[00:54] <Alysum> hello - how can I insert the date time in my shell along with user@host? thanks
[00:56] <crohakon> So, I have ubuntu server edition installed on a spare box just to use as a sandbox. I have it set up with LAMP. Everything seems to be working just fine except that after a while the box freezes. Can't SSH in, can't access the websites... turn on the monitor connected to it and the login prompt is frozen. Any ideas on what can fix this? I highly doubt it is an over heating issue as my basement is cold and the report it sho
[00:56] <crohakon> uld when I log in does not show dangerous heat levels.
[00:57] <crohakon> I should also add that the box ran just fine without these problems with fedora
[00:58] <bdmurray> jdstrand: should bug 403215 be reopened?
[01:00] <crohakon> Anyone?
[01:03] <vraa> anyone know of a good, friendly, multi-wan router? more for failover vs more bandwidth
[01:11] <smoser> kirkland, you uploaded ec2-init right?
[01:13] <mathiaz> smoser: I think so - https://launchpad.net/ubuntu/karmic/+queue?queue_state=1&queue_text=
[01:14] <mathiaz> smoser: It hasn't been accepted though
[01:14] <smoser> mathiaz, thanks i wasn't aware of this 'queue'.
[01:14] <mathiaz> smoser: https://launchpad.net/ubuntu/karmic/+queue
[01:15] <smoser> it has to be accepted by a release person ?
[01:15] <mathiaz> smoser: ^^ has the different types of queues
[01:15] <mathiaz> smoser: yes
[01:22] <crohakon> When I log into my server box it tells me I have x packages can be updated... how do I update them?
[01:42] <smackdaddy> i cannot figure out why i cant recieve mail on this server... i setup postfix and dovecot
[01:42] <smackdaddy> wont work
[01:44] <MTecknology> smackdaddy: error logs?
[01:45] <MTecknology> crohakon: sudo aptitude update && sudo aptitude full-upgrade
[01:45] <MTecknology> crohakon: you can use apt-get too
[01:46] <MTecknology> crohakon: or you can do "sudo aptitude" then the keys to update the same was are u U g g
[01:48] <smackdaddy> MT, how do i check those
[01:48] <MTecknology> smackdaddy: /var/log/
[01:50] <smackdaddy> mail.err is empty
[01:51] <MTecknology> how are you trying to send email to the local machine?
[01:53] <smackdaddy> from myyahoo account
[01:53] <smackdaddy> and gmail account
[01:55] <smackdaddy> im wondering if its ip hostname problem... idont know.. i used the ubuntu config website and followed all the steps.. did the test and it worked ..
[01:56] <smackdaddy> telnet IP 25
[01:56] <smackdaddy> all that
[01:56] <smackdaddy> worked'
[01:56] <MTecknology> you have it?
[01:56] <skuld> what web mail client would you all recommend?
[01:56] <MTecknology> make sure you have an MX record for the domain pointing at the server
[01:56] <MTecknology> skuld: I like claws-mail
[01:57] <skuld> is it easy to install for postfix/dovecot?
[01:57] <MTecknology> hm?
[01:57] <MTecknology> you mean mail server or mail client?
[01:58] <MTecknology> the mail client is independent from the server
[01:58] <skuld> I (think) I just got my dovecot and postfix email server working.  now I want to install a web based email reader on my server too
[01:58] <MTecknology> oh
[01:58] <MTecknology> webmail
[01:58] <MTecknology> try roundcube or quirrelmail
[01:58] <smackdaddy> that might be part ofmyproblem.. how should the mx record look
[01:58] <smackdaddy> i have...
[01:58] <smackdaddy>                 IN      MX      10 mail.example.com.
[01:58] <smackdaddy>                 IN      MX      10 mail2.example.com.
[01:58] <MTecknology> whast's the domain name?
[01:58] <smackdaddy> in the forward file
[01:59] <smackdaddy> cconnectx.com
[01:59] <Pairadimesitty> hey folks, feeling helpful today?  I've got my forum framed now by editing the forum php and css with my site info, and I'm linking to the forum page by having my homepage index.htm load it with php include
[01:59] <skuld> Pairadimesitty: hi!
[01:59] <crohakon> So, I have a website hosted by a webhosting company. Is there any benefit to upgrading my home account to a static IP and doing my own hosting?
[01:59] <smackdaddy> do i need a MX for just cconnectx.com with out the mail.*
[01:59] <Pairadimesitty> skuld: hi, thanks for before
[02:00] <MTecknology>  skuld aside from the two, there's some really high-end tools out there - but don't expect any ease of use...
[02:00] <crohakon> it would cost me about +$10 a month
[02:00] <MTecknology> or installation*
[02:00] <skuld> crohakon: the benefits are in learning a new hobby.... and for that extra $5.00 a month or whatever, you can charge others rent-space on your server...when you'r ready
[02:00] <Pairadimesitty> and there is a tiny bit of css linked to the home page that makes the home button highlight when I'm on that page and go back to normal when I click anything inside.  I love that.
[02:01] <skuld> MTecknology: I just need a basic email reader for the web
[02:01] <MTecknology> skuld: then you want one of those; my preference is roundcube since it's skinnable
[02:01] <MTecknology> they could both use heavy development
[02:01] <Pairadimesitty> my problem is that the forum doesn't request the cookie when I'm on the home page, so login and preferences dissapear there
[02:02] <Pairadimesitty> I have to click inside the forum for them to show up
[02:02] <skuld> Pairadimesitty: I thought of a possibility for your vertical...."framing" issue without using frames.  It *might* be possible to use a <div> tag, but I haven't worked with it a whole lot to know if it would work correctly...if at all
[02:02] <Pairadimesitty> wow, cool
[02:03] <skuld> Pairadimesitty: you're using smf, right?  you can just use <?php ssi_welcome; ?> (I think it is) and that will have your cookie info on your home page
[02:03] <crohakon> skuld; That was kind of my thoughts... once I get my sh*t down maybe offer cheap hosting to non-profits just to offset my internet costs.
[02:03] <skuld> MTecknology: cool, thanks.  I'll look into that
[02:03] <MTecknology> smackdaddy: your DNS looks fine - but I can't connect to your system - so it's probably localhost only
[02:03] <Pairadimesitty> just add that line to the default page?  that would rock if it was that easy, trying now
[02:04] <skuld> Pairadimesitty: You also need at the very top... <?php require ('forum/SSI.php'); ?> if I remember right, and assuming your forum is located in the 'forum' dir
[02:05] <Pairadimesitty> 'tis indeed
[02:06] <skuld> that should be all you need.  If the user is logged in, they will get the number of messages they have in PM, if not then a login dialog will show wherever you place that welcome code.
[02:06] <Pairadimesitty> both above the doctype?
[02:06] <skuld> there is an advanced option if you don't want to see the welcome text if logged in, you can use.... ssi_welcome('array')
[02:07] <skuld> you could try that...I usually work with PHP files only
[02:07] <skuld> brb
[02:11] <erichammond> kirkland: Any chance of getting "EC2" as one the primary options on your virtualization survey?  Folks using EC2 don't really think of themselves as using Xen.
[02:14] <jdstrand> bdmurray: I'm not sure-- I wanted feedback from someone
[02:18] <smackdaddy> MTecknology cantconnect on what port?
[02:18] <MTecknology> 25
[02:18] <crohakon> So, how can I install linux on a computer with no CD rom drive?
[02:18] <crohakon> also, no floppy
[02:18] <smackdaddy> yeah every time i try it says connecting to the wrong ip
[02:19] <MTecknology> smackdaddy: I tried with 24.155.117.48:25
[02:19] <MTecknology> smackdaddy: Can you connect to localhost:25 ?
[02:20] <Pairadimesitty> skuld: those seems to be calling something, but they throw up errors
[02:20] <smackdaddy> yes
[02:20] <smackdaddy> thats the correct public iptoo
[02:20] <smackdaddy> .48
[02:21] <MTecknology> it's likely smtp isn't listening for internal traffic
[02:22] <MTecknology> external*
[02:22] <smackdaddy> i cant send either
[02:22] <smackdaddy> tried emailing using user@IP
[02:22] <MTecknology> check firewall rules
[02:22] <smackdaddy> what config for smtp
[02:22] <MTecknology> if you have ufw enabled, etc
[02:23] <bdmurray> jdstrand: but if it is closed who will see it? ;-)
[02:23] <MTecknology> !info courier
[02:23] <MTecknology> !info dovecot
[02:23] <MTecknology> ubottu: -_-
[02:23] <MTecknology> OK
[02:23] <MTecknology> It'll be right around /etc/courier/
[02:24] <MTecknology> I don't have a mail server running to check
[02:24] <smackdaddy> no firewall
[02:24] <smackdaddy> its off
[02:24] <MTecknology> ufw?
[02:24] <smackdaddy> yea
[02:24] <MTecknology> any router?
[02:24] <smackdaddy> no
[02:25] <jdstrand> bdmurray: I figured that the subscribers would...
[02:25] <jdstrand> who seem to be kirkland and rtg iirc
[02:25] <MTecknology> smackdaddy: dpkg-recongigure postfix
[02:25] <smackdaddy> k
[02:26] <MTecknology> smackdaddy: that will let you specify who can connect
[02:26] <MTecknology> reboot tiem
[02:27] <bdmurray> jdstrand: I don't know I heard kirkland filters fix released e-mail ;-)
[02:27] <smackdaddy> after this reboot?
[02:27] <jdstrand> bdmurray: heh. maybe kirkland will notice how often we are saying kirkland
[02:27] <crohakon> Is there a command to check system temperature?
[02:27]  * jdstrand whispers bug #403215 into kirkland's ear
[02:27] <bdmurray> one can only hope
[02:28] <smackdaddy> acpi -V or something
[02:28] <smackdaddy> croh
[02:29] <smackdaddy> MTecknology> on the part where it asks for all my domains do i need the TLD only, or mail.domain.com
[02:30] <MTecknology> smackdaddy: I'd do localhost, domain.com, mail.domain.com
[02:30] <smackdaddy> ok thanks
[02:31] <smackdaddy> should i force synchronous updates onmail queue?
[02:31] <MTecknology> it's up to you
[02:31] <smackdaddy> if its slower...
[02:31] <smackdaddy> no
[02:32] <smackdaddy> lol
[02:32] <MTecknology> personally - leave the majority set to defaults
[02:32] <smackdaddy> k
[02:32] <crohakon> smackdaddy; thanks
[02:32] <smackdaddy> np
[02:33] <smackdaddy> on the specify network blocks screen, just my public ip is all i need right.'
[02:33] <smackdaddy> or the 127.0.0.1
[02:34]  * smackdaddy needs ubuntu for retards
[02:34] <smackdaddy> :(
[02:34] <MTecknology> whatever is default
[02:35] <smackdaddy> it erasedsince last time i didit
[02:35] <smackdaddy> damn
[02:36] <MTecknology> the only thing you really need to worry about is where you selected who can use it
[02:36] <skuld> I'm back
[02:36] <smackdaddy> ah
[02:36] <MTecknology> It pulls all the defaults from the config
[02:36] <MTecknology> the existing config*
[02:37] <smackdaddy> ok its done
[02:37] <smackdaddy> letme try it out..
[02:37] <MTecknology> restart the service
[02:38] <smackdaddy> done.
