[00:47] <CrazyGir> hello! if I have a vm running via a qemu disk image, and if this can be mounted with the qemu-nbd command, you should then be able to chroot to that env and run passwd on a user, no?
[00:49] <Kiall> CrazyGir, forgot the root password? ;)
[00:50] <Kiall> anyway .. yeah .. you should be able to chroot it and change the passwords
[00:51] <twb> Or init=/bin/sh
[00:53] <CrazyGir> Kiall: nope, I made a clone of a vm I don't have any passwords to
[00:54] <CrazyGir> twb: how do you mean?
[00:56] <CrazyGir> did I lose the attention? :P
[00:56] <twb> That's how you break in from the bootloader
[00:57] <CrazyGir> I'd have to figure out making grub available via the serial console
[00:58] <CrazyGir> which I haven't done, and would probably be helpful
[00:58] <CrazyGir> more hurdles though
[00:58] <CrazyGir> ><
[00:58] <CrazyGir> I tried the method I described but it did not seem to work
[00:58] <twb> It's documented in /etc/default/grub ffs
[01:00] <CrazyGir> w00t
[01:01] <CrazyGir> yea, this chroot method does not seem to work through qemu-nbd
[01:01] <twb> Yeah, people who emulate VGA tty instead of ttyS0 are dumb
[01:01] <CrazyGir> hah
[01:02] <CrazyGir> I hated having to go to a console in an app transfering video data over the network via a broken and bloated protocol, simply to get the ip of a BSD VM
[01:03] <CrazyGir> ><
[01:03] <CrazyGir> I don't understand why all vm technologies seem to be unable to provide the IP of a virtual nic, but that is something else entirely
[01:05] <CrazyGir> twb: are you referring to the GRUB_TERMINAL parameter in /etc/default/grub?
[01:05] <twb> CrazyGir: I don't remember; I don't use grub
[01:06] <twb> In extlinux it's just "CONSOLE 1"
[01:07] <CrazyGir> ah: GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
[01:07] <CrazyGir> for reference, from: https://help.ubuntu.com/community/SerialConsoleHowto
[01:07] <CrazyGir> what do you use twb?
[01:09] <twb> extlinux.
[01:09] <patdk-lap> sounds like the issue is the command isn't runnable on the host system
[01:09] <patdk-lap> why not just edit the shadow file directly?
[01:10] <CrazyGir> twb: interesting
[01:10] <CrazyGir> patdk-lap: I am not (yet) familiar enough with how passwords are handled in ubuntu
[01:10] <CrazyGir> I would feel comfortable with that on openbsd :)
[01:11] <CrazyGir> can you run update-grub manually in some way?
[01:11] <CrazyGir> I guess I should go the passwd file route
[01:12] <CrazyGir> patdk-lap: how is that done?
[01:12] <patdk-lap> not possible on openbsd as they are stored in a db :)
[01:13] <patdk-lap> once you mount the fs
[01:13] <patdk-lap> just edit /etc/shadow
[01:13] <patdk-lap> remove the second item between the :'s
[01:13] <mauricio> hey - anyone think they can help me out? im trying to generate screenshots using php, xvfb, and firefox.  I can run it just fine through the terminal but I can't get shell_exec("DISPLAY=:1 firefox &") php to work - i did shell_exec("whoami") and its the same user. makes no sense to me as to why this would happen
[01:13] <patdk-lap> so it would be, username:password:.....:...:...:...
[01:14] <patdk-lap> just copy the string from another shadow file
[01:14] <CrazyGir> /etc/shadow is blank O.o
[01:14] <patdk-lap> well, that is no good
[01:14] <patdk-lap> is passwd blank?
[01:14] <CrazyGir> maybe? good question
[01:15]  * CrazyGir tests
[01:15] <CrazyGir> no
[01:16] <CrazyGir> I have a feeling the admin who built the VM emptied it and uses ssh keys for login
[01:16] <patdk-lap> is there a /etc/shadow- file?
[01:16] <CrazyGir> ..or something weird
[01:16] <josePhoenix> Anyone know why crontab might hang? Not the scheduler, but the command for editing / viewing?
[01:16] <patdk-lap> josePhoenix, it's having issues launching your editor?
[01:16] <josePhoenix> no, crontab -e seems to work
[01:17] <josePhoenix> maybe I'm misremembering what it does :x
[01:17] <josePhoenix> ah
[01:17] <josePhoenix> crontab -l is what I was looking for.. but I'm still no closer to figuring out why this script hangs
[01:17] <CrazyGir> there is, and ls reports 856 bytes, but the file appears empty in vim
[01:18] <CrazyGir> ah, I see
[01:18] <CrazyGir> ><
[01:18] <josePhoenix> I guess I'll just make a temporary file. Installing from stdin seems to be causing problems
[01:29] <mauricio> anyone know what differences i can have between shell_exec in php and the terminal?
[01:29] <mauricio> im using the same user
[01:29] <mauricio> :(
[01:29] <mauricio> i can open up xclock just fine with shell_exec
[01:29] <mauricio> but i cant open firefox
[01:39] <mauricio> maybe i can figure it out but how can i run a command so that ./ is a certain dir
[01:39] <mauricio> ./ is pointing to /home/dummy/public_html when it should be pointing towards /home/dummy/
[01:39] <mauricio> im sure someone knows how to do that
[01:41] <mauricio> hmm nevermind
[01:41] <mauricio> was thinking ~
[02:07] <quizme> hi, i got an error on a package when trying to upgrade.  I don't need the package, so is there any way to just remove the package and skip it?
