/srv/irclogs.ubuntu.com/2011/08/19/#ubuntu-server.txt

CrazyGirhello! if I have a vm running via a qemu disk image, and if this can be mounted with the qemu-nbd command, you should then be able to chroot to that env and run passwd on a user, no?00:47
KiallCrazyGir, forgot the root password? ;)00:49
Kiallanyway .. yeah .. you should be able to chroot it and change the passwords00:50
twbOr init=/bin/sh00:51
CrazyGirKiall: nope, I made a clone of a vm I don't have any passwords to00:53
CrazyGirtwb: how do you mean?00:54
CrazyGirdid I lose the attention? :P00:56
twbThat's how you break in from the bootloader00:56
CrazyGirI'd have to figure out making grub available via the serial console00:57
CrazyGirwhich I haven't done, and would probably be helpful00:58
CrazyGirmore hurdles though00:58
CrazyGir><00:58
CrazyGirI tried the method I described but it did not seem to work00:58
twbIt's documented in /etc/default/grub ffs00:58
CrazyGirw00t01:00
CrazyGiryea, this chroot method does not seem to work through qemu-nbd01:01
twbYeah, people who emulate VGA tty instead of ttyS0 are dumb01:01
CrazyGirhah01:01
CrazyGirI hated having to go to a console in an app transfering video data over the network via a broken and bloated protocol, simply to get the ip of a BSD VM01:02
CrazyGir><01:03
CrazyGirI don't understand why all vm technologies seem to be unable to provide the IP of a virtual nic, but that is something else entirely01:03
CrazyGirtwb: are you referring to the GRUB_TERMINAL parameter in /etc/default/grub?01:05
twbCrazyGir: I don't remember; I don't use grub01:05
twbIn extlinux it's just "CONSOLE 1"01:06
CrazyGirah: GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"01:07
CrazyGirfor reference, from: https://help.ubuntu.com/community/SerialConsoleHowto01:07
CrazyGirwhat do you use twb?01:07
twbextlinux.01:09
patdk-lapsounds like the issue is the command isn't runnable on the host system01:09
patdk-lapwhy not just edit the shadow file directly?01:09
CrazyGirtwb: interesting01:10
CrazyGirpatdk-lap: I am not (yet) familiar enough with how passwords are handled in ubuntu01:10
CrazyGirI would feel comfortable with that on openbsd :)01:10
CrazyGircan you run update-grub manually in some way?01:11
CrazyGirI guess I should go the passwd file route01:11
CrazyGirpatdk-lap: how is that done?01:12
patdk-lapnot possible on openbsd as they are stored in a db :)01:12
patdk-laponce you mount the fs01:13
patdk-lapjust edit /etc/shadow01:13
patdk-lapremove the second item between the :'s01:13
mauriciohey - anyone think they can help me out? im trying to generate screenshots using php, xvfb, and firefox.  I can run it just fine through the terminal but I can't get shell_exec("DISPLAY=:1 firefox &") php to work - i did shell_exec("whoami") and its the same user. makes no sense to me as to why this would happen01:13
patdk-lapso it would be, username:password:.....:...:...:...01:13
patdk-lapjust copy the string from another shadow file01:14
CrazyGir/etc/shadow is blank O.o01:14
patdk-lapwell, that is no good01:14
patdk-lapis passwd blank?01:14
CrazyGirmaybe? good question01:14
* CrazyGir tests01:15
CrazyGirno01:15
CrazyGirI have a feeling the admin who built the VM emptied it and uses ssh keys for login01:16
patdk-lapis there a /etc/shadow- file?01:16
CrazyGir..or something weird01:16
josePhoenixAnyone know why crontab might hang? Not the scheduler, but the command for editing / viewing?01:16
patdk-lapjosePhoenix, it's having issues launching your editor?01:16
josePhoenixno, crontab -e seems to work01:16
josePhoenixmaybe I'm misremembering what it does :x01:17
josePhoenixah01:17
josePhoenixcrontab -l is what I was looking for.. but I'm still no closer to figuring out why this script hangs01:17
CrazyGirthere is, and ls reports 856 bytes, but the file appears empty in vim01:17
CrazyGirah, I see01:18
CrazyGir><01:18
josePhoenixI guess I'll just make a temporary file. Installing from stdin seems to be causing problems01:18
mauricioanyone know what differences i can have between shell_exec in php and the terminal?01:29
mauricioim using the same user01:29
mauricio:(01:29
mauricioi can open up xclock just fine with shell_exec01:29
mauriciobut i cant open firefox01:29
mauriciomaybe i can figure it out but how can i run a command so that ./ is a certain dir01:39
mauricio./ is pointing to /home/dummy/public_html when it should be pointing towards /home/dummy/01:39
mauricioim sure someone knows how to do that01:39
mauriciohmm nevermind01:41
mauriciowas thinking ~01:41
quizmehi, i got an error on a package when trying to upgrade.  I don't need the package, so is there any way to just remove the package and skip it?02:07
quizmeE: Sub-process /usr/bin/dpkg returned an error code (1)02:07
hansinAnyone know of a good way of managing services with the CLI? In particular the issue is that some services are still running as SysV and other Upstart services. You can no longer use just sysv-rc-conf. And I don't know if Upstart has a CLI tool where you can set what services start at boot. Any thoughts?02:40
hansinOr is this just an understood difficulty with a 'headless' server until there is consistency in terms of boot scripts?02:43
