[00:07] mathiaz, no [00:08] smoser: good for you - because I've already scratched cempedak ;) [00:08] good for me indeed. [00:09] mathiaz, since you're here, do you happen to have thoughts/example of config on bug 556176 [00:09] Launchpad bug 556176 in openldap "slapd creates /nonexistent homedir (and some enhancements...)" [Medium,Confirmed] https://launchpad.net/bugs/556176 [00:09] ie, an example config that i'd be looking to make sure worked properly? [00:11] smoser: ie you wanna a quick way to set up a base directory infrastructure? [00:12] smoser: https://code.launchpad.net/~mathiaz/openldap-dit/add-ldapscripts-files [00:12] smoser: ^^ this is what I use to setup an directory [00:12] smoser: and add user/group using the ldapscript package [00:13] mathiaz, ok. that might be enough. mainly i need something that i can test was working -> is still working after upgrade [00:13] i'll poke around there some [00:13] smoser: yeah - ^^ that sets up a directory [00:13] smoser: to make sure things are still working you can also use the ldapsearch command [00:13] smoser: I usually use: [00:14] smoser: ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" [00:14] smoser: *sudo* ldapsearch -Y EXTERNAL -H ldapi:/// -b "cn=config" [00:14] smoser: ^^ that should be enough to dump the whole cn=config tree [00:14] smoser: and check whether slapd is still working afterwards [00:14] mathiaz, thanks. i've got to run, but will maybe bother you tomorrow on it more. [00:15] smoser: np [00:32] hi, has anyone had luck getting ubuntu enterprise cloud working in virtual box? [00:33] both the main server and nodes as well? [00:33] I tried it a while back but was having issues with it not being able to use the hardware virtualization [00:39] chewbranca: AFAIK virtualisation-in-virtualisation only works with kvm [00:40] in any case, I think you better use a dedicated machine [00:40] or multiple ones [00:40] JanC, ok that's what I figured [00:41] JanC, this is my dev box, just trying to build a setup for testing out eucalyptus/ec2 instances without needing to pay or buy another box [00:41] ok guys, I'm stuck, and I can't do any package installs/upgrades. How can I fix this? http://pastebin.com/FbsVPMAT [00:42] I've got plenty of hardware on my dev box, but I don't want to put in virtualization at a low level on it because I still use this for everything and I don't want to mess with graphics or anything else [00:42] chewbranca: yeah, I know what you mean, I wish I had a bunch of such boxes around myself ;-) [00:42] JanC, yeah I think the gf might kill me if I setup another server in the apt lol [00:42] JanC, just built up a nas recently [00:42] and with my new dev station we don't need to turn the heat on anymore [00:42] lol [00:42] going to be a warm summer [00:43] chewbranca, I heated my apartment with my home hosting [00:43] jeeves, hahahha nice [00:44] chewbranca, lol, thanks. We were living in North Bay Ontario. [00:44] jeeves: I guess you tried the usual apt/dpkg fix incantations? [00:44] jeeves, oh way haha, yeah I'm over in Seattle, doesn't get extremely cold here [00:44] s/way/wow/ [00:45] JanC, yep. I've tried the dpkg reconfigure and apt-get install -f [00:45] this is what I'm getting. http://pastebin.com/FbsVPMAT [00:45] hrmm... so I wonder what is cheaper, build a new server or just pay for EC2 test server instances [00:46] chewbranca, lol, how long do you need them for? [00:46] jeeves: in that case you might want to try editing or removing some post-removal scripts [00:46] jeeves, well I want to put together a consistent dev environment for being able to kick out processes and setup apps on EC2 [00:47] jeeves: and maybe file bug reports about them ;) [00:47] chewbranca, go get VM infastructure 3.5 and load it on some old x86 hardware. That's all I've got. [00:47] JanC, how/where do I do that? [00:47] problem is my dev box is way beefier than my home server, home server is 32bit and limited to 4 gigs of ram, and only running 2 right now, and its already loaded pretty well [00:47] jeeves, all my old comps are gone... lol, dumped them all to make room in this apt [00:47] chewbranca, lol. [00:48] just have my dev box and dual core opteron with 2 gigs of ram [00:48] so, ideas on how to nuke this problem? [00:54] chewbranca, any ideas on how to fix this issue [00:54] hi guys want to deploy around 50 linux desktop, what should i do to manage them with file sharing and other network stuff..? [00:54] like directory service. [00:54] ruben23, LDAP [00:55] jeeves: how about file sharing..? [00:55] jeeves, was taking a peak, not really sure, looks like you've got an old failed install that is messing with it, I would try clearing everything out and reinstalling the package [00:55] file, storage and others.. [00:55] not sure though [00:56] chewbranca, that's what I'm trying to do, but apt refuses to letme do ANYTHING. I can't uninstall (because it leaves messed up packages), and I can't install due to this messed up issue [00:56] ruben23, LDAP interfaces with samba [00:57] jeeves, weird, any idea what got you to that point? [00:57] jeeves: ill setup sama=ba server then..openldap.. [00:59] chewbranca, lol, I tried installing Amarok. [00:59] jeeves, hahahah [00:59] ruben23, no, set up openLDAP first. you need to build your services off of that [01:03] jeeves: after openldap ill do, samba server right..? [01:03] yes, Samba is your file/printer server [01:06] jeeves: try looking into /var/lib/dpkg/info/*.postrm where "*" is the name of the package causing troubles [01:06] JanC, then just delete it? [01:07] or edit it so that it doesn't throw an error when it shouldn't [01:07] check what it does [01:08] most likely it will delete some files you don't need anymore, but if it does something more complicated you might want to leave that around [01:08] JanC, I think I'm just going to do a fresh re-install. this install has been as stable as courtney love since day one [01:09] my guess is it tries to remove files that it already removed before or something like that [01:10] JanC, lol. yea. hence the reinstall! [01:10] does anyone know if any of the vnet modes modes are supported on single macheine UEC deployments, or if there are any official ubuntu EMI images that support SYSTEM or STATIC mode? [01:10] it's a bug if that causes an error though === erichammond1 is now known as erichammond [04:33] What package tells you how many packages can be updated when you log in? [04:35] sorry, I'll ask in the right channel [04:36] Server does it, too, I think. [04:36] I dunno what it is, because 8.04 didn't have it :-) [04:37] twb: 10.04 does have it and it takes longer to log into the system- I already know if packaged need to be updated before I log in so it's somewhat of a waste for me [04:37] MTecknology: hmm, I thought it was a static file, updated daily [04:37] Try looking in /etc/profile.d/ [04:38] ntohing in there [04:38] nothing* [04:38] MTecknology: OK, then grep -r over /etc/ for the static part of the message. [04:39] NICE [04:39] I always used -d recurse [04:39] /etc/motd [04:41] twb: thanks [04:42] MTecknology: motd is static. [04:42] yup [04:42] like you said - some file updates it [04:42] Well, then, it can't be the thing that's making EVERY login slow [04:42] so - touch .hushlogin (should work.. [04:43] there's an update-motd package that is most likely doing it [04:43] ajmitch: thanks [04:43] ajmitch: not installed [04:43] it uses the files in /etc/update-motd.d [04:44] there is stuff in /etc/update-motd.d/ - just update-motd isn't installed [04:44] ah, the description says it's superseded by a pam module [04:44] Icky. [04:44] oh [04:44] touch .hushlogin worked [04:44] it is noticably faster too :P [04:45] MTecknology: that's interesting! [04:45] not sure if pam_motd is running stuff in /etc/update-motd.d now or not [04:45] It's definitely useful info for most people- just causes irritation for me because I like instant [04:46] If it's updated more than daily, it's not really a mot*d* anymore, is it :-/ [04:46] true [04:46] ajmitch: thanks to you too :) [04:46] historical naming & all that [04:47] bug 559582 [04:47] Launchpad bug 559582 in mountall "Upgrade from karmic to lucid failes with Internal Error, Could not perform immediate configuration (2) on mountall" [Undecided,Confirmed] https://launchpad.net/bugs/559582 [04:47] ajmitch: bah! [04:48] Not sure why it wouldn't go in .profile if you want to execute it on EVERY login [04:48] it said it placed a script ito /etc/profile.d which these used what was in /etc/update-motd.d [04:48] & then I stopped trying to follow just what was going where [04:49] Hm. [04:49] Well, I'll be grumpy regardless [04:49] It's my ground state [04:49] I haven't been able to figure out why I can't make ssh login work via ssh key.. [04:49] permissions on ~/.ssh