[02:07] <quizme> E: Sub-process /usr/bin/dpkg returned an error code (1)
[02:40] <hansin> Anyone know of a good way of managing services with the CLI? In particular the issue is that some services are still running as SysV and other Upstart services. You can no longer use just sysv-rc-conf. And I don't know if Upstart has a CLI tool where you can set what services start at boot. Any thoughts?
[02:43] <hansin> Or is this just an understood difficulty with a 'headless' server until there is consistency in terms of boot scripts?
[02:45] <josePhoenix> That's something I've never found a satisfactory answer to
[02:45] <josePhoenix> I've seen people recommending editing the upstart scripts to prevent start-on-boot
[02:51] <hansin> josePhoenix: Thanks. Sounds like I wasn't missing something then. I take a look at what you said though.
[02:51] <josePhoenix> hansin: yeah, if you find a convenient way to manage upstart services, I'd like to know xD
[02:52] <hansin> josePhoenix: Sounds like a deal! Though don't have the coding skills to make my own.
[02:52] <hansin> But if I find something...
[03:17] <josePhoenix> Hmm
[03:17] <josePhoenix> What does the setgid bit on a file do?
[03:18] <josePhoenix> ah
[03:18] <josePhoenix> hm. I want to use setgid folders...
[03:18] <josePhoenix> but not setgid files
[03:19] <josePhoenix> seems like chmod should have a shortcut for setting permission bits that mean different things for files and folders
[03:19] <josePhoenix> I want folders to be +x +S, but I don't want all the files in them to be executable...
[03:20] <qman__> use +X
[03:21] <josePhoenix> ahhh ta
[03:21] <josePhoenix> That's just a chmod feature, right? Not an extra bit?
[03:23] <josePhoenix> Actually, that doesn't do quite what I want. Is there something for setting +s on directories, but not their contents?
[03:33] <lickalott> josePhoenix what was the original question?
[03:37] <lickalott> has anyone offered up SUID or SGID?
[03:38] <josePhoenix> lickalott: I think I just need to be a bit more selective
[03:38] <josePhoenix> I was trying to setgid on a directory and its child dirs
[03:39] <josePhoenix> but chmod -R g+s ./foo/* sets +s on files as well, which I don't want
[03:39] <lickalott> take out the -R
[03:39] <josePhoenix> yeah, I figured
[03:39] <lickalott> -R will do the folder AND all the contents
[03:40] <lickalott> but that's still not what you want?
[03:40] <josePhoenix> Well I wanted subfolders, but not files within those subfolders
[03:40] <lickalott> ahhhhh
[03:40] <qman__> probably have to do a find
[03:40] <josePhoenix> ./foo/bar/baz/ but not ./foo/bar/baz/quux.txt
[03:40] <qman__> find directories and exec chmod +s
[03:40] <lickalott> yeah... maybe a find + xargs
[03:41] <josePhoenix> Well, it's part of a provisioning script, so I know exactly which dirs I'm creating
[03:41] <josePhoenix> so I'm just adding the chmod there
[03:42] <lickalott> maybe do foo manually, then cd into is, ls -d | xargs chmod +s {}
[03:42] <lickalott> i'd have to play, but that should work
[03:44] <lickalott> *it
[03:47] <lickalott> -D not -d jose
[03:47] <josePhoenix> okay thanks :]
[03:48] <lickalott> did that work?
[03:48] <lickalott> logging into my rig now
[03:49] <lickalott> also take the brackets out
[03:51] <lickalott> worked for me
[03:51] <qman__> might have issues with spaces in filenames
[03:51] <qman__> make sure you try it
[03:52] <lickalott> spaces in file names?
[03:57] <lickalott> thought he didn't want files to be chmod'd
[04:27] <qman__> well, directory names
[04:29] <lickalott> can't happen unless this is a samba share right?  if one were to mkdir Some Docs, you'd end up with 2 folders
[04:30] <qman__> not if you mkdir "Some Docs"
[04:30] <qman__> in linux, everything is valid
[04:31] <qman__> just needs to be properly escaped
[04:31] <lickalott> touche'
[04:32] <qman__> also, mkdir Some\ Docs
[04:32] <lickalott> guess i just wouldn't expect that from a *nix person
[04:32] <qman__> ordinarily no
[04:33] <qman__> but it is possible, so you want to have that test case especially before you integrate it into a script
[04:34] <qman__> one thing I run into a lot
[04:34] <qman__> ripping music off CDs
[04:34] <qman__> with question marks in the names
[04:34] <qman__> and then windows doesn't know what to do with it on the share
[04:36] <DarkwingDuck> Have an interesting/strange issue with Oneiric server.
[04:36] <reya276> Is there a setup for Ubuntu 11.04 desktop/Server that is similar to Active Directory? I know Sambad is similar but does it have a GUI?
[04:37] <reya276> Is 11.04 server an LTS?
[04:37] <DarkwingDuck> It wont get past GRUB, black screen then my moniter goes to sleep. However, if I boot into recovery then resume normal boot then it works.
[04:37] <DarkwingDuck> reya276: No.
[04:37] <DarkwingDuck> 10.04 is LTS
[04:39] <qman__> reya276, basically no to all of the above
[04:39] <lickalott> i'm with you qman__.  Never thought about music...
[04:39] <qman__> samba can do a hybrid of NT domains and 2003 security
[04:39] <qman__> and openLDAP can do a user directory
[04:39] <qman__> but that's about it
[04:39] <qman__> samba 4, if/when it ever gets stable, is going to be full AD compatible
[04:41] <reya276> ok well that is good enough. I'm not looking to use Ubuntu with windows servers. I'm actually trying to setup Ubuntu server/desktops on its own as a server/network
[04:41] <qman__> then what you're after is openLDAP
[04:41] <qman__> and possibly kerberos
[04:41] <reya276> cool, thanks. I can get that from the repos right?
