[00:46] <crass> I'm having strange module dependency issues with apache2
[00:47] <crass> I'm using aptititude and when trying to install the apache2-mpm-worker it tells me that that breaks things
[00:53] <crass> hmm, mod_php can not use mpm-worker?
[01:01] <Patrickdk> crass, it can, if ALL php modules you use are thread safe (unlikely)
[01:01] <Patrickdk> the best way to run php is via fastcgi
[01:05] <twb> Pity php doesn't have a built-in simple HTTPD that you can just stick behind varnish or nginx
[01:05] <jandrusk> Anyone know what the mysql username/password is for the juju charm for MySql?
[01:06] <twb> fcgi is just so fugly, protocol-wise
[01:06] <Patrickdk> heh
[01:06] <Patrickdk> I just use lighttpd, with like 3-5 php servers
[01:07] <twb> And it's nearly impossible to debug, whereas with a simple httpd built into each app, if something goes wrong you can test it by talking directly to the app, eliminating the possibility that the reverse proxy is causing the problem
[01:07] <Patrickdk> heh? I find it easy to debug the fastcgi stream
[01:07] <twb> Patrickdk: when I looked the tools for doing that were crap, at least compared to e.g. curl -v
[01:07] <ipl31> I have been noticing on 11.10 server when I stop and start LXCs that network connectivity drops
[01:08] <ipl31> anyone have any ideas on where to start looking for the cause?
[01:08] <twb> Oh, and running fcgi over the wire between two hosts on an untrusted network is basically a no-go, so if you follow the sysadmin policy of "never trust anybody, ever", you are obliged to put an fcgi-capable (i.e. heavyweight) proxy on the web app's VM, even though you already have a reverse proxy between it and the real world
[01:08] <twb> OK, rant over
[01:09] <Patrickdk> heh?
[01:09] <Patrickdk> how is that more insecure than running http over the wire?
[01:09] <Patrickdk> and isn't that why they create ipsec?
[01:10] <twb> Patrickdk: if running php-fcgid you can basically ask it to execute anything
[01:10] <Patrickdk> ipsec with http/... is much much less resource demanding than https
[01:10] <twb> Patrickdk: like say rm -rf /
[01:10] <Patrickdk> heh?
[01:10] <twb> Patrickdk: admittedly I didn't actually try to do it
[01:10] <Patrickdk> since when does php run shell commands?
[01:10] <Patrickdk> and I dunno what php-fcgid is, normally you run php-cgi
[01:11] <twb> Patrickdk: same thing, different distros call it different names
[01:11] <Patrickdk> it only runs php files, that are within it's path you define
[01:11] <Patrickdk> but it's the same as running it any other way
[01:11] <twb> Maybe I'm misremembering or misunderstood it
[01:11] <Patrickdk> just as insecure or secure as cgi, or mod_php
[01:12] <Patrickdk> well, it might have been a bug
[01:12] <Patrickdk> but bugs are bugs, not design
[01:12] <twb> I would've been looking at the protocol description, not the source
[01:12] <Patrickdk> then the same would be true of any fastcgi program
[01:12] <twb> Right
[01:13] <twb> I wasn't meaning to single out php cgi specifically
[01:13] <Patrickdk> fastcgi doesnt state anything
[01:13] <Patrickdk> it's all relative
[01:13] <Patrickdk> sure you can pass rm -rf / over fastcgi no problem
[01:13] <Patrickdk> but what the other end does iwth that, is the issue, it should drop it as an invalid request
[01:14] <Patrickdk> same would be true of any protocol
[01:14] <twb> Maybe I just didn't believe php was smart enough to do that
[01:14] <raubvogel> Can I configure where nfs logs at? ubuntu 11.10 if that matters
[01:14] <Patrickdk> nfs logs?
[01:15] <Patrickdk> nfs client? or nfs server?
[01:15] <twb> raubvogel: nfs doesn't log very much by default
[01:15] <twb> raubvogel: your best bet is probably wireshark, although if you describe the problem I might give better advice
[01:15] <raubvogel> twb: I cranked up (-vvv) logging
[01:15] <raubvogel> Trying to nfs mount from, well, a windows box
[01:16]  * Patrickdk is having a horrible nfs lock issue
[01:16] <raubvogel> share has no security whatsoever
[01:16] <Patrickdk> I think it's a 2.6.18 kernel issue though
[01:16] <Patrickdk> all shares have security
[01:16] <Patrickdk> sec=sys,no_root_squash,rw
[01:16] <Patrickdk> should disable most of it
[01:17] <twb> raubvogel: -vvv where?
[01:17] <twb> NFSv3 has no security whatsoever against the root user of any IP that's allowed in /etc/exports
[01:17] <raubvogel> Patrickdk: trying that
[01:18] <raubvogel> twb: In /etc/default/nfs-common:RPCGSSDOPTS="-vvv -rrr" and /etc/default/nfs-kernel-server:RPCSVCGSSDOPTS="-vvv -rrr"
[01:18] <raubvogel>  
[01:18] <twb> raubvogel: uh, so you're using NFSv4?
[01:18] <Patrickdk> heh? gss is encryption stuff
[01:19] <twb> GSS isn't used for NFSv3
[01:19] <raubvogel> Setup can do nfsv4 and kerberos
[01:19] <twb> What is "setup"
[01:19] <Patrickdk> you configured linux side to do kerberos and installed keys and a kdc server?
[01:19] <raubvogel> Yep
[01:20] <raubvogel> But
[01:20] <raubvogel> how can I set this up to do nfsv3?
[01:20] <raubvogel> without kerberos?
[01:20] <twb> Well, NFSv3 is much easier
[01:20] <raubvogel> and then work my way up?
[01:20] <Patrickdk> nfs4 is a major pain
[01:20] <raubvogel> Well, right now I want to eliminate variables; this is a test
[01:20] <Patrickdk> all users must exist on both sides
[01:21] <twb> Basically install nfs-kernel-server, add an entry to /etc/exports, run exportfs -rav.  Then on the client, install nfs-common, and run mount fs:/srv/foo /srv/foo
[01:21] <twb> Patrickdk: he should be able to mount at least, without making UIDs match
[01:21] <twb> Oh, sorry, you mean "users must exist... " for NFSv4
[01:21] <Patrickdk> depending on the security setting
[01:21] <Patrickdk> that is set on both sides
[01:21] <raubvogel> Ok, so how do I set this for nfsv3
[01:22] <twb> raubvogel: do you trust the network you're on?  If not, I recommend NFSv3.
[01:22] <twb> Er...
[01:22] <twb> raubvogel: do you trust the network you're on?  If you do, I recommend NFSv3.
[01:22] <raubvogel> Right now this is a test in a test network
[01:26] <raubvogel> which is why I want to start with v3 and security disabled
[01:27] <twb> v3 doesn't have a -osec= option in the first place
[01:27] <twb> Also for your initial test, strongly recommend test with a linux client
[01:27] <raubvogel> It works fine with linux and OSX
[01:28] <twb> Ah, OK
[01:28] <raubvogel> I am trying to figure out the windows side
[01:28] <raubvogel> Which is why I was looking for a log
[01:29] <raubvogel> I mean, if the windows client claims authorization error there better be a related message in the server
[01:30] <raubvogel> Test share is being exported, according to exportfs -v in server, as <world>(rw,wdelay,no_root_squash,no_subtree_check,sec=sys,rw,no_root_squash,no_all_squash)
[01:30] <twb> OK
[01:31] <raubvogel> Interesting it mentioned no_root_squash twice
[01:31] <twb> IIRC there are a couple of places to turn NFS server logging on, one at modprobe, the other is in /proc/sys/
[01:32] <twb> 24. Linux at http://stromberg.dnsalias.org/~strombrg/NFS-troubleshooting-2.html
[01:33] <twb> Working out if it's using NFSv3 or v4 will be very helpful
[01:34] <raubvogel> twb: the windows client can do both
[01:34] <raubvogel> it is an argument (/3, /4, etc)
[01:34] <raubvogel> AFAIK the nfs server is exporting 3 and 4
[01:35] <twb> Then explicitly tell windows to use 3 to begin with, since 3 is easier
[01:35] <raubvogel> That is what I have been doing
[01:36] <twb> OK.  I would be useful if you had summarized everything you've already done up-front, rather than me having to ask.
[01:39] <raubvogel> twb: will do
[01:40] <twb> afk meeting
[01:40] <raubvogel> K
[02:10] <raubvogel> twb: It seems the problem is in the nfs client program I am using (hummingbird's). Using the Microsoft's, I have no problem mounting the insecure share.
[02:10] <raubvogel> Time to contact their support
[02:25] <crass> is there a pachage for php fastcgi? or is it already compiled in?
[03:15] <aarcane_> So I'm curious about running Ubuntu Server in a virtual environment.  I have a setup that would lend itsself well to either using disk images or to using exposed filesystems.  Both are equally simple to configure and deploy.  The question, for my environment, is which is better performant ?  has anyone done a side-by-side comparison ?
