[00:13] cr3 is gone, but ask again tomorrow. [00:26] join #windows-server === SJrX is now known as SJr === fenris is now known as Guest90959 === avoine_ is now known as avoine === jj-afk is now known as jjohansen === Guest86261 is now known as CrazyGir [01:30] Hi, i'm working on setting up a friend with ubuntu, but I can't seem to get the wireless up and running, it looks like the driver is good, but i'm no expert - anyone willing to walk me through this? Thanks [01:35] the_fool: join the #ubuntu channel and I will help you there [01:54] I'm having a problem with shutdown and reboot not waiting for a shutdown script to complete.  i verified it's being run.  i assumed the system would wait for each K script to complete.  is this not the case? [02:00] cjs226: I think it kill scripts after a certain time, I'm not sure [02:01] cjs226: the timeout is 5 seconds by default -> http://upstart.ubuntu.com/cookbook/#kill-timeout [02:01] ah, that explains it. THANKS! === Guest90959 is now known as ejat [02:08] cjs226: when you say the "K" scripts .. what # is it receiving in /etc/rc0.d ? [02:09] cjs226: there is definitely no timeout for those scripts.. they are run one after the other [02:10] i have it as K01 in rc0, 2 and 6 [02:11] what's the best procedure to impliment an app's shutdown script such that it has time to shutdown gracefully. for me i need a minute and a half [02:12] cjs226: it should work to just have the K script in there [02:13] cjs226: note that it needs an S script in the previous runlevel as well, or it won't be killed as the system won't think it was running [02:13] spamaps: ok, i'll test that, thx [02:14] cjs226: typically the defaults given to a script by update-rc.d work fine [02:14] cjs226: note that if you switch to an upstart script, you want 'stop on starting rc RUNLEVEL=[016]' [02:14] otherwise the system will only wait about 10 seconds for it to stop [02:14] (known bug) [02:15] cjs226: good luck [02:15] * SpamapS signs off for a bit [02:15] thx, appreciate it! [03:41] New bug: #850587 in cloud-init (main) "cloud-init fails to install if /tmp directory is noexec" [Undecided,New] https://launchpad.net/bugs/850587 [03:46] Daviey: FYI, update-notifier-common (which lets you know you need to reboot your server in motd) used to be in the default server install in lucid http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.lucid/server, but got dropped for maverick and later. [03:47] Daviey: are you sure that it should have been dropped? [03:48] do I need to run seahorse with sudo to use it? and I get a gnome-keyring communication failure error. === WinstonSmith is now known as ermmmmmmmmmmms === ermmmmmmmmmmms is now known as WinstonSmith === WinstonSmith is now known as ermmmmmmmmmmms === ermmmmmmmmmmms is now known as WinstonSmith [06:33] Like an idiot, I just blew away the squid init script (/etc/init.d/squid). How do I get apt / aptitude to reinstall it? [06:40] sergevn: is it bad that rmmod iwlagn inside a container removes the module successfully ? [06:42] sergevn: sorry, wrong serge ;) [06:42] hallyn: is it bad that rmmod iwlagn inside a container removes the module successfully ? [06:59] Corey: sudo apt-get purge squid then sudo apt-get install squid and you'll get it back. [06:59] what about dpkg-reconfigure? wouldn't that do the trick? [07:00] No. [07:01] When you manually remove the file, dpkg will assume that means you didn't want it until you purge and then it forgets you did that. [07:02] lifeless: You need to drop the sys_module capability. [07:03] * soren runs off for a half hour or so [07:06] ScottK: Thanks. Unfortuantely as it turns out this is Ubuntu 6.xx, so those packages aren't available anymore. Whoops. [07:06] Corey: They are on old-releases.ubuntu.com [07:06] You really should upgrade though. [07:07] You'll just need to adjust /etc/apt/sources.list to point at it. [07:09] ScottK: Not my choice. [07:09] OK. [07:09] ScottK: And thanks. :-) [07:09] You're welcome. [07:09] ScottK: Unfortunately the client's preferences eclipse my own. [07:09] I know how that is. [07:10] They should hire me to tell them they're wrong. [07:10] ;-) [07:10] ScottK: They've already done that with me. ;-) [07:10] ScottK: Mind if I ask what your contribution was that got you Ubuntu membership? [07:10] Development. [07:11] It was also in 2007, so things have changed a bit. [07:20] soren: probably dhouldn't be on by default :) [07:31] New bug: #338766 in vm-builder (universe) "vm-builder should support proxy servers" [Wishlist,Fix released] https://launchpad.net/bugs/338766 [07:36] New bug: #850672 in nut (main) ""port = auto" does not work with bcmxcp_usb (powerware 5115)" [Undecided,New] https://launchpad.net/bugs/850672 [07:47] lifeless: How are you running your containers? [07:47] lifeless: Using libvirt or lxctools? [07:48] soren: lxc-start ... [07:48] hi. who handles php these days? :-) [07:49] Nafallo: noone :) [07:49] lifeless: heh [07:50] I had to "upgrade" to the packages from sid on an oneiric server yesterday because our php5-sqlite only has sqlite3 support :-P [07:50] and sid had a different ABI [07:50] lifeless: bug 850687 [07:50] Launchpad bug 850687 in lxc "Should disable cap_module by default" [Undecided,New] https://launchpad.net/bugs/850687 [07:51] thanks :) [07:51] Nafallo: And what did you need (if not sqlite3)= [07:51] ? [07:51] soren: sqlite [07:51] (sqlite2) [07:52] I had no idea anyone still used that for anything. [07:52] roundcube wanted it at the very least ;-) [07:52] probably pastebin.ubuntu.com [07:53] Nafallo: I've only ever used roundcube with MySQL :-/ [07:54] I bet there are more things, but it took me a good while to figure out and "work around" it :-P [07:54] lifeless: If it helps at all, libvirt does it correctly (removes CAP_SYS_MODULE). [07:54] soren: cool [07:54] soren: [it doesn't, but cool] [07:54] Nafallo: Erm, i thought it was an effort this cycle for us to remove sqlite support? [07:55] Or at least, get it out of main [07:56] Daviey: well, not haivng a working roundcube-sqlite package would be a regression :-) [07:56] Nafallo: Sure, fancy fixing roundcube? [07:57] Daviey: I tried to find out if I could convince it to use sqlite3 yesterday, and restorted to upgrading from sid.... just saying. [07:57] I'd rather have php5-sqlite in universe with libsqlite dependency (if main is the reason we can't have working things) [07:59] alternatively we could have php5-sqlite and php5-sqlite3 [07:59] Nafallo: I think you are calling for php5-sqlite to be a seperate source package. [07:59] having php5-sqlite being only sqlite3 wasn't helpful :-P [08:00] source/binary.. whatever works. [08:01] New bug: #850687 in lxc (main) "Should disable cap_module by default" [Undecided,New] https://launchpad.net/bugs/850687 [08:04] Nafallo: fancy trying http://www.roundcubeforum.net/3-news-announcements/12-general-discussion/4954-making-sqlite-3-x-work.html , but see if you can avoid using pear? [08:04] Although, why you'd use sqlite over mysql is a mystery to me :) [08:05] Daviey: I fancy a working setup OOTB. that's why I run Ubuntu. [08:05] Nafallo: Hang on, you use the development release of Ubuntu to have stability. You are doing it wrong, [08:05] I assumed you were running the development version to help fix issues before release. [08:05] and since it took me half a year to get round to setting up a new VM and install roundcube, not in a 11.10 timeframe ;-) [08:06] Daviey: yes. issues like the one I ran into and that we are talking about :-) [08:06] I always try to run the development version when and where it's convenient for me to do so [08:07] New bug: #850690 in samba (main) "package samba-common 2:3.5.4~dfsg-1ubuntu8.4 failed to install/upgrade: there is no script in the new version of the