[00:06] <caution> how can I measure disk activity?
[00:06] <Zal> caution, iostat
[01:07] <stgraber> hallyn: lxc uploaded
[01:16] <twb> i pxe boot everything
[01:16] <twb> I'm even going to be PXE booting the PXE servers soon
[01:18] <twb> Because there's scalability issues serving more than one or two /24's from a single PXE server, so I'm gonna put in one per /24 and have it boot itself off the master server, then cache all the desktop's PXE rootfs's in RAM.
[01:18] <twb> Cool, huh?
[01:52] <starlocke> so... any ultrabooks worth getting excited over...?
[01:57] <twb> My Asus TF101 meets my key requirements of running Ubuntu, having a decent keyboard and screen, and a long (20 hour) battery life, even if most of the other components are not working yet
[02:03] <XevolX> hello
[02:47] <josedb> hello, may i ask a simple question?
[02:47] <chelz> josedb: go ahead. on irc you don't have to ask to ask.
[02:50] <josedb> ok, this is: I have a server , and a dynamic ip (actually using dyndns service to connect throught internet). i want to send system emails (php, or any other daemon),. so whats the best option?
[02:52] <josedb> i want to use and external email account (using SSL for auth), is there any posibility?
[02:52] <chelz> yes, there is a good package for that
[02:53] <chelz> josedb: sSMTP
[02:53] <josedb> ive tried postfix, but i found it very dificult to configure it, and very extensive for thiis use
[02:53] <chelz> google for guides
[02:54] <josedb> thank you so much, iam looking google right now
[02:56] <twb> FWIW I have had much better experience with msmtp than with ssmtp
[02:57] <chelz> twb: what was bad about ssmtp?
[02:57] <twb> TBH I can't remember it was years ago
[02:58] <twb> http://cyber.com.au/~twb/.msmtprc (although that's going down in a moment for scheduled outage)
[03:00] <josedb> if i have problems witg ssmtp, ill try msmtp
[03:04] <josedb> what about qmail, webmin has no module for ssmtp
[03:10] <twb> Don't use webmin or qmail EVER
[03:13] <josedb> no luck with ssmtp:   Cannot open mail.dulkre.com.ar:465
[03:13] <chelz> twb: webmin okay, but not qmail? why?
[03:15] <josedb> ok, fixed. Is it possible to send attachments?
[03:16] <twb> chelz: because it's djb
[03:16] <chelz> twb: haha :P
[03:17] <twb> It's not free software, and there are strong alternatives (postfix/exim4)
[03:17] <chelz> josedb: sure, just craft the message properly and cat base64'd (i think) version(s) the attachment(s)
[03:18] <chelz> twb: ah right, that license does leave quite a bit to be desired
[03:29] <twb> hallyn: I just upgraded my LXC server from 2.6.32-32 to 2.6.32-38 and *it works*!  Thanks to you and whoever else got that vsftpd "fix" dealt with
[03:31] <hallyn> twb: glad to hear it.  Fraid I can't take any credit, kernel patch by Tetsuo Handa made the difference.
[03:31] <twb> btw do you remember the sysctl setting to limit the number of containers or something?
[03:31]  * twb digs out the bug ticket mail
[03:35] <hallyn> netns_max ?
[03:45] <twb> Ah, it's set to 1024 by default in -38 anyway, so I am safe
[03:47] <mattwj2002> hi guys
[03:47] <mattwj2002> ufw sucks (or at least my ability to get it to block stuff does)
[03:48] <mattwj2002> I am wondering if I need to use iptables
[03:48] <mattwj2002> anyone here?
[03:50] <erichammond> mattwj2002: You might get more responses if you asked a question with specific information about your situation.
[03:50] <mattwj2002> okay
[03:51] <mattwj2002> I am trying to get ufw to block access to the ntp to all but certain subnets
[03:52] <mattwj2002> it isn't working
[03:52] <mattwj2002> it doesn't stop the packets according to port scan
[03:53] <mattwj2002> can anyone tell me how do the incoming and outgoing blocking?
[03:54] <mattwj2002> I thought I had it figured out but maybe that is my problem
[04:01] <twb> mattwj2002: is ntp served from the host running ufw, or is it behind it (i.e. the ufw host is the router) ?
[04:02] <twb> -A FORWARD -p udp --dport ntp -s 1.2.3/24 -j ACCEPT; -A FORWARD -p udp --dport ntp -s 1.2.3/24 -j REJECT
[04:02] <mattwj2002> ntp is serverd from the box running ufw
[04:02] <twb> Ah, then INPUT, not FORWARD.
[04:02] <twb> I don't know how those rules will translate into ufw idioms.
[04:04] <twb> Obviously any useful ruleset is going to be default-deny, so the latter of those two rules is not strictly necessary
[04:28] <starlocke> ububu.
[04:29] <starlocke> it's symetrical.
[04:29] <starlocke> sort of.
[05:51] <osmosis> how do I fix  ureadahead-other  error on boot?
[06:27] <saji89> I have been trying to set up a name based virtual host in pache on ubuntu 11.10, to a folder /var/www/test. But it keeps on pointing to /var/www only. How can I solve it?
[06:27] <saji89> Hi all.
[06:33] <saji89> Anyone?
[06:33] <saji89> My virtualhost configuration file looks like this-http://paste.ubuntu.com/827328/
[06:39] <SpamapS> saji89: you probably need to a2dissite default
[06:40] <SpamapS> saji89: also do you have somewhere 'NameVirtualHost *:80' ?
[06:41] <saji89> SpamapS: Ya its there in ports.conf
[06:41] <saji89> SpamapS: My ports.conf looks like this-http://paste.ubuntu.com/827332/
[06:41] <SpamapS> saji89: and you're putting in http://test.local/  to look at it?
[06:42] <saji89> Yes-
[06:42] <saji89> http://test.local/
[06:42] <saji89> SpamapS: Am i missing something here?
[06:44] <saji89> SpamapS: I just disabled the default virtualhost now.
