[00:00] <dkn> heh.... i had 4 drive raid10, unfortunetly 2 dropped off at the same time
[00:00] <dkn> so i'm going to setup a 4 drive raid 1 and restore from backup....
[00:00] <dkn> mdadm just won't let me get rid of the old array...
[00:01] <dkn> and it's keeping the disc's busy so i can't create a new array
[00:01] <dkn> grrr
[00:04] <josheee12> how the hell does 2 fail at once?
[00:04] <dkn> a great question...
[00:05] <dkn> one of them dissappeared and reappeared last month, now two just did it
[00:05] <dkn> not sure if they're just dying or what.... the connectors seem fine... so i'm just going to run it in raid1 to try and figure out what's going on...
[00:06] <dkn> thank god for nightly backups
[00:06] <josheee12> once, out of the blue, 1 of my 3 failed.  checked the other 2 drives, all fine.  checked the drive on another computer, fine.  what the hell is the chance the cable was failing?
[00:07] <dkn> it's a sas splitter cable, so.... i duno....
[00:07] <josheee12> mine were sata at that point
[00:08] <josheee12> have u ever used xmonad?
[00:09] <dkn> no?
[00:09] <josheee12> it's a tiling window manager.  i just got it today, love it.
[00:10] <dkn> lol
[00:10] <josheee12> people think i'm crazy when i need a tiling wm on a setup with 4 monitors
[00:12] <dkn> anyone good with mdadm & software raid????
[00:12] <dkn> this thing just won't let me work on the md2
[00:14] <dkn> omg...... apparantly third time is a charm.... lol
[00:37] <m_3> SpamapS: yeah, cool... wasn't sure of the best way to submit/surface the ganglia fix
[00:39] <m_3> I needed one working so I just put it in a ppa
[02:02] <zul> adam_g: pong
[02:09] <KM0201> is there a way to configure ubuntu server to go to sleep after a set period?
[02:19] <twb> sleepd
[02:19] <twb> Or if you just mean at specific times, atd or cron
[02:20] <KM0201> hmm, i don't know much about atd or cron
[02:20] <KM0201> buess i'll have to learn.
[02:21] <twb> sleepd is more likely what you want
[02:21] <KM0201> ok.
[02:21] <KM0201> is there some instructions on configuring it?
[02:22] <twb> RTFM
[02:22] <KM0201> well, i didn't see a man page for it.
[02:23] <twb> Try /usr/share/doc/sleepd then
[02:23] <twb> My sleepd has a manpage, maybe your system is busted
[02:24] <KM0201> i'll look at it.
[02:39] <adam_g> zul: hey, was just wondering what the flow is for packaging changes in the nova packages.  do we merge to lp:~ubuntu-server-dev branches, and then push to the openstack ubuntu packagers, or the other way? im talking about general packaging fixes, not patches to the tree
[02:55] <KM0201> twb: if I try to access a samba share, will that wake up my server?
[02:56] <twb> No
[02:56] <twb> You only asked about putting it to sleep, not waking it up
[02:56] <KM0201> hmm
[02:56] <KM0201> well, they would seem to go hand in hand
[02:57] <twb> Waking it up by talking samba to it requires you to be running OS X on specialist Apple hardware; I'm not aware of anything else that can do anything layer-7 like that
[02:57] <twb> You can do WOL but that will require your client to send a WOL packet
[02:57] <KM0201> yeah, that wouldn't be bad, but my board doesn't suppor tWOL
[02:57] <twb> And WOL also requires hardware support- right
[02:58] <twb> If your goal is to reduce power consumption, but still have it respond to samba without having to walk over and push its power button or keyboard to wake it up, you're probably only going to be able to spin down disks and throttle the CPU, not put it into suspend-to-RAM or suspend-to-disk state
[02:59] <KM0201> thats basically my goal
[02:59] <KM0201> where could i learn to do that?.. what do i man or google?
[03:00] <KM0201> it doesn't necessarily have to respond to samba, i mean, anyway i could wake it up, w/o physically being at the machine, would be fine
[03:01] <twb> WOL is the only way I know
[03:01] <twb> Or a monkey, of course
[03:01] <KM0201> lol
[03:01] <twb> Call the office, say "hey monkey, go push <button> on <machine>"
[03:03] <twb> Re "what to read", probably whatever you can find about saving power
[03:03] <KM0201> yea.
[03:03] <twb> powertop, laptop-mode, cpufreq/cpu governor, etc.
[03:03] <twb> hdparm/sdparm ricing
[03:04] <twb> Don't get your hopes up, you probably won't save much power over the default configuration.
[03:04] <KM0201> looking at the sleepd manpage.. i'm looking at the  options and one is          -N, --netdev
[03:04] <KM0201>               Monitor  a network interface for activity based on packet count.
[03:04] <KM0201>               eth0 is the default. This option may be used more than once with
[03:04] <KM0201>               different network interfaces.
[03:04] <twb> That's for keeping it awake
[03:04] <KM0201> oh ok.
[03:05] <twb> sleepd looks at <stuff>, and when <stuff> is absent for at least <period>, it puts the system to sleep
[03:05] <KM0201> gotcha
[03:05] <twb> Where <stuff> is usually things like keyboard activity, high load, etc
[03:05] <KM0201> doesn't have anything to do w/ waking up
[03:05] <twb> Right
[03:05] <twb> The OS *can'* do that
[03:05] <KM0201> right, my hardware cant
[03:06] <twb> Of course, you could also tell sleepd to run something other than pm-suspend, e.g. "spin down the HDDs now please"
[03:06] <twb> But it's probably better to leave such things to built-in controllers/kernel heuristics, and just tune the heuristics
[03:07] <KM0201> i wonder if i could buy a PCI ethernet card and it support WOL.. probably not though, since that is often set in the BIOS
[03:07] <KM0201> it'd require a new motherboard
[03:08] <twb> Sorry, I'm not a WOL expert
[03:09] <twb> I thought it was pretty common in mid- to high-range desktop boards these days
[03:09] <twb> Did you check if there's a BIOS option to enable it?
[03:09] <KM0201> oh yeah
[03:25] <mattcen> Hi all. I'd like to do one-time password auth for SSH on Lucid. I'm currently using otpw (otpw-bin and libpam-otpw). Is this the accepted way to do it, or is there better software? I ask because otpw hasn't been actively maintained in about 8 years
[03:35] <qman__> mattcen, last time I did it, I used libpam-otp
[03:36] <qman__> not sure if/how they're different
[04:05] <mattcen> qman__: It doesn't look like libpam-otp exists; the only result that appears is libpam-otpw (which I'm using)
[04:06] <mattcen> (Unless you didn't use an ubuntu package)
[06:36] <Gr3mlin> hay all, any rules to getting help?
[06:37] <Gr3mlin> want to monitor my system temps and fan speeds. need help seting up lm-sensors
[06:52] <Gr3mlin> amypme tjhere?
[06:52] <Gr3mlin> or anyone there
[06:58] <jamespage> morning all
[07:23] <twb> root@luger:~# cat /etc/environment
[07:23] <twb> PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
[07:23] <twb> Is that the default on Lucid?
[07:23] <beseku> Can anyone point me towards a way to block requests to an Ubuntu based web site from a specific referrer, (the site is hotlinking images) *before* they reach Apache?
[07:23] <beseku>  I was recommended using Squid but found no guide to how to use it in this way, (well, no experience of it at all in fact)
[07:29] <twb> beseku: why before apache?
[07:30] <beseku> because the requests are too much for apache, (its a 256MB VPS getting hit by 100+ req p/s
[07:31] <twb> Probably because your apache is all PHP-d up
[07:31] <beseku> it is
[07:31] <twb> Set up a static.example.net running something lightweight, and move all your static content there
[07:31] <twb> like thttpd or nginx or something
[07:32] <twb> You can't find out who the referer (sic) is until AFTER you've accepted the connection, so you can't do anything in e.g. iptables or tcpwrappers.  It *has* to be done in the httpd
[07:32] <twb> Since you've bloated apache so much, you need a second httpd either next to or in front of it
[07:33] <beseku> Apache isnt bloated, its got PHP 5 installed.
[07:33] <shiny_> you could just set up nginx infront of apache
[07:33] <beseku> Its pretty barebones, just not set up for this much traffic
[07:33] <shiny_> serve those referral requests from it
[07:33] <shiny_> pass everything else to apache
[07:33] <shiny_> should be fine on 256 ram
[07:33] <twb> beseku: right, so before you do anything you've already preforked
[07:34] <shiny_> i served 1k+ requests that way on 512MB vps
[07:34] <twb> beseku: although I grant you, if you measure it, 90% of the resources are consumed by PHP itself -- doesn't matter if it's running in mod_php5 or php-fgcid
[07:34] <shiny_> you can also use apache with php5-fpm and worker
[07:35] <twb> IIRC a hello world phpinfo() wanted like 10MB VSZ
[07:35] <beseku> The issue is I *don't want* to serve this sites requests - they are upping my b/w costs and slowing the server down for real users
[07:35] <beseku> so i want to block everything from them
[07:35] <twb> beseku: see above re "you have to parse HEAD"
[07:35] <twb> Er, s/HEAD/the header/
[07:35] <koolhead17> hi all
[07:35] <beseku> twb: Can this not be done with the IP Tables string match?
[07:35] <shiny_> iptables -A INPUT -s source --dport 80 -p tcp -j DROP
[07:35] <twb> If they're hotlinking to you, the requests *do not originate* from their site
[07:36] <twb> The originate from the end user
[07:36] <shiny_> but ye, twb is right :)
[07:36] <beseku> So string match can;t pickup the referrer?
[07:36] <beseku> Even though it inspects the request?
[07:36] <twb> beseku: you mean like iptables -m string?
[07:36] <beseku> Sure
[07:36] <twb> jwz's law says: you fail
[07:37] <twb> It might 90% work but the right solution is static.example.net and then detect referer in the httpd there
[07:38] <beseku> OK. But with any of these solutions I need to up the memory on the system to redirect the traffic.
