[00:02] prepend_delivered_to [00:03] prepend_delivered_header rather [00:24] SpamapS: ping [00:26] lifeless: pong, howdy [00:26] I've installed lxc [00:26] but it didn't bring in cgroup-bin [00:26] is that optional ? [00:26] or a missing dep ? [00:27] also, my /etc/lxc directory is empty [00:27] (I have no basic.conf) [00:27] SpamapS: ^ [00:29] hm [00:30] lifeless: /etc/lxc is in fact intentional [00:30] lifeless: but I think cgroup-bin seems like it should be in lxc's Depends or at least Recommends [00:31] as its not much use w/o cgroups [00:35] SpamapS: so, can I have your basic.conf ? [00:37] lxc.network.type=veth [00:37] lxc.network.link=virbr0 [00:37] lxc.network.flags=up [00:37] Thats it [00:38] I'm filing bugs on the missing dep [00:38] does it need libvirt-bin too ? [00:40] hallyn: if you're around.. lifeless is working with LXC and curious why it doesn't recommend/depend on cgroup-bin (I am also curious about that) [00:41] lifeless: I believe hallyn is EDT or CDT US, so he may be past EOD today [00:41] bug 800456 [00:41] Launchpad bug 800456 in lxc "no dependency on cgroup-bin" [Undecided,New] https://launchpad.net/bugs/800456 [00:41] new baby at home tho so there's no telling when he's sleeping or awake. :) [00:41] * SpamapS confirms that [00:42] lifeless: note that it may be related to bug 784093 [00:42] Launchpad bug 784093 in lxc "lxc broken by cgroup-bin" [High,Confirmed] https://launchpad.net/bugs/784093 [00:42] sure [00:42] I posted a workaround for that bug which I'm using now [00:44] https://dev.launchpad.net/Running/LXC#preview is what I'm building up === medberry is now known as med_out [00:47] Daviey can look at the by end of week [00:47] SpamapS: how do you tell lxc-create to use the local proxy ? [00:52] I cannot access my printer on ubuntu server 10.04 from other computers (windows) on network. How can I fix this? HP printer with CUPS [00:54] lifeless: it runs debootstrap, which respects the appropriate environment variables I think. If they're being stripped, add them to /etc/default/lxc [00:55] it was sudo [00:55] lifeless: I use MIRROR=http://127.0.0.1:9999/ubuntu in mine.. which is the path to my local approx cache [00:55] sudo http_proxy=... lxc-create... [01:01] SpamapS: lxc-start: open /sys/fs/cgroup/cpu/lucid-test-lp/devices.deny : No such file or directory [01:01] lxc-start: open /sys/fs/cgroup/cpu/lucid-test-lp/devices.deny : No such file or directory [01:01] SpamapS: I have that workaround in place already [01:02] ls /sys/fs/cgroup/cpu [01:02] cgroup.clone_children cgroup.event_control cgroup.procs cpu.rt_period_us cpu.rt_runtime_us cpu.shares notify_on_release release_agent tasks [01:04] lifeless: did you restart cgred ? [01:05] ah [01:05] SpamapS: robertc@lifeless-64:~$ sudo service cgred restart [01:05] cgred start/running, process 21711 [01:05] robertc@lifeless-64:~$ sudo lxc-start -n lucid-test-lp [01:05] lxc-start: open /sys/fs/cgroup/cpu/lucid-test-lp/devices.deny : No such file or directory [01:06] Argh! [01:06] there is a devices.deny under the devices tree [01:06] uhm, i think I managed to flub the copy-paste [01:07] double Argh! [01:07] * SpamapS knows how Charlie Brown feels when Lucy pulls back the football [01:07] ok, *now* have this: [01:07] mount { [01:07] cpu = /sys/fs//cgroup/cpu; [01:07] cpuacct = /sys/fs/cgroup/cpu; [01:07] devices = /sys/fs/cgroup/cpu; [01:07] memory = /sys/fs/cgroup/cpu; [01:07] } [01:07] robertc@lifeless-64:~$ sudo service cgred restart [01:07] cgred start/running, process 21766 [01:07] robertc@lifeless-64:~$ sudo lxc-start -n lucid-test-lp [01:07] lxc-start: open /sys/fs/cgroup/cpu/lucid-test-lp/devices.deny : No such file or directory [01:07] robertc@lifeless-64:~$ ls /sys/fs/cgroup/cpu [01:08] cgroup.clone_children cgroup.event_control cgroup.procs cpu.rt_period_us cpu.rt_runtime_us cpu.shares notify_on_release release_agent tasks [01:10] SpamapS: cgconfig restart appears to be the magic [01:10] AH right [01:11] this doesn't look brilliant; [01:11] Ubuntu 10.04 LTS lucid-test-lp /dev/console [01:11] lucid-test-lp login: init: ssh main process (45) terminated with status 255 [01:12] New bug: #800468 in squid (main) "package squid 2.7.STABLE9-2.1ubuntu6 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/800468 [01:14] SpamapS: also lxc-stop doesn't seem to stop t [01:14] *it* [01:14] lifeless: that is actually normal, its caused by sshd starting before the network, and I believe it gets started later when the ifup finishes [01:14] heh.. impossible to tell because there's no syslog [01:14] doh [01:16] lifeless: installing rsyslog seems to have made sshd not die. [01:17] SpamapS: interesting; as you say its cosmetic though [01:17] so I'll note that its weird and move on; I can file a bug somewhere if you like [01:17] lifeless: lxc-stop actually does stop the container [01:17] it just says it can't [01:18] sudo lxc-stop -n lucid-lp-test [01:18] robertc@lifeless-64:~$ echo $? [01:18] 0 [01:18] which is annoying [01:18] I dispute this 'says it cannot' thing :) [01:18] given I can ssh into the container after running that [01:21] Mine went away [01:21] lxc-stop: failed to stop 'lucid-test2': Operation not permitted [01:21] mine hasn't :) [01:21] After saying that [01:21] SpamapS: it doesn't work well with cgroup-bin right now, in fact [01:21] should I file a bug ? [01:21] needs some lubin [01:21] I'm able to halt it from inside too. [01:21] SpamapS: I can poweroff internally [01:21] just not -stop externally [01:22] lifeless: hallyn can probably answer your questions with an order of magnitude more authority than I can. :) [01:23] i'm guessing your problems are due to cgred [01:24] recommend just doing mount -t cgroup cgroup /sys/fs/cgroup and thart's that [01:24] we do need to fix cgroup-bin interaction [01:25] hallyn: but it would be cooler if it worked with cgroup-bin. :) [01:25] https://dev.launchpad.net/Running/LXC#preview is what I'm writing pu [01:25] SpamapS: patches welcome :) [01:26] SpamapS: might work on that at the sprint [01:26] hello [01:26] i have a question [01:26] i am recieving an error that looks like: [01:27] SIOCADDRT: Invalid argument [01:27] Failed to bring up eth1. [01:27] ...done. [01:27] after i try to restart networking using the sudo /etc/init.d/networking restart [01:27] ntoombs: thats not actually a valid way to "restart networking" [01:28] i have my network set up on static using the device eth1 [01:28] what is a valid way then? [01:28] i've done it before using dhcp [01:28] but static messed it up [01:28] For static it *should* work... [01:29] right but for some reason it's not [01:29] ntoombs: all that does is ifdown -a and ifup -a [01:29] i've been into my /etc/network/interfaces file and made sure everything is "correct" as far as i know [01:29] ntoombs: can you do 'ifdown eth1 ; ifup eth1' ? [01:29] i have before and i've gotten errors [01:29] i will post them [01:29] one sec [01:30] sudo ifdown eth1 [01:30] ifdown: interface eth1 not configured [01:30] sudo ifup eth1 [01:31] SIOCADDRT: No such process [01:31] Failed to bring up eth1 [01:31] first check that eth1 exists in 'ifconfig -a' [01:31] i've looked in about every ubuntu and linux server forum there is out there and i still havn't fixed it [01:32] those errors are usually hardware/driver level [01:32] i know it's there [01:32] i put it there [01:32] yes, but does it show up in ifconfig -a? [01:32] :( don't tell me that [01:32] configuring it and it showing up are different things [01:32] yes it does [01:32] ok [01:32] does setting it manually with ifconfig work? [01:33] sudo ifconfig eth1 1.2.3.4/24 up [01:33] i've tried that too but i'll try again [01:34] if it does work, it's likely an issue with the configuration or ifup [01:34] if it doesn't work, try this first [01:34] i use the internal ip right? [01:34] sudo ifconfig eth1 0.0.0.0 down [01:34] sudo ifconfig eth1 0.0.0.0 up [01:34] then configuring it with the IP you want [01:36] on doing the