Super_DogDinking around with AjaxPlorer.  Install instructions say "Make sure that the « data » sub-folder is writeable by the webserver."01:04
Super_DogAnybody have recommendations on the property "sudo chmod -R" command for that?  I'm crappy with permissions...01:05
patdk-lapwould be more than that01:06
patdk-lapunless you make it writable by all01:06
Super_DogWritable by all would be a little bad wouldn't it.... :-(01:06
patdk-lapdepends on many things, but generally, yes01:06
Super_DogCorrect me if I'm wrong, but can you assign 755 to just the "www-data" user....  Wouldn't that do the trick in Ubuntu?01:08
patdk-lapyes, and kill whoever needed to edit/modify/... it01:09
patdk-lapplus means the web user has more permissions than probably needed, like making changes to that program itself01:09
patdk-lapnormally you just set the group to www-data01:09
patdk-lapand give group write access to what is needed01:09
airtonixSuper_Dog: i usually add my user to the www-data group and set the permissions to 77501:10
Super_DogDo you mean 775 or 755?01:10
airtonixthen chown www-data:www-data /var/www -R01:10
airtonixSuper_Dog: i mean 77501:11
patdk-lapthat is way overkill01:11
airtonixhow is it overkill?01:11
patdk-lapjust like I said above01:11
patdk-lapthe webuser can EDIT and MODIFY anything in the program01:11
airtonixand yourself?01:12
patdk-lapleave user alone, why change it?01:12
airtonixbecause it needs to actually do stuff?01:12
Super_DogAm trying to just AjaxPlorer....01:12
patdk-lapsince when does the user have anything to do with that?01:12
airtonixit's pretty awesome having a /var/www that you can't even setup stuff in01:12
Super_DogAm a moderately experienced Ubuntu desktop user and relatively new to the Ubuntu Server platform01:13
airtonixpatdk-lap: oh i don't know, perhaps when you need to : git clone repourl:project-name ./project01:13
airtonixbut hey, maybe the "webuser" magically does this with ESP01:13
patdk-lapwhy am I git cloning a website?01:14
airtonixif you need to ask that question, then i am at a loss for words01:14
patdk-lapI wouldn't do it into /var/www01:14
Super_DogGuys... I didn't understand a single thing you are talking about... :-)01:15
patdk-lapI keep the websites owned by a user01:15
patdk-lapand let the webserver access it01:15
patdk-lapno reason for the webserver to own it01:15
airtonixpatdk-lap: and then the www-data user can't write... more awesome01:15
patdk-lapwhy can't it write?01:15
airtonixbecause it doesn't own it?01:15
airtonixbecause you left it at 75501:15
patdk-lapas I said, that is what I use group permissions for01:16
patdk-lapwho said I left it at 755?01:16
patdk-lapdid you not read ANYTHING I said?01:16
patdk-lap<patdk-lap> yes, and kill whoever needed to edit/modify/... it01:16
patdk-lap plus means the web user has more permissions than probably needed, like making changes to that program itself01:16
patdk-lap normally you just set the group to www-data01:16
patdk-lap and give group write access to what is needed01:16
Super_DogSo let's say I'm a normal human being that doesn't know Ubuntu from his elbow....  When they tell me in the install manual to, "Make sure that the « data » sub-folder is writeable by the webserver" what do I do when it appears I have successfully installed the LAMP stack in Ubuntu?01:17
Super_DogI have a www-data group it appears....01:18
Super_DogI presume that is the user that has privileges in the /var/www directory....01:18
airtonixapparently you only let "A Group" write to "A Folder", then when your application fails becuase it can't write you come back here01:19
Super_DogAirtonix:  You said "I usually add my user to the www-data group and set the permissions to 775"...  Pray what command do you issue to make that happen?01:19
airtonixSuper_Dog: ls -al /var/www will show you what user and group have ownership01:19
airtonixSuper_Dog: you add users to groups with : sudo adduser USERNAME GROUPNAME01:20
airtonixSuper_Dog: you set permission bits with : sudo chmod 775 PATHNAME [ -R ] << where -R is optionally recursive01:21
Super_Dogok  so if I have a user joseph I could issue:  sudo adduser joseph www-data       ?01:21
airtonixSuper_Dog: apparently you should be making a group called "AwesomeDevelopersGroupThatHaveWriteAccessToThisOneFolder"01:21
airtonixand adding yourself to that group, then change ownership of your virtualhost folder under /var/www to be owned by taht group with : sudo chown :AwesomeDevelopersGroupThatHaveWriteAccessToThisOneFolder /var/www/VIRTUALHOST_FOLDER -R01:22
Super_DogIt says that user 'joseph' is already a member of `www-data'.01:26
Super_Dogsudo chmod 775 /var/www/ajaxplorer/data -R    - Does this look right?01:32
Super_DogI've added the users who should have access to this to the "www-data" group it appears....01:33
Super_DogGuys....  Only works when I do following:01:36
Super_Dogsudo chmod 777 /var/www/ajaxplorer/data -R01:36
Super_DogI know that's probably bad.... (Sorry, permissions have been the bane of my existence and I am an admitted retarded idiot when it comes to Ubuntu Server permissions.)01:37
Super_DogAny ideas?01:37
taipresthere any issues02:52
taipreswith latest ubuntu server edition(went 32bit to save memory)02:53
airtonixsave memory?02:53
taipres64bit version naturally uses more02:54
taipresI choose ubuntu over centos because ubuntu just easier for me to compile stuff03:02
taipresbut need kind memory usage03:02
patdk-laphmm, 10.04 32bit installs with only 23megs ram usage03:14
taipressudo apt-get install lighttpd php5-cgi03:47
taipressays it can't find either package, any ideas?03:47
qman__have you enabled universe?03:48
qman__I don't think those are in main, though I could be wrong03:49
