[00:02] <Daviey> hallyn: I think it should show now, the blueprint
[00:03] <hallyn> Daviey, not yet, assume a script needs to re-run?
[00:03] <Daviey> hallyn: cron
[00:03] <hallyn> Daviey, yeah, netcf got into NEW - thanks ahs3!
[00:03] <Daviey> hallyn: if it's not there in my morning, i'll dig deeper
[00:04] <hallyn> next we need to sync it and then get it into main :)
[00:04] <hallyn> Daviey, ok
[00:04] <Daviey> hallyn: I think the issue with the blueprint is that, no series was set.
[00:04] <Daviey> hallyn: If it happens to be in Debian tomorrow morning, i'll sync it over.
[00:04] <Daviey> (unlikely, based on the size of the queue IMO)
[00:05] <Daviey> right!
[00:05] <Daviey> bed
[00:05] <hallyn> night :)
[00:16] <ahs3> hallyn: np :)
[00:46] <osmosis> any way to shrink unused space in a qcow2 file?
[00:47] <zul> truncate maybe?
[00:51] <twb`> osmosis: unused as in the guest's fs driver considers it unused?
[00:51] <twb`> Because obviously in that case it will still contain non-zero data
[00:51] <osmosis> qcow2 file grew large, but the files have since been deleted from the ext3 partition. The qcow2 file already grew large though. I want to shrink it.
[00:52] <l0n> one way to do is to create a new qcow2 file and then copy everything across
[00:52] <twb`> osmosis: zerofree is the least worst thing
[00:52] <twb`> l0n: he'd need to provision a new fs on the new qcow2 from within the guest
[00:52] <osmosis> thats a local utility to run on the ext3 partition?
[00:52] <twb`> osmosis: as far as the qcow2 layer is concerned that contains valid data that it can't delete
[00:52] <l0n> na create a new qcow2 file, attach to guest and then dd everything
[00:53] <twb`> l0n: dd will copy the unallocated but non-zero blocks, forcing qcow2 to allocate them
[00:53] <osmosis> maybe i can use this: http://libguestfs.org/virt-resize.1.html
[00:53] <l0n> yeah ok true, in that case, use a new file but format it then copy manually
[00:53] <l0n> would have to dd bootsector
[00:53] <twb`> The *right* solution would be for qemu to allow the guest to signal that the blocks are no longer needed, i.e. an -o discard (ATA TRIM) behaviour
[00:54] <twb`> l0n: right re MBR/PBR area
[00:54] <osmosis> http://mindref.blogspot.com/2011/07/shrink-qcow2.html   says   qemu-img convert -O qcow2 w2k3.qcow2  w2k3-shrinked.qcow2
[00:54] <osmosis> twb`, THAT would be cool
[00:54] <twb`> osmosis: I think that (the qemu-img convert line)  will not be particularly helpful in your case
[00:54] <l0n> alternatively, apparently you fill the unused space with zeros then run 'qemu-img convert -c' which compresses it
[00:54] <osmosis> twb`, even if I have the free space zero'd ?
[00:55] <twb`> Right, if you can zero the unused blocks, *then* make a new qcow2 using qemu-img, that should reduce its size
[00:55] <osmosis> if im just going to make a new qcow2 and rsync the data over, i wouldnt even bother zeroing the old image.
[00:55] <twb`> However this will increase the host's file size to 100% of the provisioned size during that transition, not to mention the space for  the new copy of the filesystem
[00:56] <twb`> osmosis: right if you're rsyncing the data over you don't need that, but you DO need to be careful not to lose data re e.g. the selinux context, the bootloader, hard links, sparse files, etc. etc.
[00:57] <osmosis> rsync -PSHAVz works.  Just need to make sure I get  /boot parition, /dev /sys /proc setup correctly.
[00:58] <osmosis> ugh, too bad I cant just run a 'shrink' cmd
[00:58] <osmosis> maybe zero's the blocks is easier
[01:00] <twb`> osmosis: I don't have an easy answer, sorry
[01:00] <twb`> osmosis: good luck!
[01:00] <osmosis> Thank you
[01:33] <Datz> Hi, I'd like to have the server stats that are displayed in my ubuntu server box on log in, also displayed in my desktop box.  I'm guessing I could just copy some stuff in /etc/motd/ ?
[01:34] <twb`> Datz: /etc/motd.d or /etc/update-motd.d contains scripts that generate the motd in some whizzo magical fashion
[01:34]  * Datz likes magic
[01:34] <Datz> often times I can't reproduce magic though
[01:34] <twb`> Datz: IIRC byobu pulls in some good examples from some obscure non-obvious package like unattended-upgrades-common or something
[01:35] <Datz> humm
[01:35] <twb`> I have a grudge against update-motd because it was introduced very late in a Debian release cycle and broke things for me
[01:35] <Datz> double humm
[01:37] <Datz> well thanks twb`, I'll look into these things
[01:37] <twb`> Or you could just put it in ~/.profile or so
[01:38] <dustin_> hey guys I am new to using 11.10 server had an old box with 8.04 for a while but decided to update the software with moving to a VM, for some reason I cant seem to get drupal happy with apache2 and I cant seem to find the location of the apache config files
[01:39] <Datz> maybe I'll just copy the output from my ubuntu-server and put it in motd.tail and pretend it's updating
[01:39] <twb`> dustin_: /etc/apache2/
[01:39] <twb`> Datz: hehe
[01:39] <dustin_> ty twb
[01:47] <Datz> twb`: any reason I wouldn't have such a dir /etc/motd.d/ on my ubuntu server?
[01:47] <twb`> Datz: because you haven't installed it
[01:47] <twb`> Look, you've forced me to do this
[01:47] <twb`> # dpkg -S /etc/update-motd.d/ ==> base-files, update-manager-core, update-notifier-common: /etc/update-motd.d
[01:48] <Datz> o_o
[01:48] <Datz> well thanks most helpful sir
[01:48] <twb`> # aptitude why update-notifier-common ==> i byobu Recommends update-notifier-common
[01:48] <twb`> 12:34 <twb`> Datz: IIRC byobu pulls in some good examples from some obscure non-obvious package like unattended-upgrades-common or something
[01:49] <twb`> If you're talking about a different file that's on your desktop, use dpkg -S to find out what package provides it, then install that on your server
[01:49] <Datz> I now understand what you said!
[01:49] <twb`> OK :-)
[01:49] <Datz> thanks!
[02:38] <arrrghhh> hey all.  i thought there was some apt-get search tool but i can't find it
[02:38] <arrrghhh> aptitude search leaves a lot to be desired
[02:38] <arrrghhh> how can i get information about a package?
[02:43] <twb`> aptitude search will only look at package names by default; apt-cache search looks at name and description.
[02:43] <arrrghhh> apt-cache, that's it
[02:43] <twb`> Personally I would suggest aptitude search ~G to look at debtags
[02:44] <arrrghhh> i was looking for apt-get cache
[02:44] <arrrghhh> ok
[02:44] <arrrghhh> sudo aptitude search ~G pms-linux
[02:44] <arrrghhh> like that?
