trying to use?	13:14
soloslinger	Daviey: most likely it is. Am I SoL tryin to get the ubuntu installer to see it? 9.04	13:14
Daviey	no.. it should work.	13:14
soloslinger	kk	13:15
soloslinger	I'll hafta play with it when I have the opportunity to bring the server down for longer. Is there some docs somewhere that you (or someone else) could point me to?	13:15
soloslinger	Did some googling for that, but everything comes back with software raid tips	13:16
Daviey	soloslinger: The "disk" should show under /dev/cciss	13:16
soloslinger	yeah	13:16
soloslinger	But as the installer moves along, even if I want to do partitioning manually, I don't see it prompt me to specify a device to use as a disk	13:17
Daviey	ie, $ ls /dev/cciss/	13:17
Daviey	c0d0 c0d0p1 c0d0p2	13:17
Daviey	soloslinger: Can you confirm you are using the Ubuntu Server disk, or the Ubuntu Desktop?	13:17
soloslinger	Daviey: I am fairly certain I am, nobody here runs Ubuntu for a desktop, so there shouldn't be a cd of it laying around. If I install to one drive it doesn't try to get me to put a WM on like the desktop installs I did once upon a time.	13:19
Daviey	ok, great.	13:19
soloslinger	Daviey: I would say I am fairly certain I am using a Server disk.	13:19
pmatulis	soloslinger: is it graphical or ncurses (blue)?	13:19
soloslinger	pmatulis: blue	13:20
Daviey	soloslinger: When you get to the disk management area, what do you see?	13:20
soloslinger	Daviey: It first prompts me for something to the effect of "Do you want to enable Serial ATA RAID" with a yes, no and cancel. Regardless of if I select yes or no, the next screen where normally the partitions are built is blank. In other words, there isn't a "disk" there to divide up the partitions.	13:22
maswan	One trick could be to switch to a shell prompt (alt+f2) and type lspci to find out what storage controller it actually is	13:22
maswan	I'm not sure that the dl160 has a real cciss	13:23
Daviey	i'll bet it's the P400.	13:23
soloslinger	Daviey: You'll hafta forgive me too, i needed something up by the time I left today so I am going from memory an hour or so ago.	13:23
Daviey	soloslinger: no worries, can you try what maswan said?	13:23
tarekeldeeb	sorry for duplicating, but i need support	13:23
tarekeldeeb	Hello all, I want to build an ubuntu based lab, with fat-client config. Login+home mount should be authenticated using LDAP. Can any1 guide me to the needed howto documents?	13:24
soloslinger	If I switch to a shell prompt and build the partitions via Fdisk, could I switch back into the installer and carry on like normal? I am comfortable using Fdisk.	13:24
tarekeldeeb	:(	13:24
maswan	soloslinger: I'm not sure offhand if fdisk is included in the environment, parted and probably sfdisk is	13:24
maswan	tarekeldeeb: Hm. Don't really know. We use kerberos auth.	13:25
soloslinger	Daviey: I will try the next time I can bring the server down for any time. I am fortunate that it's in a cluster of a couple other servers, so losing a disk will suck, but it could be worse.	13:25
Daviey	tarekeldeeb: There are a bunch of ways, perhaps if you hit the ubuntu-server mailing list, you'll get a better response.	13:25
Daviey	soloslinger: ok.. what OS is it at the moment?	13:26
soloslinger	ubuntu 9.04, I just have it running on one disk atm	13:26
=== freeflyi2g is now known as freeflying
soloslinger	Daviey: you want the output from a lspci ?	13:26
Daviey	ahh, you can just ssh in and run some commands :)	13:26
tarekeldeeb	kerboros, is it better than LDAP? Or you seek windows clients interoperability ?	13:26
Daviey	soloslinger: please.	13:27
Daviey	soloslinger: Also, fdisk -l would be handy	13:27
tarekeldeeb	Daviey: thanks ..	13:28
soloslinger	Daviey: lspci = http://pastebin.com/d6e9ca9a4	13:28
Daviey	631xESB hmm	13:29
soloslinger	Daviey: fdisk -l = http://pastebin.com/dd2f5c3c	13:29
Daviey	i was wrong :)	13:30
Daviey	soloslinger: for a two disk setup, is there a reason you dont want to use software raid?	13:30
soloslinger	Daviey: haven't really weighed the pros and cons out yet. Figured it had the hardware for a hardware raid, might as well use it.	13:31
Daviey	soloslinger: I can see your point, but for 2 disks - there is no real extra overhead for a mirror / RAID-1	13:33
Daviey	and actually, you get some bonus.. you can pull the disk out and put it in any server, not locked to the RAID controller card	13:33
Daviey	it's easy to monitor.	13:33
soloslinger	Daviey: I suppose so. What are you seeing that put the nail in the coffin to the hardware raid idea for my future reference?	13:34
Daviey	soloslinger: I haven't used hardware raid with 631xESB.. but it was the fdisk -l, that showed 2 disks made me mention it.	13:35
soloslinger	Daviey: ah. Gotcha	13:35
Daviey	soloslinger: mdad really is your new best friend :).	13:36
soloslinger	Daviey, maswan, pmatulis: I appreciate your time and help. I get to get outta here and get some sleep!	13:37
soloslinger	Daviey: Yuup. Sounds like I got some reading to do.	13:37
Daviey	nn soloslinger, let us kow how you get on.	13:38
soloslinger	will do	13:38
garymc	yo, im installing new firmware for my HP server and its stopped at 82% :(	13:38
garymc	should i just wait?	13:38
pmatulis	firmware? for what device?	13:39
garymc	Array controller 5i	13:39
garymc	RAID	13:39
pmatulis	ok	13:39
garymc	all seemed to be going well then it stops, just sitting there :(	13:39
garymc	:)	13:40
garymc	now its done lol	13:40
pmatulis	ok	13:40
garymc	anyone tell me if I can have 4 X 146gb drives in my Server	13:44
garymc	3 of them setup as a logical drive as RAID 1 and one of them spare	13:44
garymc	and the fourth 146 as Logical drive on its own as RAID 0	13:44
garymc	?	13:44
_ruben	both raid0 and single drives arent raid	13:45
garymc	so would the RAID 0 drive be its own drive for extra storage?	13:45
garymc	so I could remove it when backing up?	13:45
garymc	Or should I set the 4 DRives up as RAID 1+0 and have two of them as Spares?	13:46
garymc	decisions decisions	13:46
garymc	its for a UBUNTU LTSP server	13:46
_ruben	you cant do raid10 with 2 spares with just 4 disks	13:46
_ruben	raid10 has a 4disk minimum without spares	13:46
_ruben	(except for the software raid10 in linux, which can do fancy raid10 setups with odd number of drives for instance)	13:47
smoser	jdstrand, so yesterday you mentioned to me that passing sensitive data to a application via environment was not secure ? why is that? i'm not aware of a way in which a non-root user can view environment of another users' processes.	13:47
_ruben	it pretty much comes down to how much performance and how much storage you need	13:47
garymc	well my RAID config is letting me setup RAID 1+0 with 2 drives and two spares?	13:48
uvirtbot	New bug: #418342 in mysql-dfsg-5.1 (main) "akonadi-server prevents install of mysql-server-5.0" [Undecided,New] https://launchpad.net/bugs/418342	13:48
garymc	what linux software can i get that does that _ruben	13:48
garymc	is it in the GUI or command prompt?	13:49
garymc	im better with gui	13:49
garymc	:)	13:49
_ruben	garymc: mdadm .. not sure if there's a gui for it	13:50
garymc	ok	13:50
garymc	is RAID 0 just pure disk space?	13:51
Tom_Ass	and performance	13:53
_ruben	raid0 isnt raid (as the r in raid stands for redundant, and raid0 doesnt offer redundancy) .. it basically 'glues' 2 or more drives together .. same as with using multiple pv's in lvm	13:53
garymc	ok well ive setup two logical drives in the array controller	13:54
