[00:32] <MTecknology> I'm trying to drop each user into a chroot when they log into the system. I don't want to make it over ssh only. I setup a chroot environment. I changed the users home directory to /chroot/./home/user moved /home/* into /chroot/home/. When I run su - user, I'm dropped into /chroot/home/user and pwd shows /chroot/./home/user/. echo $HOME shows the same thing. I'm really lost figuring out why the user isn't being dropped int
[00:32] <MTecknology> I'm not sure if that cut off or not..
[00:59] <smoser> SpamapS, i forgot to pick up your glusterfs merge proposal
[00:59] <smoser> i uploaded a cloud-init today, and would have picked it up.
[00:59] <smoser> but i guess given that its doc only,k not a big deal
[01:10] <thesheff17> MTecknology: i'm building a new virtual machine to test a chroot env.
[01:11] <MTecknology> thesheff17: awesome - I'm taking a break because I need to do a whole lot of homework in a very short time but that's not to say I won't take a break from it ;)
[01:16] <MTecknology> thesheff17: I imagine you'll make it work for you just perfect :P - I built the chroot with debootstrap lucid /chroot
[01:19] <smoser> MTecknology, just because you set the home doesn't mean a chroot is going to occur.
[01:19] <MTecknology> smoser: and that's what I can't figure out how to make happen - any magical tips, advice, reading?
[01:19] <smoser> what i would suggest you do is change the users shell to be something that performs a chroot if and only if its not already chrooted.
[01:19] <smoser> i've done this once before, actually.
[01:19] <MTecknology> such as?
[01:20] <smoser> ie, you could add a shell to the "real system" that did something like:
[01:20] <smoser> #!/bin/sh
[01:20]  * MTecknology blank stare
[01:21] <smoser> hm..
[01:21] <MTecknology> I see that in scripts all the time
[01:21] <smoser> so you have to deal with permissions to.
[01:21] <smoser> user can't run chroot.
[01:22] <smoser> the "shell" that was the users shell (ie, listed in /etc/passwd) in the outside shell would be '/bin/jailer'
[01:22] <smoser> /bin/jailer then would be either setuid root, or a shell script that called sudo
[01:22] <MTecknology> you mean I'd need to make my own script to deal with it?
[01:22] <smoser> hm..
[01:22] <smoser> i think you'll end up having to write something in C
[01:22] <smoser> yes, write your own "shell"
[01:23] <lowridah> in ubuntu is there a script like centos' 'setup' to do postinstall config all from one menu?
[01:23] <smoser> the rason i thin kyou need C is that you're going to have to chroot, and then drop permissions.
[01:23] <smoser> dchroot actually does this, its possible you could make use of it.
[01:23] <MTecknology> I thought that /chroot/./home/user was some awesome tool to drop the user into the chroot
[01:23] <smoser> maybe i'm just not aware of it.
[01:23] <lowridah> i have pxe installs of ubuntu going but i want one nice location to do the postinstall without having to hack up a preseed late_command
[01:24] <smoser> where di dyou see this ?
[01:24] <smoser> i really have to run...
[01:24] <smoser> but i'm somewhat intrigued.
[01:24] <MTecknology> in a few guides online - but those are all for ssh logins using a patched openssh-server
[01:25] <smoser> hm.. well the patched ssh server might be the thing.
[01:25] <smoser> lowridah, i'm not aware of anything that does what you really want.  there is no "first boot config" that i'm aware of.
[01:26] <lowridah> hmm
[01:26] <lowridah> okay thanks
[01:26] <MTecknology> there used to be I know.. but I forget its name
[01:26] <lowridah> i may have to delve into debconf for this =(
[01:26] <MTecknology> it was used during installation though
[01:27] <lowridah> during install is debconf
[01:28] <lowridah> oem-config-firstboot exists in oem installs
[01:50] <MTecknology> thesheff17: did you get anywhere on that?
[01:50] <MTecknology> thesheff17: I have almost have of one assignment done :D
[01:53] <thesheff17> MTecknology: hmm...well I can tell you I'm very rusty with chroot :) I did this on debian about 5 years ago....and the docs are just all over the place on this subject :(
[01:53] <MTecknology> thesheff17: I noticed :P
[01:53] <Graves> any1 want to walk me through setting up samba to share the apache folder where my windows box can upload html files
[01:53] <MTecknology> thesheff17: when I get this I'm going to make a GOOD step by step by step how to on it
[01:54] <MTecknology> thesheff17: after I tested and retested
[01:55] <MTecknology> thesheff17: for a novice user such as myself - the scattered and inconsistent docs make it pretty much hell to accomplish. :P
[01:55] <thesheff17> MTecknology: yea I thought for sure this would be well documented at this point.
[01:56] <patdk-lap> I have an issue with ipvs I just can't quite figure out, and can't seem to find any ipvs info about it :(
[01:56] <MTecknology> thesheff17: we'll take care of that, right? You teach me and I'll spend a couple days documenting?
[01:56] <patdk-lap> I have ipvs ipv4 setup, and working just fine
[01:56] <patdk-lap> I have had ipv6 using ipvs in nat, working fine
[01:57] <patdk-lap> just tried ipv6 with ipvs in dr mode, and can't get it to work, ipv6 won't do neighbor descovery
[01:57] <patdk-lap> I can't ping the ipv6 ip's of the real machines at all, the ipv6 neighbor descovery never can locate the ip
[01:58] <thesheff17> MTecknology: yea I'm going to keep working on it....it is really bugging me now since I have done it in the past and my linux skills where crap then :)
[02:00] <MTecknology> thesheff17: mine were crap then too - i don't know that they improved much :P - I can at least make simple packages and complex bash scripts now :)
[02:07] <thesheff17> MTecknology: got it
[02:08] <thesheff17> http://www.marthijnvandenheuvel.com/2010/03/10/how-to-create-a-chroot-ssh-user-in-ubuntu/
[02:08] <thesheff17> this worked perfect
[02:08] <thesheff17> just have to find the right how to :)
[02:08] <MTecknology> thesheff17: Need to package jailkit then?
[02:08] <thesheff17> yea I would use that
[02:09] <MTecknology> thesheff17: thanks - I wonder why it wasn't packaged yet...
[02:09] <thesheff17> MTecknology: I'm not sure
[02:09] <MTecknology> if it's just a config/make/install it should be trivial :P
[02:10] <MTecknology> thesheff17: I'll look into that and maybe get it into 11.04 - 10.10 very likely won't happen even for universe
[02:10] <thesheff17> MTecknology: do apt-get install linux-headers-`uname -r` build-essential
[02:10] <thesheff17> that will give you all the packages you need to build any software for linux
[02:11] <MTecknology> thesheff17: usually - lal requires a few different ones
[02:11] <MTecknology> I need to finish writing lal at some point :(
[02:11] <thesheff17> MTecknology: what is lal?
[02:12]  * MTecknology so wants to do !info lal
[02:12] <thesheff17> !info lal
[02:12] <MTecknology> http://projects.l3ib.org/lal/
[02:13] <MTecknology> I need to finish version 2.0 before I'll push for it to be in the repos - I do have a PPA for it though
[02:13] <MTecknology> thesheff17: https://edge.launchpad.net/~mtecknology/+archive/sysapps
[02:14] <thesheff17> MTecknology: nice
[02:15] <thesheff17> MTecknology: there may be a better way to do chroot but that how to got me start to working setup in 5 min...and we have been working on it all day :)
[02:15] <MTecknology> thesheff17: I may very well love your right now :P I'll have to try this in the morning when I finish homework (hopefully I can)
[02:16] <MTecknology> thesheff17: you should try out lal :) - that's the version without the calendar feature
[02:16] <thesheff17> MTecknology: sure I def will
[02:18] <thesheff17> MTecknology: yea I think chroot has fallen behind since so many people are using virtual machines now but it is def still valid on every systems.
