[00:01] <qman__> erichammond, yeah, what you're looking for is a replacement for active directory
[00:01] <qman__> samba 4 is designed to help with this, but samba 3 is a bit tougher
[00:02] <qman__> it basically requires ldap and a specific kerberos implementation
[00:03] <qman__> I've yet to actually get it to work, myself, but I've seen it done
[00:06] <RoAkSoAx> I've tested samba4 and created and AD Server, created users, groups, used windows tools to manage the AD and was able to log in computers to the AD
[00:07] <qman__> nice
[00:07] <qman__> good to know samba 4 is making progress
[00:08] <fxhp> qman__, I think that the user in need of that information has already left the chat.
[00:08] <RoAkSoAx> qman__, it was pretty impressive!!
[00:09] <fxhp> what would cause my jeos VM's built with vmbuilder to not have their harddrives linked in the config (xml)  I have to manually attach them using virsh edit
[00:15] <erichammond> qman__: Thanks. If you solve it, consider documenting the steps in a howto.  At this point, I think I can admit that my Windows foo is insufficient to tackle it alone.
[00:15] <eqx311> ok, so help me with this dissision. I need run bunch of virtuals on older xeon hardware without vmx
[00:15] <eqx311> what should I use to make it running
[00:17] <eqx311> I just spend 4 days of compiling and compiling of kernel 2.6.31.5 + xen 3.4.2-rc2 and I can not make that xen running :)
[00:33] <micahg> is there an issue with software raid and 2.6.31?
[00:45] <StrangeCharm> i seems to have made an arror writing my fstab, and have to manually mount my volumes. what's the correct way to mount volumes in an lvm on an encrypted volume?
[00:52] <StrangeCharm> how do you mount an lvm stored on an encrypted volume?
[01:25] <micahg1> is there an issue with software raid and 2.6.31?
[01:31] <goose> does anybody know why "mkdir ~/public_html" doesn't create a folder any longer at http://domain.org/~chris/ for me? :/
[01:33] <fxhp> goose, It still works for me
[01:33] <fxhp> mkdir ~/asdf
[01:34] <goose> ?
[01:34] <goose> fxhp: you want me to make a dir named "asdf" in my home folder?
[01:35] <fxhp> No
[01:35] <fxhp> I was expressing that the syntax still creates a folder
[01:35] <goose> ah :p yes, the folder is created
[01:35] <fxhp> your question was pretty ambiguous.
[01:35] <goose> but it's no longer shown at http://domain.org/~chris/
[01:35] <goose> is what I meant
[01:36] <fxhp> what do you use as a web server?
[01:36] <fxhp> apache?
[01:36] <goose> yes
[01:36] <fxhp> lighTPD?
[01:36] <goose> apache2
[01:36] <fxhp> Does apache point at your home dir?
[01:36] <goose> it does by default, iirc? I'll double check, though
[01:37] <micahg> is there an issue with software raid and 2.6.31?
[01:38] <fxhp> software raid and the new kernal?
[01:38] <fxhp> kernel *
[01:39] <goose> don't see anything off in my /etc/apache2/apache.conf, and my httpd.conf is blank :S
[01:41] <fxhp> blank...?
[01:42] <fxhp> Did youedit with sudo?
[01:42] <goose> yeah... absolutely nothing in it
[01:42] <micahg> fxhp: yes
[01:42] <micahg> it wouldn't boot
[01:42] <micahg> can't find /dev/md0
[01:42] <micahg> I have a boot partition
[01:42] <fxhp> micahg: did this happen after an upgrade?
[01:43] <micahg> yes, I upgraded from jaunty -> karmic
[01:43] <fxhp> eek
[01:43] <micahg> I got rid of the UUIDs and it didn't help
[01:43] <micahg> luckily I still had my old 2.6.28 kernel
[01:43] <goose> fxhp: the module to enable that dir to be transferred to HTTP wasn't enabled. fixed now.
[01:44] <fxhp> goose: good to hear.
[01:44] <fxhp> micahg, so that raid array still exists but grub is unable to load it?
[01:44] <micahg> yes
[01:44] <micahg> well, it's not grub
[01:45] <micahg> it drops me into busybox
[01:45] <fxhp> micahg, can you see the array in busybox?
[01:45] <fxhp> see the files?
[01:45] <micahg> no, it can't find the array
[01:46] <fxhp> I don't know...
[01:47] <fxhp> I was planning on setting up raid5 on 5 drives.
[01:47] <fxhp> Never got around to it
[01:51] <JerVA> I know this is not support related channel
[01:51] <JerVA> But I have user that is having NIS related issue with server with 10+ clients
[01:51] <micahg> JerVA: this is a support channel for servers :)
[01:51] <JerVA> Hi there again micahg
[01:51]  * micahg is not usually in here
[01:51] <JerVA> Should I refer this user to this channel?
[01:52] <JerVA> I think this may be server related issue
[01:52] <micahg> if it's on the server side, yeah
[01:52] <JerVA> Ok I'll refer this user
[01:52] <micahg> channel seems quiet right now though
[01:53] <JerVA> Hello thieusoai
[01:53] <thieusoai> hi
[01:53] <JerVA> micahg - this is thieusoai that needs assistance with NIS related issue I mentioned
[01:53] <thieusoai> I have problem with NIS ---  all my clients machine (which authenticates login etc via NIS) cannot open any network related apps (e.g., pidgin, xchat, firefox).
[01:54] <thieusoai> if I log in a local account , then everything is fine.
[01:54]  * micahg doesn't know about NIS unfortunately
[01:54] <micahg> maybe someone else does
[01:54] <tonyyarusso> I set it up once, but I don't pretend to understand it.
[01:55] <thieusoai> The server runs Ubuntu-8.04 Server .   The clients run various OS including Debian / Ubuntu Hardy, Karmic, Jaunty, etc  _all_ face the same problems
[01:55] <thieusoai> yeh -- been working on this for almost 10 hrs
[01:55] <thieusoai> so frustrated :(
[01:57] <JerVA> Did you try to do the server reset including clients?
[01:57] <thieusoai> yeh I did,  I reboot the server as well as the clients
[01:57] <JerVA> Like powercycling?
[01:57] <thieusoai> I turn off all the clients,  and server, then start the server
[01:57] <thieusoai> and one client
[01:58] <thieusoai> and test on that client
[01:58] <micahg> thieusoai: have you seen this: https://help.ubuntu.com/community/SettingUpNISHowTo
[01:59] <thieusoai> yeh micahg , I did
[01:59] <thieusoai> the weird part is that I was able to log in using NIS just fine  ,
[01:59] <thieusoai> it's just in X
[01:59] <thieusoai> when all the network-apps hang
[02:00] <thieusoai> but in tty's ,  everything works (e.g., I can use elinks and such)
[02:02] <nxvl> kirkland: around?
[02:03] <thieusoai> also the home directory of user is mounted via nfs
[02:03] <thieusoai> not sure if it's related
[02:03] <JerVA> you mean ntfs
[02:03] <thieusoai> no, nfs
[02:03] <JerVA> ok
[02:03] <thieusoai> but I am not sure if it's related
[02:03] <thieusoai> because I can see all those files just fine
[02:04] <JerVA> No updates or anything to do with Update Manager?
