/srv/irclogs.ubuntu.com/2012/01/09/#ubuntu-server.txt

alex-What is more secure, root account, su - or sudo ?00:05
yaksteranyone here ever heard of webtester5?00:44
yaksterdoes anyone know of a software that is a testing engine, fast and easy to setup?00:47
=== FridgeBoX is now known as zz_FridgeBoX
=== sixstringsg|away is now known as sixstringsg
=== sixstringsg is now known as sixstringsg|away
=== sixstringsg|away is now known as sixstringsg
arrrghhhhey guys.  i am looking at doing RAID via mdadm, raid5 for one set of drives and raid1 for the other set.  would LVM also be an advantage here, or is it kinda redundant?05:30
qman__if you want to put multiple volumes on said arrays, or spread a volume across multiple arrays, it would be useful05:32
qman__otherwise it's not necessary, though not detrimental either05:32
arrrghhhhrm05:32
arrrghhhi guess i might as well05:32
arrrghhhi don't have much experience with either05:32
arrrghhhi have a bit with RAID05:32
arrrghhh0 with LVM05:33
qman__I didn't on mine because I had only singular purposes in mind05:33
qman__personal preference, but I don't like to upgrade too many times without starting fresh05:33
arrrghhhditto05:33
qman__so it's an excuse to redo if I hit a limitation without it05:33
arrrghhhpretty much every time i have to rethink hdd space, i reinstall the OS05:34
arrrghhhand i don't have any RAID right now, and i'm thinking it's time.05:34
qman__my current file server is at its limit, nearing the ext3 size limits and (I assume) getting fragmented05:36
qman__so the next upgrade cycle is total revamp05:36
twbqman__: you know that "5% reserved for root user" of ext?05:38
twbqman__: that is used to prevent fragmentation from happening05:38
qman__yeah, but I'm experiencing performance problems05:38
twbqman__: so if you turned it off, or filled the fs as root, you WILL get MUCH more fragmentation than normal05:38
twbe2fsck will report the fragmentation level also05:38
qman__didn't do either of those, but I did expand the filesystem05:38
qman__originally ~5TB, now 8.2TB05:39
qman__plus I have some flaws in my design05:39
qman__active torrent data shouldn't be on the main storage array05:40
twbRecommend you put it off until 12.04 when ext large blocks will be around05:40
qman__and before it was expanded, the filesystem was over 97% (user) full05:40
arrrghhhbrtfs or whatever ready for 12.04?05:41
twbhttps://lwn.net/Articles/469805/05:41
twbarrrghhh: no05:41
twbarrrghhh: give it another 8 years or so05:41
arrrghhhdidn't think so.05:41
arrrghhh8 years, lol05:41
twbarrrghhh: well, a decade is a reasonable amount of time for a filesystem to go from dev to stable state05:42
twbbtrfs has had about 2 already, so 8 left05:42
arrrghhhoh, i thought it was more mature for some reason05:42
qman__yeah, summer will probably be upgrade time05:43
qman__before then I need to actually get a backup system05:43
qman__flying fast and loose here05:43
qman__though the majority of my data is not that important05:43
qman__I did lose it all once and it was a major inconvenience05:44
arrrghhhlol05:44
arrrghhhi could imagine that would be inconvenient.05:44
twbWhen I lose all my data I'm usually limping for about a week05:44
qman__once drive prices stabilize I'll get some sort of backups going05:45
twbAnything truly important will be published and mirrored by other people05:45
qman__and when 12.04 gets all the major bugs worked out I'll work on upgrading the system05:45
arrrghhhqman__, yea.. i forgot about that and went to best buy to get a hdd with a gift card from xmas.  ended up getting another ps3 controller lol05:45
qman__it'll be a while before they get back down where they were05:46
qman__but they should at least even out and get less extreme pretty soon, once the panic wears off05:46
arrrghhhqman__, i'm going to try to hold off for a year... we'll see if i can make it.05:47
arrrghhhscary how high prices have gone05:47
qman__it's not even a little consistent right now05:47
qman__certain drives are up 300, 400%05:47
qman__others are only up slightly05:47
arrrghhhlol05:48
arrrghhhserver-grade disks are definitely higher05:48
arrrghhhdata centers are hoarding05:48