[02:19] <thesheff17> hehe it works great I removed /home/jail/bin/ls
[02:19] <thesheff17> and now my testuser can't ls :)
[02:19] <MTecknology> :D
[02:20] <MTecknology> thesheff17: in my case I have very few resources to spare but users need to be able to log in and do things to their website. I locked it down so even if they can run php - it won't be able to do things like launch another php-cgi process - I don't think you can do that from inside a php script
[02:21] <Graves> i rebooted and i cant use vnc to login now
[02:21] <Graves> so some website told me to delete my keyring files
[02:21] <Graves> so i did
[02:21] <Graves> now it still wont work
[02:21] <MTecknology> thesheff17: that's my whole goal - lock down what the user can do so they can't chew up more resources such as php-cgi
[02:22] <thesheff17> MTecknology: yea chroot should do the trick :)
[02:23] <MTecknology> thesheff17: I'm hoping my assumptions are right about the rest of it or I need to take it a step further - and I don't want to :P
[02:25] <thesheff17> MTecknology: yea that should do the trick with just giving them enough to edit files
[02:26] <MTecknology> thesheff17: ya, I meant with the web server running outside of that chroot
[02:26] <MTecknology> thesheff17: unless I knocked that into a chroot too - but that would just get really messy
[02:27] <MTecknology> which would be the next step.. :P
[02:27] <thesheff17> MTecknology: well how do you have it setup now?  do you have it pointed to their home dirs?
[02:27] <thesheff17> MTecknology: with apache?
[02:28] <MTecknology> nginx
[02:28] <thesheff17> MTecknology: so nginx is pointing to their home dirs?
[02:29] <MTecknology> ya
[02:29] <MTecknology> php-cgi processes running as that user - each site uses the php process to access the home dir as that user
[02:29] <MTecknology> then nginx can read static content without php but can't run scripts or alter anything in there
[02:30] <thesheff17> MTecknology: can you just poing nginx to point to the jail?
[02:31] <MTecknology> ya, it would require sed -i 's/\/home/\/jail\/user/' /etc/nginx/snips/drupal && /etc/init.d/nginx reload
[02:31] <MTecknology> I think that would cover it..
[02:31] <MTecknology> granted I'd just edit by hand instead of sed :P
[02:32] <thesheff17> MTecknology: hehe yup that should all work.
[02:34] <MTecknology> thesheff17: <?php exec('php-cgi &'); ?> <-- if that fails then I win; if that wins - then I fail and must work harded - probably by tweaking what php can do
[02:35] <thesheff17> MTecknology: do you have safe mode enabled
[02:35] <thesheff17> MTecknology: for php I think that disables exec
[02:36] <MTecknology> thesheff17: I'm not sure but will absolutely check when I get to work - thanks :)
[02:36] <MTecknology> thesheff17: HUGS! ({)
[02:36] <thesheff17> MTecknology: I also thinks it disables uploads but yea I def look into safe mode for php
[02:36] <thesheff17> np
[02:37] <MTecknology> oh.. uploads might be needed - maybe there's a way around it. I'll test and find out. I'm sure my answer will be somewhere in php.ini
[02:37] <MTecknology> thesheff17: thanks for putting up with me and helping so much :)
[02:37] <thesheff17> MTecknology: np glad I could help.  I know chroot gave me a huge headache for days
[02:37] <thesheff17> MTecknology: I'm signing off tonight but will be back on tomorrow
[02:38] <MTecknology> thesheff17: alrighty, I'll let you know how it goes when I get there :)
[02:39] <thesheff17> MTecknology: safe mode is deprecated since 5.3.0...it has been a long time but I would check this out.  http://www.howtoforge.com/forums/showthread.php?t=47
[02:40] <thesheff17> MTecknology: ttyl
[02:40] <MTecknology> thesheff17: :D spiffy
[02:42] <patdk-lap> hmm, no idea what was wrong
[02:42] <patdk-lap> rebooted the *real server*, and they started working on ipv6 correctly
[02:50] <MACscr> ok, so apt-get isnt automatically or even asking to install dependencies. How can i change it so that it does?
[02:51]  * patdk-lap wonders how you managed to break it
[02:52] <MACscr> patdk-lap: its a very stripped down image for xen. Wasnt provided by me
[02:53] <MTecknology> MACscr: I know in aptitude it's a simple preference - i don't know about apt-get
[02:54] <MTecknology> MACscr: it should install deps - but you can tell it not to do recommends
[03:09] <MACscr> does aptitude and apt-get have access to the same "repos"? not sure exactly what ubuntu/debian calls them
[03:11] <harrison> Does anyone know of a good webmail guide, I tried squirrel mail but that didn't work.
[03:16] <patdk-lap> depends what you want
[03:16] <patdk-lap> simple and easy, or full featured and complex
[03:21] <MACscr> damnit, i cant get aptitude not apt-get to do dependencies and cant figure a way to fix it. I dont see anything in /etc/apt/apt.conf.d/ that might help me resolve it
[03:21] <MACscr> grr this is frustrating
[04:01] <hggdh> Daviey: tomorrow we will talk, BUT: I reinstalled the whole thing 4 times. *ALL* four times, all components -- including NCs -- registered successfully (and by themselves)
[04:05] <twb> Sounds like a *good* thing
[04:11] <hggdh> yes, except that without any changes (except for cosmic rays) it was not doing that before...
[04:12]  * patdk-lap thinks people are paranoid of cosmic rays
[04:13]  * hggdh brings up witches as possible causes, even if they do not exist
[04:13] <Graves> sooooo
[04:13] <Graves> i registerd a domain name
[04:14] <Graves> but they people cant forward it to a dynamic ip
[04:14] <Graves> what should i do
[04:20] <MACscr> what do i have to do to setup mysql so i can just type: mysql -u username -p, etc?
[04:20] <MACscr> its one of my biggest annoyances of debian/ubuntu is that every service command seems to need a path
[04:21] <ajmitch> given that it lives in /usr/bin, there should be no path needed for the mysql client
[04:23] <funkyHat> MACscr: that should work as it is. What's the output of echo $PATH ?
[04:25] <MACscr> hmm, looks like i have some errors left over from the last install. Check this out http://pastebin.com/PRxcEsNK
[04:27] <MACscr> guess the baruwa install didnt complete. Part of that actually came up when i was simply trying to install libwww-perl
[04:30] <ajmitch> judging from the bugs, mysql-cluster-7.0 is a mess
[04:31] <MACscr> but i just need 5 =P
[04:32] <ajmitch> did you have a reason for using mysql-cluster?
[04:32] <rdw200169> Graves: still there?
[04:32] <MACscr> well it appears that baruwa works with clusters, which is what i want to move to with this setup, but i havent even had a chance ot try out the software on a single server config yet
[04:33] <bcomp> hi
[04:33] <ajmitch> then in the meantime you can probably use mysql-server-5.1 and mysql-client-5.1
[04:34] <bcomp> i'm having a problem accessing my server from the internet
[04:34] <bcomp> I set up port forwarding on the router and changed from dhcp to static ip on the server
[04:35] <bcomp> but for some reason I can't ssh from anywhere outside my LAN
[04:35] <rdw200169> its possible that your ISP may be blocking incoming connections
[04:36] <bcomp> is there a workaround?
[04:36] <rdw200169> is your router directly connected to the internet connection, or is there like a DSL modem in between your router and internet connection?
[04:36] <bcomp> cable internet modem box, then a router, then the server
[04:36] <rdw200169> sometimes, DSL 'modems' are actually routers
[04:36] <rdw200169> hmm...
[04:36] <bcomp> then maybe I have two router and i though i had one hah
[04:37] <rdw200169> exactly, but cable modems, as far as i know, are always just modems
[04:37] <rdw200169> at least the cable modems provided by cable companies, like the surfboard
[04:37] <bcomp> ah good
[04:38] <ScottK> rdw200169: Sometimes they are routers too.
[04:38] <rdw200169> ScottK: ok ok, fair enough, thats why i said "as far as i know" ;)
[04:38] <bcomp> also, would it be bad to set up router port forwarding, and put the server on dmz?
[04:39] <rdw200169> dmz is like 'total port forwarding'
[04:39] <ScottK> rdw200169: Sure.  Understood.
[04:39] <bcomp> well yeah, i just wondered if it would mess things up or something
[04:40] <rdw200169> nah, its just kinda pointless to do port forwarding if you're gonna put it on a the DMZ
[04:40] <rdw200169> anyway, i was gonna say, have you tested SSH *without* the modem to verify if it is actually a modem issue?
[04:40] <bcomp> what do you mean?