[04:41] <qman__> yes, but it's pretty complicated to get going
[04:41] <qman__> make sure you find a good guide on it, not sure if the server guide is up to par on that yet
[04:42] <reya276> nah, nothing is ever complicated as long as their is something to read then its all good
[04:42] <reya276> thanks.
[07:42] <Daviey> jamespage: Hey!  Do you fancy reviewing/sponsoring bug 809753?
[07:43] <jamespage> Daviey: np - leave it with me
[07:44] <Daviey> rocking!
[08:26] <Daviey> jamespage: what happend with octopussy?
[08:26] <jamespage> Daviey: still in the NEW queue waiting for review
[08:28] <Daviey> urgh
[08:29] <Daviey> thanks
[09:05] <Daviey> Anyone looking for a bitesize bug to tackle?
[09:06] <ubunteo> no.
[09:06] <Daviey> (silence is suitable as a negative answer.)
[09:06] <ubunteo> I am waiting for LAMP server expert
[09:18] <lynxman> Daviey: bitesize bug?
[09:18] <lynxman> ubunteo: what would you consider a LAMP expert? I might be one
[09:19] <Daviey> lynxman: want to do some funky stuff?
[09:19] <lynxman> Daviey: depends on your definition of funky :) you know I'm always eager to please you
[09:19] <Daviey> eeeek.
[09:19] <Daviey> lynxman: Nice simple one to get the blood going, bug #829271
[09:21] <ubunteo> dear all, which is the official ubuntu uploading site for 1GB storage ? I know ubuntu one already. Something that don't need registration. and something better than http://imagebin.org/?page=add
[09:22] <lynxman> Daviey: ah yeah, looks good :)
[09:22] <lynxman> ubunteo: I think Ubuntu One covers exactly what you need, shame that you don't want to register
[09:27] <Daviey> ubunteo: Ubuntu members get 1GB of storage at https://wiki.ubuntu.com/PeopleUbuntuCom, but that is really storage to help the ubuntu project.
[09:27] <Daviey> Other than that, there is no other official uploading site other than ubuntu 1
[09:33] <soren> ubunteo: I kind of doubt you'll find places that'll let you dump gigbytes of data on their servers without at least registering.
[09:33] <ubunteo> soren: I knew. but they are with spam or spywares and pono ads around
[09:39] <Daviey> lynxman: Another one with your name on it, bug #822613
[09:41] <Daviey> lynxman: then, bug 820936 wants your opinion. :)
[09:41] <lynxman> Daviey: thanks, will hammer both in 10 mins, finishing toast :D
[09:57] <lynxman> holy crap, 109 upgrades in the last 3 days
[09:57] <Daviey> RoAkSoAx: powernap is currently set for demotion to universe, do we have anything which is planning to use it?
[10:00] <ubunteo> lynxman: hi LAMP expert
[10:01] <ubunteo> lynxman: I am LAMP and linux newbie. I want to get suggestion from you for my php application
[10:02] <lynxman> ubunteo: sure, what do you want to do
[10:02] <ikonia> ubunteo: what are you looking for
[10:02] <ubunteo> ikonia: I dont know how to install and run http://www.phpwares.com/content/php-inventory on ubuntu LAMP server
[10:03] <ubunteo> ikonia: if anybody knows better inventory application for IT stocks , please suggest me
[10:03] <ubunteo> ikonia: I mean IT stocks like printer cartridges, CDs, DVDs, mobile phones in and out
[10:03] <ikonia> ubunteo: reading the zip file, you just dump the php in your web root, run the sql script to create the database, and put the database details in the sites.xml file
[10:04] <ikonia> ubunteo: there are more detailed instructions in the readme.html file in the zip file too
[10:04] <ubunteo> ikonia: thanks for suggestion. I would also like to know where the web root in ubuntu is.
[10:04] <ikonia> ubunteo: have you read the https://help.ubuntu.com server section on how to manage the webserver ?
[10:04] <ubunteo> ikonia: do I also need to install phpmyadmin ?
[10:04] <ikonia> ubunteo: if not, that's worth a read
[10:05] <ikonia> ubunteo: no, you don't need phpmyadmin to run this
[10:05] <ubunteo> ikonia: I had , the worst thing is I have no internet on that LAMPserver
[10:05] <ikonia> ubunteo: then don't read it from the lamp server, read it from your desktop
[10:06] <ubunteo> ikonia:  how can I ?
[10:06] <ikonia> ubunteo: open that URL in a machine with internet access
[10:09] <ubunteo> ikonia: Dear ikon, I can read my web server and said it works !!! but i dont know how to continue
[10:09] <ikonia> ubunteo: yes, I've told you how to install the application, told you where the detailed install instructions are, and suggested a URL on how to run your web server
[10:14] <ubunteo> ikonia: I know bro. the application is alittle big tricky
[10:16] <ikonia> ubunteo: it's really straightforward
[10:17] <ikonia> ubunteo: you put the php files in the document root, you run the sql database creation script, you put the database details in the xml file
[10:17] <ubunteo> ikonia: where is the web root folder  in ubuntu server ?
[10:18] <ikonia> ubunteo: that's when I said you should take a look at the server section in https://help.ubuntu.com to have a basic idea of how to run the web server
[10:18] <ikonia> ubunteo: you'll need to understand how it works with the site model ubuntu uses, and that document is actually quite good
[10:28] <Daviey> lynxman: How are those two bugs looking?
[10:28]  * Daviey reaches for his whip.
