[00:16] i cant get my ethernet working :( [00:16] says " eth0: link is not ready" [00:16] then either the cable isn't plugged in on one side, the cable is bad, the switch/hub is bad, or the network card is bad [00:17] none of the above? [00:17] how do you know? [00:19] cause ive checked em all [00:19] how did you check if the network card is bad? [00:20] i'm thinking it's a cross over cable and switch tried to auto negotiate it and roll it but was made of fail [00:21] KillMeNow: out of the dozens of possible causes, why that one? [00:23] giovani, because its fine [00:23] cheeseboy: that doesn't sound like a [00:23] *test* [00:25] its fine [00:25] ok, so you're lying -- you haven't tested it [00:25] feel free to get help from someone else [00:26] "it obviously doesnt work cause I say so" === qiyong_ is now known as qiyong [02:34] Ugh. Wish users wouldn't put '*' in filenames [02:35] it makes my head hurt [02:37] or name them -rf [02:37] or.. put carriage returns in them [02:38] I get a lot of &s and 's...a few *s [02:38] I'm going to have to install something like mc [02:38] * ball sighs [02:38] what are you trying to do? [02:44] Ah, it's alright. The *s weren't part of the filenames, they were ls -F showing me that some files were marked executable [02:44] chmod ftw [02:45] ah [02:50] Still have files with ' and & in the names though [03:16] New bug: #418396 in mysql-dfsg-5.1 (main) "need to port 38_scripts__mysqld_safe.sh__signals.dpatch from mysql server 5.0" [Undecided,New] https://launchpad.net/bugs/418396 [03:19] hi guys, i am setting up rssh to allow chrooted sftp access to users and was wondering why /bin/bash needs to be accessable in the chroot. I was under the impression the purpose of rssh was to replace the shell [03:22] mase_work: who said bash needed to be in the chroot? [03:22] giovani: well it fails if it is not in the chroot. [03:22] did you set the user's shell to rssh? [03:23] yes [03:23] where is the failure error message? [03:23] i.e. how did you come to know it failed? [03:23] it is in /var/log/user and it immediately disconncts the sftp sessions [03:23] let's see the error then [03:24] ok 10 secs [03:29] giovani: ignore me. it seems i have one set up here without /bin/bash which is working .there is obviously something else going on as well. [03:29] anyone know a way to limit ssh login attempts to 3 per hour? [03:30] mushroomtwo: do you mean per source ip? === mushroomtwo is now known as mushroomblue [03:31] that would work too. [03:31] there's no built-in mechanism for that -- you'd have to use a script that watches for logins (failed, presumably) and then actively bans that IP -- which is essentially an IPS (Intrusion Prevention System) [03:31] well why not describe what your goal is ... [03:31] someone has compromised me over wifi [03:31] your initial description was an output ... not really a motivation [03:31] and I'm pretty sure there's been a man-in-the-middle attack going on via the router. [03:32] hello all. im wondering how i can have a user start up a program at boot....id like for it start a screen session. i tried adding this to the crontab "@reboot /usr/bin/screen &" ...but it does not work. [03:32] so all my machines are more than likely compromised. [03:32] Wicked: you should add it to the proper runlevels [03:32] mushroomblue: how is this related to wifi? [03:32] giovani, well i just want to start screen for a certain user at boot...i really dont want to add a init script or somehting like that. [03:32] I've narrowed down the ways the attacker has accessed the system, and it appears it happened over wifi [03:33] there has to be a way to have a user be able to start something at or after the machine boots [03:33] which means, I have a douche of a neighbor [03:33] Wicked: ok ... "at boot" and "for a user" are entirely different, and not compatable methods [03:33] how about...id like a program to start under a certain user after the machine is fully booted. [03:34] the proper way to do anything like that is with an init script [03:34] it's just that simple [03:35] hmm ok [03:35] but I really don't think that you should be doing it -- I think you should be looking for a better method to achieve the output you want [03:35] mushroomblue: fail2ban, denyhosts, etc -- a bunch of scripts to monitor failed logins [03:36] I'm not sure how limiting logins to 3 per hour has anything to do with preventing an attacker who already has a password [03:36] it wouldn't. but it would discourage bruteforce [03:36] but if they already have hacked your system [03:36] there won't be any bruteforcing [03:36] so you need to define your parameters here [03:37] i run irssi and a few other things inside a screen session. i have screen setup to start the programs when screen is started. after the machine is rebooted i would like screen to be started so then my programs will always be running...then i can connect via ssh and reconnect to the screen session [03:37] Wicked: why would the system be shut down? [03:37] i thought setting a crontab to do that at boot would work...but it fails to start screen [03:37] giovani, lots of reasons. mostly...power outages [03:37] or new kernels [03:38] giovani: make no mistake, I'm in the process of reinstalling all my servers atm, and flashing the router. I'm just trying to come up with ideas so that there isn't a next time. [03:38] or someone trips over the power cord... [03:38] I can't afford another full system rebuild. [03:38] s/system/network/ [03:38] but thanks for the tips. [03:38] mushroomblue: ok -- but without understanding the attack you're trying to prevent, you're not goign to get anywhere [03:42] Wicked: alright, well if you want to use the crontab -- there's no need to add the '&' at the end -- the process isn't going to ever be in the foreground anyway [03:42] Wicked: Why not setup .bash_profile to launch screen for the user upon login? [03:42] I presume you added that to your user's crontab? [03:42] grim76: because he doesn't want a new screen session on every login, obviously [03:42] yea [03:43] Wicked: and you tested this with a -reboot- and not a clean startup? I'm not sure if it's specific to the former [03:43] and i just want screen to start at boot so all my programs in screen witll be running as soon as the computer boots. [03:43] http://rpatterson.net/blog/screen-sessions-at-boot [03:43] im trying that now [03:43] giovani, ive tried both [03:43] both what? [03:44] ok well that url is using an rc script [03:44] like I recommended [03:44] did you remove the '&' from the end and try a reboot? [03:46] yes [03:46] i added the & because without it it did nothing. [03:46] that seems unlikely, but alright [03:48] it's possible that @reboot isn't supported in your version of cron [03:48] I don't see it in my manpages [03:49] yea. [03:49] thats what i was thinking...that its a newer feature thats not in 8.04 [03:50] or a custom-compiled one in a major distro, who knows [03:50] but I don't see it documented outside of casual mentions in google [03:50] i don't see manpages containing it [03:52] yea me neither. i actually 1st saw the @reboot mentioned on a debian page [03:52] cant remember which one. [03:52] yeah, looks like ubuntu contains cron 3.0 [03:53] and the only manpage I can find mentioning @reboot is for 4.1 [03:53] Is that Gnu Cron? [03:53] no ... isc/vixie [03:53] the standard one :) [03:53] ah [03:54] Thanks [03:55] gnu cron doesn't even seem to exist [03:55] except in intention [03:55] http://www.gnu.org/software/gcron/main.html [03:56] nice that did just what i wanted [03:56] "This project has been decommissioned and is no longer developed." [03:56] http://directory.fsf.org/project/gcron/ [04:12] Ummm man 5 crontab |less +/@reboot shows @reboot in the Ubuntu 8.04 crontab(5) manpage, for me at least... [04:20] jmarsden: I stand corrected -- you're right, somehow I missed that [04:21] Debian, at least, defaults to Vixie cron [04:22] yeah, as does ubuntu === jtimberm1n is now known as jtimberman === pace_t_zulu_ is now known as pace_t_zulu [04:33] i think theres a vixie cron on aix even [05:06] I am having trouble with Webdav. I get the Error: You cannot connect to this server because it cannot be found on the network. Try again later or try a different URL. [05:06] Here is my Virtual Host configuration: http://paste.ubuntu.com/259068/ [05:06] Any help is appreciated. [05:07] Please [05:12] I have a private lan with a domain name gandalf.lan. I'm trying to configure /etc/exports with the following line /sharing *.tolkien.lan(blablabla). But it doesn't work Can someone telling me what I'm doing wrong ? [05:12] If I write /sharing *(blabalbla) everything is ok [05:13] probably a name resolution problem [05:13] How can I check? [05:14] can either host ping each other on tokien.lan and galdalf.lan? [05:14] I'm able to ping the gandalf.tolkien.lan from the cleint [05:14] whats the clients name? [05:14] hal9000 [05:15] can the server resolve that to hal9000.tolkien.lan ? [05:15] I am using: http://www.howtoforge.com/how-to-set-up-webdav-with-apache2-on-ubuntu-8.10 [05:15] No ! [05:16] To set up Apache for Webdav [05:16] yeah, so name resolution needs to work both wats [05:16] ways [05:16] otherwise use IPs [05:16] How can I do that both way ? [05:17] if you dont have a dns