taipresqman no03:49
taipreshow do I do that03:49
qman__sudo vi /etc/apt/sources.list, uncomment the lines in the universe section03:49
qman__sudo apt-get update03:49
taipresthis isn't gonna install a bunch of intense apps right? my only constraint is memory03:50
qman__no, it will only allow you to install more software03:50
qman__it doesn't install more software by itself03:50
patdk-lapyou won't be doing large downloads from php will you?03:51
qman__it will use slightly more disk space to cache the available packages03:51
qman__but we're talking kilobytes03:52
taipresdon't see any lines commented03:52
taipresI see03:52
taipresdeb http://archive.ubuntu.com/ubuntu natty main restricted universe03:52
taipresdeb http://archive.ubuntu.com/ubuntu natty-updates main restricted universe03:52
taipresdeb http://archive.ubuntu.com/ubuntu natty-security main restricted universe03:52
taipreslast one is deb http://archive.canonical.com/ubuntu natty partner03:52
taiprespatdk and no, no php big downloads03:53
taipresalthough my VPS is on a 1Gbps hehe, and cpu is good03:54
taipresphp probably uses lot of mem for big downloads03:54
patdk-lapno, lighttpd does03:54
patdk-laplighttpd buffers anything external into ram03:54
taipresreally? I thought that was the point03:55
taipreslow memory consumption03:55
patdk-lapso if you send a large file via php/proxy/...03:55
patdk-laplighttpd isn't about low memory comsumtion03:55
patdk-lapit's about being fast03:55
taipres"With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more)"03:55
patdk-lapit normally uses small memory03:55
patdk-lapbut it buffers first03:55
taipresherm, well do you recommend a different web server then?03:56
patdk-lapif you send a 1gig file from php, lighttpd will allocate 1gig of ram to hold it03:56
taipresif I go over 256 is goes into vswap03:56
taipreshave anothre 256 there too03:56
patdk-lapwell, normally you don't have to worry about it, don't send large files, or if you must, use x-sendfile03:56
qman__FYI, I run apache on real hardware with 256MB03:56
qman__along with plenty of other stuff03:56
qman__without any issues03:56
taipresapache dies easy though03:56
taipresis the reason i'm using alternative web server03:57
* patdk-lap has never seen apache die03:57
patdk-lapmost likely you use bad apache modules03:57
taipresthis guy has03:57
taipresclaimed it was lot of traffic and apaches keep alive default time03:57
qman__that's all adjustable03:57
patdk-lapapache died for him cause of bad config03:57
qman__and more likely a problem with the VPS software03:58
patdk-lapand he hitting the oom03:58
patdk-lapnot apaches fault03:58
qman__not saying don't try other things, just that apache is not the culprit here03:58
taipresso you think apache is better at mem than lighthttpd?03:58
patdk-lapI never said that03:59
taipresi've never really heard apache described as anything besides bloated and complicated config03:59
patdk-lapI use lighttpd, and love it, and it is low mem for me03:59
taipresI use it with xamp and my regular server but is pre config so03:59
patdk-lapbut it does BUFFER first, than attempt to stay low mem03:59
patdk-lapso it is possible for lighttpd to use gigabytes of ram, easily, if you are stupid enough to let it03:59
qman__configuring apache is not very complicated03:59
taipresso any ideas why I can't get this download to work? when config file seems ok?03:59
qman__it's bloated compared to minimalist servers, but not compared to other featureful servers04:00
taipresi'm gonna google regardless but if you know i'dr ather not waste hours04:00
qman__have you done apt-get update?04:00
taipresdoing that right now04:01
patdk-lapheh, you always update, before attempting to install04:01
patdk-lappackage versions change often04:01
qman__for example, IME, apache blows IIS7 out of the water in terms of performance04:01
qman__it's all relative04:01
taipresis IIS suppose to be good?04:01
qman__if you ask microsoft it is04:02
taipresI just remember in the 90's all the flood of exploits for it04:02
patdk-lapheh for iis7?04:02
taipresnever read about performance04:02
taipresnah older iis i'm sure04:02
patdk-lapiis5 wasn't nice04:02
patdk-lapiis6 is ok04:02
patdk-lapiis7 has been good so far04:02
qman__yeah, iis5 was the disaster area04:02
taipresthe update fixed it, thanks04:02
qman__they learned the lesson for the most part and have tried to be secure by default04:02
taipresnice :D04:03
taipresI wish windows had more linux like everything only a few commands away04:03
* patdk-lap still puts apache + mod_security infront of iis04:03
taipresthat's only thing i really like about linux04:03
patdk-lapstart using powershell? :)04:03
qman__in my opinion, powershell tried to fix that, but failed miserably04:03
qman__it's so obtuse and awkward, it just doesn't work04:03
patdk-lapya, I made some mixed powershell + vbs scripts, that work good though04:04
taipresthat's unfortunate04:04
taipresI love me some VBS scripts04:04
patdk-lapconfusing as hell, that you talk both languages in one file, but you can't mix them04:04
taipresCOM rocks04:04
qman__powershell is useful but it's not smooth or cohesive04:04
qman__nothing like bash04:04
patdk-lapman, I made a private key, and I can't locate it anywhere04:05
taipresmicrosofts one framework is really nice too, the one to get all the info04:05
qman__also, you can cause a BSOD by running ps | kill04:05
taiprescan't think of the name, wrote enough code to use it, you'd think i'd know04:05
taipresvbs can access it too04:06
taipresoh WMI04:06
taiprescan evne control CPU speed with it, with some computers04:07
taiprescomes on all windows that I know of04:07
taipresor CPU fan speed rather04:07
