[00:02] <rbasak> trimeta: interesting. add-apt-repository has a remove option, but it doesn't look like it removes the key, though I'm not sure. If it doesn't, you can use apt-key to remove it, and I think it'd be reasonable to file a bug on that.
[00:02] <adam_g> mgw: what do you mean by firstboot script? the preseed/kickstart?
[00:03] <trimeta> rbasak: add-apt-repository doesn't include a remove option on lucid...I think it was added in a later version of Ubuntu.
[00:03] <mgw> adam_g: no, just a script i need to run the first time the system boots after install
[00:03] <mgw> it will be retrieved via wget in the late_command
[00:03] <rbasak> ah ok. I suppose it has to all be done manually then
[00:03] <trimeta> At least, add-apt-repository --help doesn't say anything about removal.
[00:04] <rbasak> The catch with key removal is that a single key might apply to more than one repository
[00:04] <trimeta> True...but I remember adding a key when I added this repository, so I think I'm probably safe in removing it.
[00:04] <adam_g> mgw: ah, no, i dont there is any convention around that, since it is outside the scope of cobbler itself at that point.
[00:04] <mgw> ok, ty
[00:04] <rbasak> And I don't think there's a mapping kept anywhere, so removing automatically it isn't simple. It's reasonable to expect this functionality though
[00:05] <rbasak> for your case, will apt-key del do?
[00:07] <trimeta> I think so...I checked apt-key list first, found the one which said "PPA for <dev who made the PPA I want to remove>", confirmed the key ID online at the place where I got the PPA, and apt-key del'ed it.
[00:07] <trimeta> And removed the /etc/apt/source.list.d/ files.
[02:09] <aljosa> anybody using glusterfs on amazon ec2/ebs or something similar?
[02:10] <twb> !anyone
[02:12] <aljosa> what to use on top of aws ec2/ebs to create a reliable distributed filesystem available to ec2 instances in a single aws region?
[02:13] <twb> Dunno
[02:29] <chelz> aljosa: might look into ceph / cephfs -- https://en.wikipedia.org/wiki/Ceph
[03:59] <realmagiz> hi all , i m using xchat for this IRC. I dont know how to start talking to someone whose name starts with Blk*
[03:59] <realmagiz> in webchat.freenode.net, just type in first character and tab is ok
[04:01] <chelz> realmagiz: try in #freenode
[04:01] <realmagiz> chelz, what do you mean?
[04:01] <chelz> realmagiz: your question, ask there
[04:01] <realmagiz> chelz, sorry bro
[04:02] <realmagiz> btw, does someone know how to block wifi users using sub wifi home router to share their one connection to many?
[04:03] <realmagiz> my wifi router has no such feature of that control
[04:10] <cloneMX> Hey all
[04:10] <cloneMX> Hi have a problem, hope someone can helpme
[04:10] <cloneMX> recently I installed ubuntu 11.04 server, but by some reason  some service just close the connections from some specific hosts (same subnet form my ISP or other that belong too), the specific efects are: after been logged with and ssh session this just stop showing  the output of a single command like "ifconfig" of if somene try to visit a resource from the apache server this connection is abruptly close and dont some any thing.
[04:10] <cloneMX> First I thought was my firewall config but I have some other server config with the same config but with the diference the version of ubuntu are 10.XX.
[04:10] <cloneMX> any clue?
[04:11] <qman__> this is most likely a hardware issue
[04:11] <qman__> if the connections work but drop at random, mid-command, hardware/drivers/kernel is the most likely suspect
[04:12] <cloneMX> well could be
[04:12] <cloneMX> cause I got this new Nic
[04:12] <cloneMX> Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe
[04:12] <qman__> first step to verify would be to boot a different live CD and test
[04:13] <qman__> like a different distro or kernel version
[04:13] <qman__> if the problem goes away, it's probably kernel/driver
[04:13] <cloneMX> same with debia 6
[04:13] <qman__> if it doesn't, it's probably hardware
[04:13] <cloneMX> the same efect
[04:13] <cloneMX> and I have 2 server
[04:13] <qman__> then it's hardware, check to see if you're running the same kernel version
[04:14] <cloneMX> 3.xxx
[04:14] <qman__> have to be exact
[04:14] <cloneMX> hehehe
[04:14] <cloneMX> yea JK
[04:14] <qman__> but, if the problem is the same in a 2.6 kernel and a 3.0 kernel, it's probably the actual hardware, or a long-standing driver bug
[04:17] <cloneMX> I think you are right cause just before the login promt is display I got 4 massages like this
[04:17] <cloneMX> ] netxen_nic 0000:10:00.0: eth1: set_features() failed (-5); wanted 0x601148b3, left 0x6011c8b3
[04:17] <cloneMX> one for every ethx
[04:17] <cloneMX> is a 4 ports nic
[04:18] <qman__> check to see if/when that particular hardware support was added to the kernel
[04:19] <qman__> it's possible that that card was never really given support, but loads and operates (poorly) with a driver for other cards automatically
[04:19] <cloneMX> ok
[04:19] <qman__> if that particular card does have support and has had it for a while, it's more likely that your hardware is actually bad
[04:21] <cloneMX> the nic is the only Variable on my equation cause I got 2 servers with the same efect
[04:22] <qman__> same problem, same NIC?
[04:22] <cloneMX> yep
[04:22] <qman__> then it's probably the driver
[04:22] <qman__> either doesn't support it specifically or has some bug
[04:22] <qman__> you could file a bug against it if you find what driver it is and such
[04:23] <qman__> could also try other distros to see if it's only a debian-land bug or a linux in general bug
[04:23] <qman__> and check the hardware manufacturer's page to see if you can download and compile a driver which eliminates the problem
[04:23] <qman__> not a great long term solution but good for troubleshooting
[04:24] <cloneMX> ok
[04:25] <cloneMX> just as extra info
[04:25] <cloneMX> reading the kern.log
[04:25] <cloneMX> I got this
[04:25] <cloneMX> [   18.924671] ------------[ cut here ]------------
[04:25] <cloneMX> [   18.924673] WARNING: at /build/buildd/linux-3.0.0/net/core/dev.c:1328 dev_disable_lro+0x95/0xc0()
[04:25] <cloneMX> [   18.924675] Hardware name: ProLiant ML110 G6
[04:25] <cloneMX> [   18.924676] netdevice: eth2
[04:25] <cloneMX> [   18.924677] failed to disable LRO!
[04:25] <cloneMX> [   18.924678] Modules linked in: usbhid hid netxen_nic tg3
[04:25] <cloneMX> [   18.924682] Pid: 313, comm: sysctl Tainted: G        W   3.0.0-15-server #26-Ubuntu
[04:25] <cloneMX> [   18.924683] Call Trace:
[04:25] <cloneMX> [   18.924686]  [<ffffffff8105e7cf>] warn_slowpath_common+0x7f/0xc0
[04:25] <cloneMX> [   18.924688]  [<ffffffff8105e8c6>] warn_slowpath_fmt+0x46/0x50
[04:25] <cloneMX> [   18.924691]  [<ffffffff814eeaa5>] dev_disable_lro+0x95/0xc0
[04:25] <cloneMX> [   18.924693]  [<ffffffff815572e4>] devinet_sysctl_forward+0x134/0x170
[04:25] <cloneMX> [   18.924696]  [<ffffffff811ccb74>] proc_sys_call_handler.isra.3+0xc4/0xe0
[04:26] <cloneMX> [   18.924699]  [<ffffffff811ccba8>] proc_sys_write+0x18/0x20
[04:26] <taipres> whoa there
[04:26] <cloneMX> [   18.924701]  [<ffffffff81168083>] vfs_write+0xb3/0x180
[04:26] <cloneMX> [   18.924704]  [<ffffffff811683aa>] sys_write+0x4a/0x90
[04:26] <cloneMX> [   18.924707]  [<ffffffff8160eb82>] system_call_fastpath+0x16/0x1b
[04:26] <cloneMX> [   18.924709] ---[ end trace 36b7aed031c3a3cd ]---
[04:26] <taipres> pastebin is your friend
[04:26] <cloneMX> [   18.924710] ERROR. Could not send configure hw lro request
[04:26] <cloneMX> [   18.924714] netxen_nic 0000:10:00.2: eth3: set_features() failed (-5); wanted 0x601148b3, left 0x6011c8b3
[04:26] <lifeless> !pastebin | cloneMX
[04:26] <cloneMX> but yes friend
[04:26] <cloneMX> probs the driver
[04:26] <cloneMX> tnx
[04:26] <cloneMX> and sorry
[04:27] <cloneMX> http://paste.ubuntu.com/818463/
[04:29] <cloneMX> qman__ ty soo much letme see what happen
[04:35] <cloneMX> well qman
[04:35] <cloneMX> I think you are right
[04:35] <cloneMX> http://blog.kurpanik.eu.org/?p=6
[04:35] <twb> !enter
[04:43] <realmagiz> what about my wifi issues?
