[00:14] <padhu> courier imap gives error as 'impad: chroot /root/Maildir unable to access permission denied' and squirrel mail unable to login with 'IMAP service barred login'
[00:14] <padhu> How can i rectify this ^^^
[00:41] <zul> kirkland: you are missing two patches in the bzr branch for ubuntu-server-dev
[00:51] <negronjl> adam_g: ping
[00:51] <negronjl> adam_g: updated keystone ( minor changes ). pull when you get a chance
[00:52] <adam_g> negronjl: cool. was just lookin at that a minute ago
[00:53] <adam_g> negronjl: did your patch get merged to keystone upstream? im still hitting similar issues even with that one column converted
[00:53] <negronjl> adam_g: I think it did but, the charm has an ugly hack that checks for that code and patches it if needed.
[00:54] <negronjl> adam_g, what issues are you getting ?
[00:55] <adam_g> negronjl: yah i saw the patch in the formula
[00:55] <adam_g> negronjl: one sec
[00:57] <adam_g> negronjl: actually i lost the juju environment.
[00:58] <negronjl> adam_g, I'm testing on my side as well
[00:58] <negronjl> adam_g, I am currently deploying mysql, then keystone.
[00:58] <adam_g> negronjl: i was basically creating a user, a tenant(i think?) and granting admin to the user (as is outlined in the howto doc)
[00:58] <negronjl> adam_g, keystone deploys it's own version of mysql but, you can also add a relation to an existing mysql
[00:59] <negronjl> adam_g, keystone-manage tenant add <insert_name_here>
[00:59] <negronjl> adam_g, will report back on how it goes on my side.
[00:59] <negronjl> adam_g, are you using the local version of mysql or a relation to the external mysql
[00:59] <negronjl> ?
[01:00] <adam_g> negronjl: no, an external mysql. tested with innodb and myisam
[01:00] <negronjl> adam_g, cool.  same here
[01:01] <adam_g> ive run into issues with foreign keys, myisam v innodb and nova's sqlalchemy migrations
[01:01] <negronjl> adam_g, are you using the openstack.yaml file that I included in the branch ?
[01:03] <adam_g> negronjl: yea, db access is fine. ive been dropping the database, reconfiguring storage engine, remigrating, etc.
[01:07] <adam_g> negronjl: anyway gotta run for the day, talk to you tomorrow
[03:01] <robo> hello: ubuntu 10.04LTS uses apache 2.2.14. Security scanners report this version of apache as exploitable. Since Lucid is backported we can assume as long as the latest patch is installed it's indeed not exploitable correct?  .
[03:01] <robo> Part 2. If so, is there a plugin that can be used for security scanners? I know centos has something similiar
[03:01] <twb> No.
[03:02] <twb> If you want to know if a CVE fix has been backported, read /usr/share/doc/foo/changelog.Debian.gz
[03:02] <TheEvilPhoenix> ^
[03:02] <twb> *Often* important vulnerabilities are patched, but not alway.
[03:03] <robo> gotcha, ty
[03:03] <twb> Also note that these security patches are backported in lucid-security -- lucid-backports is for new upstream versions.
[03:03] <robo> let me check that out
[03:03] <twb> !USN
[03:14] <qman__> keep in mind also that vulnerabilities can be patched without upgrading the mainstream version
[03:14] <qman__> e.g. apache-2.2.14-ubuntu3 might have patches that mainstream apache fixes in 2.2.15
[03:14] <kees> robo: yeah, see https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
[03:15] <qman__> you have to read the changelogs or test for yourself to know whether the holes have been closed or not
[03:17] <qman__> however it is generally safe to assume that vulnerabilities in commonly used packages in currently supported releases are patched within a reasonable amount of time
[03:18] <qman__> no guarantees but the track record is pretty good
[04:09] <twb> qman__: I think that assumption is optimistic
[04:09] <twb> If I actually had OpenVAS running, I would look through its report and for any scary-looking CVEs, check them in changelog.Debian
[04:11] <qman__> a fair point, but it really depends on your profile
[04:11] <qman__> for most people, it's good enough, but if you're an enticing target, you have to be more careful
[04:12] <qman__> the skiddies have plenty of much easier targets to go for
[04:13] <twb> s/enticing target/paranoid/
[04:14] <twb> If you don't have bear traps in your air ducts, you aren't doing your job as sysadmin
[04:14] <qman__> nothing wrong with that approach
[04:14] <qman__> no such thing as too much precaution
[04:15] <twb> qman__: proactively killing users to prevent them leaking secrets?
[04:15] <twb> I guess intel agencies do that, so it's not wrong per se
[04:15] <qman__> heh
[04:16] <twb> Speaking of which, I should put honeypots back on my todo list
[04:17] <twb> I think I dismissed them last time because I couldn't think of a reliable way to have a honeypot that nothing could escape *and* be able to get the list of attackers out of it
[04:17] <twb> (Other than, you know, sneakernet)
[06:02] <ivoks> hallyn: why is bug 861547 low? :)
[06:03] <ivoks> hallyn: it makes nova-volume unusable
[06:21] <Daviey> ivoks: have you read the status defintions?
[06:22] <ivoks> Daviey: status definitions?
[06:22] <Daviey> ivoks: Err, Importance - rather
[06:23] <_ruben> anyone ever ran into $ARCH being amd64 instead of x86_64 when trying to build an out of tree kmod?
[06:24] <ivoks> Daviey: i was unaware of any changes; i've been too long tied to different definitions
[06:31] <Daviey> ivoks: Whilst i agree it could have been a medium, the triager was correct with Low - "A bug that has an easy work-around"
[06:33] <ivoks> Daviey: ok, thanks for explanation
[06:33] <ivoks> hallyn: ignore my question ;)
[06:36] <Daviey> ivoks: fancy adding d/changelog entries?
[06:36] <Daviey> leave it marked as UNRELEASED
[06:37] <ivoks> Daviey: sure, i just have to finish some other work
[07:14] <Daviey> jamespage: Your likewise-open upload did also fix bug 655533, right?\
[07:28] <jasonmsp> hey all.  Can someone tell me what I can do to get the file names to print out before they are displayed when I do this?  find . | xargs -n1 grep -ils loglevel | xargs -n1 -I {} head {}  ?
[07:29] <Kartagis> hello
[07:30] <Kartagis> do I need to import a database schema for postfix mysql support?
[07:33] <ikonia> Kartagis: no
[07:34] <ikonia> Kartagis: the installer for mysql comes with the default schema
[07:34] <ikonia> the postfix one comes with an "empty" schema if that makes sense
[07:47] <jasonmsp> Anyone know what to do when you cat a file and your encoding or something changes?  This is my prompt after I hit cat on a file:  T␤┤ S␊⎻ 29 03:46:09
[07:47] <jasonmsp> /⎽⎼┴/┬┬┬/┘┼⎼16/┐⎺⎽┐␋┘⎺┤⎼┼␊≤.␌⎺└/⎻┤␉┌␋␌▮␤├└┌
[07:47] <twb> jasonmsp: reset
[07:47] <ikonia> tput -reset
[07:47] <jasonmsp> thanks!
[07:47] <twb> no -
[07:48] <jasonmsp> no for which?
[07:48] <ikonia> no - he means
[07:48] <jasonmsp> ah.. thanks..
[07:48] <ikonia> thank you twb
[07:55] <brontosaurusrex> would this http://www.pcpro.co.uk/reviews/servers/364444/hp-proliant-microserver be a decent platform for ftp/www/file sharing server, using 2nd disk as mirror or rsync redundancy, running ubuntu server of course?
