/srv/irclogs.ubuntu.com/2012/03/12/#ubuntu-server.txt

Super_Dog	Dinking around with AjaxPlorer. Install instructions say "Make sure that the « data » sub-folder is writeable by the webserver."	01:04
Super_Dog	Anybody have recommendations on the property "sudo chmod -R" command for that? I'm crappy with permissions...	01:05
patdk-lap	would be more than that	01:06
patdk-lap	unless you make it writable by all	01:06
Super_Dog	Writable by all would be a little bad wouldn't it.... :-(	01:06
patdk-lap	depends on many things, but generally, yes	01:06
Super_Dog	Correct me if I'm wrong, but can you assign 755 to just the "www-data" user.... Wouldn't that do the trick in Ubuntu?	01:08
patdk-lap	yes, and kill whoever needed to edit/modify/... it	01:09
patdk-lap	plus means the web user has more permissions than probably needed, like making changes to that program itself	01:09
patdk-lap	normally you just set the group to www-data	01:09
patdk-lap	and give group write access to what is needed	01:09
airtonix	Super_Dog: i usually add my user to the www-data group and set the permissions to 775	01:10
Super_Dog	Do you mean 775 or 755?	01:10
airtonix	then chown www-data:www-data /var/www -R	01:10
airtonix	Super_Dog: i mean 775	01:11
patdk-lap	that is way overkill	01:11
airtonix	how is it overkill?	01:11
patdk-lap	just like I said above	01:11
patdk-lap	the webuser can EDIT and MODIFY anything in the program	01:11
airtonix	and yourself?	01:12
airtonix	nothing?	01:12
patdk-lap	leave user alone, why change it?	01:12
airtonix	because it needs to actually do stuff?	01:12
patdk-lap	heh?	01:12
Super_Dog	Am trying to just AjaxPlorer....	01:12
patdk-lap	since when does the user have anything to do with that?	01:12
airtonix	it's pretty awesome having a /var/www that you can't even setup stuff in	01:12
Super_Dog	Am a moderately experienced Ubuntu desktop user and relatively new to the Ubuntu Server platform	01:13
airtonix	patdk-lap: oh i don't know, perhaps when you need to : git clone repourl:project-name ./project	01:13
patdk-lap	hmm?	01:13
airtonix	but hey, maybe the "webuser" magically does this with ESP	01:13
patdk-lap	why am I git cloning a website?	01:14
airtonix	if you need to ask that question, then i am at a loss for words	01:14
patdk-lap	I wouldn't do it into /var/www	01:14
Super_Dog	Guys... I didn't understand a single thing you are talking about... :-)	01:15
patdk-lap	I keep the websites owned by a user	01:15
patdk-lap	and let the webserver access it	01:15
patdk-lap	no reason for the webserver to own it	01:15
airtonix	patdk-lap: and then the www-data user can't write... more awesome	01:15
patdk-lap	why can't it write?	01:15
airtonix	because it doesn't own it?	01:15
airtonix	because you left it at 755	01:15
patdk-lap	as I said, that is what I use group permissions for	01:16
patdk-lap	who said I left it at 755?	01:16
patdk-lap	did you not read ANYTHING I said?	01:16
patdk-lap	<patdk-lap> yes, and kill whoever needed to edit/modify/... it	01:16
patdk-lap	plus means the web user has more permissions than probably needed, like making changes to that program itself	01:16
patdk-lap	normally you just set the group to www-data	01:16
patdk-lap	and give group write access to what is needed	01:16
Super_Dog	So let's say I'm a normal human being that doesn't know Ubuntu from his elbow.... When they tell me in the install manual to, "Make sure that the « data » sub-folder is writeable by the webserver" what do I do when it appears I have successfully installed the LAMP stack in Ubuntu?	01:17
Super_Dog	I have a www-data group it appears....	01:18
Super_Dog	I presume that is the user that has privileges in the /var/www directory....	01:18
airtonix	apparently you only let "A Group" write to "A Folder", then when your application fails becuase it can't write you come back here	01:19
Super_Dog	Airtonix: You said "I usually add my user to the www-data group and set the permissions to 775"... Pray what command do you issue to make that happen?	01:19
airtonix	Super_Dog: ls -al /var/www will show you what user and group have ownership	01:19
airtonix	Super_Dog: you add users to groups with : sudo adduser USERNAME GROUPNAME	01:20
airtonix	Super_Dog: you set permission bits with : sudo chmod 775 PATHNAME [ -R ] << where -R is optionally recursive	01:21
Super_Dog	ok so if I have a user joseph I could issue: sudo adduser joseph www-data ?	01:21
airtonix	Super_Dog: apparently you should be making a group called "AwesomeDevelopersGroupThatHaveWriteAccessToThisOneFolder"	01:21
airtonix	and adding yourself to that group, then change ownership of your virtualhost folder under /var/www to be owned by taht group with : sudo chown :AwesomeDevelopersGroupThatHaveWriteAccessToThisOneFolder /var/www/VIRTUALHOST_FOLDER -R	01:22
Super_Dog	It says that user 'joseph' is already a member of `www-data'.	01:26
Super_Dog	sudo chmod 775 /var/www/ajaxplorer/data -R - Does this look right?	01:32
Super_Dog	I've added the users who should have access to this to the "www-data" group it appears....	01:33
Super_Dog	Guys.... Only works when I do following:	01:36
Super_Dog	sudo chmod 777 /var/www/ajaxplorer/data -R	01:36
Super_Dog	I know that's probably bad.... (Sorry, permissions have been the bane of my existence and I am an admitted retarded idiot when it comes to Ubuntu Server permissions.)	01:37
Super_Dog	Any ideas?	01:37
taipres	there any issues	02:52
taipres	with latest ubuntu server edition(went 32bit to save memory)	02:53
airtonix	save memory?	02:53
taipres	yeah	02:54
taipres	64bit version naturally uses more	02:54
taipres	I choose ubuntu over centos because ubuntu just easier for me to compile stuff	03:02
taipres	but need kind memory usage	03:02
patdk-lap	hmm, 10.04 32bit installs with only 23megs ram usage	03:14
taipres	sudo apt-get install lighttpd php5-cgi	03:47
taipres	says it can't find either package, any ideas?	03:47
qman__	have you enabled universe?	03:48
qman__	I don't think those are in main, though I could be wrong	03:49
