[00:11] <bit-flipper> running ubuntu server 10.04 on a couple of web production machines and decided to build a home media server
[00:11] <bit-flipper> Having trouble seeting up a sound driver is there an easy way?
[00:13] <bit-flipper> or should I simply install the ubuntu base distribution?
[00:13] <bit-flipper> which I think will set up the sound correctly to start with
[00:15] <gcleric> bit-flipper, have you found - https://wiki.ubuntu.com/PulseAudio
[00:21] <ryan_> Hello all. Is there any way to check that I actually installed 'minimal' like intended? I have a sneaky suspicion I didn't.
[00:24] <bit-flipper> ryan: df will show you waht sapce you've used
[00:29] <ryan_> Thanks bit-flipper! does this look like a minimal? Used: 1984812
[00:31] <CppIsWeird> is there a quick way to install php for apache2?
[00:32] <ryan_> lampp?
[00:33] <CppIsWeird> no packages come up with that
[00:36] <jpds> CppIsWeird: Install the php5 package?
[00:36] <SpamapS> CppIsWeird: apt-get install libapache2-mod-php5
[00:36] <SpamapS> CppIsWeird: or run 'tasksel' and choose LAMP, but that will also give you MySQL.
[00:37] <SpamapS> CppIsWeird: note that you will need to stop/start apache after that package installs.
[00:37]  * SpamapS realizes he is late, and disappears
[00:37] <CppIsWeird> lol, that would have been useful. but i've already got apache2 and php installed, so im gonna continue. :P
[00:37] <CppIsWeird> but thanks for trying! :-)
[00:37] <hggdh> jdstrand: there?
[00:38] <bit-flipper> Ryan: that seems smaller than a standard ubuntu dist...
[00:39] <hggdh> hallyn: it is actually under /var/lib/eucalyptus/instances/<user>
[00:50] <batok> has anybody used esxi to virtualize an ubuntu server?
[00:52] <ryan_> bit-flipper: thanks again :)
[01:17] <the_archit3ct> encore besoin d'aide avec apache2
[01:17] <the_archit3ct> j'ai installé les paquets php5, et maintenant apache2 ne veut plus se lancer
[01:17] <the_archit3ct> j'arrive pas à comprendre ...
[01:18] <the_archit3ct> sudo service apache2 start
[01:18] <the_archit3ct>  * Starting web server apache2                                                                                                            [ OK ]
[01:18] <the_archit3ct> sudo service apache2 status
[01:18] <the_archit3ct> Apache is NOT running.
[01:18] <the_archit3ct> so ... wtf ?
[02:51] <thesheff17> has anyone used a EMC AX150 SAN with Ubuntu server?
[03:03] <thesheff17> Has anyone tried this? http://www.howtoforge.com/using-iscsi-on-ubuntu-9.04-initiator-and-target
[03:23] <hallyn> hggdh: right, my point was that libvirt seems to be doin the right thing and i think eucalyptus is mucking with it
[03:55] <ball> I'm tinkering with software RAID on Ubuntu Server.  I made a raid partition on each disk and the installer let me make a RAID 1 array from them, but only seems to want a single ext4 partition (I was thinking of putting swap on there too)
[03:55] <ball> Should I keep swap outside the raid partitions?
[03:57] <amstan> ball: having swap inside the raid will actually make your system not crash if a harddrive crashes
[03:58] <ball> amstan: That was what I was hoping for.
[03:58] <amstan> well.. that's the theory anyway..
[03:58] <amstan> i can think of other reasons too though, it will make reads faster for the swap, if you need that sort of thing
[03:58] <amstan> and it'll keep the drivers more symmetric looking
[03:59] <amstan> i have my swap the same as my other partitions on raid 1
[03:59] <ball> For some reason I can't seem to find the option that will let me partition the array.
[04:01] <ball> Do I need to configure two separate arrays, one for the ext4 and one for the swap?
[04:01] <ball> That seems a bit odd.
[04:02] <wippler> how to configure software on ubuntu
[04:02] <wippler> software raid on ubuntu
[04:07] <ball> wippler didn't stick around long enough for anyone to answer.
[04:22]  * ball gives up and makes a separate array for swap
[04:39] <chrislabeard> Is there no way to turn off journaling in ubuntu ?
[04:39] <chrislabeard> I see the only way I think its to boot off os x install disk and turn off journaling
[04:42] <smw> chrislabeard, don't use ext3
[04:42] <smw> chrislabeard, use ext2 for the root partition
[04:43] <chrislabeard> This is my secondary HDD that I used when I had os x running on this machine
[04:43] <smw> chrislabeard, of course, I would probably like to know WHY you want to do that
[04:43] <ball> I would think the way to turn off journalling would be to use a non-journalling filesystem
[04:43] <ball> (for that part of your data)
[04:43] <ball> (the part that you want to break ;-)
[04:44] <smw> ball, I always answer questions, then I look back and say "why would anyone do that"
[04:45] <chrislabeard> I told you dood
[04:45] <ball> chrislabeard: I must have missed that.
[04:46] <smw> ball, so did I
[04:46] <chrislabeard> Secondary HDD for my mac I have recently installed ubuntu on the primary drive.
[04:46] <chrislabeard> Aka it is still MAC OS Extended
[04:47] <ball> MacOS doesn't use Linux filesystems afaik, so I'm not sure how that helps.
[04:47] <chrislabeard> what ?
[04:47] <ball> I wasn't even aware the Mac could run Ubuntu.
[04:48] <chrislabeard> yes it can
[04:48]  * ball shudders at the thought of Apple firmware.
[04:48] <chrislabeard> it runs great btw
[04:48] <chrislabeard> thanks for asking
[04:48] <ball> chrislabeard: xServe?
[04:49] <chrislabeard> its powermac G5
[04:49] <chrislabeard> a(
[04:49] <chrislabeard> Still a great machine
[04:49] <ball> I've thought in the past about buying one of those, but it wouldn't make sense for me today.
[04:50] <chrislabeard> I use it as a server and a piece of furniture just cause its so good looking
[04:50] <chrislabeard> Don't lie you know its sexy
[04:51] <afeijo> hi guys, how can I configure 2 identical ubuntu server as a cluster?
[04:51] <ball> chrislabeard: "sexy" is subjective, thankfully.
[04:51] <ball> hello afeijo
[04:51] <chrislabeard> lol
[04:53] <afeijo> hi ball :) you nick remind me Baal from Stargate SG1 scifi tv show :D
[04:54] <ball> afeijo: I've not seen that.
[04:54] <afeijo> I love scifi, SG1 is my favourite
[04:54] <afeijo> aside with startrek
[04:55] <ball> More of a Who man myself.
[04:56]  * ball waits patiently for Ubuntu to install again.
[04:56] <afeijo> dont know that one
[04:56] <ball> afeijo: Doctor Who ?
[04:57] <afeijo> I heard but never watched
[04:57] <afeijo> british humor is weird :)
[04:57] <talcite> hey guys. I'm getting reports that the tomcat 6 in the repos doesn't work properly and that I should be installing the one from the apache project site. They never go into detail about what doesn't work though. Does someone know what I'm talking about?
[04:58] <afeijo> no one uses cluster in the channel?
[05:00] <ball> afeijo: define "cluster"
[05:01] <afeijo> ball, 2 ubuntu working as 1
[05:01] <afeijo> I installed 2 VM to try it, to learn
[05:01] <afeijo> a LAMP server
[05:02] <ball> afeijo: Okay.  Be aware that is just /one/ interpretation of the word though.
[05:02] <ball> ("Cluster" is ambiguous)
[05:02] <afeijo> I see
[05:03] <ball> Sounds as though you want to strap two Ubuntu Server boxes together in hope of achieving "high availability"
[05:03] <ball> I recently had an application that needed that, but I wasn't able to find a solution.
[05:03] <afeijo> yes!
[05:04] <afeijo> faster and failsafe
[05:04] <ball> ...but I didn't hit the vm vendors hard.
[05:04] <afeijo> oh :)
[05:04] <ball> (and our budget was limited)
[05:04] <afeijo> I don't think it is related to the VM, I installed heartbeat, but now I need to figure out how to configure it
[05:05] <ball> afeijo: There are a couple of different approaches.
[05:05] <ball> If it's for something important enough to warrant H.A, I suggest you consult an expert.
[05:07] <ball> We couldn't afford to, so I scratched the project.
[05:07] <ball> (also, we couldn't print).
[05:07] <afeijo> thats bad
[05:07] <afeijo> I know a few good linux guys, I will email them :) Thanks
[05:07]  * ball shrugs
[05:08] <afeijo> 1 a.m., sleep time ... good night
[05:08] <ball> I'll be really lucky if I get to bed by 01:00
[05:17]  * ball pokes his Ubuntu Server testbed with a sharpened stick
[05:57] <talcite> Is dapper server still being supported?
[05:57] <talcite> This site says it's EOL, but the email it links to says otherwise. https://wiki.ubuntu.com/Releases
[05:57] <talcite> The second paragraph says the server edition goes till 2011 june. https://lists.ubuntu.com/archives/ubuntu-announce/2009-July/000123.html
[05:58] <twb> !EOL
[06:00] <Runeg> I was scanning a job application, and I came across "Layer 2, 3, and 7 security required". Wouldn't that mean you're programming the application too?