[03:17] <SpamapS> aarcane_: you mean qcow2 vs. say, lvm volumes?
[03:18] <aarcane_> I mean qcow2 vs. say, mkdir.
[03:18] <SpamapS> mkdir?
[03:19] <SpamapS> your VM needs a block device
[03:19] <SpamapS> unless I missed something, kvm doesn't have anything like vmware's host filesystem drivers
[03:20] <aarcane_> I thought kvm could run in an environment similar to a chroot.
[03:20] <SpamapS> I don't know of anybody doing that.. but it may be possible, I've never tried it
[03:21] <twb>  The hg driver is pretty crap anyway
[03:22] <twb> You could use NFS to export a chroot to the qemu VM as its root filesystem :-)
[03:22] <aarcane_> so does ubuntu/kvm at least support running a partitionless device ?
[03:22] <twb> aarcane_: yes but it's fiddly to set up
[03:22] <twb> file /srv/kvm/twb.img ==> /srv/kvm/twb.img: BTRFS Filesystem (label "twb", sectorsize 4096, nodesize 4096, leafsize 4096)
[03:23] <twb> That's a partitionless KVM disk image of a btrfs root filesystem, using extlinux as the bootloader
[03:23] <aarcane_> nice.
[03:24] <twb> Actually come to think of it, if you are doing a normal server install CD inside the VM, it's quite easy -- all you need to do is switch to vt2 and do a "mke2fs /dev/vda", and then the interactive partitioner will allow you to create the real filesystem on vda instead of forcing you to make a vda1
[03:24] <aarcane_> twb, is there an easily accessible howto to do that ?
[03:24] <twb> After that you just need to set up the bootloader -- with grub I have no idea, with extlinux it's just the normal extlinux way except you don't need to copy mbr.bin to the MBR
[03:25] <aarcane_> erm, I meant to send that one line up.  What about using ubuntu-virtualmachine-builder ?
[03:26] <twb> I know nothing of that
[03:31] <SpamapS> live-builder, I think, is the one you want
[03:31] <SpamapS> live-build I mean
[03:31] <twb> live-build / live-helper is oriented mostly towards read-only (+cow) images
[03:32] <twb> I'm not sure they're ideal for "I want a normal VM"
[03:32] <twb> You could likely *abuse* them for that purpose :-)
[03:33] <SpamapS> I believe thats what is used to build the Ubuntu cloud images
[03:38] <twb> SpamapS: that's because cloud images *are* read-only
[03:39] <twb> Part of the point of the cloud stuff is that state lives in the db only and the VMs just have ephemeral state or so
[03:39] <SpamapS> well they are mounted r/w ;)
[03:40] <twb> SpamapS: well, ICBW
[03:40] <twb> I assumed they were mounted ro and then aufs'd with a tmpfs cow
[03:40] <twb> So to an inattentive root user sshing in, they look r/w but the changes are lost when you reprovision the VM on another node
[03:41] <SpamapS> Nope
[03:41] <SpamapS> they're laid down on top of a block device
[03:41] <twb> interesting
[03:41] <SpamapS> and altered in predictable ways
[03:42] <SpamapS> such as putting authorized SSH keys in /home/ubuntu/.ssh/authorized_keys
[03:42] <SpamapS> actually
[03:42] <SpamapS> I think that may be done by cloud-init now that I type it.. hrm
[03:42] <SpamapS> <-- also CBW ;)
[03:47] <twb> This cloud stuff is a fad, like www
[03:47] <SpamapS> yeah it'll never catch on
[03:48] <twb> Or touchscreen computers.  I mean there is *zero* tactile feedback
[03:48] <twb> And when you hit people with a tablet it will just shatter, unlike a model M
[03:49] <SpamapS> so yeah, cloud-init is the thing that installs the ssh key in /home/ubuntu/.ssh :)
[03:50] <SpamapS> the filesystem is literally just thrown onto the block device
[03:50] <twb> And when you boot the VM does /proc/mounts say it's doing anything fancy like aufs?
[03:51] <SpamapS> no
[03:51] <SpamapS> its a xen instance
[03:51] <SpamapS> root=/dev/xvda1
[03:51] <twb> not /proc/cmdlinux
[03:51] <twb> Gah
[03:51] <twb> not /proc/cmdline
[03:52] <twb> If it's live-init the magic happens in the ramdisk
[03:52] <twb> I guess I don't really care, though
[03:52] <SpamapS> yeah I may have said the wrong tool.. live-build is just in my head
[03:53] <twb> live-build is basically a wrapper around debootstrap, mkisofs, syslinux and a few other things.
[03:53] <SpamapS> yeah, so that may not be right
[03:53] <SpamapS> could be vmbuilder
[03:53] <SpamapS> which is basically a wrapper around debootstrap, mkfs, etc.
[03:53] <twb> live-boot and live-init or so, are related tools that allow you to boot off ro media and union it with a cow, which is usually a tmpfs or a rw block device, and to turn off some services that you don't care about on live media (e.g. screen saver)
[03:54] <twb> Most common use case is to use all three to make a custom live USB key or CD
[03:54] <twb> Under ubuntu the latter two are still basically one big icky blob that is casper, at least as at 10.04
[04:05] <yaboo> when I do apt-get instead of typing y every time, how do I automated it
[04:05] <yaboo> trying to make a install script
[04:08] <qman__> yaboo, use the -y option
[04:09] <qman__> apt-get update && apt-get dist-upgrade -y
[04:09] <yaboo> qman__, thanks
[04:18] <Saturn2888> Hello all, I was curious to know if anyone had his or her own PPA or knew anyone that supported a PPA with close to the latest kernel for supporting BTRFS. I want to experiment around with it in a VM, but am making sure I get something as new as I can. I was looking at https://help.ubuntu.com/community/Kernel/Compile but wanted to make sure I wasn't missing anything first.
[04:53] <SpamapS> Saturn2888: precise has a very recent kernel, you could just test precise
[04:53] <Saturn2888> Which one?
[04:53] <Saturn2888> http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.2-rc4-oneiric/ <- I just went there and ran those. Lost the console but SSH works thankfully. If I could use a more-stable build I 'd probably prefer that when I move this to production (still for hobby fun) in a few months.
[04:55] <SpamapS> Saturn2888: more stable would be the regular precise kernel
[04:56] <Saturn2888> I mean, how do I acquire that? Is there a PPA?
[04:56] <SpamapS> Saturn2888: you either update to precise alpha1, or build the kernel for oneiric
[04:56] <Saturn2888> Btrfs v0.19 it says
[04:56] <Saturn2888> oh sorry.
[04:57] <Saturn2888> I meant is there a link with more information? I've never heard of precise.
[04:57] <SpamapS> Saturn2888: actually, 3.2rc4 *is* the current kernel in precise ;)
[04:57] <Saturn2888> Oh great!
[04:57] <Saturn2888> Is precise another distro or something?
[04:57] <SpamapS> Saturn2888: precise == the current dev release of Ubuntu
[04:58] <SpamapS> oneiric == 11.10
[04:58] <Saturn2888> Oh cool. How would I find a download of it?
[04:58] <SpamapS> precise == 12.04 (presumably.. if we release on time ;)
[04:58] <Saturn2888> Wow!
[04:58] <Saturn2888> So it's already on the newest kernel. That's neat
[04:58] <SpamapS> http://cdimage.ubuntu.com/releases/precise/
[04:59] <SpamapS> Saturn2888: you can also do-release-upgrade -d
[04:59] <Saturn2888> Then I can use this instead of a botched 11.10 and would be fine. Great!
[04:59] <SpamapS> Well its still alpha. :)
[05:01] <Saturn2888> Better than a not-working 11.10. Plus this is a VM I setup to test btrfs. My goal is to build a machine off of this once I have the proper knowledge and know-how to do so.
[05:01] <Saturn2888> by rc4, you mean 3.2rc4?
[05:03] <SpamapS> Yes
[05:03] <Saturn2888> Great!
[05:04] <Saturn2888> I'll be finish up this upgrade then.
[05:04] <Saturn2888> finishing up*
[05:25] <Saturn2888> SpamapS: Thank you so much! Seems to have done a few kernel upgrades, but now it's at the rc4 one. Neat. That saved me a lot of time
[05:34] <yaboo> getting a error when I log in wy60 unknown terminal type
[05:35] <yaboo> do I need a /etc/termcap to tell me there is a wy60 terminal type
[05:35] <twb> yaboo: are you really on a Wyse 60 terminal?
[05:36] <yaboo> two yes I need to unfortunately
[05:36] <yaboo> legacy app
[05:36] <twb> terminfo entries are in the ncurses-base package
[05:36] <twb> I do not know about termcap.
[05:36] <twb> Also it's "twb" not "two".