taipres	qman no	03:49
taipres	how do I do that	03:49
qman__	sudo vi /etc/apt/sources.list, uncomment the lines in the universe section	03:49
qman__	sudo apt-get update	03:49
taipres	this isn't gonna install a bunch of intense apps right? my only constraint is memory	03:50
taipres	256MB	03:50
qman__	no, it will only allow you to install more software	03:50
qman__	it doesn't install more software by itself	03:50
taipres	thanks	03:50
patdk-lap	you won't be doing large downloads from php will you?	03:51
qman__	it will use slightly more disk space to cache the available packages	03:51
qman__	but we're talking kilobytes	03:52
taipres	don't see any lines commented	03:52
taipres	I see	03:52
taipres	deb http://archive.ubuntu.com/ubuntu natty main restricted universe	03:52
taipres	deb http://archive.ubuntu.com/ubuntu natty-updates main restricted universe	03:52
taipres	deb http://archive.ubuntu.com/ubuntu natty-security main restricted universe	03:52
taipres	last one is deb http://archive.canonical.com/ubuntu natty partner	03:52
taipres	patdk and no, no php big downloads	03:53
taipres	although my VPS is on a 1Gbps hehe, and cpu is good	03:54
taipres	php probably uses lot of mem for big downloads	03:54
patdk-lap	no, lighttpd does	03:54
patdk-lap	lighttpd buffers anything external into ram	03:54
taipres	really? I thought that was the point	03:55
taipres	low memory consumption	03:55
patdk-lap	so if you send a large file via php/proxy/...	03:55
patdk-lap	no	03:55
patdk-lap	lighttpd isn't about low memory comsumtion	03:55
patdk-lap	it's about being fast	03:55
taipres	"With a small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set (FastCGI, SCGI, Auth, Output-Compression, URL-Rewriting and many more)"	03:55
patdk-lap	it normally uses small memory	03:55
patdk-lap	but it buffers first	03:55
taipres	herm, well do you recommend a different web server then?	03:56
patdk-lap	if you send a 1gig file from php, lighttpd will allocate 1gig of ram to hold it	03:56
taipres	if I go over 256 is goes into vswap	03:56
taipres	have anothre 256 there too	03:56
patdk-lap	well, normally you don't have to worry about it, don't send large files, or if you must, use x-sendfile	03:56
qman__	FYI, I run apache on real hardware with 256MB	03:56
qman__	along with plenty of other stuff	03:56
qman__	without any issues	03:56
taipres	apache dies easy though	03:56
taipres	is the reason i'm using alternative web server	03:57
* patdk-lap has never seen apache die		03:57
qman__	same	03:57
taipres	http://www.kalzumeus.com/2010/06/19/running-apache-on-a-memory-constrained-vps/	03:57
patdk-lap	most likely you use bad apache modules	03:57
taipres	this guy has	03:57
taipres	claimed it was lot of traffic and apaches keep alive default time	03:57
qman__	that's all adjustable	03:57
patdk-lap	apache died for him cause of bad config	03:57
qman__	and more likely a problem with the VPS software	03:58
patdk-lap	and he hitting the oom	03:58
patdk-lap	not apaches fault	03:58
qman__	not saying don't try other things, just that apache is not the culprit here	03:58
taipres	so you think apache is better at mem than lighthttpd?	03:58
patdk-lap	I never said that	03:59
taipres	i've never really heard apache described as anything besides bloated and complicated config	03:59
patdk-lap	I use lighttpd, and love it, and it is low mem for me	03:59
taipres	I use it with xamp and my regular server but is pre config so	03:59
patdk-lap	but it does BUFFER first, than attempt to stay low mem	03:59
taipres	ok	03:59
patdk-lap	so it is possible for lighttpd to use gigabytes of ram, easily, if you are stupid enough to let it	03:59
qman__	configuring apache is not very complicated	03:59
taipres	so any ideas why I can't get this download to work? when config file seems ok?	03:59
qman__	it's bloated compared to minimalist servers, but not compared to other featureful servers	04:00
taipres	i'm gonna google regardless but if you know i'dr ather not waste hours	04:00
qman__	have you done apt-get update?	04:00
taipres	doing that right now	04:01
patdk-lap	heh, you always update, before attempting to install	04:01
patdk-lap	package versions change often	04:01
taipres	;D	04:01
qman__	for example, IME, apache blows IIS7 out of the water in terms of performance	04:01
qman__	it's all relative	04:01
taipres	is IIS suppose to be good?	04:01
qman__	if you ask microsoft it is	04:02
taipres	I just remember in the 90's all the flood of exploits for it	04:02
patdk-lap	heh for iis7?	04:02
taipres	never read about performance	04:02
taipres	nah older iis i'm sure	04:02
patdk-lap	iis5 wasn't nice	04:02
patdk-lap	iis6 is ok	04:02
patdk-lap	iis7 has been good so far	04:02
qman__	yeah, iis5 was the disaster area	04:02
taipres	the update fixed it, thanks	04:02
qman__	they learned the lesson for the most part and have tried to be secure by default	04:02
taipres	nice :D	04:03
taipres	I wish windows had more linux like everything only a few commands away	04:03
* patdk-lap still puts apache + mod_security infront of iis		04:03
taipres	that's only thing i really like about linux	04:03
patdk-lap	start using powershell? :)	04:03
qman__	in my opinion, powershell tried to fix that, but failed miserably	04:03
qman__	it's so obtuse and awkward, it just doesn't work	04:03
patdk-lap	ya, I made some mixed powershell + vbs scripts, that work good though	04:04
taipres	that's unfortunate	04:04
taipres	I love me some VBS scripts	04:04
patdk-lap	confusing as hell, that you talk both languages in one file, but you can't mix them	04:04
taipres	COM rocks	04:04
qman__	powershell is useful but it's not smooth or cohesive	04:04
qman__	nothing like bash	04:04
patdk-lap	man, I made a private key, and I can't locate it anywhere	04:05
taipres	microsofts one framework is really nice too, the one to get all the info	04:05
qman__	also, you can cause a BSOD by running ps \| kill	04:05
taipres	can't think of the name, wrote enough code to use it, you'd think i'd know	04:05
taipres	vbs can access it too	04:06