[07:38] <shiny_> beseku, http://altlab.com/htaccess_tutorial.html something like this should work
[07:38] <twb> Yes, but because you're using a sensible httpd, the overhead is less
[07:39] <twb> Obviously apache cannot be the frontmost httpd
[07:39] <beseku> Right, I anted to avoid rebuilding the env around Nginx or similar. Guess I don;t have a choice.
[07:39] <beseku> Cheers for the helps peeps.
[07:39] <twb> (If you have >1 IP, you can just put them side-by-side and not bother with reverse proxying at all)
[07:40] <twb> And anyone with only one IP is probably some johnny-come-lately that should Get Off My Lawn
[07:42] <shiny_> woo
[07:42] <shiny_> i got 2 ips ! :P
[07:43] <twb> Class C here
[07:45] <shiny_> well i will be acquiring class A soon, just need to buy the hardware first .... obviously i need to bug some people ( that have the money ) to understand *why* do we need that :P
[07:45] <shiny_> and we currently got 32 actually, but it ain't enough
[07:47] <twb> Uh, you know A is /8, right?
[07:48] <twb> They're all already delegated to the RIRs, and there can't be many left there either
[07:48] <twb> Class A is 16777214 addresses
[07:55] <shiny_> i know
[07:55] <shiny_> we're talking with a regional provider
[07:56] <shiny_> if there's none left, we will settle with several C's
[07:57] <twb> Righto
[07:57] <shiny_> <- Bulgaria, so not much IP usage, but the RIR's got some bought some time ago, and they're just keeping them
[07:57] <twb> haha
[07:58] <twb> Good thing you're not in china.  They nat entire cellphone networks to a few IPs there, because asia is so short of IPs
[07:58] <shiny_> :D
[07:59] <shiny_> well my company is joining efforts with a few others to build a public cloud and if the project is a go , we will need lots of ips
[07:59] <shiny_> and
[07:59] <shiny_> truth is it will be the least expense
[07:59] <shiny_> :)
[08:00] <lifeless> gl with that :)
[08:01] <shiny_> hehe :)
[08:01] <shiny_> well see how it goes
[08:11] <jamespage> Daviey: mail-stack-delivery is borked in oneiric - bug 860336
[08:11] <jamespage> fixing up now
[08:41] <rbasak> Sep 26 13:05:41 <Daviey>	rbasak: can you push it with version string 2011.3-0ubuntu3~ppa0 ?
[08:41] <rbasak> Daviey: is that still want you want for the version string now? Previous version in my branch is 2011.3~rc~20110920.r1192-0ubuntu2
[08:53] <Daviey> rbasak: yeah so *3~ppa0 is good for us to test against, as it is less than *3, so when we do upload to the archive there is an upgrade path
[08:54] <rbasak> Daviey: OK
[08:58] <rbasak> Daviey: so when we do upload to the archive what would you expect the form of the version string to be?
[09:12] <Daviey> rbasak: whatever is UNRELEASED on lp:~ubuntu-server-dev/nova/diablo
[09:12] <Daviey> rbasak: http://bazaar.launchpad.net/~ubuntu-server-dev/nova/diablo/view/head:/debian/changelog
[09:14] <rbasak> Daviey: Thanks. Although my patch is based on lp:~hudson-openstack/nova/milestone-proposed - I see that lp:~ubuntu-server-dev/nova/diablo has only debian/, but why does lp:~hudson-openstack/nova/milestone-proposed also have a debian/?
[09:24] <ersi> If I have a machine, with two physical network interfaces (eth0, eth1) and one virtual interface (eth0.100) - and would like traffic forwarded from eth0.100 to eth1 - how would I do that? a) set net.ipv4.ip_forward to true and use iptables? 2) Could I use "net.ipv4.conf.eth0.forwarding", "net.ipv4.conf.eth2.forwarding", "net.ipv4.conf.eth0/100.forwarding" to accomplish the same thing, without iptable rules?
[09:29] <Daviey> rbasak: zul wanted to do it that way :)
[09:29] <Daviey> rbasak: you need to add a flat patch to debian/patches/foo
[09:32] <ersi> Nevermind, I've solved that little routing fiddle.
[09:33] <rbasak> Daviey: So what should the PPA be against? lp:~ubuntu-server-dev/nova/diablo or my current lp:~hudson-openstack/nova/milestone-proposed? Or are you saying I should take my patch, rebase and apply to debian/patches/foo in lp:~ubuntu-server-dev/nova/diablo?
[09:34] <Daviey> rbasak: That would be ideal
[09:35] <Daviey> That is where it will end up fwiw.
[09:35] <Gr3mlin> someone able to help my get lm-sensors working so i can monitor my servers temps?
[09:36] <Gr3mlin> i mean me*
[09:36] <Gr3mlin> wb
[09:43] <koolhead17> hi all
[09:52] <TeTeT> Gr3mlin: unfortunately I know nothing about lm-sensors set up, but there's a forum post covering some basics at http://ubuntuforums.org/showthread.php?t=1793074
[09:56] <TeTeT> Gr3mlin: there's also this basic page: https://help.ubuntu.com/community/SensorInstallHowto
[10:24] <rbasak> How would a bzr user rebase from one upstream to another unrelated upstream (unrelated in terms of the commit graph)? I know how I'd do it with git, but it's making git-bzr-ng crash :-/
[10:49] <Daviey> rbasak: It's usually not worth the effort to try and do it tbh
[10:50] <Daviey> If they do not share common ancenstroy.
[11:13] <rbasak> OK, so I've got a bzr branch with only debian/ checked out. What's the tool to bring in upstream, so that I can use quilt to manipulate debian/patches?
[11:18] <lynxman> morning everyone
[11:18] <koolhead17> hey lynxman
[11:18] <lynxman> hey koolhead17 o/
[11:18] <koolhead17> :)
[11:22] <adam_> hey! i have an SFTP Ubuntu Server with chrooted home directories
[11:23] <adam_> is there a way to encrypt those homedirectories so they are still accessible and writeable by the sftping users?
[11:23] <adam_> i looked at Duplicity but that seems to only work for rsync :(
[11:24] <_ruben> huh? if you chroot the users to their homedir, how could they access others' homedirs?
[11:27] <jamespage> Daviey: are we targetting the 'upstart start on' bugs that SpamapS for oneiric?
[11:27] <jamespage> feel quite late to potentially be changing the behaviour of service startup...
[11:31] <zul> adam_g: push to the ubuntu-server-dev branch and then to the openstack-ubuntu-packagers branch
[11:38] <Daviey> jamespage: nah, they are now for P
[11:39] <jamespage> Daviey: ack - I pushed one with the dovecot/mail-stack-delivery fixes but I'll comment on the other MP's that utlemming has raised
[11:40] <Daviey> jamespage: Use your judgement to see if they should be sponsored or not :)
[11:40] <Daviey> jamespage: The worst that will happen is that it all goes horribly wrong, and we need to delay the release because of a call jamespage made.
[11:41] <Daviey> So no stress, really.
[11:41] <jamespage> haha
[11:41] <jamespage> OK - I'll review individually - anything that looks like a no-brainer I'll sponsor - others will defer (that will include euca and samba BTW)
[11:42] <Daviey> jamespage: sounds wise to me!
[11:43] <mrryanjohnston> hey guys. I've got 1 machine with 1 nic with 2 ip addresses. Each of these ip addresses points to a different vhost in apache. When given a fresh reboot, it seems these ip addresses do their part; when you point to them in a browser, the different sites come up. However, it seems that, overnight, this functionality was lost; currently the browser sits as if waiting for a response, but then comes back and says the websit
[11:43] <mrryanjohnston> Also, this server is running on a vmware server
[12:07] <jamespage> Daviey: are you handling the puppet version upgrade MP?
[12:11] <Daviey> jamespage: blocked on decision, review welcome.
[12:23] <mrryanjohnston> I made a forums post about the issue if anyone is interested: http://ubuntuforums.org/showthread.php?p=11289764#post11289764
[12:46] <rbasak> Got an interesting problem with the watch file in lp:~ubuntu-server-dev/nova/diablo. It specifies http://launchpad.net/nova/+download, but that page is paginated so it now needs http://launchpad.net/nova/+download?start=10.
[12:47] <rbasak> (I worked around it for now by changing the watch file manually)
[12:47] <rbasak> Not sure what a permanent fix for this should be.
[12:52] <soren> rbasak: Sounds like a task for #launchpad
[12:52] <soren> Uargh, /me is late for flight
[12:53] <rbasak> soren: a +download?show=all or something do you think?
[13:12] <CluelessPerson> Hello, can someone help me with an init script?
[13:14] <Daviey> rbasak: How is that bug looking?
[13:14] <rbasak> Daviey: about to upload to the PPA now
[13:14] <Daviey> Are you going to be in a position to submit it to nova upstream trunk for review today?
[13:15] <rbasak> Daviey: I can't test it properly without the libvirt fix, I'm uncomfortable submitting to anything without that done
[13:17] <Daviey> Does anyone want to investigate bug 655533?  Upgrade Natty->Oneiric with likewise-open installed?
[13:18] <Daviey> rbasak: Upstream doesn't depend on apparmor.. so for committing it upstream, only needs to work without contraint.
[13:18] <Daviey> jdstrand: How did the libvirt issue get on?
[13:18] <rbasak> Daviey: OK then I need to rebase against upstream and develop against that
[13:19] <jdstrand> Daviey: I am iterating on a patch. am continuing on the work today
[13:19] <jdstrand> I am doing it the right way (so it is upstreamable)
[13:19] <jdstrand> rather than a hack. it is written, but there is a small bug and testing I need to do
[13:22] <Daviey> jdstrand: if you want help testing, do ask. :)
[13:23] <Daviey> rbasak: rebasing is fun!
[13:23] <Daviey> rbasak: Ideally, we'd like to get the fix in trunk first, then cherrypick it back.