[05:39] <yaboo> two thanks terminfo
[05:39] <yaboo> xchat spellchecker twb
[05:40] <twb> Unfortunately ncurses-base does not defined a wy60 terminfo entry AFAICT
[05:41] <yaboo> twb makes sense seems /lib/terminfo or /usr/share/terminfo under w has no wy60, guess need to find how to install one there
[05:43] <twb> You probably need to write one
[05:43] <twb> Otherwise it might be there under a different name
[05:44] <twb> I can see a wy30
[05:44] <twb> Hmm, I can see a wy60 in the source code
[05:44] <twb> apt-get source ncurses-base, see misc/terminfo.src
[05:45] <yaboo> twb seems ncurses-term has wy60  definitions installed
[05:45] <twb> Ah, I'm sorry, it's ncurses-term
[05:45] <twb> Sorry, bad memory on my part
[05:45] <yaboo> rebooted box see if it works now
[05:45] <twb> ncurses-base is the one that defines only commonly-used entries like linux, screen, xter
[05:46] <yaboo> ok
[05:52] <twb> Anyone familiar with unattended-upgrades?  If I set an email address in apt.conf, u-a will email information to that address (via mail(1)).  If I *don't* set that variable, where does that information go?  Is it thrown away?
[05:53] <twb> I'm hoping the info goes to stderr, in which case cron will catch it and email it to me via sendmail(8), so I can avoid installing mail(1).  (Not because I hate mail, but because more packages = more bad.)
[05:54] <twb> Unfortunately short of faking some security updates, this is fiddly to test, so hopefully someone has already studied the python source and can just tell me.
[06:14] <twb> Nobody knows, huh.  Guess I'll RTFS
[06:23] <yaboo> two got it working, in the end it was a permission issue on the app to allow it to run
[06:27] <twb> The u-u source seems to indicate that it throws the mail away.
[06:27] <twb> What a pain that it needs mail(1) when sendmail(1) is almost identical and already installed.
[06:28] <twb> http://paste.debian.net/148422/ I'd patch it if I had fewer hosts
[06:33] <SpamapS> twb: is it really that big of a deal to install mail?
[06:33] <SpamapS> ignoring that sendmail is, IMO, the right way to do it, I see no reason to get hung up over such a tiny program.
[06:34] <allowoverride> yawns
[06:37] <twb> SpamapS: (Not because I hate mail, but because more packages = more bad.)
[06:37] <twb> thin end of the wedge and all that
[06:41] <SpamapS> twb: if only every person with an awesome idea like that submitted it as a patch.. ;)
[06:48] <twb> Because it's short and catches non-u-u upgrades, I'm going to put this in as a later .daily job:
[06:48] <twb> diff -U999 /var/backups/dpkg.status.0 <(zcat /var/backups/dpkg.status.1.gz ) | egrep '^.Version|^.Package' | grep -3 '^[+-]'
[06:48] <twb> (more or less)
[07:09] <twb> SpamapS: http://paste.debian.net/148425/
[07:19] <SpamapS> twb: cool!
[07:22] <SpamapS> twb: you have just replaced update-manager with a very short shell script ;)
[07:23] <twb> y/w
[08:18] <twb> Is it possible to set ChrootDirectory on a per-key basis in ~/.authorized_keys ?
[08:20] <twb> Accordig to the source code (auth-options.c), no
[08:38] <allowoverride> im ou
[08:38] <allowoverride> out
[08:42] <koolhead11> hi all
[08:54] <user> hi to all!
[08:54] <user> i have a question regarding byobu status bar
[08:54] <user> what does the field <number># mean?
[08:55] <user> it sits left op the uptime field
[08:59] <twb> Probably the screen session number or something
[09:05] <user> ah i found it in the manpage finally. its the total number of logged in users
[09:06] <user> through sshd
[09:08] <user> i have another problem! fail2ban refuses to ban. my system is ubuntu 10.10 has someone noticed this?
[09:08] <user> is it a known problem?
[09:08] <user> ubuntu 11.10 sorry
[09:09] <user> im using shorewall firewall
[09:09] <user> fail2ban configured to use iptables-multip backend. (the default)
[09:24]  * blkperl was playing with fail2bain the other day
[09:24] <blkperl> although on freebsd not ubunut
[09:29] <jamespage> morning all
[09:29] <lynxman> morning o/
[10:28] <koolhead11> morning jamespage lynxman :D
[11:09] <potetpro2k> hello
[11:11] <potetpro2k> I have Ubuntu-server 10.04 LTS with a 3TB disk, the disk has alot of IOWAIT, does anyone know why this is?
[11:12] <ersi> Are you running a lot of applications that are heavily I/O bound?
[11:15] <potetpro2k> no, when i don't transfer the cpu and io is at 0, ~100%idle
[11:16] <potetpro2k> when i transfer via scp to the fileserver, top give me a 50%idle 50%iowait for about 2-3 seconds every 15-20 sec
[11:16] <potetpro2k> i also have the 3tb disk running over LVM
[11:17] <potetpro2k> so the transfer holdts every 15-20 sec for 2-6 sec
[11:17] <ersi> Is it an 'ECO SMART ULTRA LOW POWER MAGIC' disk?
[11:18] <ersi> Sounds like it's spinning down it's platters like, all the time
[11:18] <potetpro2k> 2 sec, gonna check
[11:20] <potetpro2k> think it's a western digital caviar 3tb disk
[12:26] <Daviey> rbasak: Hey, have you been able to look at https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-service-orchestration ?
[12:27] <Daviey> rbasak: We need to determine if, "Binary image deployment with PXE on ARM: TODO" - is still a requirement
[12:30] <potetpro2k> is there a known problem with 3TB western digital HDD on LVM on Ubuntu 10.40 LTS??
[12:31] <RoyK> potetpro2k: the only one I can think of is 4k sectors
[12:32] <zul> Daviey: that sounds like fun
[12:32] <RoyK> but then again, that shouldn't be too much of a problem
[12:35] <potetpro2k> ok, strange i have lots of IOwait when reading or writing, but my other disks are fine :S
[12:38] <RoyK> potetpro2k: IIRC that drive lies about its sector size being 512 while it's really 4k. if your partitions aren't sector-aligned to the _real_ size, the drive may need two i/o operations for each requested operation
[12:38] <RoyK> potetpro2k: what's the drive model?
[12:39] <RoyK> smartctl -i should show that
[12:40] <potetpro2k> 2 sec
[12:41] <potetpro2k> Device Model:     WDC WD30EZRX-00MMMB0
[12:41] <potetpro2k> my 3gb disk got Timing buffered disk reads:    2 MB in  3.78 seconds = 542.41 kB/sec with hdparm -t
[12:43] <potetpro2k> an other question, now i am accessing my disk via an LVM setup, when i only have 1 disk in 1 VG and 1 LV alone, does that slow down the disk's performence?
[12:44] <smb> Daviey, I prepared a debdiff for precise for bug #894713. Just not sure how the sponsoring is supposed to work. Some prefer a linked bzr branch... And you just happened to be last one touching it before. :)
[12:49] <Daviey> smb: debdiff or a branch works for me.
[12:49] <Daviey> smb: point it my way, and i'll look it over right away :)
[12:49] <smb> Daviey, It is attached to the bug report for review. :)
[12:51] <RoyK> potetpro2k: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-701229.pdf <-- it's an "advanced format" drive, meaning it's "user sector size" is 512 bytes, but internal sector size is 4k
[12:54] <Daviey> smb: nice complete changelog, one question - should Debian be doing the same thing?
[12:54] <RoyK> potetpro2k: google for lvm and advanced format
[12:54] <RoyK> dunno if there are known problems with it, but it wouldn't surprise me :P
[12:55] <RoyK> fscking drive manufacturers shouldn't program their drives to lie about sector sizes......
[12:55] <potetpro2k> RoyK cat /sys/block/sda/queue/logical_block_size  gives me 512  so it's formated as it should have been, and the disk "takes care" of the rest? :S
[12:55] <smb> Daviey, Not sure. It could be they just have all of this built-in into their kernels... So they won't have that problem
[12:56] <RoyK> potetpro2k: if you performa a single read of two sectors that spans two physical sectors on the drive, that'll be two i/o operations on the drive
[12:56] <rbasak> Daviey: what's the reason you ask?
[12:56] <RoyK> potetpro2k: the _logical_ block size doesn't matter much performance-wise
[12:56] <rbasak> Daviey: I only added it because you mentioned it I think
[12:57] <Daviey> rbasak: Yeah, i did - but i wanted to confirm that the arm team think binary 'firmware' style images are still required.
[12:57] <Daviey> rbasak: Things are moving quite fast in this area of things, and want to make sure that arm is part of that picture.
[12:57] <ersi> "partitioning a new disk the alignment of the disk has to be so that partitions start in a sector which is a multiple of 8" <- LVM with advanced format, 4k sector disks
[12:58] <ersi> apparently, that seems to be the only concern - could be wrong about that though
[12:58] <RoyK> ersi: sounds right
[12:59] <RoyK> ersi: except if lvm has some hidden headers somewhere...
