[00:02] <hallyn> stgraber: hang on, did you mean to keep 'start on stopped rc runlevel=[2345]" in console.conf?
[00:03] <stgraber> hallyn: mine has an extra "and container CONTAINER=lxc" but yes, I actually got that working reliably and that gives us the same behavior as a regular Ubuntu system
[00:04] <stgraber> hallyn: so in some cases you may have to wait up to 60s before you get a shell if your network is broken
[00:04] <hallyn> drat.  seems like for container console we may as well skip that
[00:05] <stgraber> well, that only happens if you screwed up your /etc/network/interfaces and in that case lxc-console should still work :)
[00:05] <hallyn> stgraber: or if you use virbr0 with stp on...
[00:05] <stgraber> I noticed that not having the "stopped rc RUNLEVEL=[2345]" part also hides services startup messages
[00:06] <stgraber> like apache and other services providing a sysvinit job
[00:06] <stgraber> hallyn: well, stp on should cause a "delay", not make it wait a full minute (hopefully) ;)
[00:07] <hallyn> i'll defer to your judgement
[00:07] <stgraber> hallyn: https://code.launchpad.net/~stgraber/ubuntu/precise/upstart/upstart-containers/+merge/90986
[00:08] <hallyn> cool
[00:08] <hallyn> thanks
[00:39] <Danny_Joris> I created this ubuntu server earlier today at the office. Pretty straightforward: ubuntu server 10.04 lts and enabled bridged networking. Now, at home, I can still open the vm and work on it, but I can't use the ip, ping it, or ssh in through the osx terminal
[00:39] <Danny_Joris> did i make it dependent to my work's network?
[00:50] <Danny_Joris> I'm even vpn'ed into the office's network
[00:50] <Danny_Joris> weird stuff
[00:55] <Danny_Joris> ah it changed ip address...
[00:55] <Danny_Joris> not sure why
[01:01] <hallyn> anyone here have an eeepc running precise and would care to try and use testdrive-gtk to run a vm (for bonus points, the kde mobile choice, last option on second tab)
[01:40] <Guest32380> I just got proftpd up an running, and I can only read from /var/www/ even though proftpd.conf is set up for AllowAll for me. The permission error went away when I used chown -R to make myself owner of the directory. My question is this: would it be bad to set permissions to 777 for the folder?? It's open to the internet, but it seems to be the only way I'll be able to have multiple ftp accounts.
[01:40] <Guest32380> Sorry, I'm a bit of a newb.
[01:43] <qman__> Guest32380, yes, it would be very bad to do that
[01:44] <Guest32380> dammit -___-
[01:44] <qman__> www-data (the web server) and any other daemons (like proFTPd's daemon user) should not have write permission to that directory unless absolutely necessary
[01:44] <qman__> and if they do, said directories should be secured against allowing files within them to be executed
[01:45] <qman__> in addition, using FTP at all is a bad idea
[01:45] <Guest32380> qman__: How do I upload to my web host then? Sorry for ignorance
[01:45] <qman__> SFTP
[01:45] <Guest32380> ahh
[01:46] <qman__> secure, sanely designed, and easy to set up
[01:46] <Guest32380> I have to get my cert set up -__- So how should I manage uploading to /var/www/ after I enable SFTP?
[01:47] <qman__> create a user and group for that purpose, and make that user and group the owner
[01:47] <qman__> don't use that user and group for anything else
[01:48] <qman__> then, add users who you want to give permission to that group
[01:48] <qman__> and then, if you need it, change permission to 775
[01:48] <Guest32380> qman__: Thanks! So can groups be owners?
[01:49] <Guest32380> Of files/directories?
[01:49] <qman__> every file has an owner and a group-owner
[01:49] <qman__> permissions are set for the user-owner, group-owner, and world
[01:49] <qman__> that's what the three numbers are
[01:49] <Guest32380> Ohh! Okay, thanks a load!
[01:56] <Danny_Joris> is there an irc channel for lamp stacks/apache or can i ask these questions here?
[01:57] <twb> #httpd concerns apache.
[01:57] <twb> ##php concerns PHP.
[01:57] <Danny_Joris> twb: tnx
[01:57] <twb> #mysql, I suppose, for MySQL.
[01:57] <twb> The "linux" part usually means a full GNU/Linux OS; for actual kernel issues there is #kernelnewbies on OFTC, for general Ubuntu server questions, you can ask here.
[01:58] <twb> apache httpd and mysql are certainly on-topic here, but you will get better advice on their intricacies on their dedicated channels.  We are more concerned with Ubuntu best practices for installing them and so on -- note that upstreams often disagree with us on the "right" way to do things :-)
[02:18] <SpamapS> Heh, I think the A in LAMP is becoming "An HTTPD server"
[02:19] <SpamapS> I'd bet money that nginx or another more lightweight httpd will be in main by 14.04
[02:19] <twb> nginx isn't lightweight.  It includes a POP3 daemon FFS
[02:20] <twb> thttpd or a 10-line bash-based httpd are lightweight
[02:20] <SpamapS> heavy in code maybe, but its the lightest httpd I've used
[02:21] <SpamapS> root       557  0.0  0.2  73676  1380 ?        Ss    2011   0:00 nginx: master process /usr/sbin/nginx
[02:21] <SpamapS> www-data   559  0.0  0.4  74612  2948 ?        S     2011   3:25 nginx: worker process
[02:21] <SpamapS> root       557  0.0  0.2  73676  1380 ?        Ss    2011   0:00 nginx: master process /usr/sbin/nginx
[02:21] <SpamapS> www-data   559  0.0  0.4  74612  2948 ?        S     2011   3:25 nginx: worker process
[02:21] <SpamapS> oops
[02:21] <SpamapS> stupid lag
[02:21] <twb> USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
[02:21] <twb> www-data    56  0.0  0.0   8708   836 ?        Ss    2011   1:30 thttpd -D -r -d /srv/apt
[02:22] <SpamapS> twb: how does thttpd handle concurrency and fastcgi?
