/srv/irclogs.ubuntu.com/2011/12/06/#ubuntu-server.txt

luis__algun canal de server en español00:06
twb!es00:08
ubottuEn la mayoría de canales de Ubuntu se habla sólo en inglés. Si busca ayuda en español o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter.00:08
twbsiento, solo #ubuntu-es, no hay #ubuntu-server-es00:10
twbOK WTF.  So someone "helpfully" renamed the printer's DHCP name.  So I stop cups, go into printers.conf and change the ipp://gibberish URL to ipp://mfd, and start cups00:37
twblpstat -t says cups can't connect to "gibberish" since <time of initial outage>00:38
twbWhat, cups, are you too stupid to even try connecting to printers when you first start?!  Graah!00:38
twbSolved by stopping cups again and deleting from its "config" file some state variables that ought to be in /var/ somewhere.00:43
twbIncidentally, cancel(1) is a STUPIDLY AMBIGUOUS name to be reserved for printing00:44
uvirtbotNew bug: #900558 in open-vm-tools (multiverse) "open-vm-dkms 2011.07.19-450511-0ubuntu2: open-vm-tools kernel module failed to build (dup-of: 900555)" [Undecided,New] https://launchpad.net/bugs/90055801:26
uvirtbotNew bug: #900553 in keystone (universe) "Any user can manage the keystone database via keystone-manage" [Undecided,New] https://launchpad.net/bugs/90055301:27
jehoshua02Hey guys, any troubleshooting tips for an "unable to read font" error? Here's my research so far: https://gist.github.com/1436020#file_rubyforge_install_faq.md01:30
twbjehoshua02: error from what?01:34
twbOh, redmine01:38
jehoshua02"unable to read font" is an ambiguous message. Gives no indication of why.01:40
twbLooks like libmagick is having trouble reading a specific pfb01:41
twbMaybe libmagick can't speak pfb in the first place?01:41
twbYou need to find libmagick people and ask them about this line: Magick::ImageMagickError (unable to read font `/opt/redmine/common/share/ghostscript/fonts/n019003l.pfb' @ annotate.c/RenderFreetype/1043: `(null)'):01:41
* jehoshua02 Hmm... libmagick people... where are you?01:42
twbProbably there is a channel like #imagemagick01:57
=== bladernr_ is now known as bladernr_afk
Resistanceanyone here willing to review my HOW-TO posts on my blog for setting up nginx on Ubuntu?  I only need general input, i've got my nginx contacts reviewing the content for accuracy.  https://blog.trekweb.org/categories/ubuntu/nginx/  <-- if you'd be so kind :)05:56
twbphp5 isn't nginx05:56
Resistancetwb:  true, but the tutorial specifically goes into configuring nginx to work with php505:58
Resistance(for the nginx people, basically, since i work with their support channel here on freenode)05:59
Resistanceignoring relevancy, the question is content and understandability :P05:59
Resistance(you'd be surprised how many people try to set up nginx to use fastcgi, which doesnt work at all :/)06:01
Resistances/at all/at all without some PHP handler, and the preferred one for Debian based systems is php5-fpm/06:02
usergood morning!06:06
useri have the following problem: after upgrade from natty to oneiric cron sends me the following mail:06:07
userPHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626+lfs/sqlite.so' - /usr/lib/php5/20090626+lfs/sqlite.so: cannot open shared object file: No such file or directory in Unknown on line 006:07
useri think its because libsqlite.so is missing from php5-sqlite. in oneiric it only contains libsqlite3.so06:08
SpamapSuser: sqlite is deprecated06:14
SpamapSuser: you should be using sqlite306:14
SpamapSResistance: /var/fpm is not FHS compliant...06:16
ResistanceSpamapS:  then provide a suggestion06:17
Resistanceor a replacement06:17
SpamapSResistance: /var/lib/php5-fpm would be more appropriate06:17
Resistancefor the socket?06:17
SpamapSResistance: or /srv/www06:17
SpamapSactually for a socket06:17
SpamapS/var/run/php5-fpm06:17
Resistancei'll fix that now06:18
ResistanceSpamapS:  i assume /var/run/php5-fpm doesn't exist by default...?06:18
Resistanceor does it?06:18
SpamapSdoesn't it usually listen there already?06:18
Resistancenope, by default it uses a TCP listener last time i checked06:18
* Resistance will triple-check06:18
SpamapSahh06:18
* SpamapS uses php5-fpm but does not change the defaults. :)06:19
Resistance:P06:19
useryes i know that, but package roundcube depends on sqlite afaik06:19
userroundcube is now disfunctional after the upgrade06:19
Resistancethe nginx people actually prefer the use of sockets over TCP06:19
Resistanceunless the PHP stuff is off-site :P06:19
ResistanceSpamapS:  i assume php5-fpm would be the socket's name?06:19
SpamapSuser: maybe fix roundcube then. ;)06:20
SpamapSResistance: php5-fpm.sock would be more obvious...06:20
Resistancethat's what i was considering using in the thing06:20
Resistancerather than just php5-fpm in /var/run06:20
SpamapSResistance: if it has a pid file too.. then /var/run/php5-fpm/php5-fpm.sock might even be better06:20