taipreslinux memory management also threw me for a loop when i spent hours trying to figure out why I couldn't free memory allocated with pthread stack04:08
taipreslike I could on windows, turns out linux sees memory different, if its not used it's considered wasted04:09
taipresbut then again even at max mem swap was never touched, so I guess it's really just cached mem not the actually stats04:10
qman__yeah, you have to count less buffers and cache04:11
taipreshttp://www.slideshare.net/haish/linux-memory-consumption good overview04:11
qman__the kernel is very good at utilizing free memory to speed up the system04:11
taipresqman makes sense04:12
taipresjust makes me uncomfortable when I see 90% used04:12
taipresbut i'll get use to it04:12
taipresif it bothers me that much may just switch from pthreads to forks, because when the processes are killed they free04:13
linociscowho is using vbox with ubuntu server?04:17
linociscoI can't mount vbox guest addition cdrom on ubuntu guest server04:18
patdk-lapno one?04:18
linociscono one04:18
qman__that's going to be a question for virtualbox people04:18
qman__unless they included a deb for it, it's probably not going to work04:18
linociscoi was asking there04:19
linociscono one is responsive after a while.04:20
taipresthey're a pretty active bunch at times they may just not know04:20
taipresyou try googling?04:20
taipresgot lighthttpd and php going well, fastcgi enabled too04:24
taipresubuntu rocks, now need to go after mysql, heard it's a memory pig04:24
linociscohow to clear all iptables entries?04:25
patdk-lapmysql is hardly a memory hog04:25
taiprespatdk-lap that's good then :)04:25
linociscohow to clear all iptables entries? all know it is to list with "iptables -L" but I dont know how to clear.04:25
linociscohi all , mine is similar to this "http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte". but no answer yet04:31
linociscohi all , mine is similar to this "http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte". but no answer yet04:34
SpamapSlinocisco: iptables -F04:37
SpamapSlinocisco: note that this only flushes the *filter* table.. there are others... 'man iptables' will explain them04:37
linociscoSpamapS, thanks. I would try. btw, could you also look at http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte04:38
linociscoSpamapS, i dont know why mine is not successful like that04:38
SpamapSlinocisco: I think I have an answer for that one.04:47
airtonixwhy does /etc/resolv.conf have to be a symlink?04:51
SpamapSairtonix: it doesn't!04:52
airtonixSpamapS: apparently it does!04:52
SpamapSairtonix: but, without resolvconf, you won't adapt to network changes properly04:53
airtonixSpamapS: who said anything about not having a resolvconf?04:53
SpamapSairtonix: the package resolvconf04:53
airtonix1. install bind 2. rm /etc/resolv.conf 3. echo "nameserver" | sudo tee /etc/resolv.conf 4. sudo service bind restart 5. recieve error 6. slow clap04:54
airtonixso again...04:54
SpamapSairtonix: apt-get remove resolvconf04:54
airtonixwhy would i do that on a server ? i didn't install it04:54
SpamapSits part of ubuntu-minimal04:55
airtonixshouldn't ubuntu server require the software it's installed with by default?04:55
airtonixsince you know... that's the image i installed.. ubuntu-server04:55
SpamapSbut its only Priority: important , so you can remove it04:55
SpamapSairtonix: no, a lot of that stuff is there as a convenience.04:55
airtonixcould have fooled me04:56
SpamapSairtonix: resolvconf is actually quite handy for dealing with a dynamic environment. And for static environments, it should leave your stuff alone.04:56
airtonixi'm on ubuntu-server... i install bind.. i expect to not have problems like this04:56
SpamapSairtonix: I can see that you've been inconvenienced by this, and you have an idea of how you'd like things to work. Now is a great time to file a bug report. Perhaps against 'ubuntu-minimal' with 'apport-bug ubuntu-minimal'04:58
airtonixso here is what will happen. i'll take your word for it that resolvconf isn't required by anything else, i'll remove it and my server will die.04:58
Super_DogAnybody run across this before?  http://pastebin.com/LqvtaJQK04:59
airtonixlarge flames will consume it04:59
Super_Dogset locale problem?04:59
SpamapSairtonix: if your server dies because you remove resolvconf, then something did not declare the dependency properly and that is most *definitely* a bug.04:59
SpamapSairtonix: btw, if you read 'man resolvconf' it explains how to make sure your static interfaces push their configs into resolv.conf05:03
* SpamapS notices that 'man interfaces' doesn't explain this, nor does 'man resolvconf' .. filing bugs05:05
jayjayis anyone online :)05:35
SpamapSairtonix: bug was already reported almost a month ago btw: bug #93423705:36
uvirtbotLaunchpad bug 934237 in ifupdown "Manual pages should mention dns-nameserver and dns-search" [Undecided,Invalid] https://launchpad.net/bugs/93423705:36
SpamapSairtonix: did your server imoliate itself yet?05:36
jayjayhey I'm having some issues transferring my ssh key05:36
jayjayi keep getting a connecting timed iout error05:37
airtonixyes it's currently a hazard zone now05:37
jayjayany tips? I'm kinda scared to keep ssh running right now :S05:38
jayjaythere have been 4 attempts to hack it with multiple ip's today05:38
SpamapSjayjay: sorry, I don't understand the question. How are you trying to "transfer your ssh key" ?05:38
jayjaySorry i was not clear. I am trying to transfer my ssh key from my ubuntu 10.04 server onto my laptop with this command ssh-copy-id <username>@<host>05:39
jayjayi keep getting this error ssh: connect to host XXX.XXX.XX.XX port 22: Connection timed out05:40
qman__then you either have the wrong address or it's firewalled05:41