ifconfig eth1 1.2.3.4/24 up i got a right bracket pointing to my cursur [01:36] that's a syntax error [01:37] check that you didn't put in any \ or " or ' [01:37] press ctrl+c to escape [01:37] yea i did it wrong [01:37] lifeless: do you need cgroups-bin for some other reason, or was that just how you were getting cgroups mounted? [01:37] k this time no result [01:37] just a new line [01:38] that means successful [01:38] now 'ifconfig eth1' to verify [01:38] lifeless: assuming this is on natty or oneiric, can you try without cgroups-bin, and just with fstab mounting cgroups? [01:38] I suspect that'll allow lxc-stop to work [01:38] yea it's 11.04 natty narwhal [01:39] ifconfig eth1 gave me what it gave me before [01:39] hallyn: just following SpamapS instructions :) [01:39] if it shows the address you set, it worked and there's nothing wrong with your interface [01:39] and the problem is either with your /etc/network/interfaces or something in ifup [01:40] well when i had my interface setup up on dhcp [01:40] if it shows a different or no address, you probably have something else hooking it [01:40] like dhcpcd [01:40] i could ping anything all day long [01:40] it showed the ip address that i set to it staticaly [01:40] so the interface is fine [01:41] next most likely is an error in /etc/network/interfaces, pastebin it if you can [01:41] yea and the netmask is 255.255.255.0 [01:41] ok one sec [01:41] i'll block out the ip [01:41] don't [01:41] ok [01:41] showing your IP isn't a security risk, everyone in here is publicly showing theirs [01:42] by connecting to freenode at all, you are [01:42] plus, if it's behind a NAT, it's meaningless to anyone but you anyway [01:42] http://pastebin.com/VhyRDawJ [01:42] k [01:43] i'm a networking noob [01:43] thank you so much for helping me :) [01:43] looks fine [01:43] try this [01:43] i can access my router with that gateway in my browser [01:43] sudo ifconfig eth1 0.0.0.0 up; sudo ifup eth1 [01:44] same error i've been getting [01:44] SIOCADDRT: No such process [01:44] Failed to bring up eth1. [01:45] lifeless: ok, cool, then just don't use it :) [01:45] I just have [01:45] cgroup /sys/fs/cgroup cgroup defaults 0 0 [01:46] i don't understand hallyn [01:46] (in fstab) [01:46] ntoombs: sorry wasn't directed at you [01:46] oh sorry [01:46] i guess i'm missing the other side of the conversation [01:47] ntoombs: just having a very async conversation with lifeless :) [01:47] ntoombs, try changing in your /etc/network/interfaces file [01:47] so that 'address 1.2.3.4' is just like that, with only one space [01:47] on all the lines [01:47] ok [01:48] done [01:48] and try ifup again [01:49] same error [01:49] sudo ifconfig eth1 192.168.254.115 up; sudo ifup eth1 right? [01:49] just sudo ifup eth1 [01:50] yea same error [01:51] well [01:51] unless your interfaces file is somehow different [01:51] the networking restart thing worked with dhcp [01:51] it doesn't work with static [01:52] does that count as different? [01:52] paste/pastebin the result of 'sudo route -n' [01:52] that error message means that it can't add a route because it's outside the valid range [01:53] How do I share a cups printer? [01:53] http://pastebin.com/i4qcmrzu [01:53] the 192.168.254.115 was assigned by dhcp [01:53] i didn't change it [01:54] route doesn't seem to recongnise my default gateway [01:54] it isn't set [01:54] without -n it just shows an asterix [01:54] try this [01:55] http://pastebin.com/index/VhyRDawJ [01:55] change your /etc/network/interfaces to that, and reboot [01:56] assuming .15 is not already in use [01:56] you can use another one if it is, just choose one outside the DHCP range [01:56] which is probably 100-200 [01:57] nothing is different [01:57] and i'm working on a headless server from an ssh connection from my mac so if i reboot i'm afraid i won't be able to get back [01:57] i'll check the range [01:58] well, you can't very well change network settings without disconnecting [01:58] are you connected to a different interface? [01:58] it's from 1 - 253 :P [01:58] well, you should limit that [01:58] you can if you use networking restart [01:58] and then choose an address outside of it [01:59] using 'networking restart' would, in fact, disconnect you if the settings changed [01:59] if you did not get disconnected, it means the settings didn't change [01:59] yea it did last time [01:59] and i had to reconnect [01:59] i guess i just got lucky [01:59] ok i'll reboot [01:59] your pastebin file... what was different? [02:00] I just added network and broadcast [02:00] and removed the extra spaces [02:00] oh i had that earlier [02:00] but i didn't reboot [02:00] i'll try it [02:00] what is most likely, is something is hooking your interface and preventing the change from being made [02:00] a reboot would solve that issue [02:00] i don't see the network and broadcast in there [02:01] its network 192.168.254.0 [02:01] ff [02:01] and broadcast 192.168.254.254? [02:01] http://pastebin.com/muYERLhT [02:01] sorry [02:01] no problem :) [02:02] and should i change the dhcp range in my router? [02:02] yes [02:02] if the router tries to hand out the IP you're using, it'll be troublesome [02:02] k i'm doing all that right now [02:02] brb [02:02] so you should open a gap in that DHCP range, and use it for your statics [02:03] Or simply instruct the DHCP server to statically allocate leases by MAC for specific IPs [02:04] should i unplug my router for changes to take effect? [02:04] no [02:04] ok [02:04] unless your router is a really poor quality one [02:04] lol [02:04] it should apply once you click save [02:04] it's not that bad [02:04] it's applied but my desktop isn't assigned a local ip anymore [02:05] i'm on my laptop [02:05] but it's no problem for now [02:05] hallyn: sorry, was on the phone for a bit there [02:05] i'll edit my interfaces file now [02:05] hallyn: I'd rather not be telling folk to mount cgroups by hand in my docs - https://dev.launchpad.net/Running/LXC#preview [02:05] lifeless: not even using fstab? [02:05] hallyn: particularly as folk may have cgroup-bin installed for other reasons [02:06] which would presumably clash in fun ways [02:06] not-quite-sleeping baby in lap, would you midn talking tomorrow? [02:06] rebooting now [02:06] lifeless: i think the real problem with the cgroups is that lxc-init doesn't start in cgroup:/ like it expects. (Since you seem to have all cgrousp compsited under same dir, that's the only thing that should be going wrong) [02:07] lifeless: if this is high priority, i can take a crack at solving this tomorrow [02:07] should be about a day's work, and like i say, it needs to be done sometime [02:08] hallyn: well, I have a workaround (the new cgconfig from SpamapS) for folk using natty, which most lp devs are atm [02:08] qman__ looks like it's gonna time out and it's still not showing up on my router [02:08] only a few are brave enough to be on oni yet [02:09] hallyn: if we can get it sorted for oni release, that would be awesome [02:09] ntoombs, it's not getting a DHCP lease, so it won't show up in the router [02:09] try pinging the IP address you gave it [02:09] lifeless: so it all works with SpamapS' config? [02:09] hallyn: well, it doesn't shutdown on lxc-stop [02:09] hallyn: but poweroff inside it appears to work [02:09] qman__: it would ping once then timeout [02:10] lifeless: ok, cool, if you can get work done with that, that's great [02:10] we certainly can; I like to report all friction I run into though. [02:10] ntoombs, does it keep doing so? [02:10] qman__: dont i need it to show up on the router to do port forwarding and connect to the internet? [02:10] hallyn: I'll file a separate bug about the lxc-stop not working [02:10] lifeless: cool, i'll put cgroup-bin interaction high on todo list meanwhile [02:11] as in, one response per ping? [02:11] lifeless: ok, thanks [02:11] hallyn: sweet, thanks [02:11] qman__: yes it times out every time after the first