package - giving up" [Undecided,New] https://launchpad.net/bugs/850690 [08:08] Nafallo: Sorry.. Looks like you are sad out of luck then.. Happy to help you fix this issue, but we don't have the time to fix it for you. [08:08] right. okay. [08:12] the issue is obviously one created by Ubuntu, since Debian doesn't have this problem, but yeah... I won't get much done by whining about this here :-) [08:14] a3:) [08:14] ;) [08:14] Ops. [08:15] Hey Nafallo [08:15] hi matti [08:18] hi all [08:20] Nafallo: you have been around long enough to know how this works :).. Have you even raised a bug? [08:21] Daviey: yes, and I plan to do so again ;-) [08:22] Nafallo: What is the bug number? [08:23] Daviey: sorry, but I tend to discuss before raising them. it is currently scheduled for this evening when I get home from work. [08:25] Nafallo: Okay, give me a ping when there is a patch attached... and we'll get it fixed! [08:25] rocking. [08:26] Daviey: udeb work - libcurl3-minimal-udeb looking OK - going to look at xmlrpc-c-minimal today [08:26] (and good morning BTW) [08:26] Daviey: didn't say I'd get time to do any patching mate... [08:27] Gooooood Morning jamespage [08:27] jamespage: You sir, are a life saver. [08:29] Nafallo: Oh sure, branches are equally as good. [08:32] hey Daviey jamespage [08:35] morning all o/ [08:36] hey koolhead11 & lynxman [08:38] morning koolhead11, lynxman [08:38] Daviey, jamespage o/ [08:38] Daviey: so we have to wait for Debian guys to fix the dbconfig bug!! :D [08:41] koolhead11: oh noes.. What one? [08:42] Daviey: https://bugs.launchpad.net/debian/+source/dbconfig-common/+bug/807038 [08:42] :D [08:42] Launchpad bug 807038 in dbconfig-common "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Medium,New] [08:43] looking [08:44] grr [08:45] :) [08:49] koolhead11: From yesterday, the problem seems to be that my machine inside kvm doing netboot off oneiric server b1 isn't picking up a virtio disk, so it is giving me an iscsi option only [08:49] Is this expected - is there a different image I'm supposed to be using? [08:50] rbasak: no there is no saperate image for KVM AFAIK [08:51] rbasak: i would suggest check KOAN as well [08:51] koolhead11: AIUI, doesn't koan only help if I already have a machine installed? [08:52] * rbasak tries using a SCSI bus instead [08:52] rbasak: i would suggest please check it. As i have not worked on/with KVM i have tried cobbler for my physical machines. It be great if after the test you will blog about the same. :) [08:58] hmm - tomcat6 is not in the ubuntu-server packageset - how odd.... [08:59] rbasak: you need RoAkSoAx - he demoed what you are trying todo at UDS-O [09:00] jamespage: +1 yeah :D [09:00] jamespage: even there is no openjdk-6-jre which jenkins depends on :( [09:00] smoser also worked on doing it slightly differently. [09:02] koolhead11: in oneiric? it depends on default-jre-headless which should pickup the right java [09:02] rbasak: check out lp:~smoser/+junk/cobbler-devenv [09:02] The how-to might be of use. [09:03] Daviey: any chance you could sponsor https://code.launchpad.net/~james-page/ubuntu/oneiric/tomcat6/CVE-2011-3190/+merge/75495 - whilst I work on xmlrpc-c-minimal [09:03] jamespage: Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190) [09:03] jamespage: so i should not install openjdk-6-jre on my oneiric clients ? [09:03] koolhead11: sorry - are you talking about jenkins slaves or a jenkins master? [09:03] jamespage: slaves :D [09:04] koolhead11: try the jenkins-slave package - it installs the right bits for you [09:05] supports both running via SSH from the master OR starting up locally and connecting to the master server [09:05] jamespage: Have a call starting now, but right after - sure [09:05] jamespage: is it in the ISO, base pkg ? [09:05] koolhead11: nope - jenkins is all in universe [09:05] jamespage: ok :( [09:06] i don`t have internet at time am running cobbler. seems like i have to do this just after machine gets provisoned [09:07] i have simple ISO of oneiric which feeds as repo for me [09:09] anyways am back to my LDAP love, catch you guys later. === koolhead11 is now known as koolhead11|afk [09:10] LDAP 'love'? Hmm, i'm yet to find that. [09:13] hi [09:26] It seems that both virtio and scsi don't work for cobbler+kvm - but ide emulation is OK [09:27] Daviey: how do we test all this new udeb stuff? [09:33] jamespage: give me 10, then we'll chat [09:37] Daviey: OK - I have a minimal xmlrpc with udeb working as well now [09:37] all looks OK but it needs review [09:38] jamespage: Where can I see it? [09:45] soren: all branches attached to bug 831496 [09:45] Launchpad bug 831496 in Ubuntu Oneiric "[FFe] Add cobbler enrollment support to server cd image" [High,New] https://launchpad.net/bugs/831496 [09:46] I've uploaded xmlrpc-c-minimal (NEW) and curl to ppa:james-page/discovery [09:56] New bug: #850771 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/850771 [10:04] jamespage: Fancy a call? [10:05] Daviey: one moment [10:05] * Daviey holds himself. [10:06] * Daviey gets on with stuff. [10:12] Daviey: OK now [10:40] Daviey: ldd cobbler-enrol - http://paste.ubuntu.com/689885/ [10:41] I've just uploaded cobbler-enrol to ppa:james-page/discovery [10:42] I might suggest that we move all of the branches to a team location so we can both work on them [10:43] hmm I'd test but I'm not near my cobbler system [10:44] Daviey: I know this is targetted to the ISO but it should be possible todo the same thing from a network PXE boot as well? Could be a menu option for unregistered systems from cobbler [10:47] jamespage: that is the honest primary purpose. [10:47] coolio [10:47] cobbler sending a preseed value for these debconf questions down the wire [11:43] rbasak, most certainly any server kernel we have should support virtio disk [11:44] most likely as modules... maybe you had an out of date iso that you booted from, which would mean the installer does not find a matching kernel module package [11:44] smoser: Ah, I see - so the installer looks for a kernel module package in the archive that matches the image it is using? [11:45] yes. [11:45] but it does give a reasonable error [11:45] I'm using the b1 iso image, so I guess the corresponding module package in the archive is now gone [11:45] somethign like "can't find modules" [11:45] i woudl have thought the beta1 would continue to work, but maybe not [11:45] rbasak, this is the net-install ? [11:45] I saw no error, but probably because of the preseed [11:45] It's whatever cobbler gave me [11:46] yeah, so make sure whatever cobbler has is up to date an dtry again [11:46] there is a command for that [11:46] cobbler-import-ubuntu or something [11:46] or ubuntu-import-cobbler [11:46] somethin like that [11:46] and if that fixes your problem, please open a bug [11:47] it should not be such an issue after release, but i tihnk that it will be an issue... or maybe we should make sure its only going to import the released versions which shoudl work indefinitely [11:47] cobbler-ubuntu-import :-P [11:47] rbasak: If you are using an archive made from the iso, then it should still work. If you are using a public archive, then it will not work :) [11:48] "archive made from the iso" ? [11:48] cobbler does not do that. [11:48] yeah I'm just doing what cobbler did for me [11:48] I imported the b1 iso, that's all. I didn't know about import-ubuntu-cobbler [11:49] smoser: How much do you care about bug 827590 getting fixed in oneiric? [11:49] Launchpad bug 827590 in nova "cloud-init does not mount ephemeral0 on /mnt in nova" [Medium,Fix committed] https://launchpad.net/bugs/827590 [11:49] smoser: Are you stating that it cannot do that? [11:50] it looks like that should not be an issue after release [11:50] http://us.archive.ubuntu.com/ubuntu/dists/lucid/main/installer-i386/ (those are old [11:50] ) [11:51] Daviey, that is fix-commited [11:51] but i care a lot [11:51] we're picking another nova branch, right ? [11:54] smoser: Erm, it's Fix Committed in Essex.. not Diablo. [11:55] We either need to convince ttx/vish to backport that (note, that it requires a db schema change); or distro patch it ourselves if you think it is essential. [11:56] oh carp. i had forgotten about that. [11:56] we need to pull that stuff back. [11:57] well, i think tha tis worht pulling into ubuntu [11:57] although the db schema change bothers me. [11:57] as we may then need to deal with upgrade issues. [11:57] smoser: Can you try and convince vish and/or ttx that they should carry it upstream? [11:58] yeah. [11:58] smoser: nah, the migrations are pretty safe TBH. [11:58] well, in nova, less so with glance it seems [11:58] but we migh have one that is different [11:58] It's not like this is an SRU schema change. [11:59] ie, our db then would look different to an essex upgrade than diablo pure [11:59] and we'll possibly have to deal with it then [11:59] Daviey, there are some other bugs that i consider serious [11:59] Good point... i think that could be handled.. but we can avoid the headache if it's done upstream :) [11:59] smoser: link me baby [12:00] bug 837100 , bug 837102 [12:00] Launchpad bug 837100 in nova "nova does not uncompress qcow compressed images" [Wishlist,Confirmed] https://launchpad.net/bugs/837100 [12:00] smoser: Error: Could not parse data returned by Launchpad: The read operation timed out [12:00] bug 837102 [12:00] uvirtbot: you suck. [12:00] Launchpad bug 837102 in nova "nova writes libvirt xml 'driver_type' based only on FLAGS.use_cow_images" [Low,Triaged] https://launchpad.net/bugs/837102 [12:00] Daviey: Error: "you" is not a valid command. [12:01] uvirtbot, uvirtbot sucks [12:01] smoser: Error: "uvirtbot" is not a valid command. [12:01] the first there, means we basically have to have the client uncompress the compressed qcow disk images that we create before they upload [12:02] otherwise performance will be abissmal [12:02] urgh [12:03] the second (untested) to me means that if you use a qcow image to upload, and you do not have USE_QCOW flag (which, realistically, no one outside of developement is going to use), then i think app armour will cause kvm to fail [12:03] 837100, seems unlikely to be a candidate for this release IMO. [12:03] i went hunting some yesterday on how to determine if a qcow image is compressed or not. unfortunately, qcow-img does not report that. [12:03] Daviey, that one is easily fixable. but why do you think not a candidate ? [12:04] the most difficult thing is determining if it is compressed or not. [12:04] smoser: Seems to be a feature, rather than an actual bug? [12:04] smoser: does 'file' return that data? [12:05] really? [12:05] you consider not doing cpu decompression on every read to be a feature [12:06] and for the second, you consider having instances not fail to boot to be a feature. [12:07] The cpu decompression to me, seems to be a performance enhancement. [12:07] It currently works without that fix. right? [12:07] just slow. [12:07] I'm not saying it /shouldn't/ be fixed, but is it going to be accepted upstream? [12:07] "my disk reads at 3MB/s" [12:08] "my disk *should* read at 90MB/s" [12:08] "my system is always pegged 100% on 8 CPUS" [12:08] something like that. [12:08] we *can* work around this in cloud-utils. but its a wart. [12:09] ttx: thoughts? [12:11] looking [12:11] ttx, same bugs that i bothered you at in openstack-dev [12:12] * smoser goes to branch milestone-proposed [12:13] Daviey: those bugs look sane -- if the question is "will they be accepted in a diablo backport" it all depends on the impact of the bugfix [12:13] Daviey: so basically they need to be fixed in trunk first [12:13] smoser: yes, cobbler-ubuntu-import fixed it, thanks [12:14] smoser, Daviey: so is that a bug? Do we care? [12:14] Daviey: if the solution is a clean one-liner, it's an obvious YES. If the solution involved a new dependency, a Db version bump and three new undocumented flags... not so much. === ersi_ is now known as ersi [12:15] rbasak, i tihnk its not so much of a bug as i had thought. [12:15] i said above because after release the issue will not occur [12:15] smoser: OK, no problem [12:15] (at least thats my understanding... the lucid iso is 10.04 date-ish, even though we've even released 10.04.1) [12:16] it is freaking annoying, but should only occur on the development release. [12:16] erm, i disagree. It will brak on every kernel ABI bump. [12:16] break* [12:16] no? [12:18] Daviey: I'm not sure. Won't the old modules .deb remain even after an update? [12:19] One potential issue is that the breakage doesn't report any kind of error. Even if the installer is supposed, the default cobbler preseed seems to make sure that it won't. Instead I get a flashing screen and no other info as debian-installer restarts in an infinite loop, and trying to figure out what is going on in a different VT is difficult as the screen won't stop flashing. [12:26] rbasak, how would it break ? [12:26] i dont think it would. [12:26] rbasak: ah, that is new to me. [12:26] look at http://us.archive.ubuntu.com/ubuntu/dists/lucid/main/installer-i386/ [12:27] that is the iso that cobbler-ubuntu-import would pull [12:27] and it has not changed since 10.04 [12:27] meaning it has lucid-release kernel on it [12:27] which is original [12:27] (also meaning you will boot the installer with a security vulnerable kernel though) [12:29] specifically the import pulls http://us.archive.ubuntu.com/ubuntu/dists/lucid/main/installer-i386/current/images/netboot/ [12:29] mini.iso [12:29] lifeless: it's not an inherent problem. cap_sys_module just isn't something that gets dropped by default. To drop it, add 'lxc.cap.drop = sys_module' to /var/lib/lxc//config [12:29] smoser: I mean that if it is broken, then there's no hint as to why [12:29] smoser: I'm not sure that it would break after release [12:29] rbasak, i sweare that when it breaks it leaves you at a ncurses prompt saying "what do you want to do" [12:29] but maybe you're not seeing that because of preseed. [12:30] but i sweare i saw it with preseed. [12:30] smoser: I didn't get that at all. [12:30] yeah. [12:30] but as far as i can tell, that will never be a problem after install [12:30] after release [12:30] but if it is *not* a problem, then we're wasting people's bandwidth because the cobbler input runs weekly i thikn. [12:30] and will continuously download and import the same thing. [12:31] smoser: when I tried to turn off the preseed, I'm not sure to what extent I succeeded but I did get it to tell me that there were no disks and would I like to set up iSCSI - yet no message about missing modules. [12:31] RoAkSoAx, kirkland ^ [12:31] rbasak, i swear it gives a reasonable error.... but its been a long time. [12:31] so i trust your memory more than mine here. [12:31] something must have changed [12:32] or something in my config, but I don't think I've deviated much from what cobbler does from default. I did try cobbler's supplied preseed too [12:35] cjwatson, sorry to bother you, but can you comment on the above? after release will we ever update the netboot iso at $mirror/dists/$rel/main/installer-$ubuntu_arch/current/images/netboot/mini.iso ? [12:38] Say i have a RAID0 of 5 device, i take snapshots of those 5 devices on daily basis. When restoring data, what would be the procedure? restore snapshots on separate 5 devices, assemble a RAID out of those 5 device and copy data that was lost? [12:40] smoser: no, but we deliver updates to $rel-proposed / $rel-updates [12:40] you should probably use $rel-updates if there's