[10:29] <lynxman> Daviey: branched and fixing
[10:31] <lynxman> Daviey: merge requests okay? :)
[10:32] <Daviey> lynxman: super!
[10:36] <w00> hm, i'm trying to symlink some files and access them through pure-ftpd, activated virtualchroot and perms look ok but the ftp client gives 'not a directory' errors, anyone knows what could be the issue? (same type of setup works on another distro)
[10:53] <lynxman> Daviey: one done, 2 to go
[11:17]  * w00 bangs his head against the wall
[11:27] <Daviey> lynxman: Great! you fixed etckeeper.
[11:28] <lynxman> Daviey: \o/
[11:41] <maxagaz> hi
[11:41] <maxagaz> how to add manually this route :
[11:41] <maxagaz> 192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth3
[11:41] <maxagaz> ?
[11:42] <_ruben> sudo ip route add 192.l68.0/24 dev eth3
[11:43] <_ruben> sudo ip route add 192.l68.0.0/24 dev eth3 (packetloss :P)
[11:45] <maxagaz> thanks!
[11:45] <maxagaz> _ruben,
[11:45] <maxagaz> and how do I delete it ?
[11:45] <_ruben> replace add with delete
[11:45] <_ruben> ;)
[11:46] <maxagaz> thanks :-)
[12:00] <soren> _ruben: What sort of keymap do you use?
[12:01] <soren> _ruben: It's been many years since I've seen anyone type 'l' instead of '1' (old-school type writer style).
[12:03] <_ruben> soren: ehh? not sure what you're getting at
[12:03] <w00> heh
[12:04] <soren> _ruben: 11:42 < _ruben> sudo ip route add 192.l68.0/24 dev eth3
[12:04] <soren>                                              ^
[12:05] <soren> "l68" rather than "168"
[12:06] <soren> _ruben: ell vs one, if can't tell the difference with your font.
[12:06] <_ruben> heh, where the **** did that come from :p
[12:07] <soren> That's what I'd like to know. :)
[12:07]  * _ruben decides it's a bug in his keyboard
[12:07] <soren> _ruben: It's the sort of typo I'd expect from someone who learned to type on one of these things: http://en.wikipedia.org/wiki/File:TypewriterHermes.jpg
[12:08] <w00> lol
[12:08] <soren> (They had no key for 1 (one). The l (ell) key doubled as the key for 1 (one))
[12:08] <_ruben> lovely!
[12:08] <soren> And o doubled as the key for 0.
[12:08] <_ruben> optimization ftw
[12:09] <_ruben> but no, can't say i ever typed on one of these
[12:09] <_ruben> wth .. i nearly typoed 'typed' as 'typoed' (and just did again)
[12:12] <soren> _ruben: uncanny
[13:12] <RoAkSoAx> Daviey: Not that i know of but why would u want to demote it now?
[13:12] <RoAkSoAx> kirkland ^^
[13:14] <Daviey> RoAkSoAx: It's currently no longer seeded or a depends of a package in Main
[13:14] <Daviey> So it's queued for demotion, unless we act.
[13:14] <Daviey> RoAkSoAx: I think it's ok to seed it directly TBH.
[13:14] <Daviey> Next cycle, i imagine you might depend on it a bit more.
[13:18] <RoAkSoAx> Daviey yeah orchestra depends on it but still in universe
[13:19] <RoAkSoAx> Daviey isnt it in the server seed that would keep it in main?
[13:19] <Daviey> RoAkSoAx: ah, good point
[13:19] <Daviey> RoAkSoAx: no, it was in main via euca.
[13:20] <RoAkSoAx> Daviey so i guess it should be on the server seed right?
[13:21] <Daviey> RoAkSoAx: yes
[13:21] <Daviey> RoAkSoAx: We don't have a server-supported seed by design.
[13:22] <RoAkSoAx> Daviey right so whats the solution then
[13:23] <Daviey> RoAkSoAx: It's small enough to throw it on the ISO this cycle i think
[13:29] <RoAkSoAx> cool
[13:44] <jasonmsp> hey all. I noticed today a persistent established connection on localhost.localdomain today between mysql and a 40000 port.  I haven't noticed this before.  Is there a way to figure out what is running that?
[13:49] <joschi> jasonmsp: lsof -i :40000
[13:52] <jasonmsp> thanks!  dovecot is running it.  Could it be someone connected via imap?
[13:53] <_ruben> dovecot likely has a persistent db connection open
[13:53] <jasonmsp> ive not noticed it before.  Usually it is clean when I am connected ssh and the only thing open is my connections to the server
[13:54] <patdk-wk> well, that would depend on the mysql wait timeout setting
[13:54] <patdk-wk> dovecot will open, and keep it open, till mysql closes it
[13:54] <patdk-wk> so if your last login was 5min ago, and the wait timeout is 15min
[13:55] <jasonmsp> so check mysql config?
[13:56] <NCommander> hallyn: ping, you about?
[13:57] <jasonmsp> this is only troubling because its been established for over an hour
[13:57] <patdk-wk> I think 1hour might be the default
[13:59] <patdk-wk> no, default is 8hours if not changed
[13:59] <patdk-wk> it's really not an issue and doesn't hurt, unless you limit mysql connections to a very low number
[14:00] <jasonmsp> ok.  it was non-standard for me after running the server for a year I've never seen a connection like that open so long.  Thanks!
[14:08] <hallyn> NCommander: yes, what's up?
[14:08] <NCommander> hallyn: would like to discuss LXC security concerns if you have a moment
[14:08] <NCommander> (based on your LP comment)
[14:09] <hallyn> NCommander: tbh i'm a bit weary of that.  There are no security concerns bc there are no security claims.