SpamapSthen you can put the pid file in /var/run/php5-fpm/php5-fpm.pid06:21
SpamapSResistance: maybe submit a bug report suggesting that php5-fpm listen on a standard socket too.06:21
Resistance:P06:21
ResistanceSpamapS:  meh, cba to file a bug just now06:21
ResistanceSpamapS:  on another note, i'm not even sure ***WHERE*** the pid is stored06:21
Resistancesince i leave the pid stuff at its default06:21
SpamapSPIDFILE=/var/run/php5-fpm.pid06:22
Resistanceis that the default?06:22
SpamapSyes06:22
Resistancethen i'm just going to leave that :P06:22
Resistancethe nginx+php5-fpm post should be updated now06:23
ResistanceSpamapS:  i assume i'd file it against the source package?06:23
SpamapSResistance: https://launchpad.net/ubuntu/+source/php5/+filebug06:24
Resistancethat's what i thought, thanks06:24
* Resistance knows those links well, since he's trying to backport php 5.3.8 to natty/oneiric within a PPA :P06:24
ResistanceSpamapS:  bug #900620 if you're interested in tracking it06:28
uvirtbotLaunchpad bug 900620 in php5 "Possible Bug: php5-fpm does not listen on a socket by default" [Undecided,New] https://launchpad.net/bugs/90062006:28
ResistanceSpamapS:  other than those inconsistencies, which i have attempted to fix, any other suggestions on the blog posts?06:28
uvirtbotNew bug: #900620 in php5 (main) "Possible Bug: php5-fpm does not listen on a socket by default" [Undecided,New] https://launchpad.net/bugs/90062006:36
Resistancelool06:36
twbSpamapS: probably /run by now06:46
SpamapStwb: Until 12.04 is out, I suggest people use /var/run so their instructions work on 10.0406:49
SpamapS*packages* must start using /run06:49
SpamapSResistance: one stupid niggle.. not a real problem. You shouldn't show PHP code examples with the worthless PHP close tag  ?> ... just causes problems06:50
twb11.10 didn't have /run ?06:50
SpamapStwb: 11.10 has /run06:50
SpamapSits the first release to have /run06:50
twbk06:50
ResistanceSpamapS: bleh, you're impossible to please :P06:51
SpamapSResistance: I'm quite happy, the post looks great. Its just bad form. ;)06:51
ResistanceSpamapS:  what would you recommend i put in place of that code?  (btw, I usually code in strict PHP, including all closing tags :P)06:51
SpamapSResistance: just delete the third line06:51
Resistanceok06:51
SpamapS<? phpinfo();06:51
Resistance*reloads the connection*06:51
SpamapSactually <?php phpinfo();06:51
SpamapSwho needs 2 lines right?06:51
twbstrict php is no php :P06:52
Resistance:P06:52
ResistanceSpamapS:  better?06:52
SpamapSResistance: purty06:53
Resistance:P06:53
Resistanceokay, well i'm headed to bed06:53
Resistancei've got to be up at 06:45 and its almost 02:0006:53
=== Guest86932 is now known as kklimonda
=== kklimonda is now known as Guest35546
=== Guest35546 is now known as kklimonda
aarcaneSo I'm curious about running Ubuntu Server in a virtual environment.  I have a setup that would lend itsself well to either using disk images or to using exposed filesystems.  Both are equally simple to configure and deploy.  The question, for my environment, is which is better performant ?  has anyone done a side-by-side comparison ?07:41
austonHi, I have my server running 2 NICs with forwarding function but trying to configure firewall using iptables from chain FORWARD but failed. When I use DROP command, the client is not able to connect to internet even exception was made for port 80.08:07
austonIf I excluded the DROP from the FORWARD, the client is able to access the internet.08:08
=== smb` is now known as smb
dckirbahello all, how are you doing?08:30
=== himcesjf1 is now known as himcesjf
dckirbaDoes anyone have a moment to spare? Need help configuring jabber2d on the local office server08:30
ikoniawhat's up ?08:31
lynxmanmorning o/09:02
koolhead11hi all09:41
lynxmanhey koolhead11 o/09:47
koolhead11hello lynxman :)09:48
uvirtbotNew bug: #900662 in etckeeper (main) "Please merge etckeeper 0.57 (main) from Debian testing (main) " [Undecided,New] https://launchpad.net/bugs/90066209:53
mattiGuys.10:07
mattiIs there a way to force installer to swap order of drives / contollers it will "install" -- so to speak?10:07
* matti is trying to find something...10:08
Myrttimatti: what do you mean by swapping the order?10:10
mattiMyrtti: I want my sdb -> sda, as my 3Ware should be my boot contoller :)10:11
mattiMyrtti: To be honest, this is puzzling me. As grub is failing to install from the installer on my 60 TB array that is using GPT partition table on sda.10:12
mattiMyrtti: Which is not a boot contoller anyway.10:12
mattiMyrtti: It seems that despite the setting in BIOS and ROM load-order set, kernel and/or installer loads drivers in an alphabetical order.10:12
Myrttiright, well I was going to suggest changing the settings in BIOS but oh well10:14
Myrttiyou're ahead of me already10:14
matti:)10:14
