uvirtbotNew bug: #861866 in cloud-init "cloud-init-nonet does not wait for dhcp" [Medium,Triaged] https://launchpad.net/bugs/86186600:06
padhucourier imap gives error as 'impad: chroot /root/Maildir unable to access permission denied' and squirrel mail unable to login with 'IMAP service barred login'00:14
padhuHow can i rectify this ^^^00:14
zulkirkland: you are missing two patches in the bzr branch for ubuntu-server-dev00:41
negronjladam_g: ping00:51
negronjladam_g: updated keystone ( minor changes ). pull when you get a chance00:51
adam_gnegronjl: cool. was just lookin at that a minute ago00:52
adam_gnegronjl: did your patch get merged to keystone upstream? im still hitting similar issues even with that one column converted00:53
negronjladam_g: I think it did but, the charm has an ugly hack that checks for that code and patches it if needed.00:53
negronjladam_g, what issues are you getting ?00:54
adam_gnegronjl: yah i saw the patch in the formula00:55
adam_gnegronjl: one sec00:55
adam_gnegronjl: actually i lost the juju environment.00:57
negronjladam_g, I'm testing on my side as well00:58
negronjladam_g, I am currently deploying mysql, then keystone.00:58
adam_gnegronjl: i was basically creating a user, a tenant(i think?) and granting admin to the user (as is outlined in the howto doc)00:58
negronjladam_g, keystone deploys it's own version of mysql but, you can also add a relation to an existing mysql00:58
negronjladam_g, keystone-manage tenant add <insert_name_here>00:59
negronjladam_g, will report back on how it goes on my side.00:59
negronjladam_g, are you using the local version of mysql or a relation to the external mysql00:59
adam_gnegronjl: no, an external mysql. tested with innodb and myisam01:00
negronjladam_g, cool.  same here01:00
adam_give run into issues with foreign keys, myisam v innodb and nova's sqlalchemy migrations01:01
negronjladam_g, are you using the openstack.yaml file that I included in the branch ?01:01
adam_gnegronjl: yea, db access is fine. ive been dropping the database, reconfiguring storage engine, remigrating, etc.01:03
adam_gnegronjl: anyway gotta run for the day, talk to you tomorrow01:07
robohello: ubuntu 10.04LTS uses apache 2.2.14. Security scanners report this version of apache as exploitable. Since Lucid is backported we can assume as long as the latest patch is installed it's indeed not exploitable correct?  .03:01
roboPart 2. If so, is there a plugin that can be used for security scanners? I know centos has something similiar03:01
twbIf you want to know if a CVE fix has been backported, read /usr/share/doc/foo/changelog.Debian.gz03:02
twb*Often* important vulnerabilities are patched, but not alway.03:02
robogotcha, ty03:03
twbAlso note that these security patches are backported in lucid-security -- lucid-backports is for new upstream versions.03:03
robolet me check that out03:03
ubottuusn is Please see http://www.ubuntu.com/usn for information about Ubuntu security updates.03:03
qman__keep in mind also that vulnerabilities can be patched without upgrading the mainstream version03:14
qman__e.g. apache-2.2.14-ubuntu3 might have patches that mainstream apache fixes in 2.2.1503:14
keesrobo: yeah, see https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions03:14
qman__you have to read the changelogs or test for yourself to know whether the holes have been closed or not03:15
qman__however it is generally safe to assume that vulnerabilities in commonly used packages in currently supported releases are patched within a reasonable amount of time03:17
qman__no guarantees but the track record is pretty good03:18
twbqman__: I think that assumption is optimistic04:09
twbIf I actually had OpenVAS running, I would look through its report and for any scary-looking CVEs, check them in changelog.Debian04:09
qman__a fair point, but it really depends on your profile04:11
qman__for most people, it's good enough, but if you're an enticing target, you have to be more careful04:11
qman__the skiddies have plenty of much easier targets to go for04:12
twbs/enticing target/paranoid/04:13
twbIf you don't have bear traps in your air ducts, you aren't doing your job as sysadmin04:14
qman__nothing wrong with that approach04:14
qman__no such thing as too much precaution04:14
twbqman__: proactively killing users to prevent them leaking secrets?04:15
twbI guess intel agencies do that, so it's not wrong per se04:15
twbSpeaking of which, I should put honeypots back on my todo list04:16
twbI think I dismissed them last time because I couldn't think of a reliable way to have a honeypot that nothing could escape *and* be able to get the list of attackers out of it04:17
twb(Other than, you know, sneakernet)04:17
ivokshallyn: why is bug 861547 low? :)06:02
uvirtbotLaunchpad bug 861547 in nova "/usr/sbin/ietadm is missing in /etc/sudoers.d/nova_sudoers" [Low,New] https://launchpad.net/bugs/86154706:03
ivokshallyn: it makes nova-volume unusable06:03
Davieyivoks: have you read the status defintions?06:21
ivoksDaviey: status definitions?06:22
Davieyivoks: Err, Importance - rather06:22
_rubenanyone ever ran into $ARCH being amd64 instead of x86_64 when trying to build an out of tree kmod?06:23
ivoksDaviey: i was unaware of any changes; i've been too long tied to different definitions06:24
Davieyivoks: Whilst i agree it could have been a medium, the triager was correct with Low - "A bug that has an easy work-around"06:31
ivoksDaviey: ok, thanks for explanation06:33
ivokshallyn: ignore my question ;)06:33
Davieyivoks: fancy adding d/changelog entries?06:36
Davieyleave it marked as UNRELEASED06:36
ivoksDaviey: sure, i just have to finish some other work06:37
uvirtbotNew bug: #862064 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/86206406:46
Davieyjamespage: Your likewise-open upload did also fix bug 655533, right?\07:14
uvirtbotLaunchpad bug 655533 in likewise-open "[master] package likewise-open failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,Confirmed] https://launchpad.net/bugs/65553307:14
jasonmsphey all.  Can someone tell me what I can do to get the file names to print out before they are displayed when I do this?  find . | xargs -n1 grep -ils loglevel | xargs -n1 -I {} head {}  ?07:28
Kartagisdo I need to import a database schema for postfix mysql support?07:30
ikoniaKartagis: no07:33
ikoniaKartagis: the installer for mysql comes with the default schema07:34
ikoniathe postfix one comes with an "empty" schema if that makes sense07:34
=== smb` is now known as smb
jasonmspAnyone know what to do when you cat a file and your encoding or something changes?  This is my prompt after I hit cat on a file:  T␤┤ S␊⎻ 29 03:46:0907:47
