[01:34] <Durg> hey guys, I posted this yesterday but didn't really get an answer - I'm not sure if this is the right place to ask this, but I'll take a random stab at it; I've got a theoretical question for you guys - I've got a SaaS type service that moves data from one point to another; sometimes, that data is behind a VPN. I've got multiple clients on a single server, so plugging that entire box
[01:34] <Durg> into the VPN isn't an ideal solution; do you guys think it'd be possible to connect an external "worker box" to the VPN and then connect through that box via a proxy connection? Would that work or am I pounding sand?
[01:44] <twb`> That would depend on a bunch of things
[01:44] <twb`> Like: is there a proxy available for the protocol in question?
[02:01] <smoser> Daviey, where'd that come from ?
[02:38] <Durg> twb`: typically, proxies can be configured for any TCP service yeah?
[02:39] <jmarsden> Durg: No, application proxies are protocol specific by definition.
[02:40] <twb`> Perhaps you should describe the service in more detail
[02:42] <Durg> interesting
[02:42] <Durg> it's essentially an API to API middleware app
[02:42] <Durg> takes data from one enterprise system and moves it into another
[02:42] <Durg> such as a CRM to an ERP, ERP to Fulfilment, etc
[02:43] <Durg> but it's built around a SaaS model; completely hosted environment, so accessing on-site applications and databases that contain critical customer data is a significant challenge
[02:43] <twb`> Is it using a custom layer 7 protocol, or is it layered on top of e.g. HTTP?
[02:43] <Durg> HTTP
[02:44] <twb`> Then in principle you could use something like squid or nginx as the proxy
[02:44] <twb`> Although IIRC HTTP requires the client side to know it's going via a proxy, or for you to do dirty transparent proxy hacks
[02:46] <Durg> well, essentially the goal is to be able to access network services and clients for single-use calls; that's why I thought a proxy option might work
[02:46] <Durg> the back-end database I'm connecting to might be MSSQL, MySQL, Oracle, etc. or even file-based
[02:46] <Durg> might not have an HTTP endpoint
[02:51] <Patrickdk> isn't that what soap was made for?
[02:52] <Durg> well, REST, SOAP, XMLRPC, but that requires the application to adapt to meet the middleware, not the other way around
[02:54] <Durg> my second solution is to build a mini-instance that contains all of the network-specific code and can be accessed by a REST interface, but that raises my cost per client significantly compared to building 5 or 10 relay boxes for my entire network of clients
[02:55] <twb`> I don't think I really understand the problem
[02:55] <twb`> I'm not saying "there's no problem", I mean that I can't get my head around all the bits
[02:55] <twb`> A network diagram and/or user stories would probably help
[02:55] <Durg> unfortunately very few do, lol - it's my specialty field
[02:56] <Durg> well, here's a use case, that might help
[02:57] <twb`> Well, it's also that I don't do stuff like saas much
[02:58] <Durg> Company ABC has MAS500, an on-premise based application with an MSSQL database for their finance system, which is blocked off by their firewall (for good reason, it contains critical financial data about the company) - they want to move sales orders from Salesforce.com (SaaS) into their MAS500 instance
[02:58] <Durg> so it goes Salesforce -> DatixPanel.com (my middleware app) -> MAS500
[02:59] <Durg> from a low level standpoint, the concept is:
[03:00] <Durg> Salesforce -> Message Processing Server - > Action Server (retrieves, transforms and sends data) -> VPN Tunnel -> MSSQL
[03:00] <Durg> companies don't want to expose MSSQL through their firewall, because it would pose a significant security risk
[03:01] <Durg> so the problem is, how do I get to MSSQL?
[03:02] <twb`> Something like stunnel I guess
[03:02] <twb`> Er, no, brain fart
[03:03] <twb`> No, you know what, a properly secured TLS-encrypted version should be fine to allow through the firewall
[03:03] <twb`> I mean that's how stuff like IMAPS and HTTPS work
[03:03] <Durg> you know that, and I know that, but they don't want to admit that
[03:04] <twb`> OK, so that's not allowed because <customer> is retarded?
[03:04] <twb`> I mean plan A is "convince the customer to do it right" :P
[03:04] <Durg> lol, of course, but my target audience is small to mid biz, not enterprise
[03:04] <Durg> enterprise IT guys typically know that
[03:04] <Durg> but small to mid are... frankly, idiots
[03:05] <twb`> IME enterprise-level ones are the idiotest
[03:05] <twb`> Two-thirds of SMEs will just do what you recommend
[03:05] <Durg> well, that's not 100% false either
[03:05] <Durg> but typically the CIO is more intelligent than not
[03:05] <Durg> and they've typically done something like this with their data in the past
[03:05] <twb`> Yeah right
[03:06] <Durg> it's more about experience when I say 'intelligent'
[03:06] <twb`> My dad was CIO for a multinational for a couple decades, and he doesn't know shit about the lower layers.
[03:06] <Durg> I think that's part of the reason they're more willing to say go
[03:06] <Durg> lol
[03:06] <twb`> He deals with issues more like "how do I convince Cisco to give me a 60% discount" not issues like "why do we even need Cisco"
[03:07] <Durg> yeah, that sounds typical
[03:07] <Durg> just from my experience, I've had a lot less resistance from enterprise clients than SMEs
[03:07] <twb`> I guess it depends on how much their guy trusts you, and whether he realizes that he doesn't know what he's talking about.
[03:09] <Durg> well, the goal is to reduce the amount of end-client configuration to as low as possible; so setting up a PPTP login usually requires less effort
[03:09] <Durg> unless I'm wrong about that?
[03:09] <Durg> I'm a programmer, not a sysadmin
[03:09] <Smaug> hey all, I'm looking for a good resource that explains how the permissions of directories affects access to subdirectories and files with differing permissions
[03:11] <idlemind> smaug: you talking about permission inheritance?
[03:11] <Smaug> idlemind: very possibly
[03:11] <Smaug> sounds like it means what i'm after
[03:12] <twb`> You can't have that with POSIX DAC
[03:12] <Smaug> u have a resource for it?
[03:12] <twb`> If you use something else, like POSIX ACLs, NTFS or NFS4 ACLs, then I guess so
[03:13] <twb`> I've always put ACLs into the "too hard" basket.
[03:13] <idlemind> see acl's i think are really important
[03:13] <twb`> (Actually I tell a lie, there is one specific kind of inheritance you can have in POSIX DAC -- setgid dirs.  But that's unlikely to be what you want.)
[03:13] <Durg> and you guys just blew my little admin mind.
[03:13] <Durg> lol
[03:14] <idlemind> the fine grained options they give just outweigh the crap out of traditional owner / group / system perms
[03:14] <twb`> idlemind: yes but then I have to learn how to use them
[03:14] <idlemind> problem is they always come off as an afterthought in linux, the tools just don't seem to be their yet
[03:14] <twb`> Personally I'd like to do it properly with grsec RBACs, but ICBF recompiling the kernel on all my hosts
[03:14] <twb`> idlemind: yeah that's the other issue
[03:18] <idlemind> smaug: https://help.ubuntu.com/community/FilePermissions
[03:18] <idlemind> smaug you will probably want to look into using acl's
[03:19] <twb`> AFAIK BCP is to use NFSv4 or NTFS acls; not POSIX acls.
[03:31] <Smaug> idlemind: thanks for the link, but I'm not sure if that includes what i'm interested in.   what I want to know is, if a directory has, for example, drwx------ and a file inside it has -rwxrwxrwx or whatever, what happens?  can the file be read by a random user?  or not since you can't get into the directory?
[03:31] <Smaug> that sort of behavior
[03:32] <Smaug> i'll look into ACLs
[03:32] <idlemind> http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
[03:32] <Smaug> but from your discussion it appears that they don't always work?
[03:32] <idlemind> it's an all or nothing type setting with the default rwx rwx rwx permissions as far as i know
[03:33] <idlemind> so acl's (nfs v4 ones) may be your best option to make it behave more like the ntfs file perms you are most likely used to
[04:04] <Smaug> idlemind: thanks for the link, it was helpful but also did not answer my question.  i am not seeking to make ubuntu behave as ntfs, I am simply attempting to understand how it does behave so I can use it properly
[04:04] <Smaug> the umask was a pretty interesting read and i thank you for it
[04:04] <idlemind> smaug that's basically it
[04:04] <idlemind> when you create a file it doesn't inherit permissions
[04:04] <Smaug> one of the questions i am trying to answer, for example, is - if a directory has a set of permissions, how does that affect the permissions of the files inside
[04:04] <Smaug> it
[04:04] <Smaug> and if the directory does not affect the perms of the files inside it
[04:05] <Smaug> what is the point of directory perms
[04:05] <Smaug> do you have situations where you cannot cd to the directory but if you know the path of the file you can still access it?