[04:40] <rdw200169> i mean, without the router
[04:41] <rdw200169> like, plug the server straight into the internet connection
[04:41] <bcomp> oh no
[04:41] <bcomp> because then I wouldn't be able to access the internet with other computers to test it hah
[04:41] <rdw200169> if your server has a firewall, it should be fine on the WWW
[04:41] <rdw200169> if you want, i can test for you
[04:41] <bcomp> hmmm
[04:42] <rdw200169> i *am* on the other side of the internet, so i can test things
[04:42] <bcomp> lol
[04:42] <rdw200169> but it doesn't necessarily have to be SSH, just anything, like a webserver or something
[04:42] <bcomp> well yeah
[04:42] <bcomp> i weighing the effort needed to walk to my server in the other room
[04:43] <bcomp> agh ok
[04:43] <rdw200169> that, or, i can test what you have right now
[04:43] <bcomp> that might be better
[04:44] <bcomp> i'm pretty new at this, if it isn't apparent
[04:44] <bcomp> should i send you the ip, straight up?
[04:44] <rdw200169> if you want
[04:45] <rdw200169> i'm assuming that if you're gonna run a server, you're gonna get your IP out there anyway
[04:45] <MACscr> ajmitch: im not picking what needs to be installed, thats from the .deb i installed
[04:45] <bcomp> good point
[04:45] <MACscr> the .deb for baruwa
[05:10] <MACscr> ok, i got past that stuff and just installed the mysql-client. Now here is my noob question for the day. How do i restart mysql? I dont see anything located in /etc/init.d/ for mysql
[05:14] <MACscr> nvm
[05:17] <bcomp_> .
[05:55] <MTecknology> http://www.tldp.org/HOWTO/Kernel-HOWTO/ - "because it don't fitted the LDP standard." Is English not one of the standards you have?
[06:00] <MACscr> ha
[06:03] <twb> MTecknology: submit a patch
[06:05] <MTecknology> twb: perhaps if I have time at some point in the next year :(
[06:06] <MTecknology> sleepy time.. I'll talk to you all when the sun comes up again.
[06:18] <Roxyhart0> hi there, somebody know how work the order form rule in iptables? I mean the the first match stop checking the rest or check every rule in the table?
[06:45] <rdw200169> Roxyhart0: first match
[06:46] <Roxyhart0> thanks
[06:48] <rdw200169> Roxyhart0: if you read some 'standard' firewall configurations, like the 'standard' firewall that firestarter uses, a lot more about iptables makes sense.
[06:52] <rdw200169> Roxyhart0: on the rule matching, the last word in an iptables command specifies what to do, i.e. the jump part, -j.  this determines the 'next step' in the rules.  for example, the "-j LOG" target allows you to match a packet, log it, and ***continue through the table***
[06:54] <rdw200169> Roxyhart0: its hard for me to say that *every time the table is first match -> stop* b/c there are so many Target Extensions available for use in iptables...
[06:55] <Roxyhart0> yes, i know...i am trying to figure out with some rules that i got
[06:56] <rdw200169> if you need any help, i'm pretty good at iptables/iproute2
[06:56] <Roxyhart0> it is just i need block port 25 por everybody except 2 Ips
[06:57] <Roxyhart0> so i did drop port 25 and acet when come form those ips
[06:57] <rdw200169> ah, easy
[06:57] <Roxyhart0> but sometimes works and sometimes dont
[06:57] <rdw200169> first, match for that IP/port combination then ACCEPT
[06:57] <rdw200169> then, after those rules, drop all other port 25 traffic
[06:58] <Roxyhart0> i did that but sometime does work..it is like intermitent
[06:58] <rdw200169> so the table catches that IP address going to that port *first* before dropping the other stuff
[06:58] <rdw200169> do you have a log target prior to your drop target to catch whats getting dropped?
[07:00] <rdw200169> is this like your iptables match: -A INPUT -s USER_IP -p tcp -m tcp --dport 25 -j ACCEPT
[07:01] <Roxyhart0> no but i got a first rule that say, if some ip go to the mail server go to the rule email server and after those rules it the rule to accept port 25 and then
[07:02] <Roxyhart0> drop everyone else
[07:03] <rdw200169> so the whole thing starts with something like -A INPUT -d MAIL_SERVER_IP -j MAIL_SERVER_RULES_INCOMING
[07:03] <rdw200169> right?
[07:04] <Roxyhart0> to it start a -A FORWARD -s 172.19.0.0/24 -i vlan30 -j Staff
[07:04] <Roxyhart0> where staff is a rule
[07:05] <Roxyhart0> then in staff
[07:05] <Roxyhart0> -A Staff -d 172.20.0.2/32 -o vlan2 -j mailserver
[07:05] <Roxyhart0> and then bellow that
[07:06] <rdw200169> ok
[07:06] <Roxyhart0> -A Staff -s 172.19.0.100/32 -p tcp -m tcp --dport 25 -j ACCEPT
[07:06] <Roxyhart0> -A Staff -p tcp -m tcp --dport 25 -j DROP
[07:06] <Roxyhart0> sorry is 20 instead 19
[07:06] <Roxyhart0> but still dont work
[07:06] <rdw200169> ah, got it
[07:08] <rdw200169> ok, i don't see the rest of your rules, obviously, but lets just assume that you *don't* need to specify the interface
[07:08] <Roxyhart0> so my question is if i send e email from this address first go to the rule emailserver
[07:08] <Roxyhart0> and then come back to drop the file
[07:08] <Roxyhart0> the package
[07:08] <rdw200169> the kernel, if spoofing is enabled, will automatically drop packets if it looks like the traffic is coming from an unlikely location
[07:08] <Roxyhart0> why?
[07:09] <rdw200169> the routing table will take care of that
[07:09] <twb> ITYM Reverse-Path Filtering (net.ipv4.conf.*.rp_filter)
[07:09] <rdw200169> the kernel knows where the packet originated from and where its going, and the 'hooks' will catch the correct direction
[07:09] <rdw200169> thanks twb thats what i was thinking of
[07:10] <twb> raw iptables usage should probably be discussed on #netfilter.
[07:10] <rdw200169> twb: fair enough, he got me started ;)
[07:10] <twb> rdw200169: I plonked Roxyhart0 long ago
[07:10] <Crewsr3> I've been asked to learn about EC2.  Is there a way to set up a local EC2 sever so I could practice setting up instances with out getting charged.  I have a extra box with virtualization CPU
[07:11] <twb> Crewsr3: I believe so, but I don't do whatever-eucalyptus-is-called-this-week
[07:12] <Crewsr3> sorry, I'm really new to all of this, what is eucalyptus?
[07:12] <twb> this whole "cloud computing" thing
[07:13] <Roxyhart0> well, i dont know why tbw did it, as i still can read his messages. I is rude and not gendelman at all
[07:13] <Roxyhart0> thanks for your help rdw200169
[07:14] <twb> cf. http://en.wikipedia.org/wiki/Amazon_EC2, http://en.wikipedia.org/wiki/Eucalyptus_(computing), UEC.
[07:14] <rdw200169> no problem, if you want to discuss iptables more, you should go to #netfilter.  he's right, this is where we discuss ubuntu server questions, not hardcore firewalling/routing (not really a 'server' function ;))
[07:14] <Crewsr3> so in theory there is a way to install ubuntu server in the same way the EC2 is setup, so I can learn how to build an instance locally
[07:14] <Roxyhart0> thanks
[07:14] <pthsWork> Good morning all. I've sent the following message on #samba, but maybe someone here could help me figure out what is going on:  I've got a winbind problem. I've got a AD 2008r2 Server which I use for user management and a samba 3.4.7 file server. For some reason Winbind stops retrieving user updates (getent passwd). log.smbd says:
[07:14] <pthsWork>  winbindd/winbindd_user.c:97(winbindd_fill_pwent)
[07:14] <pthsWork>    error getting user id for sid S-1-5-21-1886463297-1098047934-3826461101-1128
[07:14] <pthsWork>  [2010/08/03 07:54:30,  1] winbindd/winbindd_user.c:856(winbindd_getpwent)
[07:14] <pthsWork>    could not lookup domain user ptstest4
[07:15] <Roxyhart0> still i think he is very rude, i am sure he have at leat a mum, he should not ne rude
[08:06] <blinkiz> Hi there. I have a virtualization cluster (kvm+libvirtd+corosync+iscsi) where I have a problem with cache. Sometimes we clone machines on our storage server. The virtualization server does not see this and has some kind of cache of what it things should exist on storage server. I need a way to flush this cache on the virtualization server. Maybe this cache is within ISCSI?