twbjasonmsp: reset07:47
ikoniatput -reset07:47
twbno -07:47
jasonmspno for which?07:48
ikoniano - he means07:48
jasonmspah.. thanks..07:48
ikoniathank you twb07:48
brontosaurusrexwould this http://www.pcpro.co.uk/reviews/servers/364444/hp-proliant-microserver be a decent platform for ftp/www/file sharing server, using 2nd disk as mirror or rsync redundancy, running ubuntu server of course?07:55
Davieybrontosaurusrex: Ubuntu UK Podcast did a review of it, you could do worse than listen to that.08:01
Davieybrontosaurusrex: or ask popey.. he has at least one.08:01
brontosaurusrexDaviey, tnx, let me google08:02
Kartagisikonia: do I create the table manually then?08:03
ikoniaKartagis: what table ? what are you trying to do (little bit of background please)08:03
Kartagisikonia: I'm trying to have postfix work with mysql08:04
ikoniaKartagis: you'll need to create the database for that manually, or use a software package that creates them for you as part of the install08:04
ikoniaKartagis: you'll also need to make sure your postfix install was built with mysql compatability linked in, I don't know if it does it native or links against the mysql client08:05
ikoniaI think it's against the client08:05
twbbrontosaurusrex: I haven't used proliants, but I get the impression they're reasonably good tier1.5 gear08:06
twbI did hear one horror story where their smart PSUs sent bad juju back down the power line and caused the UPS to turn off everything whenever you plugged a proliant into it, tho08:07
brontosaurusrextwb, any suggestions on how to go with mirroring? is raid1 really the best option? or would a croned rsync do better?08:08
twbThat depends what you want08:08
brontosaurusrexwell, basically a constant uptime with all the files and all the functionality :)08:08
twbHere, we have three-way RAID1 on the local system, combined with offsite backups using rsync + cp -al to create incremental snapshots.08:08
twbbrontosaurusrex: you aren't going to get constant uptime08:09
twbYou will be lucky to get five-nines with LTS on a proliant08:09
brontosaurusrexok, near-constant uptime, basically redundancy, something that people can trust to store their master videos as well, not just intranet proxies08:09
twbWhat risks are you guarding against?08:10
brontosaurusrexharddrive crash08:10
twbA disk dying?  The RAID controller dying?  The building burning down?  The user accidentally rm -rf'ing?08:10
twbIf you're only concerned about the first, a two-way RAID1 will suffice08:10
brontosaurusrexyeah, basically against hd crash and silly admins risk (against myself)08:11
brontosaurusrexhow is raid1 agains silly admins?08:11
twbWhat do you mean "silly admins" ?08:12
jamespageDaviey: I think so - I need to re-install and re-test the upgrade again when we have something that actually might work08:12
brontosaurusrexrm -r08:12
twbbrontosaurusrex: zero safety08:12
twbbrontosaurusrex: RAID1 won't help against that *at all*08:12
brontosaurusrexso rsync is better i guess?08:12
Davieyjamespage: I might test it in a natty cloud image.08:12
jamespageyes - not a bad idea08:13
Daviey( jamespage: morning btw )08:13
jamespageDaviey: good morning to you as well!08:13
twbbrontosaurusrex: like I say, I have local RAID1 and offsite rsync+cp -al08:13
twbZFS or BTRFS snapshots are better than cp -al, but they're also a pain08:14
brontosaurusrexoffsite like over intranet or external drives or ... ?08:14
Davieybrontosaurusrex: If you have silly admins, you are probably doing it wrong :)08:14
brontosaurusrexDaviey, well, my current server has 120 days of uptime, but the fact that there is no redundancy makes me nervous08:15
twbbrontosaurusrex: either over the internet, or over intranet to the other end of the site for large campuses, or to removable USB HDDs that the user is responsible for rotating08:15
brontosaurusrextwb, ok08:15
twbrotation is bad because then the user can forget08:15
brontosaurusrexof course, i need a "no admininstration" needed system08:16
uvirtbotNew bug: #862129 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess new post-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/86212908:16
twbYou mentioned videos; rsync of videos over internet is gonna be painful08:17
ersibrontosaurusrex: Offsite is always Off site.08:17
ersibrontosaurusrex: Otherwise, it isn't offsite :)08:17
twbFor stuff like maildirs and office docs, it is fine08:17
twbpst files completely rape rsync, tho08:17
brontosaurusrextwb, then it will be an usb disk that always on?08:17
twbbrontosaurusrex: you'd arrange it such that the USB disks automount, and one is always onsite and one or more are in transit / offsite08:18
brontosaurusrexyes, the videos can be in Gb08:18
twbe.g. you say to the user "every friday, bring disk A in and take disk B home, and vice-versa every other friday "08:18
twbPersonally I really hate that design08:19
acemoall tutorials/documentation n stuff says i have to first tell mdadm i'm going to remove my faulty disk before i can actually remove it.08:19
brontosaurusrextwb, sounds good, so this can be easily automated in a way that the rsync will see any usb disk with the same path and everything i guess?08:19
twbacemo: well, no, you can just yank it out and it'll be as if the disk exploded while it was in there08:19
twbbrontosaurusrex: udev can handle the mounting08:19
twbbrontosaurusrex: give all USB HDDs the same filesystem label (tune2fs -l)08:20
acemoI didn't do that and now my new hard disk is seen as a spare disk. Is there any way i can tell mdadm that the removed disk is actually gone?08:20
brontosaurusrexhrmm, yeah, how about rsyncs to a win/mac workstations overnight?08:20
twbacemo: so activate it08:20
twbacemo: madadm --add /dev/md0 /dev/sdz1 or whatever08:21
twbbrontosaurusrex: you cannot back up windows machines08:21
twbThey have no inodes, so it is impossible without specialist Windows backup tools08:21
brontosaurusrexno, just the file transfer of files to windows machine08:22
twbI don't follow08:22
acemotwb thats what i did and then it became spare..08:22
brontosaurusrexwell, the editing workstations are either: win, mac or linux, server is ubuntu, so can i use an editing workstation overnight as a rsync target?08:22
brontosaurusrexor something similar08:22
twbacemo: I don't remember what to do next, RTFM, sorry08:22
twbbrontosaurusrex: I *really* wouldn't rely on Windows for anything important08:23
twbbrontosaurusrex: apart from anythign else, rsync over the wire will need SSH and rsync installed on the Windows box, so you'll need cwrsync or full cygwin08:23