[02:40] <MTecknology> I still can't connect
[02:40] <smackdaddy> me either
[02:40] <MTecknology> sudo ufw status
[02:40] <smackdaddy> im looking in master.cf
[02:41] <smackdaddy> ok ufw stats just lists the commands
[02:41] <MTecknology> sudo ufw status
[02:41] <smackdaddy> i did that
[02:41] <smackdaddy> same
[02:42] <MTecknology> STATUS
[02:42] <MTecknology> U
[02:42] <MTecknology> not stats
[02:42] <smackdaddy> lol
[02:42] <smackdaddy> inactive
[02:42] <smackdaddy> sorry
[02:43] <MTecknology> pastebing ifconfig
[02:44] <smackdaddy> whats that url
[02:44] <MTecknology> !pastebin
[02:45] <MTecknology> there's a command I'm looking for - for the life of me I can't remember what it is
[02:46] <smackdaddy> pic
[02:46] <smackdaddy> ?
[02:46] <smackdaddy> http://paste.ubuntu.com/298723/
[02:47] <MTecknology> I'm scanning your system - just fyi
[02:47] <smackdaddy> np
[02:47] <MTecknology> every single port - I want to at least see one of them filtered
[02:48] <MTecknology> is this a static ip on the system?
[02:48] <MTecknology> or is it sitting inside your house?
[02:48] <smackdaddy> no, im moving to static next week
[02:48] <smackdaddy> just want to get everything working athome first
[02:48] <MTecknology> oh..........
[02:48] <MTecknology> drop the project until next week
[02:48] <MTecknology> port 25, 80, and others are blocked until you get that
[02:48] <smackdaddy> mail wont work on dhcp?
[02:49] <MTecknology> 99.999% of all ISP's block it
[02:49] <smackdaddy> ohmy web server ftp ssh works
[02:49] <MTecknology> port 80?
[02:49] <smackdaddy> ya
[02:49] <smackdaddy> apache2
[02:49] <smackdaddy> and vsftpd
[02:49] <smackdaddy> are working
[02:49] <MTecknology> ok - your isp doesn't do that then.. ok
[02:50] <MTecknology> there - 25/tcp filtered smtp
[02:50] <MTecknology> it's being blocked somewhere
[02:50] <MTecknology> your server, your isp, idk
[02:50] <smackdaddy> for my domain name, registered with netfirms.. i set a custom ns,  ns.cconnectx.com, and made a A record for it, and setup bind9 also on this box...
[02:50] <smackdaddy> dns is working great
[02:51] <smackdaddy> web
[02:51] <smackdaddy> just not mail
[02:51] <smackdaddy> its wierd
[02:51] <MTecknology> something is blocking it..
[02:51] <smackdaddy> could be
[02:51] <smackdaddy> ill assume its them til next week
[02:51] <MTecknology> can another system inside the same subnet as the server get into the server?
[02:52] <smackdaddy> yes
[02:52] <MTecknology> then it's something on the server
[02:52] <MTecknology> pastebin main.cf
[02:53] <smackdaddy> http://paste.ubuntu.com/298726/
[02:54] <MTecknology> home_mailbox = Maildir/
[02:55] <MTecknology> It's not standard, but I usually to .mail/
[02:55] <smackdaddy> for users hom dir
[02:55] <smackdaddy> ?
[02:56] <smackdaddy> mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0/24
[02:56] <smackdaddy> that part should have a public ip too?
[02:57] <MTecknology> that .mail/ keeps it hidden from the user which seems to help against accidental deletion
[02:59] <MTecknology> smackdaddy: This is beyond what I have the time to debug for you..
[02:59] <MTecknology> smackdaddy: try in #postfix
[03:00] <MTecknology> Sorry I can't help you more
[03:00] <MTecknology> I gotta run
[03:00] <smackdaddy> no problem,thanks  alot
[03:18] <kirkland> erichammond: hmm, ec2 made it on there in a few places....  we can't very well change it now that some people have answered the survey.  but nijaba will be conducting a much more comprehensive survey soon.  he can take that feedback into account
[03:19] <kirkland> smoser: yes, i did upload it.  it's waiting for approval from the release team to be "accepted"
[03:19] <smoser> right. discussion of that in #ubuntu-release
[03:20] <kirkland> jdstrand: bdmurray: that's fix-released
[03:20] <kirkland> jdstrand: bdmurray: are you still having trouble with virtio?
[03:20] <kirkland> jdstrand: bdmurray: i'm using virtio across the board in karmic; very solid
[03:29] <Pairadimesitty> skuld:I gave up and switch to a redirect
[03:32] <skuld> Pairadimesitty: what? LOL
[03:34] <Pairadimesitty> sorry, I mean this <meta HTTP-EQUIV="REFRESH" content="0; url=http://epicdatanet.co.cc/forum/">
[03:35] <Pairadimesitty> it lacks the handy home button alternate hilighting, and it's lazy, but I'm dumb so it'll have to do
[03:35] <skuld> ah.  give it some time, you'll figure it out. :)  I know what you want can be done
[03:36] <Pairadimesitty> the advice you gave only spat out errors, it seemed to reference things from the wrong paths or something
[03:37] <Pairadimesitty> though it was definately the right thing to do, I'm just missing something important
[03:38] <skuld> I don't have my php pages in front of me so I had to guess from memory
[03:38] <Pairadimesitty> how's your situation coming?
[03:39] <skuld> ugh!
[03:39] <Pairadimesitty> sounds lovely
[03:39] <Pairadimesitty> need a Reese's Cup?
[03:40] <skuld> why can't people who build email packages just set up by default to do the thing that people setting up the email servers want to do:  send email from authenticated users on the server to anybody else inthe world?
[03:40] <skuld> I think I need a bag of those Dark Chocolate ones LOL
[03:41] <Pairadimesitty> I don't have any dark, sorry, I do have some Ghirardelli white chocolates with vanilla specks.
[03:42] <skuld> oooou  :)
[03:42] <Pairadimesitty> just call me a romantic guy...
[03:42] <Pairadimesitty> it sounds better than glutton
[03:44] <Pairadimesitty> oh, I was changing the button hilight color of all the buttons and links in my forum theme from blue to my site's red shade, and I missed the bored navigation line
[04:35] <jdstrand> kirkland: yeah, we know it is fix released. I added a comment to it today because the default install failed for me today and it looked similar to that (see my last comment)
[05:41] <crohakon> What is cpanel?
[05:41] <twb> cpanel is basically a manage your (virtual?) server via a web UI.
[05:42] <twb> http://en.wikipedia.org/wiki/cPanel
[05:42] <crohakon> thanks
[05:42] <twb> e.g. "I can't fix that because I don't have ssh access, only cpanel"
[05:43] <crohakon> I see it is not free..
[05:43] <twb> Correct; it is a proprietary product.
[05:44] <crohakon> I am just looking for something to play around with so as to help me expand my knowledge. Not willing to pay for the education at the moment. =) broke.
[05:44] <crohakon> Know of an alternative?
[05:44] <twb> !RUTE
[05:45] <twb> RUTE, and perhaps the Ubuntu admin guide, are the best resources I know of for learning more about Unix system administration in general.
[05:46] <crohakon> oh, no, I mean I am trying to learn how to set it up so I can host for others. Mostly friends and non-profits. But, still, just to learn how to do it.
[05:46] <twb> Web management isn't so much training wheels as it is a black box -- you do something via the UI and have no idea what is really happening under the hood.
[05:46] <twb> crohakon: you want to learn how to set up cpanel?
[05:46] <crohakon> Correct.
[05:46] <crohakon> OR something like it.
[05:47] <twb> We generally discourage web-based system administration here.
[05:47] <twb> FSVO here = in this channel.
[05:47] <crohakon> FSVO?
[05:47] <twb> Some FOSS solutions include ebox (which is supported for Ubuntu server) and webmin (which is definitely NOT supported).
[05:48] <twb> FSVO = For Some Value(s) Of
[05:48] <twb> Personally I have been extremely unimpressed with webmin and (what little I've seen of) ebox.
[05:49] <crohakon> Well, like I said, I only ask because I want to learn how to set the stuff up. Just to learn without having to fork out a lot of money to do so.
[05:49] <twb> I suppose you could steal a copy.
[05:50] <twb> Maybe cpanel also provides gratis temporary licenses.
[05:50] <crohakon> I suppose I could, but I try to remain as legal as possible.
[05:50] <twb> You could talk to the cpanel people about that.
[05:50] <crohakon> there is a 15 day test license for free.
[05:50] <crohakon> Anyway, it is bed time for me. Goodnight
[05:50] <crohakon> Thanks for the help.
[05:56] <MTecknology> holy crap - it was like at first the kernel .config was like 4,760 lines, and now it's like 2,576
[05:57] <MTecknology> and at first it was all like 3.8MB and now it's all like duuude (1.7MB)
[05:58] <MTecknology> then I wuz just like OMG! n like, omg we gotsta like make it smaller and like, ya no wut i meen?
[05:58] <twb> MTecknology: plonk
[06:00] <MTecknology> twb: :)
[06:00] <MTecknology> twb: I was confused. I couldn't figure out why you were in this channel... then I noticed what channel I'm in...
[06:02] <smackdaddy> how can i setup webmail for my server with postfix
[06:02] <MTecknology> smackdaddy: squirrelmail and roundcube are pretty common
[06:04] <smackdaddy> what 1 would you say is more userfriendly
[06:05] <MTecknology> personally, roundcube can be skinned easily enough - but squirrelmail is more expandable
[06:05] <MTecknology> personally I use google apps and use claws-mail - try them both and see what you like best
[06:06] <smackdaddy> ok cool
[06:07] <smackdaddy> during install i selected use landscape conicle.. do you know how to change that back to automatic update
[06:07] <MTecknology> not offhand
[06:07] <smackdaddy> ahcus it charges for landscape
[06:07] <smackdaddy> heh
[06:09] <syncrondi> Has anyone here installed OpenVZ on Jaunty?
[06:14] <syncrondi> Or any other nice alternative to jails
[06:16] <twb> I have used OpenVZ on Hardy.
[06:17] <twb> Someone else did the install, though.
[06:31] <syncrondi> twb: I understand it's a bit of a bear?
[06:32] <twb> OpenVZ blows.
[06:32] <syncrondi> Bad?
[06:32] <twb> I would not recommend it to anyone who can run KVM on 10.04
[06:32] <twb> OpenVZ is primarily useful if you need a very large number of VMs (like, hundreds or thousands), and you have no hardware virtualization support in your CPU.
[06:33] <syncrondi> I don't have physical access to my server at the moment
[06:33] <syncrondi> So a lower-level type of virtualization is out of the question
[06:34] <syncrondi> And I just need a couple VMs
[06:35] <twb> Running VMs in a VM is not going to work well
[06:36] <twb> If by "physical access" you actually mean the ability to pick up the box in your hands -- you don't need that for hardware virtualization.
[06:36] <syncrondi> eh? Well, I don't need full virtualization.. just something like solaris zones
[06:37] <syncrondi> for me, all I have is ssh
[06:37] <twb> Well, I guess you might need physical access to turn on VT-x in the BIOS.
[06:37] <twb> syncrondi: even if you don't NEED full virtualizaton, I would still recommend KVM over OpenVZ.
[06:39] <twb> IME it's more reliable, and it allows you for flexibility (e.g. "now I need unionfs support" or "now I need a RHEL VM") later.
[06:39] <syncrondi> Does it require a fresh install?
[06:40] <twb> Does what require a fresh install?
[06:40] <syncrondi> KVM
[06:52] <twb> No, it's built into the kernel.