[12:59] <ersi> ah yeah
[13:00] <rbasak> Daviey: so will we be supporting firmware-style or installer-style installers for arm server, what does arm desktop do, and who will make the decision?
[13:00] <rbasak> (ignoring pxe for the moment)
[13:01] <potetpro2k> RoyK ersi thanks so far :)
[13:01] <Daviey> rbasak: installer is already supported, firmware-style is not yet.
[13:01] <Daviey> rbasak: The arm team, probably NCommander, needs to be involved in that discussion.
[13:01] <rbasak> who decided that we needed firmware-style and why?
[13:01] <Daviey> (I don't think he was present in the UDS session)
[13:02] <Daviey> rbasak: Currently the arm team tend to favour that model it seems, perhaps ogra_ has thoughts.
[13:02]  * ogra_ looks up
[13:03] <ogra_> rbasak, what do you mean by firmware-style ?
[13:03] <rbasak> ogra_: AIUI, an image that gets dd'd and then the machine booted
[13:03] <rbasak> Daviey: ^^?
[13:03] <rbasak> ogra_: (rather than the installer running debootstrap)
[13:04] <ogra_> rbasak, well, that totally depends on the HW
[13:04] <ogra_> if syou can only install to the device you also boot from, the preinstalled approach is best
[13:05] <ogra_> also using live or alternate is extremely slow, an install can easily take 2h or more ... preinstalled takes in max 10min to resize the rootfs and then drops you into ubiquity afterwards to set up the system
[13:06] <ogra_> for other HW setups we might consider other ways to install as long as we can manage them wrt QA (i guess you will understand why having images that take 2h to install arent actually QAable during a milestone freeze)
[13:07] <rbasak> so we currently have both setups supported in oneiric?
[13:07] <rbasak> (depending on what hw it is?)
[13:07] <ogra_> define both :)
[13:07] <ogra_> there are about ten different image types you can build
[13:07] <ogra_> we currently build preinstalled and netinstall
[13:07] <ogra_> netinstall is plain d-i as you know it from the alternate CD
[13:08] <ogra_> preinstalled is like a live oem image
[13:08] <rbasak> OK so what's the plan for server?
[13:08]  * rbasak suspects this may be blocked on hardware again
[13:08] <ogra_> no particular plan until we actually know how the hardware works
[13:08] <ogra_> yeah, well guessed ;)
[13:09] <ogra_> we need to know how it boots, and what the options for installation are
[13:09] <jhobbs> we're planning on doing netinstall's with our hardware
[13:09] <ogra_> netinst is already there and wont go away
[13:09] <ogra_> for all server installs we have
[13:09] <zul> lynxman: happy bday
[13:09] <ogra_> the question is if we will also offer preinstalled, or if alternate would nmake sense etc
[13:10] <ogra_> but that totally depends on the HW and how you boot it ... and how you can install on it
[13:10] <ogra_> which is something we only can figure out with the HW in our hands
[13:10] <rbasak> OK, so for cobbler/juju for precise, would it be sufficient to limit ourselves to netinstall only, given that we don't have hardware yet and we're past feature freeze? So shall I drop that work item? Daviey?
[13:10] <ogra_> past feature freeze ?
[13:10] <rbasak> sorry feature definition freeze
[13:11] <ogra_> keep it, we might get HW ... and arm is a bit special in the freeze regard for certain bits
[13:11] <ogra_> for precise that is
[13:12] <ogra_> i.e. if we can make sure everything works, kernel and bootlaoder support could possibly enter precise in a point release under certain circumstances
[13:12] <Daviey> rbasak: We've already committed to it pre FDF :)
[13:13] <ogra_> that said, if you focus on netinstall thats indeed the safe bet
[13:13] <ogra_> we wont drop it and it will likely even support arches we add later
[13:13] <Daviey> ogra_: right, Trying to work out if our provisioning solution should force d-i installer method, or if we need to add support for the binary image method
[13:13] <Daviey> Would rather not SRU a feature like this for the LTS :)
[13:14] <ogra_> our QA tools depend on netinst so beyond the ac100 image (which uses an android based boot mechanism) all arches we have are supported in netinst
[13:14] <ogra_> Daviey, not my decision
[13:14] <ogra_> we did that for server in the past a few times
[13:14] <rbasak> Daviey: so if we were to add support for the binary image method, would be it be sufficient to just have that working on a panda to consider the feature essentially complete?
[13:15] <ogra_> i agree that it gives an odd feeling though
[13:15] <ogra_> and LTS for arm isnt decided yet
[13:15] <ogra_> we might not be LTS at all (also decided on a higher level)
[13:15] <Daviey> right.
[13:15] <rbasak> we have to worry about breaking cobbler on !arm thoug
[13:15] <rbasak> h
[13:15] <Daviey> rbasak: I'd say so..
[13:15] <Daviey> rbasak: If it's not a painful amount of work, perhaps we shoudl JFDI.
[13:16] <rbasak> Daviey: sure, no objection there
[13:16] <Daviey> rbasak: I was sure i remembered reading that cobbler could already do somethign similar, but lost the reference.
[13:16] <rbasak> Daviey: as I slowly start seeing the whole picture it doesn't seem as awkward to me. it's just hard seeing the picture without hardware
[13:16] <rbasak> Daviey: could be koan related?
[13:17] <Daviey> rbasak: Well, arm does need to have a seperate workflow to the rest of things.
[13:17] <Daviey> rbasak: it /could/ but i'm not such a fan of koan.
[13:17] <Daviey> rbasak: something you might find of interest is pxe-kexec, performs a similar function to koan. :)
[13:18] <Daviey> ogra_: thanks for your input btw
[13:18] <ogra_> np
[13:18] <ogra_> feel free to pick my brain at any time :)
[13:19] <Daviey> ogra_: BRAINZ!
[13:19] <ogra_> :)
[13:19] <ersi> Mmmmh.. brains..
[13:19] <rbasak> ogra_: indeed, thank you, you've been really helpful
[13:26] <potetpro2k> RoyK ersi  parted printed Sector size (logical/physical): 512B/4096B
[13:26] <potetpro2k> is this how it's suppose to look like?
[13:27] <potetpro2k> or is it suppose to be 4096/4096?
[13:32] <ersi> potetpro2k: doesn't matter as far as I've read, what seems to matter is how your partitions are aligned - as in where they start
[13:32] <ersi> potetpro2k: I'm no expert on the matter, and I have no idea if LVM throws in extra data anywhere to make the alignment wonky.. the best post I've found was: http://justimho.blogspot.com/2011/09/struggling-with-advanced-format-during.html
[13:33] <potetpro2k> ok, does it matter if i use parted or fdisk to format?
[13:34] <ersi> shouldn't matter, they're both disk utilities
[13:35] <ersi> maybe it matters if you use GPT's.. I know one of them doesn't support that
[13:38] <potetpro2k> ammagawd, this is driving my nuts :P gonna move my files off the disk and try to repartition and reformat, thanks for the help :)
[13:39] <ersi> good luck :)
[14:23] <kfullert> hi - trying to upgrade Ubuntu Server 10.10 to 11.04 (and then 11.10) using the instructions at https://help.ubuntu.com/community/NattyUpgrades - after saying yes to start SSH on 1022 (as it's over a SSH connection) I get a fatal error - main.log pasted at http://pastebin.com/v1WLCTL3
[14:24] <kfullert> screenlog.0 is at http://pastebin.com/Bqi9V2JF - there wasn't a /var/log/dist-upgrade/apt.log created
[14:41] <koolhead11> So /var/lib/nova/instance/instance-id/console.ring  gives the log of running instace log --> ring
[14:42] <Sander^work> Do anyonce have experience with how to add another mysql server to phpmyadmin here?
[14:44] <funkyHat> Sander^work: try #ubuntu-server
[14:45] <funkyHat> Wait that is this channel
[14:45] <funkyHat> Please ignore me ⢁(
[14:46] <RoyK> Sander^work: I guess #phpmyadmin or perhaps #mysql might be better
[14:46]  * RoyK prefers to use the commandline to administer servers...
[14:47] <Sander^work> I do too.. Just that my customer's dont.
[14:48] <koolhead11> Sander^work: did you check server guide by any chance/mistake?
[14:49] <koolhead11> if you have not please check it am sure they have a chapter on mysql/phpmyadin too
[14:50]  * koolhead11 wonders what magic smoser` does in the cloud image that it shows console output and works well and files once i modify stuff in it :)
[14:51] <smoser`> koolhead11, you'd need to list what modifications you're making
[14:53] <koolhead11> smoser`: only 2 modification adding proxy server info and removing the sudo rm -rf /etc/udev/rules.d/70-persistent-net.rules
[14:54] <koolhead11> and yes removed the ssh-keys from the user-data custom fie
[14:54] <koolhead11> *file
[14:55] <koolhead11> on vnc viewer it boots well and can see log too
[14:59] <tgardner> jamespage, is there a better way then editing /var/lib/cobbler/config/repos.d/*.json to change the mirror ? its also a bit tedious to go through the cobbler web interface.
