[00:08] hazmat: us-west-1 [00:09] kees, thanks [00:10] np [00:32] sigh, i had this problem long ago enough (and on such an iregular basis) that i forgot how to deal with it, but : https://forums.aws.amazon.com/message.jspa?messageID=257984 [00:34] SSH_AUTH_SOCK= [00:54] SpamapS: fyi https://lists.launchpad.net/openstack/msg06033.html [00:59] zul: yeah very cool. :) [00:59] zul: but does it blend? [00:59] SpamapS: no it dices [01:20] http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu/ seems to be missing [01:22] i'm having a hard time searching google for a list of ec2 hosted offical ubuntu repos [01:27] nvm it's up again === lifeless_ is now known as lifeless [02:52] um...wut? my keystrokes are suddenly being typed as japanese characters on my remote server terminal [02:58] why would the character set suddenly change without any apparent reason? [02:58] because now i can't configure anything [03:07] sigh compiz [03:16] Why would compiz be fiddling with input methods? === himcesjf1 is now known as himcesjf [08:03] kirkland: Someone is unhappy: http://deadmemes.net/2010/10/19/fear-and-loathing-in-debianubuntu-or-who-needs-etcmotd/ [08:07] Jeeves_: update-motd *was* a clusterfuck [08:07] Jeeves_: it was rolled out in squeeze (or lenny?) DURING the freeze [08:09] The author does seem to capture the feeling I get every time I deal with some new "feature" that has been introduced by Ubuntu [08:10] :) [08:10] Unfinished manpages [08:10] Missing manpages [08:11] A similar thing happens to me wrt. setting PATH correctly at login time [08:11] For some reason when I log in from tramp, /sbin isn't in root's path [08:11] Ubuntu seems to be focussing on dumb users too much [08:11] THey don't need manpages [08:12] Because some people might not log in with a sh shell, so PATH setting moved out of there to... somewhere. Except pam_environment.so doesn't seem to be the culprit &c &c [08:13] Or how they started with "gee desktops boot slowly" and ended up with "OK so now we have a whole new pid 1 and you need to rewrite all your init scripts in this new system where you can't even ask init to kill -9 your pid instead of -15'ing it, and HUP is assumed to DTRT, &c &c [08:14] * twb froths at mouth [08:18] ``If you thought this was fun, here’s a cool project: figure out how a USB key gets mounted when it’s inserted and what program decides what options to pass to mount(8). Extra credit: change the default permissions used by all USB keys.'' [08:18] Oh my gods, I had to do that for hardy and lucid -- FOR FLOPPIES [08:18] You would not believe how hard gnome makes that [08:19] * ersi shrugs [08:19] Haha, looking at the source, the first line is [08:19] apt-get install udisks=1.0.1-1build1 --force-yes # Avoid Ubuntu's "break floppy support" patch (1.0.1-1ubuntu1). [08:20] (Prisons won't allow USB keys; you can't smuggle a floppy up your arse.) [08:22] http://paste.debian.net/148690/ is the active ingredient [08:23] You can't do the same trick as USB users do, because floppies (except LS120s) don't generate a udev event when they're inserted. [08:51] <_Techie_> im having a problem with a compiled kernel module, whenever i load it, it outputs http://pastebin.com/HGctHeMC to the syslog [08:52] <_Techie_> i have read that it may be caused by compiling against the incorrect kernel sources, is anybody able to verify this? === TeTeT_ is now known as TeTeT [09:09] hi. I am runnnig a shell script on system startup using cron jobs, but the script stops running after 20 seconds. Why is it stopping? [09:17] hi all [09:27] morning o/ [10:24] <_johnny> hi, i'm having some difficulties setting up iscsi. if i run -m discovery -p , it shows a record with the username and password (checked and rechecked, and reset, it *must* be correct) [10:24] <_johnny> however, when adding -t sendtarget it can't login or auth [10:24] <_johnny> let alone --login [10:24] Daviey: around? [10:25] <_johnny> either for "discovery login to x.x.x.x