[00:10] <jose120photo> Does anyone know of any good reading material on good practices for setting up a Ubuntu Server as a guest VM?
[00:11] <jose120photo> I have setup Ubuntu Server VMs before, but I will be setting one up for production and I just want to make sure I don't run into any gotchas down the road
[00:17] <YankDownUnder> jose120photo, On what - an MS box?
[00:17] <MTecknology> SpamapS: I'm back - to fight this some more..
[00:21] <MTecknology> Is it possible to not actually become the user but run a command with their uid?
[00:22] <SpamapS> MTecknology: :)
[00:22] <SpamapS> MTecknology: thats what sudo -u does
[00:23] <MTecknology> SpamapS: sudo -n -u demo.kalliki.com -i -- "ls /home"
[00:23] <MTecknology> SpamapS: Doing that shows me a listing of users inside of the jail
[00:23] <SpamapS> MTecknology: -i ?
[00:23] <MTecknology> ...
[00:23] <SpamapS> MTecknology: why?
[00:24] <MTecknology> to to run that command
[00:24] <SpamapS> MTecknology: thats for simulating their login .. as in, running their specified shell (probably your chroot)
[00:24] <MTecknology> that would make sense why it's not working for me :P
[00:24] <SpamapS> Indeed
[00:24] <MTecknology> How can I execute a command without them logging in?
[00:25] <SpamapS> MTecknology: take off -i
[00:25] <MTecknology> SpamapS: have you ever had a huge face moment that involved your palm?
[00:27] <MTecknology> I think I stuck this in a loop :S
[00:27] <MTecknology> SpamapS: thanks :D
[00:28] <SpamapS> http://www.lostrepublic.us/Graphics/DoubleFacePalm.jpg
[00:29] <MTecknology> :P
[00:29] <MTecknology> weird...
[00:30] <MTecknology> somehow the yes command is taking EVERYTHING after it as input
[00:30] <MTecknology> yes y | /usr/local/sbin/drush/drush -r $base $oper" - keeps repeating this -   y | /usr/local/sbin/drush/drush -r /jail/home/accents3101.com/pressflow -l accents3101.com up
[00:33] <hggdh> MTecknology: not here :-)
[00:34] <MTecknology> SpamapS: THERE! I needed -s instead of -i
[00:34] <SpamapS> MTecknology: if you're running it without a shell, thats why.
[00:34] <SpamapS> MTecknology: ah, yes, -s
[00:34] <MTecknology> hggdh: you're not here?
[00:34] <hggdh> MTecknology: no, 'yes' behaves sensibly here
[00:35] <hggdh> I *am* here. I think.
[00:35] <MTecknology> :P
[00:35] <MTecknology> woohoo - this is awesome my big massive fight with jails is coming to an end
[00:36] <MTecknology> hggdh: It kind of makes sense that it acted like that - just weird
[03:33] <MTecknology> Dangit.. I thought I had this puppy licked
[03:35] <papertigers> MTecknology: what puppy!
[03:36] <MTecknology> papertigers: moving all users into a jail but having the system work as the users outside of the jail
[03:36] <papertigers> MTecknology: oh thats right you wanted to move vim haha
[03:36] <MTecknology> papertigers: vim is the least of the battles :P
[03:37] <MTecknology> papertigers: was one though. debootstrap lenny + removing packages I didn't need proved to be MUCH easier for this particular use. However.. jailkit was amazing and light.
[03:40] <MTecknology> papertigers: WOW! Somehow I just managed to loop into becoming a user - basically   for i in {1..10}; do su - user$i; su - user$i; su - user$i; done
[03:40] <MTecknology> papertigers: and to type exit a lotta times :P - I think that means my sudo command is wrong :P
[03:43] <papertigers> MTecknology: you are crazy, whats this jail for
[03:44] <MTecknology> papertigers: so no user can start php processes - there's a few other things I don't want them touching if they have a shell account
[03:44] <papertigers> hmm
[03:44] <papertigers> MTecknology: why not just give them rbash
[03:44] <papertigers> of some sort
[03:44] <papertigers> restrictive bash
[03:44] <papertigers> haha
[03:45] <MTecknology> papertigers: tried that route - sum it up.. people rarely use rbash in real life because it doesn't really work
[03:46] <papertigers> the other option id say would be pam
[03:46] <papertigers> pam seems perfect for this
[03:47] <MTecknology> papertigers: The monday I decided to fix the big massive gaping security hjoles that I knew about for a while.
[03:47] <MTecknology> I thought so too.. turns out it wasn't :P
[03:47] <MTecknology> It could help, but only do half of what I want
[03:50] <MTecknology> papertigers: Monday morning I'd known about many holes for a while. Some of which allowed any remote user to entirely wipe the system
[03:52] <MTecknology> papertigers: I'm curious - MTecknology: you are crazy, <-- what do you mean by that?
[03:52] <MTecknology> papertigers: I kind of ignored it because I hear it so much :P
[03:54] <papertigers> haha
[03:54] <papertigers> what wholes?
[03:54] <MTecknology> way too many to count
[04:12] <[IA]Zealot> Question: In 10.04 Server, how to I permanently disable screen blanking for all the ttys ?
[04:19] <rdw200169> [IA]Zealot: this was mentioned before (hold on)
[04:30] <rdw200169> [IA]Zealot: i believe this is what you want: http://superuser.com/questions/152347/change-linux-console-screen-blanking-behavior
[05:06] <[IA]Zealot> rdw200169: I'll read it thanks :)
[06:33] <TheJ3ckyl> ?? Ubuntu 10.04   syslogd equal to rsyslogd in /etc/default so that if I add the "-r"  it will allow remote syslog messages?
[06:39] <TheJ3ckyl> anyone??
[07:17] <Roxyhart0> Hi there... i need to add the record A from my domain controler to bind, i am not sure how to do that. somebody know?
[07:26] <ivoks> it's process of editing a file
[07:30] <Roxyhart0> thanks ivoks, i know but i dont know what i need to write there as is a domain controler..i already write in it @ in A 127.0.0.1 as the same server is the domain controler, but still i got the error
[07:30] <Roxyhart0> so, maybe do i need to write something different?
[07:30] <ivoks> did you raise serial?
[07:30] <Roxyhart0> sorry what do you mean?
[07:30] <ttx> Daviey: o/
[07:31] <ivoks> Roxyhart0: in that file where you added A record, there's a line that has string 'serial'
[07:31] <ivoks> or 'Serial'
[07:31] <ivoks> do you see it?
[07:32] <Roxyhart0> no ?
[07:32] <ivoks> could you paste that file on pastebin?
[07:32] <Roxyhart0> sorry yes, it say erial 2
[07:33] <ivoks> raise it to 3 and reload bind
[07:33] <Roxyhart0> ok, i will try tahnks
[08:24] <Roxyhart0> hi there, i im writing 2 domains in the dns...one is mydomian.com and the another one is myseconddomain.com. for some reason the client just can do nslookup to the first one. What cpuld be the error? I am able to do nslookup to the second one but just form the same dns server, no form clients
[08:32] <g0rd0n> maybe some error in the zone? reload bind and check syslog
[08:43] <Jeeves_> Roxyhart08: Which domains?
[08:45] <Roxyhart08> well, my domain controler which in samba is called MYDOMAIN and the  domain name which is mydomain.com
[08:46] <Jeeves_> Which one doesn't work?