[06:53] <twb> Also, openvz receives no support from Ubuntu, whereas kvm got 18mo (hardy) and lessee...
[06:55] <Boohbah> we've run VZ since 2006
[06:59] <twb> Bleh, maintenance-check is taking WAY to long to fetch the jaunty seeds
[07:04] <twb> Hmm, it's also 18mo in Jaunty.
[07:04] <twb> This is not good!
[07:04] <twb> Oh, that's because jaunty isn't an LTS.
[07:04] <twb> Presumably the next LTS will have kvm in main, and thus will get 5y support.
[07:13] <poningru> twb, question re: openvz
[07:13] <poningru> does it really support arm?
[07:13] <twb> I don't know.
[07:13] <twb> OpenVZ is a bunch of patches to the Linux kernel, so in theory it should be architecture-independent.
[07:13] <twb> Of course, the guest OS would also have to be supported on that CPU.
[07:14] <twb> So you couldn't have an ARM gaol on an x86-64 server, but you could have ARM gaols on an ARM server.
[07:14] <poningru> ah ic
[07:14] <syncrondi> twb:  so you need to access the bios for sure during install of KVM?
[07:14] <twb> syncrondi: it's common for VT-x to be disabled by default in the BIOS.
[07:15] <poningru> syncrondi, well if its already turned on then no
[07:15] <poningru> syncrondi, check /proc/cpuinfo
[07:15] <syncrondi> I see. Thanks twb
[07:15] <twb> poningru: of course, any time the guest architecture isn't native, you lose any VT benefits.
[07:15] <poningru> twb, right
[07:15] <twb> i.e. you HAVE to do full userspace virtualization.
[07:15] <poningru> syncrondi, egrep '(vmx|svm)' --color=always /proc/cpuinfo
[07:15] <twb> The () are unnecessary
[07:16] <mneptok> such kernel patches usually require virtualization extensions in the CPU. AFAIK, ARM doesn't have such things.
[07:16] <twb> mneptok: OpenVZ doesn't use hardware virtualization at all.
[07:16] <mneptok> twb: ewwww ...
[07:16] <syncrondi> poningru: that doesn't return anything, I'm afraid.
[07:16] <mneptok> now i know why i never palyed with it :)
[07:16] <twb> mneptok: OpenVZ is an extension of the chroot approach to include /proc and network segmentation.  ALL code runs natively.
[07:16] <poningru> syncrondi, yeah its turned off then or your cpu doesnt have it
[07:17] <poningru> what cpu do you have?
[07:17] <twb> You also cannot have a different kernel inside an OpenVZ gaol.
[07:17] <syncrondi> poningru: dual p4 2.8
[07:18] <twb> Also, OpenVZ has poor support for e.g. NFS and completely hangs the entire machine when you try to use either unionfs or aufs.
[07:18] <poningru> syncrondi, depending on the gen it probably has vt
[07:19] <poningru> err I mean doesnt have vt
[07:19] <twb> If all you're gonna run in your gaol is a different version of Apache and PHP and MySQL, then OpenVZ is probably not so bad.
[07:19] <smoser> bug 451881
[07:20] <syncrondi> twb: that's basically all. I just wanted to separate a new development environment from existing.
[07:20] <twb> syncrondi: given that you lack VT support in your CPU, OpenVZ becomes a more reasonable choice.
[07:20] <syncrondi> but I've been working with another server that's running a jail for the same situation and weird errors come up at times
[07:20] <twb> syncrondi: however you may prefer to look into pbuilder
[07:21] <twb> syncrondi: if you're just doing DEVELOPMENT
[07:21] <syncrondi> development that could move into production
[07:22] <poningru> syncrondi, also virtual box if you have X on it
[07:22] <poningru> not sure if virtual box requires X
[07:22] <syncrondi> Yeah, no X
[07:22] <twb> AFAICT virtualbox is ill-suited for server gaols.
[07:22] <poningru> http://www.howtoforge.com/vboxheadless-running-virtual-machines-with-virtualbox-2.0-on-a-headless-ubuntu-8.04-server
[07:23] <twb> It's really intended for jackasses who want to run IE or something on their ridiculously over-specced personal laptop
[07:23] <syncrondi> twb: I tried it on my windows and also on an OpenSolaris install and it seems a lot like VMwarez
[07:23] <twb> syncrondi: yeah, VMware falls into the same category.
[07:23] <Boohbah> if you want a virtualized web server, openvz or xen
[07:23] <twb> You could sum up my gripes with virtualbox as "it tries to be like vmware"
[07:23] <Boohbah> xen with swap is good (required) for java
[07:23] <poningru> http://www.bgevolution.com/blog/virtualbox-headless-mode/
[07:23] <syncrondi> twb: haha, yeah, for sure.
[07:24] <twb> Xen is also a good choice compared to OpenVZ, if all you need are gaols.
[07:24] <Boohbah> poningru: i didn't know virtualbox could run without X, thanks!
[07:24] <poningru> :)
[07:24] <Boohbah> twb: what is this 'gaol' you speak of?
[07:24] <twb> Boohbah: IIRC the trick is to put it in an xvfb, which is pretty fugly
[07:24] <syncrondi> A coworker was showing me solaris containers and I was pretty impressed with that
[07:24] <twb> Boohbah: "jail" is a neological spelling of "gaol".
[07:25] <Boohbah> or rather "gaol" is archaic "jail" :)
[07:25] <Boohbah> i see
[07:25] <Boohbah> Norman-derived gaol (preferred in Britain)
[07:25] <twb> It's not archaic.
[07:26] <Boohbah> it's just preferred in Britain?
[07:26] <twb> It's "English" as opposed to "American" :-P
[07:26] <twb> Boohbah: and everywhere else in the commonwealth.
[07:26] <Boohbah> rubbish colour armour boot bonnet aluminium
[07:27] <twb> Good gods, how do Americans say "bonnet"?
[07:27] <poningru> in India we used to call the boot/trunk dickie
[07:27] <twb> "Headscarf" or something?
[07:27] <poningru> twb, hood
[07:27] <twb> Oh, you mean of an auto.
[07:27] <poningru> hehe yeah
[07:28] <poningru> its funny my gf is from scotland and she taught me that in gb/uk (depending on who you ask) the queens english is considered proper
[07:28] <poningru> while here in the US there is no 'proper' english
[07:28] <poningru> how you speak is proper for you
[07:28] <twb> It depends if you're a language instructor, or a linguist.
[07:29] <twb> Language instruction is prescriptive; linguistics is descriptive.
[07:29] <poningru> granted exceptions do popup for the neds/hicks
[07:30]  * poningru gives twb a glassgow kiss
[07:30] <poningru> nn guys
[07:30] <Boohbah> i almost forgot this wasn't #defocus
[07:30] <Boohbah> poningru: good night
[07:31] <syncrondi> I'm out too.. thanks for the advice
[07:34] <poi77> Hi! I am running Ubuntu w/ sw raid. I run mdadm to check status. At the end of output there is    " Number   Major   Minor   RaidDevice State" and then my RAID devices. What does this data mean?
[07:36] <Boohbah> poi77: http://linux.die.net/man/8/mdadm
[07:37] <poi77> Boohbah: thanks, I am wondering whether the "major" "minor" values have any significance and if they indicate errors?
[07:39] <twb> poi77: run "cat /proc/mdstat" to check status
[07:40] <twb> major and minor ar ethe block numbers.
[07:40] <poi77> twb: thanks, [2/2] would mean normal, right?
[07:40] <twb> see e.g. the mknod(8) manpage
[07:40] <twb> It's not a quality status
[07:41] <twb> it's a name, like "sdd2" means "fourth SCSI disk, second slice"
[07:41] <twb> A major and minor number of "2, 7" means "I'm the seventh component of the second device"
[07:42] <poi77> twb: many thanks for your explanations!
[07:51]  * soren breaks
[07:58] <smoser> mathiaz, its bad... hacky, but heres what i have right now
[07:58] <smoser> http://paste.ubuntu.com/298860/
[07:58] <smoser> am running that with input: x86_64 us-east-1 ami-7132d118
[07:59] <mathiaz> smoser: yop - seems good to me
[07:59] <smoser> it actually worked!
[08:00] <smoser> fired off a bunch of instances, then waited, then sshed to each of them
[08:00] <smoser> :)
[08:00] <mathiaz> smoser: ec2-describe-images doesn't have the proper information to infer the availability zone from the output
[08:00] <mathiaz> smoser: as well as the list of types
[08:00] <mathiaz> smoser: I think we can infer everything from the name of the bucket/image
[08:00] <mathiaz> smoser: the bucket as the -us/-eu -> region
[08:01] <mathiaz> smoser: the image name has amd64/i386 -> type list
[08:01] <mathiaz> smoser: the best call would be: test-ec2.sh ami-7132d118
[08:02] <smoser> you can't get bucket/path without knowing region
[08:02] <smoser> other than by trying both
[08:02] <smoser> which would in all likelyhood be sufficient
[08:02] <mathiaz> smoser: oh - you're right
[08:02] <mathiaz> smoser: you need to set the region
[08:03] <smoser> but arch isn't needed.
[08:03] <mathiaz> smoser: well - you could use ec2-describe-region
[08:03] <mathiaz> smoser: ec2-describe-regions
[08:03] <smoser> mathiaz, right, you could use that to get a list and then look in each for that id
[08:03] <mathiaz> smoser: and then try to find which one has the ami ;)
[08:03] <smoser> unlikely, but possible that an id existed in multiple regions
[08:03] <smoser> yeah. it would be good enough
[08:04] <mathiaz> smoser: that's true - but the ami path would be completly different
[08:04] <smoser> those tests you wrote probably cost a couple bucks per region to run
[08:04] <mathiaz> smoser: it would probably not match the bucket name
[08:04] <smoser> the bucket names are different. manifest name is the same. (ie, basename)
[08:05] <smoser> anyway...
[08:05] <smoser> i think i'm going to go to sleep now
[08:05] <mathiaz> smoser: yeah - we can discuss improvments at UDS :)
[08:06] <smoser> oh. the goal is nightly automated tests with logs
[08:06] <smoser> its all doable.
[08:06]  * mathiaz nods
[08:06] <smoser> i've just spent the time doing the publishing portion of it all
[08:06] <smoser> if you dont have a build out there, you can't test it :)
[08:07] <mathiaz> smoser: yop - one step at a time
[08:07] <smoser> i will say that at 3:00 am eastern, us-east-1 performs fairly well
[08:07] <smoser> started 17 hosts in like < 50 seconds
[08:08] <smoser> anyway, good night.
[08:54] <dru_> can someon point me to the quick low down "drop all iptables"
[08:54] <dru_> please
[08:54] <dru_> :)
[08:54] <twb> dru_: what about it?
[08:55] <dru_> iptables must die
[08:55] <th0mz> the song is invaders must die
[08:55] <dru_> i need to basicly disable all tables for a test on our local network
[08:55] <cemc> dru_: you could try to remove all modules
[08:55] <th0mz> -F
[08:55] <th0mz> if you need to clean
[08:56] <cemc> dru_: lsmod, then rmmod everything iptables-related
[08:56] <soren> dru_: for chain in INPUT OUTPUT FORWARD; do sudo iptables -P $chain ACCEPT ; done ; sudo iptables -F ; sudo iptables -X
[09:01] <dru_> can I just "/etc/init.d/iptables stop" ?
[09:02] <soren> No.