[08:07] <blinkiz> A reboot of  the virtualization question and the cache is flushed. So it absolutely some kind of cache effect on the virtualization server
[08:07] <blinkiz> question = server.. Hmm, interesting typo ;)
[08:58] <comron> Hello, anyone around this late? :)
[09:01] <andol> comron: Well, given the earth being round...
[09:02] <comron> andol: late, early it's all the same :)
[09:03] <comron> andol: I'm trying to rebundle an AMI from http://alestic.com/, but I'm running into some problems. Think you could help?
[09:05] <andol> comron: Nope, nothing I am terrible familiar with.
[09:05] <bcomp> so... i was going to figure this out tmrw, but it's bothering me
[09:05] <bcomp> my ubuntu server has a filtered port 80
[09:06] <comron> well, maybe this sounds familiar: When I try an apt-get update, I get an error that says "E: Sub-process returned an error code". Sound like anything you know of?
[09:06] <bcomp> so all http transfer to anywhere outside my lan doesn't work
[09:07] <bcomp> i'm using shorewall btw
[09:07] <bcomp> if anyone can advise I'm eternally grateful
[10:25] <ttx> Daviey: I'm starting earlier than expected
[10:25] <ttx> Daviey: any progress on your side, before I start reproducing on my rig ?
[10:25] <Daviey> ttx: oh.. goody :)
[10:26] <Daviey> ttx: I would find it handy for you to reproduce with the latest ISO.  I think things might be better than hoped
[10:27] <ttx> ah.
[10:27]  * ttx rsyncs
[10:29] <Daviey> ttx: Good to see this daily is in size \o/
[10:31] <ttx> it still has hplip though
[10:32]  * ttx wonders how we shaved those few Mb
[10:32] <Daviey> ttx: probably no kernel :)
[10:46] <ttx> Daviey: installing the CLC+WC+CC+SC
[10:53] <Daviey> ttx, I'm deploying a fresh one now.
[11:23] <ttx> Daviey: node being installed, stopping for lunch
[11:24] <Daviey> ttx, super!
[11:27] <kamaze> sup
[11:27] <kamaze> someone has a word to: BIND9 vs Unbound?
[11:34] <twb> I use dnsmasq.
[11:53]  * Daviey screams
[11:59] <loma> hi i have a ubuntu server that i access via ssh from a mac
[12:00] <loma> is there anyway i can see the desktop on the server?
[12:00] <loma> like graphical desktop...
[12:00] <twb> Ubuntu Server does not have a graphical desktop.
[12:01] <loma> o so no way?
[12:01] <_ruben> if you want one, install the desktop (edition)
[12:01] <loma> cant i just install ubuntu-desktop?
[12:01] <twb> You can.
[12:02] <_ruben> server + desktop = desktop != server ;)
[12:02] <twb> You could run the X server on your Mac, and install and run X app(s) on the Ubuntu Server.
[12:06] <ivoks> ttx: we can postpone that bacula 'bug', but the truth is that it really isn't fixable :/
[12:07] <ivoks> ttx: unless we allow predepend
[12:28] <ttx> ivoks: ok, I'll unmark it as a papercut then
[12:30] <ivoks> is there a method to run something after all packages are installed?
[12:30] <ivoks> like triggers do for kernel and libc
[12:30] <ttx> ivoks: I don't think so
[12:31] <ivoks> cause that would solve this issue
[12:31] <ivoks> otherwise, we can't postpone configuration of bacula, if mysql isn't started
[12:32] <zash> Hello, my mysql setup is horribly broken, HALP!
[12:33] <zash> This stuff just forkbombs itself: http://conference.prosody.im:5280/pastebin/4ab10f55-43d5-4cf5-a773-991b4db69dde
[12:33] <zash> from /etc/mysql/debian-start
[12:33] <ttx> Daviey: in my A3 test, the node is registering correctly
[12:33] <Daviey> ttx: in registration.log, what return code are you getting?
[12:34] <Daviey> ttx: And are you getting errors in registration.log of the $clustername not being found?
[12:34] <ttx> I'm getting 0
[12:34] <Daviey> ... clean install.. i just got 1
[12:34] <ttx> that one is normal
[12:34] <ivoks> zash: ?
[12:35] <ttx> Daviey: cluster not found, retrying in 10sec
[12:35] <ttx> then cluster is found
[12:35] <ivoks> ah, those clusters :)
[12:35] <ttx> Daviey: "euca-describe-availability-zones verbose" returns as it should
[12:36] <zash> ivoks: I get a whole bunch of xargs procs that never finishes, and the load spikes and eventualy something gets oom killed
[12:36] <ttx> Daviey: euca_conf --list-nodes is the only thing that doesn't work here
[12:37] <ivoks> zash: what are you doing exactly?
[12:37] <ttx> Daviey: could you explain to me how you installed it ?
[12:37] <Daviey> ttx: This is interesting.. clean install gave me a return code of 1 for node registration in registration.log
[12:37] <zash> ivoks: just plain starting it
[12:37] <ivoks> mysql?
[12:37] <Daviey> ttx: fully preseeded..
[12:37] <zash> ivoks: yes
[12:37] <ivoks> with 'service mysql start'?
[12:38] <ttx> Daviey: not an ISO install ?
[12:38] <Daviey> ttx: no
[12:38] <ttx> Daviey: then your preseed is wrong
[12:38] <Daviey> Hmm
[12:38] <zash> ivoks: /sbin/start
[12:38] <ttx> Check CC key in the NC /var/lib/eucalyptus/.ssh/authorized_keys
[12:38] <ttx> is it present ?
[12:38] <ivoks> zash: /sbin/start mysql
[12:38] <Daviey> ttx: doing a fresh install as we speak.. will need 20 mins.
[12:39] <ttx> Daviey: define "fresh install"
[12:39] <Daviey> ttx: fresh preseeded..
[12:39] <ttx> Daviey: you should run an ISO install
[12:39] <ttx> Daviey: to confirm that it's working correctly
[12:40] <zash> ivoks: the init.d script says to use start at least
[12:40] <ttx> I'm pretty sure the preseeding can introduce its own set of bugs, and that's not what we are testing for the milestone
[12:40] <Daviey> ttx: Agreed.. i really want to try and reproduce this install.. see the behaviour i have, then will do an iso manual install.
[12:41] <Daviey> ttx: Part of the problem, the testing that hggdh does - has to be preseeded.
[12:41] <ttx> I agree with that... but that's a bug in the testing env, not in UEC
[12:42] <zash> ivoks: hm, service start and /sbin/start just sits there and does nothing
[12:42] <ttx> I suspect your preseed fails to deploy the CC key on the NC, so the registration fails
[12:43] <ttx> If the ISO installer works, that proves that the bug is in the preseeding
[12:43] <Daviey> yes.. i think this could be the case
[12:43] <ttx> Commenting on the bug...
[12:43] <ttx> Now that I'm here, I'll try to run an instance
[12:44] <zash> gah, now it says mysql is started, except it's not:(
[12:44] <Daviey> ttx: That failed for me a few mins ago.. but i know it worked yesterday!
[12:44] <ivoks> zash: stop it
[12:45] <ivoks> zash: kill all running mysql processes
[12:45] <Daviey> (ttx: registering an instance)
[12:45] <Daviey> image*
[12:46] <zash> ivoks: check
[12:46] <ivoks> zash: now start it with 'start mysql'
[12:46] <ivoks> zash: and look into /var/log/syslog
[12:47] <zash> ivoks: Aug  3 13:47:41 gladius init: mysql post-start process (15082) terminated with status 1
[12:48] <ivoks> zash: is your database empty or you have something in it?
[12:48] <zash> ivoks: i have a bunch of wordpresses and some other stuff
[12:49] <zash> ivoks: it's been broken since upgrade from hardy, and i tried doing a purge and reinstall and putting the dbs back
[12:50] <zash> ivoks: but it just ended with me giving up and doing sudo -b -u mysql mysqld
[12:52] <ivoks> khm
[12:52] <ivoks> that was a bad decission
[12:53] <ivoks> mysqld is started trough mysqld_safe
[12:53] <ivoks> now it probably has all the data in wrong places
[12:53] <ivoks> and that could be a reason why it fails
[12:53] <ttx> Daviey: instance running
[12:54] <ttx> Daviey: it works way better than you and Carlos seemed to say
[12:54] <Daviey> ttx: OK.. this makes NO SENSE.. using identical preseed file, i've just had a return 0 for node registration.log
[12:55] <Daviey> I'm convinced there is something inconsistent, like a weird race condition - depending when you enter the loop.