brontosaurusrexright, so OS X would be much easier as a target?08:24
twbWell, it's a fucked-up 80s vendor wars-style unix08:24
twbBut at least it isn't VMS like NT7.108:25
acemotwb: been reading the manual and random tutorials for a few hours already.. haven't found anything yet.. oh well.. back to searching :)08:25
brontosaurusrexso what if i upgrade this existing server with some new HDs and get proliant as a backup server?08:26
twbacemo: raid1 or raid508:26
acemotwb: raid 108:26
twbAll I can see is mdadm /dev/md0 --add /dev/sdz08:27
acemosame here.. thats what pretty much everything on the internet says08:28
twbpastebin mdadm --detail output08:28
acemotwb: http://pastie.org/private/q4rhmkssc6qhq1s94oeaq08:31
twbAnd /proc/mdstat ?08:32
twbWhat *I* think is that you've successfully added it, and it'll stop being a spare automatically when the resync finishes08:32
acemo/proc/mdstat http://pastie.org/private/xruou3g5ets1askaro5bmw08:32
acemothats what i was asuming myself too..08:32
twbBTW, recommend you enable write-intent bitmaps08:33
twbThey're the RAID equivalent of a filesystem journal08:33
twb(-binternal on --assemble/--grow)08:33
acemounfortunately as soon as its done it will show the removed disk again..08:33
acemoatleast thats what it did the last time08:33
twbacemo: hm, I can't explain that08:33
twbacemo: unless the new disk is too small or something?08:34
acemothanks for the tip, i'll enable that when its done08:34
twbCheck /proc/partitions08:34
acemo/proc/partitions http://pastie.org/private/kvpxql5wonuveqju9egsig08:34
acemotheir the same size..08:34
Davieyjamespage: Did you have time to reproduce bug 801494, with a sleep()?08:38
uvirtbotLaunchpad bug 801494 in ubuntu "Multi part LVM layout: system fails to boot due to missing volumes" [High,New] https://launchpad.net/bugs/80149408:38
Daviey(/me suspects not!  But thought i should ask)08:38
jamespageDaviey: no08:38
acemoi guess best thing to do is 1) wait for it to be done syncing 2) --grow -binternal 3) hope that somehow its not putting it as spare yet again.08:39
Davieyjamespage: Ok.. hopefully jhunt will have a proper fix today, we can test against :)08:40
Davieyikonia: How did you get on with bug 831121 or bug 831179?08:41
uvirtbotLaunchpad bug 831121 in dovecot-antispam "dovecot-antispam version 1.4~rc3-1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/83112108:41
uvirtbotLaunchpad bug 831179 in dovecot-metadata-plugin "dovecot-metadata-plugin version 0.0.1~hg144-0ubuntu1 failed to build in oneiric" [High,Confirmed] https://launchpad.net/bugs/83117908:41
ikoniaDaviey: I'm returing to it at 12:0008:41
ikonialet me get the number of the one I'm working on08:41
ikoniaI've got it building,08:41
twbI hate my users08:41
ikonia(can only get to the test kit when I'm on a different network08:41
Davieyikonia: rocking!08:41
twbI even write .ssh/config rules for them and they still insist on doing things wrong08:42
ikoniaDaviey: working on 83112108:42
Davieytwb: I swear you are the BOFH.08:42
twbI am08:42
Davieyikonia: ok, thanks08:42
ikonianot touched 831179 as I'm doing one at a time due to limited time/resources08:42
twbDaviey: well, not THE BOFH08:42
twbDaviey: Simon's a kiwi08:43
Davieytwb: :o08:43
Davieyikonia: understood08:43
twbDaviey: what?08:43
Davieytwb: I still think you re the original BOFH.08:45
twbI'm too young for that08:45
ikoniatoo many social skills08:45
twbNah, adult aspys just know how to hide it08:47
twbIt's all operant conditioning08:47
ikoniaDaviey: got the assignment - sloppy on process, so please keep me in check, not done much with "official" ubuntu bug fix process08:56
Davieyikonia: heh09:00
koolhead17hi all09:02
Kartagishttp://pastebin.com/8h3WgcfZ <--- what does this mean? what do I need to install?09:16
Kartagisif I do09:16
ikoniaKartagis: looks like too issues09:18
ikoniaKartagis: one the authentication methos is configured to use sasl, which isn't available on your machine, and the second is your postfix startup options are wrong/invalid09:18
jamespageDaviey: testing the new version of likewise now09:49
jamespageDaviey: do we still get tasksel at the end of the server ISO installer?09:56
jamespageI should know but I've not looked recently09:56
Davieyjamespage: I thought we dropped it.10:01
jamespageDaviey: me to - but I wanted to make sure10:02
DavieyEqually, i should know.. but I tend to do the install on autopilot these days10:02
Davieynot good.10:02
jamespageDaviey: I think that we need to re-align our automated testing for next release10:02
jamespageits still focussed around tasksel10:02
jamespagewhich is not that appropriate10:02
Davieyjamespage: Hell, yes.10:09
Davieyjamespage: It is sounding like we will need to drive the complex-testing blueprint.10:09
jamespageDaviey: we should be able to next release10:09
jamespagejuju will be mature enough10:09
jamespageI'm seeing it10:10
Davieyjamespage: we should consider if orchestra is the right framework for it, using openstack + iso support might be better.10:10
jamespageDaviey: I think so - I don't want to introduce a requirement for real hardware10:11
Davieyjamespage: Ah.. without openssh (server) installed by default, we pretty much have to keep tasksel10:11
jamespageOK - but I really want to automate network install testing as well10:12
jamespagewe can leave what we already have in place and supplement it10:12
jamespagefor example I see several things this release which could do with a good test - tomcat7, mail-stack-delivery, likewise-open10:12
jamespagehey - maybe even jenkins10:13
Davieyjamespage: I assume you've already put some thought into a blueprint?10:13
jamespageI don't think we should be to restrictive10:13
jamespageabout 5 minutes worth looking at this log10:13
jamespagebut yes - generally I have10:13
Davieyno, it should be easy to write tests.. and for not just stuff we care about.10:14
jamespagefor simple deployment tests we should prob use preseed + simple test suites10:15
jamespagejuju for more complicated stuff10:15
jamespagebut that is likely to need a openstack/or we use ec210:15
Davieyjamespage: hmm, wouldn't it make sense to use the same complicated test framework for *world?10:19
jamespageI think there is merit in validating simple installs first10:20
jamespageBase Install (ISO + Preseed) -> Simple Install (Netinstall + Preseed) -> Complex Install (Juju)10:20
jamespagewe might want to drop things like orchestra and cobbler into the simple install testing10:21
jamespageunlikely we will deploy using juju10:21
jamespagefor example10:21
ikoniaDaviey: ping10:23
Davieyikonia: hey10:23
ikoniaDaviey: advice time I'm afraid10:24