[04:52] <twb> What about it
[06:01] <smw> udienz, I suggest following the "Auto-Identify to Nickserv at Login" instructions at http://www.linuxassist.net/irc
[06:01] <smw> udienz, when you join you are not cloaked
[06:04] <udienz> smw: thanks for remind, i forget to configurint it at xchat
[08:27] <Jeeves_> Morning
[08:27] <Jeeves_> I'm fighting with Grub
[08:27] <Jeeves_> Anyone with clue how to fix this?
[08:27] <Jeeves_> https://p.6core.net/p/ej90ojgv3b2npz3u
[08:31] <_ruben> that doesn't look good :/
[08:32] <_ruben> sounds like an unhandled cornercase in the script
[08:32] <Jeeves_> It's two 3TB disks
[08:32] <Jeeves_> with GPT and RAID1
[08:33] <_ruben> don't think i ever got ubuntu to boot from gpt
[08:34] <_ruben> never used >2TB disks, and when hardware raid is involved, i tend to carve out a small lun for the os
[08:35] <_ruben> and it's kinda annoying that debian-installer decides to go GPT for 2TB disks, even tho those are small enough to not use gpt
[08:39] <Jeeves_> I didn't use the installer for this one
[08:39] <Jeeves_> I debootstrapped it
[08:42] <Jeeves_> http://forums.funtoo.org/viewtopic.php?id=467
[08:42] <Jeeves_> That might help
[08:46] <twb> _ruben: that is a bug, #d-i said they'll look into it
[08:47] <twb> _ruben: specifically the bug is the cutoff is at 2GB instead of 2GiB
[08:47] <twb> Er, s/G/T/
[08:48] <twb> FWIW, I have seen GRUB2 boot Ubuntu (Lucid, IIRC) off BIOS/GPT combination before.
[08:48] <twb> _ruben: also run d-i with priority=low and you can choose the partitioning flavour
[08:50] <_ruben> twb: ah, nice to know
[08:51] <twb> Also d-i will allow you to use a disk as a filesystem (no partitioning) if you mke2fs it first; this can be done from the shell on vt2
[08:51] <Jeeves_> which was the key to get in the grub menu again?
[08:51] <Jeeves_> with grub2?
[08:51] <Jeeves_> Right control?
[08:52] <twb> This is handy if you plan to partition withing md raid, or if you have a small (say 2GB) VM disk and want to be able to loopback mount it without bothering to calculate offsets or install kpartx
[08:52] <twb> Jeeves_: shift or control; left is more likely to work
[08:52] <twb> Er, shift or alt, i think
[08:52] <twb> In extlinux you can also use scroll lock, which is good because you can press it ahead of time, whereas hitting shift/alt in grub must be timed exactly -- after the BIOS finished, before grub finished :-/
[08:53] <Jeeves_> Yeah, they screwed that up
[08:53] <twb> I am a rabid anti-grub bigot
[08:54] <Jeeves_> Is there anything else?
[08:54] <twb> I'd have sold you on extlinux already except I don't know how to make it use GPT
[08:54] <Jeeves_> So that sucks too :)
[08:54] <twb> extlinux = syslinux = isolinux = pxelinux -- you've probably used it already, just not on hard disks
[08:54] <Jeeves_> my bios is acting up strangely with those big disks
[08:54] <twb> Jeeves_: well, in theory extlinux can use gpt, I just couldn't get it to work in an hour with a non-EFI mobo
[08:55] <twb> Jeeves_: try allocating /boot within the first 2TB
[08:55] <Jeeves_> twb: It is
[08:55] <Jeeves_> But my bios just doesn't see the disks, most of the times
[08:55] <twb> Jeeves_: and make sure your GPT partitioner does whatever backwards-compatibility things the kids are into these days
[08:56] <Jeeves_> I used gdisk
[08:56] <Jeeves_> Which booted kinda fine the last time
[08:56] <Jeeves_> except that grub was whining about the 1.2mdadm /boot
[08:57] <twb> Ah, good to know, I thought that issue was extlinux-specific
[08:57] <twb> Not much I can help you with; I've avoided the whole itanium clusterfuck (efi/gpt) until now...
[08:57] <Jeeves_> Yeah, well.
[08:57] <Jeeves_> cfdisk didn't do well with these disks
[08:58] <Jeeves_> fdisk didn't either
[08:58] <Jeeves_> and then someone said GPT
[08:58] <Jeeves_> which worked fine
[08:58] <twb> parted
[08:58] <twb> Obviously you must use GPT on >2TiB disks
[08:58] <Jeeves_> except that grub didn't mention that it needed a small unused partition
[08:58] <twb> That's because grub's an ass
[08:58] <twb> d-i should do the partitioning for you anyway
[08:59] <Jeeves_> I bootstrapped it
[08:59] <twb> I'm assuming you tried that (partman) first?
[08:59] <twb> Oh right
[08:59] <Jeeves_> since my mobo wouldn't let me boot these disks and an usb disk at the same time
[08:59] <twb> anyway pub time, good luck
[09:00] <_ruben> put /boot on a stick and don't bother with having to boot from those disks :p
[09:00] <mrevell> Morning
[09:03] <Jeeves_> pub time!
[09:04] <Jeeves_> It's 10.00 AM!
[09:05] <smb> It is always pub time ... somewhere
[09:05] <Jeeves_> :)
[09:19] <Daviey> mrevell: o/
[09:20] <mrevell> Hey Daviey
[10:16] <soren> Daviey: Looking at http://bazaar.launchpad.net/~openstack-ubuntu-testing/+junk/jenkins-scripts/view/head:/tarball.sh ... Can you please stop building tarballs like that? Ideally, you'd use the ones we build, but failing that, can you at least build them in the same way as we do (python setup.py sdist)?
[10:17] <soren> Daviey: If you don't, there's an important class of problems you'll never find. Specifically, required files that are not included in the tarball. You won't discover that until you build from the real tarballs, i.e. at the worst possible time: When it's too late.
[10:21] <Daviey> soren: Yes, that was identified yesterday and zul will make the change today.
[10:21] <Daviey> soren: Or, patches are very much welcome.
[10:21] <dholbach> hiya
[10:22] <Daviey> hey dholbach o/
[10:22] <dholbach> can somebody help review http://mentors.debian.net/package/salt - technoviking and others have asked me for some help to get the package into Debian and Ubuntu
[10:22] <dholbach> I thought you'd probably know best how to handle a package like that
[10:25] <soren> Daviey: I've already written that stuff once.
[10:25] <soren> Daviey: That ought to be plenty.
[10:25] <soren> :)
[10:27] <Daviey> soren: patches/branches do tend to speak better than irc TBH :)
[10:29] <soren> Daviey: a) I've already implemented all this once. b) I really can't be bothered writing patches for something if you're just going to reject them, so I prefer to ask if you have some sort of reason for not using the code I've already written.
[10:30] <Daviey> soren: No, zul needed to create a script that turns a git head into a tarball.  That is the approach he went for straight away, but it's all about incremental improvement, right?
[10:30] <Daviey> It wasn't a decision to say, "lets not use soren's stuff"
[10:31] <soren> How could I tell?
[10:31] <soren> I don't belive it's a surprise to you that we used to build packages per-commit.
[10:31] <soren> So you know the code already exists.