server, make sure they're all defined in /etc/hosts [05:17] I've already installed DNS. [05:17] Seems to work ok [05:18] Any ideas about my Webdav? [05:18] apparently its not if things arent resolving... [05:18] 'Cause I can ping gandalf.tolkien.lan www.tolkien.lan and tolkien.lan from the cleint [05:18] of course, all your hosts need to point to the same dns server [05:18] I see no difference but the paths in my file from the tutorial's pages [05:18] but the server.. [05:18] Alex_21: i havent messed with webdav in a long time [05:19] Can someone check to see if my config file is correct? [05:19] Where do I start to configure the server to recognize clients [05:20] slap: make sure it can resolve your hostnames [05:20] It is a mission critical webdav share [05:20] like... either consider it to point to your dns server in /etc/resolv.conf or edit /etc/hosts ... probably the same way you configured the client [05:21] Totally forgot to edit resolv! ( I remember reading something about that) Thanks a lot [05:24] are you trying to get to the webdav server using the URL as configured? [05:25] its going to be some.domain/base [05:32] Ok, now I can ping it both way. But I still have an access denied when I triy to mount the sharing ? Any clues ? [05:32] look in the logs [05:36] It says that there is a mount request for a unknown host ?? [05:37] I figured it out. [05:37] found it [05:38] I shouldn't have been so chicken about looking in Apache's logs [05:38] add the client's name on /etc/hosts [05:38] Thanks Sam-I-Am [05:39] Now, I can enjoy this webda share [05:40] logs are good [05:41] Yes. [05:41] Not plesant when you use a screen reader, but good all the same [05:46] Sam-I-Am I'm learning networking on linux. I have one thing I would like to know. If I want a sharing on a medium network with a DHCP service, how can I configure bind and nfs if I have dynamic address. Do I have to use something else ? [05:47] Is it possible ? [05:47] you can either make sure hosts keep the same name independent of IP... using dynamic DNS... or you statically assign IPs to hosts [05:48] no, I would ike to try with dynamic IPs for hosts. So I have to take a look at dynamic DNS, right ? [05:48] yup [05:49] or just allow entire ranges of IPs for nfs [05:49] or domains [05:49] Do I have to use bind9 with a different configuration, or there's another deamon [05:49] isc dhcp talks to bind9 [05:51] No. How can I do that ? [05:53] theres documentation out there [05:59] time for bed... [06:09] Thanks for all your help [06:09] Good night. [07:00] New bug: #416093 in samba (main) "karmic hangs during booting" [Undecided,New] https://launchpad.net/bugs/416093 [07:54] Hi there, I just recover my samba server but i cannot access to all of my shared folder even if i have permisions, and still i got error such as cli_lsa_lookup_sids_noalloc(): out of memory [07:55] New bug: #418276 in samba (main) "package samba-common 2:3.4.0-3ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,Invalid] https://launchpad.net/bugs/418276 [08:20] short question, what time is it (in UTC)? [08:36] johe|work: date -u [08:36] too easy :-) [08:39] i have a problem here with the ldap client auth, user logging works now, but he does not get the groups === mdz_ is now known as mdz [10:23] is there a decent guide that someone can point me to regarding 9.04 and hardware raid? [11:01] Hi, anyone know anything about RAID. See im not sure what config im best using [11:02] I see RAID 1 is all drives are the same and if one goes down you just replace it. But that means that if I have 6 72gb drives in, im only gonna get about 68gb of space? [11:02] which is ok for my LTSP server, but [11:02] i need to setup an asterisk server and store lots of calls. Am i best using RAID 5 for that? [11:08] <\sh> garymc: if you want raid1 over 6 drives, you use RAID10 [11:08] <\sh> garymc: which is a mix between raid0 and raid1 [11:08] thanks, but thats my issue i dont really understand raid [11:08] so dont know which one is best to use [11:09] <\sh> garymc: http://www.cuddletech.com/veritas/raidtheory/x31.html [11:09] im just looking to update the controller array 5i firmware [11:10] <\sh> garymc: it depends on your work setup ... raid5 + databases could be a problem in some cases...then you have raid6 which is similar to raid5 but has two drives which could fail at the same time [11:10] <\sh> garymc: HP? [11:10] yes [11:10] HP [11:11] * \sh is mostly using raid10 for more diskspace with mirroring...and having at least one more redundancy via drbd or directly using HP MSA 60/70 or iscsi solutions for lots of diskspace... [11:12] hmm lol, i better read up more on it all [11:14] im looking to download the firmware for my server, but theres that many differnt packages on the HP site not sure which one to get. [11:14] What do you think of this one? [11:14] Systems ROMPaq Firmware Upgrade Diskette for HP ProLiant DL380 G3 (P29) Servers [11:14] would that be the correct stuff to download and boot my server with? [11:15] <\sh> garymc: there is normally bios firmware updates and smart array updates packages...and there is at least one CD ISO where the latest stuff is on..depending on your configuration... [11:15] <\sh> smart array 5i is old afaik [11:15] so do i have to download the 5i firmwarE? [11:16] or can i upgrade my firmware to someting else [11:17] <\sh> garymc: for your smart array 5i http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?lang=en&cc=us&prodNameId=266599&taskId=135&prodTypeId=329290&prodSeriesId=374803&lang=en&cc=us this is the right page [11:17] <\sh> for your dl380 there is some other page....search hp... [11:17] thanks [11:17] :) [11:18] trying to load that link now [11:18] <\sh> garymc: for your ROM update...you need http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=266599&prodTypeId=329290&prodSeriesId=374803&swLang=8&taskId=135&swEnvOID=1085 this page === mrchrisadams_ is now known as mrchrisadams [11:18] whats a rom update? [11:18] <\sh> garymc: the smart array bios firmware stuff...it's the bios of your smart array controller [11:18] that first link you gave me lists operating systems [11:19] im using ubuntu 9.04? [11:19] or Centos [11:19] <\sh> garymc: yes and there is a smartstart maintaince - ROM update...that's what you need [11:19] do i just burn them to CD rom? [11:19] and boot the serveR? with it in? [11:20] <\sh> garymc: dunno...I'll have a debian OOB installation for this to update..cause I'm not really convienced that HP is supporting my ubuntu 64bit setup ;) [11:21] ahh ko [11:21] ok [11:21] well im running 32bit as 64 bit wouldnt work? [11:21] or wouldnt go on [11:22] <\sh> garymc: ah no...hp is supporting debian 32 + 64bit ... but as there are some kernel modules which I didn't test against ubuntu 32 or 64bit I can't say if it works...problem is that my HP supporter always tells me "You know more about this crap then I do" and I don't have the time to test it [11:22] ok lol [11:23] <\sh> garymc: next target of my work is to implement HP SIM for our server infrastructure and then I have the time to test HP drivers on Ubuntu [11:23] cool, busy busy :) [11:36] h [12:04] Daviey: ... [12:37] hi [12:37] i have a question, how can I install and configure truetype fonts for php? [12:44] sergevn: I'm kinda confused what you want to achieve.. php will produce valid output, but the fonts really need to be client side.. [12:45] Unless you are trying to create images or similar sergevn ? [12:45] Daviey: yeah images :) [12:46] ah [12:47] i am trying to use imagettfbbox() but getting error it cant fint the font. [12:48] sergevn: unless i'm mistaken, it uses a full path [12:48] you can't just say $font = "somefont.ttf"; [12:50] so you could just drop the somefont.ttf to the same location as the .php script [12:52] yeah im doing that. [12:52] still error [12:53] that's the weird part [12:53] and on "another" webhoster it does work [12:56] sergevn: http://uk.php.net/manual/en/function.imagettftext.php#90580 [12:57] sergevn: you might get more specifc help in a #php channel. [13:00] Daviey: you saved my day [13:00] it works :) [13:00] heh [13:05] is there a decent guide to making 9.04 work with hardware raid? [13:06] everything seems to want to send a person to software raid [13:07] Hello all, I want to build an ubuntu based lab, with fat-client config. Login+home mount should be authenticated using LDAP. Can any1 guide me to the needed howto documents? [13:08] soloslinger: to get hardware raid *working* is often irrelevant to the OS. [13:08] soloslinger: that's b/c with hardware raid the OS does not know anything about the raid configuration. it will see one drive when there are actually two (RAID1) [13:08] (for instance) [13:08] soloslinger: hardware raid just presents the raid disk as a standard block device. [13:09] pmatulis: I have configured hardware raids for use with other operating systems, but I can't seem to get ubuntu's server installer to want to recognize it. [13:09] Can any1 support me, please ? [13:09] soloslinger: k, that's different === cjwatson_ is now known as cjwatson [13:09] tarekeldeeb: however, monitoring the raid device is normally the responsability of the OS. [13:10] soloslinger: What make/model raid contoller are we taling about here? [13:10] soloslinger: maybe