twbhttp://paste.debian.net/151503/05:52
twbThat's the local "folding table in front of a warehouse" parts vendor; they don't have any SAS tho05:53
=== sixstringsg is now known as sixstringsg|away
koolhead17hi all06:36
kaushalHi07:13
koolhead17supp kaushal07:30
jasonmchristosHow do I enable 2 factor authentication on ubuntu after  installing libpam-rsa? Seems I tried editing the  configs but it doesnt seem to be using the rsa key to  login. Any help appreciated.07:41
koolhead17jasonmchristos: did you restart service after the edit?07:42
jasonmchristoskoolhead17: restarted the whole computer to login but just see the normal password prompt07:47
twbjasonmchristos: any particular reason you're using rsa and not (say) due or monkeysphere?07:47
twbs/due/duo/07:47
twbegrep -v '^[[:space:]]*(#|$)' /etc/pam.d/* | pastebinit07:48
jasonmchristostwb: i dont know what those are07:48
henkjan_jasonmchristos: check duosecurity.com07:50
twbNote that I am not endorsing any of those three07:50
twbI'm asking because maybe you just picked libpam_rsa because it was the first google hit07:51
henkjan_jasonmchristos: 2 factor authentication with pust notification to your mobile07:51
=== henkjan_ is now known as henkjan
twbhenkjan_: well, that's one of the things it can do07:51
henkjandialing/passwords in sms07:52
henkjanal for free (10 users)07:52
twbHere I have actually deployed OTPW which uses one-time passwords (something you have) prefix with a normal password (something you know)07:52
twbSo technically that's multifactor auth, and pretty cheap and easy too07:52
jasonmchristostwb: https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit07:53
twbThat yields no content: http://paste.debian.net/07:53
twbGah, stupid pastebin script07:54
jasonmchristosAll of that sounds interesting but let me start with something basic07:54
twbjasonmchristos: that URL redirects about 20 times and eventually takes me to https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D1&followup=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D107:54
twbI am not going to log into google to read a pastebin.07:55
jasonmchristostwb: try now https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit07:55
twbhttps://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D1&followup=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D107:56
twbI think that's the same URL it redirect me to07:56
jasonmchristosoops07:56
twbIt probably requires javascript or something07:56
jasonmchristoshttps://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit07:56
twbjasonmchristos: same behaviour07:57
twbTry paste.debian.net07:57
jasonmchristosok hold on07:57
jasonmchristosi just want to be able to remove it after you look07:57
twbTough07:57
twbIf your security infrastructure relies on secrecy then you are fucked07:58
jasonmchristoshttp://paste.debian.net/hidden/167c294b/07:59
jasonmchristostwb: well im working on it thats why i'm here07:59
twbjasonmchristos: apparently that URL you sent works OK in a GUI browser, so it is just that google docs doesn't provide even read access to traditional browsers08:00
jasonmchristosits all designed with chrome inmind08:00
twbNow I guess the service you mainly care about is sshd?08:01
jasonmchristosno08:01
jasonmchristospam08:01
twbHmm, no ssh there, so I guess gdm?08:01
jasonmchristoslocal08:01
jasonmchristosgdm and tty08:01
twbOK, "tty" is called the login service08:01
twbBut e.g. you don't care about using pam_rsa to auth cups printing atm08:01
twbOK, did you manually add the pam_rsa.so line to login?08:02
jasonmchristoslets see what i added08:03
twbThis is where I tell you about etckeeper for future reference08:03
twbjasonmchristos: while you're there, tell me what ubuntu release you're running (lsb_release -a) and if you have an /usr/share/pam-configs/ and what's in it.  Also cf. pam-auth-update(8)08:05
twbpam is a bitch to get right, don't expect this to be a cake walk08:05
jasonmchristostwb: i added auth sufficient pam_rsa.so debug08:07
jasonmchristosauth sufficient pam_stack.so service=system-auth08:07