[10:31] <soren> ..yet you start from scratch.
[10:31] <soren> I can't guess at your motivation for that.
[10:32] <Daviey> soren: /where/ is that code?
[10:32] <soren> EVerything we have automated lives at https://github.com/openstack/openstack-ci/
[10:33] <soren> https://github.com/openstack/openstack-ci/blob/master/tarball_script.sh is what you want.
[10:34] <Daviey> soren: handy!
[10:34] <soren> Can you understand my lack of motivation to help you write that same thing all over again?
[10:34] <Daviey> soren: Yes, Yes i can.
[10:34] <soren> There's also a script that does all the ppa magic.
[10:35] <soren> ..but it maybe need more work to fit your needs.
[10:36] <Daviey> soren: right!
[10:36] <soren> Since it's written to apply all the same packaging code on top of an upstream tarball for all the supported UBuntu versions. You probably don't care about anything older than Oneiric (or even Precise), and you probably don't want to apply the same packaging across the board (for SRU's and whatnot).
[10:37] <Daviey> soren: well, this also needs to work for stable PROPOSED changes.
[10:38] <Daviey> as in diablo/stable nova
[10:38] <soren> Daviey: Precisely.
[10:38] <soren> Daviey: THat's what I tried to hint at with the SRU thing, but I can see it was a bit convoluted.
[10:38]  * soren heads to lunch early
[10:38] <Daviey> soren: wait 1
[10:38] <soren> ok
[10:39] <Daviey> soren: If we make better reuse of what is there in openstack-ci, would you be interested in helping?
[10:39] <soren> Absolutely.
[10:39] <Daviey> \o/
[10:39] <soren> I need to do something similar quite soon anyway.
[10:40] <Daviey> soren: for Quantum?
[10:40] <soren> No, for all the OpenStack projects. Just in a different environment.
[11:10] <lynxman> Daviey: ping
[11:11] <Daviey> lynxman: hola
[11:12] <lynxman> Daviey: back in the grind, taking charge of the syslog bugs in Orchestra if that's okay for you sir
[11:12] <Daviey> lynxman: is ipxe sorted now?
[11:13] <Daviey> lynxman: what bugs are you looking at?
[11:13] <lynxman> Daviey: ipxe had a review from jamespage and roaksoax, both suggesting different enhancements, so I'm doing all of them now
[11:14] <Daviey> lynxman: yep, how are they going?
[11:14] <lynxman> Daviey: bug #919913
[11:14] <lynxman> Daviey: will be done today
[11:14] <Daviey> lynxman: Okay, just make sure you stay in sync with roaksoax - he is driving that part of it.
[11:15] <lynxman> Daviey: I'll wait for him to get online to do that and a couple modifications on rsyslog config
[11:16] <Daviey> cool
[11:22] <Daviey> soren: Does it make sense for us to use jenkins.openstack.org/milestone ?
[11:22] <Daviey> the bzr tree
[11:24] <soren> Depends.
[11:24] <soren> Are these packages for publishing at all or exclusively for your own tests?
[11:25] <Daviey> soren: just own tests, but for giggles - push to a PPA aswell.
[11:26] <Daviey> i think.
[11:26] <soren> :)
[11:26] <soren> If they ever hit a ppa, I think you should expect to use the milestone thing.
[11:27] <soren> Unless you can come up with another versioning scheme that will correctly identify which versions should supersede which versions.
[11:27] <soren> Good luck with that :)
[11:29] <soren> Or are you really asking if you should be getting that information from there or from somewhere else?
[11:31] <Daviey> soren: right!
[11:31] <Daviey> Should we be reling on that branch for data
[11:31] <soren> Ah.
[11:31] <soren> ER..
[11:31] <RoyK> http://yfrog.com/z/0kdmijj
[11:33] <soren> Daviey: Good question, really. There's a bit of a race condition there, isn't there?
[11:33] <Daviey> exacta-mundo.
[11:34] <soren> ttx: ping
[11:35] <Daviey> soren: gah, it's hard coded to use venv.. :(
[11:35] <soren> ttx: My tiny brain can't handle this right now.. Can you help? (read from Daviey's "soren: Does it make sense for us..." and onwards (around 20 lines up))
[11:35] <soren> Daviey: Oh, is it?
[11:35] <soren> That's a newism.
[11:35] <soren> Should be simple to revert.
[11:35] <Daviey> unless i'm missing the env variable
[11:37] <Daviey> soren: https://github.com/openstack/openstack-ci/commit/18a3500bddb70af5cbef5f4c83aa3991996597ac#tarball_script.sh
[12:16] <koolhead17> hi all
[12:39]  * ttx looks
[12:41] <ttx> Daviey: what are you calling "jenkins.openstack.org/milestone" ?
[12:42] <ttx> apparently I need to read more backlog
[12:42] <Daviey> ttx: Hang fire
[12:45] <soren> ttx: That's the bzr repo where we keep the milestone info. When you bump the milestone version on JEnkins, that's where the change lands.
[12:45] <soren> Supposedly.
[12:45] <ttx> soren: oh. so lp:~openstack-jenkins/milestone ?
[12:46] <soren> No.
[12:46] <soren> -> pm
[13:17] <zul> morning
[13:30] <rbasak> hey zul
[13:31] <rbasak> zul: bug 879666, I can't find the console fifo patch in precise any more. What am I missing?
[13:32] <zul> uvirtbot: i dropped it because it hasnt been accepted upstream yet
[13:32] <zul> doh
[13:32] <zul> rbasak: ^^^
[13:32] <tyska> why apt-get update takes so long when i have a ppa repository listed on sources.list?
[13:32] <rbasak> ok. I'm not sure it will be.
[13:33] <rbasak> thanks zul.
[13:34] <rbasak> zul: also you asked me to remind you about bug 873243 at the rally.
[13:34] <zul> rbasak:  hmmm..
[13:34] <zul> rbasak: yeah still have to get the oneiric sru stuff
[13:44] <therve> Daviey, sorry, other there?
[13:45] <Daviey> therve: hey!
[13:45] <therve> cool :)
[13:45] <Daviey> therve: You have a patch for rabbitmq-server ?
[13:45] <Daviey> therve: Are you happy to create a debdiff?
[13:45] <therve> Daviey, sure that sounds like a good idea
[13:45] <therve> Daviey, against precise?
[13:46] <Daviey> therve: yeah, we always need to fix development version first, then consider an SRU
[13:46] <therve> cool
[13:46] <Daviey> therve: if you want a pointer, do ask.
[13:46] <therve> Daviey, which bug should I attach it too?
[13:46] <therve> #833073 maybe?
[13:47] <Daviey> bug #833073
[13:47] <Daviey> therve: so there are a few bugs which shold have been marked as duplicates
[13:48] <Daviey> pick one, and we'll make the others to dupe against it
[13:48] <Daviey> StevenK's might be best.
[13:49] <therve> sounds good
[14:14] <iclebyte> has any one seen a scenario when building a software RAID1 array via the 10.04LTS installer in which when creating the first MD device the only partitions listed are sda1 and sda2 - no sda1 and sdb1?
[14:20] <smb> zul, for you enjoyment I filed bug 922486 and bug 922137. Also virt-manager seems to have some issues of reliably noticing guests _not_ running anymore. While I can see that in virsh (not yet filed a bug)
[14:21] <zul> smb: lovely...thanks i think :)
[14:21] <smb> zul, My pleasure... :-P Well thought we should at least be aware
[14:22] <smb> The depend thing is pretty lame/simple
[15:32] <cerberos> Hi, I'm trying to install nginx but getting nginx-light: Depends: libssl0.9.8 (>= 0.9.8m-1) but 0.9.8k-7ubuntu8.6 is to be installed
[15:32] <cerberos> where can I find this package? (google is not my friend)
[15:57] <hallyn> stgraber: bug 922645, even though i usually hate set -e, i'm just gonna make lxc-ubuntu set -e.  It's working for me locally.