[07:55] <brontosaurusrex> thoughts?
[08:01] <Daviey> brontosaurusrex: Ubuntu UK Podcast did a review of it, you could do worse than listen to that.
[08:01] <Daviey> brontosaurusrex: or ask popey.. he has at least one.
[08:02] <brontosaurusrex> Daviey, tnx, let me google
[08:03] <Kartagis> ikonia: do I create the table manually then?
[08:03] <ikonia> Kartagis: what table ? what are you trying to do (little bit of background please)
[08:04] <Kartagis> ikonia: I'm trying to have postfix work with mysql
[08:04] <ikonia> Kartagis: you'll need to create the database for that manually, or use a software package that creates them for you as part of the install
[08:05] <ikonia> Kartagis: you'll also need to make sure your postfix install was built with mysql compatability linked in, I don't know if it does it native or links against the mysql client
[08:05] <ikonia> I think it's against the client
[08:06] <twb> brontosaurusrex: I haven't used proliants, but I get the impression they're reasonably good tier1.5 gear
[08:07] <twb> I did hear one horror story where their smart PSUs sent bad juju back down the power line and caused the UPS to turn off everything whenever you plugged a proliant into it, tho
[08:08] <brontosaurusrex> twb, any suggestions on how to go with mirroring? is raid1 really the best option? or would a croned rsync do better?
[08:08] <twb> That depends what you want
[08:08] <brontosaurusrex> well, basically a constant uptime with all the files and all the functionality :)
[08:08] <twb> Here, we have three-way RAID1 on the local system, combined with offsite backups using rsync + cp -al to create incremental snapshots.
[08:09] <twb> brontosaurusrex: you aren't going to get constant uptime
[08:09] <twb> You will be lucky to get five-nines with LTS on a proliant
[08:09] <brontosaurusrex> ok, near-constant uptime, basically redundancy, something that people can trust to store their master videos as well, not just intranet proxies
[08:10] <twb> What risks are you guarding against?
[08:10] <brontosaurusrex> harddrive crash
[08:10] <twb> A disk dying?  The RAID controller dying?  The building burning down?  The user accidentally rm -rf'ing?
[08:10] <twb> If you're only concerned about the first, a two-way RAID1 will suffice
[08:11] <brontosaurusrex> yeah, basically against hd crash and silly admins risk (against myself)
[08:11] <brontosaurusrex> how is raid1 agains silly admins?
[08:12] <twb> What do you mean "silly admins" ?
[08:12] <jamespage> Daviey: I think so - I need to re-install and re-test the upgrade again when we have something that actually might work
[08:12] <brontosaurusrex> rm -r
[08:12] <twb> brontosaurusrex: zero safety
[08:12] <twb> brontosaurusrex: RAID1 won't help against that *at all*
[08:12] <brontosaurusrex> so rsync is better i guess?
[08:12] <Daviey> jamespage: I might test it in a natty cloud image.
[08:13] <jamespage> yes - not a bad idea
[08:13] <Daviey> ( jamespage: morning btw )
[08:13] <jamespage> Daviey: good morning to you as well!
[08:13] <twb> brontosaurusrex: like I say, I have local RAID1 and offsite rsync+cp -al
[08:14] <twb> ZFS or BTRFS snapshots are better than cp -al, but they're also a pain
[08:14] <brontosaurusrex> offsite like over intranet or external drives or ... ?
[08:14] <Daviey> brontosaurusrex: If you have silly admins, you are probably doing it wrong :)
[08:15] <brontosaurusrex> Daviey, well, my current server has 120 days of uptime, but the fact that there is no redundancy makes me nervous
[08:15] <twb> brontosaurusrex: either over the internet, or over intranet to the other end of the site for large campuses, or to removable USB HDDs that the user is responsible for rotating
[08:15] <brontosaurusrex> twb, ok
[08:15] <twb> rotation is bad because then the user can forget
[08:16] <brontosaurusrex> of course, i need a "no admininstration" needed system
[08:17] <twb> You mentioned videos; rsync of videos over internet is gonna be painful
[08:17] <ersi> brontosaurusrex: Offsite is always Off site.
[08:17] <ersi> brontosaurusrex: Otherwise, it isn't offsite :)
[08:17] <twb> For stuff like maildirs and office docs, it is fine
[08:17] <twb> pst files completely rape rsync, tho
[08:17] <brontosaurusrex> twb, then it will be an usb disk that always on?
[08:17] <brontosaurusrex> lol
[08:18] <twb> brontosaurusrex: you'd arrange it such that the USB disks automount, and one is always onsite and one or more are in transit / offsite
[08:18] <brontosaurusrex> yes, the videos can be in Gb
[08:18] <twb> e.g. you say to the user "every friday, bring disk A in and take disk B home, and vice-versa every other friday "
[08:19] <twb> Personally I really hate that design
[08:19] <acemo> all tutorials/documentation n stuff says i have to first tell mdadm i'm going to remove my faulty disk before i can actually remove it.
[08:19] <brontosaurusrex> twb, sounds good, so this can be easily automated in a way that the rsync will see any usb disk with the same path and everything i guess?
[08:19] <twb> acemo: well, no, you can just yank it out and it'll be as if the disk exploded while it was in there
[08:19] <twb> brontosaurusrex: udev can handle the mounting
[08:20] <twb> brontosaurusrex: give all USB HDDs the same filesystem label (tune2fs -l)
[08:20] <acemo> I didn't do that and now my new hard disk is seen as a spare disk. Is there any way i can tell mdadm that the removed disk is actually gone?
[08:20] <brontosaurusrex> hrmm, yeah, how about rsyncs to a win/mac workstations overnight?
[08:20] <twb> acemo: so activate it
[08:21] <twb> acemo: madadm --add /dev/md0 /dev/sdz1 or whatever
[08:21] <twb> brontosaurusrex: you cannot back up windows machines
[08:21] <twb> They have no inodes, so it is impossible without specialist Windows backup tools
[08:22] <brontosaurusrex> no, just the file transfer of files to windows machine
[08:22] <twb> I don't follow
[08:22] <acemo> twb thats what i did and then it became spare..
[08:22] <brontosaurusrex> well, the editing workstations are either: win, mac or linux, server is ubuntu, so can i use an editing workstation overnight as a rsync target?
[08:22] <brontosaurusrex> or something similar
[08:22] <twb> acemo: I don't remember what to do next, RTFM, sorry
[08:23] <twb> brontosaurusrex: I *really* wouldn't rely on Windows for anything important
[08:23] <twb> brontosaurusrex: apart from anythign else, rsync over the wire will need SSH and rsync installed on the Windows box, so you'll need cwrsync or full cygwin
[08:24] <brontosaurusrex> right, so OS X would be much easier as a target?
[08:24] <twb> Well, it's a fucked-up 80s vendor wars-style unix
[08:25] <twb> But at least it isn't VMS like NT7.1
[08:25] <acemo> twb: been reading the manual and random tutorials for a few hours already.. haven't found anything yet.. oh well.. back to searching :)
[08:26] <brontosaurusrex> so what if i upgrade this existing server with some new HDs and get proliant as a backup server?
