hallynstgraber: hang on, did you mean to keep 'start on stopped rc runlevel=[2345]" in console.conf?00:02
stgraberhallyn: mine has an extra "and container CONTAINER=lxc" but yes, I actually got that working reliably and that gives us the same behavior as a regular Ubuntu system00:03
stgraberhallyn: so in some cases you may have to wait up to 60s before you get a shell if your network is broken00:04
hallyndrat.  seems like for container console we may as well skip that00:04
stgraberwell, that only happens if you screwed up your /etc/network/interfaces and in that case lxc-console should still work :)00:05
hallynstgraber: or if you use virbr0 with stp on...00:05
stgraberI noticed that not having the "stopped rc RUNLEVEL=[2345]" part also hides services startup messages00:05
stgraberlike apache and other services providing a sysvinit job00:06
stgraberhallyn: well, stp on should cause a "delay", not make it wait a full minute (hopefully) ;)00:06
hallyni'll defer to your judgement00:07
stgraberhallyn: https://code.launchpad.net/~stgraber/ubuntu/precise/upstart/upstart-containers/+merge/9098600:07
Danny_JorisI created this ubuntu server earlier today at the office. Pretty straightforward: ubuntu server 10.04 lts and enabled bridged networking. Now, at home, I can still open the vm and work on it, but I can't use the ip, ping it, or ssh in through the osx terminal00:39
Danny_Jorisdid i make it dependent to my work's network?00:39
Danny_JorisI'm even vpn'ed into the office's network00:50
Danny_Jorisweird stuff00:50
Danny_Jorisah it changed ip address...00:55
Danny_Jorisnot sure why00:55
hallynanyone here have an eeepc running precise and would care to try and use testdrive-gtk to run a vm (for bonus points, the kde mobile choice, last option on second tab)01:01
=== mobius is now known as Guest32380
Guest32380I just got proftpd up an running, and I can only read from /var/www/ even though proftpd.conf is set up for AllowAll for me. The permission error went away when I used chown -R to make myself owner of the directory. My question is this: would it be bad to set permissions to 777 for the folder?? It's open to the internet, but it seems to be the only way I'll be able to have multiple ftp accounts.01:40
Guest32380Sorry, I'm a bit of a newb.01:40
qman__Guest32380, yes, it would be very bad to do that01:43
Guest32380dammit -___-01:44
qman__www-data (the web server) and any other daemons (like proFTPd's daemon user) should not have write permission to that directory unless absolutely necessary01:44
qman__and if they do, said directories should be secured against allowing files within them to be executed01:44
qman__in addition, using FTP at all is a bad idea01:45
Guest32380qman__: How do I upload to my web host then? Sorry for ignorance01:45
qman__secure, sanely designed, and easy to set up01:46
Guest32380I have to get my cert set up -__- So how should I manage uploading to /var/www/ after I enable SFTP?01:46
qman__create a user and group for that purpose, and make that user and group the owner01:47
qman__don't use that user and group for anything else01:47
qman__then, add users who you want to give permission to that group01:48
qman__and then, if you need it, change permission to 77501:48
Guest32380qman__: Thanks! So can groups be owners?01:48
Guest32380Of files/directories?01:49
qman__every file has an owner and a group-owner01:49
qman__permissions are set for the user-owner, group-owner, and world01:49
qman__that's what the three numbers are01:49
Guest32380Ohh! Okay, thanks a load!01:49
Danny_Jorisis there an irc channel for lamp stacks/apache or can i ask these questions here?01:56
twb#httpd concerns apache.01:57
twb##php concerns PHP.01:57
Danny_Joristwb: tnx01:57
twb#mysql, I suppose, for MySQL.01:57
twbThe "linux" part usually means a full GNU/Linux OS; for actual kernel issues there is #kernelnewbies on OFTC, for general Ubuntu server questions, you can ask here.01:57
twbapache httpd and mysql are certainly on-topic here, but you will get better advice on their intricacies on their dedicated channels.  We are more concerned with Ubuntu best practices for installing them and so on -- note that upstreams often disagree with us on the "right" way to do things :-)01:58
SpamapSHeh, I think the A in LAMP is becoming "An HTTPD server"02:18
SpamapSI'd bet money that nginx or another more lightweight httpd will be in main by 14.0402:19
twbnginx isn't lightweight.  It includes a POP3 daemon FFS02:19
twbthttpd or a 10-line bash-based httpd are lightweight02:20
SpamapSheavy in code maybe, but its the lightest httpd I've used02:20
SpamapSroot       557  0.0  0.2  73676  1380 ?        Ss    2011   0:00 nginx: master process /usr/sbin/nginx02:21
SpamapSwww-data   559  0.0  0.4  74612  2948 ?        S     2011   3:25 nginx: worker process02:21
SpamapSroot       557  0.0  0.2  73676  1380 ?        Ss    2011   0:00 nginx: master process /usr/sbin/nginx02:21
SpamapSwww-data   559  0.0  0.4  74612  2948 ?        S     2011   3:25 nginx: worker process02:21
SpamapSstupid lag02:21
twbwww-data    56  0.0  0.0   8708   836 ?        Ss    2011   1:30 thttpd -D -r -d /srv/apt02:21
SpamapStwb: how does thttpd handle concurrency and fastcgi?02:22
twbI win02:22
twbNo, that's the whole point02:22
twbthttpd is for doing what HTTP is for -- stateless serving of static content02:22
SpamapStwb: right.. all these silly dynamic sites are just abusing HTTP. ;-)02:22
twbIf you want to serve some stupid "web app" then you can have your nginx and tomcat and all that shite02:22
