[00:05] <alex-> What is more secure, root account, su - or sudo ?
[00:44] <yakster> anyone here ever heard of webtester5?
[00:47] <yakster> does anyone know of a software that is a testing engine, fast and easy to setup?
[05:30] <arrrghhh> hey guys.  i am looking at doing RAID via mdadm, raid5 for one set of drives and raid1 for the other set.  would LVM also be an advantage here, or is it kinda redundant?
[05:32] <qman__> if you want to put multiple volumes on said arrays, or spread a volume across multiple arrays, it would be useful
[05:32] <qman__> otherwise it's not necessary, though not detrimental either
[05:32] <arrrghhh> hrm
[05:32] <arrrghhh> i guess i might as well
[05:32] <arrrghhh> i don't have much experience with either
[05:32] <arrrghhh> i have a bit with RAID
[05:33] <arrrghhh> 0 with LVM
[05:33] <qman__> I didn't on mine because I had only singular purposes in mind
[05:33] <qman__> personal preference, but I don't like to upgrade too many times without starting fresh
[05:33] <arrrghhh> ditto
[05:33] <qman__> so it's an excuse to redo if I hit a limitation without it
[05:34] <arrrghhh> pretty much every time i have to rethink hdd space, i reinstall the OS
[05:34] <arrrghhh> and i don't have any RAID right now, and i'm thinking it's time.
[05:36] <qman__> my current file server is at its limit, nearing the ext3 size limits and (I assume) getting fragmented
[05:36] <qman__> so the next upgrade cycle is total revamp
[05:38] <twb> qman__: you know that "5% reserved for root user" of ext?
[05:38] <twb> qman__: that is used to prevent fragmentation from happening
[05:38] <qman__> yeah, but I'm experiencing performance problems
[05:38] <twb> qman__: so if you turned it off, or filled the fs as root, you WILL get MUCH more fragmentation than normal
[05:38] <twb> e2fsck will report the fragmentation level also
[05:38] <qman__> didn't do either of those, but I did expand the filesystem
[05:39] <qman__> originally ~5TB, now 8.2TB
[05:39] <qman__> plus I have some flaws in my design
[05:40] <qman__> active torrent data shouldn't be on the main storage array
[05:40] <twb> Recommend you put it off until 12.04 when ext large blocks will be around
[05:40] <qman__> and before it was expanded, the filesystem was over 97% (user) full
[05:41] <arrrghhh> brtfs or whatever ready for 12.04?
[05:41] <twb> https://lwn.net/Articles/469805/
[05:41] <twb> arrrghhh: no
[05:41] <twb> arrrghhh: give it another 8 years or so
[05:41] <arrrghhh> didn't think so.
[05:41] <arrrghhh> 8 years, lol
[05:42] <twb> arrrghhh: well, a decade is a reasonable amount of time for a filesystem to go from dev to stable state
[05:42] <twb> btrfs has had about 2 already, so 8 left
[05:42] <arrrghhh> oh, i thought it was more mature for some reason
[05:43] <qman__> yeah, summer will probably be upgrade time
[05:43] <qman__> before then I need to actually get a backup system
[05:43] <qman__> flying fast and loose here
[05:43] <qman__> though the majority of my data is not that important
[05:44] <qman__> I did lose it all once and it was a major inconvenience
[05:44] <arrrghhh> lol
[05:44] <arrrghhh> i could imagine that would be inconvenient.
[05:44] <twb> When I lose all my data I'm usually limping for about a week
[05:45] <qman__> once drive prices stabilize I'll get some sort of backups going
[05:45] <twb> Anything truly important will be published and mirrored by other people
[05:45] <qman__> and when 12.04 gets all the major bugs worked out I'll work on upgrading the system
[05:45] <arrrghhh> qman__, yea.. i forgot about that and went to best buy to get a hdd with a gift card from xmas.  ended up getting another ps3 controller lol
[05:46] <qman__> it'll be a while before they get back down where they were
[05:46] <qman__> but they should at least even out and get less extreme pretty soon, once the panic wears off
[05:47] <arrrghhh> qman__, i'm going to try to hold off for a year... we'll see if i can make it.