[04:05] <idlemind> 1. a directories permissions do not affect the permissions of the files inside only if you can view those files or not
[04:06] <idlemind> well i guess i answered both there
[04:06] <jmarsden> idlemind: True, but setting g+s affects ownership of files created inside the directory, though!
[04:07] <Smaug> so is the answer to my secondn question yes? that surprises me
[04:07] <jmarsden> Smaug: Yes, you can set things up so a user cannot read a directory to discover what files are in it, but if the user knows a filename they can read it.
[04:07] <Smaug> hmm okay
[04:08] <idlemind> well i do stand slightly corrected u+s and g+s would allow you to force inheritance for files created within a directory
[04:08] <idlemind> so that maybe something you want to research smaug
[04:09] <Smaug> my end goal is being able to add a user to help with creating a website, without letting him have access to other, private parts of the server
[04:09] <Smaug> like other sites of my own
[04:09] <idlemind> o well that's simple
[04:10] <idlemind> when you create the user don't give him a home directory (or assign his home to the web-sites root) and add that user to a group with your other users and assign that group the rwx you want on those files
[04:12] <idlemind> you may want to then set the g+s on the web-sites root so that files that user creates inherits the group perms
[04:12] <idlemind> ne who i gotta run
[04:12] <idlemind> tty laters
[04:13] <Smaug> thanks you idlemind
[05:25] <DanaG> Just got this oops on natty, when detaching a serial console from byobu:
[05:25] <DanaG> http://pastebin.com/E0JU0nmg
[05:26] <DanaG> Oddly enough, my znc is still running.
[05:29] <DanaG> (10:25:03 PM) DanaG: Just got this oops on natty, when detaching a serial console from byobu:
[05:29] <DanaG> (10:25:04 PM) DanaG: http://pastebin.com/E0JU0nmg
[06:24] <ThomasB2k> How do I access the GRUB cli when on boot I'm taken directly into Ubuntu without a grub menu?
[06:31] <twb`> Hol- oh, he's gone.
[06:31] <twb`> Damn impatient kids
[06:39] <s10loridr> i changed the ssh port on a 10.04 server, i can not connect to it with the new port (or old port) do i need to regenerate the keys on it after i change the port? I get a connection refused when trying to ssh into it now
[06:44] <twb`> Host keys are not port-specific
[06:44] <twb`> You probably forgot to deal with the firewall or something
[06:49] <greppy> s10loridr: I would check the firewall, and you should be able to run on multiple ports for testing.  Just add another "Port 2222" or whatever line, leaving the original "Port 22" there.
[06:49] <s10loridr> actually i made a dumb mistake, was editing the wrong fiel
[06:49] <s10loridr> i used the ssh_config by accident
[06:49] <s10loridr> im an idiot
[06:49] <s10loridr> all fixed now, thanks
[06:56] <koolhead11> hi a;l;
[06:56] <koolhead11> *all
[07:43] <jamespage> morning all
[07:46] <phretor> "error: invalid argument in libvirt was built without the 'gsx' driver" - any chance that I can connect virsh to a GSX hypervisor on 11.04?
[07:51] <twb`> phretor: you can rebuild your own version
[07:52] <phretor> twb`: well, I'd have preferred not to screw with the packaging system
[07:52] <twb`> phretor: since 11.04 is released, you're unlikely to get a new version that has new features enabled
[07:52] <phretor> I'm trying to migrate out from vmware
[07:55] <twb`> Apparently GSX driver just backs onto HTTP, so I would guess it wasn't in 11.04 because it wasn't in that version of libvirt
[08:04] <GeorgeJ> Hello folks
[08:04] <GeorgeJ> My base instalation of ubuntu server 11.04 seems to come with udhcpd as a default dhcp daemon. Can I change it to ISC?
[08:07] <phretor> when I upgraded from 10.10 to 11.04, GRUB attempted to boot Xen DOM0. Does this have to do with the upgrade, or I installed Xen stuff by mistake?
[08:08] <twb`> GeorgeJ: try apt-get install isc-dhcp-client
[08:08] <GeorgeJ> Aye, just did so, I was just a bit confused because dhcpd3-server did not exist in /etc/init.d
[08:09] <soren> phretor: You must have installed Xen. By mistake or not, I can't say :)
[08:09] <soren> phretor: It's most certainly not part of the standard upgrade procedure.
[08:09] <twb`> Didn't kernels recently get the ability to be dom0's OOTB ?
[08:09] <soren> Yes.
[08:09] <phretor> soren: I should go for libvirt/kvm instead, right?
[08:09] <smb> Kernels, yes. But to boot in that mode you need xen-hypervisor
[08:10] <soren> phretor: If you're not on ancient hardware, yes.
[08:10] <twb`> just checking
[08:10] <soren> twb`: Right, they can act as dom0, but you still need the Xen hypervisor to run first (which then in turn runs the dom0 kernel).
[08:10] <phretor> soren: I've got a Dell PowerEdge 1950 with 8 cores and 8G of RAM. smb: what do you mean by "to boot in that mode"?
[08:11] <smb> Normal upgrade should not pull that hypervisor package.
[08:11] <soren> twb`: So a standard install can't function as a Xen host. You must manually choose to install the Xen hypervisor.
[08:11] <smb> Unless somebody put it into a meta package that pulls it.
[08:11] <soren> phretor: KVM is what I'd recommend for sure.
[08:11] <Daviey> soren: I bought a server last year that oddly, Intel excluded virt extensions.
[08:11] <Daviey> fairly modern CPU aswell.
[08:12] <soren> Daviey: True.
[08:12] <smb> phretor, In that mode means the xen hypervisor is booted and loads a kernel as dom0
[08:12] <phretor> smb: maybe I installed xen on 10.10 and then disabled it and forgotten. And the upgrade simply reactivated it by mistake.
[08:12] <soren> Daviey: They still produce new models that don't have the virt extensions. The feature support matrix of Intel processors is a massive clusterfuck.
[08:12] <Daviey> smoser: slow reply, must have been an issue in my bundling.
[08:13] <twb`> soren: that's for price differentiation
[08:13] <soren> twb`: potato, potato.
[08:13] <twb`> soren: like "$100 more for the VT version!!1!"
[08:13] <twb`> It shits me that the only atoms that have VT are the pouslbos
[08:13] <smb> phretor, Maybe. I have not checked really, but the last working xen hypervisor I know of in Ubuntu was 8.04.
[08:14] <twb`> OTOH my main machine I'm switching to ARM this month, and I managed to get the only one that doesn't have SIMD (NEON) :-///
[08:14]  * smb misses a "was"
[08:14] <smb> Sorry not fully awake, yet
[08:14] <soren> AMD gets this right. They don't mix and match features. Each new processor offers a superset of the features of its predecessor. There might be the odd exception to this rule, but it's just that: and odd exception. Intel offers virtually any combination.
[08:14] <twb`> soren: I guess my point was just that it's a *deliberate* clusterfuck
[08:15] <soren> twb`: True, and good point.
[08:15] <phretor> smb: ah, true, I migrated all the way from 8.04 -> 8.10 -> 9.04 -> 9.10 -> 10.04 -> 10.10.
[08:16] <smb> phretor, Ah ok. Hm, interesting to remember that xen can be that persistent...
[08:17] <soren> Well, if you've had the hypervisor installed, but not had a kernel that could be a dom0, you're fine.
[08:17] <Daviey> smb: I believe you are correct about 8.04 being the last working xen hypervisor release, which is why the buildd's never upgraded to Lucid.
[08:17] <phretor> smb: http://paste.pocoo.org/show/478406/
[08:18] <Daviey> soren: I was rather unhappy.. i stopped checking virt extensions before purchase as it seemed they all had them now.. being left with a lemon made me cry.
[08:18] <smb> Daviey, yep. And thats why they really like us to have something before Hardy goes out of service. :)
[08:18] <soren> Now that the standard kernels can be a dom0, and you happen to have a hypervisor installed (which would have been useless for the past X releases), suddenly you'll boot into Xen. I guess this is somethis update-manager should warn about.
[08:18] <Daviey> smb: Yep, which is why we single-handed pushed xen into mainline :P
[08:19] <twb`> smb: good luck with that
[08:19] <twb`> smb: wasn't xen axed in lucid, along with vserver and openvz?
[08:19]  * twb` bitches about LXC not being ready in .32
[08:19] <soren> twb`: It was axed right after ahrdy because it wasn't supportable (not being in mainline)
[08:19] <soren> ...but now it's in mainline, so it's a different story.