[13:23] <rbasak> Daviey: as I've discovered. I've only just finished rebasing to lp:~ubuntu-server-dev/nova/diablo! It's a pain when there's debian/patches to manage as well :-/
[13:23]  * rbasak might be missing some tooling that everyone else uses
[13:24] <rbasak> Daviey: so why did I just rebase it away from trunk for the PPA?
[13:24] <Daviey> maybe.. :(
[13:25] <Daviey> rbasak: i expected the patch to easily ripped out of what you were doing, so we could start smoking it via a ppa.
[13:25] <Daviey> Whlst we are doing that, submitted to upstream trunk.
[13:25] <Daviey> When both are aligned, we upload it to Ubuntu :)
[13:25] <rbasak> Daviey: ah, OK. The patch was easy to rip out, my unfamiliarity with the tools is what took ages
[13:34] <Daviey> smoser: those two bugs you identified, if you do reproduce them - can you open ubuntu tasks on the bugs?
[13:34] <smoser> they *do* reproduce
[13:34] <smoser> 100%
[13:34] <smoser> on Canonistack.
[13:35] <smoser> but i'm just not sure of the versions deployed there.  we dont see them in our testing though.
[13:35] <Daviey> :/
[13:35] <Daviey> Well it's not even clear to me if it was fixed in Diablo or trunk
[13:35] <smoser> so either a.) canonistack is not up to date on its glance b.) we're not testing the archive c.) the fix also affected nova (which canonistack *is* behind on) d.) i have no clue and i'm just making stuff up
[13:36] <smoser> thierry  marked it fix-released
[13:36] <smoser> which would mean in diablo
[13:36] <smoser> but he is human
[13:36] <Daviey> bug 845788, was only merged 12th Sept... so probable they don't have that
[13:36] <Daviey> smoser: ttx always makes mistakes :)
 but he is human < unlike us robots? ;)
[13:37] <ttx> am I human ?
[13:37] <cloakable> Yes. No. Maybe. Possibly. Possibly not.
[13:38] <smoser> well.
[13:38] <smoser> i'm looking at code
[13:38] <smoser> and it seems not to be fixed
[13:38] <smoser> at least the commit marked as having fixed it is not in diablo release
[13:39] <smoser> er... is not in glance milestone-proposed
[13:39]  * ttx checks
[13:40] <smoser> yeah
[13:40] <smoser> its not
[13:40] <smoser> https://github.com/openstack/glance/blob/milestone-proposed/glance/client.py
[13:40] <smoser> is the milestone link to view that
[13:40] <smoser> https://github.com/openstack/glance/commit/6cfff16f2dc22a870bfe3808a7895dfbbaa11369 is the commit that *reports* to have fixed it
[13:41] <smoser> cloakable, exactly. humans are feeble minded and distracted by shiney objects and beer
[13:41] <smoser> but ttx did once win a staredown with a triceratops
[13:44] <smoser> Daviey, so the next question is why don't we see this in our testing. are we not deploying archive builds? adam_g ? and why not ?
[13:45] <Daviey> smoser: we were using archive builds, but then updated to a PPA snapshot.. upgrading to current archive is in-part i believe
[13:45] <smoser> where?
[13:46] <Daviey> where what/
[13:46] <smoser> i'm talking about sapodilla and friends
[13:46] <smoser> when we're deploying that we should be using archive.
[13:47] <smoser> canonistack also should be, but i'm trying to sort out why we would not have seen this issue on sapodilla and friends but we do see it on canonistack.
[13:47] <Daviey> we were, but whilst we were waiting for thaw- it made sense to test against the milstone.
[13:48] <smoser> we should have seen it if we were testing against milestone also
[13:48] <smoser> as milestone does not have that fix.
[13:48] <CluelessPerson> http://paste2.org/p/1674594
[13:48] <CluelessPerson> could someone please help me?
[13:48] <CluelessPerson> I don't even know what's screwed up. >.<
[13:49] <Daviey> smoser: seemingly not 100% reproducible
[13:49] <Daviey> ?
[13:50] <smoser> it seems to fail every time for me on canonistack
[14:06] <rbasak> Daviey: OK the PPA build succeeded, so https://launchpad.net/~racb/+archive/fixes/+packages - except that of course it needs the libvirt fix before it'll be useful, and it's still only my best guess.
[14:09] <PleXs> anyone here using vmware server on ubuntu server ?
[14:13] <zul> rbasak: can you create a branch for that patch and i can pull it in
[14:15] <Daviey> smoser: so do you think testing https://launchpadlibrarian.net/81191962/nova_2011.3-0ubuntu2_2011.3-0ubuntu3~ppa0.diff.gz is  bad idea?
[14:15] <smoser> i think we should be testing what is in the archive.
[14:16] <rbasak> zul: I have a branch that I can push (if I can figure out git-bzr-ng) but I'm really not happy for it to be taken in yet - it might well be buggy, I've not been able to test it properly yet because the ubuntu version needs the libvirt fix. I'm testing the patch against nova upstream now, so maybe after I've verified the patch properly?
[14:16] <smoser> if you find issues in what is in the archive, it might be useful to test something *not* in the archive to help determine the issue
[14:16] <smoser> but i think its fairly clear that our goal is to make the archive right
[14:23] <smoser> this is begging to be tried out: http://blog.picloud.com/2011/09/26/introducing-environments-run-anything-on-picloud/
[14:39] <jdstrand> rbasak: hey, do you have a moment?
[14:39] <rbasak> jdstrand: yeah sure
[14:40] <jdstrand> rbasak: I would like to confirm that when using 'pipe', I only need <path>.in and <path>.out as opposed to also needing <path>
[14:40] <jdstrand> rbasak: can I trouble you to go through a few steps?
[14:40] <rbasak> jdstrand: yes, that's my understanding from the qemu manpage. I'm certainly not creating a <path> anything
[14:41] <jdstrand> rbasak: do you have a vm handy to test this?
[14:42] <rbasak> jdstrand: I can have one in a few minutes
[14:42] <jdstrand> rbasak: that would be great, thanks
[14:43] <Potatoe> I have a command that is behaving differently when run from the prompt and when run from crontab. How does crontab execute the command? Can I call the command manually the same way cron does to help identify the issue ?
[14:49] <rbasak> jdstrand: OK, I've got it reproducing on a patched nova upstream trunk running from a source directory, using what is I think the system libvirt from oneiric - 0.9.2-4ubuntu13
[14:53] <jdstrand> rbasak: cool. so first, I want to reproduce the problem. please start a vm that is using type='pipe' for the console
[14:54] <rbasak> jdstrand: I've in fact already done that, so I've got failures logged in kern.log
[14:55] <jdstrand> rbasak: can you paste the failure?
[14:55] <rbasak> [ 1726.219190] type=1400 audit(1317134876.796:30): apparmor="DENIED" operation="open" parent=1 profile="libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804" name="/home/ubuntu/nova/instances/instance-00000003/console.fifo.in" pid=2484 comm="qemu" requested_mask="rw" denied_mask="rw" fsuid=105 ouid=105
[14:55] <rbasak> [ 1726.219203] type=1400 audit(1317134876.796:31): apparmor="DENIED" operation="open" parent=1 profile="libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804" name="/home/ubuntu/nova/instances/instance-00000003/console.fifo.out" pid=2484 comm="qemu" requested_mask="rw" denied_mask="rw" fsuid=105 ouid=105
[14:56] <jdstrand> rbasak: can you adjust /etc/apparmor.d/libvirt/libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804 to have:
[14:56] <jdstrand>   /home/ubuntu/nova/instances/instance-00000003/console.fifo.out rw,
[14:56] <jdstrand>   /home/ubuntu/nova/instances/instance-00000003/console.fifo.in rw,
[14:56] <jdstrand>   audit deny /home/ubuntu/nova/instances/instance-00000003/console.fifo rwmkl,
[14:56] <rbasak> /etc/apparmor.d/libvirt/libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804 includes /etc/apparmor.d/libvirt/libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804.files - should I be editing /etc/apparmor.d/libvirt/libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804 or/etc/apparmor.d/libvirt/libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804.files?
[14:57] <jdstrand> the former. .files gets overwritten
[14:57] <jdstrand> rbasak: when you have updated the file, can you paste it in paste.ubuntu.com?
[14:57] <rbasak> OK. Should I stick those lines before or after the existing includes?
[14:58] <jdstrand> rbasak: doesn't matter. typically after
[14:58] <rbasak> http://paste.ubuntu.com/697924/
[14:59] <rbasak> You're going to ask me to retry creating the instance, aren't you? That could be interesting.
[14:59] <jdstrand> rbasak: ok, so if you shutdown the machine and start it, will instance-00000003 change to something else like instance-00000004?
[14:59] <rbasak> Yeah that's the kind of thing I'm worried about
[14:59] <rbasak> nova has left the old xml lying about
[15:00] <rbasak> I could try virsh on that
[15:00] <jdstrand> rbasak: please try with virsh
[15:01] <rbasak> error: operation failed: domain 'instance-00000003' already exists with uuid fa79d894-ae96-3ac2-6aa8-1a9ef5f96804
[15:01] <rbasak> OK so I can just stop and start with virsh perhaps
[15:01] <jdstrand> yes, please use virsh
[15:01] <jdstrand> if this isa  disposable vm:
[15:02] <jdstrand> virsh destroy ...
[15:02] <jdstrand> virsh start ...
[15:03] <jdstrand> rbasak: let me know when the vm is running
[15:03] <CluelessPerson> if I want to copy the contents of a directory, into another directory
[15:03] <CluelessPerson> will this work?
[15:03] <CluelessPerson> rsync -r $minecraft_path $ramdisk_path
[15:04] <CluelessPerson> and the paths do NOT have slashes
[15:04] <CluelessPerson>  .
[15:04] <CluelessPerson>  /
[15:04] <rbasak> OK, virsh list --all showed me the machine as shutdown (or something, my scrollback's gone), so I ran virsh start instance-00000003
[15:05]  * RoyK honors CluelessPerson of his nick
[15:05] <rbasak> That seems to have worked. virsh list now says running, lsof shows that qemu has the fifo running and it seems to be writing the console as get_console_output seems to work
[15:05] <jdstrand> rbasak: can you do 'virsh dominfo instance-00000003'
[15:05] <jdstrand> rbasak: and any apparmor denials?