ikoniathink I've tracked this down to an incompatability with the dovecot version 11.10 is using against how the software maintainer has prepped his code10:24
ikoniaDaviey: I think (here is where your advice is needed) this may need to go back upstream to the maintainer10:25
ikoniaor we'll need to write a header from scratch10:25
ikoniathere is a version check against dovecot to match to a header to include10:25
ikoniathere is no dovecot 2.0 header, he stops at 1.210:26
ikoniasuggestions/opinions advice10:26
* Daviey sniffs10:28
* Daviey has a look.10:29
uvirtbotNew bug: #861582 in nova "Failed snapshots are not cleaned up" [Undecided,New] https://launchpad.net/bugs/86158210:32
ikoniaDaviey: missing file is antispam-storage-2.0.c10:32
ikoniawhich looking at his webpage, sort of suggests he's inline only for the 1.X tree10:33
Davieyupstream doesn't have the fix yet either10:35
ikoniaI started playing around with hacking at the 1.2 to try to make soemthing 2.0 that will at least build for a test10:35
Davieyikonia: yeah, i just did the same10:36
ikonialet me look at this,10:36
ikoniagood find.10:36
Davieygah, it's a total different codebase10:37
ikoniahow should this be delt with work with maintainer ? make own missing header ? look at using fork that is 2.0 compatible ?10:37
ikoniaha, yes, totally different10:37
ikoniabased on how this sort of thing is usually handled10:38
DavieyIf it was a fork, we could have cherrypicked as a patch.10:38
ikoniaI'll update the bug report in a minute, but thought I'd get some input on the direction you'd like me to take10:38
ikoniawell, bad wording10:38
ikonia"alternative vesion"10:38
DavieyYeah, it's very late in the cycle to consider switching.. I have NFI if they are drop in compatiable.10:39
ikoniaI can try to work with the maintainer or sort the missing file out myself10:39
DavieySomeone concerned it clealry known upstream, and not handled.10:40
DavieyIt might be more complex than we hoped10:40
ikoniaI have no doubt10:41
ikonialooking at the 1.2 file10:41
ikoniaI can see at 3 issues straight away10:41
ikoniaI don't think it's realistic for it to make 11.10 unless the maintainer is holding something back10:41
ikoniathat said I can start to progress it for inclusion on date $X10:42
DavieyThe fact it fails to build, is only part of the concern now.. It seems that it will not work with dovecot full stop?10:42
ikoniathat's not how I was reading that mailing thread10:42
Daviey"Yes, the HG code works fine with Dovecot 2, am using it. The Berg site is for Dovecot 1. Dovecot 1 is in use in many distributions like Centos 5, etc. So, it still needs updates."10:43
DavieyIt sounds to be that the code we have is suitable only for Dovecot 1.X series, and won't be updated10:44
DavieyMaintained, but not extended.10:44
ikoniaI see where you are going10:45
ikoniawould you like me to start looking at swapping it out to the alterantive version for release $X10:45
* jamespage adds dovecot-antispam to the list of things for testing automation next cycle10:46
Davieydebian bug 63114310:47
uvirtbotDebian bug 631143 in dovecot-antispam "[dovecot-antispam] Module is for different version 1.2.15" [Grave,Open] http://bugs.debian.org/63114310:47
ikoniaI'll link our bug into that one for reference10:48
ikoniano I won't10:49
ikoniathat's  1.2 bug10:49
ikoniaso he does plan to move to dovcecot 210:50
Davieyit's the same issue, just older10:50
ikoniahow will ubuntu deal with that, just leave it as a broken package until it's available ?10:50
uvirtbotDebian bug 631143 in dovecot-antispam "[dovecot-antispam] Module is for different version 1.2.15" [Grave,Open]10:50
Davieyikonia: I think that is all we can do really.10:50
Davieypotential release note.10:51
ikoniaDaviey: I'll move onto the next bug then, let me know if I can progress that further in any way10:55
Davieyikonia: thanks!10:59
ikoniaDaviey: what should I mark that bug to as a status11:00
ikonia(won't fix ?)11:00
DavieyJust confirmed.11:00
DavieyEven or Triaged, i guess11:01
Davieyikonia: ssh ubuntu@
Davieyikonia: got in?11:07
Davieybut not seeing my message?11:11
ikoniakicked me off11:11
ikoniaI'm seeing it now11:11
ikoniagot it11:11
Davieyikonia: so, libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I -I/src/lib -I/src/lib-mail -I11:16
Daviey/src/lib-imap -I/src/lib-storage -I/src/lib-dict -I/src/imap -DPKG_RUNDIR=\"\" -11:16
Davieyg -O2 -c metadata-plugin.c  -fPIC -DPIC -o .libs/metadata-plugin.o11:16
Davieythe -I's need to be after the -o's :)11:17
DavieyDoes that make sense?11:17
=== scar[w]__ is now known as scar[w]
m_3Daviey: rails update... I've upgraded the dep lib packages to 2.3.14, just having problems building one of them11:34
m_3some patches reverting previous patches nonsense11:35
Davieym_3: eeeek11:35
m_3working through that now11:35
Davieym_3: Does it touch non-rails packages?11:35
DavieyOh good.. i was worried we'd be touching ruby itself..11:35
DavieyFrom a release aspect, i think we can touch rails in any way suitable to get it working.11:36
Davieybut ruby requires more consideration.11:36
m_3nope, really not that complicated of an upgrade, just some dh stuff getting in my way11:36
m_3shall I submit merge requests when it's working?11:37
m_3I've got branches, and am test-installing these from a ppa11:38
Davieyjamespage: jenkins blueprint, "Update documentation for disabling plugin management through web ui" - still a target for oneiric?11:43
Davieym_3: merge branches would be GREAT11:43
AnAntHello, what is the recommended Wiki engine available on Ubuntu ?11:47
DavieyAnAnt: moin11:49
AnAntDaviey: python-moinmoin ?11:50
AnAntDaviey: thanks11:52
hallynivoks: exactly, 'easy workaround' was what I went on :)   howdie, btw :)12:33
hallynivoks: will you be at uds?12:33
ivokshallyn: yes, i got corrected :)12:34
ivokshallyn: and yes, i will be at UDS12:34
strat-o-casterI'm getting a bunch of packages "held back" when doing an upgrade.  Is it OK to just install over them?12:58
pmatulisstrat-o-caster: sounds like you have done some pinning?12:59
Picistrat-o-caster: Are you using apt-get upgrade or dist-upgrade?13:00
strat-o-casterIn particular ssl-cert is asking me if it is OK to replace a cert that was created automatically and is now flawed...13:00
strat-o-casternot yet13:00
strat-o-casterjust apt-get install ssl-cert13:00
strat-o-casterI'm still running an old 8.04 LTS13:00
strat-o-casterit was just apt-get upgrade when I got the warning...13:01
jamespageDaviey: that can be postponed - reviewing blueprints now13:01
Davieyjamespage: i just did a hack and slash on them all, i think they should be pretty reflective now; but please change any that are wrong.13:01