[08:20] <twb`> soren: non-LTS releases don't matter anwyay
[08:20] <twb`> They are just an ephemeral fog
[08:20] <soren> twb`: Also, the dom0 kernel in Hardy wasn't in main.
[08:20] <twb`> Nor was openvz or vserver, shrug
[08:20] <smb> soren, phretor Maybe that is related to the old 3.1 hypervisor. On my test system with the 4,1 one there is a special grub entry for starting as xen and it is not the first thing
[08:21] <twb`> And current lucid-security .32 has LXC support disabled to keep stupid vsftpd happy :-/
[08:21] <phretor> smb: that was 3.3
[08:21] <soren> twb`: whuh, really?
[08:21] <twb`> yeah
[08:21] <smb> twb`, Not so much axed as ignored as it was already enough pain to drag a patchset for getting a pv-ops domU
[08:21] <twb`> SOmeone noticed that vsftpd used cgroups and DOSd it, so the "fix" was to disable cgroups (thus, no LXC), rather than to, I don't know, turn off that feature in vsftpd
[08:22] <smb> soren, twb` It has net namespaces disabled
[08:22] <twb`> smb: still annoying, because the upgrade path from hardy openvz was to lxc, which IMO isn't ready as at .32
[08:22] <Daviey> twb`: It's all very well identifying failings... people tend to come to UDS to help fix these things. ;)
[08:22] <smb> Right, because you can create them quick but it takes about two seconds for each to get torn down in Lucid
[08:22] <twb`> Daviey: go stick your head up a dead bear's bum :P
[08:23] <Daviey> heh
[08:23] <smb> twb`, The option would be to take one of the backport kernels
[08:23] <twb`> smb: yeah, that's what I'm doing now, I just don't like it
[08:23] <twb`> I would just prefer vsftpd be penalized for being stupid
[08:23] <smb> Well, _if_ vsftp is the only thing
[08:23] <smb> Which you never can say
[08:24] <twb`> Yeah yeah, I know you're right
[08:24] <twb`> I'm probably extra pissed off because the power outage that triggered the new .32 kernel happend at like 4AM sunday
[08:25] <twb`> And it was totally unexpected that it LXC would Just Not Work anymore after a kernel -n+1 update
[08:27] <smb> twb`, Yes, I can understand that. I'd preferred to have had another option. Or at least a way to warn about the change
[08:27] <twb`> I'm mainly just venting (again)
[08:28] <twb`> FWIW libvirtd-bin has been doing OK, apart from ridiculous errors from the stupid broken virt-managers in lucid and natty
[08:29] <twb`> e.g. apparently natty's v-m goes "oh, you are connecting as chris, I will just add /home/chris on the server, which has a root_squashed /home, as a VM volume.  And then try to scan it all the time"
[08:29] <soren> twb`: When was this kernel update, btw?
[08:29] <twb`> Dunno, there's a ticket in LP about it
[08:30] <twb`> [Bug 790863] Re: Unable to start lxc container after update to 2.6.32-32
[08:30] <soren> Oh, a long time agi.
[08:30] <soren> ago, even.
[08:32] <twb`> qemu/kvm and me are BFFs, tho. I can do ttyS0 and TFTP booting and stuff, /me love.
[08:33] <soren> And looking at an architecture diagram of kvm doesn't make me facepalm unlike the equivalent for Xen.
[08:33] <twb`> Eh, isn't xen designed by the same people that try to use microkernels in the real world?
[08:34] <soren> Xen is a microkernel.
[08:34] <twb`> There you go then
[08:34] <soren> But that's hardly the worst of it.
[08:35] <stiv2k> is there a program that I can run on my server that will forward ports in my router via uPnP for me? so if I switch it between wireless / wired i dont need to manually change port forwarding settings... etc
[08:35] <twb`> About as clever as hurd or ntoskrnl :P
[08:35] <twb`> stiv2k: last time I looked, UPNP was basically a big hole that said "exploit me!".  Do you really want that?
[08:35] <stiv2k> twb`: i dont know much about that, can you elaborate
[08:36] <twb`> If mean if you're doing port forwarding maybe you want more like SOCKS5 (ssh -D) or something
[08:36] <stiv2k> twb`: its just to make the machine visible from behind a NAT device
[08:36] <stiv2k> it happens to have a wireless card and i'd like to make it easier to switch between the two interfaces
[08:36] <twb`> Oh one of THOSE.  Is Ubuntu running on the router, or is it some crappy vendor-provided vxworks image?
[08:37] <stiv2k> while still keeping the machine visible on the net
[08:37] <stiv2k> it runs a custom fw
[08:37] <twb`> Like OpenWRT?
[08:37] <stiv2k> Tomato
[08:37] <stiv2k> same idea
[08:37] <twb`> Are the wifi and ethernet networks bridged together (on the router)?
[08:37] <stiv2k> how to tell?
[08:38] <twb`> Pastebin the output of "ip a" and "ip r" for each network
[08:38] <twb`> If they're the same range (e.g. 192.168.0/24), then they're bridged
[08:38] <twb`> Since you don't know, they probably are
[08:39] <twb`> In which case, the easiest solution would just be to make sure you use the same IP address regardless of which interface you're using.
[08:39] <stiv2k> hold on
[08:39] <stiv2k> let me ssh in
[08:39] <twb`> Failing that, rather than UPNP you could just ssh into tomato and use a shell script
[08:40] <jamespage> Daviey: any chance you could sponsor the MP for bug 852019?
[08:40] <stiv2k> twb`: the router has a lot of interfaces
[08:40] <stiv2k> br0, eth0, eth1, lo, vlan0, vlan1
[08:40] <Daviey> jamespage: no, because i hate you.
[08:41]  * jamespage is feeling the love this morning :-)
[08:41] <stiv2k> vlan1 has my public ip
[08:41] <twb`> stiv2k: no, the interfaces on your laptop or whatever
[08:41] <stiv2k> oh
[08:42] <Daviey> jamespage: crappy weather for you aswell?
[08:42] <twb`> SOmething like http://paste.debian.net/130942/
[08:42] <jamespage> Daviey: meh - kinda average here
[08:42] <stiv2k> twb`: wtf is ip a ?
[08:42] <twb`> A command.
[08:42] <twb`> Like "ifconfig" only not shit
[08:43] <stiv2k> twb`: http://pastebin.com/GWRpJcNm
[08:43] <stiv2k> hahaha
[08:44] <stiv2k> i use wicd to connect to the wireless network
[08:44] <twb`> stiv2k: yeah, OK, now check if when you switch to wired, it also gets a 192.168.1/24 address
[08:44] <stiv2k> twb`: it does
[08:44] <twb`> OK, so then just make sure you get the same IP on both
[08:44] <stiv2k> hmm ok
[08:44] <Daviey> great, LP seems OOPsy today :(
[08:44] <twb`> Not that the same time; I mean whichever you're on, it is always (say) 192.168.1.10/24
[08:44] <stiv2k> what if the wired connection is plugged in and wireless is still on too?
[08:45] <twb`> stiv2k: then it explodes
[08:45] <twb`> stiv2k: but it should explode in that case anyway
[08:45] <stiv2k> will the machine become unreachable
[08:45] <stiv2k> to anyone
[08:45] <twb`> Depends
[08:45] <twb`> Probably something like RPF will just throw away half the packets
[08:45] <stiv2k> what is RPF
[08:46] <twb`> Magic
[08:46] <twb`> Short version is: make sure you don't raise both networks at once
[08:46] <stiv2k> there is a wireless switch on the machine
[08:46] <twb`> (It *can* be done, but it's a huge pain in the arse and you don't want to do it.)
[08:47] <stiv2k> i just need to remember to disable the wireless before plugging in the ethernet
[08:47] <stiv2k> i should test it out
[08:48] <stiv2k> i imagine it would still destroy all the existing connections
[08:49] <stiv2k> meaning i would get kicked off irc and all my clients would get kicked off too
[08:50] <stiv2k> ok here we go
[08:50] <twb`> stiv2k: or script it to do so
[08:52] <twb`> SOmething dirty like this http://paste.debian.net/130943/
[08:55] <stiv2k> hello
[08:55] <stiv2k> i'm still here
[08:55] <stiv2k> cool
[08:55] <stiv2k> it worked, twb`
[08:56] <stiv2k> twb`: how would i script the system to do that
[08:56] <Markslap> Good day everyone. I'm trying to enable and use IPv6 on my Ubuntu Server 11.04-machine, I've tried to add my IPv6 address to eth0 (I still want to be able to use IPv4) and add the correct route, but nothing seems to work. And this https://wiki.ubuntu.com/IPv6 article did not help at all, it's just about tunneling.
[08:56] <Markslap> And it's on the machine that the problem is, not the network. :)
[08:59] <twb`> stiv2k: to do what?