garymc	one RAID 0 146gb drive	13:54
garymc	and 3 Raid 1+0 (2 plus a spare)	13:54
_ruben	performance is one of the most common reasons for raid0 .. its nice for video editing for instance	13:54
garymc	Will this work?	13:54
garymc	I want to use the single 146 as a data backup	13:54
_ruben	like i said, a single drive isnt raid, not even raid0	13:54
garymc	will it show up as a seperate drive in ubuntu?	13:54
_ruben	and im not sure how your raid controller does it, but in my book, raid10 over 2 disks isnt possible	13:55
garymc	hmm posible its RAID 1?	13:55
_ruben	could be	13:55
garymc	thats over 3	13:55
garymc	one as spare	13:55
garymc	just trying to work out the best setup of this stuff	13:55
_ruben	raid1 with 2+1 disks is fairly common	13:55
garymc	cool but i got a RAID 0 on there too	13:57
garymc	in the fourth slot	13:57
garymc	will this work?	13:57
jdstrand	smoser: it is an unnecessary risk imo. subprocesses will inherit it, which might not be what you want. the same user can get to it (of course), root can get to it (of course). There might be other ways I'm not thinking of. IMO it will be difficult to get right, and if you do get it right, you may not have covered everything for another platform	13:58
jdstrand	smoser: I also googled it to see if I was missing anything and came across: http://dev.mysql.com/doc/refman/5.0/en/password-security-user.html	13:59
_ruben	garymc: it probably would	14:00
smoser	on linux the "extremely insecure" would seem a bit incorrect	14:00
smoser	as "If you set MYSQL_PWD, your password is exposed to any other user who runs ps." is as far as i can tell explicitly wrong	14:01
smoser	so anyway... i agree that without care, environment is longer lived than data written to a pipe. but loads better than other ways.	14:02
smoser	and actually, i think that mysql was where i first saw this... if you do run '-pMYPASSWORD' as a command line argument, it reads that, and then writes over its argv space, so that the 'ps' only shows 'XXXXXXX'	14:03
jdstrand	smoser: yes, but it is in ps output for a split second in that case	14:05
smoser	yeah	14:05
smoser	s/second/milli secong/ but yeah	14:05
smoser	:)	14:05
jdstrand	smoser: it's not particularly hard to win those kind of races	14:06
smoser	fair.	14:07
smoser	jdstrand, do you know, is it actually the case that environment is intended to be "secure" on linux ?	14:07
smoser	ie, as a general goal rather than just happenstance that the /proc/<pid>/environ has secure perms	14:07
jdstrand	smoser: I think it is hoped to be, based on /proc/<pid>/environ	14:08
smoser	(i realize not pure happenstance, but wonder if it would be considered a bug if it would be treated as a security issue if that were leaked elsewhere)	14:08
smoser	jdstrand, thanks.	14:08
jdstrand	smoser: of course, I've seen kernel bugs where the permissinos end up wrong in /proc/<pid>	14:09
jdstrand	smoser: based on /proc/<pid>/environ, you probably are ok to use it, but still are dealing with subprocesses and root. I don't know exactly what you are trying to do, but if it is ec2, protecting against root where feasible would be a good defensive stance	14:11
jdstrand	smoser: I don't claim to know every means of getting at the environment, but it doesn't feel right	14:11
jdstrand	smoser: kees and mdeslaur may want to weigh in as well	14:12
smoser	jdstrand, it was just a general question, really, but came up in context of ec2-ami-tools (from amazon) which expose "secret-key" on cmdline and provide no other way to pass it (that i'm aware of)	14:13
smoser	how much hope does one actually have for protecting against root ? is that a reasonable goal?	14:13
smoser	jdstrand, i would say that if you were a program reading sensitive data from environment you should take care to un-set that data after reading	14:14
mdeslaur	smoser: a real fix would be to use a config file, as mysql does. You should file a bug with amazon to get that implemented.	14:14
jdstrand	(I recommended that initially)	14:15
smoser	so how is a permanently stored plaintext password in a config file more secure than just about anything... definitely not safe from root.	14:15
mdeslaur	oh...good luck protecting from root	14:16
jdstrand	smoser: those are two different points	14:16
* mdeslaur has not followed the whole thread		14:16
kwork	you should always protect your stuff from root	14:16
kwork	because root is the evil man	14:16
smoser	it would seem to me that plain text password in a text file is not really more secure than environment on linux	14:16
jdstrand	smoser: you can't fully from root, cause there could be a keylogger	14:16
jdstrand	smoser: and of course root has access tot he file as well as /proc/../environ	14:17
mdeslaur	smoser: most "debugging" scripts people run grab the user's environment	14:17
smoser	right. thats what i was thinking... doesn't really matter what you've done if there is evil root	14:17
jdstrand	smoser: I don't know the application, but prompting for the password and piping it into a command via a shell built-in is safe from all but a key logger and memory attacks	14:18
jdstrand	smoser: my point wrt to the env is that 'ps auxwwe' will show all the environment as root. if the perms in /proc/.../environ happen to be wrong (I'm assuming ps is looking at that), your screwed	14:19
jdstrand	smoser: if you don't use the environment, you are protected from such matters	14:20
mdeslaur	what's the debate here? storing passwords in environment variables?	14:20
jdstrand	smoser: imho, when dealing with ec2 private keys, I think a defense in depth is in order	14:20
smoser	mainly, yes.	14:20
jdstrand	mdeslaur: it's not so much a debate as a discussion	14:20
smoser	i'd say an education of smoser more than debate	14:21
jdstrand	mdeslaur: but that is what I thought you might want to weigh in on. it makes me feel queezy	14:21
jdstrand	queazy?	14:21
mdeslaur	well, environment variables aren't usually considered confidential. A whole slew of scripts pick up the environment variables when submitting bug reports, etc.	14:21
* jdstrand goes with qweezee		14:21
smoser	just fyi, i verified that /proc/<pid>/environ is apparently read-only even to <pid> and recorded at invocation time	14:21
smoser	PASSWORD=bar bash -c 'PASSWORD=XXX; unset PASSWORD; sleep 30' &	14:21
smoser	[4] 6530	14:21
smoser	looking at environ of 6530 still shows "PASSWORD=bar"	14:22
jdstrand	mdeslaur: that is an excellent point	14:23
jdstrand	if there is a bug, a user would happily run 'sudo apport-collect -p ...' if asked to in a bug report	14:24
jdstrand	now you have to make sure your apport hook doesn't submit it, but then you can't protect against ad hoc debugging scripts	14:25
mdeslaur	like "ipsec barf"	14:25
smoser	jdstrand, apport-collect does tell the user "please look for confidential data"	14:25
mdeslaur	and phpinfo()	14:25
smoser	but yeah, probably they're not going to :)	14:25
mdeslaur	and whatever else	14:25
jdstrand	smoser: apport-collect does? I'm pretty sure it just runs and submits (note, apport-collect is for adding info to a bug after it is filed, and separate from apport-cli and apport-gtk)	14:26
smoser	jdstrand, ok... i'm probably wrong yet again... i was thinking of 'ubuntu-bug foo'... i sweare it used to say "if you weren't doing anything confidential..."	14:27
smoser	but it doesn't seem to say that now. it really should.	14:27
jdstrand	smoser: you are right about that-- it will give you a chance to look at it :)	14:27