taipres	oh WMI	04:06
taipres	can evne control CPU speed with it, with some computers	04:07
taipres	comes on all windows that I know of	04:07
taipres	or CPU fan speed rather	04:07
taipres	linux memory management also threw me for a loop when i spent hours trying to figure out why I couldn't free memory allocated with pthread stack	04:08
taipres	like I could on windows, turns out linux sees memory different, if its not used it's considered wasted	04:09
taipres	but then again even at max mem swap was never touched, so I guess it's really just cached mem not the actually stats	04:10
qman__	yeah, you have to count less buffers and cache	04:11
taipres	http://www.slideshare.net/haish/linux-memory-consumption good overview	04:11
qman__	the kernel is very good at utilizing free memory to speed up the system	04:11
taipres	qman makes sense	04:12
taipres	just makes me uncomfortable when I see 90% used	04:12
taipres	but i'll get use to it	04:12
taipres	if it bothers me that much may just switch from pthreads to forks, because when the processes are killed they free	04:13
linocisco	who is using vbox with ubuntu server?	04:17
linocisco	I can't mount vbox guest addition cdrom on ubuntu guest server	04:18
patdk-lap	no one?	04:18
linocisco	no one	04:18
qman__	that's going to be a question for virtualbox people	04:18
qman__	unless they included a deb for it, it's probably not going to work	04:18
linocisco	i was asking there	04:19
linocisco	no one is responsive after a while.	04:20
taipres	they're a pretty active bunch at times they may just not know	04:20
taipres	you try googling?	04:20
taipres	got lighthttpd and php going well, fastcgi enabled too	04:24
taipres	ubuntu rocks, now need to go after mysql, heard it's a memory pig	04:24
linocisco	how to clear all iptables entries?	04:25
patdk-lap	mysql is hardly a memory hog	04:25
taipres	patdk-lap that's good then :)	04:25
linocisco	how to clear all iptables entries? all know it is to list with "iptables -L" but I dont know how to clear.	04:25
linocisco	hi all , mine is similar to this "http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte". but no answer yet	04:31
linocisco	hi all , mine is similar to this "http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte". but no answer yet	04:34
SpamapS	linocisco: iptables -F	04:37
SpamapS	linocisco: note that this only flushes the filter table.. there are others... 'man iptables' will explain them	04:37
linocisco	SpamapS, thanks. I would try. btw, could you also look at http://askubuntu.com/questions/58817/squid-proxy-not-working-using-ubuntu-server-10-04-and-two-nics-one-is-connecte	04:38
linocisco	SpamapS, i dont know why mine is not successful like that	04:38
SpamapS	linocisco: I think I have an answer for that one.	04:47
airtonix	why does /etc/resolv.conf have to be a symlink?	04:51
SpamapS	airtonix: it doesn't!	04:52
airtonix	SpamapS: apparently it does!	04:52
SpamapS	airtonix: but, without resolvconf, you won't adapt to network changes properly	04:53
airtonix	SpamapS: who said anything about not having a resolvconf?	04:53
SpamapS	airtonix: the package resolvconf	04:53
airtonix	1. install bind 2. rm /etc/resolv.conf 3. echo "nameserver 8.8.8.8" \| sudo tee /etc/resolv.conf 4. sudo service bind restart 5. recieve error 6. slow clap	04:54
airtonix	so again...	04:54
SpamapS	airtonix: apt-get remove resolvconf	04:54
airtonix	why would i do that on a server ? i didn't install it	04:54
SpamapS	its part of ubuntu-minimal	04:55
airtonix	shouldn't ubuntu server require the software it's installed with by default?	04:55
airtonix	since you know... that's the image i installed.. ubuntu-server	04:55
SpamapS	but its only Priority: important , so you can remove it	04:55
SpamapS	airtonix: no, a lot of that stuff is there as a convenience.	04:55
airtonix	could have fooled me	04:56
SpamapS	airtonix: resolvconf is actually quite handy for dealing with a dynamic environment. And for static environments, it should leave your stuff alone.	04:56
airtonix	i'm on ubuntu-server... i install bind.. i expect to not have problems like this	04:56
SpamapS	airtonix: I can see that you've been inconvenienced by this, and you have an idea of how you'd like things to work. Now is a great time to file a bug report. Perhaps against 'ubuntu-minimal' with 'apport-bug ubuntu-minimal'	04:58
airtonix	so here is what will happen. i'll take your word for it that resolvconf isn't required by anything else, i'll remove it and my server will die.	04:58
Super_Dog	Anybody run across this before? http://pastebin.com/LqvtaJQK	04:59
airtonix	large flames will consume it	04:59
Super_Dog	set locale problem?	04:59
SpamapS	airtonix: if your server dies because you remove resolvconf, then something did not declare the dependency properly and that is most definitely a bug.	04:59
SpamapS	airtonix: btw, if you read 'man resolvconf' it explains how to make sure your static interfaces push their configs into resolv.conf	05:03
* SpamapS notices that 'man interfaces' doesn't explain this, nor does 'man resolvconf' .. filing bugs		05:05
jayjay	hey	05:35
jayjay	is anyone online :)	05:35
SpamapS	airtonix: bug was already reported almost a month ago btw: bug #934237	05:36
uvirtbot	Launchpad bug 934237 in ifupdown "Manual pages should mention dns-nameserver and dns-search" [Undecided,Invalid] https://launchpad.net/bugs/934237	05:36
jayjay	cool	05:36
SpamapS	airtonix: did your server imoliate itself yet?	05:36
jayjay	hey I'm having some issues transferring my ssh key	05:36
jayjay	i keep getting a connecting timed iout error	05:37
airtonix	yes it's currently a hazard zone now	05:37
jayjay	any tips? I'm kinda scared to keep ssh running right now :S	05:38
jayjay	there have been 4 attempts to hack it with multiple ip's today	05:38
SpamapS	jayjay: sorry, I don't understand the question. How are you trying to "transfer your ssh key" ?	05:38
jayjay	Sorry i was not clear. I am trying to transfer my ssh key from my ubuntu 10.04 server onto my laptop with this command ssh-copy-id <username>@<host>	05:39