[09:00] <stiv2k> yo, wtf
[09:01] <stiv2k> every time i plug in the cat5 cable, it gets a dynamic ip
[09:01] <stiv2k> i have to do /etc/init.d/networking restart
[09:01] <stiv2k> and THEN it gets the static ip i assigned it
[09:01] <twb`> Markslap: you should already have an IPv6 address listed in "ip a", that is autonegotiated a la IPv4's zeroconf
[09:02] <Markslap> inet 78.46.87.39/27 brd 78.46.87.63 scope global eth0
[09:02] <Markslap> inet6 2a01:4f8:120:14e1::10/64 scope global
[09:02] <phretor> has anyone deployed openstack or eucalyptus on ubuntu yet and want to share thoughts?
[09:02] <Markslap> Like that?
[09:02] <twb`> Markslap: well, yes, that's your IPv6 address
[09:02] <stiv2k> twb`: http://stats.stiv2k.info
[09:03] <stiv2k> tell me you like my load averages
[09:03] <twb`> stiv2k: doesn't work.  You shouldn't be using PHP anyway
[09:03] <stiv2k> huh
[09:03] <stiv2k> so its not visible then
[09:03] <stiv2k> whats not working?
[09:03] <twb`> stiv2k: I get a response, but there's no load average there.
[09:04] <stiv2k> what do you see?
[09:04] <twb`> http://paste.debian.net/130947/
[09:05] <Markslap> twb`: Mkay, but when I tell Irssi to use that IP address i just get this error when trying to connect to a IPv6-enabled server: 11:04:21 -!- Irssi: Unable to connect server efnet.xs4all.nl port 6667 [No route to host]
[09:05] <stiv2k> what...oh
[09:05] <stiv2k> twb`: stop being a smart ass
[09:05] <stiv2k> you could have just said "i dont have a browser"
[09:05] <twb`> stiv2k: if you expect me to be using a browser with js, or css, or colour, or images, you are wrong.
[09:05] <twb`> My browser implements HTML.  That's it.
[09:05] <stiv2k> lol
[09:06] <stiv2k> so you can't look at at like... 90% of the internet
[09:06] <twb`> It means I have a nice consistent interface and you stupid webdevs can't fuck it up or spam me with ads
[09:06] <twb`> stiv2k: yes, the 90% that is where 4chan and youtube and other useless time-wasters hang out
[09:06] <twb`> technical and academic resources work just fine
[09:06] <stiv2k> hehehe
[09:06] <twb`> (Except blackboard, but that's retarded.)
[09:07] <stiv2k> twb`: i use youtube for technical and academic resources all the time
[09:07] <ersi> Now now, stop quibbling. You got different needs and tastes.
[09:07] <twb`> IME there are no technical youtube videos where you can't jsut throw away the video stream
[09:07] <twb`> In any case, mplayer can do youtube better than some silly browser
[09:08] <twb`> ersi: right.  It's just MY needs are more important :P
[09:08] <stiv2k> lmao
[09:08] <stiv2k> anyhow
[09:08] <stiv2k> what i was saying earlier was
[09:08] <stiv2k> can i write a script that will bring wlan0 down upon plugging in the ethernet cable
[09:08] <stiv2k> or bring wlan0 up upon disconnecting it
[09:08] <twb`> stiv2k: on plugging it in, or on DHCP completing?
[09:08] <twb`> I showed you how to do the latter
[09:09] <stiv2k> i dont use dhcp
[09:09] <twb`> The former would go in /etc/network/if-up.d or so
[09:09] <stiv2k> otherwise i wouldnt be able to get my port forwards to stay consistent
[09:09] <twb`> Sure you woud
[09:09] <twb`> *would
[09:09] <stiv2k> explain?
[09:09] <twb`> Just teach the DHCP server to supply the correct IP
[09:09] <stiv2k> hmmm
[09:09] <twb`> Admittedly that might be hard to make it send the same IP to both
[09:10] <twb`> But failing that you could tell your DHCP client to refuse leases that don't match, and to specifically ask for the lease you want
[09:10] <twb`> You'd have to make sure you released the lease on the old iface before switching, tho
[09:12] <stiv2k> i think im going to finally fall asleep
[09:12] <stiv2k> 5:12am
[09:12] <twb`> Likewise
[09:17] <koolhead11> kim0:
[09:17] <kim0> koolhead11: hey man
[09:18] <koolhead11> came to know about this company called system76 they sell hw with only ubuntu as sw on it. :D
[09:19] <koolhead11> os
[09:20] <koolhead11> Daviey: hello
[09:21] <kim0> yeah some nice laptops there I guess :)
[09:23] <Daviey> hey koolhead11
[09:25] <koolhead11> kim0: they are selling servers too man. :D
[09:51] <Daviey> rbasak: Fancy reviewing a branch for me please?
[09:52] <rbasak> Daviey: sure
[09:53] <Daviey> rbasak: it's updating the diff... but https://code.launchpad.net/~davewalker/ubuntu/oneiric/dnsmasq/add_dnsmasq-utils_package/+merge/75988
[09:57]  * rbasak waits
[09:58] <Daviey> maybe i borked it by requesting a merge before LP had scanned the branch
[10:11] <koolhead11> rbasak: hey
[10:11] <rbasak> hey koolhead11
[10:12] <koolhead11> how have you been? and is cobbler thing got solved for you?
[10:14] <koolhead11> rbasak: am waiting for your blog on same. :D
[10:14] <rbasak> I got it working in the end, thanks. There were a few hurdles - remind me of the one you are thinking about?
[10:15] <rbasak> Was it the installer not finding the disk and ending up in a loop?
[10:24] <Daviey> jamespage: Do you fancy review and if suitable sponsoring, https://code.launchpad.net/~allison/ubuntu/oneiric/backuppc/bug-852484/+merge/75973 ? :)
[10:25] <jamespage> Daviey: sure - lemme just finish up what I am working on
[10:25] <Daviey> jamespage: no hurry.
[10:25] <jamespage> Daviey: ack
[10:41] <rbasak> Daviey: should I be testing the build? In principle it looks good to me. What's the purpose of the Conflicts: line, and if to stop it going with a previous version before the new package, then surely it should be against 2.58 and not 2.40?
[10:42]  * rbasak isn't really sure how to go about doing a review here
[10:44] <Daviey> rbasak: My assumption was that the contrib script wasn't in <2.40.
[10:45] <Daviey> rbasak: Is there anything cosmetic, does it build, does the new binary deb contain files you'd expect?
[10:45] <Daviey> does the damn thing install?
[10:45] <Daviey> pick a few of the above.
[10:45] <rbasak> Daviey: but the contrib scripts are built in the source. What's that got to do with a binary dependency?
[10:46] <Daviey> Tear me apart. kkthnx
[10:46] <Daviey> rbasak: Yes, but i assumed the upstream source of <2.40 didn't include contrib/wrt/dh*
[10:47] <Daviey> oh
[10:47] <rbasak> yeah but why would one need a conflicts for that? A binary built from this source would have them
[10:47] <Daviey> rbasak: honestly, i don't know.. perhaps <2.40 produced the same binary?
[10:48] <Daviey> NFI, it's a change that came from the debian maintainer.
[10:48] <rbasak> I don't suppose it matters
[10:48] <Daviey> But good question, one that i now want to find out.
[10:48] <rbasak> That was the one thing in the diff I didn't understand, that's all
[10:50] <Daviey> rbasak: Great, so add a comment to the merge proposal, if you approved it - i'll upload it.  If it turns out to be bad, i'll blame you.. thanks :)
[10:50] <jamespage> Daviey: minor version bump with just bug fixes does not need a FFE right?
[10:50] <Daviey> jamespage: correct-a-mundo.
[10:50] <jamespage> coolio - lgtm - uploading now
[10:50] <rbasak> Daviey: :-)
[10:50] <Daviey> jamespage: rocking.
[10:50] <rbasak> Daviey: I need to do a build test first though
[10:50] <Daviey> jamespage: I raised the "Please Merge" bug and put that as a comment :P
[10:51] <jamespage> doh!
[10:51] <jamespage> missed that comment
[10:52] <jamespage> Daviey: gah - not in the ubuntu-server packageset!
[11:02] <nijaba> smile of the day http://www.datamation.com/news/tech-comics-finding-a-job-in-the-cloud-computing-era-1.html
[11:07] <koolhead11> nijaba: sysadmins will get it all if amazon goes for toss!! :D
[11:10] <Daviey> jamespage: rly?!