twbPROBABLY what you want to end up with is an entry in /usr/share/pam-configs.  During testing you only want to affect login, so what you want to do is go into /etc/pam.d/login and replace @include common-auth with the contents of /etc/pam.d/common-auth, and then extend that to include pam_rsa.so08:09
jasonmchristosok I am going to clean up my desk and come back to this saving what you have told me shofar08:10
jasonmchristosthanks for the help twb08:10
jasonmchristosauth sufficient pam_rsa.so debug08:10
jasonmchristosauth sufficient pam_rsa.so debug[A[A08:10
twbJokes on him, I'm going to the pub, mua haha08:15
similiananyone here using a public brigde concept with kvm on 10.0409:29
similiani used the pbulic guide but i cannot ping my vms from my lan09:29
similianmy vms can ping my lan though09:29
similianbut not the gateway09:29
similianan I ran out of clues09:30
similianI basically wanted to let my vm access my LAN directly (192.168.20.x)09:31
similianI can provide any config files you need09:31
similianbut its basically just the public guide09:31
similianstrange thing is if i ping my Lan Client with my vm I will be able to ping it afterwards09:33
similianthere seems to be a routing issue09:33
similianI wonder what needs to be change in the br0 config09:34
CasmoNLsimilian, I set up a VM with VBox, and I can access my whole lan from within that VM, without changing configs. o_O09:40
similianI use kvm09:41
similianyeah its strage09:41
similianstrange i mean09:41
similianI just wondered if there is a clue09:41
similiando you have static ip config? on your vm?09:44
similianbut vbox is different from kvm :/09:44
CasmoNLsimilian, yeah, I have a static IP in my VBox VM, and I was planning on using kvm first, but it failed, so I ended up with VBox, and I like it so far. :P10:27
stgraberhallyn: working on the MIR for cgroup-lite?11:09
stgraberhallyn: just saw you adding it as a Depends of libvirt-bin so it now needs to be promoted to main11:09
stgraberhallyn: which will at least guarantee it's part of the ubuntu-server package set :)11:10
hallynstgraber: d'oh!  would making it recommends bypass that?11:10
stgraberhallyn: yeah but that'd be bad11:11
hallynstgraber: confounded11:11
stgraberhallyn: as we install recommends by default, it'd install it when installing libvirt post-install but not when installing it from a media11:11
hallyninteresting, didn't know that happened11:11
hallynstgraber: so i guess i have to yank it from depends while I file mir11:12
hallynstgraber: pushing revert of that bit now11:17
stgraberhallyn: thanks. I don't think the MIR will be hard to get, especially as long as we only promote cgroup-lite and not cgroup-bin11:20
stgraber(you can still depends on cgroup-lite | cgroup-bin with only cgroup-lite being in main, so we'd only need cgroup-lite to be promoted)11:21
stgraberhallyn: btw, I got a few more reports of people (wgrant being one of them) having broken suspend/resume because of cgroup-bin (first suspend/resume works, second doesn't)11:22
stgrabernot sure what we should be doing about it, but cgroup-bin seems to generally be a very bad idea, wondering if we shouldn't completely drop it and transition to cgroup-lite11:22
hallynstgraber: d'oh, i just pushed the revert.11:22
hallynyes, i've been thinking same11:22
hallyni don't know if anyone out there is using some 'enterprise' junk that rquires it though11:23
hallynstgraber: I suppose at some point someone may ask why we don't just have mountall mount cgroups11:34
hallyn(the answer might be some gibberish about wanting more flexibility for customization)11:34
hallynbug 91372811:35
uvirtbotLaunchpad bug 913728 in libcgroup "[MIR] cgroup-lite" [Undecided,New] https://launchpad.net/bugs/91372811:35
uvirtbotNew bug: #913727 in lxc (main) "lxc grabs 10.0.0.0/8 by default" [Medium,New] https://launchpad.net/bugs/91372711:36
stgraberhallyn: you probably want to subscribe the mir team to that bug11:39
hallynright :)  thanks11:40
uvirtbotNew bug: #913728 in libcgroup (universe) "[MIR] cgroup-lite" [Undecided,New] https://launchpad.net/bugs/91372811:41
hallynstgraber: (yeah, i saw the cgroup-bin suspend/remove confirm)11:51
abhinavmehtaif I'm having both boot loader installed eg. LILO & GRUB, and I want to know, which boot loader I'm using…how to find ?12:00
