/srv/irclogs.ubuntu.com/2011/12/07/#ubuntu-server.txt

=== kermit is now known as Bryce
crassI'm having strange module dependency issues with apache200:46
crassI'm using aptititude and when trying to install the apache2-mpm-worker it tells me that that breaks things00:47
crasshmm, mod_php can not use mpm-worker?00:53
Patrickdkcrass, it can, if ALL php modules you use are thread safe (unlikely)01:01
Patrickdkthe best way to run php is via fastcgi01:01
twbPity php doesn't have a built-in simple HTTPD that you can just stick behind varnish or nginx01:05
jandruskAnyone know what the mysql username/password is for the juju charm for MySql?01:05
twbfcgi is just so fugly, protocol-wise01:06
Patrickdkheh01:06
PatrickdkI just use lighttpd, with like 3-5 php servers01:06
twbAnd it's nearly impossible to debug, whereas with a simple httpd built into each app, if something goes wrong you can test it by talking directly to the app, eliminating the possibility that the reverse proxy is causing the problem01:07
Patrickdkheh? I find it easy to debug the fastcgi stream01:07
twbPatrickdk: when I looked the tools for doing that were crap, at least compared to e.g. curl -v01:07
ipl31I have been noticing on 11.10 server when I stop and start LXCs that network connectivity drops01:07
ipl31anyone have any ideas on where to start looking for the cause?01:08
twbOh, and running fcgi over the wire between two hosts on an untrusted network is basically a no-go, so if you follow the sysadmin policy of "never trust anybody, ever", you are obliged to put an fcgi-capable (i.e. heavyweight) proxy on the web app's VM, even though you already have a reverse proxy between it and the real world01:08
twbOK, rant over01:08
Patrickdkheh?01:09
Patrickdkhow is that more insecure than running http over the wire?01:09
Patrickdkand isn't that why they create ipsec?01:09
twbPatrickdk: if running php-fcgid you can basically ask it to execute anything01:10
Patrickdkipsec with http/... is much much less resource demanding than https01:10
twbPatrickdk: like say rm -rf /01:10
Patrickdkheh?01:10
twbPatrickdk: admittedly I didn't actually try to do it01:10
Patrickdksince when does php run shell commands?01:10
Patrickdkand I dunno what php-fcgid is, normally you run php-cgi01:10
twbPatrickdk: same thing, different distros call it different names01:11
Patrickdkit only runs php files, that are within it's path you define01:11
Patrickdkbut it's the same as running it any other way01:11
twbMaybe I'm misremembering or misunderstood it01:11
Patrickdkjust as insecure or secure as cgi, or mod_php01:11
Patrickdkwell, it might have been a bug01:12
Patrickdkbut bugs are bugs, not design01:12
twbI would've been looking at the protocol description, not the source01:12
Patrickdkthen the same would be true of any fastcgi program01:12
twbRight01:12
twbI wasn't meaning to single out php cgi specifically01:13
Patrickdkfastcgi doesnt state anything01:13
Patrickdkit's all relative01:13
Patrickdksure you can pass rm -rf / over fastcgi no problem01:13
Patrickdkbut what the other end does iwth that, is the issue, it should drop it as an invalid request01:13
Patrickdksame would be true of any protocol01:14
twbMaybe I just didn't believe php was smart enough to do that01:14
raubvogelCan I configure where nfs logs at? ubuntu 11.10 if that matters01:14
Patrickdknfs logs?01:14
Patrickdknfs client? or nfs server?01:15
twbraubvogel: nfs doesn't log very much by default01:15
twbraubvogel: your best bet is probably wireshark, although if you describe the problem I might give better advice01:15
raubvogeltwb: I cranked up (-vvv) logging01:15
raubvogelTrying to nfs mount from, well, a windows box01:15
* Patrickdk is having a horrible nfs lock issue01:16
raubvogelshare has no security whatsoever01:16
PatrickdkI think it's a 2.6.18 kernel issue though01:16
Patrickdkall shares have security01:16
Patrickdksec=sys,no_root_squash,rw01:16
Patrickdkshould disable most of it01:16
twbraubvogel: -vvv where?01:17
twbNFSv3 has no security whatsoever against the root user of any IP that's allowed in /etc/exports01:17
raubvogelPatrickdk: trying that01:17
raubvogeltwb: In /etc/default/nfs-common:RPCGSSDOPTS="-vvv -rrr" and /etc/default/nfs-kernel-server:RPCSVCGSSDOPTS="-vvv -rrr"01:18
raubvogel 01:18
twbraubvogel: uh, so you're using NFSv4?01:18
Patrickdkheh? gss is encryption stuff01:18
twbGSS isn't used for NFSv301:19
raubvogelSetup can do nfsv4 and kerberos01:19
twbWhat is "setup"01:19
Patrickdkyou configured linux side to do kerberos and installed keys and a kdc server?01:19
raubvogelYep01:19
raubvogelBut01:20
raubvogelhow can I set this up to do nfsv3?01:20
raubvogelwithout kerberos?01:20
twbWell, NFSv3 is much easier01:20
raubvogeland then work my way up?01:20
Patrickdknfs4 is a major pain01:20
raubvogelWell, right now I want to eliminate variables; this is a test01:20
Patrickdkall users must exist on both sides01:20
twbBasically install nfs-kernel-server, add an entry to /etc/exports, run exportfs -rav.  Then on the client, install nfs-common, and run mount fs:/srv/foo /srv/foo01:21
twbPatrickdk: he should be able to mount at least, without making UIDs match01:21
twbOh, sorry, you mean "users must exist... " for NFSv401:21
Patrickdkdepending on the security setting01:21
Patrickdkthat is set on both sides01:21
raubvogelOk, so how do I set this for nfsv301:21
twbraubvogel: do you trust the network you're on?  If not, I recommend NFSv3.01:22
twbEr...01:22
twbraubvogel: do you trust the network you're on?  If you do, I recommend NFSv3.01:22
raubvogelRight now this is a test in a test network01:22
raubvogelwhich is why I want to start with v3 and security disabled01:26
twbv3 doesn't have a -osec= option in the first place01:27
twbAlso for your initial test, strongly recommend test with a linux client01:27
raubvogelIt works fine with linux and OSX01:27
twbAh, OK01:28
raubvogelI am trying to figure out the windows side01:28
raubvogelWhich is why I was looking for a log01:28
raubvogelI mean, if the windows client claims authorization error there better be a related message in the server01:29
raubvogelTest share is being exported, according to exportfs -v in server, as <world>(rw,wdelay,no_root_squash,no_subtree_check,sec=sys,rw,no_root_squash,no_all_squash)01:30
twbOK01:30
raubvogelInteresting it mentioned no_root_squash twice01:31
twbIIRC there are a couple of places to turn NFS server logging on, one at modprobe, the other is in /proc/sys/01:31
twb24. Linux at http://stromberg.dnsalias.org/~strombrg/NFS-troubleshooting-2.html01:32
twbWorking out if it's using NFSv3 or v4 will be very helpful01:33
raubvogeltwb: the windows client can do both01:34
raubvogelit is an argument (/3, /4, etc)01:34
raubvogelAFAIK the nfs server is exporting 3 and 401:34
twbThen explicitly tell windows to use 3 to begin with, since 3 is easier01:35
raubvogelThat is what I have been doing01:35
twbOK.  I would be useful if you had summarized everything you've already done up-front, rather than me having to ask.01:36
raubvogeltwb: will do01:39
twbafk meeting01:40
raubvogelK01:40
raubvogeltwb: It seems the problem is in the nfs client program I am using (hummingbird's). Using the Microsoft's, I have no problem mounting the insecure share.02:10
raubvogelTime to contact their support02:10
crassis there a pachage for php fastcgi? or is it already compiled in?02:25
aarcane_So I'm curious about running Ubuntu Server in a virtual environment.  I have a setup that would lend itsself well to either using disk images or to using exposed filesystems.  Both are equally simple to configure and deploy.  The question, for my environment, is which is better performant ?  has anyone done a side-by-side comparison ?03:15
SpamapSaarcane_: you mean qcow2 vs. say, lvm volumes?03:17
aarcane_I mean qcow2 vs. say, mkdir.03:18
SpamapSmkdir?03:18
SpamapSyour VM needs a block device03:19
SpamapSunless I missed something, kvm doesn't have anything like vmware's host filesystem drivers03:19