[15:01] <koolhead11> tgardner: i am guessing there must be a profile associated and you can edit that profile with the info
[15:02] <koolhead11> or if your system/profile uses a presseed you can manully edit that to i suppose
[15:07] <hggdh> hallyn: found the issue; indeed the libvirt fix you submitted yesterday did not do the trick
[15:08] <hallyn> what is the issue?
[15:08] <hggdh> hallyn: dynamic_ownership, and user and group (it seems) does not work anymore
[15:08] <hggdh> hallyn: I will open a bug, but if d_o=0 you get access denied
[15:09] <hggdh> if d_o=1, and user and group are set to root, you get access denied
[15:09] <hallyn> you're sure you're not on nfsv4?  :)
[15:09] <hggdh> heh. I am. I have NFS, any version... all my FS are local
[15:10] <hallyn> ok thanks hggdh.  i'l lneed a libvirt update anyway to handle qemu-kvm 1.0 version #
[15:10] <hggdh> s/have/hate/
[15:10] <hallyn> maybe i'll try merging the debian experimental version
[15:10] <hallyn> that makes more sense :)
[15:11] <hggdh> hallyn: of course, this d_o=1 completely screws with my setup... now I will have to have root running a cronjob to clean up the mess libvirt leaves on permissions
[15:12] <hallyn> hggdh: ?  I must be misreading, bc it sounds like you're saying you don' twant it anyway
[15:13] <hggdh> hallyn: oh, no, I really do not want to be forced to have ISOs owned by libvirt:kvm
[15:14] <hggdh> this is a heavy-handed solution to a non-existing problem
[15:15] <ttx> jamespage: yo! Does your python-jenkins support Launchpad SSO as a login ?
[15:15] <jamespage> ttx: ermm - no
[15:15] <jamespage> that would be a nice feature tho
[15:16] <ttx> jamespage: indeed. I could then use it as part of my release scripts
[15:16] <jamespage> tgardner: not sure about that
[15:17] <jamespage> ttx: leave it with me; it really depends on whether the SSO stuff is exposed on the remote API - I'll take a look
[15:17] <ttx> jamespage: I gather you don't use Launchpad SSO on your own jenkins instances ?
[15:17] <hallyn> hggdh: and in oneiric that works?
[15:17] <jamespage> ttx: not yet
[15:17] <tgardner> jamespage, it doesn't seem to be a global setting anywhere.
[15:17] <ttx> jamespage: ok, keep me posted
[15:17] <jamespage> ttx: we will prob use it on the public instance
[15:17] <hggdh> hallyn: yes. Actually, last week it was working on Precise
[15:18] <jamespage> but most 'work' happens in private instances
[15:18] <hallyn> hggdh: uh, that sounds like spurious (unrelated to libvirt-bin) then.  (I was about to suggest that commit b1643dc15c5de886fefe56ad18608d65f1325a2c might be responsible, but now i'm dubious)
[15:18] <jamespage> tgardner: if you specify the proxy in the preseed to be the orchestra server it should hook up with the squid server which is part of ubuntu-orchestra-provisioning
[15:18] <hallyn> ok thanks i'll wait for the bug :)
[15:18] <jamespage> tgardner, are you using your own preseeds?
[15:19] <tgardner> jamespage, nope, just vanilla stuff.
[15:19]  * jamespage scratches his head
[15:19] <jamespage> the default preseeds should do that
[15:20] <tgardner> jamespage, well, its working OK, but I wanted to point at my local mirror for faster access. squid will pull at least one copy of the package from archive.ubuntu.com, right ?
[15:20] <hggdh> argh! now apport refuses to open the libvirt problem because libglib2.0 needs to be updated...
[15:20] <jamespage> tgardner: ah - I see
[15:21] <jamespage> RoAkSoAx, ^^  - is there a nice easy way to switch the default archive location in orchestra/cobbler?
[15:22] <RoAkSoAx> tgardner: you mean the archive that squid uses?
[15:23] <jibel> hggdh, save the report, edit it, remove the lines 'unreportable reason' and resubmit
[15:23] <tgardner> RoAkSoAx, taht, and the archive that the PXE booters are given
[15:23] <tgardner> perhaps the squid archive is sufficient
[15:23] <tgardner> given the proxy
[15:24] <RoAkSoAx> tgardner: you should make the modification in: /var/lib/cobbler/snippets/orchestra_proxy (given that you are using orchestra.seed or juju.seed)
[15:24] <RoAkSoAx> orchestra.preseed or juju.preseed
[15:25] <tgardner> RoAkSoAx, then re-run 'cobbler sync' ?
[15:25] <RoAkSoAx> tgardner: nope, not need
[15:26] <RoAkSoAx> tgardner: that only applies to the preseed file so everytime, from that change on, you try to PXE boot something, it will use that change
[15:26] <tgardner> RoAkSoAx, cool, I'll give that a try. thanks
[15:26] <RoAkSoAx> tgardner: welcome ;) let me know if you run into any other blockers/ I'll be happy to help
[15:35] <koolhead11> smoser: euca-run-instances ami-00000025 --user-data-file=user-data   will this work with newer cloud-init ?
[15:39] <zul> SpamapS: ping
[15:44] <hazmat> kees, ping
[15:45] <lynxman> RoAkSoAx: ping
[15:45] <RoAkSoAx> lynxman: pon
[15:45] <RoAkSoAx> lynxman: pong
[15:51] <hallyn> oh.  drat.
[15:51] <SpamapS> zul: pong, sup?
[15:52] <zul> SpamapS: so when i do the SRU tomorrow, ill just open up a bug and then ping ya so you can let it go into proposed?
[15:53] <hallyn> ok, looking for advice.  in the past, libvirt shipped /etc/libvirt/qemu/networks/autostart/defaults.xml symlink as part of package
[15:53] <hallyn> so if users removed it, it alwasy got reenabled on upgrade
[15:54] <hallyn> bug 372001 was for that, and my fix was to not ship the file with package, and only install the symlink by hand on an initial install
[15:54] <hallyn> problem is, if you upgrade from an older libvirt, the symlink gets removed bc it's part of the old package, and it doesn't get reinstalled bc it's not an initial install
[15:54] <SpamapS> zul: Right
[15:55] <hallyn> the only way i can think of to fix that is to always install it if upgrading from any current version.  That means it can't be SRU'd.  Can anyone think of another idea?
[15:57] <hallyn> SpamapS: zul: soren: ^
[15:57] <hallyn> (if not, i'll withdraw the sru and fix precise version only...)
[15:58] <zul> hallyn: users get pissed if you disable something and then the packaging re-enables it
[15:59] <hallyn> zul: well, yes :)
[15:59] <hallyn> zul: but I assume we are NOT ok with having an SRU upgrade, for the first time ever, not set up everyeone's default net as autostart?
[15:59] <zul> yeah not ok
[16:00] <hallyn> but i can't think of a clean way to fix it.  I mean, I could do bunches of version checks in each release, but that's fragile
[16:00] <SpamapS> hallyn: it shouldn't have been re-enabled on upgrade.. confflies are supposed to stay dead.
[16:01] <hallyn> SpamapS: but it has always done it in the past.  do we want an sru to change that?
[16:01] <SpamapS> No
[16:01] <hallyn> If that's ok, then terrific.
[16:01] <hallyn> SpamapS: drop your j'accuse - i didn't make the original decision :)
[16:02] <SpamapS> hallyn: I have to run the family out the door.. and then get on a call.. but IMO its a conffile.. so it should be respected as such.
[16:02] <hallyn> i agree, just trying to think how to fix it in sru's the best way
[16:02] <hallyn> tty when you get back, thanks
[16:03] <hallyn> well, maybe i'll just go ahead and hardcode in checks against current libvirt version for each release.  yuck.
[16:11] <soren> hallyn: You can check from preinst whether the symlink is alraedy there.
[16:11] <soren> hallyn: If it is, recreate it in postinst (store a tempfile somewhere to keep track).
[16:12] <hallyn> soren: oh, excellent.  Where should i keep the tempfile?  (I assume there's a normal place)
[16:12] <soren> hallyn: ...and only create it if it was there to begin with or if it's not an upgrade.
[16:12] <soren> hallyn: I'd stick it in /etc/libvirt/qemu/networks/autostart/
[16:13] <soren> hallyn: Clearly named as a temp file.
[16:13]  * soren has to run
[16:13] <hallyn> soren: thanks.
[16:15] <kees> hazmat: pong :) sup?
[16:16] <smoser> adam_g, https://code.launchpad.net/~gandelman-a/glance/899970/+merge/84511
[16:16] <smoser> if you're going to wrap lines for depends, you should use 'wrap-and-sort' unless you have some reason not to
[16:16] <hazmat> hi kees i saw you had some juju issues, and wanted to try and reach out understand them so we can solve them.. one thing that wasn't clear from your blog post was what version of juju you where running?