[09:02] <soren> dru_: for chain in INPUT OUTPUT FORWARD; do sudo iptables -P $chain ACCEPT ; done ; sudo iptables -F ; sudo iptables -X
[09:02] <soren> dru_: That's it.
[09:03] <dru_> bash: syntax error near unexpected token `done'
[09:03] <twb> You should not use iptables(8), because it is not atomic.
[09:03] <twb> Always use iptables-restore and iptables-save.
[09:04] <soren> I don't see how atomicity is really important in this case?
[09:04] <twb> soren: suppose you have a script in /etc/network/if-pre-up.d/00firewall that runs a dozen iptables rules
[09:04] <soren> dru_: Are you sure you copy/pasted it correctly?
[09:04] <soren> twb: I don't. I'm clearing all rules.
[09:04] <soren> twb: That's it.
[09:04] <twb> soren: admittedly, it probably doesn't matter in THIS case, but it is a good habit to encourage.
[09:05] <soren> twb: "in this case" being the operative part of my question.
[09:05] <soren> twb: I'm just arguing against your "never", which seems quite out of place here.
[09:05] <twb> soren: well, you could conceivably have another sysadmin logged into the box
[09:05] <dru_> guys guys...
[09:05] <twb> It's just very very unlikely that you'd hit that race condition :-)
[09:06] <soren> dru_: That command line works for me. You mistyped, or miscopy/mispasted.
[09:07] <twb> It would also mean that you couldn't accidentally set the default policy to ACCEPT, and then make a typo after your loop, such that you had all the rules still in there.  Given that you're trying to flush all the rules, that's also unlikely (but not strictly impossible) to be an issue.
[09:07] <dru_> really I dont want to change any of the tables...I just need to diable them for a test as to why my centreon server isnt able to "catch snmp commands for client hosts
[09:07] <twb> dru_: you cannot "disable" the iptables in the kernel without modifying them.
[09:07] <twb> dru_: if you want to restore them later, dump them to a file first using iptables-save.
[09:08] <soren> twb: How would you create the input file for iptables-restore?
[09:08] <twb> soren: with a text editor?
[09:08] <soren> From scratch?
[09:08] <twb> Sure.
[09:08] <soren> I don't even thing the format is documented anywhere.
[09:09] <twb> It's not, but it's easy to run "iptables-save" and see what you get.
[09:09] <soren> twb: But that would require you to use the dangerous, never-use-it iptables command directly first.
[09:09] <twb> I mean, you can still using iptables(8) directly on a machine that's not *in production*.
[09:09] <twb> soren: yep -- because some other idiot used iptables(8) directly before you got there.
[09:09] <dru_> soren: im running root so :"iptables -P $chain ACCEPT ; done ; iptables -F ; iptables -X" was the used syntax . and  "bash: syntax error near unexpected token `done'"
[09:10] <dru_> was the return
[09:10] <dru_> ..
[09:10] <twb> dru_: you have omitted the start of the for loop.
[09:10] <cemc> dru_: you forgot the for chain in... part
[09:10] <soren> dru_: ...
[09:10] <soren> 08:02:31 < soren> dru_: for chain in INPUT OUTPUT FORWARD; do sudo iptables -P $chain ACCEPT ; done ; sudo iptables -F ;  sudo iptables -X
[09:10] <twb> Hmm, does -F only apply to a single table (i.e. -t filter)?
[09:10] <soren> twb: Well, /someone/ has to prime the it so that you can see what the format looks like.
[09:10] <cemc> dru_: the command begins at 'for' :)
[09:11] <soren> twb: I believe so.
[09:11] <twb> You ought to flush any other tables that are in use, too.
[09:11] <dru_> thanks soren, that semed to have worked
[09:12] <soren> twb: You're right. I was typing just that when you started your "never use iptables, always use iptables-{restore,save}" rant. and I got sidetracked :)
[09:12] <soren> So really, it ought to be:
[09:13] <twb> soren: granting that there are exceptions to the "rule of thumb" that I stated as an absolute, *I* would still use iptables-restore to flush tables.
[09:13] <soren> for table in filter nat mangle; do for chain in INPUT OUTPUT FORWARD; do sudo iptables -P $chain ACCEPT ; done ; sudo iptables -F -t table;  sudo iptables -X -t $table ;done
[09:13] <twb> soren: that code will create empty nat and mangle tables if they were previously unused.
[09:13] <soren> I might actually use iptables-apply instead, actually.
[09:14] <twb> Which doesn't really matter, it just makes iptables-save output a bit verbose
[09:14] <twb> Also, you missed the raw table
[09:14] <cemc> and loads some extra modules
[09:14] <twb> cemc: yeah, that's what I meant
[09:15] <soren> The dude wanted his iptables cleared. I'm not going to sit here writing a 100 line shell script to make sure all that shit is taken care of so that he doesn't load an extra module or so.
[09:15] <soren> :p
[09:15] <cemc> ;)
[09:15] <twb> "Run iptables-save, change the policy of all : lines to ACCEPT, comment out all -A lines, and then pipe it into iptables-restore"
[09:16] <twb> ...apart from the user changes, where the policy is and stays "-".
[09:16] <soren> twb: He managed to miscopy/mispaste a perfectly good command line. I think asking him to mangle a text file like that may be asking for more trouble.
[09:16] <cemc> twb: to that the response would probably be: "huh??" :)
[09:16] <twb> cemc: shrug.
[09:16] <cemc> ;)
[09:17] <Sorell> hey guys, is ssh turned off by default?
[09:18] <twb> Sorell: ssh is not installed by default.
[09:18] <Sorell> oh
[09:18] <twb> Sorell: if openssh-server is installed, it will start by default and accept connections from anywhere, to any user, by default.
[09:18] <twb> IMO this is a horrible default behaviour, but what can you do?
[09:18] <twb> I *think* dropbear is also "on by default" after you install it.
[09:19] <Sorell> idk that one.
[09:19] <twb> dropbear is just another sshd/ssh implementation
[09:20] <twb> Hm, is iproute installed by default?  If so, when was it first installed by default (on ubuntu-server, not desktops).
[09:24] <Sorell> no idea
[09:25] <Sorell> hey twb, can you try something for me?
[09:25] <dru_> hey...please stop useing me as a subject of conflict
[09:25] <dru_> thanks
[09:26] <Sorell> I'm setting up a Eucalyptus server
[09:26] <Sorell> can you tell me if you can see it?
[09:26] <Sorell> https://myuniversitycenter.com:8443/
[09:28] <twb> SSL error: error:00000000:lib(0):func(0):reason(0)
[09:28] <twb> Sorell: you're using a crypto function that is blacklisted now
[09:28] <Sorell> :/
[09:28] <twb> (IIRC what that error really means)
[09:28] <twb> 3-DES or whatever
[09:29] <twb> Lemme see if I can find a server that doesn't track security.d.o nor hardy-security
[09:29] <Sorell> any quick way to turn it off?
[09:29] <Sorell> I just got the DL of 9.10 server installed.
[09:29] <twb> Turn what off?
[09:30] <twb> You can't un-blacklist a crypto function without recompiling libopenssl/libgnutls
[09:30] <Sorell> :(
[09:31] <Sorell> not something I would want to do right now.
[09:31] <twb> On a Fedora Core 3 machine, neither lynx nor curl will connect at all.
[09:31] <Sorell> I'm having issues with firefox / konquor too
[09:31] <twb> Sorell: you shouldn't be using that crypto method in the first place!  If you're gonna futz it, you should be futzing eucalyptus to use a modern crypto algo.
[09:32] <Sorell> but only if I'm not on the LAN
[09:32] <twb> Sorell: no, anywhere.
[09:32] <Sorell> I just used the standard install.
[09:32] <twb> "It's OK, I'm behind a firewall" really means "I am only protected by one layer of security"
[09:32] <twb> Sorell: report a bug against eucalyptus, then
[09:33] <Sorell> okay
[09:33] <twb> Sorell: note: this assumes I'm diagnosing the problem correctly.
[09:33] <soren> twb: Since day 1: http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/platform.karmic/revision/1
[09:33] <Sorell> I'm going to try to ask on ubuntu-cloud
[09:34] <twb> soren: day 1 = karmic?
[09:34] <soren> twb: Warty.
[09:34] <twb> Oh, I see, that's just the branch name
[09:34] <twb> soren: OK, thanks.
[09:34] <soren> 2004-11-02 17:11:15
[09:34] <soren> "import warty seeds from the Ubuntu wiki"
[09:34] <twb> Yeah, I was just looking at the URI initially ;-)
[09:35] <soren> :)
[09:37] <Sorell> I'm confused, is this the bug list?
[09:37] <soren> "this"?
[09:37] <Sorell> the link you posted
[09:37] <twb> Sorell: he's in another thread
[09:37] <twb> IRC doesn't thread well
[09:37] <Sorell> okay
[09:38] <soren> Sorell: Bug list? No, it's the list of packages that got installed in the very first Ubuntu release 5 years ago.
[09:38] <twb> 19:20 <twb> Hm, is iproute installed by default?  If so, when was it first installed by default (on ubuntu-server, not desktops).
[09:38] <soren> twb: Sorry, then I lied, actually. Ubuntu server did not exist until Breezy.
[09:38] <soren> iirc.
[09:39] <twb> Yeah, I nearly asked that :-()
[09:39] <twb> * :-)
[09:39] <twb> Fat-fingered oaf that I am...
[10:41] <mdz> ttx, good morning
[10:42] <mdz> ttx, do you know what was resolved with regard to the EC2 images and bug 451881?  I know that Scott uploaded the fix but do not know if there was a respin
[10:43] <mdz> ttx, I checked http://uec-images.ubuntu.com/karmic/current/karmic-uec-i386.manifest and confirmed that the fix is there
[10:43] <mdz> (20091022)
[10:43] <mdz> is 20091022 the build we are releasing for RC?
[10:44] <mdz> ttx, ah, ok, I was able to cross-reference the build number with the AMI ID (which is in the ISO tracker) and confirm
[10:44] <mdz> the fix is in RC
[10:46] <ttx> yes
[10:46] <ttx> mdz: I verified it
[10:46] <ttx> (on UEC images)
[10:47] <ttx> mdz: updated https://wiki.ubuntu.com/ServerTeam/ReleaseStatus with current status
[10:47] <mdz> ttx, thank you
[10:47] <ttx> mdz: mathiaz found bug 457866 -- I think this needs to be fixed for release
[10:47] <ttx> as it has security implications
[10:47] <ttx> "Security disabled for universe in UEC/EC2 images apt/sources.list"
[10:48] <ttx> mdz: we didn't get much feedback on the recent bugs filed against eucalyptus, in particular the one nurmi said he would look into
[10:48] <mdz> ttx, argh
[10:49] <mdz> ttx, can we not fix 457866 for RC?
[10:49] <mdz> the idea of RC is that we have no known blockers for release :-)
[10:49] <ttx> mdz: I wouldn't try without smoser
[10:50] <ttx> mdz: but that might still be doable
[10:50] <ttx> since testing is relatively fast
[10:50] <ttx> and the fix should be relatively harmless
[10:51] <ttx> mdz: -> #ubuntu-release ?
[10:57] <tramsei_> anyone available to help me wiuth ubuntu and dhcp
[11:07] <ttx> soren: what's the status for bug 410886 ? It's our only remaining release-targeted bug.
[11:08] <soren> ttx: I just need to upload a new VMBuilder snapshot.