SpamapSWhat a waste of billions of dollars these blogs and social networking and video sites are.02:23
twbthttpd does support plain CGI, unfortunately, but I usually turn that off02:23
twbSpamapS: yes!02:23
SpamapSWe could go back to 1997 and have static HTML!02:23
twbSpamapS: I'm glad someone understands me02:23
SpamapStwb: I'm always here for you02:23
* SpamapS wanders off02:23
twbHaving said that, when I investigated reverse proxies, I was more impressed by varnish than nginx02:23
SpamapSvarnish is really awesome02:24
twbThe main disadvantage of varnish is you have to install a compiler toolchain on a production host, which makes it a little easier to escalate once compromised02:24
SpamapStwb: you can get away with compiling all the stuff on a staging box and pushing it out02:25
twbThat or fiddle-fart around getting the configuration .o from a sta- right02:25
SpamapStwb: nginx is still easier to configure. And they even have a public source code repo now02:26
* SpamapS sighs02:26
SpamapSNot sure if the comments are all still in Russian02:26
=== Jasonn is now known as jas0n
=== jas0n is now known as jas0nn
twbSpamapS: incidentally, I'm emphatically Not A FanTM of fcgi in any case.  IMO it's far better to just have the app and the reverse proxy speak to one another using HTTP -- much easier to debug, and not hard to bolt a "dumb" http into your typical python/whatever app02:52
SpamapStwb: fcgi is just an optimization for the times where every ms of latency and wire traffic matter02:54
twbYou speak fcgi over IP, and not just between machines on the same host?  That made me kinda nervouse, because it involves actually TRUSTING the LAN02:55
twbGranted I don't care at all about performance02:55
Guest32380So I'm a newb, and I have a new server >:) I'm trying to broaden my horizons, so if I want something like a *simple* chat box with AJAX, what should I use on the server end?03:01
Guest32380Python maybe?03:01
twbIf you're a js weenie you could use nodejs on the server side, which is basically the v8 (chrome) js VM hacked to be an httpd instead of a browser module.03:04
twbThe advantage being that you write both sides in js instead of half js and half python/php/whatever03:04
twbAnd js is certainly a better language than PHP -- hell, it's halfway to scheme (the easy half)03:05
Guest32380twb: thanks!03:06
twbGuest32380: the biggest question is: are you doing this for pedagogy (i.e. to learn), or professionally (i.e. just get it done as quickly as possible)?03:07
Guest32380pedagogy, which might I say is ironic(?) since I didn't know that word03:08
Guest32380twb: I've always wanted to try Python, but I'm not sure how to start interfacing it with an xmlhttprequest03:15
twbYou may wish to talk to the twisted people03:17
twbI don't know if that's suitable for learning purposes; it felt more heavyweight to me03:17
twbI haven't looked at it closely tho03:17
Guest32380okay then03:17
SpamapStwb: re trusting the LAN .. do you encrypt/sign all your traffic between your database and its clients?03:21
SpamapSat some point you have to accept some risks, though its important to identify them and accept them, not just be victim to them.03:22
twbSpamapS: I don't run SQL over the network at all03:22
SpamapSright, static HTML.. ;)03:22
twbSpamapS: the one stupid "app" that I am forced to deploy, that needs a "database" (which it really just uses as a dumping area for data), I said it had to run PHP and apache and mysql all in the same locked-down jail03:23
twbBut you're right, e.g. I have zero protection against ethernet-layer attacks within my LANs, because hard-coding the neighbours table wasn't worth it :-(03:23
SpamapStwb: most switches can be configured fairly easily to disable gratuitous arp attacks.. and arpwatch is usually enough to flag any weirdness if you can't do that.03:24
twbWell, I'm doing that much03:25
Guest32380did yall go to college?03:25
imperalixWhat is college?03:40
twbimperalix: depending on your locale, it is either secondary or tertiary education.04:33
twbIt can also mean a housing unit or campus *of* a larger tertiary institution04:33
LeMACДобрый день уважаемые гуру ИТ технологий )05:50
ubottuПожалуйста наберите /join #ubuntu-ru для получения помощи на русском языке. | Pozhalujsta naberite /join #ubuntu-ru dlya polucheniya pomoshi na russkom yazyke.05:51
=== smb` is now known as smb
uvirtbotNew bug: #924739 in squid3 (main) "after upgrade from oneiric to precise squid only returns 403" [High,New] https://launchpad.net/bugs/92473909:16
terowhat is the best/recomended virtualisation sw for ubuntu server?09:42
Tm_TI would imagine that depends on your needs09:43
smbjibel, I see the first people with pitchforks arrive... (re: re: bug 923685) ;)09:58
uvirtbotLaunchpad bug 923685 in resolvconf "New resolver package overwrites manually created resolv.conf on server" [Critical,Confirmed] https://launchpad.net/bugs/92368509:58
Davieyoh dear10:00
lynxmanmorning o/10:00
smblynxman, \o morning10:01
eutheriai was thinking about using rdiff-backup to create backups of some machines, postgresql dumps etc10:08
eutheriato do a backup using rdiff-backup pushing files to a remote machine would mean it needs to be reasonably secure, so a shell account with a lot of space wouldn't be a smart move10:15
greppyeutheria: take a look at duplicity and duply10:18
greppyeutheria: http://duplicity.nongnu.org/10:18
eutheriaoh new stuff10:19
eutheriai like!10:19
eutheriadoes deja-dup use duplicity?10:46
th0mzdid grub2 came to stable or default please ?10:53
th0mz(i have several server messaging about grub2 this morning)10:54