[06:44] <saji89> and something interesting is happening.
[06:45] <saji89> SpamapS: test.local is pointing to /var/www
[06:45] <saji89> SpamapS: But http://localhost shos the contens of /var/www/test folder
[06:45] <saji89> shows*
[06:46] <SpamapS> saji89: weird indeed.
[06:47] <saji89> SpamapS: Yep.
[06:47] <saji89> WIll the contents of /etc/hosts do any good?
[06:47] <saji89> It might  be the cul[prit i feel.
[06:48] <SpamapS> saji89: to test you can always just telnet in and manually do your request
[06:48] <saji89> SpamapS: SOrry.
[06:48] <saji89> SpamapS: How can I do that?
[06:49] <saji89> SpamapS: My hosts file looks like this-
[06:49] <saji89> http://paste.ubuntu.com/827338/
[06:49] <RoyK> -18˚C
[06:49] <saji89> SpamapS: I use likewise-open to connect my system to a windows server domian based network.
[06:50] <saji89> SpamapS: It has added an entry in hosts file, maybe that is causing this trouble.
[06:58] <SpamapS> saji89: possible.. hard to say. Unfortunately, I'm running out of energy.. so I'll have to leave you. :-/
[06:58]  * SpamapS passes out
[07:01] <saji89> SpamapS: Please man..
[07:01] <nemo_nihil> anyone here that can help me set up and ec2 instance
[07:01] <saji89> SpamapS: Atleast a hint ot where i should move next or check next.
[07:01] <saji89> to*
[07:05]  * saji89 hopes that SpamapS  resurrects
[07:12]  * saji89 lost the hope.
[07:12] <saji89> Anyone else , any idea?
[07:15] <saji89> SpamapS: Thanks for your time ma.
[07:15] <saji89> SpamapS: man*.. Bye.
[07:22] <soren> saji89: First of all, you should make sure you're not seeing cached responses. What are you using to test?
[07:23] <saji89> soren: You mean web browser? Firefox 9.0.1, it it.
[07:23] <soren> saji89: You should use something like curl or wget to make sure.
[07:24] <saji89> soren: How can i use it?
[07:24] <soren> curl http://test.local/
[07:24] <soren> That's it :)
[07:24] <soren> saji89: Anyway, have you touched httpd.conf or apache.conf at all?
[07:25] <saji89> soren: Nope.
[07:25] <soren> Greatk.
[07:26] <soren> saji89: Can you pastebin the output of "grep . /etc/apache2/sites-enabled/*", please?
[07:26] <saji89> soren: SUre..
[07:27] <soren> (If there are multiple files, using grep this way will show me their filenames and they'll also be listed in the order in which they're read)
[07:28] <soren> ...and please don't remove anything from without telling me.
[07:28] <saji89> soren: Ok.
[07:28] <saji89> soren: interstungly output of only one file show up-
[07:28] <saji89> soren: http://paste.ubuntu.com/827362/
[07:30] <soren> saji89: Is that surprising? Is there more than one file in there?
[07:31] <saji89> soren: Yes.
[07:31] <saji89> soren: http://paste.ubuntu.com/827365/
[07:31] <soren> saji89: That's sites-available.
[07:31] <soren> saji89: Not sites-enabled.
[07:32] <saji89> soren: Oh sorry..
[07:32] <soren> Anyway, pastebin "ls -l /var/www/test"
[07:33] <linocisco> what is GNU linux? I dont know about it well. I know only Debian based and Redhat based. what is GNU based?
[07:33] <saji89> soren: http://paste.ubuntu.com/827366/
[07:35] <soren> saji89: Ok. What does "curl http://test.local/check.php" say?
[07:36] <saji89> linocisco: Everything is GNU Linux. Linux is the kernel we use in all linux distributions, which is actually GNU linux. GNU stands for "GNU is Not Unix".
[07:38] <linocisco> so what is the android based? Redhat or Debian ?
[07:38] <saji89> linocisco: Redhat, DEbian is based on GNU Linux Kernel.
[07:39] <soren> saji89: What does "curl http://test.local/check.php" say?
[07:39] <saji89> linocisco: And even Android uses a modified version of GNU Linux Kernel.
[07:39] <saji89> soren: Am installing curl now.
[07:39] <soren> saji89: Oh, ok :)
[07:40] <linocisco> soren: what GNU linux ? there are only two . Redhat or Debian , Am I right?
[07:41] <soren> linocisco: There are probably hundreds of linux distributions.
[07:42] <soren> linocisco: And you're in an Ubuntu channel. Clearly, there's more than RedHat and Debian.
[07:42] <saji89> soren: http://paste.ubuntu.com/827372/
[07:43] <saji89> soren: Its output of phpinfo() function, as i had put in that test file.  :)
[07:43] <linocisco> soren: yes, soren. we can only install with .deb or .rpm apart from tarball. .so only redhat based or debian based. right ?
[07:43] <soren> linocisco: N.
[07:43] <soren> No.
[07:43] <soren> saji89: Great, so everything works?
[07:45] <saji89> soren: Ya now it works fne.
[07:45] <saji89> soren: DOn't know what happened?
[07:46] <saji89> soren, WOuld it be browser cache?
[07:46] <saji89> soren: I had even posted a detailed question in askubuntu.com http://askubuntu.com/questions/101030/apche-virtualhost-keeps-pointing-to-default-directory   :)
[07:47] <chelz> linocisco: linux kernel + gnu tools = gnu/linux or gnu+linux. if it doesn't have gnu then it isn't. android uses other tools, some custom. check wikipedia for more.
[07:48] <saji89> linocisco: Check this out for a simple answer-http://searchenterpriselinux.techtarget.com/definition/GNU-Linux
[07:48] <soren> saji89: Maybe. Don't know.
[07:49] <saji89> soren: Anyways thanks man...
[07:49] <linocisco> soren: tango yankee
[07:49] <linocisco> saji89:  Tango Yankee
[07:49] <saji89> soren: Thansk for the curl tip
[07:49] <saji89> soren: Thanks, for the curl tip.