[11:10] <Daviey> jamespage: I was sure it was :/
[11:11] <Daviey> nijaba: heh
[11:12] <jamespage> Daviey: backuppc_3.2.1-1ubuntu1_source.changes rejected
[11:12] <jamespage> quack quack oooppps
[11:12] <jamespage> normally check before I upload but not today :-)
[11:12] <Daviey> rbasak: You'll notice that i didn't include the manpages as a patch.  That package doesn't have a patching system, and i was hessitant to introduce one.  So i included the mangpages directly.  The other thing i could have done, was put them in debian/ .. but I wanted to align as close to possible to the Debian package for easier future merge/syncing.
[11:13] <Daviey> jamespage: yeah, it looks like a package we subscribe to for bug triage, but not in the damn package set.
[11:13] <Daviey> jamespage: hurry up and get coredev :)
[11:13] <jamespage> Daviey: thats not fixing the problem tho
[11:13] <jamespage> there are quite a few I expected to be in the package-set which are not
[11:14] <jamespage> I know that I'm currently the only 'just' ubuntu-server-dev
[11:14] <jamespage> but I expect there to be more in the next 6 months
[11:14] <Daviey> jamespage: This is a problem. :(
[11:14] <Daviey> yeah.
[11:14] <soren> jamespage: Do you have a list?
[11:14] <Daviey> soren: of the packageset?
[11:14] <soren> Of the delta between the packageset and the subscribed packages.
[11:15] <soren> It shouldn't be a big deal to sort that out.
[11:15] <jamespage> soren: I don't but I could generate one
[11:15] <Daviey> soren: I do have a script i wrote to compare.
[11:16] <jamespage> in which case I won't :-)
[11:16] <soren> Daviey: so why is there still a delta? :)
[11:16] <soren> This must have been a point of discussion before (otherwise why did you write that script?).
[11:17] <Daviey> soren: The script was actually to produce the report, which is based on all packages in both the subscribed and packageset.. measuring the delta came as a freebie.
[11:17] <soren> Ah.
[11:17] <soren> Who signs off of additions to the packageset?
[11:17] <Daviey> jamespage: at least you can upload gimp.
[11:17] <soren> I forget.
[11:18] <jamespage> w00t
[11:18] <jamespage> I'm always doing that
[11:18] <Daviey> soren: technically the TB, but i think cjwatson can throw stuff on there that is logical.
[11:18] <Daviey> hmm, perhaps even the DMB.
[11:18] <Daviey> ego, it;s not clear.
[11:18] <Daviey> ergo*
[11:19] <soren> That's what I thought.
[11:19] <jamespage> Can't we add them to some sort of seed that gets them in the right packageset (think I asked this question on -devel)
[11:19] <Daviey> jamespage: Yeah, i think that is the expectation.
[11:20] <Daviey> However, not all packages in the packageset should be seeded.
[11:20] <cjwatson> false
[11:20] <cjwatson> the ubuntu-server package set is constructed only of seeded packages
[11:20] <Daviey> cjwatson: You don't think Server developers should have upload access to things like asterisk (universe)?
[11:20] <cjwatson> I think (a) you should get it into main if your team is interested in maintaining it (b) I don't see why qualified server developers can't get MOTU
[11:21] <soren> jamespage: Why can you upload gimp, by the way?
[11:21] <Daviey> soren: we seed one of it's binary packages.
[11:21] <soren> *blink*
[11:21] <soren> Erm. ok.
[11:22] <Daviey> GUI-less image manipulation, think for PHP
[11:22] <soren> Ah.
[11:22]  * soren needs lunch
[11:22] <jamespage> that sounds like a good idea
[11:23] <jamespage> Daviey: BTW eucalyptus-commons-ext now builds from source again
[11:23] <jamespage> boy did that package make me feel dirty :-)
[11:23] <Daviey> cjwatson: I agree, but it doesn't exactly make the packageset useful if you really need to have MOTU aswell.
[11:23] <Daviey> jamespage: \o/
[11:23] <cjwatson> I'm not happy with maintaining an arbitrarily extensible package list that has to be maintained by manual requests to me
[11:23] <cjwatson> that sucks
[11:24] <rbasak> Daviey: yeah the package doesn't really have anything does it? :)
[11:24] <cjwatson> if you have broad enough capabilities to contribute to a wide range of packages in universe, get MOTU
[11:24] <Daviey> cjwatson: Can it not also be linked to the packages the team subscribe to?
[11:24] <cjwatson> far too little access control on subscribing a team to things
[11:24] <cjwatson> I'm not at all happy with using that to grant upload access
[11:25] <cjwatson> I want an audit trail
[11:27] <Daviey> cjwatson: IMHO ~ubuntu-server should not just be looking after things in main.  ubuntu-server not having upload access to the things we claim to look after, feels wrong.
[11:27] <cjwatson> it might be possible to construct an "interested" seed or something which is not considered for promotion to main
[11:27] <Daviey> Especially as we want to try and grow contributors.
[11:28] <Daviey> cjwatson: that sounds ideal
[11:28] <cjwatson> the Ubuntu project as a whole wants to grow contributors
[11:28] <cjwatson> I'd quite frankly be much happier with people targeting this kind of breadth going through the MOTU -> core-dev chain
[11:28] <Daviey> cjwatson: Other corners of the project are not suffering from lack of contributors as we are.
[11:28] <cjwatson> rather than being siloed off into ubuntu-server-dev
[11:29] <cjwatson> jamespage is a classic example of somebody who historically would've had no problem with that
[11:30] <Daviey> Well yes, but PPU's etc was created purely to give granular access.. when really, we are going to find that there is a subset of stuff people do not have access to.
[11:31] <cjwatson> (PPU is different, let's not conflate)
[11:31] <Daviey> In the current form, the packageset serves little purpose - other than a trial to make sure people do not mess up too badly, before going for broader sets.
[11:31] <cjwatson> the problem is that server covers such a wide range of stuff
[11:31] <cjwatson> honestly I'm not sure it's focused enough for a packageset, under the terms you want to apply
[11:32] <Daviey> cjwatson: Do you think it would be better to just drop it, and try to mentor people into MOTU->CoreDev?
[11:32] <cjwatson> I don't see it being significantly easier to demonstrate competence across such a package set than it would be to demonstrate competence across the archive
[11:34] <cjwatson> I think it's useful for your team to be able to directly maintain the product you release; it's when it starts drifting out into universe without any obvious limit that I start getting itchy
[11:34] <cjwatson> (FWIW I say the same thing to desktop people when they ask for universe packages to be added to their package set)
[11:35] <Daviey> Yeah, there are a bunch of openstack packages that will be in Universe this cycle, which is really part of the server product - but not quite the same promise of security or stability, hence not pushing for main.
[11:35] <cjwatson> honestly that kind of thing sounds like it should be part of a specific cloud package set to me
[11:36] <Daviey> cjwatson: Well as it stands, cloud and server is one product.
[11:36] <cjwatson> I want to keep the automatically-maintained-from-seeds package sets strictly separate from the manually-maintained ones (which isn't to say that they can't have the same access control)
[11:36] <cjwatson> it gets completely unmanageable otherwise
[11:36] <cjwatson> but manually-maintained sets do exist
[11:37] <Daviey> Half of me is tempted to propose a UDS session for this, the other part wants this to just go away so we can get stuff done. :/
[11:37] <cjwatson> it's just a matter of defining sensible parameters for them and asking the DMB to authorise it
[11:37] <cjwatson> the "just go away" option is to mentor staff through MOTU/core-dev so that none of it is an issue ...
[11:37] <cjwatson> TBH
[11:37] <Daviey> s/staff//
[11:37] <cjwatson> I probably should have said "developers"
[11:46] <soren> jamespage: eucalyptus-commons-ext? I thought the Eucalyptoids had assumed responsibility for the whole stack?
[11:47] <jamespage> soren: me to
[11:47] <jamespage> working through FTBFS's
[11:56] <Daviey> soren: Oh they have.. but the contributions haven't been what we hoped.
[11:56] <Daviey> I was convinced until last week that Euca in Oneiric wouldn't work, and natty users wouldn't have an upgrade path.
[11:57] <Daviey> Well they would.. but it would be upgrade to disaster.
[11:57] <soren> Daviey: Then you sprinkled a bit of pixie dust^W^W^W^W^Wput jamespage on the case?
[11:59] <jamespage> well TBH it still does not work
[11:59] <Daviey> Clint drove the upstream patch into Oneiric.. James Page fixed a few other things, and smoser did the dance.
[12:13] <Daviey> jdstrand: IIUC bug 801299 is waiting for a decision from the security team if not using SSL by default is acceptable?
[12:14] <jamespage> Daviey: might be our euca issue - https://bugzilla.redhat.com/show_bug.cgi?id=663136
[12:15] <jamespage> we use 1.44 in Ubuntu
[12:18] <smoser> Daviey, i now realize your "multiboot loading" message did in fact come from the "multiboot support" that I added to Eucalyptus.