jayjay	i keep getting this error ssh: connect to host XXX.XXX.XX.XX port 22: Connection timed out	05:40
qman__	then you either have the wrong address or it's firewalled	05:41
jayjay	its firewalled	05:42
jayjay	i have shorewall installed	05:42
jayjay	but i users the shore wall stop command	05:42
jayjay	do i need to remove shore wall to be able to do this?	05:43
qman__	not likely	05:43
qman__	you need to add an exception	05:43
jayjay	i can connect to ssh via my laptop	05:43
jayjay	i just can't transfer the key	05:43
jayjay	i added an exception for ssh	05:43
jayjay	SSH/ACCEPTnet$FW	05:44
qman__	wait, are you trying to connect to SSH on the server, or on the laptop?	05:44
qman__	because if you're trying to connect to the server from the laptop, you need to also transfer the key to the server from the laptop	05:45
qman__	the client's key needs to be placed on the ssh server	05:45
jayjay	oh?	05:45
jayjay	the laptop is the client	05:46
jayjay	the desktop is the server	05:46
qman__	then you need to run ssh-copy-id on the laptop	05:46
jayjay	yes i just ran that command from the laptop as ssh-copy-id SERVER IP	05:46
jayjay	it worked this time =D	05:47
jayjay	test	05:48
qman__	yeah, it always goes that way	05:48
jayjay	ok after the command, it asked me to enter my password	05:48
qman__	I was unsure because all my linux boxes run sshd	05:48
jayjay	can i disable the password in the ssh config file and still be able to connect to the ssh server?	05:48
qman__	the way ssh-copy-id works, it logs in over SSH to copy the key	05:49
qman__	after that, you should be able to log in without entering an SSH password	05:49
qman__	though you may have to enter a key password, depending on how you created the key	05:49
jayjay	no i did not	05:50
jayjay	when i made the key i left the password option blank	05:50
qman__	ok, in addition to that, your client has to actually look for and use the key	05:50
qman__	I'm guessing since ssh-copy-id worked, it'll use it	05:50
qman__	default is ~/.ssh/id_rsa	05:51
jayjay	Uhgggg now my laptop will not connect to it at all :I	05:53
jayjay	:(	05:57
jayjay	i give up at this ssh key thing	05:57
jayjay	LOL wtf i just started my firewall backup and now its letting me connect to it but still requires a password	05:58
airtonix	jayjay: if you want to auto login with pub/priv key from laptop to server then you send the public version of your key set on the laptop to the servers ~/.sssh/authorized_keys (or just paste it in there and chmod it and the directory ~/.ssh/ 700)	06:11
airtonix	*i mean ~/.ssh	06:11
airtonix	jayjay: another unfortunate and undocumented side effect of using pub/priv keys is that when you have more than 7, the ssh-agent on the machine you are sitting at will only check if the first 7 (you never know which 7) are valid for logging into the remote machine.	06:13
airtonix	more than 7 local ssh keys	06:13
airtonix	jayjay: even setting a shortcut in ~/.ssh/config on your local machine will not circumvent this. you unfortunately have to: SSH_AGENT= ssh user@remote -i ~/.ssh/id_rsa	06:14
airtonix	which is to mean that you have t set SSH_AGENT= (to nothing)	06:14
airtonix	at least i think it's SSH_AGENT	06:15
taipres	finally got phpmyadmin working, lighttpd needed alias edit	06:18
taipres	it's a hideous version though	06:18
taipres	ugh	06:18
taipres	i'm hoping ubuntu repository has the latest	06:18
taipres	ut oh, says it is the latest	06:19
taipres	it's not.	06:19
taipres	i'll try main ubuntu channel	06:20
taipres	isn't bleeding edge version of ubuntu, so have to compile phpmyadmin from source	06:38
taipres	have a good one gentlemen	06:55
linocisco	squid proxy with two NIC (one for WAN and one for LAN) possible?	06:57
=== Guest53663 is now known as onre
linocisco	squid proxy with two NIC (one for WAN and one for LAN) possible?	07:35
linocisco	squid proxy with two NIC (one for WAN and one for LAN) possible?	07:40
kraut	there is no reason for repeating yourself	07:48
kraut	and yes, why not? if the connectivity is fine, squid would be fine.	07:48
RoyK	linocisco: I don't see why not...	07:50
linocisco	i never had internet through squid on vbox	07:51
linocisco	that is why now I am testing zentyal	07:51
_ruben	2+ legged squids are much more common than single legged squids i'd say	08:00
linocisco	RoyK, I made iptables and i configure squid with just http_acccess 3128	08:11
linocisco	_ruben, I long waited to see internet through squid.never worked	08:11
linocisco	_ruben, but all my testing was on Vbox	08:12
=== smb` is now known as smb
RoyK	linocisco: it should work - if it doesn't, you've probably made an error somewhere. don't start messing around with iptables until you know everything else is working	08:14
linocisco	RoyK, to allow internal network internat access, i need iptables NAT rule to open ports, right? and then ipv4 forward=1	08:15
_ruben	you're combining all kinds of stuff that are not directly related .. how do you want to use squid? as a manually configured proxy in clients, or as a transparent proxy, or ..?	08:22
linocisco	_ruben, first of all, i want manually	08:25
_ruben	in case, iptables won't be needed at all	08:26
_ruben	in that case*	08:26
lynxman	morning o/	08:41
io	lynxman: hi!	08:41
lynxman	io: ello :)	08:42
=== Leseb_ is now known as Leseb
linocisco	_ruben, how could route between two NIC cards, WAN and LAN card?	08:50
_ruben	squid's a proxy, not a router	08:52
_ruben	a proxy works on a higher (osi layer) level than a router, basically	08:53
_ruben	eg: http://tldp.org/HOWTO/IP-Masquerade-HOWTO/what-is-masq.html	08:54
linocisco	I want to know exactly how to handle squid with two LAN cards(one is WAN and one is LAN). that is so clear that all LAN clients should get internet from that proxy	08:57
_ruben	the number of network cards really has zero influence on how squid works and/or needs to be configured	08:59
_ruben	the squid box itself has properly working internet access i assume?	09:00