ubuntu just doesn't support that particular controller [13:11] pmatulis: that is my sneaking suspicion(sp?) unfortunately... Daviey: I'd hafta reboot the box and look, it's in a fairly new 1 u server, an hp dl160 g5 [13:11] soloslinger: ahh, is it hp raid? [13:12] The spelling of suspicion is correct [13:13] Daviey: yeah. [13:13] soloslinger: Then it is probably cciss, and i dislike it :) [13:13] pmatulis: ty =) [13:14] soloslinger: What version of Ubuntu are you trying to use? [13:14] Daviey: most likely it is. Am I SoL tryin to get the ubuntu installer to see it? 9.04 [13:14] no.. it should work. [13:15] kk [13:15] I'll hafta play with it when I have the opportunity to bring the server down for longer. Is there some docs somewhere that you (or someone else) could point me to? [13:16] Did some googling for that, but everything comes back with software raid tips [13:16] soloslinger: The "disk" should show under /dev/cciss [13:16] yeah [13:17] But as the installer moves along, even if I want to do partitioning manually, I don't see it prompt me to specify a device to use as a disk [13:17] ie, $ ls /dev/cciss/ [13:17] c0d0 c0d0p1 c0d0p2 [13:17] soloslinger: Can you confirm you are using the Ubuntu Server disk, or the Ubuntu Desktop? [13:19] Daviey: I am fairly certain I am, nobody here runs Ubuntu for a desktop, so there shouldn't be a cd of it laying around. If I install to one drive it doesn't try to get me to put a WM on like the desktop installs I did once upon a time. [13:19] ok, great. [13:19] Daviey: I would say I am fairly certain I am using a Server disk. [13:19] soloslinger: is it graphical or ncurses (blue)? [13:20] pmatulis: blue [13:20] soloslinger: When you get to the disk management area, what do you see? [13:22] Daviey: It first prompts me for something to the effect of "Do you want to enable Serial ATA RAID" with a yes, no and cancel. Regardless of if I select yes or no, the next screen where normally the partitions are built is blank. In other words, there isn't a "disk" there to divide up the partitions. [13:22] One trick could be to switch to a shell prompt (alt+f2) and type lspci to find out what storage controller it actually is [13:23] I'm not sure that the dl160 has a real cciss [13:23] i'll bet it's the P400. [13:23] Daviey: You'll hafta forgive me too, i needed something up by the time I left today so I am going from memory an hour or so ago. [13:23] soloslinger: no worries, can you try what maswan said? [13:23] sorry for duplicating, but i need support [13:24] Hello all, I want to build an ubuntu based lab, with fat-client config. Login+home mount should be authenticated using LDAP. Can any1 guide me to the needed howto documents? [13:24] If I switch to a shell prompt and build the partitions via Fdisk, could I switch back into the installer and carry on like normal? I am comfortable using Fdisk. [13:24] :( [13:24] soloslinger: I'm not sure offhand if fdisk is included in the environment, parted and probably sfdisk is [13:25] tarekeldeeb: Hm. Don't really know. We use kerberos auth. [13:25] Daviey: I will try the next time I can bring the server down for any time. I am fortunate that it's in a cluster of a couple other servers, so losing a disk will suck, but it could be worse. [13:25] tarekeldeeb: There are a bunch of ways, perhaps if you hit the ubuntu-server mailing list, you'll get a better response. [13:26] soloslinger: ok.. what OS is it at the moment? [13:26] ubuntu 9.04, I just have it running on one disk atm === freeflyi2g is now known as freeflying [13:26] Daviey: you want the output from a lspci ? [13:26] ahh, you can just ssh in and run some commands :) [13:26] kerboros, is it better than LDAP? Or you seek windows clients interoperability ? [13:27] soloslinger: please. [13:27] soloslinger: Also, fdisk -l would be handy [13:28] Daviey: thanks .. [13:28] Daviey: lspci = http://pastebin.com/d6e9ca9a4 [13:29] 631xESB hmm [13:29] Daviey: fdisk -l = http://pastebin.com/dd2f5c3c [13:30] i was wrong :) [13:30] soloslinger: for a two disk setup, is there a reason you dont want to use software raid? [13:31] Daviey: haven't really weighed the pros and cons out yet. Figured it had the hardware for a hardware raid, might as well use it. [13:33] soloslinger: I can see your point, but for 2 disks - there is no real extra overhead for a mirror / RAID-1 [13:33] and actually, you get some bonus.. you can pull the disk out and put it in any server, not locked to the RAID controller card [13:33] it's easy to monitor. [13:34] Daviey: I suppose so. What are you seeing that put the nail in the coffin to the hardware raid idea for my future reference? [13:35] soloslinger: I haven't used hardware raid with 631xESB.. but it was the fdisk -l, that showed 2 disks made me mention it. [13:35] Daviey: ah. Gotcha [13:36] soloslinger: mdad really is your new best friend :). [13:37] Daviey, maswan, pmatulis: I appreciate your time and help. I get to get outta here and get some sleep! [13:37] Daviey: Yuup. Sounds like I got some reading to do. [13:38] nn soloslinger, let us kow how you get on. [13:38] will do [13:38] yo, im installing new firmware for my HP server and its stopped at 82% :( [13:38] should i just wait? [13:39] firmware? for what device? [13:39] Array controller 5i [13:39] RAID [13:39] ok [13:39] all seemed to be going well then it stops, just sitting there :( [13:40] :) [13:40] now its done lol [13:40] ok [13:44] anyone tell me if I can have 4 X 146gb drives in my Server [13:44] 3 of them setup as a logical drive as RAID 1 and one of them spare [13:44] and the fourth 146 as Logical drive on its own as RAID 0 [13:44] ? [13:45] <_ruben> both raid0 and single drives arent raid [13:45] so would the RAID 0 drive be its own drive for extra storage? [13:45] so I could remove it when backing up? [13:46] Or should I set the 4 DRives up as RAID 1+0 and have two of them as Spares? [13:46] decisions decisions [13:46] its for a UBUNTU LTSP server [13:46] <_ruben> you cant do raid10 with 2 spares with just 4 disks [13:46] <_ruben> raid10 has a 4disk minimum without spares [13:47] <_ruben> (except for the software raid10 in linux, which can do fancy raid10 setups with odd number of drives for instance) [13:47] jdstrand, so yesterday you mentioned to me that passing sensitive data to a application via environment was not secure ? why is that? i'm not aware of a way in which a non-root user can view environment of another users' processes. [13:47] <_ruben> it pretty much comes down to how much performance and how much storage you need [13:48] well my RAID config is letting me setup RAID 1+0 with 2 drives and two spares? [13:48] New bug: #418342 in mysql-dfsg-5.1 (main) "akonadi-server prevents install of mysql-server-5.0" [Undecided,New] https://launchpad.net/bugs/418342 [13:48] what linux software can i get that does that _ruben [13:49] is it in the GUI or command prompt? [13:49] im better with gui [13:49] :) [13:50] <_ruben> garymc: mdadm .. not sure if there's a gui for it [13:50] ok [13:51] is RAID 0 just pure disk space? [13:53] and performance [13:53] <_ruben> raid0 isnt raid (as the r in raid stands for redundant, and raid0 doesnt offer redundancy) .. it basically 'glues' 2 or more drives together .. same as with using multiple pv's in lvm [13:54] ok well ive setup two logical drives in the array controller [13:54] one RAID 0 146gb drive [13:54] and 3 Raid 1+0 (2 plus a spare) [13:54] <_ruben> performance is one of the most common reasons for raid0 .. its nice for video editing for instance [13:54] Will this work? [13:54] I want to use the single 146 as a data backup [13:54] <_ruben> like i said, a single drive isnt raid, not even raid0 [13:54] will it show up as a seperate drive in ubuntu? [13:55] <_ruben> and im not sure how your raid controller does it, but in my book, raid10 over 2 disks isnt possible [13:55] hmm posible its RAID 1? [13:55] <_ruben> could be [13:55] thats over 3 [13:55] one as spare [13:55] just trying to work out the best setup of this stuff [13:55] <_ruben> raid1 with 2+1 disks is fairly common [13:57] cool but i got a RAID 0 on there too [13:57] in the fourth slot [13:57] will this work? [13:58] smoser: it is an unnecessary risk imo. subprocesses will inherit it, which might not be what you want. the same user can get to it (of course), root can get to it (of course). There might be other ways I'm not thinking of. IMO it will be difficult to get right, and if you do get it right, you may not have covered everything for another platform [13:59] smoser: I also googled it to see if I was missing anything and came across: http://dev.mysql.com/doc/refman/5.0/en/password-security-user.html [14:00] <_ruben> garymc: it probably would [14:00] on linux the "extremely insecure" would seem a bit incorrect [14:01] as "If you set MYSQL_PWD, your password is exposed to any other user who runs ps." is as far as i can tell explicitly wrong [14:02] so anyway... i agree that without care, environment is longer lived than data written to a pipe. but loads better than other ways. [14:03] and actually, i *think* that mysql was where i first saw this... if you do run '-pMYPASSWORD' as a command line argument, it reads that, and then writes over its argv space, so that the 'ps' only shows 'XXXXXXX' [14:05] smoser: yes, but it is