[05:47] <arrrghhh> scary how high prices have gone
[05:47] <qman__> it's not even a little consistent right now
[05:47] <qman__> certain drives are up 300, 400%
[05:47] <qman__> others are only up slightly
[05:48] <arrrghhh> lol
[05:48] <arrrghhh> server-grade disks are definitely higher
[05:48] <arrrghhh> data centers are hoarding
[05:52] <twb> http://paste.debian.net/151503/
[05:53] <twb> That's the local "folding table in front of a warehouse" parts vendor; they don't have any SAS tho
[06:36] <koolhead17> hi all
[07:13] <kaushal> Hi
[07:30] <koolhead17> supp kaushal
[07:41] <jasonmchristos> How do I enable 2 factor authentication on ubuntu after  installing libpam-rsa? Seems I tried editing the  configs but it doesnt seem to be using the rsa key to  login. Any help appreciated.
[07:42] <koolhead17> jasonmchristos: did you restart service after the edit?
[07:47] <jasonmchristos> koolhead17: restarted the whole computer to login but just see the normal password prompt
[07:47] <twb> jasonmchristos: any particular reason you're using rsa and not (say) due or monkeysphere?
[07:47] <twb> s/due/duo/
[07:48] <twb> egrep -v '^[[:space:]]*(#|$)' /etc/pam.d/* | pastebinit
[07:48] <jasonmchristos> twb: i dont know what those are
[07:50] <henkjan_> jasonmchristos: check duosecurity.com
[07:50] <twb> Note that I am not endorsing any of those three
[07:51] <twb> I'm asking because maybe you just picked libpam_rsa because it was the first google hit
[07:51] <henkjan_> jasonmchristos: 2 factor authentication with pust notification to your mobile
[07:51] <twb> henkjan_: well, that's one of the things it can do
[07:52] <henkjan> dialing/passwords in sms
[07:52] <henkjan> al for free (10 users)
[07:52] <twb> Here I have actually deployed OTPW which uses one-time passwords (something you have) prefix with a normal password (something you know)
[07:52] <twb> So technically that's multifactor auth, and pretty cheap and easy too
[07:53] <jasonmchristos> twb: https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit
[07:53] <twb> That yields no content: http://paste.debian.net/
[07:54] <twb> Gah, stupid pastebin script
[07:54] <jasonmchristos> All of that sounds interesting but let me start with something basic
[07:54] <twb> jasonmchristos: that URL redirects about 20 times and eventually takes me to https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D1&followup=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D1
[07:55] <twb> I am not going to log into google to read a pastebin.
[07:55] <jasonmchristos> twb: try now https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit
[07:56] <twb> https://accounts.google.com/ServiceLogin?service=wise&passive=1209600&continue=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D1&followup=https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit?pref%3D2%26pli%3D1
[07:56] <twb> I think that's the same URL it redirect me to
[07:56] <jasonmchristos> oops
[07:56] <twb> It probably requires javascript or something
[07:56] <jasonmchristos> https://docs.google.com/document/d/1PNuv2UyAZB6zC1NwxToxInLVh1CLS49KRwAwoIV4wUo/edit
[07:57] <twb> jasonmchristos: same behaviour
[07:57] <twb> Try paste.debian.net
[07:57] <jasonmchristos> ok hold on
[07:57] <jasonmchristos> i just want to be able to remove it after you look
[07:57] <twb> Tough
[07:58] <twb> If your security infrastructure relies on secrecy then you are fucked
[07:59] <jasonmchristos> http://paste.debian.net/hidden/167c294b/
[07:59] <jasonmchristos> twb: well im working on it thats why i'm here
[08:00] <twb> jasonmchristos: apparently that URL you sent works OK in a GUI browser, so it is just that google docs doesn't provide even read access to traditional browsers
[08:00] <jasonmchristos> its all designed with chrome inmind
[08:01] <twb> Now I guess the service you mainly care about is sshd?
[08:01] <jasonmchristos> no
[08:01] <jasonmchristos> pam
[08:01] <twb> Hmm, no ssh there, so I guess gdm?
[08:01] <jasonmchristos> local
[08:01] <jasonmchristos> gdm and tty
[08:01] <twb> OK, "tty" is called the login service
[08:01] <twb> But e.g. you don't care about using pam_rsa to auth cups printing atm
[08:02] <twb> OK, did you manually add the pam_rsa.so line to login?