[02:44] <twb`> No, like aptitude search ~Gncurses~Guse::browsing
[02:45] <twb`> Of course this assumes debtags are set up and installed and so on
[02:45] <arrrghhh> hrm
[02:45] <arrrghhh> all i really want to know is the version that's on the repo
[02:45] <arrrghhh> none of these seem to show that
[02:45] <arrrghhh> i thought apt-cache search did
[02:45] <arrrghhh> but it isn't...
[02:45] <twb`> What are you actually trying to do?
[02:46] <arrrghhh> trying to find the version of an app on the repo
[02:46] <twb`> apt-cache policy <package name>
[02:46] <arrrghhh> policy... ok
[02:46] <arrrghhh> ah, that did it
[02:46] <arrrghhh> never would've guessed that was it...
[02:47] <arrrghhh> thanks twb`
[03:45] <auston> I'm having problem with internet access from client connected to eth1 and eth0 direct to router
[03:46] <arrrghhh> auston, yes...?
[03:46] <twb`> auston: either you forgot to NAT or you forgot to ip_forward
[03:46] <auston> how to do that?
[03:49] <twb`> magic
[03:49] <twb`> Sorry I can't be bothered holding your hand just now
[03:49] <arrrghhh> lol
[03:50] <arrrghhh> auston, this might help or hurt.  not sure which
[03:50] <arrrghhh> https://help.ubuntu.com/community/Internet/ConnectionSharing
[03:52] <auston> Thanks. I'll try it out first.
[06:11] <auston> Can I use the server for DNS and firewall together?
[06:12] <arrrghhh> sure
[06:12] <qman__> yes
[06:12] <qman__> you need only add a firewall rule to permit DNS queries
[06:12] <auston> thanks.
[06:13] <auston> I got message asking me whether to install kernel while installing ubuntu server 11.10
[06:42] <smoser> jamespage, when you wake up, we would like to have 20111130 cloud-images tested
[07:35] <auston> how to change primary NIC?
[07:35] <auston> I have 2 NICs installed.
[07:35] <twb> auston: define "primary"
[07:36] <ipl31> question regarding orchestra/cobbler, do the settings in the cobbler ui for vlan and bonding work with Ubuntu?
[07:36] <auston> how to do that? What command should I type in?
[07:41] <twb> auston: I'm asking you to define *to me*, in Enlish, what you think "primary" means
[07:41] <twb> *English
[07:41] <twb> auston: because the answer depends on what you're actually trying to do, and I can't guess
[07:43] <SpamapS> ipl31: look through the pre-seeds / kickstarts ... if the variables aren't used there or in the snippets, then no.
[07:44] <auston> I have no idea how to define the "primary"
[07:45] <twb> auston: OK, how about you describe what the problem is that you're trying to fix
[07:48] <auston> I have installed 2 NICs on the server, only eth0 configured with ip and able to access internet. If i plug-in the LAN cable to eth1, there's no internet access.
[07:48] <twb> And you want it to work regardless of which is plugged in?
[07:49] <twb> Or do you just want it to work for eth1 and not care about eth0?
[07:49] <Daviey> Goooooooooooooooooooood morning.
[07:50] <auston> The usage is eth0 will able to access internet and eth1 for DHCP to client
[07:53] <twb> auston: so "connection sharing"?
[07:53] <auston> yes.
[07:53] <twb> OK.
[07:54] <twb> Have you read https://help.ubuntu.com/community/Internet/ConnectionSharing ?
[07:56] <twb> The short versions is: statically configure eth1; set up MASQUERADE (and perhaps a firewall); enable ip_forward; set up a DHCP server listening on eth1.
[07:56] <auston> Yes. I have read it. Is working. Now, I'm setting another server exactly the same function but will add-in DHCP, DNS and firewall.
[07:56] <twb> Ah, OK
[07:57] <twb> If you are prepared to learn how to do firewalling by hand, #netfilter is the best place to talk about that.  As to DHCP and DNS, dnsmasq is a quick and lightweight way to have both -- or you could set up ISC dhcpd and unbound/bind for DNS
[07:58] <twb> The Ubuntu Server Guide is also a good reference for all of the above
[07:59] <auston> Ok, I'll try out the dnsmasq.
[08:04] <auston> how to install dnsmasq?
[08:10] <ipl31> SpamapS: thanks
[08:13] <RoyK> !dnsmasq
[08:13] <RoyK> auston: google for it...
[08:13] <twb> auston: apt-get install dnsmasq
[08:21] <auston> i got msg "E: unable to locate package dnsmasq
[08:24] <ipl31> ok so it looks like for advanced networking with orchestra I will need to write some shell script snippets for the post command
[08:57] <auston> I managed to install dnsmasq finally :)
[09:07] <koolhead11> hi all
[09:13] <jamespage> morning all
[09:13] <jamespage> hi koolhead11!
[09:16] <koolhead11> hello jamespage
[09:17] <auston> hello
[09:38] <auston> Wat should I do to configure DHCP and DNS after installed dnsmasq?
[09:43] <lynxman> morning o/
[09:43] <lynxman> jamespage: morning good sir
[09:43] <lynxman> koolhead11: ello! :)
[09:43] <koolhead11> hello lynxman :)
[09:46] <jamespage> morning lynxman
[09:49] <koolhead11> lynxman: ^^^^Nagios configuration for Orchestra ^^^^
[09:52] <lynxman> koolhead11: are you watching my commits? lol
[09:53] <koolhead11> lynxman: subscribed to orchestra :D
[09:53] <lynxman> koolhead11: aaah ;)
[10:01] <SteeveFMX> Bonjours
[10:25] <koolhead11> ttx: that mail was encouraging!! :)
[10:37] <ttx> koolhead11: I happen to know both sides of the fence quite well.
[10:38] <ttx> and I learned to understand the value of the fence.
[10:38] <koolhead11> ttx: :)
[10:45] <koolhead11> ttx: https://bugs.launchpad.net/horizon/+bug/888385  Does that mean the bug will be fixed-released with essex?
[10:46] <ttx> dunno, they targeted the fix for E2, so they indicarted that they will fix it soon
[11:03] <koolhead11> ttx: https://bugs.launchpad.net/horizon/+bug/897882  solves #888385
[11:04] <koolhead11> as am not getting same error after modifying my pip-requires with quantum path change :D
[11:06]  * koolhead11 adding comment to the bug
[11:10] <koolhead11> with 1 line patch :P
[11:20] <Ursinha> good morning :)
[11:20] <lynxman> Ursinha: bom dia!
[11:20] <koolhead11> ttx: done :D
[11:20] <koolhead11> hola Ursinha
[11:20] <Ursinha> lynxman: :D
[11:20] <Ursinha> koolhead11: hola :)
[11:21] <koolhead11> Ursinha: am awesome, how have you been?
[11:23] <Ursinha> koolhead11: great :D
[11:24] <koolhead11> awesome!! :D
[12:25] <honey_> is there any body who can tell me on how to configure the apache on greenstone software on ubuntu?