in ps output for a split second in that case [14:05] yeah [14:05] s/second/milli secong/ but yeah [14:05] :) [14:06] smoser: it's not particularly hard to win those kind of races [14:07] fair. [14:07] jdstrand, do you know, is it actually the case that environment is intended to be "secure" on linux ? [14:07] ie, as a general goal rather than just happenstance that the /proc//environ has secure perms [14:08] smoser: I think it is hoped to be, based on /proc//environ [14:08] (i realize not pure happenstance, but wonder if it would be considered a bug if it would be treated as a security issue if that were leaked elsewhere) [14:08] jdstrand, thanks. [14:09] smoser: of course, I've seen kernel bugs where the permissinos end up wrong in /proc/ [14:11] smoser: based on /proc//environ, you *probably* are ok to use it, but still are dealing with subprocesses and root. I don't know exactly what you are trying to do, but if it is ec2, protecting against root where feasible would be a good defensive stance [14:11] smoser: I don't claim to know every means of getting at the environment, but it doesn't feel right [14:12] smoser: kees and mdeslaur may want to weigh in as well [14:13] jdstrand, it was just a general question, really, but came up in context of ec2-ami-tools (from amazon) which expose "secret-key" on cmdline and provide no other way to pass it (that i'm aware of) [14:13] how much hope does one actually have for protecting against root ? is that a reasonable goal? [14:14] jdstrand, i would say that if you were a program reading sensitive data from environment you should take care to un-set that data after reading [14:14] smoser: a real fix would be to use a config file, as mysql does. You should file a bug with amazon to get that implemented. [14:15] (I recommended that initially) [14:15] so how is a permanently stored plaintext password in a config file more secure than just about anything... definitely not safe from root. [14:16] oh...good luck protecting from root [14:16] smoser: those are two different points [14:16] * mdeslaur has not followed the whole thread [14:16] you should always protect your stuff from root [14:16] because root is the evil man [14:16] it would seem to me that plain text password in a text file is not really more secure than environment on linux [14:16] smoser: you can't fully from root, cause there could be a keylogger [14:17] smoser: and of course root has access tot he file as well as /proc/../environ [14:17] smoser: most "debugging" scripts people run grab the user's environment [14:17] right. thats what i was thinking... doesn't really matter what you've done if there is evil root [14:18] smoser: I don't know the application, but prompting for the password and piping it into a command via a shell built-in is safe from all but a key logger and memory attacks [14:19] smoser: my point wrt to the env is that 'ps auxwwe' will show all the environment as root. if the perms in /proc/.../environ happen to be wrong (I'm assuming ps is looking at that), your screwed [14:20] smoser: if you don't use the environment, you are protected from such matters [14:20] what's the debate here? storing passwords in environment variables? [14:20] smoser: imho, when dealing with ec2 private keys, I think a defense in depth is in order [14:20] mainly, yes. [14:20] mdeslaur: it's not so much a debate as a discussion [14:21] i'd say an education of smoser more than debate [14:21] mdeslaur: but that is what I thought you might want to weigh in on. it makes me feel queezy [14:21] queazy? [14:21] well, environment variables aren't usually considered confidential. A whole slew of scripts pick up the environment variables when submitting bug reports, etc. [14:21] * jdstrand goes with qweezee [14:21] just fyi, i verified that /proc//environ is apparently read-only even to and recorded at invocation time [14:21] PASSWORD=bar bash -c 'PASSWORD=XXX; unset PASSWORD; sleep 30' & [14:21] [4] 6530 [14:22] looking at environ of 6530 still shows "PASSWORD=bar" [14:23] mdeslaur: that is an excellent point [14:24] if there is a bug, a user would happily run 'sudo apport-collect -p ...' if asked to in a bug report [14:25] now you have to make sure your apport hook doesn't submit it, but then you can't protect against ad hoc debugging scripts [14:25] like "ipsec barf" [14:25] jdstrand, apport-collect does tell the user "please look for confidential data" [14:25] and phpinfo() [14:25] but yeah, probably they're not going to :) [14:25] and whatever else [14:26] smoser: apport-collect does? I'm pretty sure it just runs and submits (note, apport-collect is for adding info to a bug after it is filed, and separate from apport-cli and apport-gtk) [14:27] jdstrand, ok... i'm probably wrong yet again... i was thinking of 'ubuntu-bug foo'... i sweare it used to say "if you weren't doing anything confidential..." [14:27] but it doesn't seem to say that now. it really should. [14:27] smoser: you are right about that-- it will give you a chance to look at it :) [14:28] smoser: it does give you a chance to look at it though [14:28] smoser: regardless, using env seems brittle at best [14:30] mdeslaur, jdstrand thank you for environment-variable-security-101 class. [14:30] smoser: I think apport will say the confidential bits if it grabs a crash. ubuntu-bug may not prompt for anything, but gives you a way to see what youa re submitting. apport-collect just does it [14:31] smoser: the other thing, is environment variables being private may not be portable [14:31] I'm not an apport expert, but pretty sure that is how it works [14:32] mdeslaur, i agree, its not portable to other unixes [14:32] but does anyone care about other unixes ? :) [14:32] * smoser ducks [14:32] smoser: what other unixes? :P [14:32] smoser: amazon may care [14:33] i think larry ellison owns a unix [14:33] he owns a lot of stuff [14:33] also, some people use some legacy OS called "Windows" [14:36] jdstrand: It's "queasy" isn't it? [14:36] soren: aha! that's it [14:36] soren: though, I think qweezee is more fun [14:36] * soren agrees [14:36] at least as fun as feeling 'barfy' can be [14:37] it's not fair to other legacy software to call Windows legacy ;D [14:38] mdeslaur: Environment variables under Windows are freaky in all sorts of ways, though. [14:39] mdeslaur: Processes that can modify each other's environment makes me cringe. [14:39] jdstrand: Heh... "barfy". That's good. [14:40] :) [14:42] FYI, I just put in a big stack of sync requests that should result in a working turbogears2 for Karmic. [14:51] I just installed Ubuntu LTSP on my server with the RAID config above ^^ 3 RAID 1 , one as a spare and One 146gb as RAID 0. === giovani_ is now known as giovani [14:52] Now the 146gb RAID 0 drive shows up in the file system, but it says unable to mount when i click on it [14:52] hello garymc [14:53] A single RAID 0 drive *makes no sense*! [14:53] garymc, is that 5 disks total? [14:53] ball: remove 'A single' and 'drive' [14:54] ivoks: There are probably a few applications where non-redundant striping is justified (e.g. video editing scratchpad). [14:54] ivoks: anything special I should know about before acking your openais sync request ? [14:54] ...but not on a single drive ;-) [14:55] lol ball, i was just thinking maybe using it as a mass storage device you know for extra disk space [14:55] garymc: that's not RAID-0 though. [14:55] ttx: nothing special... === clusty_ is now known as clusty [14:55] that's just a disk. [14:55] no? it says it is in the Array utility, just updated firmware too [14:55] ohh ok [14:55] I cant mount it anyhow in my Ubuntu Ltsp setup [14:56] garymc: you may want to remove it from your RAID controller's list of drives to use. [14:56] and i know now it aint a good idea [14:56] i will [14:56] just delete it and remove it? [14:56] or can i do something else with it [14:57] maybe make it another spare? [14:57] ttx: there will most probably be additional syncs from debian later [14:57] ttx: but i'd like to have everything in place before FF [14:57] ivoks: sounds like a good idea [14:57] garymc: are the three disks (RAID-1 mirror and a standby drive) all 72 Gbytes? [14:59] yes but 146gb now [14:59] sound of dell t300 booting === ivoks_ is now known as ivoks [15:02] ivoks: acked [15:02] ttx: :* thanks [15:03] ivoks: in all cases it sounded better than what was already there :) [15:03] right... i'll upload pacemaker once openais settles down [15:04] and somebody will need to sync rhcs [15:04] and that's it [15:04] 0 time spent on mail stack :( :( :( [15:19] anyone know where MySql likes to save the databases you create? [15:20] /var/lib/mysql [15:20] morning everyone [15:20] * ball waves [15:20] oooh, we have a meeting today, right? [15:20] yep [15:25] Is that in here or in #ubuntu-meeting ? [15:25] ooh. Meetings. [15:26] what time? [15:29] ball: #ubuntu-meeting [15:29] in 30 minutes [15:30] Thanks [15:31] what package do I need to install to be able to compile apache modules with apxs ? [15:31] I see, the development headers [15:46] join #ubuntu-meeting [15:46] oops [15:48] Sam-I-Am: Thanks for the reminder :) [15:48] haha [15:51] hmm, so crontab in ubuntu (and other linuxs ) doesn't seem to support a backslash dor multiple lines -- but freebsd does -- despite using the "same