[06:00] <twb> That page does seem strange; maybe when Dapper was released, Canonical had not yet committed to five years of support for LTS Server packages?
[06:00] <twb> Runeg: depends which model they're using; but I would guess so.
[06:14] <qman__> I'm pretty sure dapper server had 5 years
[06:15] <qman__> of course that would put us in the final year right now, so you should think about upgrading anyway
[06:46] <twb> qman__: that wiki page indicated it wasn't
[06:57] <alex88> mornig..what's the right way to jail users? i mean creating a chroot environment
[06:58] <alex88> because i'm thinking of create a /jail dir where i put customers, and use the chroot option of apache and set to /jail then use fcgid and suexec to run php inside the jail..
[07:02] <joschi> alex88: there's no "right" way, there are several ways to put your (web server) users into a chroot environment
[07:03] <joschi> alex88: you could run one httpd per user or you could just chroot the script processes for example
[07:04] <alex88> joschi: well, apache has the chroot option, and i can use it.. but what about php, supposed it will be runned by the user
[07:04] <joschi> alex88: you mean mod_chroot?
[07:05] <joschi> alex88: or do you mean ChrootDir of the stock apache?
[07:05] <alex88> ChrootDir...
[07:06] <alex88> or, is mod_chroot better? cause it's older that the time that option is implemented in stock apache
[07:06] <joschi> ah ok. so then your complete apache is running in that chroot environment and the scripting processes will inherit that environment
[07:09] <alex88> really? will fcgid runned inside and also the php scripts cannot access outside that also with system() function?
[07:12] <twb> chroot isn't the same as a jail.
[07:12] <twb> If you want a proper jail, consider LXC or OpenVZ or vserver
[07:13] <alex88> they're for running vps right?
[07:13] <twb> They're for running jails.
[07:13] <alex88> so jail is a complete indipendent system?
[07:13] <twb> The distinction between a heavyweight jail and a lightweight VPS is blurry
[07:13] <twb> It's not independent in the sense that it has its own boot sequence and kernel.
[07:14] <alex88> well, right..so i want a chroot?
[07:14] <twb> I don't know what you want.
[07:14] <twb> http://en.wikipedia.org/wiki/Operating_system-level_virtualization discusses jails.
[07:15] <alex88> well, i want that users (hosted sites etc), don't exit /jail/ dir
[07:15] <twb> OK, put it this way:
[07:16] <alex88> i mean with php scripts..they won't have shell
[07:16] <twb> A VM provides virtual hardware.  A jail provides virtual parts of the kernel, such as the network stack and the VFS (directory tree).
[07:16] <twb> A chroot is a jail that can *only* virtualize the VFS and nothing else.
[07:17] <alex88> ok..so a chroot will be enough..cause the apps etc are all linked to the main apps of the system.. but they won't get out the VFS
[07:17] <twb> That really depends.
[07:17] <twb> Certainly it is easier to break out of a chroot than a jail.
[07:18] <alex88> i've tried http://olivier.sessink.nl/jailkit/ some time ago, and it chroots fine the ssh session..but i don't know about php scripts..because it changes the shell in /etc/passwd so i think it doesn't matter with php scripts..
[07:19] <alex88> right..but i don't know how to build a jail without using virtualization apps..
[07:25] <alex88> on the net they all talk about chroot with ssh..so it doesn't affect php scripts i think
[07:27] <alex88> btw, i'll try with apache chroot (that's not so much documented...) and the fcgid
[07:31] <alex88> this seems to be fine http://www.seaoffire.net/fcgi-faq.html but i have to check more
[07:42] <intrepid-ab> hey all
[07:44] <alex88> !hi
[07:47] <intrepid-ab> this is nice - havent been to this room.
[07:47] <intrepid-ab> i have one question - has anyone here tried to install ubuntu on a dell optiplex 320? there seems to some issue with the bios, you cant install linux on that machine. I have googled the information and i couldnt really find an easy way around it
[07:47] <alex88> never..what's that?
[07:48] <intrepid-ab> is my question not clear?
[07:53] <alex88> what's that? a server?
[07:54] <alex88> that's a wiki page for that https://wiki.ubuntu.com/DellOptiplex320
[07:56] <intrepid-ab> yeah, they seem to define steps on how to get past the issue, but not explain why this is happening or why we are running those commands
[07:57] <intrepid-ab> it is assumed that you have excellent experiance with the commands
[07:58] <alex88> right..and there are no info about lucid
[07:58] <alex88> yout've tried that?
[08:01] <qman__> intrepid-ab, that page says karmic works out of the box
[08:01] <qman__> I'd have to guess lucid would too, they share a lot in common
[08:03] <qman__> it also looks like the problem is grub1, which lucid does not use on new installs
[08:04] <intrepid-ab1> i have tried it with grub2 - the issue is not resolved
[08:05] <intrepid-ab1> i really dont understand how the bios doesnt support any linux distro
[08:06] <alex88> intrepid-ab1: checked for bios updates? what's wrong with grub?
[08:06] <Daviey> Good Morning Campers!
[08:06] <alex88> campers? :)
[08:06] <intrepid-ab1> i have upgraded the bios
[08:07] <intrepid-ab1> but it still will not boot the installed system
[08:07] <alex88> to 1.1.12?
[08:07] <intrepid-ab1> yep
[08:09] <alex88> dunno...so what's the problem with grub?
[08:10] <intrepid-ab1> no clue - tried a lot of things - i guess the kernel fix is what is left
[08:10] <alex88> ok
[08:10] <intrepid-ab1> thanks for the help
[08:11] <intrepid-ab1> great channel - will drop by again - thank you again alex88
[08:11] <alex88> i'm afraid that's nothing to do... :(
[08:11] <alex88> np..
[09:29] <huats> morning
[09:45] <alex88> morning..
[09:45] <alex88> has anyone tried to setup virtualbox on ubuntu server?
[09:47] <YankDownUnder> alex88, I might give this a go tonight...cuz I was asked by a client to test it...
[09:47] <binBASH> alex88: Only on ubuntu desktop ;)
[09:48] <binBASH> for server I'm using kvm virtualization
[09:49] <alex88> binBASH: easy to install?
[09:49] <alex88> YankDownUnder: oh..nice.. :) i'll try later
[09:50] <binBASH> alex88: the virtualbox or the kvm?
[09:50] <alex88> the kvm
[09:50] <binBASH> it's quite easy
[09:51] <YankDownUnder> I want to "serve" the VM's...not run a server in a VM...
[09:52] <alex88> binBASH: oh..there's a wiki for that..nice
[09:52] <binBASH> sure ;)
[10:10] <starslights> hello to everyone, i have a few problem and need help for ubuntu server 10.04.1 LTS if possible
[10:11] <Jordan_U> !ask | starslights
[10:12] <starslights> i have get a installed version with only "root" for user name and it seem that's make me some problem installing desktop and nx
[10:12] <starslights> in fact i think that i mostly need to use a non-root user to do that thing , it is right ?
[10:14] <starslights> i already installed my own in my life and don't has problem but now i don't know what i must do. i.e if i need create another simple user or not, sorry for my englisg between
[10:14] <starslights> actually i have installed ubuntu-desktop via root  and NX but still say that i can't access as user root with NX
[10:15] <starslights> hi Jordan_U, yep, i know, thanks, just not easy to know how explain :D
[10:16] <Jordan_U> starslights: What is your first language?
[10:16] <twb> starslights: best practice is to minimize the amount of things you run as root.
[10:16] <starslights> French
[10:17] <Jordan_U> !fr | starslights
[10:17] <starslights> oh,i will try in the FR if one existe for ubuntu, Thanks anyway for your answer, nice from you
[10:18] <Jordan_U> starslights: You're welcome.
[10:18] <starslights> having a great day guys :)
[10:18] <xampart> =)
[10:30] <shelter> hi
[10:31] <shelter> i'm having some trouble with apache2 on ubuntu server
[10:31] <shelter> anybody alive in here ?
[10:36] <RoyK>  
[10:36] <RoyK> shelter: just ask your questions, with details
[10:39] <shelter> k cool i have an apache installation with the default config
[10:40] <shelter> running on ubuntu server 9.10
[10:41] <shelter> i have a folder named 'cshelter' that contains some php files that i have written and i cannot access it, i get an internal seerver error (500)
[10:41] <shelter> but there is nothing about it in the apache error log file
[10:42] <RoyK> can you test php with a file containing a simple script, like <?php phpinfo(); ?> ?
[10:42] <shelter> that works
[10:43] <RoyK> I don't think I have seen Apache return 500 without logging the event
[10:44] <shelter> i have also installed phpmyadmin and that works
[10:44] <shelter> i know it's really weird
[10:44] <twb> RoyK: fill /var/log to 100%, and try again
[10:44] <RoyK> twb: hehe
[11:02] <shelter> k apache is not logging anything but i still cannot access it
[11:03] <shelter> i get a 'cannot find server' error in internet explorer
[11:03] <shelter> and a 'busy server' error on firefox
[11:03] <shelter> the thing is that i can access simple text files in the directory
[11:06] <shelter> and the files all have the same permissions
[11:09] <shelter> also if i use lynx on the server machine it works flawlessly
[11:10] <shelter> could it be some kind of network error
[11:10] <shelter> ?