[02:05] <thieusoai> nope, I don't think it is due to updating.   Because we didn't touch the Server at all for quite a long time
[02:05] <thieusoai> only when this problem arises today
[02:05] <thieusoai> then we decided to update it
[02:05] <thieusoai> but it still the same
[02:05] <JerVA> Maybe it is hardware-related issue?
[02:06] <JerVA> Run some network tests ?
[02:06] <thieusoai> on the server ?
[02:06] <JerVA> why not
[02:06] <JerVA> see where in the end is the issue
[02:06] <thieusoai> I am not sure what network test to run  ?
[02:06] <thieusoai> yeh it would be good to localize where the problem is
[02:07] <JerVA> http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch30_:_Configuring_NIS
[02:07] <JerVA> I'm googling what I can :)
[02:08] <JerVA> I think this one may help out better
[02:08] <JerVA> http://www.yolinux.com/TUTORIALS/NIS.html
[02:10] <thieusoai> thanks JerVA
[02:10] <JerVA> anytime
[02:10] <thieusoai> I'll check them out -- but now I think gotta go dinner and come back
[02:10] <JerVA> Okay.
[02:13] <JerVA> thanks for helping out micahg
[02:13] <micahg> JerVA: sorry I couldn't be more help
[02:14] <JerVA> no problem
[02:14] <JerVA> I tried what I can
[02:14] <JerVA> I'm not an expertise on NIS either
[02:24] <erichammond> smoser, mdz: My first time trying to use euca2ools and I found that to rebundle an image for EC2 I had to install ec2-ami-tools from multiverse anyway just to get the EC2 cert.  Seems like the Karmic AMI is not usable without ec2-ami-tools for rebundling which is the first thing most EC2 tutorials want you to try.
[03:08] <smackd> hi all... trying to send mail.. i have installed the postfix-dovecot package... it wont let me send... anyideas i can check on...?
[03:10] <ScottK> smackd: Look in /var/log/mail.log.  It will tell you why
[03:11] <smackd> ok it says this.. the same relay message what is that
[03:11] <smackd> Nov  7 18:07:05 76 postfix/smtpd[1534]: NOQUEUE: reject: RCPT from unknown[76.199.50.233]: 554 5.7.1 <matt14213@yahoo.com>: Relay access denied; from=<matt@$
[03:17] <maxagaz> hi
[03:19] <maxagaz> on a server, I have : "/dev/sda1  142G  137G     0 100% /" the percentage doesn't look correct
[04:53] <oh_noes> is there a boot screen/splash-screen for hardy?
[04:54] <jmarsden> oh_noes: For Ubuntu server there is no graphical splash screen... there is no GUI :)
[04:55] <oh_noes> well ive used hardy as a base for an appliance i made
[04:55] <oh_noes> i was looking into boot screen, preferbly text based
[04:55] <oh_noes> but i wasnt sure what options are available
[04:57] <jmarsden> oh_noes: You are creating appliances that assume a "PC" style VGA screen will be attached at boot time?  Usually appliances can't assume that, can they?
[04:58] <jmarsden> For example, when you start an instance of the appliance up in the cloud on Amazon EC2, where will the "boot screen" be displayed?
[05:01] <Fraxtil> How do I configure GRUB in Ubuntu 9.10 server? It seems there's no /boot/grub/stage1
[05:01] <russlar> Fraxtil: 9.10 uses grub2 on fresh installs
[05:01] <jmarsden> Fraxtil: If you did a fresh install it most likely used grub2 instead of grub
[05:01] <russlar> !grub2
[05:02] <Fraxtil> okay then
[05:03] <Fraxtil> How can I run update-grub, since I can't log in anymore?
[05:03] <Fraxtil> *or boot it in the first place
[05:06] <jmarsden> Fraxtil: Boot the machine from a CD, perhaps.  Sounds like there is a story behind your apparently simple question "How do I configure GRUB"... how did you break it in the first place?
[05:12] <Fraxtil> jmarsden: I thought I could backup everything from an encrypted LVM and put it onto a regular ext3 filesystem, but that changed partition orders and stuff
[05:14] <jmarsden> OK.  Sounds like booting from CD would be a useful way to go (if the system is local to you), then mount your ext3 partition(s), chroot into the real system and use update-grub.
[05:33] <twb> If grub is working, you can just pick "rescue" to immediately get root
[05:35] <twb> If grub simply can't find the root partition or the kernel, you can also just edit it by hand enough to boot (the "e" key), and then get update-grub working from there.
[07:03] <AliTarihi> Hi. anyone can help me with OpenFire installation. I'm newbie to server things. I've installed it but I get connection refused on admin console
[07:17] <crohakon> I would like to turn off the DHCP client and set my server to a static IP on my LAN. Anyone got a guide that will help me with that?
[07:18] <Boohbah> crohakon: http://www.debianadmin.com/ubuntu-networking-for-basic-and-advanced-users.html
[07:22] <crohakon> Boohbah, thanks
[07:34] <crohakon> How can I test of my DNS server is using, via the server itself over SSH?
[07:51] <nagumo> anyone have experience with kerberized nfs4?
[08:02] <maxagaz> i have installed a mirror for hardy, jaunty and karmic on a server, and then removed the lines for karmic, but karmic packages are still here, how to clean my mirror ?
[08:08] <crohakon> well, I must say, I think I have noticed in the speed of opening websites using my own DNS server rather then charters...
[08:08] <crohakon> noticed an increase*
[08:09] <KurtKraut> crohakon, are you also caching the DNS queries?
[08:10] <crohakon> How do I check? I am just now setting this all up and testing.
[08:11] <KurtKraut> crohakon, what software you're using to have your own DNS server?
[08:12] <crohakon> bind9?
[08:12] <KurtKraut> crohakon, it does not cache queries by default. I recommend you to search for how to do that on Google.
[08:12] <crohakon> What is the benefit?
[08:12] <KurtKraut> crohakon, I'd like also to request your vote on this: http://brainstorm.ubuntu.com/idea/20842/
[08:14] <crohakon> What is the benefit of enabling caching?
[08:16] <KurtKraut> crohakon, to be short: much, much, much faster internet browsing.
[08:19] <crohakon> you got my votes.
[08:21] <KurtKraut> crohakon, thanks
[08:21] <crohakon> All that is required is simply adding the IP numbers of your ISP's DNS servers. <--- To enable caching I need to use the IP of my ISP's DNS servers why?
[08:22] <qman__> crohakon, you don't need caching
[08:22] <qman__> you're running your own server with root hints
[08:22] <qman__> caching is if you want to cache from your ISP's DNS
[08:23] <qman__> it's a completely different setup
[08:23] <KurtKraut> crohakon, no you don't. But using your ISP DNS and them caching its results are also an improvement of performance.
[08:23] <KurtKraut> qman__, saying 'you don't need caching' is like 'you don't need to use seat belts on cars'
[08:23] <qman__> both accomplish the same goal
[08:23] <KurtKraut> :D
[08:23] <qman__> he doesn't need a caching server, because he has a server that uses root hints
[08:23] <qman__> instead of his ISP's DNS
[08:24] <crohakon> Yes, I am trying to avoid using charters DNS all together.
[08:24] <KurtKraut> qman__, even caching for local queries is a performance booster.