[11:08] <soren> ttx: Is it right-now urgent?
[11:09] <ttx> soren: not sure, asking in #ubuntu-release
[11:14] <ghh> i cant login to vsftp server keeps denying access, anybody know whats stopping me?
[11:37]  * soren lunches
[12:42] <nijaba> kirkland: good morning :)
[13:03] <ttx> kirkland: tested cloud power features this morning. Goes to sleep ok but I can't seem to be able to wake it up. WakeonLan enabled in BIOS and showing up on ethtool (WakeOn g), but wakeonlan or powerwake fail.
[13:03] <ttx> probably some hw issue on that Dell
[13:47] <smoser> soren, i agree that vmbuilder on nectarine should be pulling from something non-trunk
[13:49] <soren> smoser: Yeah. I didn't want to make the change, as I wasn't sure if it was referenced anywhere else (I at least saw the README, that had the url in it).
[13:50] <smoser> rather than an 0.11 branch, i'd just as soon create a "karmic-stable" branch
[13:51] <smoser> explicitly named for this
[13:54] <kirkland> ttx: can you wake-on-lan that machine independent of eucalyptus/powernap/powerwake?
[13:55] <ttx> kirkland: no
[13:59] <kirkland> ttx: hrm, well, that stinks...  have you googled for info about that hardware and wakeonlan?
[13:59] <kirkland> ttx: there are some quirks, sometimes ....
[13:59] <ttx> kirkland: I wonder if my green switch is playing tricks
[13:59] <ttx> kirkland: I'll have to troubleshoot that sometime in the future
[13:59] <kirkland> ttx: d-link green switch?  I have the same one...
[14:02] <smoser> green as in "consume less power" ?
[14:03] <smoser> it would be somewhat funny if a switch marketed as green had problems with wake on lan.
[14:03] <smoser> ttx, so what are we doing with bug 457866
[14:04] <smoser> oh good, you're back ubottu
[14:04] <smoser> oops. uvirtbot
[14:04] <ghostlines> I'm trying to umount a volume, but I can't because it's in use, I stopped all processes from using it except the mount process
[14:04] <ghostlines> will killing the  mount process be risky?
[14:04] <ghostlines> don't want to risk losing any files
[14:04] <ttx> smoser: fix it post-beta
[14:05] <ttx> post-RC I mean
[14:05] <ttx> smoser: see slangasek decision on #ubuntu-release
[14:05] <smoser> right
[14:05] <smoser> so it should be targetted somewhere ?
[14:06] <ttx> smoser: it's not critical, so no
[14:06] <ttx> smoser: just "very good to fix"
[14:06] <ttx> so, nominated for karmic
[14:06] <smoser> ok. well, theres a patch attached for it.
[14:06] <smoser> we're expecting then that we want that in like tomorrow or saturday ?
[14:07] <smoser> or like karmic-updates
[14:09] <ttx> like tomorrow
[14:09] <ttx> so that dailies can be validated asap
[14:12] <ttx> kirkland: I did a pass on the doc, looks good. Fixed a few pointers in moreInfo (was mentioning old /etc/init.d things)
[14:13] <kirkland> ttx: excellent!
[14:13] <kirkland> ttx: https://help.ubuntu.com/community/KVM/VirtManager
[14:13] <kirkland> ttx: i did that yesterday
[14:13] <kirkland> ttx: i was going to do something similar for virsh
[14:13] <ttx> kirkland: looking at PackageInstall now
[14:13] <kirkland> ttx: PackageInstall was fun, as I hadn't installed that way previously
[14:13] <ttx> kirkland: you validated it with current packages ?
[14:13] <kirkland> ttx: i was going to do a PowerManagement one too, with PowerNap instructions
[14:14] <kirkland> ttx: current as of Tuesday, yes
[14:14] <ttx> kirkland: good
[14:14] <kirkland> ttx: i created that while doing the install
[14:14] <kirkland> ttx: there's on funky part that could potentially use some improvement
[14:14] <kirkland> ttx: ssh key distribution
[14:14] <kirkland> ttx: i used ssh-copy-id
[14:14] <kirkland> ttx: but that required that I set a eucalyptus password on the node(s)
[14:15] <kirkland> ttx: i gave instructions for setting it, then un-setting it
[14:16] <ttx> reading right now
[14:18] <nijaba> ttx: who has a muti-node setup to try reproducing a bug intel is having
[14:18] <ttx> this part is a little dependent on what the user already has installed, obviously. If they disabled password auth on their SSh server that would fail. But I think that's a sane default instruction
[14:18] <ttx> nijaba: maybe etienneg/mathiaz
[14:18] <nijaba> ttx: it seems that as long as vm are launched, autodiscovery of additional nodes fails as the wrong ip is returned via avahi
[14:19] <nijaba> ttx: can't verify it with only one node :(
[14:19] <ttx> nijaba: you filed a bug already or you wait to reproduce it ?
[14:20] <nijaba> ttx: I have asked Paul @ intel to file it, so that he can follow up to request for additional info
[14:21] <nijaba> ttx: he now has a lab with 4 nodes running
[14:21] <ttx> nijaba: that will make asking for reproduction easier
[14:21] <nijaba> ttx: he also eventually can give us access to it if needed
[14:22] <nijaba> ttx: an uec is his current #1 priority for the weeks to come
[14:24] <ttx> nijaba: that sounds great !
[14:25] <smoser> ok, ttx, i'm not going to be here tomorrow, nor around the interweb until monday AM. so bug 457866 probably be assigned to someone who will be here to fix it (soren, zul)... really it just needs a upload. if it goes into archive by 01:30 UTC tomorrow it will be in 20091023 builds automatically.
[14:28] <zul> smoser: its got a debdiff attached to it?
[14:28] <ttx> smoser: could you brief zul on the required action ?
[14:28] <smoser> yes
[14:29] <smoser> well, a bzr diff: http://launchpadlibrarian.net/34144024/bug457866-set-karmic-security-apt-sources.diff
[14:30] <smoser> it would be nice if mathiaz someone could just take a look at it also, to make sure i'm not fat fingering anything
[14:30] <smoser> and that my understanding of the bug is what needs to change.
[14:30] <smoser> basically, all i did was s/restricted/universe/
[14:33] <soren> smoser: Ah, right. Good catch.
[14:43] <aubre> are y'all reliably able to attach UEC SC volumes to your UEC instances ?
[14:44] <aubre> I'm considering reinstalling everything using ext3 , I can't figure out why this isn't working for me
[14:45] <aubre> but if I know it is working for you , that would help me
[14:46] <smoser> aubre, i have not tested that. i think that kirkland might have.
[14:46] <aubre> smoser: could you just create a SC volume and try mounting it? it's fairly easy to test
[14:48] <aubre> for example:
[14:48] <aubre> euca-create-volume -s 1 -z vcl
[14:48] <aubre> euca-attach-volume -i i-43440758 -d sdb vol-32DF04AE
[14:49] <aubre> if it shows
[14:49] <zul> smoser: looks reasonable
[14:49] <smoser> aubre, sure. i'll test that.
[14:49] <aubre> smozer: thanks
[14:49] <smoser> thanks for spelling it out for me :)
[14:50] <aubre> smoser: if euca-describe-volumes shows "in use" you suceeded, if it still shows "available" you failed
[14:50] <aubre> smozer: if you succeeded, in the above example, you should be able to ssh into the instance and look for /dev/sdb, and then be able to fdisk /dev/sdb
[14:51] <aubre> smozer: and create a mountable partition, etc etc
[14:51] <aubre> in euca-create-volume -s is size in GB , and -z is zone
[14:55] <ttx> aubre: smoser with an "s"
[14:56] <aubre> ttx: ty
[14:56] <aubre> smoser: sorry
[14:56] <smoser> ok, so euca-describe-volumes shows 'available', and i'm about to type
[14:56] <smoser> euca-attach-volume -i i-4AA8096D -d sdb vol-32F804B0
[14:56] <smoser> right?
[14:56] <aubre> smoser yep
[14:56] <aubre> smoser: yep
[14:57] <aubre> I'm a troublemaker lol
[14:58] <smoser> $ euca-describe-volumes
[14:58] <smoser> VOLUME  vol-32F804B0     1              sm-zone-1a      in-use  2009-10-22T13:53:04.836Z
[14:58] <smoser> ATTACHMENT      vol-32F804B0    i-4AA8096D      unknown,requested:sdb   2009-10-22T13:56:42.522Z
[14:58] <smoser> and in the instance
[14:58] <aubre> smoser: looks good
[14:58] <smoser> dmesg | tail showed a new 'sdb'
[14:58] <aubre> smoser: you win
[14:58] <smoser> and i just : mkfs.ext4 -F /dev/sdb
[14:58] <aubre> smoser: ok, I will try to reinstall my cloud
[14:58] <soren> smoser: Is the VMBuilder branch used on nectarine referenced anywhere other than the README and in the branch metadata of /home/vmbuilder/ec2-daily/vmbuilder/ ?
[14:59] <aubre> smoser: thanks so much
[14:59] <soren> smoser: I'd like to update it right now. I have some changes I'd like to make to VMBuilder for the appliance stuff, and they could start landing in the trunk at any time.
[15:00] <smoser> seems like it is good, aubre. i just mounted and wrote a file there and unmounted and mounted and verified it wsa still there.
[15:00] <aubre_afk> aubre_afk: thanks man
[15:00] <smoser> soren, bin/bzr-pull . thats what i do to pull all the updates.
[15:00] <aubre_afk> aubre_afk: I will reinstall
[15:00] <smoser> oh. but all it does is 'bzr pull' in the appropriate directory
[15:00] <smoser> so if you fix that it will change.
[15:01] <soren> Ok. I'll fix the README as well to avoid confusion.
[15:01] <smoser> right. please do.
[15:01] <smoser> what branch name are you using ?
[15:01] <smoser> did you see my suggestion of karmic-stable
[15:01] <soren> smoser: lp:~ubuntu-virt/vmbuilder/0.11
[15:02] <soren> smoser: 0.11 is what we have in Karmic.
[15:02] <soren> smoser: It will not be developed any further (i.e. it's in bugfix only-mode).
[15:03] <soren> smoser: So that branch is stable.
[15:03] <smoser> ... i would prefer explicit. but ok.
[15:03] <soren> smoser: I'd like to keep the branch names of VMBuilder free of Ubuntu-like names.
[15:04] <soren> https://edge.launchpad.net/ubuntu/karmic/+source/vm-builder has the appropriate metadata.
[15:04] <soren> ...which reminds me I need to add 0.11.2 to Launchpad.
[15:07] <soren> There.
[15:09] <smoser> aubre_afk, http://paste.ubuntu.com/299078/
[15:09] <smoser> kirkland, ttx, see above
[15:09] <smoser> is that known behavior? user error ?
[15:10] <smoser> i think i might have been missing some step to explicitly release /dev/sdb from the guest (maybe 'eject /dev/sdb' or something)
[15:10] <kirkland> smoser: the stack trace on detach?
[15:10] <kirkland> smoser: i've seen that, clearly wrong, but I haven't noticed any mal-effects
[15:10] <smoser> yes
[15:11] <kirkland> smoser: file it, and mark against upstream qemu too
[15:12] <smoser> kirkland, file against kvm ?
[15:12] <smoser> or eucalyptus ?
[15:12] <kirkland> smoser: file against the qemu-kvm package, and add a task for the upstream QEMU project
[15:19] <zul> smoser: do you want me to upload that ec2-init fix for you?