jdstrand	smoser: it does give you a chance to look at it though	14:28
jdstrand	smoser: regardless, using env seems brittle at best	14:28
smoser	mdeslaur, jdstrand thank you for environment-variable-security-101 class.	14:30
jdstrand	smoser: I think apport will say the confidential bits if it grabs a crash. ubuntu-bug may not prompt for anything, but gives you a way to see what youa re submitting. apport-collect just does it	14:30
mdeslaur	smoser: the other thing, is environment variables being private may not be portable	14:31
jdstrand	I'm not an apport expert, but pretty sure that is how it works	14:31
smoser	mdeslaur, i agree, its not portable to other unixes	14:32
smoser	but does anyone care about other unixes ? :)	14:32
* smoser ducks		14:32
mdeslaur	smoser: what other unixes? :P	14:32
mdeslaur	smoser: amazon may care	14:32
smoser	i think larry ellison owns a unix	14:33
smoser	he owns a lot of stuff	14:33
mdeslaur	also, some people use some legacy OS called "Windows"	14:33
soren	jdstrand: It's "queasy" isn't it?	14:36
jdstrand	soren: aha! that's it	14:36
jdstrand	soren: though, I think qweezee is more fun	14:36
* soren agrees		14:36
jdstrand	at least as fun as feeling 'barfy' can be	14:36
Tom_Ass	it's not fair to other legacy software to call Windows legacy ;D	14:37
soren	mdeslaur: Environment variables under Windows are freaky in all sorts of ways, though.	14:38
soren	mdeslaur: Processes that can modify each other's environment makes me cringe.	14:39
soren	jdstrand: Heh... "barfy". That's good.	14:39
jdstrand	:)	14:40
ScottK	FYI, I just put in a big stack of sync requests that should result in a working turbogears2 for Karmic.	14:42
garymc	I just installed Ubuntu LTSP on my server with the RAID config above ^^ 3 RAID 1 , one as a spare and One 146gb as RAID 0.	14:51
=== giovani_ is now known as giovani
garymc	Now the 146gb RAID 0 drive shows up in the file system, but it says unable to mount when i click on it	14:52
ball	hello garymc	14:52
ball	A single RAID 0 drive makes no sense!	14:53
Tom_Ass	garymc, is that 5 disks total?	14:53
ivoks	ball: remove 'A single' and 'drive'	14:53
ball	ivoks: There are probably a few applications where non-redundant striping is justified (e.g. video editing scratchpad).	14:54
ttx	ivoks: anything special I should know about before acking your openais sync request ?	14:54
ball	...but not on a single drive ;-)	14:54
garymc	lol ball, i was just thinking maybe using it as a mass storage device you know for extra disk space	14:55
ball	garymc: that's not RAID-0 though.	14:55
ivoks	ttx: nothing special...	14:55
=== clusty_ is now known as clusty
ball	that's just a disk.	14:55
garymc	no? it says it is in the Array utility, just updated firmware too	14:55
garymc	ohh ok	14:55
garymc	I cant mount it anyhow in my Ubuntu Ltsp setup	14:55
ball	garymc: you may want to remove it from your RAID controller's list of drives to use.	14:56
garymc	and i know now it aint a good idea	14:56
garymc	i will	14:56
garymc	just delete it and remove it?	14:56
garymc	or can i do something else with it	14:56
garymc	maybe make it another spare?	14:57
ivoks	ttx: there will most probably be additional syncs from debian later	14:57
ivoks	ttx: but i'd like to have everything in place before FF	14:57
ttx	ivoks: sounds like a good idea	14:57
ball	garymc: are the three disks (RAID-1 mirror and a standby drive) all 72 Gbytes?	14:57
garymc	yes but 146gb now	14:59
ivoks	sound of dell t300 booting	14:59
=== ivoks_ is now known as ivoks
ttx	ivoks: acked	15:02
ivoks	ttx: :* thanks	15:02
ttx	ivoks: in all cases it sounded better than what was already there :)	15:03
ivoks	right... i'll upload pacemaker once openais settles down	15:03
ivoks	and somebody will need to sync rhcs	15:04
ivoks	and that's it	15:04
ivoks	0 time spent on mail stack :( :( :(	15:04
garymc	anyone know where MySql likes to save the databases you create?	15:19
ivoks	/var/lib/mysql	15:20
Steve[mbp]	morning everyone	15:20
* ball waves		15:20
ball	oooh, we have a meeting today, right?	15:20
ivoks	yep	15:20
ball	Is that in here or in #ubuntu-meeting ?	15:25
ewook	ooh. Meetings.	15:25
ewook	what time?	15:26
ttx	ball: #ubuntu-meeting	15:29
ttx	in 30 minutes	15:29
ball	Thanks	15:30
heath\|work	what package do I need to install to be able to compile apache modules with apxs ?	15:31
heath\|work	I see, the development headers	15:31
Sam-I-Am	join #ubuntu-meeting	15:46
Sam-I-Am	oops	15:46
andol	Sam-I-Am: Thanks for the reminder :)	15:48
Sam-I-Am	haha	15:48
giovani	hmm, so crontab in ubuntu (and other linuxs ) doesn't seem to support a backslash dor multiple lines -- but freebsd does -- despite using the "same version" of cron	15:51
Jeeves_	If you need more than one line, wouldn't a script be nicer?	15:59
giovani	in some cases	16:00
giovani	not always -- just annoying that it's available somewhere and seems simple to have	16:00
garymc	stgraber is this documentaion, does it work with Ubuntu LTSP or do I need to install Ubuntu server on the one I want to add as a cluster to my main LTSP server?	16:06
Daviey	chaps -> meeting	16:07
soren	giovani: If it's the same version, they'll act the same.	16:07
garymc	stgraber: O k I need to follow those instructions youve done to the tee	16:08
garymc	pretty good rigth up and thanks for providing this	16:09
garymc	*write	16:09
jbernard__	ive just uploaded libcgroup (http://revu.ubuntuwire.com/p/libcgroup) to REVU, if anyone has some cycles to review it I'd be very grateful	16:09
garymc	sorry wrong room :S	16:10
ewook	scary dealio with how meetings are conducted.	16:14
giovani	soren: putting "same version" in quotes wasn't accidental -- and that's false -- different distros apply patches and keep the upstream versions the same all the time	16:26
=== nxvl_ is now known as nxvl
ewook	I don't get the idea of holding back bacula 3.0.x.	16:54
ivoks	FF is day after tomorrow	16:59
ivoks	and nobody looked at bacula and the merge isn't quite trivial	17:00
ewook	FF?	17:00
ivoks	feature freeze	17:00
ewook	mind you, this is my first meeting.	17:00
ewook	ah.	17:00
mdz	soren/smoser: I wanted to check on how testing is done of the UEC/EC2 images for milestones	17:01
mdz	I looked in the test tracker at http://iso.qa.ubuntu.com/ but they aren't there	17:02
mdz	where do you report the test results?	17:02
soren	mdz: It's manual at the moment. there's a testing matrix on the iso tracker.	17:02
mdz	soren: oh, did I overlook them?	17:02
aubre	Daviey: is Thursday the last day to submit tips for karmic?	17:02
soren	mdz: To be honest, I've not used it. I just talked to slangasek about it, and he said he was putting it up there.	17:02
mdz	I looked at the left in the list of products, and under the server section	17:02
Daviey	aubre: no.. should still be ok after that..	17:02
mdz	soren: who performs the testing?	17:03
Daviey	aubre: it's not been uploaded yet anyway.	17:03
aubre	Daviey: ok, it's not like it would break anything. Is it going to be in karmic?	17:03
soren	mdz: For Alpha4, I did. I forget who else.	17:03
Daviey	aubre: should be, just resolving some issues before it gets uploaded.	17:03
soren	mdz: They're listed as UEC images.	17:04
mdz	soren: I have looked all around and can't find them. can you give me the URL if they're there?	17:04
ivoks	take care	17:04
soren	mdz: In light of the... um.. interesting kernel issues we're seeing on EC2, we should probably track those separately.	17:04
soren	mdz: I chose the "All" filter.	17:05