jamespageDaviey: lgtm13:02
hallynsmb: i understand we probably can't do anything, but just wanted to point out bug 862136 as ipv6 is sort of important to us...13:13
uvirtbotLaunchpad bug 862136 in linux "Can't define network with IPv6 address in libvirt - fails to define address" [Medium,Triaged] https://launchpad.net/bugs/86213613:13
strat-o-casterI think it's OK to plow over my certs.  I backed up /etc/ssl and all my ssl certificates.  I use authorized-keys to let certain people in...13:14
smbhallyn, Hm, first I hear of that bug... Will look at it13:14
PleXsanyone known if it is possible to reassign a device name to specific hdd ? now the disc is hdb but it should be hdc .. is there a way to do that? :)13:16
patdk-wkplexs, not easily13:18
patdk-wkthis is why you want to use uuid's, and not device names13:18
patdk-wkif you really want consistant device names, use /dev/disk/by-path/.... instead13:19
PleXspatdk-lap, yeah I use uuid but this is for something special :) a program checks on partition hdc13:20
PleXspatdk-wk, I'm using it on virtual machine :)13:20
PleXsI could create a dummy virtual disk also.. but if I could adjust it in linux it's more easy13:21
PleXspatdk-wk, its a hardware device I'm converting to Vmware machine13:21
PleXsits running on linux and I'm using ubuntu 32bit basic as default13:21
PleXspatdk-wk, the program that is running on that machine checks for a device hdc if it exists else it fails to start :)13:22
lynxmanmorning everyone o/13:29
Davieym_3: Are you following the dicussion in -release?13:30
TheEvilPhoenixDaviey:  there's a release channel?13:33
TheEvilPhoenix(yes, i'm emerging from lurk mode :P)13:34
TheEvilPhoenixDaviey:  yes, i'm one of those people who emerges from lurk mode only when something interesting is said or happens :P13:36
TheEvilPhoenixsuch as massive net splits or similar13:36
=== JGJones_ is now known as JGJones
TheEvilPhoenixhey Daviey perhaps you can answer this...13:45
TheEvilPhoenixi've got an ubuntu-server of which i installed a GUI onto... and i'm still using aptitude update and what not13:45
TheEvilPhoenixi see tons of entries for Translations-<langcode> in the apt update list.  is there a way to neutralize those entries13:45
TheEvilPhoenixbut keep the primary updates?13:45
TheEvilPhoenixsuch as main, universe, multiverse13:46
ersijust remove the translation entries >_>13:47
ersiEdit /etc/apt/sources.list13:48
elb0w`I changed my interface file from dhcp to static and provided the required criteria13:51
elb0w`however it since has rebooted and come back with a dhcp adress13:51
elb0w`but I can see it still static in the interface file13:51
elb0w`im confused13:51
TheEvilPhoenixersi:  um... which line would i be looking for?13:52
TheEvilPhoenixits not in /etc/apt/sources.list13:52
TheEvilPhoenixis there any other apt list that it pulls in?13:52
strat-o-casterAfter upgrading ssl-certs.  It seems there are hardly any changes at all in /etc/ssl/certs  Many go back to 2008.  Does this sound right?  I am using 8.04LTS13:53
RoAkSoAxDaviey: ping13:58
LinuturkI've got postfix setup to relay mail through a gmail account. I told postfix to forward all mail meant for postmaster and root to a specific user account. I then told /etc/aliases to forward that specific user account to my gmail account. I can mail from the command line to my gmail account, but if I mail directly to root from the command line, it forwards the message to root@FQDN instead of the address in /etc/aliases. I have run newaliase14:04
uvirtbotNew bug: #862416 in amavisd-new (main) "logcheck ignore and violation rules are not matching on alternate policy banks" [Undecided,New] https://launchpad.net/bugs/86241614:07
strat-o-casterI just ran "update-ca-certificates" but it looks like my certificates (i.e. GeoTrust_Global_CA.crt) is still dated 4/15/2008!  Is this right? How can I update all my certs?  I'm using 8.04 LTS. Thanks!14:16
_rubenCA's tend to have fairly long lifetimes, so 3 years aint that old for a CA really14:17
strat-o-casterOK, I'm basically getting a Client-SSL-Warning in some perl code that says Peer certificate not verified... Maybe I'm going down the wrong path?14:19
DavieyRoAkSoAx: hola14:20
dknwhy would a raid array created with mdadm on the command line not show up in the GUI disk utility?14:21
ikoniabecause the gui looks for /dev/sd ?14:22
ikoniarather than /dev/md14:23
ikoniaor the meta device isn't actually running/started at this moment in time14:24
genii-arounddkn: You may need to add the raid module names to /etc/initramfs-tools/modules and sudo update-initramfs -u   for it to be activated during boot time14:26
_rubenstrat-o-caster: did you verify the peer's certificate using a browser or smth similar?14:27
Davieyzul: Are you proposing your nova lxc console bug fix to trunk?14:32
strat-o-casterIt was in some perl code with HTTP::Request14:33
dknhmmmm well the md shows up in the multi disk devices list, but it's showing it as not started when it is14:34
dkni am getting an error with the metadata version 0.90.014:34
ikoniadkn: if it's showing as not started...it's not started14:39
zulDaviey: yep14:40
zulDaviey: i should be backporting it today14:40
DavieyRoAkSoAx: did you see the comment on bug 827496 ?14:40
dknbut that's the thing, if i do cat /proc/mdstat it shows as active, and you can get into all the folders it's mounted at14:40
uvirtbotLaunchpad bug 827496 in cobbler "cobbler kickstart metadata dont affect ubuntu preseed " [High,Invalid] https://launchpad.net/bugs/82749614:40
Davieyzul: rocking14:40
RoAkSoAxDaviey: yes, just replied14:40
dknhere's a shot of the disk utility, and the command line output from cat /proc/mdstat http://i55.tinypic.com/dwxnap.png14:48
fixxxermetAnyone around that could help me with my preseed script?  Specifically, the partman part.  Trying to create a bunch of mount points but am ending up with only one / partition14:48
DavieyRoAkSoAx: awesome.14:49
_rubenfixxxermet: might wanna check in #ubuntu-installer .. tho i gave up on preseeding disklayouts fairly quickly .. wasn't worth the effort to me, nor was it flexible enough (or perhaps too flexible, depending on your pov)14:50
fixxxermet_ruben: It seems to be plenty flexible - just difficutl!14:50
koolhead17fixxxermet: i have it in my todo as well, been over few weeks :)14:52
dkn@ikonia make sense?14:56
fixxxermet 488  364 S    0  0.0   0:00.16 ntpd 1059 root      20   0 1128414:57
dkn@genii-around, i loaded the array into /etc/mdadm/mdadm.conf , i thought that's the only place it had to be?14:58
genii-arounddkn: The default initial ramdisk will not be able to see it unless you rebuild it with the driver it requires. The array will get assembled later on in the boot15:00