mattiTrying to automate this is a pure nightmare.10:14
Ursinhagooooood morning10:20
Davieymatti: Hmm, you can make sdb the install disk?10:26
Davieyisn't that enough?10:26
DavieyIf you depend on sda always being sda, you are probably doing it wrong :)10:26
ersiWouldn't GUID's be the preferred way here?10:27
mattiDaviey: I don't care.10:30
mattiDaviey: But try to convince grub-installer from the installer to install itself correctly on GPT.10:31
mattiDaviey: If you do that, then I will kiss you.10:31
mattiDaviey: :)10:31
mattiDaviey: Oh, and fix Debian 6 for me along the way, as it has the same problems (no surprise here).10:32
matti;]10:32
mattiMeh ;)10:38
Davieymatti: Hmm, I don't have much experience with GPT TBH.. But i thought that was all resolved in Oneiric?10:45
DavieyAre you using Lucid?10:45
ikoniaI've still hit a few issues with gpt on 11.1010:46
ikoniait's much much better, but not %10010:46
mattiDaviey: 10.0410:50
mattiDaviey: Ubuntu 10.04 and Debian 6 -- either/or ;]10:50
notlisteningHi all, I have a 3G USB modem that I want to use with 11.10. It has dual mass storage and modem capabilities. When I use it on the desktop these are both available however on server only the scsi storage is accessible can anyone make some suggestions of what i need to do to get the ttyUSB interface to register?10:52
notlisteningI have manually load usbserial and option modules and installed usb_modeswitch10:54
notlisteningthere seems to be little to no documentation on this :|10:54
notlisteningI solved the problem, you must delay the usb-storage module from loading :P11:44
* koolhead11 is sleepy11:49
koolhead11smoser: aroun?11:51
koolhead11d11:51
loolzul: Hey, there's an issue with squid3/squid: the squid source package is still in Ubuntu but fails to upload because the squid3 source package provides a "squid" binary package with a higher version12:33
loolzul: In Debian, there's the squid binary package from the squid source package and the squid3 binary package from the squid3 source package, do they plan to drop squid 2 eventually?12:33
loolzul: I don't think we can upload squid 2 in Ubuntu anymore because of this, so we'd rather remove and blacklist it from Debian imports, unless we can think of a way that the sources and binaries would be mostly similar between Debian and Ubuntu12:34
zullool: thats fine with me12:46
loolzul: Ok12:46
zullool: since squid3 is in main12:46
RodrigoJimmyGreetings my friends! I'd like to personalize the boot and installer process of ubuntu server. Change boot menu options, set default idiom, set default partition schema, and so on. What's the best way? Changing iso contents em regererate ISO by mkisofs or genisofs? or change debian-cd and debian-installer packages to do this? Or neither?12:58
uvirtbotNew bug: #900741 in squid (universe) "Remove and blacklist squid" [Undecided,New] https://launchpad.net/bugs/90074113:06
=== himcesjf1 is now known as himcesjf
caribouquick question : is vmbuilder still actively supported ?13:43
smoserkoolhead11, here now.13:48
smoserwell, koolhead11 http://paste.ubuntu.com/760635/ "worked for me"13:48
koolhead11smoser: you had time to test it sir?13:48
* koolhead11 checks13:49
koolhead11smoser: let me give it a try :)13:50
smoserkoolhead11, i suspect it wont work for you, but if it does, then you should see what is different in the 2 paths that you had success versus failure with.14:00
smoserthere may be a bug in openstack using your image due to something else14:00
smoserbut your issue there is with openstack, not really resolvable in a guest.14:00
koolhead11smoser: :( hmm14:00
koolhead11it means am not able to run my modified cloud image in openstack.14:01
koolhead11let me give one more try!! :P14:02
Daviey*sigh*, LP is Read Only.14:02
zulwohoo...party party time14:03
sorenIt's been pretty screwed for a while.14:03
sorenlibrarian has been giving me 503's for at least half an hour.14:03
smoserkoolhead11, well, give the above a try, as it worke dfor me.14:03
smosersoren, launchpad works fine for me. you must have not been nice to it.14:03
koolhead11zul: sirr!! :P14:04
sorensmoser: lies14:04
Davieysoren: I think i saw that your account was special cased for a badride()14:04
soren:(14:05
zulsoren: maybe its trying to tell you something14:06
sorenzul: When have I been known to listen to anything?14:06
zulsoren: heh14:08
pmatuliswas showing my 4yr-old son my green Openstack t-shirt, he repeated "opensnack".  good name change?14:10
caribouRe: my vmbuilder question, I'm able to reproduce this bug https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/53159914:10
uvirtbotLaunchpad bug 531599 in vm-builder "device mappings for partitions not removed after build using --raw, leading to filesystem corruption" [Undecided,Confirmed]14:10
caribouwhich generates FS corruption14:10
* Daviey forks pmatulis open snack.. *yum*14:10
pmatulishe he14:11