aarcane_I thought kvm could run in an environment similar to a chroot.03:20
SpamapSI don't know of anybody doing that.. but it may be possible, I've never tried it03:20
twb The hg driver is pretty crap anyway03:21
twbYou could use NFS to export a chroot to the qemu VM as its root filesystem :-)03:22
aarcane_so does ubuntu/kvm at least support running a partitionless device ?03:22
twbaarcane_: yes but it's fiddly to set up03:22
twbfile /srv/kvm/twb.img ==> /srv/kvm/twb.img: BTRFS Filesystem (label "twb", sectorsize 4096, nodesize 4096, leafsize 4096)03:22
twbThat's a partitionless KVM disk image of a btrfs root filesystem, using extlinux as the bootloader03:23
aarcane_nice.03:23
twbActually come to think of it, if you are doing a normal server install CD inside the VM, it's quite easy -- all you need to do is switch to vt2 and do a "mke2fs /dev/vda", and then the interactive partitioner will allow you to create the real filesystem on vda instead of forcing you to make a vda103:24
aarcane_twb, is there an easily accessible howto to do that ?03:24
twbAfter that you just need to set up the bootloader -- with grub I have no idea, with extlinux it's just the normal extlinux way except you don't need to copy mbr.bin to the MBR03:24
aarcane_erm, I meant to send that one line up.  What about using ubuntu-virtualmachine-builder ?03:25
twbI know nothing of that03:26
SpamapSlive-builder, I think, is the one you want03:31
SpamapSlive-build I mean03:31
twblive-build / live-helper is oriented mostly towards read-only (+cow) images03:31
twbI'm not sure they're ideal for "I want a normal VM"03:32
twbYou could likely *abuse* them for that purpose :-)03:32
SpamapSI believe thats what is used to build the Ubuntu cloud images03:33
twbSpamapS: that's because cloud images *are* read-only03:38
twbPart of the point of the cloud stuff is that state lives in the db only and the VMs just have ephemeral state or so03:39
SpamapSwell they are mounted r/w ;)03:39
twbSpamapS: well, ICBW03:40
twbI assumed they were mounted ro and then aufs'd with a tmpfs cow03:40
twbSo to an inattentive root user sshing in, they look r/w but the changes are lost when you reprovision the VM on another node03:40
SpamapSNope03:41
SpamapSthey're laid down on top of a block device03:41
twbinteresting03:41
SpamapSand altered in predictable ways03:41
SpamapSsuch as putting authorized SSH keys in /home/ubuntu/.ssh/authorized_keys03:42
SpamapSactually03:42
SpamapSI think that may be done by cloud-init now that I type it.. hrm03:42
SpamapS<-- also CBW ;)03:42
twbThis cloud stuff is a fad, like www03:47
SpamapSyeah it'll never catch on03:47
twbOr touchscreen computers.  I mean there is *zero* tactile feedback03:48
twbAnd when you hit people with a tablet it will just shatter, unlike a model M03:48
SpamapSso yeah, cloud-init is the thing that installs the ssh key in /home/ubuntu/.ssh :)03:49
SpamapSthe filesystem is literally just thrown onto the block device03:50
twbAnd when you boot the VM does /proc/mounts say it's doing anything fancy like aufs?03:50
SpamapSno03:51
SpamapSits a xen instance03:51
SpamapSroot=/dev/xvda103:51
twbnot /proc/cmdlinux03:51
twbGah03:51
twbnot /proc/cmdline03:51
twbIf it's live-init the magic happens in the ramdisk03:52
twbI guess I don't really care, though03:52
SpamapSyeah I may have said the wrong tool.. live-build is just in my head03:52
twblive-build is basically a wrapper around debootstrap, mkisofs, syslinux and a few other things.03:53
SpamapSyeah, so that may not be right03:53
SpamapScould be vmbuilder03:53
SpamapSwhich is basically a wrapper around debootstrap, mkfs, etc.03:53
twblive-boot and live-init or so, are related tools that allow you to boot off ro media and union it with a cow, which is usually a tmpfs or a rw block device, and to turn off some services that you don't care about on live media (e.g. screen saver)03:53
twbMost common use case is to use all three to make a custom live USB key or CD03:54
twbUnder ubuntu the latter two are still basically one big icky blob that is casper, at least as at 10.0403:54
yaboowhen I do apt-get instead of typing y every time, how do I automated it04:05
yabootrying to make a install script04:05
qman__yaboo, use the -y option04:08
qman__apt-get update && apt-get dist-upgrade -y04:09
yabooqman__, thanks04:09
Saturn2888Hello all, I was curious to know if anyone had his or her own PPA or knew anyone that supported a PPA with close to the latest kernel for supporting BTRFS. I want to experiment around with it in a VM, but am making sure I get something as new as I can. I was looking at https://help.ubuntu.com/community/Kernel/Compile but wanted to make sure I wasn't missing anything first.04:18
SpamapSSaturn2888: precise has a very recent kernel, you could just test precise04:53
Saturn2888Which one?04:53
Saturn2888http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.2-rc4-oneiric/ <- I just went there and ran those. Lost the console but SSH works thankfully. If I could use a more-stable build I 'd probably prefer that when I move this to production (still for hobby fun) in a few months.04:53
SpamapSSaturn2888: more stable would be the regular precise kernel04:55
Saturn2888I mean, how do I acquire that? Is there a PPA?04:56
SpamapSSaturn2888: you either update to precise alpha1, or build the kernel for oneiric04:56
Saturn2888Btrfs v0.19 it says04:56
Saturn2888oh sorry.04:56
Saturn2888I meant is there a link with more information? I've never heard of precise.04:57
SpamapSSaturn2888: actually, 3.2rc4 *is* the current kernel in precise ;)04:57
Saturn2888Oh great!04:57
Saturn2888Is precise another distro or something?04:57
SpamapSSaturn2888: precise == the current dev release of Ubuntu04:57
SpamapSoneiric == 11.1004:58
Saturn2888Oh cool. How would I find a download of it?04:58
SpamapSprecise == 12.04 (presumably.. if we release on time ;)04:58
Saturn2888Wow!04:58
Saturn2888So it's already on the newest kernel. That's neat04:58
SpamapShttp://cdimage.ubuntu.com/releases/precise/04:58
SpamapSSaturn2888: you can also do-release-upgrade -d04:59
Saturn2888Then I can use this instead of a botched 11.10 and would be fine. Great!04:59
SpamapSWell its still alpha. :)04:59
Saturn2888Better than a not-working 11.10. Plus this is a VM I setup to test btrfs. My goal is to build a machine off of this once I have the proper knowledge and know-how to do so.05:01
Saturn2888by rc4, you mean 3.2rc4?05:01
SpamapSYes05:03
Saturn2888Great!05:03
Saturn2888I'll be finish up this upgrade then.05:04
Saturn2888finishing up*05:04
Saturn2888SpamapS: Thank you so much! Seems to have done a few kernel upgrades, but now it's at the rc4 one. Neat. That saved me a lot of time05:25
yaboogetting a error when I log in wy60 unknown terminal type05:34
yaboodo I need a /etc/termcap to tell me there is a wy60 terminal type05:35
twbyaboo: are you really on a Wyse 60 terminal?05:35
yabootwo yes I need to unfortunately05:36
yaboolegacy app05:36
twbterminfo entries are in the ncurses-base package05:36
twbI do not know about termcap.05:36
twbAlso it's "twb" not "two".05:36
yabootwo thanks terminfo05:39
yabooxchat spellchecker twb05:39
twbUnfortunately ncurses-base does not defined a wy60 terminfo entry AFAICT05:40
yabootwb makes sense seems /lib/terminfo or /usr/share/terminfo under w has no wy60, guess need to find how to install one there05:41
twbYou probably need to write one05:43
twbOtherwise it might be there under a different name05:43
twbI can see a wy3005:44
twbHmm, I can see a wy60 in the source code05:44
twbapt-get source ncurses-base, see misc/terminfo.src05:44
yabootwb seems ncurses-term has wy60  definitions installed05:45
twbAh, I'm sorry, it's ncurses-term05:45
twbSorry, bad memory on my part05:45
yaboorebooted box see if it works now05:45
twbncurses-base is the one that defines only commonly-used entries like linux, screen, xter05:45
yaboook05:46
=== bladernr_ is now known as bladernr_afk
