[00:09] <TheEvilPhoenix> in /etc/hosts, if I want to define 6 sites to point to 127.0.0.1, can i define the hostnames to bind to that address all on one line rather than have multiple lines containing 127.0.0.1   <host>   ?
[00:10] <lynxman> TheEvilPhoenix: yeah, just write one hostname after the other separated by a space, should be good
[00:41] <iggi_> Hello, does anyone know how I can find out what is spawning a perl process? is there logs somewhere?
[00:44] <xranby> iggi_: try pstree
[00:44] <xranby> it can give you an indication on which process started the perl process
[00:46] <qman__> ps ax can give you the command used to invoke it
[01:33] <iggi_> xranby, It only runs for a split second though
[01:34] <iggi_> same thing qman__, it runs for 1-2 seconds, enough to show up on top then dissapears
[01:34] <iggi_> the problem is I run a voice chat server on it, so it runs just enough to cause fragmentation
[01:43] <xranby> iggi_: try raise the priority on your voice chat program
[01:44] <xranby> iggi_: renice -n -1 -p chatserverprocessidhere
[01:46] <iggi_> xranby, It's already at -19
[01:46] <iggi_> still happens
[01:53] <Emiliano008> ##opensource-es
[03:14] <panfist> if there is a network share in my fstab file that's unavailable when my server reboots, the server never finishes booting
[03:14] <panfist> mountall fails and it just stops the boot sequence
[03:15] <panfist> is it possible to get it to just skip mounting those drives and move on?
[03:16] <twb> add noauto to the fstab?
[03:16] <twb> This must have gotten worse in the latest release, because while *I* encountered in under lucid, nobody else complained until this week
[03:17] <panfist> this is on lucid hah
[03:17] <twb> There's also some bullshit undocumented additional option like "bootwait" but it wasn't working for me
[03:18] <twb> RTFS mountall I think it's mentioned in a C comment
[03:19] <panfist> noauto would certainly work, but ideally i'd like it to try to mount, but not blow up if its unavailable
[03:21] <twb> Good luck with that
[05:49] <air_> howdy.
[05:50] <air_> my ubuntu 11.10 is spamming the syslog with 'ntop[1238]:   **WARNING** packet truncated'
[05:50] <air_> It seems it doesn't matter, but anyone have an idea on how to disable the logging?
[05:51] <air_> it's logging when I stream a movie over NFS.
[05:52] <twb> air_: stop ntop, then?
[05:56] <air_> twb: oh. it's too early for me. why didn't I look into that right away.
[05:56] <air_> twb: thanks, I'll see if it's needed or if I can just shut it down.
[05:59] <twb> It's not needed
[05:59] <twb> It's a diagnostic tool
[05:59] <twb> Probably someone started it and forgot to stop it
[06:00] <greppy> twb: it can also be a network monitor
[06:14] <_ruben> ntop usualy is meant to be running 24/7 .. collecting data over time and all that .. whether or not it is needed is up to the admin of the box ;)
[06:30] <twb> _ruben: oh, OK
[06:30] <twb> I assumed you only used it when there was a problem
[06:30] <twb> Like top
[06:30] <twb> For long-term stats I would be using something rrd-flavoured like collectd, but whatever
[06:31] <_ruben> ntop is rrd-flavoured
[06:31] <twb> ooooh
[06:31] <twb> I must be thinking of something entirely different then
[06:31] <twb> Probably iftop
[06:31] <_ruben> ;)
[06:31] <twb> Yeah, ntop isn't even ncurses based
[06:32] <_ruben> its web indeed
[06:32] <twb> web is for little girls
[06:32] <_ruben> and managers
[06:32] <twb> Same thing
[06:32] <twb> They are always coming around to my desk asking me to deploy invisible pink ponies
[06:33] <_ruben> hehe :)
[06:33] <twb> Just this very hour, they asked for wordpress
[06:34] <twb> And I said "no, you can keep using m4 and make.  httpd is not going to be running an embedded interpreter"
[06:34] <Takyoji> invisible pink unicorn. :P
[06:34] <twb> Takyoji: it was a melange of that an "I want a pony"
[06:34] <Takyoji> ahh
[06:36] <Takyoji> No fire-breathing pony? http://www.youtube.com/watch?v=lqhL-_86LOQ&t=3m32s :P
[06:37] <twb> NFI, I don't do idiot box
[06:50] <RudyValencia> How do I setup a local cache to install from (using a PXE server)?
[06:50] <RudyValencia> er, a local apt cache
[06:51] <twb> debmirror or apt-mirror
[06:51] <RudyValencia> but then I have to download a whole repository
[06:51] <twb> But installs only load the bootloader, kernel and ramdisk via PXE.  The rest comes from HTTP or similar.
[06:51] <twb> RudyValencia: no, debmirror at least allows you to mirror subsets of the repo
[06:51] <RudyValencia> Oh? I can just mirror enough of it to install the base client system over the network?
[06:52] <twb> Should be possible
[06:53] <twb> debmirror --method rsync --host mirror.internode.on.net --arch amd64 --nosource --diff=none --host ftp.debian-ports.org --root debian --section main --dist unstable,unreleased --limit-priority='required|important|standard' --include=insserv /srv/apt/debian-ports
[06:54] <twb> That only downloads 220MB, for example
[06:54] <RudyValencia> but then I have to set up my HTTP server to serve those packages mirrored, don't I?