packet [02:11] hallyn: one thing that would be -awesome- [02:11] hallyn: would be a template that bind mounts /home and uses the same uids [02:11] so if you stop and start a new ping, the first packet gets a response, but none after that? [02:11] qman__: i get one good packet then it times out every second after [02:11] qman__: correct [02:12] that's either a hardware problem, a driver problem, or a really bizarre firewall problem [02:12] lifeless: shouldn't be too bad. would you want just /etc/shadow entries for uids 1000+ copied over, or the whole thing? [02:12] hallyn: let me describe my use case; then you can decide :) [02:13] physically, how are you connected? [02:13] direct to the router, or through a secondary switch? [02:13] hallyn: I want to do LP development in a lxc container rather than a VM [02:13] lifeless: the thing i've been using a lot (from ppa) is lxc cloning with LVM. Seems like something which could be good for lp dev [02:13] qman__: well the server is connected by ethernet direct to the router. and i connect via ssh from a terminal on my mac [02:13] hallyn: so in the container I want to install rabbitmq, postgresql, apache etc [02:13] hallyn: and I want my source code sitting in my /home/robertc [02:13] mac is over ethernet or wifi? [02:14] hallyn: where I can edit it as normal, commit with my bzr & gpg keys etc [02:14] How do I access a shared printer from Windows? [02:14] wifi [02:14] i can do eathernet though [02:14] try plugging into ethernet, and trying [02:14] it might be a wifi thing on the router [02:14] hallyn: then run the tests within the lxc container, using the lxc postgresql, rabbit apache [02:14] ok [02:14] and again thanks a ton for helping :) [02:14] most people would have given up by now [02:15] this might disconnect me [02:15] not a problem, some routers do some strange things in the name of 'security' [02:15] hallyn: so inside the lxc it needs to write to me homedir without messing stuff up, but I don't care about service accounts [02:15] lifeless: would you want the whole /home bind-mounted? just ~/src or something? [02:16] hallyn: whole home/$me would be easiest to reason about I think [02:16] 'without messing stuff up' meaning not changing owner uids, right? [02:16] yeah [02:16] ok [02:16] oh for bonus points, [02:16] lifeless: i think i'd use that myself :) would that be higher prio for you than cgroup-bin? [02:16] definitely [02:17] hallyn: bug 798476 is also a very interesting one for me [02:17] Launchpad bug 798476 in lxc "it would be really useful to be able to make i386 lxc containers on a amd64 machine" [Undecided,New] https://launchpad.net/bugs/798476 [02:17] hallyn: LP memory use is much lower on i386 [02:17] qman__: my router says i'm still connected wirelessly and my ping comes back the same. i have airport turned off co i can't connect to anything wirelessly [02:17] hallyn: shall I file a bug about the developer bind-mounting template [option, whatever - i dunno how it all hangs together yet] [02:18] lifeless: sure, that's good. (not sure hwo kosher it is to just add things to the blueprint right now) [02:18] well, I don't know anything about macs, but you didn't even time out, so you'd have to have the same IP address [02:18] which is unlikely if you switched to wired [02:18] lifeless: hm, people *have* run i386 containers on amd64 [02:19] but i can't remember who [02:19] yeah [02:19] qman__: i really think i just have a dumb router [02:19] its probably just a case of passing the arch flag to debootstrap [02:19] hallyn: I do it [02:19] ntoombs, entirely possible [02:19] it *should* be trivial [02:19] Actually, I did it only to see if I could; I don't in productioin [02:19] twb: is it more than ^ [02:19] http://paste.debian.net/120603/ [02:20] Look in there for references to $arch [02:20] if you think that's the case, I'd give the router a reboot then [02:20] twb: thanks [02:20] sounds good [02:20] brb [02:20] Looks like only issue is debootstrap [02:20] And as a knock-on effect, which debootstrap cache I copy [02:22] twb: nifty, thanks [02:24] hallyn: bug 800482 [02:24] Launchpad bug 800482 in lxc "a home/$me bind-mounted template would rock" [Undecided,New] https://launchpad.net/bugs/800482 [02:24] Would it? [02:24] it would [02:25] qman__: i'm back [02:25] any luck? [02:25] qman__: now i'm getting errors like ping: sendto: host is down [02:25] and ping: sendto: no route to host [02:26] but now my router says i'm on ethernet :) [02:26] lifeless: cool, thanks [02:27] I'd try restarting the server again now that the router has rebooted, if you can reach the power button, just press it once quickly and it should power down [02:27] then press again to boot up [02:27] otherwise, if you can plug in a keyboard and press ctrl alt del [02:27] ok [02:27] How does one access a shared printer (CUPS) hosted on ubuntu 10.04 from Windows client? [02:28] quick press of a button did not a powerdown make [02:28] i could hold it but i'm assuming that is not advisable? [02:28] generally no [02:28] but if you're not running any software yet it shouldn't cause too much trouble [02:28] what filesystem are you using? [02:28] ext4 journaled so it's good [02:29] yeah [02:29] Just did an apt-get update && apt-get upgrade and it wants to upgrade language-pack-en which now suddenly has LOTS of crazy dependencies, including firefox and many X libs... anyone noticed this? I'm using v11.04 [02:29] to change anything i have to swap the hard drive to my desktop [02:29] but we're just doing a reboot right? [02:29] right [02:29] if it still doesn't come online at all, you might have to do that though [02:29] Feadin: no, but I know how to bypass the "helpful" locale packages and just generate the one you want [02:29] may be that your router is filtering it out [02:30] whad do you suggest i change in my router? [02:30] Feadin: uninstall those, then "locale-gen en_AU.UTF-8; update-locale LANG=en_AU.UTF-8", where "en" is your language and "AU" is your country. [02:31] its a 2WIRE 2701HG [02:31] ah, that's the issue exactly then [02:31] So you're suggesting we should bypass bugs and pretend that they don't exist? :) Just wanted to check if this is actually a bug or a new "feature" to simplify the maintainers jobs ;) [02:31] Feadin: I'm suggesting you should do it the Debian way [02:31] Basically because I don't like the "feature" [02:31] sounds odd but 2wire DSL routers ONLY allow connectivity with DHCP-leased clients [02:31] if you want to get around that limitation you need a better router [02:32] how about different firmware? [02:32] theoretically possible but I don't know of any [02:32] m0n0wall? [02:32] that firmware would allow it, but I don't know that it would run on your router [02:32] i was wanting to change it to that anyway [02:32] Feadin: AFAICT ubuntu default behaviour is more or less to installing *every* english locale for every CLI package as "language-pack-en-base", and every english locale for every GUI package as "language-pack-en". [02:33] I get it, but if I wanted to use Debian I'd be using Debian man :) Come on I'm not talking about personal preferences here. I'm just asking if anyone knows anything about this crazy dependencies which IMO shouldn't be on a server [02:33] plus you need to make sure your ISP isn't doing some funny things with it [02:33] Feadin: so in a default lucid server network install you lose about 200MB to thunderbird and firefox localization [02:33] AT&T U-verse is notorious for this [02:33] Feadin: shrug. Report a bug, then. [02:34] its actually windstream [02:34] if the router allows DHCP reservations, that may be the easiest way to go [02:34] Yeah I know I should report a bug, but only if it is actually a bug. I came here to ask if anyone knew anything about this issue in particular. [02:35] Feadin, does it actually depend on them, or just recommend them? [02:35] I mean, adding 144MB of multimedia dependencies for a metapackage on a bew server installation