[11:17] <RoyK> shelter: perhaps a firewall?
[11:17] <RoyK> ufw status
[11:17] <RoyK> telnet servername 80 - see if you can reach it
[11:23] <sherr> Maybe apache isn't running? Stop it, start it and look in the logs.
[11:31] <krainboltgreene> Ahem, anyone know any ways to slim down Ubuntu server?
[11:32] <jpds> krainboltgreene: Use Ubuntu JeOS?
[11:34] <krainboltgreene> Without installing a different version of Ubuntu ;)
[11:34] <alex88> twb?
[11:37] <shelter> ufw is disabled
[11:38] <shelter> anyway, i think im gonna switch to lighttpd,
[11:38] <shelter> it seems to work pretty nicely
[11:38] <shelter> cheers!
[11:52] <RoyK> krainboltgreene: dpkg -l and sort out the ones you don't need
[11:52] <RoyK> then just apt-get remove --purge them
[12:27] <nhck> Hi, how do I turn by ubuntu-box into a device that allows upnp-rendering? Using the local soundcard as an output.
[12:35] <alex88> i've these errors http://pastebin.com/212FZxq0 running with fcgid+chrooted apache..
[12:56] <Cuddle-Ing> hello i've got a small issue i hope, i've just compiled the xen-4.0.1-rc6-pre.gz and vmlinuz-2.6.31.14 ob ubuntu 10.04.1, It looks like that XEN will be loaded, but after that i get the following error message "mount: mounting none on /dev failed: No such device".I've got no idea where the problem is.
[12:57] <Cuddle-Ing> i did that menuentry "Ubuntu, Xen ext2c" { insmod ext2 set root=(hd0,1)     multiboot /xen-4.0.1-rc6-pre.gz
[12:57] <Cuddle-Ing>    module /vmlinuz-2.6.31.14 dummy=dummy root=/dev/sda1  ro quiet splash console=tty0    module /initrd.img-2.6.31.14  }
[12:58] <Cuddle-Ing> i've tried as well to use UUID of root and as well without splash console quiet or with single each time the same error and as well without dummy
[12:59] <Cuddle-Ing> anyone there who could help ?
[13:01] <alex88> never used that...i'm soory
[13:01] <alex88> *sorry
[13:01] <Cuddle-Ing> but there must be someone who has used ot ;)
[13:21] <wastl> hi
[13:21] <Cuddle-Ing> need help xen 4.x and ubuntu 10.04
[13:21] <kokozedman> hey guys
[13:21] <kokozedman> this rule fails: iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j MASQUERADE
[13:21] <kokozedman> it says: iptables: No chain/target/match by that name.
[13:23] <xampart> kokozedman: /j #Netfilter
[13:24] <kokozedman> jumping all around
[13:24] <kokozedman> thanks
[13:26] <Cuddle-Ing> xampart do you know xen 4.x on ubuntu ?
[13:26] <xampart> Cuddle-Ing: nope
[13:26] <Cuddle-Ing> anyone else ?
[13:26] <xampart> would recommend #xen
[13:26] <xampart> =)
[13:27] <Cuddle-Ing> i 'm in there as well, but they directed me to ubuntu server ;)
[13:27] <Cuddle-Ing> hmm maybe it is only a grub2 problem and not a xen issue
[13:27] <Cuddle-Ing> hello i've got a small issue i hope, i've just compiled the xen-4.0.1-rc6-pre.gz and vmlinuz-2.6.31.14 ob ubuntu 10.04.1, It looks like that XEN will be loaded, but after that i get the following error message "mount: mounting none on /dev failed: No such device".I've got no idea where the problem is.
[13:36] <Italian_Plumber> I've found information about slocate here: https://help.ubuntu.com/community/FindingFiles#locate and installed the slocate package. I've manually run its daily cron job: http://pastebin.com/fGzF6S9g ... and it does not seem to be indexing all of my filesystems:  http://pastebin.com/9i8Gxmie  (I have many files in my /media directory and subdirectories with "address" in them)
[13:54] <sherr> Cuddle-Ing: Try #xen. Very helpful often.
[13:55] <kpettit> any suggestions for software to manage large number of ubuntu servers?  These are rackspace cloud servers.  I need to have them install default packages and do configs.  They will not all be cookie cutter though.
[13:55] <kpettit> I've been looking at cfengine type systems but was hoping for something less painful
[14:18] <xampart> any ideas why raid1 recovery speed is only ca. 40000K/sec?
[14:21] <smoser> jdstrand, ping
[14:22] <jdstrand> smoser: yes?
[14:22] <smoser> group eucalyptus is member of libvirtd, and runs a kvm via libvirt on qemu:///system
[14:22] <smoser> is that process supposed to be running as root ? or eucalyptus
[14:22] <smoser> (i think root, but just want to check)
[14:23] <jdstrand> smoser: which process, kvm?
[14:23] <smoser> yes
[14:23] <jdstrand> smoser: yes it is
[14:23] <smoser> k
[14:23] <jdstrand> smoser: but it is confined by apparmor
[14:23] <smoser> right
[14:23] <smoser> i'm looking at https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/619843
[14:24] <smoser> which seems like we've got some messed up permissions somewhere. i don't know how the console.log ever worked (unless eucalyptus first creates that file with its perms and kvm just appends)
[14:24]  * hggdh starts paying attention
[14:24] <smoser> but for the others, it seems like we're euca_root_wraping too many things
[14:24] <smoser> to me
[14:25] <jdstrand> smoser: well, libvirt uses a stacked security driver mechanism
[14:25] <jdstrand> the one that is at the bottom and on all the time is the DAC one
[14:26] <jdstrand> on top of that is a MAC one that is set via the security_driver in /etc/libvirt/qemu.conf, and defaults to AppArmor on Ubuntu
[14:27] <jdstrand> upstream has been doing a lot with the DAC part, to make it so that systems that don't have a MAC system (eg, Debian) have some sort of protection
[14:27] <jdstrand> it isn't nearly as comprehensive as MAC, but better than nothing
[14:28] <jdstrand> anyhoo, the DAC security driver fiddles with permissions of files, and I noticed with the 0.8.3 upload that it changed the owner of the disk
[14:28] <jdstrand> (this actually was part of a CVE fix too)
[14:28] <jdstrand> (from upstream)
[14:28] <smoser> well, this is interesting
[14:28] <smoser> i bet it changed console.log also
[14:28] <jdstrand> so, it is most certainly libvirt changing the permissions on you
[14:28] <jdstrand> (for disks)
[14:28] <jdstrand> and yeah, possibly the console log
[14:29] <hggdh> the critical seems to be the console log, since we see no problems on the other files
[14:30] <jdstrand> it might be interesting to have libvirt start kvm instances as non-root (by adjusting /etc/libvirt/qemu.conf), and seeing what happens. this is untested, but should work fine (conceptually) with the MAC driver
[14:31] <jdstrand> as such, you could put the eucalyptus user in the group of the user that libvirt starts machines as, and voila
[14:31] <jdstrand> the support is already in Debian, and has been since before Lucid released, but that change didn't happen until too soon before lucid released and was deemed too risky
[14:32] <hggdh> do we have time to do it?
[14:32] <jdstrand> sure
[14:32] <jdstrand> it isn't a feature per se
[14:32] <jdstrand> 9008-run-as-root-by-default.patch
[14:32] <jdstrand> compile it without ^
[14:33] <jdstrand> then test the $@&% out of it
[14:33] <hggdh> heh. This is something I have been doing a lot ;-)
[14:33] <RoAkSoAx> smoser: well the image is kept because is not empty, so if users wants to run that image, he would just do "tesdrive -u file://name.img". However, everytime you run an ISO a disk image is create regardless there might have been a previous installation using the same ISO/win 17
[14:33] <hggdh> smoser: willing to try?
[14:33] <smoser> personally, no. :)
[14:33] <smoser> but that would be much more davieys' call than me.
[14:33] <smoser> i think its a nother moving part that i wouldn't want to add
[14:34] <hggdh> I will try (famous last words)
[14:34] <RoAkSoAx> u smoser dont mind me error
[14:34] <smoser> :)
[14:34]  * Daviey reads scrollback
[14:34] <hggdh> brb
[14:34] <RoAkSoAx> this always happens when i connect throuth my phone lol
[14:34] <smoser> jdstrand, so what permissions did disk have before ?
[14:35] <jdstrand> smoser: they were unchanged. so if a regular user created the disk, then they were owned by that user. I don't know about console.log
[14:36] <smoser> ah. ok. so that is probably what was happening.
[14:36] <smoser> so, jdstrand what would our options be then ?
[14:36] <smoser> we can a.) try running as non root
[14:36] <Daviey> jdstrand, From a security aspect - do you care which user it runs as?