[15:05] <CluelessPerson> RoyK,  It has different functionality depending on how it's run
[15:05] <rbasak> http://paste.ubuntu.com/697925/
[15:06] <CluelessPerson> RoyK,  rsync insists on copying the directory into the directory prior to the one I give it, or directory/..  ?WTF
[15:06] <RoyK> CluelessPerson: rsync somedir somewhere will copy somedir into somewhere/, rsync somedir/ somewhere will copy the _contents_ of somedir into somewhere/
[15:06] <rbasak> No further denials
[15:06] <jdstrand> rbasak: any apparmor denials after doing 'virsh start?
[15:06] <CluelessPerson> rsync also tends to copy the ENTIRE source folder into the the destination   rsync source/ destination/   winds up with  destination/source
[15:06] <rbasak> No, just status profile_load/profile_remove
[15:06] <jdstrand> \o/
[15:07] <jdstrand> rbasak: perfect. thanks! :)
[15:07] <jdstrand> rbasak: feel free to remove those lines from /etc/apparmor.d/libvirt/libvirt-fa79d894-ae96-3ac2-6aa8-1a9ef5f96804
[15:08] <jdstrand> rbasak: the next upload of libvirt should have this all adjusted so they are added to .files automatically
[15:09] <CluelessPerson> RoyK, I keep winding up with files in destination/..
[15:09] <CluelessPerson> or the directory just before destination
[15:09] <RoyK> CluelessPerson: do some tests - you'll find out
[15:09] <CluelessPerson> RoyK, I have.
[15:09] <rbasak> jdstrand: awesome, thanks!
[15:10] <RoyK> if you're paranoid, rsync somedir/. newdir/ and the contents of somedir will appear in newdir
[15:10] <CluelessPerson> RoyK, rsync -r $ramdisk_path/ $minecraft_path
[15:10] <RoyK> rsync -r $ramdisk_path/. $minecraft_path
[15:10] <RoyK> just to make sure it only transfers the contents.......
[15:12] <RoyK> add a --delete to that if you want to remove files already on the target that you don't want
[15:13] <smoser> zul, what is the packaging branch for glance that i should work off of to fix issues in 11.10?
[15:14] <smoser> lp:ubuntu/oneiric/glance is ahead of lp:~ubuntu-server-dev/glance/diablo
[15:14] <CluelessPerson> RoyK,  OMG, I think it might be working now. >.<
[15:14] <CluelessPerson> RoyK, And you seriously don't remember me? :p
[15:14] <CluelessPerson> RoyK, you've helped me before. :D
[15:14] <zul> smoser: yeah i need to get those in sync gimme a sec
[15:15] <RoyK> CluelessPerson: I do remember you :)
[15:15] <RoyK> one must be rather clueless to not remember that nick :P
[15:17] <eseyden> What is a good book for setting up 10.04 as a IPsec, LT2P, Keberos, OpenLDAP server on EC2.  I've been looking for information on Juju and Charms, A whole enterprise VPC ubuntu setup running a java / mysql cluster intranet is my goal.
[15:18] <CluelessPerson> RoyK, Again, it produced files in the directory before the directory it's supposed to.
[15:18] <CluelessPerson> wtf.
[15:18] <CluelessPerson> rdisk stuff/ storage
[15:18] <Potatoe> I installed a basic setup with cfengine 3 on 3 servers. I call cf-execd -F from cron every 5 minutes. When called manually, everything works, when called from cron new packages are not installed. What is it about calling from cron that is preventing package installation?
[15:19] <CluelessPerson> and it winds up in stuff/ storage/.. ???
[15:19] <CluelessPerson> I mean rsync
[15:20] <CluelessPerson> RoyK, Well, the world returns correctly and works...
[15:20] <CluelessPerson> RoyK, ...but for some file files are appearing outside the directory they're supposed to be saved too
[15:23] <capeta> how do i configure my system locales?
[15:25] <CluelessPerson> RoyK, I guess it's not rsync that's saving to the home directory
[15:25] <CluelessPerson> RoyK, I think the server is saving in the homedirectory
[15:27] <pmatulis> capeta: try adding the locales to /var/lib/locales/supported.d/local (one per line) and running 'sudo dpkg-reconfigure locales'
[15:27] <smoser> zul, so what would be the expected process to keep lp:~ubuntu-server-dev/glance/diablo ahead of lp:ubuntu/oneiric[-updates]/glance
[15:28] <smoser> or, put another way, what is the right packaging branch?
[15:28] <zul> ~ubuntu-server-dev/glance
[15:28] <zul> smoser: that was a 0-hour bug fix that didnt get push
[15:29] <CluelessPerson> RoyK, I'm not gay, I'm definitely straight, but thank you for your help you sexy prime beast of a respectable man you. :D
[15:29] <smoser> so just so i can set that straight in my head, why would someone know that ?
[15:29] <zul> smoser: im in the middle of updating the debian/control
[15:29] <smoser> k
[15:29] <zul> smoser: and i should probably do a wiki page :)
[15:29] <capeta> pmatulis: but my system has a lot of locales supported that aren't listed in /var/lib/locales/supported.d/local
[15:30] <smoser> zul, README.source would also be a good place.
[15:30] <zul> smoser: yeah that needs to be updated
[15:30] <zul> the README.source tells you right now how to do a release
[15:31] <zul> aka dch --release && debcommit --release ; bzr bd -S ; dput ; bzr push
[15:31] <pmatulis> CluelessPerson: ?
[15:32] <m_tadeu> hi...I'd like an opinion...which jabber server you guys recommend and why?
[15:32] <jdstrand> Daviey: ok, I have a patch that I believe is the *one*. I am now testing it out with qrt
[15:33] <capeta> pmatulis: oh, they are in /var/lib/locales/supported.d/en =]
[15:33] <capeta> ty
[15:35] <smoser> ok. zul  i have a change to push to the oneiric glance branch
[15:35] <smoser> whatever that is.
[15:35] <zul> smoser: what is it?
[15:35] <smoser> so can i do that now or should i wait for you to be done playing in debian/control
[15:36] <smoser> http://paste.ubuntu.com/697949/
[15:36] <zul> smoser: go ahead just make sure the changelog is set to UNRELEASED
[15:36] <CluelessPerson> pmatulis, lol, I've been very frustrated lately with this script, it's finally working
[15:36] <CluelessPerson> ripping my hair out
[15:36] <zul> smoser: good catch got right ahead
[15:37] <smoser> zul, ok. pushed up rev 69.
[15:37]  * zul goes back to cobbler
[15:37] <pmatulis> CluelessPerson: er, oookay, but, 'sexy prime beast'?
[15:37] <CluelessPerson> pmatulis, RoyK   And the reason those extranenous files were being made, is because the user was running a command which apparently just places the files it makes in the directory the user runs the beforementioned command from
[15:38] <CluelessPerson> RoyK, Thus, doing "as_user run java -jar blah blah" would create extra files in the home dir
[15:38] <CluelessPerson> RoyK, Fixed with as_user "cd ramdisk && java -jar blah start"
[15:38] <CluelessPerson> thus, running it from the ramdisk directory, where the files all should be run
[15:39] <zul> Daviey: so cobbler...i was checking yesterday and there are some interesting things like cobbler buildiso support now has ubuntu and debian support and there are a couple of bug fixes and our snapshot is quite old will i be able to get a FFE once its tested
[15:41] <CluelessPerson> pmatulis, I can be straight and still recognize the quality of another guy.
[15:44] <CluelessPerson> pmatulis, I'm quite comfortable with my sexuality
[15:48] <smoser> zul, what are you saying !
[15:48] <smoser> you're not really possibly suggesting we should switch version of cobbler
[15:48] <smoser> are you?
[15:48] <zul> smoser: no im saying we should update the version we have in the archive its like 3 months old
[15:49] <smoser> in P series
[15:49] <zul> ok nm then
[15:50] <Daviey> zul: Really depends on the level of testing.
[15:51] <Daviey> It's universe, but a core part of Orchestra.
[15:51] <smoser> no
[15:51] <smoser> i tdoesnt matter on the level of testing
[15:51] <Daviey> zul: If you were to create a package, do some testing - and see if RoAkSoAx can throw it onto the work they are doing, that would add confidence
[15:52] <smoser> we're supposed to ship a working product based on it in 2 weeks and 2 days.
[15:52] <smoser> why would we do this ?
[15:52] <smoser> what possible value does it bring ?
[15:52] <Daviey> smoser: Yes, we have a random upstream snapshot.. If trunk is bug fixes only, then it makes sense
[15:52] <Daviey> Not having looked at the git log, i can't really add more comment.
[15:52] <smoser> we dont have enough time to test the stuff we have already uploaded
[15:52] <smoser> why would we want to test new stuff
[15:53] <smoser> we have a random upstream snapshot that is known to work
[15:53] <Daviey> smoser: it depends what 'new' is.
[15:53] <smoser> i'll take that over random upstream release that is not known to work.
[15:53] <Daviey> wait, zul - what is buildiso support?  That was always there, wasn't it?
[15:54] <Daviey> zul: can you generate a git log?
[15:54] <zul> Daviey: basically allows you to build an iso of your system
[15:55] <zul> Daviey: sure
[15:55] <jamespage> I agree with smoser: we have something that we know works - why take the risk now?
[15:56] <jamespage> if we have specific bugs we are seeing that cherry pick them from the new release into the oneiric version
[15:56] <zul> ok ok
[15:56] <Daviey> jamespage: What i am saying, is that lets look at the git log - then we have facts.
[15:57] <Daviey> Should i just do it myself, before we all jump on a bandwagon one way other the other, without facts?