eutheriath0mz, grub2 (1.99999) i think has been the default for a long time11:00
eutheriacan't remember when it came in11:02
th0mzfor 10 LTS ?11:02
eutheriai don't have an LTS to hand11:03
eutheriai am pretty sure it was there11:03
th0mzii  grub-pc                          1.98-1ubuntu12                         GRand Unified Bootloader, version 2 (PC/BIOS11:05
th0mzi'm wrong, something i need to check on this server then11:05
th0mzthans eutheria11:05
eutheriano problem11:05
eagles0513875ikonia: the rootkit stuff that is available in the repos do you recommend installing one of them just to be on the safe side11:40
ikoniawhat ?11:40
eagles0513875there are some rootkit scanner packages available in the repos do you think its good to have one installed to be on the safe side?11:41
ikoniawhat are you talking about ?11:41
eagles0513875there is a package rkhunter which will scan ones system for rootkits. do you think that is a good thing to have installed on ones system?11:42
eagles0513875as a preventative measure against rootkits11:42
ikoniawhat are you talking about ?11:43
eagles0513875rootkit scanners im wondering if its good to have installed on my system as a preventative measuer against rootkits11:44
ikoniawhy are you talking to me about rootkit scanners11:44
ikoniawhat are you talking about ??11:44
eagles0513875im just asking if they are worth having is all11:44
ikoniaup to you11:45
ikoniaseems a pointless tool to use as a "real time scanner"11:45
ikoniamore a tool to use after you've been compromised11:45
eagles0513875ok thank you :)11:46
eagles0513875ikonia: sry saw a mention of directory listings i found on google what i need to remove in regards to the indexes. if my vhosts have index mentioned in them do i remove them at the vhost level or removing the index from the httpd.conf be sufficient11:53
ikoniadepends on your setup, normally vhost11:54
eagles0513875the site i found says in httpd.conf11:54
ikoniayes, httpd.conf is where the virtual sites are defined11:54
eagles0513875i dont have any of my vhosts defined there im using the ubuntu way of using sites-available then using a2ensite to setup the symlinks appropriatly etc11:56
ikoniaok - so you need to either a.) do it at the virtual host config in ubuntu b.) stop reading generic documents and find one specific to ubuntu11:56
eagles0513875not much different then what i found :D but thanks none the less for your advise :)11:59
ikoniawhat's not much different than what you have found ?12:01
eagles0513875the blog and what i found which is more ubuntu specific12:06
ikoniaeach virtual site will have it's own file, just disable it in each file12:09
eagles0513875:) got it12:10
diploAfternoon all, is there a way to list how many updates security/critical etc on the cli12:14
adacguys, i have a nagios plugin (check_apt) which should determine the critical packages to upgrade, if they are available. But unfortunately on ubuntu server It doesn't work. the critical package count is always on zero12:16
adachow can i determine how many and which upgrades are critical?12:17
eutherianot enough random bytes, oh so i have to type some more, maybe i should run a benchmark too to help12:23
jamespageDaviey: please can you do the relevant magic to make bug 913883 appear on the MIR list for server team.12:25
uvirtbotLaunchpad bug 913883 in zookeeper "[MIR] zookeeper, netty, log4cxx" [High,New] https://launchpad.net/bugs/91388312:25
uvirtbotNew bug: #913883 in zookeeper (universe) "[MIR] zookeeper, netty, log4cxx" [High,New] https://launchpad.net/bugs/91388312:31
Davieyjamespage: what is it worth? :)12:33
jamespageDaviey: hrm - whats your price?12:33
Davieyjamespage: is server team expected to monitor inbound bug traffic of all 3 packages?12:34
jamespageDaviey: yes I would think so12:34
Davieyjamespage: 'payment in kind'12:34
Davieyjamespage: log4cxx is server?12:35
jamespageDaviey: its just a C++ logging framework is my understanding12:35
jamespageits used in the C client (which is used by the python client etc. etc. etc)12:36
Davieylooks cheap enough, it does have a delta12:37
Davieywe should review if we still need a delta12:38
Davieyjamespage: I assume you've tried to push bug 913878 back to Debian?12:39
uvirtbotLaunchpad bug 913878 in netty "should run test suite on package build" [Medium,Fix released] https://launchpad.net/bugs/91387812:39
Davieyand has anyone looked at removing the delta for log4cxx going forwards?12:40
adachow can i see if there are any "security" updates?12:58
jamespageDaviey: I will push that back to debian - its team maintained (I am a member)13:06
jamespageDaviey: thanks for poking on that - I had forgotten to submit back - done now13:11
Davieyjamespage: just working out the 'cost' before adding it.13:14
=== gustav is now known as beerbro
smoseradam_g, ping when you arrive.14:07
smoseri have a nova-volume charm merge14:07
=== dduffey_afk is now known as dduffey
roaksoaxDaviey: bug #91835015:31
uvirtbotLaunchpad bug 918350 in cobbler ""cobbler check" should be cleared about not needing network boot drivers" [Low,In progress] https://launchpad.net/bugs/91835015:31
roaksoaxDaviey: do you think we should just disabe the cobbler get-loaders command and make sure that syslinux is installed only?15:31
Davieyroaksoax: i think tou need to work with rbasak so arm works15:36
Davieysyslink doesn't work on arm, right?15:36
roaksoaxDaviey: you mean syslinux?15:37
Davieyroaksoax: right, sorry15:38