twbAnyone familiar with unattended-upgrades?  If I set an email address in apt.conf, u-a will email information to that address (via mail(1)).  If I *don't* set that variable, where does that information go?  Is it thrown away?05:52
twbI'm hoping the info goes to stderr, in which case cron will catch it and email it to me via sendmail(8), so I can avoid installing mail(1).  (Not because I hate mail, but because more packages = more bad.)05:53
twbUnfortunately short of faking some security updates, this is fiddly to test, so hopefully someone has already studied the python source and can just tell me.05:54
twbNobody knows, huh.  Guess I'll RTFS06:14
yabootwo got it working, in the end it was a permission issue on the app to allow it to run06:23
twbThe u-u source seems to indicate that it throws the mail away.06:27
twbWhat a pain that it needs mail(1) when sendmail(1) is almost identical and already installed.06:27
twbhttp://paste.debian.net/148422/ I'd patch it if I had fewer hosts06:28
SpamapStwb: is it really that big of a deal to install mail?06:33
SpamapSignoring that sendmail is, IMO, the right way to do it, I see no reason to get hung up over such a tiny program.06:33
allowoverrideyawns06:34
twbSpamapS: (Not because I hate mail, but because more packages = more bad.)06:37
twbthin end of the wedge and all that06:37
SpamapStwb: if only every person with an awesome idea like that submitted it as a patch.. ;)06:41
twbBecause it's short and catches non-u-u upgrades, I'm going to put this in as a later .daily job:06:48
twbdiff -U999 /var/backups/dpkg.status.0 <(zcat /var/backups/dpkg.status.1.gz ) | egrep '^.Version|^.Package' | grep -3 '^[+-]'06:48
twb(more or less)06:48
twbSpamapS: http://paste.debian.net/148425/07:09
SpamapStwb: cool!07:19
SpamapStwb: you have just replaced update-manager with a very short shell script ;)07:22
twby/w07:23
twbIs it possible to set ChrootDirectory on a per-key basis in ~/.authorized_keys ?08:18
twbAccordig to the source code (auth-options.c), no08:20
allowoverrideim ou08:38
allowoverrideout08:38
koolhead11hi all08:42
userhi to all!08:54
useri have a question regarding byobu status bar08:54
userwhat does the field <number># mean?08:54
userit sits left op the uptime field08:55
twbProbably the screen session number or something08:59
userah i found it in the manpage finally. its the total number of logged in users09:05
userthrough sshd09:06
useri have another problem! fail2ban refuses to ban. my system is ubuntu 10.10 has someone noticed this?09:08
useris it a known problem?09:08
userubuntu 11.10 sorry09:08
userim using shorewall firewall09:09
userfail2ban configured to use iptables-multip backend. (the default)09:09
* blkperl was playing with fail2bain the other day09:24
blkperlalthough on freebsd not ubunut09:24
jamespagemorning all09:29
lynxmanmorning o/09:29
koolhead11morning jamespage lynxman :D10:28
potetpro2khello11:09
potetpro2kI have Ubuntu-server 10.04 LTS with a 3TB disk, the disk has alot of IOWAIT, does anyone know why this is?11:11
ersiAre you running a lot of applications that are heavily I/O bound?11:12
potetpro2kno, when i don't transfer the cpu and io is at 0, ~100%idle11:15
potetpro2kwhen i transfer via scp to the fileserver, top give me a 50%idle 50%iowait for about 2-3 seconds every 15-20 sec11:16
potetpro2ki also have the 3tb disk running over LVM11:16
potetpro2kso the transfer holdts every 15-20 sec for 2-6 sec11:17
ersiIs it an 'ECO SMART ULTRA LOW POWER MAGIC' disk?11:17
ersiSounds like it's spinning down it's platters like, all the time11:18
potetpro2k2 sec, gonna check11:18
potetpro2kthink it's a western digital caviar 3tb disk11:20
Davieyrbasak: Hey, have you been able to look at https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-service-orchestration ?12:26
Davieyrbasak: We need to determine if, "Binary image deployment with PXE on ARM: TODO" - is still a requirement12:27
potetpro2kis there a known problem with 3TB western digital HDD on LVM on Ubuntu 10.40 LTS??12:30
RoyKpotetpro2k: the only one I can think of is 4k sectors12:31
zulDaviey: that sounds like fun12:32
RoyKbut then again, that shouldn't be too much of a problem12:32
potetpro2kok, strange i have lots of IOwait when reading or writing, but my other disks are fine :S12:35
RoyKpotetpro2k: IIRC that drive lies about its sector size being 512 while it's really 4k. if your partitions aren't sector-aligned to the _real_ size, the drive may need two i/o operations for each requested operation12:38
RoyKpotetpro2k: what's the drive model?12:38
RoyKsmartctl -i should show that12:39
potetpro2k2 sec12:40
potetpro2kDevice Model:     WDC WD30EZRX-00MMMB012:41
potetpro2kmy 3gb disk got Timing buffered disk reads:    2 MB in  3.78 seconds = 542.41 kB/sec with hdparm -t12:41
potetpro2kan other question, now i am accessing my disk via an LVM setup, when i only have 1 disk in 1 VG and 1 LV alone, does that slow down the disk's performence?12:43
smbDaviey, I prepared a debdiff for precise for bug #894713. Just not sure how the sponsoring is supposed to work. Some prefer a linked bzr branch... And you just happened to be last one touching it before. :)12:44
uvirtbotLaunchpad bug 894713 in xen-common "xend init script should modprobe xen_gntdev" [Medium,In progress] https://launchpad.net/bugs/89471312:44
Davieysmb: debdiff or a branch works for me.12:49
Davieysmb: point it my way, and i'll look it over right away :)12:49
smbDaviey, It is attached to the bug report for review. :)12:49
RoyKpotetpro2k: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-701229.pdf <-- it's an "advanced format" drive, meaning it's "user sector size" is 512 bytes, but internal sector size is 4k12:51
Davieysmb: nice complete changelog, one question - should Debian be doing the same thing?12:54
RoyKpotetpro2k: google for lvm and advanced format12:54
RoyKdunno if there are known problems with it, but it wouldn't surprise me :P12:54
RoyKfscking drive manufacturers shouldn't program their drives to lie about sector sizes......12:55
potetpro2kRoyK cat /sys/block/sda/queue/logical_block_size  gives me 512  so it's formated as it should have been, and the disk "takes care" of the rest? :S12:55
smbDaviey, Not sure. It could be they just have all of this built-in into their kernels... So they won't have that problem12:55
RoyKpotetpro2k: if you performa a single read of two sectors that spans two physical sectors on the drive, that'll be two i/o operations on the drive12:56
rbasakDaviey: what's the reason you ask?12:56
RoyKpotetpro2k: the _logical_ block size doesn't matter much performance-wise12:56
rbasakDaviey: I only added it because you mentioned it I think12:56
Davieyrbasak: Yeah, i did - but i wanted to confirm that the arm team think binary 'firmware' style images are still required.12:57
Davieyrbasak: Things are moving quite fast in this area of things, and want to make sure that arm is part of that picture.12:57
ersi"partitioning a new disk the alignment of the disk has to be so that partitions start in a sector which is a multiple of 8" <- LVM with advanced format, 4k sector disks12:57
ersiapparently, that seems to be the only concern - could be wrong about that though12:58
RoyKersi: sounds right12:58
RoyKersi: except if lvm has some hidden headers somewhere...12:59
ersiah yeah12:59
rbasakDaviey: so will we be supporting firmware-style or installer-style installers for arm server, what does arm desktop do, and who will make the decision?13:00
rbasak(ignoring pxe for the moment)13:00
potetpro2kRoyK ersi thanks so far :)13:01
Davieyrbasak: installer is already supported, firmware-style is not yet.13:01
Davieyrbasak: The arm team, probably NCommander, needs to be involved in that discussion.13:01
rbasakwho decided that we needed firmware-style and why?13:01
Daviey(I don't think he was present in the UDS session)13:01
Davieyrbasak: Currently the arm team tend to favour that model it seems, perhaps ogra_ has thoughts.13:02
* ogra_ looks up13:02