rejected: initiator error (02/01)" (which should mean bad user/pw right?) [10:25] <_johnny> or no record (although i can see a record printed out if i just do -m discovery -p [10:25] <_johnny> any ideas as to what i might be doing wrong? [10:31] hi all [10:47] zul: ping me once your around [10:51] koolhead11: he's in the sprint with me :) [10:51] koolhead11: (Daviey) [10:52] lynxman: dash has new home, just came to know via ttx https://github.com/openstack/horizon all magic/updates happening here [10:52] koolhead11: we know :) [10:53] lynxman: hehe. now i know why i was not able to see all the bug fixes as i was using 4P :( [10:53] cool!! [10:56] * koolhead11 just had a #facepalm moment [14:27] if i could only spell [14:41] smoser: did the change to LOCALBOOT -1 trick worked? [14:42] RoAkSoAx, don't knwo. [14:42] not tried. dont knwo what that is. [14:42] and can't spell, but at least its consistent. [14:44] Hello, I have a question, I'd like to setup a samba share on Ubuntu Server im using for a little test webserver on our intranet. It is Ubuntu 10.04 LTS, we have a Windows Server 2003 Domain setup. I would like to set up a samba share so that I can browse /var/www/ from my windows machine to make adding/editing files easier. Can anyone help with links, or possibly some assistance? Thanks in advance! :) [14:45] smoser: the PXE booted machines swerent falling back to disk thingy... were there VM's? [14:46] smoser: 17:07 < RoAkSoAx> smoser: if it is a VM, it might be becaus eof the recent change to the PXE file. so in /var/lib/tftpboot/pxelinux.cfg/01- change KERNEL chain.c32 to LOCALBOOT -1 [14:47] RoAkSoAx, real hardware. [14:47] smoser: try that change and let me know [14:48] smoser: though, is it latest cobbler in precise? [14:48] oneiric. [14:48] i have to have something moderately stable to install other machines from! [14:48] :) [14:49] smoser: heh, then its not that and have no idea what might be wrong [14:49] maybe is better to try the KERNEL chain.c32 [14:49] and see if it works [14:50] smoser: i've seen machines not being able to boot due to the "normal" way to tell it to fallback to disk when it PXE's [14:50] smoser: the thing is this: 1. machines pxe boots and installs. 2. machine reboots. 3. machine pxeboots but pxe file tells it to boot from HD. 4. machine boots from HD. [14:58] i'm having some problems with my ubuntu box and apcupsd. "Error contacting apcupsd @ localhost:3551: Connection refused" Sometimes it works for the first few minutes of the server being on, then it stops responding. Suggestions? [15:03] smoser: why am i getting "not a bootable disk" when trying to use the cloud images [15:03] how/what are you trying to boot? [15:04] RoAkSoAx, right. thats how it is supposed to work. [15:04] and that is (i thikn) how it worked in natty-ppa version of cobbler for me... but that system was far from clean. [15:05] smoser: using nova on precise [15:06] RoAkSoAx, so this, right: http://paste.ubuntu.com/764976/ [15:06] zul, can i see ? [15:06] what cloud-image did you try to boot ? [15:06] oneiric [15:06] what [15:06] .tar.gz? [15:06] smoser: yes [15:07] that is not a bootable disk [15:07] :) [15:07] it isnt? [15:07] so it will complain "not a bootable disk" [15:07] you need a kernel for that. [15:07] but you can use the .img [15:07] and not deal with a kernel. [15:07] ah ok [15:07] if you're on precise, use this: [15:08] cloud-publish-ubuntu --disk x86_64 oneiric my-bucket [15:08] and be happy [15:08] zul, how are you uploding to glance? with euca2ools ? [15:09] smoser: yeah [15:09] so no keystone ? [15:09] or you have keystone? [15:09] this is driving me crazy. I installed mysql-server on Ubuntu server 10.04. ps auxf | grep mysql shows that the server isn't running, but when I /etc/init.d/mysql start it says "start: Job is already running: mysql" ... Furthermore, if I do mysql -u root -p and type the root pass I get: "ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' " ... anyone