roaksoaxDaviey: on the bug, my point being is that cobbler checks for boot drivers thta are downloaded from someones fedora website, and that it our case are not really needed. SO, myquestion was wether to remove that capability (of checking and downloading those boot loaders as we only need syslinux package installed)15:39
Davieyi see15:40
Davieyyes, that would make sense15:40
roaksoaxDaviey: ok then ;)15:41
smoserwake up adam_g15:48
smoserhallyn, how do you think you set a lower default value on stp ?15:49
hallynsmoser: "brctl setfd virbr0 N" ?15:50
smoservia libvirt ?15:50
smoserlibvirt currently shows (net-dumpxml default): <bridge name='virbr0' stp='on' delay='0' />15:51
hallynsmoser: then libvirt is broken15:54
hallynsmoser: looking at the code, maybe i see why16:06
hallyni'll have to poke more to confirm, but i think it tries to set the delay by writing to "/sys/devices/virtual/net/virbr0/forward_delay"16:06
hallynit should be /sys/devices/virtual/net/virbr0/bridge/forward_delay16:06
hallynwhat's that bug # again...16:07
smoserdid that maybe move in a kernel upgrade?16:07
smoserbug 92444616:07
uvirtbotLaunchpad bug 924446 in libvirt "STP enabled on bridge results in unreliable PXE boot of guests" [High,Confirmed] https://launchpad.net/bugs/92444616:07
hallynsmoser: that would make sense, but not sure yet.  Well, it would *not* make sens in that it's an ABI breakage...  they don't usually do that16:08
roaksoaxsmoser: have you ever tried using several late_commands on a single preseed?16:08
smoserroaksoax, i have not. but i would suspect it wouldnt work.16:10
smoserbut no try.16:10
smoserhallyn, /sys is not an abi, is it?16:10
hallyn<shrug>  tell that to people relying on it16:11
hallynbut, i don't see where it would have moved, offhand.  (it's spaghetti code though)16:11
smoseri just dont knwo what is considered an abi.16:11
hallynwell lemme run a test to confirm.16:11
gary_posterhallyn, hi. I was going to try and get you diagnostic information for the apparmor issue I emailed you about, and so first tried to make a new lucid instance.  Bug 924337 is still biting me even after I change the 'start on' in /etc/init/console.conf in my container to 'start on mounted MOUNTPOINT=/run' .  I'll be heading out in a few minutes for lunch, but I can try things now and when I return16:19
uvirtbotLaunchpad bug 924337 in lxc "lxc on precise is not working with lucid containers" [High,Incomplete] https://launchpad.net/bugs/92433716:19
hallyngary_poster: Drat.  Please make a note in the bug - I didn't expect that, but can't look right now.16:20
gary_posterhallyn, will do.  Understood, ttyl16:20
cr3hi folks, I vaguely recall someone, possibly dustin, writing some script(s) to preseed installation of images. can someone refresh my memory?16:35
hallyncr3: google for 'kirkland preseed'16:37
cr3hallyn: testdrive, that's it! thanks16:38
hallyncr3: ah, not what i was expecting :)  cool16:39
cr3hallyn: short of running the script, do you happen to know off hand whether it also supports desktop images?16:39
hallyncr3: yes it does16:39
cr3hallyn: sweet, I just reinvented that wheel then :)16:39
hallyncr3: use testdrive-gtk, it gives you options in menu16:39
cr3hallyn: I was hoping non-interactive but I'll give it a try to see16:40
* kirkland waves at cr316:54
kirklandcr3: I think what you want is this:16:54
kirklandcr3: ^16:54
kirklandcr3: hallyn: testdrive is more of a way to rsync the latest ubuntu desktop images and launch them in a vm, trivially16:55
cr3kirkland: I was close: http://blog.dustinkirkland.com/2011/03/ubuntu-server-quick-install-no.html :)16:55
kirklandcr3: yeah, that's the older version16:55
kirklandcr3: but that one links to some people.canonical.com/~kirkland pages that don't exist anymore16:55
kirklandcr3: i've since updated those and continue to maintain them16:56
kirklandcr3: use them all the time, in fact16:56
cr3kirkland: thanks for the updated link, very cool!16:56
kirklandcr3: np16:56
hallynsmoser: uh, huh.  I think the problem is simpler.  Simple typo, fixed upstream.17:06
hallyncommit 2d5046d31f4f5c961fc4aa6b415a00bb9eadae2b.  d'oh.17:06
hallynzul: got any libvirt fixes to queue up right now?17:09
zulhallyn: nope17:11
roaksoaxsmoser: http://paste.ubuntu.com/825342/17:19
uvirtbotNew bug: #924990 in mysql-5.1 (universe) "package mysql-server-5.1 5.1.54-1ubuntu4 failed to install/upgrade: el subproceso instalado el script post-installation devolvió el código de salida de error 1" [Undecided,New] https://launchpad.net/bugs/92499017:26
uvirtbotNew bug: #924281 in lxc (main) "cgroup-lite not installable inside 'lxc create -t ubuntu' container" [High,Fix released] https://launchpad.net/bugs/92428117:48
roaksoaxsmoser: http://paste.ubuntu.com/825390/17:59
roaksoaxsmoser: http://paste.ubuntu.com/825342/18:00
smoserroaksoax, sorry.. .what am i seeing ?18:00
roaksoaxsmoser: do you feel confortable with those two fixes?18:00
roaksoaxsmoser: http://paste.ubuntu.com/825390/ bug #91247618:01
uvirtbotLaunchpad bug 912476 in cobbler "Batch Actions -> Power On does not work unless power_address is manually populated" [Low,Confirmed] https://launchpad.net/bugs/91247618:01
adam_gsmoser: hey18:01
roaksoaxsmoser: http://paste.ubuntu.com/825342/ bug #91401718:01
uvirtbotLaunchpad bug 914017 in cobbler "cobbler does not have a disable_pxe snippet (it is in orchestra)" [Medium,Confirmed] https://launchpad.net/bugs/91401718:01
smoserhttp://paste.ubuntu.com/825390/ looks good to me if it works.18:01
adam_gsmoser: i used your modified deployer last night to bootstrap a 2core, 8GB box into a standalone lxc+openstack. well, everything but compute18:02
smoserah.. roaksoax yeah, that makes more sense now.18:02