[08:03] <jasonmchristos> lets see what i added
[08:03] <twb> This is where I tell you about etckeeper for future reference
[08:05] <twb> jasonmchristos: while you're there, tell me what ubuntu release you're running (lsb_release -a) and if you have an /usr/share/pam-configs/ and what's in it.  Also cf. pam-auth-update(8)
[08:05] <twb> pam is a bitch to get right, don't expect this to be a cake walk
[08:07] <jasonmchristos> twb: i added auth	 sufficient	 pam_rsa.so debug
[08:07] <jasonmchristos> auth	 sufficient	 pam_stack.so service=system-auth
[08:09] <twb> PROBABLY what you want to end up with is an entry in /usr/share/pam-configs.  During testing you only want to affect login, so what you want to do is go into /etc/pam.d/login and replace @include common-auth with the contents of /etc/pam.d/common-auth, and then extend that to include pam_rsa.so
[08:10] <jasonmchristos> ok I am going to clean up my desk and come back to this saving what you have told me shofar
[08:10] <jasonmchristos> thanks for the help twb
[08:10] <jasonmchristos> auth	 sufficient	 pam_rsa.so debug
[08:10] <jasonmchristos> auth	 sufficient	 pam_rsa.so debug[A[A
[08:15] <twb> Jokes on him, I'm going to the pub, mua haha
[09:29] <similian> anyone here using a public brigde concept with kvm on 10.04
[09:29] <similian> i used the pbulic guide but i cannot ping my vms from my lan
[09:29] <similian> my vms can ping my lan though
[09:29] <similian> but not the gateway
[09:30] <similian> an I ran out of clues
[09:31] <similian> I basically wanted to let my vm access my LAN directly (192.168.20.x)
[09:31] <similian> I can provide any config files you need
[09:31] <similian> but its basically just the public guide
[09:33] <similian> strange thing is if i ping my Lan Client with my vm I will be able to ping it afterwards
[09:33] <similian> there seems to be a routing issue
[09:34] <similian> I wonder what needs to be change in the br0 config
[09:40] <CasmoNL> similian, I set up a VM with VBox, and I can access my whole lan from within that VM, without changing configs. o_O
[09:41] <similian> I use kvm
[09:41] <similian> yeah its strage
[09:41] <similian> strange i mean
[09:41] <similian> I just wondered if there is a clue
[09:44] <similian> do you have static ip config? on your vm?
[09:44] <similian> but vbox is different from kvm :/
[10:27] <CasmoNL> similian, yeah, I have a static IP in my VBox VM, and I was planning on using kvm first, but it failed, so I ended up with VBox, and I like it so far. :P
[11:09] <stgraber> hallyn: working on the MIR for cgroup-lite?
[11:09] <stgraber> hallyn: just saw you adding it as a Depends of libvirt-bin so it now needs to be promoted to main
[11:10] <stgraber> hallyn: which will at least guarantee it's part of the ubuntu-server package set :)
[11:10] <hallyn> stgraber: d'oh!  would making it recommends bypass that?
[11:11] <stgraber> hallyn: yeah but that'd be bad
[11:11] <hallyn> stgraber: confounded
[11:11] <stgraber> hallyn: as we install recommends by default, it'd install it when installing libvirt post-install but not when installing it from a media
[11:11] <hallyn> interesting, didn't know that happened
[11:12] <hallyn> stgraber: so i guess i have to yank it from depends while I file mir
[11:17] <hallyn> stgraber: pushing revert of that bit now
[11:20] <stgraber> hallyn: thanks. I don't think the MIR will be hard to get, especially as long as we only promote cgroup-lite and not cgroup-bin
[11:21] <stgraber> (you can still depends on cgroup-lite | cgroup-bin with only cgroup-lite being in main, so we'd only need cgroup-lite to be promoted)
[11:22] <stgraber> hallyn: btw, I got a few more reports of people (wgrant being one of them) having broken suspend/resume because of cgroup-bin (first suspend/resume works, second doesn't)
[11:22] <stgraber> not sure what we should be doing about it, but cgroup-bin seems to generally be a very bad idea, wondering if we shouldn't completely drop it and transition to cgroup-lite
[11:22] <hallyn> stgraber: d'oh, i just pushed the revert.