cariboupmatulis: how about openbar?14:11
pmatuliscaribou: :)14:12
koolhead11open beer14:17
patdk-wkis openbar covered by gpl?14:19
koolhead11zul: i need that keystone pkg to gain some confidence and get back to openstack voyage!! :D14:20
zulhttps://launchpad.net/~zulcss/+archive/openstack-sru-updates14:21
zulkoolhead11: ^^^14:21
koolhead11zul: " oneiric main  "  /o.0\14:23
=== bladernr_afk is now known as bladernr_
mboeruhello14:57
mboerucan anyone help me with some problems regarding kickseed partman RAID creation?14:58
mboeruso no one? :(15:01
koolhead11lynxman: around?15:08
koolhead11what was that thing 4 automatic deployment of instances on virtualbox15:08
Davieysmoser: Have you tried cobbler-devenv recently, and more so - against cobbler/15:10
Daviey?15:10
Davieyerr, against juju15:10
smoserDaviey, no. its on the list of things to do.15:12
smoserrelated question15:12
smoserhallyn,15:12
hallynsmoser: hold on, quick reboot, audio troubles while trying to do a call15:13
smoserwe were considering juju deploy of openstack on desktop. where juju would use the local [lxc] provider. and we'd install openstack. assuming you could get that to work, then i'd think you'd want lxc as the libvirt-type for openstack.15:13
smosersorry, had typed that and didn't want to lose it. i'll replay if you ask nicely.15:14
smoserwill there be issues in openstack nova running in an lxc container providing an lxc instances ?15:14
mboerucan anyone help me with some problems regarding kickstart / preseed partman RAID creation on ubuntu 10.04.3 ?15:18
hallynsmoser: hm, there might be due to NFS in particular15:18
smoseri'm' almost insulted.15:19
smoserwhy would i use nfs ?15:19
hallynwell nfs was a proxy for any in-kernel network filesystem15:19
smoseroh... ok. yeah, the guests could potentially use nfs.15:20
smoseri'm not heartbroken if that is broken.15:20
hallynshould work then15:20
smoserhm...15:23
smoseri'm thinking of tother tings that might get in the way15:23
smoserthe nova-compute lxc isntance is going to attempt to do routing via ip tables15:23
smoserand multiple compute nodes [containers] woudlb e wanting to use the same ports.15:24
lynxmankoolhead11: hey :)15:27
lynxmankoolhead11: vagrant!15:27
hallyniptables are per container15:27
hallynsmoser: so if the nova-compute instance will always look like the 'parent' of the things it fires off it might work15:28
hallynsmoser: but you might want to use a container without its own netns15:29
smoserhallyn, the nova-compute will use libvirt to launch instances15:30
hallynsmoser: using virsh to what it calls localhost?15:31
smoseryes, probably.15:31
smoserwell, not virsh15:32
smoserpython-libvirt15:32
hallynwell then it might be fine - hte iptables rules it creates will affect the default libvirt network it creates, used by its lxc clients...  *should* work15:32
hallynbe cool to see15:32
smoserok. then one other question15:32
smoseri sohlud be able to do this with kvm as the nova-launched guests also15:33
smoserright?15:33
hallynyes, so long as you give the nova-compute container access to /dev/kvm15:33
DavieyUrsinha: Are you chairing?15:57
Ursinhaagain?15:57
UrsinhaDaviey: I guess smoser was volunteered15:57
Ursinha:P15:57
DavieyUrsinha: i'm looking at the agenda, which has you next :)15:58
smoserdid you do last week Ursinha ?15:58
Ursinhasmoser: yes15:58
smoserif you did, then i will reluctantly do this.15:58
smosersuck15:58
Ursinhalol15:58
UrsinhaI can chair again15:58
SpamapSUrsinha: if you forget to update the list, you have to chair again. ;)15:59
hallyni think this is called hazing15:59
SpamapSsmoser: the agenda is empty, so.. should go quickly. :)15:59
smoserk.16:00
smoserhere we go16:00
smoser#start-meeting Ubuntu Server Team Meeting16:00
smoser#startmeeting Ubuntu Server Team Meeting16:00
smoserugh.16:00
lynxmansmoser: wrong channel16:00
RoAkSoAxlol16:00
lynxmansmoser: points smoser to #ubuntu-meeting16:01
Ursinhasmoser: http://paste.ubuntu.com/761745/16:01
marshallhey ubuntu-server16:15
marshallI notice that byobu is installed on oneiric server by default. it looks sort of useful, but it seems to mess things up when I do `clear` or cmd+k (clear shortcut). Has anybody else had this issue?16:22
kpettitis there a simple DNS server that is somehting like a etc/hosts file.  Trying to do local home network dns and don't really want to mess with BIND for something simple like that16:22
uvirtbotNew bug: #893134 in swift (main) "swauth required for auth in diablo" [Undecided,Fix released] https://launchpad.net/bugs/89313416:22
smoserkirkland, ^ see marshall16:26
kirklandmarshall: what kind of things mess up when you do clear?16:28
kirklandmarshall: i do "clear" all the time16:28