smoseradam_g, i can get compute functional.18:03
roaksoaxsmoser: ok then. will upload18:03
smoser(it works here... need some hacks though, i'll show you adam_g )18:03
smoserroaksoax, i was confused by the '#'18:03
smoserforgot that it was template18:03
smoseris pxe_just_once set to default yes ?18:03
roaksoaxsmoser: yes it is, in Ubuntu it is18:03
smoserthat looks great then.18:04
=== koolhead17 is now known as koolhead17|zzZZ
roaksoaxsmoser: btw.. did you get a maas server running?18:04
adam_gsmoser: oh i didnt screw with volume yet, i noticed you've added something to the nova-volume charm to get that working?18:04
smoserroaksoax, i've not tried maas at all.18:04
smoseradam_g, yeah.18:04
adam_gsmoser: sweet18:05
roaksoaxsmoser: oh ok nevermind then :)18:05
smoseradam_g, https://code.launchpad.net/~smoser/charms/precise/nova-volume/trunk.lxc/18:05
smoseryou need that branch to get nova-volume18:05
smoserand, adam_g i have some hacks in http://paste.ubuntu.com/825398/18:06
smoserthats how i setup my instance before using deployre18:06
smosersome of them un-nessesary speedups18:06
smosersome necessary18:06
adam_gsmoser: does libvirt work okay nested in a container now, outta-the-box?18:07
smoseradam_g, i've not gotten that far.18:10
smoserbut we were at least able to start a qemu last time18:10
=== SonSon` is now known as SonSon`|Work
hallynsmoser: adam_g: Daviey: the pxe boot libvirt bug - how high prio is that?  Ok to put that off for next alpha?18:15
hallyn(you can of course fix it by hand on each install)18:15
smoserbeta is next i think18:15
hallynoh yeah, we ditched a3 didn't we18:15
smoserbut i would not personally block alpha on it18:15
hallynwel lit's not a block.  the fix is ready.18:16
adam_ghallyn: yeah, not high prio. wondering if changing defaults+carrying a delta is worth it vs release notes or docs18:16
hallynadam_g: changing defaults?18:17
hallynadam_g: no delta, the fix is upstream18:17
adam_ghallyn: sorry, misread your comment then18:18
hallynanyway, decision's made.  now i just need to figure out where to stash the change so we don't lose it during soft freeze18:19
adam_ghallyn: so with that fix, it'll go back to previous behavior of STP enabled with FD of 0?18:20
hallynoh, heh, i know.  i *can* stash it in bzr.  an accidental dput won't nuke the change since the importer is broken.  MUHAHAHAHA18:23
smoserhallyn, http://paste.ubuntu.com/825424/18:23
hallynsmoser: you've tested that with btrfs-tools not installed?18:25
hallynif so, no objection from me.18:25
smoserno. and its not working :)18:25
arrrghhhhey guys, what perms do i need to set on a file in order for it to be downloadable by 'users' hitting my apache webserver?  i figured 644 was good, www-data user should only need read-only to download, yes?18:25
arrrghhhbasically i have one apache server, 644 allows me to download just fine with the file chown'd to somewhere else other than www-data.18:34
arrrghhhanother apache server, we have to put xx7 (doesn't matter what the first two are set to, obviously)18:35
arrrghhhotherwise users cannot download.18:35
arrrghhhis there some apache setting/module/some such thing that would cause this?18:35
gary_posterhallyn, for the apparmor issues I filed https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925024 and https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925028 .  They both have repro instructions.  I plan to do the diagnostic step you requested for the first bug later today.18:40
uvirtbotLaunchpad bug 925024 in lxc "apparmor makes it impossible to install postgresql-common on Precise" [Undecided,New]18:40
hallyngary_poster: thanks!18:41
uvirtbotNew bug: #925024 in lxc (main) "apparmor makes it impossible to install postgresql-common on Precise" [Undecided,New] https://launchpad.net/bugs/92502418:41
uvirtbotNew bug: #925028 in lxc (main) "apparmor breaks lxc-start-ephemeral" [Undecided,New] https://launchpad.net/bugs/92502818:46
mtaylorDaviey: you have lots of power and influence...18:47
mtaylorDaviey: any way you can get someone to merge soren's patch: https://bugs.launchpad.net/openstack-ci/+bug/72232318:48
uvirtbotLaunchpad bug 722323 in pastebinit "Add lodgeit style pastebins" [Wishlist,Triaged]18:48
mtaylorDaviey: https://code.launchpad.net/~soren/pastebinit/paste.openstack.org/+merge/4690618:48
mtaylorit's been outstanding for over a year now, which is just rude18:48
mtaylorDaviey: and for some reason pb.daviey.com is in :)18:49
mtayloradam_g, smoser, SpamapS: ^^^ (I'm just pinging people now)18:49
ninjaianyone have experience with mutt/sendmail? My XML file that is attached with mutt appears inline and I don't know how to keep it as an attachment18:49
smoserhallyn, http://paste.ubuntu.com/825455/18:52
smoserthat i think is pretty close... to functional18:52
smoserfor lxc-create18:52
smoserand it does save rsync of 400M18:52
adam_gmtaylor: https://launchpad.net/~pastebinit-developers ?18:52
adam_gmtaylor: ping them? i cant help you, thats for sure18:53
hallynsmoser: if you want to queue that up in lp:ubuntu/precise/lxc, no objections from me18:53
mtayloradam_g: k. I have pinged them18:54
smosermtaylor, we can't just have any fly-by-night pastebins18:54
smoseronly hardened,proven ones like daviey.com18:55
mtaylorsmoser: that's fair18:55
mtaylorsmoser: I'm mainly just hoping that you'll let mine squeak through if I complain enough18:56
Davieymtaylor: uh?18:56
smosermtaylor, soren just proposed it to upstream pstebinit18:56
smoserso yeah, that is stgraber primarily18:57
Davieystgraber: ^^18:57
smoserbut i'd take it as a patch to ubuntu and carry it18:57