[11:22] <hallyn> yes, i've been thinking same
[11:23] <hallyn> i don't know if anyone out there is using some 'enterprise' junk that rquires it though
[11:34] <hallyn> stgraber: I suppose at some point someone may ask why we don't just have mountall mount cgroups
[11:34] <hallyn> (the answer might be some gibberish about wanting more flexibility for customization)
[11:35] <hallyn> bug 913728
[11:39] <stgraber> hallyn: you probably want to subscribe the mir team to that bug
[11:40] <hallyn> right :)  thanks
[11:51] <hallyn> stgraber: (yeah, i saw the cgroup-bin suspend/remove confirm)
[12:00] <abhinavmehta> if I'm having both boot loader installed eg. LILO & GRUB, and I want to know, which boot loader I'm using…how to find ?
[12:00] <abhinavmehta> ..its a os-instance running at some cloud-provider..so how to find this..?
[12:38] <similian> how can i debug bridgin?
[12:46] <mooboo> guten morgen! ich habe sein sehr schlimmes und großes problem mit meinem raid server vielleicht kann mir ja jemand helfen! ich habe alles hier zusammengefasst http://debianforum.de/forum/viewtopic.php?f=9&t=133772&p=861136#p861136 vielleicht hat ja einer von euch den perfekten plan.
[12:49] <RoyK> !english
[12:49] <RoyK> !german
[12:56] <RoyK> !deutsch
[12:57] <RoyK> !中文
[12:57] <RoyK> :)
[13:59] <stgraber> hallyn: hey, just talking with doko about the MIR. It'd be easier if cgroup-lite was a separate source package.
[13:59] <stgraber> hallyn: that way we can promote the cgroup-lite source package to main without any risk of also promoting cgroup-bin
[13:59] <stgraber> hallyn: and can then potentially drop the cgroup-bin source completely if we think we don't want it in Ubuntu
[14:03] <hallyn> stgraber: that'd be fine with me.
[14:04] <stgraber> hallyn: can you prepare the new source?
[14:14] <hallyn> I can give it a shot.
[14:18] <hallyn> stgraber: do I start a new changelog, or copy the libcgroup one in?
[14:20] <stgraber> hallyn: I'd go with a new changelog to avoid some confusion
[14:20] <stgraber> hallyn: just make sure the initial version is slightly higher to the current cgroup-bin version, otherwise the upgrade won't work
[14:21] <soren> This is weird. I grabbed http://cloud-images.ubuntu.com/releases/oneiric/release/ubuntu-11.10-server-cloudimg-amd64-disk1.img and I'm trying to run it in KVM, but it's just hanging after grub.
[14:22] <utlemming> soren: agreed, that is wierd
[14:22] <utlemming> oh...wait, maybe not
[14:22] <kirkland> SpamapS: hallyn: what do you think about the suggestion in https://bugs.launchpad.net/bugs/910341 ?
[14:22] <utlemming> soren: do you get any text after grub at all?
[14:23] <utlemming> soren: try the daily
[14:23] <soren> utlemming: This is the released Oneiric image.
[14:23] <soren> Surely that should work?
[14:24] <utlemming> soren: that is a bug that got fixed
[14:24] <utlemming> soren: we are currently testing the latest daily and plan on releasing that ASAP
[14:25] <SpamapS> kirkland: Why not emit a 'mounted' event just like mountall does?
[14:25] <soren> utlemming: The oneiric images haven't worked since release? I could have sworn I've used them.
[14:25] <utlemming> soren: what is happening is there was a bug with the last released image where the metal kernel got installed
[14:25] <utlemming> soren: no, it was a regression between the initial release image and the last update
[14:26] <soren> utlemming: This is the released image.
[14:26] <utlemming> the daily that built yesterday looks good so far, so I am ~95% sure we'll be kicking that out
[14:26] <soren> utlemming: ...and no, there's no text after grub. Not even "booting linux" or anything.
[14:26] <utlemming> yes, that's a match
[14:26] <utlemming> the "release" is a symlink to the latest image, not the initial release
[14:26] <soren> Oh, wait..