[02:22] <twb> I win
[02:22] <twb> No, that's the whole point
[02:22] <twb> thttpd is for doing what HTTP is for -- stateless serving of static content
[02:22] <SpamapS> twb: right.. all these silly dynamic sites are just abusing HTTP. ;-)
[02:22] <twb> If you want to serve some stupid "web app" then you can have your nginx and tomcat and all that shite
[02:23] <SpamapS> What a waste of billions of dollars these blogs and social networking and video sites are.
[02:23] <twb> thttpd does support plain CGI, unfortunately, but I usually turn that off
[02:23] <twb> SpamapS: yes!
[02:23] <SpamapS> We could go back to 1997 and have static HTML!
[02:23] <twb> SpamapS: I'm glad someone understands me
[02:23] <SpamapS> twb: I'm always here for you
[02:23]  * SpamapS wanders off
[02:23] <twb> Having said that, when I investigated reverse proxies, I was more impressed by varnish than nginx
[02:24] <SpamapS> varnish is really awesome
[02:24] <twb> The main disadvantage of varnish is you have to install a compiler toolchain on a production host, which makes it a little easier to escalate once compromised
[02:25] <SpamapS> twb: you can get away with compiling all the stuff on a staging box and pushing it out
[02:25] <twb> That or fiddle-fart around getting the configuration .o from a sta- right
[02:26] <SpamapS> twb: nginx is still easier to configure. And they even have a public source code repo now
[02:26]  * SpamapS sighs
[02:26] <SpamapS> Not sure if the comments are all still in Russian
[02:52] <twb> SpamapS: incidentally, I'm emphatically Not A FanTM of fcgi in any case.  IMO it's far better to just have the app and the reverse proxy speak to one another using HTTP -- much easier to debug, and not hard to bolt a "dumb" http into your typical python/whatever app
[02:54] <SpamapS> twb: fcgi is just an optimization for the times where every ms of latency and wire traffic matter
[02:55] <twb> You speak fcgi over IP, and not just between machines on the same host?  That made me kinda nervouse, because it involves actually TRUSTING the LAN
[02:55] <twb> Granted I don't care at all about performance
[03:01] <Guest32380> So I'm a newb, and I have a new server >:) I'm trying to broaden my horizons, so if I want something like a *simple* chat box with AJAX, what should I use on the server end?
[03:01] <Guest32380> Python maybe?
[03:04] <twb> If you're a js weenie you could use nodejs on the server side, which is basically the v8 (chrome) js VM hacked to be an httpd instead of a browser module.
[03:04] <Guest32380> eww
[03:04] <twb> The advantage being that you write both sides in js instead of half js and half python/php/whatever
[03:05] <twb> And js is certainly a better language than PHP -- hell, it's halfway to scheme (the easy half)
[03:06] <Guest32380> twb: thanks!
[03:07] <twb> Guest32380: the biggest question is: are you doing this for pedagogy (i.e. to learn), or professionally (i.e. just get it done as quickly as possible)?
[03:08] <Guest32380> pedagogy, which might I say is ironic(?) since I didn't know that word
[03:15] <Guest32380> twb: I've always wanted to try Python, but I'm not sure how to start interfacing it with an xmlhttprequest
[03:17] <twb> You may wish to talk to the twisted people
[03:17] <twb> I don't know if that's suitable for learning purposes; it felt more heavyweight to me
[03:17] <twb> I haven't looked at it closely tho
[03:17] <Guest32380> okay then
[03:21] <SpamapS> twb: re trusting the LAN .. do you encrypt/sign all your traffic between your database and its clients?
[03:22] <SpamapS> at some point you have to accept some risks, though its important to identify them and accept them, not just be victim to them.
[03:22] <twb> SpamapS: I don't run SQL over the network at all
[03:22] <SpamapS> right, static HTML.. ;)
[03:23] <twb> SpamapS: the one stupid "app" that I am forced to deploy, that needs a "database" (which it really just uses as a dumping area for data), I said it had to run PHP and apache and mysql all in the same locked-down jail
[03:23] <twb> But you're right, e.g. I have zero protection against ethernet-layer attacks within my LANs, because hard-coding the neighbours table wasn't worth it :-(
[03:24] <SpamapS> twb: most switches can be configured fairly easily to disable gratuitous arp attacks.. and arpwatch is usually enough to flag any weirdness if you can't do that.
[03:25] <twb> Well, I'm doing that much
[03:25] <Guest32380> did yall go to college?
[03:40] <imperalix> What is college?
[04:33] <twb> imperalix: depending on your locale, it is either secondary or tertiary education.
[04:33] <twb> It can also mean a housing unit or campus *of* a larger tertiary institution
[05:50] <LeMAC> Добрый день уважаемые гуру ИТ технологий )
[05:51] <twb> !ru
[09:42] <tero> what is the best/recomended virtualisation sw for ubuntu server?
[09:43] <Tm_T> I would imagine that depends on your needs
[09:58] <smb> jibel, I see the first people with pitchforks arrive... (re: re: bug 923685) ;)
[10:00] <Daviey> oh dear
[10:00] <lynxman> morning o/
[10:01] <smb> lynxman, \o morning
[10:08] <eutheria> i was thinking about using rdiff-backup to create backups of some machines, postgresql dumps etc
[10:15] <eutheria> to do a backup using rdiff-backup pushing files to a remote machine would mean it needs to be reasonably secure, so a shell account with a lot of space wouldn't be a smart move
[10:18] <greppy> eutheria: take a look at duplicity and duply
[10:18] <greppy> eutheria: http://duplicity.nongnu.org/
[10:19] <eutheria> oh new stuff
[10:19] <eutheria> i like!
[10:19] <eutheria> thanks
[10:46] <eutheria> does deja-dup use duplicity?
[10:53] <th0mz> did grub2 came to stable or default please ?
[10:54] <th0mz> (i have several server messaging about grub2 this morning)
[11:00] <eutheria> th0mz, grub2 (1.99999) i think has been the default for a long time
[11:02] <th0mz> mmh
[11:02] <eutheria> can't remember when it came in
[11:02] <th0mz> for 10 LTS ?