[06:54] <twb> Yes, but that's trivial
[06:54] <RudyValencia> There was one I used to use called "approx"
[06:54] <twb> apt-get install busybox-static; busybox httpd -p 8080 -d /srv/apt
[06:54] <twb> approx and other "caching" proxies are flaky crap
[06:55] <twb> I have had nothing but pain from them
[06:55] <RudyValencia> but deb-mirror doesn't update the files with new versions, it's only a snapshot of the version in time
[06:55] <twb> I cannot comment on apt-cacher-ng -- I haven't tried that one
[06:55] <twb> RudyValencia: uh, just run debmirror again each morning
[06:55] <RudyValencia> I could probably set up a vhost on my server pointing to the install CD
[06:56] <twb> If you've already got a CD then don't bother with any of that
[06:56] <twb> Just export the CD
[06:56] <RudyValencia> (then all the client needs is an update)
[06:56] <RudyValencia> Oh, cp /path/to/cd/* /path/to/vhost/ubuntu ?
[06:56] <RudyValencia> well, cp -a actually
[06:57] <twb> More like mount /dev/sr0 /mnt/delete-me && busybox httpd -d /mnt/delete-me -p 8080
[06:57] <twb> Don't see why you'd bother copying stuff
[06:57] <RudyValencia> I don't want to always keep the CD in the drive because the server would boot off it and that would delay reboots
[06:57] <RudyValencia> and I already have an HTTP server set up
[06:57] <twb> Well, whatever
[06:58] <RudyValencia> (this is my personal fileserver/test Web services server
[06:58] <twb> It'll be a subdir of the CD tho, something like pool/
[06:58] <twb> Although last time I looked some of the newer CDs did silly things to save space, so you might not be able to do that anymore, they might not HAVE any .debs in their pool except for a couple of drivers
[06:58] <twb> server CD is probably still OK, assuming you're doing minimal installs
[06:59] <RudyValencia> I'm using the LTS version
[07:00] <RudyValencia> and I am doing desktop installations
[07:00] <twb> NFI, then
[07:00] <twb> Desktop installs will need like 400MB of debs
[07:01] <RudyValencia> hm, is there a way to download that entire set of files
[07:01] <twb> Assuming you can afford the one-off up-front download, and the ongoing disk space consumption, debmirror is definitely the easiest way to do it IMO
[07:01] <RudyValencia> I would rather store the files than have to redownload them on every install
[07:01] <twb> RudyValencia: well, there will be jigdo files somewhere that list what .deb and .udeb files are on the "alternate" CD
[07:01] <RudyValencia> (only downloading a "delta" to the latest versions)
[07:02] <twb> You can't have that "delta" business
[07:02] <RudyValencia> oh
[07:02] <twb> apt archives aren't set up that way
[07:02] <RudyValencia> darn
[07:02] <RudyValencia> hm
[07:02] <RudyValencia> hm, I'll read up on apt-cacher-ng
[07:03] <twb> IIRC there is a script that you're supposed to use if you're an ISP and you want to be a direct mirror of cdimage.debian.org, and that might do deltas, but it's not actually maintained as a package in debian, so I've never looked
[07:03] <RudyValencia> apt-cacher-ng might be a better, more serviceable replacement for approx
[07:03] <twb> Basically you'd need a smart client that can parse Packages and mv files then talk rsync to the upstream archive to --in-place get them
[07:04] <twb> Allegedly -ng is better than the other cachers, but just doing a partial mirror is more reliable
[07:04] <RudyValencia> well, I was thinking of just using the server for the initial install, then dropping a sources.list that connects to an outside APT repository after first boot
[07:05] <twb> Sure
[07:05] <RudyValencia> (preferably mirror.anl.gov in the US here as it has the best bandwidth
[07:05] <RudyValencia> That's what I meant by "delta"
[07:05] <twb> What I usually do is set up http://apt for the install and leave it as the default mirror, and use a mirror:// entry as a fallback in case the host moves offsite
[07:05] <twb> It'll noisily, but automatically, fail over to the mirror
[07:06] <RudyValencia> I keep copies of the ISO on hand
[07:25] <jamespage> Daviey: looking now
[07:46] <lynxman> morning o/
[07:48] <jamespage> morning lynxman
[07:48] <jamespage> how are you on this fine day?
[07:48] <lynxman> jamespage: top of the morning ;)
[07:48] <lynxman> jamespage: enjoying the sunny day, hehe :) you?
[07:48] <jamespage> lol
[07:48] <jamespage> I *need* to be in Orlando
[07:48] <lynxman> jamespage: I reckon it'll be rainy next week :/ although I don't think it's the same kind of rainy
[07:49] <jamespage> bah
[07:49] <jamespage> I can do warm rainy
[07:49] <jamespage> its cold rainy that I don't like
[07:49] <lynxman> jamespage: I'm okay with cold rainy, windy sideways rainy is a bit annoying though
[07:51] <jamespage> lynxman: have you tried out mcollective with the activemq packaging that landed last release?
[07:51] <lynxman> jamespage: I'm on that today
[07:51] <jamespage> lynxman: good - I'm just looking at the FTBFS on the latest debian version
[07:52] <lynxman> jamespage: :)
[07:52] <jamespage> A new version also landed in Debian unstable in the last couple of days
[07:53] <lynxman> jamespage: interesting :)
[07:53] <jamespage> lynxman: any use for you - http://packages.debian.org/changelogs/pool/main/a/activemq/current/changelog ?