ogra_rbasak, what do you mean by firmware-style ?13:03
rbasakogra_: AIUI, an image that gets dd'd and then the machine booted13:03
rbasakDaviey: ^^?13:03
rbasakogra_: (rather than the installer running debootstrap)13:03
ogra_rbasak, well, that totally depends on the HW13:04
ogra_if syou can only install to the device you also boot from, the preinstalled approach is best13:04
ogra_also using live or alternate is extremely slow, an install can easily take 2h or more ... preinstalled takes in max 10min to resize the rootfs and then drops you into ubiquity afterwards to set up the system13:05
ogra_for other HW setups we might consider other ways to install as long as we can manage them wrt QA (i guess you will understand why having images that take 2h to install arent actually QAable during a milestone freeze)13:06
rbasakso we currently have both setups supported in oneiric?13:07
rbasak(depending on what hw it is?)13:07
ogra_define both :)13:07
ogra_there are about ten different image types you can build13:07
ogra_we currently build preinstalled and netinstall13:07
ogra_netinstall is plain d-i as you know it from the alternate CD13:07
ogra_preinstalled is like a live oem image13:08
rbasakOK so what's the plan for server?13:08
* rbasak suspects this may be blocked on hardware again13:08
ogra_no particular plan until we actually know how the hardware works13:08
ogra_yeah, well guessed ;)13:08
ogra_we need to know how it boots, and what the options for installation are13:09
jhobbswe're planning on doing netinstall's with our hardware13:09
ogra_netinst is already there and wont go away13:09
ogra_for all server installs we have13:09
zullynxman: happy bday13:09
ogra_the question is if we will also offer preinstalled, or if alternate would nmake sense etc13:09
ogra_but that totally depends on the HW and how you boot it ... and how you can install on it13:10
ogra_which is something we only can figure out with the HW in our hands13:10
rbasakOK, so for cobbler/juju for precise, would it be sufficient to limit ourselves to netinstall only, given that we don't have hardware yet and we're past feature freeze? So shall I drop that work item? Daviey?13:10
ogra_past feature freeze ?13:10
rbasaksorry feature definition freeze13:10
ogra_keep it, we might get HW ... and arm is a bit special in the freeze regard for certain bits13:11
ogra_for precise that is13:11
ogra_i.e. if we can make sure everything works, kernel and bootlaoder support could possibly enter precise in a point release under certain circumstances13:12
Davieyrbasak: We've already committed to it pre FDF :)13:12
ogra_that said, if you focus on netinstall thats indeed the safe bet13:13
ogra_we wont drop it and it will likely even support arches we add later13:13
Davieyogra_: right, Trying to work out if our provisioning solution should force d-i installer method, or if we need to add support for the binary image method13:13
DavieyWould rather not SRU a feature like this for the LTS :)13:13
ogra_our QA tools depend on netinst so beyond the ac100 image (which uses an android based boot mechanism) all arches we have are supported in netinst13:14
ogra_Daviey, not my decision13:14
ogra_we did that for server in the past a few times13:14
rbasakDaviey: so if we were to add support for the binary image method, would be it be sufficient to just have that working on a panda to consider the feature essentially complete?13:14
ogra_i agree that it gives an odd feeling though13:15
ogra_and LTS for arm isnt decided yet13:15
ogra_we might not be LTS at all (also decided on a higher level)13:15
Davieyright.13:15
rbasakwe have to worry about breaking cobbler on !arm thoug13:15
rbasakh13:15
Davieyrbasak: I'd say so..13:15
Davieyrbasak: If it's not a painful amount of work, perhaps we shoudl JFDI.13:15
rbasakDaviey: sure, no objection there13:16
Davieyrbasak: I was sure i remembered reading that cobbler could already do somethign similar, but lost the reference.13:16
rbasakDaviey: as I slowly start seeing the whole picture it doesn't seem as awkward to me. it's just hard seeing the picture without hardware13:16
rbasakDaviey: could be koan related?13:16
Davieyrbasak: Well, arm does need to have a seperate workflow to the rest of things.13:17
Davieyrbasak: it /could/ but i'm not such a fan of koan.13:17
Davieyrbasak: something you might find of interest is pxe-kexec, performs a similar function to koan. :)13:17
Davieyogra_: thanks for your input btw13:18
ogra_np13:18
ogra_feel free to pick my brain at any time :)13:18
Davieyogra_: BRAINZ!13:19
ogra_:)13:19
ersiMmmmh.. brains..13:19
rbasakogra_: indeed, thank you, you've been really helpful13:19
potetpro2kRoyK ersi  parted printed Sector size (logical/physical): 512B/4096B13:26
potetpro2kis this how it's suppose to look like?13:26
potetpro2kor is it suppose to be 4096/4096?13:27
ersipotetpro2k: doesn't matter as far as I've read, what seems to matter is how your partitions are aligned - as in where they start13:32
ersipotetpro2k: I'm no expert on the matter, and I have no idea if LVM throws in extra data anywhere to make the alignment wonky.. the best post I've found was: http://justimho.blogspot.com/2011/09/struggling-with-advanced-format-during.html13:32
potetpro2kok, does it matter if i use parted or fdisk to format?13:33
ersishouldn't matter, they're both disk utilities13:34
ersimaybe it matters if you use GPT's.. I know one of them doesn't support that13:35
potetpro2kammagawd, this is driving my nuts :P gonna move my files off the disk and try to repartition and reformat, thanks for the help :)13:38
ersigood luck :)13:39
=== bladernr_afk is now known as bladernr_
=== jibel_ is now known as jibel
kfullerthi - trying to upgrade Ubuntu Server 10.10 to 11.04 (and then 11.10) using the instructions at https://help.ubuntu.com/community/NattyUpgrades - after saying yes to start SSH on 1022 (as it's over a SSH connection) I get a fatal error - main.log pasted at http://pastebin.com/v1WLCTL314:23
kfullertscreenlog.0 is at http://pastebin.com/Bqi9V2JF - there wasn't a /var/log/dist-upgrade/apt.log created14:24
koolhead11So /var/lib/nova/instance/instance-id/console.ring  gives the log of running instace log --> ring14:41
Sander^workDo anyonce have experience with how to add another mysql server to phpmyadmin here?14:42
funkyHatSander^work: try #ubuntu-server14:44
funkyHatWait that is this channel14:45
funkyHatPlease ignore me โข(14:45
RoyKSander^work: I guess #phpmyadmin or perhaps #mysql might be better14:46
* RoyK prefers to use the commandline to administer servers...14:46
Sander^workI do too.. Just that my customer's dont.14:47
koolhead11Sander^work: did you check server guide by any chance/mistake?14:48
koolhead11if you have not please check it am sure they have a chapter on mysql/phpmyadin too14:49
* koolhead11 wonders what magic smoser` does in the cloud image that it shows console output and works well and files once i modify stuff in it :)14:50
smoser`koolhead11, you'd need to list what modifications you're making14:51
=== smoser` is now known as smoser
koolhead11smoser`: only 2 modification adding proxy server info and removing the sudo rm -rf /etc/udev/rules.d/70-persistent-net.rules14:53
koolhead11and yes removed the ssh-keys from the user-data custom fie14:54
koolhead11*file14:54
koolhead11on vnc viewer it boots well and can see log too14:55
tgardnerjamespage, is there a better way then editing /var/lib/cobbler/config/repos.d/*.json to change the mirror ? its also a bit tedious to go through the cobbler web interface.14:59
koolhead11tgardner: i am guessing there must be a profile associated and you can edit that profile with the info15:01
koolhead11or if your system/profile uses a presseed you can manully edit that to i suppose15:02
hggdhhallyn: found the issue; indeed the libvirt fix you submitted yesterday did not do the trick15:07
hallynwhat is the issue?15:08
hggdhhallyn: dynamic_ownership, and user and group (it seems) does not work anymore15:08