[08:26] <twb> acemo: raid1 or raid5
[08:26] <acemo> twb: raid 1
[08:27] <twb> All I can see is mdadm /dev/md0 --add /dev/sdz
[08:28] <acemo> same here.. thats what pretty much everything on the internet says
[08:28] <twb> pastebin mdadm --detail output
[08:31] <acemo> twb: http://pastie.org/private/q4rhmkssc6qhq1s94oeaq
[08:32] <twb> And /proc/mdstat ?
[08:32] <twb> What *I* think is that you've successfully added it, and it'll stop being a spare automatically when the resync finishes
[08:32] <acemo> /proc/mdstat http://pastie.org/private/xruou3g5ets1askaro5bmw
[08:32] <acemo> thats what i was asuming myself too..
[08:33] <twb> BTW, recommend you enable write-intent bitmaps
[08:33] <twb> They're the RAID equivalent of a filesystem journal
[08:33] <twb> (-binternal on --assemble/--grow)
[08:33] <acemo> unfortunately as soon as its done it will show the removed disk again..
[08:33] <acemo> atleast thats what it did the last time
[08:33] <twb> acemo: hm, I can't explain that
[08:34] <twb> acemo: unless the new disk is too small or something?
[08:34] <acemo> thanks for the tip, i'll enable that when its done
[08:34] <twb> Check /proc/partitions
[08:34] <acemo> /proc/partitions http://pastie.org/private/kvpxql5wonuveqju9egsig
[08:34] <acemo> their the same size..
[08:35] <twb> OK
[08:38] <Daviey> jamespage: Did you have time to reproduce bug 801494, with a sleep()?
[08:38] <Daviey> (/me suspects not!  But thought i should ask)
[08:38] <jamespage> no
[08:38] <jamespage> Daviey: no
[08:39] <acemo> i guess best thing to do is 1) wait for it to be done syncing 2) --grow -binternal 3) hope that somehow its not putting it as spare yet again.
[08:40] <Daviey> jamespage: Ok.. hopefully jhunt will have a proper fix today, we can test against :)
[08:41] <Daviey> ikonia: How did you get on with bug 831121 or bug 831179?
[08:41] <ikonia> Daviey: I'm returing to it at 12:00
[08:41] <ikonia> let me get the number of the one I'm working on
[08:41] <ikonia> I've got it building,
[08:41] <twb> I hate my users
[08:41] <ikonia> (can only get to the test kit when I'm on a different network
[08:41] <Daviey> ikonia: rocking!
[08:42] <twb> I even write .ssh/config rules for them and they still insist on doing things wrong
[08:42] <ikonia> Daviey: working on 831121
[08:42] <Daviey> twb: I swear you are the BOFH.
[08:42] <twb> I am
[08:42] <Daviey> ikonia: ok, thanks
[08:42] <ikonia> not touched 831179 as I'm doing one at a time due to limited time/resources
[08:42] <twb> Daviey: well, not THE BOFH
[08:43] <twb> Daviey: Simon's a kiwi
[08:43] <Daviey> twb: :o
[08:43] <Daviey> ikonia: understood
[08:43] <twb> Daviey: what?
[08:45] <Daviey> twb: I still think you re the original BOFH.
[08:45] <twb> I'm too young for that
[08:45] <ikonia> too many social skills
[08:47] <twb> Nah, adult aspys just know how to hide it
[08:47] <twb> It's all operant conditioning
[08:56] <ikonia> Daviey: got the assignment - sloppy on process, so please keep me in check, not done much with "official" ubuntu bug fix process
[09:00] <Daviey> ikonia: heh
[09:02] <koolhead17> hi all
[09:16] <Kartagis> http://pastebin.com/8h3WgcfZ <--- what does this mean? what do I need to install?
[09:16] <Kartagis> if I do
[09:18] <ikonia> Kartagis: looks like too issues
[09:18] <ikonia> Kartagis: one the authentication methos is configured to use sasl, which isn't available on your machine, and the second is your postfix startup options are wrong/invalid
[09:49] <jamespage> Daviey: testing the new version of likewise now
[09:56] <jamespage> Daviey: do we still get tasksel at the end of the server ISO installer?
[09:56] <jamespage> I should know but I've not looked recently
[10:01] <Daviey> jamespage: I thought we dropped it.
[10:02] <jamespage> Daviey: me to - but I wanted to make sure
[10:02] <Daviey> Equally, i should know.. but I tend to do the install on autopilot these days
[10:02] <Daviey> not good.
[10:02] <jamespage> Daviey: I think that we need to re-align our automated testing for next release
[10:02] <jamespage> its still focussed around tasksel
[10:02] <jamespage> which is not that appropriate
[10:09] <Daviey> jamespage: Hell, yes.
[10:09] <Daviey> jamespage: It is sounding like we will need to drive the complex-testing blueprint.
[10:09] <jamespage> Daviey: we should be able to next release
[10:09] <jamespage> juju will be mature enough
[10:10] <jamespage> I'm seeing it
[10:10] <Daviey> jamespage: we should consider if orchestra is the right framework for it, using openstack + iso support might be better.
[10:11] <jamespage> Daviey: I think so - I don't want to introduce a requirement for real hardware
[10:11] <Daviey> jamespage: Ah.. without openssh (server) installed by default, we pretty much have to keep tasksel
[10:11] <jamespage> hmm
[10:11] <jamespage> gah
[10:12] <jamespage> OK - but I really want to automate network install testing as well
[10:12] <jamespage> we can leave what we already have in place and supplement it
[10:12] <Daviey> Yeah
[10:12] <jamespage> for example I see several things this release which could do with a good test - tomcat7, mail-stack-delivery, likewise-open
[10:13] <jamespage> hey - maybe even jenkins
[10:13] <Daviey> jamespage: I assume you've already put some thought into a blueprint?
[10:13] <jamespage> I don't think we should be to restrictive
[10:13] <jamespage> about 5 minutes worth looking at this log
[10:13] <jamespage> but yes - generally I have
[10:14] <Daviey> no, it should be easy to write tests.. and for not just stuff we care about.
[10:14] <Daviey> heh
[10:15] <jamespage> for simple deployment tests we should prob use preseed + simple test suites
[10:15] <jamespage> juju for more complicated stuff
[10:15] <jamespage> but that is likely to need a openstack/or we use ec2
[10:19] <Daviey> jamespage: hmm, wouldn't it make sense to use the same complicated test framework for *world?
[10:20] <jamespage> I think there is merit in validating simple installs first
[10:20] <jamespage> Base Install (ISO + Preseed) -> Simple Install (Netinstall + Preseed) -> Complex Install (Juju)
[10:21] <jamespage> we might want to drop things like orchestra and cobbler into the simple install testing
[10:21] <jamespage> unlikely we will deploy using juju
[10:21] <jamespage> for example
[10:23] <ikonia> Daviey: ping
[10:23] <Daviey> ikonia: hey
[10:24] <ikonia> Daviey: advice time I'm afraid
[10:24] <ikonia> think I've tracked this down to an incompatability with the dovecot version 11.10 is using against how the software maintainer has prepped his code
[10:25] <ikonia> Daviey: I think (here is where your advice is needed) this may need to go back upstream to the maintainer
[10:25] <ikonia> or we'll need to write a header from scratch
[10:25] <ikonia> there is a version check against dovecot to match to a header to include
[10:26] <ikonia> there is no dovecot 2.0 header, he stops at 1.2
[10:26] <ikonia> suggestions/opinions advice
[10:28] <Daviey> gah
[10:28]  * Daviey sniffs
[10:28] <ikonia> ?
[10:29]  * Daviey has a look.