jibel	jamespage, SpamapS do you know why lamp_reboot post-install test keeps failing ? It seems that php code is not interpreted. Is it a bug in the test or real issue ?	09:01
jamespage	jibel: not sure - I'll try to take a look today	09:17
rye_	Hello, I am curious about the status of bug #935585 - I am experiencing this issue, the bug report has a branch attached but no status changes, is it being tracked for release?	09:17
uvirtbot	Launchpad bug 935585 in upstart "[kernel panic] init: log.c:786: Assertion failed in log_clear_unflushed: log->remote_closed" [High,Confirmed] https://launchpad.net/bugs/935585	09:17
jamespage	lynxman, reviewing the rabbitmq-server debdiff (again)	09:17
jamespage	morning Daviey	09:17
lynxman	jamespage: cool beans :)	09:17
koolhead17	hello all	09:29
RoyK	linocisco: yes	09:35
linocisco	yes for what? sorry i cleared previous msgs	09:35
RoyK	09:15 < linocisco> RoyK, to allow internal network internat access, i need iptables NAT rule to open ports, right? and then ipv4 forward=1	09:37
linocisco	RoyK, yes. so i need iptables anyway	09:40
RoyK	linocisco: adding that masq rule won't hurt	09:41
linocisco	is there any precise guide?	09:42
RoyK	and you'll need another to do transparent proxying…	09:42
RoyK	guide to what?	09:42
linocisco	guide to (squid with two NICs(wan+LAN))	09:42
RoyK	google ip masquerading	09:43
RoyK	it's rather simple, really	09:43
linocisco	it is easier said than done.	09:43
RoyK	linocisco: yes, most things are, but google it, please, it really is simple	09:44
linocisco	RoyK, yes. I really want to blame myself as I really could not get it. and dying to feel myself as useless	09:45
* RoyK goes to do something useful		09:46
jjohansen	stgraber: I replicated the rbind mount error in isolation, and fixed it you can try the parser at people.canonical.com/~jj/apparmor_parser, just drop it over the one in /sbin/	10:21
jjohansen	/me will work with jdstrand to get it into the archive today	10:21
jjohansen	/me hasn't tried it in a container yet, my container is failing with an error before hit the apparmor confinement, and I haven't had time to look into it yet.	10:21
jjohansen	Sorry its been one of those weekends (son + accident => hospital kind)	10:21
uvirtbot	New bug: #952893 in zookeeper (universe) "Zookeeper script contains invalid check for cygwin" [Undecided,New] https://launchpad.net/bugs/952893	11:38
koolhead17	nijaba: around	11:39
nijaba	koolhead17: hello	11:40
koolhead17	nijaba: what was the client you suggested instead postfix.	11:41
nijaba	koolhead17: msmtp-mta	11:42
koolhead17	nijaba: thanks	11:42
nijaba	np	11:43
koolhead17	nijaba: BTW looking fwd to meet you on 4th apr :)	11:43
nijaba	koolhead17: unfortunately not sure yet if I'll be able to come	11:44
koolhead17	ooh. :( ok	11:44
hallyn	morning!	13:37
stgraber	morning!	13:40
hallyn	stgraber: say, is the kernel with the apparmor mounts fix in the archive?	13:41
hallyn	i'm goign to push the utmp fix, guess i should look through the (long) bug list and see what else i should squash in there	13:41
uksysadmin	hey all	13:41
stgraber	hallyn: I'm grabbing jjohansen's fixed apparmor_parser and I'm running a test kernel, if I can get it to work here, we should have it working in the archive later today	13:42
hallyn	oh the fix was userspace	13:42
stgraber	hallyn: well, jjohansen mentioned a few issues on the kernel side too, so I guess it's a bit of both	13:44
stgraber	jjohansen: btw, no need to apologize for work you couldn't do over your weekend ;) thanks for all the help debugging this	13:45
uksysadmin	Doing a fresh install of Precise Server Beta 1 always boots into tty7 - first time I didn't realise - thought my box had hung. Is there a bug filed against this? I can only find this one which seems to be there for a while: https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/761830	13:45
uvirtbot	Launchpad bug 761830 in grub2 "grub2 still hands off to blank tty7 on non-Server command-line-only systems and some Server systems" [Low,Confirmed]	13:45
stgraber	hallyn: so I'm testing http://people.canonical.com/~jj/apparmor_parser + http://people.canonical.com/~jj/linux-image-3.2.0-18-generic_3.2.0-18.29_amd64.deb now	13:46
hallyn	stgraber: ok i'm trying to figure out how to stage things. do you know when that might hit the archive?	13:46
stgraber	hallyn: apparmor_parser should hit the archive later today once I confirm it works and jjohansen and jdstrand can prepare a new package	13:48
hallyn	ok. but so the apparmor policy in lxc won't be re-enabled until tomorrow right?	13:48
stgraber	hallyn: right, my plan is to upload LXC with the updated apparmor profile as soon as the new apparmor hits the archive, so likely late tonight or tomorrow	13:49
stgraber	wow, apparmor works! well, the first rule matched and worked, now I need to write the next ones ;)	13:50
hallyn	it's all sugar and spice from here on out	13:54
hallyn	stgraber: ok i'm going to push a fix in an hour or 3 for bugs 948623, 951150, and 948481	13:54
uvirtbot	Launchpad bug 948623 in lxc "Can't start more than 35 containers on my machine" [High,In progress] https://launchpad.net/bugs/948623	13:54
uvirtbot	Launchpad bug 951150 in lxc "lxc-start-ephemeral is not all ephemeral" [High,New] https://launchpad.net/bugs/951150	13:54
stgraber	bug 948481	13:55
uvirtbot	Launchpad bug 948481 in lxc "adjust Build-Depends to include dh-apparmor" [Low,In progress] https://launchpad.net/bugs/948481	13:55
hallyn	trivial one... just rolling it in	13:55
stgraber	ok. While you're touching lxc-start-ephemeral would it be possible to add a "-d" flag to it to start the container in the background?	13:56
hallyn	you use lxc-start-ephemeral?	13:56
hallyn	sure, will do	13:56
hallyn	in that case, if you don't mind, i'll push a staging tree for you to test with?	13:57
stgraber	I used lxc-start-ephemeral to do some LXC stress testing yesterday and ended up doing "for i in $(seq 1 2000); do (lxc-start-ephemeral -o template&); sleep 2; done"	13:57