[14:09]  * hallyn goes to look for the recent m-l discussion
[14:10] <Daviey> NCommander: What bug is that?
[14:10] <NCommander> Daviey: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/827798
[14:11] <NCommander> Daviey: I still need to scratch your brain w.r.t. OpenStack
[14:12] <hallyn> NCommander: see for instance http://blog.bofh.it/debian/id_413  and http://sourceforge.net/mailarchive/forum.php?thread_name=4E3AC4B4.7090007%40schaufler-ca.com&forum_name=lxc-users
[14:13] <hallyn> btw i'm offended by the fact that you can't comment on the firs tlink
[14:13] <Daviey> NCommander: We can probably grab 10 mins during the release meeting?
[14:14] <NCommander> Daviey: during?
[14:14] <Daviey> NCommander: Yeah, unless the release meeting requires 100% of your attention :)
[14:15] <NCommander> Daviey: sure, I really just need 5 minutes getting up to speed with openstack (and I see that there's now a nice book available on the subject on the internal list)
[14:15] <Daviey> NCommander: ok, i'll poke you during the meeting - and we'll talk
[14:16]  * NCommander depserately needs two of himself
[14:19] <hallyn> NCommander: how did you want to discuss?  did you want to have an real call?
[14:20] <NCommander> hallyn: actually this answersmost ofmyquestions quite well
[14:20] <skulltip> i installed 64-bit ubuntu server, dhcp works fine but why can't i get static ip working, or where is an uptodate tutorial for 11.04 that actually works?
[14:20] <hallyn> NCommander: cool
[14:21] <hallyn> NCommander: it's too bad there were some... complications last week keeping us from discussing user namespaces and container security
[14:21] <NCommander> hallyn: I might poke you for a few stray points but this is most helpful. Just out of curiosity, do know where usernamespaces plan to land?
[14:21] <NCommander> hallyn: it didn't help I spent most of that trip hacking up a lung
[14:21] <hallyn> NCommander: what do you mean 'where'?
[14:21] <hallyn> it's a kernel feature
[14:21] <NCommander> er
[14:21] <NCommander> WHEN
[14:21] <hallyn> ah
[14:21]  * NCommander has not hugged his coffee this morning
[14:22] <hallyn> no, i don't.  i thought it was years off, but we had a prototype working last week, so once we push that to lkml, we'll see how it's received
[14:22] <hallyn> NCommander: as this stuffs sinks in, do me a favor,
[14:22] <hallyn> pls think about where/how to best document this for future users.  bc obviously we're not doing a good job
[14:22] <hallyn> I don't know if it should go in the ubuntu server guide, manpages, or what
[14:22] <NCommander> Somewhere with <blink> tags :-)
[14:23] <NCommander> I'll get back to you
[14:23] <NCommander> (what's the current place your documenting it)
[14:24] <RoyK> skulltip: just set the IP in /etc/network/interfaces
[14:24] <RoyK> man interfaces
[14:24] <RoyK> skulltip: if you have installed ubuntu desktop, it'll bring network-manager into the game, overruling /etc/network/interfaces
[14:24] <skulltip> i know, done tried that and rebooted VM had to set back to dhcp
[14:24] <hallyn> NCommander: blogs and mailing lists...
[14:25] <skulltip> no it's ubuntu server 64 bit 11.04
[14:25] <RoyK> and static ip doesn't work??
[14:25] <skulltip> i did install several things, like tomcat, mysql, lamp server, ..
[14:26] <skulltip> in VM it is 10.0.2.15 but IP on main network is 192.168.1.1 - i set gateway to 192.168.. ?
[14:27] <NCommander> hallyn: yeah, those have the problemthat if you don't regularly read planet or are not subscribed to the list in question, they can fly by unnoticed :-(
[14:27] <skulltip> it can ping it so must be.. do i set the static address to 192.168.. to 10.0..
[14:28] <hallyn> NCommander: agreed.  Though it's not like "it was secure and we changed it".  It just hasn't really come to mind bc we've never, ever said lxc was secure or to be used for anything other than compute farms.
[14:28] <hallyn> in fact, in the past we said it woudl never be secure.  I'm at the point now where I think in maybe 2 years they coudl be as safe as kvm/vmware is.  Not as safe as those are *perceived* to be, but as they are :)
[14:29] <NCommander> hallyn: yeah, I think someone somewhere stated that it was usable and ready for 'enterprise' use at UDS and well, it kinda went from there. At least now I'm beginning to see the full scope of the problem and it hurts
[14:30] <Daviey> hallyn: Perhaps i'm missing the issue, but i would have expected security to have been the first feature of LXC, not a bolt on to drive towards.
[14:30] <Daviey> *boggles*
[14:30] <hallyn> NCommander: it *is* ready for enterprise, for certain uses :)
[14:31] <hallyn> Daviey: platitudes like that sound nice but dont' jive with how you can get features into the kernel
[14:31] <hallyn> i'm sorry that sounds mean, but we had to start with the simpler namespaces
[14:31] <skulltip> i set address to 10.0.2.16,  netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1   restarting network and I get failed to bring up eth0
[14:32] <hallyn> we're not writing an editor.  we're affecting performance and changing every aspect of resource finding and access
[14:32] <Daviey> hallyn: I'll keep my jive to myself then :)
[14:33] <jdstrand> hallyn: I'm assuming that all of this is acknowledged by arkose (stgraber) and any other teams that perceive LXC as the new security hotness? (not trying to insinuate stgraber is not up on all this)
[14:33] <hallyn> Daviey: also, the original point of the work was not lxc itself, but namespace isolation for checkpoint/restart
[14:33] <hallyn> jdstrand: yes.  (stgraber will  yell if not :)
[14:33] <hallyn> part of the problem is that the real tools are the naemspaces and cgroups,
[14:34] <hallyn> while lxc is just a tool trying to exploit those for easy use
[14:34] <hallyn> the security features which lxc would need to provide root-safe containers haven't made it into the kernel, so there is nothing for lxc to offer.