version" of cron [15:59] If you need more than one line, wouldn't a script be nicer? [16:00] in some cases [16:00] not always -- just annoying that it's available somewhere and seems simple to have [16:06] stgraber is this documentaion, does it work with Ubuntu LTSP or do I need to install Ubuntu server on the one I want to add as a cluster to my main LTSP server? [16:07] chaps -> meeting [16:07] giovani: If it's the same version, they'll act the same. [16:08] stgraber: O k I need to follow those instructions youve done to the tee [16:09] pretty good rigth up and thanks for providing this [16:09] *write [16:09] ive just uploaded libcgroup (http://revu.ubuntuwire.com/p/libcgroup) to REVU, if anyone has some cycles to review it I'd be very grateful [16:10] sorry wrong room :S [16:14] scary dealio with how meetings are conducted. [16:26] soren: putting "same version" in quotes wasn't accidental -- and that's false -- different distros apply patches and keep the upstream versions the same all the time === nxvl_ is now known as nxvl [16:54] I don't get the idea of holding back bacula 3.0.x. [16:59] FF is day after tomorrow [17:00] and nobody looked at bacula and the merge isn't quite trivial [17:00] FF? [17:00] feature freeze [17:00] mind you, this is my first meeting. [17:00] ah. [17:01] soren/smoser: I wanted to check on how testing is done of the UEC/EC2 images for milestones [17:02] I looked in the test tracker at http://iso.qa.ubuntu.com/ but they aren't there [17:02] where do you report the test results? [17:02] mdz: It's manual at the moment. there's a testing matrix on the iso tracker. [17:02] soren: oh, did I overlook them? [17:02] Daviey: is Thursday the last day to submit tips for karmic? [17:02] mdz: To be honest, I've not used it. I just talked to slangasek about it, and he said he was putting it up there. [17:02] I looked at the left in the list of products, and under the server section [17:02] aubre: no.. should still be ok after that.. [17:03] soren: who performs the testing? [17:03] aubre: it's not been uploaded yet anyway. [17:03] Daviey: ok, it's not like it would break anything. Is it going to be in karmic? [17:03] mdz: For Alpha4, I did. I forget who else. [17:03] aubre: should be, just resolving some issues before it gets uploaded. [17:04] mdz: They're listed as UEC images. [17:04] soren: I have looked all around and can't find them. can you give me the URL if they're there? [17:04] take care [17:04] mdz: In light of the... um.. interesting kernel issues we're seeing on EC2, we should probably track those separately. [17:05] mdz: I chose the "All" filter. [17:05] are theimages working ok in UEC? [17:06] aubre: I'm not familiar with the filtering magic in the ISO tracker. Perhaps "All" is the only way to see it. [17:06] soren: weird, they do show up there, but not anywhere else that i see [17:06] soren: in any case, it shows no test results submitted [17:06] soren: and most of those tests are nonsensical for UEC and EC2 [17:06] so we need to get the test tracker sorted out, and then make sure that all milestone test results get reported there [17:07] mdz: It's something slangasek and I agreed to revisit for the next alpha. [17:07] mdz: Alpha4 did have a bit of a "this is the first time we're doing alphas of these things" feel to it. [17:07] mdz: I'm about to call it a day, did you have any question not EC2/UEC related that you wanted answers for ? [17:07] soren: we had discussed the possibility of getting the daily UEC images into EC2 as AMIs. wheer does that stand? [17:07] ttx: yes [17:08] mdz: fire [17:08] ttx: what is the status of "user login leverages directory infrastructure" in Karmic today? [17:08] mdz: It was a useful experience, though. It uncovered a lot of things, such as the need to specific tests we need to put on the ISO tracker, for instance. [17:08] ttx: should I address all EC2/UEC questions to soren then? [17:08] mdz: waiting on openldap upstream to deliver the feature [17:08] mdz: will require a FFe for 2.4.18 [17:09] mathiaz: what other work is remaining in Karmic for that spec? [17:09] other than openldap 2.4.18? [17:09] mdz: yes. [17:09] mdz: package sssd - it's under testing right now [17:09] mathiaz: is that correctly reflected in the status page? [17:09] mathiaz: shoudl be done sometime today, right [17:09] mdz: as upstream released their version yesterday - it should be in karmic before FF [17:10] dendrobates: it's up to date on the Canonical Server team Operational plan page, yes [17:10] dendrobates: nope - last time I updated the status page was on Friday [17:10] mdz, regarding daily UEC images into EC2 as AMIs, I was planning on looking at adding code to do that to the automated builds [17:10] dendrobates: the status page shows it as "on track" but we are 2 days away from "missed the deadline" so I thought I'd check [17:10] mathiaz: I updated it for you. [17:10] dendrobates: and the news I got arrived yesterday late (my time-EST) [17:10] mdz: We haven't had time to look into that. I've scripted the entire process, though, so just need to find out if a) we can pull the images at will (so we don't end up having thousands of images on EC2 for no good reason), and b) where we'll be running the scripts to do this automagically. [17:11] ttx: ah ok - thanks. [17:11] mdz, regarding updated-ness of ec2 mirrors, I just verified that at least the us is up to date and sources.list is functional to point at it [17:11] http://pastebin.com/m2601b85c [17:11] mdz: status page shows "Has issues that need to be resolved in order to make the release" for that spec [17:11] soren: do you think it is worth doing for 9.10, or should we put it off until Karmic+1? [17:11] hey === Faust-C is now known as VirtualDisaster [17:11] smoser: thank you. can you clarify who is responsible for the operation of those mirrors? is it canonical IS? [17:11] smoser: I think it's worth revisiting for this release. [17:11] Err.. [17:11] mdz: I think it's worth revisiting for this release. [17:11] mdz, i don't know that.... soren said IS, i have no info to refute [17:12] soren: I think we should defer that to 10.04 [17:12] soren: do you have a name for someone in IS who is responsible? [17:12] mdz: For what, exactly? The mirrors? I've only talked to elmo about it, I think. [17:12] soren: yes, the mirrors. OK. [17:12] mdz: anything else ? [17:13] i am having some issues using LDAP as a source for usernames (network auth). I installed the LDAP server and can query it locally with ldapsearch. Also installed lib-nss-ldap and configured it to the best of my knowledge [17:13] https://help.ubuntu.com/community/LDAPClientAuthentication [17:13] ttx: lots, but all the rest is EC2/UEC, so if you don't have information on those projects, I guess there is no need to stick around [17:13] unfortunately when I do a getend i don't see any user from LDAP [17:13] any ways how i can debug what is going on? [17:13] mdz: I have some, but soren has much fresher information. [17:14] mdz: what TZ are you in currently ? [17:14] soren: what's the story on EC2UpgradesSpec? it's low priority and 0 of 4 work items are complete, so it sounds like "defer to post-Karmic" [17:14] ttx: Have a nice evening, talk to you tomorrow. [17:14] ttx: UTC+1 [17:15] mdz: ok, so we should be able to discuss any remaining questions with you tomorrow morning. [17:15] but I will be staying around until I have a clear idea of what's done vs. not done for feature freeze [17:15] ttx: the rest of this week I will be UTC-7 FYI [17:15] mdz: It's been blocked on the whole kernel thing. It's something I'd really, really like to do for this release, I have most of the code on my side, it just needs testing on EC2. It's very much worth an FFe. [17:16] soren: what's "the whole kernel thing"? the bug(s) which cause boot failure? [17:16] mdz: Yes-ish :) [17:16] mdz: The absence of a karmic ec2 kernel. [17:17] mdz: ...which is caused by the boot failure bug(s). [17:18] soren: absence? I thought it was just unreliable [17:18] mdz: That's the Jaunty kernel. [17:18] soren: what's the story with the karmic kernel (bug numbers?) [17:19] mdz: I'm not sure there is a bug report on it. It has simply not been delivered. [17:19] soren: what's included in the karmic UEC images then? [17:19] oh, a non-xen kernel of course [17:19] mdz: UEC images do not contain kernels. [17:20] soren: so what's in the karmic alpha 4 AMIs on EC2? [17:20] the amazon kernel? [17:20] mdz: An Intrepid kernel. [17:20] oh dear [17:20] ...from Amazon. [17:21] Well, the one we've been using for Intrepid on Amazon. [17:21] "oh dear" indeed. [17:21] :( [17:22] I'm well aware that this is bad in more ways than I'd like to enumerate. We needed a kernel that worked. [17:22] soren: under the circumstances, I'd like to propose that we drop the kernel upgrades project, since we have our hands full getting even one kernel working [17:23] mdz: Well, getting a kernel working is the kernel team's job. [17:23] mdz: So that does not take time from us. [17:23] mdz: Other than the poking and nudging and all that. [17:23] soren: moving on to UEC, what's the status of eucalyptus 1.6? I see there's a snapshot from bzr in karmic [17:24] mdz: Correct. [17:24] soren: how is it working? [17:24] mdz: It's still settling somewhat. [17:25] mdz: There are some