[15:20] <smoser> zul, if you can upload it, and it wont magically be pulled into archive and piss people off about release, then yes.
[15:21] <zul> smoser: hmm...ill wait til tomorrow then ;)
[15:21] <smoser> we want it in "as soon as possible after release". so if you can accomplish that by upload now, then please do.
[15:21] <smoser> i think there are gates on what gets pulled, and that it requires an explicit ACK at the moment
[15:21] <smoser> so that upload wouldn't hurt
[15:22] <smoser> but i'd maek sure someone more process knowledgable than i agreed.
[15:26] <zul> smoser: yes someone has to ack it but I wait til rc is out just to be sure
[15:27] <smoser> no problem.
[15:30]  * soren takes a break
[15:33] <smoser> bug 458201
[15:33] <smoser> kirkland,
[15:34] <kirkland> smoser: okay, thanks
[15:35] <kirkland> ttx: okay, i'm now confirming your db error :-/
[15:38] <smoser> ttx, kirkland zul i'm going to step out for ~ 1h. if you need me, call cell phone (kirkland has it)
[15:39] <zul> ttx: ack
[15:58] <ttx> kirkland: I don't know if I should rejoice :)
[15:58] <kirkland> ttx: on my confirming your db error?
[15:58] <ttx> kirkland: yes
[15:59] <ttx> kirkland: talking to the euca guys it sometimes feeled like I was the idiot with a weird error noone ever saw
[15:59] <ttx> felt like, even
[15:59]  * ttx jumps from call to call
[16:00] <kirkland> ttx: nope, i'm with you now
[16:00] <ttx> yay, lets do a LP group
[16:00] <kirkland> ttx: however, it just started working again, eventually
[16:00] <ttx> kirkland: oh yes, its pretty transient
[16:00] <ttx> just someone might abandon after hitting that error on the first commands used, so better releasenote it
[16:00] <ttx> (and fix it)
[16:01] <ttx> It a "Low" but desirable-to-fix bug
[16:41] <mdz> kirkland, https://bugs.edge.launchpad.net/eucalyptus/+bug/457978
[16:43] <smoser> zul, at some point you and i need to go through all of canonical's published images (a{krm}i and clean up) there a bunch of cruft
[16:43] <cytotoxic> !ops
[16:44] <zul> smoser: sure
[16:44] <kirkland> mdz: read the bug...  what's up?
[16:47] <mdz> kirkland, that's the bug that dmitrii mentioned on the call, they're not sure if it affects the KVM configuration or not but I asked that they give us the bug number and we would check into it
[16:47] <mdz> (it's a heads up)
[16:54] <smoser> aubre_afk, kirkland is 'euca-attach-volume' really supposed to work ?
[16:54] <smoser> that should have said 'with --device'
[16:55] <smoser>  --device : local device name (inside the guest VM) to use.
[16:57] <smoser> that seems like a very hard thing to accomplish (requiring help from the guest)
[16:59] <nijaba> has anyone played with security groups with euca?
[17:00] <nijaba> seems that when I add authorization to another group than default, they are never effective when I start an instance in this group
[17:07] <ttx> smoser: I attached a device succesfully
[17:08] <ttx> nijaba: not really, not above the default group
[17:08] <nijaba> ttx: I opened a bug
[17:09] <ttx> nijaba: you can ping the eucalyptoids in #eucalyptus to get a quick opinion
[17:09] <nijaba> ttx: in a bit of a rush atm :(
[17:10] <smoser> ttx, you attached it, yes, but is it actually supposed to attach with "local device name (inside the guest VM)" used ?
[17:10] <smoser> just doesn't seem reasonable to me.
[17:10] <nijaba> ttx: and it seems to be a LS bug.  Works fine when doing the same with efox
[17:11] <ttx> LS?
[17:11] <nijaba> ttx: landscape
[17:11] <ttx> nijaba: ah
[17:13]  * ttx will pop up again later tonight
[17:18] <darkphader> trying to clean up old kernels getting errors
[17:18] <darkphader> Errors were encountered while processing:
[17:18] <darkphader> linux-restricted-modules-2.6.28-11-server
[17:18] <darkphader> as the directory was manually deleted
[17:18] <darkphader> how to remedy?
[17:36] <jmedina> ivoks?
[17:36] <jmedina> anyone using bacula 3.0.2?
[18:17] <nekro_> nijaba: I haven't seen that issue with security groups. Just tried it against the source.
[18:18] <nijaba> nekro_: forget about it, was a landscape problem
[18:18] <nijaba> nekro_: thanks for chekcing though
[18:18] <nekro_> nijaba: oh okay. np
[18:25] <nijaba> grrr: just ran into bug #457283
[18:29] <SyL> is there a command to reconfigure the network in commandline/
[18:29] <SyL> that / was suppose to be a ?
[18:37] <jmedina> SyL, AFAIK, there is no such a program, you can use your favorite text editor and modify /etc/network/interfaces and then reload networking rc script
[18:37] <SyL> ok
[18:52] <soren> SyL: There might be "third party" tools to do it, but the network configuration stuff you see in the installer only exists in the installer.
[19:14] <nijaba> Is there a "trick" to have smaller images? I did an euca-bundle-vol of a running instance that took only 3.2G on disk (in /var/lib/eucalyptus/instances/admin/), and when I instanciate this new image it now takes 11G on disk!
[19:15] <soren> nijaba: Lower the disk size in the admin console.
[19:15] <soren> You probably set it to 11 to fit the old 10 GB images.
[19:15] <soren> Does that sound about right?
[19:16] <nijaba> soren: i did use -s 10240 in the bundle-vol.  I should not have?
[19:17] <nijaba> soren: and when you say "in the admin console", you are talking about the web interface?
[19:18] <soren> nijaba: Yes.
[19:18] <soren> nijaba: But the -s 10240 is probably also significant.
[19:19] <nijaba> soren: I would think so because in both cases (before and after) I used the same instance type.
[19:20] <nijaba> it took 22 minutes to start this instance, yeah!!!
[19:24] <aubre> smoser: I think that's how euca-attach-volume is supposed to work
[19:24] <aubre> smoser: some of the help commands for euca* need to be refined for sure
[19:26] <smoser> actually doing that, saying "add sdb" and expecting for '/dev/sdb' to show up in the guest is going to be *really* hard to maintain
[19:26] <smoser> across linuxes, not to mention non-linux.
[19:27] <smoser> if, instead 'sdb' means "second scsi device on first scsi controller" or something like that, then its not so bad.
[19:27] <aubre> smoser: it should also be clearer  imo that you use "sdb" as the device name in the command line as opposed to "/dev/sdb"
[19:28] <aubre> smoser: I agree
[19:28] <soren> smoser: The problem is that Xen lets you specify the device name an attached disk will have in the guest. libata does not.
[19:28] <aubre> smoser: aha
[19:28] <soren> smoser: ..and this is difficult to emulate.
[19:28] <smoser> even in xen, thats is not possible
[19:28] <soren> smoser: Uh... Why?
[19:29] <smoser> because it is dependent upon udev rules in the guest (in linux)
[19:29] <smoser> in freebsd or windows i have no idea how that is done
[19:29] <soren> Try it on EC2. Attach an EBS, ask for it to be called /dev/xdm6 and it will be so.
[19:29] <smoser> it will be so based on a limited set of udev rules
[19:29] <soren> Well, /dev/xdm, at least. I'm not sure if you can specify it as a "partition".
[19:30] <soren> I'm quite sure udev just accepts whatever the kernel tells it.
[19:30] <smoser> and i'm quite sure that it doesnt have too
[19:31] <soren> It adds a bunch of symlinks (for UUID, id, and path based access), but the base name sticks.
[19:31] <soren> Of course it doesn't have to.
[19:31] <soren> You can change anything you like with udev.
[19:31] <soren> Forget it. I didn't think it was going to be that sort of argument.
[19:31] <aubre> wow I started downloading from here http://cdimage.ubuntu.com/ubuntu-server/daily/20091020.3/ way before lunch and it still has 16 mins to go :/ I had to double-check to make sure a new cd hadn't been released while I was downloading
[19:31] <smoser> so then, asserting "the guest will name this device XXX" cannot be expected to be correct 100%
[19:32] <smoser> its not "that kind of argument"
[19:32] <smoser> remember adding and removing usb keys say 3 years ago ?
[19:32] <soren> It very much is.
[19:32] <smoser> remember what a pain it was ? sometimes it came up as /dev/sdb, you take it out, add it in, this time its /dev/sdc
[19:32] <soren> I know.
[19:33] <soren> It wasn't udev coming up with those names.
[19:33] <soren> It was the kernel.
[19:33] <smoser> i would suggest that documentation indicate that you are specifying which scsi bus/controller is to be attached (simliar to what kvm takes).
[19:33]  * jmedina remembers that hell...
[19:33] <soren> but whatever. Forget it. I can tell right now this is not going to be a useful argument.
[19:33] <aubre> smoser: well when you remove an ethernet inteface on a vmware 3 image of ubuntu server 9.04 you don't necessarily get the same device name when you replace it. But I am used to that and it doesn't bother me.
[19:34] <soren> aubre: If it has the same MAC, it should.
[19:34] <soren> aubre: If not, it shouldn't.
[19:34] <soren> By design.
[19:34] <aubre> soren: it won't
[19:34] <smoser> so anyway, i just think its silly to say "this is the name the guest will call it"
[19:34] <smoser> as 'sdb' that might work
[19:34] <aubre> soren: vmware assigns a new mac each time, I probably could override it
[19:34] <soren> aubre: I'd like to see udev logs as well as /etc/udev/rules.d/70-persistent-net.rules from a system where that happens. It's a bug and should be fixed.
[19:34] <smoser> what if i name it wackJob123
[19:35] <Reepicheep> soren: smoser,  I haven't really been following to much of what your talking about but I specify partitions with xen.. It's always seemed to work
[19:35] <smoser> its not going to work. so you shouldn't document or imply to the user that it will.
[19:35] <Reepicheep> for example:
[19:35] <Reepicheep> disk = [ "phy:vg/VM-Peter-root,sda1,w", "phy:vg/VM-Peter-swap,sda2,w" ]
[19:35] <smoser> actually, even that doesn't always work.
[19:35] <smoser> depending on kernel you may see that has 'xda1'
[19:35] <soren> aubre: That's what I'm saying. If it gets a new MAC, it'll get a new name. If it gets the old mac, it'll reuse the name. This is intentional.
[19:36] <Nivex> The release notes for Karmic indicate that installing to root on iSCSI is now supported, but my test install says otherwise (bug 457767)
[19:36] <aubre> soren: That makes a lot of sense.
[19:36] <jmedina> Reepicheep: it also works for hot plug dissk using block-attach, the guest machine will get the disk using the name you used to attachit from the dom0 machine
[19:36] <aubre> soren: I just didn't know why it happened, but now I do - thanks :)
[19:36] <Nivex> seems like a problem handing off from iscsistart to iscsid
[19:36] <soren> aubre: sure :)
[19:36] <flagg0204> nivex - had problems with iscsi install as well
[19:37] <smoser> the short of my argument is that the hypervisor should not guarantee to the user that a guest will behave in a certain way.
[19:37] <crohakon> how do I unzip a file in console?
[19:37] <smoser> crohakon, unzip
[19:37] <aubre> unzip filename
[19:37] <soren> smoser: I'm not saying you can give it arbitrary names.