[15:57]  * jamespage goes for coffee before the ubuntu-server team meeting in #ubuntu-meeting
[15:57] <smoser> Daviey, we are post beta
[15:57] <smoser> we have long since passed the point where arguments start with "why not?"
[15:58] <smoser> if you believe that oneiric is simply crap that we shove out so that we can get testing to make 12.04 reasonable, then we can just say that.
[15:58] <Daviey> smoser: I am saying, lets look at the damn log.
[15:58] <smoser> and i have a whole lot more crack to pull in then.
[15:59] <Daviey> *sigh*
[16:06] <zul> Daviey: http://pastebin.ubuntu.com/697972/
[16:06] <kirkland> mtaylor: zul: hey guys ... negronjl and iamfuzz are trying to get keystone working;  they have a few changes to the Ubuntu keystone package
[16:07] <kirkland> mtaylor: zul: it seems that Oneiric's keystone package is missing some dependencies, and needs a configuration
[16:07] <zul> kirkland: would one of them be a configuration file
[16:07] <kirkland> mtaylor: zul: negronjl and iamfuzz are working on the fixes
[16:07] <zul> kirkland: well when they have a branch point me at it then
[16:07] <kirkland> mtaylor: zul: which is the correct branch they should work off of?  it seems that lp:ubuntu/keystone is maybe missing some stuff
[16:07] <zul> kirkland: gimme a sec
[16:08] <kirkland> zul: k
[16:08] <zul> https://code.launchpad.net/~openstack-ubuntu-packagers/keystone/diablo
[16:08] <kirkland> negronjl: ^
[16:08] <kirkland> zul: thanks
[16:09] <kirkland> zul: what is this?
[16:10] <zul> its the branch we share with upstream
[16:11] <kirkland> zul: cool, thanks;   do you have an upload pending?
[16:11] <kirkland> zul: we were making some of those same fixes
[16:11] <zul> kirkland:  probably tomorrow
[16:12] <kirkland> zul: eek;  we're blocking on a broken keystone here at our sprint
[16:12] <kirkland> zul: do you have a ppa package we can test in the meantime?
[16:12] <zul> kirkland: http://launchpad.net/keystone probably
[16:13] <kirkland> zul: any chance we can get this uploaded today, so that it can make it through the queue and have a build tomorrow, so that we can have packages to work from tomorrow?
[16:13] <kirkland> zul: we can help you test it
[16:13] <Daviey> kirkland: keystone being in universe, and a non-core project wasn't our focus for this cycle.
[16:13] <zul> kirkland: sure
[16:13] <Daviey> patches welcome :)
[16:13] <kirkland> Daviey: understood;  we have changes;  we made some of the same changes zul made, in fact
[16:14] <zul> but whats "broken" besides missing configuration files
[16:14] <kirkland> Daviey: we're just trying to sync up and reduce duplication of effort
[16:14] <kirkland> negronjl: ^ ?
[16:14] <negronjl> zul:  Where is the code for the branch that you pointed me to ?
[16:14] <zul> negronjl: its a bzr branch
[16:15] <kirkland> Daviey: it appears that lp:ubuntu/keystone and the upstream package branches are out of sync and we're trying to figure out what's what
[16:15] <koolhead17> hi all
[16:15] <zul> kirkland: dont use lp:ubuntu/keystone
[16:16] <zul> use the url i just pasted
[16:16] <negronjl> zul, Daviey:  I branched lp:ubuntu/oneiric/keystone.  Should I be pulling from somewhere else ?
[16:16] <zul> kirkland/negronjl: this one https://code.launchpad.net/~openstack-ubuntu-packagers/keystone/diablo
[16:20] <negronjl> zul/Daviey:  I'll pull from the branch and will work with it and test it.
[16:20] <zul> k
[16:20] <Static> Hi, I've setup Ubuntu Server 10.10 on a laptop, however it seems to sleep if I leave it a while. How can I stop it from doing so?
[16:20] <Daviey> kirkland: syncing up during our meeting isn't the best time :)
[16:46] <woody_> Hi
[16:47] <woody_> Anyone here know anything about westell port forwarding for a ubuntu webserver
[16:47] <jamespage> zul: ^^ thats the one
[16:47] <zul> jamespage: thanks
[16:48] <Daviey> hggdh: will you be able to help test the non-test case things?
[16:57] <hggdh> Daviey: er, confused by the question above
[17:01] <Daviey> utlemming: well timed meeting!
[17:02] <zul> Daviey: i just uploaded a new version of keystone with a couple of bug fixes can you let it through
[17:05] <Daviey> zul: will smoke it afer this
[17:27] <zul> negronjl/kirkland: i just uploaded a new keystone it needs a FFE fyi
[17:29] <koolhead17> zul: let me know if you want me to test keystone
[17:29] <koolhead17> i installed from github and has to add 10 odd pkges along with
[17:30] <negronjl> zul: Can you point me to the branch?
[17:33] <lynxman> zul: we're working on it at the same time dude, ethernet collision ;)
[17:33] <lynxman> zul: could you please hold your horses on the FFe so we can add our patch as well? Maybe it was the same as yours
[17:34] <zul> lynxman: got a debdiff?
[17:35] <lynxman> zul: not yet! We're working on it :)
[17:35] <zul> negronjl/lynxman: https://code.launchpad.net/~openstack-ubuntu-packagers/keystone/diablo
[17:53] <_cb> In the windows world AD is used to manage the systems. From what I have read LDAP + KERBEROS + SAMBA will provide AD like functionality. Is there another, better, way?
[18:10] <zul> Daviey: can you nack the keystone upload please i got a new one coming later
[18:11] <Daviey> zul: k
[18:14] <Daviey> jdstrand: So the MIR for cobbler-enlist.. I'm asking for the source and -udeb to be in main, not the optional binary package which is fine for universe.
[18:15] <Daviey> the -udeb will only ever run in a volatile env, so the security implications would seem to be minimal.
[18:15] <Daviey> Am i wrong?
[18:16] <Daviey> I suppose someone could send malformed preseed, and then the udeb would execute arbitrary code.
[18:16] <Daviey> Being on a clean system, the impact would seem to be low.
[18:19] <jdstrand> Daviey: I think I'd like to have a closer look after all. is this required for oneiric?
[18:19] <Daviey> kirkland: zul is prepairing one more upload for keystone, how does that fit with your plans?
[18:20] <kirkland> Daviey: can he merge negronjl's latest fixes when he does that?
[18:20] <Daviey> jdstrand: Sadly, yes
[18:20] <Daviey> jdstrand: sorry for being an ass.
[18:20] <zul> kirkland: yes
[18:20] <kirkland> zul: thanks
[18:42] <Daviey> cjwatson: I am write in saying there is a potential for executing arbitrary code with cobbler-enlist, if the preseed contains escaped string; it is then executed at the end of the postinst - right?
[18:46] <skrite> i have server 11.04 on a box with hot-swapable scsi drives. I am wanting to clone one, but i don't know how to find it once i plug it in.  i used to use tail -f /var/log/messages
[18:47] <skrite> doesn't work anymore
[18:47] <Daviey> jamespage: Can you comment on:
[18:47] <jdstrand> Daviey: fyi, uploaded fix for bug #832507
[18:47] <jdstrand> Daviey: looking at cobbler-enlist now
[18:48] <SpamapS> skrite: /var/log/syslog
[18:48] <Daviey> +    - debian/mail-stack-delivery.postinst: drop -n flag from dovecot deliver
[18:48] <Daviey> +      command in postfix configuration.
[18:48] <Daviey> why?
[18:48] <jdstrand> obviously for the libvirt bit :)
[18:48] <Daviey> jamespage: I'm sure it has good reasoning :)
[18:48] <Daviey> jdstrand: I saw it in the queue, waiting on the diff!  Really appreciate that!
[18:48]  * jdstrand nods
[18:48] <jdstrand> I also sent it upstream
[18:49] <Daviey> \o/
[18:53] <skrite> SpamapS: thanks
[18:54] <martyn> What alternatives are there for IPMI?
[18:55] <skrite> SpamapS looks like syslog is not seeing when i pull a SCSI drive out
[18:56] <skrite> would it need to be formatted ?
[18:56] <SpamapS> skrite: you should see the block device
[18:56] <SpamapS> skrite: you can also just look at /dev/sd* .. udev should be creating those nodes
[18:56] <skrite> SpamapS like the /dev/sd#
[18:57] <Daviey> kirkland: is orchestra 2.15 not 'released' with this upload?
[18:57] <Daviey> kirkland: looking at the upstream changelog
[18:57] <kirkland> Daviey: this is 2.16
[18:57] <Daviey> upstream changelogs which mirror debian/changelog confuse me :)
[18:58] <martyn> Dustin, do I need anything more than is in the current Oneric repositories to make Orchestra work on arm?
[18:58] <Daviey> kirkland: +orchestra (2.16) unreleased; urgency=low
[18:58] <martyn> (I understand that I need an x86 server to launch -onto- arm at the moment..)
[18:59] <kirkland> martyn: no idea, really
[18:59] <Daviey> martyn: That shouldn't be the case.
[18:59] <Daviey> martyn: testing appreciated.
[18:59] <kirkland> Daviey: where is this?
[18:59] <martyn> Daviey: We're looking at it now.. will get back to you with results
[18:59] <Daviey> kirkland: +++ orchestra-2.16/ChangeLog
[18:59] <skrite> SpamapS:  does the drive need to be formatted?
[18:59] <martyn> kirkland: Thx
[18:59] <kirkland> martyn: orchestra currently only auto-imports x86_64 and i386
[19:00] <kirkland> martyn: so you might need to import armel too
[19:00] <Daviey> martyn: cool
[19:00] <kirkland> martyn: that's configurable, i think
[19:00] <kirkland> martyn: see: /usr/sbin/orchestra-import-isos
[19:00] <martyn> kirkland: Might be, Trevor will look at it I'm sure
[19:00]  * martyn is currently struggling with his QEMU environment ... *sigh*
[19:00] <Daviey> martyn: is we the big C btw?
[19:01] <martyn> Daviey: Correct.