upgrade issues (conffile handling) that are causing problems. [17:25] mathiaz: sorry i was away during the meeting, i though I would be available but I couldnt make it :( [17:26] mdz: ..and some other bits and pieces. [17:27] soren: does it pass a smoke test on a fresh install? [17:27] mdz: The reason for the bzr snapshot is that upstream hasn't actually tagged their 1.6 release yet. They are also stabilising. I'll grab the freshest code tomorrow evening or Thursday morning, so we're as close to their final relaese before FF. [17:27] mdz: I've not had a chance to test that yet. [17:27] mdz: ...since it doesn't really work very well in a VM. [17:28] soren: when will the seed changes land to put eucalyptus on the CD? [17:28] mdz: The NC because it needs to run virtual machines (which is tricky inside a virtual machines) and the other stuff because the networking is special. [17:28] mdz: They landed a while ago. [17:28] mdz: I think. [17:28] * soren checks [17:30] mdz: cd-build-logs agrees. [17:30] committer: Colin Watson [17:30] branch nick: ubuntu.karmic [17:30] timestamp: Tue 2009-08-11 13:57:54 +0100 [17:30] message: [17:30] add eucalyptus-simple-cluster and eucalyptus-node tasks, for foundations-karmic-cloud-setup-in-server-installer [17:30] Yup. [17:30] soren: so that's blocked on eucalyptus getting promoted to main? [17:30] Yup. [17:30] what's holding that back? [17:30] Eyes and hands. [17:31] We're waiting for the MIR team. [17:31] Except for a few cases where I need to fix up a few things. The vast majority is java dependencies which simply need a review from the MIR team. [17:32] soren: who is working on that? [17:32] mdz: lool and pitti, I believe. [17:32] foolano: np - we've got the update [17:33] mdz: I seem to remember overhearing something about the rest of the team being on holiday. [17:33] mdz: Don't quote me on that, though. [17:33] soren: since we're almost out of time, I think we need to be tracking it more closely [17:33] especially if the people who would normally work on it happen to be on holiday [17:33] how can I help move it forward? [17:34] mdz: I'm not sure what more we can do. We poke and prod as much as we can without being excessively annoying. :) [17:34] mdz: the whole MIR team is working on that [17:34] though so far only asac did some reviews. [17:34] and lool on the C ones. [17:34] ttx: hm - regarding sssd [17:34] ttx: the packaging is ready [17:34] ttx: there is a fine line between "everyone is accountable" and "no one is accountable" ;-) [17:34] mdz: indeed [17:34] mdz: :) [17:35] if no one is working on it, it will not get done, no matter how many people are on the MIR team [17:35] ttx: but sssd doesn't work on karmic - related to dbus being broken [17:35] ttx: does it make sense to upload the package to karmic even it's broken? [17:35] ttx: with upstream being aware of the issue? [17:35] it sounds like what you need is a commitment to get the remaining reviews processed, and the packages promoted to main, in the next two days [17:36] mdz: Correct me if I'm wrong, but I don't believe we usually consider main promotions covered by feature freeze? [17:36] mdz: during my meeting with the MIR team, they said it was ok to do MIR stuff after FF... though in our case it clearly screws up the delivery of the feature on the CD. [17:37] soren: they're correct in that we can promote things to main post-FF. however, you can't deliver your features until those MIRs are processed. [17:37] mathiaz: would it require a fix in sssd to be working, or just a future fix in dbus ? [17:37] mdz: Ah, yeah, we do have the "*-on-a-cd" spec. [17:37] soren: and if I'm not mistaken, the foundations team has a feature goal which depends on eucalyptus being on the CD, and they won't be able to land that either [17:38] (the cloud installer) [17:38] mdz: *nod* [17:38] so it's not OK to put that off [17:38] next, the virtual appliance project [17:38] I see that alfresco has landed in partner, which is great [17:38] Oh, we're not actively delaying it :) [17:38] ttx: I don't know - bug is under investigation [17:38] but who is working on making the appliance? [17:38] I am. [17:39] mathiaz: if the dbus bug is tracked and milestoned appropriately, I'd upload the package, not working but not broken in itself [17:39] soren: sounds like you have a lot on your plate [17:39] soren: is there anyone else who can work on some of these things, to let you focus more? [17:39] ok, now I really need to go or I'll die. [17:39] ttx: hm - well the package doesn't install since the daemon is not able to start [17:39] ttx: ok - I'll keep investigatin this issue [17:40] mdz: I'm not sure I can split it up, explain and train someone else to work on it iwithin the given timeframe. [17:40] ttx: Take care! [17:40] mathiaz: mdz knows what FF should cover. Ask him what alternative is the less worse. [17:40] mdz: I do have a lot on my plate. No argument there :) [17:40] mdz: for the record, I do not need euca on the CD to develop my side of this [17:41] it can be landed for netboot at least [17:41] cjwatson: only to test it? ;-) [17:41] * soren suspects cjwatson can roll a CD with eucalyptus on it if he wants to test it :) [17:41] lots of people will be using this with netboot anyway [17:41] indeed [17:41] so I can develop *and test* it that way [17:41] as it happens I'm debugging it into existence at the moment [17:41] cjwatson: should I be nervous that you're not talking about it in the past tense? [17:41] ah [17:42] it is not exactly terribly early, but I think I have it under control [17:42] cjwatson: is there anything I can do to help? [17:43] mdz: I've bounced you the mail I sent about it before going on holiday last week [17:44] soren: what sort of explanation or training would be needed to work on the appliance? [17:44] soren: I think I could explain it to someone pretty easily if that would help [17:44] I'm happy to put the time in if it would move things forward [17:44] the main things that are left are additional debconf configuration and the thing to write and publish the preseed file on the cluster [17:45] cjwatson: I can take back that TB action if needed ;-) [17:45] mdz: There are two sides to this, really. There's the one where we build a UEC image with the alfresco package preinstalled. This is quite simple. [17:45] if what I have here does anything sensible at all, I'll upload it hopefully today [17:45] mdz: I have two weeks for it, right? :) [17:45] soren: that's the part I'm asking about . that is, in fact, the whole reason for this exercise. it was the original requirement: a reference appliance :-) [17:46] (yes, I know) [17:46] cjwatson: :-( [17:46] I wish I could say that it could be deferred, but it can't [17:46] I mean for the TB action [17:46] oh [17:47] phew [17:47] err, you can come and babysit so I don't have a child trying to climb over me? :) [17:47] cjwatson: if I didn't have a plane to board tomorrow... [17:47] mdz: The other is the recipe based version (or as I like to call it: the one that is actually useful). [17:47] don't panic, captain mainwaringg [17:47] -g [17:47] mdz: A CMS is no fun if it's going to throw away all your content when it's rebooted. [17:48] soren: why does that require a recipe? I figured it would just use an EBS volume or whatever [17:48] mdz: You just answered your own question :) [17:48] mdz: Because it needs and EBS volume. [17:48] -d [17:48] soren: I guess my understanding of what we mean by recipes is a bit weak [17:49] you know, what would really help me that's basically decoupled would be having the eucalyptus package in revision control in a useful way [17:49] mdz: Recipes are needed if you need to take actions that require the user's credentials. [17:49] soren: this is not as urgent as the other items; if it requires hacks which can't go in past FF, we can hide those away in the image [17:49] which probably only takes making sure that James' import is sane and then branching it and agreeing to use it [17:50] mdz: Since those are not going to be available in a generic image. [17:50] mdz: ...so we need something that holds the user's credentials to set up the EBS volume and all that for them. [17:50] soren: is there anyone in particular assigned to packaging landscape this cycle? [17:51] mdz: Packaging... landscape..? [17:51] mdz: Oh, the client stuff? [17:51] soren: yes, landscape-client, sorry [17:51] I'm not sure. [17:51] dendrobates: ? [17:51] Not that I know, but that is not to say there isn't :) [17:52] mdz: not that I am aware of. I will ask mathiaz. [17:52] cjwatson: The eucalyptus packaging should be on launchpad already? [17:52] * soren checks [17:52] mdz: I uploaded the latest version of landscape-client two weeks ago IIRC [17:53] mdz: I haven't heard anything from the team since then [17:53] mathiaz: can you tell me if there is another code drop they expect to land for feature freeze? [17:53] soren: there's no vcs-bzr field in the package [17:53] mdz: I don't know. [17:53] which is, at the moment, an indicator that the branch is actually being used [17:53] cjwatson: Ah, sorry about that. [17:53] I don't want to commit to a vacuum [17:53] cjwatson: https://edge.