is often a cause of that [04:50] MTecknology: read auth.log; it'll tell you [04:50] twb: I know the feeling - I got into an hour long debate while trying to discuss standardising things - the end result was, screw this - I'm doing it my way [04:50] Apr 13 03:48:45 incipio sshd[25256]: Authentication refused: bad ownership or modes for directory /home/michael [04:51] so, permissions, check that it's not world-writable [04:51] I tried setting it to 750 user:group [04:51] and I musta screwed up [04:51] Thanks :D [04:52] I feel like an id10t now [04:52] Accepting your fate is the first step [04:52] yes- had to use that spelling too :P [04:52] twb: I know, but I don't want to - I want to think I'll be useful someday === pierce2 is now known as px43 [06:26] Anyone here knowledgeable much about Ubuntu Enterprise Cloud? I'm trying to figure out what the recommended actions are when new kernel vulns come out. The typical apt-get upgrade&&reboot doesn't work so well since the kernel and initrd are specified outside of the disk image, and I don't really see a way to auto update eki and eri images. [06:32] How are they specified? [06:38] twb: from what I understand, when you create an emi (the main OS image), you specify which eki (kernel) and eri (ramdisk) you want to use. Then, when you launch an instance, you specify which emi you want to start with, and then the system boots. [06:40] twb: you can update the instance, and reboot it etc, but as far as I can tell, every time you reboot, you are back with the original kernel, and there is not a way to change it for the lifetime of the instance, and even if there is, it surly isn't automatic, which seems like a security issue [06:40] kees: *ding* :-D [06:42] px43: are these specified as paths? What does an example eki value look like? [06:43] pierce@majin:~$ euca-describe-images [06:43] IMAGE emi-D1EC1024 euca/ubuntu.9-04.x86-64.img.manifest.xml admin available public x86_64 machine eki-12CA1182 eri-48AB1259 [06:43] IMAGE eri-48AB1259 euca/initrd.img-2.6.28-11-generic.manifest.xml admin available public x86_64 ramdisk [06:43] IMAGE eki-12CA1182 euca/vmlinuz-2.6.28-11-generic.manifest.xml admin available public x86_64 kernel [06:43] Also, as a cheap hack you may want to investigate kexec-tools, which can replace the kernel without stepping down to the bootloader. [06:44] Where is eki-12A1182 on the filesystem? [06:44] the cloud is magical, so it's hard to say :-) somewhere stored in the bukkit manager from what I can tell [06:45] I have each cloud component installed on a single piece of hardware [06:46] I have *every* cloud component installed on a single piece of hardware <-- maybe more clear [06:47] from what I can tell, it's either being sent between daemons over some sort of SOAP session, or an ATA over Ethernet mount [06:48] even though it's all on the same box, but in theory I could abstract it to more machines :-D [07:06] hey guys - whats the best set up to instal for firewall & VPN setup ? [07:06] -- I need the advice to run with so I can get my stuff back up and running asap - I made some mistakes :( [07:07] sCOTTo: ufw is Ubuntu's standard firewall abstraction layer [07:08] hmm ok [07:08] is it best to do a reinstall ? [07:08] i have all sorts of crap on my machine lol [07:08] I have no idea. [07:08] lol [07:08] thanks ill go lool [07:08] bbs [09:52] ... does SQLite have default root password? I just googled stuff like "root sql password" "change sql password" and I got no relevant search resutls [09:52] When I have a command that needs to connect to it, what password would it use? [09:53] Oh... wait... [09:55] Only databases have passwords... I see.. [09:59] lifestream, there is no sqlite password at all, that's just file (MAYBE, there is some sort of sqlite encryption, but I'm not aware of it) [10:01] I imagine the way you'd encrypt an sqlite database would be out-of-band, e.g. with gpg [10:02] Ah thanks darkk^ I have a program that comes with it's own sqlite database... I have sqlite installed... so I try to run the program, it complains it can't connect. I look on the config file, the password is asterisks... ummm... anyway. :P Maybe this isn't the problem... I'm not sure:P [10:02] lifestream, check file permissions [10:02] I'm following install instructions, for this program that uses a sqlite db, but on the instructions, they don't say I have to do anything about the db or password at all [10:03] file permissions? which ones? *tilts head* [10:13] how to print the line N of a file ? [10:16] programming homework?;p [10:18] lifeless, not really... [10:26] maxagaz: ? [10:26] New bug: #562146 in nagios3 (main) "Integrate nagios users with system ones" [Undecided,New] https://launchpad.net/bugs/562146 [10:28] he meant me, not lifeless, stupid tab auto-complete, happens to me all the time [10:32] maxagaz: sed -n 22p foo.txt [10:37] twb, thanks [10:37] twb, and how to execute the printed command ? [10:37] Are you looking at .bash_history? [10:37] twb, no [10:38] You'd execute it by piping it into whatever interpreter (e.g. bash) the line was intended for. [10:38] twb, looking at a bash file [10:38] like this: sed -n 22p foo.txt | bash ? [10:39] ok [11:10] Does anyone know how to build virtual machines with vmbuilder in 10.04 that will run on machines that don't have hardware support for virtualisation? In 8.04 you could build qemu-based VMs using ubuntu-vm-builder but the qemu option has gone away in vmbuilder. [11:17] New bug: #562139 in nautilus-share (main) "FUSE filesystems cannot be accessed when shared (dup-of: 175689)" [Undecided,New] https://launchpad.net/bugs/562139 [11:18] hey everyone. I am trying to get ubuntu 9.10 64bit server edition installed in a software raid1. But it seems this won't work without a /boot partition outside the RAID, is that true? [11:24] Installed a local ubuntu mirror, testing it out now and i'm getting "Failed to fetch http://somewhere/Packages.bz2 Hash Sum mismatch". All i can find so far on the internetz is "Chose another repository", which isn't helping at all. Any idea why that mismatch happens? The Package.bz2's exist, as i can download them with wget. [11:26] cbeebie: kvm and qemu are architecturally identical, AFAIK [11:26] cbeebie: kvm-the-program is basically qemu plus some glue to make it talk to kvm-the-kernel-module [11:29] twb: So, if I build a VM using something like "vmbuilder kvm ubuntu ....", I should be able to run it with a qemu command? [11:29] cbeebie: try it and find out [11:34] kirkland, hey ... did you get to test that kvm kernel?h [11:43] SmokeyD: It should work without /boot outside RAID [11:45] SmokeyD: I just checked. I have a server with software RAID1 here without separate /boot. [11:49] I dunno why you'd use RAID without LVM [11:55] I can't find that he said it would be without LVM. (Lucid in its current state would be a good reason) [11:55] I'm assuming /boot on LVM on md RAID is still Bad Juj [11:55] *Juju [11:55] laen: → #ubuntu-mirrors. [11:55] I mean, it works with grub2, but I wouldn't trust it in production [11:56] Unfortunately, I think you are right there [11:56] I did it way back when grub2 was new [11:56] Ah, then there was a bug. Separate /boot didn't work, but that was even without LVM [11:57] It convinced me that it was a waste of time; just blow 256MB on a separate three-way md RAID1 /boot partition [11:57] It worked years ago, when Ubuntu didn't exist yet. I would rather see fixes. [11:58] Well, I wouldn't have been using Ubuntu === dendrobates is now known as dendro-afk [12:19] alvin, but I don't want /boot outside RAID [12:19] alvin, that makes the raid kind of useless if a disk fails, because no /boot will be available [12:20] No, in elder times, you just made 2 boot partitions and copied them. But it is of no importance. You don't have to put /boot outside. [12:21] ok. [12:21] Just use the ubuntu-server installer and put your 2 drives in mirror. Then put an LVM on top. [12:22] alvin, I have been trying to get that to work for hours already, but failed. At first the disks were marked by the SATA raid controller as a hardware raid. [12:22] Aha! [12:22] I got that fixed now in the bios [12:22] So, you have a firmware RAID. [12:23] So, now they are two separate disks, not marked by the firmware raid anymore? [12:23] SmokeyD: just make two md RAID arrays [12:23] When the installer says you have a softraid, it's not good. [12:23] alvin, not really. I just got a mobo which has an extra option to use the sata disks in raid, but I got that disabled, I just want to use software raid. [12:23] software raid is fine. hardware raid is fine. fakeraid is abominable. [12:24] SmokeyD: Just disabling is not enough. First, enable the RAID, go into the RAID Bios of your firmware RAID, and destroy the array. Make sure it is destroyed and you