[08:46] <Roxyhart08> apparetly i need to set it for both in dns, but the client just look for mydomain.com
[08:46] <Roxyhart08> MYDOMAIN
[08:46] <Roxyhart08> doesn work
[08:46] <Jeeves_> Do you actually own mydomain.com ?
[08:46] <Roxyhart08> i can see it form the our dns server
[08:47] <Jeeves_> That's not what I asked :)
[08:47] <Roxyhart08> is ujst a name...the name is WHcollege, but is just internal
[08:47] <Jeeves_> Roxyhart08: It does exist in the real world.
[08:47] <Roxyhart08> no
[08:47] <Jeeves_> It's always a bad idea to use real existing names internally.
[08:47] <Roxyhart08> doesn exist
[08:48] <Jeeves_>    Domain Name: MYDOMAIN.COM
[08:48] <Jeeves_>    Registrar: MYDOMAIN, INC.
[08:48] <Roxyhart08> the problem is i want to join windows client to the domain controler
[08:48] <Roxyhart08> is not the name ...the name that im using is WHCollege
[08:48] <Roxyhart08> it is not in the real world
[08:49] <Jeeves_> 'called MYDOMAIN and the  domain name which is mydomain.com'
[08:49] <Jeeves_> Anyhow, which resolving nameserver is the client using?
[08:50] <Roxyhart08> it is using mydomain.com but when i do nslookup from the machines tell me mydomain.com doesnt find MYDOMAIN
[08:50] <Jeeves_> Anyhow, which resolving nameserver is the client using?
[08:50] <Roxyhart08> but if i do it form the ouw dns server it give me result
[08:51] <Roxyhart08> is using mydomain.com
[08:51] <Jeeves_> No, a nameserver cannot be 'mydomain.com'
[08:52] <Roxyhart08> what do you mean
[08:52] <Jeeves_> First of all, mydomain.com exists. Thus should not be use ny you unless you own it. Second of all, a resolving nameserver is an ip-addres, since it is the start of the DNS-chain.
[08:52] <Roxyhart08> im just sayind this name, but i got one different but is too long to write, that is why is tell you mydomain as a "X" name
[08:53] <Roxyhart08> it give the internal ip which is the ip for dns server 172.16.0.3
[08:54] <Jeeves_> If you query that server from another client, does everything work?
[08:55] <Roxyhart08> same error
[08:56] <Roxyhart08> i would likt to have 2 domains ..but it just see one
[08:56] <bcomp> hi, newbie here. i'm setting up apache on a server i just made, but i have no idea how to create a mysql server that can modify databases. can anyone help me?
[08:56] <Jeeves_> And if you query that IP from the server itself, does it work?
[08:56] <Roxyhart08> yes
[08:56] <Roxyhart08> excactly
[08:57] <Jeeves_> so 'dig @172.16.0.3 <thing that isn't working> A' works?
[08:58] <Roxyhart08> i do not have this tool from windows clients
[08:58] <Roxyhart08> i will try form a mac
[08:59] <Jeeves_> I asked you if it works from the server, you say yes, and now you say you have to try a mac
[08:59] <Jeeves_> omg, I'm going for a smoke
[08:59] <Jeeves_> Are you even using Ubuntu?
[09:00] <Roxyhart08> yes as server
[09:00] <Roxyhart08> but clients are windows and mac
[09:00] <Roxyhart08> the problem is with windows to join in the domain
[09:00] <Jeeves_> Yes, and I asked you to run the query *from* the server
[09:00] <Roxyhart08> (re join)
[09:00] <Jeeves_> 'the problem is with windows'
[09:00] <Roxyhart08> ok, i did form a mac and it works
[09:00] <Jeeves_> That could be in the topic
[09:00] <Jeeves_> But that's not what I asked
[09:00] <Jeeves_> I give up
[09:01] <bcomp> Roxyhart08: I'm on a mac now, if you need someone to test a site
[09:01] <bcomp> jk
[09:01] <Roxyhart08> Jeeves, yes it work from the server
[09:12] <bcomp> could anyone help me with setting up a mysql server?
[09:14] <Black_Prince> !mysql
[09:15] <bcomp> thx
[09:15] <Black_Prince> or this
[09:15] <Black_Prince> https://help.ubuntu.com/10.04/serverguide/C/mysql.html
[09:25] <bcomp> ok so i just set up a database for use with ampache, but i'm getting an error for ampache
[09:25] <bcomp> "unable to make database ConnectionAccess denied for user 'ampache-user'@'localhost'"
[09:27] <bcomp> ...
[09:28] <Jeeves_> bcomp: Have you done some 'grant'-stuff?
[09:29] <bcomp> yeah i granted all the access i needed too
[09:29] <bcomp> or so i thought
[09:29] <bcomp> i might just make a user with full priviledges to see it if works
[09:30] <bcomp> ok what the hell
[09:31] <Jeeves_> bcomp: Have you done a 'flush privileges' ?
[09:31] <bcomp> would "CREATE DATABASE /media/ampache-musiclib;" be a valid command in mysql or not?
[09:31] <Jeeves_> No
[09:31] <bcomp> what's wrong with the syntax?
[09:31] <Jeeves_>  /'s aren't allowed
[09:31] <Jeeves_> CREATE DATABASE ampache;
[09:32] <bcomp> are '-'s not cool either?
[09:32] <Jeeves_> GRANT USAGE ON *.* to `ampache`@`localhost` identified by 'password' with grant option;
[09:32] <Jeeves_> GRANT ALL ON ampache.* to `ampache`@`localhost` with grant option;
[09:33] <Jeeves_> flush privileges;
[09:33] <bcomp> what exactly does flush priviledges do?
[09:34] <bcomp> out of interest
[09:35] <Jeeves_> It is (unfortunatly) needed by mysql to reread it's permission table
[09:35] <bcomp> ah
[09:36] <bcomp> thanks
[09:37] <huats> morning
[09:38] <bcomp> still unable to make database connection
[09:38] <Jeeves_> bcomp: The server and client do run on the same machine, right?
[09:38] <bcomp> yes
[09:39] <Jeeves_> And what error do you get?
[09:39] <bcomp> "Error: Unable to make Database ConnectionAccess denied for user 'ampache'@'localhost' (using password: YES)" from the client program
[09:40] <Jeeves_> and how did you call the database?
[09:40] <bcomp> the program allows you to set it up through a web interface
[09:41] <Roxyhart08> sombosy have exerience with samba? I mean what could happen if i change the workgroup name on smb.conf ?
[09:46] <Black_Prince> Nothing
[09:46] <Roxyhart08> cool!
[10:27] <xampart> i have 1TB raid1 with 2 1TB hdds. i replaced the other with 2TB hdd, and it's now syncing. after that i mean to replace the other 1TB hdd too. how do i grow the raid-device correctly?
[10:29] <twb> AFAIK you can't grow arrays
[10:30] <twb> You would normally assemble a new (possibly degraded array), pvcreate it, move the LVs onto it, then decommission the old array.
[10:38] <xampart> twb: how about "mdadm --grow" option?
[10:39] <twb> xampart: oh, cool
[10:39] <twb> That would've saved me some hassle last month
[10:39] <xampart> so no experiences anyone?