aubre	are theimages working ok in UEC?	17:05
soren	aubre: I'm not familiar with the filtering magic in the ISO tracker. Perhaps "All" is the only way to see it.	17:06
mdz	soren: weird, they do show up there, but not anywhere else that i see	17:06
mdz	soren: in any case, it shows no test results submitted	17:06
mdz	soren: and most of those tests are nonsensical for UEC and EC2	17:06
mdz	so we need to get the test tracker sorted out, and then make sure that all milestone test results get reported there	17:06
soren	mdz: It's something slangasek and I agreed to revisit for the next alpha.	17:07
soren	mdz: Alpha4 did have a bit of a "this is the first time we're doing alphas of these things" feel to it.	17:07
ttx	mdz: I'm about to call it a day, did you have any question not EC2/UEC related that you wanted answers for ?	17:07
mdz	soren: we had discussed the possibility of getting the daily UEC images into EC2 as AMIs. wheer does that stand?	17:07
mdz	ttx: yes	17:07
ttx	mdz: fire	17:08
mdz	ttx: what is the status of "user login leverages directory infrastructure" in Karmic today?	17:08
soren	mdz: It was a useful experience, though. It uncovered a lot of things, such as the need to specific tests we need to put on the ISO tracker, for instance.	17:08
mdz	ttx: should I address all EC2/UEC questions to soren then?	17:08
mathiaz	mdz: waiting on openldap upstream to deliver the feature	17:08
mathiaz	mdz: will require a FFe for 2.4.18	17:08
mdz	mathiaz: what other work is remaining in Karmic for that spec?	17:09
mdz	other than openldap 2.4.18?	17:09
ttx	mdz: yes.	17:09
mathiaz	mdz: package sssd - it's under testing right now	17:09
dendrobates	mathiaz: is that correctly reflected in the status page?	17:09
ttx	mathiaz: shoudl be done sometime today, right	17:09
mathiaz	mdz: as upstream released their version yesterday - it should be in karmic before FF	17:09
ttx	dendrobates: it's up to date on the Canonical Server team Operational plan page, yes	17:10
mathiaz	dendrobates: nope - last time I updated the status page was on Friday	17:10
smoser	mdz, regarding daily UEC images into EC2 as AMIs, I was planning on looking at adding code to do that to the automated builds	17:10
mdz	dendrobates: the status page shows it as "on track" but we are 2 days away from "missed the deadline" so I thought I'd check	17:10
ttx	mathiaz: I updated it for you.	17:10
mathiaz	dendrobates: and the news I got arrived yesterday late (my time-EST)	17:10
soren	mdz: We haven't had time to look into that. I've scripted the entire process, though, so just need to find out if a) we can pull the images at will (so we don't end up having thousands of images on EC2 for no good reason), and b) where we'll be running the scripts to do this automagically.	17:10
mathiaz	ttx: ah ok - thanks.	17:11
smoser	mdz, regarding updated-ness of ec2 mirrors, I just verified that at least the us is up to date and sources.list is functional to point at it	17:11
smoser	http://pastebin.com/m2601b85c	17:11
ttx	mdz: status page shows "Has issues that need to be resolved in order to make the release" for that spec	17:11
mdz	soren: do you think it is worth doing for 9.10, or should we put it off until Karmic+1?	17:11
clusty	hey	17:11
=== Faust-C is now known as VirtualDisaster
mdz	smoser: thank you. can you clarify who is responsible for the operation of those mirrors? is it canonical IS?	17:11
soren	smoser: I think it's worth revisiting for this release.	17:11
soren	Err..	17:11
soren	mdz: I think it's worth revisiting for this release.	17:11
smoser	mdz, i don't know that.... soren said IS, i have no info to refute	17:11
dendrobates	soren: I think we should defer that to 10.04	17:12
mdz	soren: do you have a name for someone in IS who is responsible?	17:12
soren	mdz: For what, exactly? The mirrors? I've only talked to elmo about it, I think.	17:12
mdz	soren: yes, the mirrors. OK.	17:12
ttx	mdz: anything else ?	17:12
clusty	i am having some issues using LDAP as a source for usernames (network auth). I installed the LDAP server and can query it locally with ldapsearch. Also installed lib-nss-ldap and configured it to the best of my knowledge	17:13
clusty	https://help.ubuntu.com/community/LDAPClientAuthentication	17:13
mdz	ttx: lots, but all the rest is EC2/UEC, so if you don't have information on those projects, I guess there is no need to stick around	17:13
clusty	unfortunately when I do a getend i don't see any user from LDAP	17:13
clusty	any ways how i can debug what is going on?	17:13
ttx	mdz: I have some, but soren has much fresher information.	17:13
ttx	mdz: what TZ are you in currently ?	17:14
mdz	soren: what's the story on EC2UpgradesSpec? it's low priority and 0 of 4 work items are complete, so it sounds like "defer to post-Karmic"	17:14
soren	ttx: Have a nice evening, talk to you tomorrow.	17:14
mdz	ttx: UTC+1	17:14
ttx	mdz: ok, so we should be able to discuss any remaining questions with you tomorrow morning.	17:15
mdz	but I will be staying around until I have a clear idea of what's done vs. not done for feature freeze	17:15
mdz	ttx: the rest of this week I will be UTC-7 FYI	17:15
soren	mdz: It's been blocked on the whole kernel thing. It's something I'd really, really like to do for this release, I have most of the code on my side, it just needs testing on EC2. It's very much worth an FFe.	17:15
mdz	soren: what's "the whole kernel thing"? the bug(s) which cause boot failure?	17:16
soren	mdz: Yes-ish :)	17:16
soren	mdz: The absence of a karmic ec2 kernel.	17:16
soren	mdz: ...which is caused by the boot failure bug(s).	17:17
mdz	soren: absence? I thought it was just unreliable	17:18
soren	mdz: That's the Jaunty kernel.	17:18
mdz	soren: what's the story with the karmic kernel (bug numbers?)	17:18
soren	mdz: I'm not sure there is a bug report on it. It has simply not been delivered.	17:19
mdz	soren: what's included in the karmic UEC images then?	17:19
mdz	oh, a non-xen kernel of course	17:19
soren	mdz: UEC images do not contain kernels.	17:19
mdz	soren: so what's in the karmic alpha 4 AMIs on EC2?	17:20
mdz	the amazon kernel?	17:20
soren	mdz: An Intrepid kernel.	17:20
mdz	oh dear	17:20
soren	...from Amazon.	17:20
soren	Well, the one we've been using for Intrepid on Amazon.	17:21
soren	"oh dear" indeed.	17:21
soren	:(	17:21
soren	I'm well aware that this is bad in more ways than I'd like to enumerate. We needed a kernel that worked.	17:22
mdz	soren: under the circumstances, I'd like to propose that we drop the kernel upgrades project, since we have our hands full getting even one kernel working	17:22
soren	mdz: Well, getting a kernel working is the kernel team's job.	17:23
soren	mdz: So that does not take time from us.	17:23
soren	mdz: Other than the poking and nudging and all that.	17:23
mdz	soren: moving on to UEC, what's the status of eucalyptus 1.6? I see there's a snapshot from bzr in karmic	17:23
soren	mdz: Correct.	17:24
mdz	soren: how is it working?	17:24
soren	mdz: It's still settling somewhat.	17:24
soren	mdz: There are some upgrade issues (conffile handling) that are causing problems.	17:25
foolano	mathiaz: sorry i was away during the meeting, i though I would be available but I couldnt make it :(	17:25
soren	mdz: ..and some other bits and pieces.	17:26
mdz	soren: does it pass a smoke test on a fresh install?	17:27
soren	mdz: The reason for the bzr snapshot is that upstream hasn't actually tagged their 1.6 release yet. They are also stabilising. I'll grab the freshest code tomorrow evening or Thursday morning, so we're as close to their final relaese before FF.	17:27