[11:03] <eutheria> i don't have an LTS to hand
[11:03] <eutheria> i am pretty sure it was there
[11:05] <th0mz> ii  grub-pc                          1.98-1ubuntu12                         GRand Unified Bootloader, version 2 (PC/BIOS
[11:05] <th0mz> oki
[11:05] <th0mz> i'm wrong, something i need to check on this server then
[11:05] <th0mz> thankls
[11:05] <th0mz> thans eutheria
[11:05] <th0mz> k
[11:05] <eutheria> no problem
[11:40] <eagles0513875> ikonia: the rootkit stuff that is available in the repos do you recommend installing one of them just to be on the safe side
[11:40] <ikonia> what ?
[11:41] <eagles0513875> there are some rootkit scanner packages available in the repos do you think its good to have one installed to be on the safe side?
[11:41] <ikonia> what are you talking about ?
[11:42] <eagles0513875> there is a package rkhunter which will scan ones system for rootkits. do you think that is a good thing to have installed on ones system?
[11:42] <eagles0513875> as a preventative measure against rootkits
[11:43] <ikonia> what are you talking about ?
[11:44] <eagles0513875> rootkit scanners im wondering if its good to have installed on my system as a preventative measuer against rootkits
[11:44] <ikonia> why are you talking to me about rootkit scanners
[11:44] <ikonia> what are you talking about ??
[11:44] <eagles0513875> im just asking if they are worth having is all
[11:45] <ikonia> up to you
[11:45] <ikonia> seems a pointless tool to use as a "real time scanner"
[11:45] <ikonia> more a tool to use after you've been compromised
[11:46] <eagles0513875> ok thank you :)
[11:53] <eagles0513875> ikonia: sry saw a mention of directory listings i found on google what i need to remove in regards to the indexes. if my vhosts have index mentioned in them do i remove them at the vhost level or removing the index from the httpd.conf be sufficient
[11:54] <ikonia> depends on your setup, normally vhost
[11:54] <eagles0513875> the site i found says in httpd.conf
[11:54] <eagles0513875> http://www.felipecruz.com/blog_disable-directory-listing-browsing-apache.php
[11:54] <ikonia> yes, httpd.conf is where the virtual sites are defined
[11:56] <eagles0513875> i dont have any of my vhosts defined there im using the ubuntu way of using sites-available then using a2ensite to setup the symlinks appropriatly etc
[11:56] <ikonia> ok - so you need to either a.) do it at the virtual host config in ubuntu b.) stop reading generic documents and find one specific to ubuntu
[11:59] <eagles0513875> not much different then what i found :D but thanks none the less for your advise :)
[12:01] <ikonia> what's not much different than what you have found ?
[12:06] <eagles0513875> the blog and what i found which is more ubuntu specific
[12:09] <ikonia> each virtual site will have it's own file, just disable it in each file
[12:10] <eagles0513875> :) got it
[12:14] <diplo> Afternoon all, is there a way to list how many updates security/critical etc on the cli
[12:14] <diplo> http://superuser.com/questions/199869/check-number-of-pending-security-updates-in-ubuntu
[12:16] <adac> guys, i have a nagios plugin (check_apt) which should determine the critical packages to upgrade, if they are available. But unfortunately on ubuntu server It doesn't work. the critical package count is always on zero
[12:17] <adac> how can i determine how many and which upgrades are critical?
[12:23] <eutheria> not enough random bytes, oh so i have to type some more, maybe i should run a benchmark too to help
[12:25] <jamespage> Daviey: please can you do the relevant magic to make bug 913883 appear on the MIR list for server team.
[12:33] <Daviey> jamespage: what is it worth? :)
[12:33] <jamespage> Daviey: hrm - whats your price?
[12:34] <jamespage> beer/cash/alternatives?
[12:34] <Daviey> jamespage: is server team expected to monitor inbound bug traffic of all 3 packages?
[12:34] <jamespage> Daviey: yes I would think so
[12:34] <Daviey> jamespage: 'payment in kind'
[12:35] <Daviey> jamespage: log4cxx is server?
[12:35] <jamespage> Daviey: its just a C++ logging framework is my understanding
[12:36] <jamespage> its used in the C client (which is used by the python client etc. etc. etc)
[12:37] <Daviey> looks cheap enough, it does have a delta
[12:38] <Daviey> we should review if we still need a delta
[12:39] <Daviey> jamespage: I assume you've tried to push bug 913878 back to Debian?
[12:40] <Daviey> and has anyone looked at removing the delta for log4cxx going forwards?
[12:58] <adac> how can i see if there are any "security" updates?
[13:03] <zul> morning
[13:06] <jamespage> Daviey: I will push that back to debian - its team maintained (I am a member)
[13:11] <jamespage> Daviey: thanks for poking on that - I had forgotten to submit back - done now
[13:13] <Daviey> cool
[13:14] <Daviey> jamespage: just working out the 'cost' before adding it.
[14:07] <smoser> adam_g, ping when you arrive.
[14:07] <smoser> i have a nova-volume charm merge
[15:31] <roaksoax> Daviey: bug #918350
[15:31] <roaksoax> Daviey: do you think we should just disabe the cobbler get-loaders command and make sure that syslinux is installed only?
[15:36] <Daviey> roaksoax: i think tou need to work with rbasak so arm works
[15:36] <Daviey> syslink doesn't work on arm, right?
[15:37] <roaksoax> Daviey: you mean syslinux?
[15:38] <Daviey> roaksoax: right, sorry
[15:39] <roaksoax> Daviey: on the bug, my point being is that cobbler checks for boot drivers thta are downloaded from someones fedora website, and that it our case are not really needed. SO, myquestion was wether to remove that capability (of checking and downloading those boot loaders as we only need syslinux package installed)
[15:40] <Daviey> Ah
[15:40] <Daviey> i see
[15:40] <Daviey> yes, that would make sense
[15:41] <roaksoax> Daviey: ok then ;)
[15:48] <smoser> wake up adam_g
[15:49] <smoser> hallyn, how do you think you set a lower default value on stp ?