[07:55] <lynxman> jamespage: the -4 is acually a good one
[07:55] <lynxman> jamespage: need to do some heavy testing today though :)
[07:58] <jamespage> Daviey: that tomcat bug relates to a feature that is not in the version in Lucid
[08:01] <Aison> quite bad :( after upgrading to oneiric my whole email system is down
[08:01] <Aison> somehow fetchmail is working, but I don't know if it's a problem of postfix
[08:04] <Aison> it looks like the mails go to /var/spool/mail
[08:04] <Aison> but then not to the user maildir
[08:40] <jamespage> Aison: could you provide a few more details about your email system?
[08:40] <jamespage> someone might have a similar setup and may be able to help
[08:41] <Aison> ok, I have got postfix installed with maildir in home Maildir/
[08:42] <Aison> fetchmail fetches the mails and deliver them to postfix
[08:42] <Aison> now the problem is, that new mails suddenly go to /var/spool/mail  and /var/mail  instead to /home/[user]/Maildir
[08:44] <Aison> postconf shows that the config is right: home_mailbox = Maildir/
[09:07] <afuentes> hi, im thinking about removing consolekit in all my servers... Can this do any damage? i noticed it tries to remove dbus as well. Is not used at all by the server?
[09:24] <ersi> afuentes: I don't think that is a good idea. If I'm not mistaken, consolekit is used pretty much at a lot of levels you quite possibly don't want to redesign
[09:27] <afuentes> ersi can you give me an example?
[09:27] <afuentes> i read this "In short, the goal of ConsoleKit is to give elevated, but controlled, privileges to the person sitting at the physical computer."
[09:27] <afuentes> i dont know what i want that for
[09:27] <afuentes> i dont even admin these servers physically
[09:28] <afuentes> they are virtual machines
[09:28] <onre> i don't have it installed on my virtual servers.
[09:32] <ersi> afuentes: Unfortunally not, I would of course do so if I could :)
[09:32] <ersi> afuentes: Well, hm - does look like you don't need it then.. seems that onre does without it
[09:42] <afuentes> onre do you have lot of servers?
[09:42] <afuentes> and services?
[09:42] <afuentes> just to know how probable is to break something without it
[09:43] <afuentes> because it removes dbus as well
[09:44] <lynxman> afuentes: I would not remove it, although if it really bothers you remove it and see if everything keeps working as you expect :)
[09:44] <lynxman> afuentes: vamos, que pruebes y ya esta, hehe
[09:45] <afuentes> well, it seems the process of console kit are always busy, and sometimes is mayor load i have on the servers
[09:45] <afuentes> i goggle a little about it, and i was not able to draw a conclusion
[09:45] <afuentes> but it does not seem to do anything very useful
[09:47] <ersi> I'd suggest trying this in a test environment, so that you do not break any production services.
[09:48] <ersi> Just a friendly cautionary tip
[09:49] <afuentes> ersi i already did it on test enviroment, nothing seems broken so far, but its hard to tell when you have so many services
[09:49] <lynxman> hmm maybe also just kill ConsoleKit and see if something breaks, if not you don't really need it
[09:50] <afuentes> xD
[09:51] <afuentes> maybe i should make an script that do that on every process and reboot the server when something die, just to clean up
[10:05] <linocisco> where could I find ubuntu-server training videos for free rather than a few specific I found on youtube??
[10:11] <soren> Daviey: Where is the packaging branch for openstack stuff for Oneiric?
[10:16] <koolhead17> hi all
[10:20] <Daviey> soren: for oneiric?  That has reverted to normal UDD, no?
[10:21] <Daviey> soren: lp:~openstack-ubuntu-packagers/nova/ubuntu is for essex.
[10:22] <Daviey> rbasak: How is cobbler looking?
[10:33] <lynxman> Daviey: small question for you
[10:33] <lynxman> Daviey: If I read this correctly
[10:33] <lynxman> Daviey: ruby-stomp | libstomp-ruby1.8 (>= 1.1.5)
[10:33] <lynxman> Daviey: means ruby-stomp OR libstomp-ruby1.8 right?
[10:33] <lynxman> Daviey: if we sync from upstream (since we don't have ruby-stomp) this should be okay anyway right? Not enough reason for a merge I reckon
[10:36] <Daviey> lynxman: If that is the only thing concerning you, i'd like to do a sync regardless to close the delta and then fix anything afterwards.
[10:36] <lynxman> Daviey: talking about puppet here :)
[10:36] <lynxman> Daviey: mcollective is next, that won't be that easy
[10:36] <lynxman> Daviey: puppet 2.7.6 from sid
[10:38] <Daviey> lynxman: kinda odd that ruby-stomp doesn't exist in Ubuntu, and libstomp-ruby1.8 is universe.
[10:40] <lynxman> Daviey: a little bit innit
[10:40] <jpds>  /sbin/init
[10:40] <soren> Daviey: I don't know, that's why I'm asking :)
[10:40] <Daviey> kill -9 0
[10:41] <soren> 0?
[10:41] <soren> What's pid 0?
[10:41] <lynxman> soren: the pid that cannot be divided :)
[10:41] <soren> lynxman: I'm not sure that helps :)
[10:41] <lynxman> lol
[10:44]  * patdk-lap wants pid -1
[10:45] <soren> Daviey: Ok, so just to clarify: lp:ubuntu/oneiric-proposed/nova is where we apply changes we want to eventually land in -proposed (and -updates, of course). And we use LP merge props to get changes on there?
[10:49] <soren> patdk-lap: Sorry, it's not for sale.
[10:49] <Ursinha> good morning people
[10:51] <Daviey> soren: Yes, that is the plan.. If you want to UDD it.. The other option is to just upload to -proposed and let the package importer do it's thang
[10:52] <Daviey> soren: Ah
[10:52] <Daviey> soren: This is where UDD ucks.