have 2 separate disks. Then disable the RAID and run the Ubuntu-installer. (Zeroing part of the drive might also work) [12:25] alvin, yeah, that is what I did. Took me a while to figure that out though :) [12:25] I know. Struggled long with the same problem. It's not something that is documented somewhere. [12:29] does kvm impose a limit on the number of recognized lvm volumes? [12:31] https://wiki.ubuntu.com/FakeRaidSpec [12:32] alvin, but would you recommend just creating /dev/sda1 and /dev/sdb1 for the raid using all available disk space, and then setting up LVM on top of that to create the necessary partitions? [12:33] SmokeyD: Actually, yes. That's what I do. [12:33] also setup swap in LVM? [12:33] SmokeyD: yes; though I'm crusty enough to make /boot a separate, second md RAID1 array [12:33] SmokeyD: Yes, you can then increase your swap at will :-) [12:33] twb, crusty? Sorry, I am not a native speaker ;) [12:34] alvin, twb ok, cool. Thanks a lot [12:34] twb is more careful [12:34] old and set in my ways [12:35] :) Ok, I learned a new expression today :) crusty [12:36] I can tell you for sure that the lvm on top of mdadm works fine. My first experiences with Lucid, however, are pointing towards disaster. I'll do an update this week to check again. [12:36] SmokeyD: http://en.wiktionary.org/wiki/crusty [12:42] pmatulis: (thanks for handling our support cases btw) Not according to this: http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.5/html/Virtualization_Guide/sect-Virtualization-Virtualization_limitations-KVM_limitations.html Might I inquire as to the reason of the question? [12:43] twb, alvin thanks a lot for your help. The installer is now formatting the ext4 Logical Volume. I am keeping my fingers crossed [12:44] SmokeyD: You will now for sure on reboot :-) What version are you using? [12:44] 9.10 [12:45] Me too. Should work. (9.10 as delivered on the CD had problems with separate /boot anyway) [12:45] alvin, I was in doubt between 9.10 and hardy LTS, but I think hardy is getting a bit old by now so I decided to try karmic [12:46] alvin, I just downloaded the iso for 9.10 and made a bootable memorystick from it [12:46] Hardy is a lot more stable than Karmic, but it doesn't have ext4 [12:46] Bugger ext4 [12:46] and the kvm in Karmic is better [12:46] FWIW, I've backported qemu to 8.04. I can't speak for KVM. [12:46] yeah... I'm also starting to think ext4 might not be stable yet. I'm not sure yet. [12:47] It seemed like a lot of people were fumbling with it in ext4 [12:47] hmm, I just formatted the partition to ext4 :) [12:47] You can do that of course :-) But I don't want to lose official support, so I'm sticking with official versions. [12:47] Er, in 9.10 [12:47] I think Ubuntu jumped the gun again by making it the default [12:48] twb, what kind of trouble are people experiencing with ext4? [12:48] I can't remember [12:49] Stuff like "my machine don't boot so good no more" [12:49] :D [12:49] There was data corruption when moving large files, and data corruption of qcow images,.. Yes, stuff like that. The not booting is mostly grub2 beta and upstart. [12:50] alvin, ok. Hmm, well I won't be doing to much large files. No qcow stuff definately (got some vm's on my desktop, but not on the server) [12:51] IMO they should've at least turned extents off by default [12:51] The qcow stuff should be solved. Don't worry about that. But I am still experiencing weird stuff with copying large files. Don't know anything for sure yet. [12:53] Pity squeeze and lucid will ship with an ENOSPC-broken btrfs [12:53] Lucid will ship with btrfs? === rgreening_ is now known as rgreening [12:55] alvin, grub-pc is asking where to install grub. Should I install it to /dev/sda and later manually install it also on /dev/sdb (using grub-install)? [12:56] apw: sorry, server wasn't installable last night :-( [12:56] apw: i'm checking now to see if it was fixed overnight [12:56] Hmm, I have forgotten that. For now, I would choose /dev/sda [12:57] kirkland, lack of a kernel probabally ... [12:57] apw: yeah [12:57] apw: no modules found [12:57] also my fault [12:57] tsk tsk [12:57] SmokeyD: I have read some documentation about that. Let me see if I can find it. [12:57] broke all thinkpads ... not handy [12:58] apw: syncing my mirror, then installing [12:58] kirkland, thanks ... i need to push or revert them today [12:59] apw: i'll test today [12:59] kirkland, <- star [12:59] apw: people.canonical.com/~apw/security-lucid/ [12:59] apw: is that right? [12:59] ack [13:00] alvin, the system boots fine. INdeed I needed to install it to /dev/sda. I now did a manual "grub-install /dev/sdb" [13:00] smoser: around? [13:00] smoser: apw has a couple of kvm updates in the kernel he needs tested ASAP [13:00] SmokeyD: I think you can now adapt grub, so that you can boot from both drives. [13:00] I am going to remove the sata cable for sda, see if the system stays alive (mdadm -D /dev/md0 looks fine) [13:00] smoser: i'm wondering if you can drop them into your UEC (images, as well as hosts) along with me [13:01] SmokeyD: Let us know how it goes [13:01] kirkland: hey [13:01] ttx: howdy [13:01] kirkland: so I read your demo went well last weekend ? [13:02] What I need to do exactly when changing VNET settings on a node? Just restart eucalyptus-nc? [13:02] ttx: yeah, i was happy with it [13:02] cool [13:02] alvin, it works. THe system stayed alive when I removed the cable of sda, and also reboots fine [13:02] SmokeyD: Cool! [13:03] alvin, thanks a lot for your help. [13:03] apw: linux-headers-2.6.32-21-server_2.6.32-21.31~security201004122115_amd64.deb [13:03] linux-image-2.6.32-21-server_2.6.32-21.31~security201004122115_amd64.deb [13:03] apw: that's the two binaries I need to install? [13:03] (btw, that directory is a confusing mess) [13:03] SmokeyD: You're welcome [13:03] you only need the linux-image if you don't have prop h/w [13:04] kirkland, and yes it is ... i think i have old builds in there ... HRM tooling spammage [13:05] apw: k [13:06] kirkland, is that better [13:15] Ok, I am off to get a coffee and lunch on a terrace in the sun somewhere :) [13:16] you don't have to tell us that really :) [13:22] apw: installing happily today [13:22] yeah a new kernel was force fed into the system to fix it up === local_oste is now known as e-DIO-t [13:26] kirkland, here [13:26] smoser: i'm doing the same now [13:26] smoser: on my laptop, and in my cloud [13:27] kirkland, we can do that today, yeah. what do you need? [13:27] smoser: apw has kernsl at http://people.canonical.com/~apw/security-lucid/ [13:27] smoser: these need to either be published to lucid today, or tabled for an SRU [13:27] smoser: some kvm security issues fixed in there [13:28] smoser: sounds fairly high priority to make sure these kernels work as our virt hosts and guest [13:29] kirkland, ok. i can install them onto the my 2 systems hosts and will use the kernel for guest [13:29] smoser: thanks [13:29] but i've got to take a 30 minute break here in 5 minutes [13:34] alvin: you can theoretically use btrfs in karmic [13:35] alvin: but even in lucid it is considered highly experimental [13:35] pmatulis: Thanks, in that case, I'll wait a bit. I'm curious about btrfs though. Let's see how long I can wait :-) [13:35] kirkland, quickly, stupid grub2 question [13:35] alvin: package is btrfs-tools [13:36] how do i tell it to boot the kernel i just installed [13:36] never mind. i'm guessing it will, as its the newest by version number. [13:36] * alvin is thinking. Maybe with a nice backup... Only for personal use... (but no, experimental file systems are dangerous toys) [13:38] alvin: it is known to not work with a lot of userspace stuff (boot loader being one example) [13:39] I thought as much. Well, patience is a virtue. I'm sure btrfs will be a success. [14:06] New bug: #562261 in krb5 (main) "Sync krb5 1.8.1+dfsg-2 (main) from Debian unstable (main)" [Undecided,New] https://launchpad.net/bugs/562261 === arm is now known as Guest84351 [14:31] Hi, I have swithed on my ubuntu server but the startup fails after the following: init: ureadahead-other... status 4. Any clue? [14:31] Thanks [14:35] smoser: is there any documentation about cloud-init config syntax, other than the examples in the cloud-init branch ? Do you plan to write some wikidoc ? [14:36] there isn't doc other than in the source, no. I can write some wiki doc. I think the examples are reasonably good, wiki doc would mostly just mimic them [14:37] smoser: I care more about discoverability of the feature, tbh [14:37] smoser: At this point you have to know about it to discover it exists [14:37] this is a fair point. [14:38] smoser: maybe updating/linkingfrom EC2StartersGuide would improve that [14:38] it's a significant part of what makes Ubuntu server cloud friendly, we need