broderhey guys - i can't stick around atm, but if anyone here is affiliated with openstack, could you see if your keystone packaging should have a vcs-bzr tag on it or something? i saw lp:~gandelman-a/ubuntu/precise/keystone/900553 in the sponsorship queue, and it seemed like maybe it should be going against lp:~openstack-ubuntu-packagers/keystone/ubuntu or something16:29
smoseradam_g, zul ^16:30
smoserbroder is probably correct16:30
zulbroder: will have a look16:31
marshallkirkland: sometimes it puts the cursor somewhere weird on the screen, and the top line of byobu sometimes disappears. I dunno, it's kind of flickery after a `clear`.16:31
adam_gzul: what is the workflow for packaging updates? update the ~openstack-ubuntu-packagers/$foo branch first, then propose a merge into ubuntu from there, or the other way? it seems like its different for each subproject16:35
zuladam_g: propose against ~ubuntu-server-dev/<project>/essex and then propose against ~openstack-ubuntu-packagers/<project>/ubuntu16:36
adam_gzul: i thought ~ubuntu-server-dev was stable/oneiric/backport branch?16:37
SpamapSFixes have to hit precise before they'll be allowed into oneiric16:37
zulnope its for essex as well, ill write something up16:37
SpamapSSo it akes sense that you'd do essex first16:37
adam_gzul: i dont follow16:38
zuladam_g: for oneirc/stable diablo there is packaging branches called lp:~ubuntu-server-dev/<project>/diablo16:38
zulfor precise its lp:~ubuntu-server-dev/<project>/essex16:39
zulor am i on crack16:40
adam_gzul: ok16:40
zuladam_g: ill sync up the branches today16:41
adam_gcool16:41
rbasakDaviey: OK, SRU for cobbler csrf?16:42
Davieyrbasak: Yes, so it's exactly the same, except - the pocket is oneiric-security16:43
DavieyAnd only the ~ubuntu-security team can sponsor it.16:44
DavieyThey also prefer a richer changelog message, one moment16:44
rbasakDaviey: and I'll focus only on this one vulnerability? There were a few others too IIRC, but not sure if I can bundle multiple fixes into one SRU?16:44
rbasak(or if the others are even justified to be SRU'd)16:45
Davieyrbasak: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation16:45
Davieyrbasak: probably best to speak to the security team, but depending on confidence, you can double up16:45
rbasakOK, thanks16:46
koolhead11zul: keystone failed to install, let me pastebin16:50
koolhead11zul: http://paste.ubuntu.com/761806/16:52
UrsinhaDaviey: hello :)16:53
zulkoolhead11: cool thanks ill take a look16:53
allowoverridekoolhead11: looks like you need to execute as sudo16:53
Davieyhey Ursinha16:53
allowoverrideperms denied on /keystone.log16:53
UrsinhaDaviey: I'd like to have your feedback about this diagram: http://ubuntuone.com/5OxEIhPUuxdAfVS5N4YO4416:54
koolhead11allowoverride: i am using with sudo :D16:54
Davieylooking16:54
UrsinhaDaviey: can you tell me if I'm missing something that server team would be doing?16:54
Ursinhathanks :)16:54
* koolhead11 leaves 4 home. laters16:55
Davieyttfn koolhead1116:55
DavieyUrsinha: what is this based on, and who follows it so far?16:56
Daviey(who authored it?)16:56
UrsinhaDaviey: I did16:56
UrsinhaDaviey: this is what I could infer by how launchpad behaves today plus the triage guide16:57
Ursinhaserver triage guide16:57
DavieyUrsinha: right, but where is the bot? :)16:57
UrsinhaDaviey: the one that marks bugs as confirmed?16:57
Ursinhawhen a bug has a duplicate launchpad marks the bugtask as confirmed16:57
Ursinhaafaik16:57
Davieyahh16:57
DavieySorry, i thought it was something more exciting :)16:58
UrsinhaI'll clarify that :)16:58
Ursinhalol16:58
Ursinhasorry16:58
DavieyUrsinha: I think it is pretty complete, but also idealistic :)16:58
Ursinhaso, let me know how it works today or what would be a less idealistic approach, please :)16:59
UrsinhaDaviey: I have the .dia file, want it?16:59
DavieyUrsinha: I wish i had a plotter, so i could print it out and put it on my bedroom wall :)17:00
DavieyUrsinha: I think you have it covered, but let me think about it?17:00
UrsinhaDaviey: I drew it in an A3 sheet :) than converted to dia :P17:01
UrsinhaDaviey: yes, can I ping you later about that?17:01
Davieycool17:02
=== bitmonk_ is now known as bitmonk
hsmodanyone know how i can load megaraid_sas driver when i pxe boot a livecd?17:25
hsmod(on either natty or maverick)17:25
jandruskFor Juju you need to have an Amazon EC2 account and storage setup, right?17:26
jandruskNevermind. Already found it on CharmSchool.17:39
hsmodanyone know how i can load megaraid_sas driver when i pxe boot a livecd?18:09
hallynjjohansen: should 'rw' apparmor rights to a file that is a unix socket suffice for bind?18:20
jjohansenhallyn: yes18:20
hallynjjohansen: thanks. (then i'm flummoxed :)18:20
jjohansenhallyn: what is happening?18:21
mboerucan anyone help me with a preseed problem, I'm trying to provision a server with 2 500G hdds and software RAID, but can't figure it out18:21
hallyni'm testing tunnelled migration - my patch works in lucid and precise, but in maverick i'm getting:18:21