[16:13] <hallyn> maybe the backing store preferences should be specifyable in /etc/default/lxc
[16:13]  * smb growls at whatever userspace change between yesterday and today broke his server
[16:14] <smb>  1486 ?        Z      0:00 [lockfile-remove] <defunct>
[16:14] <smb>  1583 ?        Zs     0:00 [avahi-daemon] <defunct>
[16:14] <smb>  1599 ?        Zs     0:00 [sh] <defunct>
[16:14] <smb>  1699 ?        Zs     0:00 [rc] <defunct>
[16:14] <smb>  1716 ?        Zs     0:00 [init] <defunct>
[16:14] <smb>  1983 ?        Z      0:00 [ipmievd] <defunct>
[16:14] <smb>  2022 ?        Zs     0:00 [xenstored] <defunct>
[16:14] <smb>  2026 ?        Zs     0:00 [xenconsoled] <defunct>
[16:14] <smb>  2059 ?        Zs     0:00 [xend] <defunct>
[16:14] <smb>  2508 ?        Zs     0:00 [start-stop-daem] <defunct>
[16:14] <smb>  2515 ?        Z      0:00 [lockfile-touch] <defunct>
[16:15] <hallyn> thinking maybe i won't upgrade right now
[16:15] <smb> does not sound like a good idea
[16:15] <smb> typical apha friday
[16:15] <smb> *alpha
[16:19] <gary_poster> hallyn, hi.  when you have a moment, I'm having trouble with an lxc precise container (within precise host).  it has internet connectivity but no dns.  There is no /run/resolvconf dir.  Any ideas on things to try?
[16:21] <hallyn> gary_poster: how exactly did you create the container?
[16:21] <gary_poster> hallyn: sudo lxc-create -t ubuntu -n bbot -f /etc/lxc/local.conf -- -r precise -a i686 -b gary
[16:21] <gary_poster> I'll get you local.conf...
[16:21] <hallyn> what is in /etc/lxc/local.conf?
[16:22] <gary_poster> hallyn, http://pastebin.ubuntu.com/818969/
[16:23] <hallyn> gary_poster: and what does 'brctl show' give on the host?
[16:24] <gary_poster> hallyn, http://pastebin.ubuntu.com/818974/
[16:24] <hallyn> gary_poster: btw, resolvconf doesn't get installed by default, so i wouldn't expect /run/resovlconf (i dont' have one either)
[16:24] <gary_poster> og!
[16:24] <gary_poster> oh
[16:25] <hallyn> gary_poster: ps -ef | grep dnsmasq ?
[16:25] <gary_poster> /etc/resolv.conf should point to nowhere?
[16:25] <hallyn> no...
[16:25] <hallyn> it should get filled by dhcp
[16:25] <gary_poster> hallyn (from host) http://pastebin.ubuntu.com/818975/
[16:26] <hallyn> gary_poster: my container and host look much like yours, and i have /etc/resolv.conf with: nameserver 10.0.3.1
[16:26] <smb> hallyn, just to add resolvconf had been one thing that got updated and it threw away my manually created one
[16:27] <hallyn> smb: meaning resolvconf messed up your update?
[16:28] <hallyn> gary_poster: you should see dnsmasq request from container in host's /var/log/daemon.log
[16:28] <smb> hallyn, At least it seems to be one part of the mess up
[16:28] <gary_poster> hallyn, I bet if I remove the broken symlink and add that file manually it will work.  But why wasn't it there to start with, is a question, I guess.  I'll start it back up
[16:28] <hallyn> gary_poster: which broken symlink?
[16:28] <smb> hallyn, Had to add dns-servers and dns-search into /etc/network/interfaces
[16:28] <hallyn> oh!
[16:28] <gary_poster> hallyn, /etc/resolv.conf
[16:28] <hallyn> gary_poster: i think others (not in containers context) have seen that bug
[16:28] <gary_poster> oh ok
[16:29] <hallyn> stgraber: ^ do you know offhand why /etc/resolv.conf would get created as a symlink?
[16:29] <hallyn> (without resolvconf installed)
[16:29] <smb> hallyn, It might be related that now /etc/resolv.conf is a softlink into /run/...
[16:29] <apw> gary_poster, is this inside your container ...
[16:29] <hallyn> gah
[16:29] <gary_poster> apw, yes
[16:29] <hallyn> smb: is this brand-new?
[16:29] <apw> hallyn, resolvconf is now a depends on ubuntu-minimal or something
[16:29] <stgraber> hallyn: without resolvconf, no, but resolvconf is now the default :)
[16:30] <gary_poster> yes, resolvconf is installed in my container
[16:30] <smb> hallyn, It seems. At least this is the first time I got bitten. This morning boot was still ok
[16:30] <gary_poster> without my explicitly asking for it

[16:30]  * gary_poster pats hallyn on the back
[16:30] <apw> hallyn, so this seem like the same result we are seeing in schroots ...
[16:30] <stgraber> hallyn: I'm still fixing breakage of that change in a bunch of different packages, so feel free to assign the bug to me and I'll look once I'm done with schroot, ltsp, dhclient and live-build ;)
[16:31] <hallyn> stgraber: AFAIK there's no open bug yet.  should one be opened for lxc specifically?  i'd think this is a general bug...
[16:31] <hallyn> apw: have you opened a bug for the schroot case?
[16:31] <gary_poster> ok from perspective of user, you guys are on it, and I can manually change my /etc/resolv.conf .  I'm happy to help with filing or with testing if desired.
[16:32] <apw> hallyn, its tim's bug ... i'll ask him
[16:32] <smb> stgraber, /me wonders whether one can add xen to the list, too. At least I am broken in some strange way as well
[16:32] <hallyn> gary_poster: thanks.  it *sounds* like i should trivially reproduce once my tests are done running here (i can't creat a container right now :)
[16:32] <gary_poster> heh ok
[16:32] <stgraber> hallyn: schroot will be fixed in the schroot hook
[16:33] <hallyn> stgraber: what is the fix?
[16:33] <stgraber> hallyn: when entering schroot, /etc/resolv.conf will be removed and replace by the content of /etc/resolv.conf outside of the chroot
[16:33] <stgraber> hallyn: in the case of LTSP, I don't see why resolvconf wouldn't work in the container though
[16:33] <stgraber> *LXC
[16:34] <apw> stgraber, its a filesystem namespace just the same right ?
[16:34] <hallyn> stgraber: ok, i'll investigate and see if a bug needs to be filed.  thanks.
[16:35] <stgraber> hallyn: running actions post debootstrap might be where we need to fix it (copying the host's content during the few apt-get we do, then restoring the symlink)
[16:35] <stgraber> hallyn: the resulting container should work fine with /etc/resolv.conf being a symlink
[16:35] <hallyn> stgraber: ah, ok, i think we do the first part but we don't restore it
[16:35] <stgraber> which isn't true for schroot because it doesn't actually run any network configuration or call any upstart job (and so needs fixing in the hooks)
[16:36] <stgraber> hallyn: right, and cp /etc/resolv.conf $CACHE/etc/resolv.conf will fail (copying to dangling symlink)
[16:36] <hallyn> stgraber: it isn't failling here though.  that's what has me confused
[16:36] <apw> stgraber, or worse it'll copy over your real resolv.conf
[16:36] <stgraber> hallyn: so you need to mv $CACHE/etc/resolv.conf $CACHE/etc/resolv.conf.orig && cp /etc/resolv.conf $CACHE/etc/resolv.conf && do our stuff && mv $CACHE/etc/resolv.conf.orig $CACHE/etc/resolv.conf
[16:37] <hallyn> stgraber: right
[16:37] <stgraber> hallyn: oh, actually, no, don't cp, do "cat /etc/resolv.conf > $CACHE/etc/resolv.conf" or you'll end up copying the symlink from the outside, with the exact same result as you currently have ;)
[16:37] <hallyn> heh
[16:38] <apw> hallyn, is your outside upgraded enough to have resolconf installed by default?  it was very recent
[16:38] <apw> might be why you don't see it
[16:39] <hallyn> apw: i did just update an hour or two ago...
[16:41] <hallyn> but, resolvconf is not installed.