[12:28] <honey_> is there any body who can tell me on how to configure the apache on greenstone software on ubuntu?
[12:29] <RoyK> greenstone?
[12:30] <honey_> specialy on assigning the server name
[12:30] <jetole> Does anyone know how I can configure the dhcp client to provide a static "search" for domains in resolv.conf regardless of what the dhcp server tells it?
[12:32] <ikonia> jetole: there are ignore options for dhclient
[12:32] <honey_> Royk:it is a software tha can be use for digital libarary
[12:33] <jetole> ikonia: well thats useful but is there a way for me to configure certain things for resolv.conf so if it ever gets changed then the client would restore it?
[12:47] <RoyK> honey_: dunno about greenstone, really, but do you just need to configure an apache virtualhost?
[12:49] <honey_> Royk:yeah i know it it is open source and what i need is i would like to tell the adress and assighn the name of server
[12:49] <honey_> that means  configure an apache virtualhost
[12:52] <ikonia> jetole: yes, there are options to ignore certain options that are given from the dhcp server
[12:53] <RoyK> honey_: lemme check
[12:54] <honey_> Royk:ok
[13:21] <nocturn> Hi
[13:22] <nocturn> I installed Ubuntu server on a datacenter host and want to set up KVM networking
[13:22] <nocturn> internal network is ok, but one of the hosts needs an external IP.  What settings would I need for that?  I tried over virbr0 but that doesn't work
[13:23] <nocturn> Server is running 11.10
[13:30] <derdoktor> hi nocturn, "virbr0"? seems you are using libvirt. perhaps virt-manager
[13:30] <nocturn> derdoktor: yes, I used virtmanager
[13:30] <nocturn> the NAT networking is already working well
[13:31] <nocturn> just want to give one VM two interfaces, one natted, another a public IP
[13:31] <derdoktor> have you tried bridge-utils?
[13:32] <derdoktor> take a look at https://help.ubuntu.com/community/KVM/Networking
[13:33] <derdoktor> the bridge-utils supply with a virtual network switch
[13:38] <smoser> jamespage, ping
[13:39] <jamespage> smoser: pong
[13:39] <smoser> did you start some tests ?
[13:41] <jamespage> smoser: not yet
[13:41] <jamespage> smoser: waiting for some firewall access outbound to be fixed up
[13:42] <smoser> jamespage, thats fine. just curious, i would lok for them at https://jenkins.qa.ubuntu.com/job/precise-server-ec2 ?
[13:43] <nocturn> derdoktor: do I need to create a second bridge?
[13:43] <jamespage> smoser: yes but we have not run it yet so its not been publised
[13:43] <smoser> right.
[13:43] <nocturn> have read that page, but didn't find my answer
[13:43] <derdoktor> i dont think so
[13:43] <smoser> jamespage, so... i guesssed the 'precise' based on browser history with https://jenkins.qa.ubuntu.com/job/oneiric-server-ec2/
[13:44] <smoser> but that url is also empty, as are all my other history urls... many of which i had supposed were semi-permenant and placed links to them in bugs and such.
[13:44] <zul> good morning
[13:45] <smoser> s/supposed/assumed/
[13:45] <jamespage> smoser: hmm - looks like someone tidied up
[13:48]  * smoser remembers to never AssUMe
[13:56] <smoser> jamespage, utlemming 20111130 and 20111129.2 have the same manifest contents. utlemming had requested 1129.2, i requested 1130. it doesn't really matter but for some reason i like builds without the .X on them. it hides the fact that we scrambled :)
[13:59] <jamespage> RoAkSoAx, ping
[14:28] <koolhead11> hola smoser
[14:29] <smoser> hey.
[14:29] <smoser> how goes life ?
[14:34] <koolhead11> smoser: i have yet not tried solution u asked me to look at, was still doing R&D with my own server image. seems like finally i will look at the wiki :D
[14:35] <smoser> i'm not following. i dont think.
[14:37] <koolhead11> smoser: i meant https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward :D
[14:37] <ttx> mdeslaur, jdstrand: would love to see your opinion on http://fnords.wordpress.com/2011/11/30/improving-nova-privilege-escalation-model-part-3/
[14:37] <ttx> (as well as anyone else with a white hat or a python in their closet)
[14:38] <mdeslaur> ttx: sure, I'll take a look a little later when I have a few minutes
[14:38] <smoser> ah. ok.
[14:38] <ttx> mdeslaur: thanks !
[14:42] <koolhead11> ttx: seems like finally openstack project too got attacked by trolls :D
[14:46] <RoAkSoAx> jamespage pong
[14:46] <jamespage> RoAkSoAx, hey
[14:47] <RoAkSoAx> jamespage howdy
[14:47] <ttx> koolhead11: trolls ? where ?
[14:47] <jamespage> I think that powernap is causing a few issues with the dell hardwre we have in the lab
[14:47] <jamespage> See https://launchpad.net/bugs/898127
[14:47] <jamespage> I updated the preseed jibel was using to disable the CPU scaling stuff and the problem went away
[14:48] <jamespage> RoAkSoAx: how would you feel about disabling the CPU management by default?
[14:48] <jamespage> at least until we can ID what the problem is with this specific hardware....
[14:48] <RoAkSoAx> jamespage i thought i did that already
[14:49] <jamespage> RoAkSoAx, interesting - this was on precise
[14:50] <RoAkSoAx> jamespage: I guess I didn't :)
[14:51] <RoAkSoAx> jamespage: yeah the cpu_online script will be turned off by default for now
[14:51] <RoAkSoAx> jamespage: thought, can you manually try to turn on half of the cores and see what's the result of doing so?
[14:52] <jamespage> RoAkSoAx, TBH we don't really get the change - the server freezes straight away
[14:52] <jamespage> I saw similar on oneiric
[14:52] <RoAkSoAx> jamespage: yeah it seems to be an issue that started with 3.0
[14:52] <RoAkSoAx> jamespage: but can you manually remove half of the cores? or juts 1 to see if the problem persists
[14:52] <RoAkSoAx> jamespage: it is just for general testing though
[14:53] <jamespage> RoAkSoAx: I'll see what we can do
[14:53] <RoAkSoAx> jamespage: in reality, i wanna see if this is being caused by turning off *all* but 1 core, or by turning off even 1 single core
[14:55] <Daviey> RoAkSoAx: I have ipxe doing our bidding, with a hard coded next-server..
[14:56] <RoAkSoAx> Daviey: yeah but that's not what we want, right?
[14:57] <Daviey> RoAkSoAx: that is /exactly/ what we want
[14:57] <Daviey> (as an option)
[14:57] <Daviey> RoAkSoAx: fancy a hangout in 30 mins or so?