[10:32] <ikonia> Daviey: missing file is antispam-storage-2.0.c
[10:33] <ikonia> which looking at his webpage, sort of suggests he's inline only for the 1.X tree
[10:35] <Daviey> yep
[10:35] <Daviey> upstream doesn't have the fix yet either
[10:35] <Daviey> :/
[10:35] <Daviey> http://johannes.sipsolutions.net/Projects/dovecot-antispam
[10:35] <ikonia> I started playing around with hacking at the 1.2 to try to make soemthing 2.0 that will at least build for a test
[10:35] <Daviey> ah!
[10:36] <Daviey> http://wiki2.dovecot.org/Plugins/Antispam
[10:36] <Daviey> ikonia: yeah, i just did the same
[10:36] <ikonia> ahhh
[10:36] <ikonia> let me look at this,
[10:36] <ikonia> good find.
[10:37] <Daviey> http://dovecot.org/pipermail/dovecot/2011-September/061134.html
[10:37] <Daviey> gah, it's a total different codebase
[10:37] <ikonia> how should this be delt with work with maintainer ? make own missing header ? look at using fork that is 2.0 compatible ?
[10:37] <ikonia> ha, yes, totally different
[10:38] <ikonia> based on how this sort of thing is usually handled
[10:38] <Daviey> If it was a fork, we could have cherrypicked as a patch.
[10:38] <ikonia> I'll update the bug report in a minute, but thought I'd get some input on the direction you'd like me to take
[10:38] <ikonia> well, bad wording
[10:38] <ikonia> "alternative vesion"
[10:39] <Daviey> Yeah, it's very late in the cycle to consider switching.. I have NFI if they are drop in compatiable.
[10:39] <ikonia> I can try to work with the maintainer or sort the missing file out myself
[10:40] <Daviey> Someone concerned it clealry known upstream, and not handled.
[10:40] <Daviey> It might be more complex than we hoped
[10:41] <ikonia> I have no doubt
[10:41] <ikonia> looking at the 1.2 file
[10:41] <ikonia> I can see at 3 issues straight away
[10:41] <ikonia> I don't think it's realistic for it to make 11.10 unless the maintainer is holding something back
[10:42] <ikonia> that said I can start to progress it for inclusion on date $X
[10:42] <Daviey> The fact it fails to build, is only part of the concern now.. It seems that it will not work with dovecot full stop?
[10:42] <ikonia> that's not how I was reading that mailing thread
[10:43] <Daviey> "Yes, the HG code works fine with Dovecot 2, am using it. The Berg site is for Dovecot 1. Dovecot 1 is in use in many distributions like Centos 5, etc. So, it still needs updates."
[10:44] <Daviey> It sounds to be that the code we have is suitable only for Dovecot 1.X series, and won't be updated
[10:44] <Daviey> Maintained, but not extended.
[10:45] <ikonia> I see where you are going
[10:45] <ikonia> would you like me to start looking at swapping it out to the alterantive version for release $X
[10:46]  * jamespage adds dovecot-antispam to the list of things for testing automation next cycle
[10:47] <Daviey> http://bugs.debian.org/631143
[10:47] <Daviey> debian bug 631143
[10:48] <ikonia> I'll link our bug into that one for reference
[10:49] <ikonia> no I won't
[10:49] <ikonia> that's  1.2 bug
[10:50] <ikonia> so he does plan to move to dovcecot 2
[10:50] <Daviey> it's the same issue, just older
[10:50] <ikonia> how will ubuntu deal with that, just leave it as a broken package until it's available ?
[10:50] <Daviey> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631143#15
[10:50] <Daviey> ikonia: I think that is all we can do really.
[10:51] <ikonia> understood
[10:51] <Daviey> potential release note.
[10:55] <ikonia> Daviey: I'll move onto the next bug then, let me know if I can progress that further in any way
[10:59] <Daviey> ikonia: thanks!
[11:00] <ikonia> Daviey: what should I mark that bug to as a status
[11:00] <ikonia> (won't fix ?)
[11:00] <Daviey> Just confirmed.
[11:01] <ikonia> ok
[11:01] <Daviey> Even or Triaged, i guess
[11:05] <Daviey> ikonia: ssh ubuntu@91.189.93.84
[11:06] <ikonia> ahhh
[11:07] <Daviey> ikonia: got in?
[11:09] <ikonia> yes
[11:11] <Daviey> but not seeing my message?
[11:11] <ikonia> kicked me off
[11:11] <ikonia> I'm seeing it now
[11:11] <ikonia> got it
[11:16] <Daviey> ikonia: so, libtool: compile:  gcc -DHAVE_CONFIG_H -I. -I.. -I -I/src/lib -I/src/lib-mail -I
[11:16] <Daviey> /src/lib-imap -I/src/lib-storage -I/src/lib-dict -I/src/imap -DPKG_RUNDIR=\"\" -
[11:16] <Daviey> g -O2 -c metadata-plugin.c  -fPIC -DPIC -o .libs/metadata-plugin.o
[11:17] <Daviey> the -I's need to be after the -o's :)
[11:17] <Daviey> Does that make sense?
[11:17] <ikonia> mostly
[11:34] <m_3> Daviey: rails update... I've upgraded the dep lib packages to 2.3.14, just having problems building one of them
[11:35] <m_3> some patches reverting previous patches nonsense
[11:35] <Daviey> m_3: eeeek
[11:35] <m_3> working through that now
[11:35] <Daviey> m_3: Does it touch non-rails packages?
[11:35] <m_3> nope
[11:35] <Daviey> Oh good.. i was worried we'd be touching ruby itself..
[11:36] <Daviey> From a release aspect, i think we can touch rails in any way suitable to get it working.
[11:36] <Daviey> but ruby requires more consideration.
[11:36] <m_3> nope, really not that complicated of an upgrade, just some dh stuff getting in my way
[11:37] <m_3> shall I submit merge requests when it's working?
[11:38] <m_3> I've got branches, and am test-installing these from a ppa
[11:43] <Daviey> jamespage: jenkins blueprint, "Update documentation for disabling plugin management through web ui" - still a target for oneiric?
[11:43] <Daviey> m_3: merge branches would be GREAT
[11:47] <AnAnt> Hello, what is the recommended Wiki engine available on Ubuntu ?
[11:49] <Daviey> AnAnt: moin
[11:50] <AnAnt> Daviey: python-moinmoin ?
[11:51] <Daviey> !moin
[11:52] <AnAnt> !moin
[11:52] <Daviey> https://help.ubuntu.com/10.04/serverguide/C/moinmoin.html
[11:52] <AnAnt> Daviey: thanks
[12:33] <hallyn> ivoks: exactly, 'easy workaround' was what I went on :)   howdie, btw :)
[12:33] <hallyn> ivoks: will you be at uds?
[12:34] <ivoks> hallyn: yes, i got corrected :)
[12:34] <ivoks> hallyn: and yes, i will be at UDS
[12:34] <hallyn> cool
[12:58] <strat-o-caster> I'm getting a bunch of packages "held back" when doing an upgrade.  Is it OK to just install over them?
[12:59] <pmatulis> strat-o-caster: sounds like you have done some pinning?
[13:00] <Pici> strat-o-caster: Are you using apt-get upgrade or dist-upgrade?
[13:00] <strat-o-caster> In particular ssl-cert is asking me if it is OK to replace a cert that was created automatically and is now flawed...