[10:52] <Daviey> sucks.
[10:52] <Daviey> soren: In this instance you want to base on -updates.. as there was a security update which overwrote a verification-failed nova sru, which is currently tip of -proposed.
[10:54]  * koolhead11 cannot access anything today :(
[10:54] <koolhead11> zul: hey
[10:55] <soren> Daviey: That was actually why I wanted to know: So that I could reconcile those branches.
[10:56] <lynxman> koolhead11: ello koolhead(11|17)
[10:56] <koolhead11> lynxman: hey there.
[10:57] <lynxman> oh oh, I know that bug
[11:00] <koolhead17> hey Daviey
[11:03] <Daviey> hey koolhead17
[11:03] <Daviey> soren: Yeah, TBH, i think the easier way to do this is to just upload and let the package import do it's thang.
[11:04] <Daviey> UDD fail.
[11:04] <soren> This time it actually seems pretty easy.
[11:04] <soren> I do remember these pains from earlier times, though.
[11:04] <Daviey> :(
[11:05] <soren> IIRC, there's a flag we can set in debian/source that makes it so that the patches aren't applied, which makes it quite a bit easier to deal with 3.0 (quilt) format packages.
[11:06] <soren> Daviey: Yeah, debian/source/options: --skip-patches
[11:06] <Daviey> soren: Yeah, i think that shoudl be system wide TBH
[11:07] <soren> I'm not sure I agree, but meh.
[11:07] <Daviey> Reviewing .pc's is awesome.
[11:13] <soren> zul: Do you not use dch to add changelog entries?
[11:13] <onre> afuentes, tens of both.
[11:14] <afuentes> onre, whats both?
[11:15] <koolhead17> Daviey: am reopening https://bugs.launchpad.net/ubuntu/oneiric/+source/keystone/+bug/878282
[11:15] <onre> tens of servers running tens of services :p consolekit is related to access to physical keyboard + mouse, so you really do not need it on virtual servers.
[11:15] <koolhead17> i have allready commented on the same. i don`t see it changed
[11:18] <Daviey> koolhead17: ugh
[11:18] <Daviey> koolhead17: Is this a fresh install?
[11:19] <koolhead17> Daviey: i just installed keystone few minutes back . yes
[11:20] <koolhead17> i even did an apt-get upgrade to see if something has changed/new added
[11:21] <Daviey> koolhead17: can you apt-cache policy keystone ?
[11:22] <koolhead17> Daviey: http://paste.ubuntu.com/720583/
[11:23] <Daviey> koolhead17: you aren't installing the proposed package :)
[11:24] <Daviey> koolhead17: https://wiki.ubuntu.com/Testing/EnableProposed
[11:25] <koolhead17> Daviey: oops. k
[11:28] <Daviey> koolhead17: I'd be kinda suprised if it didn't work, http://launchpadlibrarian.net/83391386/keystone_1.0~d4~20110909.1108-0ubuntu3_1.0~d4~20110909.1108-0ubuntu3.1.diff.gz
[11:30] <znow> ive installed samba on my ubuntu server, but I cannot connect to it with a ftp program, ive set the samba.conf as shown in a tutorial, the ftp program says connection refused by server
[11:30] <koolhead17> Daviey: i see same old conf file.
[11:31] <Daviey> koolhead17: That is because you are not testing the -proposed package, but the package currently in the archive with the known isue
[11:31] <zul> morning
[11:31] <Daviey> koolhead17: the -proposed upload needs verification before it can be installed by everyone automagically.
[11:31] <Daviey> znow: erm, samba isn't an ftp server
[11:32] <koolhead17> Daviey: can you tell me what should i add in my apt-sources.list. to my horror am not able to open wiki.ubuntu.com. we have just moved to new floor with new VLAN and all stuff :(
[11:32] <znow> Daviey: oh yeah lol.... mixed it up... okay, what do I need to install to get ftp access to my server?
[11:32] <koolhead17> zul: good morning
[11:35] <Daviey> koolhead17: can you see pastebin?"
[11:35] <Daviey> koolhead17: http://pastebin.ubuntu.com/720589/
[11:36] <Daviey> !ftp | znow
[11:36] <koolhead17> yes. :)
[11:36] <Daviey> !ftpd | znow
[11:36] <Daviey> ubottu: you suck.
[11:36] <znow> Daviey: thank you
[11:36] <Daviey> znow: https://help.ubuntu.com/11.10/serverguide/C/ftp-server.html
[11:36] <zul> interesting vsftpd is not in that list
[11:37] <Daviey> 12:36 < ubottu> znow: FTP servers: ftpd, proftpd, pure-ftpd, twoftpd, *vsftpd*, MuddleFTPd,
[11:37] <lynxman> zul: morning :)
[11:37] <zul> doh...need more caffine
[11:37] <lynxman> zul: go get it ;)
[11:46] <SpamapS> 'morning chaps
[11:47] <koolhead17> morning SpamapS sir!! :)
[11:48] <koolhead17> Daviey: am closing it again. :( it  was my mistake :D
[11:48] <Daviey> koolhead17: don't change the status
[11:48] <Daviey> hey SpamapS
[11:50] <koolhead17> Daviey: ok. i left it to in progress. i will comment again and write that i checked it in proposed and it works. i hope that sloves it
[11:50] <Daviey> koolhead17: great
[11:55] <koolhead17> Daviey: as zul mentioned yesterday the admin port is changed to "35357" do you want me to file a bug for same and add patch for the same? Because i don`t see the same changed in proposed keystone package.