jayjayits firewalled05:42
jayjayi have shorewall installed05:42
jayjaybut i users the shore wall stop command05:42
jayjaydo i need to remove shore wall to be able to do this?05:43
qman__not likely05:43
qman__you need to add an exception05:43
jayjayi can connect to ssh via my laptop05:43
jayjayi just can't transfer the key05:43
jayjayi added an exception for ssh05:43
qman__wait, are you trying to connect to SSH on the server, or on the laptop?05:44
qman__because if you're trying to connect to the server from the laptop, you need to also transfer the key to the server from the laptop05:45
qman__the client's key needs to be placed on the ssh server05:45
jayjaythe laptop is the client05:46
jayjaythe desktop is the server05:46
qman__then you need to run ssh-copy-id on the laptop05:46
jayjayyes i just ran that command from the laptop as ssh-copy-id SERVER IP05:46
jayjayit worked this time =D05:47
qman__yeah, it always goes that way05:48
jayjayok after the command, it asked me to enter my password05:48
qman__I was unsure because all my linux boxes run sshd05:48
jayjaycan i disable the password in the ssh config file and still be able to connect to the ssh server?05:48
qman__the way ssh-copy-id works, it logs in over SSH to copy the key05:49
qman__after that, you should be able to log in without entering an SSH password05:49
qman__though you may have to enter a key password, depending on how you created the key05:49
jayjayno i did not05:50
jayjaywhen i made the key i left the password option blank05:50
qman__ok, in addition to that, your client has to actually look for and use the key05:50
qman__I'm guessing since ssh-copy-id worked, it'll use it05:50
qman__default is ~/.ssh/id_rsa05:51
jayjayUhgggg now my laptop will not connect to it at all :I05:53
jayjayi give up at this ssh key thing05:57
jayjayLOL wtf i just started my firewall backup and now its letting me connect to it but still requires a password05:58
airtonixjayjay: if you want to auto login with pub/priv key from laptop to server then you send the public version of your key set on the laptop to the servers ~/.sssh/authorized_keys (or just paste it in there and chmod it and the directory ~/.ssh/ 700)06:11
airtonix*i mean ~/.ssh06:11
airtonixjayjay: another unfortunate and undocumented side effect of using pub/priv keys is that when you have more than 7, the ssh-agent on the machine you are sitting at will only check if the first 7 (you never know which 7)  are valid for logging into the remote machine.06:13
airtonixmore than 7 local ssh keys06:13
airtonixjayjay: even setting a shortcut in ~/.ssh/config on your local machine will not circumvent this. you unfortunately have to: SSH_AGENT= ssh user@remote -i ~/.ssh/id_rsa06:14
airtonixwhich is to mean that you have t set SSH_AGENT= (to nothing)06:14
airtonixat least i think it's SSH_AGENT06:15
taipresfinally got phpmyadmin working, lighttpd needed alias edit06:18
taipresit's a hideous version though06:18
taipresi'm hoping ubuntu repository has the latest06:18
taipresut oh, says it is the latest06:19
taipresit's not.06:19
taipresi'll try main ubuntu channel06:20
taipresisn't bleeding edge version of ubuntu, so have to compile phpmyadmin from source06:38
taipreshave a good one gentlemen06:55
linociscosquid proxy with two NIC (one for WAN and one for LAN) possible?06:57
=== Guest53663 is now known as onre
linociscosquid proxy with two NIC (one for WAN and one for LAN) possible?07:35
linociscosquid proxy with two NIC (one for WAN and one for LAN) possible?07:40
krautthere is no reason for repeating yourself07:48
krautand yes, why not? if the connectivity is fine, squid would be fine.07:48
RoyKlinocisco: I don't see why not...07:50
linociscoi never had internet through squid on vbox07:51
linociscothat is why now I am testing zentyal07:51
_ruben2+ legged squids are much more common than single legged squids i'd say08:00
linociscoRoyK, I made iptables and i configure squid with just http_acccess 312808:11
linocisco_ruben, I long waited to see internet through squid.never worked08:11
linocisco_ruben, but all my testing was on Vbox08:12
=== smb` is now known as smb
RoyKlinocisco: it should work - if it doesn't, you've probably made an error somewhere. don't start messing around with iptables until you know everything else is working08:14
linociscoRoyK, to allow internal network internat access, i need iptables NAT rule to open ports, right? and then ipv4 forward=108:15
_rubenyou're combining all kinds of stuff that are not directly related .. how do you want to use squid? as a manually configured proxy in clients, or as a transparent proxy, or ..?08:22
linocisco_ruben, first of all, i want manually08:25
_rubenin case, iptables won't be needed at all08:26
_rubenin that case*08:26
lynxmanmorning o/08:41
iolynxman: hi!08:41
lynxmanio: ello :)08:42
=== Leseb_ is now known as Leseb
linocisco_ruben, how could route between two NIC cards, WAN and LAN card?08:50
_rubensquid's a proxy, not a router08:52
_rubena proxy works on a higher (osi layer) level than a router, basically08:53
_rubeneg: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/what-is-masq.html08:54
linociscoI want to know exactly how to handle squid with two LAN cards(one is WAN and one is LAN). that is so clear that all LAN clients should get internet from that proxy08:57
_rubenthe number of network cards really has zero influence on how squid works and/or needs to be configured08:59
_rubenthe squid box itself has properly working internet access i assume?09:00
jibeljamespage, SpamapS  do you know why lamp_reboot post-install test keeps failing  ? It seems that php code is not interpreted. Is it a bug in the test or real issue ?09:01