[12:56] <zash> ivoks: hm, just starting mysqld_safe works, but then I can't login
[12:57] <ivoks> it looks to me that eeverything is broken :)
[12:57] <ivoks> zash: do you have anything in /etc/mysql/conf.d?
[12:57] <ttx> Daviey: looks like you'll have to rinse/repeat until you reproduce it :)
[12:57] <Daviey> oh joy.
[12:58] <ttx> Daviey: try an ISo install following http://testcases.qa.ubuntu.com/Install/ServerUECTopology1
[12:58] <ttx> Daviey: if that works for you, its no longer a critical issue for A3
[12:58] <Daviey> agreed...
[12:58]  * Daviey does the dance, hoping he doesn't hit that issue :)
[12:58] <ttx> Daviey: whenever you isolate it, ping me so that we look into it together
[12:58] <zash> ivoks: empty
[12:59] <ivoks> zash: how about /var/lib/mysql?
[12:59] <ivoks> zash: are your databases there?
[12:59] <zash> ivoks: yes
[13:01] <waheedi> any one have installed ruby 1.92 on ubuntu 9.10
[13:01] <waheedi> ?
[13:02] <waheedi> how can i get it installed ?
[13:03] <zash> ivoks: how about I run `mysqld`, export everything and then reinstall and restore
[13:04] <ivoks> you can do that, of course
[13:04] <ivoks> export all databases
[13:04] <ivoks> including mysql
[13:04] <ivoks> and then edit that dump, so that it doesn't contain deleting existing mysql database
[13:05] <ivoks> and make sure to remove root and debian-sys-maint from mysql.users
[13:05] <ivoks> or is it mysql.user
[13:05] <hggdh> Daviey: good morning, I see you and ttx have been playing with UEC
[13:05] <ttx> hggdh: it works very well for me :P
[13:06] <hggdh> :-)
[13:06] <hggdh> I do not doubt
[13:06] <Daviey> heh
[13:06] <Daviey> hggdh: You need to learn the dance.
[13:07] <hggdh> ttx: it does sound like some sort of race -- on the 6 installs I did yesterday, 2 failed to register the components, four succeeded
[13:07] <hggdh> Daviey: too old to dance ;-)
[13:07] <zul> ivoks: php has triggers afaik
[13:08] <Daviey> smoser: Are you around?
[13:08] <ttx> hggdh: define "fails to register the components"
[13:08] <ttx> all of them ?
[13:09] <hggdh> ttx: all of them.
[13:10] <hggdh> ttx: I had to manually --register-<whatever>
[13:10] <ttx> hggdh: anything in registration.log ?
[13:11] <hggdh> ttx: yes, let me see if I find it
[13:11] <waheedi> how can i install ruby 1.92 on ubuntu ?
[13:14] <Daviey> smoser: as soon as you are about, can you ping me please?
[13:14] <Daviey> smoser:  ... i want to talk about your patch
[13:14] <hggdh> ttx: http://pastebin.com/mZ1U8GVK
[13:15] <hggdh> ttx: this is a all-in-one install
[13:15] <Daviey> hggdh: two server deployment?
[13:15] <ttx> hggdh: euca_conf --register-cluster returned 1
[13:16] <ttx> hggdh: when you ran that manually it passed ?
[13:16] <ttx> also, is the CLC key present in the CC's /var/lib/eucalyptus/.ssh/authorized_keys ?
[13:19] <hggdh> ttx: yes,manual registration passed. And CLC, CC, SC, Walrus on the same machine
[13:19] <hggdh> keys were in the authorised_keys
[13:19] <hggdh> authorized_keys
[13:19] <ttx> rigth, since it's the same machine
[13:20] <ttx> so euca_conf didn't return 1 because it couldn't scp to the CC
[13:20]  * ttx curses bad return codes
[13:20]  * hggdh comiserates
[13:21] <ttx> Daviey: looks like you should redirect the output of euca_conf to /var/log/eucalyptus/registration.log in /usr/share/eucalyptus/registration/*
[13:21] <ttx> since "1" is not enough
[13:21] <Daviey> yeah
[13:22] <ttx> in hggdh case, it's striking that on the same machine the Walrus registered correctly but not the CC
[13:22] <ttx> since they are using the same key and the same kind of command
[13:22] <ttx> maybe some concurrency
[13:22] <ttx> running them both at the precise same time fails
[13:23] <ttx> so manually registering afterwards would just work
[13:23] <Daviey> good theory
[13:23] <ttx> Daviey: but that wouldn't explain your node registration issue
[13:23] <ttx> since the node is quite alone when it registers
[13:23] <Daviey> yeah.. i think euca_conf has some bugs tbh.
[13:27] <hggdh> oh boy, this adding return codes is weird
[13:31] <ttx> Alpha3 Server ISO candidate posted !
[13:31] <ttx> Please start a reasonable amount of ISo testing, to catch the kitten killers
[13:32]  * patdk-lap hugs the kitten killers
[13:32] <ttx> 20100803 was quite OK, but we are now testing 20100803.2 :)
[13:33] <Daviey> ttx: I thought tomorrows was going to be the candidate?
[13:34] <ttx> Daviey: you plan a new eucalyptus ?
[13:34] <Daviey> ttx: yes
[13:34] <ttx> ETA ?
[13:34] <Daviey> by end of play today
[13:34] <Daviey> I wanted to land smosers patch especially
[13:35] <ttx> The current candidate will *not* be the A3 final
[13:35] <Daviey> Also, i have a new upstream snapshot waiting
[13:35] <Daviey> Ahhh
[13:35] <Daviey> ok.. that is good :)
[13:35] <ttx> but we still need to tset it reasonably
[13:35] <Daviey> agreed
[13:35] <ttx> in order to catch bugs that need to be fixed by A3 (the kitten killers mentioned above)
[13:35] <ttx> so running /some/ISO testing is necessary
[13:36] <ttx> otherwise you start testing tomorrow and realize, too late, that it's utterly broken
[13:36] <ttx> we don't aim for 100% test coverage on the current candidate
[13:36] <Daviey> yeah
[13:36] <ttx> we aim for "confidence testing"
[13:36]  * hggdh goes for yet another install ;-)
[13:36] <smoser> Daviey, give  me 5 minutes please.
[13:36] <Daviey> hggdh: Have confidence :)
[13:36] <Daviey> smoser: ok, cool
[13:38]  * hggdh has equal measures of confidence, hope, acceptance, and despair
[13:47] <Daviey> smoser: Does this contain all your changes? http://pb.daviey.com/ZTOb/raw/ .. thanks :)
[13:51] <smoser> Daviey, looking
[13:51] <Daviey> ta
[13:52] <MTecknology> So.. for using Ubuntu.. I do a lot of compiling things :P
[13:52] <pmatulis> MTecknology: not supposed to
[13:53] <MTecknology> pmatulis: only on my laptop- I compile vbox modules, a very trimmed down kernel, and a couple other things that don't get installed - then also building packages and coompiling a few things to test source
[13:55] <pmatulis> MTecknology: and then pray that apt won't get angry?
[13:56] <MTecknology> pmatulis: I apt'ed removed the kernel so it shouldn't complain about that - I never make install anything else - vbox modules play pretty nicely with it
[13:57] <MTecknology> pmatulis: It's kinda fun :P I'm on 2.6.35 :)
[13:57] <MTecknology> pmatulis: not something I would recommend to anyone that wants a stable system of course
[13:58] <smoser> Daviey, i think it does, yes.
[13:58] <smoser> did i do something wrong ?
[13:59] <Daviey> smoser: Hmm.. not really
[13:59] <Daviey> just want to land it in the ~ubuntu-core-dev devel branch
[13:59] <Daviey> not to ~ubuntu-branches
[14:00] <Daviey> you did good :)
[14:00] <smoser> hm..
[14:57] <m_tadeu> hi...I'm trying to install ncurses but apt says that it's not available, but is referenced by another package
[14:57] <smoser> ttx, are you aware of any reason I should not run tests on ec2 images ?
[14:57] <ttx> smoser: no
[14:58] <smoser> alright. then i'm going to kick that off.
[15:02] <m_tadeu> how can I install ncurses?
[15:06] <hggdh> m_tadeu: apt-get install ncurses-base ncurses-bin ncurses-term
[15:12] <ScottK> SpamapS: Kolab uw-imap patches are uploaded.  I'll take a shot at php-imap tonight or tomorrow.