[16:47] <hallyn> stgraber: I'm going to test:  http://paste.ubuntu.com/819005/
[16:50] <stgraber> hallyn: that cat looks wrong seem like you're missing a >
[16:50] <jcastro> robbiew: smoser: ok so the cloud.u.c AMI browser is gone now, we just send people to cloud-images.u.c
[16:50] <stgraber> hallyn: other than that, yes, that should work fine
[16:50] <hallyn> ha, yes indeed
[16:51]  * hallyn watching debootstrap creep by
[16:58] <hallyn> smoser: SpamapS: does any code you own or know of currently rely on 'lxc-is-container'?
[17:00]  * rbasak wonders if there's a full text search capability of the entire archive source
[17:01] <Daviey> rbasak: it's called grep.
[17:01] <rbasak> :)
[17:01] <Daviey> zul: have you touched the keystone ci job?
[17:02] <zul> Daviey: no
[17:02] <rbasak> Daviey: you'll let hallyn know then? Will grep give you an answer before the release? :-)
[17:02] <Daviey> zul: looks like we have a name clash then
[17:02] <Daviey> rbasak: hah :)
[17:02] <zul> Daviey: hmm?
[17:02] <Daviey> rbasak: ISTR jodh was looking at a full text search tool.
[17:03] <hallyn> stgraber: hm, resolvconf fails to start though, presumably something to do with /run setup
[17:03] <hallyn> rbasak: ?
[17:03] <rbasak> it would be awesome to have a web-based searchable archive source browser
[17:03] <stgraber> hallyn: fails to start in a container or at install time in debootstrap?
[17:03] <rbasak> hallyn: sorry, nm
[17:03] <hallyn> stgraber: fails to start in container.  (status stopped)
[17:04] <zul> Daviey: repopro problems
[17:04] <hallyn> when i 'start resolvconf' it all starts fine
[17:04] <hallyn> before i started it, i had: /etc/resolv.conf -> /run/resolvconf/resolv.conf
[17:04] <hallyn> so i think i will push the fix i have so far.
[17:05] <Daviey> zul: how could reprepro be to blame?
[17:05] <stgraber> hallyn: can you try: lxc-start -n container -- /sbin/init --log
[17:05] <Daviey> zul: it is a filename clash
[17:05] <hallyn> ok
[17:05] <stgraber> hallyn: and then look at /var/log/upstart/resolvconf.log for the problem?
[17:05] <Daviey> somehting put it into the pool, zul :/
[17:05] <zul> not sure
[17:06] <zul> Daviey: well its not red anymore
[17:07] <hallyn> jjohansen: did the apparmor fix for pivot_root get into the kernel this week?  cause if not i think i'll push another profile to work around it.
[17:08] <hallyn> stgraber: note that resolvconf didn't start, but ssh did - so i'm not getting a console, but i can ssh in :)
[17:08] <Daviey> zul: did you do something?
[17:08] <zul> Daviey: nope
[17:08] <Daviey> hmm
[17:08] <Daviey> zul: i retriggered the job
[17:08] <hallyn> stgraber: /var/log/upstart exists, but no resolvonf in there
[17:08] <zul> Daviey: ok
[17:08] <hallyn> doh
[17:09] <hallyn> stgraber: resolvonf starts on mounted=/run, silly!
[17:09] <stgraber> hallyn: oh, ok, so it just doesn't start in our case ;)
[17:10] <hallyn> stgraber: so until we get rid of lxcguest (next week), what do you think we should do?
[17:10] <hallyn> i guess lxcguest.conf can just 'start resolvconf'
[17:10] <hallyn> or emit MOUNTED=/run
[17:11] <stgraber> hallyn: I had a similar issue in friendly-recovery yesterday, I went with "initctl emit mounted MOUNTPOINT=/run"
[17:11] <hallyn> stgraber: lxcguest is the right palce to do that you think?
[17:12] <hallyn> oh, no
[17:12] <hallyn> lxcmount
[17:12] <stgraber> should be lxcmount until we kill it (hopefully in a few days, we just need the new linux-meta now)
[17:16] <hallyn> yay, success
[17:16] <hallyn> stgraber: at this point the lxc commit is big enough i'd like a review - do you have time to review a bzr merge request?
[17:16] <hallyn> if not, well it works here so i'll push.
[17:17] <hallyn> (cause you look BUSY)
[17:17] <stgraber> hallyn: sure, I can have a quick look
[17:17] <stgraber> hallyn: yeah, I'm busy, but LXC is part of the list of things that need fixing because of resolvconf ;)
[17:18] <hallyn> stgraber: merge request sent
[17:18] <hallyn> stgraber: so i guess i'll wait for monday to talk to you and jodh about the upstart merge request for lxcconsole :)
[17:19] <lynxman> jamespage: ping
[17:19] <jamespage> hey lynxman
[17:19] <lynxman> jamespage: hello o/
[17:19] <lynxman> jamespage: I'm trying to bzr merge-upstream and I get an error saying that it's already merged
[17:19] <lynxman> jamespage: could this be an issue with the version numbering?
[17:19] <jamespage> might be
[17:20] <lynxman> jamespage: http://pastebin.ubuntu.com/819049/
[17:21] <jamespage> lynxman, please can you pastebin the output of bzr tags
[17:21] <lynxman> jamespage: sure
[17:21] <lynxman> jamespage: http://pastebin.ubuntu.com/819051/
[17:24] <stgraber> hallyn: looking
[17:26] <lynxman> jamespage: it did everything except the commit
[17:29] <jamespage> lynxman, hmm - it looks like a bug in bzr
[17:29] <lynxman> jamespage: heh :)
[17:29] <lynxman> jamespage: so what do you suggest
[17:29] <jamespage> if I alter the upstream version number to start with 1.0.0+git-3. instead of 1.0.0+git-2. it works OK
[17:30] <jamespage> lynxman, drink lots of hard spirits
[17:30] <lynxman> jamespage: heh :)
[17:30] <lynxman> jamespage: that's the plan anyway :D
[17:30] <lynxman> jamespage: will do that, thanks
[17:31] <jamespage> lynxman, actually it might be something else
[17:31] <jamespage> http://pastebin.ubuntu.com/819051/
[17:31] <jamespage> the order of the branches is weird
[17:31] <lynxman> jamespage: it really is
[17:31] <jamespage> lynxman, dpkg --compare-versions 1.0.0+git-2.55f6c88 gt 1.0.0+git-2.149b50 && echo OK
[17:32] <jamespage> no OK :-(
[17:32] <lynxman> jamespage: *sigh*
[17:32] <lynxman> jamespage: will push to 3 then
[17:32] <jamespage> lynxman, that should do it
[17:33] <lynxman> jamespage: thanks
[17:33] <jamespage> lynxman, that version number is well wonky!
[17:33] <Daviey> erm.. just make sure you don't make it so we cannot sync again :)
[17:33] <lynxman> jamespage: it is :)
[17:34] <lynxman> Daviey: can I call it "dorothy"?
[17:34] <Daviey> no.
[17:34] <lynxman> *pouts*
[17:34] <jamespage> Daviey: thats a good point
[17:35] <lynxman> Daviey: what would you suggest?
[17:35]  * jamespage scratches his head
[17:35] <jamespage> I hate git snapshots....
[17:36] <lynxman> Daviey: tried to contact the debian packager but he didn't reply
[17:36] <Daviey> jamespage: if $date-$githash is used, we are all good
[17:36] <jamespage> Daviey: if that where but the case
[17:37] <jamespage> it looks like $number.$githash in this case
[17:37] <Daviey> yeah
[17:37] <Daviey> $number is like an epoch it seems
[17:37] <jamespage> kinda
[17:37] <Daviey> so
[17:38] <Daviey> we need to make git-2.55f6c88 > git-2.149b50
[17:38] <Daviey> which it is
[17:39] <jamespage> sighs
[17:39] <Daviey> oh wait
[17:39] <jamespage> dpkg --compare-versions 1.0.0+git-3.55f6c88-0ubuntu1 gt 1.0.0+git-2.149b50-1ubuntu4 && echo OK == OK
[17:39] <Daviey> yep
[17:40] <jamespage> I think the issue is with the version parser in bzr
[17:40] <lynxman> Daviey: jamespage: so everybody agress to just jump to 3?