[10:41] <twb> In that case I imagine you replace sdb (1TB) with sdb (2TB), resync, swap sda (1TB) for sda (2TB), then mdadm /dev/md0 --grow max
[10:42] <xampart> my thoughts exactly. would be nice though, to have some information before messing my system up
[12:01] <bcomp> so i'm trying to set up an irc server for the hell of it, but i'm getting lost and can't find any documentation
[12:02] <twb> apt-get install ircd?
[12:02] <bcomp> i'm using ircd-ircu off aptitude
[12:02] <twb> There should be documentation in manpages and/or /usr/share/doc/<package name>/, and possibly in comments at the top of /etc/<package name>.conf
[12:03] <bcomp> ah
[12:04] <bcomp> would straight-up ircd be a better choice?
[12:04] <bcomp> i'm getting tired of having to type ircd-ircu, instead of just ircd
[12:09] <bcomp> what's an easy way to uninstall programs?
[12:11] <bcomp> ...
[12:11] <xampart> aptitude remove <package>
[12:15] <bcomp> thanks
[12:17] <sommer> morning
[12:27] <bcomp> hello
[12:34] <xampart> evening
[13:39] <hggdh> Daviey: good morning/afternoon, I hope you did get some sleep
[13:39] <Daviey> hggdh, heh
[13:39] <Daviey> how are you doing?
[13:39] <smoser> so is all this my fault ?
[13:39] <hggdh> Life is good. Euca is not
[13:40] <smoser> cause i slept good last night :)
[13:40] <hggdh> :-)
[13:40] <smoser> i really am sorry.
[13:40] <Daviey> smoser, yeah - UEC was running perfectly before you touched it :P
[13:40] <Daviey> now it's busted beyond repair :)
[13:40] <hggdh> smoser: life sucks, then you die ;-)
[13:41] <hggdh> Daviey: I am cancelling the 60-sec interval run
[13:41] <hggdh> right now, 42% success
[13:41] <smoser> Daviey, did you open a grub bug ?
[13:41] <smoser> i'd like to look / comment at it
[13:41] <hggdh> smoser: yes, there is one open
[13:41] <Daviey> smoser, yes
[13:41]  * hggdh goes digging it
[13:42] <smoser> bug 612731
[13:42] <Daviey> erm
[13:42] <smoser> google rocks. i typed "grub bug uec"
[13:42] <smoser> oops
[13:42] <smoser> wrong one
[13:42] <Daviey> bug 613463
[13:42] <hggdh> heh
[13:42] <hggdh> now
[13:43] <bcomp> anyone here use zoneedit?
[13:43] <bcomp> for dns
[13:44] <bcomp> or does anyone know anything about dns
[13:44] <bcomp> in general
[13:45] <hggdh> Daviey: I am uploading the logs to lp:~hggdh2/uec-qa
[13:46] <hggdh> it seems most of the instance starts after a while failed on IP allocation
[13:47] <Daviey> hggdh, OK.. that sounds good.. I suspect that can be fixed reasonably trivially by upstream..
[13:47] <hggdh> bcomp: your best bet is to ask your question, and wait for someone to chime in
[13:47] <hggdh> Daviey: right-o. As long as thy are interested in it
[13:48] <bcomp> thing is i don't really know where to start with the whole thing
[13:48] <bcomp> i made a dns zone and linked it to a domain name, but i have no idea how to get my webserver connected to it
[13:49] <thesheff17> bcomp: you need dns on the domain to point to a web server www.google.com -> ip.
[13:50] <thesheff17> bcomp: usually you do this on your isp...godaddy etc.
[13:51] <bcomp> how do i make it do that?
[13:52] <bcomp> ohhh jk i totally didn't notice one of the settings
[14:08] <hggdh> Daviey: bug 613832 opened
[14:42] <Daviey> hggdh, Good bug!  Can you add it to the call agenda please?
[14:54] <hggdh> Daviey: will do. Mind reminding me where the agenda is?
[14:55] <hggdh> Daviey: Evo bit the dust again here :-(
[14:56] <Daviey> hggdh, Sorry.. frantically looking for something else
[14:57] <hggdh> Daviey: NP, got Evo back. For now ;-)
[14:58] <Daviey> :)
[15:16] <hggdh> Daviey: I added the 3 high/critical we have for v2.0, plust a tinyurl for euca bug ordered newest-first
[15:16] <Daviey> hggdh, you rock
[15:17] <hggdh> I hope this will give us what we need
[15:19] <ssureshot> anyone ever have issues with samba not cleaning up the print queue in /var/lib/samba/printing ? The windows queue never lets go of the print job
[15:33] <smoser> i
[15:33] <smoser> i'm out for an hour or so. will be back later.
[15:34] <ttx> hggdh, Daviey up for a coordination Mumble, before the call ?
[15:34] <Daviey> ttx, yes
[15:41] <SpamapS> Daviey: will you guys be discussing the monitoring stuff?
[15:42] <Daviey> SpamapS, Hmm - Dimitri is on leave this week.. he is the best person to be disucssiong it with
[15:42] <Daviey> SpamapS, If i arrange a call for Monday - would you like to join?
[15:43] <SpamapS> Daviey: I think not actually, I just want to make sure its being pushed. Seems rather late to be adding a feature, even if it is just a tab that displays an html file of our choosing.
[15:46] <jdstrand> kirkland: hi!
[15:47] <kirkland> jdstrand: hi!
[15:47] <kirkland> jdstrand: you going to BB Rovers today?
[15:49] <jdstrand> kirkland: two questions for you: a) if I have logged in with my encrypted HOME (ie, $HOME is mounted), how can I see what encrypted filename a particular path is using (eg /home/jamie/tmp maps to /home/.ecryptfs/jamie/.Private/? and b) can I specify to *not* do filename encyption via adduser/pam configuration?
[15:49] <jdstrand> kirkland: re BB Rovers> I'm going to try, but may not be able to
[15:50] <kirkland> jdstrand: okay, i won't be there;  i'm in montreal right now
[15:50] <kirkland> jdstrand: here's what i do ....
[15:50] <kirkland> jdstrand: chmod 123 path/to/unencrypted/foo
[15:50] <jdstrand> heh
[15:50] <jdstrand> sneaky
[15:50] <kirkland> jdstrand: find $HOME/.Private -perm 123
[15:50] <kirkland> jdstrand: yeah :-)
[15:51] <kirkland> jdstrand: turns out perms 123 are pretty rare :-)
[15:51] <jdstrand> yeah :)
[15:51] <kirkland> jdstrand: as for turning off filename encryption, you can do that by deleting the 2nd line from $HOME/.ecryptfs/Private.sig
[15:51] <kirkland> jdstrand: (back up that file, first)
[15:52] <kirkland> jdstrand: i'm not sure how encrypted, and non-encrypted filenames in the same structure behaves right now
[15:52] <Dark-Sun> hello people
[15:52] <jdstrand> kirkland: tyhicks mentioned that it should just start using unencrypted from that point forward, but it would be mixed
[15:52] <Dark-Sun> i tried to run an instance of ubuntu 10.4
[15:52] <jdstrand> kirkland: iirc
[15:52] <Dark-Sun> got this error
[15:52] <Dark-Sun> FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
[15:53] <jdstrand> kirkland: but that is untested by me
[15:53] <GeekSquid> So, I borked my desktop by trying to install UEC, currently chrooted to it from live disk, ... How to fix, ... the error I get when I try to boot is 'eucalyptus-network (lo) main (755) killed by TERM signal' ... any quick fixes or workarounds to stop whatever is loading from freezing the system during boot, or should I go with an apt removal????