[15:12] <m_tadeu> hggdh: thanx
[15:13] <zash> gah, reinstall of mysql failed
[15:13] <zash> "could not set root password" :(
[15:22] <zash> okay, reinstalled, no root password
[15:22] <zash> it still just stops at "start mysql"
[15:22] <zash> and does nothing
[15:22] <zash> Aug  3 16:22:45 gladius init: mysql main process ended, respawning
[15:24] <hggdh> ttx: there?
[15:24] <zash> http://q.zash.se/bfb697b5.txt
[15:29] <ttx> hggdh: yes
[15:29] <hggdh> ttx: did you install UEC on the separate topo?
[15:30] <ttx> hggdh: I did topology 1
[15:30] <ttx> I no longer have the hardware for topology2/3
[15:31] <hggdh> ttx: thanks. On topo2, my CLC does not come up (no walrus, 'do not do what you have done ever again' message)
[15:32] <ttx> hggdh: you mean: the CLC+Walrus doesn't come up ? I can test that.
[15:32] <MTecknology> thesheff17: g'morning
[15:33] <MTecknology> thesheff17: I'm waiting for Launchpad to build it
[15:35] <hggdh> ttx: just the CLC, fully-separate install
[15:36] <ttx> hggdh: so you install the CLC, and it doesn't come up ?
[15:36] <hggdh> ttx: correct
[15:36] <hggdh> just had it
[15:36] <ttx> I'll try that
[15:36] <thesheff17> MTecknology: brb I have to run next door to pick up my paycheck that fedex screwed up :)
[15:37] <zash> srsly, a clean install of mysql doesn't work
[15:42] <MTecknology> thesheff17: fine then, don't talk to me :'(
[15:43] <zash> so, purging mysql-server and reinstaling it results in it asking for a mysql root passwor 3 times, then just freezing
[15:43] <zash> on start mysql
[15:43] <zash> which fails
[15:52] <MTecknology> thesheff17: it built ok on my local system - so... I'm guessing it'll build fine in Launchpad. I setup a recipe for it too. :)
[15:58] <ttx> zash: which version ?
[15:59] <zash> ttx: ubuntu 10.04, latest mysql-server
[15:59] <ttx> zash: define "latest"
[15:59] <ttx> 5.1.41-3ubuntu12.6 ?
[15:59] <zash> 5.1.41-3ubuntu12.6
[16:00] <ttx> zash: could you file a bug about that ?
[16:01] <ttx> https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+filebug
[16:01] <ttx> zul: ^ could you look into the bug once it's filed ?
[16:01] <zash> https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/573318 looks like it
[16:01] <zul> ttx: ack
[16:03] <ttx> zash: except it affects a different version, and the current one is supposed to actually work.
[16:03] <ttx> zash: please file a new one, we'll make it a duplicate if needed
[16:04] <zash> k
[16:05] <zul> wheee...
[16:05]  * zul kicks launchpad
[16:06]  * ScottK kicks too.
[16:11] <SpamapS> ScottK: pretty sweet really.. kolab got me all excited about it when they first released.. maybe now it will actually be easy to deploy. ;)
[16:13] <Dark-Sun> Hi every1, i'm looking for ubuntu cloud channel, can't find it with google!
[16:14] <binBASH> you just reached it
[16:15]  * Dark-Sun guess cat eats the keyboads!
[16:15] <zul> SpamapS, Scottk: php 5.3.3 wth the kolab patches will be uploaded after alpha3
[16:16] <Dark-Sun> nice to find you pals
[16:16] <zul> SpamapS: hey btw
[16:18] <Dark-Sun> does CLC provide DHCP server by default?
[16:20] <Dark-Sun> what a stupid question! alright, any idea on how to set ip for a br0 in "interfaces" file? is it like a usual eth0?
[16:20] <ttx> Dark-Sun: no, it's slightly different
[16:20] <Dark-Sun> cause i c some other options there
[16:20]  * ttx recommends following https://help.ubuntu.com/community/UEC/
[16:21] <e-jat> Failed to bring up eth0 in my guest vm
[16:21] <ttx> https://help.ubuntu.com/community/UEC/PackageInstall has a bridge config example
[16:21] <ttx> but I recommend doing an ISO install
[16:21] <e-jat> any idea ?
[16:22] <Dark-Sun> ttx: you're the best, thanx bro, i gonna chck it out ;)
[16:22] <e-jat> i already bridge the interface
[16:22] <ScottK> zul: I think it just touches php-imap, which is in Universe, but I'll double check.
[16:22] <ttx> Dark-Sun: np, bro
[16:22] <zul> ScottK: yep i know...its queued for post-freeze
[16:22] <e-jat> got some guest running out of the box .. and recently just create a new vm then cant get the network
[16:22] <ttx> hggdh: CLC install inprogress
[16:23] <ScottK> zul: If it's in Universe, why wait?
[16:23] <zul> ScottK: because it depends on 5.3.3
[16:23] <e-jat> even i already set static IP for the guest vm
[16:23] <ScottK> zul: OK.  Makes sense.  Thanks.
[16:23] <e-jat> some one can help me ?
[16:24] <hggdh> ttx: thanks
[16:29] <ejat> i just recreating new vm using virt-clone but suddenly the clone network doesnt working
[16:29] <ejat> how can i troubleshoot
[16:29] <ttx> hggdh: reproduced
[16:29] <ttx> hggdh: looks like the CLC can no longer start if the walrus is not running
[16:30] <ttx> hggdh: running the two on the same machine actually starts both at the same time
[16:30] <ttx> hggdh: which must... kinda work
[16:32] <ttx> hggdh: that's a regression, it used to work.
[16:32] <SpamapS> zul: howdy
[16:33] <ttx> hggdh: you'll file it ?
[16:33] <ttx> or should I ?
[16:34] <ttx> SpamapS: for cassandra; did you create anything in LP except the team and the PPA ?
[16:34] <ttx> SpamapS: I'm mimicking your work for Terracotta
[16:35] <hggdh> ttx: done :-)
[16:35] <SpamapS> ttx: I created a project too, but it disappeared
[16:35] <hggdh> ttx: bug 613033
[16:39] <SpamapS> can somebody look at bug 611695 and tell me if the "Won't Fix" status is appropriate? After marking it as such, I'm wondering if maybe I should change it to Triaged and we can SRU it.
[16:42] <a_ok> has anyone here used iozone before?
[16:52] <ttx> hggdh: commented on the bug
[16:54] <hggdh> ttx: and I marked it regression-potential/Triaged/High. I am adding the upstream now
[16:55] <ttx> hggdh: hopefully they don't really need it and can unbreak it
[16:55] <hggdh> ttx: one can always hope ;-)
[17:04] <ejat> is there an issue with mysql-server-5.1_5.1.41-3ubuntu12_amd64.deb ?
[17:04] <ejat> seem like it hang while upgrading it ..
[17:05] <SpamapS> ejat: https://bugs.launchpad.net/ubuntu/+source/mysql-dfsg-5.1/+bug/613032 ?
[17:05] <ejat> SpamapS: thanks
[17:06] <SpamapS> ejat: thats relatively new
[17:06] <SpamapS> 50 minutes ago. ;)
[17:06] <SpamapS> so nobody has really looked at it yet
[17:07] <ejat> thanks .. bcoz i just create a new image .. then wanna do the update .. suddenly .. looks like it hang :)
[17:08] <hggdh> Daviey: you have just been given a gift -- another bug to look at ;-)
[17:09] <Daviey> hggdh, Luck, Lucky me :)
[17:15] <hggdh> Daviey: I feel your pain...
[17:40] <SpamapS> woohoo back down to single digit untriaged bugs.
[17:40]  * SpamapS ^5's kirkland 
[17:52] <hggdh> ttx: heh. It is completely broken... I just installed CLC+Walrus, and it is failing because there is no SC
[17:53] <hggdh> ttx: "Do not ever do whatever it is you did: Failed to lookup required component: storage"
[18:02] <Dark-Sun> alright guys, i gonna go
[18:02] <Dark-Sun> i love you!
[18:02] <Dark-Sun> bye
[18:03] <Daviey> hggdh: oh joy!
[18:10] <hggdh> Daviey: I should have thought of asking them, sorry
[18:11] <hggdh> Daviey: htank you very much indeed.