[14:27] <soren> eep!
[14:27] <soren> Why, oh why?
[14:28] <utlemming> soren: the tests will finish in about 15 minutes and I can tell you whether the latest daily will become a release
[14:28] <soren> utlemming: Is that intentional?
[14:28] <utlemming> the release or the bug? :)
[14:28] <soren> The fact that /release doesn't contain what was released.
[14:28] <soren> ...but rather an update.
[14:29] <utlemming> the release methodology is intentional, although I am unsure as the reason for doing it
[14:29] <hallyn> stgraber: well I figure I"ll just call it "1.0", where libcgroup is at 0.37.1 :)
[14:29] <soren> utlemming: Did a release manager sign off on that?
[14:29] <stgraber> hallyn: sounds good
[14:31] <utlemming> soren: I don't know...do me a favor and file a bug against that
[14:31] <utlemming> soren: we're sprinting and incidently I have a meeting with the release manager tomorrow to talk about images
[14:31] <soren> utlemming: What would I file that bug against?
[14:31] <utlemming> I'll raise that question with her tomorrow, but looking at it I agree with the concern
[14:31] <utlemming> Ubuntu and then assign it to me
[14:32] <utlemming> I am thinking there should be a "release" and a "latest"
[14:32] <soren> All I care about is that "release" never ever changes.
[14:32] <soren> :)
[14:32] <utlemming> well, we do have that...
[14:33] <soren> Where?
[14:33] <utlemming> http://cloud-images.ubuntu.com/releases/oneiric/release-20111011/
[14:34] <utlemming> release is a symlink to the .../release-20111205/
[14:34] <hallyn> kirkland: there are upstart jobs requiring a homedir to be mounted?
[14:34] <soren> utlemming: Right, so "release" did change.
[14:36] <utlemming> yup. What is unclear, and probably uncommunicated is that "release" is a symlink to release-<most recent>. And I agree that we are abusing the term "release" here.
[14:37] <hallyn> stgraber: http://people.canonical.com/~serge/cgroup-lite-1.0-package.tar.gz
[14:38] <soren> Right. I'm almost entirely sure that everywhere else, /release is never ever changed.
[14:38] <soren> utlemming: ^
[14:38] <stgraber> hallyn: hmm, empty orig tarball, that looks wrong
[14:38] <hallyn> stgraber: is any sort of breaks/replaces needed?
[14:39] <hallyn> well, i can move debian/scripts/* to ./...
[14:39] <stgraber> hallyn: make it a native package
[14:40]  * hallyn googles
[14:40] <stgraber> hallyn: oh, it's already a native package but still has an orig tarball, interesting :)
[14:40] <stgraber> hallyn: ok, wait for a few minutes, poking at it ;)
[14:41] <hallyn> ok, will keep looking at ($*&%(*&$% xserver-xorg-qxl meanwhile
[14:44] <stgraber> hallyn: http://www.stgraber.org/download/cgroup-lite.tar.gz
[14:47] <hallyn> stgraber: do you just create that by hand, or is there a dh_make toggle you can use?
[14:48] <stgraber> hallyn: don't know, never used dh_make :)
[14:49] <hallyn> stgraber: seems to be working, thanks :)
[14:53] <hallyn> stgraber: lintian complains about standards versions, but other than that it looks good
[15:03] <Tribaal> hi stgraber, BTW :)
[15:07] <hallyn> stgraber: any objection to having the lxc-ubuntu template clear /var/cache/lxc/$release if it's more than a week old?
[15:08] <hallyn> (or we could have it chroot apt-get dist-upgrade, but that's scarier, not as reliable)
[15:26] <zeknox> I have a laptop running 10.04.3 LTS that will only show lo for an interface when running ifconfig -a, it was just working the other day, not it is not, I have looked at /etc/network/interfaces and validated auto eth0 is in the file
[15:29] <zeknox> I'm missing my interfaces for eth0 and wlan0
[15:31] <soren> zeknox: "ifconfig -a" also shows unconfigured interfaces, so all interfaces should be there regardless of whether they're in /etc/network/interfaces. It's either a driver or a hardware problem.