josePhoenixThat's something I've never found a satisfactory answer to02:45
josePhoenixI've seen people recommending editing the upstart scripts to prevent start-on-boot02:45
hansinjosePhoenix: Thanks. Sounds like I wasn't missing something then. I take a look at what you said though.02:51
josePhoenixhansin: yeah, if you find a convenient way to manage upstart services, I'd like to know xD02:51
hansinjosePhoenix: Sounds like a deal! Though don't have the coding skills to make my own.02:52
hansinBut if I find something...02:52
josePhoenixHmm03:17
josePhoenixWhat does the setgid bit on a file do?03:17
josePhoenixah03:18
josePhoenixhm. I want to use setgid folders...03:18
josePhoenixbut not setgid files03:18
josePhoenixseems like chmod should have a shortcut for setting permission bits that mean different things for files and folders03:19
josePhoenixI want folders to be +x +S, but I don't want all the files in them to be executable...03:19
qman__use +X03:20
josePhoenixahhh ta03:21
josePhoenixThat's just a chmod feature, right? Not an extra bit?03:21
josePhoenixActually, that doesn't do quite what I want. Is there something for setting +s on directories, but not their contents?03:23
lickalottjosePhoenix what was the original question?03:33
lickalotthas anyone offered up SUID or SGID?03:37
josePhoenixlickalott: I think I just need to be a bit more selective03:38
josePhoenixI was trying to setgid on a directory and its child dirs03:38
josePhoenixbut chmod -R g+s ./foo/* sets +s on files as well, which I don't want03:39
lickalotttake out the -R03:39
josePhoenixyeah, I figured03:39
lickalott-R will do the folder AND all the contents03:39
lickalottbut that's still not what you want?03:40
josePhoenixWell I wanted subfolders, but not files within those subfolders03:40
lickalottahhhhh03:40
qman__probably have to do a find03:40
josePhoenix./foo/bar/baz/ but not ./foo/bar/baz/quux.txt03:40
qman__find directories and exec chmod +s03:40
lickalottyeah... maybe a find + xargs03:40
josePhoenixWell, it's part of a provisioning script, so I know exactly which dirs I'm creating03:41
josePhoenixso I'm just adding the chmod there03:41
lickalottmaybe do foo manually, then cd into is, ls -d | xargs chmod +s {}03:42
lickalotti'd have to play, but that should work03:42
lickalott*it03:44
lickalott-D not -d jose03:47
josePhoenixokay thanks :]03:47
lickalottdid that work?03:48
lickalottlogging into my rig now03:48
lickalottalso take the brackets out03:49
lickalottworked for me03:51
qman__might have issues with spaces in filenames03:51
qman__make sure you try it03:51
lickalottspaces in file names?03:52
lickalottthought he didn't want files to be chmod'd03:57
qman__well, directory names04:27
lickalottcan't happen unless this is a samba share right?  if one were to mkdir Some Docs, you'd end up with 2 folders04:29
qman__not if you mkdir "Some Docs"04:30
qman__in linux, everything is valid04:30
qman__just needs to be properly escaped04:31
lickalotttouche'04:31
qman__also, mkdir Some\ Docs04:32
lickalottguess i just wouldn't expect that from a *nix person04:32
qman__ordinarily no04:32
qman__but it is possible, so you want to have that test case especially before you integrate it into a script04:33
qman__one thing I run into a lot04:34
qman__ripping music off CDs04:34
qman__with question marks in the names04:34
qman__and then windows doesn't know what to do with it on the share04:34
DarkwingDuckHave an interesting/strange issue with Oneiric server.04:36
reya276Is there a setup for Ubuntu 11.04 desktop/Server that is similar to Active Directory? I know Sambad is similar but does it have a GUI?04:36
reya276Is 11.04 server an LTS?04:37
DarkwingDuckIt wont get past GRUB, black screen then my moniter goes to sleep. However, if I boot into recovery then resume normal boot then it works.04:37
DarkwingDuckreya276: No.04:37
DarkwingDuck10.04 is LTS04:37
qman__reya276, basically no to all of the above04:39
lickalotti'm with you qman__.  Never thought about music...04:39
qman__samba can do a hybrid of NT domains and 2003 security04:39
qman__and openLDAP can do a user directory04:39
qman__but that's about it04:39
qman__samba 4, if/when it ever gets stable, is going to be full AD compatible04:39
reya276ok well that is good enough. I'm not looking to use Ubuntu with windows servers. I'm actually trying to setup Ubuntu server/desktops on its own as a server/network04:41
qman__then what you're after is openLDAP04:41
qman__and possibly kerberos04:41
reya276cool, thanks. I can get that from the repos right?04:41
qman__yes, but it's pretty complicated to get going04:41
qman__make sure you find a good guide on it, not sure if the server guide is up to par on that yet04:41
reya276nah, nothing is ever complicated as long as their is something to read then its all good04:42
reya276thanks.04:42
Davieyjamespage: Hey!  Do you fancy reviewing/sponsoring bug 809753?07:42
uvirtbotLaunchpad bug 809753 in logwatch "logwatch bug in postfix filter" [Medium,Triaged] https://launchpad.net/bugs/80975307:42
jamespageDaviey: np - leave it with me07:43
Davieyrocking!07:44
=== smb` is now known as smb
Davieyjamespage: what happend with octopussy?08:26
jamespageDaviey: still in the NEW queue waiting for review08:26