skritehey all, i have a pretty much stock install of dovecot and postfix. nice to get email, but how do i configure it to be able to send mail from a client like thunderbird on another computer?15:28
skriteonly one user will have to do this, and the user is a cron script.15:29
zulDaviey/smoser: these are the ones im considering to pull down for Friday http://pastebin.ubuntu.com/699167/15:39
smoserzul, we also need to get jamespage's fix in for the chonw -R15:41
Davieyzul: looks good, I added a ubuntu task for #3 - that will need closig in the upload15:41
smoserand i believe adam_g also had a packaging fix.15:41
zulsmoser: yeah is the branch kosher now15:41
Davieyinfact, if all the patches have ubuntu tasks - it makes it easier to review.15:42
smosertasks == bugs ?15:42
smoseroh... tasks. never mind. targetted to release.15:42
smoseryeah, i agree.15:42
DavieyWell they already have bugs for nova?15:42
zulthere is sudoers fix i want to put in as well15:42
Davieyzul: ante's?15:43
zulDaviey: adam_g also had a request for swift but i forget what it is now15:43
slakcphilok got a cron question... would this run every night at midnight mon - fri? thanks http://www.fpaste.org/L7OA/15:45
=== koolhead17 is now known as koolhead17|afk
slakcphilif I put it in /etc/crontab15:46
slakcphilor is there a one-liner solution for mon-fri15:47
shaunoslakcphil: that'll work, but 0 0 * * 1-5 /path/to/file  would be tidier15:59
shauno(imho, atleast; yours would be more readable, and they'll both do the same thing)15:59
Davieyzul: do you have bug numbers for those 4?16:00
Error404NotFoundHow can i print packets in a readable format to and from a certain port? tried tcpdump  -i eth0 -nnXSs 0 'port 9090' but the results aren't that readable.16:00
Davieyzul: I need to keep the list current.16:00
Davieyhallyn: I'm following the libvirt thread, how is it looking?16:03
uvirtbotNew bug: #862340 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/86234016:05
zulDaviey: no but i can get one16:06
Davieyzul: awesome16:07
slakcphilthanks, shauno :)16:10
adam_gzul: https://bugs.launchpad.net/swift/+bug/83692216:12
uvirtbotLaunchpad bug 836922 in swift "swift-ring-builder exit status confusing" [Undecided,Fix committed]16:12
adam_gDaviey: ^16:12
zuladam_g: cool thanks16:12
adam_gi think if we can standardize those now, itd be a good idea. especially for the sake of the juju charm16:13
uvirtbotNew bug: #862520 in openldap (main) "package slapd 2.4.23-6ubuntu6 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/86252016:16
Davieyadam_g: thanks16:19
uvirtbotNew bug: #862558 in cobbler-enlist (universe) "cobbler-enlist is not checking for return codes enough" [High,Triaged] https://launchpad.net/bugs/86255816:56
zulDaviey: http://pastebin.ubuntu.com/699210/16:56
Davieyzul: I4014bf64 - check if host list is empty before tyring to weigh hosts (bugfix) ?17:06
zulim still on the fence of that one17:07
uvirtbotNew bug: #862567 in cobbler-enlist (universe) "debconf and documentation should mention lack of SSL" [High,Triaged] https://launchpad.net/bugs/86256717:12
uvirtbotNew bug: #860492 in cobbler-enlist (universe) "[MIR] cobbler-enlist src, cobbler-enlist-udeb bin" [High,In progress] https://launchpad.net/bugs/86049217:17
koolhead17robbiew: hello17:38
nocturnalI never used ubuntu server before and I just logged onto one and it says System restart required in the motd. does ubuntu do updates automatically or is that something some admin added?17:49
el_seanonocturnal: usually it means updates were acquired and you have a new kernel update that needs to be applied17:51
nocturnalel_seano: wow sweet17:52
ersinocturnal: but you're not forced to reboot and will not prompt you every five minutes like other operating systems17:52
ersinocturnal: reboot whenever you have the chance/feel like it/aren't using the system :)17:53
nocturnalyeah, thanks17:53
hallynDaviey: i'm back to not knowing why what is happening is happening - nothing new in that thread as of a few hours ago17:54
Davieyhallyn: ok, thanks17:57
zastaphcan't you use the features of Ubuntu-one, but on your own server? so like a private cloud dropbox17:58
ersizastaph: unfortunally not with ubuntu-one AFAIK18:06
zastaphbeen looking for a dropbox alternative that you could host yourself18:06
ersizastaph: But there's a lot of other solutions that are similar (don't have any to recommend to you though :/ I havn't really looked into them)18:06
ersithere's sparkleshare, but I dunno - doesn't seem that nice18:06
zastaphi like www.sharedesk.at but it's too simple18:07
zastaphbut can host it yourself18:07
zastaphanother requirement is that its cross platform, and so far I know of only dropbox and ubuntu one with its windows release18:08
zastaphhttp://en.wikipedia.org/wiki/Ubuntu_One says that Ubuntu one can sync evolution contacts and tomboy notes18:09
zastaphits starting to look like an exchange solution18:09
thefinn93would this be the appropriate place to ask about some apache related permissions issues that have been stumping me all morning18:10
ersizastaph: Not really..18:11
ersizastaph: It looks like a sync service18:11
thefinn93(and by all morning i mean since i got up 20 minutes ago)18:11
zastaphim looking for an exchange solution for ubuntu server also18:20
zastaphtried zimbra, but I lack knowledge of DNS and https://help.ubuntu.com/community/BIND9ServerHowto is complicated18:21
uvirtbotNew bug: #862651 in mysql-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/86265118:46
RoyKzastaph: use a dns solution from you provider - most have web-based dns things18:58
RoyKwhich are simple and easy to understand18:59
zastaphin my router?18:59
RoyKall you need is a an A record for the host and an MX record to point to that mail server18:59
RoyKno, for the domain to which you're planning to serve mail19:00
zastaphohh.. but for now im just playing with dyndns and testing19:05
zastaphso i presume I need bind on my ubuntu-server19:05
RoyKnot really19:07
RoyKyou need a dns server somewhere out there to point to your MX, being the machine that should receive mail19:08
RoyKI guess dyndns can do that for you just fine19:08
RoyKno need for a local Bind server19:08
zastaphdyndns.com free allows you to input an MX Hostname, but I have no clue what to input19:08
zastaphif I register foo.dyndns.org what do I put in MX Hostname ?19:08
smoserzul, i suppose you're toing to upload nova soon ?19:09
RoyKif your machine is called foo, and listens to SMTP, that's your MX19:09
RoyKtypically, the zimbra server will be your M19:09