hallyn	that's pretty enough... :)	13:57
hallyn	now the script hangs around to clean up... i guess i should just have the script itself fork and exit so the fokred thread cleans up	13:58
stgraber	hallyn: yeah, I think it'd be the easiest, longer term I think we should add pre/post scripts to the LXC config	14:01
stgraber	so we can have lxc-start run pre/post scripts outside the container and inside the container. OpenVZ has that and I remember using it quite often (though mostly for ugly workarounds ;))	14:02
hallyn	yeah - like an initrd	14:03
stgraber	right	14:03
hallyn	that would hlep the fedora case too	14:03
hallyn	if you want to opena bug on that...	14:03
hallyn	or we can just discuss at uds i guess	14:03
stgraber	jjohansen: any reason "/ -> /usr/lib/lxc/root/" wouldn't work? (it doesn't match)	14:04
stgraber	hallyn: I can add it to my UDS notes	14:04
hallyn	along with the rewrite in go	14:04
stgraber	right ;)	14:04
smb`	hallyn, While I see you around and before I forget: I had a little improvement for libvirt last week which may be something to feed back upstream (bug 949028). How would that best /simplest be done?	14:07
uvirtbot	Launchpad bug 949028 in ubuntu "libvirt: xen: never use type=ioemu for vif definitions" [Medium,Triaged] https://launchpad.net/bugs/949028	14:07
smb`	hm... though that also was uploaded already (to precise)	14:08
smb`	bah, forgot the closes... :/	14:09
=== JanC_ is now known as JanC
hallyn	gary_poster: hey, are you around?	14:26
=== smb` is now known as smb
gary_poster	hey hallyn, yes	14:27
hallyn	gary_poster: i'm just looking at the lxc-start-ephemeral patch...	14:28
gary_poster	thanks, yes	14:28
hallyn	gary_poster: only thing i noticed was that you seem to put the original LXC_BIND entry in the container fstab at the end	14:28
hallyn	IIUC, won't that make your other bind mounts be overmounted?	14:28
hallyn	oh, wait	14:28
gary_poster	I do compare for equality	14:29
gary_poster	I don't look for containment	14:29
gary_poster	I was taking the tack that if they do an explicit -b, they mean it	14:29
hallyn	no, you mount them under $rootfs, so that'll DTRT. sorry :)	14:29
gary_poster	:-) cool, np	14:29
hallyn	gary_poster: per stgraber's suggestion I'm also going to add a '-d' option, then i will push	14:30
gary_poster	cool hallyn, thank you	14:35
Xethron	I am looking for a way to dynamically control internet speed based on the amount of internet a user consumed relative to another.	14:38
kirkland	smoser: howdy	14:39
smoser	hy	14:39
kirkland	smoser: do we have 64bit ami's for m1small yet?	14:39
smoser	they just work	14:40
smoser	amis are all the same. they just changed the hardware	14:40
Xethron	For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up"	14:40
smoser	er... the [virtual] hardware available to run on	14:40
kirkland	smoser: oh?	14:40
kirkland	smoser: you didn't have to rebuild the ami's using 64 bit kernels and packages?	14:40
smoser	no. we have 32 bit amis and 64 bit amis.	14:41
Xethron	Is there something that can control something like that?	14:41
smoser	all they did was now allow you to run the 64 bit amis on m1.small size	14:41
smoser	previously they would just deny your request to do that.	14:41
smoser	the interesting thing this means is that they basically have no more 32 bit only hardware.	14:41
smoser	(or they can select filter the availablbe nodes to run a m1.small on to ones that have 64 bit hardware in the hypervisor)	14:42
smoser	i guess its more likely that they just have an arch aware scheduler.	14:43
lynxman	jamespage: ping	14:50
stgraber	jjohansen: [61634.549605] apparmor_parser[16338]: segfault at 8 ip 000000000040fcc5 sp 00007fffef35cd20 error 4 in apparmor_parser[400000+be000]	14:51
stgraber	jjohansen: that's when adding pivotroot	14:51
stgraber	hallyn: so I guess we'll be running without apparmor for a few more days ;)	14:54
hallyn	stgraber: dang.	14:57
a_ok	does it matter if I add a mount option in fstab that is not supported?	14:57
hallyn	stgraber: well i think i'll whip up a set of apparmor mount rules anyway, and pretend i tested it	14:57
stgraber	hallyn: the mount rules for the /usr/bin/lxc-start can be tested but anything after that can't as pivotroot is denied and can't be allowed without apparmor_parser crashing :)	14:59
hallyn	stgraber: i wasn't going to restrict mounts for lxc-start itself i don't think	14:59
hallyn	maybe i should...	15:00
hallyn	i guess i should.	15:00
hallyn	no sense allowing mounts with target outside of $rootfs	15:00
stgraber	hallyn: also you seem to have the choice between a generic "mount" allowing everything or allowing each of them individually but can't make something like "/ -> /usr/lib/lxc/root/" as I'd have done for /usr/bin/lxc-start	15:00
hallyn	right	15:00
stgraber	but that's a bug, the documented syntax allows it	15:01
hallyn	oh i misread	15:02
hallyn	i'm goign to go based on the docs at the wiki. and file bugs :)	15:02
stgraber	ok :)	15:03
hallyn	but first i have some other testing to do. bbl	15:03
stgraber	hallyn: I think "/ -> /usr/lib/lxc/root" is what we want for usr.bin.lxc, we also want "pivotroot /usr/lib/lxc/root" and then look into the second profile	15:04
stgraber	hallyn: the tricky part being nested containers	15:04
=== bitmonk_ is now known as bitmonk
jamespage	lynxman, pong	15:14
hallyn	stgraber: my hope is that nested containers will just DTRT with pathanmes...	15:28
hallyn	stgraber: I'm more worried about cgrousp with nested containers.	15:28
hallyn	bc i'd like to restrict writing to them	15:28
hallyn	stgraber: did i cc: you on the email about that?	15:28
uvirtbot	New bug: #953081 in php5 (main) "libapache2-mod-php5 postinst script does not enable module" [Undecided,New] https://launchpad.net/bugs/953081	15:33
stgraber	hallyn: I think you did, at least I remember you mentioning it (basically it'd be great to allow /sys/fs/cgroup//lxc/<container name>/* in apparmor)	15:35
hallyn	right	15:36
hallyn	q is do we want to risk the complicatino of per-container profiles this late in cycle	15:36