[15:50] <hallyn> smoser: "brctl setfd virbr0 N" ?
[15:50] <smoser> via libvirt ?
[15:51] <smoser> libvirt currently shows (net-dumpxml default): <bridge name='virbr0' stp='on' delay='0' />
[15:54] <hallyn> smoser: then libvirt is broken
[15:54] <hallyn> biab
[16:06] <hallyn> smoser: looking at the code, maybe i see why
[16:06] <hallyn> i'll have to poke more to confirm, but i think it tries to set the delay by writing to "/sys/devices/virtual/net/virbr0/forward_delay"
[16:06] <hallyn> it should be /sys/devices/virtual/net/virbr0/bridge/forward_delay
[16:07] <hallyn> what's that bug # again...
[16:07] <smoser> did that maybe move in a kernel upgrade?
[16:07] <smoser> bug 924446
[16:08] <hallyn> smoser: that would make sense, but not sure yet.  Well, it would *not* make sens in that it's an ABI breakage...  they don't usually do that
[16:08] <roaksoax> smoser: have you ever tried using several late_commands on a single preseed?
[16:10] <smoser> roaksoax, i have not. but i would suspect it wouldnt work.
[16:10] <smoser> but no try.
[16:10] <smoser> hallyn, /sys is not an abi, is it?
  tell that to people relying on it
[16:11] <smoser> yeah.
[16:11] <hallyn> but, i don't see where it would have moved, offhand.  (it's spaghetti code though)
[16:11] <smoser> i just dont knwo what is considered an abi.
[16:11] <hallyn> well lemme run a test to confirm.
[16:19] <gary_poster> hallyn, hi. I was going to try and get you diagnostic information for the apparmor issue I emailed you about, and so first tried to make a new lucid instance.  Bug 924337 is still biting me even after I change the 'start on' in /etc/init/console.conf in my container to 'start on mounted MOUNTPOINT=/run' .  I'll be heading out in a few minutes for lunch, but I can try things now and when I return
[16:20] <hallyn> gary_poster: Drat.  Please make a note in the bug - I didn't expect that, but can't look right now.
[16:20] <gary_poster> hallyn, will do.  Understood, ttyl
[16:35] <cr3> hi folks, I vaguely recall someone, possibly dustin, writing some script(s) to preseed installation of images. can someone refresh my memory?
[16:37] <hallyn> cr3: google for 'kirkland preseed'
[16:38] <cr3> hallyn: testdrive, that's it! thanks
[16:39] <hallyn> cr3: ah, not what i was expecting :)  cool
[16:39] <cr3> hallyn: short of running the script, do you happen to know off hand whether it also supports desktop images?
[16:39] <hallyn> cr3: yes it does
[16:39] <cr3> hallyn: sweet, I just reinvented that wheel then :)
[16:39] <hallyn> cr3: use testdrive-gtk, it gives you options in menu
[16:40] <cr3> hallyn: I was hoping non-interactive but I'll give it a try to see

[16:54]  * kirkland waves at cr3
[16:54] <kirkland> cr3: I think what you want is this:
[16:54] <kirkland> http://blog.dustinkirkland.com/2012/01/ubuntu-quick-installation-preseed-link.html
[16:54] <kirkland> cr3: ^
[16:55] <kirkland> cr3: hallyn: testdrive is more of a way to rsync the latest ubuntu desktop images and launch them in a vm, trivially
[16:55] <cr3> kirkland: I was close: http://blog.dustinkirkland.com/2011/03/ubuntu-server-quick-install-no.html :)
[16:55] <kirkland> cr3: yeah, that's the older version
[16:55] <kirkland> cr3: but that one links to some people.canonical.com/~kirkland pages that don't exist anymore
[16:56] <kirkland> cr3: i've since updated those and continue to maintain them
[16:56] <kirkland> cr3: use them all the time, in fact
[16:56] <cr3> kirkland: thanks for the updated link, very cool!
[16:56] <kirkland> cr3: np
[17:06] <hallyn> smoser: uh, huh.  I think the problem is simpler.  Simple typo, fixed upstream.
[17:06] <hallyn> commit 2d5046d31f4f5c961fc4aa6b415a00bb9eadae2b.  d'oh.
[17:09] <hallyn> zul: got any libvirt fixes to queue up right now?
[17:11] <zul> hallyn: nope
[17:19] <roaksoax> smoser: http://paste.ubuntu.com/825342/
[17:59] <roaksoax> smoser: http://paste.ubuntu.com/825390/
[18:00] <roaksoax> smoser: http://paste.ubuntu.com/825342/
[18:00] <smoser> roaksoax, sorry.. .what am i seeing ?
[18:00] <roaksoax> smoser: do you feel confortable with those two fixes?
[18:01] <roaksoax> smoser: http://paste.ubuntu.com/825390/ bug #912476
[18:01] <adam_g> smoser: hey
[18:01] <roaksoax> smoser: http://paste.ubuntu.com/825342/ bug #914017
[18:01] <smoser> http://paste.ubuntu.com/825390/ looks good to me if it works.
[18:02] <adam_g> smoser: i used your modified deployer last night to bootstrap a 2core, 8GB box into a standalone lxc+openstack. well, everything but compute
[18:02] <smoser> ah.. roaksoax yeah, that makes more sense now.
[18:03] <smoser> adam_g, i can get compute functional.
[18:03] <roaksoax> smoser: ok then. will upload
[18:03] <smoser> (it works here... need some hacks though, i'll show you adam_g )
[18:03] <smoser> roaksoax, i was confused by the '#'
[18:03] <smoser> forgot that it was template
[18:03] <smoser> is pxe_just_once set to default yes ?
[18:03] <smoser> roaksoax,
[18:03] <roaksoax> smoser: yes it is, in Ubuntu it is
[18:04] <smoser> good.
[18:04] <smoser> that looks great then.
[18:04] <roaksoax> smoser: btw.. did you get a maas server running?
[18:04] <adam_g> smoser: oh i didnt screw with volume yet, i noticed you've added something to the nova-volume charm to get that working?