Davieyurgh08:28
Davieythanks08:29
uvirtbotNew bug: #829250 in openvswitch (universe) "datapath dkms module does't built automaticly" [Undecided,New] https://launchpad.net/bugs/82925008:41
DavieyAnyone looking for a bitesize bug to tackle?09:05
ubunteono.09:06
Daviey(silence is suitable as a negative answer.)09:06
ubunteoI am waiting for LAMP server expert09:06
lynxmanDaviey: bitesize bug?09:18
lynxmanubunteo: what would you consider a LAMP expert? I might be one09:18
Davieylynxman: want to do some funky stuff?09:19
lynxmanDaviey: depends on your definition of funky :) you know I'm always eager to please you09:19
Davieyeeeek.09:19
Davieylynxman: Nice simple one to get the blood going, bug #82927109:19
uvirtbotLaunchpad bug 829271 in ajaxterm "Recommends psyco which is currently incompatible with python > 2.6" [Undecided,New] https://launchpad.net/bugs/82927109:19
ubunteodear all, which is the official ubuntu uploading site for 1GB storage ? I know ubuntu one already. Something that don't need registration. and something better than http://imagebin.org/?page=add09:21
lynxmanDaviey: ah yeah, looks good :)09:22
lynxmanubunteo: I think Ubuntu One covers exactly what you need, shame that you don't want to register09:22
Davieyubunteo: Ubuntu members get 1GB of storage at https://wiki.ubuntu.com/PeopleUbuntuCom, but that is really storage to help the ubuntu project.09:27
DavieyOther than that, there is no other official uploading site other than ubuntu 109:27
sorenubunteo: I kind of doubt you'll find places that'll let you dump gigbytes of data on their servers without at least registering.09:33
ubunteosoren: I knew. but they are with spam or spywares and pono ads around09:33
Davieylynxman: Another one with your name on it, bug #82261309:39
uvirtbotLaunchpad bug 822613 in etckeeper "etckeeper should depend on hostname" [Medium,Triaged] https://launchpad.net/bugs/82261309:39
Davieylynxman: then, bug 820936 wants your opinion. :)09:41
lynxmanDaviey: thanks, will hammer both in 10 mins, finishing toast :D09:41
uvirtbotLaunchpad bug 820936 in apache2 "Virtual server setup breaks Rewrite Rules" [Low,Confirmed] https://launchpad.net/bugs/82093609:41
lynxmanholy crap, 109 upgrades in the last 3 days09:57
DavieyRoAkSoAx: powernap is currently set for demotion to universe, do we have anything which is planning to use it?09:57
ubunteolynxman: hi LAMP expert10:00
ubunteolynxman: I am LAMP and linux newbie. I want to get suggestion from you for my php application10:01
lynxmanubunteo: sure, what do you want to do10:02
ikoniaubunteo: what are you looking for10:02
ubunteoikonia: I dont know how to install and run http://www.phpwares.com/content/php-inventory on ubuntu LAMP server10:02
ubunteoikonia: if anybody knows better inventory application for IT stocks , please suggest me10:03
ubunteoikonia: I mean IT stocks like printer cartridges, CDs, DVDs, mobile phones in and out10:03
ikoniaubunteo: reading the zip file, you just dump the php in your web root, run the sql script to create the database, and put the database details in the sites.xml file10:03
ikoniaubunteo: there are more detailed instructions in the readme.html file in the zip file too10:04
ubunteoikonia: thanks for suggestion. I would also like to know where the web root in ubuntu is.10:04
ikoniaubunteo: have you read the https://help.ubuntu.com server section on how to manage the webserver ?10:04
ubunteoikonia: do I also need to install phpmyadmin ?10:04
ikoniaubunteo: if not, that's worth a read10:04
ikoniaubunteo: no, you don't need phpmyadmin to run this10:05
ubunteoikonia: I had , the worst thing is I have no internet on that LAMPserver10:05
ikoniaubunteo: then don't read it from the lamp server, read it from your desktop10:05
ubunteoikonia:  how can I ?10:06
ikoniaubunteo: open that URL in a machine with internet access10:06
ubunteoikonia: Dear ikon, I can read my web server and said it works !!! but i dont know how to continue10:09
ikoniaubunteo: yes, I've told you how to install the application, told you where the detailed install instructions are, and suggested a URL on how to run your web server10:09
ubunteoikonia: I know bro. the application is alittle big tricky10:14
ikoniaubunteo: it's really straightforward10:16
ikoniaubunteo: you put the php files in the document root, you run the sql database creation script, you put the database details in the xml file10:17
ubunteoikonia: where is the web root folder  in ubuntu server ?10:17
ikoniaubunteo: that's when I said you should take a look at the server section in https://help.ubuntu.com to have a basic idea of how to run the web server10:18
ikoniaubunteo: you'll need to understand how it works with the site model ubuntu uses, and that document is actually quite good10:18
Davieylynxman: How are those two bugs looking?10:28
* Daviey reaches for his whip.10:28
lynxmanDaviey: branched and fixing10:29
lynxmanDaviey: merge requests okay? :)10:31
Davieylynxman: super!10:32
w00hm, i'm trying to symlink some files and access them through pure-ftpd, activated virtualchroot and perms look ok but the ftp client gives 'not a directory' errors, anyone knows what could be the issue? (same type of setup works on another distro)10:36