abhinavmehta..its a os-instance running at some cloud-provider..so how to find this..?12:00
uvirtbotNew bug: #913739 in nova (main) "nova-objectstore logrotate script uses 'dpkg-vendor'" [Undecided,New] https://launchpad.net/bugs/91373912:17
similianhow can i debug bridgin?12:38
moobooguten morgen! ich habe sein sehr schlimmes und großes problem mit meinem raid server vielleicht kann mir ja jemand helfen! ich habe alles hier zusammengefasst http://debianforum.de/forum/viewtopic.php?f=9&t=133772&p=861136#p861136 vielleicht hat ja einer von euch den perfekten plan.12:46
RoyK!english12:49
ubottuThe #ubuntu, #kubuntu and #xubuntu channels are English only. For a complete list of channels in other languages, please visit https://wiki.ubuntu.com/IRC/ChannelList12:49
RoyK!german12:49
ubottuIn den meisten Ubuntu-Kanälen wird nur Englisch gesprochen. Für deutschsprachige Hilfe besuche bitte #ubuntu-de, #kubuntu-de, #edubuntu-de oder #ubuntu-at. Einfach "/join #ubuntu-de" eingeben. Danke für Dein Verständnis!12:49
RoyK!deutsch12:56
ubottuIn den meisten Ubuntu-Kanälen wird nur Englisch gesprochen. Für deutschsprachige Hilfe besuche bitte #ubuntu-de, #kubuntu-de, #edubuntu-de oder #ubuntu-at. Einfach "/join #ubuntu-de" eingeben. Danke für Dein Verständnis!12:56
RoyK!中文12:57
RoyK:)12:57
=== lili is now known as oolala
=== oolala is now known as lala
=== jdstrand1 is now known as jdstrand
stgraberhallyn: hey, just talking with doko about the MIR. It'd be easier if cgroup-lite was a separate source package.13:59
stgraberhallyn: that way we can promote the cgroup-lite source package to main without any risk of also promoting cgroup-bin13:59
stgraberhallyn: and can then potentially drop the cgroup-bin source completely if we think we don't want it in Ubuntu13:59
hallynstgraber: that'd be fine with me.14:03
stgraberhallyn: can you prepare the new source?14:04
=== bladernr_afk is now known as bladernr_
hallynI can give it a shot.14:14
hallynstgraber: do I start a new changelog, or copy the libcgroup one in?14:18
stgraberhallyn: I'd go with a new changelog to avoid some confusion14:20
stgraberhallyn: just make sure the initial version is slightly higher to the current cgroup-bin version, otherwise the upgrade won't work14:20
sorenThis is weird. I grabbed http://cloud-images.ubuntu.com/releases/oneiric/release/ubuntu-11.10-server-cloudimg-amd64-disk1.img and I'm trying to run it in KVM, but it's just hanging after grub.14:21
utlemmingsoren: agreed, that is wierd14:22
utlemmingoh...wait, maybe not14:22
kirklandSpamapS: hallyn: what do you think about the suggestion in https://bugs.launchpad.net/bugs/910341 ?14:22
uvirtbotLaunchpad bug 910341 in ecryptfs-utils "ecryptfs-(u-)mount-private should emit an upstart event" [Wishlist,Incomplete]14:22
utlemmingsoren: do you get any text after grub at all?14:22
utlemmingsoren: try the daily14:23
sorenutlemming: This is the released Oneiric image.14:23
sorenSurely that should work?14:23
utlemmingsoren: that is a bug that got fixed14:24
utlemmingsoren: we are currently testing the latest daily and plan on releasing that ASAP14:24
SpamapSkirkland: Why not emit a 'mounted' event just like mountall does?14:25
sorenutlemming: The oneiric images haven't worked since release? I could have sworn I've used them.14:25
utlemmingsoren: what is happening is there was a bug with the last released image where the metal kernel got installed14:25
utlemmingsoren: no, it was a regression between the initial release image and the last update14:25
sorenutlemming: This is the released image.14:26
utlemmingthe daily that built yesterday looks good so far, so I am ~95% sure we'll be kicking that out14:26
sorenutlemming: ...and no, there's no text after grub. Not even "booting linux" or anything.14:26
utlemmingyes, that's a match14:26
utlemmingthe "release" is a symlink to the latest image, not the initial release14:26
sorenOh, wait..14:26
soreneep!14:27
sorenWhy, oh why?14:27
utlemmingsoren: the tests will finish in about 15 minutes and I can tell you whether the latest daily will become a release14:28
sorenutlemming: Is that intentional?14:28
utlemmingthe release or the bug? :)14:28