[08:25] <crohakon> KurtKraut, I believe caching for local queries is enabled by default with bind9... though, I could be wrong.
[08:25] <qman__> that's what I thought, too
[08:26] <KurtKraut> crohakon, AFAIK, no. But you can do the test with the command dig. Do a 'dig www.google.com' twice and see how many miliseconds both queries took.
[08:27] <qman__> 60ms; 0ms
[08:27] <crohakon> 1ms; 1ms
[08:27] <KurtKraut> qman__, crohakon, so it is caching.
[08:27] <qman__> I think it caches for like 5 minutes
[08:28] <crohakon> only 5 minutes?
[08:28] <KurtKraut> qman__, if it does, it is not correct. It should cache until the TTL of the query. Each DNS query tells to the server when it is expected to expire and should be kept until that time.
[08:29] <macno> Hi, I need to install samba 3.2 o 3.3 on 8.04 LTS. I checked in backports but aren't there. any suggestions?
[08:29] <qman__> I don't know for sure, I was just guessing, because my server is pretty on top of DNS changes
[08:30] <qman__> it's more accurate than my ISP's DNS, by a considerable margin
[08:32] <crohakon> I kept having issues where I would go to, say, www.ubuntu.com and it would not resolve. I would wait a minute, try again, and it would work... with charter. I was hoping running my own DNS server would make that less likely.
[08:33] <qman__> it will
[08:33] <KurtKraut> crohakon, have you tried OpenDNS.com?
[08:34] <qman__> openDNS is alright, but not as fast as running your own server
[08:34] <KurtKraut> qman__, OpenDNS + local cache is as good as querying directly to root servers.
[08:34] <soren> smoser: Done.
[08:35] <crohakon> KurtKraut, now that this is working and I can notice the improvement I think I am just going to stick with it. I already had the box running as a LAMP server using dyndns.com... so it it running when ever I have power anyway.
[08:45] <ttx> soren: o/
[08:46] <ttx> soren: haven't seen any blueprints from you yet...
[08:49] <soren> ttx: No, sorry about that. Last night didn't work out as planned :(
[08:49] <ttx> soren: ok, please do it today then ;)
[08:50] <ttx> soren: put yourself as assignee +drafter if you intend to do it, only as drafter if you want to lead the discussion about it, or leave blank if you don't really want to lead it or do it.
[08:55] <soren> ttx: Sounds easy enough.
[08:56] <ttx> soren: doesn't mean you won't end up doing it, just that it's open :)
[08:56] <soren> Gah.
[10:10] <soren> ttx: What's the naming scheme for specs this time?
[10:10] <ttx> server-lucid-*
[10:11] <ttx> though it doesn't really help in getting their list, given how blueprint search "works"
[10:14] <twb> Haha, lucid name clash gets me again
[10:15] <twb> I was trying to work out when Lucid became a font foundry.
[10:18] <twb> (Lucid Inc, that is.)
[11:17] <soren> ttx: Who should I be defaulting to for approver? You? mdz?
[11:18] <soren> Myself (if I'm not the drafter, of course)?
[11:18] <ttx> ttx: mdz
[11:18] <ttx> soren: mdz
[11:21] <soren> ttx: Got it, thanks.
[12:26] <soren> ttx: I'm not sure how to file the "automated testing" spec thing. It's vast and I doubt it will fit in a single session.
[12:27] <soren> ttx: Also, I'm not sure it makes sense to split it into e.g. "mail", "web", "databases", etc.
[12:27] <soren> ttx: Can we schedule a session on Monday, where we essentially schedule the next 3-4 sessions on the subject and reserve timeslots for those now?
[12:28] <soren> I have a hunch that people more familiar with automated testing will have a better idea about how to split up this discussion.
[12:28] <ttx> soren: i'll talk about it to mdz
[12:29] <soren> The first session may be about what we want to test... Another one could be about how, when, and where..
[12:29] <soren> I don't know, really.
[12:29] <soren> It's rather new to me, to be honest.
[12:29] <soren> I just know I want to do a lot of it for this cycle.
[12:30] <ttx> soren: I think we should have a formal session about Automated testing to discuss the targets and methods, then several ad-hoc discussions on specific targets
[12:31] <ttx> Having a blueprint on "automated tseting" will allow to schedule the first one
[12:31] <soren> ttx: Oh, right, you said there'd be plenty of open slots, right?
[12:31] <soren> I forget about that for a minute.
[12:31] <ttx> and having it scvhedule relatively early will allow for several breakout sessions on the subject during the week
[12:31] <soren> Right, exactly.
[12:31] <ttx> soren: There should be open slots, yes
[12:31] <soren> ttx: Are you doing any of the scheduling or is it all mdz?
[12:31] <ttx> soren: it's all mdz
[12:39] <zul> morning
[12:39] <python_root> night
[12:40] <soren> afternoon
[12:41] <python_root> This makes a complete MAN morning afternoon night
[12:50] <alvin> Is installation of ubuntu-server from USB stick officialy supported?
[12:51] <ttx> zul: do you plan to file a blueprint on calendaring ?
[12:53] <soren> alvin: sure.
[12:55] <soren> ttx: I have an old spec: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-karmic-virtual-appliance  I'd like to just start a new one on virtual appliances for lucid. What state should I put the old one (so that it doesn't show up in the usual lists)?
[12:55] <ttx> You should make the new oe supersede the old one
[12:56] <soren> ttx: Clever.
[12:56] <ttx> (go to the old one, select mark superseded, then type really fast to select)
[13:01] <alvin> soren: good, in that case I have found a bug (I think). This weekend, I installed an Atom 330 server with 4 disks. Ubuntu is installed FROM usb stick ON another USB stick. The stick containing the installer is /dev/sde and the target device is /dev/sdf. After the successful installation, I unplug the installation stick. Now, the root drive is the other stick and it becomes /dev/sde.... dun, dun, duuuun,... No boot.
[13:01] <alvin> I changed the value in /boot/grub/grub.conf and /etc/fstab, because they where both wrong.
[13:02] <alvin> Shouldn't they both use UUID by default, (fstab and grub)
[13:11] <soren> alvin: Ah. You never said anything about installing /to/ a USB stick :) I'm not sure that's supported.
[13:11] <soren> alvin: but yes, I would have thought everything would use UUID's.
[13:11] <soren> alvin: which version of Ubunt uis this?
[13:11] <alvin> soren: Well, true :-) (but it is handy if you want those 4 drives to work in RAID and have only 4 SATA connections)
[13:11] <alvin> soren: karmic
[13:12] <alvin> soren: On  EVERY new karmic installation of ubuntu-server I noticed UUID's are no longer used!
[13:13] <alvin> I did about 10 of those fresh installations. No UUID in sight. Not in grub and not in fstab
[13:14] <soren> alvin: All of them from USB?
[13:14] <alvin> No, only 1. The rest are normal disks.
[13:14] <soren> "from".
[13:14] <soren> Not "to".
[13:14] <alvin> From cd, to sata or sas
[13:14] <soren> Ok.
[13:14] <soren> The server CD, I presume?
[13:15] <alvin> yes, the default one
[13:15] <alvin> oh, and also the kubuntu (alternate) cd
[13:16] <alvin> I thought it must have been a new policy. Upgraded installations still use UUID
[13:16] <soren> Upgrades don't make changes to fstab.