lynxmanDaviey: one done, 2 to go10:53
=== nandemonai_ is now known as nandemonai
* w00 bangs his head against the wall11:17
Davieylynxman: Great! you fixed etckeeper.11:27
lynxmanDaviey: \o/11:28
maxagazhi11:41
maxagazhow to add manually this route :11:41
maxagaz192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth311:41
maxagaz?11:41
_rubensudo ip route add 192.l68.0/24 dev eth311:42
_rubensudo ip route add 192.l68.0.0/24 dev eth3 (packetloss :P)11:43
maxagazthanks!11:45
maxagaz_ruben,11:45
maxagazand how do I delete it ?11:45
_rubenreplace add with delete11:45
_ruben;)11:45
maxagazthanks :-)11:46
soren_ruben: What sort of keymap do you use?12:00
soren_ruben: It's been many years since I've seen anyone type 'l' instead of '1' (old-school type writer style).12:01
_rubensoren: ehh? not sure what you're getting at12:03
w00heh12:03
soren_ruben: 11:42 < _ruben> sudo ip route add 192.l68.0/24 dev eth312:04
soren                                             ^12:04
soren"l68" rather than "168"12:05
soren_ruben: ell vs one, if can't tell the difference with your font.12:06
_rubenheh, where the **** did that come from :p12:06
sorenThat's what I'd like to know. :)12:07
* _ruben decides it's a bug in his keyboard12:07
soren_ruben: It's the sort of typo I'd expect from someone who learned to type on one of these things: http://en.wikipedia.org/wiki/File:TypewriterHermes.jpg12:07
w00lol12:08
soren(They had no key for 1 (one). The l (ell) key doubled as the key for 1 (one))12:08
_rubenlovely!12:08
sorenAnd o doubled as the key for 0.12:08
_rubenoptimization ftw12:08
_rubenbut no, can't say i ever typed on one of these12:09
_rubenwth .. i nearly typoed 'typed' as 'typoed' (and just did again)12:09
soren_ruben: uncanny12:12
uvirtbotNew bug: #829374 in postfix (main) "package postfix 2.8.2-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/82937412:36
RoAkSoAxDaviey: Not that i know of but why would u want to demote it now?13:12
RoAkSoAxkirkland ^^13:12
DavieyRoAkSoAx: It's currently no longer seeded or a depends of a package in Main13:14
DavieySo it's queued for demotion, unless we act.13:14
DavieyRoAkSoAx: I think it's ok to seed it directly TBH.13:14
DavieyNext cycle, i imagine you might depend on it a bit more.13:14
RoAkSoAxDaviey yeah orchestra depends on it but still in universe13:18
RoAkSoAxDaviey isnt it in the server seed that would keep it in main?13:19
DavieyRoAkSoAx: ah, good point13:19
DavieyRoAkSoAx: no, it was in main via euca.13:19
RoAkSoAxDaviey so i guess it should be on the server seed right?13:20
DavieyRoAkSoAx: yes13:21
DavieyRoAkSoAx: We don't have a server-supported seed by design.13:21
RoAkSoAxDaviey right so whats the solution then13:22
DavieyRoAkSoAx: It's small enough to throw it on the ISO this cycle i think13:23
RoAkSoAxcool13:29
jasonmsphey all. I noticed today a persistent established connection on localhost.localdomain today between mysql and a 40000 port.  I haven't noticed this before.  Is there a way to figure out what is running that?13:44
joschijasonmsp: lsof -i :4000013:49
jasonmspthanks!  dovecot is running it.  Could it be someone connected via imap?13:52
_rubendovecot likely has a persistent db connection open13:53
jasonmspive not noticed it before.  Usually it is clean when I am connected ssh and the only thing open is my connections to the server13:53
patdk-wkwell, that would depend on the mysql wait timeout setting13:54
patdk-wkdovecot will open, and keep it open, till mysql closes it13:54
patdk-wkso if your last login was 5min ago, and the wait timeout is 15min13:54
jasonmspso check mysql config?13:55
NCommanderhallyn: ping, you about?13:56
jasonmspthis is only troubling because its been established for over an hour13:57
patdk-wkI think 1hour might be the default13:57
patdk-wkno, default is 8hours if not changed13:59
patdk-wkit's really not an issue and doesn't hurt, unless you limit mysql connections to a very low number13:59
jasonmspok.  it was non-standard for me after running the server for a year I've never seen a connection like that open so long.  Thanks!14:00
uvirtbotNew bug: #829465 in libaio (main) "libaio version 0.3.109-1ubuntu1 failed to build in oneiric" [Undecided,New] https://launchpad.net/bugs/82946514:03
uvirtbotNew bug: #829468 in memcached (main) "memcached version 1.4.5-1ubuntu2 failed to build in oneiric" [Undecided,New] https://launchpad.net/bugs/82946814:03
hallynNCommander: yes, what's up?14:08
NCommanderhallyn: would like to discuss LXC security concerns if you have a moment14:08
NCommander(based on your LP comment)14:08
hallynNCommander: tbh i'm a bit weary of that.  There are no security concerns bc there are no security claims.14:09
* hallyn goes to look for the recent m-l discussion14:09
DavieyNCommander: What bug is that?14:10
NCommanderDaviey: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/82779814:10
uvirtbotLaunchpad bug 827798 in lxc "LXC works without warning regardless if cgroup namespaces are properly available" [Wishlist,Triaged]14:10
NCommanderDaviey: I still need to scratch your brain w.r.t. OpenStack14:11
uvirtbotNew bug: #829507 in ocfs2-tools (main) "ocfs2-tools version 1.6.3-2ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/82950714:11