sorenThe fact that /release doesn't contain what was released.14:28
soren...but rather an update.14:28
utlemmingthe release methodology is intentional, although I am unsure as the reason for doing it14:29
hallynstgraber: well I figure I"ll just call it "1.0", where libcgroup is at 0.37.1 :)14:29
sorenutlemming: Did a release manager sign off on that?14:29
stgraberhallyn: sounds good14:29
utlemmingsoren: I don't know...do me a favor and file a bug against that14:31
utlemmingsoren: we're sprinting and incidently I have a meeting with the release manager tomorrow to talk about images14:31
sorenutlemming: What would I file that bug against?14:31
utlemmingI'll raise that question with her tomorrow, but looking at it I agree with the concern14:31
utlemmingUbuntu and then assign it to me14:31
utlemmingI am thinking there should be a "release" and a "latest"14:32
sorenAll I care about is that "release" never ever changes.14:32
soren:)14:32
=== bladernr_ is now known as bladernr_afk
utlemmingwell, we do have that...14:32
sorenWhere?14:33
utlemminghttp://cloud-images.ubuntu.com/releases/oneiric/release-20111011/14:33
utlemmingrelease is a symlink to the .../release-20111205/14:34
hallynkirkland: there are upstart jobs requiring a homedir to be mounted?14:34
sorenutlemming: Right, so "release" did change.14:34
utlemmingyup. What is unclear, and probably uncommunicated is that "release" is a symlink to release-<most recent>. And I agree that we are abusing the term "release" here.14:36
=== bladernr_afk is now known as bladernr_
hallynstgraber: http://people.canonical.com/~serge/cgroup-lite-1.0-package.tar.gz14:37
sorenRight. I'm almost entirely sure that everywhere else, /release is never ever changed.14:38
sorenutlemming: ^14:38
stgraberhallyn: hmm, empty orig tarball, that looks wrong14:38
hallynstgraber: is any sort of breaks/replaces needed?14:38
hallynwell, i can move debian/scripts/* to ./...14:39
stgraberhallyn: make it a native package14:39
=== bladernr_ is now known as bladernr_afk
* hallyn googles14:40
stgraberhallyn: oh, it's already a native package but still has an orig tarball, interesting :)14:40
stgraberhallyn: ok, wait for a few minutes, poking at it ;)14:40
hallynok, will keep looking at ($*&%(*&$% xserver-xorg-qxl meanwhile14:41
=== bladernr_afk is now known as bladernr_
stgraberhallyn: http://www.stgraber.org/download/cgroup-lite.tar.gz14:44
hallynstgraber: do you just create that by hand, or is there a dh_make toggle you can use?14:47
stgraberhallyn: don't know, never used dh_make :)14:48
hallynstgraber: seems to be working, thanks :)14:49
hallynstgraber: lintian complains about standards versions, but other than that it looks good14:53
Tribaalhi stgraber, BTW :)15:03
hallynstgraber: any objection to having the lxc-ubuntu template clear /var/cache/lxc/$release if it's more than a week old?15:07
hallyn(or we could have it chroot apt-get dist-upgrade, but that's scarier, not as reliable)15:08
zeknoxI have a laptop running 10.04.3 LTS that will only show lo for an interface when running ifconfig -a, it was just working the other day, not it is not, I have looked at /etc/network/interfaces and validated auto eth0 is in the file15:26
zeknoxI'm missing my interfaces for eth0 and wlan015:29
sorenzeknox: "ifconfig -a" also shows unconfigured interfaces, so all interfaces should be there regardless of whether they're in /etc/network/interfaces. It's either a driver or a hardware problem.15:31
zeknoxsoren: yeah ifconfig -a only shows lo interface15:31
zeknoxsoren: was working just last week15:31
gary_posterhallyn or SpamapS, are either or both of you here at the platform sprint and available to talk a bit about lxc-start-ephemeral?15:44
stgraberTribaal: hey!15:48
stgraberhallyn: I'm fine with having it cleaned when it's > 1 week old15:48
hallyngary_poster: yes and yes15:48
hallynstgraber: ok15:48
stgraberhallyn: though I think rbasak said it was taking a lot of time to build new template on ARM, so maybe try to see if we can solve that before forcing the template to be rebuilt15:48
zeknoxI just booted to a boot disc (backtrack 5) and my eth0 interface will come up so I know it is not hardware issues15:49