[15:31] <zeknox> soren: yeah ifconfig -a only shows lo interface
[15:31] <zeknox> soren: was working just last week
[15:44] <gary_poster> hallyn or SpamapS, are either or both of you here at the platform sprint and available to talk a bit about lxc-start-ephemeral?
[15:48] <stgraber> Tribaal: hey!
[15:48] <stgraber> hallyn: I'm fine with having it cleaned when it's > 1 week old
[15:48] <hallyn> gary_poster: yes and yes
[15:48] <hallyn> stgraber: ok
[15:48] <stgraber> hallyn: though I think rbasak said it was taking a lot of time to build new template on ARM, so maybe try to see if we can solve that before forcing the template to be rebuilt
[15:49] <zeknox> I just booted to a boot disc (backtrack 5) and my eth0 interface will come up so I know it is not hardware issues
[15:49] <gary_poster> hallyn, awesome, thanks.  when would work for you?  It might be good to introduce you to the squad working with lxc anyway, so I might try pulling you over into a launchpad roon
[15:49] <gary_poster> m
[15:49] <zeknox> is there an easy way to reinstall networking?
[15:50] <hallyn> stgraber: good point - he's going to test and let me know :)
[15:55] <hallyn> stgraber: rbasak's answer is he wants a separate lxc-download split out of lxc-create
[15:56] <stgraber> hallyn: k
[15:56] <hallyn> so we might be by to bug you at some point :)
[16:01] <hallyn> stgraber: how long will you be there yet?
[16:17] <hallyn> gary_poster: tomorrow perhaps
[16:18] <gary_poster> hallyn, great, thanks.  which room are you working in?
[16:19] <hallyn> gary_poster: Dery
[16:19] <gary_poster> cool thanks
[16:41] <eutheria> is it esc to get the lucid grub boot menu?
[16:49] <zeknox> soren: my system ended up doing a kernel update, so I needed to reinstall network drivers from source
[16:49] <zeknox> soren: problem solved, thanks for your help
[16:57] <hallyn> stgraber: so regarding the console issue in lxc on precise,
[16:57] <hallyn> stgraber: it appears to be similar to smoser's libvir-lxc problem after all
[16:58] <hallyn> stgraber: if you do lxc-console -n <container> and log in on its /dev/tty1, and ls /dev/pts, you see an empty dir
[16:58] <hallyn> so something somwehre along the way is doing an extra mount -t devpts -o newinstance
[17:04] <hallyn> haha, and yes, confirmed, /dev/tty1 in the container was using /dev/pts/3 on the host
[17:08] <stgraber> hallyn: well, the "not getting a console after lxc-start" is definitely caused by the new getty as just copying the old binary makes the login prompt show up again
[17:09] <hallyn> stgraber: and then does /dev/console show itslef as 136:0, and ls /dev/pts shows '0 ptmx' ?
[17:12] <stgraber> hallyn: /dev/console is 136:14 here, /dev/pts contains 28 entries
[17:12] <hallyn> uh, the same 28 entries as your host?
[17:12] <hallyn> oh, i guess that's ok
[17:13] <hallyn> nm, makes sense.
[17:13] <stgraber> nope, I have 17 on the host
[17:13] <hallyn> odd
[17:13] <hallyn> you haven't yet trakced down the getty regression I assume?
[17:14] <stgraber> nope, I mentioned it to lamont but that didn't ring a bell, so will have to go through the upstream git to figure out what changed
[17:14] <hallyn> all right i'm gonna go clear my head so i can decide what to focus on tonight :)
[17:15] <hallyn> ttyl
[17:15] <stgraber> ok, bye
[17:38] <pmatulis> SpamapS: re bug #818177 , confirm that -proposed needs to be enabled during install to perform the verfication...
[19:41] <Taymon> Hi. I'm running Oneiric server and am trying to configure a bridge on top of a bonded interface. My /etc/network/interfaces is at http://paste.ubuntu.com/798553/; I suspect I'm doing something wrong but don't know what.
[20:12] <hallyn> stgraber: all right, got the console working.  not pretty though
[20:19] <hallyn> stgraber: bug 913952
[20:40] <hallyn> rbasak: since we are upgrading each container on lxc-create anyway, I think we can punt the wiping of /var/cache/lxc/$release/rootfs-$arch when it is past $LXC_INTERVAL.  Deal with that when we introduce lxc-download-image in p+1.