[14:37]  * hallyn fears Daviey wont' talk to him any more
[14:37] <hallyn> let alone push the spice ffe :)
[14:42] <hallyn> NCommander: if you get a few moments to send me an email where you explain the use you were going to have for lxc on arm, please do.
[14:44] <hallyn> Daviey: is there any reason not to plop the proposed qemu and libvirt merges for oneiric into ubuntu-virt ppa for testing?
[14:46] <Daviey> hallyn: go for it!
[14:47] <Daviey> create a new PPA tho
[14:49] <NCommander> hallyn: you'd cry if you knew :-)
[14:49] <NCommander> hallyn: but will do (currently doing 1001 things right now)
[14:51] <hallyn> Daviey: new ppa?  ok
[14:52] <hallyn> NCommander: yup no hurry.  Maybe we need a bug against the main lxc man page to have a WARNING at top about containers not being secure
[14:52] <hallyn> i'd say we coudl ask jdstrand for help writing an apparmor profile to contain it, but then it'll likely just spuriously prevent package upgrades in containers :(
[14:53] <hallyn> Daviey: doesn't look like i can create a new ppa
[14:53] <Daviey> hallyn: argh
[14:53] <Daviey> hallyn: is there a junky one?
[14:54] <hallyn> so nm, i'll use my own then.
[14:54] <hallyn> 'daily upstream build' :)
[14:54] <hallyn> nothing since jan 2010
[15:01] <Ursinha> Am I online?
[15:02] <Ursinha> Oh, I seem to be
[15:06] <hallyn> Ursinha_: Ursinha: you both are :)
[15:06] <skulltip> do i need to delete the loopback line for a static ip
[15:06] <skulltip> iface lo inet loopback..
[15:06] <Ursinha_> hallyn: :) redundancy ftw :P
[15:07] <giovani> skulltip: no -- that configures the lo/loopback interface -- you want to leave that alone, always
[15:07] <giovani> you only want to edit lines that are configuring interfaces you're changing (such as eth0, or whichever you're using)
[15:12] <skulltip> ok even updated nameserver with static IP and /networking restart..  message about it being deprecated and I can't ping the gateway
[15:13] <skulltip> do i need to add a default gateway route
[15:17] <Demosthenes> so, pop quiz. i have a natty box, it ought to be running lucid (lts server). how hard is that to change on an already installed box. can i just change the source, update, and safe-upgrade?
[15:22] <lynxman> Ursinha_: no you're not online, get back to work ;)
[15:25] <lynxman> damn... the sun, it is hot... and unknown
[15:26] <lynxman> Daviey: ping
[15:27] <lynxman> Demosthenes: afaik downgrading a box can have hilarious results, your mileage may vary though
[15:27] <Demosthenes> lynxman: very few real packages installed.
[15:28] <Demosthenes> no X, no desktop apps, etc.
[15:28] <lynxman> Demosthenes: still, have in mind that only the upgrade path is tested, and you can find packages that are not downgradable or hard to
[15:28] <lynxman> Demosthenes: if you need to do that I'd recommend install another machine with lucid or just keep that one working with natty
[15:29] <Demosthenes> righto!
[15:29] <Demosthenes> otoh, maybe we wait until the next LTS release and upgrade to it ;]
[15:30] <lynxman> Demosthenes: that would also be wise indeed
[15:32] <lynxman> Demosthenes: the new LTS will rock, just sayin'
[15:33]  * lynxman can't contain his excitement about Ubuntu-P
[15:33] <Daviey> lynxman: hola
[15:33] <lynxman> Daviey: ello good sir
[15:33] <Daviey> lynxman: on the phone.
[15:33] <lynxman> Daviey: just PMed you a doc, if you can give it a nice +5 and proofread it I'd be full of grate :)
[16:05] <Daviey> hallyn: can you update https://blueprints.launchpad.net/ubuntu/+spec/server-o-lxc-improvements please?
[16:06] <hallyn> Daviey: yeah, will do.  was thinking about that last night while trying to sleep :)
[16:06] <hallyn> thanks for the reminder
[16:06] <Daviey> heh
[16:18] <hallyn> stgraber: http://people.canonical.com/~serge/cgroup-lite.debdiff   debdiff introducing cgroup-lite into libcgroup source package
[16:19] <stgraber> hallyn: looks good. Can you file a FFe bug explaining the reason why this was introduced and pointing to some of the bug reports that'll be fixed by using it instead of cgroup-bin?
[16:20] <hallyn> yup, will do
[16:20] <stgraber> attach the debdiff to that bug and I'll then comment that it looks good, I'm using it and see no regression with the new code and that it actually solves a critical bug for me
[16:21] <hallyn> great, thx
[16:26] <hallyn> Daviey: were you going to push that ipxe from the lp merge proposal?
[16:27] <Daviey> hallyn: yep.. it's here
[16:27] <hallyn> stgraber: do i file that bug against lxc, or against ubuntu?
[16:27] <hallyn> Daviey: oh?  rmadison must be lying to me...
[16:27] <Daviey> hallyn: assume you haven't touched it since yesterday?