gary_posterhallyn, awesome, thanks.  when would work for you?  It might be good to introduce you to the squad working with lxc anyway, so I might try pulling you over into a launchpad roon15:49
gary_posterm15:49
zeknoxis there an easy way to reinstall networking?15:49
hallynstgraber: good point - he's going to test and let me know :)15:50
hallynstgraber: rbasak's answer is he wants a separate lxc-download split out of lxc-create15:55
stgraberhallyn: k15:56
hallynso we might be by to bug you at some point :)15:56
hallynstgraber: how long will you be there yet?16:01
hallyngary_poster: tomorrow perhaps16:17
uvirtbotNew bug: #913857 in ntp (main) "ntp-keygen documentation lists options that ntp-keygen does not support" [Undecided,New] https://launchpad.net/bugs/91385716:18
gary_posterhallyn, great, thanks.  which room are you working in?16:18
hallyngary_poster: Dery16:19
gary_postercool thanks16:19
=== sixstringsg|away is now known as sixstringsg
eutheriais it esc to get the lucid grub boot menu?16:41
=== sixstringsg is now known as sixstringsg|away
zeknoxsoren: my system ended up doing a kernel update, so I needed to reinstall network drivers from source16:49
zeknoxsoren: problem solved, thanks for your help16:49
uvirtbotNew bug: #913878 in netty (universe) "should run test suite on package build" [Medium,Confirmed] https://launchpad.net/bugs/91387816:51
uvirtbotNew bug: #913877 in lxc (main) "lxc-create fails: cp: will not create hard link..." [High,Triaged] https://launchpad.net/bugs/91387716:56
hallynstgraber: so regarding the console issue in lxc on precise,16:57
hallynstgraber: it appears to be similar to smoser's libvir-lxc problem after all16:57
hallynstgraber: if you do lxc-console -n <container> and log in on its /dev/tty1, and ls /dev/pts, you see an empty dir16:58
hallynso something somwehre along the way is doing an extra mount -t devpts -o newinstance16:58
hallynhaha, and yes, confirmed, /dev/tty1 in the container was using /dev/pts/3 on the host17:04
stgraberhallyn: well, the "not getting a console after lxc-start" is definitely caused by the new getty as just copying the old binary makes the login prompt show up again17:08
hallynstgraber: and then does /dev/console show itslef as 136:0, and ls /dev/pts shows '0 ptmx' ?17:09
stgraberhallyn: /dev/console is 136:14 here, /dev/pts contains 28 entries17:12
hallynuh, the same 28 entries as your host?17:12
hallynoh, i guess that's ok17:12
hallynnm, makes sense.17:13
stgrabernope, I have 17 on the host17:13
hallynodd17:13
hallynyou haven't yet trakced down the getty regression I assume?17:13
=== bladernr_ is now known as bladernr_afk
stgrabernope, I mentioned it to lamont but that didn't ring a bell, so will have to go through the upstream git to figure out what changed17:14
hallynall right i'm gonna go clear my head so i can decide what to focus on tonight :)17:14
hallynttyl17:15
stgraberok, bye17:15
=== bladernr_afk is now known as bladernr_
=== sixstringsg|away is now known as sixstringsg
pmatulisSpamapS: re bug #818177 , confirm that -proposed needs to be enabled during install to perform the verfication...17:38
uvirtbotLaunchpad bug 818177 in udev "boot failures as /dev is not transferred to /root (because 'udevadm exit' times out waiting for a deadlocked worker)" [High,Fix committed] https://launchpad.net/bugs/81817717:38
=== cloakable_ is now known as cloakable
=== sixstringsg is now known as sixstringsg|away
=== bladernr_ is now known as bladernr_afk
=== sixstringsg|away is now known as sixstringsg
uvirtbotNew bug: #913935 in ipsec-tools (main) "racoon segfaults when flusing SPD" [Undecided,New] https://launchpad.net/bugs/91393519:26
=== andreas__ is now known as ahasenack
TaymonHi. I'm running Oneiric server and am trying to configure a bridge on top of a bonded interface. My /etc/network/interfaces is at http://paste.ubuntu.com/798553/; I suspect I'm doing something wrong but don't know what.19:41
hallynstgraber: all right, got the console working.  not pretty though20:12
uvirtbotNew bug: #913948 in krb5 (main) "package libgssrpc4 1.8.1+dfsg-2ubuntu0.10 failed to install/upgrade: erreur lors de l'écriture de « <sortie standard> »: Succès" [Undecided,New] https://launchpad.net/bugs/91394820:16