Davieypb.daviey.com had to wait for a upstream release!18:57
stgraberyeah yeah yeah ... I know ... I need to make a new upstream release18:58
stgraberit's just that "it works" so I don't really spend much time working on it18:58
stgraberI'll add that to my todo18:58
smoserhallyn, the one thing i dont like about the btrfs stuff...18:58
smoserif you get btrfs subvolumes created, then 'rm -Rf <dir>' doesnt work anymore.18:58
mtaylorstgraber: if you get a chance, will you merge in soren's patch before you release?18:58
stgraber(the Debian maintainer also poked me a few times about it ... I'm not sure he understood that I usually spend 5 minutes of upstream work per year on that stuff)18:58
stgrabermtaylor: yeah, releasing for me nowadays is usually "merge everything", review all the bugs, merge all the translations, run the test script, release18:59
smoserah. the 5 minute quota was hit adding pb.daviey.com for 2011.18:59
smoserluckily, NEW YEAR!18:59
* mtaylor punches Daviey 18:59
mtayloractually - lemme submit a branch real quick...18:59
adam_gzul: when do you upload the openstack snapshot?19:04
zuladam_g: friday19:05
adam_gzul: k, thinking we might carry that volume patch until it makes it thru gerrit, so we can enable the volume tests on CI. ill send a proposal your way today19:06
zuladam_g: the tgt one?19:06
hallynzul: f'ing p11-kit: bug 91464219:06
uvirtbotLaunchpad bug 914642 in libvirt "libvirtd crashed with SIGSEGV in lookup_or_create_bucket()" [Medium,New] https://launchpad.net/bugs/91464219:06
adam_gzul: yeah19:07
zulhallyn: hehe19:07
zuladam_g: yeah19:07
adam_gzul: i spammed #openstack-dev for gerrit +1's, we'll see..19:11
zuladam_g: cool...keystone needs to setup a database now right?19:19
adam_gzul: huh?19:19
zuladam_g: i think you mentioned a couple of weeks agao you need to create a /var/lib/keystone/keystone.db19:19
hallynjjohansen: if you get a chance, could you take a look at the apparmor denial msg in comment in bug 925024 ?19:20
uvirtbotLaunchpad bug 925024 in lxc "apparmor makes it impossible to install postgresql-common on Precise" [Undecided,New] https://launchpad.net/bugs/92502419:20
uvirtbotNew bug: #925043 in lxc (main) "lxc-start-ephemeral does not support lvm" [Medium,Confirmed] https://launchpad.net/bugs/92504319:21
=== guampa|2 is now known as guampa
adam_gzul: oh, i believe it should be using the same logic as the nova packaging and calling a database sync, probably only if sql_connection points to an sqlite db19:22
zuladam_g: ack19:22
smoserroaksoax, ping19:23
jjohansenhallyn: I don't have a quick answer will continue to poke.  if this is blocking lmk, I can do a temp solution quick but I am not sure what is wrong19:27
hallyn(i dont' knkwo what lmk is).  if you can do a temp solution quick, that implies you know what's going on?19:27
hallyni have this bad feeling this has to do with errors in reconnecting pathnames?19:29
hallyn[16888.879429] audit_printk_skb: 21 callbacks suppressed      GAAAAAAAAAAAARRHH19:32
SpamapShallyn: GAAAARH is in the message?!19:40
SpamapScause if it is, thats t3h awesome19:40
hallynSpamapS: syslog has an angry19:40
=== jas0nn is now known as Jasonn
hallynjjohansen: I'm afraid this means overlayfs is still broken wrt overlayfs?19:43
=== Jasonn is now known as jas0nn
hallynyes, it is.  i can verify with a dummy /bin/bash2 policy19:51
hallynapw: ^19:51
m_tadeuhi...I'm trying to use mysqldbexport, but I'm getting the following error "ImportError: No module named mysql.utilities". How can I solve this?19:52
m_tadeuhi...I'm trying to use mysqldbexport, but I'm getting the following error "ImportError: No module named mysql.utilities". How can I solve this?19:56
SpamapSm_tadeu: never heard of that tool.. perhaps ask the authors?20:05
RoyKm_tadeu: you may want to try mysqldump20:05
SpamapSheh, he may want to claw out his eyes and have something that is nearly impossible to restore from too. ;)20:06
RoyKSpamapS: ????20:07
SpamapSRoyK: ever recovered using mysqldump ?20:09
RoyKSpamapS: mysqldump -> backup, mysql somedb < dumpfile -> restore20:10
RoyKSpamapS: works well20:10
SpamapSEither you want Percona's Xtrabackup tool (Free), or you need to backup a slave server with snapshots.20:10
SpamapSRoyK: thats fine if you are in catastrophic db recovery mode and you have 10 hours ;)20:11
* RoyK really doesn't have large, critical databases on mysql20:11
RoyKand if it takes 10 hours to restore, well, you have a problem with your infrastructure20:12
ubottuwebmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.20:13
alex-Erm, who says it's not compatible with the way that Ubuntu packages handle configuration files?20:13
alex-This was a bug 5 years ago20:13
alex-This is like saying: No I don't want to use Ubuntu 6.04 because there is a bug somewhere...20:14
jmarsden|workalex-: Feel free to retest it and report your results20:14
alex-Dunno how to report20:14
henkjanalex-: and people have moved away from webmin for ages20:14
SpamapSRoyK: with mysqldump and many millions of rows, its going to take hours and hours. You have to use other methods.20:14
alex-True, that's why they should come back20:14
henkjani try to ignore panels as much as possible20:14
alex-It's a very easy tool when you want to do something quick20:14
SpamapSRoyK: to contrast it, Xtrabackup restores are as easy as restoring a file.20:14
henkjanrealy the way to go if you need to backup large mysql instances20:15
alex-What is large?20:15
henkjanno tablelocks20:15
henkjani've got a few witch 200G+ tables20:16
alex-Ye that's big then :P20:16