pabelanger	So I'm getting ready to upload my patches for bug 953093, glance will still use sqlite3 by default.	15:38
uvirtbot	Launchpad bug 953093 in glance "Add dbconfig-common support to glance" [Undecided,New] https://launchpad.net/bugs/953093	15:38
=== sixstringsg is now known as sixstringsg\|away
stgraber	hallyn: I'd usually say it's too risky but on the other end I'm guessing LTS users (me included) will want it and so it'd be easier to fix any bug post-release than to explain how to implement the feature on their own until the next LTS	15:39
hallyn	stgraber: do you think this requires FFE?	15:39
hallyn	or is it a bug that users can't specify per-container policy?	15:40
=== Lcawte\|Away is now known as Lcawte
stgraber	hallyn: I think it'd need a FFe but explaining the current limitation and the problem it'd be for our users	15:44
hallyn	ok	15:44
hallyn	stgraber: the ugliest part of this is the complication/slowdown at lxc-create, lxc-clone, and lxc-destroy	15:45
stgraber	hallyn: yeah, though if only building and loading the new profile it should be fairly quick	15:46
stgraber	hallyn: (as long as we don't call a full reload of all the profiles)	15:46
hallyn	stgraber: certainly won't be doing that :)	15:46
gary_poster	hallyn, we are seeing tempfs be very unhappy now (it has errors trying to whiteout files). The only thing I know I did in a crazy way is that we are using an overlayfs as an upper for another overlayfs in my patch. We can switch to just making a new tempfs instead and see if that is less insane	15:58
gary_poster	that's what I'm going to try to do in a bit	15:59
gary_poster	need to step away for now	15:59
bencer	hi huats, jamespage	16:20
bencer	we have uploaded new packages of zentyal fixing the issues you raised	16:21
huats	bencer: ok great	16:21
jamespage	bencer: great!	16:21
bencer	when do you think you can have a look at them?	16:21
jamespage	bencer, tomorrow realistically	16:25
bencer	jamespage: ok cool, i will ping you again tomorrow :)	16:26
bencer	let me know if we can do anything else in the meanwhile	16:26
pabelanger	Anybody know where the glance debian packaging branch is? Or which one is master?	16:27
pabelanger	Trying to create a merge request	16:27
bencer	jamespage: huats could also upload them? do you want to have a look at them again? or can i push him to upload them asap?	16:27
pabelanger	I am assuming lp:ubuntu/nova	16:28
pabelanger	sorry, lp:ubuntu/glance	16:28
jamespage	bencer: we should not upload until a FFe has been granted for these packages - https://wiki.ubuntu.com/FreezeExceptionProcess	16:28
hallyn	gary_poster: my understanding is that the rationale/justification for overlayfs's simplicity is precisely that you can overly on top of an overlay	16:28
hallyn	gary_poster: so doing what you suggest is good for verifying that that's the problem, but if there's a problem then it's a bug	16:28
jamespage	bencer: preparing the information for that in the bug report is something that can happen in between now and review completion	16:29
jamespage	I note from the bug report that there is still some debate as to whether these packages should be native or not.	16:29
huats	bencer: i cannot upload that since the FFe is needed + the new process	16:29
bencer	jamespage: huats should we fill the bug for FFe now?	16:30
jamespage	bencer: yes - it can be done in the existing bug report	16:30
bencer	jamespage: do we have to do something else than subscribing ubuntu-release team?	16:32
jamespage	bencer, yes - the Bug Description needs to be populated with the information detailed in https://wiki.ubuntu.com/FreezeExceptionProcess	16:33
hallyn	stgraber: help!	16:34
hallyn	stgraber: my attempt to dput lxc failed with -eperm	16:34
jamespage	bencer: I think it just needs re-shuffling to line up with the required information to support the release team approval	16:35
stgraber	hallyn: again? :)	16:35
jamespage	please don't subscribe ubuntu-release until myself/huats has had time to review again; packaged really need to be good-to-go	16:36
stgraber	hallyn: should be good now	16:36
hallyn	stgraber: i don't think i did anything stupid...	16:36
hallyn	thanks, retrying	16:36
bencer	jamespage: huats ok thanks, i will ping you both tomorrow, going to rewrite the bug description before then, thanks again	16:37
jamespage	bencer: no problem	16:37
huats	great	16:38
pabelanger	Okay, just created my first merge request using launchpad. I _think_ I did it right	16:45
hallyn	stgraber: push worked this time, thanks :)	16:47
stgraber	hallyn: np. cjwatson hardcoded the ACL in his script so it shouldn't be dropped anymore ;)	16:48
stgraber	hallyn: you merged that one https://code.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150/+merge/97021 right?	16:49
hallyn	stgraber: yup	16:49
hallyn	hopefully the right one (i didn't realize he was going to make more changes)	16:49
hallyn	stgraber: and -d works for me :)	16:50
stgraber	hallyn: cool. Marking the bug fix released and the branch merged then.	16:50
hallyn	lp email told me it was marked fix released	16:50
stgraber	bug 951150	16:50
uvirtbot	Launchpad bug 951150 in lxc "lxc-start-ephemeral is not all ephemeral" [High,New] https://launchpad.net/bugs/951150	16:50
stgraber	^ doesn't agree :)	16:50
uvirtbot	stgraber: Error: "doesn't" is not a valid command.	16:50
stgraber	anyway marked fix released manuaally	16:51
stgraber	*manually	16:51
hallyn	thanks	16:53
hallyn	i wonder if the mp was done after the push, and that re-opened the bug	16:53
pabelanger	Now, on to adding dbconfig-common support into nova	17:05
=== JanC_ is now known as JanC
koolhead17\|away	wa00 is nova going to be completely automates ? /o.0\	17:18
gary_poster	hallyn, I have confirmation that overlayfs + upper overlayfs does not allow removal of files; overlayfs + upper tempfs does	17:37
gary_poster	it may be that overlayfs requires xattrs but does not implement it?	17:38
gary_poster	hallyn, I modified my branch: http://bazaar.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150/revision/79	17:42