[07:50] <saji89> soren: Still one issue exists though.
[07:50] <chelz> saji89: if for some reason you can't use curl, wget works also with    wget -O - http://example.com
[07:51] <saji89> soren: http://localhost also points to /var/www/test
[07:51] <linocisco> what is the difference between ubuntforums.org and askubuntu.com?
[07:51] <chelz> linocisco: different format but generally for the same purpose. different accounts too i think
[07:52] <linocisco> chelz: so different registration required?
[07:53] <chelz> linocisco: i think so. sharing accounts would be pretty difficult for them
[07:53] <saji89> chelz: Thanks..
[07:53] <linocisco> chelz: what about openID?
[07:55] <chelz> linocisco: ubuntuforums is pretty backwards, i'd really be surprised if they started supporting openid
[07:55] <saji89> soren: I enabled 'default ' again..
[07:55] <saji89> soren: Now everything is fine
[07:55] <linocisco> chelz: ok thanks. only IRC is interactive
[07:56] <saji89> Thanks guys...
[07:58] <osmosis> how do I stop services from starting at boot
[08:06] <osmosis> anyone know how to troubleshoot courier-imap saying  Error in IMAP command received by server.
[08:26] <osmosis> this postfix mysql setup isnt working. maybe im going about this wrong. for virtual domains, should I just be using Maildir?
[08:32] <HermanDE> Anybody have a working TProxy system with 11.10?
[08:34] <lynxman> morning o/
[08:35] <greppy> osmosis: I prefer maildir, but I also prefer dovecot to courier.
[08:35] <osmosis> greppy, I was looking at  https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
[08:36] <osmosis> greppy, any reason why you like dovecot?
[08:36] <osmosis> does it have a web admin interface?
[08:37] <greppy> I use froxlor as a web/mail hosting frontend control panel.
[08:38] <greppy> froxlor.org has packages you can download.
[08:39] <greppy> once you install froxlor, there are step by step, copy&paste configurations to make to get postfix & dovecot working.
[08:39] <osmosis> hmm. tempting
[08:40] <osmosis> can it do billing too?
[08:41] <greppy> nope
[08:41] <greppy> not yet.
[08:41] <greppy> it's on the todo list :)
[08:41] <greppy> another option is http://www200.pair.com/mecham/spam/
[08:41] <greppy> I've used that on it's own before, and also tweaked it to work with ubuntu & froxlor
[08:42] <osmosis> i spent the whole day on postfix /courier-imap.  i just get failed logins, and there is no error log trail
[08:43] <osmosis> froxlor looks strong
[08:44] <osmosis> has debian packages, but not ubuntu
[08:45] <greppy> they work fine on ubuntu :)
[08:46] <greppy> I have it in production for customers right now.
[09:56] <taipres> sudo /etc/init.d/apache2 stop
[09:56] <taipres> says it stopped it but it's still running
[09:56] <taipres> any ideas?
[09:56] <dns53> is it a zombie process?
[09:59] <taipres> yeah
[09:59] <taipres> top shows it
[09:59] <taipres> 2 of them running
[10:00] <taipres> finally got it, thanks
[10:00] <taipres> don't know how tried kill -9 million times, but whatever works
[10:02] <dns53> apache can do that occasionally, it is worse with things like oracle ebusiness suite
[10:03] <Myrtti> I'd try "sudo service apache2 stop" first tho
[10:12] <soren> taipres: zombie processes are already dead. Can't be killed.
[10:12] <soren> taipres: To get rid of them, you need to kill their parent process.
[10:13] <soren> They're left around as zombies because their parent hasn't called wait() on them.
[10:14] <soren> ...and when you kill the parent, init adopts it.
[10:14] <soren> ...and init knows how to deal with it.
[10:17] <dns53> talking about zombie processes i caused one with bash auto complete
[11:09] <kj> hi
[11:09] <dns53> hey
[11:09] <kj> hi room
[11:13] <kj> hows everyone here
[11:14] <bastidrazor>  breaking a sweat.. its alright
[11:14] <kj> lol
[13:14] <gary_poster> hallyn (I hope this is before the start of your day, so reply when you get a chance :-) ), hi.  Would it be worth seeing if I can escalate kernel bugs 925028 and 925024?
[13:41] <zul> morning
[14:10] <bigjools> fwereade_: around?
[14:11] <fwereade_> bigjools, heyhey
[14:12] <bigjools> fwereade_: hi there.  I want to pull python-testtools into juju - can you think of any reason why I should not?
[14:12] <fwereade_> bigjools, not offhand, what do you need them for?
[14:13] <bigjools> fwereade_: makes testing a *lot* nicer
[14:13] <bigjools> the matchers are much better than trial's standard test cases
[14:14] <bigjools> this would only be a development dependency though
[14:15] <fwereade_> bigjools, it might be slightly irritating to have two styles of TestCase... it would probably be best to check with niemeyer
[14:15] <bigjools> fwereade_: it's not a different style of test case, I only want the matchers.
[14:16] <bigjools> I'll see what he says
[14:28] <Psi-Jack> Curious.. Is Canonical still supporting AppArmor, and contributing to it's future? I ask because I noticed SELinux stuff starting to creep into Ubuntu.
[14:30] <jdstrand> Psi-Jack: absolutely. take a look at wiki.ubuntu.com/AppArmor
[14:30] <andol> Psi-Jack: Well, this might not be a full answer to your question, but Debian are doing a bit of work on SELinux, of some which also end up in Ubuntu.
[14:31] <jdstrand> Psi-Jack: Canonical has several AppArmor upstream developers in its employ and is doing significant work on AppArmor in general. It was under Canonical that AppArmor made it into the upstream kernel
[14:31] <Psi-Jack> andol: Ahhh
[14:31] <Psi-Jack> Nice. :)
[14:32] <jdstrand> Psi-Jack: it is healthier than ever. Like andol said, we inherit thinsg from Debian, and we do want SElinux to work, but AppArmor is the officially supported and maintained MAC in Ubuntu
[14:33] <Psi-Jack> Nice. Good to know, because I absolutely despise the over complexity that SELinux is.