[11:57] <Daviey> koolhead17: it's not changed yet :/
[11:57] <Daviey> zul was kicking off a discussion with ~ubuntu-sru team to see if updating to final is ok.
[11:57]  * koolhead17 rechecks it
[12:02] <koolhead17> Daviey: http://paste.ubuntu.com/720613/  i have proposed package installed now. :D
[12:08] <Daviey> koolhead17: great, now dodn't touch the damn status :)
[12:08] <Daviey> don't*
[12:09] <koolhead17> Daviey: sir!! got it :P
[12:55] <Daviey> ivoks: Do you fancy taking the logwatch merge?
[12:55] <kirkland> tjaalton: okay, i've triaged that bug, trying to figure out the best way to solve it
[12:56] <tjaalton> kirkland: cool
[12:56] <kirkland> tjaalton: thanks for the logs
[12:56] <kirkland> tjaalton: i'll get you something you can test out shortly
[12:57] <Daviey> SpamapS: looks like moin needs a merge?
[12:57] <tjaalton> kirkland: great, thanks
[13:02] <Daviey> smoser: Are you merging nagios-plugins?
[13:06] <SpamapS> Daviey: yaaaay :-p
[13:13] <zul> Daviey: so we have a problem
[13:13] <zul> with keystone
[13:17] <zul> the final release added a new python dependency passlib which is not in the archive
[13:17] <lynxman> *soh*
[13:17] <lynxman> s/doh/
[13:24] <Daviey> zul: awesome
[13:25] <zul> Daviey: so i dont know and dont think you can add new packages after the fact
[13:28] <Daviey> zul: I'm not aware of any SRU's which have introduced new packages, but i'm not sure it's really any different.
[13:28] <zul> me either but i dont think it has been done beore
[13:29] <lynxman> zul: http://bit.ly/pa5ruL
[13:29] <zul> lynxman: not really :)
[13:32] <zul> Daviey: so i think we might be stuck
[13:32] <kirkland> tjaalton: aha
[13:33] <kirkland> tjaalton: your preseed has your encrypted password
[13:33] <kirkland> tjaalton: not a cleartext one, right?
[13:33] <kirkland> Oct 26 22:21:42 frontend: Adding [ID] -> [passwd/user-password-crypted]
[13:33] <kirkland> tjaalton: this means that ecryptfs does not have access to your cleartext password to wrap your generated mount passphrase
[13:33] <zul> Daviey: or we check to see how prevalent passlib and remove it
[13:33] <Daviey> zul: I can't believe keystone didn't declare this.
[13:34] <tjaalton> kirkland: yes
[13:34] <kirkland> tjaalton: okay
[13:34] <Daviey> zul: or, cherrypick part of passlib that is required?
[13:34]  * Daviey knows nothing abut passlib
[13:34] <tjaalton> kirkland: was wondering how the preseeding could even work :)
[13:34] <kirkland> tjaalton: it's going to take a gnarly hack to work around this one :-)
[13:34] <zul> Daviey: yeah im not entirely surprised either
[13:34] <kirkland> tjaalton: i can explain it to you, if you're interested
[13:35] <tjaalton> kirkland: hehe, give it a shot
[13:35] <kirkland> tjaalton: okay, so in all cases, a mount passphrase is randomly generated
[13:35] <Daviey> zul: ugh. it's not just one *.py.
[13:35] <kirkland> tjaalton: in some cases, we know the user's cleartext chosen password
[13:36] <zul> Daviey: yeah im looking at the git tree
[13:36] <kirkland> tjaalton: in those nice cases, we immediately wrap the random mount passphrase with the user's chosen passphrase
[13:36] <soren> Daviey, zul: There's nothing technical that would block adding a new package in -updates. It's all a matter of policy.
[13:36] <kirkland> tjaalton: but in other cases, we don't know the random mount passphrase
[13:36] <Daviey> soren: I thought that is what i said? no?
[13:36] <kirkland> tjaalton: so what we do is write it to /dev/shm/.ecryptfs-XXXXXX
[13:36] <zul> soren: right
[13:36] <kirkland> tjaalton: and chown it to the user, permed 4000
[13:36] <soren> Daviey: Was it? Maybe I missed that.
[13:36] <kirkland> tjaalton: make that 400
[13:36] <soren> Daviey: Sorry.
[13:37] <kirkland> tjaalton: this is a temporary write of a cleartext passphrase
[13:37] <Daviey> soren: The fact that the SRU policy is currently poorly documented is the issue :)
[13:37] <kirkland> tjaalton: done to memory, so that it doesn't leak to disk
[13:37] <kirkland> tjaalton: and for a bit, unix DAC permissions are all that protects it
[13:37] <kirkland> tjaalton: when the user first logs in, pam_ecryptfs looks for an appropriate file there
[13:37] <kirkland> tjaalton: owned by the user, perm'd correctly
[13:38] <kirkland> tjaalton: and if found, we do the passphrase wrapping immediately
[13:38] <kirkland> tjaalton: /dev/shm doesn't persist across reboots, of course
[13:38] <soren> Daviey: People adding dependencies to their code *way* past feature freeze is what the issue is.
[13:38] <soren> *stab*
[13:38] <kirkland> tjaalton: but we do have a safety net
[13:38] <Daviey> soren: yeah!