it to be more apparent [14:39] ttx, i'll try to put something together for that today. [14:39] just fyi, i did do a blog entry [14:39] smoser: no hurry, but before release, definitely. Some blogging could also help. [14:39] i'm sure that at least 3 people have read it :) [14:39] ah :) [14:39] http://ubuntu-smoser.blogspot.com/ [14:40] smoser: you need some killer title, like "Why Ubuntu doesn't suck in cloud" [14:40] that 3 includes myself and my mom though [14:40] let's make that 4 [14:40] are you syndicated to ubuntu planet ? [14:40] no. i need to do that. syndicated to cloud-planet now. [14:41] ok [14:41] i actually wasn't sure if, as a non ubuntu member, i was allowed to be syndicated to planet ubuntu [14:42] how about "deep thoughts by jack handy"? [14:49] smoser: you need to be an Ubuntu member, AFAICR [14:49] smoser: why don't you apply? [14:51] hggdh, the application is being worked on [14:51] :) [14:51] of course everone here iwll flock to give testimony for me [14:52] certainly. And you *do* have the requisites [14:53] smoser: OTOH, I can be syndicated, but I do not blog [14:54] alvin: that's the spirit [14:54] hggdh, i dont understand, if you don't blog how do you communicate with people ? [14:54] oh... you must facebook [14:54] :) [15:03] smoser: sorry, was doing an interview [15:03] smoser: you get grub figured out? [15:03] yeah, it "just worked". i didn't dig for where that was. when i looked i thought i was installing a kernel that wasn't going to be newest [15:03] smoser, ttx: I'm testing apw's kernels ... my guests are not network accessible, looks like the plymouth issue, though [15:03] and that i'd have to manually tell grub to boot that one [15:04] kirkland, oh? [15:04] smoser: http://pastebin.com/XAq4tMtM [15:04] smoser: $ ssh 10.1.1.100 [15:04] Read from socket failed: Connection reset by peer [15:04] smoser: but it's pingable [15:05] kirkland: the plymouth issue ? You mean, the one that prevents login prompt ? [15:05] kirkland: that one doesn't block SSh, fwiw [15:05] hm... i dont' know what would have cauesd your failure there. [15:05] ttx: hrm, okay [15:05] ttx: smoser: okay, so kvm is running, guest is pingable, i've authorized port 22 [15:05] you've definitely run some of the user space cloud-inti code (Generating locales... INFO: Successfully authorized...) [15:05] ttx: smoser: but i can't ssh to it [15:06] smoser: it was able to call out to ssh-import-lp-id of kirkland [15:06] right. which runs well after ssh should hav started [15:07] i'm testing here. [15:07] smoser: interesting, i can telnet to 22 [15:07] SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3 [15:07] smoser: but ssh resets the connection [15:08] smoser: this is weird [15:08] kirkland: does ssh -v give you more messages ? [15:08] its keys didn't get generated [15:08] so it denies it [15:08] or -vv [15:08] you have no keys in your console log [15:09] it would be nice if init/plymouth didn't give such foul looking errors [15:11] kirkland, i can't reproduce here :-( [15:12] kirkland, is it still in that state? [15:13] smoser: hmm, okay, now i have 2 instances running [15:14] smoser: one was started without a -k option [15:14] smoser: the other was started with a -k option [15:14] smoser: only the one with a -k option works [15:14] smoser: not the one without the -k option [15:14] smoser: this is a regression since Friday [15:14] smoser: something in that recent upload i sponsored? [15:14] absolutely not in that. [15:15] and i dont really see how the -k would affect this. [15:15] smoser: the one that produced the problem was just run with "uec-run-instances -l kirkland $EMI" [15:15] smoser: http://pastebin.ubuntu.com/413662/ [15:15] yeah, that isn't helpful. [15:15] i know why ssh is saying no [15:16] its because the keys have not been generated (sshd's keys) [15:16] smoser: oh? sshd's keys? [15:16] right. [15:16] it has no keys, so it wont allow anyone to talk to it [15:16] smoser: hmm, i maintain that something's still funny/odd with plymouth/upstart/mountall [15:16] ie, /etc/ssh/ssh_host_rsa_key [15:17] smoser: before i disabled splash, i couldn't boot my CLC [15:17] maybe. but what is strange is that other things ran [15:17] smoser: well, I could boot it, but it wasn't running right [15:17] smoser: for instance, i couldn't start screen [15:17] smoser: but i was able to ssh into the system [15:17] and sshd started, which starts on 'filesystem' event, which is the same event that the thing that writes the keys starts on [15:18] can you launch a couple more instances and see if this is reproducible ? [15:18] smoser: sure [15:18] Hi, I have a quick (maybe quick), is there a good way to mount a cifs share automatically for multiple users from an Active Directory that log in? [15:18] i can't come up with any reason why we wouldn't see keys written to that console. [15:19] smoser: just started 4 [15:19] smoser: I did not have, so far, anything to blog about [15:20] For instance, I have used the smbcredentials option with samba, but that really will only work for one user in my environment. I need to be able to have either Gnome or fstab to pull in the user logging in and mount the share that way. [15:20] jdstrand: so, those are bugs :) [15:20] well thats clearly a filter problem. have you ever looked at the internet? the problem is you seem to have some sort of filter stopping you from just mindlessly babbling [15:22] smoser: hmm, i just fired up 4 more instances, identical to the first ... and did not reproduce the behavior there [15:22] smoser: shall i kill all 6 of these and retry? [15:22] ivoks: I certainly think so. I don't see any technical reason why qemu and kvm whouldn't both work. they do in libvirt [15:23] sure.... i have no idea as to what is causing this. [15:23] s/whouldn't/shouldn't/ [15:23] jdstrand: ok, i'll try to isolate the problem [15:23] it seems to me that the cloud-config-ssh.conf isn't running, or at least not correctly [15:23] jdstrand: but i might need some help :/ [15:24] smoser: 6 more started [15:24] ivoks: soren is your best bet. he may even know exactly what the problem is [15:24] oh... i wonder... [15:24] soren: ^? :) [15:24] apw: okay, i'm running vm's successfully with 2.6.32-21-server #31~security201004122115 as the host [15:24] apw: let me try to get that kernel into the guest [15:24] ssh-keygen probably relies on some entropy [15:25] smoser: how hard is it for me to get this kernel into a new image to register? [15:25] maybe it was blocked on ramdom data (/dev/random) ? for some reason that guest didn't think it had a sufficient supply [15:25] what kernel, kirkland [15:25] apw: and i need to reboot my laptop to do some kvm testing here too [15:25] i'm testing with apw's kernel. [15:25] smoser: apw's kernel at http://people.canonical.com/~apw/security-lucid/linux-image-2.6.32-21-server_2.6.32-21.31~security201004122115_amd64.deb [15:25] what you need to do: [15:27] sudo mount -o loop whatever.img /mnt && sudo cp linux-*.deb /mnt && sudo chroot /mnt dpkg -i linux*.deb && cp /mnt/boot/vmlin*2.6.32-21.31* . && sudo umount /mnt [15:27] mixed minis is very dangerous bag; eating chocolate like chips surely isn't good :) [15:27] then, uec-publish-image x86_64 whatever.img 20100413-testkernel --kernel-file vmlinuz-* [15:28] thats what i've done here, and it booted [15:28] smoser: thanks [15:28] i booted both i386 and amd64 [15:28] smoser: okay, i just ran 6 more images in the exact same way ... no problem [15:28] smoser: glitch in the matrix? [15:29] jdstrand, my suspicion about entropy above, does that possibly make sense? [15:29] * jdstrand reads backscroll [15:29] kirkland, i really have no idea why that would hang like that. previously, there was a bug where the cache file wasn't being read, and instead metadata service was being crawled several times on boot, and it would fall over, but that was fixed. [15:30] smoser: okay, well, let's file it away to the back of our mind for now, and keep an eye out for any similarly aberrant behavior [15:32] kirkland, yeah. there are other ways to debug an instance, but all of them basically require enabling debug stuff [15:33] smoser: hey - do you have branch with your ldap changes? [15:34] mathiaz, yeah [15:34] smoser: I strace'd ssh-keygen, and it uses /dev/urandom, so it should not block [15:34] it just has 2 of the three fixed, not the nice one. [15:34] jdstrand, yeah. well nuts to that theory, thanks for testing. [15:35] mathiaz, lp:~smoser/ubuntu/lucid/openldap/lucid.dev [15:35] of course, and I've said this before, there may not be enough entropy in these images for a strong key... [15:35] that is only a theoretical attack btw [15:35] well, i think it would be more than theoretical. [15:35] apw: okay, rebooted my laptop to test your kernel now [15:35] there is absolutely a limited amount