[14:36] <smoser> b.) something, i hopw
[14:36] <smoser> hope even
[14:36] <jdstrand> smoser: right. the idea is that libvirt chowns the files to be owned by the process that kvm is running as
[14:37] <jdstrand> smoser: so if it is a non-root user, then kvm only has access to those files
[14:37] <jdstrand> Daviey: well, read the top of 9008-run-as-root-by-default.patch
[14:38] <jdstrand> Daviey: it would be nice to run as non-root, but with AppArmor on by default, the security benefit is marginal
[14:38] <jdstrand> Daviey: that said, there is a real benefit if someone turns off apparmor
[14:39] <smoser> http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/maverick/libvirt/maverick/annotate/head%3A/debian/patches/9008-run-as-root-by-default.patch for those without a libvirt checkout
[14:39] <Daviey> hmm.. I'm really reluctant to change more than we need to at this stage
[14:39] <Daviey> .. but it's still common for people to disable apparmor :(
[14:39] <jdstrand> Daviey: common? do you have statistics?
[14:40] <jdstrand> Daviey: there should be no reason to turn it off. if there are problems, people need to report the bugs
[14:41] <Daviey> jdstrand, No, the only basis i have is the amount of legacy how-to's where it was the common first step.
[14:41] <jdstrand> Daviey: yes on howtoforge
[14:41] <Daviey> which i think is much less common now
[14:41] <Daviey> jdstrand, sadly, yes
[14:41] <smoser> Daviey, people dont' disable app armour on their eucalyptus-nc systems (i hope)
[14:41] <jdstrand> Daviey: that is a kneejerk reaction from some dolt used to selinux who didn't think at all about security or the system
[14:42] <smoser> in all howto's i write, i start off with "disable all security features as they just get in the way, then, 'sudo su -'"
[14:42] <Daviey> smoser, agreed - but this is a generic libvirt thing - not limited to euca
[14:42] <jdstrand> Daviey: I went through a bunch of those howtos saying it is not required to turn off. I encourage you to do the same when you come across them
[14:42] <jdstrand> smoser: hehe
[14:42] <Daviey> jdstrand, wilco
[14:43] <smoser> ok. so what are our options here ? realistically
[14:43] <smoser> we're going to end up fighting libvirt
[14:43] <smoser> but, for the record, it does appear to me that we are root-wrapping too much at the moment.
[14:43] <smoser> specifically, partition2disk and gen_kvm_libvirt_xml
[14:44] <jdstrand> I talked to upstream euca about all this too, and made sure that they knew that if there was a situation where they felt they needed to turn off apparmor, to talk to me personally first, and gave my email and irc
[14:44] <jdstrand> they never contacted me and assured me it worked well
[14:44] <jdstrand> that sounded weird
[14:44] <jdstrand> they assured me if worked well and didn't contact me later
[14:44] <jdstrand> s/if/it/
[14:44] <Daviey> smoser, chmod'ing the logs should close the console bug?
[14:45] <Daviey> hmm
[14:45] <jdstrand> if you are root wrapping because libvirt is chowning to root because of the current default, change the default
[14:45] <jdstrand> us running as a root is a delta from Debian anyway
[14:45] <Daviey> OK.. the logs shouldn't be world readable
[14:45] <smoser> they wouldn't be wordl readable
[14:46] <smoser> just group readable
[14:46] <smoser> and eucalyptus in the proper group
[14:46] <Daviey> hmm
[14:46] <smoser> that is what jdstrands is suggesting
[14:46] <Daviey> put euca' into libvirt-qemu?
[14:46] <jdstrand> I think that the devel cycle is a great time to try this out. granted it is latish for maverick, but I'll let you guys decide
[14:46] <jdstrand> smoser: yes
[14:47] <smoser> for this in particular, we could just change the group
[14:47] <smoser> to kvm
[14:47] <smoser> or, change group to libvirtd
[14:47] <smoser> as eucalyptus is a member
[14:47] <jdstrand> right, drop 9008, put euca in that group, see what happens
[14:47] <Daviey> hggdh, did you say you wanted to test this?
[14:47] <smoser> uh-oh.
[14:47] <hggdh> Daviey: yes. We need this resolved
[14:48] <Daviey> hggdh, Agreed - What do you want to do?
[14:48] <jdstrand> smoser: do not put in the libvirtd group
[14:48] <jdstrand> the libvirtd user should be considered privileged
[14:48] <smoser> i dont know what changed this, but : http://pastebin.com/1E0Dkm8y
[14:48] <smoser> on my node controller
[14:49] <Daviey> i thought they were eucalyptus:eucalyptus !
[14:49] <jdstrand> use the Debian group of 'kvm', and put euca in that group. based on the bug, the console.log is 660, so that should be fine
[14:49] <smoser> jdstrand, eucalyptus user is in libvirtd
[14:49] <hggdh> ??? and you are running 2.0~r1233?
[14:49] <smoser> but i dont think you're saying they shouldn't be
[14:49] <smoser> $ dpkg-query --show eucalyptus-nc
[14:49] <smoser> eucalyptus-nc   2.0~bzr1233-0ubuntu1
[14:50] <jdstrand> smoser: right, but if you look at 9008, libvirtd is not in qemu.conf
[14:50] <smoser> this system had been installed via some of dustin's debs
[14:50] <jdstrand> smoser: and it shouldn't be
[14:50] <smoser> then i apt-get dist-upgraded just now
[14:50] <jdstrand> smoser: I suggest using the Debian defaults:
[14:50] <jdstrand> user = libvirt-qemu
[14:50] <smoser> jdstrand, ok.
[14:50] <jdstrand> group = kvm
[14:50] <jdstrand> put euca also in 'kvm'
[14:51] <jdstrand> (possibly 'libvirt-qemu' if needed)
[14:51] <smoser> i think the install scripts must have chmodded those dirs for me
[14:51] <Daviey> Okay.. there is lots of ideas bouncing around here..
[14:51] <smoser> s/chmod/chown/
[14:51] <jdstrand> just do *not* adjust qemu.conf to have libvirtd as the user or group
[14:52] <jdstrand> Daviey: yes, but only one true idea ;P
[14:52] <Daviey> jdstrand, hah
[14:52] <jdstrand> (drop 9008 in libvirt, put euca in the 'kvm' group)
[14:52] <Daviey> ok
[14:52] <smoser> jdstrand, you're seriously suggesting this ?
[14:52] <jdstrand> I am. why not?
[14:53] <jdstrand> I'm not suggesting tossing it into maverick without testing
[14:53] <Daviey> smoser, your last pastebin indicated the logs were owned by euca already?
[14:53] <jdstrand> but if euca testing shows it to work, then sure
[14:53] <smoser> Daviey, which i think was a result of dpkg fixing them
[14:53] <hggdh> jdstrand: tossing it into Maverick means *I* am going to test them ;-)
[14:53] <smoser> i bet if i start a new instance they'll be busted on that instance.
[14:54] <jdstrand> hggdh: well, you could also point your sources.list to a ppa ;)
[14:54] <Daviey> smoser, please do try.. i'm rolling a new cloud at the moment
[14:54] <hggdh> jdstrand: of course
[14:54] <jdstrand> hggdh: I was just teasing
[14:54] <jdstrand> :)
[14:55] <smoser> http://pastebin.com/5X9fP79c
[14:55] <smoser> the top i-XXX is the new one
[14:55] <smoser> we must fix perms in a post install or something
[14:55] <hggdh> yes, now it looks like the real McCoy
[14:57] <jdstrand> smoser: to be clear and all kidding aside, I am suggesting the 9008/kvm group as a possible fix, and probably the right one. this might be natty material, that is for you decide. we didn't put it into lucid cause we thought it was risky, but part of the idea behind maverick is to try new things out and shake things out for the next LTS
[14:58] <jdstrand> I might also point out that libvirt will change permissions on disks on each start
[14:58] <smoser> jdstrand, right. it just seems a week before beta might be past shaking out time. but it is worth a test.
[14:58] <smoser> jdstrand, there is only 1 start
[14:58] <smoser> unless it does so on restart also (ie, reboot)
[14:58] <jdstrand> eg, they are root. so I chown them to something else. the next start libvirt chowns them back to root
[14:58] <smoser> right
[14:58] <smoser> thats what i would have figured.
[14:59] <Daviey> jdstrand, Yeah... Many of us wanted to try new things for Maverick.. but it's not really been the case so far :(
[14:59]  * Daviey looks for the car dealership.
[15:00] <jdstrand> smoser: it shouldn't on restart if it is a guest initiated restart. if the euca restart involves the equivalent of a virsh destroy/virsh start, then yes
[15:00] <jdstrand> well, if nothing else, put this at the top of your list for natty :)
[15:01] <Daviey> Yeah.. i can imagine seeing this issue in the natty release notes.. :)
[15:01] <Daviey> .. and people say server aint sexy :)
[15:01] <jdstrand> well, I'm not on the server team-- I could be extremely cavalier and opinionated and just do it :P
[15:01]  * jdstrand would not do that :)
[15:01] <smoser> well, we're looking at 1 of 2 things
[15:01] <smoser> a.) hack in some silly chown/chmod
[15:01] <smoser> b.) do it "right"
[15:01] <smoser> i think that both ways are going to cause fallout
[15:01] <Daviey> c) don't bother changing anything :)
[15:02] <Daviey> d) go to the movies instead.