is not cool [02:35] Feadin: if it's not a bug, the maintainer will just close the ticket with "not a bug" [02:36] where would i find dhcp reservations? [02:36] It depends on them [02:36] Feadin: IIRC language-pack-en shouldn't be installed, only -base [02:36] Feadin: IIRC the preseeds on optical media installers are supposed to be set up to behave this way [02:36] qman__: would it work if i simply turned off dhcp? [02:37] ntoombs_, that's a good question, it would have to be something like "reservation" or "static IP" or some other "computer settings" [02:37] like this forum post says how to do. http://www.dslreports.com/forum/r22286649-How-do-I-turn-off-DHCP-on-2Wire-2701HGG [02:38] I installed these servers a couple of weeks ago selectiong only "OpenSSH" and leaving everything else on default, after that just added mysql-server and that's about it [02:38] that might work, but be prepared to reset it if it doesn't [02:39] Feadin: yes, I get it too, but I don't get a preseed file [02:39] was the router provided by your ISP? [02:39] yes [02:39] Feadin: I just manually uninstall those packages [02:39] sometimes they hack them up [02:39] upon a $100 fee [02:39] breaking basic functionality like this [02:40] I need to go for a few minutes, I'll be back soon [02:40] ok [02:40] Anyone has a default 11.04 server installation to try and do an "apt-get update && apt-get -s upgrade"? [02:41] just want to be sure this is actually a bug and not my mistake [02:59] Hey guys, I have a VPS running and I did an update of MySQL. I bumped into this error now everytime the system starts I cannot get MySQL - ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) [02:59] if I type... sudo /etc/init.d/mysql start [02:59] I can get it running again. But that's not much of an option since I need this to be stable and working 24/7 [03:00] I tried purge/reinstall of mysql, error persists. [03:00] ideas? :( [03:00] Gaming4JC: I can get you a vds real quick if you are looking for that [03:01] Jasonn: hmm? [03:01] check PM === airtonix_ is now known as airtonix === Jasonn is now known as JasonnAWAY [04:51] qman__: you there? [06:14] Hi all [06:14] I seem to have broken my server :D [06:14] This is a great development in my evening [06:15] Can I display the grub config from a grub prompt? [06:17] I just ran a normal dist upgrade and it rebooted and then I got "error no such device" [06:22] twb: is that template you hav esomething you're going to put fforward as a patch ? [06:22] twb: it seems to be structured rather differnetly :) [06:24] But really. What's my first thing to try when I'm at a grub prompt? [06:27] enter? [06:28] twb: is that template you hav esomething you're going to put fforward as a patch ? [06:28] twb: it seems to be structured rather differnetly :) [06:29] twb: well, it does go to a new line.. doesn't do much else [06:29] lifeless: it's in-house shite [06:29] lifeless: I'm happy to publish it but it's not exactly merge-ready [06:30] yeah [06:31] I think I have a minimal (fugly) patch to do i386, I'm just testing now [06:33] Is there any way to list drives or see the grub configuration from the grub> prompt? [06:33] or am I better off using a livecd and trying from there [06:33] for drives just tab complete [06:33] (TAB [06:34] Doesn't seem to show anything [06:34] thats unusual :) [06:34] the worst thing to hear :P [06:35] Well the error message is something like "unknown device" but from googling I've seen this mentioned in conjunction with LVM and with unused floppy drives being enabled [06:36] josePhoenix: depending on the bash, you will have tab completion [06:36] josePhoenix: (hd, (hd0)/ etc [06:36] hd0 = sda, hd0,1 = sda1 [06:37] Oh, except I think in grub2 the numbering is from 0 for partitions as well :-/ [06:37] ay de mi.... [06:37] Note the parens around (hd0,1) are important [06:37] If this is all too hard, just get a live CD and fix it that way [06:37] hmm partition 0,1, ext2; partition 0,5: unknown filesystem [06:38] But if the kernel + initrd was installed to a /boot partition it shouldn't have trouble reading it [06:38] the latter might be swap [06:38] Certainly it SHOULDN'T have trouble :-( [06:40] The only thing that didn't go perfectly smoothly in this upgrade was that at one point the screen went blank and I hit enter to get it back without thinking [06:40] and it chose N on the 'reboot now?' prompt and I had to start over [06:40] but I thought ubuntu was too polished for that to fuck things up... [06:44] so if its just got an old config [06:44] subtracting 1 from the entries it was trying to boot with [06:44] should make it all happy [06:46] Could you elaborate on what that means? [06:46] well [06:47] your config should be present by default [06:47] you can edit it in the grub prompt, or manually issue the commans [06:48] https://help.ubuntu.com/community/Grub2#Command Line and Rescue Mode [06:48] explore the fs's using tab complete to find the right partitions and then boot by hand [06:49] if the stage2 loader couldn't be found thats more of a problem [06:49] how far through is it getting ? [06:50] It drops me at a grub> prompt after saying "unknown device" [06:50] though that message only flashes on screen for an instant [06:50] hmm does the grub prompt include a pager? I can't see the beginning of this config file -.- [06:53] hah [06:53] root@lucid-test-lp:~# arch [06:53] x86_64 [06:53] root@lucid-test-lp:~# dpkg --print-architecture [06:53] i386 [06:56] Man, I used to know all of this back when I used Gentoo. [06:56] is it possible to provide an option in ~/.ssh/config to limit-rate (the scp has an argument -l that takes Kbits/s) [07:12] Anyone know if ubuntu wants initargs? [07:12] er [07:12] init= bootarg? [07:14] Is there a pager in the initrd shell? [07:14] init=foo is not necessary by default [07:14] Or any way I can see the top half of this file that scrolls offscreen? [07:15] The busybox program provides a bunch of applets; which ones depends on how the team are feeling that week. [07:15] Debian's busybox includes more (or less?) nowadays, but I think Ubuntu's is a 100kB smaller and containers less stuff :-( [07:15] :[ [07:15] more doesn't work and less is missing [07:16] josePhoenix: if all else fails, you have to write to a file then use head and tail to get the page you want [07:16] josePhoenix: I've seen that problem with more not working before, I think it's because the emergency environment's terminal capabilities are buggered – I never solved it myself [07:16] re head/tail – or grep, sed, etc., of course [07:18] okay, here is what I have figured out so far... I have a /boot at (hd0,1) that contains no vmlinuz/initrd.img but it does have vmlinuz-2.6.38-8-server + corresponding initrd [07:18] The symlinks are in root, not boot, by default [07:19] ah good to know [07:19] there is also a partition at (hd0,5) which grub says is an 'unknown filesystem' but must be an LVM group because I know there's supposed to be a swap partition on here [07:19] and there are only two primary partitions [07:19] I think the problem is that I need to guess root= based on the startup output from the initrd stage [07:21] or not [07:21] I'm not sure how grub and kernel lines and LVM work [07:25] well that's interesting. [07:31] YAY IT BOOTED [07:37] I need some help enabling php5 on apache2. php code is not being parsed by the server [07:37] keyboardtalk: did you install libapache2-mod-php5 ? [07:37] yes [07:42] keyboardtalk: did you then run 'sudo a2enmod php5' ? [07:43] SpamapS: doesn't it do that implicitly in the postisnt [07:44] twb: Ah it should [07:44] SpamapS: yes [07:46] twb: not sure [07:46] would make sense [07:49] keyboardtalk: at this point you probably need to add a config file that adds the PHP handler [07:49] Would have hoped that happened automatically too but I guess not [07:50] It *is* automatic provided he follows the conventions that the automatic scripts expect [07:50] e.g. the mod_fcgi