[16:27] <hallyn> no i haven't.  but ramdison doesn't show me a -ubuntu1 version
[16:27] <Daviey> hallyn: no, it's not pushed yet.. but i *am* doing it
[16:27] <hallyn> Daviey: ah, ok.  great - thanks
[16:28] <stgraber> hallyn: it's a patch against libcgroup, so file the FFe against libcgroup
[16:28] <hallyn> stgraber: sorry i meant libcgroup not lxc :)  ok, thanks
[16:29] <stgraber> ok :)
[16:44] <hallyn> stgraber: bug 829628
[16:50] <stgraber> hallyn: ok, commented and subscribed ubuntu-release for approval
[16:58] <hallyn> stgraber: great thanks - let's hope for the best
[17:04] <kirkland> RoAkSoAx: howdy!  I just uploaded a new powernap that fixes most of the powernap-on-the-desktop issues
[17:04] <kirkland> RoAkSoAx: you know, the ones jcastro was complaining about last week :-)
[17:05] <kirkland> jcastro: would you mind giving powernap another try on your desktop?
[17:05]  * jcastro whistles
[17:05] <kirkland> jcastro: 2.13
[17:05] <kirkland> jcastro: it should be much better
[17:05] <jcastro> sure
[17:05] <kirkland> jcastro: i've been running it here at the conference all week with success
[17:05] <jcastro> I'll do it on the laptop.
[17:05] <kirkland> jcastro: just uploaded minutes ago, so give it an hour or two to build/publish
[17:05] <kirkland> jcastro: sweet, thanks
[17:05] <kirkland> RoAkSoAx: give it a little testing, if you can
[17:05] <jcastro> should I configure it or just run it "stock"?
[17:23] <RoAkSoAx> kirkland: cool will do!!
[17:23] <RoAkSoAx> kirkland: how was the presentation though?
[17:23] <noecc> "java2-runtime" is a virtual package provided by: openjdk-6-jre gcj-4.4-jre gcj-jre default-jre
[17:23] <noecc> Is there a preference of one over the others?
[17:43] <RoAkSoAx> kirkland: btw.. when you have the chance to talk a lil bit about rsyslog for orchestra let me know
[17:45] <ahasenack> smoser: hi, is there a ppa for cloud-utils? I'm on lucid
[17:45] <ahasenack> I have 0.11-0ubuntu1
[17:59] <kirkland> RoAkSoAx: excellent!
[17:59] <kirkland> RoAkSoAx: can irc now, if you like
[18:00] <kirkland> RoAkSoAx: also, i saw you disabled the initial iso import ... why?  are you going to re-enable it?
[18:00] <RoAkSoAx> kirkland: yes I will re-enable it on release
[18:00] <RoAkSoAx> kirkland: right now it makes my testing difficult :) (i just disabled it for testing)
[18:01] <RoAkSoAx> kirkland: but anyways, logging-server is done, the only thing left is make sure the client installs the stuff through the preseed and obtains the keys
[18:01] <RoAkSoAx> kirkland: the "difficulty" here is that, in case we manually installed ubuntu-orchestra-client on a server, it will configure the client syslog but it won't be able to obtain the keys
[18:01] <RoAkSoAx> kirkland: unlike if we preseed it
[18:02] <RoAkSoAx> kirkland: so I was thinking on getting the postinst to check if orchestra server is accessible and obtain the keys if it is
[18:02] <RoAkSoAx> kirkland: however, this would require to have the keys available over web which is probably not desirable as discussed in austin
[18:03] <RoAkSoAx> kirkland: so before preseeding it, i simple though it would be better to have a way to do both things
[18:03] <RoAkSoAx> what do you think?
[18:04] <RoAkSoAx> pin/win 4
[18:04] <RoAkSoAx> arh
[18:04] <kirkland> RoAkSoAx: make it configurable then, dude
[18:04] <kirkland> RoAkSoAx: actually, it's already configurable
[18:05] <kirkland> RoAkSoAx: sweet, is logging working through ssl?
[18:05] <RoAkSoAx> kirkland: yes logging is working through ssl :D
[18:06] <RoAkSoAx> kirkland: the only difference is that if we preseed, the client will automatically obtain the keys and start logging with the server
[18:06] <RoAkSoAx> if we install ubuntu-orchestra-client on anhy other server thjat orchestra didn't preseed, we would manually need to obtain the key
[18:07] <RoAkSoAx> kirkland: so the real issue is not to make the key publicly available through HTTP
[18:08] <RoAkSoAx> kirkland: unless we could use the SSH keys to ssh ing and grab the key
[18:08] <RoAkSoAx> but yet again, if we dont preseed with orchestra, then no ssh keys will be available
[18:09]  * RoAkSoAx wonders if he is explaining himself correctly :)
[18:10] <cloakable> No. Commit seppuku.
[18:40] <RoAkSoAx> jdstrand: howdy
[18:40] <jdstrand> RoAkSoAx: hi
[18:41] <RoAkSoAx> jdstrand: does this satisfy the rejection reason for kitchen(python-kitchen)? http://paste.ubuntu.com/670291/
[18:42] <jdstrand> RoAkSoAx: looks good to me
[18:42] <RoAkSoAx> jdstrand: alrighty then. Will re-upload. Thanks
[18:42] <jdstrand> thank you :)
[18:43] <RoAkSoAx> jdstrand: thank you for pointing it out :)
[19:36] <lynxman> kirkland: ping, whenever you're around
[19:54] <RoAkSoAx> kirkland: so this is what I'll do: Cobbler let's you import python modules in kickstarts. So, I will create a python-orchestra module with "utilities"
[19:55] <RoAkSoAx> kirkland: this will have the script that generates the encoding of the keys and will generate a command that will install these keys into the deployed machine
[19:56] <RoAkSoAx> kirkland: so we will import  a snippet in the kickstart, this snippet will call the cobbler python module and will return a command in the way of "d-i balblabla" that will actually install the keys
[20:07] <diimdeep> hello, please advice good vps
[20:07] <diimdeep> for personal use
[20:09] <diimdeep> *vps hosting
[20:09] <diimdeep> linode, slicehost .. ?
