[00:00] i have ubuntu server 10.04 but I´m very new in this [00:00] but I need to learn this for the copany [00:00] company [00:00] Quitting was probably not a good start === Lcawte is now known as Lcawte|Away [00:05] hey guys does anyone know if it is possible to enable dynamic_debug in lucid 10.04? [00:08] Never heard of it [00:11] its in the kernel docs [00:12] So grep for CONFIG_DYNAMIC_DEBUG in /boot/config-NNN.gz [00:13] not set [00:14] oh man. [00:14] There you are then [00:14] a recompile eh [00:14] You could reroll the kernel package but it's probably not worth the effort [00:14] Hello [00:15] i have installed an ubuntu server and made it to a router [00:15] it is for me, last resort. im having intermittent issues with bonding over ixgbe interfaces. [00:15] and what i need to know is where i save iptalbes NAT Forward rules ? [00:15] so a reboot wont purge my settings [00:15] in centOS it's the file /etc/sysconfig/iptables-config [00:15] but in ubuntu ? [00:18] http://bugs.debian.org/657113 [00:18] Sorry, wrong channel [00:22] sethras, use `iptables-save > myrules.out` , then in /etc/network/interfaces: under eth0 `post-up /sbin/iptables-restore < /etc/iptables/myrules.out [00:22] sethras, so rules are restored every time eth0 starts up [00:23] Wrong. [00:23] also if its simple enough, ucf might be a simpler choice [00:23] The ruleset SHOULD be loaded BEFORE any interfaces are up [00:23] The exception is if you need DNS to resolve hostnames in the ruleset. [00:23] Wrong? or "sub-optimal" ? [00:24] SpamapS: well it leaves a nonzero hole where you can be connected to and you have no fw [00:25] http://paste.debian.net/154122/ is what I do on ubuntu systems; on Debian I use iptables-persistent (which performs poorly on ubuntu due to ubuntu using a non-portable init). [00:25] Also ref http://cyber.com.au/~twb/doc/iptab and #networking channel [00:25] Er, sorry, #netfilter channel. #networking is full of idiots. [00:28] hhaha [00:43] Anyone have a pointer as to what determines the urgency of security updates to packages? [00:46] They count how many hairs on kees' neck are standing up [01:04] twb: heh. [01:05] Aengus: perhaps ask in #ubuntu-hardened [01:05] SpamapS: cheers [01:14] mtaylor: still around? [01:25] hallyn: only starting to look at your branch now, will try to spend some time on it tonight so I have something for tomorrow morning [01:32] stgraber: cool [02:16] so guys, I fixed my problem of having forgotten my server cd and the new prospective server could not boot from my usb installer [02:17] luckily I had grub2 already on the tower via an old ubuntu desktop installation [02:17] unetbootin the server iso to the hard drive heh [02:17] rebooted and it loaded the install into ram and took off [02:17] very nice [02:54] Help, does anyone know how to bridge eth1 to wlan0,,, what command do I need? [03:14] SolarNRT, auto br0;iface br0 inet dhcp;bridge_ports wlan0 eth1 [03:28] zul: pushed some mix fixes to lp:~openstack-ubuntu-testing/+junk/keystonelight [05:19] if I want to make a global bash command, where do I save it? /bin ? /usr/bin ? /etc/init.d ? [05:20] or does it matter? [05:46] New bug: #924105 in puppet (main) "integer out of range errors for fact_values" [Undecided,New] https://launchpad.net/bugs/924105 [07:12] Hello, i am currently trying to set up a router via my secondary NIC on my UBUNTU server, basicly this router is supposed to serve internet to users. Primary NIC is connect straight to the NET while as i said earlier the Secondary NIC goes to the wireless router. I Have managed to establish connection to the server via wireless, but does not seem to get past it or out to the internet. is there anyone which can assist me in thi [07:19] driiper: so on your internal NIC, you have a non-routable address (192.168.x.x, 10.x.x.x, or something around 172.16-32.x.x ? [07:21] The NIC going to the internet have my external IP (going through a bridge) while i currently configured ETH1 (secondary ) to 192.168.0.1, [07:22] if that makes any sense [07:25] Internet --> eth0 (external ip) ---> eth1 (Internal ip) ---> Wireless router ---> Clients, | this is what i am trying to achieve. i have managed to connect to the server via a wireless client using the