package sets up fast CGI only for *.fcgi files [07:51] been a while since I dropped it on a bare machine and tried it out. :-P [07:54] SpamapS: okay php seems to be working in /var/www, but not in other directories, namely /home//public_html/ [07:55] do php directories & files need certain permissions to work? [07:58] keyboardtalk: Read /etc/apache2/mods-enabled/php5.conf and note the deliberate turning off of PHP in user directories there, as a security precaution... [07:58] keyboardtalk: You can edit it if you want PHP in userdirs. [07:58] I have a host running mod-php5, but I've locked it down as much as I could so it won't reflect the defaults [07:59] Or I think you could override it in .htaccess on a per-user basis [07:59] jmarsden: assuming you leave .htaccess turned on :-) [07:59] Yes :) [07:59] keyboardtalk: if you want to run per-user php.. you'll want to look into something to keep them from attacking eachother. :) [07:59] mod-php5 isn't terribly suitable for servers with multiple users anyway [08:00] * twb waves the "static HTML or GTFO" banner [08:00] chrooted fastcgi .. lxc containers.. whole vms.. just don't turn on mod_php for user dirs [08:00] Okay, thank you very much [08:00] I hate fastcgi [08:00] I'd rather just have an app server daemon speak HTTP to the reverse proxy "real" web server [08:01] hmm, fastcgi has been working fine for me (for php), but it does eat a lot of memory [08:01] I've been liking fcgi and/or suphp for a while :) [08:02] hehe I can't really say that I like it, but it works (mod-fcgid, suexec and fastcgi) [08:02] luite: are you running an httpd on the same host, or are you running fastcgi over a trusted network? [08:02] same host [08:03] Yeah see I do that but I don't like it [08:03] [08:03] I would prefer [08:03] Out of curiosity, what is the risk with enabling php for all users? [08:03] keyboardtalk: that they'll use php [08:04] keyboardtalk: all php scripts run under the same user id, so users can read each others php files [08:04] keyboardtalk: (that's for mod-php for all users) [08:05] okay, good to know [08:05] twb: you can do that, just run your http app w/ mod_php ..why not? [08:05] SpamapS: my app is written in C, not PHP [08:05] At least this time it is [08:05] twb: In that case, libevent FTW [08:06] SpamapS: how would that work? I am talking to upstream about it this week [08:06] full http server code built in.. :) [08:06] I've only ever seen libevent used in rxvt [08:06] twb: I like it that apache tries to automatically starts the fastcgi apps, fewer things to watch :) , but I use apache reverse proxy for my non-php web apps [08:06] (written in haskell) [08:07] twb: recent versions of libevent have evhttp.h ... [08:07] http://monkey.org/~provos/libevent/doxygen-1.4.3/ [08:07] luite: yeah, I am actually using apache not varnish, but that devalues my argument a little :-) [08:07] SpamapS: neat [08:07] twb: you just register a callback per URI, and a default callback for dynamic URI's [08:08] SpamapS: can I quote you (i.e. mail the scrollback to their list)? [08:08] It'll save me paraphrasing [08:08] twb: sure, I'm just quoting from the docs [08:09] I played around with it a few months ago.. VERY easy to write an HTTP server [08:13] I suppose it would be ironic if he switched to libevent and I couldn't get a new enough version into lucid [08:14] lucid is new enough [08:14] Cool [08:14] * SpamapS shudders, recalling using CentOS 5's 4 year old libevent [08:14] which is now.. 7 years old I think [08:15] That's odd... urxvt appears to not use libevent in sid, but I thought it did [08:16] weird that a gui terminal would use it [08:16] I guess it makes sense.. but seems a bit heavy [08:18] Ah, here http://software.schmorp.de/pkg/libev.html [08:18] "A full-featured and high-performance (see benchmark) event loop that is loosely modelled after libevent, but without its limitations and bugs." [08:18] Nice and objective there schmorp :-) [08:21] the same lib that's used by the framework that I'm using :) ( http://snapframework.com/ ) [08:21] luite: which, ev or event? [08:21] ev [08:21] Hi all, [08:22] I am tring to clean everything off my server. [08:22] I want to return to a minimal installation. Is there any command to do this? [08:23] alex_21: markauto most/all packages that are not Section: metapackages [08:23] This is not a perfect rollback, tho [08:24] I want to completely reinstall everything, config and all without reinstalling Ubunut. [08:24] You can't have that [08:24] You can make it re-ask you most configuration options with "dpkg-reconfigure --all", but this is not the same. [08:25] Nor it "aptitude reinstall ?installed" [08:25] Feel free to try them anyway, once you have working backups. I think it'll be easier to do a full reinstall. [08:28] alex_21: for the future, this is why configuration management helps.. :) === smb` is now known as smb [08:29] How can I reconfigure ldap. [08:29] ? [08:40] Oh ldap [08:40] you are totally fucked [08:40] ldap HATES changes [08:40] Especially if you're still using FDS or that other one. OpenLDAP is a little better [08:51] Allright guys. Thanks for the help. Reinstalling it is. [08:51] Good night. [08:58] Is there a reputable PPA with mysql 5.5 packages for lucid? [09:06] nickmoeck: I *seriously* doubt it. It's not even in Debian experimental or Ubuntu Oneiric yet. [09:07] Packaging mysql isn't exactly trivial [09:11] You're kidding, right? MySQL 5.5 was released in December! How are there no packages for it yet? [09:11] surely it doesn't take more than 6 months to package [09:14] nickmoeck: well, are you helping? [09:16] twb: obviously not, I don't really know much about packaging. But I would think for something as important as mysql, packages for the latest version would be made within 6 months of the release [09:18] Well, *I'm* not helping because the sooner mysql dies the sooner people will switch to sqlite and postgres, which are IMO infinitely better suited to toy and production usage respectively [09:19] You can make a shit package in an afternoon, but getting it release-quality is difficult, especially since, as you say, so much gank relies on mysql and thus so many people will complain if you screw it up. [09:19] Or it could just be that the guy responsible for packaging mysql for Ubuntu has gotten a job or a girlfriend in the last six months... [09:19] twb: I've put up a patch for doing i386 lxc's [09:20] lifeless: hmm? [09:20] twb: would be interesting to know if it would suit your needs [09:20] twb: bug 798476 [09:20] Launchpad bug 798476 in lxc "it would be really useful to be able to make i386 lxc containers on a amd64 machine" [Low,Confirmed] https://launchpad.net/bugs/798476 [09:21] old computer running md0 with lvm crashed. no i want to mount it on new hardware. It can find all volumegroups and logical volumes but it does not put them to /dev so that i can mount it. How do i import it? i am afraid vgimport does not work as it was not exported before old computer died. [09:22] larsemil: lvm2 vgscan -ay? [09:22] larsemil: something like that; last time I did it I RTFS'd the ramdisk to work out the details [09:24] it finds it allright, but it does not make it mountable... [09:25] twb: vgchange -ay was the solution [09:25] good-o [09:26] thanks for pointing me in the -ay direction! [09:26] -ay means "bloody well do it" in LVM [09:56] any idea of why this error is occurring? http://paste.pocoo.org/show/416826/ "Exception during pm.DoInstall(): E:Internal Error, Could not perform immediate configuration (2) on util-linux" or how to solve it? [11:05] !paste | sarit [11:05] sarit, please see my private message [11:22] New bug: #800597 in postfix (main) "Latest postfix update breaks hash-based aliases.db (potentially other .db files too?)" [Undecided,New] https://launchpad.net/bugs/800597 [11:37] (98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 !! [12:01] m3asmi: There's something listening on port 80. Are you running