[17:40] <Daviey> i think it's the git"-"2
[17:40] <jamespage> its getting confused
[17:40] <stgraber> hallyn: looks good
[17:40] <Daviey> jamespage: it's not bzr's fault.
[17:40] <jamespage> Daviey: well maybe
[17:41] <jamespage> as I said the upstream versioning is wonky
[17:41] <hallyn> stgraber: thanks, pushing
[17:42] <jamespage> Daviey, lynxman: I think you have to go for the 3. option
[17:43] <hallyn> gah - banshee kills my cpu again  (and i don't notice for awhile figuring it's a compile running long)
[17:45] <jamespage> Daviey: we could upload as is as the package version string fix it - but the package importer will fail with the same issue
[17:45] <Daviey> jamespage: 1.0.0+git-2.20120127.55f6c88-0ubuntu1 ?
[17:45] <Daviey> jamespage: bzr isn't to blame here.
[17:46] <lynxman> Daviey: that'd be cool but would break our compatibility with debian wouldn't it
[17:46] <Daviey> lynxman: no
[17:46] <jamespage> I think Davieys suggestion is the best
[17:46] <Daviey> hmm
[17:46] <Daviey> if DM gores to git-3. we are good.
[17:46] <jamespage> lets face it - its an edge case due to poor use of git snapshot versioning
[17:47] <Daviey> if they go to one digit above, git-2.149b50 yes - we are not good
[17:47] <Daviey> jamespage: right
[17:47] <jamespage> I'd prob go with 1.0.0+git-2.20120127.55f6c88-0ubuntu1
[17:47] <jamespage> and deal with fallout as an when it happens
[17:47] <lynxman> Daviey: thats why, I think we should try to contact the debian packager again, maybe by mail
[17:47] <lynxman> Daviey: or just do what jamespage suggests
[17:48] <jamespage> lynxman, well its worth trying; if you could move to the $date-$hash format it would help alot
[17:48] <lynxman> jamespage: completely agree
[17:49] <jamespage> Daviey: is ipxe mega urgent?  or can lynxman take a bit of time to get a more effective long term resolution
[17:50] <Daviey> if he could move to, 1.0.0+git.20120127.55f6c88 - would be best
[17:50] <Daviey> removing the first - aswell.
[17:50] <jamespage> agreed
[17:50] <Daviey> Anyway, it's not as urgent as it was.
[17:50] <jamespage> anyway have to shoot - have a good one folks
[17:50] <Daviey> o/
[17:50] <Daviey> have a good weekend jamespage
[17:51] <lynxman> jamespage: have an amazing weekend
[17:51] <lynxman> Daviey: so try to contact debian packager, if not move to just date.hash?
[17:51] <Daviey> lynxman: right
[17:51] <lynxman> Daviey: cool :)
[17:54] <lynxman> Daviey: emailed him
[18:15] <NTHL> Hi, I'm on Ubuntu 10.04 server version, DCMTK in 10.04 is not the latest so I downloaded the latest .deb file. I then do "sudo dpkg -i dcmtklatest.deb" and "sudo apt-get -f install" but it didn't succeed. It still tells me that it has removed the old DCMTK and the latest DCMTK is not installed. Someone please advise me on what I should do to properly install the latest DCMTK on 10.04 !!!!
[18:17] <NTHL> does any1 see my message? cuz other than seeing who joined and quit,  I'm not seeing anything else
[18:17] <NTHL> I got no problem in #ubuntu
[18:32] <SpamapS> adam_g: hey, would bumping rabbitmq from 2.6.1 to 2.7.1 cause you any trouble? Seems like we should try and get the latest stable release into precise before Feb 16 FF
[18:37] <adam_g> SpamapS: i was just about to go look at that.. but no, i dont see any reason why it would cause any problems
[18:39] <adam_g> SpamapS: if you wanna stuff the packages in a PPA somewhere, id be happy to give it a test with charms + nova first
[18:47] <davidl_> Hi there...  looking for a little hep with rsyslog. (mine config doesn't seem to be working... log files are not updating).  I have a vanilla 11.10 Server AMD64 install.  I've done an apt-get update, apt-get upgrade, apt-get install octopussy (which is a web based log analyzer).  Not getting any log data and it looks like rsyslog isn't working.  Suggestions?  TIA.
[18:55] <SpamapS> adam_g: I gave it a quick shot, but the branch is messed up..
[18:55] <SpamapS> missing upstream-2.6.1
[19:09] <kalosaurusrex> Has anyone heard of an issue where if the cd-rom drive is not detected during the server/alt install that the installation will fail? (via usb install) I looked and haven't found a defect..
[19:12] <adam_g> roaksoax: im merging a new version of facter, were you able to look at getting the processor fact to detect ARM?
[19:15] <roaksoax> adam_g: not yet, was planning to work on it tis weekend lol
[19:17] <adam_g> roaksoax: can you pastebin /proc/cpuinfo from an ARM board if its handy?
[19:18] <roaksoax> adam_g: i'm not in the US atm and I'm gonna try to get
[19:21] <roaksoax> adam_g: don't have a pandboard with me, but gonna try to get ssh access into one
[19:21] <stgraber> hallyn: I just uploaded a new resolvconf changing its behaviour in chroots (non containers) a bit, that shouldn't break your fix though (just potentially make it pointless)
[19:22] <stgraber> hallyn: the new behaviour is not to convert to a symlink at install time but instead touch /var/lib/resolvconf/convert and have the upstart job create the symlink
[19:23] <stgraber> hallyn: so on a regular system this will happen immediately (as the package starts the upstart job) but in a chroot, it'll fail and will give you a regular resolv.conf, until this chroot is booted (which is the case for install chroots and containers)
[19:23] <Darkwing> spamaps so... it happenedgain lol
[19:23] <Darkwing> happened again
[19:23] <SpamapS> Darkwing: muhaha, you'll never get your shirt!
[19:23] <Darkwing> lol
[19:24] <Darkwing> oh well :P
[19:24] <SpamapS> It was in my bag on Sunday
[19:24] <SpamapS> but I was only there for an hour and didn't see you.. or if I did, I forgot about it
[19:24] <Darkwing> I did four interviews on sunday
[19:25] <hallyn> stgraber: lxc-ubuntu grants access to c 5:0.  i'm going to take that away.  it's waht lets contianers mess with my xmodmap settings, and container's console is not 5:0 anyway
[19:25] <Darkwing> Including Disney Animation... speaking of, part of that conversation was about Ubuntu vs Red Hat for their servers...
[19:26] <stgraber> hallyn: not quite sure why we allowed that to start with...
[19:27] <hallyn> big stick?
[19:27] <hallyn> now i'm trying to figure out which of my proc/sys apparmor denials is stopping initctl
[19:28] <adam_g> roaksoax: oh, i didnt' realize https://launchpadlibrarian.net/89070344/processor.diff
[19:33] <stgraber> hallyn: do you have dbus in that container?
[19:33] <hallyn> wtf - sysrq-trigger denial is stopping initctl?
[19:33] <hallyn> i think so
[19:34] <hallyn> you mean the packaged called dbus?
[19:34] <stgraber> yeah
[19:34] <hallyn> no
[19:34] <hallyn> should it be installed by default?
[19:34] <stgraber> no, it's just one of the ways initctl talks to upstart
[19:35] <stgraber> so in your case it means it's talking directly to it without using the system bus
[19:35] <hallyn> i just installed it to see if it makes a difference
[19:35] <stgraber> root@test01:~# echo h > /proc/sysrq-trigger
[19:35] <stgraber> -bash: /proc/sysrq-trigger: Permission denied
[19:35] <stgraber> root@test01:~# initctl start hostname
[19:35] <stgraber> hostname stop/waiting
[19:35] <hallyn> but why does it need sysrq-trigger to run initctl?