[14:34] <Psi-Jack> AppArmor, though, it isn't /quite/ as secure as SElinux itself is, it's not nearly as intrusive to the system by design, and is more neutral in setup, actually allowing you to work with any filesystem, even nfs, which SELinux can't do.
[14:36] <Psi-Jack> I'm going to be working together basics to advanced documentation on AppArmor on my own site.
[14:49] <SpamapS> jamespage: around?
[14:51] <jdstrand> Psi-Jack: apparmor and selinux have had different requirements. apparmor behaves much like selinux's targeted policy, but without the complexity
[14:52] <jdstrand> Psi-Jack: selinux is better in certain environments, such as MLS. it also has a concept of dbus mediation and Xace. apparmor can do a sort of mls, but it is more difficult to setup. work is ongoing for dbus and X security
[14:53] <Psi-Jack> Heh nice.,
[14:53] <jdstrand> for general use, apparmor works very well
[14:54] <jdstrand> Psi-Jack: if you are documenting things for yourself, I suggest perusing http://wiki.apparmor.net/index.php/Documentation
[14:57]  * SpamapS is hoping AppArmor + LXC becomes the new stanard for chroot jails. :)
[14:57] <jdstrand> yes, that is actually an area that apparmor is leading
[14:58] <jdstrand> (aiui)
[14:59] <hallyn> gary_poster: jjohansen is working on bug 925024.  Not sure it needs to be escalated.  He was going to have a test kernel for me today.
[15:00] <hallyn> gary_poster: as for bug 925028, yeah, i suspect it will need to be escalated
[15:00] <hallyn> that is, if you feel that lxc-start-ephemeral+apparmor is important
[15:00] <hallyn> gary_poster: that is, we could set the policy so that lxc-start-ephemeral skips the apparmor policy.
[15:00] <hallyn> (as a workaround)
[15:01] <hallyn> mind you, the features are there, so the feb 16 FF deadline is not a problem here - we just need to shake out the bugs before rlease
[15:01] <hallyn> in contrast, the apparmor mount restrictions are a new feature, so they need to hit (in some form) before feb 16
[15:02] <gary_poster> hallyn, hm.  you are introducing apparmor not only as a nice way to tighten things down but because of real problems you've encountered with your sound card and so on, right?  If so, it seems like I'd prefer to have 925028 actually fixed, rather than apparmor disabled in that case.
[15:03] <hallyn> gary_poster: the q would be, what workloads are you going to run in ephemeral containers
[15:04] <hallyn> if it's all stuff you mainly trust and own, on secure networks, then it's not as important
[15:04] <hallyn> you're right of course, our goal is all containers to be secure :)  but that isn't going to happen for *real* until 14.04 LTS
[15:05] <hallyn> there *will* be ways to escape a container.  If only bc i haven't thought of them yet :)
[15:05] <hallyn> (i do try to track them at wiki.ubuntu.com/LxcSecurity, and think all cases so far are covered by our planned features.  but...)
[15:05] <gary_poster> 14.04: heh, ok.  what workloads: yeah, we mostly trust and do own. :-)
[15:06] <hallyn> gary_poster: right, so while i'd like it fixed, we ahve to realize that fixing it will take time away from other kernel team efforts
[15:07] <hallyn> gary_poster: so whether or not to escalate it i think depends on your needs.  It at least doesnt' sabotage the whole lxc apparmor plans, like the other bug does
[15:07] <Psi-Jack> jdstrand: I'm writing a Basics 101 over now, but the overal purpose of my site is to educate others, from newbies to professional experts and what-not.
[15:07] <Psi-Jack> Basically, I plan to have a more useful wiki than any other wiki out there. :)
[15:07] <hallyn> (if bug 925024 doesn't get solved, we're in trouble)
[15:07] <Psi-Jack> (One Ring to rule them all! heh)
[15:08] <jdstrand> :)
[15:08] <gary_poster> hallyn, fair enough.  So, I'm ok with disabling the apparmor profile for ephemeral, if you are willing to set that up.  I'm hopeful the bug won't be lost though--I'd prefer not to have to keep replying to the "is this fixed by the new kernel" bot.
[15:08] <hallyn> gary_poster: there is a tag we can set on the bug to make that bot shut up
[15:09] <gary_poster> yeah I saw that
[15:09] <gary_poster> I'll do that
[15:09] <hallyn> thanks :)
[15:09] <hallyn> gary_poster: i'll go ask apw in #kernel whether he has time to look at it.
[15:09] <gary_poster> ok thanks hallyn
[15:10] <hallyn> does it help you to have the workaround right now?  or can we wait and hope for a real fix?
[15:10] <gary_poster> hallyn, we have automation disabling the apparmor entirely for us right now.  So we are not blocked; OTOH, we are also not testing further possible issues with apparmor integration
[15:11] <hallyn> gary_poster: ok.  it's probably not worthwhile anyway given the more fundamental re-attach issue.  so i'll wait at least on that.  thanks.
[15:11] <gary_poster> cool
[15:11] <gary_poster> thank you
[15:12] <SpamapS> "Telling someone that he looks very stupid, because he did something stupid is not a personal attack. It is a stating of the facts." -- Stefan Esser     LOL
[15:25] <stgraber> hallyn: can you import my patch from yesterday's upload into your git tree?
[15:26] <hallyn> stgraber: will do
[15:26] <stgraber> hallyn: I also noticed another bug in lxc-create yesterday but haven't look exactly where it's coming from. If you run lxc-create -f with an invalid filename, it'll obviously fail but /var/lib/lxc/container will have been created (empty) and so will make the next lxc-create tell you it already exists
[15:27] <hallyn> stgraber: i need to work on syncing some lxc-clone changes from upstream too (as we've diverted)
[15:28] <hallyn> stgraber: sounds like bad cleanup on my part
[15:28] <hallyn> boy, terrible lag here
[15:29] <hallyn> stgraber: can i add your signed-off-by?