zulsmoser: yeah the only thing blocking me is the chown stuff19:09
zulsmoser: and testing as well19:09
zastaphRoyK, if I type foo in MX Hostname I get Please enter a valid hostname for email delivery, if I type mail.foo.dyndns.org I get MX should resolve to A or AAAA record19:11
zulDaviey: ping with the console.ring stuff do we have to change the default nova.conf?19:11
RoyKzastaph: create record an A or AAAA record for your (zimbra?) host and use that record as MX19:12
zastaphonly question is how :) im not good with DNS19:13
RoyKuse dyndns19:13
RoyKzastaph: typically, you have one or two MX records for a domain19:13
RoyKtry dig mx karlsbakk.net19:14
RoyKit'll show you which machines services email to my domain19:14
RoyKMX == mail exchange19:14
zastaphI am using dyndns, i am in the process of creating a name .. but the MX hostname is in the same form19:14
RoyKdo you have a domain registered?19:14
zastaphno, thats what im trying to do19:15
RoyKif so, that's registered at some dns server19:15
RoyKzastaph: have you registered something.com?19:15
zastaphwhich is why I need to use dyndns for now19:15
RoyKwell, begin with that19:15
zuljamespage: can you update your chown branch please19:15
zastaphnow that requires payment and thought process :)19:15
zastaphwould it help if I register foo.dyndns.org first and afterwards edit the MX Hostname?19:16
RoyKzastaph: yeah, from joker.com, it costs some $7.20 for .com19:17
RoyKquite a lot of money.......19:17
zastaphah it says in form "I have mail server with another name..."19:17
jamespagezul: just reminding myself of what needs to be done to it19:17
zastaphthought it was for the domain i was just making19:18
smoserjamespage, zul19:18
smoseri talked to soren yesterday.19:18
smoserhe was not expecting that to on upgrade.19:18
RoyKzastaph: standard procedure is, when sending email, is "do an mx record for something.tld, contact the highest priority MX (lowest number), send19:19
smoserthe difficulty with this, is if we make it only run on upgrade, then we have to selectively fix the things that would be broken (nogroup or root ownership)19:19
zastaphRoyK, I actually just want to test Zimbra on ubuntu-server, and Zimbra complains during installation that I have no MX record or something.. but if I could test it only on LAN i would be ok19:19
smoserat this point i think its probably just best to take jamespage's branch as it is right now.19:20
zulsmoser: okies will do19:20
zulim getting patch conflicts with my patch and robie's patch right now though19:20
smoserah. ok.19:21
zulwill let you know19:21
=== wooy is now known as Guest75157
jamespagesmoser: so do I need to update to only change files with group ownership of root or nogroup?19:47
smoseri think the right fix is to do nothing on upgrade19:48
smoserexcept when we're coming from a broken version19:49
smoserso maybe if version < current-right-now-archive-version:19:49
jamespageDaviey: branch proposed for dovecot-metadata-plugin - builds OK and looks similar to that already in the archive19:50
smoser find -group nogroup || -group root && chown19:50
smoser of course avoiding lxc mounts19:50
smoserbut doing that scares me because we've always done this before.19:50
RoyKzastaph: just remember that zimbra should be installed on a dedicated computer. it uses a full set of preconfigured packages, and can't be easily installed to use standard mysql/postfix/etc19:51
RoyKzastaph: so you'd probably be better off with a VM19:51
RoyKthat's what I use19:51
zastaphyes thats the plan19:51
zastaphdo you use zimbra too?19:51
zastaphi was able to create an MX hostname on the second dyndns i created (to the first)19:52
RoyKzastaph: try to read up about how dns works19:54
RoyKit's not that hard19:54
zastaphyeah i know the basics, but getting it set up in ubuntu so that zimbra understands it is not that easy, and is hard to find a recent step by step guide19:54
RoyKzimbra doesn't need to understand dns19:55
RoyKthe Net needs to know where to send email so that it reaches your zimbra server19:55
RoyKthat's what DNS is about19:55
zastaphok but it complains during ./install.sh because something was not setup right, and I dont know where19:55
RoyKzimbra doesn't give a shit19:55
RoyKnever mind that19:56
RoyKthat installation is a bit paranoid19:56
RoyKthe only important parts are 1: your server must be open to receive SMTP and 2: there must be an MX pointing to that address19:57
zastaphoh it says i need to login as root when running install i didnt do that last time19:57
RoyKjust sudo ./install19:58
axisysdo I need oracle support to install/use http://packages.ubuntu.com/lucid/ksplice ?20:05
RoyKaxisys: why would you?20:18
axisysRoyK: aparently I do for the key.. I had a long talk with jesstess on #ksplice20:19
axisysanyone who were using ksplice before oracle bought them are safe20:19
RoyKthere'll be a fork soon, or so we all hope20:20
RoyKit's GPL after all20:20
axisyshttps://github.com/CentOS/ksplice <--20:20
axisysmay be one for ubuntu20:20
RoyKafaics ksplice is in ubuntu 11.0420:25
RoyKprolly not in 10.04 though20:25
RoyKwell, it's in 10.04 as well20:26
RoyKapt-get install .....20:26
uvirtbotNew bug: #862728 in etckeeper (main) "Please stop defaulting to VCS="bzr"" [Undecided,New] https://launchpad.net/bugs/86272820:29
zulsmoser: so you are ok with this? https://code.launchpad.net/~james-page/nova/fix-lxc-and-primary-group/+merge/7730820:45
smoserwhat is $ on fresh install ?20:46
sorenOr unset, rather.20:47
axisysRoyK: but you will need a key, no ?20:48
smoserso then we at least have to quote that $220:48
axisysRoyK: i will try on a VM20:48
smoseras it is right now, it wont run on first install, right?20:48
smoser- if dpkg --compare-versions $2 lt "2011.3-0ubuntu4"; then20:49
smoser+ if [ -z "$2" ] || dpkg --compare-versions "$2" lt "2011.3-0ubuntu4"; then20:50
smoseror maybe20:50
smoser+ if [ -z "$2" ]; then20:50
sorenlt treats an empty version as earlier than any version.20:50
smoseryes, but its not quoted20:50
smoserso it will just end in dpkg error20:50
smoserwhich is false, and wont do it20:50
sorenSorry, $2 is "".20:50
jamespageso how about I quote it then20:50
sorenBut I'd quote it anyways.20:51
sorenJust to be sure.20:51
uvirtbotNew bug: #862757 in munin (main) "the munin plugin sensors_ does not recognize the values of volt and fan from lm-sensors" [Undecided,New] https://launchpad.net/bugs/86275720:52
sorenDebian Policy isn't completely unambiguous on the subject.20:52
smosersoren, what do you mean it is ""20:52
sorensmoser: And empty string.20:52
smoserso it has to be quoted20:52
sorens/and/an/, obviously.20:52
smoseror shell passes nothing there.20:52