[12:18] <smoser> The context of Eucalyptus threw me for  aloop as I didn't know how you would have hit that code in openstack
[12:18] <smoser> (or anywhere else)
[12:19] <Daviey> ahhhhhhhhh bouncycastle!
[12:19] <Daviey> smoser: no, that pastebin was against nova..
[12:19] <smoser> hm... well then maybe i'm wrong about where the msg came from.
[12:19] <Daviey> altohugh, i suspect i might have been using your loader that was targeted for openstack
[12:19] <Daviey> (i was using some old scripts.)
[12:20] <smoser> as you most certainly should not hit that code path there.
[12:20] <smoser> k
[12:20] <Daviey> s/targeted for openstack/targeted for euca/
[12:21] <Daviey> jamespage: you think we need that patch?
[12:21] <Daviey> jamespage: best not spend much longer investigating this.. post your findings to a bug, and invite upstream comment.
[12:22] <jamespage> Daviey: OK - I was just trying to hack a later version in but it appears to have made no differenc
[12:22] <Daviey> :(
[12:25] <jamespage> Daviey: updated bug 851611
[12:32] <Daviey> jamespage: rocking
[12:44] <zul> morning
[13:08] <Daviey> SpamapS: When you are alive, could you look at Ben's MP on bug 831628?  Seemed you were close to it.
[13:23] <kirkland> DanaG: is that oops reproducible?  ie, does it happen every time you detach a serial console from byobu?
[13:34] <kim0> hmm, trying to get a KVM VM to PXE boot, it's not even trying to DHCP
[13:34] <kim0> I could almost sware I did that before
[13:34] <kim0> does that not work?
[13:34] <soren> IT should.
[13:35] <kim0> Virt manager says "Network selection does not support PXE" besides a little red warning icon .. which is weird!
[13:35] <kim0> I'm using an isolated network, coz the other server is doing the PXE stuff
[13:36] <zul> you have the boot roms installed right?
[13:36] <kim0> hmm
[13:36] <kim0> checking
[13:37] <zul> in this case kvm-pxe
[13:37] <kim0> wasn't yay!
[13:37] <kim0> zul: thanks :)
[13:38] <kim0> alright my testing orchestra env working
[13:39] <kim0> hmm, I didn't use cobbler add, just PXE booted the VM, wonder what exactly is it loading :)
[13:39] <kim0> it's maxing the cpu as well
[13:48] <m_tadeu> hi everyone...I'm trying to send mails with postfix+opendkim. my problem now is that mail that I send to hotmail goes to the junk box
[13:49] <m_tadeu> analysing the headers a bit, I see a "sender-id=temperror". any idea what this means?
[13:49] <zul> Daviey: can you review a branch for me? https://code.launchpad.net/~zulcss/glance/glance-add-group/+merge/76036
[13:50] <kim0> the loading of pxelinux.0 is super slow (5 dots till now, each dot taking like 1 min) normal ?
[13:54] <Daviey> zul: no purge target?
[13:54] <zul> Daviey: point taken
[13:56] <zul> Fixed
[13:57] <ivoks> m_tadeu: https://help.ubuntu.com/community/Postfix/DKIM
[14:20] <DanaG> kirkland: I'll have to check that serial console oops again, this evening.
[14:22] <kirkland> DanaG: thanks!  i'd be much obliged
[14:22] <DanaG> Now, my Microserver has a jumper (that I added a button to), that'll inject an NMI into the system.  Should be useful, if I can figure out how to make that trigger a crashdump.
[14:22] <kirkland> DanaG: i've never tried byobu on a serial link
[14:22] <klaas> is it possible that fdisk causes problems with the partition table of 2tb drives?
[14:23] <DanaG> kirkland: Seems to work well as long as you avoid having things (like the clock) that update frequently.
[14:23] <kirkland> DanaG: interesting;  i should add that to the byobu manpage, then
[14:24] <DanaG> I also seem to have to manually "eval resize" (no baxktixk on iPhone keyboard) from outside the console.
[14:24] <DanaG> Hah, and it didn't autocorrect "backtick" typo.
[14:28] <DanaG> I just wish HP had enabled the serial-over-LAN feature the chip on the remote-access card supports.
[14:28] <DanaG> Actually, ncurses apps are sometimes odd on serial console.
[14:29] <DanaG> I've seen aptitude just plain hang forever, before showing anything.
[14:29] <jamespage> Daviey: does the asterisk merge need a FFE?
[14:30] <DanaG> And same is true with byobu, I think.  Sometimes I have to start it elsewhere, then reattach from console.
[14:34] <dori922> hey
[14:35] <dori922> im after posting a thread(http://ubuntuforums.org/showthread.php?p=11265788#post11265788), if anyone can help <3
[14:38] <kirkland> DanaG: interesting;  tell you what ... if you add a few notes in a byobu bug about using byobu + serial, i'll consolidate them and add them to the manpage
[14:40] <DanaG> kirkland: I can do that, though I may have to do it another evening when I have more time.
[14:40] <kirkland> DanaG: sure, no worries, no rush ;-)
[14:42] <tdn> I recently helled a party (wedding) with lots of guests taking pictures that they would like me to have. What software exists that I can apt-get install that allows my (non-computer savvy) guests to give me a copy of their pictures? I have a server that is on a public IP. Guests are probably using Mac and Windows.
[14:49] <cloakable> hmmm
[14:53] <genii-around> tdn: Perhaps zoph ... although I have not used this myself, it looks promising
[14:54] <jamespage> tdn: try gallery2 - I've not used it in a while but it used to be pretty good
[14:55] <tdn> These two projects looks like web galleries. How do they help my guests send/upload me some files?
[14:57] <sms_> http://blog.zioup.org//2008/iptables_recent/ I'm trying to do this, but I get sudo iptables -A INPUT  -t filter -i $OUTS -j DROP -m recent --set --name badguys -->  Bad argument `DROP'
[14:57] <genii-around> tdn: eg: You put some generic guest account which allows them to upload the wedding photos, give them the URL and password
[14:58] <tdn> genii-around, can I be sure that gallery will not touch the files? I.e. make a lossy compression,etc.? Some of this is RAW data that I would like to keep.
[15:01] <cloakable> ftp server with upload only for anonymous accounts? Windows will deal with FTP links automatically.
[15:01] <tdn> If the users were savvy enough to know about FTP I would not have this problem. I think it must be web based.
[15:02] <cloakable> they don't need to know about ftp
[15:02] <cloakable> http://www.ncsu.edu/resnet/file_transfer/ftp-windows-explorer.php
[15:03] <cloakable> Just give them an ftp link and windows explorer will do everything else
[15:03] <tdn> cloakable, if that works it is nice. However, last I checked, Windows Explorer will not let you upload -- only download via FTP.
[15:03] <tdn> Same with Firefox.
[15:05] <cloakable> tdn: http://allwebco-templates.com/support/S_FTP_Windows.htm
[15:05] <cloakable> can upload
[15:05] <tdn> Ok.
[15:05] <tdn> cloakable, thanks.
[15:05] <tdn> Will try it.
[15:05] <rbasak> Daviey: Won't your solution to bug 832507 cause all instances to share the same console.log, or am I missing something?
[15:06] <cloakable> Well, handing a ftp://yourserver to your guests is pretty simple :)
[15:07] <rbasak> Daviey: never mind: "You can create as many devices as you like. Internally, emlog uses the file's inode and device numbers to identify the buffer to which the file refers. "
[16:10] <lynxman> morning fellas o/
[16:36] <Doonz> hey guys, i have a vps that i would like to use as a http/https proxy. can anyone recommend a guide i could follow on setting this up . the guides all deal with if the proxy server is onyour local network. I would like to do this with the proxy server being external
[16:38] <dori922> im after posting a thread(http://ubuntuforums.org/showthread.php?p=11265788#post11265788), if anyone can help <3
[16:40] <SpamapS> Doonz: whats the purpose of the proxy?
[16:55] <Daviey> rbasak: my solution for emlog cannot really be merged.  I thought we had a new plan that you were driving?
[16:55] <rbasak> Daviey: Yes, working on it now.
[16:56] <Daviey> jamespage: the asterisk merge seemed to be a bug fix only release?
[16:56] <jamespage> Daviey: yes
[16:56] <Daviey> rbasak: awesome.. how close is it looking?
[16:56] <Daviey> ttx: What is the cut off for bug fixes in diablo?
[16:57] <Daviey> ttx: Will diablo have a -fixes (post release) branch?