hggdhhallyn: I will open a bug, but if d_o=0 you get access denied15:08
hggdhif d_o=1, and user and group are set to root, you get access denied15:09
hallynyou're sure you're not on nfsv4?  :)15:09
hggdhheh. I am. I have NFS, any version... all my FS are local15:09
hallynok thanks hggdh.  i'l lneed a libvirt update anyway to handle qemu-kvm 1.0 version #15:10
hggdhs/have/hate/15:10
hallynmaybe i'll try merging the debian experimental version15:10
hallynthat makes more sense :)15:10
hggdhhallyn: of course, this d_o=1 completely screws with my setup... now I will have to have root running a cronjob to clean up the mess libvirt leaves on permissions15:11
hallynhggdh: ?  I must be misreading, bc it sounds like you're saying you don' twant it anyway15:12
hggdhhallyn: oh, no, I really do not want to be forced to have ISOs owned by libvirt:kvm15:13
hggdhthis is a heavy-handed solution to a non-existing problem15:14
ttxjamespage: yo! Does your python-jenkins support Launchpad SSO as a login ?15:15
jamespagettx: ermm - no15:15
jamespagethat would be a nice feature tho15:15
ttxjamespage: indeed. I could then use it as part of my release scripts15:16
jamespagetgardner: not sure about that15:16
jamespagettx: leave it with me; it really depends on whether the SSO stuff is exposed on the remote API - I'll take a look15:17
ttxjamespage: I gather you don't use Launchpad SSO on your own jenkins instances ?15:17
hallynhggdh: and in oneiric that works?15:17
jamespagettx: not yet15:17
tgardnerjamespage, it doesn't seem to be a global setting anywhere.15:17
ttxjamespage: ok, keep me posted15:17
jamespagettx: we will prob use it on the public instance15:17
hggdhhallyn: yes. Actually, last week it was working on Precise15:17
jamespagebut most 'work' happens in private instances15:18
hallynhggdh: uh, that sounds like spurious (unrelated to libvirt-bin) then.  (I was about to suggest that commit b1643dc15c5de886fefe56ad18608d65f1325a2c might be responsible, but now i'm dubious)15:18
jamespagetgardner: if you specify the proxy in the preseed to be the orchestra server it should hook up with the squid server which is part of ubuntu-orchestra-provisioning15:18
hallynok thanks i'll wait for the bug :)15:18
jamespagetgardner, are you using your own preseeds?15:18
tgardnerjamespage, nope, just vanilla stuff.15:19
* jamespage scratches his head15:19
jamespagethe default preseeds should do that15:19
tgardnerjamespage, well, its working OK, but I wanted to point at my local mirror for faster access. squid will pull at least one copy of the package from archive.ubuntu.com, right ?15:20
hggdhargh! now apport refuses to open the libvirt problem because libglib2.0 needs to be updated...15:20
jamespagetgardner: ah - I see15:20
jamespageRoAkSoAx, ^^  - is there a nice easy way to switch the default archive location in orchestra/cobbler?15:21
RoAkSoAxtgardner: you mean the archive that squid uses?15:22
jibelhggdh, save the report, edit it, remove the lines 'unreportable reason' and resubmit15:23
tgardnerRoAkSoAx, taht, and the archive that the PXE booters are given15:23
tgardnerperhaps the squid archive is sufficient15:23
tgardnergiven the proxy15:23
RoAkSoAxtgardner: you should make the modification in: /var/lib/cobbler/snippets/orchestra_proxy (given that you are using orchestra.seed or juju.seed)15:24
RoAkSoAxorchestra.preseed or juju.preseed15:24
tgardnerRoAkSoAx, then re-run 'cobbler sync' ?15:25
RoAkSoAxtgardner: nope, not need15:25
RoAkSoAxtgardner: that only applies to the preseed file so everytime, from that change on, you try to PXE boot something, it will use that change15:26
tgardnerRoAkSoAx, cool, I'll give that a try. thanks15:26
RoAkSoAxtgardner: welcome ;) let me know if you run into any other blockers/ I'll be happy to help15:26
koolhead11smoser: euca-run-instances ami-00000025 --user-data-file=user-data   will this work with newer cloud-init ?15:35
zulSpamapS: ping15:39
hazmatkees, ping15:44
lynxmanRoAkSoAx: ping15:45
RoAkSoAxlynxman: pon15:45
RoAkSoAxlynxman: pong15:45
hallynoh.  drat.15:51
SpamapSzul: pong, sup?15:51
zulSpamapS: so when i do the SRU tomorrow, ill just open up a bug and then ping ya so you can let it go into proposed?15:52
hallynok, looking for advice.  in the past, libvirt shipped /etc/libvirt/qemu/networks/autostart/defaults.xml symlink as part of package15:53
hallynso if users removed it, it alwasy got reenabled on upgrade15:53
hallynbug 372001 was for that, and my fix was to not ship the file with package, and only install the symlink by hand on an initial install15:54
uvirtbotLaunchpad bug 372001 in libvirt "default network autostart symlink recreated" [Low,Fix released] https://launchpad.net/bugs/37200115:54
hallynproblem is, if you upgrade from an older libvirt, the symlink gets removed bc it's part of the old package, and it doesn't get reinstalled bc it's not an initial install15:54
SpamapSzul: Right15:54
hallynthe only way i can think of to fix that is to always install it if upgrading from any current version.  That means it can't be SRU'd.  Can anyone think of another idea?15:55
hallynSpamapS: zul: soren: ^15:57
hallyn(if not, i'll withdraw the sru and fix precise version only...)15:57
zulhallyn: users get pissed if you disable something and then the packaging re-enables it15:58
hallynzul: well, yes :)15:59
hallynzul: but I assume we are NOT ok with having an SRU upgrade, for the first time ever, not set up everyeone's default net as autostart?15:59
zulyeah not ok15:59
hallynbut i can't think of a clean way to fix it.  I mean, I could do bunches of version checks in each release, but that's fragile16:00
SpamapShallyn: it shouldn't have been re-enabled on upgrade.. confflies are supposed to stay dead.16:00
hallynSpamapS: but it has always done it in the past.  do we want an sru to change that?16:01
SpamapSNo16:01
hallynIf that's ok, then terrific.16:01
hallynSpamapS: drop your j'accuse - i didn't make the original decision :)16:01
SpamapShallyn: I have to run the family out the door.. and then get on a call.. but IMO its a conffile.. so it should be respected as such.16:02
hallyni agree, just trying to think how to fix it in sru's the best way16:02
hallyntty when you get back, thanks16:02
hallynwell, maybe i'll just go ahead and hardcode in checks against current libvirt version for each release.  yuck.16:03
sorenhallyn: You can check from preinst whether the symlink is alraedy there.16:11
sorenhallyn: If it is, recreate it in postinst (store a tempfile somewhere to keep track).16:11
hallynsoren: oh, excellent.  Where should i keep the tempfile?  (I assume there's a normal place)16:12
sorenhallyn: ...and only create it if it was there to begin with or if it's not an upgrade.16:12
sorenhallyn: I'd stick it in /etc/libvirt/qemu/networks/autostart/16:12
sorenhallyn: Clearly named as a temp file.16:13
* soren has to run16:13
hallynsoren: thanks.16:13
keeshazmat: pong :) sup?16:15
smoseradam_g, https://code.launchpad.net/~gandelman-a/glance/899970/+merge/8451116:16
smoserif you're going to wrap lines for depends, you should use 'wrap-and-sort' unless you have some reason not to16:16
hazmathi kees i saw you had some juju issues, and wanted to try and reach out understand them so we can solve them.. one thing that wasn't clear from your blog post was what version of juju you where running?16:16
kirklandhallyn: have you tested ecryptfs inside of lxc?  does it work as expected?16:17
keeshazmat: hi, cool. I was using what was in oneiric, since it wasn't clear how to bring up anything else for a sane AMI.16:17
hallynkirkland: i don't recall it if i have16:17
kirklandhallyn: would you mind giving it a shot?16:19
keeshazmat: you want me to join #juju?16:19
hazmatkees, that would be great16:19
kirklandhallyn: fwiw, there is a bug about ecryptfs not working inside of openvz: https://bugs.launchpad.net/ecryptfs/+bug/82699616:19
uvirtbotLaunchpad bug 826996 in ecryptfs "does not work inside openvz container" [Wishlist,Won't fix]16:19