[14:58] <RoAkSoAx> Daviey: give me a sec
[14:58] <RoAkSoAx> Daviey: but pastebin what you did :)
[14:59] <Daviey> RoAkSoAx: is going to be easier screensharing i think
[14:59] <zul> yes the peanut gallery wants to see what you did (talking about myself)
[15:01] <ikonia> Daviey: I've re-done the dovecot package that failed in 11.10 with the current 12.04 build, I'm rusty on process, who do I submit this to for review
[15:02] <Ursinha> Daviey: I reproduced the glance bug
[15:02] <Ursinha> upgrading natty to oneiric is enough
[15:03] <Daviey> ikonia: Great, have you done it via bzr or flat packaging?
[15:03] <ikonia> Daviey: local only here on a test box, I can upload into bzr, just wasn't sure of the process, hence asking
[15:04] <ikonia> it's been a while since I submitted stuff
[15:04] <Daviey> ikonia: Okay, is this to fix the precise package, or oneiric?
[15:05] <ikonia> precise, once that's ok, I'm going to try (but it looks like it's not worth it) to bring the versions up as a back port for oneiric
[15:05] <ikonia> one thing at a time though
[15:05] <Daviey> ikonia: okay, as it's not currently in bzr; it's probably going to be better to use debdiff.
[15:06] <Daviey> So grab the current precise package, pull-lp-source $package precise ; debdiff current-precise.dsc your-package.dsc
[15:06] <Daviey> > your-package.debdiff
[15:06] <RoAkSoAx> Daviey: im ready
[15:06] <ikonia> so I just submit the patch, I don't need to worry about the package
[15:06] <ikonia> great
[15:07] <Daviey> If you then want to pastebin what you have, we'll take a quick look.. ?
[15:07] <ikonia> thank you
[15:07] <Daviey> RoAkSoAx: I have another call starting right now
[15:07] <ikonia> I shall once I've done the process, on the wrong box here
[15:07] <Daviey> ikonia: yep, the patch is what matters more
[15:07] <RoAkSoAx> Daviey: plop :)
[15:10] <iclebyte> is there an isc-dhcpd channel on freenode?
[15:12] <koolhead11> iclebyte: what is your issue?
[15:12] <koolhead11> dhcp related?
[15:14] <iclebyte> we are trialing a new fibre deployment. we need to give out IP's from a pool based on the agent.remote-id and agent.circuit-id values - we have class matching working using 'options host-name' but we can't seem to find the correct agent.remote-id values. is there a way to tell bind to log them to syslog?
[15:32] <capeta> how can i do to prevent a package from being installed/updated ?
[16:03] <Daviey> adam_g: around?
[17:26] <Ursinha> Daviey: so, glance package has a bug, I could reproduce it
[17:26] <Ursinha> Daviey: with whom should I talk to about it? I know where it's failing but not sure what should be the correct behaviour there
[17:26] <Ursinha> bug 883988
[17:29] <Ursinha> Daviey: hello :)
[17:29] <Daviey> hello
[17:30] <Daviey> Ursinha: you are seeing that same issue?
[17:30] <Daviey> zul: ^^ did you see that?
[17:32] <Ursinha> Daviey: yes
[17:32] <Ursinha> Daviey: problem is when glance is running postinstall script, and it tries to migrate the glance db
[17:33] <Ursinha> the migration script tries to create tables that the sqlite db already have
[17:33] <Ursinha> so it breaks
[17:34] <Daviey> :(
[17:34] <Daviey> Ursinha: this is probably one for zul..
[17:34] <Daviey> Ursinha: is this clean install or upgrade from oneiric to precise?
[17:35] <Ursinha> Daviey: steps: installed natty, apt-get update/upgrade, installed glance, dist-upgraded to oneiric
[17:35] <Daviey> ah
[17:35] <Daviey> Ursinha: lets see zul's comments when he returns
[17:35] <Ursinha> Daviey: that's the same scenario of the dupes I've spotted
[17:35] <Ursinha> I marked them all as dupes then
[17:37] <Ursinha> Daviey: so, is it reasonable to create an oneiric task for that bug?
[17:38] <Ursinha> I think so
[17:43] <Daviey> Ursinha: yes please!
[17:43] <Ursinha> :)
[17:45] <zul> Daviey: gah...k
[17:47] <zul> Daviey Urisinha: havent seen it recently but ill try to put some logic in the packaging
[17:53] <Daviey> zul: i understood that the upgrade process wasn't safe for glance
[17:53] <Daviey> it was different to nova
[17:53] <zul> Daviey: maybe it got fixed
[17:54] <Daviey> oh
[17:54] <Ursinha> Urisinha is new... have to add to hilight list :P
[17:54] <zul> Ursinha: heh cloud is not so fluffy sometimes
[17:54] <Ursinha> anyway we'll need to SRU that, right?
[17:55] <Ursinha> if it's fixed, I wonder why the bug isn't indicating that... do you know zul?
[17:55] <zul> Ursinha: im double checking
[17:55] <zul> Ursinha: it should be
[17:56] <Ursinha> zul: by fixed you mean what?
[17:56] <Ursinha> upstream fixed? packaged and uploaded somewhere?
[17:56] <zul> Ursinha: sorry upstream fixed
[17:57] <Ursinha> how do we indicate that in the bug?
[17:57] <zul> Ursinha: good question :)
[17:57] <zul> Ursinha: i usually say "This should be fixed in the new release of Essex please test and re-open if this is not the case"
[18:01] <Ursinha> zul: so, what we need to do to fix it in ubuntu? bring the fix/package? I have no idea how this works, so, sorry the silly question :)
[18:03] <zul> Ursinha: now worries we will have to nail down the bug but going through the upstream fix and backport it, its might be fixed in the release ill be doing for oneiric as soon as we get through the paperwork for doing a stable release for glance
[18:04] <zul> Ursinha: ill take care of it
[18:05] <Ursinha> zul: okay :) I'll find something else to try fixing then :)
[18:06] <zul> Ursinha: i would start with something small
[18:07] <adam_g> Daviey: here
[18:07] <Ursinha> Daviey: point me something small
[18:07] <Daviey> adam_g: hey, can't really do it right now - hoped to have a catch up
[18:08] <Daviey> Ursinha: something small... my will to live? :)
[18:09] <Ursinha> Daviey: man... shut up
[18:09] <Ursinha> haha
[18:11] <Daviey> Ursinha: so, bug 894754 isn't too bad
[18:11] <Daviey> The Depends are not right, which isn't pulling in the -dkms package when needed
[18:12] <hallyn> drat, there was jsut a very tiny bug (in terms of fix) in qemu-kvm, i almost asked here if anyone wanted to do it
[18:12] <hallyn> (but didn't)
[18:12] <Ursinha> :)
[18:15] <Ursinha> Daviey: so... just adding the dependency should fix it?
[18:15] <Ursinha> hallyn: is the bug there yet? :P
[18:15] <hallyn> sorry, what do you mean?
[18:16] <hallyn> the fix?
[18:16] <hallyn> if so, yeah, i posted the debdiff on the bug (bc we're in freeze so i didn't want to push it :)
[18:17] <hallyn> but i bet there are other bitsize ones in the virt stack we can find if you're bored after the vswitch one :)
[18:18]  * hallyn goes to try a change to compiz, we'll see if i get dropped :)
[18:18] <Daviey> hallyn: Are you free to help Ursinha with the openvswitch one if she needs it?