of entropy [15:36] i suppose it has been suggested, that you could have a paravirt /dev/random driver [15:36] kirkland, heh you are a trooper ... [15:36] smoser: no matter ... i killed that instance, and i have started 18 VMs identically, without seeing the same problem again [15:36] kirkland, that doesn't exactly give you warm fuzzies though :-( [15:36] smoser: you mean like a passthru? yeah-- that would be nice [15:36] * kirkland multitasks like an s390 :-) [15:36] jdstrand, right. [15:36] smoser: definitely not [15:37] smoser: i can almost guarantee that this is going to come up again ... i've seen this kind of behavior too much with uec in the past [15:38] smoser: by theoretical, I mean that while people have observed that starting a hundred identical images with the same hardware *should* have poor entropy and weak(er) keys, I've not heard of a practical attack against this yet [15:38] but I'm sure people are working on it === swift_ is now known as swift [15:40] apw: okay, i'm running 4 kvm'd desktop livecd's now [15:40] heh thats one hell of a laptop [15:40] apw: can i see the changelog/patchset that you've applied? [15:40] apw: nah, just an x200 thinkpad (dual core 2.4GHz, 4GB) [15:40] patches were in the place you downloaded for [15:40] from [15:41] apw: KSM helps a bit, running 4 identical VMs [15:41] kirkland, good point [15:42] apw: 1-14 ? [15:42] there are a few indeed [15:42] apw: all of these are from the stable tree? [15:42] i think there are 10 whicih are KVM, 1 other and 3 noise [15:43] they are all pre-stable, but coming to me via security [15:43] pre-stable == sent to and accepted for 2.6.32.y but not yet released there [15:47] apw: i'm sharing 124786 pages (saving 4KB per page), according to /sys/kernel/mm/ksm/pages_sharing [15:48] impressive [15:48] apw: that's 487MB [15:48] substantial [15:48] apw: okay, i think i'm good [15:48] apw: i spot checked the patches (actually, just the headers) [15:48] kirkland, thanks, i'll call them committed [15:48] apw: all look like reasonable things to fix [15:49] yeah concur [15:49] apw: i can't say i'm not just a little nervous [15:49] apw: as things have been working pretty well for us here, kernel-wise [15:49] i am less nurvous now you have tested them [15:49] if it wasn't coming from -security i'd not be doing it either [15:50] apw: so my testing covered UEC hosts, smoser covered UEC guests, and i tested KVM as an app on my local machine via TestDrive [15:50] apw: did security test it at all? [15:50] jdstrand: kees: mdeslaur: ? [15:50] jdstrand: kees: mdeslaur: did you guys test apw's kernel with these 11 security patches? [15:51] kirkland: is this a pending -security kernel? [15:51] jdstrand: yes [15:51] jdstrand: well, it's a pending lucid kernel [15:51] jdstrand: which apw is working on, some kvm security fixes [15:51] kirkland: oh, no we haven't [15:52] kirkland: stable kernels kees will usually do the testing [15:52] kirkland: but dev, not usually [15:52] kirkland, fwiw, i was running that test kernel on the host and hte guests [15:52] * ttx sighs [15:53] its probabally a lot better tested than the average [15:53] kirkland: do you need additional testing? we've been testing apparmor kernels lately [15:53] Did I mention how much I hated maven ? [15:53] mathiaz, were you wanting to look at bug 559070 [15:53] Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070 [15:53] smoser: I'd like to review openldap in lucid [15:53] thats what i was asking you about last night. I have bug 556176 and bug 538848 commits in my branch. [15:53] Launchpad bug 556176 in openldap "slapd creates /nonexistent homedir (and some enhancements...)" [Medium,Confirmed] https://launchpad.net/bugs/556176 [15:53] smoser: and include the latest fix [15:53] Launchpad bug 538848 in openldap "slapd.postinst output doesn't mention configuration conversion step" [Wishlist,Confirmed] https://launchpad.net/bugs/538848 [15:53] smoser: i saw your branch yesterday [15:54] mathiaz, i dont follow... so you want me to try to fix that ? [15:54] smoser: I'd like to review your branch and sponsor it [15:54] ok. i think we need a fix for 559070 though [15:54] before its really useful [15:55] or do you disagree, ttx? thoughts [15:55] ? [15:55] quick noob networking question [15:56] kirkland: tbh, getting it into lucid and having the wider community testing there helps us verify when the patches end up in stable releases [15:56] smoser: to disagree I'd have to follow that discussion [15:56] yes, bug 559070 is the only significant one in that list :) [15:56] Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070 [15:56] hm... ok. well, ttx, yesterday you asked me to look at 556176 538848 and 559070 [15:57] i have a network interface, which is getting a proper local IP address through dhclient. But I can't access hosts on the internet. DNS name resolution works, but i can't ping to wget from internet servers. there's no problem with my internet connection, i can browse the web fine on my ubuntu desktop [15:57] i have the first two in a branch that i think is probably ready for review. but do not have the last. [15:57] do you think we need to fix that last one [15:58] smoser: I think we need to. [15:58] i know little to nothing aobut slapd, but reading the bug it seems that this will break a working config, causing loss of access [15:58] smoser: yes, there was an upgrade issue that would prevent hardy->lucid upgrades. I fixed that, but my fix denied access more than it should [15:59] smoser: I can work on it if you don't feel confident [15:59] right. [15:59] smoser: ideally we need mathiaz to validate the fix in the end [15:59] if i can get a clean example of the failing config, i think i can probably do it [16:00] smoser: I documented on the bug what I think needs to be done... [16:00] the trick being to handle all the cases [16:00] and I still need an openldap cn=config expert to validate those assumptions [16:00] how do I become root if sudo fails ? [16:00] :D [16:00] su - [16:00] ttx, maybe i'm missing something [16:01] you documented where ? [16:01] su - wont work because root password is locked by default [16:01] hggdh: are you using the uec test rig? [16:01] bug 559070 has no comments [16:01] binBASH: ^ [16:01] Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070 [16:01] smoser: in the desc : [16:01] "Combining the two lines into: [16:01] olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage by * none [16:01] or even (since access is implicitely denied when no clause match): [16:01] olcAccess: {0}to * by dn.exact=cn=localroot,cn=config manage [16:01] should solve it." [16:01] axisys: reboot with init=/bin/bash as kernel param so it will boot into root shell [16:01] sudo points to radius auth .. but radius server is going throug maintenance [16:01] binBASH: ok .. sweet.. in grub ? [16:01] smoser: the tricky part is to support hardy->lucid, karmic->lucid and lucid->lucid [16:02] jdstrand: understood; just wondering if you've sniffed it at all [16:02] axisys: yeah, just pass it as parameter [16:02] binBASH: in kernel line ? [16:02] binBASH: i can power cycle but cannot run reboot .. since i am not root [16:02] but during reboot i will have access to grub [16:03] axisys: Yeah in kernel line [16:03] binBASH: thanks [16:03] kirkland: I have not, sorry. tbh, I wasn't aware of the kernel [16:03] axisys, you can do as binBASH says, or alternatively boot rescue media, chroot and set root's password. [16:03] jdstrand: okay, well, apw is going to roll out to Lucid anyway [16:05] sounds good [16:05] Hi smoser btw. :) [16:06] how to pass additional kvm startup parameters when starting instances in uec? [16:07] smoser: ttx: I've commented on bug 559070 [16:07] Launchpad bug 559070 in openldap "Lucid (or karmic) slapd upgrade does not really allow localroot cn=config manage rights" [Medium,Triaged] https://launchpad.net/bugs/559070 [16:09] could someone fasttrack something for me? [16:09] just pull in rhcs from debian testing? [16:12] ivoks: as in "syncing" ? [16:12] ttx: yes [16:12] ivoks: What's the problem? [16:12] all our changes are in debian [16:12] soren: vmbuilder fails to create xml for libvirt (i've posted the question to the ubuntu-server mailing list) [16:13] ivoks: you will need an AA for that. kirkland or jdstrand could help you, maybe [16:13] soren: o/ [16:13] ivoks: i'm responding to your mail [16:13] kirkland: ok [16:13] ivoks: Ah. I'm way behind on Ubuntu e-mail these days. [16:13] soren: me too :/ [16:14] ivoks: I have a secret plan (don't tell anyone) about throwing a bunch of hours at vmbuilder next week when I get back from holiday. [16:15] soren: :) [16:15] I /knew/ about that plan. [16:17] smoser: bug 556176 [16:17] Launchpad bug 556176 in openldap "slapd creates /nonexistent homedir (and some