hallynkirkland: sure, but not utnil i fix my libvirt snafu16:19
kirklandhallyn: which doesn't necessarily surprise me, but I'd hope it would work inside of lxc pretty well16:19
hallynkirkland: i'm guessing that they didn't already have ecryptfs kernel module loaded, and openvz container wasn't allowed to modprobe16:22
hallynit's not an ecryptfs OR openvz bug16:22
hallyn(in that case)16:22
kirklandhallyn: ah, yeah, perhaps.  would you mind adding comments to that effect at your convenience?16:22
=== aurigus_ is now known as aurigus
hallynsoren: my proposed fix is at http://people.canonical.com/~serge/libvirt-autostart.debdiff, if you get a minute.  (I'll upload after some testing)16:33
hallynkirkland: i'll test in a n lxc container when i get a chance and then comment16:33
hallynoh, hm, patch needs a tweak16:45
smoserutlemming, please review https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ec2-publishing-scripts.hvm-ephemeral/+merge/8480516:58
* utlemming reviews16:58
smoserzul, https://bugs.launchpad.net/nova/+bug/85503016:59
uvirtbotLaunchpad bug 855030 in nova "Encountering sporadic AMQPChannelException" [Critical,Fix committed]16:59
smoser"this is fixed in precise"16:59
smoserbut you did not mark fix-released.16:59
hallynjdstrand: have you run qa-regression-test test-qemu on a host (not in a vm) and lived to tell about it?16:59
smoserby design ?16:59
zulsmoser: no just fat fingers17:00
jdstrandhallyn: not for a while. I use nested virtualization typically (and qrt definitely warns about using at your own risk :)17:01
=== scubes13|afk is now known as scubes13
hallynyeah - well the host *is* a throwaway test machine, but i'm wondering just how bad the tests are :)17:02
jdstrandhallyn: they shouldn't be *too* bad since they run as non-root. you should use 'make-test-tarball' rather than running in the tree17:03
=== mendel__ is now known as mendel_
hallynok, i *think* i have all the libvirt upgrade cases covered now....  <crossing fingers>17:04
jdstrandhallyn: for extra fun, run as a different user17:04
hallynok, will try, thx17:04
jdstrand(it doesn't need X, so su'ing to that user from a terminal should be ok17:04
jdstrand)17:04
hallynbut should be in kvm group?17:05
hallynbtw, you have an amd box, or you find nested kvm now works on intel?17:05
utlemmingsmoser: it looks good...except, why not register the four ephemeral stores to cover the cc2.4xlarge?17:05
utlemminger, cc2.8xlarge17:05
jdstrandhallyn: the other user should be in kvm if you want to test that. as for nested, it is nested qemu, not nested kvm17:06
hallynoh17:06
hallynhow odd.  debuild -S didn't sign my .changes17:08
smoserutlemming, only in keeping with what we've done before..17:11
smoseri find the existance of 'block-device-mapping' entries in the metadata service annoying when they're wrong17:12
smosercurrently they're only wrong for t1.micro instances and that was something we could not have foreseen.17:12
utlemmingyeah, I see the problem here17:12
smoserobviously there could be hvm instance types that would have no ephemeral in the future, though.17:12
smosert1.micro hvm17:12
utlemmingpart of me is thinking that the meta-data should only present valid devices17:12
* utlemming shutters17:12
utlemmings/shutters/shudders/17:13
smoseryeah, they should present the *actual* block device mapping in the MD17:13
smoseror at least the mapping that was there on initial start.17:13
hallynhggdh: oh!  so you can't report the bug?  I was wodnreing why i wasn't seeing it in the new queue17:13
utlemmingthis seems worthy of a feature request to Amazon -- there is no reason to present an invalid device mapping via meta-data17:13
utlemmingsmoser: merged17:16
smoserif they fixed that, then i'd register 4 ephemeral devices with every ebs type17:17
hggdhhallyn: I am going to report manually, and add in whatever you ask for later17:18
hallynhggdh: ok, thanks.  So I guess this is unrelated to the qemu one i just saw you posted  :)17:18
hggdhhallyn: indeed it is unrelated. My only problem to report the dynamic ownership is LP timing out continuously for me17:19
hallynhggdh: a dput of 80k took me 2 minutes.  i think there is a problem17:19
hggdhyes, I think so also17:20
smoseri noticed a slow upload yesterday.17:20
smoserer.. this morning.17:20
N3I'm trying to install RAID6 w/ ubuntu 11 and grub fails17:22
N3I would do lilo, but there is no option17:22
zulsoren: ping are you running precise yet/17:43
RoAkSoAxadam_g: have you testing upgrading from oneiric -> precise of an orchestra server?17:50
RoAkSoAxs/testing/tested17:53
hggdhhallyn: bug 90133317:58
uvirtbotLaunchpad bug 901333 in libvirt "Precise: dynamic_ownership=0 causes complete failure to start a domain" [Undecided,New] https://launchpad.net/bugs/90133317:58
dannfhallyn: i can't seem to bzr branch lp:ubuntu/natty/libvirt - any idea what's up w/ that?17:58
dannfbzr: ERROR: Revision {james.westby@ubuntu.com-20110318080232-bskde7dqc2icfixv} not present in "Graph(StackedParentsProvider(bzrlib.repository._LazyListJoin(([CachingParentsProvider(None)], []))))".17:59
hallyndannf: the udd trees for libvirt and qemu are b0rked17:59
hallynhggdh: thanks17:59
dannfhallyn: how do we go about unb0rking them?18:00
hallyndannf: i don't know.  last i knew it wasn't possible without some fundamental fixes to lp/bzr.  i don't know if those have been fixed and maybe now something just needs to get cleaned up somewhere... #bzr or #launchpad or #ubuntu-devel are probably the places to ask18:01
hallyni'd love it if it got fixed18:01
dannfhallyn: ok18:02
zulok now im getting annoyed18:07
zulhallyn: the ebtables/libvirt stuff is causing me greif18:08
zulit only seems to happen when im running nwfilter18:08
zuli can give you an xml that has the problem18:08
hallynok18:09
zulhallyn: http://paste.ubuntu.com/762980/18:10
hallynzul: i'm hopefully uploading qemu-kvm 1.0 this afternoon.  Is there ANY reason not to change ebtables to a depend?18:11
zulhallyn: i have no reason18:11
hallynzul: will it work around your problem?  (i can't seem to use your filterref exceprt on oneiric)18:17
zulwell no because i have ebtables installed and it just cant find it18:17
zulim starting to get frazzled18:17
hallynzul: ah!18:18
hallyni bet we need to specify --with-ebtables-path to configure.18:19
RoAkSoAxDaviey: btw.. the chain.c32 trick doesn't seem to work with KVM instances. It does download the file, shows the grub menu, but stays there18:20
hallynzul: could you try a 'strace -f -o/tmp/outout -p `pidof libvirtd`' and then retry the cmd that fails?18:21
zulhallyn: sure18:21
hallynjdstrand: qa-regression-test will need an update to call qemu-system-i386 instead of qemu18:22
jdstrandhallyn: for all releases or just precise?18:22
hallynjdstrand: just precise, but it's safe to do for all releases18:23
hallynthat is, qemu is goign away, but qemu-system-i386 was always a symlink to qemu18:23
* jdstrand nods18:23
hallynyay!  all tests pass18:23
hallynjdstrand: cool, long as you don't object i'll do a qrt merge proposal :)18:24
jdstrandhallyn: I think we might want to do a release specific change. eg in both _check_vm_is_running() and _start_vm(): if emulater == "qemu" and self.lsb_release['Release'] >= 12.04: emulator = "qemu-system-i386"18:26
hallynjdstrand: why?18:27
jdstrandhallyn: otherwise, we aren't testing the same thing we did before18:27
jdstrandbetter would be to flip that and default to qemu-system-i386, then use "qemu" iv < 12.0418:28
jdstrandthat expresses what we are trying to achieve slightly better I think18:28
hallynit just seems like complicating (making more fragile) the test logic has its own cost18:29
hallynbut, if you prefer...18:29
adam_gwin 118:33
hallynok i will18:34
N3wow, how amazing, the debain installer just installed grub automatically to my RAID6 system, why can't ubuntu 11 do this?18:34
zulhallyn: http://people.canonical.com/~chucks/output18:34
hallynzul: feh, one of the other threads must have tried the exec18:35
zulhallyn: eyah18:35