[15:02] <smoser> but given those, b is nicer.
[15:02]  * jdstrand likes movies
[15:02] <smoser> c results in broken euca-get-console-output
[15:02] <smoser> so lets avoid that one.
[15:02] <Daviey> good thinking
[15:02] <smoser> but zul has a movie he's excited about. some high-brow humor film in 3d
[15:03] <smoser> ok. so /me tries swapping euca.conf
[15:03] <smoser> err... libvirt.conf
[15:03] <zul> smoser: where did that come from?
[15:03] <smoser> we talked about movies
[15:03] <smoser> and i know you're giddy about one
[15:03] <jdstrand> smoser: I think you mean /etc/libvirt/qemu.conf, but yes :)
[15:04] <zul> smoser: oh...then yes im excited :)
[15:04] <jdstrand> for people who want to test it, you don't need a new libvirt package. that 9008 patch simply adjust /etc/libvirt/qemu.conf
[15:05] <hggdh> yes, I noticecd it. I am going to hand-adjust them, and restart a test
[15:05] <jdstrand> you can do that on your own, do a full 'stop libvirt-bin && start libvirt-bin' and test
[15:06] <jdstrand> smoser, Daviey, hggdh: also the 'This new default in Debian is not as well-tested' is not really accurate anymore
[15:06] <jdstrand> (that patch came from lucid as part of the merge)
[15:06] <jdstrand> it has been in Debian for roughly 6 months (though not a release version of Debian)
[15:06] <smoser> jdstrand, i'm guessing i also have to stop eucalyptus-nc
[15:06] <smoser> to get it into the kvm group
[15:06] <hggdh> ack
[15:06] <jdstrand> smoser: oh yes
[15:08] <hggdh> changes made: (1) edit /etc/libvirt/qemu.conf, revert 9008; edit /etc/group, add eucalyptus to the kvm group
[15:10] <smoser> well, that immediately fixes the problem
[15:10] <hggdh> now to have a few hundreds of instances run...
[15:12] <smoser> so, its "fixed", but we still get a hodge-podge of permissions:
[15:12] <smoser> http://pastebin.com/vdCVLkYL
[15:12] <smoser> most interesting to me is that console.log and disk have different group read/write
[15:13] <smoser> and loader, even different!
[15:13] <smoser> (loader is written by a rootwrap'd program, and not known by eucalyptus, so its differences are not so surprising)
[15:14] <Daviey> oh
[15:15] <smoser> jdstrand, i personally would really appreciate a comment by you in bug 619843 explaining/pointing at the libvirt change that we're seeing the result of
[15:15] <smoser> or, if you dont want to, i can do it, its just going to be less correct :)
[15:15] <Daviey> jdstrand, That would be grand :)
[15:15] <jdstrand> k
[15:15] <jdstrand> let me kick of a qrt run with 9008 reverted first
[15:15] <jdstrand> s/of/off/
[15:16] <smoser> so, i'm convinced at the moment of "quickly flip this and see if anything falls out in the next 2 days"
[15:16] <jdstrand> it is certainly easy to revert...
[15:16] <hggdh> well, yes, we are changing the system default, and it will affect all other users of libvirt/qemu
[15:17] <smoser> i dont care about anyone other than myself
[15:17] <smoser> :)
[15:17] <jdstrand> hggdh: I am going to change that part. but again, people expect things to change. if they change enough, we release note it
[15:17] <jdstrand> err
[15:17] <jdstrand> I am going to *test* that part :)
[15:17] <hggdh> :-)
[15:18] <hallyn> jdstrand: well that makes me feel like a heel - I didn't think it was libvirt
[15:18] <smoser> jdstrand, well, this particular change for eucalyptus is at least a 2 package change (we have to add eucalyptus to the kvm group). so its not absolutely trivial
[15:18] <jdstrand> smoser: ack
[15:18] <smoser> i suppose that, given that we're thinking about one package, and it required a change to adjust, its reasonable to expect that other packages would need to adjust
[15:19] <smoser> even that it would be surprising if this did not break something else.
[15:19] <jdstrand> hallyn: well, I am still not totally sure about the console.log part. I just know what happened with disks, but it all fits
[15:20] <bogeyd6> if I move an lvm to another machine, how would i go about using this lvm intact? and if not intact, then how would i create a new one onit
[15:20] <zul> jdstrand: did that patch make it in?
[15:21] <bogeyd6> heh nevermind, the new system auto-picked it up
[15:21] <jdstrand> zul: I think I missed something. what patch?
[15:21] <zul> jdstrand: the libvirt patch you guys are talking about
[15:22] <jdstrand> zul: we are all just testing locally
[15:22] <zul> jdstrand: ah ok...carry on :)
[15:22] <hallyn> jdstrand: oh i hadn't heard/noticed anything about the disks.  was only looking at console part
[15:22] <smoser> jdstrand, it fits, and the change affects console.log
[15:22] <jdstrand> zul: also, this is almost certainly not SRU material :)
[15:22] <zul> jdstrand: no worries
[15:23] <smoser> (as in i tested, and console.log's ownership changed, so i think it is definitely it)
[15:23] <jdstrand> smoser: makes sense, cause iirc it is qemu/kvm needs to be able to write to that
[15:23] <smoser> yes
[15:23] <smoser> yeah, it does write it
[15:23] <jdstrand> so yeah, neat
[15:26] <smoser> hggdh, Daviey is this new ?
[15:26] <smoser> http://pastebin.com/TVe5BRsA
[15:26] <smoser> the first instance there has no public ip address
[15:27] <smoser> i just launche dit with euca-run-instances right before the other one
[15:30] <hggdh> smoser: seems like a regression
[15:34] <Daviey> hmm
[15:34] <Daviey> smoser, can you reliably reproduce it?
[15:35] <smoser> um.. this is the first i've seen it
[15:44] <jdstrand> smoser, hggdh, Daviey: the qrt run was successful with the exception of 'save' and 'restore'. I am looking at that-- it is likely a problem with the test suite not accounting for directory perms
[15:44] <smoser> jdstrand, yeah, which is fallout i somewhat expect from other things
[15:45] <hggdh> jdstrand: this is good
[15:46] <jdstrand> smoser: I also commented in the bug
[15:46] <Daviey> awesome jdstrand
[15:46] <Daviey> appreciate your time on this!
[15:46] <jdstrand> sure
[15:47] <jdstrand> smoser: regarding save/restore: oh yes, it is definitely the test script.
[15:47] <jdstrand> "tmpdir=`mktemp -d`      # Needs to be in a root owned directory"
[15:47] <jdstrand> smoser: I added that ^ because of libvirt's ever changing behavior
[15:48] <smoser> right. i'm just saying that other things are somewhat likely to have done this also
[15:48] <jdstrand> we can't expect a non-root user to be able to write to a root owned directory now can we?
[15:48] <smoser> eucalytpus is an example.
[15:48] <jdstrand> oh yes. please test test test :)
[15:48] <smoser> so we now have 2 things that interface with libvirt (euca and your script)
[15:48] <hallyn> @complexity--
[15:48] <smoser> and 2 things have had fallout
[15:48] <smoser> :)
[16:03] <hggdh> oooohhhh we got back the console printout....
[16:03] <hggdh> on the other hand, about half of the instance starts are failing...
[16:04] <Pigimon> hey they told me to come here if i wanted some help
[16:04] <Pigimon> is that true ?: P
[16:05] <smoser> hggdh, Daviey bug 623426
[16:06] <Daviey> smoser, you are only seeing that in third party images?
[16:08] <smoser> third party
[16:08] <smoser> pfft
[16:08] <smoser> i saw it on those images. the image should have *nothing* to do with this.
[16:08] <smoser> the loader path, i only broght up, because there coudl be a race in eucalyptus that is more exposed with my loader path taken.
[16:09] <smoser> as the gen_libvirt_kvm_xml is much slower when it creates a loader floppy
[16:09] <smoser> so if there was a race condition in eucalyptus there, it would be more open with a slower running exec
[16:10] <smoser> and 'third' party above is this guy that goes by 'smoser'
[16:11] <smoser> Daviey, ^
[16:12] <smoser> the other thing to note is that those images are 20M, and will as a result generally deploy faster than our 1.4G images.
[16:15] <Daviey> smoser, OK.. if the issue is related to small images - euca upstream test against ttylinux AIUI.. So i would have expected them to see it
[16:15] <alex88> what means packages like *-dgb? what are degub symbols for?
[16:15] <Daviey> (i don't generally test against ttylinux, and i don't think hggdh does)
[16:16] <Daviey> smoser, If it's a race that has been uncovered by the load path changes, i'm not sure we can expect upstream assistance
[16:16] <smoser> alex88, they're for the corresonding package.
[16:16] <smoser> then, you can use gdb and debug and get source listings
[16:16] <smoser> and also good back traces
[16:16] <alex88> ok, thank you :)
[16:17] <smoser> i realistically can't believe that there woudl be such a race
[16:17] <smoser> but i just wanted to be up front
[16:18] <smoser> i'm somewhat concerned that you, Daviey, would bring up the "not my problem" argument first, though.  I was afraid of bringing up an easy red-herring, but wanted to be fair.