smoser dpkg --compare-versions lt "2011.3-0ubuntu4"20:53
smoser dpkg --compare-versions "" lt "2011.3-0ubuntu4"20:53
smoserthe first is bad input to dpkg20:53
smoserso that would be false, so it doesn't take that 'if' code, and odes nothing on first install.20:54
smoserwhich is not what we wnat. on first install, you *were* doing a chown. so we should continue to do that i think.20:54
jamespagesmoser: it will run on first install20:56
smoserdamn you!20:57
smoseryou can't add quotes in the middle20:57
smosermy loaded page did not have the ""20:57
smoserso yes, that will run on first install.20:57
smoserso yes, assuming the find syntax is good, i approve of that.20:58
smoserbut i admit to messing up find syntax more than once in my life20:58
jamespageI did a quick test  - looked OK to me20:58
jamespageignores anything that is not nova:root or nova:nogroup20:59
zuljamespage: so if i merge the branch it should be kosher right?21:01
jamespagezul: I reckon so21:01
zuljamespage: ok ill pull it later tonight21:02
Davieyit's all going to go wrong, you'll see.21:05
jamespagealways appreciate review of find syntax - as smoser says easy to get wrong21:06
Davieyfind has so many different options.21:06
jamespageDaviey: did you see my ping re dovecot-metadata-plugin21:09
Davieyjamespage: no21:10
Davieygot it21:10
jamespageDaviey: ah - new upstream release prepared - I have no idea how to test21:10
jamespageand can't upload21:10
jamespageah - doko has already had a look21:11
Davieyjamespage: how much confidence do you have with it?21:12
jamespageit builds, it produces pretty much the same .so's as the previous version of the package21:12
jamespageit appears to be actively maintained and formally released alongside dovecot21:13
jamespageDaviey, more confident it will work that whats currently in the archive21:15
Davieyjamespage: I really do wish launchpad had a 'sponsor into archive' button21:16
jamespageDaviey: that would be a nice feature21:16
UrsinhaDaviey, https://launchpad.net/launchpad/+filebug21:16
DavieyUrsinha: I can't be bothered to build a package, do you think i can be so to raise a bug?21:17
jamespageDaviey: http://www.dovecot.org/list/dovecot/2011-June/059630.html21:18
jamespagethink we can probably put some faith in it21:18
UrsinhaDaviey, there's no need to be rude, man, I'm just giving you a hint that filing a bug is what you need to do to have new features in Launchpad :)21:18
DavieyUrsinha: Oh sorry, i didn't mean to come across like that.21:19
DavieyI should have thrown on a smiley21:19
jamespagewhat happened to build from branch anyways?21:19
DavieyStill on the roadmap aiui21:20
adam_ghmm. when the hell did /var/log/nova/* become world readable?21:20
Davieyadam_g: I *think* it always has been21:20
jamespageditto what Daviey said21:20
adam_greally? ive always been in the habbit of sudo'ing to read them i guess21:20
DavieyIt's not the only log file which is like that, mail.log is another21:21
Davieyadam_g: You suck at picking passwords btw.21:22
adam_gDaviey: i was just confirming the issue :)21:22
adam_gFWIW, that stuff is only logged with '--verbose' set in nova.conf.. which is enabled by default21:23
Davieyadam_g: I know, i know.. I saw the password you picked for mysql.. :)21:23
=== robbiew is now known as robbiew-afk
uvirtbotNew bug: #862816 in nova (main) "/var/log/nova/* is world-readable" [Undecided,New] https://launchpad.net/bugs/86281621:46
DavieyRoAkSoAx: Are you going to have time to look at a cobbler enablement of cobbler-enlist whilst sprinting?21:55
=== lullabud_ is now known as warzauwynn
DavieyRoAkSoAx: If you are, aadding "anna/choose_modules=cobbler-enlist-udeb" to the kernel APPEND line should be enough to invoke it21:58
Davieykirkland: I don't suppose you have had a chance to smoke the openstack dashboard?21:59
kirklandDaviey: smoke test it?21:59
Daviey(If so, django-mailer is a missing dep - which has been baking in the source NEW queue.)21:59
kirklandDaviey: sadly, we haven't gotten to it21:59
kirklandDaviey: i'll take a look, though at the queue if you like21:59
Davieykirkland: err, yeah - smoke test.. certainly not smoke crack.22:00
kirklandDaviey: i know from experience now that keystone is non-functional :-(22:00
Davieykirkland: A total brick?22:00
kirklandDaviey: completely non-functional22:03
RoAkSoAxDaviey: I hope so tomorrow22:03
adam_gDaviey: from what ive read, keystone is now a requirement of dashboard22:05
Davieykirkland: I imagine just trying to work out how the hell it fits together is less than fun, last i looked the docs were weak22:05
Davieyadam_g: yah22:05
adam_gtho im not sure the package we have in the archive was snapshotted before or after that requirement was introduced22:05
DavieyRoAkSoAx: awesome22:05
Davieyadam_g: I'm pretty sure it's after22:05
zuladam_g: ill merge your swift branch tonight22:30
zulDaviey/adam_g: so for the logfile thing there is gflag a called logfile_mode but its not set anywhere by default and its only used in nova/log.py for:22:41
zul                st = os.stat(self.logpath)22:41
zul                if st.st_mode != (stat.S_IFREG | FLAGS.logfile_mode):22:41
zul                    os.chmod(self.logpath, FLAGS.logfile_mode)22:41
adam_gzul: ill look into that. what about just 'chmod 700 /var/log/nova' in postinst?22:45
adam_gsame problem in glance btw (also with glance config files)22:45
zuladam_g: yeah as a work around  wouldnt 600 be better though? i still think the nova is doing it wrong though, im worried about it changing after you restart nova-compute or something22:47
adam_gzul: ill see if logfile_mode works. if so, we should just add that to nova.conf by default.22:49
zuladam_g: agreed22:49
Davieyadam_g: when the log files are rotate, what will happen if it's just chmodded?22:55
Davieyadam_g: if you are investigating those, can you assign yourself please?22:55
adam_gDaviey: yeah, gonna take a look at it in a bit22:56
Davieyadam_g: awesome22:57
zulDaviey: ill try to get a fix upstream as well23:04
Davieyzul: rocking23:14
Davieyit's all starting to come together23:15
Davieywhich is handy, now we are in Final Freeze23:15
rmkHi.  Is multicast blocked by default on 11.04?23:36
rmkOne of you 300 people has to know?23:45
qman__rmk, nothing is blocked by default23:54
rmkok thanks23:54
qman__the firewall is an accept all policy with no rules23:54
qman__there may be a kernel setting preventing something you're doing from working, though23:55
qman__review them in /etc/default/sysctl IIRC23:55
sorenThose are only the overrides. The kernel has its own defaults.23:57

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!