[18:14] <Daviey> hggdh, Oh, no problem - lets see what they say
[18:15] <hggdh> I hope it is the Right Thing they say ;-)
[18:16] <SpamapS> hggdh: should we expect isos for iso testing soon?
[18:16]  * SpamapS says, knowing full well thats a good question for the meeting in 45 min
[18:16] <hggdh> SpamapS: I would say yes
[18:20]  * hggdh also considers it a good Q for the meeting ;-)
[18:20] <hggdh> but I think we are quite stable now
[18:48] <ttx> SpamapS: we should be respinning if Daviey commits a new euca
[18:49] <Daviey> hggdh: ttx may say otherwise, but doing some smoke testing with the current ISO could only be a good thing :)
[18:49] <Daviey> ttx: Still on track to land later tonight, published in time for the scheudled spin
[18:50] <ttx> Daviey: the scheduled spin is disabled, you'll have to ask for a respin in #ubuntu-release
[18:51] <ttx> Daviey: we have reasonable smoketest for an ISO we know is not the final candidate
[18:51] <Daviey> ttx: Oh.. i didn't know this
[18:52] <ttx> the daily is usually disabled when you freeze
[18:52] <Daviey> ttx: I don't want to push this latest change without doing some local testing of the binary debs.  This being the case, it's not likely to need uploading until you have EoD'd
[18:53] <ttx> Daviey: ideally you'd commit it by your eod, ensure someone in the US shift sponsors it...
[18:53] <Daviey> ttx: So if my local testing is good, i'll get it uploaded - and you request a respin if this happens tommorrow?
[18:53] <ttx> and i'll ask for the respin if it's published tiomorrow morning
[18:53] <Daviey> awesome
[18:54] <Jason1> anyone know what the apache server userid is in ubuntu after I install it on 10.04 LTS?
[18:55] <Pici> www-data
[18:55] <Jason1> thanks!
[18:58] <kirkland> SpamapS: o/*\o
[19:04] <smoser> ttx, question: do you think images should be re-spun for https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/613108
[19:04] <ttx> smoser: yes
[19:05] <ttx> it's not too late :)
[19:05] <ttx> another 50$ for amazon in our testing ?
[19:06] <smoser> yeah. i'll respin for it then.
[19:13] <thesheff17> MTechnology: did the chroot stuff work for you?
[19:15] <MTecknology> thesheff17: :(
[19:15] <MTecknology> thesheff17: sooo close
[19:15] <MTecknology> thesheff17: Aug  3 13:15:37 incipio jk_lsh[4417]: WARNING: user testuser (1029) tried to get an interactive shell session (/usr/sbin/jk_lsh), which is never allowed by jk_lsh
[19:16] <nicetry_> I'm about to upgrade my system from 9.10 to 10.4 - does it makes sense to update/upgrade the packages first, then do-release-upgrade? or the other way around?
[19:17] <MTecknology> nicetry_: 10.04? :P
[19:17] <MTecknology> !upgrade
[19:17] <Pici> nicetry_: Pesonally I do an update-upgrade and then do-release-upgrade .
[19:17] <nicetry_> MTecknology: yes 10.04
[19:17] <thesheff17> MTecknology: you want /bin/bash in your etc/passwd file inside the chroot jail
[19:18] <nicetry_> thanks Pici
[19:18] <RoAkSoAx> SpamapS: libesmtp is already in sync with debain btw :)
[19:19] <MTecknology> thesheff17: grr Aug  3 13:18:43 incipio jk_chrootsh[4489]: ERROR: failed to execute shell /usr/sbin/bash for user testuser (1029), check the permissions and libraries of /home/jail//usr/sbin/bash
[19:19] <Jason1> a2enmod rewrite isn't working in for 10.04 LTS.  Is the command something differrent to enable re\writes for apache2?
[19:19] <MTecknology> I ran jk_cp -v -f /home/jail /bin/bash
[19:19] <thesheff17> MTecknology: that is just copying the executable and binaries required for bash
[19:19] <Jason1> rewrite.load is available in the mods-avialable
[19:20] <thesheff17> MTecknology: if you look in your jail dir under etc/passwd you will want to change that to /bin/bash
[19:20] <MTecknology> thesheff17: I changed that to /bin/bash
[19:20] <MTecknology> oh...
[19:21] <thesheff17> MTecknology: you have /usr/sbin/bash in that error
[19:21] <SpamapS> RoAkSoAx: good to know!
[19:21] <MTecknology> thesheff17: thanks :D
[19:21] <SpamapS> RoAkSoAx: I recall now that it was out of sync when I looked at first, may have forgotten to update all the places I wrote that down. ;)
[19:22] <RoAkSoAx> SpamapS: :) the MIR is also filed, just waiting for review
[19:22] <Jason1> bump: a2enmod rewrite isn't working for me (10.04 LTS).  Is the command something different to enable rewrites for apache2?
[19:23] <MTecknology> thesheff17: so now for the rest of using it...
[19:23] <thesheff17> MTecknology: so your testuser logs in correctly?
[19:23] <MTecknology> thesheff17: I set it up in launchpad and it should build fine whenever it gets that far
[19:23] <SpamapS> RoAkSoAx: right, its for cluster tools, right?
[19:23] <MTecknology> thesheff17: ya :)
[19:24] <thesheff17> MTecknology: nice
[19:24] <MTecknology> thesheff17: so now I need to make a script that makes their home directory in /home/jail/user ?
[19:25] <RoAkSoAx> SpamapS: yes, pacemaker specifically
[19:25] <thesheff17> MTecknology: yea either cp or mv /home/user to /home/jail/home/user
[19:26] <thesheff17> MTecknology: you want to preserve permissions to...I'm sure that is some param for cp or mv.
[19:26] <thesheff17> MTecknology: and then just make sure they are in both /etc/passwd files
[19:28] <MTecknology> thesheff17: it seems that the permissions just carry over like magic
[19:28] <thesheff17> MTecknology: ah ok cool
[19:30] <mathiaz> kim0: hey - we're looking for you in #ubuntu-meeting
[19:30] <mathiaz> kim0: for the server team meeting
[19:31] <kim0> mathiaz: joining
[19:36] <MTecknology> thesheff17: this thing is pretty awesome
[19:37] <thesheff17> MTecknology: yea it works really well...I think you can use that same program to copy any other executables and binaries into the chroot so they have access...and to remove just remove the executables out of /home/jail/bin/*
[19:37] <thesheff17> MTecknology: brb
[19:38] <MTecknology> thesheff17: that's what I just did actually - jk_cp -v -f /home/jail /usr/bin/vim - too easy :P
[19:39] <MTecknology> thesheff17: this thing definitely needs to find its way into the universe
[19:39] <thesheff17> MTecknology: yea I would love to just apt-get it :)
[19:40] <MTecknology> thesheff17: I did :P
[19:41] <MTecknology> thesheff17: https://code.edge.launchpad.net/~jailkit/+recipe/jailkit
[19:41] <MTecknology> thesheff17: I'm pretty sure you need the edge link too
[19:45] <MTecknology> thesheff17: I'm pretty excited now.. after so much fighting - here's the answer
[19:57] <SpamapS> MTecknology: file an ITP in Debian and package it up! :)
[19:58] <MTecknology> SpamapS: the debian/ exists in the source - but it's ugly and I doubt somebody would want to accept it which would make it really hard because then I'd need to be altering their source code
[19:59] <SpamapS> MTecknology: thats actually completely acceptable
[19:59] <MTecknology> SpamapS: it is?
[20:00] <SpamapS> MTecknology: certainly. Just send them back a patch, they'd probably be thrilled to include it in their releases.
[20:00] <MTecknology> SpamapS: alrighty - that could be fun to do - maybe I'll hold off on the ITP until I talk to him
[20:03] <SpamapS> MTecknology: if you decide not to create the package, you can always withdraw the ITP.
[20:07] <MTecknology> SpamapS: I have an ITP from over a year ago that I haven't given up on yet :P
[20:09] <MTecknology> SpamapS: I'll definitely go for getting it into debian and ubuntu - I think this tool is absolutely amazing
[20:13] <MTecknology> thesheff17: I'm waiting for everyone to have some down time before I try out this last step... moving them into the jail and starting the processes to bring the web services back - if this works then I'm basically done - I just need to write it in my packaging so this can be reproduced easily :)
[20:14] <MTecknology> Using this ->  /etc/init.d/php-fcgi stop && for user in *.*; do jk_jailuser -m -j /jail $user; done
[20:23] <ivoks> mrjazzcat: ping?