[16:18] <smoser> hggdh, at some point (probably sooner than later) we will want/need to modify the tests to run through the loader code
[16:19] <smoser> its really as simple as passing '--use-loader' to uec-publish-tarball when you register the image.
[16:21] <Daviey> smoser, Erm.. i didn't do that.
[16:21] <SpamapS> smoser: did you see my suggestion to try a regex?
[16:21] <smoser> SpamapS, yes. but i dont think it would have worked.
[16:21] <smoser> or, nat leat, not easily.
[16:22] <smoser> i need 3 4 byte tokens in a row.
[16:22] <Daviey> smoser, I was pointing out that IF it is a race condition uncovered by that, then i'm not sure we can expect upstream support.
[16:22] <SpamapS> smoser: /\x01\x02\x03/ no?
[16:22] <smoser> where a + b + c = 0 in unsigned int.
[16:22] <Daviey> smoser, I wasn't saying that it's "not my problem"
[16:22] <smoser> or, without unsigned int math, a + b + c = 2^32
[16:22] <SpamapS> smoser: as long as you can break them into 1 byte chunks, \x00 works
[16:24] <smoser> SpamapS, right, so, yeah, i guess i could find the first occurance, and the second occurance, and then search back through for  the 3rd. but, i somewhat think you're making a "its perl, use regex!" arguement :)
[16:24] <smoser> the solution was fairly easy once i figured out how to use unpack.
[16:24] <SpamapS> smoser: I'm more thinking its the fastest way to search a string.
[16:25] <SpamapS> smoser: I suppose int compares in a perl foreach are probably just as fast.
[16:25] <smoser> yeah, i cna't really imagine its much faster. the regex woudl have to do evrything that the unpack would have to do.
[16:25] <SpamapS> smoser: why would you have to go back? if they're 3 4 byte tokens in a row, wouldn't you just do  $token1$token2$token3 ?
[16:26] <SpamapS> smoser: plus we're talking about 8192 bytes.. so.. totally moot point. :)
[16:26] <smoser> http://bazaar.launchpad.net/~ubuntu-virt/ubuntu/maverick/eucalyptus/2.0/annotate/head%3A/tools/gen_kvm_libvirt_xml is what were talking about, by the way
[16:26] <smoser> boy, that is some seriously ugly choice of color for perl
[16:27] <smoser> 'is_multiboot_img' is the new code that i wrote.
[16:34] <SpamapS> I think its that color because its in diff format?
[16:36] <smoser> thats not diff
[16:37] <smoser> i think its that color to convince people not to write perl
[16:51] <SpamapS> smoser: antiperlred .. can I buy that at Home Depot ?
[18:08] <alex88> how can i permit all users to use chroot?
[18:08] <alex88> also non sudo
[18:23] <Daviey> smoser: Do you have any thoughts on bug 457281
[18:23] <Daviey> ?
[18:27] <smoser> Daviey, i believe that daniel's comment in comment 6 is still valid.
[18:27] <smoser> without using loop back or kpartx or something, you can't get a ext3 filesystem on a partition in a disk image.
[18:28] <Daviey> smoser: Yeah.. i do wonder if anyone is actively looking into it. :)
[18:28] <smoser> no.
[18:28] <smoser> i looked once
[18:28] <smoser> seriously, its hard to believe, but this is non-trivial
[18:29] <Daviey> oh no.. i don't doubt it
[18:29] <smoser> losetup, from nurmi's experience is not really multi-process safe.
[18:29] <smoser> so, then you're into modifying parted, which is also surprisingly less than trivial
[18:30] <smoser> i opened up ext2 tools once, hoping to just jack in an offset parameter so it could open up a file and seek (basically doing what losetup --offset would do) but that was not terribly trivial.
[18:31] <Daviey> :(
[18:31] <smoser> we should probably figure out exactly what is wrong with losetup and fix that.  even then, though, that would mean that partition2disk would have to be run as root.
[18:31] <smoser> right now it doesn't have to be (but is)
[18:33] <smoser> Daviey, is it ok if i push a change to virt-2.0 branch righ tnow ?
[18:34] <webpragmatist> any mod_proxy_balancer users around?
[18:35] <smoser> Daviey, well, i did it.
[18:36] <tacomaster> i have some server just collecting dust that had windows server on them before and i want to switch them to ubuntu but wanted to see if they could do what i needed before i put them back to use
[18:37] <Daviey> smoser: oh ok :)
[18:38] <tacomaster> i was wondering if you could make ubuntu server have like an update server for all the computers in the network and second question is if you can have more than one role on the server with only one network card and no virtualization
[18:40] <thesheff17> tacomaster: yes apt-mirror will do that and then you have to point ubuntu servers to that IP/DNS.  Yes you can jam as much as you can on a linux machine addressing RAM/CPU/hard drive space.
[18:41] <tacomaster> thesheff17: so i just need to run sudo apt-mirror?
[18:44] <thesheff17> tacomaster: http://www.howtoforge.com/local_debian_ubuntu_mirror
[18:44] <thesheff17> tacomaster: you use apache server the files and create a good /etc/apt/mirror.list file
[18:44] <kim0> Daviey: hi there man .. I won't be able to attend today's meeting and the next 2 times (I have an appointement I can't delay)
[18:45] <kim0> Daviey: if you don't mind .. I've emailed you my updates to mention them for me
[18:45] <Daviey> kim0: Sorry to hear that.. feel free to add your apologies to the agenda.. makes it easier to track :)
[18:45] <kim0> Is that ok
[18:45] <Daviey> Daviey: i don't mind at all :)
[18:45] <Daviey> thanks.
[18:45] <kim0> great thanks
[18:45] <Daviey> err kim0
[18:46] <thesheff17> tacomaster: http://ubuntu.pastebin.com/fWrXNsUM here is my /etc/apt/mirror.list
[18:49] <jdstrand> smoser, hggdh, Daviey, hallyn: ok, I did a bunch of tests with various combinations of non-root, root, apparmor on and apparmor off and am comfortable with dropping 9008 for maverick libvirt. I'll leave the decision up to you guys on whether or not to actually do it
[18:50] <jdstrand> smoser, hggdh, Daviey, hallyn: oh, and I updated the bug with that info
[18:50] <smoser> thanks jdstrand
[18:50] <Daviey> jdstrand: Awesome!  I'm happy to try it.. we can alwaus reintroduce it :)
[18:50]  * Daviey prepares an upload
[18:52] <jdstrand> smoser, Daviey: please bear in mind I did no euca testing. this is pure libvirt stuff (and quick test with virt-manager)
[18:52] <Daviey> jdstrand: noted, thanks
[18:52] <smoser> jdstrand, did you add eucalyptus to kvm group ?
[18:53] <smoser> in your pending upload ?
[18:53] <smoser> i think we should try this
[18:53] <jdstrand> smoser: no-- I did nothing with euca
[18:53] <smoser> oops
[18:53] <smoser> i meant that at Daviey
[18:53] <jdstrand> ok
[18:53] <jdstrand> I was just covering all the libvirt bases
[18:53] <smoser> jdstrand, you are pending an upload for libvirt with the group modified ?
[18:53] <jdstrand> not any euca
[18:53] <Daviey> smoser: I think my upload for euca is gonna be tommorrow now :(
[18:53] <Daviey> but yes, will be
[18:53] <jdstrand> smoser: no I am not. I can if you want
[18:54] <smoser> Daviey, you think we should give it a try ?
[18:54] <smoser> it passed immediate smoke test
[18:54] <Daviey> smoser: i can't see the harm
[18:54] <jdstrand> smoser: but simply commenting 9008 out of debian/series should be all you need to do
[18:54] <smoser> right. jdstrand so i think from Daviey and my perspective we say "lets do that".
[18:54] <Daviey> jdstrand: do you want to upload that change, or should it?
[18:54] <jdstrand> smoser: so you are ready for me to do this "right this second"?
[18:55] <smoser> we can certainly use the bug we have open for the justification. i can open a task against libvirt if you want.
[18:55] <Flam`> I setup a postfix/dovecot mailserver on my ubuntu 8.04 system.  Looking at the logs, there are countless spam attempts from all sorts of IPs.  Luckily, they get rejected with messages like " NOQUEUE: reject: RCPT from 114-36-168-1.dynamic.hinet.net[114.36.168.1]: 554 5.7.1 <superedm001@yahoo.com.tw>: Relay access denied;"  But I feel like it's not really secure.  Is there anything I can
[18:55] <Flam`> do?
[18:55] <jdstrand> Daviey: I'm here and ready to do it if yu guys tell me to
[18:55] <smoser> well, i personally would like to see it happen by end of tomorrow at latest, so we can maybe sniff it some on thursday and friday and maybe back out
[18:55] <smoser> before beta
[18:55] <Jeeves_> Flam`: Is the machine supposed to accept email from all over the world?
[18:56] <Flam`> yes
[18:56] <jdstrand> smoser: any one can do it, I don't care. I have my hands on it now. if you want me to pull the trigger now, I will, otherwise someone else can do it
[18:56] <smoser> well, my vote is yes, do it.