[18:04] <smoser> roaksoax, i've not tried maas at all.
[18:04] <smoser> adam_g, yeah.
[18:05] <adam_g> smoser: sweet
[18:05] <roaksoax> smoser: oh ok nevermind then :)
[18:05] <smoser> adam_g, https://code.launchpad.net/~smoser/charms/precise/nova-volume/trunk.lxc/
[18:05] <smoser> you need that branch to get nova-volume
[18:06] <smoser> and, adam_g i have some hacks in http://paste.ubuntu.com/825398/
[18:06] <smoser> thats how i setup my instance before using deployre
[18:06] <smoser> some of them un-nessesary speedups
[18:06] <smoser> some necessary
[18:07] <adam_g> smoser: does libvirt work okay nested in a container now, outta-the-box?
[18:10] <smoser> adam_g, i've not gotten that far.
[18:10] <smoser> but we were at least able to start a qemu last time
[18:10] <smoser> manually
[18:15] <hallyn> smoser: adam_g: Daviey: the pxe boot libvirt bug - how high prio is that?  Ok to put that off for next alpha?
[18:15] <hallyn> (you can of course fix it by hand on each install)
[18:15] <smoser> beta is next i think
[18:15] <hallyn> oh yeah, we ditched a3 didn't we
[18:15] <smoser> but i would not personally block alpha on it
[18:16] <hallyn> wel lit's not a block.  the fix is ready.
[18:16] <adam_g> hallyn: yeah, not high prio. wondering if changing defaults+carrying a delta is worth it vs release notes or docs
[18:17] <hallyn> adam_g: changing defaults?
[18:17] <hallyn> adam_g: no delta, the fix is upstream
[18:18] <adam_g> hallyn: sorry, misread your comment then
[18:19] <hallyn> anyway, decision's made.  now i just need to figure out where to stash the change so we don't lose it during soft freeze
[18:20] <adam_g> hallyn: so with that fix, it'll go back to previous behavior of STP enabled with FD of 0?
[18:21] <hallyn> yes
[18:21] <adam_g> great
[18:23] <hallyn> oh, heh, i know.  i *can* stash it in bzr.  an accidental dput won't nuke the change since the importer is broken.  MUHAHAHAHA
[18:23] <smoser> hallyn, http://paste.ubuntu.com/825424/
[18:25] <hallyn> smoser: you've tested that with btrfs-tools not installed?
[18:25] <hallyn> if so, no objection from me.
[18:25] <smoser> no. and its not working :)
[18:25] <arrrghhh> hey guys, what perms do i need to set on a file in order for it to be downloadable by 'users' hitting my apache webserver?  i figured 644 was good, www-data user should only need read-only to download, yes?
[18:34] <arrrghhh> basically i have one apache server, 644 allows me to download just fine with the file chown'd to somewhere else other than www-data.
[18:35] <arrrghhh> another apache server, we have to put xx7 (doesn't matter what the first two are set to, obviously)
[18:35] <arrrghhh> otherwise users cannot download.
[18:35] <arrrghhh> is there some apache setting/module/some such thing that would cause this?
[18:40] <gary_poster> hallyn, for the apparmor issues I filed https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925024 and https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/925028 .  They both have repro instructions.  I plan to do the diagnostic step you requested for the first bug later today.
[18:41] <hallyn> gary_poster: thanks!
[18:41] <gary_poster> welcome
[18:47] <mtaylor> Daviey: you have lots of power and influence...
[18:48] <mtaylor> Daviey: any way you can get someone to merge soren's patch: https://bugs.launchpad.net/openstack-ci/+bug/722323
[18:48] <mtaylor> Daviey: https://code.launchpad.net/~soren/pastebinit/paste.openstack.org/+merge/46906
[18:48] <mtaylor> it's been outstanding for over a year now, which is just rude
[18:49] <mtaylor> Daviey: and for some reason pb.daviey.com is in :)
[18:49] <mtaylor> adam_g, smoser, SpamapS: ^^^ (I'm just pinging people now)
[18:49] <ninjai> anyone have experience with mutt/sendmail? My XML file that is attached with mutt appears inline and I don't know how to keep it as an attachment
[18:52] <smoser> hallyn, http://paste.ubuntu.com/825455/
[18:52] <smoser> that i think is pretty close... to functional
[18:52] <smoser> for lxc-create
[18:52] <smoser> and it does save rsync of 400M
[18:52] <adam_g> mtaylor: https://launchpad.net/~pastebinit-developers ?
[18:53] <adam_g> mtaylor: ping them? i cant help you, thats for sure
[18:53] <hallyn> smoser: if you want to queue that up in lp:ubuntu/precise/lxc, no objections from me
[18:54] <mtaylor> adam_g: k. I have pinged them
[18:54] <smoser> mtaylor, we can't just have any fly-by-night pastebins
[18:55] <smoser> only hardened,proven ones like daviey.com
[18:55] <mtaylor> smoser: that's fair
[18:56] <mtaylor> smoser: I'm mainly just hoping that you'll let mine squeak through if I complain enough
[18:56] <mtaylor> :)
[18:56] <Daviey> mtaylor: uh?
[18:56] <smoser> ah...
[18:56] <smoser> mtaylor, soren just proposed it to upstream pstebinit
[18:57] <Daviey> ahh
[18:57] <smoser> so yeah, that is stgraber primarily
[18:57] <Daviey> yup!
[18:57] <Daviey> stgraber: ^^
[18:57] <smoser> but i'd take it as a patch to ubuntu and carry it
[18:57] <Daviey> wait
[18:57] <Daviey> pb.daviey.com had to wait for a upstream release!
[18:58] <stgraber> yeah yeah yeah ... I know ... I need to make a new upstream release
[18:58] <stgraber> it's just that "it works" so I don't really spend much time working on it
[18:58] <stgraber> I'll add that to my todo
[18:58] <smoser> hallyn, the one thing i dont like about the btrfs stuff...
[18:58] <smoser> if you get btrfs subvolumes created, then 'rm -Rf <dir>' doesnt work anymore.