alex-I belive phpmyadmin can still handle my database20:17
SpamapShenkjan: the big thing is that at the end of the backup, you have an exact copy of the table as it was *at the end of the backup*. With lvm snapshots, you have a copy of the table as it was at the beginning of the backup, which is less useful.20:17
SpamapSanyway, mysqldump is not a solution for any database over a couple GB20:17
alex-jmarsden|work: how can I report then?20:23
RoyKusing mysql for anything large is madness imho20:23
henkjanRoyK: so, why does facebook use mysql?20:23
henkjanRoyK: and wy does google use mysql?20:23
jmarsden|workalex-: If you have done a thorough evaluation of how it updates config files and whether the current approach is consistent with Debian policy, you can add that info to the bug report, or open a new bug requesting webmin be added to Debian.  I do not think you will succeed, though.20:23
SpamapSRoyK: you're misinformed. Its really a very good database. Do not believe the hype. :)20:24
* RoyK *really* likes postgresql better20:24
alex-jmarsden|work: why don't you think so?20:24
jmarsden|workBecause I do not see any evidence they changed the way they deal with config files... do you?20:25
alex-jmarsden|work: there was some bug some time ago, but that's fixed20:26
jmarsden|workalex-: OK, test and open an approproate debian bug requesting webmin be included in Debian once more :)20:27
SpamapSRoyK: I think postgresql is probably better for most OLTP applications than MySQL.20:27
alex-How to test it?20:27
jmarsden|workIf you don't know, then you don't know enough to do this work.20:27
SpamapSRoyK: does pgsql still fork for every connection though?20:27
RoyKAFAIK that was 10 years ago20:28
alex-jmarsden|work: ye I think so, but I want it back20:28
RoyKSpamapS: and then, how many connections do you really need?20:28
RoyKusing stuff like php keeps the line open anyway20:28
SpamapSRoyK: thats precisely the problem. MySQL (5.1+ or 4.1, not 5.0) handles 10k+ concurrent queries on 10000 connections very well..20:30
hallynjjohansen: audit logs confirm apparmor failed to reconnect the path...  now, really odd that it always fails for the dpkg diversions file, and nothing else!20:30
hallynshould i mark that as also affecting 'linux'?20:31
jjohansenhallyn: yeah20:31
RoyKSpamapS: 10k concurrent connections sounds like a design blunder20:31
SpamapSRoyK: not really. If you are doing readonly scaling across 5 servers and want to support 50,000 concurrent users, thats a pretty modest number.20:34
henkjanRoyK: or a system with slightly larger workload as you are used to20:35
SpamapSRoyK: oh and pgsql does still do 1 process per user according to their manual:20:35
SpamapS"PostgreSQL is implemented using a simple "process per user" client/server model. In this model there is one client process connected to exactly one server process. As we do not know ahead of time how many connections will be made, we have to use a master process that spawns a new server process every time a connection is requested."20:35
RoyKSpamapS: again, on what sort of system would you expect 10k database connections?20:41
SpamapSRoyK: have been at that level with my previous two companies.20:52
SpamapSRoyK: I believe pg users solve it with pgpool20:53
hallynstgraber: do'h, there you go, just got another container which resets my kbd.  Odd that only some do it20:56
hallynso now i can test out the setsid idea i guess20:56
RoyKSpamapS: what did you do? open a new TCP connection per HTTP request?20:57
RoyKas in, new TCP connection to the database for every http request?20:57
SpamapSRoyK: No, we'd have 10,000 concurrent users running web requests with multiple queries on each page.20:59
SpamapSactually sometimes more than that20:59
SpamapSbut caching would help20:59
SpamapSRoyK: there were definitely at least 10,000 concurrent httpd's running (with mod_php)20:59
RoyKthat's a lot...21:00
SpamapSRoyK: in the older example, it was perl.. but .. same problem really.21:00
SpamapSYes, it was a big place. :)21:00
SpamapSAnd a badly designed app truth be told.. stupid ORMs.21:00
=== Southron_ is now known as Southron
=== Guest94969 is now known as tobin
=== tobin is now known as Guest76735
hallynstgraber: all right setsid doesn't help.21:15
uvirtbotNew bug: #925110 in lxc (main) "lxc-ls fails as non-root sometimes (second bug)" [Undecided,New] https://launchpad.net/bugs/92511021:20
adam_gsmoser: is there any way to keep the IP addresses persistent (outside of editting /etc/network/interfaces per container) after local provider has deployed?21:21
smoseri dont know. i dont htink so, adam_g .21:26
SpamapSadam_g: you can force it in dnsmasq's configuration21:26
hallynstgraber: FEH!  it's the udevadm trigger --add that does it.  presumably the host resets the kbd in response to an event21:27
hallynstgraber: i have a suggestion.  maybe a stupid one21:29
hallynstgraber: is 'udevadm trigger --add' only used to catch events missed during initramfs?21:29
roaksoaxsmoser: pong21:29
hallynif so we shouldn't do that in a container right?21:29
roaksoaxsmoser: sorry was concentrated in some other thing21:29
stgraberhallyn: that sounds good. Will be easy to fix once the upstart changes are merged.21:30
adam_gSpamapS: does that operate independently of the juju environment? i'd like to bootstrap something locally with juju then remove juju from the picture21:30
hallynstgraber: unless we need it for lo....21:30
smoserroaksoax, i think ihad a question on cpu scaling21:30
hallynno, network comes up fine without it21:31
roaksoaxsmoser: shoot if you remember :)21:32