[18:56] <jdstrand> mine is yes too (for the non-euca stuff)
[18:56] <Daviey> jdstrand: DO IT :)
[18:57] <jdstrand> k
[18:57] <Daviey> jdstrand: use the bug # in changelog please :)
[18:57] <jdstrand> Daviey: yes, and adding a libvirt task
[18:57] <Daviey> rockin'
[18:57] <Jeeves_> Flam`: Than there's not much you can do. Except using RBL's and/or fail2ban
[18:57] <Daviey> i think jdstrand has earned a beer :)
[18:58] <Jeeves_> Hilight!
[18:58] <Flam`> alright thanks Jeeves
[18:59] <Jeeves_> Flam`: cbl.abuseat.org is quite good
[18:59] <Flam`> What does this mean in the logs: 3565DDDC12E: uid=0 from=<root>
[18:59] <Flam`> will check it out
[19:02] <jdstrand> hehe
[19:31] <Cuddle-Ing> hello i've got a small issue i hope, i've just compiled the xen-4.0.1-rc6-pre.gz and vmlinuz-2.6.31.14 ob ubuntu 10.04.1, It looks like that XEN will be loaded, but after that i get the following error message "mount: mounting none on /dev failed: No such device".I've got no idea where the problem is.
[19:33] <Cuddle-Ing> anyone there who could help
[19:36] <dom96> does anyone know how 'Error initializing core [fail]' can be solved? i get that message when trying to start oidentd.
[19:39] <SpamapS> sbeattie: on maverick, I don't know if I ran it with the right options
[19:40] <SpamapS> sbeattie: its not clear from the docs how to actually run it safely
[19:44] <sbeattie> SpamapS: the ServerMYSQLTestsuite class in http://bazaar.launchpad.net/~ubuntu-bugcontrol/qa-regression-testing/master/annotate/head%3A/scripts/test-mysql.py (starting at line 411) is how I got the testsuite to run on maverick.
[19:45] <sbeattie> SpamapS: I *believe* it adds its own tables, etc. but I ran it in a throwaway VM to be safe anyway.
[19:46] <SpamapS> sbeattie: mysql-test-run.pl starts its own mysqld ..
[19:46] <sbeattie> SpamapS: ah, right.
[19:46] <sbeattie> (it's been a couple of weeks since I looked)
[19:48] <SpamapS> sbeattie: that code will need to be updated, bug #375371 will add apparmor restrictions that only allow mysqld to run as mysql and write to /var/tmp/mysql ...
[19:52] <sbeattie> SpamapS: okay, actually, switching to use the mysql user simplifies things mildly, and the vardir thing can easily be adjusted.
[19:53] <SpamapS> sbeattie: right, that should eliminate the need for --force
[19:53] <RoAkSoAx> smoser: http://bazaar.launchpad.net/~testdrive/testdrive/trunk/revision/295
[19:53] <sbeattie> well, the --force is there to report all failures, not just the first, I thought.
[19:54] <jaminc> anyone here notice that the server and desktop installs generate different group IDs for the same groups and a conflicting user ID?
[19:55]  * sbeattie actually fires up  ./mysql-test-run.pl --help to verify.
[19:55] <jaminc> which package should a bug like this be filed against?
[19:56] <smoser> RoAkSoAx, can you paste me a command line to run  to test ?
[19:56] <sbeattie> SpamapS: the test-bt: target mysql's built tree Makefile{,.in} is the best source of documentation (such as it is) on how to actually drive the testsuite.
[19:56] <sbeattie> s/target/target in/
[19:58] <smoser> other comments i have , are that you should make the kvm command line closer to the "other"
[19:58] <smoser> cmd = "kvm -boot a -fda %s -drive file=%s,if=virtio" % (self.FLOPPY_FILE, self.td.DISK_FILE)
[19:58] <smoser> shoudl be more like
[20:00] <RoAkSoAx> smoser: testdrive -p uec-daily --flavor uec-server should do the ttrick
[20:00] <smoser> should be more like:
[20:00] <smoser> cmd = "kvm -m %s -smp %s -boot a -drive file=%s,if=virtio,cache=writeback,index=0,boot=on %s" % (self.td.MEM, self.td.SMP, self.FLOPPY_FILE, self.td.DISK_FILE, self.td.KVM_ARGS)
[20:00] <smoser> RoAkSoAx, is there a way that i can tell it "do that, but use a mirror from X"
[20:00] <smoser> (rather than uec-images)
[20:02] <RoAkSoAx> smoser: not really. What other mirror would you like to use?
[20:02] <smoser> my local
[20:04] <RoAkSoAx> smoser: uhmmm we currently no longer provide an option to specify a mirror given that everything now work sthanks to the manifest
[20:06] <RoAkSoAx> smoser: however, what we could do is add support to 'testdrive -u' to handle .tar.gz from otherrepos. Since currently we can actually use other repos but for single .iso or .img
[20:06] <smoser> i think thats what kirkland was originally expecting
[20:07] <webpragmatist> which linux ftp do you guys use
[20:08] <webpragmatist> server*
[20:08] <smoser> personally, lftp rocks.
[20:08] <smoser> RoAkSoAx, one thing i notice, you seem to be extracting explicit names from the tarball
[20:09] <smoser> if you're basing that on the name of the tarball, it wont work for released versions
[20:09] <webpragmatist> smoser: not client?
[20:09] <webpragmatist> server
[20:09] <smoser> oh. never mind hten. :)
[20:09] <smoser> the name in the tarball for a released version != the name of the tarball
[20:09] <webpragmatist> vsftp or proftp?
[20:10] <SpamapS> I'm a proftpd man myself. :)
[20:10] <SpamapS> its the apache of ftpd's .. meaning its slow but it does *everything*
[20:10] <RoAkSoAx> smoser: ok. I'll work with thant once a release with kvm support is out
[20:11] <smoser> the solution i gave in the bug is the right way to do it. there isn't a data file or anything explicitly telling youthe contents. you just need to extract it all and then look for -floppy and .img
[20:11] <smoser> i test here, i get: ERROR: Unable to launch Virtual Machine
[20:11] <smoser> from current tip of that branch, using: PYTHONPATH=$PWD ./bin/testdrive -p uec-daily --flavor uec-server
[20:11] <smoser> am i doing something wrong ?
[20:12] <webpragmatist> SpamapS: probably the most used?
[20:13] <SpamapS> webpragmatist: vsftpd is pretty popular too
[20:13] <RoAkSoAx> smoser: try replacing testdrive/testdrive.py and testdrive/virt/kvm.py with the ones in /usr/lib/python2.6/dist-packages/testdrive
[20:13] <hggdh> why would  iscsi-udeb be kicked in by partman on an install?
[20:14] <SpamapS> webpragmatist: vsftpd has the added benefit of being audited for security holes
[20:14] <webpragmatist> SpamapS: do they both use PAM?
[20:15] <smoser> RoAkSoAx, now i dont get a prompt for uec-daily . it just gives me a prompt for iso
[20:15] <SpamapS> webpragmatist: that is a monumentally bad idea IMO. ;)
[20:16] <webpragmatist> SpamapS: currently i am just using sftp
[20:16] <SpamapS> webpragmatist: ftp as a non anonymous service is really just a big bucket of fail. :)
[20:17] <RoAkSoAx> smoser: coudl you copy/paste whole output please?
[20:17] <webpragmatist> SpamapS: i'd like to continue using sshd but what happened is that I now have to connect to a vpn to access ssh.....
[20:18] <webpragmatist> so i need still a simple method for uploads for people who don't have that vpn access
[20:19] <smoser> RoAkSoAx, http://paste.ubuntu.com/483045/ and http://paste.ubuntu.com/483044/ from bzr and modified bzr respecitevely
[20:20] <smoser> modified bzr is tip but cp /usr/lib/python2.6/dist-packages/testdrive/testdrive.py testdrive/testdrive.py && cp /usr/lib/python2.6/dist-packages/testdrive/virt/kvm.py testdrive/virt/kvm.py
[20:21] <jdstrand> hallyn: http://launchpadlibrarian.net/54313707/buildlog_ubuntu-maverick-amd64.libvirt_0.8.3-1ubuntu7_FAILEDTOBUILD.txt.gz
[20:21] <RoAkSoAx> smoser: was the other way around :):/
[20:21] <jdstrand> hallyn: the problem seems to be:
[20:21] <jdstrand> The following packages have unmet dependencies: qemu-kvm : Depends: qemu-common (>= 0.12.5+noroms-0ubuntu3) but it is not going to be installed
[20:22] <jdstrand> actually I'll pull in kirkland too ^
[20:22] <jaminc> which (meta-)package should I file a bug report against for differing/conflicting user/group accounts between default server and desktop installs?
[20:22] <smoser> RoAkSoAx, why would I do that ?
[20:22] <smoser> i set pythonpath
[20:23] <smoser> it is reading from ./testdrive
[20:23] <RoAkSoAx> smoser: i mean: cp testdrive/testdrive.py /usr/lib/python2.6/dist-packages/testdrive and cp testdrive/virt/kvm.py /usr/lib/python2.6/dist-packages/testdrive/virt
[20:23] <kirkland> jdstrand: howdy
[20:23] <kirkland> jdstrand: sup?
