[00:20] <SpamapS> flaccid: definitely
[00:20] <flaccid> sweet
[00:20] <SpamapS> flaccid: but its not really any more secure than chroot in that regard
[00:21] <SpamapS> flaccid: the biggest thing is you have network isolation so you could, on the host, firewall them
[00:25] <flaccid> sounds good
[00:26] <hallyn-afk> you can combine lxc with lsm for better results, but a lot of work needs to be done
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
=== koolhead11|afk is now known as koolhead11
=== lool- is now known as lool
=== daker_ is now known as daker
[12:19] <koolhead11> kim0,
=== daker_ is now known as daker
[12:24] <kim0> koolhead11: hey o/
=== koolhead11 is now known as koolhead11|afk
=== chuck_ is now known as zul
[15:11] <crazed> welcome to the party
[15:31] <kim0> welcome .. huh what party ;)
[16:33] <raphink> hi there
[16:36] <raphink> aliguori, you have a question about preseeds?
[16:39] <aliguori> raphink, yeah, in #ubuntu-installer
[16:39] <raphink> haha
[16:39] <raphink> kirkland told me you were here
[16:39] <aliguori> raphink, http://pastebin.ubuntu.com/586927/
[16:39] <aliguori> i'm happy to discuss anywhere :-)
[16:40] <aliguori> i'm trying to automate a guest install, so it's relevant here too :-)
[16:42] <aliguori> raphink, i'm trying to build a preseed file dynamically using commands, such that i can avoid remastering an iso and avoid needing a specific network configuration
[16:44] <raphink> hmmm, I'm not that much of a preseed expert ;-)
[16:44] <raphink> kirkland didn't specify the technicity of the question :-)
[16:45] <kirkland> raphink: <kirkland> any preseed wizards around?
[16:45] <kirkland> aliguori: sorry
[16:45] <raphink> right kirkland, you did say wizard ;-)
[16:45] <aliguori> heh
[16:45] <raphink> sorry I couldn't help you aliguori
[16:45] <aliguori> np
[16:45] <raphink> it's always worth a try ;-)
[16:45] <kirkland> aliguori: cjwatson will be able to help;  he's tied up getting beta1 out the door
[16:45] <aliguori> i tried to look through the source last night to figure it out myself... i quickly stopped that :-)
[16:46] <aliguori> there's some serious vodoo in that stuff
[16:51] <hallyn> kim0: zul: all right, whatever else works or doesn't work for me, I want to take kim0's patch to add netbase to the target debootstrap list i the natty lxc template.  I'll be asking to push a lxc package with that plus my other template fixes (bumping up the relase version by 2)
[16:51] <hallyn> next monday, that is
[16:51] <hallyn> kim0: do you remember the bug id offhand?
[16:51] <zul> hallyn: cool
[17:03] <kim0> hallyn: bug 740167
[17:03] <uvirtbot> Launchpad bug 740167 in debootstrap "LXC natty guest failing to configure properly" [High,Incomplete] https://launchpad.net/bugs/740167
[17:04] <kim0> hallyn: so it wasn't a debootstrap thing ? I was convinced it was :)
[17:04] <hallyn> kim0: i think it is,
[17:04] <hallyn> but meanwhile while my containers build fine, i end up having to apt-get install netbase before i can do more packaging inside the container
[17:04] <hallyn> so let's just work around the silly thing
[17:05] <hallyn> kim0: can you mark bug 740167 as also affecting lxc?  :-)
[17:05] <uvirtbot> Launchpad bug 740167 in debootstrap "LXC natty guest failing to configure properly" [High,Incomplete] https://launchpad.net/bugs/740167
[17:05] <kim0> yeah sure ..  debootstrap
[17:05] <kim0> I mean, I hope debootstrap guys will still properly fix it later
[17:05]  * kim0 marks
[17:07] <kim0> hallyn: done
[17:07] <hallyn> kim0: awesome, thanks
[17:08] <kim0> hallyn: btw doing apt-get -f install .. inside the container gets netbase
[17:08] <kim0> so apt knows it's a needed dep .. no idea why it's not installed first time though
[17:08] <hallyn> kim0: yeah, actually -f install is what i did i guess
[17:09] <hallyn> it's weird, no doubt
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
=== daker is now known as daker_
[19:34] <obino> kim0: sorry it took me so long to answer the forum post you mentioned
[19:34] <obino> just got to it
[21:13] <hallyn> SpamapS: all right i'm now stylin' with lvm-based lxc cloneing
[21:13] <hallyn> though it actually makes first bringup of the container a bit slower
[21:13] <hallyn> guess i'll see how i like it
[21:53] <Mathuin> I am using an official Ubuntu AMI and would like to access the key-value pairs called 'tags' which can be set when requesting an instance.  I don't see anything in cloud-info or anything else that might help.  Suggestions?