[15:30] <stgraber> hallyn: yep
[15:32] <hallyn> stgraber: patch pushed
[15:33] <stgraber> thanks
[15:39] <stgraber> hallyn: I'm going to try and blog a bit about LXC again, posting something on the foreign arch containers today and hopefully something on the upstart changes next week (hoping they get merged by then). The at some point after feature freeze (likely close to release), another post on everything that changed since Oneiric (I've been doing these since karmic/lucid, kind of useful to get an idea of what was done).
[15:41] <hallyn> stgraber: sounds good.  i was thinking i should blog on the backing store changes.  i guess i better hold off on the apparmor ones.
[15:42] <hallyn> stgraber: i do intend to write a server guide section on lxc.  if you're interested in working on that (proofreading/rewriting) lemme know :)
[15:46] <stgraber> hallyn: yep, blogging on the backing store changes would be nice, and on apparmor/security for containers once we know exactly what we'll have for precise
[15:46] <stgraber> hallyn: I'm happy to at least proofread, potentially contribute if I find the time (and have something useful to contribute ;))
[16:01] <mrevell> bigjools, We don't really need a generic BAD state, do we? MISSING and FAILED_TESTS should cover pretty much everything. I'm struggling to come up with another BAD state that MaaS would be aware of.
[16:01] <bigjools> mrevell: I don't think so
[16:02] <bigjools> mrevell: I should have suggested AWOL instead of MISSING :)
[16:02] <mrevell> Even if it is in a some other bad state, I'm not sure we'd have a way to distinguish it for 12.04.
[16:02] <mrevell> bigjools, I suggested MIA :)
[16:12] <smoser> woot. fun bug.
[16:12] <smoser> https://bugs.launchpad.net/ubuntu/+bug/926160
[16:18] <Vivek> I am getting some directories in /var/log/orchestra with the I.P Addresses of newly commissioned nodes.
[16:18] <Vivek> I am interested in finding out which part of the orchestra or rsyslog source code creates those directories.
[16:22] <RoyK> http://paste.ubuntu.com/827766/
[16:22] <SpamapS> Vivek: I believe the default pre-seed just points installed machines' rsyslogd at the orchestra-logging-server, and then the configs that orchestra adds to the orchestra-logging-server's rsyslogd sorts them out by ip
[16:24] <Vivek> So my issue is this
[16:24] <Vivek> I have an 2 ethernet interfaces
[16:24] <Vivek> eth0 in bridged more and eth1 in internal mode
[16:24] <Vivek> I am running this on a virtualbox setup
[16:25] <Vivek> I have configured dnsmasq to only server dhcp requests via eth1
[16:26] <Vivek> I am seeing directories in /var/log/orchestra/rsyslog in with I.P Adresses also in the eth0 range.
[16:28] <Vivek> /var/log/orchestra/rsyslog/10.x.x.x/2012/01/30/messages says
[16:28] <Vivek> sorry its /var/log/orchestra/rsyslog/2012/01/30/10.x.x.x
[16:28] <Vivek> The log messages say
[16:29] <Vivek> Jan 30 18:22 10.x.x.x #015#012##015
[16:29] <Vivek> Also /var/log/orchestra/rsyslog/2012/01/30/orchestra/messages says
[16:30] <Vivek> Jan 30 18:22:30 orchestra sshd[6165]: Did not receive identification string
[16:30] <Vivek> from 10.x.x.x
[16:30] <Vivek> My eth0 is in the 10.x.x.x series and eth1 in 192.168.1.x series.
[16:34] <Vivek> SpamapS: Any idea
[16:34] <Vivek> ?
[16:34] <Vivek> :)
[16:34] <Vivek> I am following kirkland's blog to deploy orchestra fleets.
[16:47] <kirkland> Vivek: check with roaksoax, who has more current info than me
[16:47] <kirkland> Vivek: I rolled off of the Orchestra project and left Canonical a few months back
[16:47] <Vivek> kirkland: Nice meeting you here.
[16:48] <Vivek> kirkland: ok
[16:48] <kirkland> Vivek: likewise :-)
[16:48] <Vivek> I am Vivek Varghese Cherian
[16:48] <kirkland> Vivek: roaksoax is your huckleberry now :-)
[16:48] <Vivek> http://www.vivekcherian.com
[16:48] <Vivek> I am with CSSCorp and we can Canonical's Channel Partners.
[16:49] <Vivek> Sure, I'll get in touch with roaksoax.
[16:49] <Vivek> What times are roaksoax available ?
[16:49] <Vivek> I am in the Indian Standard Time ( + 5.30 GMT).
[16:50] <Vivek> This is the first time I am getting a response in the channel and it's 10.20 PM here in India :)
[16:50] <Vivek> I'll be leaving work in another 10 mins or so.
[16:50] <Vivek> kirkland: Do you suggest that I send a mail to the list ?
[16:53] <Vivek> s/can/are
[16:53] <Vivek> Typo a few lines back :)
[16:58] <kirkland> Vivek: yeah, mailing the list would be the best bet
[16:59] <kirkland> Vivek: ah, right, I remember you from CSSCorp now :-)
[16:59] <kirkland> Vivek: roaksoax was on holiday this week, I think he's back next week
[16:59] <kirkland> Vivek: he's typically either in Peru or Miami
[16:59] <Vivek> kirkland: ok
[16:59] <kirkland> Vivek: I can point you to a few documents on Orchestra
[16:59] <kirkland> Vivek: one second ...
[16:59] <Vivek> Please do.
[17:00] <kirkland> Vivek: https://help.ubuntu.com/community/Orchestra
[17:00] <kirkland> Vivek: https://wiki.ubuntu.com/Kernel/Reference/Orchestra
[17:00] <kirkland> Vivek: and if you've found by blog posts on orchestra, then that'll give you some background
[17:05] <Vivek> kirkland: Thanks.