gateway i used in the router (eth1 Ip) [07:38] hmmm [07:39] driiper: so have you done anything to setup NAT? [07:41] driiper: https://help.ubuntu.com/11.10/serverguide/C/firewall.html [07:41] driiper: look at 'IP Masquerading' [07:41] Not that i know of. i made the eth1 static and used that on the router. obviously i have to make some kinda bridge or routing from eth1 to eth0 inorder to get onto internet, but i guess thats what i have to do? By the way, do i have to set up a DNS server, or can i still use the one provided by my isp ? [07:42] driiper: its a good idea to run something like dnsmasq on your firewall to cache DNS responses locally... [07:43] ok, ill try this out. but so i am clear, this is supposed to route the incoming connection from eth1 to eth0 right? [07:44] so it would be like a routing basicly [07:45] driiper: the given example doesn't mention eth1, but it takes packets from 192.168.0.x and gives them the address of eth0.. and sends them out on eth0.. and translates replies back to the appropriate 192.168.0.x address.. this is known as "NAT" or "Masquerading" [07:45] driiper: this is what every $40 router+wifi thing you can buy does. [07:46] (which is why I don't do this anymore.. ;) [07:46] I just let the WRT54G get 'er done. :) [07:48] yeh well i called my ISP yesterday about having slow speed on my internet connection (Supposed to have 40/40) but only got like 10/10. and yeh , they told me that i had to set my router (ISP central) into bridge mode becuase it couldnt handle more than 2-3 port forwardinggs ( i had like 30). so now im stuck with a old B standard wireless router to my clients [07:48] toh the budget [07:48] oh* [07:49] well yeah, 802.11b is 11Mbit, and half-duplex.. [07:49] mhm :( not really the ting i would want for myself :P [07:49] driiper: honestly.. what more do you need? ;) [07:50] you know [07:50] be seedin these torrentz!! [07:50] nah it be working fine i guess. [07:50] * SpamapS will never understand why that is so universally acceptible. :-( [07:51] the torrent community will be gone in some few years, just wait and see :) [07:51] or [07:51] big parts of it anyways [07:52] trackers shutting down like crazy these days, i guess the days of payment is near [07:53] but yeh. thank you for your help! ill get back to fixin this thingy! [07:53] driiper: they'd have arrived sooner if torrenters had just stopped buying crappy DVD sets of stuff they already torrented. :-/ [07:54] * SpamapS puts the soap box back in the closet [07:54] haha true :D === koolhead17 is now known as koolhead17|afk === himcesjf2 is now known as himcesjf [08:38] New bug: #924187 in passlib (universe) "todo's for passlib packaging" [Undecided,Confirmed] https://launchpad.net/bugs/924187 [08:49] New bug: #924189 in python-memcache (universe) "python-memcache todo's" [Undecided,New] https://launchpad.net/bugs/924189 [09:21] New bug: #924197 in sysstat (main) "Unable to get the next Data source after 24 hours" [Undecided,New] https://launchpad.net/bugs/924197 [09:23] New bug: #924195 in sysstat (main) "cannot report ubuntu-bug -w on isag window" [Undecided,New] https://launchpad.net/bugs/924195 [10:18] anyone up? [10:18] I [10:27] <_ruben> we're all down [10:27] lol [10:27] I have a questions, basically: [10:27] I'm looking for a used server that does SATA not SCSI that will run Ubuntu Server well [10:28] all the ones on Amazon that are cheap only do SCSI === vivek_ is now known as Vivek === alaing_ is now known as funkymonk === funkymonk is now known as alaing [11:19] i work with dmcrypt/luks container files to keep data save. i search for a solution to avoid to have fixed container size, is there a solution for self growing container files? [11:20] maybe something like ecryptfs, but i found no documentation about that [11:21] heh? ecryptfs isn't a container [11:22] why can't you grow dmcrypt/luks? [11:25] can container files be enlarged? the only way i see is to create a new one, and copy the data. And you are right, ecryptfs is a crypt filesystem, not a container file. [11:27] I always luks the whole drive [11:27] then used lvm to join the drives together [11:27] mainly did that so I could thread luks over multible cpu's [11:28] as dmcrypt is single threaded