[13:00] <strat-o-caster> not yet
[13:00] <strat-o-caster> just apt-get install ssl-cert
[13:00] <zul> morning
[13:00] <strat-o-caster> I'm still running an old 8.04 LTS
[13:01] <strat-o-caster> it was just apt-get upgrade when I got the warning...
[13:01] <jamespage> Daviey: that can be postponed - reviewing blueprints now
[13:01] <Daviey> jamespage: i just did a hack and slash on them all, i think they should be pretty reflective now; but please change any that are wrong.
[13:02] <jamespage> Daviey: lgtm
[13:03] <Daviey> cool
[13:13] <hallyn> smb: i understand we probably can't do anything, but just wanted to point out bug 862136 as ipv6 is sort of important to us...
[13:14] <strat-o-caster> I think it's OK to plow over my certs.  I backed up /etc/ssl and all my ssl certificates.  I use authorized-keys to let certain people in...
[13:14] <smb> hallyn, Hm, first I hear of that bug... Will look at it
[13:16] <PleXs> anyone known if it is possible to reassign a device name to specific hdd ? now the disc is hdb but it should be hdc .. is there a way to do that? :)
[13:18] <patdk-wk> plexs, not easily
[13:18] <patdk-wk> this is why you want to use uuid's, and not device names
[13:19] <patdk-wk> if you really want consistant device names, use /dev/disk/by-path/.... instead
[13:20] <PleXs> patdk-lap, yeah I use uuid but this is for something special :) a program checks on partition hdc
[13:20] <PleXs> patdk-wk, I'm using it on virtual machine :)
[13:20] <patdk-wk> heh?
[13:21] <PleXs> I could create a dummy virtual disk also.. but if I could adjust it in linux it's more easy
[13:21] <PleXs> patdk-wk, its a hardware device I'm converting to Vmware machine
[13:21] <PleXs> its running on linux and I'm using ubuntu 32bit basic as default
[13:22] <PleXs> patdk-wk, the program that is running on that machine checks for a device hdc if it exists else it fails to start :)
[13:29] <lynxman> morning everyone o/
[13:30] <Daviey> m_3: Are you following the dicussion in -release?
[13:33] <TheEvilPhoenix> Daviey:  there's a release channel?
[13:33] <TheEvilPhoenix> o.O
[13:34] <TheEvilPhoenix> (yes, i'm emerging from lurk mode :P)
[13:35] <Daviey> heh
[13:36] <TheEvilPhoenix> Daviey:  yes, i'm one of those people who emerges from lurk mode only when something interesting is said or happens :P
[13:36] <TheEvilPhoenix> such as massive net splits or similar
[13:45] <TheEvilPhoenix> hey Daviey perhaps you can answer this...
[13:45] <TheEvilPhoenix> i've got an ubuntu-server of which i installed a GUI onto... and i'm still using aptitude update and what not
[13:45] <TheEvilPhoenix> i see tons of entries for Translations-<langcode> in the apt update list.  is there a way to neutralize those entries
[13:45] <TheEvilPhoenix> but keep the primary updates?
[13:45] <TheEvilPhoenix> s/updates/repos/
[13:46] <TheEvilPhoenix> such as main, universe, multiverse
[13:47] <ersi> just remove the translation entries >_>
[13:48] <ersi> Edit /etc/apt/sources.list
[13:51] <elb0w`> I changed my interface file from dhcp to static and provided the required criteria
[13:51] <elb0w`> however it since has rebooted and come back with a dhcp adress
[13:51] <elb0w`> but I can see it still static in the interface file
[13:51] <elb0w`> im confused
[13:52] <TheEvilPhoenix> ersi:  um... which line would i be looking for?
[13:52] <TheEvilPhoenix> its not in /etc/apt/sources.list
[13:52] <TheEvilPhoenix> is there any other apt list that it pulls in?
[13:53] <strat-o-caster> After upgrading ssl-certs.  It seems there are hardly any changes at all in /etc/ssl/certs  Many go back to 2008.  Does this sound right?  I am using 8.04LTS
[13:56] <elb0w`> nvm
[13:58] <RoAkSoAx> Daviey: ping
[14:04] <Linuturk> I've got postfix setup to relay mail through a gmail account. I told postfix to forward all mail meant for postmaster and root to a specific user account. I then told /etc/aliases to forward that specific user account to my gmail account. I can mail from the command line to my gmail account, but if I mail directly to root from the command line, it forwards the message to root@FQDN instead of the address in /etc/aliases. I have run newaliase
[14:16] <strat-o-caster> I just ran "update-ca-certificates" but it looks like my certificates (i.e. GeoTrust_Global_CA.crt) is still dated 4/15/2008!  Is this right? How can I update all my certs?  I'm using 8.04 LTS. Thanks!
[14:17] <_ruben> CA's tend to have fairly long lifetimes, so 3 years aint that old for a CA really
[14:19] <strat-o-caster> OK, I'm basically getting a Client-SSL-Warning in some perl code that says Peer certificate not verified... Maybe I'm going down the wrong path?
[14:20] <Daviey> RoAkSoAx: hola
[14:21] <dkn> why would a raid array created with mdadm on the command line not show up in the GUI disk utility?
[14:22] <ikonia> because the gui looks for /dev/sd ?
[14:23] <ikonia> rather than /dev/md
[14:23] <ikonia> ?
[14:24] <ikonia> or the meta device isn't actually running/started at this moment in time
[14:26] <genii-around> dkn: You may need to add the raid module names to /etc/initramfs-tools/modules and sudo update-initramfs -u   for it to be activated during boot time
[14:27] <_ruben> strat-o-caster: did you verify the peer's certificate using a browser or smth similar?
[14:32] <Daviey> zul: Are you proposing your nova lxc console bug fix to trunk?
[14:33] <strat-o-caster> It was in some perl code with HTTP::Request
[14:34] <dkn> hmmmm well the md shows up in the multi disk devices list, but it's showing it as not started when it is
[14:34] <dkn> i am getting an error with the metadata version 0.90.0
[14:39] <ikonia> dkn: if it's showing as not started...it's not started
[14:40] <zul> Daviey: yep
[14:40] <zul> Daviey: i should be backporting it today
[14:40] <Daviey> RoAkSoAx: did you see the comment on bug 827496 ?
[14:40] <dkn> but that's the thing, if i do cat /proc/mdstat it shows as active, and you can get into all the folders it's mounted at
[14:40] <Daviey> zul: rocking
[14:40] <RoAkSoAx> Daviey: yes, just replied
[14:40] <RoAkSoAx> :P
[14:48] <dkn> here's a shot of the disk utility, and the command line output from cat /proc/mdstat http://i55.tinypic.com/dwxnap.png
[14:48] <fixxxermet> Anyone around that could help me with my preseed script?  Specifically, the partman part.  Trying to create a bunch of mount points but am ending up with only one / partition
[14:49] <Daviey> RoAkSoAx: awesome.
[14:50] <_ruben> fixxxermet: might wanna check in #ubuntu-installer .. tho i gave up on preseeding disklayouts fairly quickly .. wasn't worth the effort to me, nor was it flexible enough (or perhaps too flexible, depending on your pov)
[14:50] <fixxxermet> _ruben: It seems to be plenty flexible - just difficutl!
[14:52] <koolhead17> fixxxermet: i have it in my todo as well, been over few weeks :)
[14:56] <dkn> @ikonia make sense?