[13:16] <soren> Usually.
[13:16] <soren> alvin: Are you using lvm?
[13:17] <alvin> soren: Yes, but I always use a separate non-lvm /boot
[13:18] <soren> cjwatson: Oh, you're in here as well... Saves me the trouble of repeating everything to you :)
[13:18] <cjwatson> as I said on #ubuntu-installer, the installer hasn't changed in this regard
[13:19] <alvin> It hasn't?
[13:19] <cjwatson> well, let's say no intentional change
[13:19] <cjwatson> we've never used UUIDs for LVM, but continue to do so elsewhere, to the best of my knowledge
[13:19] <alvin> I did a fresh install today and this is in the /etc/fstab of that server:
[13:19] <alvin> /dev/cciss/c0d0p1       /boot           ext2    defaults                        0       2
[13:19] <cjwatson> please post your fstab somewhere
[13:20] <cjwatson> cciss I'm not sure about, although aren't those controller numbers stable?
[13:20] <cjwatson> I wouldn't mind a quick look through /var/log/installer/syslog
[13:21] <alvin> Could very well be. It's only one server that uses it here. I'll find some other fresh installations.
[13:21] <alvin> let me see
[13:21] <cjwatson> the code involved contains no special-casing of cciss, though
[13:29] <ca2sat> ip a
[13:33] <zul> ttx: https://bugzilla.samba.org/show_bug.cgi?id=6880
[13:36] <alvin> /var/log/installer/syslog of a server, using cciss: http://paste.ubuntu.com/315068/
[13:36] <alvin> This is from the 'usb stick install'. (note that I changed it from /dev/sdf1 to /dev/sde1):
[13:36] <alvin> /dev/sde1                       /               ext2    noatime,errors=remount-ro       0       1
[13:36] <alvin> Other note: I didn't have to change it in order to boot. Only the grub root= had the be adjusted for that! (df showed /dev/sde1, while /dev/sdf1 was the value in /etc/fstab)
[13:38] <alvin> I'm now looking at a virtual karmic server, and /boot is UUID there, so it looks like I'm mistaken and I'm seeing this only in the case of cciss and an install on an USB stick. I do have another installation, but I'll check tonight. It can't boot currently, due to bug 461133
[13:40] <ttx> zul: ew
[13:40] <ttx> zul: will it ever end
[13:40] <zul> ttx: nope unless microsoft kills off windows which im hoping they do next week
[13:41] <ttx> zul: good plan
[13:42] <zul> ttx: im pretty sure we have a bug open about that ;)
[13:45] <zul> soren: i bet you would be glad to know that windows 7 works on kvm ;)
[13:45] <soren> zul: Absolutely thrilled.
[13:45] <soren> I'm beside myself.
[14:08] <alvin> Well, I'm sorry for the wrong information. Apparently, UUID's are still used (except on cciss and unsupported USB-sticks). It would be nice to introduce it on USB sticks too.
[14:08] <zul> well that made it choke
[14:09] <alvin> A related question: what is the official way to change root=/dev/sdX to root=UUID=...  in the new grub?
[14:09] <Jeeves_> alvin: Uh, edit /boot/grub/menu.lst?
[14:09] <alvin> Jeeves: No, I mean in grub2
[14:10] <alvin> That file no longer exists and /boot/grub/grub.conf should not be altered manually
[14:12] <soren> jdstrand: Ooh, two-factor authentication!
[14:15] <jdstrand> soren: we all decided you would be both interested and a great asset in the session :)
[14:15] <jdstrand> soren: so I subscribed you
[14:19] <alvin> There is extensive documentation about adding new entries to grub, but there's nothing in there about changing an existing configuration.
[14:20] <zul> jdstrand: is that because he has it already?
[14:22] <jdstrand> zul: well, I know he's played with a lot of different auth methods, and I thought he did use it currently, yes
[14:24] <ttx> smoser, kirkland: around ?
[14:24] <kirkland> ttx: yup
[14:24] <smoser> here
[14:25] <ttx> kirkland: mdz asked me to make sure the necessary blueprints were filed so that he can bootstrap scheduling
[14:25] <ttx> kirkland: are you planning to file one about appliances and one about bugfixes blitzes ?
[14:26] <kirkland> ttx: wasn't planning on either
[14:26] <ttx> (the latter might be known as bugdays/bugweeks and could be discussed with QA)
[14:26] <kirkland> ttx: i understood soren to own appliances now
[14:27] <ttx> soren, kirkland: we need at least one session on the subject
[14:27] <alvin> Another thing about the usb stick installation. blkid does not report /dev/sde. The drive is mounted, but I can not see the UUID. (it may not be supported, but I'm mentioning it anyway. I'm quite happy with the solution of installing Ubuntu on a stick to create a simple NAS. It's at least 3x faster than FreeNAS.)
[14:27] <ttx> Filing the blueprint doesn't mean you have to set yourself as drafter/assignee
[14:28] <soren> ttx: I'm filing one on appliances.
[14:28] <ttx> soren: cool, thx
[14:29] <smoser> ttx, i'm mostly in order, i wanted to go ahead and fill out 2 more blueprints regarding OVF, though.
[14:29] <soren> ttx: (That was the one where I wanted to mark the old one superseded a couple of hours ago.)
[14:29] <smoser> i'll start that now.
[14:29] <soren> jdstrand: Sounds great.
[14:32] <ttx> smoser: are you the one that suggested working on ec2-/euca- tools  compatibility on the IdeaPool ?
[14:32] <smoser> i dont know. if not i'll add quickly.
[14:32] <smoser> actually i think i did ad dthat last night.
[14:33] <smoser> unless i forgot to hit save
[14:33] <smoser> hold on
[14:33] <smoser> yeah, its there, ttx, search for bug 435140
[14:33] <smoser> oh. sorry,k i completely missed your question. yes, i added that last night.
[14:34] <smoser> i just added my name to it
[14:35] <ttx> smoser: I'm not sure it warrants a blueprint by itself
[14:35] <ttx> but I can't find anything to include it into
[14:36] <smoser> yeah, that was mainly  my reason for putting it there and not making a blueprint :)
[14:38] <ttx> smoser: file it, because if we end up doing it, we'll be glad to have a blueprint -- we need a testing plan
[14:39] <smoser> ttx, ok. blue print in the works.
[14:40] <TeTeT> soren: Hi, I get an error when running 'vmbuilder xen ubuntu' on karmic - Soemthing is wrong, no valid xen kernel for the suite jaunty found by rmadison. Any ways to get around this?
[14:42] <TeTeT> soren: think I figured it out - does not work behind a proxy by default
[14:43] <soren> TeTeT: Ah.
[14:45] <TeTeT> soren: setting http_proxy and all is good :) Was just confused by the error message
[14:45] <soren> Yeah, it's rather opaque.
[14:47] <aubre> Where do I put an official SSL certificate for use with Eucalyptus (UEC) ?
[14:49] <\sh> anyone who was doing lately an dist-upgrade from jaunty to karmic server and having no network after that?
[14:50] <soren> \sh: Using bonding or bridging?