hallynNCommander: see for instance http://blog.bofh.it/debian/id_413  and http://sourceforge.net/mailarchive/forum.php?thread_name=4E3AC4B4.7090007%40schaufler-ca.com&forum_name=lxc-users14:12
hallynbtw i'm offended by the fact that you can't comment on the firs tlink14:13
DavieyNCommander: We can probably grab 10 mins during the release meeting?14:13
NCommanderDaviey: during?14:14
DavieyNCommander: Yeah, unless the release meeting requires 100% of your attention :)14:14
NCommanderDaviey: sure, I really just need 5 minutes getting up to speed with openstack (and I see that there's now a nice book available on the subject on the internal list)14:15
DavieyNCommander: ok, i'll poke you during the meeting - and we'll talk14:15
* NCommander depserately needs two of himself14:16
uvirtbotNew bug: #829502 in eucalyptus-commons-ext (universe) "eucalyptus-commons-ext version 0.5.0-0ubuntu2 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/82950214:19
hallynNCommander: how did you want to discuss?  did you want to have an real call?14:19
NCommanderhallyn: actually this answersmost ofmyquestions quite well14:20
skulltipi installed 64-bit ubuntu server, dhcp works fine but why can't i get static ip working, or where is an uptodate tutorial for 11.04 that actually works?14:20
hallynNCommander: cool14:20
hallynNCommander: it's too bad there were some... complications last week keeping us from discussing user namespaces and container security14:21
NCommanderhallyn: I might poke you for a few stray points but this is most helpful. Just out of curiosity, do know where usernamespaces plan to land?14:21
NCommanderhallyn: it didn't help I spent most of that trip hacking up a lung14:21
hallynNCommander: what do you mean 'where'?14:21
hallynit's a kernel feature14:21
NCommanderer14:21
NCommanderWHEN14:21
hallynah14:21
* NCommander has not hugged his coffee this morning14:21
hallynno, i don't.  i thought it was years off, but we had a prototype working last week, so once we push that to lkml, we'll see how it's received14:22
hallynNCommander: as this stuffs sinks in, do me a favor,14:22
hallynpls think about where/how to best document this for future users.  bc obviously we're not doing a good job14:22
hallynI don't know if it should go in the ubuntu server guide, manpages, or what14:22
NCommanderSomewhere with <blink> tags :-)14:22
NCommanderI'll get back to you14:23
NCommander(what's the current place your documenting it)14:23
RoyKskulltip: just set the IP in /etc/network/interfaces14:24
RoyKman interfaces14:24
RoyKskulltip: if you have installed ubuntu desktop, it'll bring network-manager into the game, overruling /etc/network/interfaces14:24
skulltipi know, done tried that and rebooted VM had to set back to dhcp14:24
hallynNCommander: blogs and mailing lists...14:24
skulltipno it's ubuntu server 64 bit 11.0414:25
RoyKand static ip doesn't work??14:25
skulltipi did install several things, like tomcat, mysql, lamp server, ..14:25
skulltipin VM it is 10.0.2.15 but IP on main network is 192.168.1.1 - i set gateway to 192.168.. ?14:26
NCommanderhallyn: yeah, those have the problemthat if you don't regularly read planet or are not subscribed to the list in question, they can fly by unnoticed :-(14:27
skulltipit can ping it so must be.. do i set the static address to 192.168.. to 10.0..14:27
hallynNCommander: agreed.  Though it's not like "it was secure and we changed it".  It just hasn't really come to mind bc we've never, ever said lxc was secure or to be used for anything other than compute farms.14:28
hallynin fact, in the past we said it woudl never be secure.  I'm at the point now where I think in maybe 2 years they coudl be as safe as kvm/vmware is.  Not as safe as those are *perceived* to be, but as they are :)14:28
NCommanderhallyn: yeah, I think someone somewhere stated that it was usable and ready for 'enterprise' use at UDS and well, it kinda went from there. At least now I'm beginning to see the full scope of the problem and it hurts14:29
Davieyhallyn: Perhaps i'm missing the issue, but i would have expected security to have been the first feature of LXC, not a bolt on to drive towards.14:30
Daviey*boggles*14:30
hallynNCommander: it *is* ready for enterprise, for certain uses :)14:30
hallynDaviey: platitudes like that sound nice but dont' jive with how you can get features into the kernel14:31
hallyni'm sorry that sounds mean, but we had to start with the simpler namespaces14:31
skulltipi set address to 10.0.2.16,  netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1   restarting network and I get failed to bring up eth014:31
hallynwe're not writing an editor.  we're affecting performance and changing every aspect of resource finding and access14:32
Davieyhallyn: I'll keep my jive to myself then :)14:32
jdstrandhallyn: I'm assuming that all of this is acknowledged by arkose (stgraber) and any other teams that perceive LXC as the new security hotness? (not trying to insinuate stgraber is not up on all this)14:33
hallynDaviey: also, the original point of the work was not lxc itself, but namespace isolation for checkpoint/restart14:33