=== sixstringsg is now known as sixstringsg|away
=== koolhead17 is now known as koolhead17|zzZZ
hallynstgraber: bug 91395220:19
uvirtbotLaunchpad bug 913952 in util-linux "no console on precise containers" [Undecided,New] https://launchpad.net/bugs/91395220:19
uvirtbotNew bug: #913952 in util-linux (main) "no console on precise containers" [Undecided,New] https://launchpad.net/bugs/91395220:26
hallynrbasak: since we are upgrading each container on lxc-create anyway, I think we can punt the wiping of /var/cache/lxc/$release/rootfs-$arch when it is past $LXC_INTERVAL.  Deal with that when we introduce lxc-download-image in p+1.20:40
stgraberhallyn: cool, thanks for tracking that down20:52
stgraberhallyn: does that change also explain the terminal being reset/cleared when running lxc-console on a precise system?20:52
stgraberhallyn: (as in, on a precise container, works as it used to for an oneiric container)20:53
treyisradanyone running ZFS on their ubuntu machine? would you reccomend it over mdadm?21:12
RoyKtreyisrad: I have zfs on several machines, but not with linux21:13
RoyKtreyisrad: zfs is far better in some respects, namely safety, with checksumming of all data, and in that it has a very lightweight compression21:14
RoyKmdadm is more flexible, though21:14
=== bastidra1or is now known as bastidrazor
treyisradRoyK: ah, well i'm looking to move over my raid array, since i've had quite a few problems with corruption. (recently lost around 20% of my data, lost all of it a few months back)21:14
treyisradI hear zfs is fairly good in that respect.21:15
RoyKzfs checks its data and metadata in a way few other filesystems do21:15
RoyK'cept perhaps btrfs, but that's not stable yet, and gods know when it'll be21:15
=== JanC_ is now known as JanC
treyisradlast time i looked into it, zfs on linux was still a bit iffy, but it seems to be mostly stable now.21:17
RoyKtreyisrad: but zfs natively on linux is nothing I would recommend - too immature to me21:17
* RoyK sticks to solaris/openindiana for zfs21:17
RoyKopenindiana works well - I have some 350TB worth of storage on that platform21:18
treyisradwell, my luck with mdadm/xfs has been terrible, so my standards are pretty low :P21:18
RoyKI'd recommend ext4 over xfs any day21:18
hallynstraber: made a few more changes to cgroup-lite (including doko-recommended): http://people.canonical.com/~serge/cgroup-lite.tar.gz21:19
JanCtreyisrad: you shouldn't use XFS without a UPS though  :P21:24
RoyKs/without a UPS//21:25
treyisradJanC: no kidding. learned the hard way.21:25
JanCsomeone I know used it on a laptop, then learned running out of battery with XFS wasn 't really fun  :P21:25
RoyKreally, it doesn't survive that?21:26
JanCRoyK: same issues as with ext4 really (especially early ext4)21:27
JanCI'm sure you remember all the "ext4 truncated my data files" bugs  ;)21:28
RoyKoops... no - don't remember those21:29
RoyKbut then, I kept to ext3 for quite some time21:29
JanCwhich is partially the application's fault, maybe, but still annoying if it happens to you21:29
axisyswhat would be a good ldap server / easy to manage on ubuntu server?21:29
JanCRoyK: even ext3 can show that behaviour, if you tune it to wait long before writing data to disk21:30
RoyKaxisys: good, openldap; easy to manage, no idea21:30
axisyshow about apache ds ?21:31
JanC"easy to manage" sounds more like a UI client thing21:31
=== sixstringsg|away is now known as sixstringsg
axisysJanC: someone mentioned phpldapadmin21:35
JanCI'd say it also depends on what you need to integrate with21:36
axisysmainly authentication21:37
axisysand probably some authorization based on group membership21:38
RoyKaxisys: openldap is probably the most used out there21:39
JanCso openldap is probably the most-used LDAP server21:41
JanCnot sure what the best / most-used LDAP admin is though21:41
JanCbut for simple authentication use, most tools should work, I assume?21:42
JanCI mean, if no Windows AD support is needed, etc.  ;)21:43
axisysJanC: would be nice if we could interface with corporate AD .. then I will have to use likewise.. it gets complicated21:44