[16:58] <rbasak> Daviey: Not very close yet. I have a plan which is mostly complete. I haven't yet figured out how to manage the lifetime of the fifo reader
[16:58] <Daviey> rbasak: the scheduled task?
[16:59] <rbasak> Daviey: yeah - actually I think I can implement a better fifo reader without difficulty, but with either that or the scheduled task I need to know where to hook in to start and cancel the task
[17:00] <rbasak> (I haven't finished digging through the nova code to my satisfaction yet)
[17:01] <Doonz> SpamapS: bypassing geoblocking
[17:02] <SpamapS> ttx: while we're discussing Diablo.. will bug 838419 be included? Its rather important to us. :)
[17:03] <SpamapS> Doonz: in that case you probably just need to configure it to require some kind of authentication.
[17:04] <Daviey> rbasak: I might be badly advising you, but nova/scheduler/zone_manager.py seems to be an example of a schduled task.
[17:04] <Daviey> i'm sure soren will take pleasure in correcting me, if I  am wrong :)
[17:05] <rbasak> Yeah I understand how to start and stop a scheduled task, and in fact I think rather than polling I know how to make it evented having looked at the eventlet docs. What I don't know yet is where to set up the task/thread and where to tear it down, since it's a per-instance thing
[17:12] <koolhead17> hi all
[17:23] <Daviey> lynxman: what is the status of bug 653405?
[17:24] <Daviey> rbasak: seems you have it in hand!
[17:24] <lynxman> Daviey: supposedly it should have been resolved by fixing the bug in Erlang or upgrading to a new version
[17:24] <lynxman> Daviey: so we've been just avoiding the bug by going around it, no direct solution is desirable since the hostname is also used for the db filesystem structure
[17:25] <SpamapS> I thought we updated erlang
[17:25] <rbasak> Daviey: I'll figure it out. I'm not confident I'll have it in time for beta 2 though
[17:26] <SpamapS> In fact, I updated erlang
[17:26] <Daviey> rbasak: It's not urgent for beta 2.. but on the other hand, that is when openstack releases!  So i am trying to find out if openstack will support a -fixes branch, or if we'll have to distro-patch it.
[17:28] <rbasak> Daviey: Incidentally, today I discovered that this will be a nova+libvirt -specific fix. Although I think you might already know this. Some of the other drivers (eg. vmware) do other stuff.
[17:29] <Daviey> rbasak: yeah, i don't care about that :P
[17:30] <SpamapS> lynxman: I commented in the bug.. it should be "fixed" according to upstream which says that rabbit 2.2.0 and later, + erlang R14B, should solve the reported issue(s).
[17:33] <lynxman> SpamapS: agreed, that's why it's hanging there and we're just going around it
[18:01] <koolhead17> hey all
[18:21] <lynxman> hey koolhead17 o/
[18:22] <koolhead17> lynxman: hello
[19:39] <ttx> Daviey: tomorrow, and "no"
[20:01] <robbiew> SpamapS: call time?
[20:04] <SpamapS> robbiew: si
[20:12] <zul> jdstrand: so glance and doesnt look like is going to have ssl supported in oneiric but it looks like it going to be in oneiric+1 can we treat it the same as nova?
[20:17] <koolhead17> zul: is openstack-dashboard going to be a pkg on diablo/ oneiric this time?
[20:18] <zul> koolhead17: im trying
[20:19] <koolhead17> am thinking of trying it with source as i did in cactus, need to get it tested. Is it still stuck because of same bug?
[20:20] <koolhead17> zul: now in diablo everything is changed i heard, keystone API and stuff
[20:22] <zul> koolhead17: pretty much..
[20:22] <koolhead17> zul: so is it still stuck because of that python bug i remember.
[20:22] <koolhead17> Daviey: hey
[20:23] <zul> koolhead17: what dashboard?
[20:23] <koolhead17> yeah
[20:24] <zul> ill try
[20:33] <jdstrand> zul: I need to review it more closely
[20:34] <zul> jdstrand: k
[20:49] <dioxin> I'm trying to get DHCP to function in Ubuntu but the package doesnt seem to install correctly
[20:52] <lickalott> explain "doesn't seem to install correctly"
[20:53] <dioxin> sorry I think I resolved it.... the default dhcp installed is isc-dhcp-server, not dhcp3-server
[20:53] <dioxin> I was trying to follow directions for a different ubuntu version and expecting it not to have changed much
[20:58] <bfreis> I have some trouble with Ubuntu Enterprise Cloud. I've managed to setup a cloud, but after a while, one of the node controllers won't work anymore. The "euca-describe-availability-zones verbose" command will show less resources available than the total (the difference correspond exactly to 1 node being down). In the logs, cc.log shows that the node controller didn't respond some requests, and in the node controller's axis2c.log I see "invalid
[20:58] <bfreis>  timest amp" problems. I've already installed and correctly configured NTP on the cloud controller and the node controllers, the time is perfectly synchronized. Still, I get these errors! I've googled for many hours, but no solution beyond "install ntp" has been proposed. Any ideas?
[21:04] <bfreis> After booting the machine, everything goes back to normal
[21:09] <SpamapS> wow.. the upstart jobs for eucalyptus are really.. really impossibly complicated
[21:10] <SpamapS> bfreis: are you sure ntp is working?
[21:11] <bfreis> SpamapS, ntpq -c peer on the NCs will show a very tiny offset
[21:12] <bfreis> SpamapS, (right now it shows 0.084 us)
[21:12] <SpamapS> bfreis: and still getting invalid timestamps? hrm
[21:13] <bfreis> I've just rebooted the machine, now it works
[21:13] <bfreis> but after a while, the problem will come back
[21:13] <bfreis> I've checked other logs (syslog, dmesg, among many others) to see if there's something happening at the moment when the timestamp problem starts, but there's nothing!
[21:14] <bfreis> it's getting worse. Less then 5 minutes after boot it stopped working again!
[21:15] <bfreis> "rampart_timestamp_token.c(179) [rampart]Timestamp not valid: Created time is not valid"
[21:15] <SpamapS> bfreis: is it possible that there is data causing the issue, not the current time?
[21:16] <bfreis> SpamapS, hmm, I'm not sure I understand what you mean
[21:17] <bfreis> The error specifically says "Timestamp not valid: Created time is not valid", and there's nothing running on the NCs. I've just installed them from the CD
[21:17] <bfreis> Actually, the steps I did were: I installed the cloud controller / cluster controller / ... on one machine, then apt-get update, apt-get dist-upgrade, and reboot.
[21:17] <bfreis> oh
[21:18] <bfreis> before the reboot I installed ntp
[21:18] <bfreis> Then I did exactly the saame thing for the NCs
[21:18] <bfreis> it's a clean, up to date installation
[21:22] <SpamapS> interesting
[21:24] <SpamapS> bfreis: have you tried stopping the ntp service and actually running 'ntpdate ip.of.other.box' ?
[21:25] <SpamapS> bfreis: I know its only getting skewed after 5 minutes.. just wondering if its something weird with even small deviations
[21:25] <bfreis> I've just did it, it says "adjust time server 10.20.200.1 offset 0.029159 sec", but the problem is still there
[21:25] <bfreis> Is there any difference between running ntp (configured to use the other server) and ntpdate ?
[21:26] <SpamapS> yes, ntpd will never repeat a second
[21:26] <SpamapS> or sorry
[21:26] <SpamapS> will never skip a second, it just shortens/lengthens them
[21:26] <SpamapS> so it can take a *long* time to cross even short distances
[21:26] <bfreis> hmm
[21:26] <SpamapS> ntpdate shoves the time in
[21:26] <bfreis> oh, it's working now
[21:26] <bfreis> strange, very strange
[21:27] <bfreis> do you have an idea of the maximum acceptable offset?
[21:27] <bfreis> ntpdate said it corrected something around 20ms! it's nothing!
[21:27] <SpamapS> No, but that would be a bug if it was less than 0.089us ;)
[21:27] <bfreis> ahah
[21:27] <SpamapS> It *might* be that one side is only allowed to be behind or ahead
[21:27] <SpamapS> which would be stupid
[21:28] <bfreis> actually, I think it is exactly that
[21:28] <SpamapS> if so..
[21:28] <bfreis> ntpq -c peer
[21:28] <SpamapS> hrm
[21:28] <bfreis> on one node (the one that was not working) was showing "+" (or "-", can't remember)
[21:28] <bfreis> the other, was showing the opposite offset
[21:29] <bfreis> Now I see: the NC that works shows a negative offset with respect to the cloud controller. The other one shows a positive offset
[21:29] <bfreis> (both around tens of microsseconds, nothing that is)
[21:31] <bfreis> Is there a way to tell NTP to sync to an offset of the reference server?