[19:37] <jmedina> :)
[19:37] <crohakon> oh, really? haha
[19:37] <Nivex> flagg0204: yeah, I've been working with #ubuntu-installer to clear a lot issues up, but now it's failing inside the installed environment
[19:37] <Nivex> it's so close to the line I don't know where it is
[19:37] <flagg0204> nivex - do you know if its possible to specify a iscsi initiator name?
[19:37] <soren> smoser: I'm saying that with paravirt Xen, within certain specifications, you get to decide the block device name in the guest.
[19:38] <aubre> I haven't had a chance to test iscsi yet but I do intent to use it if/when we go to production
[19:38] <Nivex> flagg0204: afaik, not yet
[19:38] <flagg0204> when dealing with a netapp it uses the initiator name to determine what target you can use
[19:38] <smoser> "within certain specifications" is useless to depend on
[19:38] <soren> smoser: See. It's "that sort of argument".
[19:38] <flagg0204> and since the installer uses a random initiator name, its impossible to predict
[19:38] <Nivex> I have the feeling that will be sometime after karmic
[19:39] <Nivex> seeing as the internal bits aren't even functional yet :(
[19:39] <flagg0204> nivex - i fgured as much, ah well. guess its nfs root for now
[19:39] <smoser> anyway. sorry to have derailed into "that kind of argument".  it is obvious that eucalyptus is neither trying to nor capable of making a device appear in the guest as a given name
[19:39] <smoser> or at least not making a good effort at it. so it shouldn't imply in its help that it can.
[19:44] <soren> The amount of hacks it would have to apply to make it happen with kvm (or hvm Xen) is no fun at all.
[19:44] <crohakon> how do you delete all the files in a directory?
[19:44] <smoser> i agree. so i think the documentation (and interface) should be more like kvm's.
[19:44] <soren> It's kind of like file descriptors. You can't just say that you want to open something as file descriptor 10. You have to make sure 10 is free, and an 0-9 are taken, and then open the file.
[19:46] <smoser> and euc has basically no way of knowing if 'sdb' is available
[19:46] <soren> ...so if you wanted sdm, they could attach a dummy sdb, sdc..., sdl, and then the real sdm, and detach sdb..sdl. ..and assume that people have not installed special udev rules.
[19:46] <smoser> but it does know if the second block device on controller 1 is taken
[19:46] <zul> smoser: rc is out im going to upload it now
[19:46] <aubre> "if I knew it was going to be this kind of party I would have stuck my **** in the mashed potatoes." Mantan Moreland
[19:46] <soren> People have root access to these things. They are free to shoot themselves as much in the foot as they please.
[19:47] <soren> If they don't, we can make reasonable guesesses as to what the names are going to be in the guest.
[19:47] <mathiaz> zul: the archive is frozen until release - you could have uploaded what ever is needed before
[19:47] <skuld> Today's project:  get my email working LOL.  I think I've got an authentication issue with postfix
[19:48] <soren> The point is: This is good enough. The worst enemy of "good enough" is "perfect".
[19:49] <Nivex> mathiaz: who do I talk to about something that's busted and might need a freeze override?
[19:49] <zul> smoser: done
[19:49] <zul> mathiaz: safer than sorry
[19:49] <mathiaz> Nivex: the release team
[19:50] <mathiaz> Nivex: I'd suggest to start by filling a bug
[19:50] <smoser> i disagree with "good enough".  indeterminable behavior is not good enough.
[19:50] <jfb_h2o> in Karmic I can't open X display. I thought it's related to DisallowTCP, but there is no file /etc/gdm/gdm.conf, suggestions?
[19:51] <smoser> the interface gives no way for something more intelligent to drive it.
[19:51] <Nivex> mathiaz: bug's in already.  no traction yet :(
[19:51] <soren> What do you mean?
[19:51] <soren> smoser: ^
[19:52] <Egonis> I cannot seem to find a pppoe-client howto for Ubuntu Server anywhere for after-the-fact installs. Can someone point me in the right direction?
[19:52] <soren> Egonis: pppoeconf - configures PPPoE/ADSL connections
[19:53] <jmedina> pppoe-config?
[19:53] <Egonis> soren: Which packages do I need to install?
[19:53] <soren> pppoeconf
[19:53] <jmedina> oh that the one
[19:53] <smoser> if the interface was like kvm's it would be possible to program.
[19:53] <smoser> pci_add auto|[[<domain>:]<bus>:]<slot> nic|storage|host [[vlan=n][,macaddr=addr]
[19:53] <smoser> [,model=type]] [file=file][,if=type][,bus=nr]... [host=02:00.0[,name=string][,dm
[19:53] <smoser> a=none] -- hot-add PCI device
[19:53] <Egonis> soren, jmedina: Ahh, thank you!
[19:53] <smoser> pci_add auto|[[<domain>:]<bus>:]<slot> nic|storage|host [[vlan=n][,macaddr=addr] [,model=type]] [file=file][,if=type][,bus=nr]... [host=02:00.0[,name=string][,dma=none] -- hot-add PCI device
[19:53] <smoser> its less "user friendly", but more determinable.
[19:53] <soren> smoser: Well, we're stuck with the "fantastic" EC2 API. Deal.
[19:54] <smoser> that argument just isn't going to work indefinitely
[19:54] <Egonis> Another dumb question (recently left Gentoo environment) -- how do I add a /etc/init.d script to startup?
[19:54] <smoser> "ec2 sucks, so eucalyptus has to also"
[19:55] <soren> smoser: Maybe this will surprise you, but amazon actualy gets away with having tools that let you specify the device name, and somehow, magically, despite the fact that people can put random shite in their udev rules to change the name of block devices when they turn up, it works for on EC2.
[19:55] <smoser> i dont think that it does.
[19:56] <smoser> i think their documentation is incorrect, and that people probably find that out, and deal with it in the guest
[19:56] <soren> smoser: What do you base this on?
[19:56] <soren> What would the motivation be to add those weird udev rules?
[19:56] <soren> The amount of people who even have the skill to write them is astonishingly low.
[19:57] <smoser> so if i just say "add shc", it works ?
[19:57] <soren> the few who do, I'm sure can deal with the consequencees.
[19:57] <soren> No. xdc, for instance.
[19:57] <smoser> how about xed
[19:57] <soren> smoser: "within certain specifications"
[19:57] <smoser> which is valid.
[19:57] <soren> Maybe xed.
[19:57] <soren> I don't know.
[19:57] <smoser> right.
[19:57] <smoser> maybe xed
[19:58] <jmedina> Egonis: just like any other sysv distro, creating symlinks, for ubuntu you can use update-rc.d
[19:58] <smoser> if i had previously added xda-xdh and then xda-xdd
[19:58] <smoser> or some silliness like that
[19:58] <soren> Huh?
[19:59] <smoser> if you've previously done no volume attaches in ec2 to your instance
[19:59] <smoser> and then you say "attach xdd"
[19:59] <soren> Yes.
[19:59] <smoser> that will "just work" ?
[19:59] <soren> Yes
[19:59] <jfb_h2o> fixed: edit /etc/gdm/custom.conf
[19:59] <soren> smoser: That's what I've been saying *all along*.
[19:59] <smoser> i dont think it will across even all of ubuntu's images
[19:59] <smoser> let alone all images on ec2
[19:59] <smoser> even that extremely simple case
[19:59] <soren> Give me one good reason why it wouldn't work.
[20:00] <smoser> because my experience of device hotplug in linux indicates that things are lss than determinable
[20:00] <soren> If you say "the admin may have made a udev rule to override it", I /will/ kick you when I see you.
[20:00] <nijaba> weird, my cloud seems to have forgotten how to route all my public ips, apart from the first one
[20:01] <soren> smoser: Well, that's paravirt Xen for you.
[20:01] <soren> smoser: There are perfectly valid explanations why USB disks get the names they do.
[20:01] <smoser> i bet it doesn't show up as /dev/xdc on windows.
[20:01] <soren> smoser: It's not like it's random.
[20:02] <soren> Forget it.
[20:02]  * soren rolls eyes and leaves
[20:02] <smoser> yes, that was off the wall.
[20:02] <smoser> but the point is, hardware (and a hypervisor managment platform is emulating "hardware") should be "hardware" and not make assertions about how the softwrae that runs on it will act
[20:03] <soren> I'm not here, remember?
[20:03] <smoser> when you say "plug a volume into that instance" its like telling a sysadmin to walk over and attach a device.
[20:03] <smoser> anyway.
[20:03] <smoser> i'lll agree with you its silly
[20:03] <smoser> have a nice night soren
[20:04] <soren> For paravirt Xen, it's nothing at all like that.
[20:04] <soren> Sorry, but it just isn't.
[20:07] <nijaba> any clues on what might be going with this routing being lost?  I do see the public ip of all my instances when I do an 'ip addr', but I can only ping the first one.  Of course, all instances are from the same image and in the same security group...
[20:07] <nijaba> when I say ping, it is also the same for ssh
[20:13] <mathiaz> nijaba: are you pinging/sshing from the CC?
[20:13] <ruben23> hi i have setup nfs on a server and client, im able to mount and view the server directory i share in my client problem is when i reboot i got this error and the mount directory is gone..------>http://pastebin.com/m447cd3e6
[20:13] <nijaba> mathiaz: both from the CC and from my desktop -> same result
[20:13] <ruben23> any idea on the error
[20:14] <mathiaz> nijaba: try to look at the iptables rules for the nat table
[20:14] <mathiaz> nijaba: this is where the public <-> private mapping is done
[20:14] <mathiaz> nijaba: iptables -nL -t nat
[20:15] <mathiaz> nijaba: can you ping/ssh into the instances using their *private* ips?
[20:16] <nijaba> mathiaz: not the ones I cannot reach on their public ip
[20:16] <nijaba> mathiaz: iptables looks good.  Do you want a pastebin?
[20:16] <mathiaz> nijaba: sure
[20:17] <mathiaz> nijaba: not the ones I cannot reach on their public ip? do you mean that the you cannot reach these via their private IPs as well?
[20:17] <nijaba> mathiaz: http://pastebin.ubuntu.com/299266/
[20:17] <nijaba> mathiaz: I can ping 10.67.108.100 and 172.19.1.2 but not 101 and 3
[20:18] <mathiaz> nijaba: is the .3 guest running correclty?
[20:19] <mathiaz> nijaba: can you get the console-output?
[20:20] <nijaba> mathiaz: yep
[20:21] <mathiaz> nijaba: can you paste the output for iptables -nL
[20:21] <mathiaz> nijaba: and route -n
[20:22]  * smoser heads out for the night.  I'll check in later.
[20:22] <smoser> mathiaz, its a trivial change, but could you just verifiy that the patch on
[20:22] <nijaba> mathiaz: http://pastebin.ubuntu.com/299268/
[20:23] <smoser> bug 457866 is what you were wanting
[20:23] <jmedina> ruben be sure portmap is running before nfs tryes to mount
[20:23] <soren> jdstrand: Around?
[20:23] <RobEss> Hi, has anyone been unable to upgrade the server version to 2.6.24-25 kernel? I'm running 8.04 version. The workstation flavor had no problems updating. The sources.list files seem identical between the two. Thanks!
[20:23] <nijaba> mathiaz: hold on.  I just restarted the 2nd instance.
[20:25] <nijaba> mathiaz: and of course, now it works....  /me scratches his head...
[20:26] <mathiaz> nijaba: you're becoming a koala... ;)
[20:27] <nijaba> AH!!