[16:17] <kirkland> hallyn: have you tested ecryptfs inside of lxc?  does it work as expected?
[16:17] <kees> hazmat: hi, cool. I was using what was in oneiric, since it wasn't clear how to bring up anything else for a sane AMI.
[16:17] <hallyn> kirkland: i don't recall it if i have
[16:19] <kirkland> hallyn: would you mind giving it a shot?
[16:19] <kees> hazmat: you want me to join #juju?
[16:19] <hazmat> kees, that would be great
[16:19] <kirkland> hallyn: fwiw, there is a bug about ecryptfs not working inside of openvz: https://bugs.launchpad.net/ecryptfs/+bug/826996
[16:19] <hallyn> kirkland: sure, but not utnil i fix my libvirt snafu
[16:19] <kirkland> hallyn: which doesn't necessarily surprise me, but I'd hope it would work inside of lxc pretty well
[16:22] <hallyn> kirkland: i'm guessing that they didn't already have ecryptfs kernel module loaded, and openvz container wasn't allowed to modprobe
[16:22] <hallyn> it's not an ecryptfs OR openvz bug
[16:22] <hallyn> (in that case)
[16:22] <kirkland> hallyn: ah, yeah, perhaps.  would you mind adding comments to that effect at your convenience?
[16:33] <hallyn> soren: my proposed fix is at http://people.canonical.com/~serge/libvirt-autostart.debdiff, if you get a minute.  (I'll upload after some testing)
[16:33] <hallyn> kirkland: i'll test in a n lxc container when i get a chance and then comment
[16:45] <hallyn> oh, hm, patch needs a tweak
[16:58] <smoser> utlemming, please review https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ec2-publishing-scripts.hvm-ephemeral/+merge/84805
[16:58]  * utlemming reviews
[16:59] <smoser> zul, https://bugs.launchpad.net/nova/+bug/855030
[16:59] <smoser> "this is fixed in precise"
[16:59] <smoser> but you did not mark fix-released.
[16:59] <hallyn> jdstrand: have you run qa-regression-test test-qemu on a host (not in a vm) and lived to tell about it?
[16:59] <smoser> by design ?
[17:00] <zul> smoser: no just fat fingers
[17:01] <jdstrand> hallyn: not for a while. I use nested virtualization typically (and qrt definitely warns about using at your own risk :)
[17:02] <hallyn> yeah - well the host *is* a throwaway test machine, but i'm wondering just how bad the tests are :)
[17:03] <jdstrand> hallyn: they shouldn't be *too* bad since they run as non-root. you should use 'make-test-tarball' rather than running in the tree
[17:04] <hallyn> ok, i *think* i have all the libvirt upgrade cases covered now....  <crossing fingers>
[17:04] <jdstrand> hallyn: for extra fun, run as a different user
[17:04] <hallyn> ok, will try, thx
[17:04] <jdstrand> (it doesn't need X, so su'ing to that user from a terminal should be ok
[17:04] <jdstrand> )
[17:05] <hallyn> but should be in kvm group?
[17:05] <hallyn> btw, you have an amd box, or you find nested kvm now works on intel?
[17:05] <utlemming> smoser: it looks good...except, why not register the four ephemeral stores to cover the cc2.4xlarge?
[17:05] <utlemming> er, cc2.8xlarge
[17:06] <jdstrand> hallyn: the other user should be in kvm if you want to test that. as for nested, it is nested qemu, not nested kvm
[17:06] <hallyn> oh
[17:08] <hallyn> how odd.  debuild -S didn't sign my .changes
[17:11] <smoser> utlemming, only in keeping with what we've done before..
[17:12] <smoser> i find the existance of 'block-device-mapping' entries in the metadata service annoying when they're wrong
[17:12] <smoser> currently they're only wrong for t1.micro instances and that was something we could not have foreseen.
[17:12] <utlemming> yeah, I see the problem here
[17:12] <smoser> obviously there could be hvm instance types that would have no ephemeral in the future, though.
[17:12] <smoser> t1.micro hvm
[17:12] <utlemming> part of me is thinking that the meta-data should only present valid devices
[17:12]  * utlemming shutters
[17:13] <utlemming> s/shutters/shudders/
[17:13] <smoser> yeah, they should present the *actual* block device mapping in the MD
[17:13] <smoser> or at least the mapping that was there on initial start.
[17:13] <hallyn> hggdh: oh!  so you can't report the bug?  I was wodnreing why i wasn't seeing it in the new queue
[17:13] <utlemming> this seems worthy of a feature request to Amazon -- there is no reason to present an invalid device mapping via meta-data
[17:16] <utlemming> smoser: merged
[17:17] <smoser> if they fixed that, then i'd register 4 ephemeral devices with every ebs type
[17:18] <hggdh> hallyn: I am going to report manually, and add in whatever you ask for later
[17:18] <hallyn> hggdh: ok, thanks.  So I guess this is unrelated to the qemu one i just saw you posted  :)
[17:19] <hggdh> hallyn: indeed it is unrelated. My only problem to report the dynamic ownership is LP timing out continuously for me
[17:19] <hallyn> hggdh: a dput of 80k took me 2 minutes.  i think there is a problem
[17:20] <hggdh> yes, I think so also
[17:20] <smoser> i noticed a slow upload yesterday.
[17:20] <smoser> er.. this morning.
[17:22] <N3> I'm trying to install RAID6 w/ ubuntu 11 and grub fails
[17:22] <N3> I would do lilo, but there is no option
[17:43] <zul> soren: ping are you running precise yet/
[17:50] <RoAkSoAx> adam_g: have you testing upgrading from oneiric -> precise of an orchestra server?
[17:53] <RoAkSoAx> s/testing/tested
[17:58] <hggdh> hallyn: bug 901333
[17:58] <dannf> hallyn: i can't seem to bzr branch lp:ubuntu/natty/libvirt - any idea what's up w/ that?
[17:59] <dannf> bzr: ERROR: Revision {james.westby@ubuntu.com-20110318080232-bskde7dqc2icfixv} not present in "Graph(StackedParentsProvider(bzrlib.repository._LazyListJoin(([CachingParentsProvider(None)], []))))".
[17:59] <hallyn> dannf: the udd trees for libvirt and qemu are b0rked
[17:59] <hallyn> hggdh: thanks
[18:00] <dannf> hallyn: how do we go about unb0rking them?
[18:01] <hallyn> dannf: i don't know.  last i knew it wasn't possible without some fundamental fixes to lp/bzr.  i don't know if those have been fixed and maybe now something just needs to get cleaned up somewhere... #bzr or #launchpad or #ubuntu-devel are probably the places to ask
[18:01] <hallyn> i'd love it if it got fixed
[18:02] <dannf> hallyn: ok
[18:07] <zul> ok now im getting annoyed
[18:08] <zul> hallyn: the ebtables/libvirt stuff is causing me greif
[18:08] <zul> it only seems to happen when im running nwfilter
[18:08] <zul> i can give you an xml that has the problem
[18:09] <hallyn> ok
[18:10] <zul> hallyn: http://paste.ubuntu.com/762980/
[18:11] <hallyn> zul: i'm hopefully uploading qemu-kvm 1.0 this afternoon.  Is there ANY reason not to change ebtables to a depend?
[18:11] <zul> hallyn: i have no reason
[18:17] <hallyn> zul: will it work around your problem?  (i can't seem to use your filterref exceprt on oneiric)
[18:17] <zul> well no because i have ebtables installed and it just cant find it
[18:17] <zul> im starting to get frazzled
[18:18] <hallyn> zul: ah!
[18:19] <hallyn> i bet we need to specify --with-ebtables-path to configure.
[18:20] <RoAkSoAx> Daviey: btw.. the chain.c32 trick doesn't seem to work with KVM instances. It does download the file, shows the grub menu, but stays there
[18:21] <hallyn> zul: could you try a 'strace -f -o/tmp/outout -p `pidof libvirtd`' and then retry the cmd that fails?
[18:21] <zul> hallyn: sure
[18:22] <hallyn> jdstrand: qa-regression-test will need an update to call qemu-system-i386 instead of qemu
[18:22] <jdstrand> hallyn: for all releases or just precise?
[18:23] <hallyn> jdstrand: just precise, but it's safe to do for all releases
[18:23] <hallyn> that is, qemu is goign away, but qemu-system-i386 was always a symlink to qemu
[18:23]  * jdstrand nods
[18:23] <hallyn> yay!  all tests pass
[18:24] <hallyn> jdstrand: cool, long as you don't object i'll do a qrt merge proposal :)
[18:26] <jdstrand> hallyn: I think we might want to do a release specific change. eg in both _check_vm_is_running() and _start_vm(): if emulater == "qemu" and self.lsb_release['Release'] >= 12.04: emulator = "qemu-system-i386"
[18:27] <hallyn> jdstrand: why?