a httpd already? [12:02] cloakble : I fix that problem [12:03] I ask about the : The requested URL /www was not found on this server. [12:20] New bug: #800340 in ipxe (universe) "[MIR] ipxe" [Undecided,New] https://launchpad.net/bugs/800340 [13:37] New bug: #800656 in etckeeper (main) "Update Manager can not proceed if there is a lock on /etc" [Undecided,New] https://launchpad.net/bugs/800656 [13:54] morning all === med_out is now known as medberry === oubiwann` is now known as oubiwann === Ursinha is now known as Ursinha-lunch [15:13] New bug: #800543 in dbconfig-common (main) "Installing zabbix-frontend-php fails in noninteractive mode" [Undecided,New] https://launchpad.net/bugs/800543 [15:23] oh man, ppa build started yesterday morning still hasn't started === jjohansen is now known as jj-afk [15:30] Heya sommer. [15:34] <^^rcaskey> I've got an old server i'd like to get onoboard with automatic security updates. Just dist-upgraded to lucid, is there just a package i need to add or reconfigure? [15:42] hallyn: around? [15:43] zul: yeah, what's up? [15:43] hallyn: we said we can drop the 9022-allows-lxc-containers-with-lxcguest.patch right? [15:44] zul: are you doing 0.9.2? [15:45] hallyn: yeah if we dont it needs to be rediffed [15:45] you're pulling from sid, or upstream? [15:45] sid [15:46] zul: fetching. But in any case, so long as it has the patch from upstream adding the LXC_UUID, then yes [15:46] hallyn: ok ill drop it then [15:46] though, hm [15:46] zul: we'll have to make sure then that the lxcguest package for natty has the LIBVIRT_LXC_UUID fix [15:47] you mean for oneiric [15:48] zul: no [15:48] zul: lxcguest runs in the guest, so natty guests on oneiric hosts will need to do the right thing [15:49] hallyn: oh right [15:49] zul: can you take care of SRU'ing that? (i'ts not in natty, just checked) [15:49] hallyn: yeah i can probably do that [15:49] zul: cool, thanks. Should just be able to cp debian/*.upstart from the oneiric version [15:49] i'm getting my ass kicked by the lxc template stuff (trying to consolidate the templates into one) [15:51] hallyn: heh sucks to be you when is a new version of lxc suppose to be out [15:51] whenever dlezcano feels there's a new feature [15:59] zul: heh, found my biggest problem - missing ':' after option in getopt. doh [15:59] new template is gonna rock [15:59] hallyn: doh! [16:01] Daviey: when are we looking into having cobbler in main? [16:02] kirkland: ^^ [16:02] RoAkSoAx: We'll check on it start of next week i think [16:02] hey guys...I'm following this tutorial: https://help.ubuntu.com/8.04/serverguide/C/postfix.html and when I try to connect I get kicked out by this: http://pastebin.com/WQ3e99Dq, what should be at "private/auth-client"? [16:03] RoAkSoAx: personally, i have no strong need for cobbler to be in main [16:03] RoAkSoAx: but i think Daviey and your team will probably need it so [16:04] Daviey: ok cool! [16:04] kirkland: thought orchestra was gonna have to be in Main by this cycle [16:05] RoAkSoAx: that's up to you guys [16:05] :( [16:05] kirkland: ok ;) === koolhead11|afk is now known as koolhead11 [16:22] ping Daviey [16:22] New bug: #800744 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/800744 [16:23] Isn't that cute.. install munin wants to also put x11-common on my system ;/ [16:24] has anyone set up openvpn server in ubuntu 10.04 [16:26] Doonz: yup [16:32] lynxman: generally nick: ping is more reliable.. some people (like me) don't have their name highlighted in all instances.. just when its the first word [16:32] Doonz: https://help.ubuntu.com/10.04/serverguide/C/openvpn.html [16:33] SpamapS: will have that in mind, he normally replies though :) [16:36] 1 sec damn work is getting in the way [16:42] SpamapS, ah, I've never heard of that setting/behavior. Probably comes in handy if you have a ubiquitous nick. [16:42] medberry: its the default in irssi [16:47] can one install a kvm guest running the devel release with vmbuilder? [16:57] SpamapS: ive tried that guide a few times and it didnt work [16:57] https://help.ubuntu.com/10.04/serverguide/C/network-configuration.html#bridging Ive tried following that guide but it wont bring up the bridged connection [16:58] Doonz: Please file a bug with details against the ubuntu-docs project. [16:58] its not a bug. just a stupid user trying to do something he doesnt know anything about [16:58] :( [16:59] https://help.ubuntu.com/10.04/serverguide/C/openvpn.html <-- im going to retry this guide and ill pastebin the errors [17:04] pmatulis: should be doable [17:05] SpamapS: do you know how? i mean, is it done with hacking? [17:05] SpamapS: b/c suite=oneiric doesn't work if host is natty [17:06] lynxman: sorry, was otp [17:06] pmatulis: not sure. I just use iso's + virt-manager. :-P [17:06] SpamapS: ok [17:06] Daviey: no problem [17:14] well its official im an idiot [17:15] so anyone wanna set up openvpn server for me === jj-afk is now known as jjohansen === koolhead11 is now known as koolhead11| [17:43] *sigh* [17:44] heres what i get after i follown the openvpn guide http://pastebin.com/RUq5Mtup [18:17] I'm using Ubuntu Enterprise Cloud (Eucalyptus). If I terminate an instance, any configuration made is lost. How can one get round this problem? [18:19] RoAkSoAx: ping [18:22] lynxman: pong [18:22] We have an Intel Xeon E5645 and we're not seeing the 2 threads per core in lscpu, cat /proc/cpuinfo, etc, despite the processor being capable of hyperthreading. Is there a way to determine what features are supported by the kernel? I'd like to check if hyperthreading is enabled [18:22] btw, `uname -a` # => Linux 358015-domain 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux [18:25] we're using a bare-metal host and we're trying to prove that the issue isn't with the OS (or fixing it if it is), so I can't exactly check the BIOS or anything [18:34] i have a question about socks proxy server. for a socks server to be able to accept and forward incoming connections back to clients behind the proxy, what does it need to have? [18:43] fowlduck: if the CPU can do it, it should be in the flags in /proc/cpuinfo [18:43] fowlduck: it may still be disabled in the BIOS [18:43] fowlduck: I'd say 90% of workloads see no real benefit to HT [18:44] SpamapS: thanks for getting back to me, I got some help from the guys in #ubuntu-kernel on the problem [18:45] You're right, too. It seems to be disabled in the BIOS [18:45] despite the minimal performance improvements, we'd like to get the potential benefits if its available === Ursinha-lunch is now known as Ursinha [19:13] SpamapS: should postinst/postrm scripts call "service XYW restart" or similar? or should that be done with invoke.rc-d [19:13] invoke-rc.d* [19:13] invoke-rc.d is the *only* way allowed [19:14] SpamapS: that's what I thought! Thanks [19:17] does rsyslogd miss anything besides apache on a default install? [19:24] i didn't know apache was part of the default install [19:31] pmatulis: it isn't [19:32] RoyK: rump is mixed up [19:36] New bug: #800824 in cloud-init (main) "cloud-init-nonet times out in lxc" [High,Confirmed] https://launchpad.net/bugs/800824 [19:51] i just switched from debian til ubuntu-server (or trying to) but for some reason, the ubuntu 11.04 server CD cant see my main harddrive.. debian can just fine.. any ideas? [19:56] New bug: #800833 in amavisd-new (main) "package amavisd-new-postfix 1:2.6.5-0ubuntu2 failed to install/upgrade: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/800833 [19:57] vooze: sound strange - but just a thought - if you plan to setup a server, why don't you use an LTS release such as 10.04? [19:57] 11.04 will only be supported for 18 months [19:57] LTS server releases are supported for a full 5 years from release [19:58] Hi I haven't followed this channel. But you are aware that a aptitude full-upgrade today will pull in a lot of irrelevant packages? like firefox,synaptic etc..gui programs? [19:59] I also found