[18:18] <Ursinha> hallyn: the small bug you mentioned
[18:18] <Ursinha> if it's available to be fixed
[18:18] <Ursinha> okay :)
[18:20] <hallyn> Daviey, Ursinha: yeah, it's lunchtime now, but i can help with the openvswitch one in a bit if you like
[18:21] <Ursinha> hallyn: I'd love to :)
[18:21] <Ursinha> thanks!
[18:27] <Daviey> hallyn: thanks
[18:28] <Ursinha> Daviey: I think I can't add a distrotask
[18:28] <Ursinha> ?
[18:29] <Ursinha> release task?
[18:29] <Ursinha> I forgot how to call that
[18:35] <Daviey> Ursinha: go for it :)
[18:36] <koolhead17> Daviey: you have sometime today for sqlite bug fix. :)
[18:36] <philipsmatto> hi guys, can you help me to configure iptables well, please?
[18:37] <Resistance> philipsmatto, define "configure well"
[18:37] <Resistance> because what I'd call a decent configuration and set of rules another would call it crap
[18:37] <Resistance> as well, the confiugration is dependent on what exactly you want it to do
[18:38] <Resistance> i.e. what you want allowed, what you want to block, etc.
[18:38] <philipsmatto> okok excuse me, i have small LAMP server that i must use for webserver
[18:38] <philipsmatto> i
[18:39] <philipsmatto> would like
[18:39] <philipsmatto> that my server will + secure
[18:40] <Daviey> koolhead17: I do not today, but maybe someone else can helo?
[18:40] <Daviey> smoser: ^^?
[18:40] <philipsmatto> now iptables is defoul
[18:40] <Resistance> !enter | philipsmatto
[18:40] <Resistance> hmm
[18:40] <philipsmatto> ok excuse me
[18:40] <Resistance> philipsmatto, whats your primary language?  english?
[18:40] <Resistance> or something else
[18:40] <smoser> Daviey, sure. whats up koolhead17 ?
[18:40]  * Resistance doesnt think its english but isnt sure
[18:41] <philipsmatto> true
[18:41] <philipsmatto> i'm italian
[18:41] <Resistance> ah
[18:41] <Resistance> explains the english then
[18:41] <koolhead17> smoser: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/875262
[18:41] <Resistance> philipsmatto, what i do with *just web servers* is i block all external traffic that is not coming in on the ports necessary for the web server
[18:42] <Resistance> philipsmatto, for instance, ports 80 and 443 are opened, but not much else.
[18:42] <koolhead17> i worked on this and tried few things. last time Daviey suggested we can work on it with screen as even am new to it. :)
[18:42] <Resistance> as well, ssh is open on a nonstandard port because my servers are offsite
[18:42] <Resistance> but not much else is opened to the world
[18:42] <smoser> oh.. shoot. i dont really have time for that right now, as i'd have to even come up to speed on that bug.
[18:43] <Resistance> philipsmatto, there's about ten thousand different "good configurations" but for basic yet somewhat secure, you can block all traffic except for that you identify
[18:43] <Resistance> as okay
[18:43] <Resistance> aw crud, stupid enter key... >.>
[18:43] <koolhead17> smoser: ok.
[18:44] <Resistance> philipsmatto, is this a VPS or an actual Ubuntu box you own?
[18:44] <Daviey> smoser: thanks anyway
[18:45] <philipsmatto> i have one server at home, it's a old pc
[18:45] <Resistance> ok
[18:45] <Resistance> philipsmatto, give me about a minute
[18:45] <Resistance> so i can write up the list of stuff you'd need to execute for iptables
[18:46] <Resistance> philipsmatto, oh, and one last question... do you plan on rebooting this computer often, or shutting it down often?
[18:46] <philipsmatto> yes yes
[18:46] <Resistance> yes to which?  shutting it down often?
[18:46] <Resistance> (aka rebooting)
[18:47] <philipsmatto> yep
[18:47] <Resistance> ok
[18:48] <Resistance> gimme a few seconds
[18:48] <philipsmatto> okok tnk u!
[18:49] <Resistance> Daviey, i've got Ubuntu Desktop running on my server instance, so i have if-up/if-down scripts which autoload and autosave iptables...  do you know of any easier method of making iptables.rules persistently loaded?
[18:49] <koolhead17> jamespage: whats up with java in your twitter handle :D
[18:49] <Resistance> (i.e. on boot)
[18:50] <koolhead17> !iptable
[18:51] <koolhead17> Resistance: https://help.ubuntu.com/10.04/serverguide/C/firewall.html  see if this helps.
[18:52] <Resistance> koolhead17, ok thanks
[18:52] <philipsmatto> Resistance but if i don't shutdown, remain the config?
[18:52] <Resistance> philipsmatto, yes that's true.  but i have a method that will allow it to autoload the rules on boot.
[18:52] <philipsmatto> true
[18:52] <Resistance> philipsmatto, first, install the iptables-persistent package (in terminal: sudo apt-get install iptables-persistent)
[18:53] <Resistance> philipsmatto, now gimme a sec to upload this thing somewhere...
[18:53] <koolhead17> Resistance: check for shorewall, things will be much easier 4 you :D
[18:53] <Resistance> koolhead17, i already have iptables configured
[18:53] <philipsmatto> trnk a lot!!
[18:53] <Resistance> this is for philipsmatto who asked how to set up iptables as their firewall with  a "good" config
[18:56] <philipsmatto> Resistance but olther Iptables, i must install olther firewall or no?
[18:56] <Resistance> philipsmatto, if you're asking whether you need a different firewall if you dont want to use iptables, then yes.  there are easier firewalls to use, though.
[18:57] <Resistance> (fwiw, I prefer iptables, but i'm old school)
[18:57] <Resistance> (and i remembered half of the iptables man page)
[18:57] <philipsmatto> :) okok
[18:58] <Resistance> philipsmatto, i assume you have superuser on the box which is the server?  (i.e. sudo or root access)
[18:58] <philipsmatto> true
[18:59] <philipsmatto> attend
[18:59] <Resistance> okay, then as superuser create the file /etc/iptables.rules
[18:59] <Resistance> and put inside that file the content of this: http://pastebin.com/raw.php?i=r2sYd2bK
[18:59] <Resistance> or...
[18:59] <Resistance> you can *try* to wget that
[19:00] <Resistance> but it might not work that way
[19:00] <Resistance> huh actually that did work *shrugs*
[19:02] <philipsmatto> now i can't doing,  wrriting notes
[19:02] <philipsmatto> *writing
[19:02] <philipsmatto> and stop?
[19:04] <philipsmatto> later this operation i don't must doing nothing?
[19:04] <Resistance> after you've done that, you'll need to do (as superuser) iptables-restore < /etc/iptables.rules
[19:04] <Resistance> assuming you saved the file in /etc/
[19:04] <Resistance> WHOAH lag spike
[19:04]  * Resistance just lagged
[19:05] <Resistance> then i *believe* that iptables-persistent will keep the rules in future
[19:05]  * Resistance hasnt tested this in depth
[19:07] <philipsmatto> okok trnks u a lot!!!!!