hallynjdstrand: yes.  (stgraber will  yell if not :)14:33
hallynpart of the problem is that the real tools are the naemspaces and cgroups,14:33
hallynwhile lxc is just a tool trying to exploit those for easy use14:34
hallynthe security features which lxc would need to provide root-safe containers haven't made it into the kernel, so there is nothing for lxc to offer.14:34
* hallyn fears Daviey wont' talk to him any more14:37
hallynlet alone push the spice ffe :)14:37
hallynNCommander: if you get a few moments to send me an email where you explain the use you were going to have for lxc on arm, please do.14:42
=== med_out is now known as medberry
hallynDaviey: is there any reason not to plop the proposed qemu and libvirt merges for oneiric into ubuntu-virt ppa for testing?14:44
Davieyhallyn: go for it!14:46
Davieycreate a new PPA tho14:47
NCommanderhallyn: you'd cry if you knew :-)14:49
NCommanderhallyn: but will do (currently doing 1001 things right now)14:49
hallynDaviey: new ppa?  ok14:51
hallynNCommander: yup no hurry.  Maybe we need a bug against the main lxc man page to have a WARNING at top about containers not being secure14:52
hallyni'd say we coudl ask jdstrand for help writing an apparmor profile to contain it, but then it'll likely just spuriously prevent package upgrades in containers :(14:52
hallynDaviey: doesn't look like i can create a new ppa14:53
Davieyhallyn: argh14:53
Davieyhallyn: is there a junky one?14:53
hallynso nm, i'll use my own then.14:54
hallyn'daily upstream build' :)14:54
hallynnothing since jan 201014:54
UrsinhaAm I online?15:01
UrsinhaOh, I seem to be15:02
hallynUrsinha_: Ursinha: you both are :)15:06
skulltipdo i need to delete the loopback line for a static ip15:06
skulltipiface lo inet loopback..15:06
Ursinha_hallyn: :) redundancy ftw :P15:06
giovaniskulltip: no -- that configures the lo/loopback interface -- you want to leave that alone, always15:07
giovaniyou only want to edit lines that are configuring interfaces you're changing (such as eth0, or whichever you're using)15:07
skulltipok even updated nameserver with static IP and /networking restart..  message about it being deprecated and I can't ping the gateway15:12
skulltipdo i need to add a default gateway route15:13
Demosthenesso, pop quiz. i have a natty box, it ought to be running lucid (lts server). how hard is that to change on an already installed box. can i just change the source, update, and safe-upgrade?15:17
=== zz_ng_ is now known as ng_
lynxmanUrsinha_: no you're not online, get back to work ;)15:22
lynxmandamn... the sun, it is hot... and unknown15:25
lynxmanDaviey: ping15:26
lynxmanDemosthenes: afaik downgrading a box can have hilarious results, your mileage may vary though15:27
=== otubo is now known as otubo[AFK]
Demostheneslynxman: very few real packages installed.15:27
Demosthenesno X, no desktop apps, etc.15:28
lynxmanDemosthenes: still, have in mind that only the upgrade path is tested, and you can find packages that are not downgradable or hard to15:28
lynxmanDemosthenes: if you need to do that I'd recommend install another machine with lucid or just keep that one working with natty15:28
Demosthenesrighto!15:29
Demosthenesotoh, maybe we wait until the next LTS release and upgrade to it ;]15:29
lynxmanDemosthenes: that would also be wise indeed15:30
lynxmanDemosthenes: the new LTS will rock, just sayin'15:32
* lynxman can't contain his excitement about Ubuntu-P15:33
Davieylynxman: hola15:33
lynxmanDaviey: ello good sir15:33
Davieylynxman: on the phone.15:33
lynxmanDaviey: just PMed you a doc, if you can give it a nice +5 and proofread it I'd be full of grate :)15:33
=== Ursinha` is now known as Ursula
=== Ursinha is now known as Guest16076
=== Ursula is now known as Ursinha
Davieyhallyn: can you update https://blueprints.launchpad.net/ubuntu/+spec/server-o-lxc-improvements please?16:05
hallynDaviey: yeah, will do.  was thinking about that last night while trying to sleep :)16:06
hallynthanks for the reminder16:06
Davieyheh16:06
uvirtbotNew bug: #829599 in libapache2-mod-perl2 (main) "libapache2-mod-perl2 version 2.0.5-2ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/82959916:07
hallynstgraber: http://people.canonical.com/~serge/cgroup-lite.debdiff   debdiff introducing cgroup-lite into libcgroup source package16:18
stgraberhallyn: looks good. Can you file a FFe bug explaining the reason why this was introduced and pointing to some of the bug reports that'll be fixed by using it instead of cgroup-bin?16:19
hallynyup, will do16:20
stgraberattach the debdiff to that bug and I'll then comment that it looks good, I'm using it and see no regression with the new code and that it actually solves a critical bug for me16:20
hallyngreat, thx16:21
hallynDaviey: were you going to push that ipxe from the lp merge proposal?16:26
Davieyhallyn: yep.. it's here16:27
hallynstgraber: do i file that bug against lxc, or against ubuntu?16:27
hallynDaviey: oh?  rmadison must be lying to me...16:27
Davieyhallyn: assume you haven't touched it since yesterday?16:27
hallynno i haven't.  but ramdison doesn't show me a -ubuntu1 version16:27
Davieyhallyn: no, it's not pushed yet.. but i *am* doing it16:27
hallynDaviey: ah, ok.  great - thanks16:27