a forum post from one experiencing the same http://ubuntuforums.org/showthread.php?t=1788159 [19:59] Alfafa: sometimes dependencies change - but really - if you don't have any graphical stuff installed, an apt-get dist-upgrade (I guess that's like aptitude full-upgrade) really shouldn't add much new [19:59] Alfafa: which version? [19:59] It is 11.04 [20:00] 11.04 has a few dependency issues - I know [20:00] apt-get dist-upgrade does the same..pulling in gui stuff [20:00] * RoyK sticks to LTS releases for servers [20:00] Ok..I would just make sure someone knew :-) [20:00] RoyK: yeah, trying that now.. burning atm. [20:00] Alfafa: No. No it doesn't. You added something. [20:00] Alfafa: report a bug [20:01] I've upgraded servers from 10.10 to 11.04 just fine. [20:01] ScottK: the dependencies in 11.04 are rather patchy [20:01] * w00 same [20:01] RoyK: Point to bugs please. [20:01] I've just been testing on a test VM, and had lots of wierd issues [20:01] I didn't add something I ran a perfectly normal aptitude full-upgrade yesterday and today the same pull in a lot of gui packages not needed [20:01] Alfafa: What does apt-get upgrade do? [20:02] ScottK: so I just ditched the VM and let it go [20:02] OK. [20:02] apt-get upgrade should work much better [20:02] but you wouldn't get kernel updates i believe by using that [20:02] ScottK: upgrade to the latest version of packages within the distro version (say, 10.04.1), but it won't upgrade to 10.04.2 - dist-upgrade would [20:02] Alfafa: OK. How about apt-get dist-upgrade? [20:03] RoyK: No. That's wrong. [20:03] sure? [20:03] Yes. [20:03] 10.04.2 is nothing more than all the updates released for 10.04 on a certain date. [20:03] hm.. I thought it was a new subversion, slightly newer packages etc [20:03] The difference between upgrade and dist-upgrade is that dist-upgrade will add/remove packages if needed and upgrade won't. [20:03] never mind [20:04] Generally in stable releases that just comes up with kernels that break ABI and need new package names. [20:04] what's ABI? [20:05] Application Binary Interface. [20:05] k [20:05] If the binary interface changes there are packages that need to be rebuilt against the newer ABI so they change the package name. [20:05] I'm running 2.6.35 on my Lucid servers atm - haven't seen any issues there [20:05] That means a kernel upgrade (if it breaks ABI) needs dist-upgrade. [20:05] ah - IC [20:05] thanks for the info [20:06] I generally only use dist-upgrade, though [20:06] guess that should be safe, then [20:06] I think it may be a new upgradedable package today which have a rather weird recommends. I can look at the packages it will upgrade to see which one of them pulls in the 57 new(mostly gui packages) packages [20:06] Lucid was released with 2.6.32.21.22 and has 2.6.32.32.38 now. [20:06] Every time the 4th number changes it's an ABI break and there's new binary packages. [20:07] ScottK: there's a maverick backport of 2.6.35-25 in the repos [20:07] ScottK: and that's recommended because of some bugs not fixable in 2.6.32 [20:07] (last I checked) [20:07] It's got a completely different set of package names. [20:07] dist-upgrade won't pull it, though, you'll have to apt-get install it [20:07] I think it's recommended only if you're having issues with the normal one. [20:08] My LTS servers are running the regular 2.6.32 with no problems. YMMV. [20:08] well, I just updated my boxes - all 20-odd servers are running 2.6.35 now without issues [20:10] ok..i think the bug is the recommends for language-pack-en-base which recommends firefox-locale-en which then depends on firefox maybe? but I am not sure..i believe aptitude full-upgrade sometimes install the recommended packages which apt-get upgrade doesn't? [20:11] Perhaps. [20:11] Let me look into it. [20:11] vooze: any luck? [20:12] New bug: #800845 in munin (main) "plugin postfix_mailvolume invalid output when log file missing" [Undecided,New] https://launchpad.net/bugs/800845 [20:13] Alfafa: I don't think that's part of the standard server install. [20:15] ScottK: Hmm..ok I will look into why it is there then [20:21] New bug: #800856 in cloud-init (main) "resizefs module causes problems on LXC containers" [Undecided,New] https://launchpad.net/bugs/800856 [20:22] apt-get -s install apt-rdepends [20:22] sorry === raubvogel1 is now known as raubvogel [20:26] hallyn: SpamapS: thanks for your aid - this is what I have now - https://dev.launchpad.net/Running/LXC#preview [20:29] ScottK: Ok. Couldn't find any reasonable rdepends...so removed the language-pack* maybe it has been put in some time earlier (it has been upgraded to 11.04 and not reinstalled) [20:30] ScottK: Sorry for wasting your time [20:30] No problem. [20:30] Sometimes this is how you find out. [20:30] ScottK: I will just answer the other ones forum post..then somebody else can find it ;-) [20:42] anyone around that knows a good L2 network discovery tool? === lullabud is now known as warzauwynn [21:11] SpamapS: hallyn: next fail point - fuse fails to install in the lxc [21:13] lifeless: wow, that is a suprise.. fails to dpkg unpack/configure? [21:13] Setting up fuse-utils (2.8.1-1.1ubuntu2) ... [21:13] creating fuse group... [21:13] mknod: `fuse-': Operation not permitted [21:13] makedev fuse c 10 229 root root 0660: failed [21:13] chgrp: cannot access `/dev/fuse': No such file or directory [21:14] lifeless: yeah you have to mknod outside of lxc IIRC [21:14] SpamapS: where should I file the bug ? [21:15] hallyn: ^^ ? [21:15] devpts fs doesn't help [21:17] http://jtrancas.wordpress.com/2011/02/09/fuse-filesystems-lxc-container/ perhaps [21:19] lifeless: looks like an lxc issue then... with the template. [21:21] adding that stuff to the config seems to be enough [21:23] bug 800886 [21:23] Launchpad bug 800886 in lxc "lucid fuse-utils fails to install in lxc container" [Undecided,New] https://launchpad.net/bugs/800886 [21:23] bug 1 [21:23] timeout \o/ [21:23] hm... [21:23] Launchpad bug 1 in ubuntu "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1 [21:23] i'm wrong! [21:24] thanks lifeless [21:25] this pool is FAST http://paste.ubuntu.com/630972/ :D [21:26] lifeless: SpamapS: no bug. edit the container's config (/var/lib/lxc//config) and add a devices whitelist eception for /dev/fuse [21:27] hallyn: can we not ship that? [21:27] Daviey: we shouldn't. [21:27] hallyn: oh? [21:27] hallyn: why not ? [21:27] bc we pretend containers aren't 100% unsafe as is :) [21:27] hallyn: could we ship an option [21:28] hallyn: so folk don't go off of random internet sites like I just did. [21:28] lifeless: right, just add the option to the config [21:28] lifeless: no problem, the lp bug shoudl steer people :) [21:28] where is that link you pasted before [21:29] http://jtrancas.wordpress.com/2011/02/09/fuse-filesystems-lxc-container/ [21:29] ah there it is [21:29] seems to be for udev [21:29] so perhaps not relevant to lucid [21:29] lifeless: thx :) [21:29] hallyn: I wonder if handling the fuse failure could be better handled in the fuse package giving reasoning for failure, and suggesting uncommenting it on the config? [21:29] (ship it commented out?) [21:29] Daviey: could be [21:30] whats the security issue with this? [21:30] presumably it allows the conatiner to load arbitrary fuse filesystems? and abuse any holes which might exist in the /dev/fuse api [21:31] security issue is just 'a big blog tying into the kernel' [21:31] but fs's are contained [21:31] maybe i'm being unreasonably, i dunno [21:31] if fuse is unsafe [21:31] contained by what? [21:31] I thought they were namespaced ? [21:32] that's not the angle i'm worried about, [21:32] it's that the kernel is calling out to functions in userspace, [21:32] and the container is writing those functions [21:32] I love the fact that fuse is a userspace implementation for filesystems... and yet, we are still blocked on the kernel module :) [21:32] right... [21:32] but that doesn't seem intrinsically