[18:27] <jdstrand> hallyn: otherwise, we aren't testing the same thing we did before
[18:28] <jdstrand> better would be to flip that and default to qemu-system-i386, then use "qemu" iv < 12.04
[18:28] <jdstrand> that expresses what we are trying to achieve slightly better I think
[18:29] <hallyn> it just seems like complicating (making more fragile) the test logic has its own cost
[18:29] <hallyn> but, if you prefer...
[18:33] <adam_g> win 1
[18:34] <hallyn> ok i will
[18:34] <N3> wow, how amazing, the debain installer just installed grub automatically to my RAID6 system, why can't ubuntu 11 do this?
[18:34] <zul> hallyn: http://people.canonical.com/~chucks/output
[18:35] <hallyn> zul: feh, one of the other threads must have tried the exec
[18:35] <zul> hallyn: eyah
[18:38] <adam_g> smoser: regarding glance 'sort-and-wrap', fair enough. shall i also sort the other depends sections of debian/control since tehy are not currently sorted?
[18:40] <adam_g> RoAkSoAx: i haven't been reguarly testing, but i have done it in a couple of weeks. perhaps we can automate that testing per upload?
[18:40] <zul> hallyn: hmm...interesting: http://paste.ubuntu.com/763012/
[18:41] <RoAkSoAx> adam_g: the thing is thta I just did an upgrade, and the changes for squid3 weren't done automatically so I had to ln -sf the new config
[18:42] <adam_g> RoAkSoAx: hm, packaged config files get overwritten on upgrades unless otherwise specified, no?
[18:42] <hallyn> zul: yeah! ebtables on precise gives me a segfault
[18:42] <zul> hallyn: hold on
[18:43] <RoAkSoAx> adam_g: right, but we are doing all thru postinst
[18:44] <RoAkSoAx> adam_g: anyways, just keep an eye on it when you do an upgrade from oneiric->precise to see if in precise the squid changes are actually made, or any other postinst change
[18:44] <zul> hallyn: yeah ebtables is broken
[18:45] <adam_g> RoAkSoAx: i believe ive upgraded the santol orchestra server since squid3 without issue but ill give it a shot later on ec2
[18:45] <zul> hallyn: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/899315
[18:45] <RoAkSoAx> adam_g: cool! btw i just uploaded the changes for chain.c32 and the auto selection of installation disk
[18:45] <zul> hallyn: thanks for the help! :)
[18:46] <hallyn> zul: np :)
[18:48] <adam_g> RoAkSoAx: nice. i sent a merge proposal late yesterday wit a fix for the ISO upgrades deleting custom profiles, with hopes that you and smoser would be able to review. but it was picked up by a patch pilot and merged before anyone looked at it AFAICS.
[18:49] <adam_g> https://code.launchpad.net/~gandelman-a/ubuntu/precise/cobbler/lp900977/+merge/84698
[18:51] <Corey> Is there a semi-sane way to update the certificates in Lucid?  The cert in question works in Debian Squeeze.
[18:51] <BjornWarmedal> I've just been given access to an ubuntu server (through ssh only, no access to hardware) and I'd like to get to know the system. I'm used to the *nix environment and the command line, but what's the best way to get to know the system, its processes and configurations?
[18:52] <Corey> BjornWarmedal: What are you trying to figure out?
[18:52] <Jim44491> anyone in here compiled a kernel for ubuntu ?
[18:52] <Corey> Jim44491: Yes.
[18:52] <Corey> BjornWarmedal: netstat can show you what's listening on what port, ps can show you what processes are running... I'd start there.
[18:52] <Jim44491> i have ubuntu 11.04 and i want to compile kernel version 3 for it
[18:52] <Corey> iptables will show you what the firewall looks like. :-)
[18:52] <Jim44491> any problems ?
[18:53] <BjornWarmedal> Corey: users, processes... netstat and ps are probably a good start, yeah :)
[18:53] <Corey> BjornWarmedal: Take a look through /home and /etc/passwd, reconcile those.
[18:53] <BjornWarmedal> Corey: the server belongs to a club and I've offered myself to learn how to administrate their systems
[18:54] <Corey> BjornWarmedal: ...without knowing what you're doing? :-)
[18:54] <BjornWarmedal> Corey: I'm not responsible for anything until I've learned ;) it just gets faster to learn if I don't have to wait around for someone to have time to teach me
[18:54] <Corey> BjornWarmedal: "Learning on someone else's system" is always a poor decision, really.
[18:55] <BjornWarmedal> Corey: the server I've got access to is a test system, so no harm in hacking around :)
[18:56] <BjornWarmedal> Corey: until I've got a chance to set up my own server it's my best shot :)
[19:01] <raubvogel> Corey: nothing makes you learn faster than learning on the job during a crisis with people screaming behind you
[19:05] <BjornWarmedal> raubvogel: been there, done that... our only expert had a week off, I was new and somehow inherited the title...
[19:06] <BjornWarmedal> raubvogel: and yes, I learned lots
[19:06] <BjornWarmedal> :)
[19:06] <raubvogel> I had one with a server whose OS somehow was put together with 3 different releases
[19:06] <raubvogel> It was mail+nfs+everything
[19:06] <raubvogel> and it crashed
[19:06] <raubvogel> no docs
[19:06] <raubvogel> even no root pwd
[19:07] <raubvogel> had to rebuild array in one week and save data
[19:07] <raubvogel> Loads of fun
[19:07] <zul> mdeslaur: ping this is bad isnt it? http://paste.ubuntu.com/763031/
[19:08] <raubvogel> zul: sounds like apparmor doing its thing
[19:09] <raubvogel> Find out what virt-aa-helper is and whether it needs to do what it tried to
[19:14] <smoser> zul, can you review/merge https://code.launchpad.net/~smoser/glance/merge-from-ubuntu/+merge/77190
[19:14] <smoser> i'd think we would want to keep that glance/ubuntu branch as close to ubuntu as reasonably possible.
[19:17] <jdstrand> zul: those aren't necessarily fatal. what are those files?
[19:18] <zul> jdstrand: those are images feched from glance to create the ec2 instances
[19:18] <zul> smoser: of course
[19:18] <jdstrand> zul: sounds like we would want to adjust /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper for those paths
[19:19] <zul> jdstrand: thats what i was thinking should it be added to the libvirt packaging as well?
[19:19] <zul> or should i start creating an apparmor rule for nova?
[19:19] <jdstrand> somthing as simple as '/var/lib/nova/instances/_base/* r,' would probably be enough
[19:20] <jdstrand> zul: that file is provided by libvirt and so it should happen there.
[19:20] <zul> k
[19:22] <zul> smoser: done
[19:24] <smoser> zul, i thought you mad console output work for lxc
[19:24] <smoser> no?
[19:24] <zul> oneiric?
[19:24] <zul> yes
[19:24] <zul> precise
[19:24] <zul> no
[19:25] <smoser> so it was in diablo proper?
[19:27] <smoser> zul, bug 853602 has a patch attached
[19:28] <zul> smoser: that will just give you /dev/pts/9 or whatever when you run that command
[19:30] <smoser> oh?
[19:32] <zul> yeah
[19:32] <zul> anyways back later
[19:37] <soren> zul: not on my primary workstation, no, if that's what you mean.
[19:39] <smoser> zul, it seems to work for me.
[19:42] <smoser> zul, this applied to current-ish nova "works for me"
[19:42] <smoser> http://paste.ubuntu.com/763072/
[19:42] <smoser> withought that vcpus check, nova does not re-start
[20:01] <th0mz> hi, i'm looking forward to migrate a vsphere HA cluster to Ubuntu Server and opensource hypervisor. Is KVM the best solution ? (long term project (3-6month before i start), just looking for a few  docs to start my reading). any idea please ?
[20:02] <smoser> woot! cirros worked on devstack lxc.
[20:12] <caution> I want to set up a mail server so I can send email from my domain name using a mail client like Thunderbird. It won't accept incoming messages to my domain. What type of mail server is this and what software should I use?
[20:13] <RoyK> !dovecot
[20:14] <RoyK> caution: postfix as the MTA and dovecot for mail storage is generally a "preferred" choice
[20:14] <RoyK> !mailserver
[20:14] <caution> I won't be storing mail though
[20:15] <caution> will I?
[20:15] <RoyK> if you want to receive mail, you need to store it somewhere unless you're going to process it automatically
[20:15] <RoyK> oh
[20:15] <RoyK> no incoming
[20:15] <caution> I don't want to receive mail apart from outgoing mail from my mail client
[20:15] <RoyK> :)
[20:15] <RoyK> ok
[20:16] <RoyK> then all you need is something like postfix
[20:16] <RoyK> and just allow relay from internal IP addresses
[20:16] <RoyK> and, typically, set it to relay outgoing mail to your ISP's MTA
[20:17] <caution> there's no ISP mTA
[20:17] <RoyK> it'll try to do mail routing according to DNS if you don't set a smart relay host
[20:17] <caution> ok good
[20:17] <caution> also it's not an internal IP address
[20:18] <caution> so it needs auth
[20:18] <RoyK> well, just don't open up relay for everything
[20:18] <RoyK> either setup authentication or a small set of IPs from which to relay mail
[20:19] <caution> thanks
[20:19] <RoyK> if you setup an open relay, it takes like max a few hours until half the spambots on the net are trying to mail through it
[20:19] <caution> yeah, I'd even be worried allowing an IP range
[20:20] <RoyK> authentication is rather safe, though
[20:27] <caution> what's a good command line tool to test postfix?