[20:52] <stgraber> hallyn: cool, thanks for tracking that down
[20:52] <stgraber> hallyn: does that change also explain the terminal being reset/cleared when running lxc-console on a precise system?
[20:53] <stgraber> hallyn: (as in, on a precise container, works as it used to for an oneiric container)
[21:12] <treyisrad> anyone running ZFS on their ubuntu machine? would you reccomend it over mdadm?
[21:13] <RoyK> treyisrad: I have zfs on several machines, but not with linux
[21:14] <RoyK> treyisrad: zfs is far better in some respects, namely safety, with checksumming of all data, and in that it has a very lightweight compression
[21:14] <RoyK> mdadm is more flexible, though
[21:14] <treyisrad> RoyK: ah, well i'm looking to move over my raid array, since i've had quite a few problems with corruption. (recently lost around 20% of my data, lost all of it a few months back)
[21:15] <treyisrad> I hear zfs is fairly good in that respect.
[21:15] <RoyK> zfs checks its data and metadata in a way few other filesystems do
[21:15] <RoyK> 'cept perhaps btrfs, but that's not stable yet, and gods know when it'll be
[21:17] <treyisrad> last time i looked into it, zfs on linux was still a bit iffy, but it seems to be mostly stable now.
[21:17] <RoyK> treyisrad: but zfs natively on linux is nothing I would recommend - too immature to me
[21:17]  * RoyK sticks to solaris/openindiana for zfs
[21:18] <RoyK> openindiana works well - I have some 350TB worth of storage on that platform
[21:18] <treyisrad> well, my luck with mdadm/xfs has been terrible, so my standards are pretty low :P
[21:18] <RoyK> I'd recommend ext4 over xfs any day
[21:19] <hallyn> straber: made a few more changes to cgroup-lite (including doko-recommended): http://people.canonical.com/~serge/cgroup-lite.tar.gz
[21:24] <JanC> treyisrad: you shouldn't use XFS without a UPS though  :P
[21:25] <RoyK> s/without a UPS//
[21:25] <treyisrad> JanC: no kidding. learned the hard way.
[21:25] <JanC> someone I know used it on a laptop, then learned running out of battery with XFS wasn 't really fun  :P
[21:26] <RoyK> really, it doesn't survive that?
[21:27] <JanC> RoyK: same issues as with ext4 really (especially early ext4)
[21:28] <JanC> I'm sure you remember all the "ext4 truncated my data files" bugs  ;)
[21:29] <RoyK> oops... no - don't remember those
[21:29] <RoyK> but then, I kept to ext3 for quite some time
[21:29] <JanC> which is partially the application's fault, maybe, but still annoying if it happens to you
[21:29] <axisys> what would be a good ldap server / easy to manage on ubuntu server?
[21:30] <JanC> RoyK: even ext3 can show that behaviour, if you tune it to wait long before writing data to disk
[21:30] <RoyK> axisys: good, openldap; easy to manage, no idea
[21:31] <axisys> how about apache ds ?
[21:31] <JanC> "easy to manage" sounds more like a UI client thing
[21:35] <axisys> JanC: someone mentioned phpldapadmin
[21:36] <JanC> I'd say it also depends on what you need to integrate with
[21:37] <axisys> mainly authentication
[21:38] <axisys> and probably some authorization based on group membership
[21:39] <RoyK> axisys: openldap is probably the most used out there
[21:41] <JanC> so openldap is probably the most-used LDAP server
[21:41] <JanC> not sure what the best / most-used LDAP admin is though
[21:42] <JanC> but for simple authentication use, most tools should work, I assume?
[21:43] <JanC> I mean, if no Windows AD support is needed, etc.  ;)
[21:44] <axisys> JanC: would be nice if we could interface with corporate AD .. then I will have to use likewise.. it gets complicated
[21:44] <patdk-lap> I use the java ldapbrowser
[21:45] <patdk-lap> heh? I don't use likewise, and my ubuntu server can interface fully with AD
[21:45] <patdk-lap> I just can't stand likewise way
[21:45] <JanC> well, AD is just an LDAP server, so in theory you could use it without likewise
[21:46] <axisys> patdk-lap, JanC : is that right..