[14:57] <fixxxermet>  488  364 S    0  0.0   0:00.16 ntpd 1059 root      20   0 11284
[14:57] <fixxxermet> oops
[14:58] <dkn> @genii-around, i loaded the array into /etc/mdadm/mdadm.conf , i thought that's the only place it had to be?
[15:00] <genii-around> dkn: The default initial ramdisk will not be able to see it unless you rebuild it with the driver it requires. The array will get assembled later on in the boot
[15:28] <skrite> hey all, i have a pretty much stock install of dovecot and postfix. nice to get email, but how do i configure it to be able to send mail from a client like thunderbird on another computer?
[15:29] <skrite> only one user will have to do this, and the user is a cron script.
[15:39] <zul> Daviey/smoser: these are the ones im considering to pull down for Friday http://pastebin.ubuntu.com/699167/
[15:41] <smoser> zul, we also need to get jamespage's fix in for the chonw -R
[15:41] <Daviey> zul: looks good, I added a ubuntu task for #3 - that will need closig in the upload
[15:41] <smoser> and i believe adam_g also had a packaging fix.
[15:41] <zul> smoser: yeah is the branch kosher now
[15:42] <Daviey> infact, if all the patches have ubuntu tasks - it makes it easier to review.
[15:42] <smoser> tasks == bugs ?
[15:42] <smoser> oh... tasks. never mind. targetted to release.
[15:42] <smoser> yeah, i agree.
[15:42] <Daviey> Well they already have bugs for nova?
[15:42] <zul> there is sudoers fix i want to put in as well
[15:43] <Daviey> zul: ante's?
[15:43] <zul> yep
[15:43] <Daviey> cool
[15:43] <zul> Daviey: adam_g also had a request for swift but i forget what it is now
[15:45] <slakcphil> ok got a cron question... would this run every night at midnight mon - fri? thanks http://www.fpaste.org/L7OA/
[15:46] <slakcphil> if I put it in /etc/crontab
[15:47] <slakcphil> or is there a one-liner solution for mon-fri
[15:59] <shauno> slakcphil: that'll work, but 0 0 * * 1-5 /path/to/file  would be tidier
[15:59] <shauno> (imho, atleast; yours would be more readable, and they'll both do the same thing)
[16:00] <Daviey> zul: do you have bug numbers for those 4?
[16:00] <Error404NotFound> How can i print packets in a readable format to and from a certain port? tried tcpdump  -i eth0 -nnXSs 0 'port 9090' but the results aren't that readable.
[16:00] <Daviey> zul: I need to keep the list current.
[16:03] <Daviey> hallyn: I'm following the libvirt thread, how is it looking?
[16:06] <zul> Daviey: no but i can get one
[16:07] <Daviey> zul: awesome
[16:10] <slakcphil> thanks, shauno :)
[16:12] <adam_g> zul: https://bugs.launchpad.net/swift/+bug/836922
[16:12] <adam_g> Daviey: ^
[16:12] <zul> adam_g: cool thanks
[16:13] <adam_g> i think if we can standardize those now, itd be a good idea. especially for the sake of the juju charm
[16:19] <Daviey> adam_g: thanks
[16:56] <zul> Daviey: http://pastebin.ubuntu.com/699210/
[17:06] <Daviey> zul: I4014bf64 - check if host list is empty before tyring to weigh hosts (bugfix) ?
[17:07] <zul> im still on the fence of that one
[17:38] <koolhead17> robbiew: hello
[17:49] <nocturnal> I never used ubuntu server before and I just logged onto one and it says System restart required in the motd. does ubuntu do updates automatically or is that something some admin added?
[17:51] <el_seano> nocturnal: usually it means updates were acquired and you have a new kernel update that needs to be applied
[17:52] <nocturnal> el_seano: wow sweet
[17:52] <ersi> nocturnal: but you're not forced to reboot and will not prompt you every five minutes like other operating systems
[17:53] <ersi> nocturnal: reboot whenever you have the chance/feel like it/aren't using the system :)
[17:53] <nocturnal> yeah, thanks
[17:54] <hallyn> Daviey: i'm back to not knowing why what is happening is happening - nothing new in that thread as of a few hours ago
[17:57] <Daviey> hallyn: ok, thanks
[17:58] <zastaph> can't you use the features of Ubuntu-one, but on your own server? so like a private cloud dropbox
[18:06] <ersi> zastaph: unfortunally not with ubuntu-one AFAIK
[18:06] <zastaph> been looking for a dropbox alternative that you could host yourself
[18:06] <ersi> zastaph: But there's a lot of other solutions that are similar (don't have any to recommend to you though :/ I havn't really looked into them)
[18:06] <ersi> there's sparkleshare, but I dunno - doesn't seem that nice
[18:06] <zastaph> agree
[18:07] <zastaph> i like www.sharedesk.at but it's too simple
[18:07] <zastaph> but can host it yourself
[18:08] <zastaph> another requirement is that its cross platform, and so far I know of only dropbox and ubuntu one with its windows release
[18:09] <zastaph> http://en.wikipedia.org/wiki/Ubuntu_One says that Ubuntu one can sync evolution contacts and tomboy notes
[18:09] <zastaph> its starting to look like an exchange solution
[18:10] <thefinn93> would this be the appropriate place to ask about some apache related permissions issues that have been stumping me all morning
[18:11] <ersi> zastaph: Not really..
[18:11] <ersi> zastaph: It looks like a sync service
[18:11] <thefinn93> (and by all morning i mean since i got up 20 minutes ago)
[18:20] <zastaph> im looking for an exchange solution for ubuntu server also
[18:21] <zastaph> tried zimbra, but I lack knowledge of DNS and https://help.ubuntu.com/community/BIND9ServerHowto is complicated
[18:58] <RoyK> zastaph: use a dns solution from you provider - most have web-based dns things
[18:59] <RoyK> which are simple and easy to understand
[18:59] <zastaph> in my router?
[18:59] <RoyK> all you need is a an A record for the host and an MX record to point to that mail server
[19:00] <RoyK> no, for the domain to which you're planning to serve mail
[19:05] <zastaph> ohh.. but for now im just playing with dyndns and testing
[19:05] <zastaph> so i presume I need bind on my ubuntu-server
[19:07] <RoyK> not really
[19:08] <RoyK> you need a dns server somewhere out there to point to your MX, being the machine that should receive mail
[19:08] <RoyK> I guess dyndns can do that for you just fine
[19:08] <RoyK> no need for a local Bind server
[19:08] <zastaph> dyndns.com free allows you to input an MX Hostname, but I have no clue what to input
[19:08] <zastaph> if I register foo.dyndns.org what do I put in MX Hostname ?
[19:09] <smoser> zul, i suppose you're toing to upload nova soon ?
[19:09] <RoyK> if your machine is called foo, and listens to SMTP, that's your MX
[19:09] <RoyK> typically, the zimbra server will be your M
[19:09] <zul> smoser: yeah the only thing blocking me is the chown stuff
[19:09] <RoyK> X
[19:09] <zul> smoser: and testing as well
[19:11] <zastaph> RoyK, if I type foo in MX Hostname I get Please enter a valid hostname for email delivery, if I type mail.foo.dyndns.org I get MX should resolve to A or AAAA record
[19:11] <zul> Daviey: ping with the console.ring stuff do we have to change the default nova.conf?