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu [+] [17:54] aha [17:54] s/\[\+\]//g [17:54] right then, I will get that into shape with my recent uploads [17:54] cjwatson: That would be fantastic. Thank you. [17:54] mdz: Did you want anything else from me? I've got dinner waiting. [17:55] (out for half an hour while this test install runs) [17:55] mdz: Alternatively, I'll be back in a couple of hours. [17:56] mathiaz, dendrobates: I just remembered Gustavo was here in the office :-) [17:56] he says that he doesn't think there are any features outstanding, that they expect to be in bug fix only mode at this point [17:56] but he will confirm 100% and get back to us [17:56] mdz: great :) [17:56] hmm, actually, I can take the laptop downstairs with me ... the magic of wireless [17:56] mathiaz, dendrobates: he says they normally release the client once per month. we should make sure that we track those monthly releases and sponsor them [17:57] Free on the landscape team is apparently working on the packaging [17:57] so hopefully they just need review and sponsorship [17:57] mdz: yes - I'm in contact with him [17:57] * soren needs to run [17:57] mdz: he pings whenever he needs sponsoring [17:57] * soren will check back later [17:58] mathiaz: ok, good. so I'll just get confirmation that there is no more feature work expected to land in karmic [17:58] soren: thanks for all your help [17:58] oh GOD I hate CDBS [18:01] mathiaz: regarding the directory stuff, so AIUI you hope to upload sssd before FF, and seek an FFe for openldap...and there is nothing else to do but fix bugs? [18:01] mdz: that's is correct. [18:02] mathiaz: thank you [18:07] soren: hmm, not to be picky, but do you think you could remember to commit your *own* changes to that branch? :-) 0ubuntu2 doesn't seem to be there ... [18:07] * cjwatson syncs it up [18:10] where in /etc/ is the place where i can change kernel params? [18:12] sysctl.conf [18:12] maybe :P [18:13] that depends on the kernel parameter [18:13] if you mean the kind you put on the kernel command line, then that goes in bootloader configuration - /boot/grub/menu.lst in <=9.04, or /etc/default/grub in >=9.10 [18:16] soren: synced up to match the archive now [18:16] got it [18:16] kinnaz, got it thanks. [18:37] smoser: leaking environment variables would be considered a security issue, yes. === BigJB_ is now known as bigjb [18:37] smoser: also, /proc/$pid/environ, as you saw, is only the invocation environment, since later env changes need to use different regions of memory, IIRC === Authority is now known as Guest50088 [19:33] What software is being used for spam scanning now a days? [19:37] heath|work: it's always been spamassassin for content scanning [19:37] there are many other spam-prevention techniques [19:37] but spamassassin has dominated the content scanning market [19:38] giovani, What about Mail Scanner? It looks like it uses spamassassin and clamav [19:39] well it's just a package [19:39] it's not a scanner application itself [19:39] it uses some blacklists, etc [19:40] I see no point in using it over using the individual applications yourself -- which gives you a lot more flexibility and customization === Faust-C is now known as VirtualDisaster [19:53] i have 2 repos with the same package name in each [19:53] however the one i need is from a custom repo, how would i install a package explicitly from the custom repo and not brick apt-get [19:59] !pinning [19:59] pinning is an advanced feature that APT can use to prefer particular packages over others. See https://help.ubuntu.com/community/PinningHowto [19:59] VirtualDisaster: ^ [19:59] genii, ah ty [20:00] np [20:02] genii, thanks [20:03] sorry giovani ^^ [20:03] * genii hands out more mugs of coffee [20:14] cjwatson: *blush* Sorry about that :( [20:26] * genii scrolls back up to see what all the blushing is about [20:40] kirkland: I still have the padlock_sha.ko problem. [20:41] jpds: oh, really! [20:41] jpds: herm [20:41] kirkland: What's kernel is your fresh install running? [20:42] jpds: i just updated it to latest; rebooting [20:42] jpds: boom ... it's back [20:42] Installed: 2.6.31-7.27 [20:44] jpds: yeah, -7 breaks [20:44] jpds: -6 works [20:44] I know. [20:45] jpds: are you encrypting swap? [20:45] Otherwise I wouldn't be here. ;-) [20:45] kirkland: /home, with LUKS. [20:46] jpds: interesting, okay [20:49] soren: I'd very much appreciate it if you could review lp:~cjwatson/eucalyptus/installer - would there be a major problem with merging and uploading this as a step on the road? [20:49] I'm pretty sure it's not all the way there [20:54] mdz: ^- or indeed you might like to [20:56] this is basically the patch from a week ago with basic bug-fixes applied following smoke-testing [20:57] and with euca_find_cluster updated to output IP addresses rather than hostnames [21:34] kirkland: hey - http://people.canonical.com/~mathiaz/cgroup.boot.png [21:34] kirkland: Am I supposed to do something special to make cgroup working? [21:40] jbernard__: cgroups [21:40] jbernard__: what needs to be done to make it work out-of-the-box? [21:40] kirkland: ahh [21:40] you need to edit /etc/cgconfig.conf [21:41] jbernard__: to say what [21:41] and at least uncomment the lines referring to 'mount' [21:41] is it something that we could ship a more sensible default? [21:41] jbernard__: or disable the init script by default, if config must be done? [21:41] yes [21:41] we could go both ways [21:42] the current package install everything as the upstream author indented it, but I really think we can do a bit better on default configuration [21:43] what are your thoughts there? [21:43] jbernard__: is there a reason to *not* have the mount lines uncommented? [21:43] jbernard__: the idea being that a default install should work OOTB - ie have a minimal working configuration [21:43] the directory must exist, in this case '/mnt/cgroups' [21:44] so we could ship with those lines uncommented and create the dir if it doesn't exist [21:44] jbernard__: if every use will have to uncoment the lines, then it makes sense to enable them by default [21:44] i agreee [21:44] i can make that change quickly [21:45] jbernard__: cool, thanks [21:45] jbernard__: please bump the ubuntu version, as i uploaded the other one already [21:45] other one? [21:45] from 0ubuntu1 to 1ubuntu1 you mean? [21:45] i uploaded what you put in revu [21:46] jbernard__: you did a nice job packaging this, thanks ;-) [21:46] jbernard__: i asked mathiaz to additionally review [21:46] no problem [21:46] jbernard__: 0ubuntu2 [21:46] so the only request I'm hearing is a sane default configuration [21:46] jbernard__: his comments on the init script/config are correct, but that can be solved between now and beta [21:47] ok, so this solves the in-before-freeze issue [21:47] or is the clock still ticking? [21:48] I think that's ok to fix the default configuration between now and beta [21:48] It's not a blocker for FeatureFreeze IMO [21:48] ok, thats good to hear [21:50] i will make the change then so the initscripts can be run at install successfully [21:51] jbernard__: right - I noticed that the init scripts weren't installed via dh_installinit [21:52] jbernard__: so they're only installed, and not run [21:52] jbernard__: which is kind of odd for init script [21:52] correct, i removed the running of them from the postinst [21:52] excited - I got my hardware in and tomorrow I will be racking it and getting ready for my UEC proof of concept cloud for Auburn University [21:52] because it requires a working configuration [21:52] jbernard__: the result is that either the system needs to be rebooted or the init script needs to be run manually afterwards [21:53] jbernard__: right - I think that providing a default working configuration would fix this issue [21:53] jbernard__: it makes sense to install an init script and then start it [21:53] jbernard__: one of the Ubuntu policy is to have a default configuration working OOTB [21:53] i agree, ill make that change [21:54] mathiaz: okay, where's the sssd branch? [21:54] james just mentioned that he's inclined to reject it from the queue, so ill try to get these changes tested an uploaded this evening [21:54] mathiaz: sorry, i'm sure it's in my history :-) [21:54] mathiaz: it's been a crazy busy day [21:54] jbernard__: note that I don't have enough knowledge about cgroups to actually figure out whether it makes to have a default configuration working for 80% of the systems [21:54] Since this setup is proof of concept, should I stick with jaunty, or go ahead with karmic? [21:55] kirkland: https://code.launchpad.net/~mathiaz/sssd/ubuntu-pkg-release-tarball [21:55] kirkland: yeah - welcome to pre-FeatureFreeze crazyness... [21:55] it certainly won't be in production until after karmic [21:56] aubre: UEC testing in Karmic is more than welcome [21:56] aubre: however you may enconter rough edges [21:56] aubre: just be aware of that. [21:56] mathiaz: great, I'm prepared for that [21:57] aubre: like - it may break, not work at all, or eat your data [21:57] mathiaz: actually this setup is for testing , it won't have anything of vaule on it [21:57] aubre: if you're up for it and ready to debug/report bugs, testing UEC in Karmic is welcome [21:58] mathiaz: made for breaking, I am ready to help with bugs, I have my launchpad account all set up [21:58] aubre: awesome - welcome to the factory floor.. [21:59] mathiaz: hehe