[19:08] <philipsmatto> but with this configuration , Iptables  block DDoS attack?
[19:12] <Resistance> not much defends against DDoS
[19:13] <Resistance> but its far less likely they'll be able to hit your critical items
[19:13] <Resistance> maybe your web server
[19:13] <Resistance> but not much else
[19:13] <l0n> http://www.riorey.com/
[19:14] <l0n> use them for ddos, might cost a bit though ;)
[19:15] <jMCg> For, or against?
[19:15] <l0n> to defend against it
[19:16]  * RoyK is somewhat sceptical
[19:17] <RoyK> l0n: if a 100k node botnet attacks your site, how will they defend it?
[19:18] <l0n> RoyK Not sure if they do DDoS protection as a service or not, if they do, I suspect you could get your IPs routed via them and they'll take care of it
[19:19] <l0n> If not then 100k would probably fill up your pipe so yeah, no device would protect you
[19:19] <l0n> unless you had a really really really really fat pipe
[19:20] <RoyK> and if you can live through a 100k node attack, what about that 10M node attack?
[19:20] <RoyK> some botnets are BIG
[19:20] <l0n> idd, well you need DDoS as a service but like I say, it'll cost ya an arm & a leg
[19:20] <sarthor> how to reload squid in 11.10 ? /etc/init.d/squid/ reload is not working
[19:21] <l0n> RoyK not every DDoS is that big though, I used to work for a hosting provider that got DDoSed a lot and the protection they had did the job
[19:21] <philipsmatto> excuse me , but for defender my website, what i doing?
[19:22] <sarthor> i did service squid reload  but i did  not saw any change in tail -f /var/log/syslog
[19:23] <philipsmatto> ?
[19:23] <l0n> philipsmatto make sure you block all ports apart from those required e.g. http and ensure you keep your externally accessible services up to date and locked down
[19:23] <l0n> you may also want to consider running the site in a chrooted env, using selinux or easier way is to run it in a virtual machine. This is to minimise damage in the event that you get hacked.
[19:24] <l0n> you might also want to use an application layer firewall like mod security
[19:25] <philipsmatto> eh, this
[19:25] <philipsmatto> which use?
[19:25] <l0n> philipsmatto: sorry, I don't understand what you mean
[19:26] <Resistance> l0n, i helped him with iptables
[19:26] <Resistance> l0n, there's a -j REJECT rule at the end
[19:26] <Resistance> of the INPUT table
[19:26] <Resistance> it acts as a catch-all-other-crapo
[19:27] <Resistance> if it doesnt match the first rules, the system sends the REJECT packet
[19:27] <Resistance> and in the config
[19:27] <Resistance> only port 80 is open to the universe
[19:27] <philipsmatto> excuse me, you are right, i would like say: which do i use?
[19:27] <Resistance> which what?
[19:27] <Resistance> firewall?
[19:27] <philipsmatto>  mod
[19:28] <Resistance> "mod"?
[19:28] <RoyK> philipsmatto: for most use, just use ufw
[19:28] <philipsmatto> ' you might also want to use an application layer firewall like mod security'
[19:28] <philipsmatto> mod security
[19:28] <Resistance> ah apache mod security
[19:28] <Resistance> :P
[19:29] <Resistance> i'd listen to RoyK then, and work wtih ufw
[19:29] <Resistance> in which case they can help ya undo the iptables stuff and set you up with ufw
[19:29] <Resistance> me, i've got classes
[19:29]  * Resistance runs because he's 12 minutes late
[19:29] <RoyK> Resistance: if the shit hits the fan and someone DoS you or get nasty somehow, well, add more layers of security
[19:29] <Resistance> RoyK, hehe, "Secuirty in Depth" doesnt always work
[19:30] <philipsmatto> i knew
[19:30] <RoyK> Resistance: place an unpatched windows machine somewhere on the server farm and wait...
[19:31] <Resistance> RoyK hehe
[19:31] <Resistance> would it surprise you the Feds do that?
[19:32]  * Resistance points at this server he was fixing prior to realizing he was late to class
[19:32]  * RoyK just setup five 2x12core machines in an MPI cluster and finds it works :D
[19:33] <philipsmatto> Resistance, i  must just  install apache mod security and your configuration?  So my server is safe?
[19:34] <Resistance> philipsmatto, one thing to realize... servers are never 100% safe
[19:34] <Resistance> the only safe server is not connected to the network, and is not connected to the internet
[19:34] <Resistance> therefore a standalone machine that is safe from external threats
[19:35] <Resistance> but the iptables rules that i gave you are pretty solid
[19:35] <Resistance> and since i dont use apache i cant help you with mod security ;P
[19:35]  * Resistance uses nginx web server
[19:36] <l0n> Resistance, just out of interest, does nginx have something like mod security?
[19:36]  * RoyK doubts it
[19:36] <Resistance> l0n, not sure, i could check.  but fwiw, my sites i run on it are behind a hardware firewall and therefore arent exposed to the internet
[19:36] <Resistance> but i do use nginx for everything ;P
[19:36] <Resistance> except ASP crap... that, i'm forced to use a windows server for
[19:36] <l0n> but you've got port 80 open on your hw firewall haven't you or you mean it's an internal web server?
[19:36] <RoyK> l0n: nginx is very light-weight, quite the opposite of apache, which is more like an operating system in comparison
[19:36] <philipsmatto> port 80
[19:37] <philipsmatto> port 80 is request for redirect (with DNS)
[19:37] <l0n> hehe idd Royk
[19:37] <Resistance> l0n, [INTERNET] -> HardwareFireWall -> network
[19:37] <Resistance> but the hw firewall doesnt have a port 80 rule
[19:37] <Resistance> at least not for the nginx webserver itself
[19:37] <l0n> so your web server is for internal use only?
[19:38] <Resistance> mhm
[19:38] <RoyK> - Emacs is a decent operating system, but it lacks a good editor...
[19:38] <Resistance> well... the one which i truly give a crap about, yes
 Resistance, just out of interest, does nginx have something like mod security?  <--- answer: no
[19:39] <barcef> How do I turn my hosted ubuntu server(w/ public IP) into an HTTP PROXY server?
[19:39] <RoyK> barcef: apt-get install squid
[19:39] <philipsmatto> Resistance, how u connect your WEBSERVER with doman without port 80?
[19:39] <Resistance> philipballew, the thing runs its own DNS server off of a 10.x.x.x internal network IP
[19:39] <RoyK> barcef: but then, there are different types of proxy servers and ...
[19:40] <Resistance> philipballew, so if i type "webserver.foobar.baz" it'll route the requests to 10.x.x.x
[19:40] <l0n> Ah ok, that explains why ppl run Apache and Nginx I suppose
[19:40] <Resistance> since all systems on the internal net of mine have that servers's DNS IP stored
[19:40] <barcef> RoyK,  How would I tell what type I need? I need to route my nintendo wii though my server in the US to get my netflix in english.