[19:01] <martyn> Daviey: I'm supposed to be working on EDAC at the moment, but I have some spare cycles and need a break .. so I'm looking at orchestra
[19:01] <kirkland> Daviey: that ChangeLog is auto generated by my release-build script
[19:01] <Daviey> kirkland: +    os.system('sudo cobbler system add --name="%s.canonical.com" --mac-address="%s" --ip-
[19:01] <Daviey> kirkland: "%s.canonical.com" ?
[19:01] <kirkland> Daviey: i should change the way that happens, i reckon
[19:02] <kirkland> Daviey: uh..... RoAkSoAx ^
[19:02] <Daviey> martyn: so we had an email from one of your chaps.. I didn't respond as i thought others had covered it.
[19:02] <martyn> Daviey: You should definitely respond .. your guidance helps us prioritize
[19:03] <kirkland> Daviey: ugh... that should have been in a scratch or sandbox
[19:03] <Daviey> martyn: I would like to make sure you don't hit bug 827705, supposidly fixed - but not tested by us AFAIK.
[19:03] <kirkland> Daviey: it's in the source package, but not being shipped
[19:03] <kirkland> Daviey: not installed in the binary
[19:03] <kirkland> Daviey: this was a little helper script that RoAkSoAx wrote to help us auto import 40 something machines
[19:03] <martyn> Daviey: Well, since we have the author(s) of pxe-u-boot in house, that shouldn't be too much of a stretch if we have to fix it
[19:04] <Daviey> kirkland: well if it's an example 'upstream' script, that isn't installed then it should be ok
[19:04] <martyn> Daviey: Forwarded the bug to J.Hobbs
[19:04] <Daviey> martyn: Oh sure, but if we can get it fixed before release - it helps :)
[19:04] <kirkland> Daviey: let me confirm ...
[19:04] <kirkland> Daviey: by dpkg -c on the debs....
[19:05] <kirkland> Daviey: confirmed, NOT shipped
[19:05] <Daviey> kirkland: +        $source != 'localhost'  <-- Out of interest, if localhost6 is fired at it - what happens?
[19:05] <Daviey> kirkland: sweet
[19:06] <kirkland> Daviey: fyi, RoAkSoAx just removed ".canonical.com" and put a "domain" variable in place
[19:06] <Daviey> oh cool
[19:06] <kirkland> Daviey: in the rsyslog config?
[19:06] <Daviey> kirkland: yeah
[19:07] <Daviey> Does it DTRT
[19:08] <zul> Daviey: can you ack glance and nova after nova has been uploaded
[19:09] <martyn> Daviey: Just forwarded the bug to J.Hobbs
[19:09] <martyn> he's aware now
[19:09] <Daviey> martyn: cool
[19:09] <kirkland> Daviey: thanks
[19:09] <Daviey> zul: looking
[19:09] <kirkland> Daviey: i have no idea, about localhost6... how would i test?
[19:10] <zul> kirkland: logger command should be able to do it
[19:13] <kirkland> zul: thanks
[19:13] <adam_g> RoAkSoAx: did you ever find a way to fix this during installation? http://paste.ubuntu.com/698063/
[19:13] <adam_g> kirkland: maybe you know? ^
[19:13] <kirkland> Daviey: zul: can you guys poke us when the keystone package lands?
[19:14] <zul> kirkland: sure
[19:14] <zul> kirkland: im just in the middle of uploading a new glance/nova then will get the keystone after
[19:14] <kirkland> adam_g: i think RoAkSoAx cleared the squid cache, if you're hitting this in orchestra
[19:14] <kirkland> zul: awesome, you rock, man
[19:14] <adam_g> kirkland: yeah, ive cleared it and refreshed the ISO to whats current
[19:15] <kirkland> zul: cool, what's the glance/nova changes?
[19:15] <RoAkSoAx> adam_g: yeah, clean the cache
[19:15] <adam_g> RoAkSoAx: i did, just before booting.
[19:15] <adam_g> will try again?
[19:15] <RoAkSoAx> adam_g: werid, we have been runing without issues since yesterday
[19:16] <zul> kirkland: bug fixes check http://code.launchpad.net/~ubuntu-server-dev
[19:17] <RoAkSoAx> adam_g: in situations like those I have completely cleared the cache and sometimes even waited dfor a few hours b ecause might be the archives as well
[19:17] <adam_g> RoAkSoAx: if i just stop squid and reinstall, will it fall back to non-caching?
[19:18] <RoAkSoAx> adam_g: not exactly, you need to remove "orchestra_proxy" snippet frm the preseed
[19:32] <zul> Daviey: nova should be there
[19:33] <Daviey> cool
[19:40] <martyn> Daviey: Just chatted w/ Jason, and he's aware and incorporated the pxe fixes...
[19:42] <zul> Daviey: and now keystone
[19:44] <adam_g> RoAkSoAx: ever see this after bootstrap?
[19:45] <adam_g> http://paste.ubuntu.com/698089/
[19:45] <RoAkSoAx> adam_g: uhmm i think i have but long time ago
[19:46] <RoAkSoAx> but ws caused by another bug
[19:46] <RoAkSoAx> adam_g: i haven't seen it now btw
[19:46] <adam_g> RoAkSoAx: are you ugys using juju from the archive, or a custom branch?
[19:46] <RoAkSoAx> adam_g: archive
[19:46] <smoser> hallyn, http://paste.ubuntu.com/698090/ is the last stuff showin in 'tail -f /var/log/nova/*' when you euca-run-instances with https://gist.github.com/1169889
[19:46] <RoAkSoAx> adam_g: from yesterdays' PPA
[19:46] <RoAkSoAx> adam_g: what about you
[19:46] <RoAkSoAx> fwereade: http://paste.ubuntu.com/698089/
[19:46] <smoser> where the instance ip was 10.55.60.119
[19:46] <adam_g> RoAkSoAx: not sure, let me try upgrading to whats current
[19:47] <RoAkSoAx> adam_g: alright
[19:47] <RoAkSoAx> adam_g: that seems like one of the old bugs we had fixed
[19:49] <fwereade> RoAkSoAx, adam_g: doesn't immediately imply anything obvious to me I'm afraid :(
[19:49] <hazmat> adam_g, that's on orchestra?
[19:49] <fwereade> anything in the provisioning agent log?
[19:49] <Daviey> martyn: cool!
[19:49] <hazmat> effectively the initialize didn't succeed
[19:49] <RoAkSoAx> hazmat: yeah but probably an old branch
[19:50] <RoAkSoAx> hazmat: cause we havnet experienced that and we are yusing juju from yesterday's ppa build
[19:50] <RoAkSoAx> if you still providing daily builds
[19:50] <hazmat> we are
[19:50] <RoAkSoAx> hazmat: so yes, yesterday's available package are working just find for us without errors
[19:50] <hazmat> cool
[19:50] <martyn> Daviey: On the earlier call w/ DavidM and company we were under the impression that Orchestra had gotten a once-over on ARM
[19:51] <adam_g> hazmat: let me use something more current on the client side. ill let you know
[19:51] <kirkland> Daviey: zul: has anyone on your team tested Orchestra deploying to ARM?
[19:52] <zul> kirkland: cobbler is as far as people got as far as i know
[19:52] <martyn> (and it's okay if the deployment server is x86, what's important is that it deploys _to_ arm this round)
[19:52] <kirkland> zul: cool -- who tested cobbler-deploying-ubuntu-on-arm?
[19:52] <kirkland> RoAkSoAx has?
[19:53] <zul> RoAkSoAx wrote it and jamespage tested it
[19:53] <kirkland> martyn: okay ... so, cobbler does most of orchestra's hard work, and that has been verified to work with ARM
[19:53] <martyn> zul: Any dox on external wiki on what they had to do?
[19:53] <RoAkSoAx> kirkland: yeah cobbler ships a preseed for arm, but it has to be changed because at a certain point it wouldn't deploy to SD card anymore so you had to use a USB as sda and tweak the preseed
[19:53] <kirkland> martyn: orchestra itself might need some minor tweaks
[19:53] <martyn> zul : So we can replicate it?
[19:54] <zul> martyn: not sure im there is a pad about it lemme see
[19:54] <martyn> Danke
[19:54] <RoAkSoAx> zul: there is
[19:55] <zul> RoAkSoAx: url?
[19:55] <RoAkSoAx> zul: looking
[19:56] <hallyn> smoser: not sure what you're asking
[19:57] <dejuren> zaid_h_: ping
[19:57] <RoAkSoAx> zul: think they are at my computer at home
[19:57] <zul> lemme check
[19:57] <hallyn> smoser: right now i think my debugging is causing bugs :)
[19:58] <martyn> RoAkSoAx: When you find it, email martin@calxeda.com?
[19:58] <zul> martyn: try this: http://pad.ubuntu.com/cobbler-arm
[19:59] <zul> RoAkSoAx: luckily i never delete my email :)
[19:59] <martyn> RoAkSoAx: We're going to try to replicate and test using our server platform
[19:59] <RoAkSoAx> martyn: http://pastebin.ubuntu.com/698093/ that's what we did but we need to change the preseed
[19:59] <martyn> zul : Link is good.  I'm forwarding to Trevor
[20:00] <RoAkSoAx> martyn: but that document doesn't reflect fixes done in u-boot for pxe'ing
[20:00] <RoAkSoAx> but shoudln't affect
[20:00] <martyn> RoAkSoAx: We wrote the PXE code for u-boot, so it shouldn't phase us much :)
[20:01] <RoAkSoAx> martyn: if you see I had to mv /var/lib/tftpboot/pxelinux.cfg/01-aa-bb-cc-dd-ee-ff /var/lib/tftpboot/pxelinux.cfg/AA-BB-CC-DD-EE-F
[20:01] <martyn> and we've picked up the u-boot patches from the bug and incorporated them
[20:01] <RoAkSoAx> martyn: but that's now fixed
[20:04] <smoser> hallyn, i'm not asking.