jamespagejibel: not sure - I'll try to take a look today09:17
rye_Hello, I am curious about the status of bug #935585 - I am experiencing this issue, the bug report has a branch attached but no status changes, is it being tracked for release?09:17
uvirtbotLaunchpad bug 935585 in upstart "[kernel panic] init: log.c:786: Assertion failed in log_clear_unflushed: log->remote_closed" [High,Confirmed] https://launchpad.net/bugs/93558509:17
jamespagelynxman, reviewing the rabbitmq-server debdiff (again)09:17
jamespagemorning Daviey09:17
lynxmanjamespage: cool beans :)09:17
koolhead17hello all09:29
RoyKlinocisco: yes09:35
linociscoyes for what? sorry i cleared previous msgs09:35
RoyK09:15 < linocisco> RoyK, to allow internal network internat access, i need iptables NAT rule to open ports, right? and then ipv4  forward=109:37
linociscoRoyK, yes. so i need iptables anyway09:40
RoyKlinocisco: adding that masq rule won't hurt09:41
linociscois there any precise guide?09:42
RoyKand you'll need another to do transparent proxying…09:42
RoyKguide to what?09:42
linociscoguide to (squid with two NICs(wan+LAN))09:42
RoyKgoogle ip masquerading09:43
RoyKit's rather simple, really09:43
linociscoit is easier said than done.09:43
RoyKlinocisco: yes, most things are, but google it, please, it really is simple09:44
linociscoRoyK, yes. I really want to blame myself as I really could not get it. and dying to feel myself as useless09:45
* RoyK goes to do something useful09:46
jjohansenstgraber: I replicated the rbind mount error in isolation, and fixed it you can try the parser at people.canonical.com/~jj/apparmor_parser, just drop it over the one in /sbin/10:21
jjohansen/me will work with jdstrand to get it into the archive today10:21
jjohansen/me hasn't tried it in a container yet, my container is failing with an error before hit the apparmor confinement, and I haven't had time to look into it yet.10:21
jjohansenSorry its been one of those weekends (son + accident => hospital kind)10:21
uvirtbotNew bug: #952893 in zookeeper (universe) "Zookeeper script contains invalid check for cygwin" [Undecided,New] https://launchpad.net/bugs/95289311:38
koolhead17nijaba: around11:39
nijabakoolhead17: hello11:40
koolhead17nijaba: what was the client you suggested instead postfix.11:41
nijabakoolhead17: msmtp-mta11:42
koolhead17nijaba: thanks11:42
koolhead17nijaba: BTW looking fwd to meet you on 4th apr :)11:43
nijabakoolhead17: unfortunately not sure yet if I'll be able to come11:44
koolhead17ooh. :( ok11:44
hallynstgraber: say, is the kernel with the apparmor mounts fix in the archive?13:41
hallyni'm goign to push the utmp fix, guess i should look through the (long) bug list and see what else i should squash in there13:41
uksysadminhey all13:41
stgraberhallyn: I'm grabbing jjohansen's fixed apparmor_parser and I'm running a test kernel, if I can get it to work here, we should have it working in the archive later today13:42
hallynoh the fix was userspace13:42
stgraberhallyn: well, jjohansen mentioned a few issues on the kernel side too, so I guess it's a bit of both13:44
stgraberjjohansen: btw, no need to apologize for work you couldn't do over your weekend ;) thanks for all the help debugging this13:45
uksysadminDoing a fresh install of Precise Server Beta 1 always boots into tty7 - first time I didn't realise - thought my box had hung.  Is there a bug filed against this? I can only find this one which seems to be there for a while: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/76183013:45
uvirtbotLaunchpad bug 761830 in grub2 "grub2 still hands off to blank tty7 on non-Server command-line-only systems and some Server systems" [Low,Confirmed]13:45
stgraberhallyn: so I'm testing http://people.canonical.com/~jj/apparmor_parser + http://people.canonical.com/~jj/linux-image-3.2.0-18-generic_3.2.0-18.29_amd64.deb now13:46
hallynstgraber: ok i'm trying to figure out how to stage things.  do you know when that might hit the archive?13:46
stgraberhallyn: apparmor_parser should hit the archive later today once I confirm it works and jjohansen and jdstrand can prepare a new package13:48
hallynok.  but so the apparmor policy in lxc won't be re-enabled until tomorrow right?13:48
stgraberhallyn: right, my plan is to upload LXC with the updated apparmor profile as soon as the new apparmor hits the archive, so likely late tonight or tomorrow13:49
stgraberwow, apparmor works! well, the first rule matched and worked, now I need to write the next ones ;)13:50
hallynit's all sugar and spice from here on out13:54
hallynstgraber: ok i'm going to push a fix in an hour or 3 for bugs 948623, 951150, and 94848113:54
uvirtbotLaunchpad bug 948623 in lxc "Can't start more than 35 containers on my machine" [High,In progress] https://launchpad.net/bugs/94862313:54
uvirtbotLaunchpad bug 951150 in lxc "lxc-start-ephemeral is not all ephemeral" [High,New] https://launchpad.net/bugs/95115013:54
stgraberbug 94848113:55
uvirtbotLaunchpad bug 948481 in lxc "adjust Build-Depends to include dh-apparmor" [Low,In progress] https://launchpad.net/bugs/94848113:55
hallyntrivial one...  just rolling it in13:55
stgraberok. While you're touching lxc-start-ephemeral would it be possible to add a "-d" flag to it to start the container in the background?13:56
hallynyou use lxc-start-ephemeral?13:56
hallynsure, will do13:56
hallynin that case, if you don't mind, i'll push a staging tree for you to test with?13:57
stgraberI used lxc-start-ephemeral to do some LXC stress testing yesterday and ended up doing "for i in $(seq 1 2000); do (lxc-start-ephemeral -o template&); sleep 2; done"13:57
hallynthat's pretty enough... :)13:57