insecure [21:32] it's intrinsically fragile [21:32] as long as the kernel doesn't trust the userspace implementation blindly [21:33] lifeless: it's the same reason why we want to sandbox containers so that any fo the 100 newest syscalls can't be used :) [21:33] * lifeless would like to not need fuse, but is installing gnome inside the lxc container :( [21:33] lifeless: you sir, are a crazy man. [21:33] lifeless: well again, containers aren't secure to begin with, [21:33] Daviey: windmill tests [21:33] Daviey: for LP [21:33] lifeless: so i don't want to make it too hard. But is adding that entry to the config too much? [21:33] lifeless: interesting! [21:34] Daviey: https://dev.launchpad.net/Running/LXC [21:34] hallyn: it seems a discoverability issue [21:34] hallyn: well, the less it Just Works [21:34] ypu [21:34] yup [21:34] hallyn: the harder it is to use. [21:34] hallyn: so I accept that if there is an issue, we shouldn't do it. [21:34] Daviey: so being a discoverability issue, i'd lean toward fiing it in fuse-utils [21:34] hallyn: but I'd rather concrete 'we need to do X to fix it' objections rather than 'it might break'. [21:35] lifeless: the issue will become more meaningful when we have user namespaces. I just don't want toopen all the doors in the meantime so that then user namespaces will be worthless [21:35] hallyn: wearing my obstinate user hat rather firmly. [21:35] hallyn: anyhow - that wiki page I just linked documents doing the home bindmount [21:35] lifeless: So are you thinking of doing this to integrate with the tarmac pre land testing? [21:35] hallyn: the one bit I'm missing is user mirroring [21:35] lifeless: maybe we should as on #ubuntu-hardened how safe they feel with /dev/fuse API. I know little [21:35] Daviey: we don't use tarmac :) - and no. [21:35] lifeless: you can use the lxc-ubuntu template I linked to in the bug [21:36] Daviey: doing it to have less memory footprint than the lucid VM I currently use. [21:36] lifeless: let me post some debs actually to people.canonical.com, one sec [21:36] lifeless: oh right [21:37] lifeless: http://people.canonical.com/~serge/lxc_0.7.4-0ubuntu7.1clone3_amd64.deb [21:38] lifeless: with that deb, you can do 'lxc-create -t natty -n natty -f /etc/lxc.conf -- -b lifeless [21:38] and user lifeless will be bind-mounted and created in the container [21:38] wicked [21:38] it also supports '-a i386' [21:38] nice [21:38] that will be in oneiric? [21:38] yeah, unless it hits resistence upstream (unlikely for this) [21:39] lifeless: actually yo uneed to add '-r natty', as the default container is lucid [21:40] hallyn: well, I want lucid :) [21:40] lifeless: excellent :) [21:40] hallyn: launchpad.net deploys on lucid [21:40] lifeless: then until lp gets aroudn to compiling the ubuntu-virt ppa's lxc, you'll need to add '-x' to trim the container (as it can't install the lxcguest package) [21:41] lxcguest ? [21:41] oh yay, it built [21:41] hallyn: Hmm, i don't think lifeless wants to deploy in lxc... just devel [21:41] lifeless: yes, lxcguest works around some blotches where upstart can't deal with not beign on hardwrae [21:41] Daviey: so? [21:41] hallyn: so I should install that in my lucid guest ? [21:42] $ apt-cache show lxcguest [21:42] W: Unable to locate package lxcguest [21:42] E: No packages found [21:42] lifeless: only if you want it to be safe across udev upgrades [21:42] right, it comes from ppa:ubuntu-virt/ppa. It's in natty and oneiric, but not lucid and maverick [21:42] hallyn: is it needed for lucid? [21:42] hallyn: Ahh.. i missunderstood "then until lp gets aroudn to compiling the ubuntu-virt ppa's lxc [21:42] not if you create a trimmed container (which the lxc-lucid template did, and which the new template does if you add -x) [21:43] Daviey: oh yeah, it just took over 24 hrs for it to get around to it [21:43] lifeless: are these 'run and delete' contaienrs? [21:43] hardware testing have solten all the builders [21:43] hallyn: nope [21:43] you're going to keep themaround and upgrade? [21:43] hallyn: we install a GB of dependencies [21:43] so i doubt folk will treat them as transient things [21:43] then yeah, use lxcguest [21:44] hallyn: You know, having someone on the launchpad team that wants to use a package from a PPA oddly increases it's build time :) [21:44] let me know when its available for lucid? [21:44] it does things like bind-mount an empty fiel over /lib/init/fstab, so that if mountall/udev gets updated it still boots [21:44] (err, decreases) [21:44] lifeless: it's available now in the ubuntu-virt ppa [21:44] lifeless: it must have just compiled [21:45] lifeless: I assume there is no way to add that package into the official lucid archive at this late date [21:45] hallyn: sure you can, its not trivial but it is doable [21:45] lxcguest wants to futz with /etc/init/console.conf [21:46] lifeless: that file only exists bc the lxc-lucid template created it [21:46] ok, so I [21:46] so yes, the idea is the template doesn't change the container, you just run lxcguest in a plain VM, then you can boot it either in kvm or a container [21:46] no changes [21:47] hallyn: backports baby! [21:47] Daviey: well, it's in ubuntu-virt ppa... [21:47] i thought that was a reasonably official place to put it [21:47] https://dev.launchpad.net/Running/LXC#preview now with lxcguest info [21:47] * Daviey watchs hallyn stir the beehive of PPA's vs Backports. [21:49] lifeless: I just want to get my lxc-lvmcreate script back itno my pacakge, then I will push it to ppa:serge-hallyn/lxc-natty and blog about how to use it to do the arch and home bind mounting [21:50] hallyn: let me know as things improve and become accessible, I'll happily update this wiki page [21:51] lifeless: great,thanks [21:51] jdstrand: kees: does one of you have any input on the safety and sanity of the api used with /dev/fuse? [21:51] (regarding bug 800886) [21:51] Launchpad bug 800886 in lxc "lucid fuse-utils fails to install in lxc container" [Undecided,Confirmed] https://launchpad.net/bugs/800886 [21:52] if you gusy tell me it's safe, I'll just add it to the whitelist int he template [21:52] * jdstrand does not otoh, but I am going to point mdeslaur at this too (who might have more up to date info) ^ [21:53] cool, thanks. yeah i just meant top of head. if research is required i'll go read the code. [21:54] hallyn: my understanding is that the fuse perms are checked at the kernel level. [21:54] hallyn: I haven't though much about how that might behave with a container, though. [21:54] in _theory_, it should be fine, but I've never tested it [21:55] kees: oh i wasn't even thinking about uid translations over namespaces. (that'll be my job :) [21:55] kees: I'm wondering how... 'rich' the API over /dev/fuse is. Do you trust people who connect to it? [21:56] kees: or does it have a small, ilmited API that I can sort of trust [21:56] by 'do you trust people' i meant 'do you *have* to trust people' [22:02] hallyn: well, it's designed for non-root users, but I haven't spent any time auditing it. [22:02] kees: so it's world writeable usually? [22:03] so it is [22:03] hallyn: yes [22:03] so why would i worry about it [22:03] kees: thx :) [22:03] heh, np [22:03] of course, [22:03] i assume th kernel code checks uids. but again that just means its up to me to clean that up when time comes [22:03] neaty [22:03] neato, even [22:05] \o/ [22:22] gah, i *still* haven't asked for lxc upload perms [22:22] zul: can you help a brother out? :) [22:24] Daviey: still there? [22:26] Daviey: could you push http://people.canonical.com/~serge/lxc_0.7.4-0ubuntu11/lxc_0.7.4-0ubuntu11.dsc for me? [22:29] hallyn, is it just uploading it ? [22:29] or do you need anything special on it ? [22:29] (well you mean to ubuntu just to be sure) [22:30] (I am asking if the great Daviey is not around) [22:32] huats: yeah, just uploading it [23:30] * SpamapS shouts "CHOO CHOOO" after riding the sl train === lullabud is now known as warzauwynn