[19:40] <Resistance> more like hardwired... but meh
[19:41] <Resistance> philipballew, for the internal networked server, there's an iptables firewall rule that has port 80 open
[19:41] <RoyK> barcef: that'll be a normal front proxy - squid is good for that
[19:41] <Resistance> philipballew, but that server isnt shown to the universe outside the internal net
[19:41] <RoyK> barcef: just install it and edit /etc/squid/squid.conf (read the comments)
[19:42] <Resistance> philipballew, the trekweb server, though, for trekweb.org, ituses nginx but is offsite and internet-facing
[19:42] <barcef> RoyK, ahh.. thanks man... thats awesome.
[19:48] <philipsmatto> thanks a lot
[19:49] <philipsmatto> Resistence :)
[19:51] <philipsmatto> I owe you a favor
[19:58] <philipsmatto> Guys i must goind
[19:58] <hallyn> Ursinha, sorry, got carried away w a patch review.  how is bug 894754 treating you?
[19:58] <philipsmatto> trnks a lot!!!!
[19:59] <Ursinha> hallyn: I'm trying to reproduce in precise to see where to start
[19:59] <Ursinha> reproducing in precise implies downloading iso and so on, so taking a while now :)
[19:59] <hallyn> bleh, i see :)
[19:59] <hallyn> i'll start the same
[20:00] <hallyn> (waiting for victim stack instance to spin up)
[20:01] <Ursinha> :)
[20:09] <hallyn> Ursinha, if you look at the commit msg for 1.2.1-3, that sounds like actually a good alternative
[20:10] <hallyn> oh!  the bug was reported on oneiric?  so that actually is the fix we want
[20:10] <hallyn> (oneiric is on 1.2.0-1ubuntu1)
[20:12] <hallyn> Ursinha, so, do a : "pull-lp-source openvswitch; pull-lp-source openvswitch oneiric", and then look at the diff in debian/openvswitch-switch.init between both versions
[20:13] <hallyn> Ursinha, this should also mean that it can be marked fixed released, and affecting oneiric
[20:14] <Ursinha> hallyn: yeah, but do you think it should just not fail instead of adding another dependency that would actually build it? (if I understood the problem well)
[20:14] <Ursinha> does that mean the package doesn't need the module to work?
[20:15] <hallyn> gah, would my wm pls stop resetting when i get popups?
[20:16] <hallyn> Ursinha, yeah, was the original idea.  It seems perhaps less safe depending on how robust the dkms building is
[20:16] <Ursinha> hm, right
[20:17] <Ursinha> what do you mean by safe?
[20:17] <Ursinha> won't hilight you so your wm won't reset :)
[20:17] <hallyn> well if it fails 20% of the time to build,
[20:17] <hallyn> thanks :)
[20:18] <hallyn> eh, you're probably right, should probably be recommended:
[20:19] <hallyn> but see, i just tried to install the dkms and got
[20:19] <hallyn> Error! Your kernel headers for kernel 3.2.0-2-virtual cannot be found.
[20:19] <hallyn>  
[20:19] <hallyn> :)
[20:19] <Ursinha> isn't that a problem in dkms package? :)
[20:20] <hallyn> so, the package install would then still fail.  I think I see the real bug in openvswitch-switch as being that package update fails (making future updates noisier).
[20:20] <hallyn> it's a problem inherent indkms i think - it's complaining bc the running kernel is older than the one that came in the current-headers pkg
[20:20] <Ursinha> I don't like that much
[20:20] <Ursinha> *that that
[20:21] <hallyn> heh, if we could just get vswitch into upstream kernel we wouldn't need to do dkms :)
[20:21] <Ursinha> :)
[20:21] <Ursinha> do we need the module for that package?
[20:21] <hallyn> what do you mean?
[20:21] <hallyn> yeah, it's needed, so yes it should be Recommended
[20:22] <Ursinha> if openvswitch_mod is needed for that openvswitch-switch package is meant to, so it's required, no?
[20:22] <hallyn> yup
[20:23] <Ursinha> do it's a dependency and not just a recommendation?
[20:23] <Ursinha> s/do/so/
[20:24] <Ursinha> I guess I see the problem you are pointing
[20:25] <Ursinha> it's required, but module building is likely to fail, so better recommend and try and not break instead of creating problems for the average of users..
[20:25] <hallyn> that *was* my point, but it's only half valid.
[20:26] <jamespage> Daviey: iscsi testing completed
[20:26] <hallyn> i think you should both make it Depend, and backport the fix to the init script
[20:26] <Daviey> jamespage: you rock star!
[20:27] <Ursinha> hallyn: right!
[20:27] <Ursinha> oops, sorry
[20:27] <Ursinha> :S
[20:28] <hallyn> heh, np, it's not being uppity right now
[20:32] <hallyn> Ursinha, so let me know if you have any questions on proceeding.  if you want me too look at the debdiff poke me.
[20:32] <Ursinha> sure, thanks!
[20:33] <hallyn> man qemu-linaro build takes HOURS
[20:35] <jamespage> Daviey: this might be a stoopid question but is there a reason why I get the -generic kernel on amd64 server installs?
[20:40] <Daviey> jamespage: hmm, good question.. Probably a better one to throw to apw or smb tomorrow.
[20:41] <apw> jamespage, that is because the -server and -generic configurations have been merged
[20:41] <apw> jamespage, they were almost identicle anyhow, so for now the linux-server meta points to linux-image-generic
[20:47] <Daviey> apw: So that is what i thought, but there still seems to be a -server kernel?
[20:47] <Resistance> is it a pseudopackage?
[20:47] <Resistance> or does it actually provide something?
[20:47] <Resistance> Daviey, ^
[20:47] <Resistance> (the -server kernel package)
[20:49] <apw> linux-image-*-server ? Daviey i can't see it
[20:50] <Daviey> grr, might help if i wasn't looking at oneiric
[20:59] <Daviey> RoAkSoAx: hmm, seems we can also pass an initrd to ipxe, which is a flat script - rather than tagging onto the cmd line.
[21:06] <zul> jamespage: hey do you have instructions to setup iscsi for the iso testing?
[21:10] <patdk-wk> zul, sorry, I had been running those tests, but internet been bouncing around all day :(
[21:10] <zul> patdk-wk: do you have instructions to setup iscsi?
[21:11] <patdk-wk> instructions? not really, I have my enviroment setup for iscsi though
[21:11] <zul> with iscsitarget right?
[21:12] <patdk-wk> heh?
[21:12] <patdk-wk> I meant iscsi root
[21:15] <jamespage> zul: http://paste.ubuntu.com/755364/
[21:16] <zul> jamespage: heh...i love you
[21:17] <patdk-wk> so it is iscsi root info you wanted, but I don't use iscsitarget for my iscsi server
[21:17] <jamespage> and http://paste.ubuntu.com/755366/ into virsh
[21:18] <jamespage> zul: http://paste.ubuntu.com/755368/ to grab the kernel and initrd for the authenticated test for reboot
[21:18] <patdk-wk> that is extreemly annoying
[21:18] <patdk-wk> gpxe chainload iscsi boot
[21:20] <b0gatyr> join #windows-server
[21:23] <lynxman> b0gatyr: right now!