[20:25] <Nvrnight> Anyone running Ubuntu Server 11.04 have any problems running apt-get install from a shell script?
[20:26] <Nvrnight> "apt-get install apache2" says it can't find the package from the shell script, but if I run it directly in the terminal, it finds it just find
[20:35] <soren> Nvrnight: Can you pastebin the exact error message?
[20:40] <Nvrnight> It's a one liner, "E: Unable to locate package apache2"
[20:41] <soren> Can you create another shell script that does the same thing?
[20:43] <Nvrnight> lemme try
[20:44] <Nvrnight> oh, a new script works
[20:44] <Nvrnight> I downloaded my script off a server, something must;ve happened?
[20:48] <soren> Guess so.
[20:49] <diimdeep> why you ignore my question ?
[20:49] <Nvrnight> soren, alright on a new investigation to see what I need to do to the file, lol, thanks for the help
[20:50] <soren> diimdeep: I prefer questions I can answer.
[20:51] <w00> Wrong channel for it also i'd say?!
[20:53] <diimdeep> w00: there is no channel for that, except google.com
[20:55] <diimdeep> and http://serverfault.com/questions/tagged/vps?sort=votes&pagesize=15 but similar questions a bit outdated
[20:55] <Myrtti> that would be because it's all up to your preference, location and needs
[20:56] <Nvrnight> soren, windows put \r's into my file, dos2unix fixed up my script and it works fine after that, thanks for the help in finding that
[20:58] <kirkland> lynxman: ping
[20:59] <kirkland> RoAkSoAx: okay
[21:00] <lynxman> kirkland: pong
[21:00] <kirkland> lynxman: sorry, i was ponging you :-)
[21:04] <DSpair> Hey all, need some help in recovering a broken LVM mirror.
[21:05] <DSpair> When I initially created the mirror, I guess I wasn't paying attention. I created the 2 legs on 2 separate drives and the mirror log on a 3rd drive. The drive with the mirror log failed and now it will not let me recover the mirrored volume.
[21:06] <DSpair> From what I am reading on the LVM mailing list archives, this may not be recoverable, but I'm hoping someone here might have a suggestion
[21:20] <DSpair> Whew!!!
[21:20] <DSpair> Yay!!!
[21:20] <TomasBrincil> whow!!!
[21:21] <DSpair> Looks like it is recoverable.
[21:21] <TomasBrincil> ^^
[21:21] <uvirtbot`> TomasBrincil: Error: "^" is not a valid command.
[21:21] <DSpair> Thank freaking goodness!
[22:02] <bernhard2> Is there a web based administrator for exim4 or dovecot ??
[22:10] <Daviey> ajaxterm? :)
[22:37] <Daviey> hallyn: around?
[22:39] <bernhard2> question.. im setting up exim4 with dovecot (it works 80%).. i want to setup mail for several domains.. This is done within Exim4 ??
[22:40] <patdk-lap> yes, and maybe dovecot too
[22:40] <patdk-lap> depending on exactly how you want it setup
[22:51] <qman__> I've never done exim, but I've done it on postfix
[22:51] <qman__> and in that case, the multiple domains bit was mostly on postfix
[22:51] <qman__> so I assume it's also on exim
[22:52] <patdk-lap> all depends if you want those domains to be different email boxes or not
[22:52] <Daviey> postfix is the Ubuntu favoured MTA over exim4
 <Daviey> Well have about 5 domains.. websites are on the same server too.. what do you mean with different email boxes ?
[22:59] <qman__> there's really two ways to do things
[22:59] <qman__> one is with the server simply accepting mail from all your domains
[22:59] <qman__> but in that case, user1@domaina and user1@domainb are the same user, same mailbox
[22:59] <qman__> what you probably want are virtual mailboxes
[22:59] <qman__> which create separate users and mailboxes for each domain
[23:00] <pr0z0id> is there a more robust pptpd server available.... looking for something that does not store passwords in a plain text file
[23:01] <pr0z0id> (in plain text)
[23:01] <patdk-lap> pr0z0id, that would be chap
[23:01] <patdk-lap> instead of pap
[23:02] <patdk-lap> but really why does it matter?
[23:02] <patdk-lap> if you store a password hash, your normally forced to send the password over the connection for auth
[23:02] <patdk-lap> so both ways the raw password makes it to the server
[23:03] <qman__> yeah, pptp isn't the most secure thing to run
[23:04] <qman__> not in terms of bugs and holes, just design
[23:05] <patdk-lap> switch to l2tp?
[23:05] <qman__> nah, openVPN
[23:05] <pr0z0id> i have openvpn already
[23:06] <pr0z0id> but need support for iOS etc.
[23:06] <pr0z0id> consoles ... that sort of thing
[23:06] <patdk-lap> for ios, your going be stuck with ipsec + l2tp
[23:06] <qman__> hashed or not, guard that password file with your life
[23:06] <qman__> it's just a design limitation
[23:08] <pr0z0id> i hate the idea..
[23:08] <pr0z0id> that's why i'm looking for something better.
[23:08] <patdk-lap> it's even more evil ios won't let you use certs
 yes would want virtual mailboxes which create separate users and mailboxes for each domain