[14:50] <\sh> (without do-release-upgrade)
[14:50] <\sh> soren, yepp
[14:50] <\sh> bonding + vlan
[14:51] <soren> Add a sleep 20 to /etc/init/networking before "ifup -a".
[14:51] <soren> and..
[14:51] <soren> Err...
[14:51] <soren> Something clever in rc2 to make sure it waits for lo.
[14:52] <\sh> soren, do we have a bug for that?
[14:53] <soren> \sh: I don't know. I kind of gave up on the issue after arguing for two hours whether it was even a regression.
[15:01] <Carroarmato0> My server keeps restarting sshd about 2-3 minutes after a connection, afterwards it's not available on the network anymore
[15:01] <Carroarmato0> It's a fresh install of 9.10
[15:01] <zul> Carroarmato0: are you using dhcp?
[15:02] <Carroarmato0> yes
[15:02] <ttx> smoser: maybe extend the xc2 one
[15:02] <Carroarmato0> the server get's a static op from the routers dhcp
[15:02] <zul> Carroarmato0: try using a static connection
[15:02] <Carroarmato0> zul, I'll try
[15:02] <zul> ttx: ^^^ thats another thing to fix for lucid
[15:02] <ttx> smoser: rewording server-lucid-xc2 so that it includes both topics sounds good to me
[15:03] <smoser> ttx, the reason i didn't put that there...
[15:03] <aubre> I'm trying to test landscape cloud management with UEC, I got a real certificate for my front-end, where do I put it and how do I get the front page to use it?
[15:04] <smoser> is that we definitely *could* just add another layer of indirection and fix the compatibility there.  however, i would think that for many things, euca2ools needs to be fixed.
[15:04] <smoser> ie, i think there is one argumetn i ran into recently where euca2ools only takes '-K' not '--key' or something... stuff like that, you could work around in 'xc2' but would be better done in euca2ools
[15:04] <Carroarmato0> zul, also something I've noticed is that whenever that problem occures, the server behaves as if it were frozen (not shutingdown when pressing the power button)
[15:04] <ttx> smoser: I think its part of the same discussion
[15:05] <ttx> smoser: its an and/or
[15:05] <smoser> well.. i dotn know. but i'm ok with adding it to the xc2 blueprint.
[15:06] <zul> Carroarmato0: the reason probably why its restarting every 2-3 minutes is that your dhcp lease time is pretty short and there is a hook to restart network services when dhcp queries a new ip address you should be fine with a static IP address
[15:06] <ttx> smoser: gives more chance that both subjects will be discussed
[15:06] <ttx> smoser: ... I think
[15:06] <smoser> well, done
[15:06] <Carroarmato0> zul, I never had that issue before with the previous release, might the dhcp default settings have been changed with the latest one?
[15:07] <zul> Carroarmato0: maybe I cant say for sure
[15:07] <aubre> what is the actual software within UEC that runs on port 8443?
[15:07] <soren> \sh: Sorry, I want to help, but I can't. See #ubuntu-devel, if you're in the mood.
[15:07] <Carroarmato0> zul, thx I'll report back when I'm confident the problem doesn't happen anymore
[15:07] <zul> Carroarmato0: thanks
[15:08]  * soren goes to pick up daughter at day care.
[15:08] <aubre> looks like I'll be writing some more documentation when I figure this out
[15:09] <\sh> soren, I'll try to get a solution there...because it's really a nasty thing
[15:16] <Carroarmato0> zul, It seems like the server droped off the net again
[15:16] <zul> Carroarmato0: oh well that sucks
[15:17] <Carroarmato0> zul, I've set the static address in and did a  /etc/init.d/networking restart
[15:17] <zul> Carroarmato0: changing the ip is something you want to do at the console anyways
[15:17] <Carroarmato0> zul, oow I have leaned a lot from changing ip's on a remote connection ;)
[15:18] <Carroarmato0> zul, It's all about preparation and scripting against worse case scenarios :D
[15:18] <Carroarmato0> but I'll hook the server to a screen
[15:20] <Carroarmato0> zul, some other weirnesse's that happen when the server gets knocked off the net, keyboard doesn't respond anymore
[15:22] <_ruben> sounds more like crash to me than
[15:22] <_ruben> s/than/then
[15:22] <soren> \sh: Yes, it is. I spent a lot of time trying to explain this, but the answer was simply "it was racy before, too".
[15:28] <zul> lamont: ping
[15:29] <\sh> soren, there needs to be a sane solution...if not, udev + whatever magic we are doing today is nothing for a server linux ;)
[15:30] <\sh> while the releases before karmic it worked (luck or not)
[15:30] <soren> \sh: We know what the solution is. It just hasn't been implemented yet.
[15:31] <\sh> soren, where would you place the call to if-up if not /etc/init/networking.conf ? I'll can test and confirm or say it doesn't work out
[15:32] <soren> I would probably change network-interface.conf to call "ifup -a" instead of whatever it does now.
[15:35] <\sh> well..
[15:37]  * soren /really/ goes to pick up daughter at day care
[15:41] <Carroarmato0> zul, I think it was a combination of short dhcp lease time and openVPN causing some havok with bridging that gave all those problems
[15:41] <zul> Carroarmato0: ah good
[15:42] <Carroarmato0> I'm going to try loging out of the server and using it as usual incase it's being sneaky and stop working again after I logout of the console
[16:04] <Carroarmato0> zul, everything seems to work fine, thanks for your help :)
[16:04] <zul> Carroarmato0: no probs
[16:13] <acalvo> hi
[16:13] <acalvo> does anyone uses openldap monitor capability=?
[16:14] <TeTeT> ttx: hi, any chance to get the euca2ools backported to Ubuntu 8.04?
[16:17] <ttx> TeTeT: I have no clue. Not sure how many build-deps are missing
[16:17] <ttx> TeTeT: ... and can't look into it right now
[16:18] <TeTeT> ttx: ok, any chance to have a look before end of november? I need to know if I need to install ec2 tools on the virtual servers for training, or wait for euca2ools to appear in a PPA or so.
[16:19] <ttx> TeTeT: oh sure!
[16:20] <ttx> soren: any hint on how difficult that would be ? ^
[16:26] <eradicus> hi I'm using ubuntu 9.04 is there a way to install ubuntu-server packages?
[16:30] <azteech> eradicus: just use apt-get from a terminal, and install which ever server package you want to. Or you can use synaptic package manager to select the packages you want installed.
[16:39] <bogeyd6> eradicus the server is the 9.04 desktop without the desktop :)))) you can use apt to manage the software and install any server software you like
[16:40] <bogeyd6> !server
[16:40] <zul> ttx: can you have a look at  bug #472785?
[16:40] <ttx> zul: not today, sorry :)
[16:41] <zul> ttx: at your leisure :)
[16:42] <eradicus> bogeyd6, yeah I figured, it was just before there's a single-liner apt-get command for installing the ubuntu server packages on ubuntu desktop, the package name was ubuntu-server I think.
[16:44] <googa> is there other type of mail servers then MTA:s?
[16:46] <NRVate> in 9.x i think it's broken out.. like lamp-server, etc.
[16:51] <eradicus> NRVate, lamp-server is non-existent too, so selecting packages manually is the way to go
[16:52] <aubre> New Documentation - How to Connect UEC to Landscape - https://help.ubuntu.com/community/UEC/Landscape
[16:52] <aubre> comments/criticisms are welcome
[16:54] <aubre> is there a way to make stunnel commands persistent across reboots?