thanks - I have 3 machines , one will be cloud & cluster controller and 2 will be ncs. [21:59] mathiaz: and the white paper was really helpful in ironing things out for me [21:59] mathiaz: but the most important thing is I have a supportive director [22:02] mathiaz: i tend to agree [22:03] mathiaz: but it's probably nice to not see a boot-time error [22:03] even though no cgroups are configured for the default installation [22:04] mathiaz: mv $(CURDIR)/debian/tmp/usr/lib/libnss_sss.so.2 $(CURDIR)/debian/tmp/lib/libnss_sss.so.2 [22:05] mathiaz: what's that doing? [22:05] mathiaz: moving it out of the way, i see [22:05] kirkland: nss libraries need to be in /lib rather than /usr/lib [22:05] kirkland: or at least that's where most of them are located [22:05] mathiaz: ah [22:06] mathiaz: fair enough [22:06] kirkland: yeah - I'm not sure about my first statement [22:06] kirkland: there may be a use case to have the nss libraries in the ramdisk? [22:06] mathiaz: perhaps required for boot somehow? [22:07] does anyone have a package example laying around where dh_installinit installs an initscript from outside the debian directory? [22:09] i couldn't seem to get it to work right, but maybe I was just tired [22:12] jbernard__: hm - dh_installinit only works from the debian/ directory [22:13] mathiaz: you could solve a couple of bashisms in the sssd initscript with /bin/kill [22:13] jbernard__: you could copy the init scripts from scripts/init.d/ to debian/libcgroup1.(name).init and then call dh_installinit --name [22:14] mathiaz: that would work too, but it would also mean upstream changes would require a manual sync [22:14] jbernard__: if you want, just send me a debdiff [22:15] Hello. I have some problems configuring amavis with postfix and dovecot with virtual domains and users. It doesn't scan/put any Headers in my mail. Anyone can help me? [22:15] kirkland: for the license updates and default configuratin? [22:15] mathiaz: your sssd package looks good to me [22:15] jbernard__: even if you copy the file from scripts/init.d/ *during* the build process? [22:15] mathiaz: oh, i hadn't thought of that [22:16] mathiaz: ill look into that, good idea [22:20] mathiaz: note that I didn't build it, since I didn't have the tarball [22:20] Hello. I have some problems configuring amavis with postfix and dovecot with virtual domains and users. It doesn't scan/put any Headers in my mail. Anyone can help me? [22:25] jbernard__: symlink in debian/ ? [22:25] kirkland: https://fedorahosted.org/released/sssd/sssd-0.5.0.tar.gz [22:25] kirkland: ^^ upstream tarbal [22:25] kirkland: ^^ upstream tarball [22:25] jbernard__: though unless it's a native package you'll probably have to make the symlink during the build, which isn't really much better than copying the file during the build [22:25] cjwatson: good grief, that'd be even awesomer [22:26] cjwatson: true [22:26] I don't think dpkg-source will preserve symlinks in any particularly sane way, yet [22:26] but at least i would have to override dh_installinit target [22:26] but actually i have to anyway to put the name in there [22:29] Hello. I have some problems configuring amavis. It doesn't scan/put any Headers in my mail. Anyone can help me? [22:30] !volunteers | anAngel [22:30] Sorry, I don't know anything about volunteers [22:30] !volunteer | anAngel [22:30] Sorry, I don't know anything about volunteer [22:31] !behavior | anAngel [22:31] anAngel: The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IrcGuidelines [22:45] does the absense of a license on a source file prevent a package from being included in the release? [22:46] I assume this has to be resolved before it can be uploaded? Or are there exceptions to this? [22:50] jbernard__: personally I think it's OK as long as the licence of the whole package is clear (if it's just "all these source files are licensed under ..." kind of thing). There are some differences among archive admins about this, I think [22:50] I tend to think of it as "would you be able to convince a court that there was any reasonable doubt about this licence?" [22:50] (indeed civil cases are on balance of probabilities so if it's that strong you're on pretty solid ground I feel) [22:51] Yes, it's just a few, 7 actually, but 5 of those are standalone test programs in /test [22:52] test files without explicit licences are really very common - is the licence of the whole package clear? [22:52] i would assume they just forgot to put a license on those, there does exist /COPYING which is LGPL and 85% of the source files have that license in the header [22:53] then I reckon it's ok [22:54] in that case, what would be the proper documentation in debian/copyright to reflect this? [22:54] or can you point me to a doc and/or example where this has been done [22:57] oh, nevermind, dh_make has a snippet at the bottom of the template that I can use [22:57] cjwatson: thanks for the input [23:06] cjwatson: I'm curious why you didn't use start-stop-daemon for this: http://bazaar.launchpad.net/~cjwatson/eucalyptus/installer/revision/457 ? [23:14] soren: maybe I should have done [23:14] I didn't think of it [23:15] (of course s-s-d renders it Debian-specific, but ...) [23:18] the kill stuff was extending something that was already there, though [23:18] cjwatson: Ah, right, the dhcp server stuff? [23:19] cjwatson: meh, not important. [23:19] cjwatson: Apart from that, I must admit I was hoping for something that wouldn't be installer specific. [23:19] http://paste.ubuntu.com/259535/ ? untested [23:20] not installer-specific for which bit? [23:20] we do need to have installer integration [23:21] hello, i am trying to install unbuntu server and it fails to load the CD driver, it is a standard IDE DVD/CD rom [23:21] cjwatson: re the patch> I was also thinking for the killing part. s-s-d implements the wait-for-a-bit-and-then-SIGKILL-it quite nicely. [23:22] it does, but I would have had to change other code [23:22] cjwatson: Oh, ok. [23:22] if that other code is updated to use start-stop-daemon, then I'd be happy to follow suit [23:22] it would certainly be cleaner [23:22] cjwatson: Ah, you mean the existing code from upstream? [23:23] I mean the stuff that kills the pid listed in /var/run/eucalyptus/eucalyptus-cc.pid [23:23] in debian/eucalyptus-cc.init, and likewise for the nc [23:23] Right, that's straight from upstream. [23:24] cjwatson: As for the installer specificness (specificity?), I just mean it'd be nice if you got roughly the same experience if you installed eucalyptus-nc on an existing system. [23:24] ZachMan: more often than not this turns out to be a kernel bug. To verify, try booting an Ubuntu live CD and see if it starts up successfully [23:24] soren: oh, right. so, one of the things I mentioned in my mail as being missing is some euca_conf integration to do the scanning on a running system as well [23:24] I don't see any reason euca_find_cluster couldn't be integrated into that [23:25] cjwatson where can i get the live cd? [23:25] ZachMan: http://releases.ubuntu.com/ [23:25] ZachMan: have you tried installing via usb stick? [23:25] pick your release, grab the desktop CD [23:25] cjwatson: Makes sense. [23:25] mushroomblue no [23:25] ZachMan: I only install by CDROM on systems that don't support usb boot. [23:25] I realise you probably don't want a desktop installation, but it's just to verify whether the CD detection problem lives in the kernel [23:26] soren: the libd-i dependency is a little ugly, although it would *work* on a regular system since libdebian-installer4 exists as a .deb - it wouldn't be upstreamable that way though. It ought to be replaced with some other hashtable implementation [23:26] how can i boot via usb stick [23:26] I was just in a tearing hurry and that was the first canned hash impl that came to hand [23:27] cjwatson: glib isn't anywhere in the dependency stack, is it? /me thinks not [23:27] ZachMan: sudo apt-get install usb-imagewriter [23:27] soren: no, I was quite careful about that [23:27] ZachMan: I think there's a windows utility to burn a .iso file to usb [23:32] cjwatson: I meant in Eucalyptus' existing dependency tree. It's not per se, but you'd be hard pressed to find a system that runs Eucalyptus that doesn't already have glib. :) [23:35] how hard is it to install ubuntu server? [23:39] soren: oh, right. or it's not like it actually needs a hash for all it does; walking a list would do fine. [23:39] TViYH: easy as pie [23:39] unless you're afraid of a console-based GUI and arrow keys. [23:40] you might have to press enter and tab occasionally, if that's a problem. :) [23:43] apparently, that was too much to bear. [23:44] quick question: are USNs issued for packages in universe? I think not, right? [23:52] ahasenack: USNs are issued for packages in universe. [23:54] mathiaz: hmm, my theory is off then [23:54] ahasenack: sorry about that. I didn't mean to ruin your whole life... [23:56] mathiaz: a guy just told me he saw apache2-mpm-itk in the hardy security repository but that it had no USN [23:56] ahasenack: right - that's probably because apache2-mpm-itk needs to be rebuilt every time apache2 is published [23:56] ahasenack: it's a special case [23:57] mathiaz: ok, so it's a dependency, and it doesn't come from the same source [23:57] ahasenack: yop.