[20:38] <RoyK> caution: what do you mean?
[20:39] <RoyK> caution: telnet yourhost 25 ?
[20:39] <caution> a command line smtp client I guess
[20:39] <RoyK> telnet
[20:39] <caution> no
[20:39] <RoyK> just telnet into port 25 and chat smtp to it :P
[20:39] <caution> takes too long
[20:40] <guntbert> caution: its the only way to really test smtp
[20:40] <RoyK> would have taken shorter time than you have spent asking for help here :þ
[20:40] <caution> nope
[20:40] <RoyK> nope what?
[20:41] <caution> smtp-cli sounds good
[20:42]  * RoyK gives up and finds something useful to do
[20:51] <raubvogel> Anyone doing syncrepl proxy in ldap?
[21:04] <adam_g> win 2
[21:08] <RoAkSoAx> adam_g: your branch in cobbler differs from the latest upload
[21:09] <RoAkSoAx> adam_g: and your branch seems to have been merged already into lp:ubuntu/precise/cobbler when it shouldn't have
[21:19] <demolition> Is there a IPv6 problem known with the latest LTS?
[21:19] <demolition> It gets a IPv6 route, but only a fe80 IPv6 address
[21:19] <demolition> (a fe80 route and a (2001::::) route), where the latest is the global IPv6
[21:20] <demolition> Other systems pickup an address without a hitch
[21:21]  * RoyK doesn't have ipv6 :(
[21:22] <demolition> Note that my network has native (global) IPv6 support
[21:24] <SpamapS> demolition: IIRC, lucid has been made to work with IPv6, but focus on IPv6 in Ubuntu only really started last cycle
[21:27] <demolition> SpamapS: Is there some documentation on making IPv6 work with Ubuntu Lucid?
[21:28] <demolition> It is a strong secured JEOS.
[21:28] <hallyn> hggdh: was trying to reply to the bug report but can't get to lp.  Can you try dynamic_ownership with quotes around the user/group, i.e. user="root"\ngroup="root"?  it works for me...
[21:29] <hggdh> hallyn: will try now
[21:30] <SpamapS> demolition: I'm not much of an IPv6 expert.. so its hard for me to comment intelligently.
[21:30] <SpamapS> demolition: I'm certain it can work... but there may be bugs that have been fixed in later releases.
[21:31] <demolition> What tools and services are the most important for IPv6 networks?
[21:31] <demolition> aka ifupdown
[21:31] <demolition> If I can get a list with that tools, I mind building the latest versions from source
[21:31] <demolition> Don't want to use a non-LTS for production use
[21:32] <SpamapS> ifupdown is probably the most important yes..
[21:32] <SpamapS> demolition: man interfaces should help
[21:33] <hggdh> hallyn: bloody thing now works
[21:33] <Skunk> is there a Ubuntu One (client?) for ubuntu-server?
[21:33] <hallyn> hggdh: woot
[21:34] <hggdh> darn!
[21:41] <adam_g> RoAkSoAx: as i said, i proposed that merge later yesterday with hopes of you and/or scott reviewing, but it was picked up by patch pilot and merged
[21:41] <RoAkSoAx> adam_g: yeah i saw that. I'll fix that now
[21:42] <caution> do the commands in /etc/rc.local get run more than once each boot?
[21:43] <adam_g> RoAkSoAx: thats the second time thats happened with that branch, btw
[21:47] <RoAkSoAx> adam_g: i wonder why the branch reviewer doesn't check that the upload failed... or maybe, they don't even upload and that's why they never realize :)
[21:48] <pedja_> Anybody has suggestion on Certificate Authority software to use on Ubuntu/Debian to replace NewPKI?
[21:53] <offdutypirate> pedja_, managing a private CA?  Would tinyCA work for you?
[21:54] <pedja_> tiny CA is ok but I was thinkin of something that would  (semi) automaticalu publish CRL or act as OCSP
[21:55] <pedja_> I was thinking of using OpenCA which has no ubuntu package
[21:56] <pedja_> I wonder what people usually use for CA management?
[21:57] <SpamapS> I don't think most people do CA management. :)
[21:57] <SpamapS> chain certs are pretty cheap
[21:57] <offdutypirate> pedja_, I'd agree with SpamapS
[21:58] <SpamapS> wtf.. openca has an Ubuntu *RPM*
[21:58] <SpamapS> with 285 downloads.. heh
[21:59] <pedja_> It's just that I tend to use certs a lot (for example entire lab for wireless access and for vpn clients)
[21:59] <RoyK> demolition: have you tried setting a static ip?
[22:00] <pedja_> SpamapS, yes that's odd, and also I am reluctant to create CA infrastructure on software that is not guaranteed to survive OS upgrade
[22:01] <pedja_> so I would rather user something packaged
[22:02] <SpamapS> hah, nothing is guaranteed to survive os upgrade. :)
[22:02] <hallyn> Ursinha: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase  the untouched bugs link seems to point to a bogus list right now... ?
[22:02] <Skunk> bios?
[22:03] <SpamapS> pedja_: looks like it should be relatively simple to package
[22:03] <SpamapS> pedja_: autotools.. apache license..
[22:07] <pedja_> SpamapS,  once I have upgraded proxy machine with  nobody  practically noticing :), I just love apt-get.  I'll try openCA,  to see if it can be actualy used on Ubuntu since it has RPMs
[22:07] <SpamapS> pedja_: its got a source tarball
[22:08] <SpamapS> pedja_: I'd be willing to bet that just doing 'dh_make' in that dir will produce a working package.. though you may need to add an init script/upstart job
[22:08] <RoyK> ubuntu rpm... I wonder what those guys are smoking...
[22:09] <SpamapS> Probably a running joke there
[22:09] <pedja_> seems like nice software; I'll give it a try
[22:09] <SpamapS> like, if somebody emails them asking how to make it work, they send him to [ insert awful video url ]
[22:11] <demolition> RoyK: Are you around?
[22:11] <RoyK> demolition: yeah
[22:11] <RoyK> a bit longer...
[22:11] <demolition> I have tried setting up a static one
[22:12] <blkperl> adam_g: precise is no longer installing....
[22:12] <RoyK> demolition: did it work?
[22:12] <demolition> no
[22:12] <demolition> moment, I am going to reproduce
[22:13] <RoyK> wierd... I'm currently logged into a box with that running just fine
[22:14] <RoyK> machine is running 10.04.3
[22:15] <Skunk> I see ubuntuone-client, but it looks like it wants to install all of x11 .. is there a CLI version?  Is libubuntuone1.0-cil in the right direction?
[22:17] <RoyK> demolition: I'll be leaving now, but afaics the magick done on that box is adding http://paste.ubuntu.com/763204/ to /etc/network/interfaces - good luck...
[22:17] <demolition> wait
[22:17] <demolition> it is done
[22:18] <demolition> the trick was to use ipv6-addr, gateway, netmask, not ipv6-addr, netmask, gateway in order in interfaces
[22:27] <caution> how do I add a command to startup that behaves in the same way as if I had run it myself in a terminal?
[22:30] <andol> caution: wrap it within a bash script which sources /etc/profile as well as ~/.profile?
[22:31] <caution> and then add it where, rc.local?
[22:32] <andol> caution: Well, if you want it to run as a specific user it might be easier to put it in that users crontab, specifcing the "time" @reboot
[22:32] <Nafallo> andol: +1
[22:35] <RoyK> demolition: if you get the route ok, why would you need the gateway_
[22:35] <RoyK> ?
[22:40] <robos> hello: anyone know why this is happening when i run mount -a? mount.nfs: mount to NFS server '192.168.2.1:/mnt/disk2' failed: RPC Error: Program not registered
[22:42] <RoyK> robos: is the portmapper running?
[22:42] <robos> portmap
[22:43] <robos> yes, it's running
[22:43] <Cant_Winn> hey ppl, I am trying to install an iFolder server on 10.04LTS and it keeps giving me an error when I try to set it up... think anyone here might have an idea? http://pastebin.com/RGxdRxJd
[22:48] <Cant_Winn> ..dang
[22:56] <Ursinha> hallyn: will look
[22:56] <hallyn> thx (i'll be leaving soon)
[23:30] <utlemming> smoser: are you around?
[23:31] <JokesOnYou77> Hi all.  I'm running a remote server for downloading large files and torrents, and after setting up the transmission Web UI and starting a large download I've lost the ability to connect to the server.  This has happened before with the connection restored once the download was complete.  What I want to know is if this was because of bandwidth or RAM
[23:32] <JokesOnYou77> Or something else...