stgraberhallyn: it's a patch against libcgroup, so file the FFe against libcgroup16:28
hallynstgraber: sorry i meant libcgroup not lxc :)  ok, thanks16:28
stgraberok :)16:29
hallynstgraber: bug 82962816:44
uvirtbotLaunchpad bug 829628 in libcgroup "[FFE] Add cgroup-lite package" [Undecided,New] https://launchpad.net/bugs/82962816:44
uvirtbotNew bug: #829625 in ntp (main) "package ntpdate 1:4.2.6.p2 dfsg-1ubuntu5.1 failed to install/upgrade: error writing to '<standard output>': No such file or directory" [Undecided,New] https://launchpad.net/bugs/82962516:46
stgraberhallyn: ok, commented and subscribed ubuntu-release for approval16:50
uvirtbotNew bug: #829628 in libcgroup (universe) "[FFE] Add cgroup-lite package" [Undecided,New] https://launchpad.net/bugs/82962816:51
hallynstgraber: great thanks - let's hope for the best16:58
=== medberry is now known as med_out
kirklandRoAkSoAx: howdy!  I just uploaded a new powernap that fixes most of the powernap-on-the-desktop issues17:04
kirklandRoAkSoAx: you know, the ones jcastro was complaining about last week :-)17:04
kirklandjcastro: would you mind giving powernap another try on your desktop?17:05
* jcastro whistles17:05
kirklandjcastro: 2.1317:05
kirklandjcastro: it should be much better17:05
jcastrosure17:05
kirklandjcastro: i've been running it here at the conference all week with success17:05
jcastroI'll do it on the laptop.17:05
kirklandjcastro: just uploaded minutes ago, so give it an hour or two to build/publish17:05
kirklandjcastro: sweet, thanks17:05
kirklandRoAkSoAx: give it a little testing, if you can17:05
jcastroshould I configure it or just run it "stock"?17:05
=== shymega is now known as Guest77991
RoAkSoAxkirkland: cool will do!!17:23
RoAkSoAxkirkland: how was the presentation though?17:23
noecc"java2-runtime" is a virtual package provided by: openjdk-6-jre gcj-4.4-jre gcj-jre default-jre17:23
noeccIs there a preference of one over the others?17:23
=== shymega is now known as Guest88727
=== otubo[AFK] is now known as otubo
RoAkSoAxkirkland: btw.. when you have the chance to talk a lil bit about rsyslog for orchestra let me know17:43
ahasenacksmoser: hi, is there a ppa for cloud-utils? I'm on lucid17:45
ahasenackI have 0.11-0ubuntu117:45
=== ng_ is now known as zz_ng_
kirklandRoAkSoAx: excellent!17:59
kirklandRoAkSoAx: can irc now, if you like17:59
kirklandRoAkSoAx: also, i saw you disabled the initial iso import ... why?  are you going to re-enable it?18:00
RoAkSoAxkirkland: yes I will re-enable it on release18:00
RoAkSoAxkirkland: right now it makes my testing difficult :) (i just disabled it for testing)18:00
RoAkSoAxkirkland: but anyways, logging-server is done, the only thing left is make sure the client installs the stuff through the preseed and obtains the keys18:01
RoAkSoAxkirkland: the "difficulty" here is that, in case we manually installed ubuntu-orchestra-client on a server, it will configure the client syslog but it won't be able to obtain the keys18:01
RoAkSoAxkirkland: unlike if we preseed it18:01
RoAkSoAxkirkland: so I was thinking on getting the postinst to check if orchestra server is accessible and obtain the keys if it is18:02
RoAkSoAxkirkland: however, this would require to have the keys available over web which is probably not desirable as discussed in austin18:02
RoAkSoAxkirkland: so before preseeding it, i simple though it would be better to have a way to do both things18:03
RoAkSoAxwhat do you think?18:03
RoAkSoAxpin/win 418:04
RoAkSoAxarh18:04
kirklandRoAkSoAx: make it configurable then, dude18:04
kirklandRoAkSoAx: actually, it's already configurable18:04
kirklandRoAkSoAx: sweet, is logging working through ssl?18:05
RoAkSoAxkirkland: yes logging is working through ssl :D18:05
RoAkSoAxkirkland: the only difference is that if we preseed, the client will automatically obtain the keys and start logging with the server18:06
RoAkSoAxif we install ubuntu-orchestra-client on anhy other server thjat orchestra didn't preseed, we would manually need to obtain the key18:06
RoAkSoAxkirkland: so the real issue is not to make the key publicly available through HTTP18:07
RoAkSoAxkirkland: unless we could use the SSH keys to ssh ing and grab the key18:08
RoAkSoAxbut yet again, if we dont preseed with orchestra, then no ssh keys will be available18:08
* RoAkSoAx wonders if he is explaining himself correctly :)18:09
cloakableNo. Commit seppuku.18:10
=== pleia2_ is now known as pleia2
=== AntORG_ is now known as AntORG
RoAkSoAxjdstrand: howdy18:40
jdstrandRoAkSoAx: hi18:40
RoAkSoAxjdstrand: does this satisfy the rejection reason for kitchen(python-kitchen)? http://paste.ubuntu.com/670291/18:41
jdstrandRoAkSoAx: looks good to me18:42
RoAkSoAxjdstrand: alrighty then. Will re-upload. Thanks18:42
jdstrandthank you :)18:42
RoAkSoAxjdstrand: thank you for pointing it out :)18:43
=== zz_ng_ is now known as ng_
=== ng_ is now known as zz_ng_
lynxmankirkland: ping, whenever you're around19:36
=== med_out is now known as medberry
RoAkSoAxkirkland: so this is what I'll do: Cobbler let's you import python modules in kickstarts. So, I will create a python-orchestra module with "utilities"19:54