[17:05] <kirkland> Vivek: you bet, good luck
[17:05] <Vivek> kirkland: I need to say bye for now. Happy Weekend :)
[17:06] <Vivek> Thanks SpamapS for your inputs as well.
[17:06] <kirkland> Vivek: one more contact would be Daviey
[17:06] <kirkland> Vivek: he's usually in a UK timezone
[17:06] <kirkland> Vivek: if that timing helps you any better
[17:07] <Vivek> ok
[17:07] <Vivek> Bye for now
[17:15] <lool> hey all!
[17:15] <lool> ogra suggested that I ask here
[17:15] <lool> The web indices for e.g. http://uec-images.ubuntu.com/precise/20120203/ which I think are generated from cdimage code say "For ARMv5t processors and above"; it's because for "armel" images we say "For ARMv5t processors and above." -- which was true in jaunty; since we don't really have any official ARM images for anything older than lucid which is ARMv7t2, I propose that we change it to ARMv7; is that ok?  would you rather have a different wording?
[17:15] <lool> (gosh 309 people in this chan)
[17:16] <ogra_> lool, also note that we dont have *any* plain armel (without subarch) images at all, i wonder how that got there
[17:16] <lool> ogra_: they might have plain armel images with separate aki?  no idea
[17:16] <ogra_> Daviey, ^^^ an idea ?
[17:16] <lool> I can see the case statement in the cdimage code though, so it's easy for me to fix an obviously incorrect string  ;-)
[17:17] <ogra_> feel free :)
[17:17] <ogra_> i'm still confused why they are built though
[17:18] <koolhead17> hi all
[17:18] <lool> ogra_: Ok; so I'm taking your ack for it and doing the change to "ARMv7" and changing armel to armel|armhf; if it's an issue, ping me and I will revert it
[17:18] <ogra_> no issue :)
[17:24] <lool> oddly, that was already fixed in one of the two branches
[17:24] <lool> looks like there's a fork of the code somewhere or on an out of date copy
[17:24] <lool> well, I'll see; I've pushed the public branch updates
[17:32] <ogra_> lool, oh, i think the cloud guys work off a fork, yeah
[17:33] <ogra_> completely separate and not merged back yet iirc
[18:08] <robbiew> lool: utlemming is the one to talk to
[18:09] <utlemming> lool: I'll get that fixed
[18:14] <utlemming> lool: I've update the string to "ARMv7"
[18:16] <lool> utlemming: Could you add a case statement for armhf too?  (see public cdimage branch)
[18:16] <lool> robbiew: thanks
[18:17] <robbiew> lool: ;)
[18:17] <lool> utlemming: In fact, our current implementation for cdimages.ubuntu.com has case statements by platform to distinguish OMAP, i.MX51 etc. which you might want to consider if your image is platform specific
[18:17] <utlemming> lool: yup. We aren't quite ready to pulish the armhf images yet, but when we do, they will be identified properly.
[18:17] <lool> Ok; thanks!
[18:18] <utlemming> lool: for the armel images, we have a generic one, and then we have an OMAP one (which has the bootloader, etc) on it. But you're right, we could make it a bit clearer
[18:46] <aljosa> in oneiric is it enough to change data_directory in postgres conf or is PG_DATA configured somewhere for init/startup scripts?
[19:10] <kraut> hi
[19:10] <kraut> is there any ppa for a newer openssl version? i'm looking for 1.0.1 which includes the padlock engine.
[19:24] <bjf> roaksoax: http://pastebin.ubuntu.com/827959/    http://pastebin.ubuntu.com/827962/
[19:27] <roaksoax> bjf: indeed weird. traffic gets denied apparently
[19:28] <roaksoax> bjf: can you pastebin the squid config too please?
[19:33] <bjf> roaksoax: i assume squid3 (i still have /etc/squid/squid.conf after the upgrade
[19:34] <roaksoax> bjf: bug #924739
[19:36] <bjf> roaksoax: i'm emailing it to you since it's so large
[19:39] <roaksoax> bjf: yeah seems to be an issue with squid rather than withorchestra as per the above bug report
[19:41] <bjf> roaksoax: i copied the /etc/squid/squid.conf over the /etc/squid3/squid.conf and restarted squid. unfortunately i get the same error (i'm going to double check what i did)
[19:42] <adam_g> bjf: try /etc/init.d/squid3 stop, squid3 -N
[19:43] <adam_g> and paste output
[19:43] <bjf> roaksoax: i wonder if part of the problem is that /etc/squid/squid.conf is a symlink to /usr/share/orchestra/conf/squid.conf
[19:46] <bjf> adam_g: no output from the command. the cache.log is: http://pastebin.ubuntu.com/827990/
[19:47] <bjf> adam_g: also squid3 is upstart now so: "stop squid3"
[19:48] <adam_g> bjf: hehe yeah, init.d is an old habbit
[19:48] <bjf> adam_g: i ran "squid3 -z" and "squid3 -N" and it seems to be running now, will give it  a try
[19:49] <adam_g> bjf: (reads backlog) i was just working on bug 924739.. is there a bug for issue to get some context?
[19:49] <bjf> adam_g: no, i just upgraded and looks like i hit that bug
[19:52] <bjf> adam_g: * it's alive *  on to the next issue but I think this one is fixed
[19:52] <bjf> adam_g, roaksoax: thanks for the assist
[19:54] <adam_g> bjf: np
[19:55] <adam_g> roaksoax: we really need to make sure squid is transitioning smoothly for users, not just in context of orchestra but for ubuntu as a whole. issues like 924739  are going to bite *lots* of users
[19:56] <adam_g> smoser: ^
[19:56] <adam_g> are there any other packages that went through similar transitions in times past?
[19:56] <smoser> bug 924739
[19:57] <smoser> adam_g, definitely some packages have gone through such
[19:57] <smoser> zul, so...
[19:57] <zul> libvirt-lxc console
[19:57] <smoser> what i'm doing that was testing this was using: http://smoser.brickies.net/git/?p=tildabin.git;a=blob_plain;f=lxc-libvirt-root;hb=HEAD
[19:58] <smoser> and removing the '--console' at the end.