[20:04] <smoser> i was just debugging why that stuff was failing
[20:04] <smoser> and 'ip route del <important route out>' is not good
[20:04] <smoser> :)
[20:06] <zastaph> it seems that openssh-server generates an id_rsa .. but I already used that for connecting as a client to another ubuntu-server
[20:07] <zastaph> i thought id_rsa was for the private key
[20:07] <Daviey> RoAkSoAx: in cobbler, server name is a unique field, right?
[20:07] <hallyn> smoser: oh, i see
[20:08] <hallyn> smoser: why on earth would it do that :)
[20:08] <smoser> yeah, so your suspicion was correct.
[20:08] <smoser> id ont know. digging on that.
[20:08] <smoser> and it didn't *used* to.
[20:12] <smoser> i suspect its trying to add a bridge and put eth0 behind it
[20:13] <adam_g> and move the IP of eth0 to the bridge
[20:13] <adam_g> and the gateway
[20:13] <adam_g> https://bugs.launchpad.net/nova/+bug/855210
[20:16] <adam_g> dont think that bug fix is the source of those changes, but it goes one step further and rearranges the order of the addresses
[20:17] <adam_g> hazmat: updating to whats in the ppa fixed that. i think we were bootstrapping with some out of date tree, and units were coming up running trunk
[20:24] <lynxman> adam_g: ping
[20:26] <adam_g> lynxman: here
[20:27] <hazmat> adam_g, cool
[20:27] <lynxman> adam_g: hey, we're still having issues with the swift simple auth, do you have 5 mins during this hour to give us a hand? :)
[20:27] <adam_g> lynxman: yea, waiting on hw to provision at the moment
[20:27] <lynxman> adam_g: cool
[20:36] <iamfuzztoo> adam_g, ubuntu@ec2-50-17-108-209.compute-1.amazonaws.com <-- proxy
[20:38] <iamfuzztoo>   1: {dns-name: ec2-107-20-100-64.compute-1.amazonaws.com, instance-id: i-fc67089c}
[20:38] <iamfuzztoo>   2: {dns-name: ec2-50-17-108-209.compute-1.amazonaws.com, instance-id: i-cc6708ac}
[20:38] <iamfuzztoo>   3: {dns-name: ec2-174-129-49-81.compute-1.amazonaws.com, instance-id: i-d0620db0}
[20:38] <iamfuzztoo>   4: {dns-name: ec2-50-17-52-93.compute-1.amazonaws.com, instance-id: i-d6620db6}
[20:39] <smoser> hallyn, http://paste.ubuntu.com/698109/
[20:39] <smoser> thats where i get now after a few tweeks
[20:42] <hallyn> smoser: and it actually comes up?  Is that uncaught exception spurious?
[20:43] <smoser> no
[20:43] <smoser> instance does not come up
[20:43] <smoser> and not spurious that i can tell
[20:43] <smoser> (have not tried reboot)
[20:43] <smoser> i just pushed the change that will let you get to that point
[20:43] <hallyn> thx
[20:44] <hallyn> being able to move back to an instance might be helpful.  I think I'm currently having the same error (on my local node) as you're seeing fwiw.  not sure though
[20:44] <smoser> but due to some recent changes 'euca-run-instances --instance-type m1.tiny' is recommended.
[20:44] <hallyn> why?
[20:44] <smoser> inside
[20:45] <smoser> we run out of space on /
[20:45] <hallyn> ok
[20:45] <smoser> very quickly
[20:46] <hallyn> eh. sometimes i hate me
[20:46] <hallyn> overwrote rc
[21:17] <iamfuzztoo> adam_g, ubuntu@ec2-50-19-161-52.compute-1.amazonaws.com
[21:18] <iamfuzztoo> we're still seeing the same error despite changing the block device to xvdb
[21:18] <jamespage> zul, martyn, RoAkSoAx: I made a few refinements to RoAkSoAx original email - http://pad.ubuntu.com/arm-server-netboot
[21:18] <martyn> jamespage: thx
[21:18] <martyn> bookmarked and forwarded to J.hobbs
[21:19] <adam_g> iamfuzztoo: just a sec
[21:19] <adam_g> iamfuzztoo: can you pastebin 'juju stauts' ?
[21:19] <adam_g> *status
[21:19] <iamfuzztoo> adam_g, k, it may be because I didn'tprovide the full path
[21:19] <iamfuzztoo> adam_g, I'm gonna add different exit codes for the different error cases to better track it down
[21:21] <adam_g> iamfuzztoo: for whatever reason, the storage nodes arent making into the ring configuration. can i get access to those nodes as well?
[21:22] <iamfuzztoo> adam_g, yep, one sec
[21:25] <iamfuzztoo> adam_g,   1: {dns-name: ec2-50-16-138-51.compute-1.amazonaws.com, instance-id: i-c64629a6}
[21:25] <iamfuzztoo>   2: {dns-name: ec2-50-19-161-52.compute-1.amazonaws.com, instance-id: i-dc4629bc}
[21:25] <iamfuzztoo>   3: {dns-name: ec2-50-19-150-63.compute-1.amazonaws.com, instance-id: i-d65f30b6}
[21:25] <iamfuzztoo>   4: {dns-name: ec2-107-20-58-35.compute-1.amazonaws.com, instance-id: i-b05f30d0}
[21:26] <adam_g> iamfuzztoo: where are you guys running the juju client? is there any way for me to share a screen there?
[21:27] <iamfuzztoo> adam_g, just running it from my laptop here...
[21:27] <adam_g> iamfuzztoo: okay one sec
[21:28] <iamfuzztoo> adam_g, lynxman has suggested teamviewer
[21:28]  * SpamapS was playing with Google Hangouts w/ Extras .. it includes sharing screens
[21:29] <lynxman> SpamapS: does it work fine? :)
[21:29] <adam_g> iamfuzztoo: you guys are installing from trunk (essex), we should be testing against diablo/archive. can you set your config to 'swift-release: distro' to run that version instead?
[21:29] <SpamapS> lynxman: yes its really good actually
[21:30] <SpamapS> I believe its in limited beta tho
[21:30] <adam_g> it looks like the exit values of swift-ring-builder may now actually return 0 for success, 1 for failure instead of the other way which is whath the formula is looking for
[21:31] <lynxman> adam_g: you kidding about essex right?
[21:31] <warzauwynn> SpamapS: i don't see a mention of limited beta: http://www.google.com/tools/dlpage/res/talkvideo/hangouts/
[21:31] <adam_g> lynxman: kidding about what?
[21:32] <SpamapS> warzauwynn: its in the "with extras" hangout.. I believe its invite only at the moment.
[21:33] <warzauwynn> SpamapS: i see.  well i found that link from http://google.com/?q=google+hangouts but i could definitely be wrong, haven't actually used it yet. i just installed the plugin with no problems though.
[21:34] <SpamapS> warzauwynn: its really, really nice, w/o the extras..
[21:35] <SpamapS> warzauwynn: just being able to efficiently have a group video chat is huge
[21:37] <lynxman> Daviey: got rabbitmq 2.6.1 packaged, a bit too late for oneiric right?
[21:39] <adam_g> lynxman: are those available in a PPA somewhere? id like to see if rabbitmqctl still segfaults
[21:40] <lynxman> adam_g: https://launchpad.net/~lynxman/+archive/ppa
[21:40] <Daviey> lynxman: i think so TBH.
[21:40] <Daviey> sounds like a PPA job lynxman
[21:40] <lynxman> Daviey: was afraid so, had to ask anyway :)
[21:40] <Daviey> :)
[21:52] <kirkland> lifeless: howdy!  around?
[21:52] <kirkland> lifeless: care to re-review our orchestra/squid conf?
[22:01] <lifeless> kirkland: sure
[22:01] <kirkland> lifeless: http://bazaar.launchpad.net/~orchestra/orchestra/trunk/revision/258
[22:01] <kirkland> lifeless: that's the change I just committed
[22:01] <kirkland> lifeless: i think the bug was s/Package/Packages/
[22:02] <kirkland> lifeless: however, working with agy, I changed that one liner to 3 lines he gave me from millbank's squid
[22:02] <lifeless> you say '    - Do *not* cache [Releases|Packages|Sources] lists for Ubuntu archives'
[22:02] <lifeless> but your patch will cache
[22:03] <iamfuzztoo> adam_g, you are correct, I updated the error codes to determine where it is failing, and it is indeed at add_to_ring
[22:03] <kirkland> lifeless: my patch caches them for up to 1 day?
[22:03] <lifeless> kirkland: IFF they have no explicit cache metadata
[22:04] <lifeless> kirkland: oh and the 100% is a fraction of *age*, not of the min->max interval
[22:04] <lifeless> kirkland: what are you trying to accomplish here ?
[22:04] <lnx1> Hello all, yesterday on this channel I was recommended an application called 'Timeoutd' which logs out users after a specified amount of time on an Ubuntu PC. If anyone knows of this program, does anyone know how to edit the Warning message?
[22:04] <adam_g> iamfuzztoo: i just confirmed as well, the exit values have changed at some point between swift 1.4.3-0ubuntu1 and what you're installing from trunk.
[22:05] <iamfuzztoo> adam_g, we cahnged the value you gave us and still the same issue
[22:06] <iamfuzztoo> adam_g, we're about to head out here, can you give this a deeper look and give us a fix we can implement tomorrow morning?
[22:06] <adam_g> iamfuzztoo: can i get access?
[22:06] <iamfuzztoo> we're about ready to rock-n-roll here and this is going to be a big holdup
[22:06] <iamfuzztoo> yep, gonna add them to you all
[22:07] <lifeless> kirkland: specifically, on archive.ubuntu.com that refresh pattern has no effect
[22:07] <lifeless> http://redbot.org/?uri=http%3A%2F%2Farchive.ubuntu.com%2Fubuntu%2Fdists%2Foneiric%2Fmain%2Fbinary-i386%2FPackages.gz
[22:07] <lifeless> kirkland: note: Cache-Control: max-age=0, s-maxage=3300, proxy-revalidate
[22:07] <lifeless>     Expires: Tue, 27 Sep 2011 22:07:05 GMT
[22:08] <kirkland> lifeless: hmm, so if I absolutely don't want those cached, I would use "0  0%  0" ?