[15:54] <jdstrand> kirkland: I know that rtg hopes to look into the filename length issue with tyhicks, but it might be worthwhile to make turning it off configurable via pam or something... my two cents
[15:54] <kirkland> jdstrand: yeah, i'm very excited about rtg helping fix this
[15:54] <jdstrand> kirkland: anyhoo, thanks for the tips and have a good time in montreal :)
[15:54] <kirkland> jdstrand: you bet
[15:55] <Dark-Sun> any idea about uec's deploying vm error: FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
[15:58] <Dark-Sun> ttx: i just following ur yesterday link, in deploying an instance of "ubuntu 10.4" got this error: FinishedVerify: Not enough resources (VmTypeAvailability{type=VmType{name='m1.small', cpu=1, disk=2, mem=192}, max=0, available=0} < 1: vm instances.
[15:58] <Dark-Sun> ttx: oppss! forgot to say hello!
[16:00] <ttx> Dark-Sun: looks like you don't have enough resources on your Node controller to run the type of instance you're asking for
[16:00] <ttx> like, no node controller at all
[16:01] <GeekSquid> Sorry, somehow I lost connectivity, repeat if anybody responded
[16:01] <Dark-Sun> ttx: yes, it's probably true, cause it's on a virtual box.
[16:01] <ttx> Dark-Sun: riught -- it doesn't really work on virtualized hardware.
[16:01] <thesheff17> Dark-Sun: on UEC you could edit a file on the node to adjust how many virtual machines it would run.
[16:01] <Dark-Sun> ttx: how can i find out if NC is detected by CLC or not
[16:02] <ttx> gtg, sorry
[16:02] <Dark-Sun> thesheff17: nice, but it's my first VM!
[16:03] <thesheff17> Dark-Sun: sorry don't know much about virtual box...can you confirm the node is connected.
[16:03] <thesheff17> or is it just running on localhost?
[16:04] <Dark-Sun> thesheff17: that's right! everything is on my localhost.
[16:04] <Dark-Sun> thesheff17: is pinging enough?
[16:05] <thesheff17> I'm assuming you are running virtual box on what hypervisor?
[16:06] <thesheff17> on kvm
[16:07] <Dark-Sun> thesheff17: sorry but i got a linux mint here, with CLC,CC,Walrus installed on a VirtualBox and a NC on another VirutalBox machine.
[16:08] <Dark-Sun> thesheff17: it's KVM by default i guess
[16:09]  * Dark-Sun hates cloud(s)! 
[16:09] <thesheff17> Dark-Sun what does kvm-ok say?
[16:09] <Dark-Sun> oh w8 a minute, i didn't installed anything about kvm on my client!
[16:10] <Dark-Sun> what was that package name?
[16:10] <Dark-Sun> sorry
[16:11] <Dark-Sun> yeah! it was qemu-kvm
[16:11] <thesheff17> apt-get install kvm libvirt-bin python-virtinst virt-manager virt-viewer kvm libvirt-bin ubuntu-vm-builder qemu bridge-utils
[16:12] <Dark-Sun> thesheff17: thanks bro, it's on installing now ;)
[16:13] <thesheff17> Dark-Sun: you should also bridge eth0 to br0
[16:13] <Dark-Sun> thesheff17: yep, i guess it's done automatically on the NC
[16:14] <thesheff17> Dark-Sun ah ok
[16:14] <Dark-Sun> cause i got a br0 with a different ip address range there ;)
[16:24] <Dark-Sun> thesheff17: problem persists! shall i do a restart?
[16:25] <Dark-Sun> :(
[16:25] <thesheff17> try to create a virtual machine with virt-manager
[16:27] <Dark-Sun> thesheff17: no idea how 2 do it
[16:27] <Dark-Sun> :(
[16:28] <thesheff17> Dark-Sun bring up a terminal and just type virt-manager
[16:29] <thesheff17> Dark-Sun it is a front end GUI for kvm.
[16:29] <Dark-Sun> thesheff17: yep, it's right here
[16:32] <Dark-Sun> thesheff17: humm... now i'm connected.
[16:33] <Dark-Sun> how to install the operating system?
[16:34] <thesheff17> Dark-Sun: once connect you can create machines based on iso or cd-rom
[16:34] <thesheff17> Dark-Sun the first icon is to create a virtual machine.
[16:35] <Dark-Sun> thesheff17: yep, but how should i install images which i've installed on the cloud?
[16:37] <thesheff17> Dark-Sun: oh virt-manager doesn't support that
[16:37] <thesheff17> Dark-Sun: Does virtual box even?
[16:38] <Dark-Sun> thesheff17: no man! my cloud is deployed on VirtualBox
[16:38] <thesheff17> Dark-Sun: oh ok
[16:38] <Dark-Sun> thesheff17: alright, thanks 4 help anyway
[16:39] <thesheff17> Dark-Sun: try kvm-ok if that output is good then your virtual box isn't connected correctly to localhost
[16:40] <Dark-Sun> thesheff17: here's output: INFO: Your CPU supports KVM extensions INFO: /dev/kvm exists KVM acceleration can be used
[16:41] <thesheff17> Dark-Sun: yea then you are good...I would look at virtual-box config.  Also try to create a new vm with virtual box.  Maybe that is what you are trying to do when you get that error, but I have seen that error on UEC.
[16:48] <Dark-Sun> deamn! it's a crazy uec!
[16:54] <Dark-Sun> sending SIGTERM... bye every1
[17:44] <zul> SpamapS: alot of the test suite has been fixed in 5.3.3 i think
[17:45] <SpamapS> zul: rhe-he-heeeaallly
[18:04] <therobot> Hi, I am having problems setting hostname (ubuntu 10.04), see this gist: https://gist.github.com/984bc6c15ea9abf84ba4
[18:06] <therobot> I can't make hostname -f return the fqdn of the machine
[18:15] <wieshka> hi - i have question about networking on my ubuntu for my virtual servers, runned on kvm - i am going to set up bind name server on my base system, what gives each virtual host a name, so in that way i am going to handle what connection goes where - un front of my server i have router with NAT.
[18:15] <wieshka> will this idea/workaround work for me
[18:15] <wieshka> or i have to make tap netwrking on bridges
[18:15] <wieshka> ?
[18:31] <Dark-Sun> hi people
[18:32] <Dark-Sun> i'm going insane! i run eucarc script, but euca-describe-availibility-zone returns: EC2_ACCESS_KEY environment variable must be set. Connection failed
[18:34] <Dark-Sun> any guru 2 help?
[18:40] <hggdh> oh hasty people
[19:01] <SpamapS> would somebody who has a running eucalyptus please be so kind as to post their /var/run/eucalyptus/nc-stats file somewhere?
[19:04] <SpamapS> mathiaz: is rrdtool failing to build because libdbi isn't in main yet?
[19:04] <hggdh> SpamapS: http://pastebin.ubuntu.com/473637/
[19:09] <SpamapS> hggdh: :) thank you
[19:20] <thesheff17> !ruby
[19:21] <thesheff17> any reason ruby hangs on 10.04?