adam_gsmoser: regarding glance 'sort-and-wrap', fair enough. shall i also sort the other depends sections of debian/control since tehy are not currently sorted?18:38
adam_gRoAkSoAx: i haven't been reguarly testing, but i have done it in a couple of weeks. perhaps we can automate that testing per upload?18:40
zulhallyn: hmm...interesting: http://paste.ubuntu.com/763012/18:40
RoAkSoAxadam_g: the thing is thta I just did an upgrade, and the changes for squid3 weren't done automatically so I had to ln -sf the new config18:41
adam_gRoAkSoAx: hm, packaged config files get overwritten on upgrades unless otherwise specified, no?18:42
hallynzul: yeah! ebtables on precise gives me a segfault18:42
zulhallyn: hold on18:42
RoAkSoAxadam_g: right, but we are doing all thru postinst18:43
RoAkSoAxadam_g: anyways, just keep an eye on it when you do an upgrade from oneiric->precise to see if in precise the squid changes are actually made, or any other postinst change18:44
zulhallyn: yeah ebtables is broken18:44
adam_gRoAkSoAx: i believe ive upgraded the santol orchestra server since squid3 without issue but ill give it a shot later on ec218:45
zulhallyn: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/89931518:45
uvirtbotLaunchpad bug 899315 in ebtables "ebtables crashed with SIGSEGV in ebt_initialize_entry()" [Medium,Incomplete]18:45
RoAkSoAxadam_g: cool! btw i just uploaded the changes for chain.c32 and the auto selection of installation disk18:45
zulhallyn: thanks for the help! :)18:45
hallynzul: np :)18:46
adam_gRoAkSoAx: nice. i sent a merge proposal late yesterday wit a fix for the ISO upgrades deleting custom profiles, with hopes that you and smoser would be able to review. but it was picked up by a patch pilot and merged before anyone looked at it AFAICS.18:48
adam_ghttps://code.launchpad.net/~gandelman-a/ubuntu/precise/cobbler/lp900977/+merge/8469818:49
CoreyIs there a semi-sane way to update the certificates in Lucid?  The cert in question works in Debian Squeeze.18:51
BjornWarmedalI've just been given access to an ubuntu server (through ssh only, no access to hardware) and I'd like to get to know the system. I'm used to the *nix environment and the command line, but what's the best way to get to know the system, its processes and configurations?18:51
CoreyBjornWarmedal: What are you trying to figure out?18:52
Jim44491anyone in here compiled a kernel for ubuntu ?18:52
CoreyJim44491: Yes.18:52
CoreyBjornWarmedal: netstat can show you what's listening on what port, ps can show you what processes are running... I'd start there.18:52
Jim44491i have ubuntu 11.04 and i want to compile kernel version 3 for it18:52
Coreyiptables will show you what the firewall looks like. :-)18:52
Jim44491any problems ?18:52
BjornWarmedalCorey: users, processes... netstat and ps are probably a good start, yeah :)18:53
CoreyBjornWarmedal: Take a look through /home and /etc/passwd, reconcile those.18:53
BjornWarmedalCorey: the server belongs to a club and I've offered myself to learn how to administrate their systems18:53
CoreyBjornWarmedal: ...without knowing what you're doing? :-)18:54
BjornWarmedalCorey: I'm not responsible for anything until I've learned ;) it just gets faster to learn if I don't have to wait around for someone to have time to teach me18:54
CoreyBjornWarmedal: "Learning on someone else's system" is always a poor decision, really.18:54
BjornWarmedalCorey: the server I've got access to is a test system, so no harm in hacking around :)18:55
BjornWarmedalCorey: until I've got a chance to set up my own server it's my best shot :)18:56
raubvogelCorey: nothing makes you learn faster than learning on the job during a crisis with people screaming behind you19:01
BjornWarmedalraubvogel: been there, done that... our only expert had a week off, I was new and somehow inherited the title...19:05
BjornWarmedalraubvogel: and yes, I learned lots19:06
BjornWarmedal:)19:06
raubvogelI had one with a server whose OS somehow was put together with 3 different releases19:06
raubvogelIt was mail+nfs+everything19:06
raubvogeland it crashed19:06
raubvogelno docs19:06
raubvogeleven no root pwd19:06
raubvogelhad to rebuild array in one week and save data19:07
raubvogelLoads of fun19:07
zulmdeslaur: ping this is bad isnt it? http://paste.ubuntu.com/763031/19:07
raubvogelzul: sounds like apparmor doing its thing19:08
raubvogelFind out what virt-aa-helper is and whether it needs to do what it tried to19:09
smoserzul, can you review/merge https://code.launchpad.net/~smoser/glance/merge-from-ubuntu/+merge/7719019:14
smoseri'd think we would want to keep that glance/ubuntu branch as close to ubuntu as reasonably possible.19:14
jdstrandzul: those aren't necessarily fatal. what are those files?19:17
zuljdstrand: those are images feched from glance to create the ec2 instances19:18
zulsmoser: of course19:18
jdstrandzul: sounds like we would want to adjust /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper for those paths19:18
zuljdstrand: thats what i was thinking should it be added to the libvirt packaging as well?19:19
zulor should i start creating an apparmor rule for nova?19:19
jdstrandsomthing as simple as '/var/lib/nova/instances/_base/* r,' would probably be enough19:19
jdstrandzul: that file is provided by libvirt and so it should happen there.19:20
zulk19:20
zulsmoser: done19:22
smoserzul, i thought you mad console output work for lxc19:24
smoserno?19:24
zuloneiric?19:24
zulyes19:24
zulprecise19:24
zulno19:24
smoserso it was in diablo proper?19:25
smoserzul, bug 853602 has a patch attached19:27
uvirtbotLaunchpad bug 853602 in nova "get_console_output for 'lxc' libvirt type would throw an error " [Medium,Confirmed] https://launchpad.net/bugs/85360219:27
zulsmoser: that will just give you /dev/pts/9 or whatever when you run that command19:28
smoseroh?19:30
zulyeah19:32
zulanyways back later19:32
sorenzul: not on my primary workstation, no, if that's what you mean.19:37
smoserzul, it seems to work for me.19:39
smoserzul, this applied to current-ish nova "works for me"19:42
smoserhttp://paste.ubuntu.com/763072/19:42
smoserwithought that vcpus check, nova does not re-start19:42
th0mzhi, i'm looking forward to migrate a vsphere HA cluster to Ubuntu Server and opensource hypervisor. Is KVM the best solution ? (long term project (3-6month before i start), just looking for a few  docs to start my reading). any idea please ?20:01
smoserwoot! cirros worked on devstack lxc.20:02
cautionI want to set up a mail server so I can send email from my domain name using a mail client like Thunderbird. It won't accept incoming messages to my domain. What type of mail server is this and what software should I use?20:12
RoyK!dovecot20:13
ubottuIMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer for information on the SMTP protocol20:13
RoyKcaution: postfix as the MTA and dovecot for mail storage is generally a "preferred" choice20:14
RoyK!mailserver20:14
ubottuUbuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/10.04/serverguide/C/email-services.html20:14
cautionI won't be storing mail though20:14
cautionwill I?20:15
RoyKif you want to receive mail, you need to store it somewhere unless you're going to process it automatically20:15
RoyKoh20:15
RoyKno incoming20:15
cautionI don't want to receive mail apart from outgoing mail from my mail client20:15
RoyK:)20:15
RoyKok20:15
RoyKthen all you need is something like postfix20:16
RoyKand just allow relay from internal IP addresses20:16
RoyKand, typically, set it to relay outgoing mail to your ISP's MTA20:16
cautionthere's no ISP mTA20:17
RoyKit'll try to do mail routing according to DNS if you don't set a smart relay host20:17
cautionok good20:17
cautionalso it's not an internal IP address20:17
cautionso it needs auth20:18
RoyKwell, just don't open up relay for everything20:18
RoyKeither setup authentication or a small set of IPs from which to relay mail20:18
cautionthanks20:19