got any tips? [15:09] ie, does that work ? [15:09] cause i want that to work. [15:10] no keystone [15:10] smoser: yeah, and you need to copy the chain.c32 [15:10] where does it come from [15:11] syslinux [15:11] smoser: sudo cp /usr/lib/syslinux/chain.c32 /var/lib/tftpboot/ [15:11] yep [15:11] gracias [15:11] smoser: de nada [15:12] RoAkSoAx, so... as some small bit of information. [15:13] my crappy dell inspiron 531 desktop system works with the chain.c32 path, but not hte local -1 [15:13] tash: does mysql use upstart on 10.04? [15:13] and i had probably found that before. [15:14] RoAkSoAx, how do i make that [semi]permenant [15:15] smoser: apply the patch of precise's cobbler to oneiric package: 61_ubuntu_pxe_chainc32_default.patch [15:17] RoAkSoAx, ah. so in precise you've made this change. [15:20] pmatulis: yes [15:20] pmatulis: I tried 'start mysql' too [15:20] # start mysql [15:20] start: Job is already running: mysql [15:20] ps auxf | grep mysql still returns nothing [15:21] tash, what if you netmap to find out who is using the mysql port? [15:22] smoser: yes, this change has been made default in precise [15:22] raubvogel: sorry, not familiar with netmap =\ [15:23] Er, I meant netstat. I am a lousy typist ;) [15:25] netstat -apn | grep 3306 [15:25] raubvogel: nothing [15:26] btw, this last time I did stop mysql I got 'mysql stop/waiting', then I did start mysql and it just sat there looking at me for 3-5 minutes, so I ctrl+c'd it [15:26] Anything on the logs? [15:26] this is weird, b/c I set this up on another server, identical to this one. I should provide a little background that I left out ... [15:28] I did apt-get install mysql-server. Then, I created /data/mysql and copied 4 databases from another server to this location. I did chown -R mysql.mysql /data/mysql ... then I cd /var/lib/ ... rm mysql ... ln -s /data/mysql mysql [15:28] so, an ls -l on /var/lib | grep mysql shows something like this "mysql -> /data/mysql/" [15:28] symlink to the datadir I created [15:29] datdir in my.cnf = /var/lib/mysql [15:29] but this is how I setup my other server, and I didn't have this problem that I can recall [15:30] tash: is this a fresh install of lucid? [15:31] New bug: #902190 in lxc (main) "udev fails to update (oneric host, lucid container)" [Undecided,New] https://launchpad.net/bugs/902190 [15:33] pmatulis: yes [15:34] tash: you installed lucid, then installed mysql-server, and it doesn't start? [15:34] it appears so [15:34] I could just remove it and try again I guess [15:34] tash: why 'appears' so? [15:34] tash: any other fiddling? [15:34] b/c it isn't starting ... so a better answer from me would have been "yes" [15:35] ttx: ping [15:35] pmatulis: nope [15:35] I've only installed it, php5, php5-mysql and copied some files from another server to this. [15:35] robbiew: pong [15:35] I lied ... I fiddled with my.cnf to add slave configuration [15:35] tash: i'll be working with 10.04 later today and i'm going to test your claim [15:35] but have since commented it out [15:36] I did apt-get remove --purge mysql-server just now and am rebooting, I'll try to install again [15:43] dang ... same thing. I rebooted after the remove and purge, then apt-get install mysql-server and then when I try to loging to cli I get that same socket error [15:43] and a ps does not show it as running, wtf [15:58] http://pastie.org/2991726 [15:58] so weird ... someone must have seen this before, no? I'll go peruse google's search results I guess [15:59] tash: if mysqld is not running then don't bother trying to connect [16:01] I can't seem to figure out why it won't start though ... [16:01] nothing useful in logs [16:01] tash: maybe strace will help [16:01] hmmm: http://ubuntuforums.org/showthread.php?t=1479310 [16:02] search for "There is a bug" [16:02] if that is true it doesn't make sense ... no problems on my other server [16:12] hallyn: hi, what's the status of spice support in kvm [16:13] edgy: qemu-kvm-spice package in precise should work [16:14] hallyn: I launched virt-manager and got Error starting domain: unsupported configuration: spicevmc not supported in this QEMU binary [16:14] edgy_: right you need to use kvm-spice, not kvm. I haven't looked at virt-manager and libvirt support [16:15] hallyn: I also tried kvm-splice directly and faced a problem, let me try again [16:16] ok [16:16] pmatulis: I commented out bind-address in my.cnf and rebooted, and still nothing sighs [16:17] hallyn: shall i launch the command like this: kvm-spice -vga qxl -spice port=5930,disable-ticketing precise.img? [16:17] edgy_: yup [16:18] then connect with spicec [16:18] spice-gtk should work [16:18] edgy_: feel free to open a bug about libvirt/virtmanager, btw, bc i do want to get htat working. just haven't gotten to it [16:19] (and not sure how it can work - need to figure out a way :) [16:19] hallyn: i though virt-manager is using kvm instead of kvm-spice, why don't you only replace kvm with kvm-spice? [16:20] edgy_: question is where, exactly? qemu-kvm-spice is not in main (bc spice is not in main and not MIR-able). libvirt is in main [16:22] hallyn: I now launched kvm-spice and then followed by spicec -h localhost -p 5930 [16:22] hallyn: the problem is it's tooooooooooooooo slowwwwwwwwww [16:23] hm - wonder if it got compiled without kvm support [16:23] hallyn: the booting is very very slow and when I put my login info and logged to kde in precise the splash takes too much time to display the icons [16:23] hallyn: and then it logs me off [16:25] Hi, does anyone knows if I can in preseed define a user as sudoer? I have defined the creation of root and a normal user but the last as no root access [16:25] edgy_: could you file a bug? we switched the source package it came from, something mustve gone wrong [16:25] (in the middle of breakfast with the kids, biab) [16:27] hazmat: is there a log file or something you need me to attach to the bug? [16:27] hallyn: ^ [16:28] edgy_: fraid not. i'm pretty sure i'll be able to reproduce, just mention what the guest is, and the dpkg -l qemu-kvm-spice output [16:29] hallyn: ok, by the way I am using precise for guest and host [16:39] tash: did you use strace yet? [16:42] hallyn: what's this qemu-linaro means? === jrp-afk is now known as shirgall [16:43] edgy: it's based on qemu.git, and generally builds all the emulators. only kvm itself comes from qemu-kvm. [16:44] edgy: it sits in universe, which is why it can link against spice, which qemu-kvm can't [16:44] but the qemu-kvm-spice build is supposed to enable kvm [16:44] hallyn: and why spice is in universe not main? [16:44] edgy: because it's dependencies have been refused for main [16:45] pmatulis: no, sorry ... never used it, let me man it [16:45] it picks some out-there image libraries which noone is maintaining which, frankly, i'd rather not maintain myself anyway, so i'm not too bothered by it [16:46] pmatulis: how would you suggest I use it? [16:48] pmatulis: interesting from syslog: http://pastie.org/2991954 [16:52] hallyn: https://bugs.launchpad.net/ubuntu/+source/qemu-linaro/+bug/902237 [16:52] Launchpad bug 902237 in qemu-linaro "proper spice support is missing from kvm-spice and virt-manager" [Undecided,New] [16:58] how do i get spaces into a sysctl.conf value [17:02] edgy: thx [17:18] hallyn: if by that image library you mean "libpixman", that seems to be in main already? [17:39] JanC: cegui-mk2 xerces-c2 ois devil allegro4.2 dialog svgalib freeimage [17:39] (dialog was already MIRd since i made that list, the rest not) [17:42] rbasak: just uploaded the security fixes for cobbler, could you please subscribe 1 of the bug reports to ubuntu-security so its taken care of thorugh there? [17:49] mdeslaur: ping. Hey I have a quick question. Do security updates now have to be uploaded to -proposed instead of -security? [17:56] RoAkSoAx: no, security updates get uploaded to -security, unless