per instance [11:30] good idea, that would work well. but in my situation i have to use a bunch of container files on an unencrypted partition (or i have to create a lot of partitions which will be even more unflexible) [11:30] btw: the multithreading reason is a good advice! [11:55] Daviey: do you want to drive off of approved gerrit reviews? or on upload of any patchset? [11:56] jamespage: any patchset i think [11:56] it's a pre-validator before a human review IMO. [11:57] Daviey: OK so that is different to the gating in upstream - they wait for an approval before testing. [11:57] jamespage: Hmm, have you seen SmokeStack ? [11:57] Daviey: no [11:59] Anyone know about a opensource mature virtualisation platform with clustering? [12:05] jamespage: we shouldn't ignore, https://github.com/dprince/openstack_vpc either [12:08] jamespage: BTW, have you seen that you have started reviewing? https://review.openstack.org/#change,3309 [12:08] Daviey: oops [12:08] jamespage: but anyway, with that example, smokestack did a smoketest before it was Approved [12:09] it tests when a new patch set is pushed [12:09] Daviey: thats a feature of the plugin - as soon as I pull and review I get marked as reviewing [12:09] jamespage: right, i checked with monty about that.. he said there was a config option to make it quiet. [12:10] 15:39 < mtaylor> Daviey: there's a flag in the job config to run in "silent mode" [12:11] Hmm, regarding smokestack - unless it has a huge queue... the timestamps cause some doubt for me, https://review.openstack.org/#change,3558 [12:13] Daviey: and this one - https://review.openstack.org/#change,3273 [12:13] doh [12:14] jamespage: long term, it would be good if it only posted results, not a Started and Finished IMO [12:14] but at the moment, i think it should be silent. [12:15] jamespage: note, the current target seems to be trunk proposals.. we want stable/diablo right? [12:15] Daviey: lets assume for a minute that I'm just testing this... [12:15] stable/diablo don't get many [12:15] jamespage: right.. [12:16] its not running in the lab either FYI [12:16] jamespage: yeah, i guessed that with hendrix :) [12:18] Daviey: OK - figured out how to disable that for the time being [12:19] its a little more than a toggle... [12:19] oh [12:20] yeah - I had to remove the actual commands that the plugin runs at certain points during testing [12:20] but I saved them! [12:22] Daviey: reckon I should comment on those two review to apologize? [12:22] jamespage: it's in your name, i'd just hold fire and await a comment [12:23] if it has an offical sounding title.. then yeah.. but i thinmk you are ok [12:23] ue, "Ubuntu Openstack Validation Bot" [12:23] ie* [12:25] irssi just segfaulted on me.. gah. [12:26] Daviey, ack [12:33] lynxman, trying to look at your MP but bzr just broke on me === Vivek is now known as Guest96249 === Guest96249 is now known as Vivek [13:36] hi [13:37] I'm looking for the switch that says "this server is in a 19" rack, do not under any circumstances stop the boot process before starting sshd, even if an iSCSI target is missing" [13:38] that is, it is okay if any filesystem except root fails to mount [14:01] Aengus: re security update priority> it is a combination of a lot of things: http://people.canonical.com/~ubuntu-security/cve/priority.html [14:01] Aengus: did you have a question about a specific issue? [14:02] GyrosGeier: are you looking for the noauto flag in /etc/fstab? [14:04] jamespage: no worries :) [14:06] rbasak, in principle I want automount if possible [14:06] the important bit is that it should never drop into a console [14:07] (because there isn't one= [14:08] I don't know if such a mechanism exists, but it doesn't seem practical in the general case to me. What happens if subsequent services fail because mounts are missing? If you have complicated needs, set noauto and manage it manually - say in rc.local or something. And then take care of any services that depend on the mounts. [14:09] the most important bit is that ssh works [14:10] waiting for someone to drive to the colo facility, plug in a keyboard and press "S" is even less practical than having random services fail, IMO :) [14:11] you could hack an initramfs-tools hook and