[19:35] <stgraber> so doesn't seem to be linked to sysrq-trigger, at least not on my machine :)
[19:36] <stgraber> it doesn't, at least for me
[19:36] <hallyn> i'm playing with http://people.canonical.com/~serge/lxc.apparmor
[19:37] <stgraber> hallyn: mine is "rwklx", not sure if denying read access too makes a difference
[19:37] <hallyn> with all lines except sysrq-trigger uncommented, it works.  with sysrq-trigger denied, i do get ssh and dhclient workign; but no console
[19:37] <hallyn> i'll try
[19:38] <hallyn> stgraber: btw denying 5:0 also stops it mucking with my sound level
[19:38] <hallyn> yeah, either i'm being impatient, or adding 'r' to deny for sysrq-trigger fixes it
[19:39] <hallyn> well it's not jsut patients - i get a msg about initctl denied
[19:39] <hallyn> initctl: Event failed
[19:40] <hallyn> stgraber: and when i deny r, i do not get that msg.  fascinating!
[19:40] <hallyn> (had to re-check since getty idiotically clears the screen)
[19:41] <hallyn> stgraber: so with new http://people.canonical.com/~serge/lxc.apparmor lxc with apparmor is working for me.
[19:42] <stgraber> hallyn: cool. I'm sure we'll want to tweak a few things but that's a really good start.
[19:43] <stgraber> hallyn: and the sooner we have it in Precise, the more we'll catch before release
[19:43] <hallyn> stgraber: yeah i won't push it right away :)  i'm hoping for mount restrictions
[19:43] <hallyn> hm, well, should i try to push it monday?
[19:43] <hallyn> and, do you think 5:0 fix is worth pushing today?
[19:43]  * hallyn thinks of the poor buildds
[19:44] <stgraber> pushing the apparmor stuff on Monday sounds good
[19:45] <stgraber> according to https://launchpad.net/builders/ the builders are sleeping :)
[19:46] <hallyn> eh, maybe i should risk today then...
[19:47] <stgraber> actually, we should have the new kernel on Monday, so we should also be able to try and drop lxcguest :)
[19:47]  * hallyn hoping
[19:50] <hallyn> well, i've stashed it in lp:~serge-hallyn/ubuntu/precise/lxc/lxc-apparmor for now.  will test more tomorrow and push monday.
[19:56] <hallyn> man i'm full of typos today
[19:56] <hallyn> i'd say butterfingers, but then i might eat them
[19:56] <Daviey> i'm full of hypo's today :)
[19:59] <hallyn> :)  <crunch>  d'oh!
[20:05] <Daviey> adam_g: I'm going to stop sponsoring your work, and suggest others do aswell.
[20:05] <adam_g> Daviey: its that time, huh?
[20:05] <hallyn> "sink or swim" ?
[20:05] <Daviey> adam_g: Apply for damn upload rights :)
[20:05] <hallyn> Daviey = mean daddy
[20:06] <Daviey> cruel to be kind :)
[20:06] <hallyn> all right, package built and installed, lxc with apparmor working great.  \o/
[20:08] <hallyn> stgraber: btw in case i haven't mentioned, https://code.launchpad.net/~serge-hallyn/ubuntu/precise/upstart/upstart-containers was my tree for putting lxc consoles into upstart.
[20:08] <hallyn> bbl
[20:10] <Daviey> adam_g: doesn't d/rules seem a little verbose?  http://pb.daviey.com/NJba/ debian->ubuntu
[20:18] <stgraber> hallyn: any problem with having lxcconsole.conf be "start on container"? I'm also not too sure about whether upstream upstart will want the running-in-container script as part of the upstream code but that's something to discuss with jodh
[20:19] <hallyn> stgraber: i think start on continer is fine...
[20:24] <adam_g> Daviey: compared to debian? yes, it has been since oneiric: debian/rules: use what we had in natty; we don't want ruby-pkg-tools in main
[20:26]  * adam_g lunch
[20:45] <zul> adam_g: i think it might be a good thing to have ruby-pkg-tools in main, since the devops people seem to like ruby
[20:46] <roaksoax> zul: has it ever been in main?
[20:46] <zul> roaksoax: no but it will make life easier down the road me thinks
[20:47] <roaksoax> zul: eventually, yes
[20:53] <adam_g> zul: does that include gem2deb as well?
[20:53] <zul> i think so
[20:53] <zul> i havent looked at it recently
[21:05] <stgraber> hallyn: confirmed LXC still works with resolvconf -1ubuntu5 (clean template and new container)
[21:52] <adam_g> zul: did the ec2 cert nova stuff make it into e3?
[21:53] <zul> adam_g: for keystone?
[21:54] <adam_g> zul: the new nova service to allow euca-upload-bundle to work
[21:54] <zul> adam_g: ah yes...
[21:55] <adam_g> zul: into the e3 ubuntu packages?
[21:55] <zul> yeah its the nova-cert daemon/package
[21:56] <adam_g> ah, cool thanks
[22:10] <Daviey> zul: How did you get on switching the git creation stuff?
[22:11] <Daviey> roaksoax: Any news on those NEW packages (oops et all)
[22:11] <Daviey> adam_g: Are you looking to wrap more tests into the CI?
[22:11] <Daviey> vish suggested the exercise stuff from devstack tree?
[22:14] <adam_g> Daviey: doing that right now. we're already using the euca exercise test from devstack as our simple test. im going to create a seperate test for the devstack tests that we can trigger from the main precise-openstack-test job. the same for tempest, at some point
[22:15] <Daviey> adam_g: will you have time before EoW to get that live?
[22:15] <Daviey> Don't panic about it, few upstream commits happen over the weekend... just curious
[22:18] <Womkes> What kind of firewall would you guys recommend for a simple LAMP ubuntu server that is going to serve some websites, maybe later e-mail hosting.
[22:19] <adam_g> Daviey: the devstack stuff, yeah.
[22:19] <Daviey> adam_g: you really float my boat, you know that?
[22:19] <adam_g> :)
[22:19] <Daviey> Womkes: ufw
[22:19] <Daviey> !ufw | Womkes
[22:19] <adam_g> Daviey: tempest is at least runnable against the cluster again, but lots of test fail and it takes ~35 mins for a full run. rather hold off turning that on for a while
[22:20] <Daviey> adam_g: yeah
[22:21] <Womkes> Thanks Daviey, looks like exactly like what I was  looking for
[22:21] <Womkes> easy way to give access to services
[22:21] <Womkes> http/mail/dns
[22:22] <Daviey> Womkes: try, sudo ufw allow http
[22:22] <Daviey> etc
[22:22] <Womkes> What would you do as common practise security measures after installing a ubuntu server with the LAMP stack. I was thinking about (1) firewall (2) unattened-upgrades and (3) rkhunter?
[22:23] <Womkes> Its a simpel server for myself to host some PHP stuff im working on
[22:23] <Womkes> and php with suhosin
[22:24] <RoyK> Womkes: why rkhunter? if the server is just installed, there really shouldn't be much chance for a rootkit
[22:24] <kerframil> Womkes: make sure MySQL is bound only to the loopback interface (probably will be by default though)
[22:24] <RoyK> btw, chkrootkit might be just as good
[22:25] <RoyK> or make sure mysql isn't installed :P
[22:25] <Womkes> I need mysql :)
[22:25] <RoyK> use postgres :P
[22:25] <Womkes> so only accessible through the 127.0.0.1 TCP not via the socket?
[22:25] <RoyK> IIRC default mysql install listens to localhost only
[22:25] <RoyK> socket is local anyway
[22:25] <kerframil> Womkes: you can use unix domain sockets only if you like
[22:25] <RoyK> so that should be even better
[22:25] <Womkes> yeah, I don;t need outside access for the mysql
[22:26] <Womkes> Although its onlyh for myself for testing, I do want it to be secure
[22:26] <RoyK> ufw allow ssh && ufw allow http && ufw enable
[22:26] <kerframil> Womkes: having TCP access can be helpful though
[22:26] <Womkes> maybe allow from my home IP or something
[22:26] <RoyK> kerframil: for localhost, yes...
[22:26] <RoyK> Womkes: why?
[22:26] <Womkes> Well, could come in handy for development
[22:26] <Womkes> SQL tools
[22:27] <Womkes> instead of phpmyadmin
[22:27] <Womkes> i like heidisql
[22:27] <kerframil> Womkes: it's not a given that domain sockets scale better either. something to bear in mind.