it's something we're _really_ not sure about [17:56] RoAkSoAx: are you talking about something specific? [17:57] mdeslaur: I just sponsored an upload (changelog is oneiric-security) and itrejected.. so I was wondering whether I should have uploaded to oneiric-proposed [17:57] s/itrejected/it was rejected/ [17:58] RoAkSoAx: only the security team can handle security uploads [17:58] RoAkSoAx: what bug #? [18:00] mdeslaur: whole bunch of them really, but I uploaded the branch here: https://code.launchpad.net/~ubuntu-branches/ubuntu/oneiric/cobbler/oneiric-proposed [18:00] the original one is: https://code.launchpad.net/~racb/ubuntu/oneiric/cobbler/security_201112 [18:01] though I think given the amount of patches, it would be best to get it to -proposed first [18:02] RoAkSoAx: ok, so me or someone else on the security team needs to build it in the special security team PPA, and from there, we either QA it, or we can push it to -proposed if we're unsure [18:02] RoAkSoAx: this is only for oneiric? [18:03] RoAkSoAx: oh, hrm, there are security fixes mixed with regular fixes in there [18:03] RoAkSoAx: so we have two options, we build the packages with only the security fixes, test them, and push them to -security, at which point the other bug fixes can be pushed to -proposed [18:05] oh, wait a sec, I'm slightly confused [18:06] RoAkSoAx: ok, so it's all security patches except for the trivial one that adds precise [18:07] I am trying to install opennebula-sunstone and I get failure: http://dpaste.com/670890/ what is going on? [18:07] RoAkSoAx: I'll build it in the public security ppa, and then we can decide if we QA and release or push to -proposed, is that ok? [18:07] mdeslaur: that works for me [18:07] mdeslaur: thanks :)! [18:07] RoAkSoAx: I'll let you know once it's built [18:07] mdeslaur: awesome! thanks! [18:08] RoAkSoAx: you're welcome! Thanks for preparing it [18:11] There seems to be a horrible problem with ruby, rails and the opennebula package [18:15] meh, its only ruby who uses ruby anyway === dduffey is now known as dduffey_afk [18:40] jdstrand: hey can you do a quick review of python-nosexcover for me? [18:50] * kees attempts to parse that package name [18:50] kees: yeah...welcome to my life ;) [18:51] * ajmitch wasn't going to comment on that one, too easy... [18:52] so this is great, I have a php5 package that I can build in a PPA with a 12 hour queue, but not in pbuilder [18:52] because nose-xmlcoverage is too long === bitmonk_ is now known as bitmonk === dduffey_afk is now known as dduffey [19:07] RoAkSoAx: actually, since there's already a version in -proposed, I'll wait until it gets released, and I'll build a security update on top of that [19:12] mdeslaur: I bzr push that branch into -proposed, but haven't upload it yet. So should I just go ahead and make the upload to -proposed? === bitmonk_ is now known as bitmonk [19:13] RoAkSoAx: can't do that. security fixes need to go through -security, and -security needs to be built in a special way (without -updates) [19:14] RoAkSoAx: revert your commit to -proposed, and wait until next week and I'll push the security fixes [19:14] mdeslaur: cool, will do, thanks [19:15] RoAkSoAx: security fixes are slightly complicated, because the -security pocket can be used by people without using the -updates pocket [19:15] RoAkSoAx: so they need to be built in a special PPA that doesn't have -updates enabled to make sure the dependencies are calculated properly [19:17] mdeslaur: understood :) [19:26] New bug: #902299 in augeas (main) "lens for mdadm.conf doesn't know to look in /etc/mdadm" [Undecided,New] https://launchpad.net/bugs/902299 [19:35] zul: I will give it a shot, it is possible it will be weekend/monday [19:39] .win 2 [19:39] jdstrand: k thanks === dduffey is now known as dduffey_test [19:42] does anyone know how apparmor will allow mysql to start :( [19:42] ec 9 13:37:59 cain kernel: [ 8321.348367] type=1503 