[21:46] <JanC> likewise (and other similar tools) just implement knowledge about how MS stores stuff in their LDAP server...
[21:47] <JanC> and how to apply those settings to a linux system
[21:47] <patdk-lap> I pull email addresses out of AD and use them for postfix
[21:49] <soren> smoser: Say I want to write a custom cloud-init handler for something (to be able to do something declaratively rather than imperatively). If I -- using cloud-config or whatever -- add a PPA and install a handler from there... Is there any way I can use that handler in that same cloud-init run?
[21:50] <axisys> patdk-lap: do you use pam to authenticate with AD ?
[21:50] <JanC> patdk-lap: which means you had to "reverse engineer" the way AD stores those in LDAP, I guess (or someone else did it for you)
[21:51] <patdk-lap> janc, ya, it's easy, except for aliases
[21:51] <patdk-lap> axisys, yep, I go though pam
[21:51] <hallyn> stgraber: oh, sorry, didn't see yoru responses.  (my screen is too small to do irc as i usually do, but i don't really want to change for just this week)
[21:52] <hallyn> stgraber: I didn't bother tracking down the reset.  I assumed the new getty code just thinks its being clever
[21:52] <JanC> i guess "likewise" & co. earn their money so that companies don't have to reverse-engineer..
[21:53] <JanC> IIRC Samba 4 has some AD integration too, not sure how far that goes
[21:58] <stgraber> hallyn: yeah, I can live with that, it's just weird to see it behave differently with two different containers :)
[21:58] <hallyn> stgraber: upstream commit e85281a8ac887a35a78f4b43e4755a44aecc2fb7
[21:58] <hallyn> we can add '--noclear' to not clear the screen.  new feature.
[21:59] <hallyn> feature we were all clamoring for, i know...
[22:10] <smoser> soren, you could accomplish it
[22:10] <smoser> but not as pretty as i think you'd like.
[22:10] <smoser> if you add the ppa, that gets added in "cloud-config" stage, which is after user-data is processed.
[22:11] <smoser> so you would'nt get the chance to be included in the processing if you were adding this package on boot.
[22:12] <smoser> but you could have it lay down a script in /var/lib/cloud/scripts/per-boot/ via that package
[22:12] <smoser> and it would get run at "final" (essentially rc.local) time.
[22:23] <mgw> is there a way to prioritize dhcp option 121 (classless-static-routes)? That is, if a client gets multiple leases and there's a conflict in the routing — how is it resolved?
[22:26] <soren> smoser: Are the things in cloud-config acted upon in the order given in the file?
[22:26] <soren> smoser: Or do you iterate through scripts that in turn look for specific keys and then act on them?
[22:27] <smoser> they're acted on in order in /etc/cloud/cloud.cfg
[22:27] <soren> :(
[22:27] <soren> Ok.
[22:27] <smoser> and you can/could re-define any of those lists in a user-data
[22:28] <smoser> soren, were you wanting to install a part-handler ? or a cloud-config script ?
[22:28] <soren> smoser: So if I add a new cc_blah module (by way of a package installed from a new ppa) and add that to the cloud_config_modules..
[22:28] <soren> smoser: I don't know, really.
[22:29] <smoser> yeah. you should be able to get yours invoked then.
[22:29] <soren> smoser: I'm only just now beginning to understand that there's a difference :)
[22:29] <smoser> but you can't at this point just append to the existing list
[22:29] <smoser> you have to re-define it
[22:29] <soren> Ok.
[22:29] <smoser> i had thought about allowing some sort of yaml extension like:
[22:30] <smoser> cloud_config_modules+:
[22:30] <smoser>  - sorens_uber_module
[22:30] <soren> To be honest, this is not something I actually need to do. It was just a thought experiment, so don't spend a lot of time on it.
[22:30] <smoser> or
[22:30] <smoser> cloud_config_modules-:
[22:30] <smoser>  - grub-dpkg
[22:31] <soren> That would be pretty neat.
[22:31] <soren> Anyways, thanks. I need to run now.
[22:31] <soren> Enjoy Budapest.