[22:08] <lifeless> kirkland: it will check for new Packages.gz's on every request hitting squid
[22:08] <lifeless> kirkland: well, you should decide what you want to achieve :)
[22:08] <lifeless> kirkland: why don't you want them cached ?
[22:08] <kirkland> lifeless: let me get you the error
[22:08] <kirkland> lifeless: basically we're doing network installs of Ubuntu Oneiric
[22:09] <lifeless> sure
[22:09] <kirkland> lifeless: we're trying to use squid for a local cache of the "bulk" of the data
[22:09] <kirkland> lifeless: several times a day, when trying to network install Oneiric (which is changing pretty rapidly)
[22:09] <kirkland> lifeless: we end up with a debian-installer error
[22:09] <kirkland> lifeless: let me get you that error, specifically
[22:10] <kirkland> lifeless: in any case, we can force-fix the error by clearing the squid cache
[22:10] <lifeless> so, right now the cache headers sent *by the server* will overwrite your config
[22:10] <lifeless> *and* they explicitly permit caching for 55 minutes
[22:10] <lifeless> with a backend-check by the proxy
[22:10] <kirkland> lifeless: Sep 27 20:51:50 karkalla net-retriever: error: MD5 mismatch for main/debian-installer/binary-amd64/Packages.gz (ed82dd354a0e2002d52db933bce8a4fb != a103daf54ebee145e109d9107d709988).
[22:11] <lifeless> so, debian-installer needs to do a max-age=0 request for both the signature and the packages file when that happens
[22:11] <lifeless> there is an apt bug for this
[22:11] <lifeless> its *not* because you have a cache.
[22:11] <lifeless> the cache exacerbates it.
[22:11] <lifeless> but doesn't cause
[22:13] <iamfuzztoo> adam_g,   1: {dns-name: ec2-107-20-92-155.compute-1.amazonaws.com, instance-id: i-38b8d758}
[22:13] <iamfuzztoo>   2: {dns-name: ec2-50-16-71-162.compute-1.amazonaws.com, instance-id: i-00b8d760}
[22:13] <iamfuzztoo>   3: {dns-name: ec2-107-20-68-128.compute-1.amazonaws.com, instance-id: i-d2b1deb2}
[22:13] <iamfuzztoo>   4: {dns-name: ec2-50-19-154-152.compute-1.amazonaws.com, instance-id: i-4eb0df2e}
[22:13] <iamfuzztoo>   5: {dns-name: ec2-107-20-0-58.compute-1.amazonaws.com, instance-id: i-7e8ae51e}
[22:13] <iamfuzztoo>   6: {dns-name: ec2-107-20-114-131.compute-1.amazonaws.com, instance-id: i-4c8ae52c}
[22:13] <iamfuzztoo> adam_g, should be able to access all of those now
[22:14] <adam_g> iamfuzztoo: you're running swift 1.4.4~20110927.1585-0ubuntu0ppa1~oneiric1
[22:14] <adam_g> which is trunk
[22:14] <iamfuzztoo> adam_g, looks like we missed one reference
[22:15] <iamfuzztoo> adam_g, will try again
[22:15] <lifeless> kirkland: thats because there is a race condition updating the archive [very small but it exists], and the cache is multiplying that out to a 55 minute race condition
[22:15] <lifeless> kirkland: this file - http://archive.ubuntu.com/ubuntu/dists/oneiric/Release
[22:16] <adam_g> iamfuzztoo: looks like they were all configured to install from trunk
[22:16] <lifeless> kirkland: is the one that has to be kept in sync
[22:16] <adam_g> im testing this on m1.large as wel right now to confirm thats the issue
[22:16] <iamfuzztoo> adam_g, cool, redoing here as well
[22:17] <lifeless> kirkland: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/33505
[22:18] <lifeless> kirkland: no idea why its marked fix released, because its the same issue
[22:18] <lifeless> kirkland: ah bug https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/24061
[22:21] <kirkland> lifeless: okay, so if i can reduce that down to 0, that would bring it back to the same, original race condition
[22:21] <kirkland> lifeless: which is approximately what I was trying to do
[22:22] <lifeless> ok, so for that you need
[22:22] <lifeless> min 0
[22:22] <lifeless> percent 0
[22:22] <lifeless> max 0
[22:22] <lifeless> refresh-ims
[22:22] <lifeless> override-expire
[22:23] <elmo> what's the refresh-ims thing?  I can't see reference to it in the squid source
[22:23] <lifeless>                 refresh-ims causes squid to contact the origin server
[22:23] <lifeless>                 when a client issues an If-Modified-Since request. This
[22:23] <lifeless>                 ensures that the client will receive an updated version
[22:23] <lifeless>                 if one is available.
[22:23] <lifeless> may be 3.2 only
[22:23] <lifeless> I'm not sure it will be sufficient though, because our servers *are* sending solid headers telling clients what to do
[22:24] <lifeless> and squid is really geared to listen to them
[22:24] <elmo> lifeless: sorry, I'm missing context, are you saying the headers are a bad idea?
[22:25] <lifeless> elmo: no, not at all
[22:25] <lifeless> elmo: have you see redbot ?
[22:25] <lifeless> http://redbot.org/?uri=http%3A%2F%2Farchive.ubuntu.com%2Fubuntu%2Fdists%2Foneiric%2FRelease
[22:25] <lifeless> elmo: our current headers permit 55 minutes of fresh time
[22:25] <lifeless> elmo: during that time the files can be served without doing an IMS
[22:26] <lifeless> elmo: this is only permitted for shared caches (like squid). end clients are told to do an IMS every time.
[22:26] <lifeless> elmo: its always going to be a tradeoff between some clients getting inconsistent release + packages files, or our servers getting an IMS for every single client doing an install.
[22:27] <lifeless> elmo: at least until we fix the clients to properly handle this
[22:27] <elmo> I'm totally fine with them getting an IMS
[22:27] <elmo> but i'd like to fix apt
[22:27] <elmo> and net-retriever
[22:27] <lifeless> totally
[22:27] <elmo> to do some sort of controlled retry on a hash sum mismatch
[22:27] <lifeless> right, mvo was telling me a year or so back he was doing that
[22:27] <lifeless> I don't know where its up to
[22:28] <elmo> oh, so
[22:28] <elmo> it's interesting
[22:28] <elmo> we're using 3300
[22:28] <lifeless> anyhow, to ensure we get an IMS, we can either set the expires lower (e.g. to 'now') or the s-maxage down to 0
[22:28] <elmo> but our cron.daily interval is back down to 30m
[22:28] <elmo> I wonder if that's part of the problem
[22:28] <lifeless> 'age' applies to since retrieval, not since creation.
[22:28] <lifeless> ^- this is a key bit.
[22:29] <lifeless> section 1.3 '   age
[22:29] <lifeless>       The age of a response is the time since it was sent by, or
[22:29] <lifeless>       successfully validated with, the origin server.
[22:29] <lifeless> '
[22:29] <lifeless> the implication is that a request 1 second before a mirror pulse is only valid, from our perspective, for an age of 1 second
[22:30] <iamfuzztoo> adam_g, changed them all to distro, and now the swift wasn't installed at all on the machines ;-)
[22:30] <lifeless> elmo: I think we want two things: expires set to just before the next mirror pulse, and s-maxage set to 0
[22:30] <elmo> lifeless: I think we should drop it down to 'now' on archive.u.c
[22:30] <lifeless> elmo: expires set to $now is fine too.
[22:30] <lifeless> elmo: less tricky to make happen
[22:31] <adam_g> iamfuzztoo: im at a loss dude, i just redeployed it all with m1.large and its working as expected
[22:31] <adam_g> iamfuzztoo: where are the instances?
[22:33] <iamfuzztoo> adam_g, https://pastebin.canonical.com/53492/
[22:33] <iamfuzztoo> https://pastebin.canonical.com/53493/
[22:35] <cjwatson> Daviey: cobbler-enlist> not following you - if what preseeded question contains an escaped string?
[22:35] <adam_g> iamfuzztoo: juju status | pastebinit ?
[22:36] <cjwatson> Daviey: oh.  you should totally be quoting properly there
[22:36] <cjwatson> Daviey: http://paste.ubuntu.com/698168/
[22:36] <adam_g> iamfuzztoo: oh!
[22:37] <adam_g> iamfuzztoo: update your charms, from lp:charm/swift-storage + lp:charm/swift-storage
[22:37] <cjwatson> elmo: our cron.daily interval is still 60m, but there's a mirror sync near the start (security) and near the end (everything else) of that
[22:37] <adam_g> iamfuzztoo: lp:charm/swift-proxy, that is
[22:37] <elmo> cjwatson: oh - ok
[22:39] <iamfuzztoo> adam_g, I'll try that tomorrow and get back with you.  In the meantime, here's what went wrong this time: https://pastebin.canonical.com/53494/
[22:39] <iamfuzztoo> package never got installed.  Ran the install script manually again and it installs
[22:39] <iamfuzztoo> juju is magical...
[22:39] <iamfuzztoo> I'll update tomorrow, rinse and repeat, and hope we get somewhere
[22:39] <iamfuzztoo> adam_g, thanks for the help!
[22:39] <elmo> lifeless: http://paste.ubuntu.com/698173/
[22:40] <elmo> lifeless: look sane?
[22:40] <adam_g> iamfuzztoo: there was a bug in the charm that i fixed when installing from the archive, which i commited yesterday and is seperate from the issue you were having earlier
[22:40] <adam_g> doh
[23:10] <Daviey> utlemming: Do we really need wpa_* tools in cloud images? :)
[23:14] <lifeless> elmo: +1
[23:58] <smoser> Daviey, those get pulled in by linux-virtual i think..
[23:58] <smoser> some dependency
[23:58] <smoser> they're definitely not explicitly requested.