audit(1323459479.937:1021): operation="open" pid=20239 parent=1 profile="/usr/sbin/mysqld" requested_mask="rw::" denied_mask="rw::" fsuid=103 ouid=103 name="/data/mysql/ibdata1" [19:43] tash: what user is mysqld running as? [19:43] tash: you need to add /data/mysql/ to your profile [19:44] Daviey: so i played a bit with setting the nova user to /bin/false but it caused a bit of havor [19:44] havoc even [19:44] tash: eg, in /etc/apparmor.d/usr.bin.mysqld add: [19:44] /data/mysql/ r, [19:45] /data/mysql/** rwk, [19:45] tash: then do appamor_parser -r /etc/apparmor.d/usr.bin.mysqld [19:48] zul: what happend? [19:48] Daviey: permissions when changing files when creating the instance got all cockeyed [19:49] glance has been switched over though [19:50] zul: interesting.. [20:00] hallyn: starting to poke at mountall/lxcguest, hopefully can get that deprecate that part of lxcguest next week, then we can focus on finding a new home for lxc-is-container and the console stuff [20:01] hallyn: that + shutdown/reboot patch and we should be good for 12.04 as far as lxcguest is concerned [20:01] stgraber: cool - I'm fixing up the cgroup stuff right now [20:02] hallyn: what part of the cgroup stuff are you fixing? :) nesting? [20:02] yes, nesting, as well as moving a dead cgroup dir out of the way [20:02] cool [20:02] and putting lxc cgroups under /lxc while i'm at it [20:03] cool, my cgroup filesystem will be less of a mess then :) [20:06] I have a hdd mounted at /home and I was thinking about upgrading it at some point. From the best of my knowledge all I would need to do is cp /home to the new hdd and reboot is that correct? [20:06] Zanzacar: no [20:06] Zanzacar: you'd also want to change /etc/fstab to mount the new hard drive as /home [20:07] Zanzacar: and you're better off using rsync -a /home/ /mnt/new-home/ .. it will make sure all dates and file perms are exactly the same. [20:08] ok that sounds good. [20:08] I thought that it was going to be a nightmare but this seems like it will be pretty easy [20:09] I just need to wait till I find a hdd that is larger then the one I have. [20:09] Zanzacar: the tricky part is that you will want to extract the UUID of the new filesystem.. [20:09] Zanzacar: blkid /dev/xxxx [20:10] Can anybody recommend a good helpdesk/troubleticket app? I've seen a bunch but haven't found one that's opensource that isn't clunky yet. [20:11] otrs [20:11] it is in the repos [20:12] it even has plugin for ITSM [20:12] I was just looking at otrs. I hadn't used it before and don't have any other perl apps so was still looking. Do you like that one? Easy to use? [20:12] SpamapS: thanks for the input I might be back in a few months for further input. [20:13] kpettit: let me search a good otrs presentation [20:14] thanks. if you were to install it would you use the deb package or install from source. Looks like the one on the website is alot newer [20:18] you can try with apt and test it, then you can trye the most recent version and trye its new features, it is in active development [20:18] will do. thanks for the suggestion. [20:19] ohh they have a android app :) [20:20] stgraber: cat /proc/self/cgroup: 9:perf_event:/lxc/o1/lxc/o2 [20:21] * hallyn ships it off to the m-l [20:28] hallyn: nice! [20:30] Hello, I have a question, I'd like to setup a samba share on Ubuntu Server im using for a little test webserver on our intranet. It is Ubuntu 10.04 LTS, we have a Windows Server 2003 Domain setup. I would like to set up a samba share so that I can browse /var/www/ from my windows machine to make adding/editing files easier. Can anyone help with links, or possibly some assistance? Thanks in advance! :) [20:39] nano /ets/samba/smb.conf [20:44] RoAkSoAx, can i set orchestra to use a different proxy ? [20:51] smoser: yes [20:52] smoser: sudo vim /var/lib/cobbler/snippets/orchestra_proxy [20:52] k. i'm going to want to configure that in a apt-upgrade safe way [20:53] smoser: you mean the clients? [20:53] smoser: the server does not use the proxy [20:53] as the server is the proxy [20:53] only the clients use it [20:54] no i mean the server. [20:54] the server broadcasts itself as the proxy [20:55] smoser: well he doesn't really broadcast himself, but yes, he tells the client's APT that he is the proxy, and upon instcallation, that gets recorded in /etc/apt/apt.conf [20:55] yes. [20:55] i was calling that broadcast. as essentially all installed nodes go to him. [20:55] but yeah. [20:56] smoser: :) sometimes I'm pretty literal with english if you know what I mean [20:56] smoser: i guess that the idea would be to have a config interface where we could configure who is the proxy, who is the logging server, etc etc in case its not the same as the provisioning server [20:58] i think its not unreasonable that osmeone might want a different proxy [20:58] and not want an apt-get upgrade to wipe away that choice [20:58] the case i'm looking at right now was the cobber-devenv [20:59] i have a proxy elsewhere on my network, and didn't want the cobbler guest vm to be caching stuff itself. [20:59] smoser: right, but yes I do agree that eventually we would need to provide the server with those options. Whether its within cobbler or outside, dunno yet [21:12] New bug: #902339 in samba (main) "samba(7) references missing programs" [Undecided,New] https://launchpad.net/bugs/902339 [21:12] stgraber: I *had* planned to stick that patch into the package now, but now I'm thinking I'll wait for it to percolate through a new release. Lemme know what you think. (re nested cgroups) === bitmonk_ is now known as bitmonk [21:17] hallyn: I'm fine with waiting as long as we get a new LXC upstream release with it before the sprint [21:33] hallyn: removing lxcmount.conf really gives weird results, apparently doing so the container somehow manages to access to the outside /dev/console or /dev/tty [21:34] hallyn: looking at /proc/mounts in both cases, the only difference that may explain this is the addition of devtmpfs on /dev [21:35] http://paste.ubuntu.com/765336 [21:38] stgraber: ah yes, devtmpfs. if the container access devices through that it'll get the host's. This is where we really need a devices namespace :) [21:39] i think smoser has been bitten by that before, and i've been expecting it to hit us [21:40] right, so the fix we need in mountall is not to mount devtmpfs in a container? [21:40] thats really not a fix. [21:40] smoser: the problem I'm trying to fix here is the need for lxcguest, so that'd be a fix for my problem [21:41] the right magical fix is the device namespace [21:41] what's wrong with lxcguest ? [21:41] i agree its not the right fix either. [21:41] but simply not mounting devtmpfs is just asking for someone to mount it later (which lxcguest doesn't help with either) [21:41] smoser: one of the goals for 12.04 is to be able to take a regular Ubuntu system and run it without any change in a container [21:42] good luck sirk [21:42] sir [21:43] well, at this point, I have a working Ubuntu system in a container if I rsync a root filesystem and add lxcmount.conf to it, so we're definitely not far [21:44] Let's officially put devices namespace on the map for 14.04 :) [21:44] we don't pretend LXC is root safe at this point, so sure, someone can mount devtmpfs and break the console on their host, I just don't want it to do that by default :) [21:44] though that'd be a good thing to add to our list of stuff to enforce with apparmor for now :) [21:50] Question .. what's the equivalent of yum install --disablerepo=* ---enablerepo= [21:50] stgraber: isn't that covered by mount restrictions? [21:51] hallyn: well, that particular restriction will be to make sure nothing is mounted there, but yeah, probably :) [21:51] i've seen apt-get -t .. but thats not what i'm looking for. That seems to be for the os name itself. [21:51] hallyn: also, apparently if add an entry for /dev in the container's fstab (outside of the