gary_poster	should I make a new MP?	17:42
hallyn	gary_poster: yes pls	17:42
gary_poster	ack hallyn	17:42
hallyn	gary_poster: by overlayfs upper,	17:42
hallyn	gary_poster: that means the fs changes will be written to?	17:42
hallyn	that seems reasonable to refuse	17:42
gary_poster	hallyn, yes	17:42
hallyn	so you're working around that?	17:43
gary_poster	hallyn, yeah, I just make another tempfs	17:43
gary_poster	mount that in ephemeralbind	17:43
gary_poster	and it is ok	17:43
hallyn	gary_poster: should you create a single tmpfs for all overalys for a container,	17:43
hallyn	and create subdirs under that to use as the overlays?	17:43
gary_poster	that's what I do hallyn, yeah	17:44
hallyn	gary_poster: awesome, thanks :)	17:44
gary_poster	cool	17:44
gary_poster	hallyn, MP is here: https://code.launchpad.net/~gary/ubuntu/precise/lxc/bug-951150-2/+merge/97077 . Would you like me to file a separate bug, or do anything else?	18:17
hallyn	gary_poster: no thanks, i'll take it from here	18:18
gary_poster	cool, thanks hallyn	18:18
* gary_poster goes to have a bit of lunch		18:18
hallyn	np - ttyl	18:18
hallyn	gary_poster: to be sure, you ran this and it cleaned up fine? (wondering whether i can just push blindly, or should setup an env to test in)	18:21
mgw	any suggestions on avoiding clock skew on qemu-kvm guests? Is there a demonstrable reason why ntp shouldn't be used?	18:51
gary_poster	hallyn, I tested it quickly and it seemed fine. I had used a version without the -d changes for my initial tests. If you haven't already run a couple of tests, I'm happy to	18:55
gary_poster	happy to run a few more tests, I mean	18:55
hallyn	gary_poster: -d shouldn't affect it, i'll push, thanks	18:57
gary_poster	cool thank you	18:57
hallyn	thanks you for the patch :	18:58
gary_poster	:-) welcome	18:58
Xethron	I wish to setup a server that will dynamically control internet speed based on the amount of internet a user consumed relative to another. For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up". Does anyone know of software with the ability to do that?	19:05
=== sixstringsg\|away is now known as sixstringsg
uvirtbot	New bug: #953289 in unixodbc (main) "package odbcinst1debian2 2.2.14p2-5ubuntu2 failed to install/upgrade: ErrorMessage: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/953289	19:23
axisys	i have to pick disk 8 while booting (ctrl+p and then select disk 8) to boot the OS.. do I need to change the disk order in bios to automate this?	19:27
axisys	can I just install the boot loader on every disk instead ?	19:28
Evansdny	hello	19:29
Evansdny	I just setup my first home server using ubuntu 11.10 server of course coming from kubuntu and ubuntu on most of my machines i feel very mich at home. i am however having a horrible time configuring aliases and sub domains in apache either manually or using webmin's interface. i just cant seems to get the sub domain to come up. i have a top level domain and a static IP address at home through my ISP	19:31
Evansdny	any help or direction to some good information sites would be greatly appreciated	19:33
axisys	Evansdny: you will have lot better luck in getting support if you pastebin some error from your apache either here or #httpd channel	19:35
Evansdny	ok.... well i guess i'm not getting any errors it just goes directly to the top level domain and dousnt even see the sub domain. even though all my config files are correct	19:36
Evansdny	i will try #httpd	19:38
Evansdny	thanks	19:38
axisys	how do I catch the grub at boot on lucid ? shift is not catching it	19:41
axisys	is it esc+shift?	19:42
axisys	esc worked	19:44
axisys	this x4270 fails to boot all the way http://paste.ubuntu.com/880895/	20:08
axisys	what gives?	20:08
_KaszpiR_	GPT: Use GNU Parted to correct GPT errors.	20:10
axisys	hmm.. in recovery mode it boots all the way	20:14
axisys	_KaszpiR_: so boot in that mode and try to fix it, may be?	20:14
axisys	not sure what is the fix	20:15
axisys	GPT:585937498 != 585937499 <-- so change the block size or something?	20:15
axisys	sdi and sdj are part of md and boot disk	20:18
axisys	no GPT error for those two	20:18
axisys	recovery mode works perfect.. it is really single user mode .. and I enabled ssh and ssh in it.. all lvm+md looks good and installed new pkg.. works perfectr	20:30
axisys	perfect*	20:30
=== alaing is now known as funkymonk
axisys	http://paste.ubuntu.com/880960/ <-- boots perfect in dmesg	20:54
=== sixstringsg is now known as sixstringsg\|away
=== sixstringsg\|away is now known as sixstringsg
uvirtbot	New bug: #953453 in lxc (universe) "[FFE] use per-container apparmor profiles" [Undecided,New] https://launchpad.net/bugs/953453	21:55
akgraner	mmm, thought you'd like to see the table of contents for Issue 12 of Ubuntu User Magazine - http://www.ubuntu-user.com/Magazine/Archive/2012/12	22:17
=== sixstringsg is now known as sixstringsg\|away
HaltingState	hey; is ssh enabled/running by default on ubuntu server?	22:52
HaltingState	if i install from iso and hook up to network can I ssh in or do i have to do something else also	22:53
pabelanger	HaltingState: when you install openssh-server it is	22:54
pabelanger	you will be prompted during the installation process to add it	22:54
=== Lcawte is now known as Lcawte\|Away
uvirtbot	New bug: #953533 in groovy (universe) "groovysh crashes instead of starting" [Undecided,New] https://launchpad.net/bugs/953533	23:16
Xethron	I wish to setup a server that will dynamically control internet speed based on the amount of internet a user consumed relative to another. For example. If only one user is online, he gets 100% of the line speed. However, if two users are online, the one who consumed less internet should get preference as to allow him/her to "catch up". Does anyone know of software with the ability to do that?	23:26
=== sixstringsg\|away is now known as sixstringsg

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!