[16:55] <aubre> or an Ubuntu-standard way?
[17:01] <jmarsden> aubre: Configure it in /etc/stunnel/*.conf and it should be started as a daemon at boot time for you, I think.
[17:01] <aubre> jmarsden: thanks
[17:03] <jmarsden> aubre: Also /etc/default/stunnel4 (set ENABLED=1 in there)
[17:04] <aubre> jmarsden: thanks again
[17:05] <jmarsden> aubre: You're welcome
[17:11]  * soren pauses for dinner
[17:34] <aubre> jmarsden: looks like /etc/default/stunnel4 is ENABLED=1 by default
[17:35] <jmarsden> aubre: Nice.  It wasn't for me on Jaunty.
[17:35] <aubre> jmarsden: Updated https://help.ubuntu.com/community/UEC/Landscape with a method that should be persistent across reboots.
[17:35] <jmarsden> aubre: OK.  I'm more familiar with  stunnel than with UEC :)
[17:42] <aubre> jmarsden: I'm the other way around lol.
[18:01] <kirkland> howdy mathiaz :-)
[18:01] <kirkland> mathiaz: ttx was looking for you earlier
[18:01] <kirkland> mathiaz: he left about an hour ago
[18:01] <mathiaz> kirkland: yeah - send an email instead
[18:01] <mathiaz> kirkland: about blueprints
[18:02] <kirkland> mathiaz: right-o
[18:02] <kirkland> mathiaz: basically, they're due today
[18:02]  * mathiaz nods
[18:51] <mcas> hi is anyone still using 8.04 server?
[18:52] <mcas> i have a strange problem with squid and logrotate
[18:53] <mcas> it doesn't work :-(
[18:53] <kane_> mcas: since it's an LTS, i'm sure people still do :) what's happening to your squid & logrotate?
[18:54] <mcas> i have a logfile of 2gb ... that doesn't sound like daily logrotes
[18:55] <kane_> mcas: that depends on your traffic and verbosity. checking the head & tail of that would let you know for sure
[18:59] <mcas> ok kane_ i check it
[19:10] <sommer> who is the lucid blueprint approver?
[19:12] <zul> mdz
[19:13] <sommer> ah, thanks :)
[19:40] <cemc> I've configured dspam+postfix according to https://help.ubuntu.com/community/Postfix/Dspam
[19:41] <cemc> question: what's the real diffenrence in puttin dspam below smtpd_client_restrictions as opposed to smtpd_recipient_restrictions ?
[19:42] <cemc> if you have /./, is there really any difference?
[19:46] <jcastro> kirkland, your plenary is on thursday, followed by eucalyptus. So thursday is all -server plenaries
[19:52] <kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/458904
[19:52] <IcyPolecat> hiya anyone here familier with KVM for virtualisation?
[19:53] <mathiaz> kirkland: lp:~ubuntu-core-dev/eucalyptus/ubuntu-karmic/
[19:54] <cemc> IcyPolecat: you should try over at #ubuntu-virt
[19:54] <IcyPolecat> cemc, did that - no one home
[19:55] <kirkland> IcyPolecat: ask your questions
[19:55] <kirkland> IcyPolecat: if someone knows the answer, they will respond
[19:55] <IcyPolecat> kirkland, thanks
[19:55] <IcyPolecat>  I have a massive prolem with my KVM host - after 188 days of uptime I finally did some patching, rebooted and now none of the VMs are accessible via network. They're showing as up in virsh but no ping nothing
[19:55] <kirkland> Ubuntu Server discussion and support | For general (not server specific) support visit #ubuntu | Get involved: https://wiki.ubuntu.com/ServerTeam/GettingInvolved | Guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html | http://www.catb.org/~esr/faqs/smart-questions.html | Be patient.  Don't ask to ask, just ask. | server guide: http://tinyurl.com/65jzxw | https://wiki.ubuntu.com/ServerTeam
[19:56] <kirkland> IcyPolecat: sounds like your bridge configuration might have gotten eaten
[19:56] <IcyPolecat> kirkland, how would I verify?
[19:59] <kirkland> IcyPolecat: what were you upgrading from and to?
[19:59] <IcyPolecat> kirkland - updating packages mostly - load of updates to lib-birt and kernel
[20:00] <kirkland> IcyPolecat: what version of ubuntu are we talking about
[20:01] <IcyPolecat> host is 8.10 guests are all JEOS 8.04
[20:01] <IcyPolecat> 64bit host 32 bit guests
[20:01] <kirkland> IcyPolecat: it's probably the libvirt update that affected your network configuration
[20:03] <paul__> whats the next android phone for t-mobile ?
[20:04] <IcyPolecat> kirkland, ok ... any ideas how I can verify / discover the problem?
[20:06] <kirkland> IcyPolecat: find out what version you upgraded from and to
[20:08] <IcyPolecat> kirkland, how? does apt keep an audit log?
[20:09] <kirkland> smoser: ping
[20:09] <kirkland> smoser: regarding https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/461156
[20:10] <kirkland> smoser: ttx indicated that he wanted this fixed in an SRU at a high priority
[20:10] <kirkland> smoser: do you know if he has a proposed fix for this?
[20:10] <kirkland> smoser: b/c I don't know how to solve it right now
[20:10] <kirkland> IcyPolecat: yes, dpkg and/or apt keeps logs.  all logs are in /var/log
[20:12] <IcyPolecat> kirkland, ok found them - am looking for the relevent log entry now
[20:12] <PleXuS> anyone else having issue's with Palimpsest SoftRaid tool ?
[20:14] <smoser> kirkland, no. we really need a fix from euc
[20:15] <kirkland> smoser: okay, thanks.
[20:15] <smoser> or just to sit down and do it.
[20:16] <smoser> i have pinged nurmi and nekro in irc, but never gotten anything back
[20:51] <micahg> my software raid array won't boot in 2.6.31, drops me into busybox
[20:51] <micahg> I have the /boot partition on an ext2 drivee
[20:52] <genii> micahg: Did you put the raid driver names in the list of stuff that initramfs is supposed to have available at boot?
[20:52] <micahg> genii: is that new for karmic?
[20:53] <genii> micahg: No, it's been the same for a while.
[20:53] <micahg> genii:  it boots fine under 2.6.28
[20:53] <micahg> even under karmic
[20:55] <genii> micahg: The 2.6.28 raid driver would be loading from the initrd then, but not on the new kernel unless you specified in the /etc/initramfs-tools/modules    the raid drivers to include for every new kernel you install
[20:59] <micahg> genii: why isn't that happening by default
[21:00] <genii> micahg: Possibly because you made your array after you (originally) installed.
[21:12] <ttx> mathiaz: yo
[21:12] <mathiaz> ttx: o/
[21:12] <mathiaz> ttx: registering blueprints
[21:13] <ttx> looking...