patdk-lapI use the java ldapbrowser21:44
patdk-lapheh? I don't use likewise, and my ubuntu server can interface fully with AD21:45
patdk-lapI just can't stand likewise way21:45
JanCwell, AD is just an LDAP server, so in theory you could use it without likewise21:45
axisyspatdk-lap, JanC : is that right..21:46
JanClikewise (and other similar tools) just implement knowledge about how MS stores stuff in their LDAP server...21:46
JanCand how to apply those settings to a linux system21:47
patdk-lapI pull email addresses out of AD and use them for postfix21:47
=== bladernr_afk is now known as bladernr_
sorensmoser: Say I want to write a custom cloud-init handler for something (to be able to do something declaratively rather than imperatively). If I -- using cloud-config or whatever -- add a PPA and install a handler from there... Is there any way I can use that handler in that same cloud-init run?21:49
axisyspatdk-lap: do you use pam to authenticate with AD ?21:50
JanCpatdk-lap: which means you had to "reverse engineer" the way AD stores those in LDAP, I guess (or someone else did it for you)21:50
patdk-lapjanc, ya, it's easy, except for aliases21:51
patdk-lapaxisys, yep, I go though pam21:51
hallynstgraber: oh, sorry, didn't see yoru responses.  (my screen is too small to do irc as i usually do, but i don't really want to change for just this week)21:51
hallynstgraber: I didn't bother tracking down the reset.  I assumed the new getty code just thinks its being clever21:52
JanCi guess "likewise" & co. earn their money so that companies don't have to reverse-engineer..21:52
JanCIIRC Samba 4 has some AD integration too, not sure how far that goes21:53
stgraberhallyn: yeah, I can live with that, it's just weird to see it behave differently with two different containers :)21:58
hallynstgraber: upstream commit e85281a8ac887a35a78f4b43e4755a44aecc2fb721:58
hallynwe can add '--noclear' to not clear the screen.  new feature.21:58
hallynfeature we were all clamoring for, i know...21:59
smosersoren, you could accomplish it22:10
smoserbut not as pretty as i think you'd like.22:10
smoserif you add the ppa, that gets added in "cloud-config" stage, which is after user-data is processed.22:10
smoserso you would'nt get the chance to be included in the processing if you were adding this package on boot.22:11
smoserbut you could have it lay down a script in /var/lib/cloud/scripts/per-boot/ via that package22:12
smoserand it would get run at "final" (essentially rc.local) time.22:12
mgwis there a way to prioritize dhcp option 121 (classless-static-routes)? That is, if a client gets multiple leases and there's a conflict in the routing — how is it resolved?22:23
sorensmoser: Are the things in cloud-config acted upon in the order given in the file?22:26
sorensmoser: Or do you iterate through scripts that in turn look for specific keys and then act on them?22:26
smoserthey're acted on in order in /etc/cloud/cloud.cfg22:27
soren:(22:27
sorenOk.22:27
smoserand you can/could re-define any of those lists in a user-data22:27
smosersoren, were you wanting to install a part-handler ? or a cloud-config script ?22:28
sorensmoser: So if I add a new cc_blah module (by way of a package installed from a new ppa) and add that to the cloud_config_modules..22:28
sorensmoser: I don't know, really.22:28
smoseryeah. you should be able to get yours invoked then.22:29
sorensmoser: I'm only just now beginning to understand that there's a difference :)22:29
smoserbut you can't at this point just append to the existing list22:29
smoseryou have to re-define it22:29
sorenOk.22:29
smoseri had thought about allowing some sort of yaml extension like:22:29
smosercloud_config_modules+:22:30
smoser - sorens_uber_module22:30
sorenTo be honest, this is not something I actually need to do. It was just a thought experiment, so don't spend a lot of time on it.22:30
smoseror22:30
smosercloud_config_modules-:22:30
smoser - grub-dpkg22:30
sorenThat would be pretty neat.22:31
sorenAnyways, thanks. I need to run now.22:31
sorenEnjoy Budapest.22:31
=== lili is now known as oolala
=== bicranial_ is now known as bicranial

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!