soren	mdz: I've not had a chance to test that yet.	17:27
soren	mdz: ...since it doesn't really work very well in a VM.	17:27
mdz	soren: when will the seed changes land to put eucalyptus on the CD?	17:28
soren	mdz: The NC because it needs to run virtual machines (which is tricky inside a virtual machines) and the other stuff because the networking is special.	17:28
soren	mdz: They landed a while ago.	17:28
soren	mdz: I think.	17:28
* soren checks		17:28
soren	mdz: cd-build-logs agrees.	17:30
mdz	committer: Colin Watson <cjwatson@canonical.com>	17:30
mdz	branch nick: ubuntu.karmic	17:30
mdz	timestamp: Tue 2009-08-11 13:57:54 +0100	17:30
mdz	message:	17:30
mdz	add eucalyptus-simple-cluster and eucalyptus-node tasks, for foundations-karmic-cloud-setup-in-server-installer	17:30
soren	Yup.	17:30
mdz	soren: so that's blocked on eucalyptus getting promoted to main?	17:30
soren	Yup.	17:30
mdz	what's holding that back?	17:30
soren	Eyes and hands.	17:30
soren	We're waiting for the MIR team.	17:31
soren	Except for a few cases where I need to fix up a few things. The vast majority is java dependencies which simply need a review from the MIR team.	17:31
mdz	soren: who is working on that?	17:32
soren	mdz: lool and pitti, I believe.	17:32
mathiaz	foolano: np - we've got the update	17:32
soren	mdz: I seem to remember overhearing something about the rest of the team being on holiday.	17:33
soren	mdz: Don't quote me on that, though.	17:33
mdz	soren: since we're almost out of time, I think we need to be tracking it more closely	17:33
mdz	especially if the people who would normally work on it happen to be on holiday	17:33
mdz	how can I help move it forward?	17:33
soren	mdz: I'm not sure what more we can do. We poke and prod as much as we can without being excessively annoying. :)	17:34
ttx	mdz: the whole MIR team is working on that	17:34
ttx	though so far only asac did some reviews.	17:34
ttx	and lool on the C ones.	17:34
mathiaz	ttx: hm - regarding sssd	17:34
mathiaz	ttx: the packaging is ready	17:34
mdz	ttx: there is a fine line between "everyone is accountable" and "no one is accountable" ;-)	17:34
ttx	mdz: indeed	17:34
soren	mdz: :)	17:34
mdz	if no one is working on it, it will not get done, no matter how many people are on the MIR team	17:35
mathiaz	ttx: but sssd doesn't work on karmic - related to dbus being broken	17:35
mathiaz	ttx: does it make sense to upload the package to karmic even it's broken?	17:35
mathiaz	ttx: with upstream being aware of the issue?	17:35
mdz	it sounds like what you need is a commitment to get the remaining reviews processed, and the packages promoted to main, in the next two days	17:35
soren	mdz: Correct me if I'm wrong, but I don't believe we usually consider main promotions covered by feature freeze?	17:36
ttx	mdz: during my meeting with the MIR team, they said it was ok to do MIR stuff after FF... though in our case it clearly screws up the delivery of the feature on the CD.	17:36
mdz	soren: they're correct in that we can promote things to main post-FF. however, you can't deliver your features until those MIRs are processed.	17:37
ttx	mathiaz: would it require a fix in sssd to be working, or just a future fix in dbus ?	17:37
soren	mdz: Ah, yeah, we do have the "*-on-a-cd" spec.	17:37
mdz	soren: and if I'm not mistaken, the foundations team has a feature goal which depends on eucalyptus being on the CD, and they won't be able to land that either	17:37
mdz	(the cloud installer)	17:38
soren	mdz: nod	17:38
mdz	so it's not OK to put that off	17:38
mdz	next, the virtual appliance project	17:38
mdz	I see that alfresco has landed in partner, which is great	17:38
soren	Oh, we're not actively delaying it :)	17:38
mathiaz	ttx: I don't know - bug is under investigation	17:38
mdz	but who is working on making the appliance?	17:38
soren	I am.	17:38
ttx	mathiaz: if the dbus bug is tracked and milestoned appropriately, I'd upload the package, not working but not broken in itself	17:39
mdz	soren: sounds like you have a lot on your plate	17:39
mdz	soren: is there anyone else who can work on some of these things, to let you focus more?	17:39
ttx	ok, now I really need to go or I'll die.	17:39
mathiaz	ttx: hm - well the package doesn't install since the daemon is not able to start	17:39
mathiaz	ttx: ok - I'll keep investigatin this issue	17:39
soren	mdz: I'm not sure I can split it up, explain and train someone else to work on it iwithin the given timeframe.	17:40
soren	ttx: Take care!	17:40
ttx	mathiaz: mdz knows what FF should cover. Ask him what alternative is the less worse.	17:40
soren	mdz: I do have a lot on my plate. No argument there :)	17:40
cjwatson	mdz: for the record, I do not need euca on the CD to develop my side of this	17:40
cjwatson	it can be landed for netboot at least	17:41
mdz	cjwatson: only to test it? ;-)	17:41
* soren suspects cjwatson can roll a CD with eucalyptus on it if he wants to test it :)		17:41
cjwatson	lots of people will be using this with netboot anyway	17:41
mdz	indeed	17:41
cjwatson	so I can develop and test it that way	17:41
cjwatson	as it happens I'm debugging it into existence at the moment	17:41
mdz	cjwatson: should I be nervous that you're not talking about it in the past tense?	17:41
mdz	ah	17:41
cjwatson	it is not exactly terribly early, but I think I have it under control	17:42
mdz	cjwatson: is there anything I can do to help?	17:42
cjwatson	mdz: I've bounced you the mail I sent about it before going on holiday last week	17:43
mdz	soren: what sort of explanation or training would be needed to work on the appliance?	17:44
mdz	soren: I think I could explain it to someone pretty easily if that would help	17:44
mdz	I'm happy to put the time in if it would move things forward	17:44
cjwatson	the main things that are left are additional debconf configuration and the thing to write and publish the preseed file on the cluster	17:44
mdz	cjwatson: I can take back that TB action if needed ;-)	17:45
soren	mdz: There are two sides to this, really. There's the one where we build a UEC image with the alfresco package preinstalled. This is quite simple.	17:45
cjwatson	if what I have here does anything sensible at all, I'll upload it hopefully today	17:45
cjwatson	mdz: I have two weeks for it, right? :)	17:45
mdz	soren: that's the part I'm asking about . that is, in fact, the whole reason for this exercise. it was the original requirement: a reference appliance :-)	17:45
cjwatson	(yes, I know)	17:46
mdz	cjwatson: :-(	17:46
mdz	I wish I could say that it could be deferred, but it can't	17:46
cjwatson	I mean for the TB action	17:46
mdz	oh	17:46
mdz	phew	17:47
cjwatson	err, you can come and babysit so I don't have a child trying to climb over me? :)	17:47
mdz	cjwatson: if I didn't have a plane to board tomorrow...	17:47
soren	mdz: The other is the recipe based version (or as I like to call it: the one that is actually useful).	17:47
cjwatson	don't panic, captain mainwaringg	17:47
cjwatson	-g	17:47
soren	mdz: A CMS is no fun if it's going to throw away all your content when it's rebooted.	17:47
mdz	soren: why does that require a recipe? I figured it would just use an EBS volume or whatever	17:48
soren	mdz: You just answered your own question :)	17:48
soren	mdz: Because it needs and EBS volume.	17:48
soren	-d	17:48
mdz	soren: I guess my understanding of what we mean by recipes is a bit weak	17:48