hallynnow the script hangs around to clean up...  i guess i should just have the script itself fork and exit so the fokred thread cleans up13:58
stgraberhallyn: yeah, I think it'd be the easiest, longer term I think we should add pre/post scripts to the LXC config14:01
stgraberso we can have lxc-start run pre/post scripts outside the container and inside the container. OpenVZ has that and I remember using it quite often (though mostly for ugly workarounds ;))14:02
hallynyeah - like an initrd14:03
hallynthat would hlep the fedora case too14:03
hallynif you want to opena  bug on that...14:03
hallynor we can just discuss at uds i guess14:03
stgraberjjohansen: any reason "/** -> /usr/lib/lxc/root/**" wouldn't work? (it doesn't match)14:04
stgraberhallyn: I can add it to my UDS notes14:04
hallynalong with the rewrite in go14:04
stgraberright ;)14:04
smb`hallyn, While I see you around and before I forget: I had a little improvement for libvirt last week which may be something to feed back upstream (bug 949028). How would that best /simplest be done?14:07
uvirtbotLaunchpad bug 949028 in ubuntu "libvirt: xen: never use type=ioemu for vif definitions" [Medium,Triaged] https://launchpad.net/bugs/94902814:07
smb`hm... though that also was uploaded already (to precise)14:08
smb`bah, forgot the closes... :/14:09
=== JanC_ is now known as JanC
hallyngary_poster: hey, are you around?14:26
=== smb` is now known as smb
gary_posterhey hallyn, yes14:27
hallyngary_poster: i'm just looking at the lxc-start-ephemeral patch...14:28
gary_posterthanks, yes14:28
hallyngary_poster: only thing i noticed was that you seem to put the original LXC_BIND entry in the container fstab at the end14:28
hallynIIUC, won't that make your other bind mounts be overmounted?14:28
hallynoh, wait14:28
gary_posterI do compare for equality14:29
gary_posterI don't look for containment14:29
gary_posterI was taking the tack that if they do an explicit -b, they mean it14:29
hallynno, you mount them under $rootfs, so that'll DTRT. sorry :)14:29
gary_poster:-) cool, np14:29
hallyngary_poster: per stgraber's suggestion I'm also going to add a '-d' option, then i will push14:30
gary_postercool hallyn, thank you14:35
XethronI am looking for a way to dynamically control internet speed based on the amount of internet a user consumed relative to another.14:38
kirklandsmoser: howdy14:39
kirklandsmoser: do we have 64bit ami's for m1small yet?14:39
smoserthey just work14:40
smoseramis are all the same. they just changed the hardware14:40
XethronFor example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up"14:40
smoserer... the [virtual] hardware available to run on14:40
kirklandsmoser: oh?14:40
kirklandsmoser: you didn't have to rebuild the ami's using 64 bit kernels and packages?14:40
smoserno. we have 32 bit amis and 64 bit amis.14:41
XethronIs there something that can control something like that?14:41
smoserall they did was now allow you to run the 64 bit amis on m1.small size14:41
smoserpreviously they would just deny your request to do that.14:41
smoserthe interesting thing this means is that they basically have no more 32 bit only hardware.14:41
smoser(or they can select filter the availablbe nodes to run a m1.small on to ones that have 64 bit hardware in the hypervisor)14:42
smoseri guess its more likely that they just have an arch aware scheduler.14:43
lynxmanjamespage: ping14:50
stgraberjjohansen: [61634.549605] apparmor_parser[16338]: segfault at 8 ip 000000000040fcc5 sp 00007fffef35cd20 error 4 in apparmor_parser[400000+be000]14:51
stgraberjjohansen: that's when adding pivotroot14:51
stgraberhallyn: so I guess we'll be running without apparmor for a few more days ;)14:54
hallynstgraber: dang.14:57
a_okdoes it matter if I add a mount option in fstab that is not supported?14:57
hallynstgraber: well i think i'll whip up a set of apparmor mount rules anyway, and pretend i tested it14:57
stgraberhallyn: the mount rules for the /usr/bin/lxc-start can be tested but anything after that can't as pivotroot is denied and can't be allowed without apparmor_parser crashing :)14:59
hallynstgraber: i wasn't going to restrict mounts for lxc-start itself i don't think14:59
hallynmaybe i should...15:00
hallyni guess i should.15:00
hallynno sense allowing mounts with target outside of $rootfs15:00
stgraberhallyn: also you seem to have the choice between a generic "mount" allowing everything or allowing each of them individually but can't make something like "/** -> /usr/lib/lxc/root/**" as I'd have done for /usr/bin/lxc-start15:00
stgraberbut that's a bug, the documented syntax allows it15:01
hallynoh i misread15:02
hallyni'm goign to go based on the docs at the wiki.  and file bugs :)15:02
stgraberok :)15:03
hallynbut first i have some other testing to do.  bbl15:03
stgraberhallyn: I think "/** -> /usr/lib/lxc/root**" is what we want for usr.bin.lxc, we also want "pivotroot /usr/lib/lxc/root" and then look into the second profile15:04
stgraberhallyn: the tricky part being nested containers15:04
=== bitmonk_ is now known as bitmonk
jamespagelynxman, pong15:14
hallynstgraber: my hope is that nested containers will just DTRT with pathanmes...15:28
hallynstgraber: I'm more worried about cgrousp with nested containers.15:28
hallynbc i'd like to restrict writing to them15:28
hallynstgraber: did i cc: you on the email about that?15:28
uvirtbotNew bug: #953081 in php5 (main) "libapache2-mod-php5 postinst script does not enable module" [Undecided,New] https://launchpad.net/bugs/95308115:33
stgraberhallyn: I think you did, at least I remember you mentioning it (basically it'd be great to allow /sys/fs/cgroup/*/lxc/<container name>/** in apparmor)15:35
hallynq is do we want to risk the complicatino of per-container profiles this late in cycle15:36