hallynind(unix:/var/run/libvirt/qemu/qemu.tunnelmigrate.dest.cdboot): Permission denied18:21
jjohansenhallyn: hrmm, are there any log messages?18:22
hallyn"/var/run/libvirt/**/*.tunnelmigrate.dest.cdboot" rw is in the *.files18:22
hallynjjohansen: that msg is in the libvirt log18:22
jjohansenhallyn: anything in dmesg?18:23
hallynnope18:23
hallynflummoxed18:23
jjohansenhrmm18:24
hallynthis is going to be the slowest sru i've ever had.  2 days so far, not halfway done18:24
jjohansenhallyn: stick audit in front of the apparmor rule.18:25
jjohansen  audit /var/run/libvirt/**/*.tunnelmigrate.dest.cdboot" rw18:25
jjohansenapparmor will log every time it sees a file matching that, whether its allowing it or not18:25
jjohansenthat should help narrow down whether apparmor thinks its seeing it18:26
hallynjjohansen: ok - that rule gets generated on each migration on the fly, so i need to rebuild  real quick18:29
jjohansenhallyn: if you know where the profile file is, you can edit it by hand and reload it with18:30
jjohansen  sudo apparmor_parser -r <file>18:30
hallynjjohansen: i can't bc it gets recreated when i retry migration18:33
hallynjjohansen: hm, still nothing in dmesg!  maybe the libvirt apparmor security driver code is screwy18:35
jjohansenhallyn: maybe, jdstrand would have a better handle on that part than me18:37
jdstrandhallyn: for testing, you can edit /etc/apparmor.d/libvirt/libvirt-<uuid>18:38
hallynjdstrand: but that gets overwritten when i do virsh migrate again18:39
jdstrandhallyn: it is created on first run of the vm, but is persitent thereafter (it is the .files file that is updated every time)18:39
jdstrandhmm18:39
jdstrandmigrate-- I guess that makes sense cause it is supposed to be a 'new' vm18:40
hallynand yeah, the .xml doesn't actually stick around (nothing in virsh list --all) so i can't restart it even if i thought htat would still try to access that pipe18:40
jdstrandhallyn: you can also disable the apparmor driver in /etc/libvirt/qemu.conf by setting 'security_driver = "none"' and restarting libvirt18:41
hallynI don't know, I"m at a loss.  maybe i messed up something else18:41
hallynstill get that failure!18:42
jdstrandhallyn: you can also edit /etc/apparmor.d/abstractions/libvirt-qemu on the host getting denials. that applies to all vms18:43
jdstrandhallyn: if you want to make sure you have disabled the apparmor driver, examine the output of 'virsh capabilities' and/or 'virsh dominfo <vm>'18:45
hallynwhat should virsh capabilities tell me?18:45
hallyn(/proc/`pidof libvirtd`/attr/current still says enforcing)18:45
jdstrandin the <host> section if a security driver is enabled, you should see:18:46
jdstrand    <secmodel>18:46
jdstrand      <model>apparmor</model>18:46
jdstrand      <doi>0</doi>18:46
jdstrand    </secmodel>18:46
jdstrandhallyn: that is because the you didn't unload the profile for libvirtd18:46
jdstrandhallyn: but you don't need to18:47
jdstrand(unless there is a bug, which there was one at one time)18:47
zulhallyn: have you seen this? "libvirtError: internal error cannot create rule since ebtables tool is missing."18:47
hallynjdstrand: ah, i see. yeah, it's turned off now.  and i still get that denial18:47
jdstrandhallyn: wait, what? you get an apparmor denial with the driver disabled?18:48
hallynzul: i haven't.  on precise?18:48
hallynjdstrand: yyyyyp18:48
zulhallyn: yep18:48
hallynput a u in there18:48
jdstrandhallyn: well, is the machine still running? libvirt won't unconfine a vm18:49
jdstrandhallyn: it just won't start a vm confined18:49
hallynzul: ebtables should be moved from recommends to depends?18:49
hallynjdstrand: the vm is running on host1.  host2 is where i try to migrate it to, and it has unconvined libvirt now18:49
zulhallyn: it seems other people are having the same issue: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/68408818:50
uvirtbotLaunchpad bug 684088 in libvirt "libvirt should detect the presence of tools at use-time rather than at start-time" [Low,Triaged]18:50
jdstrandhallyn: on host1, what is the output of 'aa-status'?18:50
hallynzul: patch welcome for that :)18:50
jdstrandhallyn: err, host218:50
zulhallyn: yeah yeah :)18:50
hallynjdstrand: it shows libvirtd profile and process in enforce mode18:51
jdstrandhallyn: can you paste the output?18:51
hallynzul: you agree ebtables should be depends?18:51
zulhallyn: yeah but i already have ebtables installed18:52
hallynjdstrand: http://pastebin.com/K5MuHYvK18:52
hallynzul: restart libvirt-bin :)  making it depends will prevent it in the future.  i'm not writing a patch to do check-at-use!18:53
jdstrandhallyn: can you paste the output of virsh capabilities n host2?18:53
hallynhttp://pastebin.com/baf2mkzM18:53
jdstrandthat pastebin is annoying with its captchas :P18:54
jdstrandhmm18:54
hallynjdstrand: as i said to jjohansen, this works fine on lucid and precise, it's only failing on maverick.18:54