enhancements...)" [Medium,Confirmed] https://launchpad.net/bugs/556176 [16:17] smoser: I'd suggest to keep /nonexistent as the home directory and use the --no-create-home option for adduser [16:17] why? [16:18] it is commonplace to use /var/lib/ as home for a daemon [16:19] smoser: well the security team is trying to move away from that [16:19] (i just realized, it would be nice to clean that /nonexistent dir up on upgrade also... do you think that should be done ? case where '/nonexistent' was created and empty by something else is probably small) [16:19] mathiaz: no [16:19] mathiaz, ok. thats easy enough to change. i just looked at other packages. [16:19] smoser: there are couple of other packages that use nonexistent [16:19] mathiaz: I am not using the rig [16:19] hggdh: thangs [16:20] mathiaz: welgome [16:20] smoser: for the time being use --no-create-home is enough IMO [16:20] jjohansen: I'd like to bring bug 546743 to your attention, breaking consoles on lots of servers [16:20] Launchpad bug 546743 in linux "Blank screen at first boot with ATI ES1000 and 10.04 server" [High,Confirmed] https://launchpad.net/bugs/546743 [16:20] mathiaz, sounds good. [16:21] kees: jdstrand: mdeslaur: what's your opinion on setting up the home directories of system users running daemons to /nonexistent instead of /var/lib/... ? [16:22] kirkland: kvm and qemu aren't the problem [16:22] kirkland: they work [16:22] kirkland: problems are vmbuilder and libvirt [16:23] mathiaz: it depends on what the application and the user in question does/needs to do. if it has an actual directory, that user can then do things with dot files, filling the disk, etc, so unless you need an actual directory, there is no reason to have it [16:23] jdstrand: how about openldap? [16:23] mathiaz: I would recommend not straying from Debian on this with openldap, since they have more experience with the code, daemon and user in question [16:24] mathiaz: either that, or ask Debian about it [16:24] personally, I like --no-create-home [16:25] don't give the extra access unless it is determined that it is needed [16:25] ivoks: gotcha, thanks [16:26] This is driving me nuts! Does sqlite need a connection string like MySQL does? This is the MySQL one: ConnectionString = "Data Source=localhost;Database=MyAwesomeDatabase;User ID=TheAwesomeUser;Password=***;" [16:26] mathiaz: ^ [16:27] Been trying to get this program to work for almost 24 hours [16:27] mathiaz: and by 'more experience', I mean 'more experience than me' :) [16:27] err... s/me/I/ [16:28] kirkland: if you want to reproduce it, create (on vt-enabled hardware) kvm/xen/vmware system with vmbuilder, as you usually do [16:29] ivoks: not particularly ;-) ... i avoid vmbuilder [16:29] kirkland: start it and inside of that system try creating another virt system, that should be non-accelerated [16:29] eh... [16:30] ivoks: i tend to spend more time debugging vmbuilder than it takes for to just go and build the vm i need by hand [16:31] kirkland: yeah, but you'd rather avoid libvirt too :P [16:32] jdstrand: heh, well, i often skip libvirt to remove complexity, rather than because it doesn't work [16:32] jdstrand: libvirt works really well, in my experience :-) [16:32] * jdstrand was only teasing :) [16:32] yes, I use it all the time [16:32] jdstrand: it=vmbuilder or it=libvirt ? [16:33] libvirt. vmbuilder I do use when I (re)create my VMs. that has been a while though [16:33] my security VMs that is [16:33] iso testing I use virt-install [16:33] security VMs, vmbuilder [16:34] one-offs I just use virt-manager [16:34] I'm a libvirt-junkie [16:35] now that I use snaphosts for my security VMs, I haven't had to use vmbuilder in ages... [16:36] jdstrand, qcow snapshots ? [16:37] smoser: qcow2, yes [16:37] smoser: I'm using qcow snapshots for my vms as well [16:37] smoser: I was wondering whether the uec images could be used directly from kvm/libvirt? [16:38] * smoser wishes for qcow backing devices to be fixed with apparmor [16:38] smoser: I have a base lucid vm that I always need to boot and update [16:38] mathiaz: you may be interested in knowing that the apparmor security driver for libvirt now handles backing store just fine [16:38] smoser: it is [16:38] smoser: I was wondering if using the daily uec images instead would work [16:38] mathiaz, they need some de-cloudification done to them [16:38] smoser: ie: every day download the latest uec daily and use this as the base vm [16:38] smoser: bug #470636 was fixed in 0.7.5-5ubuntu18 [16:38] Launchpad bug 470636 in libvirt "AppArmor security driver does not support backingstore" [Medium,Fix released] https://launchpad.net/bugs/470636 [16:39] smoser: that was part of my upstreaming/0.7.7 work, and then I backported it to lucid [16:39] i did not know this... i thought you had basically said "will not fix" [16:40] in comment 9 of that bug. [16:40] that rocks. thanks jdstrand. [16:40] smoser: yes, I did. I still think it is not an optimal way to do it, but upstream added all the hooks to do it already, so I went ahead and used their work [16:41] "all the hooks" ie, you're now just parsing xml ? or you do have to read the image file yourself. [16:41] New bug: #562370 in apache2 (main) "Upgrade from 2.2.14-5ubuntu6 to 2.2.14-5ubuntu7 results in syntax error, missing module" [Undecided,New] https://launchpad.net/bugs/562370 [16:41] smoser: I think the backing store info should be available via the xml, but that is a discussion I need to have with upstream [16:42] smoser: oh I don't look at the image myself-- libvirt has an API I used [16:42] smoser: but it peeks at the image file [16:42] mathiaz, https://code.launchpad.net/~smoser/+junk/boothooks : bin/ dir there has the decloudification stuff. its less than ideal as you also have to insert metadata. i hope to have that much more sane in maverick. so that those could "just work" like you'd like. [16:43] jdstrand, right. [16:43] thanks jdstrand [16:43] smoser: excellent - if that's a topic for maverick, that's enough for me! :) [16:43] oh sure-- it was a bp'd item for me, so I was motivated :) [16:43] of course, I created that bp... [16:47] New bug: #550343 in openvpn (main) "openvpn crashed with SIGSEGV" [Low,Incomplete] https://launchpad.net/bugs/550343 [16:48] New bug: #274006 in tftp-hpa (main) "init script of tftpd-hpa is not LSB compliant" [Low,Won't fix] https://launchpad.net/bugs/274006 [16:48] smoser: for the status function that could count as a new feature [16:49] mathiaz, i have no strong feelings. [16:49] smoser: so I'd ask for a FFexception [16:50] can you tag that bug as such then please ? [16:57] smoser: done - I've opened a new bug and you should be subscribed to it === swift_ is now known as swift [17:06] mathiaz, bug number ? [17:06] New bug: #562377 in openldap (main) "[FFe] Add status action to slapd init script" [Low,Triaged] https://launchpad.net/bugs/562377 [17:07] smoser: ^^ [17:07] danke. [17:08] does anyone know, is 'do-release-upgrade --devel-release --sandbox' generally expected to work ? [17:08] https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/562394 [17:08] Launchpad bug 562394 in update-manager "do-release-upgrade fails with AttributeError" [Undecided,New] [17:10] mathiaz, i was also planing on creating OCF RA's for UEC [17:12] New bug: #562388 in libpam-ldap (main) "Authentication failure on successful login when using LDAP authentication" [Undecided,New] https://launchpad.net/bugs/562388 === ttx_ is now known as ttx [17:22] RoAkSoAx: seems interesting - using EBS as the backend store? [17:25] mathiaz, well my idea is provide with HA (failover) to the UEC (any of the *-controllers). I.e. If cloud-controller fails, failover to another running [17:25] mathiaz, of course they'll need data stored someplace else or replicated between the nodes [17:26] zul: bug 562370 [17:26] Launchpad bug 562370 in apache2 "Upgrade from 2.2.14-5ubuntu6 to 2.2.14-5ubuntu7 results in syntax error, missing module" [Undecided,Confirmed] https://launchpad.net/bugs/562370 [17:26] New bug: #562404 in clamav (main) "package clamav-daemon 0.95.3 dfsg-1ubuntu0.09.10.