[21:14] <mathiaz> ttx: "Etckeeper system integration" <- not sure what you mean about that
[21:14] <micahg> genii: I made it during install
[21:14] <micahg> of jaunty
[21:15] <ttx> mathiaz: its more about missing steps before we can integrate etckeeper more generally (like by default)
[21:15] <mathiaz> ttx: ok
[21:15] <ttx> mathiaz: for example bug 376388
[21:15] <mathiaz> ttx: I was thinking about dpkg conffile integration as well
[21:16] <ttx> we can talk about it in the etckeeper/puppet session
[21:16] <mathiaz> ttx: right
[21:17] <mathiaz> ttx: I almost named the blueprint -puppet-etckeeper-dpkg-integration
[21:17] <mathiaz> ttx: that would require someone from fondations team though
[21:17] <mathiaz> ttx: as it requires a dpkg expert :)
[21:18] <ttx> mathiaz: right
[21:18] <mathiaz> ttx: "Login experience - for corporate environments" should probably be pushed to the desktop team
[21:18] <mathiaz> ttx: IIRC pitti was on a call about that last spring
[21:19] <ttx> mathiaz: we'll have the desktop team at the likewise session at UDS
[21:19] <mathiaz> ttx: ok - so this point can be discussed during the session as well
[21:21] <majuk> Hey guys. I just got my Ubuntu box set up as a Windows PDC. After I ran the command "net groupmap list" via SSH, I lost all login capabilities to the box under normal operation. Recovery booting works, but smbd is unable to start and keeps reporting that it is re-reading smb.conf
[21:21] <majuk> If anyone can save me from re-rolling out this box, I will love you forever.
[21:27] <cemc> I don't have any apparmor in /etc/rcX.d, still it starts up. how can I disable it for good? (karmic)
[21:30] <mathiaz> ttx: anything else to discuss?
[21:30] <ScottK> cemc: You really should fix the broken profile and not disable it.
[21:30] <mathiaz> ttx: I'm about to jet out for lunch
[21:31] <ttx> mathiaz: no, sounds good
[21:31] <mathiaz> ttx: hold on
[21:31] <mathiaz> ttx: this is dustin
[21:31] <mathiaz> ttx: i just shut my laptop down
[21:31] <mathiaz> ttx: so i uploaded another eucalyptus to -proposed, fixing your avahi-daemon.conf issue
[21:32] <mathiaz> ttx: i didn't see any obvious, easy fix for the userdata one, though
[21:32] <ttx> mathiaz: you sound texan
[21:32] <mathiaz> ttx: so i uploaded what i had
[21:32] <mathiaz> ttx: okay, kirkland -> is done
[21:32] <ttx> mathiaz/kirkland: ok will test tomorrow
[21:33] <mathiaz> ttx: cool - have a nice evening
[21:33] <majuk> I only get "Ubuntu v9.0.4 tlpserv tty1" and another log in prompt when attempting to log in. The box and its services are running, I am able to access the Apache served pages without issue.
[21:33] <mathiaz> ttx: sea ya!
[21:34] <majuk> Remote sessions are terminated as soon as they're established...
[21:34] <cemc> ScottK: it just pissed me off, spent an hour trying to figure out why some kvm guest didn't want to start up :)
[21:34] <jdstrand> cemc: add apparmor=0 to the kernel command line or remove the apparmor package. that said, if you are having a problem with a specific profile, you might consider disabling only the problematic profile instead of all of apparmor (there is quite a bit protected these days)
[21:35] <jdstrand> cemc: if you are having problems with the libvirt profile, please file a bug against the libvirt package
[21:36] <cemc> jdstrand: found apparmor=0. is that also valid for desktops? apparmor on desktops I mean.
[21:36] <cemc> jdstrand: I will, as long as I'm messing with it :)
[21:36] <jdstrand> cemc: you can disable the apparmor driver for libvirt only. see /usr/share/doc/libvirt-bin/README.Debian
[21:37] <jdstrand> cemc: but yes, apparmor=0 for any Ubuntu kernel
[21:37] <jdstrand> again, that is not recommended
[21:37] <cemc> I ment using apparmor in general on desktops
[21:38] <jdstrand> cemc: a lot is protected by apparmor on the desktop
[21:38] <jdstrand> cups, guest-session, evince, dhclient
[21:38] <jdstrand> possibly firefox-3.5 is you enabled it
[21:38] <jdstrand> sudo aa-status
[21:38] <jdstrand> ^ that will show what is being protected
[21:39] <jdstrand>  ^ that will show what is being protected
[21:42]  * ttx disappears
[21:42] <cemc> funky stuff
[21:42] <cemc> with libvirt apparmor profiles
[21:42] <cemc> ooooh, I think I got it now
[21:42] <jdstrand> all the kvm processes run as root when using qemu://system
[21:42] <cemc> holy cr*p.... yeah
[21:43] <jdstrand> it was imperative that they be confined
[21:43] <cemc> I'm using whatever.ovl as a disk in the xml, there's a reference to it
[21:43] <cemc> but ovl is just an overlay to something else,
[21:43] <cemc> which doesn't appear in the xml file,
[21:43] <cemc> so it's not added to the profile
[21:43] <cemc> so apparmor doesn't know about it,
[21:43] <cemc> and it doesn't allow it to be opened
[21:43] <jdstrand> that sounds like a known bug
[21:43]  * jdstrand goes to find it...
[21:44] <cemc> myeah, it's all in the syslog, one just has to know how to read it and what to look for
[21:45] <jdstrand> cemc: are you using a backing store with libvirt storage pools? or just created a pristine image with the snapshot/overlay listed as the disk file?
[21:45] <IcyPolecat> kirkland, you still online?
[21:46] <cemc> jdstrand: just used kvm-img create
[21:46] <cemc> no pools
[21:46] <jdstrand> cemc: yeah, that is bug #470636
[21:46] <jdstrand> cemc: well, the title doesn't reflect that, but you are hitting the same problem the reporter is
[21:47] <jdstrand> cemc: the problem is that the pristine file isn't known to libvirt at all
[21:47] <cemc> yes, I got that now
[21:47] <cemc> it does complain about it in syslog
[21:48] <cemc> I just didn't realize
[21:48] <jdstrand> cemc: I can't fix that, but I will fix the driver so that users can use a <backingstore> (which lets libvirt know about it)
[21:48] <jdstrand> cemc: backinstore doesn't work atm either
[21:48] <jdstrand> cemc: but, it is easy to work around-- just edit /etc/apparmor.d/libvirt/libvirt-<uuid>
[21:48] <cemc> I'm fairly new to kvm too, I don't really know about that
[21:49] <cemc> jdstrand: mhm, now that I know what the problem is, I should be able to fix it
[21:49] <cemc> hm, thanks a lot
[21:49] <jdstrand> cemc: I suggest subscribing to the bug. I'll likely put a test case in there that will show how to do all the backingstore stuff
[21:49] <cemc> done
[21:49] <jdstrand> cemc: but I won't be fixing that bug super soon-- definitely for lucid though
[21:51] <cemc> jdstrand: no problem, I'll do testing when needed
[21:51] <jdstrand> cemc: excellent. sorry you hit this issue. I'll appreciate the testing
[21:52] <jdstrand> depending on the changes, I may SRU it
[21:52] <cemc> cool
[21:53] <jdstrand> I need to write the patch, and I need to decide the best way to rework the xml given to virt-aa-helper (since the <backingstore> is represented in the machine definition
[21:53] <jdstrand> s/is/isn't/
[21:53] <jdstrand> anyhoo-- I'll fix it
[21:54] <cemc> could you just do a 'kvm-img info' -like thing on the images present in the xml and read out all the backing file paths? or that's what you mean?