[19:23] <SpamapS> thesheff17: its not hanging, thats its normal processing time
[19:23] <thesheff17> nm it is fine
[19:24] <SpamapS> thesheff17: ruby devs get lots of cups of coffee. ;)
[19:24] <thesheff17> SpamapS: the book just had # and I was used to python showing something :)
[19:25] <thesheff17> SpamapS: thx
[19:33] <Tohuw> I have an Ubuntu server and two machines, one Windows and one Ubuntu Desktop. How do I setup the server so that it can ping these machines by their hostnames?
[19:34] <Tohuw> It's probably worth mentioning that the server is functioning as a DNS server right now, so it has all those packages
[19:41] <cloakable> Tohuw: DNS with what server?
[19:42] <cloakable> Tohuw: It's fairly simple with DNSmasq
[19:47] <papertigers> Tohuw: you need to setup dns files
[19:47] <papertigers> Tohuw: are you using bind9
[19:49] <papertigers> thesheff17: ruby? are you setting up puppet
[19:52] <thesheff17> papertigers: yea I'm slowely going through the book
[19:52] <papertigers> I really want to learn UEC and puppet
[19:54] <MTecknology> You guys have any idea what could be going on here? http://dpaste.com/225392/ I'm working, working working, NOT working. The ethernet seems to just randomly die. I don't know where to look other than dmesg.
[19:56] <thesheff17> MTecknology: did you mess with the /etc/hosts file at all?
[19:57] <MTecknology> thesheff17: some- I added   10.41.0.5 dev.site.com
[19:57] <thesheff17> MTecknology: you have all the ip6 stuff in there?
[19:58] <MTecknology> thesheff17: ya
[19:58] <thesheff17> hmm..weird
[19:58] <MTecknology> I'm not outside of considering bad hardware
[19:59] <thesheff17> MTecknology: yea if you can't think of anything crazy setup with the nic it may be.
[20:00] <thesheff17> MTecknology: does it have another port on the server?  I would try that one and see if you get the same results.
[20:01] <MTecknology> thesheff17: this is just a desktop
[20:02] <MTecknology> thesheff17: I wish I had another nic.. I might just pick one up
[20:06] <papertigers> MTecknology: they are cheap
[20:08] <MTecknology> papertigers: if you have any amount of money they are
[20:12] <papertigers> MTecknology: I wish I had any amount of money
[20:12] <MTecknology> papertigers: me too
[20:14] <SpamapS> I remember back in the day when I had a box of old NIC's
[20:17] <mathiaz> SpamapS: right
[20:17] <mathiaz> SpamapS: at least libdbi is now pulled into main
[20:17] <mathiaz> SpamapS: http://people.canonical.com/~ubuntu-archive/component-mismatches.txt
[20:17] <mathiaz> SpamapS: ^^ it shows up in the list
[20:17] <mathiaz> SpamapS: once the MIR approved an archive admin can process it
[20:17] <SpamapS> mathiaz: such a tiny little library. ;)
[20:18] <mathiaz> SpamapS: once libdbi is in main then rrdtool needs to be rebuilt
[20:18] <SpamapS> mathiaz: we're soooo close. ;)
[20:19] <SpamapS> mathiaz: so I've given up on getting collectd into main. I refactored eucalyptus's ganglia script to work for ganglia or munin..
[20:19] <mathiaz> SpamapS: we've got until october to fix it :)
[20:19] <mathiaz> SpamapS: ok
[20:19] <SpamapS> mathiaz: I really hope we can spend the next two months being fire inspectors and not fire fighters. :-D
[20:19] <mathiaz> SpamapS: next UDS we can discuss it again
[20:20] <SpamapS> mathiaz: I think collectd is the right way to go. I'm just not crazy about dumping it in so close to the FF when everybody is way over taxed and munin gets the job done for now.
[20:20]  * mathiaz nods
[20:21] <SpamapS> If somebody needs to build a UEC w/ > 100 nodes.. I'll stay up all night helping them get collectd working for it. :-D
[20:21]  * mathiaz reminds SpamapS that this channel is archived and logs are available publicly *forever*
[20:21] <hggdh> smoser: I remember you had a similar problem, have you seen bug  613969?
[20:22] <SpamapS> mathiaz: every party needs a pooper thats what we invited you for
[20:22] <smoser> i have no problems.
[20:22] <mathiaz> SpamapS: lol
[20:22] <hggdh> oh boy, TMI...
[20:22] <smoser> you must be thinking of someone else
[20:22] <smoser> :)
[20:22] <hggdh> smoser: probably... I am getting confused nowadays... ;-)
[20:23] <smoser> i'm looking, though, just a minute
[20:26] <SpamapS> so I actually did my changes to the 'extras/ganglia.sh' script in eucalyptus.. so its effectively 'ganglia_or_munin.sh' now .. I wonder, will eucalyptus accept this as a patch, or will we have to continue maintaining it forever?
[20:27] <smoser> hggdh, that bug is just bad error messages
[20:27] <hggdh> SpamapS: we can hope they will
[20:27] <smoser> i dont know that i've seen this explicilty, most of the time my libvirt issues are around app armour
[20:27] <hggdh> smoser: ah, OK.
[20:30] <smoser> hggdh, i triaged that to 'triaged' and 'wishlist'
[20:31] <mathiaz> SpamapS: it seems that there are still some local changes in the bzr branches that are not in the upstream release tarball: http://paste.ubuntu.com/473672/
[20:31] <mathiaz> SpamapS: ^^ - re ceph packaging
[20:32] <android60> is it better to have the ubuntu on a different drive than data drives? or does it matter?
[20:33] <SpamapS> mathiaz: now why doesn't mine detect those?
[20:33] <SpamapS> hm
[20:33] <SpamapS> >:
[20:34] <mathiaz> SpamapS: how do you detect them?
[20:34]  * SpamapS branches anew
[20:34] <mathiaz> SpamapS: lsdiff won't work
[20:34] <mathiaz> SpamapS: yeah - you probably wanna do that
[20:34] <mathiaz> SpamapS: start from scratch
[20:34] <mathiaz> SpamapS: 1. import official 0.21 release tarball
[20:34] <mathiaz> 2. copy over patches and debian/
[20:35] <SpamapS> mathiaz: well first I want to figure out why yours sees changes, and mine does not
[20:35] <mathiaz> SpamapS: are you using a maverick system/chroot to build the source package?
[20:36] <mathiaz> SpamapS: the message I've pasted is part of the source build log
[20:36] <SpamapS> mathiaz: a maverick pbuilder yes
[20:36] <SpamapS> sbuild is still too scary for me. ;)
[20:36] <mathiaz> SpamapS: :) - I'm also using bzr bd
[20:37] <mathiaz> SpamapS: http://paste.ubuntu.com/473677/
[20:38] <mathiaz> SpamapS: ^^ this is the full build log from the bzr branch to the source pacakge
[20:38] <SpamapS> mathiaz: http://paste.ubuntu.com/473678/
[20:38] <SpamapS> mathiaz: just checking the source build.. I get no differences
[20:38] <SpamapS> mathiaz: md5sum your orig tarball
[20:39] <smoser> mathiaz, ping
[20:39] <SpamapS> clint@ubuntu:~/pkg/ceph/bzr/ceph-new-pkg-2$ md5sum ../ceph_0.21.orig.tar.gz
[20:39] <smoser> for a native package:
[20:39] <mathiaz> SpamapS: 3799fa5c51f092de2878fbcccc2bd71a
[20:39] <SpamapS> 9ecbaf9975aa4d2afcaa2f14e8d21e73  ../ceph_0.21.orig.tar.gz
[20:39] <SpamapS> AHA
[20:39] <mathiaz> smoser: o/
[20:39] <smoser> 0.14-0ubuntu1 or 0.14ubuntu1
[20:39] <smoser> i believe the second
[20:39] <SpamapS> mathiaz: http://ceph.newdream.net/download/ceph-0.21.tar.gz
[20:39] <mathiaz> SpamapS: yes - that's the one I've downloaded
[20:40] <SpamapS> mathiaz: and yet, our md5sums are different?