cjwatson	you know, what would really help me that's basically decoupled would be having the eucalyptus package in revision control in a useful way	17:49
soren	mdz: Recipes are needed if you need to take actions that require the user's credentials.	17:49
mdz	soren: this is not as urgent as the other items; if it requires hacks which can't go in past FF, we can hide those away in the image	17:49
cjwatson	which probably only takes making sure that James' import is sane and then branching it and agreeing to use it	17:49
soren	mdz: Since those are not going to be available in a generic image.	17:50
soren	mdz: ...so we need something that holds the user's credentials to set up the EBS volume and all that for them.	17:50
mdz	soren: is there anyone in particular assigned to packaging landscape this cycle?	17:50
soren	mdz: Packaging... landscape..?	17:51
soren	mdz: Oh, the client stuff?	17:51
mdz	soren: yes, landscape-client, sorry	17:51
soren	I'm not sure.	17:51
mdz	dendrobates: ?	17:51
soren	Not that I know, but that is not to say there isn't :)	17:51
dendrobates	mdz: not that I am aware of. I will ask mathiaz.	17:52
soren	cjwatson: The eucalyptus packaging should be on launchpad already?	17:52
* soren checks		17:52
mathiaz	mdz: I uploaded the latest version of landscape-client two weeks ago IIRC	17:52
mathiaz	mdz: I haven't heard anything from the team since then	17:53
mdz	mathiaz: can you tell me if there is another code drop they expect to land for feature freeze?	17:53
cjwatson	soren: there's no vcs-bzr field in the package	17:53
mathiaz	mdz: I don't know.	17:53
cjwatson	which is, at the moment, an indicator that the branch is actually being used	17:53
soren	cjwatson: Ah, sorry about that.	17:53
cjwatson	I don't want to commit to a vacuum	17:53
soren	cjwatson: https://edge.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu [+]	17:53
cjwatson	aha	17:54
soren	s/\[\+\]//g	17:54
cjwatson	right then, I will get that into shape with my recent uploads	17:54
soren	cjwatson: That would be fantastic. Thank you.	17:54
soren	mdz: Did you want anything else from me? I've got dinner waiting.	17:54
cjwatson	(out for half an hour while this test install runs)	17:55
soren	mdz: Alternatively, I'll be back in a couple of hours.	17:55
mdz	mathiaz, dendrobates: I just remembered Gustavo was here in the office :-)	17:56
mdz	he says that he doesn't think there are any features outstanding, that they expect to be in bug fix only mode at this point	17:56
mdz	but he will confirm 100% and get back to us	17:56
mathiaz	mdz: great :)	17:56
cjwatson	hmm, actually, I can take the laptop downstairs with me ... the magic of wireless	17:56
mdz	mathiaz, dendrobates: he says they normally release the client once per month. we should make sure that we track those monthly releases and sponsor them	17:56
mdz	Free on the landscape team is apparently working on the packaging	17:57
mdz	so hopefully they just need review and sponsorship	17:57
mathiaz	mdz: yes - I'm in contact with him	17:57
* soren needs to run		17:57
mathiaz	mdz: he pings whenever he needs sponsoring	17:57
* soren will check back later		17:57
mdz	mathiaz: ok, good. so I'll just get confirmation that there is no more feature work expected to land in karmic	17:58
mdz	soren: thanks for all your help	17:58
cjwatson	oh GOD I hate CDBS	17:58
mdz	mathiaz: regarding the directory stuff, so AIUI you hope to upload sssd before FF, and seek an FFe for openldap...and there is nothing else to do but fix bugs?	18:01
mathiaz	mdz: that's is correct.	18:01
mdz	mathiaz: thank you	18:02
cjwatson	soren: hmm, not to be picky, but do you think you could remember to commit your own changes to that branch? :-) 0ubuntu2 doesn't seem to be there ...	18:07
* cjwatson syncs it up		18:07
clusty	where in /etc/ is the place where i can change kernel params?	18:10
kinnaz	sysctl.conf	18:12
kinnaz	maybe :P	18:12
cjwatson	that depends on the kernel parameter	18:13
cjwatson	if you mean the kind you put on the kernel command line, then that goes in bootloader configuration - /boot/grub/menu.lst in <=9.04, or /etc/default/grub in >=9.10	18:13
cjwatson	soren: synced up to match the archive now	18:16
clusty	got it	18:16
clusty	kinnaz, got it thanks.	18:16
kees	smoser: leaking environment variables would be considered a security issue, yes.	18:37
=== BigJB_ is now known as bigjb
kees	smoser: also, /proc/$pid/environ, as you saw, is only the invocation environment, since later env changes need to use different regions of memory, IIRC	18:37
=== Authority is now known as Guest50088
heath\|work	What software is being used for spam scanning now a days?	19:33
giovani	heath\|work: it's always been spamassassin for content scanning	19:37
giovani	there are many other spam-prevention techniques	19:37
giovani	but spamassassin has dominated the content scanning market	19:37
heath\|work	giovani, What about Mail Scanner? It looks like it uses spamassassin and clamav	19:38
giovani	well it's just a package	19:39
giovani	it's not a scanner application itself	19:39
giovani	it uses some blacklists, etc	19:39
giovani	I see no point in using it over using the individual applications yourself -- which gives you a lot more flexibility and customization	19:40
=== Faust-C is now known as VirtualDisaster
VirtualDisaster	i have 2 repos with the same package name in each	19:53
VirtualDisaster	however the one i need is from a custom repo, how would i install a package explicitly from the custom repo and not brick apt-get	19:53
genii	!pinning	19:59
ubottu	pinning is an advanced feature that APT can use to prefer particular packages over others. See https://help.ubuntu.com/community/PinningHowto	19:59
genii	VirtualDisaster: ^	19:59
VirtualDisaster	genii, ah ty	19:59
genii	np	20:00
heath\|work	genii, thanks	20:02
heath\|work	sorry giovani ^^	20:03
* genii hands out more mugs of coffee		20:03
soren	cjwatson: blush Sorry about that :(	20:14
* genii scrolls back up to see what all the blushing is about		20:26
jpds	kirkland: I still have the padlock_sha.ko problem.	20:40
kirkland	jpds: oh, really!	20:41
kirkland	jpds: herm	20:41
jpds	kirkland: What's kernel is your fresh install running?	20:41
kirkland	jpds: i just updated it to latest; rebooting	20:42
kirkland	jpds: boom ... it's back	20:42
jpds	Installed: 2.6.31-7.27	20:42
kirkland	jpds: yeah, -7 breaks	20:44
kirkland	jpds: -6 works	20:44
jpds	I know.	20:44
kirkland	jpds: are you encrypting swap?	20:45
jpds	Otherwise I wouldn't be here. ;-)	20:45
jpds	kirkland: /home, with LUKS.	20:45
kirkland	jpds: interesting, okay	20:46
cjwatson	soren: I'd very much appreciate it if you could review lp:~cjwatson/eucalyptus/installer - would there be a major problem with merging and uploading this as a step on the road?	20:49
cjwatson	I'm pretty sure it's not all the way there	20:49
cjwatson	mdz: ^- or indeed you might like to	20:54
cjwatson	this is basically the patch from a week ago with basic bug-fixes applied following smoke-testing	20:56
cjwatson	and with euca_find_cluster updated to output IP addresses rather than hostnames	20:57
mathiaz	kirkland: hey - http://people.canonical.com/~mathiaz/cgroup.boot.png	21:34
mathiaz	kirkland: Am I supposed to do something special to make cgroup working?	21:34
kirkland	jbernard__: cgroups	21:40
kirkland	jbernard__: what needs to be done to make it work out-of-the-box?	21:40
jbernard__	kirkland: ahh	21:40
jbernard__	you need to edit /etc/cgconfig.conf	21:40