RoyKif you setup an open relay, it takes like max a few hours until half the spambots on the net are trying to mail through it20:19
cautionyeah, I'd even be worried allowing an IP range20:19
RoyKauthentication is rather safe, though20:20
cautionwhat's a good command line tool to test postfix?20:27
RoyKcaution: what do you mean?20:38
RoyKcaution: telnet yourhost 25 ?20:39
cautiona command line smtp client I guess20:39
RoyKtelnet20:39
cautionno20:39
RoyKjust telnet into port 25 and chat smtp to it :P20:39
cautiontakes too long20:39
guntbertcaution: its the only way to really test smtp20:40
RoyKwould have taken shorter time than you have spent asking for help here :รพ20:40
cautionnope20:40
RoyKnope what?20:40
cautionsmtp-cli sounds good20:41
* RoyK gives up and finds something useful to do20:42
raubvogelAnyone doing syncrepl proxy in ldap?20:51
adam_gwin 221:04
RoAkSoAxadam_g: your branch in cobbler differs from the latest upload21:08
RoAkSoAxadam_g: and your branch seems to have been merged already into lp:ubuntu/precise/cobbler when it shouldn't have21:09
demolitionIs there a IPv6 problem known with the latest LTS?21:19
demolitionIt gets a IPv6 route, but only a fe80 IPv6 address21:19
demolition(a fe80 route and a (2001::::) route), where the latest is the global IPv621:19
demolitionOther systems pickup an address without a hitch21:20
* RoyK doesn't have ipv6 :(21:21
demolitionNote that my network has native (global) IPv6 support21:22
SpamapSdemolition: IIRC, lucid has been made to work with IPv6, but focus on IPv6 in Ubuntu only really started last cycle21:24
demolitionSpamapS: Is there some documentation on making IPv6 work with Ubuntu Lucid?21:27
demolitionIt is a strong secured JEOS.21:28
hallynhggdh: was trying to reply to the bug report but can't get to lp.  Can you try dynamic_ownership with quotes around the user/group, i.e. user="root"\ngroup="root"?  it works for me...21:28
hggdhhallyn: will try now21:29
SpamapSdemolition: I'm not much of an IPv6 expert.. so its hard for me to comment intelligently.21:30
SpamapSdemolition: I'm certain it can work... but there may be bugs that have been fixed in later releases.21:30
demolitionWhat tools and services are the most important for IPv6 networks?21:31
demolitionaka ifupdown21:31
demolitionIf I can get a list with that tools, I mind building the latest versions from source21:31
demolitionDon't want to use a non-LTS for production use21:31
SpamapSifupdown is probably the most important yes..21:32
SpamapSdemolition: man interfaces should help21:32
hggdhhallyn: bloody thing now works21:33
Skunkis there a Ubuntu One (client?) for ubuntu-server?21:33
hallynhggdh: woot21:33
hggdhdarn!21:34
adam_gRoAkSoAx: as i said, i proposed that merge later yesterday with hopes of you and/or scott reviewing, but it was picked up by patch pilot and merged21:41
RoAkSoAxadam_g: yeah i saw that. I'll fix that now21:41
cautiondo the commands in /etc/rc.local get run more than once each boot?21:42
adam_gRoAkSoAx: thats the second time thats happened with that branch, btw21:43
RoAkSoAxadam_g: i wonder why the branch reviewer doesn't check that the upload failed... or maybe, they don't even upload and that's why they never realize :)21:47
pedja_Anybody has suggestion on Certificate Authority software to use on Ubuntu/Debian to replace NewPKI?21:48
offdutypiratepedja_, managing a private CA?  Would tinyCA work for you?21:53
pedja_tiny CA is ok but I was thinkin of something that would  (semi) automaticalu publish CRL or act as OCSP21:54
pedja_I was thinking of using OpenCA which has no ubuntu package21:55
pedja_I wonder what people usually use for CA management?21:56
SpamapSI don't think most people do CA management. :)21:57
SpamapSchain certs are pretty cheap21:57
offdutypiratepedja_, I'd agree with SpamapS21:57
SpamapSwtf.. openca has an Ubuntu *RPM*21:58
SpamapSwith 285 downloads.. heh21:58
pedja_It's just that I tend to use certs a lot (for example entire lab for wireless access and for vpn clients)21:59
RoyKdemolition: have you tried setting a static ip?21:59
pedja_SpamapS, yes that's odd, and also I am reluctant to create CA infrastructure on software that is not guaranteed to survive OS upgrade22:00
pedja_so I would rather user something packaged22:01
SpamapShah, nothing is guaranteed to survive os upgrade. :)22:02
hallynUrsinha: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase  the untouched bugs link seems to point to a bogus list right now... ?22:02
Skunkbios?22:02
SpamapSpedja_: looks like it should be relatively simple to package22:03
SpamapSpedja_: autotools.. apache license..22:03
pedja_SpamapS,  once I have upgraded proxy machine with  nobody  practically noticing :), I just love apt-get.  I'll try openCA,  to see if it can be actualy used on Ubuntu since it has RPMs22:07
SpamapSpedja_: its got a source tarball22:07
SpamapSpedja_: I'd be willing to bet that just doing 'dh_make' in that dir will produce a working package.. though you may need to add an init script/upstart job22:08
RoyKubuntu rpm... I wonder what those guys are smoking...22:08
SpamapSProbably a running joke there22:09
pedja_seems like nice software; I'll give it a try22:09
SpamapSlike, if somebody emails them asking how to make it work, they send him to [ insert awful video url ]22:09
demolitionRoyK: Are you around?22:11
RoyKdemolition: yeah22:11
RoyKa bit longer...22:11
demolitionI have tried setting up a static one22:11
blkperladam_g: precise is no longer installing....22:12
RoyKdemolition: did it work?22:12
demolitionno22:12
demolitionmoment, I am going to reproduce22:12
RoyKwierd... I'm currently logged into a box with that running just fine22:13
RoyKmachine is running 10.04.322:14
SkunkI see ubuntuone-client, but it looks like it wants to install all of x11 .. is there a CLI version?  Is libubuntuone1.0-cil in the right direction?22:15
RoyKdemolition: I'll be leaving now, but afaics the magick done on that box is adding http://paste.ubuntu.com/763204/ to /etc/network/interfaces - good luck...22:17
demolitionwait22:17
demolitionit is done22:17
demolitionthe trick was to use ipv6-addr, gateway, netmask, not ipv6-addr, netmask, gateway in order in interfaces22:18
cautionhow do I add a command to startup that behaves in the same way as if I had run it myself in a terminal?22:27
=== bladernr_ is now known as bladernr_afk
andolcaution: wrap it within a bash script which sources /etc/profile as well as ~/.profile?22:30
cautionand then add it where, rc.local?22:31
andolcaution: Well, if you want it to run as a specific user it might be easier to put it in that users crontab, specifcing the "time" @reboot22:32
Nafalloandol: +122:32
RoyKdemolition: if you get the route ok, why would you need the gateway_22:35
RoyK?22:35
=== bladernr_afk is now known as bladernr_
roboshello: anyone know why this is happening when i run mount -a? mount.nfs: mount to NFS server '192.168.2.1:/mnt/disk2' failed: RPC Error: Program not registered22:40
RoyKrobos: is the portmapper running?22:42
robosportmap22:42
robosyes, it's running22:43
Cant_Winnhey ppl, I am trying to install an iFolder server on 10.04LTS and it keeps giving me an error when I try to set it up... think anyone here might have an idea? http://pastebin.com/RGxdRxJd22:43
Cant_Winn..dang22:48
Ursinhahallyn: will look22:56
hallynthx (i'll be leaving soon)22:56
utlemmingsmoser: are you around?23:30
JokesOnYou77Hi all.  I'm running a remote server for downloading large files and torrents, and after setting up the transmission Web UI and starting a large download I've lost the ability to connect to the server.  This has happened before with the connection restored once the download was complete.  What I want to know is if this was because of bandwidth or RAM23:31
JokesOnYou77Or something else...23:32
uvirtbotNew bug: #901482 in lxc (main) "lxc should nest under init's cgroup" [Medium,Triaged] https://launchpad.net/bugs/90148223:36
=== brianm_ is now known as brianm

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!