[21:28] <RoAkSoAx> Daviey: really? cuase for what I read it wasn't possible in the old one. But it would be cool if we could
[21:33] <koolhead17> lol lynxman
[21:38] <smoser> RoAkSoAx, jamespage adam_g zul SpamapS anyone...
[21:39] <smoser> anything you all tihnk should be release noted
[21:39] <smoser> for alpha-1
[21:39] <smoser> utlemming, ^
[21:39] <smoser> either known issues or new function/notable things.
[21:41] <zul> nada
[21:41] <Daviey> RoAkSoAx: yeah, i just went through the mailing list archives, it landed this month
[21:41] <backburner> so after I use orchestra to install my server , what is the default username and password??
[21:43] <adam_g> smoser: hmm. squid to squid3 migratin?
[21:43] <Daviey> smoser: New Upstream cobbler snapshot, based on 2.2.2 .. openstack components based on Essex 2.
[21:44] <smoser> at this point we're not filtering anything out
[21:44] <smoser> as the list is... um... 3 items at the moment
[21:44] <backburner> I don't see where I can set a username and password in cobbler/orchestra
[21:44] <backburner> so I have this shinny new server loaded but I can't login without purgeing the password
[21:45] <Daviey> smoser: Are you adding to the release notes for the cloud images, the nic issue?
[21:45] <smoser> i suppose we can add it as a known issue.
[21:45] <smoser> the only real issue is that the images are then 120M populated larger than they would be.
[21:45] <smoser> but we should probably note it.
[21:45] <adam_g> backburner: login to what? a newly provisioned system or cobbler itself?
[21:55] <Daviey> hallyn: So i plan to do a new upstream snapshot of ipxe
[21:55] <hallyn> :(
[21:55] <Daviey> does this impact you?
[21:55] <backburner> anyone using orchestra?
[21:55] <hallyn> Daviey:  it shouldn't  :)
[21:56] <hallyn> Daviey, you could add my debdiff into your merge...
[21:56] <Daviey> backburner: yes
[21:56] <Daviey> backburner: Ah, if you are using the default preseed; the username and password is both ubuntu.
[21:56] <Daviey> (secure eh?)
[21:56] <backburner> ahh thanks , will try that!
[21:57] <Daviey> rocking
[21:57] <Daviey> backburner: Things are changing for precise btw :)
[21:57] <hallyn> Daviey,what i was waiting on was lp:~serge-hallyn/ubuntu/precise/ipxe/kvm-pxe-in-ipxe/ merge
[21:58] <Daviey> hallyn: Mine can stack on yours, don't need to block on me
[21:58] <RoAkSoAx> Daviey: btw.. is redhat-cluster seeded?
[21:58] <Daviey> (once freeze lifts)
[21:58] <hallyn> Daviey, it's a pretty superficial patch, go ahead and do it and i'll rebase
[21:59] <hallyn> Daviey, after this cycle, i think i want to spend some time pushing on getting it so UDD can be used reliably for qemu-kvm and libvirt
[21:59] <hallyn> cause if i could just stage fixes there i wouldn't have this problem
[22:00] <Daviey> hallyn: right, is UDD still broken for them?
[22:00] <hallyn> (pushing as in, trying ot understand th eproblem)
[22:00] <hallyn> yeah.  i thought it was supposed to be fixed, but doesn't appear to be
[22:00] <Daviey> RoAkSoAx: redhat-cluster-suite is on server-ship
[22:00] <backburner> daviey where can you set the inital user/password?
[22:01] <RoAkSoAx> Daviey: so I won't be able to mess with post the freeze?
[22:01] <hallyn> Most recent Ubuntu Precise version: 0.15.0+noroms-0ubuntu6
[22:01] <hallyn> Packaging branch version: 0.14.0+noroms-0ubuntu8
[22:01] <hallyn> Daviey, ^ :(
[22:01] <Daviey> backburner: try, /var/lib/cobbler/kickstarts/orchestra.preseed
[22:02] <Daviey> hallyn: :(
[22:02] <RoAkSoAx> Daviey: zul I think we'll also need to add user/password fields for each system so that users can change them
[22:02] <ninjix> Daviey: that would be a nice new feature for the passwords
[22:03] <Daviey> hallyn: urgh, http://package-import.ubuntu.com/status/qemu-kvm.html
[22:03] <Daviey> yep
[22:06] <ninjix> installing server via alternate using a giant monitor. Have to look away from the purple and orange every few minutes to color adjust my eyes? :)
[22:09] <ninjix> anyone experienced this before? it's quite a trip.
[22:09] <ninjix> whole room is purple :)
[22:10] <Daviey> heh
[22:11] <ninjix> coworkers keep coming over to see what's making all the light.
[22:16] <hallyn> wtf?  /usr is group writeable...
[22:43] <skaet> smoser, utlemming - what's the status with the cloud images for the release?
[22:44] <utlemming> skaet: I think they are good, but let me double check
[22:44] <utlemming> the testing only started a few hours ago
[22:44] <utlemming> (due to problems with IP addresses)
[22:44] <skaet> utlemming, thanks,  silence was starting to worry me.  :)
[22:49] <utlemming> skaet: looking good so far (https://jenkins.qa.ubuntu.com/view/Precise/job/precise-server-ec2/) there are still some tests to complete, but I'm not seeing anything that would preclude launching it
[22:49] <skaet> utlemming,  thanks.  :)
[23:04] <adam_g> zul: ping
[23:30] <zul> adam_g: whats up
[23:33] <adam_g> zul: hey
[23:34] <zul> adam_g: hilo
[23:34] <adam_g> zul:  i was lookin at glance wrt to bug 883988
[23:34] <zul> adam_g: ok
[23:35] <adam_g> zul: that predates me. :) where'd the logic around 'db_sync' come from?  the upstream packaging or us? i see the same thing in the nova packaging as well, and wonder what the reasoning is
[23:37] <zul> adam_g: upstream packaging im pretty sure
[23:38] <zul> it creates the database
[23:38] <adam_g> well
[23:38] <adam_g> it migrates the database, it doesn't create
[23:39] <adam_g> im curious to know the reason why it only attempts to do so for connections that are not sqlite
[23:40] <zul> adam_g: i think predates me as well :)
[23:40] <adam_g> ah
[23:40] <zul> since im not the one who wrote it
[23:43] <adam_g> zul: lp:~openstack-ubuntu-packagers is where all of that work has lived, right?
[23:43] <zul> right all the upstream stuff is there
[23:43] <zul> all the ubuntu stuff is at ubuntu-server-dev
[23:46] <adam_g> http://bazaar.launchpad.net/~openstack-ubuntu-packagers/glance/ubuntu/revision/29