script in place that switches on networking in the initrd and fires up sshd by default [14:11] you might change /etc/init/ssh.conf to start on local-filesystems instead of filesystem or something, but my upstart fu is weak and I don't know what other implications that might have. [14:12] I think that is already the case [14:12] that's a point - will networking even be up at that stage? [14:12] but the fs is ext3 on SCSI [14:13] I think the general solution is that if the mounts aren't critical to the system booting and you want the system to boot regardless of them, then set them noauto and mount them in rc.local. That's the least hacky answer. [14:13] OTOH, if you break something that the system's boot depends on, don't expect the system to be able to boot :-) [14:15] OR, perhaps you're asking for a new feature - ssh capability in the event of boot failure. If that doesn't exist it sounds like a good idea. === Ursinha` is now known as Ursinha_ [14:15] Not sure this is helpful, but there seems to be a nofail for fstab... === Ursinha_ is now known as Ursinha [14:17] smb: that sounds perfect :) [14:17] If it works as one expects. Have never tried, just looked at man fstab [14:29] I have a question for the kernel people : any reason why Ubuntu kernel is less agressive in caching FS writes than the RHEL kernels ? [14:30] kernels would be Lucid (2.6.35) .vs. RHEL 5.5 (2.6.18) [14:31] on a DL380/G7 writing a 11Gb file with dd (to cache) takes 120s on Ubuntu and 9s on CentOS! [14:31] Caribou: same server? [14:32] when bypassing the cache (using oflag=direct) I get 221s for Ubuntu and 190s for CentOS [14:32] henkjan_: yes, identical H/W same disks/ctrls [14:33] looks like the centos one has write back cache enable on the raidcontroller? [14:34] henkjan_: AFAIK, smart array don't have WB cache and if so, it would be enabled on both === henkjan_ is now known as henkjan [14:35] I'd get the same behavior with oflag=direct but the values are much closer [14:36] henkjan: here is an example : http://paste.ubuntu.com/823880/ [14:40] lynxman, sorry more comments on ipxe [14:41] jamespage: no worries :) [14:44] Daviey: w00t - I got a gerrit trigger build on trunk! [14:45] jamespage: about that... do you think it's a good idea? [14:45] perhaps we should do it by hand? [14:45] lol [14:45] jamespage: Sorry, i am blowing smoke.. :) [14:45] so long as you are willing to be the button pressing monkey [14:46] soren: that is great to hear, so are you using gerrit as the trigger or github commit? [14:46] err, jamespage ^^ [14:46] gerrit [14:46] you have never got me mixed up with soren before... [14:47] /3 [14:48] jamespage: Yes, sorry - a real insult that was :) [14:48] jamespage: Seriously, that is topnosh! [14:48] Really pleased it's going well. [14:48] hallyn, hey. lxc on precise is hanging for me, with lucid containers. I'm up-to-date, and I tried a brand new lucid container. Details: http://pastebin.ubuntu.com/823882/ . OTOH, a new precise container works fine, and is much faster to start than it used to be. We kinda need both lucid and precise though. [14:48] jamespage: saw your comments, I don't really know what else to do tbh, this has been very time consuming [14:49] jamespage: feel free to take over if you want, can't justify more time on this cleaning the upstream lintian errors I'm afraid [14:52] hallyn, ping. === scubes13 is now known as BEZ|Kevin === bladernr_afk is now known as bladernr_ [15:03] Oneiric is also fine. It is only lucid (that I care about; N and M are not important to me). [15:14] hallyn, ping again (different topic) [15:15] zul, did you push to lp:ubuntu/libvirt ? [15:15] smoser: no [15:16] hallyn, I filed https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/924337 so I could track [15:16] Launchpad bug 924337 in lxc "lxc on precise is not working with lucid containers" [Undecided,New] [15:16] buenas [15:16] como configuro un server ubuntu 10.04 para crear una unidad compartida [15:17] se puede usar los tutoriales de ubuntu server 11 para losde ubuntu 10.04 [15:17] zul, i just ased because it is up to date with your upload, but not the most recent one. [15:17] and its failing [15:17] http://package-import.ubuntu.com/status/libvirt.html#2011-05-26%2020:07:23.558315 [15:17] hi people sorry I think that this canal in spanish [15:17] and i wondered if hallyn was manually pushing [15:17] Decepticon: Try #ubuntu-es :) [15:18] i have ubuntu server but i need to share a folder or unity [15:18] Pici: thanks but I can speak englsih, dont problems [15:19] Okay :) [15:19] Pici: do you do of ubuntu server ¿_ [15:19] Decepticon: I do. [15:19] Pici: thanks a God [15:19] jejej [15:19] Pici: i have ubuntu server wit ubuntu 10.04 server [15:20] but i have manual of ubuntu server 11.04 [15:21] this manual is compatible [15:21] manual of ubuntu server 11.04 but i use ubuntu server 10.04 [15:21] Pici: please help me with this [15:21] Decepticon: It should be. You can use https://help.ubuntu.com/10.04/serverguide/C/ instead if you want though. [15:21] smoser: package importer always fails for libvirt (and qemu) [15:22] smoser: yes i've been manually doing import-dsc and push [15:22] Pici: ok! thanks [15:22] hallyn: so i can use for this =? [15:22] hallyn, have you ever asked in #bzr to maybe get it sorted out ? [15:22] of course [15:22] pls feel free to take your turn [15:23] :) [15:23] funny [15:23] yeah. i've done it, and just asked. [15:23] anyway. [15:23] second question for mr. hallyn. [15:23] hallyn: thanks [15:23] Decepticon: sorry iw asn't talking to you [15:23] Decepticon: pls re-ask your question, i don't follow [15:24] hallyn: ok!, dont problems [15:24] hallyn: cheeck. i have a manual of ubuntu server 11.04 but I use to ubuntu server 10.04 [15:24] bug 924281, hallyn was the second question. [15:24] Launchpad bug 924281 in cgroup-lite "cgroup-lite not installable inside 'lxc create -t ubuntu' container" [Undecided,New] https://launchpad.net/bugs/924281 [15:24] this manual is compatible with my server [15:25] Decepticon: I've not paid as much attention to the manuals as I should. I'd look at the 10.04 one like Pici suggested. [15:25] Decepticon, probably somewhat. but it wont be 100% compatible. === medberry is now known as med__ [15:25] New bug: #924337 in lxc (main) "lxc on precise is not working with lucid containers" [Undecided,New] https://launchpad.net/bugs/924337 [15:26] hallyn: ok perfect thanks [15:26] smoser: thanks [15:26] smoser: this is new for me [15:26] hallyn: thanks [15:26] anything in the afthernoon to entrance to canal [15:26] thanks a lot [15:26] smoser: i'll have to look into it. [15:26] bye bye === med__ is now known as med_ [15:26] good day [15:27] gary_poster: ditto (i'll have to look into it - it's been working for me perfectly) [15:27] hallyn, from inside the container, i can't even make paths in /sys/fs/cgroup. [15:27] which i'm guessing is by design [15:27] hallyn, ack thanks [15:27] smoser: is anything mounted there now? df -h /sys/fs/cgroup? [15:27] not in the container [15:27] d'oh [15:27] only outside [15:27] smoser: haha, nm, i get it [15:28] smoser: workaround, edit your /etc/apparmor.d/usr.bin.lxc-start and remove the /sys denial [15:28] hm.. [15:28] i wasn't getting app armor errors in dmesg though. [15:29] smoser: i think the 'deny' shuts up errors in dmesg actually [15:29] gary_poster: jsut as an aside, if you're using the config you said you're using, on precise, you don't have to use a config at all [15:29] (that's the default) [15:29] hallyn, I wondered if that were the case. Cool, thanks [15:31] hallyn, other fun quesiton... [15:32] smoser: despite my being an ass earlier, i really would like the bzr issue resolved [15:32] what likely hood of getting acccess to loop devices inside a container [15:32] are the loop devices name-spaced ? i suspect not. [15:32] smoser: yeah they're not. you can coordinatei t from the host of course [15:32] yeah, but for this that is probably not enough. [15:32] what exactly do you want? [15:33] by coordinate, i meant pick loop3 and let a container have it [15:33] ie, nova-volume and nova-compute are going to want to use losetup and the like. [15:33] and go looking for a free device and such. [15:33] they can do that, the host just has to tell them which to use, and let them use it through the devices whitelist [15:33] or, the host can just let it access all of them... [15:34] well it clearly can't safely let them access all of them. [15:34] it's not like