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/562404 [17:26] mathiaz: working on it [17:35] In Ubuntu Enterprise Cloud, does anyone know if any of the MANAGED vlan modes modes are supported on single machine deployments, or if there are any official ubuntu EMI images that support SYSTEM or STATIC mode? [17:36] I am also trying to figure out how automatic security updates are supposed to work with kernel vulns, since the kernel is specified in eucalyptus, not on the emi image itself (so apt-get update doesn't really update the kernel). [17:37] * lamont struggles to understand the sense of having all that work at login, just to update motd with stuff he already knows for the servers he deals with [17:57] hello [17:57] my squid server seems to work fine ! but when I try to access a website like http://mail.google.com/mail/.. it fails.. the browser show me the message : "Could not connect to proxy server." [17:57] any suggestions ? [17:58] you are sure your browser is pointed at the right server on the right port? how do you know your squid proxy is working fine? [17:58] pierce, because I have tested many other site like google yahoo ... [17:59] and there is no error messages in squid logs [17:59] so it works for yahoo and google, but it won't connect when you try to go to gmail? [18:00] exactly ! [18:00] strange [18:00] are there any other sites that it won't connect to? [18:01] pierce, yes for example facebook ! when I try to enter login and password [18:01] ahh [18:01] maybe it's an ssl issue [18:01] I have simply the login window [18:01] pierce, yes I think so ! [18:02] is there a solution ? [18:02] how do you have you SSL certs set up? I think you need to generate a man in the middle type cert, and load it into your browser [18:02] pierce, hmm I will check this ! [18:03] ok thank you [18:03] I have never set up a squid server, but from what I understand you can make your own root CA, and squid will generate new certs for domains based on your new root [18:04] fyi, Squid's official channel is also here on freenode in #squid [18:07] anyone here have any experience with ubuntu enterprise cloud? [18:33] pierce: heya! nice to see you. :) [18:34] pierce: smoser's in the best position to answer your questions about ec2, but when we publish kernel updates, we publish -ec2 updates too. [18:34] pierce: when those are incorporated into a new AKI is up to smoser, though. [18:55] kees: The most recent set of images that support SYSTEM mode in eucalyptus seems to be 9.04. Inside the instance that I have started, I upgraded all the way to lucid, but I can't for the life of me figure out how to upgrade the kernel past 2.6.28-11. Even if I can it seems a bit sketchy that things like that aren't updated automatically. [18:56] smoser: are you around? [18:57] pierce, yes here now [18:58] smoser: hey there, is there a good way to auto update the kernel in UEC? [18:58] auto update? [18:59] I'm messing with euca-modify-image-attribute at the moment.. [18:59] you can't do it there. [18:59] you'll have to create a new image in euca [18:59] I'm using a set of images for 9.04, but when I patch the kernel for recent security vulns, I reboot, and it's still using the old kernel (which totally makes sense) [18:59] with ec2 you can use an ebs root [18:59] and shut it down , modify kernel/ramdisk and start it [19:00] pierce, for security vulnerabilities... you may actually (my tounge is in cheek) be able to use ksplice [19:00] when you terminate an instance, you delete it right? is it normal to mount things like /etc with the volume manager? [19:01] well, the key is to do nothing in instance-store (/) that you really care about. [19:01] if you want persistence, mount that stuff on an ebs volume (euca-attach-image) [19:01] I've just got a few static IPs that I use to host a few services for myself and friends, so I don't really have funding for things like ksplice and landscape etc :-/ [19:02] yeah, :-( [19:02] smoser: do you know if any of the official ubuntu images for UEC support things like STATIC and SYSTEM vnet modes? [19:02] note that ksplice doesn't exist for free in 10.04. [19:03] kees, i didn't say it was free, and i had my tounge in my cheek. jeesh [19:03] pierce, static and system are no metadata ? [19:03] oh! heh, well, I assume ksplice _would_ work, it's just not free. :) [19:03] booting the recommended emis seem to fail in a bad way when I try to use them in SYSTEM mode [19:03] i really hate to say it, but that really just wasn't on the radar [19:04] VNET modes [19:04] right, it fails to reach meta data service [19:04] ah ya [19:04] as those don't provide it, is that right [19:04] yeah [19:04] so... i hope to address that in maverick if that makes you happy [19:04] is there a webtool that i can isntall on my server to monitor it's performance, any apps or site that are haugign memrry processor or bandwidth [19:04] one other thing i think you could do would be kexec [19:04] since I am using external network configs to dhcp with my images instead of the private networking [19:04] although i have very little experience iwth that. [19:05] i keep crossing fingers and poking jjohansen for kexec on our ec2 kernels [19:05] in theory, you could kexec into new kernel from old (eki registered) kernel [19:05] smoser: I mostly really want to get away from using vmware-server for my hosting :-D [19:05] smoser: that seems yucky [19:05] essentially allowing the guest to service its own kernels (what a concept!) [19:06] i dont think it would be too yucky [19:07] well, if I need scripts that will auto update to pull new kernel images, then automatically kexec into the new kernels on all my instances, it seems a bit complicated :-) [19:08] essentially you'd end up registering a 'kboot' kernel [19:08] especially if that's the only way to patch a security vuln [19:09] well, if its stable and it works, it works. [19:10] you trust your bootloader to load a kernel aftr its installed. [19:10] but i agree, its a bit mroe complicated [19:10] smoser: I promise I'll have another look at kexec for M [19:11] guest serviceable kernels would so rock [19:11] smoser: besides that kernel issue, I am also confused about some of the networking issues. It seems that none of the MANAGED modes work when you are running all components on a single machine, but there are no ubuntu emis that support STATIC or SYSTEM mode. Is there a good reason for that, or did I overlook something? [19:12] imagine a world where your kernels came from your OS provider (ubuntu) rather than from your hardware provider (ec2 in this case) [19:12] crazy [19:12] no canonical emis rather [19:13] i really don't have enough experience with different modes. i knwo that my default 2 system install "just works". but i know that if you dont have a metadata service, then our images wont "just work". [19:14] they hang for an hour on first boot, and if you try to restart the node controller they terminate and delete themselves :-/ [19:14] they do "work" for a little while though [19:15] pierce, so the guest is oging to fall over when it doesn't have metadata service [19:15] doing it in MANAGED mode seemed to work great, but I was unable to route from the internet to my instances [19:16] you can probabaly disable most of cloud-init and be OK. in the modes without a Metadata service, the eucalyptus hacks into /root/.ssh/authorized_keys, so you'd be able to ssh in [19:16] will canonical ever support system or static mode, or should everyone just be using managed (which is tricky on a single machine) [19:16] to disable cloud-init, mount the image, for x in etc/init/cloud-*; do mv $x $x.disabled; done [19:16] i've not tested that, but i think it might work [19:16] smoser: sshd runs after ec2-init hangs :-) [19:16] ah. for karmic. [19:17] yeah [19:17] thats right, it generates ssh keys [19:17] you'd have to create them somehow. maybe add a job that creates the /etc/sshd/*key* stuff. [19:17] is there a webservice i can install on my server to monitor its performance ? [19:17] that make sense? thats the one thing i think youd' have to do. [19:17] ya, also strange that I ssh into the root account rather than ubuntu when the metadata service fails [19:17] well, i dont know about canoncial plans and system or static support. [19:18] but i do plan on finding some way to make the maverick images work there. [19:23] I also noticed that canonical is offering support contracts for UEC, do you know if there is a training program that I could go through, and then be sent out as an UEC consultant? I do security consulting now, and it might be fun to throw that in as a service I could provide. I'm not sure how franchised out the whole support contract thing is with canonical though. [19:24] it's starting to sound like the MANAGED networking issues are going to be resolved before the STATIC emi issues, so maybe I will just convert everything back over :-/ [19:25] been going back and fourth for 2 weeks now, and my friends are starting to get annoyed that their servers have been down so long :-D [19:28] dassouki: ntop works well for watching traffic, also prelude with prewikka if you are looking for something more detailed [19:31] smoser: any insights on MANAGED networking issues vs STATIC image issues? [19:32] pierce, i don't know about support. and sorry, no insights . i really have much less experience with this. === dendro-afk is now known as dendrobates [19:34] smoser: thanks much, at least I know now that I'm not completely insane, and that these are real issues :-) [19:35] would