[18:58] <mtaylor> stgraber: if you get a chance, will you merge in soren's patch before you release?
[18:58] <stgraber> (the Debian maintainer also poked me a few times about it ... I'm not sure he understood that I usually spend 5 minutes of upstream work per year on that stuff)
[18:59] <stgraber> mtaylor: yeah, releasing for me nowadays is usually "merge everything", review all the bugs, merge all the translations, run the test script, release
[18:59] <smoser> ah. the 5 minute quota was hit adding pb.daviey.com for 2011.
[18:59] <smoser> luckily, NEW YEAR!
[18:59]  * mtaylor punches Daviey 
[18:59] <smoser> :)
[18:59] <mtaylor> actually - lemme submit a branch real quick...
[19:04] <adam_g> zul: when do you upload the openstack snapshot?
[19:05] <zul> adam_g: friday
[19:06] <adam_g> zul: k, thinking we might carry that volume patch until it makes it thru gerrit, so we can enable the volume tests on CI. ill send a proposal your way today
[19:06] <zul> adam_g: the tgt one?
[19:06] <hallyn> zul: f'ing p11-kit: bug 914642
[19:07] <adam_g> zul: yeah
[19:07] <zul> hallyn: hehe
[19:07] <zul> adam_g: yeah
[19:11] <adam_g> zul: i spammed #openstack-dev for gerrit +1's, we'll see..
[19:19] <zul> adam_g: cool...keystone needs to setup a database now right?
[19:19] <adam_g> zul: huh?
[19:19] <zul> adam_g: i think you mentioned a couple of weeks agao you need to create a /var/lib/keystone/keystone.db
[19:20] <hallyn> jjohansen: if you get a chance, could you take a look at the apparmor denial msg in comment in bug 925024 ?
[19:20] <jjohansen> looking
[19:22] <adam_g> zul: oh, i believe it should be using the same logic as the nova packaging and calling a database sync, probably only if sql_connection points to an sqlite db
[19:22] <zul> adam_g: ack
[19:23] <smoser> roaksoax, ping
[19:27] <jjohansen> hallyn: I don't have a quick answer will continue to poke.  if this is blocking lmk, I can do a temp solution quick but I am not sure what is wrong
[19:27] <hallyn> (i dont' knkwo what lmk is).  if you can do a temp solution quick, that implies you know what's going on?
[19:29] <hallyn> i have this bad feeling this has to do with errors in reconnecting pathnames?
[19:32] <hallyn> [16888.879429] audit_printk_skb: 21 callbacks suppressed      GAAAAAAAAAAAARRHH
[19:40] <SpamapS> hallyn: GAAAARH is in the message?!
[19:40] <SpamapS> cause if it is, thats t3h awesome
[19:40] <hallyn> SpamapS: syslog has an angry
[19:43] <hallyn> jjohansen: I'm afraid this means overlayfs is still broken wrt overlayfs?
[19:51] <hallyn> yes, it is.  i can verify with a dummy /bin/bash2 policy
[19:51] <hallyn> apw: ^
[19:52] <m_tadeu> hi...I'm trying to use mysqldbexport, but I'm getting the following error "ImportError: No module named mysql.utilities". How can I solve this?
[19:56] <m_tadeu> hi...I'm trying to use mysqldbexport, but I'm getting the following error "ImportError: No module named mysql.utilities". How can I solve this?
[20:05] <SpamapS> m_tadeu: never heard of that tool.. perhaps ask the authors?
[20:05] <RoyK> m_tadeu: you may want to try mysqldump
[20:06] <SpamapS> heh, he may want to claw out his eyes and have something that is nearly impossible to restore from too. ;)
[20:07] <RoyK> SpamapS: ????
[20:09] <SpamapS> RoyK: ever recovered using mysqldump ?
[20:09] <SpamapS> *nightmare*
[20:10] <RoyK> SpamapS: mysqldump -> backup, mysql somedb < dumpfile -> restore
[20:10] <RoyK> SpamapS: works well
[20:10] <SpamapS> Either you want Percona's Xtrabackup tool (Free), or you need to backup a slave server with snapshots.
[20:11] <SpamapS> RoyK: thats fine if you are in catastrophic db recovery mode and you have 10 hours ;)
[20:11]  * RoyK really doesn't have large, critical databases on mysql
[20:12] <RoyK> and if it takes 10 hours to restore, well, you have a problem with your infrastructure
[20:13] <alex-> !webmin
[20:13] <alex-> Erm, who says it's not compatible with the way that Ubuntu packages handle configuration files?
[20:13] <alex-> This was a bug 5 years ago
[20:14] <alex-> This is like saying: No I don't want to use Ubuntu 6.04 because there is a bug somewhere...
[20:14] <jmarsden|work> alex-: Feel free to retest it and report your results
[20:14] <alex-> Dunno how to report
[20:14] <henkjan> alex-: and people have moved away from webmin for ages
[20:14] <SpamapS> RoyK: with mysqldump and many millions of rows, its going to take hours and hours. You have to use other methods.
[20:14] <alex-> True, that's why they should come back
[20:14] <henkjan> i try to ignore panels as much as possible
[20:14] <alex-> It's a very easy tool when you want to do something quick
[20:14] <SpamapS> RoyK: to contrast it, Xtrabackup restores are as easy as restoring a file.
[20:15] <henkjan> xtrabackup++
[20:15] <henkjan> realy the way to go if you need to backup large mysql instances
[20:15] <alex-> What is large?
[20:15] <henkjan> no tablelocks
[20:16] <henkjan> i've got a few witch 200G+ tables
[20:16] <alex-> Ye that's big then :P
[20:17] <alex-> I belive phpmyadmin can still handle my database
[20:17] <SpamapS> henkjan: the big thing is that at the end of the backup, you have an exact copy of the table as it was *at the end of the backup*. With lvm snapshots, you have a copy of the table as it was at the beginning of the backup, which is less useful.
[20:17] <SpamapS> anyway, mysqldump is not a solution for any database over a couple GB
[20:23] <alex-> jmarsden|work: how can I report then?