smoserwell, roaksoax a systm was showing load of like 4...5...6..7.821:33
smoserand my cpu was still sitting at 1GHZ21:33
smoseri turned it up via specifying 'performance' governor21:33
smoserbut i had thoguht maybe something you did had caused it ;-)21:33
smoser(ie, the powernap/savings stuff)21:33
roaksoaxsmoser: heh, you are using powernap then. Have you enabled the LoadMonitor? can you pastebin the /var/log/powernap.log and /var/log/powernap.err21:34
SpamapSadam_g: dnsmasq is part of the libvirt-bin stuff21:34
stgraberhallyn: lo should be caught by /etc/init/networking.conf if it's not started by udev21:35
smoserroaksoax, those files are empty21:35
hallynstgraber: i filed a bug to track it21:35
roaksoaxsmoser: can you enable debug loggin in /etc/powernap/config21:35
hallynit used to be the case that lo was not caught correctly by networking.conf, but i recon that was fixed long ago21:35
roaksoaxsmoser: is there anything in /var/run/powernap or /var/lock/powernap or in (/var/run/powernap/cpu_governor.default21:36
smoser$ cat /var/run/powernap/cpu_governor.default21:36
smoserit said 'ondemand' before i changed it21:36
smoserso i thought that mean tht kernel was in charge21:37
smoserits likely  most of the load was IO based21:37
smoserand not cpu21:37
roaksoaxsmoser: when that file says it's ondeman means that when powernap detects load, it sets the governor back to whatever is in that file21:38
roaksoaxsmoser: as powernap sets it to powersave governor21:38
Aisonhello, after an update of my ubuntu server, the mysql service is no longer working :( no idea what's going on, but it's a big problem21:38
Aisonwhen I do myqsl service start, it hangs forever21:38
roaksoaxsmoser: i'm guessing that powernap didn't detect "load" as 1. LoadMonitor is not enabled, or 2. No monitor meets your needs or 3. Bug in powernap21:38
Aisondmesg says: init: mysql post-start process (7708) terminated with status 121:39
smoserroaksoax, the speed did occasional change.21:39
smoserbut just not as much as i thoguht it should have21:40
uvirtbotNew bug: #925122 in udev (main) "container's udevadm trigger --add affects the host" [Medium,Confirmed] https://launchpad.net/bugs/92512221:41
sorensmoser: I didn't exactly "just" propose it upstream.21:42
roaksoaxsmoser: so /etc/powernap/config is LoadMonitor enabled?21:42
roaksoaxsmoser: if it is, what's the value, n?21:42
sorensmoser: 2011 is soooo last year. Literally.21:42
Aisontype=1400 audit(1328132559.952:135): apparmor="DENIED" operation="mknod" parent=8155 profile="/usr/sbin/mysqld" name="/run/mysqld/mysqld.sock" pid=9456 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=102 ouid=10221:43
smoserroaksoax, default21:45
smoserthreshold = n21:45
roaksoaxsmoser: how many cores do you have, 4?21:49
roaksoaxsmoser: try changing it to 2 or so, and see what happens21:49
smoserthis is 1 core :)21:50
smoserwhich almost seems wrong21:50
smoseri'd have thought at least to have hyperthreading21:50
roaksoaxuhmmm that's interesting then. I guess there's a bug oin the monitor then21:50
roaksoaxsmoser: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ it's a 2 core21:50
=== huats_ is now known as huats
roaksoaxsmoser: maybe, powernap is also turning off 1 of the cores21:51
smoserhallyn, i dont know if this is valid or not22:03
smoserbut i just saw 'ureadahead' in a to list22:03
smoseras containers were booting (i think)22:03
smoserif ureadahead gets run in a container, it probably should not22:04
smosercloud-images disable it22:04
hallynsmoser: yes, it should not.  and yes it does22:04
hallynin fact it frequently hangs your container for a bit if you immediately shutdown22:04
smosercloud-init dpkg-diverts it22:04
smoseryou can look there for how to do it22:05
hallynsmoser: i think we want to patch ureadahead directly22:05
hallynstgraber: ^ another :)22:05
hallynsmoser: in fact I can reuse an existing bug i think22:05
smoseradam_g, so can you look at pulling in my nova-volume fix ?22:07
stgraberhallyn: yeah, I'd also add plymouth to the list ;)22:07
smoseri walked that pastebin i showed earlier on an hp cloud instance22:07
smoserno issues at all22:07
hallynstgraber: it's useless, but does it harm in any case?22:07
smoser - Deployment complete in 621 seconds.22:07
hallynstgraber: ureadahead occasionaly does harm...22:07
hallynstgraber: but i won't object to fixing it at any rate.  SPEED22:08
stgraberhallyn: it writes some error messages to /var/log/upstart (when you have logging) and sometimes to the console22:09
hallynstgraber: oh, ok.  i dunno, do you want to open (yet another) bug for that?22:09
hallyngotta run, bbl22:10
=== Guest76735 is now known as tobin_
kirklandroaksoax: i think it's time to disable the cpu offlining by powernap in the default install22:27
adam_gsmoser: yeah, it should work fine in a regular, non-container setup, right?22:27
adam_g/wi/win 3022:43
=== guampa|2 is now known as guampa
Davieyadam_g: Arre you doing work on the CI lab?22:57
adam_gDaviey: ATM no23:00
Davieyadam_g: thanks23:01
Davieyzul: What is the status of precise-openstack-essex-python-quantumclient-trunk ?23:01
zulDaviey: tarball.sh needs to be updated will get to it tonight23:16
Davieyzul: ah, cool23:20
adam_gsmoser: launching an instance on that lxc setup: http://paste.ubuntu.com/825782/  still some module dependencies that need to be resolved it seems23:22
adam_gsmoser: ive not seen those nova-rootwrap errors before, tho23:24
adam_gsmoser: also, looks like containerized LVM has some gotchas too23:58

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!