it be appropriate to file a bug report or anything like that? [19:42] pierce, if you want to file a "ubuntu i amges do not work in system mode" then go ahead [19:42] it wont be addressed for lucid [19:42] but i do want to fix for maverick [19:43] anyone use rsyslog heavily on their server box? I am configuring a central server and want to make customizations to the default. I considered leaving the 50-default.conf in place and either preceding or appending my changes with a 40- or 60-. Not sure if my local changes should be on which side? [19:44] s/central/central syslog/ [19:52] pierce: thanks === dendrobates is now known as dendro-afk [19:52] in order to use the "offset" option with the mount command do I have to specify the "loop" option? I ask because I am trying to mount a partition on a raid 5 array that isn't in the partition table but is on the disk [19:52] dassouki: not sure exactly what you are looking for, but you might also look into nagios === dendro-afk is now known as dendrobates [19:54] pierce: pretty much a task manager [19:54] plus more information [20:17] jjohansen: ping [20:26] jjohansen: did you get my message about bug 546743 ? Let me know what are our options (comment on the bug when you can) [20:26] Launchpad bug 546743 in linux "Blank screen at first boot with ATI ES1000 and 10.04 server" [High,Confirmed] https://launchpad.net/bugs/546743 [20:27] bug 546743? [20:27] RoyK: yes, bug 546743. [20:28] mathiaz: apache fixed [20:28] ttx: just asking the bot [20:51] New bug: #562516 in backuppc (main) "package backuppc 3.1.0-6ubuntu4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/562516 [20:55] * ttx disappears === arm is now known as Guest73000 [21:11] New bug: #562531 in apache2 (main) "Latest Apache 2.2 is missing mod_reqtimeout.so" [Undecided,New] https://launchpad.net/bugs/562531 [21:24] someone speak spanish? [21:42] hggdh: did we ever get to the bottom of why config_multi wasn't working? [21:42] mathiaz: around? [21:54] kirkland: o/ [21:55] mathiaz: i think me, you, and hggdh need to take a look at his config_multi setup for beta2 testing [21:55] mathiaz: all of those runs failed [21:55] kirkland: ok - is the failing environement currently up and running? [21:55] mathiaz: well, 99.8% of the runs failed, somehow 0.2% succeeded [21:55] mathiaz: i'm trying to get in touch with hggdh [21:56] kirkland: ok - let me know once the infrastructure is up and running [21:56] kirkland: and try to re-run the test [21:56] kirkland: do you have the logs somewhere? [21:56] mathiaz: i asked hggdh to check them into bzr; i have not seen them yet [21:57] kirkland: ok - so in the logs should give use some clue about why things were failing [21:59] mathiaz: how long are you around today? [21:59] kirkland: probably another 2 hours [21:59] mathiaz: okay, let's hope hggdh comes back around in that time [21:59] can someone advise for an enterprise virtualisation platform for ubuntu? [22:07] kirkland: no, I was never able top find out why [22:07] hggdh: okay, mathiaz is here now, and ttx has asked us to get to the bottom of this [22:07] hggdh: what state is the rig in? [22:07] hggdh: do you have any logs? [22:08] kirkland: (1) mathiaz was using the rig the last I heard (2) I do have the logs saved (and, IIRC, attached to the bug) [22:09] hggdh: the UEC test rig is available [22:09] mathiaz: so I guess we can go and do a multi again [22:10] hggdh: on which topology was the test failing? [22:12] mathiaz: lucid-amd64-multi [22:12] hggdh: how did you install the topologie? [22:12] hggdh: lucid-amd64-multi is not fully automated [22:13] hggdh: and the plan for now is to install everything from packages [22:13] mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/559230 [22:13] Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete] [22:14] mathiaz: I manually tweaked the preseeds to have the correct keys [22:14] mathiaz: so -multi is not to be run now? [22:14] hggdh: well - you can - you just need to install from packages [22:15] mathiaz: what exactly does that mean (in other words: I do not think I did it) [22:15] hggdh: bug 559230 [22:16] Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete] https://launchpad.net/bugs/559230 [22:16] hggdh: ^^ this is not the multi-network topology [22:16] hggdh: kirkland: which topology are we trying to debug here? [22:16] mathiaz: no, it is the multi-machine [22:17] hggdh: which topology was setup when all the tests were failing? [22:17] mathiaz: lucid-amd64-topo2: [22:17] hosts: [22:17] cempedak: CLC [22:17] mabolo: Walrus [22:17] mathiaz: I am sorry, this was not the one. I had one component per machine, same network [22:17] marula: CC [22:17] santol: SC [22:17] sapodilla: NC [22:17] soncoya: NC [22:18] hggdh: so IIUC, the failing logs are for topo2 (multi-machine) and we're looking at bug 559230? [22:18] Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete] https://launchpad.net/bugs/559230 [22:19] mathiaz: that's correct [22:19] hggdh: where are the logs? [22:20] I have the logs locally, but they are humongous [22:20] mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/559230 [22:20] Launchpad bug 559230 in eucalyptus "multi-machine topology, cannot reach an instance from the CLC" [Medium,Incomplete] [22:20] http://launchpadlibrarian.net/43545406/EucalyptusCloudDebugLog.gz and http://launchpadlibrarian.net/43545407/EucalyptusCloudOutputLog.gz [22:20] hggdh: kirkland: and the logs from the testing scripts? [22:21] mathiaz: 8M compressed, where can I load them? people.c.c is OK? [22:21] hggdh: sure [22:21] hggdh: yes [22:22] New bug: #562575 in vm-builder (universe) "vm-builder fails to resolve package dependency in vanilla system" [Undecided,New] https://launchpad.net/bugs/562575 [22:22] mathiaz, kirkland people.c.c/~cerdea/logs.tar.gz [22:23] hggdh: not found [22:23] hggdh: did you put the file in your public_html/ directory? [22:24] mathiaz: scp or sftp, under my home dir [22:24] but I will put it under public_* [22:25] both places now [22:29] hggdh: ssh: connect to host 10.55.55.104 port 22: Connection timed out [22:29] hggdh: it seems that instance wasn't run properly [22:30] hggdh: it doesn't seem to be a problem the testing scripts [22:30] mathiaz: yes, a lot of them. If you look at multi_test.log.2010-04-07_190728, about half failed [22:30] hggdh: and the instance (ex: i-4A18091A) was running according to UEC [22:30] of 1,000 runs [22:31] hggdh: right - I'd setup the same infrastructure and re-run the tests [22:31] hggdh: this time using your branch to store the console logs before terminating an instance [22:31] hggdh: if it's marked as failed [22:31] mathiaz: k [22:32] that's what the branch should be doing [22:32] mathiaz, i'll get the openldap later tonight,and send you a review request [22:32] then tommorrow you can review commit . that sound reasonable ? [22:32] smoser: great thanks [22:32] smoser: I'll try - I'm traveling tomorrow [22:33] ok. if not, thierry [22:33] smoser: but thanks to bzr support for offline mode, I should be able to get it reviewed [22:33] yeah, true. [22:33] mathiaz: just to be sure: who will rerun the tests, you or me? [22:34] hggdh: you [22:34] mathiaz: roj [22:34] mathiaz: which images you want? [22:35] hggdh: beta2 [22:39] er. where are the beta2 images? [22:39] cannot find them on cdimages.u.c [22:41] mathiaz: ^ [22:43] hggdh: try releases.ubuntu.com [22:47] ajmitch: thank you [22:56] :) [23:02] mathiaz: releases.ubuntu.com does not seem to be accessible from tamarind [23:04] hggdh: right - there isn't any firewall rules to enable access [23:04] hggdh: try with the latest archive installation then [23:05] mathiaz: roj [23:06] hello, i'm using ubuntu server 9.10 and when i try to dpkg-reconfigure slapd, dpkg ask me only 3 question, and never ask aout the domain etc... all tutorials i found talks about more options when i do that, is this a known issue? and there is a solution please ? [23:06] New bug: #562599 in apache2 (main) "can't start apache2" [Undecided,New] https://launchpad.net/bugs/562599 [23:12] hggdh: so you're installing now? [23:13] kirkland: yes, right now cempedak is being installed [23:13] hggdh: cool, i'll standby [23:14] hggdh: as i want to get to the bottom of this, if it's a euca problem [23:17] kirkland: welcome :-) I am betting on a fat hand from my side, though. Also, bug 559745, if not yet resolved, may impact this test [23:17] Launchpad bug 559745 in eucalyptus "NC failed to start a session with a libvirt internal error" [Medium,Confirmed] https://launchpad.net/bugs/559745 === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [23:53] hi whi is it when i tried to reboot my system then sometimes it says on startup that, hcek forced on one of my LVM.. [23:53] what do i do, cause its causing delays..is it possible to do it automatically.