[20:23] <RoyK> using mysql for anything large is madness imho
[20:23] <henkjan> RoyK: so, why does facebook use mysql?
[20:23] <henkjan> RoyK: and wy does google use mysql?
[20:23] <jmarsden|work> alex-: If you have done a thorough evaluation of how it updates config files and whether the current approach is consistent with Debian policy, you can add that info to the bug report, or open a new bug requesting webmin be added to Debian.  I do not think you will succeed, though.
[20:24] <SpamapS> RoyK: you're misinformed. Its really a very good database. Do not believe the hype. :)
[20:24]  * RoyK *really* likes postgresql better
[20:24] <alex-> jmarsden|work: why don't you think so?
[20:25] <jmarsden|work> Because I do not see any evidence they changed the way they deal with config files... do you?
[20:26] <alex-> jmarsden|work: there was some bug some time ago, but that's fixed
[20:27] <jmarsden|work> alex-: OK, test and open an approproate debian bug requesting webmin be included in Debian once more :)
[20:27] <SpamapS> RoyK: I think postgresql is probably better for most OLTP applications than MySQL.
[20:27] <alex-> How to test it?
[20:27] <jmarsden|work> If you don't know, then you don't know enough to do this work.
[20:27] <SpamapS> RoyK: does pgsql still fork for every connection though?
[20:28] <RoyK> AFAIK that was 10 years ago
[20:28] <alex-> jmarsden|work: ye I think so, but I want it back
[20:28] <RoyK> SpamapS: and then, how many connections do you really need?
[20:28] <RoyK> using stuff like php keeps the line open anyway
[20:30] <SpamapS> RoyK: thats precisely the problem. MySQL (5.1+ or 4.1, not 5.0) handles 10k+ concurrent queries on 10000 connections very well..
[20:30] <hallyn> jjohansen: audit logs confirm apparmor failed to reconnect the path...  now, really odd that it always fails for the dpkg diversions file, and nothing else!
[20:31] <hallyn> should i mark that as also affecting 'linux'?
[20:31] <jjohansen> hallyn: yeah
[20:31] <RoyK> SpamapS: 10k concurrent connections sounds like a design blunder
[20:31] <hallyn> k
[20:34] <SpamapS> RoyK: not really. If you are doing readonly scaling across 5 servers and want to support 50,000 concurrent users, thats a pretty modest number.
[20:35] <henkjan> RoyK: or a system with slightly larger workload as you are used to
[20:35] <SpamapS> RoyK: oh and pgsql does still do 1 process per user according to their manual:
[20:35] <SpamapS> "PostgreSQL is implemented using a simple "process per user" client/server model. In this model there is one client process connected to exactly one server process. As we do not know ahead of time how many connections will be made, we have to use a master process that spawns a new server process every time a connection is requested."
[20:35] <SpamapS> http://www.postgresql.org/docs/9.0/static/connect-estab.html
[20:41] <RoyK> SpamapS: again, on what sort of system would you expect 10k database connections?
[20:52] <SpamapS> RoyK: have been at that level with my previous two companies.
[20:53] <SpamapS> RoyK: I believe pg users solve it with pgpool
[20:56] <hallyn> stgraber: do'h, there you go, just got another container which resets my kbd.  Odd that only some do it
[20:56] <hallyn> so now i can test out the setsid idea i guess
[20:57] <RoyK> SpamapS: what did you do? open a new TCP connection per HTTP request?
[20:57] <RoyK> as in, new TCP connection to the database for every http request?
[20:59] <SpamapS> RoyK: No, we'd have 10,000 concurrent users running web requests with multiple queries on each page.
[20:59] <SpamapS> actually sometimes more than that
[20:59] <SpamapS> but caching would help
[20:59] <SpamapS> RoyK: there were definitely at least 10,000 concurrent httpd's running (with mod_php)
[21:00] <RoyK> that's a lot...
[21:00] <SpamapS> RoyK: in the older example, it was perl.. but .. same problem really.
[21:00] <SpamapS> Yes, it was a big place. :)
[21:00] <SpamapS> And a badly designed app truth be told.. stupid ORMs.
[21:15] <hallyn> stgraber: all right setsid doesn't help.
[21:21] <adam_g> smoser: is there any way to keep the IP addresses persistent (outside of editting /etc/network/interfaces per container) after local provider has deployed?
[21:26] <smoser> i dont know. i dont htink so, adam_g .
[21:26] <SpamapS> adam_g: you can force it in dnsmasq's configuration
[21:27] <hallyn> stgraber: FEH!  it's the udevadm trigger --add that does it.  presumably the host resets the kbd in response to an event
[21:29] <hallyn> stgraber: i have a suggestion.  maybe a stupid one
[21:29] <hallyn> stgraber: is 'udevadm trigger --add' only used to catch events missed during initramfs?
[21:29] <roaksoax> smoser: pong
[21:29] <hallyn> if so we shouldn't do that in a container right?
[21:29] <roaksoax> smoser: sorry was concentrated in some other thing
[21:30] <stgraber> hallyn: that sounds good. Will be easy to fix once the upstart changes are merged.
[21:30] <adam_g> SpamapS: does that operate independently of the juju environment? i'd like to bootstrap something locally with juju then remove juju from the picture
[21:30] <hallyn> stgraber: unless we need it for lo....