[13:38] <kirkland> tjaalton: we have a pair of ecryptfs upstart scripts, that copy those passphrase files from /dev/shm to /var/tmp and back to /dev/shm on boot and reboot
[13:38] <Daviey> soren: did you also see that the default port changed?
[13:39] <zul> soren: agreed! i want people to burst into flames
[13:39] <kirkland> tjaalton: however, it doesn't look like that that upstart script is being run on installer shutdown
[13:39] <kirkland> tjaalton: and hence, your bug
[13:40] <zul> Daviey: https://github.com/openstack/keystone/commit/011005cdc67dd8176160b74152ba86308921da3f
[13:40] <kirkland> tjaalton: so, what i need to do is put that generated passphrase in /var/tmp if we're in the installer
[13:40] <kirkland> tjaalton: and then on first boot, the ecryptfs upstart job will pick it up
[13:41] <tjaalton> kirkland: alrighty
[13:41] <soren> Daviey: oh, ffs. No.
[13:41] <zul> Daviey: problem with backing out that code...i dont know what else would break
[13:41] <kirkland> tjaalton: does that make sense to you?
[13:41] <kirkland> :-)
[13:42] <Daviey> soren: Yeah, between what we have in the archive and their late release, they switched the port.
[13:42] <Daviey> I feel dirty SRUing that TBH.
[13:42] <Daviey> ho hum
[13:42] <soren> Daviey: Change it back.
[13:43] <Daviey> soren: I dunno, either keep what we have in Oneiric already.. switch to the new port, or expose both.
[13:44] <tjaalton> kirkland: guess so. there's the short window of some user getting the passphrase between ecryptfs setup and first login though, right? rather theoretical though
[13:45] <kirkland> tjaalton: not "some user", but rather a "root user"
[13:45] <tjaalton> kirkland: right, exactly
[13:45] <kirkland> tjaalton: or a user with physical access to the system (can boot a recovery media)
[13:45] <tjaalton> kirkland: that
[13:45] <kirkland> tjaalton: but yes, small window is correct
[13:50] <zul> Daviey: so what do you think?
[13:51] <Daviey> zul: try it, certainly a conversation starter :)
[13:51] <Daviey> zul: get it in Precise first
[13:52] <zul> Daviey: oh i just uploaded passlib about 20 minutes ago thats what prompted this
[13:54] <Daviey> zul: ah
[13:54] <TheEvilPhoenix> is there a command I can use to kill -9 all running processes of a specific user without having to enter a ton of PIDs?
[13:55] <ivoks> Daviey: sure; i'll take a look at it
[13:55] <Daviey> ivoks: great
[13:55] <lynxman> TheEvilPhoenix: ps aux | grep ^username | awk '{print $2}' | xargs kill -9
[13:55] <ivoks> that reminds me... ne to re-apply for motu
[13:56] <zul> Daviey: i just want to get a new keystone in precise first
[15:28] <lynxman> zul: how do you feel today? Have space for another sync? :)
[15:29] <zul> lynxman: sure
[15:29] <lynxman> zul: #882616 is ready then, if you feel like it :)
[15:33] <kirkland> tjaalton: okay, cool, i reproduced the problem here, and confirmed the fix, whoop :-)
[15:33] <kirkland> tjaalton: won't land in 11.10, unfortunately, as it would require an ISO respin
[15:33] <kirkland> tjaalton: could sru and help with net installs, i suppose
[15:33] <kirkland> tjaalton: up to you to drive that SRU, if you want it
[15:33] <kirkland> tjaalton: patch is a trivial, one-liner
[15:47] <smoser> Daviey, i did not touch nor was planning on touching nagios-plugins. do you need me to ?
[15:48] <smoser> Daviey, i sru'd a new binary package to lucid
[15:49] <zul> smoser: so it can be done?
[15:49] <smoser> well, new binary != new source
[15:49] <smoser> i pulled grub-legacy-ec2 back to lucid for booting pv-grub.
[15:49] <zul> smoser: yeah im talking new binary and new source
[15:49] <smoser> back from maverick.
[15:50] <Daviey> smoser: Can i take great pleasure in telling you that you are wrong?
[15:50] <Daviey> https://launchpad.net/ubuntu/+source/nagios-plugins/1.4.15-4ubuntu1
[15:50] <Daviey> https://launchpad.net/ubuntu/+source/nagios-plugins/1.4.15-4ubuntu2
[15:50] <Daviey> smoser: I don't /need/ you to, but wanted to check if it was on your list - as touched-it-last?
[15:51] <smoser> i wasn't planning on it, but i'll do it.
[15:51] <smoser> since you were so nice about pointing out that i was wrong.
[15:52] <Daviey> smoser: I took no pleasure.
[15:53] <zul> sirens and everything
[15:53]  * zul lunches
[15:55] <scalability-junk> hey I want to resize /var which is mounted at /dev/vg0 I already extended the lvm with lvextend and I'm not sure now how to extend /var ,without loosing data. any help?
[15:55] <scalability-junk> thanks
[15:59] <smoser> Daviey, another opportunity to point out that I was wrong has presented itself very nicely to you on the openstack mailing list.
[15:59] <smoser> you should revel in that.
[15:59] <smoser> this doesn't happen very often.
[16:02] <Daviey> smoser: waaat?
[16:12] <tjaalton> kirkland: thanks! no need to sru, I'll be soon testing precise anyway :) (and can hack around it in early_command etc)
[16:12] <kirkland> tjaalton: thx
[16:13] <DrPoO> Hi, Im running 10.04 LTS and I always get a "System restart required" message when I log in, even after I restart. Any ideas as to where to start dealing with this issue?