hallynmaking me wonderer whether my setup is bad18:54
jdstrandhallyn: can you try to do a migrate after doing this on host2: sudo apaprmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd18:54
hallyn(that or it's a temp regression in the code)18:54
zulhallyn: restarted it and still get the same problem18:54
jdstrandhallyn: I typoed that command18:55
hallynzul: that's a problem18:55
zulhallyn: yeah lemme try something first18:55
hallynjdstrand: i think it's an nfs issue, actually.  i think the log msg is bogus, and it's actually dying trying to chown the disk img18:58
hallyncause18:58
hallyn-rw-r--r-- 1 4294967294 4294967294 1073741824 2011-12-06 17:58 cdboot.img18:58
hallyndoesn't look right18:58
jdstrandhuh18:58
jdstrandlibvirt's error reporting sometimes stinks18:58
jdstrandhallyn: this is the type of thing I was talking about when I recommended VIRT_WARN last week18:59
hallyni put VIRT_WARN in that patch.  that patch isn't in mav18:59
jdstrandhallyn: no, I know that18:59
hallynok :)18:59
jdstrandhallyn: I am saying this is precisely the *type* of thing that happens19:00
hallynsigh, yeah.19:00
hallynso i wonder if this is a bug in maverick's nfs19:00
hallynuid/gid isn't *supposed* to come through as -1 is it?19:01
hallyntrying a rebuild with VIR_WARN at that line19:02
=== smoser_ is now known as smoser
hallyni shouldve said only lucid sru for this...  who is gonna do this on maverick?19:03
Shaboomtry mozilla firefox on linux, preferably linux , and linux ubuntu if possible for best results: http://baby.cn.yahoo.com/pic/19:04
* patdk-wk is scared19:12
hallynzul: is that a pretty safe normal assumption?  that i can do a fix only for lucid and oneiric, bc noone will move from lucid to maverick or natty for servers right now?19:13
patdk-wkno sane person :)19:13
zulhallyn: i think so19:13
hallynphew19:14
zuli think most people would be waiting for the next LTS19:14
* patdk-wk is waiting for 12.04.219:14
patdk-wknormally by then I have had enough time to test and start moving :)19:14
zulhallyn: with the libvirt ebtables im horribly out of date...ill try it again after the update is finish19:15
hallynok19:16
SpamapSkoolhead17: whenever you are ready we can chat about bug 87526219:19
uvirtbotLaunchpad bug 875262 in php5 "PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626+lfs/sqlite.so'" [High,Confirmed] https://launchpad.net/bugs/87526219:19
koolhead17SpamapS: in 20 mins :)19:20
incorrectare there other authentication systems i can use with windows that don't involve me setting up samba?19:27
SpamapSincorrect: at one time, I know stock kerberos 5 + ldap worked .. but not very well.. with windows XP and 200019:40
incorrector an easy way to get samba doing domain log ins19:42
uvirtbotNew bug: #900889 in apache2 (main) "Php5 Application Segmentation Fault After Upgrade from 9.04 to 10.04, 10.10. or 11.10" [Undecided,New] https://launchpad.net/bugs/90088919:43
zulhallyn: false alarm19:47
hallynphew19:47
zulsorry to work up your blood pressure19:49
=== claude2 is now known as jonathandee
=== jonathandee is now known as claude2
adam_gzul: https://code.launchpad.net/~gandelman-a/ubuntu/precise/keystone/lp900553/+merge/8466320:10
adam_gzul: should i also send proposals with the changes that were merged directly into the nova and glance ubuntu packages this week, or do you want to do that?20:11
zuladam_g: no ill take care of it20:11
adam_gk20:11
* lukstr waves20:20
lukstrI have a fun kerberos question20:20
lukstrafter running sudo auth-client-config -a -p kerberos_example I can't log in at all. In a guest session I can get tickets just fine but anything PAM seems extremely unhappy20:21
zulhallyn: nope was still able to reproduce it20:32
lukstris there any _proper_ way to setup kerberos with PAM for 11.10?20:34
hallynjdstrand: hm, i don't think i'll try maverick again, but on oneiric i observe that 'mount -o nfsvers=3' works better (than using v4, the default).  now i can chown, as can libvirtd20:43
jdstrandinteresting. so it is the DAC driver20:44
jdstrandthey are always fiddling with nfs for the selinux bits20:44
hallynpain20:44
hallynworked fine under precise though with v420:44
jdstrandweird20:46
hallynzul: can you open a bug or post pastebin with reproduction instructions?20:47
jdstrandyeah, I wouldn't worry about maverick-- it is eol in 4 months20:47
jdstrandnatty is... *shrug*. seems too late for it too20:47
hallynlukstr: not something i've worked with, sorry.20:47
hallynjdstrand: i just might weep for joy20:48
jdstrandheh20:48
hallynfinally done with that20:48
hallynnow just a little qemu one to do :)20:48
jdstrand:)20:48
hallynooh!  qemu-kvm-1.0 has been tagged20:49
jdstrandhallyn: iirc, they fiddled a bit with usb2 for that. that would be awesome, but I don't know how far along it is20:50
hallynthey already had with the 0.15 in precise, and i think that's to blame for the uhcd/ehci not being there20:51