[21:30] <smoser> roaksoax, i think ihad a question on cpu scaling
[21:31] <hallyn> no, network comes up fine without it
[21:32] <roaksoax> smoser: shoot if you remember :)
[21:33] <smoser> well, roaksoax a systm was showing load of like 4...5...6..7.8
[21:33] <smoser> and my cpu was still sitting at 1GHZ
[21:33] <smoser> i turned it up via specifying 'performance' governor
[21:33] <smoser> but i had thoguht maybe something you did had caused it ;-)
[21:33] <smoser> (ie, the powernap/savings stuff)
[21:34] <roaksoax> smoser: heh, you are using powernap then. Have you enabled the LoadMonitor? can you pastebin the /var/log/powernap.log and /var/log/powernap.err
[21:34] <SpamapS> adam_g: dnsmasq is part of the libvirt-bin stuff
[21:35] <stgraber> hallyn: lo should be caught by /etc/init/networking.conf if it's not started by udev
[21:35] <smoser> roaksoax, those files are empty
[21:35] <hallyn> stgraber: i filed a bug to track it
[21:35] <roaksoax> smoser: can you enable debug loggin in /etc/powernap/config
[21:35] <hallyn> it used to be the case that lo was not caught correctly by networking.conf, but i recon that was fixed long ago
[21:36] <roaksoax> smoser: is there anything in /var/run/powernap or /var/lock/powernap or in (/var/run/powernap/cpu_governor.default
[21:36] <smoser> $ cat /var/run/powernap/cpu_governor.default
[21:36] <smoser> ondemand
[21:36] <smoser> it said 'ondemand' before i changed it
[21:37] <smoser> so i thought that mean tht kernel was in charge
[21:37] <smoser> its likely  most of the load was IO based
[21:37] <smoser> and not cpu
[21:38] <roaksoax> smoser: when that file says it's ondeman means that when powernap detects load, it sets the governor back to whatever is in that file
[21:38] <roaksoax> smoser: as powernap sets it to powersave governor
[21:38] <Aison> hello, after an update of my ubuntu server, the mysql service is no longer working :( no idea what's going on, but it's a big problem
[21:38] <Aison> when I do myqsl service start, it hangs forever
[21:38] <roaksoax> smoser: i'm guessing that powernap didn't detect "load" as 1. LoadMonitor is not enabled, or 2. No monitor meets your needs or 3. Bug in powernap
[21:39] <Aison> dmesg says: init: mysql post-start process (7708) terminated with status 1
[21:39] <smoser> roaksoax, the speed did occasional change.
[21:40] <smoser> but just not as much as i thoguht it should have
[21:42] <soren> smoser: I didn't exactly "just" propose it upstream.
[21:42] <roaksoax> smoser: so /etc/powernap/config is LoadMonitor enabled?
[21:42] <roaksoax> smoser: if it is, what's the value, n?
[21:42] <soren> smoser: 2011 is soooo last year. Literally.
[21:43] <Aison> type=1400 audit(1328132559.952:135): apparmor="DENIED" operation="mknod" parent=8155 profile="/usr/sbin/mysqld" name="/run/mysqld/mysqld.sock" pid=9456 comm="mysqld" requested_mask="c" denied_mask="c" fsuid=102 ouid=102
[21:45] <smoser> roaksoax, default
[21:45] <smoser> [LoadMonitor]
[21:45] <smoser> threshold = n
[21:49] <roaksoax> smoser: how many cores do you have, 4?
[21:49] <roaksoax> smoser: try changing it to 2 or so, and see what happens
[21:50] <smoser> this is 1 core :)
[21:50] <smoser> which almost seems wrong
[21:50] <smoser> i'd have thought at least to have hyperthreading
[21:50] <smoser> http://paste.ubuntu.com/825692/
[21:50] <roaksoax> uhmmm that's interesting then. I guess there's a bug oin the monitor then
[21:50] <roaksoax> smoser: AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ it's a 2 core
[21:51] <roaksoax> smoser: maybe, powernap is also turning off 1 of the cores
[22:03] <smoser> hallyn, i dont know if this is valid or not
[22:03] <smoser> but i just saw 'ureadahead' in a to list
[22:03] <smoser> as containers were booting (i think)
[22:04] <smoser> if ureadahead gets run in a container, it probably should not
[22:04] <smoser> cloud-images disable it
[22:04] <hallyn> smoser: yes, it should not.  and yes it does
[22:04] <hallyn> in fact it frequently hangs your container for a bit if you immediately shutdown
[22:04] <smoser> cloud-init dpkg-diverts it
[22:05] <smoser> you can look there for how to do it
[22:05] <hallyn> smoser: i think we want to patch ureadahead directly
[22:05] <smoser> reasonable.
[22:05] <hallyn> stgraber: ^ another :)
[22:05] <hallyn> smoser: in fact I can reuse an existing bug i think
[22:07] <smoser> adam_g, so can you look at pulling in my nova-volume fix ?
[22:07] <stgraber> hallyn: yeah, I'd also add plymouth to the list ;)
[22:07] <smoser> i walked that pastebin i showed earlier on an hp cloud instance
[22:07] <smoser> no issues at all
[22:07] <hallyn> stgraber: it's useless, but does it harm in any case?
[22:07] <smoser>  - Deployment complete in 621 seconds.
[22:07] <hallyn> stgraber: ureadahead occasionaly does harm...
[22:08] <hallyn> stgraber: but i won't object to fixing it at any rate.  SPEED
[22:09] <stgraber> hallyn: it writes some error messages to /var/log/upstart (when you have logging) and sometimes to the console
[22:09] <hallyn> stgraber: oh, ok.  i dunno, do you want to open (yet another) bug for that?
[22:10] <hallyn> gotta run, bbl
[22:27] <kirkland> roaksoax: i think it's time to disable the cpu offlining by powernap in the default install
[22:27] <adam_g> smoser: yeah, it should work fine in a regular, non-container setup, right?
[22:43] <adam_g> /wi/win 30
[22:57] <Daviey> adam_g: Arre you doing work on the CI lab?
[23:00] <adam_g> Daviey: ATM no
[23:01] <Daviey> adam_g: thanks
[23:01] <Daviey> zul: What is the status of precise-openstack-essex-python-quantumclient-trunk ?
[23:16] <zul> Daviey: tarball.sh needs to be updated will get to it tonight
[23:20] <Daviey> zul: ah, cool
[23:22] <adam_g> smoser: launching an instance on that lxc setup: http://paste.ubuntu.com/825782/  still some module dependencies that need to be resolved it seems
[23:24] <adam_g> smoser: ive not seen those nova-rootwrap errors before, tho
[23:58] <adam_g> smoser: also, looks like containerized LVM has some gotchas too