[20:23] <smoser> RoAkSoAx, right, but i set PYTHONPATH so i should not have to do that.
[20:23] <RoAkSoAx> smoser: let me try
[20:23] <jdstrand> kirkland: hey. see backscroll from a minute ago. I was wondering if you knew what was going on there
[20:24] <jdstrand> kirkland: libvirt wouldn't build cause qemu-common wouldn't be installed
[20:24] <Cuddle-Ing> hello i've got a small issue i hope, i've just compiled the xen-4.0.1-rc6-pre.gz and vmlinuz-2.6.31.14 ob ubuntu 10.04.1, It looks like that XEN will be loaded, but after that i get the following error message "mount: mounting none on /dev failed: No such device" and "mount: mounting /dev/mapper/ubuntu--xen-root on /root failed: no such device" and some more message like them. I've got no idea where the problem is.  I c
[20:24] <kirkland> jdstrand: hmm
[20:24] <kirkland> jdstrand: https://edge.launchpad.net/ubuntu/+source/qemu-kvm/0.12.5+noroms-0ubuntu3/+build/1932531
[20:25] <kirkland> jdstrand: buildd's appear to be behind
[20:25] <kirkland> jdstrand: qemu-kvm i386 hasn't built yet
[20:25] <jdstrand> kirkland: oh, qemu-common is arch all, right?
[20:25] <smoser> well thats wierd. it worked this time
[20:25] <jdstrand> kirkland: yes, that's it. sorry for the interruption
[20:26]  * jdstrand tries to be patient
[20:26] <kirkland> jdstrand: :-)  np
[20:26] <hallyn> so where does the 'is not goin to be installed' come from - does it really mean "I can't", or does it really mean "pshaw, i don't feel like it"?
[20:26] <kirkland> jdstrand: i had a small heartattack there, wondering if i effed something up :-)
[20:26] <jdstrand> kirkland: sorry. mdeslaur gave me the same heartattack with libvirt :)
[20:27] <kirkland> jdstrand: hehe
[20:27] <Cuddle-Ing> anyone there who has some experiences with Xen 4.0 and ubuntu 10.04
[20:27] <RoAkSoAx> smoser: it works for me
[20:28] <smoser> yeah, and worked this time here. dont know what went wrong.
[20:29] <hggdh> are there any known issues with the server daily image? On install no disks are recognised here
[20:30] <RoAkSoAx> smoser: ok cool then. I'll add the support for 'testdrive -u <proto>://path/img.tar.gz' then, so you can test agains other mirrors
[20:30] <smoser> yeah.
[20:30] <Cuddle-Ing> looks like there is no one there who has tried xen 4.0 with the ubuntu server release
[20:30] <smoser> and fix that kvm command line up like i suggested up above
[20:31] <hallyn> Cuddle-Ing: jjohansen might have
[20:31] <hallyn> i've certainly not
[20:31] <jjohansen> Cuddle-Ing: I haven't gotten to that either yet
[20:31] <lhavelund> jono: I disagree with your blog post. :[
[20:32] <Cuddle-Ing> damned
[20:34] <lhavelund> jono: ping
[20:34] <webpragmatist> SpamapS: well that was pretty much dead easy... installed proftp, removed the comment for root the dudes
[20:35] <jono> lhavelund, hey
[20:35] <jono> sorry was afk
[20:35] <lhavelund> jono: perhaps we should... find a better forum for it, though.
[20:35] <lhavelund> :p
[20:35] <lhavelund> (Sorry for interrupting the flow here guys :))
[20:36] <lhavelund> jono: -offtopic?
[20:36] <lhavelund> jono: That is, if you have time :)
[20:39] <jono> lhavelund, why don't you leave a comment on my blog
[20:39] <lhavelund> jono: Sure; I'm not much of a bloggieman. I'm old school ;)
[20:39] <jono> :)
[20:39] <SpamapS> sbeattie: running with 5.1.49-1ubuntu7 I get a failure with this command line:
[20:39] <SpamapS> sudo -u mysql mkdir -p /tmp/test && sudo -u mysql /usr/lib/mysql-testsuite/mysql-test-run.pl --vardir=/tmp/test
[20:40] <SpamapS> sbeattie: http://paste.ubuntu.com/483054/
[20:40] <lhavelund> jono: But I'll write something anyway. :)
[20:40] <resno> im trying to setup postfix for my office to send emails. ive changed the mx to my ip address, but the message isnt being sent.
[20:40] <resno> im getting connection time out errors
[20:40] <resno> hey lhavelund
[20:40] <lhavelund> \o.
[20:43] <lhavelund> jono: done.
[20:46] <jono> thanks lhavelund!
[20:46] <lhavelund> jono: welcome :)
[20:47] <lhavelund> jono: a discussion is always welcome. :)
[20:52] <webpragmatist> SpamapS: can you use a ssl cert in combination with a bundle with proftpd
[20:53] <SpamapS> webpragmatist: I've used SSL+proftpd before, but I don't recall the details, and I don't understand what you mean by a "bundle" in that context.
[20:53] <webpragmatist> well if it's not self signed you have an intermediary bundle certificate or something
[20:54] <webpragmatist> like a root cert
[20:54] <webpragmatist> i guess it what it's called
[20:54] <webpragmatist> i think you can just put them in the same key though
[20:54] <Cuddle-Ing> i could nt believe that there is no one who tried xen 4.x with ubuntu 10.04
[20:57] <SpamapS> Cuddle-Ing: I think ubuntu-ites tend to prefer kvm. ;)
[20:59] <Cuddle-Ing> then i need to change the dist :(
[21:04] <sbeattie> SpamapS: I *think* what's happening is that there may be a prostprocessing regex that's converting the vardir you passed into MYSQLTEST_VARDIR so as to shield the testsuite from detecting differences based on different passed vardirs.
[21:04] <sbeattie> SpamapS: in your case, I *think* the vardir you passed is matching a path used in one of the tests.
[21:05] <sbeattie> SpamapS: a better way to invoke the testsuite is probably something like: sudo -u mysql sh -c '/usr/lib/mysql-testsuite/mysql-test-run.pl --vardir=$(mktemp -d /tmp/mysql-XXXXXXXXXX)'
[21:05]  * sbeattie is testing now, but that's akin to what I was doing before when the testsuite would work for me.
[21:07]  * sbeattie steps away for a few minutes.
[21:25] <SpamapS> sbeattie: except you can't use /tmp ;)
[21:25] <SpamapS> sbeattie: but ok, I'll go with a random vardir and try that
[21:38] <jono> nealmcb, ping?
[21:44] <MTecknology> thesheff17: So.. The only thing I use jailkit for now is to actually jail the users
[21:44] <sbeattie> SpamapS: I'm fully confident in your ability to get mktemp to create a directory in /var/tmp/mysql. :-)
[21:45] <sbeattie> (basically, what you really want is to not match the pattern \/tmp\/test
[21:50] <thesheff17> MTecknology: yea I have done a ton with chroot before and that made it very easy.
[21:52] <MTecknology> thesheff17: debootstrap + chroot + jk_jailuser - about all I use to make it work :)
[21:52] <MTecknology> I'm moving my bot into a jail
[21:55] <thesheff17> MTecknology: nice...I just got back my SAN but the software is only rpm based that runs powerpath :-/
[21:55] <thesheff17> *back
[21:55] <MTecknology> ouchy
[21:59] <thesheff17> does virt-manager doesn't support binding to br0?
[22:02] <thesheff17> I forwarded virt-manager through X and it lets me connect to br0 through localhost...what gives?.
[22:03] <SpamapS> sbeattie: actually, using /var/tmp/mysql instead of /tmp/test fixed it. :)
[22:05] <SpamapS> /usr/lib/mysql-testsuite/mysql-test-run.pl  --vardir=/var/tmp/mysql/test --tmpdir=/var/tmp/mysql/test/tmp2
[22:05] <SpamapS> seemed to do it (had to create a separate tmpdir because the test suite still wants to use /tmp by default)
[22:13] <SpamapS> zul: looks good, posted test results to bug #375371
[22:19] <sbeattie> SpamapS: will the mysql-server package create /var/tmp/mysql or does the test scripts need to create it?
[22:19] <sbeattie> s/(package)/\1 or initscript/
[22:20]  * sbeattie is fixing up the script in qa-r-t to match.
[22:24] <SpamapS> sbeattie: the upstart job has to create it
[22:24] <SpamapS> sbeattie: because /var/tmp's contents can never really be assumed
[22:26] <SpamapS> sbeattie: I'd say to be safe, you need to test for its existence too.. in case for some reason the machine running the tests has mysql disabled in /etc/init/mysql.conf
[22:27] <MTecknology> where are user crons held?
[22:34] <SpamapS> MTecknology: /var/spool/cron
[22:36] <MTecknology> SpamapS: thanks :)
[23:12] <hallyn> odd, ubuntu kernel gitweb seems to be hanging for me
[23:12] <RoAkSoAx> smoser: do you want  'testdrive -u ' work agains a local uec .img or .tar.gz or both?
[23:37] <hallyn> kirkland: wow, i've never before noticed that 'byobu' automatically re-attaches :)  I was always doing 'screen -r' after detaching