[20:29] <thesheff17> MTecknology: do you have a link on how you moved it into universe?
[20:30] <MTecknology> thesheff17: hm? It's not in universe (yet)
[20:34] <MTecknology> thesheff17: so.. in addition to what they had - jk_jailuser - I should also add -s /bin/bash
[20:34] <smoser> anyone see anything wrong with this :
[20:34] <MTecknology> thesheff17: or maybe rbash :P
[20:34] <smoser> https://gist.github.com/94058e270a97f1f178cb
[20:34] <smoser> why the "Sub-process returned an error code"
[20:35] <MTecknology> smoser: aptitude update tell you anything more descriptive?
[20:35] <smoser> not my system.
[20:35] <smoser> so, i dont know.
[20:36] <MTecknology> I've seen that before... I forgot what I broke to make it do that though.
[20:38] <MTecknology> thesheff17: I wish there was a defaults file for php.. so you don't need to alter the default config
[20:39] <thesheff17> MTecknology: yea almost all other software has the config files broken out.
[20:40] <MTecknology> thesheff17: a 1,637 line config file that I need to change twice (cli/cgi) makes me sad :P
[20:41] <MTecknology> thesheff17: I took the wrong approac of making one file that I ln -s to in the directories
[20:45] <thesheff17> MTecknology: yea it would be nice if you could use like include file inside the php.ini file.
[20:46] <MTecknology> thesheff17: and then just append your changes that way - include /etc/default/php.ini <- put changes here (including changing previous variables)
[20:46] <MTecknology> zul: would that be an off the wall (tick you off) request? :D
[20:46] <zul> yes it would
[20:47] <thesheff17> lol
[20:47] <MTecknology> zul: I figured :P Probably too much pain?
[20:47] <zul> yes and too big of a diff
[20:49] <MTecknology> zul: You think php5-5.3.3 might possibly make it into 11.04? I'm guessing it's way too late for 10.10.
[20:49] <zul> MTecknology: yes it wont get into 10.10 and yes it will get into 11.04
[20:49] <MTecknology> zul: yay :D
[20:50] <MTecknology> zul: You're awesome! o{
[20:50] <zul> thanks
[20:50] <MTecknology> I'm excited for easy to use php-fpm
[20:54] <MTecknology> among other things.. I really like the new php
[21:03] <smoser> ttx, are you around ?
[21:20] <papertigers> anyone know of a way to package a KVM vm to give out sort of like a vm appliance
[21:42] <mrman208> is there any good mouse daemons for pure server (no X) that supports the scroll wheel?
[21:43] <mrman208> hello?
[21:43] <mrman208> anyone here?
[21:43] <mrman208> s
[21:43] <mrman208> s
[21:43] <mrman208> s
[21:43] <mrman208> s
[21:43] <mrman208> s
[21:43] <mrman208> s
[21:43] <mrman208> s

[21:55] <ajmitch> seeing a lack of patience there? :)
[21:56] <qman__> one whole minute, on the money
[21:56] <qman__> sadly, that's not the shortest I've seen
[22:08] <MTecknology> qman__: nah, I've seen <15 seconds :P
[22:15] <kpettit> I'm looking to script some ubuntu installs.  Can anybody point me to some docs that can help me on scripting install?
[22:16] <MTecknology> kpettit: this might help - https://help.ubuntu.com/community/InstallCDCustomization/Scripts
[22:16] <kpettit> thanks.  anything wil help right now
[22:29] <hggdh> kpettit: if you are looking at preseeding, you should also see http://d-i.alioth.debian.org/manual/en.i386/apb.html
[22:30] <kpettit> I'm mainly wanting to get packages I normally need installed done and some applications like apache/samba etc configured with a basic setup
[22:30] <kpettit> I like the idea of ebox and webmin but don't really trust them all that much.  But I at least need to get some basic stuff done
[22:31] <kpettit> hggdh, thanks that's a good start for me
[22:31] <hggdh> kpettit: our pleasure
[22:35] <hggdh> Daviey: still there?
[22:35] <Daviey> hggdh: sadly.
[22:36] <hggdh> heh. Why am I not surprised ;-)
[22:37] <hggdh> Daviey: ok, there is another thingy -- we install /etc/eucalyptus owned by root, but the CLC wants to write to /etc/eucalyptus/cloud.d
[22:37] <hggdh> Daviey: and -- of course -- barfs profusely. Not a critical issue, it seems, but I will opena bug on it. Just early warning ;-)
[22:38] <Daviey> hggdh: ok... in what situation is that arising?
[22:39] <hggdh> on startup, it tries to create a series of .properties files, saving <whatever>
[22:39] <hggdh> oh, correct location is /etc/eucalyptus/cloud.d/conf
[22:39] <Daviey> Hmm.. i'm suprised i've not had that problem
[22:39] <hggdh> you probably had, just did not notice
[22:39] <Daviey> So what feature is this bug blocking?
[22:40] <hggdh> it does not seem to affect anything (so it is probably fluff)
[22:40] <Daviey> I agree it's a valid bug, just wondering if it's one that needs to be fixed now - or post A3
[22:40] <jord> Daviey: Was it you who I spoke to yesterday about Avahi?
[22:40] <hggdh> none, apart from my sense of correctness :-)
[22:40] <hggdh> I *think*
[22:40] <Daviey> jord: I asked for info about how you get/got on.. yes :)
[22:40] <Daviey> hggdh: heh
[22:41] <hggdh> Daviey: AFAICU, there is no rush. Sounds like a packaging issue
[22:41] <jord> Daviey: well, kind of "fixed" it by setting a static ip, which in my case is fine because I wanted that anyway
[22:41] <Daviey> hggdh: well the good news is, my current branch FTBFS
[22:41] <hggdh> bloody hell
[22:41] <Daviey> .. and i can't go to bed until it's fixed.. oh joy.
[22:41] <hggdh> anything I can help with?
[22:42] <Daviey> jord: Oh.. not as clean as i had hoped then
[22:42] <Daviey> hggdh: I don't think so.. unless you have a remedy for headache and eye strain? :)
[22:42] <jord> Daviey: no, I think it must be an ordering problem, maybe Avahi tries to start before the machine has an ip or something
[22:43] <Daviey> Hmm.. thanks jord - i'll keep that in mind for something to investigate for future
[22:43] <jord> Daviey: no problem :)
[22:43] <hggdh> Daviey: well, in fact I have both, since I got both maladies
[22:44] <Daviey> hggdh: :(
[22:44]  * Daviey takes a break.
[23:04] <Crewsr3> I installed ubuntu server and the grub menu is not showing up, how do I adjust the grub to show up
[23:05] <klaas> I think standard is that you need to press shift while booting
[23:05] <klaas> and the setup is in /etc/default/grub or something like that
[23:07] <hggdh> adjust as needed /etc/default/grub, then run 'sudo update-grub'
[23:07] <hggdh> and any key while booting should show the menu (I personally use Esc, but just because)
[23:09] <Crewsr3> I'm having a hard time getting to the grub folder
[23:09] <Crewsr3> I'm in /etc/default
[23:10] <Crewsr3> and I type ls
[23:10] <Crewsr3> and I can see the grub folder
[23:10] <Crewsr3> but when I type cd /grub
[23:10] <_Techie_> Crewsr3: cd /boot/grub/
[23:10] <Crewsr3> I get an error saying no such file or directory
[23:11] <_Techie_> Crewsr3: actuall sorry cd /etc/default/grub
[23:12] <Crewsr3> how do I exit vim
[23:14] <Crewsr3> :q figured it out
[23:14] <Crewsr3> _Techie_ it wont let me go to that directory
[23:18] <hggdh> Crewsr3: there is nothing to be done under /boot/grub
[23:18] <hggdh> and what you need to do is *edit* /etc/default/grub
[23:18] <Crewsr3> hggdh, ok, I'm in the file using nano
[23:18] <hggdh> this is not a directory, but a file
[23:19] <Crewsr3> GRUB_HIDDEN_TIMEOUT=0    Should I comment this out?
[23:19] <Crewsr3> what I want is to be able to see the grub menu
[23:21] <hggdh> Crewsr3: it would be a very good move to read the documentation on grub -- 'info grub', mostly the the simple configuration chapter
[23:23] <Crewsr3> ok, I will do that, thanks for your help