hallynhaven't gone and asked on #qemu yet though20:51
jdstrandhallyn: interesting-- I didn't know it was fully working20:51
hallynoh i dont' knwo that it is20:51
zulhallyn: i just added more info to the bug that was open20:59
hallynzul: sounds like openstack should depend on ebtables :)21:04
zulhallyn: right but i have ebtables installed thats the point21:05
hallynzul: unless you're saying you've stopped and started libvirt-bin, that bug is unlikely to get addressed (upstream bug is being ignored).  Why not avoid it altogether?21:06
zulerm..21:06
hallyneh, maybe i'm wrong, and it has been addressed upstream21:07
hallynzul: you know i'm not trying to be difficult :)21:11
zulhallyn: sure i heard that one before21:11
zul:)21:11
hallynwhile : ; do euca-describe-instances  | awk '{ print $2 }' | grep "^i-" | xargs euca-terminate-instances; done isn't getting me very far21:16
FaintHi, I know this is #ubuntu-server, but nothing I say is sent in #httpd, so I am asking here because I am running Ubuntu Server 11. Any help would be appreciated. I am having a problem where when I start Apache, it stays up for a minute then turns off. I have the only two lines it gives me in apache's error.log right here:21:33
Fainthttp://pastebin.com/vX201fQ621:34
Davieyhallyn: http://pb.daviey.com/euca/ is smoser's21:34
hallynDaviey: that hurts the eyes :)21:36
smoserhttp://paste.ubuntu.com/762099/ is my current21:37
Cant_WinnHello everyone21:40
FaintSo does anyone know what the problem is with my Apache? I have searched all over only to find answers that don't work21:40
Cant_WinnI have a small question; Has any one here ever setup, or tried setting up iFolder on Ubuntu 10.04 LTS server?21:41
Davieyhallyn: more than, http://pb.daviey.com/KfaI/21:41
Daviey?21:41
hallynDaviey: i find that easier to read21:41
Davieygolly, it's crap :)21:42
RoyKFaint: I'd try starting the apache process in the foreground21:44
RoyKfahadsadah: is this 11.10 or 11.04?21:45
fahadsadahRoyK: It's 9.45 here21:45
RoyKfahadsadah: sorry, that was meant for faint, who just left :P21:45
fahadsadahDon't worry, I'm just screwing with you :p21:45
Cant_WinnAnyone attempted iFolder before?21:46
=== skrewler_ is now known as skrewler
DavieyRoAkSoAx: What do you think about, NUT integration in Cobbler (replace fence-agents) ?22:04
=== nonsenso_ is now known as nonsenso
sorensmoser: Does cloud-init get ged anything when provisioning new machines with orchestra?22:06
=== shirgall is now known as jrp-afk
sorensmoser: *get fed22:06
RoAkSoAxDaviey: didn't I send you the response to you?22:06
RoAkSoAxDaviey: i think it should not be a replacement, but rather a support22:06
RoAkSoAxDaviey: give me a sec to explain to you the idea that I discussed with arnaud about it22:07
DavieyRoAkSoAx: If you are on the case, great :)22:07
DavieyRoAkSoAx: But i thought the WI listed as 'replace' would interest you22:07
RoAkSoAxDaviey: basically, I told Arnaud that I don't think we should replace but rather, make NUT as an option. i.e. Right now the cobbler server needs access to any power device in order to be able to manage them. If cobbler does not have direct access (like in our lab), but if we do have it to a NUT server, then it would be cool if cobbler can just tell the NUT server "power on outlet for machine XYZ, that I don't have direct access to"22:09
RoAkSoAxbut the NUT server does22:09
smosersoren, yes.22:10
smoserbut not much of importance other than in juju i think22:10
smoserRoAkSoAx, would konw also22:10
ellipsis_Hey, I've got a really low spec computer I was thinking of turning into a server. However it has no harddrive. Can I boot ubuntu server edition from a usb stick and will it lag/use up all the ram? (all I need to do is host a little php, but I can't seem to find any good free hosts)22:11
smoserellipsis_, you can probably manage to do that, yes.22:18
smoserit will jsut have slow IO from the usb disk.22:18
adam_gDaviey: just filed #900977, will sort out in a few22:26
sorensmoser: How does it work?22:30
RoAkSoAxsoren: basically, juju passes a ks_arg to cobbler with the user-data for cloud init in base64. Then, we have a python function that is imported by cheetah via the kickstart templating feature that recieves that BASE64 User Data from the cobbler ks_arg/variable, and creates a late_command that decodes the base64 and execute the code creating the user-data file22:36
ellipsis_smoser, Thanks, but I mean my server has like 500mb of ram. Can I fit the OS into ram without it constantly needing to use swap?22:40
sorenRoAkSoAx: Ok, so the user-data equivalent is passed embedded in the preseed file?22:58
RoAkSoAxsoren: yes22:59
sorenRoAkSoAx: Lovely, thanks.22:59
allowoverridewhats the command to list ops in irc room?23:05
allowoverridethanks23:05

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!