containers are *secure* now, so don't let fake security get in the way of getting someting done [15:34] smoser: well, hw about this, [15:34] and coordinating from the host would seem complex to me at the moment. [15:35] when the host creates the container, it picks two unassigned loops and lets the container have them; [15:35] then make sure that when nove gets -EPERM it just tries the next index [15:35] whatever creates the container will need to keep track of the loops, yes [15:35] it might be sufficient [15:35] but that limits you to N/2 total containers if you do that by default [15:36] anyway, that's all we got right now, but namespacing loops might not be so bad. only problem would be that the response might be "you must do all devices" [15:36] yup [15:36] where 'N' is the number of loop devices... [15:36] i think we set it to 64? [15:36] maybe you can get fancy with udev [15:36] it can catch a loop creation (i think), [15:36] well, module load is when its set [15:37] then deny all other containers access to that loop [15:37] (and if the host creates the loop, then all contaiens are denied) [15:37] hallyn, hm.. [15:38] that'd be pretty neat. [15:38] how would udev know which container created the loop device ? [15:38] very racy of course [15:38] yeah [15:38] not sure if the uevent carries the pid which created it [15:39] hm.. [15:39] it really seems to me that, unless nova likes to run around and dd if=/dev/zero into all existing loop devices, [15:39] you should jsut allow all your containers access [15:39] well... the thing i'm concerned about is something assuming that it is in full control of loop devices [15:40] and saying "is /dev/loop0 used? well, not by me!, i'll use it" [15:40] has someone used encfs so far? i think about using it as replacement for dmcrypt with crypted container files to get around the fixed size containers problem. Any advice if encfs is stable enough fpr production usage? Thanks [15:40] that would be insane [15:40] it snot a completely unrasonable assumption [15:41] smoser: sure it is. otherwise you're telling me i can't run anything else on that machine [15:41] smoser: or even loop mjount a cdrom iso [15:41] you typically would only run one hypervisor management solution on a machine [15:41] :) [15:41] but even if it *were* unreasonable [15:41] then likely the well intentioned user is going to do something like: [15:42] * check if /dev/loop0 is used [15:42] * if yes, try /dev/loopN [15:42] * if not, take it [15:42] which is racy anyway [15:42] but for now i'll try with all having access to /dev/loop* [15:43] smoser: the good news here is that we ahve a very reasonable user for devices namespace [15:43] which means we might be able to start discussing a design and implementation [16:04] hallyn, another question. sudo in a precise container complains of no tty. I found http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg03138.html . the tty config that writer suggests is not in the config generated for my container (it is commented: "#lxc.cgroup.devices.allow = c 5:0 rwm"). I have to step away, but...is that a bad idea? intentional? [16:05] I will try when I return unless you advise against it [16:05] gary_poster: it's intentional. 5:0 is not namespaced [16:05] if it really breaks things, then maybe we'll have to undo it and live with it [16:05] (inameeting) [16:06] hallyn, gotcha. is there another reasonable way to get sudo to work with that setting? ack on meeting. will head off, and check back in when i return [16:08] oh, hm. 5:0 is tty. that's not right [16:09] that implies i should re-enable it, and lxc-start didn't do a setsid() somewhere [16:09] hallyn: hmm, upstart is too limited for what I wanted to do (detect the container type in container.conf and set an environment variable that other jobs using "start on container" can check) [16:10] hallyn: instead it looks like the easiest would be to move the logic into is-container and have container.conf call is-container the emit an upstart event with a CONTAINER=type variable that other jobs can check [16:10] stgraber: whatever works, i'm not tied to anything [16:11] stgraber: so i was thinking that 5:0 was console, but it's tty. that's what i refused lxc access to, and