RoAkSoAxkirkland: this will have the script that generates the encoding of the keys and will generate a command that will install these keys into the deployed machine19:55
RoAkSoAxkirkland: so we will import  a snippet in the kickstart, this snippet will call the cobbler python module and will return a command in the way of "d-i balblabla" that will actually install the keys19:56
diimdeephello, please advice good vps20:07
diimdeepfor personal use20:07
diimdeep*vps hosting20:09
diimdeeplinode, slicehost .. ?20:09
=== mosburn_ is now known as mosburn
=== Ursinha` is now known as Ursinha
=== Ursinha is now known as Guest59628
NvrnightAnyone running Ubuntu Server 11.04 have any problems running apt-get install from a shell script?20:25
Nvrnight"apt-get install apache2" says it can't find the package from the shell script, but if I run it directly in the terminal, it finds it just find20:26
sorenNvrnight: Can you pastebin the exact error message?20:35
NvrnightIt's a one liner, "E: Unable to locate package apache2"20:40
sorenCan you create another shell script that does the same thing?20:41
Nvrnightlemme try20:43
Nvrnightoh, a new script works20:44
NvrnightI downloaded my script off a server, something must;ve happened?20:44
sorenGuess so.20:48
diimdeepwhy you ignore my question ?20:49
Nvrnightsoren, alright on a new investigation to see what I need to do to the file, lol, thanks for the help20:49
sorendiimdeep: I prefer questions I can answer.20:50
w00Wrong channel for it also i'd say?!20:51
diimdeepw00: there is no channel for that, except google.com20:53
=== medberry is now known as med_out
diimdeepand http://serverfault.com/questions/tagged/vps?sort=votes&pagesize=15 but similar questions a bit outdated20:55
Myrttithat would be because it's all up to your preference, location and needs20:55
Nvrnightsoren, windows put \r's into my file, dos2unix fixed up my script and it works fine after that, thanks for the help in finding that20:56
kirklandlynxman: ping20:58
kirklandRoAkSoAx: okay20:59
lynxmankirkland: pong21:00
kirklandlynxman: sorry, i was ponging you :-)21:00
DSpairHey all, need some help in recovering a broken LVM mirror.21:04
DSpairWhen I initially created the mirror, I guess I wasn't paying attention. I created the 2 legs on 2 separate drives and the mirror log on a 3rd drive. The drive with the mirror log failed and now it will not let me recover the mirrored volume.21:05
DSpairFrom what I am reading on the LVM mailing list archives, this may not be recoverable, but I'm hoping someone here might have a suggestion21:06
DSpairWhew!!!21:20
DSpairYay!!!21:20
TomasBrincilwhow!!!21:20
DSpairLooks like it is recoverable.21:21
TomasBrincil^^21:21
uvirtbot`TomasBrincil: Error: "^" is not a valid command.21:21
DSpairThank freaking goodness!21:21
bernhard2Is there a web based administrator for exim4 or dovecot ??22:02
Davieyajaxterm? :)22:10
Davieyhallyn: around?22:37
bernhard2question.. im setting up exim4 with dovecot (it works 80%).. i want to setup mail for several domains.. This is done within Exim4 ??22:39
patdk-lapyes, and maybe dovecot too22:40
patdk-lapdepending on exactly how you want it setup22:40
qman__I've never done exim, but I've done it on postfix22:51
qman__and in that case, the multiple domains bit was mostly on postfix22:51
qman__so I assume it's also on exim22:51
patdk-lapall depends if you want those domains to be different email boxes or not22:52
Davieypostfix is the Ubuntu favoured MTA over exim422:52
=== Andre_Go` is now known as Andre_Gondim
bernhard2<patdk-lap><qman__> <Daviey> Well have about 5 domains.. websites are on the same server too.. what do you mean with different email boxes ?22:58
qman__there's really two ways to do things22:59
qman__one is with the server simply accepting mail from all your domains22:59
qman__but in that case, user1@domaina and user1@domainb are the same user, same mailbox22:59
qman__what you probably want are virtual mailboxes22:59
qman__which create separate users and mailboxes for each domain22:59
pr0z0idis there a more robust pptpd server available.... looking for something that does not store passwords in a plain text file23:00
pr0z0id(in plain text)23:01
patdk-lappr0z0id, that would be chap23:01
patdk-lapinstead of pap23:01
patdk-lapbut really why does it matter?23:02
patdk-lapif you store a password hash, your normally forced to send the password over the connection for auth23:02
patdk-lapso both ways the raw password makes it to the server23:02
qman__yeah, pptp isn't the most secure thing to run23:03
qman__not in terms of bugs and holes, just design23:04
patdk-lapswitch to l2tp?23:05
qman__nah, openVPN23:05
pr0z0idi have openvpn already23:05
pr0z0idbut need support for iOS etc.23:06
pr0z0idconsoles ... that sort of thing23:06
patdk-lapfor ios, your going be stuck with ipsec + l2tp23:06
qman__hashed or not, guard that password file with your life23:06
qman__it's just a design limitation23:06
pr0z0idi hate the idea..23:08
pr0z0idthat's why i'm looking for something better.23:08
patdk-lapit's even more evil ios won't let you use certs23:08
bernhard2<qman__> yes would want virtual mailboxes which create separate users and mailboxes for each domain23:20

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!