[19:12] <RoyK> zastaph: create record an A or AAAA record for your (zimbra?) host and use that record as MX
[19:13] <zastaph> only question is how :) im not good with DNS
[19:13] <RoyK> use dyndns
[19:13] <RoyK> zastaph: typically, you have one or two MX records for a domain
[19:14] <RoyK> try dig mx karlsbakk.net
[19:14] <RoyK> it'll show you which machines services email to my domain
[19:14] <RoyK> MX == mail exchange
[19:14] <zastaph> I am using dyndns, i am in the process of creating a name .. but the MX hostname is in the same form
[19:14] <RoyK> do you have a domain registered?
[19:15] <zastaph> no, thats what im trying to do
[19:15] <RoyK> if so, that's registered at some dns server
[19:15] <RoyK> zastaph: have you registered something.com?
[19:15] <zastaph> nop
[19:15] <zastaph> which is why I need to use dyndns for now
[19:15] <RoyK> well, begin with that
[19:15] <zul> jamespage: can you update your chown branch please
[19:15] <zastaph> now that requires payment and thought process :)
[19:16] <zastaph> would it help if I register foo.dyndns.org first and afterwards edit the MX Hostname?
[19:17] <RoyK> zastaph: yeah, from joker.com, it costs some $7.20 for .com
[19:17] <RoyK> quite a lot of money.......
[19:17] <zastaph> ah it says in form "I have mail server with another name..."
[19:17] <jamespage> zul: just reminding myself of what needs to be done to it
[19:18] <zastaph> thought it was for the domain i was just making
[19:18] <smoser> jamespage, zul
[19:18] <smoser> i talked to soren yesterday.
[19:18] <smoser> he was not expecting that to on upgrade.
[19:19] <RoyK> zastaph: standard procedure is, when sending email, is "do an mx record for something.tld, contact the highest priority MX (lowest number), send
[19:19] <smoser> the difficulty with this, is if we make it only run on upgrade, then we have to selectively fix the things that would be broken (nogroup or root ownership)
[19:19] <zastaph> RoyK, I actually just want to test Zimbra on ubuntu-server, and Zimbra complains during installation that I have no MX record or something.. but if I could test it only on LAN i would be ok
[19:20] <smoser> at this point i think its probably just best to take jamespage's branch as it is right now.
[19:20] <zul> smoser: okies will do
[19:20] <zul> im getting patch conflicts with my patch and robie's patch right now though
[19:21] <smoser> ah. ok.
[19:21] <zul> will let you know
[19:47] <jamespage> smoser: so do I need to update to only change files with group ownership of root or nogroup?
[19:48] <smoser> i think the right fix is to do nothing on upgrade
[19:49] <smoser> except when we're coming from a broken version
[19:49] <smoser> so maybe if version < current-right-now-archive-version:
[19:50] <jamespage> Daviey: branch proposed for dovecot-metadata-plugin - builds OK and looks similar to that already in the archive
[19:50] <smoser>  find -group nogroup || -group root && chown
[19:50] <smoser>  of course avoiding lxc mounts
[19:50] <smoser> but doing that scares me because we've always done this before.
[19:51] <RoyK> zastaph: just remember that zimbra should be installed on a dedicated computer. it uses a full set of preconfigured packages, and can't be easily installed to use standard mysql/postfix/etc
[19:51] <RoyK> zastaph: so you'd probably be better off with a VM
[19:51] <RoyK> that's what I use
[19:51] <zastaph> yes thats the plan
[19:51] <zastaph> do you use zimbra too?
[19:52] <RoyK> yeah
[19:52] <zastaph> i was able to create an MX hostname on the second dyndns i created (to the first)
[19:54] <RoyK> zastaph: try to read up about how dns works
[19:54] <RoyK> it's not that hard
[19:54] <zastaph> yeah i know the basics, but getting it set up in ubuntu so that zimbra understands it is not that easy, and is hard to find a recent step by step guide
[19:55] <RoyK> zimbra doesn't need to understand dns
[19:55] <RoyK> the Net needs to know where to send email so that it reaches your zimbra server
[19:55] <RoyK> that's what DNS is about
[19:55] <zastaph> ok but it complains during ./install.sh because something was not setup right, and I dont know where
[19:55] <RoyK> zimbra doesn't give a shit
[19:56] <RoyK> never mind that
[19:56] <RoyK> that installation is a bit paranoid
[19:57] <RoyK> the only important parts are 1: your server must be open to receive SMTP and 2: there must be an MX pointing to that address
[19:57] <zastaph> oh it says i need to login as root when running install i didnt do that last time
[19:58] <RoyK> just sudo ./install
[19:58] <RoyK> bbiab
[20:05] <axisys> do I need oracle support to install/use http://packages.ubuntu.com/lucid/ksplice ?
[20:18] <RoyK> axisys: why would you?
[20:19] <axisys> RoyK: aparently I do for the key.. I had a long talk with jesstess on #ksplice
[20:19] <axisys> anyone who were using ksplice before oracle bought them are safe
[20:20] <RoyK> there'll be a fork soon, or so we all hope
[20:20] <RoyK> it's GPL after all
[20:20] <axisys> https://github.com/CentOS/ksplice <--
[20:20] <axisys> may be one for ubuntu
[20:25] <RoyK> afaics ksplice is in ubuntu 11.04
[20:25] <RoyK> prolly not in 10.04 though
[20:26] <RoyK> well, it's in 10.04 as well
[20:26] <RoyK> apt-get install .....
[20:45] <zul> smoser: so you are ok with this? https://code.launchpad.net/~james-page/nova/fix-lxc-and-primary-group/+merge/77308
[20:46] <smoser> what is $ on fresh install ?
[20:46] <smoser> $2
[20:47] <soren> ""
[20:47] <soren> Or unset, rather.
[20:48] <axisys> RoyK: but you will need a key, no ?
[20:48] <smoser> so then we at least have to quote that $2
[20:48] <axisys> RoyK: i will try on a VM
[20:48] <smoser> as it is right now, it wont run on first install, right?
[20:49] <smoser> - if dpkg --compare-versions $2 lt "2011.3-0ubuntu4"; then
[20:50] <smoser> + if [ -z "$2" ] || dpkg --compare-versions "$2" lt "2011.3-0ubuntu4"; then
[20:50] <smoser> or maybe
[20:50] <smoser> + if [ -z "$2" ]; then
[20:50] <soren> lt treats an empty version as earlier than any version.
[20:50] <smoser> yes, but its not quoted
[20:50] <smoser> so it will just end in dpkg error
[20:50] <smoser> which is false, and wont do it
[20:50] <soren> Sorry, $2 is "".
[20:50] <jamespage> so how about I quote it then
[20:51] <soren> But I'd quote it anyways.
[20:51] <soren> Just to be sure.
[20:52] <soren> Debian Policy isn't completely unambiguous on the subject.
[20:52] <smoser> soren, what do you mean it is ""
[20:52] <soren> smoser: And empty string.
[20:52] <smoser> right.
[20:52] <smoser> so it has to be quoted
[20:52] <soren> s/and/an/, obviously.
[20:52] <soren> No.
[20:52] <smoser> yes
[20:52] <soren> Er.r.
[20:52] <smoser> or shell passes nothing there.
[20:52] <soren> Yes.
[20:52] <soren> Right.
[20:53] <smoser>  dpkg --compare-versions lt "2011.3-0ubuntu4"
[20:53] <smoser> !=
[20:53] <soren> Right.
[20:53] <smoser>  dpkg --compare-versions "" lt "2011.3-0ubuntu4"
[20:53] <smoser> the first is bad input to dpkg
[20:53] <soren> Yeah.