[20:40] <mathiaz> SpamapS: http://ceph.newdream.net/download/ceph-0.21.tar.gz
[20:40] <SpamapS> I jsut re-wgot it   9ecbaf9975aa4d2afcaa2f14e8d21e73  ceph-0.21.tar.gz
[20:40] <SpamapS> 9ecbaf9975aa4d2afcaa2f14e8d21e73  ceph-0.21.tar.gz.1
[20:41] <mathiaz> SpamapS: hm - let me retry
[20:41] <SpamapS> mathiaz: remember, I was a little concerned about the carelessness in licensing? I think Sage may be a little bit loose w/ names and versions... so maybe there are two ceph-0.21.tar.gz files running around
[20:43] <mathiaz> SpamapS: ok - I fixed my problem
[20:43] <mathiaz> SpamapS: it was using the .orig file from the build-area/
[20:43] <SpamapS> mathiaz: that one bit me earlier too
[20:43] <mathiaz> SpamapS: and the .orig. that was in the parent directory got overwritten
[20:43] <mathiaz> SpamapS: yeah - it's not the first time
[20:44] <SpamapS> mathiaz: I went through and cleared out all ceph*.tar.gz's and started over. :-P
[20:44] <mathiaz> SpamapS: we should probably file a bug against bzr-builddeb against that
[20:44] <mathiaz> SpamapS: :)
[20:44] <SpamapS> mathiaz: I don't know if they can do anything short of md5sum'ing every time
[20:44] <mathiaz> SpamapS: well - I would start by putting files in *one* place only
[20:44] <mathiaz> SpamapS: I don't see the reason for keeping files in both .. and ../build-area/
[20:45] <SpamapS> true, just symlink it
[20:45] <SpamapS> is there a way, in a .install file, to create a symlink?
[20:46] <smoser> mathiaz, did you see my question above? which is correct for native packaging version. 0.14-0ubuntu1 or 0.14ubuntu1
[20:46] <mathiaz> SpamapS: you wanna use pkg-name.links
[20:46] <SpamapS> mathiaz: ahh perfect. :)
[20:46] <mathiaz> smoser: 0.14ubuntu1
[20:46] <smoser> thanks.
[20:46] <mathiaz> smoser: sorry for not answering right away
[20:46] <smoser> no problem . just htought you missed it.
[20:46] <smoser> do you know if there is something i can do that would make 'dch -i' do that ?
[20:47] <mathiaz> smoser: native packages are packages that don't have a revision - just an upstream version
[20:47] <smoser> i'm hoping something i could check in that would stick with that branch checkout
[20:47] <mathiaz> smoser: I don't know
[20:47] <mathiaz> smoser: native packages are quite unusual
[20:47] <mathiaz> smoser: what's the name of the package?
[20:47] <smoser> cloud-utils
[20:48] <smoser> the problem is that someone does a checkout, then 'dch -i' and they get the wrong numbering.
[20:48] <mathiaz> smoser: is there a reason why you wanna use a native package?
[20:49] <smoser> there are lots of reasons to use native packages :)
[20:49] <smoser> there is no point in releasing a tarball is the primary reason
[20:49] <mathiaz> smoser: fair enough
[20:50] <smoser> hm... 'man dch' indicates that it should do the right thing. "or, if this is a native Debian package, the version number."
[20:50] <smoser> but it doesn't
[20:50] <smoser> hm.. or maybe it does.
[20:50] <smoser> anywya, htanks for the clarification, mathiaz
[20:52] <mathiaz> SpamapS: what's the state of https://code.launchpad.net/~clint-fewbar/ubuntu/maverick/cloud-init/glusterfs-mount-example/+merge/29490?
[20:57] <smoser> dustin merged that into upstream cloud-init.
[20:58] <kirkland> smoser: hope you don't mind ...
[20:58] <smoser> i missed it in my latest upload of cloud-init
[20:58] <kirkland> smoser: was trying to clean out some email backlog;  looked harmless
[20:58] <smoser> i would have picked it up if it were a native package :)
[20:58] <kirkland> smoser: go native, dood
[20:58] <smoser> yeah, its harmless. just doc, which is fine.
[20:58] <SpamapS> Right so it should be status = merged
[20:58] <kirkland> colonel kurtz style
[20:59] <smoser> done.
[20:59] <smoser> merged
[20:59] <smoser> so, i have work to do in the next couple days in cloud-init, so i'll get that into the ubuntu package too.
[21:00] <smoser> SpamapS, just an fyi, the example you give wont work for lucid
[21:00] <therobot> sorry to ask again, what is the proper way to set a fqdn on ubunt 10.04 ? thanks
[21:00] <SpamapS> smoser: right, because of the issue w/ mount?
[21:00] <smoser> as for why, see last comment: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/613309
[21:00] <smoser> what is the mount issue ?
[21:00] <SpamapS> smoser: its the one you fixed, isn't it?
[21:01] <smoser> hm... i forget.
[21:01] <smoser> what i fixed
[21:01] <SpamapS> yeah it was a while ago
[21:01] <smoser> but in lucid, the runcmd isn't guaranteed to run after packages are installed
[21:01] <smoser> :-(
[21:01] <SpamapS> mounts were only being respected for device names
[21:01] <jbernard> kirkland: byobu: Cannot make directory '/var/run/screen': Permission denied
[21:01] <smoser> but on maverick they it will.
[21:01] <jbernard> kirkland: i just started to see this
[21:01] <SpamapS> smoser: well thats just annoying. ;)
[21:01] <kirkland> jbernard: lucid?  or maverick?
[21:01] <smoser> yeah, stupid parrallelism
[21:01] <SpamapS> Why isn't the whole cloud-config run in one serial process?
[21:02] <jbernard> kirkland: lucid, ppa, 3.1-0ubuntu1~ppa4
[21:02] <smoser> because, didn't you know ? parallel is better!
[21:02] <smoser> :)
[21:02] <smoser> in maverick, it does run serial. and the user can even modify the order if my chosen order is not sufficient for them.
[21:03] <kirkland> jbernard: dpkg -l screen
[21:03] <jbernard> kirkland: 4.0.3-14ubuntu1
[21:04] <jbernard> kirkland: /var/run is on tmpfs
[21:04] <jbernard> kirkland: i remember seeing this before, but haven't in a while,  are others seeing this?
[21:04] <smoser> you're seeing bug https://bugs.launchpad.net/ubuntu/+source/screen/+bug/574773
[21:04] <jbernard> ah ha
[21:04] <smoser> there is a fix.
[21:05] <smoser> but its not in -proposed or -updates... kirkland what is your feeling on that ? loic kind of nixed it
[21:05] <smoser> or suggested that it should be nixed.