kirkland	jbernard__: to say what	21:41
jbernard__	and at least uncomment the lines referring to 'mount'	21:41
kirkland	is it something that we could ship a more sensible default?	21:41
kirkland	jbernard__: or disable the init script by default, if config must be done?	21:41
jbernard__	yes	21:41
jbernard__	we could go both ways	21:41
jbernard__	the current package install everything as the upstream author indented it, but I really think we can do a bit better on default configuration	21:42
jbernard__	what are your thoughts there?	21:43
mathiaz	jbernard__: is there a reason to not have the mount lines uncommented?	21:43
mathiaz	jbernard__: the idea being that a default install should work OOTB - ie have a minimal working configuration	21:43
jbernard__	the directory must exist, in this case '/mnt/cgroups'	21:43
jbernard__	so we could ship with those lines uncommented and create the dir if it doesn't exist	21:44
mathiaz	jbernard__: if every use will have to uncoment the lines, then it makes sense to enable them by default	21:44
jbernard__	i agreee	21:44
jbernard__	i can make that change quickly	21:44
kirkland	jbernard__: cool, thanks	21:45
kirkland	jbernard__: please bump the ubuntu version, as i uploaded the other one already	21:45
jbernard__	other one?	21:45
jbernard__	from 0ubuntu1 to 1ubuntu1 you mean?	21:45
kirkland	i uploaded what you put in revu	21:45
kirkland	jbernard__: you did a nice job packaging this, thanks ;-)	21:46
kirkland	jbernard__: i asked mathiaz to additionally review	21:46
jbernard__	no problem	21:46
mathiaz	jbernard__: 0ubuntu2	21:46
jbernard__	so the only request I'm hearing is a sane default configuration	21:46
kirkland	jbernard__: his comments on the init script/config are correct, but that can be solved between now and beta	21:46
jbernard__	ok, so this solves the in-before-freeze issue	21:47
jbernard__	or is the clock still ticking?	21:47
mathiaz	I think that's ok to fix the default configuration between now and beta	21:48
mathiaz	It's not a blocker for FeatureFreeze IMO	21:48
jbernard__	ok, thats good to hear	21:48
jbernard__	i will make the change then so the initscripts can be run at install successfully	21:50
mathiaz	jbernard__: right - I noticed that the init scripts weren't installed via dh_installinit	21:51
mathiaz	jbernard__: so they're only installed, and not run	21:52
mathiaz	jbernard__: which is kind of odd for init script	21:52
jbernard__	correct, i removed the running of them from the postinst	21:52
aubre	excited - I got my hardware in and tomorrow I will be racking it and getting ready for my UEC proof of concept cloud for Auburn University	21:52
jbernard__	because it requires a working configuration	21:52
mathiaz	jbernard__: the result is that either the system needs to be rebooted or the init script needs to be run manually afterwards	21:52
mathiaz	jbernard__: right - I think that providing a default working configuration would fix this issue	21:53
mathiaz	jbernard__: it makes sense to install an init script and then start it	21:53
mathiaz	jbernard__: one of the Ubuntu policy is to have a default configuration working OOTB	21:53
jbernard__	i agree, ill make that change	21:53
kirkland	mathiaz: okay, where's the sssd branch?	21:54
jbernard__	james just mentioned that he's inclined to reject it from the queue, so ill try to get these changes tested an uploaded this evening	21:54
kirkland	mathiaz: sorry, i'm sure it's in my history :-)	21:54
kirkland	mathiaz: it's been a crazy busy day	21:54
mathiaz	jbernard__: note that I don't have enough knowledge about cgroups to actually figure out whether it makes to have a default configuration working for 80% of the systems	21:54
aubre	Since this setup is proof of concept, should I stick with jaunty, or go ahead with karmic?	21:54
mathiaz	kirkland: https://code.launchpad.net/~mathiaz/sssd/ubuntu-pkg-release-tarball	21:55
mathiaz	kirkland: yeah - welcome to pre-FeatureFreeze crazyness...	21:55
aubre	it certainly won't be in production until after karmic	21:55
mathiaz	aubre: UEC testing in Karmic is more than welcome	21:56
mathiaz	aubre: however you may enconter rough edges	21:56
mathiaz	aubre: just be aware of that.	21:56
aubre	mathiaz: great, I'm prepared for that	21:56
mathiaz	aubre: like - it may break, not work at all, or eat your data	21:57
aubre	mathiaz: actually this setup is for testing , it won't have anything of vaule on it	21:57
mathiaz	aubre: if you're up for it and ready to debug/report bugs, testing UEC in Karmic is welcome	21:57
aubre	mathiaz: made for breaking, I am ready to help with bugs, I have my launchpad account all set up	21:58
mathiaz	aubre: awesome - welcome to the factory floor..	21:58
aubre	mathiaz: hehe thanks - I have 3 machines , one will be cloud & cluster controller and 2 will be ncs.	21:59
aubre	mathiaz: and the white paper was really helpful in ironing things out for me	21:59
aubre	mathiaz: but the most important thing is I have a supportive director	21:59
jbernard__	mathiaz: i tend to agree	22:02
jbernard__	mathiaz: but it's probably nice to not see a boot-time error	22:03
jbernard__	even though no cgroups are configured for the default installation	22:03
kirkland	mathiaz: mv $(CURDIR)/debian/tmp/usr/lib/libnss_sss.so.2 $(CURDIR)/debian/tmp/lib/libnss_sss.so.2	22:04
kirkland	mathiaz: what's that doing?	22:05
kirkland	mathiaz: moving it out of the way, i see	22:05
mathiaz	kirkland: nss libraries need to be in /lib rather than /usr/lib	22:05
mathiaz	kirkland: or at least that's where most of them are located	22:05
kirkland	mathiaz: ah	22:05
kirkland	mathiaz: fair enough	22:06
mathiaz	kirkland: yeah - I'm not sure about my first statement	22:06
mathiaz	kirkland: there may be a use case to have the nss libraries in the ramdisk?	22:06
kirkland	mathiaz: perhaps required for boot somehow?	22:06
jbernard__	does anyone have a package example laying around where dh_installinit installs an initscript from outside the debian directory?	22:07
jbernard__	i couldn't seem to get it to work right, but maybe I was just tired	22:09
mathiaz	jbernard__: hm - dh_installinit only works from the debian/ directory	22:12
kirkland	mathiaz: you could solve a couple of bashisms in the sssd initscript with /bin/kill	22:13
mathiaz	jbernard__: you could copy the init scripts from scripts/init.d/ to debian/libcgroup1.(name).init and then call dh_installinit --name	22:13
jbernard__	mathiaz: that would work too, but it would also mean upstream changes would require a manual sync	22:14
kirkland	jbernard__: if you want, just send me a debdiff	22:14
anAngel	Hello. I have some problems configuring amavis with postfix and dovecot with virtual domains and users. It doesn't scan/put any Headers in my mail. Anyone can help me?	22:15
jbernard__	kirkland: for the license updates and default configuratin?	22:15
kirkland	mathiaz: your sssd package looks good to me	22:15
mathiaz	jbernard__: even if you copy the file from scripts/init.d/ during the build process?	22:15
jbernard__	mathiaz: oh, i hadn't thought of that	22:15
jbernard__	mathiaz: ill look into that, good idea	22:16
kirkland	mathiaz: note that I didn't build it, since I didn't have the tarball	22:20
anAngel	Hello. I have some problems configuring amavis with postfix and dovecot with virtual domains and users. It doesn't scan/put any Headers in my mail. Anyone can help me?	22:20
cjwatson	jbernard__: symlink in debian/ ?	22:25
mathiaz	kirkland: https://fedorahosted.org/released/sssd/sssd-0.5.0.tar.gz	22:25