[16:20] <smoser> i was wrong about keystone getting fixed in 11.10, Daviey
[16:21] <smoser> i even publicly admitted that i was the one who had led the kind fellow astray.
[16:29] <koolhead17> lynxman: wassup!!
[16:29] <lynxman> koolhead17: wassuuuup
[16:31] <koolhead17> lynxman: hehe!! #glance glance
[16:32] <lynxman> koolhead17: working in glance, having a bud? ;)
[16:33] <scalability-junk> mhh any idea on how to extend a ext4 partition on lvm? without loosing the data?
[16:33] <scalability-junk> I can't dismount /var cause it is in use
[16:35] <koolhead17> lynxman: :D
[16:36] <koolhead17> now i understood why CIO likes Websense so much.
[16:36] <lynxman> koolhead17: hehe :)
[16:52] <zul> smoser: dont worry we still love you
[16:53] <smoser> thats what i was trying to fix
[16:53] <smoser> ;)
[16:54] <lynxman> smoser: you're trying to fix love? you fool
[17:08] <koolhead17> lynxman: Love is no bug which needs patch!!  //o.0\\
[17:08] <lynxman> koolhead17: heh :)
[17:10]  * koolhead17 leaves for home.  laters!! 
[17:52] <scalability-junk> damn I can't get my ext4 partition to extend. lvm is already extended with lvextend, but resize2fs isn't working as i hoped.
[17:55] <kirkland> Daviey: is there a uds session around orchestra-enlist?
[17:58] <scalability-junk> any ideas?
[17:59] <kirkland> Daviey: playing with cobbler-enlist-udeb, not currently working for me
[18:04] <kirkland> Daviey: any logs on the cobbler side?
[18:04] <kirkland> Daviey: the installer's syslog is complaining about the xmlrpc response
[18:17] <hggdh> kirkland: set COBBLER_ENLIST_DEBUG on the environment -- it should print a bit more of data
[18:20] <Daviey> kirkland: it's either auth, or you are using a profile which doesn't exist, i would guess
[18:20] <kirkland> hmm
[18:22] <scalability-junk> strange when I try to use e2fsck and my partition is mountet it doesn'T work, cause it's not mounted. when I try it when it's not mounted, it tells me it doesn't work cause it's not mounted o0
[18:49] <Randolph> hi all
[18:53] <free99> hello everyone, I'm running an apache/php webserver on 11.04... I need to run an action as root when a script is called (specifically, make a directory and then change its permissions)
[18:53] <free99> but I'm having a problem with sudo in the php script
[18:54] <onre> ugh
[18:54] <onre> i would avoid doing that at all costs
[18:55] <free99> well, I tried to make it secure, I make sure the data is ok in php, and the only script that is run is an SUID that doesn't accept anything but the name of the directory (no slashes or any shellcode)
[18:55] <ersi> free99: That is, like onre just wrote, a huge security risk. Also, why can't you use PHPs mkdir()?
[18:55] <free99> I've added apache to sudoers.d to allow it to run only the specific command...
[18:56] <ersi> You should disable exec() what so ever in PHP in my honest opinion :|
[18:56] <free99> you mean I can use php to chmod and all that jazz, even though it's got to be in a root-owned directory?
[18:59] <ersi> No, you're F'ed in that regard
[18:59] <ersi> Why does it have to be owned by root?
[19:00] <free99> it's an NFS directory, I don't allow peers to move around beyond their directory
[19:00] <free99> I know I could do it with a different user I guess
[19:00] <free99> or, I think it's possible, but I'm not sure
[19:00] <ersi> Peers?
[19:01] <ersi> Still, why does it have to be owned by root?
[19:01] <ersi> Do you allow users to move around beyond their directory, if something is owned by root? :P
[19:02] <RoyK> http://a5.sphotos.ak.fbcdn.net/hphotos-ak-ash4/310886_10150412723325568_683210567_10574012_2305235_n.jpg
[19:05] <free99> well, they're home directories to be specific
[19:09] <ersi> Well, whatever you're trying to do - it sounds like a very bad idea security wise.
[19:11] <free99> well, it's pretty much an LDAP server, which I'm being forced to use as the NFS server as well, the administration is handled by a PHP ldap system, and I decided I would make the home directories for the users (populate with contents of skel, set ownership, etc)...
[19:11] <free99> and I had a sudo function within the php to handle that
[19:12] <free99> it worked fine for a while... but the server's been up for 30 days and suddenly it won't work... permission to chmod and everything is denied
[19:12] <free99> it can make a directory, as root oddle
[19:12] <free99> *oddly
[19:14] <free99> (sigh) what would be the right way to do this?
[19:21] <free99> what's weird is that if I sudo -u <username> -i, and then 'sudo' the command that I need, it works fine
[19:21] <free99> but if apache does it, access is denied
[19:22] <free99> oh, and <username> is the apache username
[19:28] <free99> let's just keep it simple: why did sudo stop working??
[19:28] <free99> I ran visudo -c -s and everything checked out ok
[19:33] <RoAkSoAx> SpamapS: howdy!! if you have a chance, could you rush the orchestra SRU please?