[21:05] <smoser> i think it is very low risk SRU
[21:06] <kirkland> jbernard: i think that's https://bugs.edge.launchpad.net/ubuntu/+source/screen/+bug/574773
[21:06] <smoser> is there an echo in here, kirkland ? :)
[21:06] <kirkland> smoser: i just pasted a response to loic ...  we could add a mount/grep/sleep loop, that waits until /var/run is mounted
[21:06] <smoser> yeah, cause that would be cleaner
[21:06] <kirkland> smoser: you found it faster than me ;-)
[21:06] <smoser> :)
[21:06] <kirkland> smoser: yeah;  i like the upstart job
[21:07] <kirkland> jbernard: can you test the fix in -proposed?
[21:07] <kirkland> jbernard: and note in the bug if that fixes your problem?
[21:07] <smoser> the awesome bar is awesome. folks that have jumped to other browsers don't get it. i just type 'bug screen' and then tab.
[21:07] <jbernard> sure, it's a race against /var/run being mounted, now?
[21:07] <jbernard> s/now/no
[21:08] <smoser> not mounted
[21:08] <smoser> cleaned
[21:08] <smoser> so, kirkland, your fix wont work.
[21:08] <smoser> the 'wait til mounted'
[21:08] <SpamapS> kirkland: I'm wrapping up the finishing touches on making eucalyptus munin-friendly .. collectd seems to be a long shot at this point. I'll propose a merge as soon as I've tested it out, but if nothing else, it graphs NC/SC/Walrus stats using the ganglia plugin eucalyptus puts out (patched for munin) ...
[21:08] <smoser> the problem is that screen's sysvinit job sets up /var/run and then some other upstart job comes through and cleans out /var/run
[21:09] <SpamapS> smoser: ew!
[21:09] <smoser> but, kirkland, the patch you have in comment 13 is wrong
[21:09] <smoser> it will never run
[21:09] <SpamapS> Seems like there need to be some fences between classes of upstart jobs
[21:09] <smoser> there is no job 'filesystems'
[21:09] <smoser> or... no event.
[21:09] <smoser> you would want 'filesystem'
[21:10] <kirkland> smoser: yeah, that was fixed in maverick
[21:10] <smoser> oh. ok.
[21:10] <kirkland> smoser: let me see what landed in -proposed;  i think i fixed it before it uploaded
[21:10] <SpamapS> mathiaz: I'm about to head ot lunch. Whats the status on ceph?
[21:11] <kirkland> smoser: hmm, hasn't been accepted to proposed yet
[21:11] <smoser> now that i'm thinking about it.. i have to read this again
[21:11] <ScottK> zul: Is it you or SpamapS that's going to prepare the php-imap update for 5.3.3?
[21:12]  * SpamapS spots the bus coming, and prepares to judo-throw zul
[21:13] <smoser> i'm wrong about cleaning
[21:13] <smoser> i think
[21:15] <ScottK> SpamapS or zul: uw-imap is FTBFS on armel due to build system regressions, so please version the build-dep so it doens't risk getting misbuilt.
[21:16] <smoser> so, there is no cleaning of /var/run, its a tmpfs mount point. and the problem is that screen's job was running befre that is mounted (sometimes). so its work gets mounted over.
[21:16] <smoser> i'm not really sure what does the mount
[21:16] <jbernard> smoser: that's what i was thinking also
[21:19] <jbernard> smoser: what about adding 'local_fs' to Required_Start for /etc/init.d/screen-cleanup ?
[21:19] <SJr> Hmmmm I'm trynig to get autofs to work with 10.04, but it doesn't seem to work anymore. I'm following this guide: http://www.tjansson.dk/?p=84, but I only seem to get this error in the logs: automount[6907]: syntax error in nsswitch config near [ syntax error ]
[21:20] <smoser> jbernard, i dont think it would fix it.  in ubuntu, i could be wrong, but i dont think those lsb headers do anything.
[21:23] <smoser> i retract my statement to kirkland though i think the "while ! grep -q /var/run /proc/mounts && sleep 1; :; done" style wait would work fine
[21:24] <SpamapS> smoser: wouldn't start on filesystem handle that as well?
[21:24] <RoyK> anyone here that knows about btrfs progress?
[21:25] <RoyK> it'd be nice to have something like zfs lite :þ
[21:25] <smoser> SpamapS, yes, it would.
[21:25] <smoser> the suggestion of the sleep and grep is to not do an upstart job, but remain sysvinit
[21:25] <smoser> as loic suggested he didn't like the conversion to upstart in an SRU
[21:26] <FunnyLookinHat> I'm having some issues with the copy of libfaac in the repos ( 10.04 ) - is there a way that i can tell what version is in the repos ?
[21:27] <jbernard> smoser: is that fix currently in -proposed?
[21:27] <smoser> i see no indication of that.
[21:27] <Black_Prince> !info libfaac
[21:28] <smoser> but kirkland said it was.
[21:28] <FunnyLookinHat> !info libfaac0
[21:28] <FunnyLookinHat> ???
[21:28] <Black_Prince> !info libfaac0
[21:28] <FunnyLookinHat> Ah ok
[21:38] <papertigers> I need to try this ubuntu font
[21:38] <bahamas10> papertigers: its closed-source and proprietary
[21:39] <papertigers> bahamas10: I wish, i hope i have to go to windows update to get it
[21:40] <bahamas10> papertigers: it should prompt you with the update after you reboot twice.. don't forget your serial key
[21:45] <kirkland> jbernard: smoser: its not been accepted into proposed yet
[21:46] <kirkland> smoser: yeah, that would be the easiest and most appropriate fix for lucid, probably
[21:46] <kirkland> smoser: while/grep/sleep
[21:46] <kirkland> smoser: i'll ditty up another package and upload to proposed, see if lool likes it any better :-)
[21:47] <smoser> i think you should push on the upstart job being the correct thing.
[21:48] <smoser> and even ask mr Keybuk to read it.
[21:48] <smoser> that is the right solution
[21:48] <smoser> as the sleep grep ... would fail if for some reason /var/run is not on its own filesystem
[21:48] <smoser> (it will be in all of lucid unless modified by the user, but still)
[21:49] <smoser> i see now, /lib/init/fstab is what tells mountall to mount /var/run as a tmpfs
[21:50] <wieshka> how can i install ACPI on ubuntu ?
[21:53] <kirkland> smoser: i have asked keybuk REPEATEDLY to review that script
[21:53] <lavish> hi all. I've put a script into /etc/cron.hourly/ but it doesn't seem to be executed. Cron is running according to `service cron status'. Am I missing something?
[21:54] <guntbert> lavish: did you make it executable?
[21:54] <lavish> sure
[21:54] <lavish> root@studenti:/backup# ls -l /etc/cron.hourly/
[21:54] <lavish> total 4
[21:54] <lavish> -rwxr-xr-x 1 root root 243 2010-08-05 20:53 backup.sh
[21:54] <mathiaz> SpamapS: looks good now - I've uploaded the ceph package to maverick
[21:55] <mathiaz> SpamapS: it should be sitting in the NEW queue to be reviewed by an archive admin
[21:58] <MTecknology> thesheff17: http://profarius.com/content/secure-websites
[21:58] <MTecknology> thesheff17: not the 'best' article but I hope it's ok
[21:59] <guntbert> lavish: does your script start with a line #!/bin/sh ?
[22:02] <smoser> MTecknology, nice article.