mathiaz	kirkland: ^^ upstream tarbal	22:25
mathiaz	kirkland: ^^ upstream tarball	22:25
cjwatson	jbernard__: though unless it's a native package you'll probably have to make the symlink during the build, which isn't really much better than copying the file during the build	22:25
jbernard__	cjwatson: good grief, that'd be even awesomer	22:25
jbernard__	cjwatson: true	22:26
cjwatson	I don't think dpkg-source will preserve symlinks in any particularly sane way, yet	22:26
jbernard__	but at least i would have to override dh_installinit target	22:26
jbernard__	but actually i have to anyway to put the name in there	22:26
anAngel	Hello. I have some problems configuring amavis. It doesn't scan/put any Headers in my mail. Anyone can help me?	22:29
mathiaz	!volunteers \| anAngel	22:30
ubottu	Sorry, I don't know anything about volunteers	22:30
mathiaz	!volunteer \| anAngel	22:30
ubottu	Sorry, I don't know anything about volunteer	22:30
mathiaz	!behavior \| anAngel	22:31
ubottu	anAngel: The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IrcGuidelines	22:31
jbernard__	does the absense of a license on a source file prevent a package from being included in the release?	22:45
jbernard__	I assume this has to be resolved before it can be uploaded? Or are there exceptions to this?	22:46
cjwatson	jbernard__: personally I think it's OK as long as the licence of the whole package is clear (if it's just "all these source files are licensed under ..." kind of thing). There are some differences among archive admins about this, I think	22:50
cjwatson	I tend to think of it as "would you be able to convince a court that there was any reasonable doubt about this licence?"	22:50
cjwatson	(indeed civil cases are on balance of probabilities so if it's that strong you're on pretty solid ground I feel)	22:50
jbernard__	Yes, it's just a few, 7 actually, but 5 of those are standalone test programs in /test	22:51
cjwatson	test files without explicit licences are really very common - is the licence of the whole package clear?	22:52
jbernard__	i would assume they just forgot to put a license on those, there does exist /COPYING which is LGPL and 85% of the source files have that license in the header	22:52
cjwatson	then I reckon it's ok	22:53
jbernard__	in that case, what would be the proper documentation in debian/copyright to reflect this?	22:54
jbernard__	or can you point me to a doc and/or example where this has been done	22:54
jbernard__	oh, nevermind, dh_make has a snippet at the bottom of the template that I can use	22:57
jbernard__	cjwatson: thanks for the input	22:57
soren	cjwatson: I'm curious why you didn't use start-stop-daemon for this: http://bazaar.launchpad.net/~cjwatson/eucalyptus/installer/revision/457 ?	23:06
cjwatson	soren: maybe I should have done	23:14
cjwatson	I didn't think of it	23:14
cjwatson	(of course s-s-d renders it Debian-specific, but ...)	23:15
cjwatson	the kill stuff was extending something that was already there, though	23:18
soren	cjwatson: Ah, right, the dhcp server stuff?	23:18
soren	cjwatson: meh, not important.	23:19
soren	cjwatson: Apart from that, I must admit I was hoping for something that wouldn't be installer specific.	23:19
cjwatson	http://paste.ubuntu.com/259535/ ? untested	23:19
cjwatson	not installer-specific for which bit?	23:20
cjwatson	we do need to have installer integration	23:20
ZachMan	hello, i am trying to install unbuntu server and it fails to load the CD driver, it is a standard IDE DVD/CD rom	23:21
soren	cjwatson: re the patch> I was also thinking for the killing part. s-s-d implements the wait-for-a-bit-and-then-SIGKILL-it quite nicely.	23:21
cjwatson	it does, but I would have had to change other code	23:22
soren	cjwatson: Oh, ok.	23:22
cjwatson	if that other code is updated to use start-stop-daemon, then I'd be happy to follow suit	23:22
cjwatson	it would certainly be cleaner	23:22
soren	cjwatson: Ah, you mean the existing code from upstream?	23:22
cjwatson	I mean the stuff that kills the pid listed in /var/run/eucalyptus/eucalyptus-cc.pid	23:23
cjwatson	in debian/eucalyptus-cc.init, and likewise for the nc	23:23
soren	Right, that's straight from upstream.	23:23
soren	cjwatson: As for the installer specificness (specificity?), I just mean it'd be nice if you got roughly the same experience if you installed eucalyptus-nc on an existing system.	23:24
cjwatson	ZachMan: more often than not this turns out to be a kernel bug. To verify, try booting an Ubuntu live CD and see if it starts up successfully	23:24
cjwatson	soren: oh, right. so, one of the things I mentioned in my mail as being missing is some euca_conf integration to do the scanning on a running system as well	23:24
cjwatson	I don't see any reason euca_find_cluster couldn't be integrated into that	23:24
ZachMan	cjwatson where can i get the live cd?	23:25
cjwatson	ZachMan: http://releases.ubuntu.com/	23:25
mushroomblue	ZachMan: have you tried installing via usb stick?	23:25
cjwatson	pick your release, grab the desktop CD	23:25
soren	cjwatson: Makes sense.	23:25
ZachMan	mushroomblue no	23:25
mushroomblue	ZachMan: I only install by CDROM on systems that don't support usb boot.	23:25
cjwatson	I realise you probably don't want a desktop installation, but it's just to verify whether the CD detection problem lives in the kernel	23:25
cjwatson	soren: the libd-i dependency is a little ugly, although it would work on a regular system since libdebian-installer4 exists as a .deb - it wouldn't be upstreamable that way though. It ought to be replaced with some other hashtable implementation	23:26
ZachMan	how can i boot via usb stick	23:26
cjwatson	I was just in a tearing hurry and that was the first canned hash impl that came to hand	23:26
soren	cjwatson: glib isn't anywhere in the dependency stack, is it? /me thinks not	23:27
mushroomblue	ZachMan: sudo apt-get install usb-imagewriter	23:27
cjwatson	soren: no, I was quite careful about that	23:27
mushroomblue	ZachMan: I think there's a windows utility to burn a .iso file to usb	23:27
soren	cjwatson: I meant in Eucalyptus' existing dependency tree. It's not per se, but you'd be hard pressed to find a system that runs Eucalyptus that doesn't already have glib. :)	23:32
TViYH	how hard is it to install ubuntu server?	23:35
cjwatson	soren: oh, right. or it's not like it actually needs a hash for all it does; walking a list would do fine.	23:39
mushroomblue	TViYH: easy as pie	23:39
mushroomblue	unless you're afraid of a console-based GUI and arrow keys.	23:39
mushroomblue	you might have to press enter and tab occasionally, if that's a problem. :)	23:40
mushroomblue	apparently, that was too much to bear.	23:43
ahasenack	quick question: are USNs issued for packages in universe? I think not, right?	23:44
mathiaz	ahasenack: USNs are issued for packages in universe.	23:52
ahasenack	mathiaz: hmm, my theory is off then	23:54
mathiaz	ahasenack: sorry about that. I didn't mean to ruin your whole life...	23:54
ahasenack	mathiaz: a guy just told me he saw apache2-mpm-itk in the hardy security repository but that it had no USN	23:56
mathiaz	ahasenack: right - that's probably because apache2-mpm-itk needs to be rebuilt every time apache2 is published	23:56
mathiaz	ahasenack: it's a special case	23:56
ahasenack	mathiaz: ok, so it's a dependency, and it doesn't come from the same source	23:57
mathiaz	ahasenack: yop.	23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!