[20:54] <smoser> so that would be false, so it doesn't take that 'if' code, and odes nothing on first install.
[20:54] <smoser> which is not what we wnat. on first install, you *were* doing a chown. so we should continue to do that i think.
[20:56] <jamespage> smoser: it will run on first install
[20:57] <smoser> damn you!
[20:57] <smoser> you can't add quotes in the middle
[20:57] <smoser> :)
[20:57] <smoser> my loaded page did not have the ""
[20:57] <smoser> so yes, that will run on first install.
[20:58] <smoser> so yes, assuming the find syntax is good, i approve of that.
[20:58] <smoser> but i admit to messing up find syntax more than once in my life
[20:58] <jamespage> I did a quick test  - looked OK to me
[20:59] <jamespage> ignores anything that is not nova:root or nova:nogroup
[21:01] <zul> jamespage: so if i merge the branch it should be kosher right?
[21:01] <jamespage> zul: I reckon so
[21:02] <zul> jamespage: ok ill pull it later tonight
[21:02] <jamespage> gre8t
[21:05] <Daviey> it's all going to go wrong, you'll see.
[21:06] <jamespage> always appreciate review of find syntax - as smoser says easy to get wrong
[21:06] <Daviey> find has so many different options.
[21:09] <jamespage> Daviey: did you see my ping re dovecot-metadata-plugin
[21:10] <Daviey> jamespage: no
[21:10] <Daviey> got it
[21:10] <jamespage> Daviey: ah - new upstream release prepared - I have no idea how to test
[21:10] <jamespage> and can't upload
[21:11] <jamespage> ah - doko has already had a look
[21:12] <Daviey> jamespage: how much confidence do you have with it?
[21:12] <jamespage> it builds, it produces pretty much the same .so's as the previous version of the package
[21:13] <jamespage> it appears to be actively maintained and formally released alongside dovecot
[21:15] <jamespage> Daviey, more confident it will work that whats currently in the archive
[21:16] <Daviey> jamespage: I really do wish launchpad had a 'sponsor into archive' button
[21:16] <jamespage> Daviey: that would be a nice feature
[21:16] <Ursinha> Daviey, https://launchpad.net/launchpad/+filebug
[21:16] <Ursinha> :)
[21:17] <Daviey> Ursinha: I can't be bothered to build a package, do you think i can be so to raise a bug?
[21:18] <jamespage> Daviey: http://www.dovecot.org/list/dovecot/2011-June/059630.html
[21:18] <jamespage> think we can probably put some faith in it
[21:18] <Ursinha> Daviey, there's no need to be rude, man, I'm just giving you a hint that filing a bug is what you need to do to have new features in Launchpad :)
[21:19] <Daviey> Ursinha: Oh sorry, i didn't mean to come across like that.
[21:19] <Daviey> I should have thrown on a smiley
[21:19] <jamespage> what happened to build from branch anyways?
[21:20] <Daviey> Still on the roadmap aiui
[21:20] <adam_g> hmm. when the hell did /var/log/nova/* become world readable?
[21:20] <Daviey> adam_g: I *think* it always has been
[21:20] <jamespage> ditto what Daviey said
[21:20] <adam_g> really? ive always been in the habbit of sudo'ing to read them i guess
[21:21] <Daviey> It's not the only log file which is like that, mail.log is another
[21:21] <Daviey> syslog
[21:21] <adam_g> http://paste.ubuntu.com/699337/
[21:21] <Daviey> *awesome*
[21:22] <Daviey> adam_g: You suck at picking passwords btw.
[21:22] <adam_g> Daviey: i was just confirming the issue :)
[21:23] <adam_g> FWIW, that stuff is only logged with '--verbose' set in nova.conf.. which is enabled by default
[21:23] <Daviey> adam_g: I know, i know.. I saw the password you picked for mysql.. :)
[21:55] <Daviey> RoAkSoAx: Are you going to have time to look at a cobbler enablement of cobbler-enlist whilst sprinting?
[21:58] <Daviey> RoAkSoAx: If you are, aadding "anna/choose_modules=cobbler-enlist-udeb" to the kernel APPEND line should be enough to invoke it
[21:59] <Daviey> kirkland: I don't suppose you have had a chance to smoke the openstack dashboard?
[21:59] <kirkland> Daviey: smoke test it?
[21:59] <Daviey> (If so, django-mailer is a missing dep - which has been baking in the source NEW queue.)
[21:59] <kirkland> Daviey: sadly, we haven't gotten to it
[21:59] <kirkland> Daviey: i'll take a look, though at the queue if you like
[22:00] <Daviey> kirkland: err, yeah - smoke test.. certainly not smoke crack.
[22:00] <kirkland> Daviey: i know from experience now that keystone is non-functional :-(
[22:00] <Daviey> cool
[22:00] <Daviey> kirkland: A total brick?
[22:03] <kirkland> Daviey: completely non-functional
[22:03] <RoAkSoAx> Daviey: I hope so tomorrow
[22:05] <adam_g> Daviey: from what ive read, keystone is now a requirement of dashboard
[22:05] <Daviey> kirkland: I imagine just trying to work out how the hell it fits together is less than fun, last i looked the docs were weak
[22:05] <Daviey> adam_g: yah
[22:05] <adam_g> tho im not sure the package we have in the archive was snapshotted before or after that requirement was introduced
[22:05] <Daviey> RoAkSoAx: awesome
[22:05] <Daviey> adam_g: I'm pretty sure it's after
[22:30] <zul> adam_g: ill merge your swift branch tonight
[22:41] <zul> Daviey/adam_g: so for the logfile thing there is gflag a called logfile_mode but its not set anywhere by default and its only used in nova/log.py for:
[22:41] <zul>                 st = os.stat(self.logpath)
[22:41] <zul>                 if st.st_mode != (stat.S_IFREG | FLAGS.logfile_mode):
[22:41] <zul>                     os.chmod(self.logpath, FLAGS.logfile_mode)
[22:45] <adam_g> zul: ill look into that. what about just 'chmod 700 /var/log/nova' in postinst?
[22:45] <adam_g> same problem in glance btw (also with glance config files)
[22:47] <zul> adam_g: yeah as a work around  wouldnt 600 be better though? i still think the nova is doing it wrong though, im worried about it changing after you restart nova-compute or something
[22:49] <adam_g> zul: ill see if logfile_mode works. if so, we should just add that to nova.conf by default.
[22:49] <zul> adam_g: agreed
[22:55] <Daviey> adam_g: when the log files are rotate, what will happen if it's just chmodded?
[22:55] <Daviey> adam_g: if you are investigating those, can you assign yourself please?
[22:56] <adam_g> Daviey: yeah, gonna take a look at it in a bit
[22:57] <Daviey> adam_g: awesome
[23:04] <zul> Daviey: ill try to get a fix upstream as well
[23:14] <Daviey> zul: rocking
[23:15] <Daviey> it's all starting to come together
[23:15] <Daviey> which is handy, now we are in Final Freeze
[23:36] <rmk> Hi.  Is multicast blocked by default on 11.04?
[23:45] <rmk> One of you 300 people has to know?
[23:54] <qman__> rmk, nothing is blocked by default
[23:54] <rmk> ok thanks
[23:54] <qman__> the firewall is an accept all policy with no rules
[23:55] <qman__> there may be a kernel setting preventing something you're doing from working, though
[23:55] <qman__> review them in /etc/default/sysctl IIRC
[23:57] <soren> Those are only the overrides. The kernel has its own defaults.