[22:02] <smoser> the time when I did something like this, I was playing with unionfs and jailing a root user (for testing, not entirely safe).
[22:03] <smoser> i'd chroot the user into a directory that had a unionfs mounted over the top of /.
[22:03] <smoser> so they could 'rm -Rf /' and see what would happen.
[22:03] <smoser> or 'rpm -e --force glibc'
[22:03] <MTecknology> sounds like fun
[22:04] <MTecknology> sounds like what i originally wanted but I think I'd prefer what I have now
[22:04] <lavish> guntbert: http://paste.pocoo.org/show/246526/ executed directly it works fine
[22:04] <MTecknology> smoser: why jail root? what does that offer?
[22:05] <MTecknology> smoser: btw - thanks
[22:06] <guntbert> lavish: use full paths for all executables you are calling (i.e /bin/bzip2)
[22:08] <lavish> guntbert: oky, let's wait ~1h ;)
[22:08] <MTecknology> So.. If I want to specify a few cron tasks in a file, I can just put that file in /etc/cron.d/foo and it'll work like magic?
[22:09] <MTecknology> I love simple
[22:10] <guntbert> MTecknology: look at the files in /etc/cron.d    -- they are crontabs
[22:11] <MTecknology> guntbert: simple is awesome :D
[22:12] <guntbert> MTecknology: :)
[22:15] <papertigers> who needs cron when you have the sleep command
[22:22] <lavish> guntbert: isn't anyway any log messages about failed cron scripts?
[22:24] <lavish> MTecknology: interesting post. I use hardened gentoo + grsecurity with an active RBAC policy on critical production servers
[22:24] <lavish> rbac is much simpler than selinux, really
[22:25] <guntbert> lavish: I'm not sure to be honest, if I remember correctly you can turn mails/logs on or off
[22:25] <MTecknology> lavish: I never looked at grsecurity much.
[22:26] <lavish> and it's simpler because the generated policy fits exactly your system, it's not developed by another company (like tresys ;)
[22:26] <lavish> MTecknology: give it a look
[22:26] <lavish> you'll love it :D
[22:26] <MTecknology> nice
[22:27] <MTecknology> how much do you have to modify the default system to use it?
[22:27] <lavish> and most of the featuers of grsecurity come gratis. Only rbac needs some time to understand
[22:27] <lavish> MTecknology: nothing, it's not label based like selinux
[22:28] <MTecknology> lavish: spiffy
[22:28] <MTecknology> maybe that'll be my next posting
[22:29] <lavish> MTecknology: if you need some help understanding rbac, feel free to hit me. I like mandatory control access systems a lot ;)
[22:30] <MTecknology> lavish: ok, thanks :)
[22:30] <lavish> (Oh, and apparmor will be merged into vanilla on 2.6.36. Canonical is just crazy. :P )
[22:32] <lavish> apparmor was left alone by novell. Then suse and ubuntu started switching from apparmor to selinux... and now what? Canonical developed apparmor in order to be included into vanilla... I don't really understand :P
[22:32] <jdstrand> lavish: ubuntu never switched to selinux
[22:33] <lavish> jdstrand: but it started to
[22:33] <jdstrand> lavish: we have selinux available for people to use
[22:33] <jdstrand> lavish: you are mistaken
[22:33] <zul> ScottK: yes i know
[22:33] <jdstrand> lavish: we made selinux available to use, and continued to develop apparmor
[22:33] <jjohansen> lavish: actual its some what the same with suse, both are available to use
[22:34] <jdstrand> like any technology, we reviewed the various MACs and found AppArmor to best fit with Ubuntu
[22:34] <jdstrand> and stuck with it
[22:34] <lavish> jdstrand: exactly, but for me starting to support selinux with apparmor abandoned by novell ment ubunt was starting to switch to selinux
[22:35] <lavish> I agree that apparmor fits ubuntu
[22:36] <jdstrand> lavish: I'm not sure how to respond to that. Ubuntu and Suse are different, and we make different decisions. at the time in question, we decided to stay with AppArmor
[22:37] <jdstrand> anyhoo, yea that apparmor is going upstream!
[22:37]  * jdstrand continues to keep fingers and toes crossed
[22:37] <jcastro> \o/
[22:37] <lavish> :D
[22:42] <ScottK> zul: OK.  Just making sure.
[22:49] <ScottK> http://www.depesz.com/index.php/2010/08/05/how-to-make-sure-you-will-not-get-any-help-on-irc/
[22:52] <lavish> ScottK: shit happens
[22:52] <ScottK> I've run into people like that myself.
[22:53] <lavish> ScottK: I'm one of "like that" ppl, so stop bothering. Kthxbye.
[22:53] <lavish> j/k :P :P :P
[22:57] <patdk-lap> ubuntu doesn't boot for me :)
[23:07] <Tohuw> I don't have an "admin" group on my new ubuntu server install. I created one and added my user to it (echo "admin:x:119:ron" >> /etc/group) and then added "User_Alias ADMINS = %admin" using visudo, but I still cannot sudo as user ron. Why?
[23:09] <patdk-lap> dunno what visudo is
[23:09] <patdk-lap> but how about editing /etc/sudoers
[23:09] <patdk-lap> and putting in like: %admin ALL=(ALL) ALL
[23:10] <Tohuw> patdk-lap: "# This file MUST be edited with the 'visudo' command as root."
[23:11] <Tohuw> (from /etc/sudoers)
[23:11] <patdk-lap> heh, I never edit it with visudo :)
[23:11] <patdk-lap> never knew visudo existed
[23:11] <Tohuw> patdk-lap: hm. well, do I even need the user_alias line then?
[23:12] <Tohuw> or just the line you suggested
[23:12] <patdk-lap> I only have the line I said in mine
[23:12] <Tohuw> ah, and it works. Thank you sir
[23:16] <hggdh> visudo tries to make sudo survive a bad change -- like syntax error
[23:16]  * patdk-lap should figure out why his ubuntu test server won't boot anymore
[23:17] <patdk-lap> hangs doing some plymouth stuff
[23:17] <patdk-lap> all I did was add some ipv6 stuff into network/interfaces
[23:17] <wieshka> hey, is there somebody, who is using apache + mod_proxy ?
[23:17] <Tohuw> !anyone | wieshka
[23:18] <wieshka> Tohuw: :)
[23:18] <wieshka> the problem is that i have only one IP address from my ISP, and i am ruuning severeal virtual machines on server, using the public bridge
[23:19] <wieshka> so i have to route 80 port traffic for each vh
[23:22] <patdk-lap> all that, and we still don't know the question
[23:23] <kirkland> jdstrand: howdy!  do you know how to disable the virtio-balloon driver in libvirt?
[23:23] <jdstrand> kirkland: not otoh, no
[23:24] <kirkland> jdstrand: mkay
[23:24] <jdstrand> (I've never messed with it at all)
[23:24] <kirkland> jdstrand: do you know of a reason why libvirt would prevent you from assigning more than 16 cpus to a guest?
[23:24] <kirkland> jdstrand: the error i'm getting is about virtio balloon when i add the 17th cpu
[23:24] <kirkland> jdstrand: kvm alone can do -smp 17 just fine
[23:25] <jdstrand> sorry no-- I'd just compare the kvm invocations between the two. you might check kern.log to make sure libvirt isn't try to make some sort of an adjustment that is denied by apparmor