[19:58] <smoser> so it didn't connect to that console
[19:58] <smoser> then...
[19:58] <smoser> i was just booting cirros root with it
[19:58] <smoser> and then doing whatever was supposed to "flush console"
[20:00] <zul> smoser: right but the xml is different from what i use in openstack
[20:00] <smoser> zul, you have an example of what you have for lxc domain?
[20:01] <zul> smoser: yeah gimme a sec
[20:02] <smoser> well, you have:
[20:02] <smoser>         <console type='pty' tty='/dev/pts/2'>
[20:02] <smoser>             <source path='/dev/pts/2'/>
[20:02] <smoser>             <target port='0'/>
[20:02] <smoser>         </console>
[20:02] <smoser> but that is almost certainly wrong
[20:02] <smoser> right?
[20:03] <zul> smoser: http://paste.ubuntu.com/828010/
[20:04] <smoser> zul, is that different than trunk ?
[20:04] <roaksoax> bjf: anytime
[20:04] <roaksoax> adam_g: indeed
[20:04]  * roaksoax is experiencing wifi issues
[20:04] <zul> smoser: that is from trunk
[20:05] <smoser> strange.
[20:05] <smoser> because http://paste.ubuntu.com/828015/ is what nova/virt/libvirt.xml.template looks like.
[20:06] <smoser> so maybe libvirt just ignores the tty= stuff ?
[20:06] <smoser> so anywahy...
[20:06] <smoser> hm..
[20:10] <smoser> zul, with your xml it doesn't change my experience
[20:10] <smoser> so you can test that locally.
[20:10] <smoser> it seems more direct path to me
[20:10] <zul> interesting
[20:10] <zul> ok ill play around
[20:26] <ninjai> how can I completely reconfigure sendmail? I messed up my cfgs and I want to completely re-install it including configs
[20:44] <ninjai> this is the line right here I see in the email header that I think is giving me problems: "Received: from mydomain.com (localhost [127.0.0.1])"
[20:44] <ninjai> mydomain.com isn't my domain
[20:44] <ninjai> well
[20:44] <ninjai> it is in my windows network
[20:45] <ninjai> but it used to say this: "Received: by atari (Postfix, from userid 1005)
[20:45] <ninjai> "
[20:45] <ninjai> makes no sense >:(
[20:45] <ninjai> I've already completely reconfigured sendmail/postfix to no avail
[20:45] <ninjai> Head is about to explode
[20:45] <ninjai> I suspect the above reason is why we are being rejected by clients
[20:45] <ninjai> clients' mail servers
[20:55] <jjohansen> hallyn: http://people.canonical.com/~jj/linux-image-3.2.0-12-generic_3.2.0-12.21~aadentry_amd64.deb
[20:56] <jjohansen> this is for bug#925028 but it should work for your other problems as well, consider it a fall back if I the simple labeling doesn't work out.  The patch for this will go in either way
[20:57] <jjohansen> I haven't gotten back to fixing the labeling between USNs and the above, but I am going to get back to it now will have it for you monday morning
[21:00] <hallyn> jjohansen: thanks.  tbh i dont' completely understand the labeling you're talking about
[21:00] <hallyn> piloting this afternoon, will test tonight or tomorrow
[21:00] <hallyn> gary_poster: ^ i suppose you could test that one as well if you have time
[21:01] <gary_poster> hallyn, not this second, but can on Monday if you want
[21:01] <gary_poster> hallyn, or in evening if necessary
[21:01] <hallyn> gary_poster: no worries, i'll get to it then.  thanks.
[21:01] <gary_poster> ok thank you hallyn
[21:02] <hallyn> jjohansen: i'll reread your email and maybe the src to clue myself in better about the labeling.
[21:08] <jjohansen> hallyn: I'll dig out the doc I have been working on, its far from finished, and I am sure has more than a few errors in it
[21:09] <hallyn> thx
[21:13] <adam_g> SpamapS: ping
[21:32] <tdelam> hello, does anyone know of a good snooping/watch program to watch SSH users? I need to configure some stuff remotely on a server but I want to teach some juniors by allowing them to snoop while I set up.
[21:36] <guntbert> tdelam: look at http://ubuntuforums.org/showthread.php?t=299286
[21:37] <tdelam> thanks
[21:38] <guntbert> tdelam: you're welcome :-) (and please don't cross-post in the future :-))
[21:39] <tdelam> guntbert: I didn't mean to, I realized afterwards that my question has nothing to do with Ubuntu but Ubuntu server.
[21:39] <guntbert> tdelam: its ok :)  no harm done
[21:39] <tdelam> :) thanks, my apologies.
[21:41] <tdelam> wow, that is pretty sweet.
[21:44] <guntbert> tdelam: is it ok for you? btw thank you for giving me that idea :)
[21:56] <Potatoe_> I am trying to do rate limiting with iptables but I can't go past about 20 in the hit count field. "iptables -I INPUT -p udp --dport 5060 -m recent --update --seconds 1 --hitcount 16 -j DROP" Any suggestion on how I could do this with 30 seconds and 5000 as the --hitcount ?
[21:59] <tdelam> guntbert: welcome :) and yea it works flawlessly
[21:59] <tdelam> I just tested it out, I'll make good use of this for training some guys on Monday
[22:00] <guntbert> tdelam: so will I on the next occasion :)
[22:01] <tdelam> I never knew I could do that with screen, it's very easy
[22:45] <Chrysippus> Hello.  I'm in the process of evaluating servers.  Has Ubuntu-Server adopted the proposed move to systemd init and logging?