[21:57] <jdstrand> cemc: yes, I could but this would allow an avenue for the attacker to escape the VM, or at least overwrite arbitrary files on the host. If the VM is compromised, the attacker has write access to the disk file, which could be modified to point to another file on the disk
[21:58] <jdstrand> cemc: ie, libvirt shouldn't be looking at the attacker controlled file for information
[21:58] <cemc> I see
[22:03] <cemc> jdstrand: for a quick(er) fix, could I just add a /dir/** rw to usr.sbin.libvirtd where /dir is where I keep all the images for all current (and future) guests?
[22:04] <jdstrand> cemc: sure. just keep in mind it is a security trade off, and you won't have guest isolation, only host protection
[22:04] <jdstrand> cemc: that may be all you care about (eg, if these VMs are accessible via the network and aren't likely to be under attacker control)
[22:05] <cemc> you mean the guests won't be protected from each other and this could be an issue (not for me in this case, it's just a home desktop for me)
[22:05] <cemc> yes
[22:05] <cemc> just in this case, generally is not a good idea, I got it
[22:05] <jdstrand> cemc: yes
[22:06] <jdstrand> cemc: you said to usr.sbin.libvirtd though-- it should be /etc/apparmor.d/abstractions/libvirt-qemu though
[22:07] <jdstrand> cemc: usr.sbin.libvirtd is for the libvirtd daemon, for the guests, it is a combination of files-- to affect all guests, modify /etc/apparmor.d/abstractions/libvirt-qemu
[22:07] <cemc> right
[22:13] <cemc> jdstrand: it worked. thanks again.
[22:13] <jdstrand> cemc: sure, np!
[22:25] <majuk> So I enabled Samba as a Windows domain controller and elected it browse master for my subnet. Unfortunately, apparently something was not set up correctly with tbdsam (I'm guessing because I hadn't added a user for Samba yet) because it proceeded to take down ALL authentication for the server. I am now totally unable to log in, either remotely or locally. Attempts to change passwords for current users fails. Any ideas for trouble shooting this situatio
[22:25] <majuk> n from the recovery root console would be greatly appreciated.
[22:26] <majuk> The prospect of starting over makes me physically ill.
[22:27] <twb> majuk: you can't log into the Ubuntu server on which Samba is running?
[22:27] <majuk> twb, Correct
[22:28] <twb> majuk: then you have broken the Ubuntu part, irrespective of what you've done to Samba
[22:28] <majuk> twb, Well, I can log in, but I am just kicked back out to another login prompt
[22:28] <majuk> twb, Right
[22:28] <twb> majuk: boot a live CD and fix /etc/pam.d
[22:28] <twb> Oh, you CAN log in.
[22:28] <twb> That suggests your default shell is busted or something
[22:29] <majuk> twb, Yea, I thought that as well. But adding new users with different shells makes no difference
[22:29] <majuk> twb, And as root I am able to SU to the other users
[22:30] <twb> majuk: you said you couldn't log in
[22:30] <twb> majuk: if you can get root, then you CAN log in: as root.
[22:30] <majuk> twb, ok
[22:30] <twb> Are you doing "su majuk" or "su majuk -"?
[22:30] <majuk> twb, But only through the recovery console
[22:30] <majuk> twb, su majuk
[22:34] <majuk> twb, Any ideas for troubleshooting? I am open to anything.
[22:38] <twb> majuk: OK, so you can't log in as root normally, only by picking "rescue" from the bootloader, and then picking "shell" or similar in the popup dialog that has other options like "resume booting" and "fix xorg"?
[22:39] <twb> I suppose if root has no password, you wouldn't be able to log in as root anyway.
[22:39] <twb> You should be trying "su majuk -", since that will use a *login* shell.
[22:39] <majuk> twb, You are correct.
[22:40] <majuk> twb, That works. I am given a command line as the user majuk
[22:40] <majuk> But if I try to change the password, it requests my current PW and then drops me down to a new command line, never prompts me for the new password
[22:41] <twb> Yeah, that indicates you have busted pam.d up
[22:41] <majuk> twb, Yea, and I didn't touch it personally. Any idea how to restore or cleanse it?
[22:41] <majuk> I'm not a PAM guru. :(
[22:41] <twb> One moment
[22:41] <majuk> kk
[22:42] <twb> majuk: run "auth-client-config --show-system" and pastebin the results
[22:42] <majuk> sec
[22:42] <twb> If you're transcribing by hand, newlines are important, but you needn't preserve spacing.
[22:44] <majuk> twb, Yea, gonna have to transcribe, gimme a minute to type this out
[22:49] <majuk> twb, http://pastebin.com/macf1c1e
[22:51] <twb> Yeah, someone has put samba stuff in there
[22:52] <twb> So that your user accounts come out of the Samba database
[22:52] <majuk> twb, that would explain it, the samba DB is not complete.
[22:52] <twb> I don't know how they would've gotten there if you didn't ask for them to get there
[22:53] <majuk> I might have. I'm moderately new to Samba and everything is so automated. I've been reading howTos and running commands I'm not 100% sure what they do.
[22:53] <twb> OK, grasshopper.  Today's lesson is not to blithely run whatever some web page tells you to run.
[22:54] <majuk> '$net groupmap list' was the last thing I ran before everything went south
[22:54] <twb> For example, when I told you to run auth-client-config before, you should have checked the manpage first, to make sure it wasn't a totally stupid thing to do
[22:55] <twb> Since neither I nor you know what else has happened to this system, if you haven't got anything important on it, I would advise you to blow it away and start again.
[22:56] <majuk> Yea
[22:59] <majuk> This is ridiculous. 'net' only does samba admin stuff. And before that all I was doing was editing the Samba config and rebooting it's daemon
[22:59] <majuk> what
[22:59] <majuk> the
[22:59] <majuk> expletive
[23:00] <majuk> So twb, how'd you deduce it's referring to samba for it's user info?
[23:02] <twb> majuk: that pastebin refers to "smb", i.e. samba (or Windows)
[23:03] <majuk> Yea. It has 'optional' in there though
[23:03] <majuk> Whatever
[23:04] <twb> Yes, but the whole rest of the file is wacky
[23:04] <majuk> ah
[23:04] <twb> It wouldn't surprise me if whichever blog you pulled that from, the author hadn't even tried to log in with a non-Samba account after configuring it
[23:05] <twb> PAM is a massive bitch to get right
[23:05] <majuk> Yea. Oh well. And me without my install USB
[23:06] <majuk> Someone come to Texas and end me.
[23:12] <twb> Just go out into the street and talk about healthcare for all
[23:37] <mathiaz> kirkland: http://www.stgraber.org/2009/11/06/lxc-containers-or-extremely-fast-virtualization
[23:41] <majuk> twb, LOL, yea. I just re-rolled out the server. Commencing config and self-loathing. Thanks again for your help.
[23:41] <twb> majuk: no worries
[23:41] <twb> I recommend etckeeper to help you keep track of what changed in /etc and why.
[23:42] <majuk> Noted.
[23:42] <majuk> I'm out. Later man