doing so fixes both soundcard and xmodmap twiddling by container [16:11] stgraber: i guess ihave to undo it, but it leaves me wondering why it lets the container do what it does [16:12] smb, will try that [16:13] hallyn: would read-only make sudo happy and still give us the other benefits? [16:13] stgraber: i dunno, but shouldn't /dev/tty just connect to current's tty magically? [16:13] i.e. it's inherently namesapced? [16:14] i'll play with it i guess (but again, in a mtg) [16:14] hallyn: indeed, it should. Though it looks like it's pointing to something that isn't namespaced at some point [16:15] stgraber: AIUI (and apparently i'm wrong) setsid should be setting that [16:15] i'm *sure (cough) lxc-start is doing setsid :) [16:17] hallyn: grep tells me lxc-console does but that's the only direct call to setsid [16:17] hm [16:20] I'd have expected to find it in start.c or namespace.c [16:21] (but I don't pretend to understand exactly what's going on in the C code ;)) [16:24] hallyn: just checking, container=lxc-libvirt is what we'll get in the new libvirt right? (not libvirt-lxc) [16:24] stgraber: yes, but the LIBVIRT_LXC_UUID or whatever will still be there too, so we don't *have* to change anything [16:25] hallyn: right, I just want to make sure is-container returns something consistent [16:25] hallyn: if container is set in init's environment it'll always return it as-is and ignore all the other potential ways of detecting a container [16:25] stgraber: i don't know when that patch will go in, and i wasn't planning on backporting into 12.04 libvirt (though i can if you like) [16:26] no, backporting won't change anything (unless they choose to change the value of container at the last minute to something else than lxc-libvirt) [16:26] pls shout (or opena bug :) if you want that cherrypicked then [16:27] i've asked dlezcano in email about the setsid [16:31] hallyn: do you have an opinion on the right way to extract "container" from init's environment? "ps -p 1 e" is fairly clean but extracting a single variable is a pain, parsing /proc/1/environ isn't much pretier [16:32] stgraber:hm [16:34] Let's say we wanted container.conf, when it starts, to set the container type in a file. like /etc/containertype. What would be the right place for that. /run ? [16:34] hallyn: yeah, /run would be the right place [16:35] and since /run is tmpfs, it doesn't have to do anything on non-container, [16:35] stgraber: so that would be my suggestion... [16:35] hallyn: ok, I'll move everything back into the upstart job and have it write to /run [16:35] koolhead17: around? [16:36] New bug: #924375 in cloud-init (main) "cloud-init should allow pre-seeding of ec2 datasource:Ec2:metadata_urls" [Undecided,New] https://launchpad.net/bugs/924375 [16:36] stgraber: maybe we should run that by cjwatson and/or jodh... i don't know if it's deemed kosher. but i like it. [16:46] hallyn, it looks like you can now race-free get a loop device [16:46] https://lkml.org/lkml/2011/7/30/110 [16:48] smoser: but does nova use it [16:48] almost certainly not [16:48] :) [16:48] but it could. [16:48] and i *think* that is exposed via 'losetup' utility [16:48] hallyn: ok, I have an updated upstart branch, testing it here now [16:49] smoser: so you'd use that and allow all containers access to loop*? [16:49] stgraber: cool. i need to do an updated lxc to fix the two bugs i introduced [16:50] hallyn, well, it seems likely that nova should use it generally. [16:50] yes [16:50] and for this speicifc purpose, i would need to allow /dev/loop* [16:50] (jstack purpose) [16:50] smoser: well udev still might be doable [16:50] but that does not to me seem acceptable across the board for lxc-create [16:50] no , it would be only for you [16:50] i dont think that adding a complex and racey solution makes much sense. [16:51] well it might not be racy now [16:51] i.e. you can refuse all access, [16:51] hi, I'm trying to install ubuntu server as a vm with virtualbox. During the 'select and install software' process I got an error, and I'm not sure what to do... [16:52] maybe i'm missing something. [16:52] I'm trying to select another install process step, but it won't let me [16:52] hallyn, but i thought you were proposing: [16:52]