[22:50] <kerframil> no
[22:52] <kerframil> to put that it into perspective: https://undacuvabrutha.wordpress.com/2011/04/29/why-ubuntu-should-continue-with-upstart-for-11-10/
[22:57] <Chrysippus> kerframil: Thanks for the link.  That's the answer I was hoping for.  I'm very new to Ubuntu -- is that an authroitative position?  It sound so, from content and tone.   I'm seeking a distribution with a server-centric community that'll server as a stable core on which to keep up to date with modern kernels and latest Xen.   The collection of L.P.-tech - from Pulse Audio, to Systemd, libcanberra, avahi, the list goes on - that's being blindly
[22:57] <Chrysippus> adopted by some distributions has had me concerned.
[23:00] <kerframil> Chrysippus: likewise
[23:00] <kerframil> Chrysippus: I don't even like upstart particularly. in any case, jumping on to a bandwagon at that juncture would have been madness.
[23:00] <Chrysippus> I'm not particularly well-versed in 'upstart' either.  My own requirements with regards to init & syslogging are -- let *me* sensibly manage server daemons, stop breaking things, and stop messing with rsyslogd.
[23:00] <kerframil> Chrysippus: amen!
[23:03] <kerframil> Chrysippus: things such as these are bothersome also: https://bugs.launchpad.net/ubuntu/+source/plymouth/+bug/531331/comments/18
[23:05] <Chrysippus> Is Ubuntu-Server targeted more as server distro to be used as provided, or one on which more modern packaging & backports are readily available, &/or source builds from upstream projects don't require endless patching?  I'm specfically looking to Xen.  I've found binaries in Ubuntue packaging for 4.1.1 so far, which lags behind upstream.
[23:05] <hallyn> rbasak: I'm confused on bug 879666.  Is there any reason not to JFDI?
[23:06] <kerframil> Chrysippus: I can't give a neutral answer, as I am someone who administers Ubuntu simply because I have to. I don't think it's targetted at all; rather, I think it prevails on branding. obviously, you should draw your conclusions based on your particular needs.
[23:07] <hallyn> jtaylor: tbh i was hoping stgraber or slangasek would look at that one.  but maybe i should man up...
[23:08] <hallyn> (oops, wrong chan)
[23:08] <Chrysippus> kerframil: I'm in the process of gathering data, so that I might draw those conclusions.  I don't particularly trust neutral answers.   I'm more a fan of opinions based on expertise and opinion.  But noted.
[23:09] <kerframil> Chrysippus: well, let's just say I wouldn't want to irk anyone in the course of expressing my views ;)
[23:12] <Chrysippus> kerframil: Shame that that's the way of things these days, but understood.
[23:24] <kerframil> Chrysippus: you mentioned building a custom kernel. that's a requirement in these quarters for several reasons, one of which is that the stock kernel crashed on us from time to time. packaging and distributing a kernel isn't so hard, but I had issues with userland hanging (plymouth related and where I knew the kernel itself wasn't to blame). now, I see to have a solution though gutting out various upstart scripts entirely.
[23:25] <kerframil> Chrysippus: this process is now enshrined in a puppet manifest
[23:25] <kerframil> seem*
[23:26] <Chrysippus> Are 'modern' kernels (e.g., 3.2.x + pvops) available in Ubu-Server packaging?
[23:30] <kerframil> Chrysippus: you could try looking through the personal package archives collection I suppose. if you know how to build a kernel, I really wouldn't bother. the more distros I experience, the more I find the downstream process to be a hindrance rather than a help to getting things done. building a kernel isn't hard and, to be fair, the make-pkg utility does package it up into a deb without undue fuss.
[23:30] <Chrysippus> kerframil: On Solaris, I never bothered with kernel builds.  On FreeBSD, kernel builds were trivial.  I assume there's not too great of a difference for Ubu-Server, or Linux in general.  Adding Xen into consideration complicates the details a bit.
[23:30] <kerframil> make-kpkg, sorry
[23:31] <cwillu_at_work> Chrysippus, ubuntu has vanilla kernel debs available of everything including rc's and nightlies
[23:31] <cwillu_at_work> no security updates on them beyond what kernel.org releases though
[23:32] <kerframil> Chrysippus: if you have that kind of experience, you can adapt to Linux easily enough. at the end of the day, you can unpack sources, configure and make without faffing around with distro idioms. as I say, debian/ubuntu's make-kpkg tool does work fairly well if you want to distribute. I'll give it that.
[23:32] <cwillu_at_work> http://kernel.ubuntu.com/~kernel-ppa/mainline/
[23:32] <kerframil> cwillu_at_work: not that I'd use these (need certain patches) but good to know, thanks
[23:33] <Chrysippus> cwillu_at_work: And the rest of UbuServer runs relatively happily on top of these vanilla kernels?  From my reading, that's not the case with all Linux distros.
[23:33] <cwillu_at_work> Chrysippus, it's the case with most
[23:33] <cwillu_at_work> I actually run pretty much all my machines off those kernels
[23:34] <kerframil> Chrysippus: I found it to be awkward for the reasons noted above. if you want the details, feel free to drop me an email. been a long day and don't really want to go through the particulars. there are a few things you have to be careful about, for instance devtmpfs support is a requirement.
[23:34] <kerframil> Chrysippus: I can boot reliably now - and without an initramfs
[23:34] <Chrysippus> cwillu_at_work: Any of them running modern Xen, if I may ask?
[23:34] <cwillu_at_work> Chrysippus, I use kvm
[23:35] <Chrysippus> kerframil: I'll keep the offer in mind, thanks.  May revisit, but need to do my homework first.
[23:36] <Chrysippus> At the very least, it sounds like "here" there's a community interested in and focussed on server issues.  A lot less chatter re: desktop apps.
[23:37] <kerframil> Chrysippus: the endless desktop churn is a veritable yawn fest to me also
[23:50] <Chrysippus> For use cases such as we've been chatting about, what about the "UbuServer vs Debian" choice? I have zero interest in the religious wars between communities, and am only interested in the functional advantages of one versus the other.  Much of what I've read about Canonical/Ubuntu contributions has been focussed on the desktop user.  I simply do not yet know what, if any, are the substantive differentiators on the server-side.
[23:58] <Chrysippus> Sorry kerframil ^^