container), then mountall doesn't try to mount /dev [21:52] hallyn: so we may be able to do what we want without having to touch mountall [21:52] jjohansen: will the apparmor mount restricitons be able to say "cannot mount devtmpfs at all" ? [21:52] stgraber: i wonder how that works. does mountall just not remount anything that's already mounted? [21:52] hallyn: you will be able to specify device type so yes [21:52] jjohansen: and "nowhere" will be an option? [21:53] hallyn: I guess so, I'm getting a "mountall: Event failed" at boot time though, will see if I can make that one go away :) [21:53] hallyn: everything else got mounted though (debugfs, securityfs, ...) so it seems to have done its work [21:53] hallyn: hrmm, it could be, I hadn't actually thought about that one [21:55] RoAkSoAx, i'm not sure of this, but i *think* that import-isos will block exit of apt [21:55] on orchestra install even though its done in the background. due to its stdin and/or stdout being still open. [22:11] * hallyn going outside to enjoy the tail end of a nice day - bbl [22:18] smoser: i've never actually run into the problem, but yeah on installation it now has a question on whether you want import-isos to run or not [22:18] smoser: which I was thinking it might be best to default it to False [22:19] so that in upgrades it doesn't import again [22:19] (or update) [22:23] RoAkSoAx, right. i answered "yes" (actually by mistake) [22:23] the rest of the installation proceeded , but then i seemed to be hung [22:23] i started killing 'wget' processes and eventually orchestra-import-isos [22:24] and immediately upon killing that, apt exited. [22:24] stgraber, since you're interested in fun lxc work... [22:25] i'd love it if you could make a cloud image .img file boot. [22:25] (its a partitioned disk) [22:25] ie, even support for very simple read disk partition table, get first disk, mount it, lxc-container that [22:25] smoser: uhmmm i've personally never actually seen any issue. But yes, I do agree that having orchestra-import-isos running on install when someone doesn't want it, might be a PITA [22:25] smoser: how important is that? [22:25] smoser: I have proto-typed that [22:26] smoser: with live-build [22:26] smoser: but i guess that orchestra-import-isos is just pulling all the bandwidth [22:26] smoser: running kpartx and then using the /dev/mapper entry as rootfs should work (once we get rid of lxcguest, that's) [22:27] RoAkSoAx, thats not the pro blem i'm saying. [22:27] i'm saying if they did say "yes" (even on intention) [22:27] you background the run, with the intent of not blocking [22:27] but you still block. [22:27] utlemming, i'm not sure i follow... what do you mean? [22:28] stgraber, well the images have lxcguest, so thats not an issue with me. [22:28] and yes, i could use kpartx to do this.. [22:28] smoser: making boot-able cloud image files....but I thought that they do boot [22:28] smoser: oh you mean it doesn't really run in the background blocking apt from continueing the instllation process of other stuff? [22:28] at least the QCOW2 are bootable [22:28] but for me... i'd rather it all go through libvirt and me not have to "officially" be root to do it. [22:29] the partitio nimags should boot, given a kernel, but there is no place for a boot loader. [22:29] RoAkSoAx, it *does* run in the background. [22:29] but since it has a handle on apt's stdin or stdout, apt will not exit until its the filehandle closes. [22:30] smoser: right, I know understood you [22:30] smoser: any ideas on how to fix that? [22:30] cobbler-import-isos /dev/null 2>&1 & [22:30] sdoens't have to be devnull [22:30] but you close all its filehandles [22:31] smoser: cool, gonna try that, since orchestra-import-isos is actually being run by run-one [22:31] yeah, just close stdin out and error to it. [22:32] utlemming, maybe i misunderstood you. [22:32] cool thanks [22:32] and the partition images are pretty usable in lxc [22:32]