[21:54] <Mathuin> To be clear, I want to access those tags from _within_ the instance.
[21:58] <semiosis> Mathuin: best way i've found to do that is to create an IAM user with just enough privs to call DescribeInstances, then install the API tools & that IAM user's key onto the instance
[21:58] <semiosis> Mathuin: if there's a better way i'd sure like to know about it as well
[21:58] <Mathuin> semiosis: oh man that sounds totally annoying.
[21:59] <Mathuin> I was thinking there might be a web service call I can make after getting my instance-id from ec2metadata or something.
[21:59] <semiosis> yeah DescribeInstance is the EC2 API call, but you need an access key/secret key to do that, rather than using your master key I suggest creating a dedicated one with IAM just for that purpose
[22:00] <semiosis> the EC2 CLI command ec2-describe-instances makes that call, and it will return instance tags as well
[22:01] <Mathuin> Yeah, I could do that from outside.  Might also be able to use DescribeTags but without a key, and generating them is annoying.
[22:01] <semiosis> gotta run, good luck with that, i'd be interested to hear what you figure out if you feel like sharing.
[22:01] <Mathuin> I'll post on the forums and mention it here if I can.
[22:25] <mathiaz> smoser: kirkland: do you know if update-motd is run on EC2 lucid images?
[22:25] <kirkland> mathiaz: 99% sure, yes
[22:25] <mathiaz> smoser: kirkland: when I'm logging into my instance /var/run/motd never exists
[22:26] <kirkland> mathiaz: is /etc/motd a symlink to /var/run/motd?
[22:26] <mathiaz> kirkland: yes
[22:27] <mathiaz> kirkland: and pam_motd seems to be enabled:
[22:27] <mathiaz> kirkland: http://paste.ubuntu.com/587072/
[22:28] <kirkland> mathiaz: curious....
[22:29] <kirkland> mathiaz: let me launch and instance...  what's your ami?
[22:29] <mathiaz> kirkland: ami-3202f25b
[22:30] <kirkland> mathiaz: launched...
[22:34] <kirkland> mathiaz: hmm, worked fine for me
[22:34] <mathiaz> kirkland: hm...
[22:34] <kirkland> mathiaz: here ...
[22:35] <mathiaz> kirkland: could it be related to the fact that I don't use the ubuntu account?
[22:35] <kirkland> mathiaz: i don't think so ...
[22:35] <kirkland> mathiaz: ssh ubuntu@ec2-50-17-64-179.compute-1.amazonaws.com
[22:36] <kirkland> mathiaz: i imported your pubkey there
[22:36] <kirkland> mathiaz: $ ll /etc/update-motd.d/99-kirkland
[22:36] <kirkland> -rwxr-xr-x 1 root root 38 2011-03-29 21:33 /etc/update-motd.d/99-kirkland*
[22:36] <mathiaz> kirkland: indeed
[22:37] <kirkland> mathiaz: you want to create one in there?
[22:37] <kirkland> mathiaz: maybe add another user, or something?
[22:38]  * mathiaz tries
[22:38] <mathiaz> kirkland: need to jet out
[22:39] <kirkland> mathiaz: okay
[22:39] <kirkland> mathiaz: i'll help you debug this
[22:39] <kirkland> mathiaz: but i can't reproduce it yet
[22:42] <kirkland> mathiaz: i just created a "kirkland" uesr
[22:42] <kirkland> mathiaz: and I get the motd there too
[22:43] <kirkland> mathiaz: i removed /var/run/motd, and it was recreated when i logged in as 'kirkland'