[21:31] <SpamapS> I'd bet there's an open bug about this already
[21:34] <SpamapS> bfreis: that I don't know, but you could of course just cron ntpdate rather than use ntpd
[21:34] <SpamapS> bfreis: still this sounds a little *crazy*
[21:34] <SpamapS> bfreis: an offset of us is not a real enough offset given network latencies and the like.. it should be tolerant of many ms of offset either way
[21:35] <bfreis> take a look here: http://wso2.org/project/wsf/php/1.1.0/docs/code-coverage/rampartc/src/util/.libs/rampart_timestamp_token.c.gcov.html
[21:35] <bfreis> line 146
[21:35] <bfreis> a comment says: Check whether created is less than current time or not
[21:36] <SpamapS> yeah
[21:36] <SpamapS> that sux ;)
[21:36] <bfreis> maybe that is the problem, it can be late, but not in the future
[21:36] <bfreis> (or the other way round, it's just too confusing! lol)
[21:37] <bfreis> I have no idea if this code is up to date, but is the only I could find googling for 5 seconds
[21:37] <lynxman> Daviey: ping
[21:37] <SpamapS> but really.. those are char fields..
[21:38] <SpamapS> so they are probably carrying too much precision
[21:41] <bfreis> crap, it stopped working again
[21:43] <bfreis> Well, the problem is really the time, that tiny positive deviation
[21:43] <bfreis> I have no idea what to do!
[21:43] <bfreis> What I'd really like to do is to comment out that code that checks for deviation :D
[21:45] <bfreis> Where would be the better place to report this? Ubuntu? Eucalyptus?
[21:56] <SpamapS> bfreis: I think thats part of axis2c but I'm not sure
[21:56] <SpamapS> or maybe part of rampart?
[21:56] <Daviey> lynxman: hey
[21:57] <SpamapS> bfreis: yeah looks like rampart
[21:59] <SpamapS> bfreis: are you maybe hitting this: http://open.eucalyptus.com/wiki/EucalyptusKnownBugs_v1.5.2
[21:59] <SpamapS> ?
[21:59] <lynxman> Daviey: hey, one question, would you help me out if I had questions about merging puppet to 2.7.3? We're slightly behind debian and would like to try to make it for oneiric
[21:59] <bfreis> SpamapS, no...
[21:59] <bfreis> SpamapS, acutally, when I see that error (which is not an error according to many sources on the net), it is when everything works!
[22:00] <SpamapS> Oh.. doh
[22:01] <SpamapS> bfreis: its possible that the euca tools are sending a timestamp that is too accurate too.. not sure really.
[22:01] <SpamapS> bfreis: anyway, you can probably patch it out of rampart.. but I don't know if its a good idea, they put that validation in for a reason :p
[22:02] <Daviey> lynxman: can you check out the final freeze exception process?  Check the debian and upstream changelog delta, and try to do an analysis of what gain we get.
[22:02] <Daviey> ?
[22:02] <bfreis> damn! now the other NC has a positive offset, and is down!
[22:02] <lynxman> Daviey: final freeze isn't until nex tweek right?
[22:03] <bfreis> How can people live with these problems?!
[22:03] <bfreis> Unless I find a way to tell ntp or ntpdate to set the time to some negative offset of the reference time, my cloud won't work!
[22:03] <Daviey> lynxman: well, as each day passes - the test it has to pass to be approved gets harder.
[22:03] <Daviey> :)
[22:05] <lynxman> Daviey: I like a challenge :)
[22:05] <Daviey> heh
[22:07] <SpamapS> utlemming: wow you've been a machine today working on those runlevel1 bugs. :)
[22:08] <JoeCoder> Hello.  I have this (https://gist.github.com/9268ef1dcd5875c025be) saved to /etc/iptables.rules.  I rebooted my server and ran iptables--list , but nothing is listed.
[22:08] <JoeCoder> I think I am missing a step?
[22:08] <lynxman> Daviey: I'll try to get that merge proposal by today, to avoid running last minute
[22:08] <utlemming> SpamapS: yeah, low hanging fruit that is easy
[22:09] <Daviey> lynxman: well do the groundwork first to see if it is viable.
[22:09] <Daviey> Would be a shame to do the merge for it to be nacked.
[22:09] <lynxman> Daviey: yeah of course, no worries :)
[22:10] <Daviey> SpamapS: btw, i tried your redshift debdiff.. it was kinda sneaky, having unrepresented binary changes..
[22:10] <Daviey> ie, make sure you don't base an upload on the debdiff.
[22:10] <SpamapS> Daviey: huh?
[22:10] <Daviey> *THE* reason i opened a debian bug to get them to update to the new upstream version was the geoclue support, and they failed to enable it.. oh joy.
[22:11] <JoeCoder> what is the recommended way to load an iptables config file when the system starts?
[22:11] <SpamapS> Daviey: Oh the debdiff. yeah I should have done a branch instead since it was an upstream release.
[22:11] <SpamapS> Daviey: that debdiff was a result of bzr merge-upstream .. and its just been uploaded actually. ;)
[22:12] <Daviey> SpamapS: well that isn't a big deal, but the translations are treated as binary files - making a debdiff suck.. grep for "Binary files" :/
[22:12] <SpamapS> Daviey: redshift suddenly not working anymore, and me forgetting about it, probably cost me 10 sleepless nights. :-/
[22:13] <Daviey> Yeah, i'm glad to have red burning my retina again :)
[22:13] <SpamapS> Daviey: right, the debdiff was just me following FFE process. I did the changes in bzr branches, and the translations are properly included..  I think.
[22:13] <Daviey> ah
[22:13] <Daviey> super
[22:13] <patdk-lap> joecoder, isn't that a rhel/centos thing?
[22:13] <Daviey> well if debuild didn't report 'upstream changes should have used a patch' then you are good.
[22:14] <JoeCoder> patdk-lap:  I don't know.  I just want to enable a firewall.
[22:14] <patdk-lap> iptables-persistent - Simple package to set up iptables on boot
[22:15] <JoeCoder> thanks.  I'll check it out
[22:16] <patdk-lap> ubuntu normally uses ufw? but it kindof has it's own language
[22:16] <JoeCoder> ufw?
[22:16] <JoeCoder> are you talking about the language for the iptables.rules file?
[22:16] <patdk-lap> it's slightly more advanced than iptables.rules, but not much
[22:17] <JoeCoder> I had used this as a template:  http://www.rackspace.com/knowledge_center/index.php/Sample_iptables_ruleset
[22:18] <JoeCoder> will this format not work for ubuntu?
[22:18] <patdk-lap> it's plain iptables
[22:18] <JoeCoder> is it supposed to be plain iptables?
[22:18] <patdk-lap> plain iptables can be a pain to work with though, after you get a few thousand lines
[22:19] <patdk-lap> for iptables to use it, yes
[22:19] <patdk-lap> for ufw, no
[22:19] <JoeCoder> I don't plan on adding any more than I have?
[22:19] <JoeCoder> Why would it need several thousand lines?
[22:19] <patdk-lap> to control traffic between networks?
[22:20] <patdk-lap> I have like 13 interfaces on that box
[22:20] <JoeCoder> I have one box with a public and private network.
[22:20] <JoeCoder> eth0 and eth1.  I didn't plan on adding any firewall rules to eth1.
[22:22] <JoeCoder> apt-get install iptables-persistent
[22:22] <JoeCoder> after doing this there is no man entry for it, and no binary with this name.
[22:22] <JoeCoder> I'm having trouble finding documentation.
[22:23] <JoeCoder> perhaps it automatically keeps the current rules after a reboot?
[22:24] <patdk-lap> google seems to work pretty good
[22:24] <patdk-lap> http://www.ubuntucy.org/wiki/index.php/A_persistent_iptables_startup_script_for_Debian_based_systems
[22:24] <JoeCoder> I read that and still didn't understand how to use it.
[22:25] <JoeCoder> I put the config script at teh bottom in /etc/init.d/iptables-persistent?
[22:25] <JoeCoder> there seems to already be a completely different script at that location.
[22:26] <JoeCoder> and it looks like that one loads from /etc/iptables/rules , so I'll put my config file there and reboot to see what happens.
[22:28] <JoeCoder> still no luck.  my iptables --list is empty
[22:31] <JoeCoder> ubuntu doesn't allow empty lines in the config file.  Removing those has fixed it and now persistence works.
[22:42] <lynxman> smoser: ping
[22:42] <hazmat> smoser, is the fix for bug 845155 in the openstack oneiric packages?
[22:42] <lynxman> smoser: Concerning bug #845155 do you know if this is merged in the oneiric packages?
[22:42] <lynxman> hazmat: jinx :D
[22:42] <hazmat> lynxman, :-)