something there [12:40] ah... so possibly we should then pull from -updates if there is something [12:40] yeah, but then we'll have the issue above [12:40] with the possibly-no-modules failure [12:40] what issue's that, sorry? failing to parse it from the above [12:41] iso boots, but matching kernel modules package is not in archive [12:41] no modules, fail to install [12:41] err, if that's happening then we have a problem ANYWAY [12:41] really? [12:41] and we need to refresh the installer image [12:41] right [12:41] we> by which I mean I [12:41] but we have a cached installer image in a local cobbler isntall [12:41] ie, user installs cobbler, pulls down a net-iso, it works [12:41] they wait 3 weeks [12:41] it fails [12:42] a quick If-Modified-Since check isn't that hard surely [12:42] well, yes, we could do that. but we dont' actually have a good entry point to do that. [12:42] that seems like something worth fixing then. :) [12:42] :) [12:42] thanks for the info, cjwatson. [12:43] rbasak, so there are 2 issues. [12:43] 1, we're not pulling from -updates and we should be [12:43] 2, if we were, we'd hit this issue after release also [12:43] although, hmm [12:43] thinking about it, we never do NBS runs on post-release pockets at the moment [12:43] so actually, modules udebs for old ABIs never get garbage-collected [12:44] this is sort of a bug but we could refrain from fixing it if it would make life easieer [12:44] *easier [12:44] well they do during devleopment release. [12:44] it would make things easier, yes :) [12:44] yes, but post-release is different [12:44] yeah, i assumed that was the case [12:44] so somewhere i should document this conversation [12:45] thanks again. [12:45] yep, lucid-updates currently has kernel udebs for every ABI from 2.6.32-22 to 2.6.32-33 inclusive [12:45] The Ubuntu cobbler docs at https://help.ubuntu.com/community/Cobbler/Import need to be updated to use cobbler-ubuntu-import. I've been using an ISO I downloaded manually and been getting the breakage that way. In that use case, it seems an issue to me that the installer is pulling the kernel from the ISO (obviously) yet the modules from the archive. [12:46] rbasak: intentional [12:46] you're using a netboot installer image (albeit one shipped on the ISO) not a CD image [12:46] by design that pulls from the network [12:46] I'm happy for people using the development release to have to refresh the installer image frequently [12:47] because the purpose is to test stuff for the next release, so I don't want to put much effort into facilitating people using old code [12:47] OK [12:47] it shouldn't happen that way for a stable release [12:47] (if it is, that's a different matter, but I assume you mean an Oneiric ISO?) [12:48] Yes, I used the ubuntu server oneiric b1 iso [12:49] OK, I think I understand. This would never happen after release since the old module udebs will never be removed, and before release I should be using cobbler-ubuntu-import anyway so it should be a one-command update [12:53] morning [13:01] New bug: #850880 in cobbler (universe) "cobbler-ubuntu-import does not pull from -updates" [Undecided,New] https://launchpad.net/bugs/850880 [13:06] New bug: #850886 in cobbler (universe) "cobbler-ubuntu-import results in possibly stale netboot kernels" [Undecided,New] https://launchpad.net/bugs/850886 [13:15] rbasak, Daviey out of above conversation came bug 850886, bug 850880, bug 850892 [13:15] Launchpad bug 850886 in cobbler "cobbler-ubuntu-import results in possibly stale netboot kernels" [Undecided,New] https://launchpad.net/bugs/850886 [13:15] Launchpad bug 850880 in cobbler "cobbler-ubuntu-import does not pull from -updates" [Undecided,New] https://launchpad.net/bugs/850880 [13:15] Launchpad bug 850892 in orchestra "orchestra-import-isos does not update" [Medium,Confirmed] https://launchpad.net/bugs/850892 [13:16] smoser: bah, stop causing bugs.. fix 'em [13:16] ok [13:17] If I set up LDAP auth on a server, and there is already a local user "queso" with a home dir, but the LDAP server also has a "queso" account, what will happen if I try to log in? Does it try local user auth first, then try LDAP auth? [13:17] queso: sounds like something to try? :) [13:18] i woudl suspect ldap would read /etc/passwd first. [13:18] depends on priority in nsswitch.conf, IIRC? [13:18] but thats a guess. [13:18] Daviey: I don't want to just "try" something on a production server, especially when there is no root account to fall back on if LDAP auth is misconfigured. [13:18] gac: aah, okay [13:18] gac is probaly correct. [13:19] queso: no problem, do it on your staging server. [13:19] SpamapS: any idea when the squid packages in -proposed will be released? I want to prepare a security update for squid and don't want to obsolete them... [13:20] queso, smoser, gac: No. [13:20] soren, seriously. i was quite happy with conjecture. please avoid from giving useful and factual information. [13:20] nsswitch is what is used to look up e.g. which username corresponds to the uid of a given file when you do "ls". The order of authentication is all about PAM. [13:21] so those 2 have to be consistent or odd things. [13:21] Err... "what is used to look" should have been "what is used to determine the order for looking" [13:22] (libc handles the actual lookup) [13:24] soren: pam_unix.so refers to using /etc/shadow ? [13:24] queso: So your PAM configuration determines what happens on login. If it looksup in LDAP first and finds your user there, it will assign the UID from LDAP to your login process and that will be your uid. If that matches what's in /Etc/passwd, great. If not... WEll, it'll be fun and interesting. [13:24] queso: Yes. [13:26] soren: okay, perfect. thank you. [13:28] soren: so, by the same logic, when I change my password using passwd, it also uses the pam priority to determine which password to change? === koolhead11|afk is now known as koolhead11 === kentb-afk is now known as kentb [14:05] queso: YEs. [14:07] hey all [14:11] soren: Daviey by any chance there is some bug on mysql nova on oneiric and diablo ? [14:12] i got it working with smiles using sqllite :D [14:15] smoser: rbasak if the mini iso you download does not contain the latest kernel, then the installation is broken, happens all the time [14:15] yes. [14:15] smoser: rbasak there's been situations on which I have downloaded the mini iso the day before and the next day installation is broken due to kernel [14:15] RoAkSoAx: *now* you tell me :-) [14:15] RoAkSoAx, 3 bugs covering that and what we need to do were mentioned up above [14:16] smoser: rbasak other situations where that I downloaded a mini ISO in the morning and right past the middle of the day, something was broken in the archives and installation fails, so I had to wait few more hours till everything gets back to normal [14:20] smoser: right, all the development release stuff is known [14:20] though, there's not much to do about it [14:20] smoser: as we should not really target the development release for cobbler-ubuntu-import [14:23] well, you could be really smart though [14:23] i wonder if we're ok on that [14:23] because i think it uses ubunt-release-info or something [14:23] if that is smart it might be ok. [14:23] if you're running a development release you'd assume you want to have the development release present [14:23] if not, then it should not be shown [14:23] smoser: right [14:23] at leat not by default [14:24] anyway, there are some actually issues to fix there. [14:24] smoser: now, once thing though, updating the ISO to the latest, doesn't really mean that the archive will not be broken [14:24] we're lucky that the -updates doesn't get garbage collected. [14:24] RoAkSoAx, well, post release [14:24] it sure should! [14:24] smoser: during development cycle I mean [14:24] yeah [14:25] that is quite reasonably a WONT FIX [14:25] smoser: i.e. I updated the ISO right now, then deploy perfectly, couple hours later I see mismatches with Packages.gz or the keys, then few hours later, everything works again, or you need to import a new ISO [14:26] smoser: but for released version I don't really think we would need to grab from -updates, do we? [14:29] well, yes we do need to [14:29] its not terribly high priority [14:30] but there are both security and driver fixes in -updates [14:30] ie, there could be a known remote exploit available during your install (worst possible scenario, and unlikely, but why not get -updates) [14:36] alright [14:43] smoser: this makes sense to you? http://paste.ubuntu.com/690042/ [14:44] smoser: instead of passing the 'in-target etcetc' we would only be passing the encoded script [14:45] oh.. yeah, we have to base64 encode [14:45] that sucks [14:46] i was hoping we could drop that too [14:46] hi guys anyone can help, i ahve a mysql password and someone modify the root password and i cant login but the users i created i can still login do i have chance to reset or chnage root paswword using the mysql user only..? and i got phpmyadmin only- i cant access the server commandline at all [14:46] smoser: if we do, we could run into the issues we discussed when that was done ;) [14:46] where i sthat branch ? [14:46] so i can see the file [14:46] right. [14:47] oh. trunk [14:47] RoAkSoAx, so what i was thinking was more just set the variable "USER_DATA" or "CLOUD_INIT_USER_DATA_BASE64" or something [14:48] smoser: yeah it is trunk, but I've pushed the changes here: lp:~andreserl/+junk/juju-cloud-init [14:48] smoser: yeah, the variable name is the easiets lol! [14:48] and then have the template in orchestra handle writing that to the appropriate file [14:48] smoser: not a template, but rather a snippet [14:48] ie, ensembel doens't know about "/var/lib/cloud/seed/nocloud-net" [14:48] right. [14:48] same deal [14:48] but so all ensemble/juju knows about is that its passing user data [14:49] base64 is the only wart [14:49] smoser: so you only want to pass the user-data per se, or the LATE_COMMAND_TEMPLATE (which is the scrip that writes the user-data) [14:50] smoser: cuase I think we would need to pass the encoded script to easily execute it on the preseed as a late_command [14:50] no. i think we can just have cobbler handle that. [14:51] smoser: uhmmm I don't see how [14:51] because the template can basically run python code, no ? [14:51] is that cheetah ? [14:52] smoser: yes it is cheetah [14:52] smoser: https://fedorahosted.org/cobbler/wiki/KickstartTemplating#CallingPythonCode [14:53] smoser: I don't really think we could do it on the template [14:53] oh... a challange is it ? [14:53] :) [14:54] smoser: we can't really have our python script doing stuff there, but rather, we can import a module and return something from a function we call. That's what I can do === almaisan-away is now known as al-maisan [14:54] Calling Python Code ¶ [14:54] RoAkSoAx, see that. [14:54] right. [14:54] yeah. [14:54] smoser: i.e. have the orchestra python module have a function that takes the user-data and returns a script for the late command [14:54] also see "Extending" [14:55] smoser: right, I think I would prefer keep that in the "orchestra python module" [14:56] s/prefer keep/prefer to keep/ [14:57] RoAkSoAx, thats reasonable i think [14:57] smoser: and probably do something similar for the meta-data [14:57] http://paste.ubuntu.com/690053/ [14:58] well, sure. but that is less important as that is hidden in cobbler somewhere. [14:58] that is basic idea, but i didnt' pull out any dead code [14:58] smoser: right, yeah I understood what you wnated to do ;) [14:58] smoser: alright, I'll do that then [14:59] and i think i'd ditch the gzip [14:59] that just makes things simpler [14:59] (yes, i realize i argued before for keeping it) [14:59] :) [14:59] yeah I think we could also ditch that as well [14:59] fwereade: ping [15:00] RoAkSoAx, pong [15:00] fwereade: we are chaing the approcah on how we handle user-data/meta-data with juju/orchestra [15:00] fwereade: will have a patch for you soon [15:00] RoAkSoAx: cool [15:01] RoAkSoAx: I think I'll do the ks-meta clearing at the same time, if that's ok with you [15:01] fwereade: sure [15:06] fwereade: btw.. has all the orchestra stuff landed in the archives? [15:07] RoAkSoAx: are you going to enjumble the orchestra code? [15:09] kirkland: hehe not really! Basically, we are just gonna pass user-data to cobbler into a ksmeta, and let python create the script to write the user-data into the client machine [15:09] kirkland: but that python code will be under orchestra [15:20] RoAkSoAx: sorry I missed you -- there's been no orchestra change since that trivial fix on (?)tuesday [15:20] fwereade: yeah, but I mean, are the orchestra changes in the *.deb packages in the archives? [15:21] RoAkSoAx: I have no idea I'm afraid -- should there be some quick way I can check that? [15:21] fwereade: i'll check it out ;) [15:21] RoAkSoAx: cheers :) [15:23] smoser: http://paste.ubuntu.com/690075/ [15:23] After updating a pam configuration file, is there something I have to run to make it take effect? [15:24] well i dont think you want the ':i" on like 28 [15:24] but i think thtas the general idea, yah. [15:24] smoser: yeah that's a typo [15:24] :) [15:24] Does the order matter when re-assembling a raid0 device? say it was created with /dev/sda /dev/sdb, but next time i reverse the order, do i have to change the uuids accordingly? [15:25] smoser: heh ok then, so now, we just set the hostname to the meta-data and that's it? [15:25] set the hostname and an instance-id in the meta-data [15:26] New bug: #851008 in drbd8 (main) "drbd8-utils depends on drbd8-source which tries to compile a kernel module even though drbd is already in the kernel" [Undecided,New] https://launchpad.net/bugs/851008 [15:26] i would suggest using the cobbler host-id (or whatever that is) for the instance-id that it feeds cloud-init [15:26] smoser: we use the UUID of a system for instance-id [15:26] yeah [15:27] thank you for doing this, RoAkSoAx . i really do think it will end up being nicer. [15:34] smoser: hehe no worries I do also think it's jsut a way to improve things === al-maisan is now known as almaisan-away [15:46] LAMP server ....ServerName www.example.com:80 ..... if i dont have a registered dns i put in the ip of WAN? [15:59] davros: yes, or '*' without quotes to answer queries for that domain against any IP coming to the server. [16:00] davros: basically its 'Listen' IP, so say there is a vhost with 127.0.0.1:80 and you request for that vhost from 192.168.xxx.xxx then you won't see it but default vhost. [16:02] thx [16:10] anyone using amazon as personal backup or storage? [16:18] mdeslaur: need verification on bug #750371 for maverick, then squid can be released to updates immediately [16:18] Launchpad bug 750371 in squid "squid causing /var to stay busy during shutdown" [High,Fix committed] https://launchpad.net/bugs/750371 [16:19] SpamapS: can you get someone from QA to take a look at it? [16:21] mdeslaur: on it [16:21] smoser: so cloud-init meta-data is instance-id: XYZ local-hostname: node01.testing.com [16:22] SpamapS: thanks...usually we just supersede the one in -proposed, but it seemed to be quite far along and I didn't want to make you start over [16:22] RoAkSoAx, http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/files/head:/doc/examples/seed/ [16:22] that should help you [16:22] but, yeah, that looks good. [16:23] bonus points you could take a PUBLIC_KEY ksarg :) [16:23] smoser: should I just set local-hostname or should I also set hostname