pabelangerSo I'm getting ready to upload my patches for bug 953093, glance will still use sqlite3 by default.15:38
uvirtbotLaunchpad bug 953093 in glance "Add dbconfig-common support to glance" [Undecided,New] https://launchpad.net/bugs/95309315:38
=== sixstringsg is now known as sixstringsg|away
stgraberhallyn: I'd usually say it's too risky but on the other end I'm guessing LTS users (me included) will want it and so it'd be easier to fix any bug post-release than to explain how to implement the feature on their own until the next LTS15:39
hallynstgraber: do you think this requires FFE?15:39
hallynor is it a bug that users can't specify per-container policy?15:40
=== Lcawte|Away is now known as Lcawte
stgraberhallyn: I think it'd need a FFe but explaining the current limitation and the problem it'd be for our users15:44
hallynstgraber: the ugliest part of this is the complication/slowdown at lxc-create, lxc-clone, and lxc-destroy15:45
stgraberhallyn: yeah, though if only building and loading the new profile it should be fairly quick15:46
stgraberhallyn: (as long as we don't call a full reload of all the profiles)15:46
hallynstgraber: certainly won't be doing that :)15:46
gary_posterhallyn, we are seeing tempfs be very unhappy now (it has errors trying to whiteout files).  The only thing I know I did in a crazy way is that we are using an overlayfs as an upper for another overlayfs in my patch.  We can switch to just making a new tempfs instead and see if that is less insane15:58
gary_posterthat's what I'm going to try to do in a bit15:59
gary_posterneed to step away for now15:59
bencerhi huats, jamespage16:20
bencerwe have uploaded new packages of zentyal fixing the issues you raised16:21
huatsbencer: ok great16:21
jamespagebencer: great!16:21
bencerwhen do you think you can have a look at them?16:21
jamespagebencer, tomorrow realistically16:25
bencerjamespage: ok cool, i will ping you again tomorrow :)16:26
bencerlet me know if we can do anything else in the meanwhile16:26
pabelangerAnybody know where the glance debian packaging branch is?  Or which one is master?16:27
pabelangerTrying to create a merge request16:27
bencerjamespage: huats could also upload them? do you want to have a look at them again? or can i push him to upload them asap?16:27
pabelangerI am assuming lp:ubuntu/nova16:28
pabelangersorry, lp:ubuntu/glance16:28
jamespagebencer: we should not upload until a FFe has been granted for these packages - https://wiki.ubuntu.com/FreezeExceptionProcess16:28
hallyngary_poster: my understanding is that the rationale/justification for overlayfs's simplicity is precisely that you can overly on top of an overlay16:28
hallyngary_poster: so doing what you suggest is good for verifying that that's the problem, but if there's a problem then it's a bug16:28
jamespagebencer: preparing the information for that in the bug report is something that can happen in between now and review completion16:29
jamespageI note from the bug report that there is still some debate as to whether these packages should be native or not.16:29
huatsbencer: i cannot upload that since the FFe is needed + the new process16:29
bencerjamespage: huats should we fill the bug for FFe now?16:30
jamespagebencer: yes - it can be done in the existing bug report16:30
bencerjamespage: do we have to do something else than subscribing ubuntu-release team?16:32
jamespagebencer, yes - the Bug Description needs to be populated with the information detailed in https://wiki.ubuntu.com/FreezeExceptionProcess16:33
hallynstgraber: help!16:34
hallynstgraber: my attempt to dput lxc failed with -eperm16:34
jamespagebencer: I think it just needs re-shuffling to line up with the required information to support the release team approval16:35
stgraberhallyn: again? :)16:35
jamespageplease don't subscribe ubuntu-release until myself/huats has had time to review again; packaged really need to be good-to-go16:36
stgraberhallyn: should be good now16:36
hallynstgraber: i don't *think* i did anything stupid...16:36
hallynthanks, retrying16:36
bencerjamespage: huats ok thanks, i will ping you both tomorrow, going to rewrite the bug description before then, thanks again16:37
jamespagebencer: no problem16:37
pabelangerOkay, just created my first merge request using launchpad.  I _think_ I did it right16:45
hallynstgraber: push worked this time, thanks :)16:47
stgraberhallyn: np. cjwatson hardcoded the ACL in his script so it shouldn't be dropped anymore ;)16:48
stgraberhallyn: you merged that one https://code.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150/+merge/97021 right?16:49
hallynstgraber: yup16:49
hallynhopefully the right one (i didn't realize he was going to make more changes)16:49
hallynstgraber: and -d works for me :)16:50
stgraberhallyn: cool. Marking the bug fix released and the branch merged then.16:50
hallynlp email told me it was marked fix released16:50
stgraberbug 95115016:50
uvirtbotLaunchpad bug 951150 in lxc "lxc-start-ephemeral is not all ephemeral" [High,New] https://launchpad.net/bugs/95115016:50
stgraber^ doesn't agree :)16:50
uvirtbotstgraber: Error: "doesn't" is not a valid command.16:50
stgraberanyway marked fix released manuaally16:51
hallyni wonder if the mp was done after the push, and that re-opened the bug16:53
pabelangerNow, on to adding dbconfig-common support into nova17:05
=== JanC_ is now known as JanC
koolhead17|awaywa00 is nova going to be completely automates ?  /o.0\17:18
gary_posterhallyn, I have confirmation that overlayfs + upper overlayfs does not allow removal of files; overlayfs + upper tempfs does17:37
gary_posterit may be that overlayfs requires xattrs but does not implement it?17:38