[22:27] <RoyK> Womkes: if so, make sure you don't allow any IP to connect to mysql - use ufw
[22:27] <Womkes> yeah exactly, limit mysql to my IP
[22:27] <kerframil> Womkes: don't do that. you an access mysql trivially with an ssh tunnel.
[22:27] <Womkes> ah yes, haven't thought about that
[22:27] <RoyK> ufw allow ... ^W^W^Wman ufw
[22:28] <Womkes> thanks for the input
[22:28] <Womkes> im uploading ubuntu server image to my vmware datastore now, soon as its done i will install it :)
[22:28] <kerframil> Womkes: ssh works great as an ad-hoc VPN for basic TCP forwarding. for anything more demanding, openvpn is good.
[22:29] <RoyK> imho ssh is good for most use given sufficient bandwidth
[22:29] <Womkes> after I got this going I was thinking about trying to setup my own mailserver with some webmail. Been looking into webmail solutions so far roundcube looks pretty nice
[22:29] <kerframil> Womkes: speaking of ssh, consider using pubkey auth only
[22:29]  * RoyK logs into his bacula server with ssh and starts bat over a wan link to check backup status
[22:29] <kerframil> RoyK: yeah, it does the job for ad-hoc stuff
[22:29] <Womkes> any of you got recommendations for IMAP and SMTP server?
[22:30] <kerframil> RoyK: for MySQL, compression is helpful
[22:30] <RoyK> !mail
[22:30] <Womkes> ive used hm
[22:30] <Womkes> what was it (thinking)
[22:30] <RoyK> kerframil: ssh compression is generally useful imho
[22:30] <kerframil> Womkes: dovecot for imap, by far. for smtp, I like postfix but exim is reportedly good. don't like sendmail.
[22:30] <RoyK> !postfix
[22:30] <RoyK> !dovecot
[22:30] <Womkes> Ive used cyrus before
[22:30] <Womkes> And exim
[22:30] <RoyK> dovecot/postfix is "preferred" on ubuntu
[22:30]  * RoyK uses Zimbra
[22:31] <kerframil> Womkes: dovecot is so much better than the other imap servers; there's really no comparison
[22:31] <Womkes> But happy to expand my horizon a bit to learn maybe better packages
[22:31] <Womkes> ok, dovecot sounds good, and would you recommend for smtp server?
[22:31] <RoyK> postfix is good
[22:32] <RoyK> imho the best mta out there
[22:32] <kerframil> Womkes: my vote would go for postfix
[22:32] <Womkes> ok, well both are new for me, cyrus and exim i've used, so happy to learn somethign else :)
[22:32] <RoyK> but then, I have close to zero experience with exim, so I can't really compare the two
[22:33]  * RoyK moved directly from sendmail to postfix
[22:33] <Womkes> well, I'm kind of looking to what work well with ubuntu too of course. don't want to stray to far from home in that regard
[22:33] <Womkes> makes it easier to find howto's
[22:33] <RoyK> true
[22:34] <Womkes> Yeah, I use Zimbra at my work also, but that seems like a pretty hefty application
[22:34] <RoyK> it's pretty heavy
[22:34] <Womkes> works fine
[22:34] <RoyK> lots of java sniplets etc
[22:34] <Womkes> but this is just for personal use and to learn a bit more
[22:34] <RoyK> but fucking brilliant for a lazy admin :D
[22:35] <RoyK> anyway
[22:35] <Womkes> After I got that all setup need to think about a backup method :P
[22:35] <RoyK> dovecot isn't hard to manage
[22:35] <RoyK> dovecot backup is just file backup
[22:35] <Womkes> I still have two Dell R300 server laying around here. I was think about maybe installing xen on both of them and mirror eachother
[22:35] <RoyK> zimbra backup is not that easy, with open database files etc
[22:35] <Womkes> eventually I want to use the server to host my personal e0-mail also
[22:36] <RoyK> what's in the r300?
[22:36] <Womkes> by that time I want to have my data secured of course
[22:36]  * RoyK doesn't know dell too well
[22:36] <Womkes> like a quad core 2.4 GHZ and 8 GB memory
[22:36] <Womkes> 1 hdd but I can put another in
[22:36] <Womkes> I got two identical ones
[22:37] <Womkes> and I can colocate them in a datacenter with a friend of mine free of cost
[22:37] <Womkes> that's why im trying to learn a bit more
[22:37] <Womkes> first with a vmware for some testing
[22:37] <RoyK> so all you need is a good box with a truckload of disks and openindiana/zfs for storage? :D
[22:37] <Womkes> well, :D
[22:37] <Womkes> was thinking about some kind of redundant setup with the two server
[22:37] <Womkes> which keep the data in sync
[22:38] <Womkes> doesn't have to be like super active with automatic failover or anythiugn like that
[22:38] <Womkes> just when one server dies I can put the other one online without loosing al my data (personal mail and stuf)
[22:38] <RoyK> I'd vouch for shared storage
[22:38] <Womkes> I've been reading about DRDB
[22:38] <Womkes> with xen
[22:39] <RoyK> drbd works too
[22:39] <Womkes> well I don;t have  a seperate storage server
[22:39] <Womkes> just the two dells
[22:39] <Womkes> which I can put in software raid 1
[22:39] <RoyK> then drbd is probably a good choice
[22:39] <RoyK> drbd is essentially mirroring over IP
[22:39] <Womkes> yeah, and then keep the disk images for the xen vm's in sync
[22:39] <Womkes> that i what im thinking
[22:39] <RoyK> so used with pacemaker ...
[22:40] <Womkes> but doesn't have to be full automatic, no need for virtual IP's or anythign like that
[22:40] <Womkes> i'm happy to just add the IP of the primary server to the secondary if the primary fails
[22:40] <Womkes> and then fire up the xen vm again
[22:40] <Womkes> that should work right ?
[22:41] <Womkes> I'm looking to avoid any hassle of making backups of the file system and database
[22:41] <NeoNetNinja> I don't mean to interrupt but I would just like to thank all of you in #ubuntu-server for making the most amazing and useful server operating system EVER! Giga-props and much respect to you all!
[22:41] <Womkes> that seems a bit to complicated for me at this time
[22:41] <Womkes> THen I need to figure out which directories/files I need to backup
[22:41] <Womkes> and have a better restore plan
[22:42] <Womkes> So, ufw for firewall, dovecot and postfix for mail, roundcube for e-mail, xen + drdb for redundancy
[22:43] <Womkes> looks like a nice project :)
[22:43] <roaksoax> Daviey: i'm packaging them from pypi and are pretty simple. Should have them by monday/tuesday
[22:43] <roaksoax> Daviey: depending on how much I work on them this weekend
[22:44] <Womkes> thanks for the help guys
[22:44] <roaksoax> Daviey: i'll let you know as soon as they are ready for you to review
[22:46] <NeoNetNinja> I was amazed how easy it was to configure 802.3ad...
[22:46] <NeoNetNinja> I building another server and will be using US...
[22:47] <NeoNetNinja> I'll be able to backup my entire network and then backup the server in the cloud all with Duplicity
[22:47] <NeoNetNinja> :)
[22:47] <NeoNetNinja> via FTP
[22:47] <Womkes> at my work they recentlyh setup a new cloud platform with onapp, some sysadmins did presentation last week
[22:47] <Womkes> that was really really nice
[22:47] <Womkes> very impressed by the whole setup
[22:49] <Womkes> and for backup they use r1soft, had the priviledge of myh collegeau showing how that work also
[22:49] <Womkes> amazing backup system
[22:49] <NeoNetNinja> cool
[22:51] <Womkes> cool story bro :P
[22:51] <Womkes> nah but really, very impressed with the whole setup
[22:51] <Womkes> makes me happy to have colleague that know what they're doing
[22:52] <roaksoax> Daviey: https://launchpad.net/~andreserl/+archive/ppa/+files/oops_0.0.10-0ubuntu1~ppa1.dsc there's one.. i'll be uploading them to my PPA for review then you or someone else can do the peer review