[20:28] <nijaba> mathiaz: instance 1 : m1.xlarge, instance 2: m1.large: both work
[20:28] <nijaba> mathiaz: but it the 2 instances and m1.xlarge, the second one does not work!!!
[20:29]  * nijaba can't start to imagine what's going on...
[20:30] <mathiaz> nijaba: are you using the same image?
[20:30] <nijaba> mathiaz: of course I am
[20:31] <mathiaz> nijaba: how many NC do you have?
[20:32] <mathiaz> nijaba: you may run out of ressource (like memory or disk space) when you run two m1.xlarge instances
[20:32] <nijaba> mathiaz: only one
[20:32] <mathiaz> nijaba: which you wouldn't run into when you use m1.large and m1.xlarge
[20:32] <nijaba> mathiaz: 5G, 8 core machine...
[20:33] <mathiaz> nijaba: disk sapce?
[20:33] <Egonis> Which is the typical preferred firewall/masquerade method in Ubuntu Server? I have typically used Shorewall, although am not sure what the Ubuntu standard is
[20:33] <nijaba> mathiaz: df shows plenty of space left
[20:33] <mathiaz> nijaba: how much?
[20:33] <ScottK> Egonis: ufw
[20:33] <nijaba> mathiaz: 60G
[20:33] <mathiaz> Egonis: depending on what you wanna do, ufw or shorewall
[20:34] <nijaba> mathiaz: out of 66
[20:34] <mathiaz> Egonis: ufw is great for host based firewall
[20:34] <mathiaz> Egonis: if you wanna setup a gateway with complex routing scheme (such as DMZ and public/private zones) you'd better invest some time in shorewall
[20:35] <mathiaz> Egonis: you could do it with ufw - but it doesn't support everything yet for the gateway/router use case
[20:35] <nekro_> "it is obvious that eucalyptus is neither trying to nor capable of making a device appear in the guest as a given name"
[20:35] <mathiaz> nijaba: can you reproduce the failure with 2 m1.xlarge?
[20:35] <nekro_> smoser: it works with xen
[20:35] <nekro_> smoser: does not work with kvm
[20:36] <mathiaz> nijaba: and the success with 1 m1.large and 1 m1.xlarge?
[20:36] <nekro_> smoser: euca2ools are supposed to be compatible with Amazon and Eucalyptus. Amazon uses xen
[20:36] <RobEss> Egonis, if you're going to run the firewall on a separate box, take a look at smoothwall. It's really easy to configure.
[20:36] <nijaba> mathiaz: yes, 3 times already
[20:36] <Egonis> RobEss: Thank you, I will check that out.
[20:36] <Egonis> mathiaz: Thank you
[20:36] <smoser> nekro_, i still disagree that it works with xen. it works for maybe 16 strings or something (xda->xdd)
[20:37] <mathiaz> nijaba: could you double-check that the failing instance (.3) in m1.xlarge gets the correct IP address?
[20:37] <mathiaz> nijaba: is there another dhcp server on the network?
[20:37] <soren> smoser: What are you basing this on? And how is xda->xdd 16 strings?
[20:37] <nekro_> smoser: ok, it works in most cases.
[20:38] <mathiaz> nijaba: that would server dynamic ip addresses?
[20:38] <ruben23> hi i have setup nfs on a server and client, im able to mount and view the server directory i share in my client problem is when i reboot i got this error and the mount directory is gone..------>http://pastebin.com/m447cd3e6
[20:38] <nijaba> mathiaz: nope, isolated net, no dhcp
[20:38] <nekro_> smoser: I don't want to get into this argument because it is a hypervisor level issue, but to blame it on the client tools is a bit erroneous.
[20:38] <nijaba> mathiaz: how would I check the ip of an instance I cannot connect to?
[20:38] <jmedina> ruben23: did you read my message about portmap?
[20:38] <smoser> nekro_, it doesn't work in most cases. "most cases" would be > 50% of possible input strings
[20:38] <mathiaz> nijaba: try to log on the NC and look at the kvm command
[20:39] <smoser> in which case no way.
[20:39] <mathiaz> nijaba: it should have the MAC address
[20:39] <mathiaz> nijaba: on the CC look into the dhcpd lease file for eucalyptus
[20:39] <smoser> whatever xda->xdd is . (it was a typo above).
[20:39] <mathiaz> nijaba: and check if the MAC address is there
[20:39] <ruben23>  jmedina: i ahvent see it
[20:39] <smoser> at very least the help should tell you to use something like "sdX"
[20:39] <jmedina> I see
[20:39] <smoser> that would make me happy
[20:39] <smoser> it would still be broken and indeterminable but at least less so
[20:40] <Egonis> RobEss: I was also hoping to run Postfix for a simple Filtering gateway, can I install this into smoothwall?
[20:40] <soren> smoser: Well, Xen does not name stuff sdX. It names it xdX.
[20:40] <jmedina> isnt it xvdX?
[20:41] <smoser> well, goign with your "ec2 sucks so so should euca" argument, then we should just say "xda" is what it should take
[20:41] <soren> jmedina: Err... could be. I'm not sure.
[20:41] <smoser> but anyway
[20:41] <smoser> i have to go. soren you shouldn't have started up again. both of us have better things to do. at least i'd think you do :)
[20:41] <ruben23>  jmedina:..? whats your message..?
[20:42] <soren> Oh, I do. I really do.
[20:42] <jmedina> ruben23: scroll up, I answer two times
[20:42] <nekro_> smoser: I'm not making that argument. In fact, I am making no argument. We will fix software if there are legitimate bugs. File a bug if you think it is a bug. Based on how priority it is, it will be fixed at the appropriate time.
[20:42] <smoser> nekro_, thank you.
[20:43] <RobEss> Egonis, I'm not sure. Smoothwall comes as a self-installing ISO. It is not Ubuntu-based.
[20:43] <ruben23>  jmedina: portmap should be runnning, how do i check it
[20:43] <jmedina> ps?
[20:44] <nijaba> mathiaz: which file.  /var/lib/dhcp3/dhcpd.leases is empty
[20:44] <mathiaz> nijaba: right - that's not the eucalyptus lease file
[20:44] <mathiaz> nijaba: I think it's somewhere in /var/lib/eucaluptys/
[20:44] <mathiaz> nijaba: or /var/run/eucal/
[20:44] <mathiaz> nijaba: if you do a ps -ef
[20:45] <mathiaz> nijaba: and look for dhcpd processes you'll fine the eucalyptus lease file
[20:45] <ruben23>  jmedina:  i think its running----->daemon    3952     1  0 11:55 ?        00:00:00 /sbin/portmap
[20:45] <mathiaz> nijaba: as it's specified on the command line
[20:45] <jmedina> ruben23: you need to be sure it is running before you try to mount nfs share
[20:45] <nijaba> mathiaz: /var/run/eucalyptus/net/euca-dhcp.leases
[20:46] <jmedina> you didnt say how did you mount it, or how are you tring to auto mount it
[20:46] <mathiaz> nijaba: right - that's it
[20:47] <ruben23> mount 192.168.0.100:/var/spool/asterisk/monitorDONE  /home/cron/RECORDINGS
[20:47] <nijaba> mathiaz: it is empty :(
[20:48] <ruben23> jmedina: on my fstab i have this --->http://pastebin.com/m431e8a5f
[20:48] <jmedina> ruben23: sorry I have to go :S
[21:33] <ka3uww> Hey I guys I installed Ubuntu server and changed to a faster box. Now it doesn't see the new nic card. Can anyone help???
[21:35] <_ruben> ka3uww: sudo rm /etc/udev/rules.d/70-persistent-net.rules (or alter the mac address(es) listed in that file, then reboot
[21:38] <ka3uww> TNX _ruben! I am trying it right now.... TNX agn!
[21:40] <ka3uww> _ruben TNX... IT WORKS!!! TNX...
[21:55] <ruben23> hi if i have serverA and ServerB then i want to copy files form my serverA to server B where should i installed the FTP server to do it..?
[21:56] <guntbert> ruben23: I don't think it matters
[21:56] <_ruben> just use rsync instead
[21:56] <ruben23>  _ruben: what if ill used FTP...?
[21:56] <ruben23> what it would be
[21:56] <ruben23> where should i install the FTP server
[21:57] <_ruben> the server you wont initiate the copy from .. which, again, leaves it up to yourself
[21:57] <_ruben> one will be server, one will be client, data can be transfered both ways either way
[21:58] <SyL> is there a link for a howto to get eucalyptus working in karmic? I remember seeing one, but I can't find the link
[22:02] <ahe> SyL: you mean this one: https://help.ubuntu.com/community/UEC ?
[22:10] <jdstrand> soren: hi! I noticed your vmbuilder upload and installed it. However, I can seem to boot the karmic vm after it is created. see http://paste.ubuntu.com/299317/
[22:10] <jdstrand> soren: it just sits after the BIOS post with 'Booting from Hard Disk...'
[22:11] <SyL> ok, maybe I'm crazy, but I'm not seeing any keys in /var/lib/eucalyptus/keys/ on the frontend or the nodes. any ideas?
[22:12] <jdstrand> s/I can/I can't/
[22:12] <jdstrand> soren: s/I can/I can't/
[22:15] <soren> jdstrand: I'm working on that right now.
[22:15] <soren> jdstrand: ..but I'm surprised you're seeing it.
[22:16] <jdstrand> soren: why surprised? output not what you expected?
[22:16] <soren> jdstrand: /me must be barking up the wrong tree
[22:16] <jdstrand> soren: if it helps, I have grub installed, but not grub2
[22:16] <soren> jdstrand: No, I was seeing the same thing, but doing something "special", and thought that was why it was breaking.
[22:16] <jdstrand> hmm
[22:17] <soren> jdstrand: If you're seeing it as well, I was barking up the wrong tree. In fact, I thin kI know what it is.
[22:17] <jdstrand> ah good
[22:17] <soren> jdstrand: Thanks for the poke. You got me back on the right track :)
[22:17] <jdstrand>  5
[22:17] <jdstrand> o/
[22:17] <soren> ditto :)
[22:18] <jdstrand> heh
[22:18]  * soren waits for vmbuilder to finish.
[22:19] <MTeck-ricer> !search autofs
[22:19] <MTeck-ricer> !info autofs
[22:48] <soren> jdstrand: I seem to have fixed it.
[22:49] <jdstrand> \o/
[22:50] <soren> Now I just need to file a bug to track it.
[23:25] <bventura> i have a internal DNS server in my office, and when I try to resolve the address "example.com" without any prefix (like www.example.com) it's returning the address of the internal dns server, not my website's address which is what I want.  How can I fix that?  what DNS entry do I need to make?
[23:25] <bventura> ie. someone puts in their browser "http://example.com" when they are at the office
[23:29] <qman__> bventura, you need to change the "example.com" entry in your zone file
[23:35] <bventura> qman__ that's what I think I am not getting here, that 'example.com' is not really specifically mentioned there except at the top line "example IN SOA dns1.example.com. dnsadmin.dns1.example.com"   then a bit down "$ORIGIN example.com."
[23:47] <qman__> bventura, you need an A record for example.com
[23:48] <qman__> normally such an oversight would cause bind to not start
[23:48] <qman__> so, more likely, it IS defined, but you didn't notice
[23:48] <qman__> the fact that $ORIGIN is defined means that the record could be
[23:48] <qman__> @     IN    A     1.2.3.4
[23:53] <bventura> ok qman let me check it out