gary_posterhallyn, I modified my branch: http://bazaar.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150/revision/7917:42
gary_postershould I make a new MP?17:42
hallyngary_poster: yes pls17:42
gary_posterack hallyn17:42
hallyngary_poster: by overlayfs upper,17:42
hallyngary_poster: that means the fs changes will be written to?17:42
hallynthat seems reasonable to refuse17:42
gary_posterhallyn, yes17:42
hallynso you're working around that?17:43
gary_posterhallyn, yeah, I just make another tempfs17:43
gary_postermount that in ephemeralbind17:43
gary_posterand it is ok17:43
hallyngary_poster: should you create a single tmpfs for all overalys for a container,17:43
hallynand create subdirs under that to use as the overlays?17:43
gary_posterthat's what I do hallyn, yeah17:44
hallyngary_poster: awesome, thanks :)17:44
gary_posterhallyn, MP is here: https://code.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150-2/+merge/97077 .  Would you like me to file a separate bug, or do anything else?18:17
hallyngary_poster: no thanks, i'll take it from here18:18
gary_postercool, thanks hallyn18:18
* gary_poster goes to have a bit of lunch18:18
hallynnp - ttyl18:18
hallyngary_poster: to be sure, you ran this and it cleaned up fine?  (wondering whether i can just push blindly, or should setup an env to test in)18:21
mgwany suggestions on avoiding clock skew on qemu-kvm guests? Is there a demonstrable reason why ntp shouldn't be used?18:51
gary_posterhallyn, I tested it quickly and it seemed fine.  I had used a version without the -d changes for my initial tests.  If you haven't already run a couple of tests, I'm happy to18:55
gary_posterhappy to run a few more tests, I mean18:55
hallyngary_poster: -d shouldn't affect it, i'll push, thanks18:57
gary_postercool thank you18:57
hallynthanks you for the patch :18:58
gary_poster:-) welcome18:58
XethronI wish to setup a server that will dynamically control internet speed based on the amount of internet a user consumed relative to another. For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up". Does anyone know of software with the ability to do that?19:05
=== sixstringsg|away is now known as sixstringsg
uvirtbotNew bug: #953289 in unixodbc (main) "package odbcinst1debian2 2.2.14p2-5ubuntu2 failed to install/upgrade: ErrorMessage: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/95328919:23
axisysi have to pick disk 8 while booting (ctrl+p and then select disk 8) to boot the OS.. do I need to change the disk order in bios to automate this?19:27
axisyscan I just install the boot loader on every disk instead ?19:28
EvansdnyI just setup my first home server using ubuntu 11.10 server of course coming from kubuntu and ubuntu on most of my machines i feel very mich at home. i am however having a horrible time configuring aliases and sub domains in apache either manually or using webmin's interface. i just cant seems to get the sub domain to come up. i have a top level domain and a static IP address at home through my ISP19:31
Evansdnyany help or direction to some good information sites would be greatly appreciated19:33
axisysEvansdny: you will have lot better luck in getting support if you pastebin some error from your apache either here or #httpd channel19:35
Evansdnyok....   well i guess i'm not getting any errors it just goes directly to the top level domain and dousnt even see the sub domain. even though all my config files are correct19:36
Evansdny i will try #httpd19:38
axisyshow do I catch the grub at boot on lucid ? shift is not catching it19:41
axisysis it esc+shift?19:42
axisysesc worked19:44
axisysthis x4270 fails to boot all the way http://paste.ubuntu.com/880895/20:08
axisyswhat gives?20:08
_KaszpiR_GPT: Use GNU Parted to correct GPT errors.20:10
axisyshmm.. in recovery mode it boots all the way20:14
axisys_KaszpiR_: so boot in that mode and try to fix it, may be?20:14
axisysnot sure what is the fix20:15
axisysGPT:585937498 != 585937499 <-- so change the block size or something?20:15
axisyssdi and sdj are part of md and boot disk20:18
axisysno GPT error for those two20:18
axisysrecovery mode works perfect.. it is really single user mode .. and I enabled ssh and ssh in it.. all lvm+md looks good and installed new pkg.. works perfectr20:30
=== alaing is now known as funkymonk
axisyshttp://paste.ubuntu.com/880960/ <-- boots perfect in dmesg20:54
=== sixstringsg is now known as sixstringsg|away
=== sixstringsg|away is now known as sixstringsg
uvirtbotNew bug: #953453 in lxc (universe) "[FFE] use per-container apparmor profiles" [Undecided,New] https://launchpad.net/bugs/95345321:55
akgranermmm, thought you'd like to see the table of contents for Issue 12 of Ubuntu User Magazine  - http://www.ubuntu-user.com/Magazine/Archive/2012/1222:17
=== sixstringsg is now known as sixstringsg|away
HaltingStatehey; is ssh enabled/running by default on ubuntu server?22:52
HaltingStateif i install from iso and hook up to network can I ssh in or do i have to do something else also22:53
pabelangerHaltingState: when you install openssh-server it is22:54
pabelangeryou will be prompted during the installation process to add it22:54
=== Lcawte is now known as Lcawte|Away
uvirtbotNew bug: #953533 in groovy (universe) "groovysh crashes instead of starting" [Undecided,New] https://launchpad.net/bugs/95353323:16
XethronI wish to setup a server that will dynamically control internet speed based on the amount of internet a user consumed relative to another. For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up". Does anyone know of software with the ability to do that?23:26
=== sixstringsg|away is now known as sixstringsg

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!