and public-hostname [16:23] ? [16:23] mdeslaur: much appreciated! [16:23] local-hostname is enough [16:23] but it might make sense for you to populate public-hostname [16:24] smoser: ok, and what PUBLIC_KEY ksarg are you referring to? [16:24] smoser: i'll just set both, local-hostname and public-hostname [16:24] see the bottom of that file 'suggested' [16:24] that way the user of this could pass in a public key which would be imported. [16:24] its not necessary for juju [16:24] as juju uses user-data to get key in [16:25] smoser: yes, but it might be necessary for other stuff I'mdoing [16:25] smoser: will look into that though [16:46] smoser: still sure that we don't want to zip the late command: http://pastebin.ubuntu.com/690135/ [16:47] disable pixe... [16:47] you were goin gto put that into default [16:48] smoser: i mean, the late command for the cloud-init stuff [16:48] which is quite long [16:48] smoser: in-target sh -c 'f=$1; shift; echo $0 | base64 --decode > $f && chmod u+x $f && $f $*' CnNlZWRfZD0vdmFyL2xpYi9jbG91ZC9zZWVkL25vY2xvdWQtbmV0Cm1rZGlyIC1wICIkc2VlZF9kIgpjYXQgPiAiJHNlZWRfZCIvbWV0YS1kYXRhIDw8IkVPRiIKCmluc3RhbmNlLWlkOiBNVE14TlRreU5USTJNaTQxTVRFMk1qSXdMamM0T1RJek9BCmxvY2FsLWhvc3RuYW1lOiBub2RlMDEudGVzdGluZy5jb20KCkVPRgoKY2F0ID4gIiRzZWVkX2QiL3VzZXItZGF0YSA8PCJFT0YiCiNjbG91ZC1jb25maWcKYXB0LXVwZGF0ZTogdHJ1ZQphcHQtdXBncmFkZTogdHJ1ZQ [16:50] RoAkSoAx, [16:50] i guess you could compress it there [16:50] but not require the USER_DATA ksarg to be compressed [16:50] smoser: yah, that's what I'm doing [16:51] smoser: nope, the USER_DATA in ksmeta is not gonnabe compressed [16:51] you could optionally transparently detect and decompress [16:51] but thats just being silly at this point [16:51] what is keys-late-command ? [16:53] RoAkSoAx, one thing you actually could do that might be nice, is have the cobbler output that stanza like you pastebinned [16:53] but then also output the decoded USER_DATA as commented out lines for easier reading [16:54] ### USER_DATA ### [16:54] # #!/bin/sh [16:54] # ... [16:54] smoser: keys-late-command is something I'm doing to import the keys for rsyslogd [16:55] smoser: where do you want to output that? [16:55] i thought you could acutally do it in the preseed [16:55] i'm sure you can decode base64 in your head [16:55] but, sadly, i cannot [16:55] smoser: mnmm I think so yes, but I don't think we'd like to have that much amount of comments in the preseed though [16:57] why? [16:57] an absolutely massive preseed/userdata i can't see being more than 30k === lullabud is now known as warzauwynn [16:58] but, feel free to ignore. [16:58] one other suggestion i have is to split the writing of user-data and meta-data into 2 separate late-commands. [16:58] but i have no strong reason for that [16:59] smoser: yeah I also thought doing the same [16:59] two different commands === almaisan-away is now known as al-maisan === al-maisan is now known as almaisan-away [17:30] smoser: any ideas? http://paste.ubuntu.com/690169/ [17:31] unfortunately, yes [17:31] can i ssh in ? [17:31] smoser: unfortunately no, it is a VM under cobbler-devnet under 2 routers [17:31] ah. ok. [17:31] and what version of ifupdown ? [17:32] smoser: 0.7alpha [17:33] smoser: 0.7~alpha5.1ubuntu5 [17:33] smoser: so this doesn't have to do with the changes in orchestra [17:33] RoAkSoAx, can you pastebin ls -altr --full-times /run/network [17:34] full-time should be singular [17:34] http://paste.ubuntu.com/690176/ [17:36] smoser: ^^ [17:36] yeah. [17:36] so.. if timestamps are consistent between those two pastebins, somehow cloud-inti ran before netwok was up [17:36] hm.. but that doesn't make sense [17:36] because it ran before ifup.lo was up [17:37] (which is like immediately) [17:37] yeah, you've rebooted [17:37] havent you [17:37] suck. that lost a piece of info that would have been useful [17:37] smoser: lol [17:37] smoser: i'll redeploy [17:37] hold on [17:38] one other hting [17:38] you probalby have /var/log/cloud-init-output.log now, right ? [17:38] you can pastebin that too [17:39] smoser: ok, but when it finishes re-deploying as it already started [17:39] matter of ~5 mins [17:42] RoAkSoAx: did you end up doing anything with the kernel arguments in cobbler/orchestra? or are we not worried about having those set [17:43] adam_g: those are gonna be set automatically [17:43] adam_g: we odnt have to do anything [17:43] i was certainly under the impression that we needed a few kernel args [17:43] kirkland: yeah teverything is already set automatically [17:43] i used to have that code in the orchestra-import-isos script [17:43] adam_g: you just need to set the --hostmae=node01.testing.com or similar [17:44] adam_g: for it to automatically add the hostname and domain [17:44] adam_g: we just needed cloud-init to respect that [17:44] RoAkSoAx: --hostname set in cobbler, or hostname= at the kernel? [17:45] adam_g: if you set --hostname=node01.testing.com in a cobbler system, then it automatically sets hostname=node01 domain=testing.com for the kernel [17:45] RoAkSoAx: ok, gotcha [17:45] adam_g: if you only set --hostname=node01 in cobbler, then the kernel gets hostname=node01 domain=local.lan [17:46] kirkland: what other parameters were you thinking ? [17:47] smoser: http://paste.ubuntu.com/690188/ http://paste.ubuntu.com/690189/ http://paste.ubuntu.com/690192/ [17:48] smoser: bah... seems to be an error with importing a bzr bra nch [17:48] lol [17:50] well thats good for me [17:50] :) [17:51] and i'm happy we have the cloud-init-output log now [17:51] smoser: lol yeah! [17:52] you scared me [17:52] smoser: i got scared too lol [17:52] hahaha [17:52] i thought the recent ifupdown code was bad [17:52] i though I broke something [17:55] Daviey: ping [17:56] hallyn: hey, any chance you've packaged qemu-kvm 0.15 in a ppa or anything? [17:56] hallyn: i wanted to play with the rbd driver [17:56] jeeez archives broken again [17:58] adam_g: hola [17:58] kirkland: he has [17:58] kirkland: we pondered putting it in the archive. [17:58] phew freaking squid [18:01] Daviey: oh? decided against, i take it? [18:03] kirkland: Only yesterday infact. [18:03] It looks good, but if it went south; hallyn cannot commit to resolve issues with the time we have remaining. [18:03] Daviey: well, imho, it would be better to do oneiric with 0.15, and lts with 0.15.x [18:04] Daviey: but that's up to you blokes :-) [18:04] There didn't seem to be a killer feature making it worth the risk, but perhaps i missed that? [18:04] kirkland: That was the balance we were making. [18:04] Daviey: cool, no worries [18:04] Daviey: cole needs rbd (ceph/rados) support [18:05] Daviey: i'm going to build one in a ppa for him [18:05] Daviey: librados-dev would need an MIR, which we can do in 12.04 [18:05] Daviey: hey! [18:05] kirkland: just use hallyn's? [18:06] kirkland: https://launchpad.net/~serge-hallyn/+archive/virt [18:06] hey cole [18:06] Daviey: only if hallyn rebuilds with librados-dev and -enable-rbd [18:06] Daviey: if its not too late, lp:~gandelman-a/+junk/cobbler-enroll-set_mgmt_class has some stuff added to make enrolling into ensemble environments easier [18:07] adam_g: you don't fancy rebasing from my branch do you? [18:08] Daviey: dont know that i need to. i re-branched from yours just before making those changes, ~1hr ago. [18:08] adam_g: ah sorry, you did :) [18:08] * Daviey assumed otherwise, sorry [18:08] np [18:09] adam_g: is it an optional field? [18:09] Daviey: yea [18:10] adam_g: Have you looked at exposing the values from a cobbler template? [18:13] Daviey: no, im not sure what you mean. ive just adopted to the enroller to do more of what andres documented as required in that wiki page === oCean_ is now known as oCean [18:18] kirkland: https://launchpad.net/~ubuntu-virt/+archive/candidate [18:24] adam_g: Hmm, so - this tool has 3 possible purposes right? [18:24] * RoAkSoAx will be back later [18:25] adam_g: 1) install from cd, 2) install from installing the binary package, and using it as an alternative to "cobbler system add", and 3) Preseeding discovery. [18:25] the 3rd, needs cobbler to push the username / password / etc / etc, via preseed. [18:25] However, i haven't checked if it's possible to do that in a generic, templated way [18:35] Someone knows the risk of a zookeeper daemon on a machine. I mean if someone break in it could have access in a way the other servers? [19:09] does rc.local run after networking is up? [19:14] Hi, I am using ubuntu natty [19:15] I have installed postgresql package, but I can't find your config files? [19:15] I have installed postgresql package, but I can't find your config files. [19:16] So I upgraded an ubuntu-server dev box from 10.10 to 11.04 and grub decided to fail. How exactly do I tell grub to boot from an LVM? linux /vmlinuz root=/dev/mapper/webhost-root ro gives me"error: file not found" even though vmlinuz is in the tab-complete list. is it another file that can't be found? [19:17] "insmod lvm" "set root=(webhost-root)" .... i'm stuck on what comes next [19:17] dlibanori, I guess they're on /etc/postgresql/*/ [19:17] no, they are not [19:18] ssureshot: yes, it runs at the end of the boot [19:18] ubuntuuser3631, hmm, boot from lvm? I guess boot cannot be inside lvm [19:19] Ursinha: there isn't /etc/postgresql dir [19:19] dlibanori, which package exactly have you installed, and what version of postgres is it? [19:19] postgresql [19:19] Ursinha: postgresql, that is the package's name [19:20] Ursinha: My terminology might be off. Here's a boot info script output: http://paste.debian.net/130250/ if that helps [19:20] dlibanori, what's the package version? 8.4? [19:20] 8.4 [19:21] Ursinha: http://packages.ubuntu.com/natty/postgresql [19:23] Ursinha, I was trying to follow this guide: https://help.ubuntu.com/11.04/serverguide/C/postgresql.html [19:23] Ursinha: but it fails because there is no /etc/postgresql/8.4 after apt-get install [19:24] dlibanori, looking here [19:25] Ursinha: try to look postgresql-8.4 files, there isn't /etc/postgresql/8.4 dir [19:25] http://packages.ubuntu.com/natty/amd64/postgresql-8.4/filelist [19:25] dlibanori, yes, I see that, figuring out when the conf files are created [19:25] because they are in /usr/share/postgresql/8.4/*.sample [19:26] this is very annoying, older ubuntu releases just work, but natty... [19:26] dlibanori, you just installed that and no problems during the installation? [19:26] no problems [19:27] there isn't any unusual message after apt-get [19:27] * Ursinha reads serverguide page [19:27] here it is: https://help.ubuntu.com/11.04/serverguide/C/postgresql.html [19:27] it doesn't help [19:33] jdstrand/kees: so about the nova MIR [19:33] Daviey, hallyn, there are Incomplete bugs assigned to you, the bugs are old: http://reports.qa.ubuntu.com/reports/ubuntu-server/triage-report.html [19:34] could you please take a look and unassign or whatever you think it's best? [19:34] thanks [19:35] zul: shoot [19:35] jdstrand, ivoks, there are also bug 671065 and bug 607466 [19:35] Launchpad bug 671065 in dovecot "deliver broken because dovecot.conf uses !include_try" [Medium,Incomplete] https://launchpad.net/bugs/671065 [19:35] Launchpad bug 607466 in libvirt "libvirt error starting domin: could not remove profile for" [Medium,Incomplete] https://launchpad.net/bugs/607466 [19:35] could you do the same? thanks :) [19:35] * Daviey re-assigns them to Ursinha [19:36] Ursinha: it is incomplete and assigned to me because I asked a question of the reporter. the reporter has not responded [19:36] jdstrand: so i know it needs a better security audit and what not, can we do that in oneiric+1 and get those concerns addressed then? [19:36] Daviey, I'm just going to remove the assignment, as I think it's wrong to have bugs assigned if I'm not currently working on them :) [19:36] zul: did you see me comment yesterday? [19:36] jdstrand: did you talk to zul? [19:36] jdstrand: I didnt see yesterday [19:36] Ursinha: oh, feel free. [19:36] hahaha [19:36] unassigning bugs from me is also appreciated :) [19:36] 20:36 < Daviey> jdstrand: did you talk to zul? <-- s/zul/kees/ [19:37] zul, Daviey: please see my comment in the nova mir. it gives you a path forward [19:37] Daviey, you complain way too much :) [19:37] Daviey: yes I did. I mentioned it in backscroll in this channel [19:37] jdstrand: ok thanks ill check [19:37] ah [19:37] (yesterday) [19:38] Ursinha: I'm not sure what the current policy is on bug assignments for Incomplete. it used to be you ask a question and put it at Incomplete so that when the answer came you would do something with it [19:38] Daviey: we can push username/password over preseed [19:38] Ursinha: if that changed, please let me know [19:39] jdstrand: thanks [19:40] jdstrand: you sure it was on #ubuntu-server i dont see anything in the log [19:40] jdstrand, current policy is there's no clear policy [19:40] Ursinha: heh, fair enough [19:41] jdstrand, we're trying to change that. I'll let you know :) [19:41] 14:07 < jdstrand> Daviey: kees and I talked. please see my comment in the bug [19:41] zul: from yesterday [19:44] jdstrand: k [19:44] Ursinha: thanks. I'm with Daviey, feel free to unassign me if you'd like :) [19:45] jdstrand, Daviey, I just haven't because you know what's the state of those bugs better than I do [19:45] or if that requires action [19:48] that's fine [19:52] dlibanori, I couldn't find any pointers anywhere, what I'd do is to copy files from /usr/share/p... to /etc/ [19:52] oh c*** [19:52] ok [19:53] jdstrand: yeah so the privilege seperation stuff is going to be fixed in the next release, and I think the Ubuntu server team would mostly take care of any security issues that might come up anyways [19:54] zul: I think the server team needs to formally state that in the MIR bug [19:54] jdstrand: i think so too [19:55] zul: at which point it should be easy for another member of the mir team to ack it [19:55] hold fire, please. [19:57] zul: it won't be fixed in the next release. it will be changed. ;) [19:57] kees: yeah.. [19:58] My server just got hacked, anything i can install to look for traces [19:58] jdstrand: I think the server team will be happy to comitting to 18 months high impact and security fixes for this release, with support from the security team if required. The work would be driven by the server team, is the bottom line. [19:58] jca1981: I would power it complete off and examine the drives from a separate machine :( [19:58] Providing, the sudo issues are resolved for 12.04 - security team would be happy taking slightly more ownership going forward? [19:59] *completely [19:59] Daviey: well, my comment is "If there are upstream commitments and commitments from the Ubuntu Server team to *aid* in its support" [20:00] jdstrand: I'm not confident in the level of upstream support on their releases can be. [20:00] kees: i think i got the most of it had a php bullitin board that got hacked and found som scripts in there [20:01] I think it's first to fix it, gets the prize.. that might have to be distro derived. [20:01] jca1981: at least externally verify your kernel and openssh packages, without that you won't know if the machine was rooted, etc. [20:02] Daviey: I'm not clear on what you are saying. surely they will fix security bugs? hopefully those are backportable. if they are not, we might need assistance from the server team for large code drops/testing, etc [20:02] Daviey: we will almost certainly need help with testing. if that can be done with nested virtualization, we might only need training [20:03] jdstrand: right they have things like contintous integration and the such [20:04] Daviey: the problem I have is this is a fairly new project and huge code base that is network exposed and quite complicated [20:04] jdstrand: Yeah, i suspect that the velocity of the project will mean that it will be more of a challenge to simply cherry pick fixes. [20:04] kees: if the attacker only got appache acces could he have rooted the rest of the system? [20:04] Daviey: I'm not saying 'no', I just want assurances that help is there if we need it, and that the current problems are addressed, and there is good support for security fixes down the line [20:06] jdstrand: Yeah, there is no fear of us just expecting you chaps to handle issues on your own. My hope is that security and server tackle issues together :) [20:07] Daviey: that sounds fine to me (but should be documented in the bug), along with a concerted effort to get the 'sudoers problem' addressed for 12.04 [20:07] jdstrand: ack. [20:07] Daviey: thanks [20:07] jdstrand: no, thank you. ;) [20:07] :) [20:07] zul: So, any issues we get - we throw over to security then go offline, right? [20:07] jca1981: if they used a local root vulnerability that is not publically known (a "zero-day") [20:08] hah [20:08] Daviey: hah [20:08] jca1981: it's unlikely, but I'm paranoid :) [20:08] i dont like giving the security team a stroke [20:08] kees: Its good to be parinoid, but im lazy [20:08] * jdstrand hugs zul [20:08] i like brownie points ;) [20:08] zul: I do, when they tie up all the buildd's with firefox. [20:09] :) [20:09] minus micahg :) [20:09] lol [20:10] Daviey: just keep this postinst snippet in mind: [20:10] if getent passwd Daviey >/dev/null ; then echo rm -rf / ; fi [20:10] sans the echo :P [20:10] lol [20:10] zul: hey, is openstack+lxc working for you these days? [20:11] jdstrand: eep. [20:11] just sayin :P [20:12] hallyn: *sigh* it was working last week [20:12] hallyn: whats wrong? [20:13] zul: eh, instances don't start [20:14] hallyn: can you send me the nova-compute.log please [20:14] yp [20:14] yup [20:15] Ursinha: here is the answer http://ubuntuforums.org/showthread.php?t=1396862 [20:16] jdstrand: at least the testsuite runs when it builds ;) [20:16] Ursinha: I had to purge postgesql-common [20:16] dlibanori, hmm, right! [20:16] zul: \o/ [20:16] seriously, that is fantastic [20:17] :) [20:17] and wonderful to hear it is in the packaging [20:17] Ursinha: natty, sometimes, is very disappointing [20:22] New bug: #851274 in lxc (main) "lxc-clone improperly configures dhcp (config file)" [Undecided,New] https://launchpad.net/bugs/851274 [20:22] zul: well, i think i'm going to just have to compile yet another instrumented version of libvirt to figure out where it's dying [20:23] hallyn: you sure its libvirt that is dying? [20:23] zul: well libvirt.log has 20:21:31.212: 11553: error : lxcDomainGetInfo:536 : internal error Unable to get cgroup for instance-00000002 [20:24] that doesn't mean it's not bc of something openstack is doing... [20:24] hallyn: ah ok [20:25] stgraber: hey, are we too late for feature freeze? [20:25] any chance you're free to shove in the fix for https://launchpad.net/bugs/851274? [20:25] Launchpad bug 851274 in lxc "lxc-clone improperly configures dhcp (config file)" [Undecided,New] [20:26] hallyn: ah yeah i have seen that before...libvirt in openstack is trying to get info that libvirt-lxc doesnt have [20:26] ? [20:28] hallyn: feature freeze, yes, beta2 freeze, we still have 30 minutes ;) [20:29] hallyn: if you can get me a debdiff in the next 25 minutes, I'll review and upload [20:30] d'oh [20:30] hallyn: known bug [20:30] zul: you didn't get the merge request I sent your way? [20:30] yesterday for lxc? [20:30] hallyn: yeah ill do it right now [20:31] smoser: ping [20:32] zul: [20:32] hold on, let me toss that other onein there too then [20:32] hallyn: ok [20:36] utlemming, hey [20:36] zul: can you re-load and now push? [20:36] stgraber: zul's merge should do it for us, thanks [20:37] yeah gimme a sec [20:37] hees a stupid question... where do the hosted files for apache go? [20:37] smoser: I'm thinking of naming the qemu arm images to be "oneiric-server-cloudimg-armel-omap-qemu.img" or something like that...thoughts? [20:37] hallyn: ok, great [20:37] zul: actually, no. dammit [20:38] zul: I don't know that it did the right thing. let me delete that merge request and send a new one [20:38] okie dokie [20:38] utlemming, i dont know that we need to specify. it is what it is. no one expects at this point something arm to be at all generic [20:38] but if you think we must, i'd prefer [20:39] "oneiric-server-cloudimg-armel_omap_qemu-disk1.img" [20:39] basically meaning 'armel_omap_qemu' is all "arch" [20:39] but.. .huck [20:39] yuck even [20:40] zul: you should have it now [20:40] zul: just make sure there are two entries in the changelog and all should be good [20:40] k [20:40] the problem I see is that these images are full images (bootloader, kernel, etc), so they should be identified as a complete package, but like you've highlighted the naming is aweful [20:41] what about oneiric-server-cloudimg-omap-disk1.img? [20:41] hallyn: it fixes two bugs right? [20:41] yup [20:41] we hope [20:41] maybe i should re-check the dhclient.conf manpage [20:42] yeah that looks right [20:44] zul: actually - does that have to have quotes around the hostname? [20:44] i mean, it's working here without quotes [20:44] so i guess not [20:44] i havent tried it [20:45] I have. Quotes might be more robust though [20:45] k....well repush then :) [20:45] zul: you think that's worth it? [20:46] not really [20:46] yeah, plus that then gets hair with quoting since it's inside a sed command [20:46] I'd probably do it wrong and break everything :) [20:46] and like i say - this is working [20:46] but if it makes it more robust then i would have to upload less if it doesnt work after :) [20:47] but ok [20:47] zul: not true, bc next week i'm applying for server upload rights :) [20:47] hallejuah :) [20:48] anyways uploade [20:50] zul: ok, thanks - I'll put in \" (bc I just tested it) when I send that upstream [20:51] hallyn: with the nova-compute bug? yeah its a known bug...the nova-compute driver is aasking for info that libvirt-lxc doesnt provide yet [20:53] zul: is there a workaround? [20:54] I hadn't heard about this [20:54] nor did i have this problem a few weeks ago [20:54] hallyn: not yet... [20:54] hallyn: hopefully tonight :) [20:55] zul: so let me ask you, is bug 842845 on your radar? [20:55] Launchpad bug 842845 in nova "problems starting multiple lxc instances concurrently" [High,New] https://launchpad.net/bugs/842845 [20:55] hallyn: yes [20:55] Same problem? [20:56] zul: so should i move on, you have it under control? [20:56] hallyn: ill have it under control [20:56] zul: awesome, thanks! [21:07] davros: Were you looking for /var/www/ ? [21:10] like where i put the stuff that i want to show up on the server [21:11] oops now i get forbiden [21:11] 403 [21:11] hahah [21:16] davros: hope is has correct permissions set [21:22] well at least i got the phpinfo and not 403 lol [21:22] hmmm [21:23] DOCUMENT_ROOT is what i want to change right? [21:28] join #php5 [21:32] got it lol [21:32] wrong place [21:32] hahahaa [21:44] New bug: #851351 in eucalyptus (universe) "Remove "Ubuntu Enterprise Cloud" branding from Eucalyptus packages." [Undecided,Confirmed] https://launchpad.net/bugs/851351 === Ursinha is now known as Ursinha-afk === unreal__ is now known as unreal === almaisan-away is now known as al-maisan === al-maisan is now known as almaisan-away [23:51] New bug: #850892 in orchestra (universe) "orchestra-import-isos does not update" [Medium,In progress] https://launchpad.net/bugs/850892