[19:34] <kirkland> SpamapS: +1 :-)
[19:38] <free99> please give me a few pointers with my sudo issue... I've disabled "requiretty" and like I said, everything was working until the last couple of days
[19:39] <genii-around> bad_fetus: Nay
[19:40] <free99> aha! I thought I'd fixed this issue with apparmor a while back, but it (mysteriously) cropped up again
[19:40] <free99> that's odd
[19:48] <adam_g> kirkland: make sure you're using the correct api endpoint url, ie http://some_host/cobbler_api (not cobbler_web)
[20:11] <SpamapS> RoAkSoAx: ack, will look at it a bit later
[20:11] <RoAkSoAx> SpamapS: awesome, thanks ;)
[20:29] <kirkland> adam_g: well, i was just using the ISO feature
[20:30] <adam_g> kirkland: i haven't tried that yet, but you still need to point it to a cobbler server, no?
[20:30] <kirkland> adam_g: hmm, i just asks for the ip address
[20:31] <kirkland> adam_g: hopefully it's adding the right url bits around that?
[20:31] <kirkland> adam_g: i can test that
[20:32] <Daviey> zul: How is bug 879853?
[20:32] <adam_g> kirkland: ohhh. havent tried from ISO. at the command line you specify the full URL
[20:32] <zul> Daviey: will upload it tonight
[20:32] <Daviey> kirkland: no, you need a ful url
[20:32] <kirkland> Daviey: oh -- that's it then
[20:32] <adam_g> kirkland: btw the cobbler-enlist blueprint i submitted got folded into cobbler next steps
[20:32] <kirkland> Daviey: that debconf question could be improved
[20:33] <Daviey> kirkland: it's not safe to be aware if it should be cobbler_api | cobbler_web or even just / ... or :$PORT
[20:33] <kirkland> adam_g: cool -- url?
[20:33] <Daviey> adam_g: that might be split up again
[20:33] <kirkland> Daviey: it'd be nice *just* to give an IP
[20:33] <Daviey> kirkland: yeah, aware oif that
[20:33] <kirkland> Daviey: and even nicer for orchestra to avahi-broadcast that it's out there :-)
[20:33] <kirkland> Daviey: a la UEC like
[20:34] <Daviey> kirkland: Well yeah, did think about that - but the model is different for security
[20:34] <adam_g> kirkland: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-cobbler-enlist
[20:34] <Daviey> Should orchestra server also publish the credentials over avahi?
[20:34] <Daviey> ! :)
[20:34] <kirkland> Daviey: nah, just photos of your mom
[20:34] <kirkland> Daviey: silly head
[20:35] <quentusrex> Anyone know why dovecot is started by init and by an upstart job?
[20:35] <Daviey> :o
[20:39] <RoAkSoAx> lol
[20:39] <quentusrex> I keep seeing these lines in my syslog: Oct 27 13:33:50 raven kernel: [513878.916485] init: dovecot main process (21202) terminated with status 89
[20:42] <RoAkSoAx> Daviey: u getting saturday to orlando?
[20:42] <RoAkSoAx> jamespage: lynxman u guys too?
[20:42] <Daviey> RoAkSoAx: yah
[20:43] <Daviey> RoAkSoAx: saturday evening
[20:43] <RoAkSoAx> Daviey: im gonna be there too, i'm driving though
[20:43] <jamespage> RoAkSoAx: yep - me to
[20:43] <Daviey> RoAkSoAx: ah great, so we have a car for the week? :)
[20:43] <RoAkSoAx> Daviey: lol ;)
[20:43] <RoAkSoAx> Daviey: I'll be arriving ~8pm
[20:44] <RoAkSoAx> but crashing with a friend for the night
[20:44] <RoAkSoAx> as I'm driving with a community memeber
[20:44] <jamespage> Daviey: where are you flying from?
[20:44] <Daviey> Great
[20:44] <RoAkSoAx> so just give me a shout
[20:44] <RoAkSoAx> if you guys wanna do soemthign
[20:45] <Daviey> RoAkSoAx: fancy a drive to Zephyrhills on Sunday? :)
[20:46] <RoAkSoAx> Daviey: could be.. what's in there?
[20:46] <RoAkSoAx> lol
[20:46] <RoAkSoAx> besides the waterlol
[20:47] <RoAkSoAx> uhmm skydiving, that's what you wanna do Daviey ?
[20:47] <Daviey> RoAkSoAx: talk tomorrow
[20:47] <Daviey> <-- pub
[20:47] <RoAkSoAx> alright
[20:47]  * RoAkSoAx lunch
[21:03] <Randolph> whois 91.189.92.166
[21:04] <Randolph> wrong chan
[21:04] <Randolph> sorry
[21:18] <talntid> Anyone have any bash scripts to display HDD usage (percentage), load, uptime, etc, all in one? I know I can write it.. just curious if someone already has something close.
[21:22] <patdk-lap> mine shows all that info when I login, by default
[21:30] <talntid> your right...
[21:30] <talntid> wonder if there is a command to repeat that... :)
[21:32] <patdk-lap> check in /etc/update-motd.d
[21:36] <Bilge> My SSH server always terminates with error 255
[21:36] <Bilge> How can I see why it is dying?
[21:38] <Takyoji> Somewhere in /var/log
[21:42] <Takyoji> I'm not sure which log file though; I don't know if it writes to /var/log/error.log
[21:42] <Takyoji> Erm whoops, that doesn't exist. xP
[21:42] <Bilge> No such file
[21:45] <Takyoji> Not sure if it would be reporting it's own errors to /var/log/auth.log
[21:45] <Takyoji> I can't find really anything else explicitly stated of where it logs to
[21:47] <kirkland> talntid: it's landscape-sysinfo
[21:47] <Takyoji> otherwise it's /var/log/syslog
[21:47] <Takyoji> for errors from the SSH daemon
[23:13] <allowoverride> hi