[00:08] <Zx432> Hi
[00:09] <Zx432> I tried to set a server but now I have a loopback. I have a Local loopback. The server is plugged in my router, since I only want it for internal use it shouldn't be a problem.
[00:14] <Zx432> Anyone here? :)
[00:17] <l0n> Zx432, Not sure what you mean, what are you trying to do?
[00:17] <Zx432> I was setting up a home srever
[00:18] <Zx432> It should be basically my first server, It is plugged in my router and has no internet acces or any acess at all because of the loopback.
[00:19] <twb> l0n: I *think* he's trying to do something relating to networking, and is getting an 169.172/24 address from avahi.  Or possibly he's looking at "scope local" on an iface address.
[00:19] <twb> Zx432: what you're saying doesn't make any sense.
[00:20] <Zx432> ifconfig -a gives me:
[00:20] <l0n> twb, that does idd sound reasonable
[00:20] <twb> Zx432: do not use ifconfig.
[00:20] <Zx432> ok
[00:20] <twb> Zx432: pastebin the output of "ip r", "ip a" and /etc/network/interfaces.
[00:21] <qman__> Zx432, there is always a loopback adapter
[00:21] <qman__> it has nothing to do with your ability to get to the internet
[00:21] <Zx432> ok
[00:21] <Zx432> but I still cant ping anythinng.
[00:22] <Zx432> I hope it is clear I am talking about another computer.
[00:22] <qman__> that's fine, but it has nothing to do with the loopback adapter, you need to configure your interface, and verify that one is even loading in ifconfig -a or ip a
[00:22] <Zx432> ok
[00:22] <Zx432> how?
[00:23] <qman__> in ifconfig -a, you will see blocks of information for each adapter which is configured
[00:23] <qman__> there will always be a lo0
[00:23] <qman__> beyond that, you should have an eth0, or eth1, or ath0, or wlan0, etc
[00:23] <qman__> if you don't, that means you've got driver issues or hardware issues
[00:23] <qman__> if you do, it's simply not configured
[00:29] <Zx432> what is lo?
[00:29] <l0n> lo = loopback
[00:29] <Zx432> It is te only thing showing
[00:29] <Zx432> So it is a driver problem?
[00:30] <twb> Zx432: lspci -nn | grp net
[00:30] <twb> *grep net
[00:32] <Zx432> It tells me the name of the card.
[00:33] <Zx432> What do the numbers mean?
[00:33] <twb> That's the PCI ID.
[00:33] <twb> You can enter it into the kmuto.jp HCL page to find out if it's supported
[00:34] <twb> If it isn't showing up in "ip a" then it probably isn't
[00:34] <qman__> yeah, a google search of it will also help
[00:34] <qman__> if it's not supported, you'll likely find lots of other people having the same problem
[00:34] <twb> And lots of unhelpful "I cargo-culted this and it works OKish" comments...
[00:39] <Zx432> Winbond electronics corp w89c940 first searches don't fill me with hope...
[02:14] <trimeta> I just realized that my 10.04 LTS server's been sitting around with the 2.32.35 kernel for while, when USN-1389-1 noted a number of serious security bugs that should have made me reboot.
[02:15] <trimeta> However, whenever aptitude told me to upgrade my kernel, I always checked the changelog to see if I actually needed to reboot into the server...all it says there is "Bump ABI."
[02:15] <trimeta> Shouldn't the changelog make some mention of "security bugs fixed," and set the urgency to something other than "low"?
[02:20] <patdk-lap> dunno about aptitude, but apt-get tells me those things
[02:22] <twb> trimeta: you hit C in aptitude to see the changelog?
[02:22] <trimeta> I mean, landscape (which is presumably fueled by aptitude gives me a message saying "N packages can be updated, M updates are security updates." when I log in, but it doesn't say which ones are which.
[02:22] <trimeta> twb: I typed "aptitude changelog linux-server"
[02:23] <twb> Either 1) you are looking at the meta package; or 2) there are multiple changelog entries since the current version, and you're only looking at the latest (first) one.
[02:23] <twb> FYI, there is an extra package you can install that lets aptitude boldify all the new changelog entries
[02:23] <trimeta> twb: I may be looking at the meta package...let me see if typing the full package name helps.
[02:23] <twb> Also apt-listchanges and apt-listbugs
[02:23]  * patdk-lap just doesn't bother, and updates on every kernel
[02:24] <twb> trimeta: the metapackage is built from a separate stub source package than the actual kernel itself -- this is a kernel-specific peculiarity, normal packages don't have that issue
[02:24] <trimeta> OK, aptitude changelog linux-image-2.6.32-39-server does give a more meaningful changelog; I'll need to remember that in the future.
[02:25] <trimeta> It still could be clearer here which of these updates are security-related.
[02:26] <twb> trimeta: in aptitude's GUI, it's a separate section
[02:26] <trimeta> I'm accessing the server over ssh; in fact, I don't have X installed on this thing.
[02:26] <twb> aptitude's GUI is an ncurses GUI
[02:27] <twb> (Well, it also has a GTK GUI now.  Of course, you can tunnel X applications as long as there is an X *server* installed on your SSH *client* side.)
[02:27] <trimeta> I've never used aptitude's ncurses interface, actually...hmm, let's see what's here.
[02:28] <twb> http://paste.debian.net/
[02:28] <twb> Gah
[02:28] <twb> That pastebin hates screenshots with box chars in them :-/
[02:28] <twb> http://cyber.com.au/~twb/tmp.txt <-- screenshot
[02:29] <twb> http://paste.debian.net/159636/
[02:32] <trimeta> OK, so if I have security updates, they'd be there?
[02:32] <trimeta> I usually just update things using a script that runs "aptitude update && aptitude safe-upgrade".
[02:33] <twb> You might have unattended-upgrades installed and enabled
[02:33] <twb> In which case you wouldn't notice most of the time
[02:33] <trimeta> It's definitely installed...
[02:38] <trimeta> But I think it's disabled (no mention in /etc/apt/apt.conf.d/10periodic).
[02:47] <bearly230> Hello all. I was hoping you all could point me to a good guide for setting up an internet gateway using ubuntu 11.10.
[05:41] <variant> hi all, my local dhcp server is a little on the flakey side. is it possible to stop dhcpcd from deconfiguring the interface if the dhcp server dissapears for a few minutes?
[06:36] <brando753>  what is the ideal way to load balance a drupal site between three servers, I feel rsync might be to slow if a new user signup and then redirected to a non-updated server
[06:40] <SpamapS> brando753: rsync doesn't do load balancing
[06:40] <SpamapS> brando753: you mean how do you keep shared files in sync?
[06:40] <brando753> no rsync to update content
[06:40] <brando753> between the servers and using round robin
[06:40] <SpamapS> the content should be in a database server
[06:40] <brando753> but that is not an ideal situation for me
[06:40] <brando753> SpamapS, video content
[06:41] <SpamapS> brando753: for video you want an object storage solution. I like MogileFS, CEPH, and Swift
[06:41] <SpamapS> dunno if drupal has built in support for any of those
[06:41] <brando753> Im using red5
[06:42] <brando753> but Im just trying to setup the main servers for load balancing
[06:42] <brando753> I dont want the database in one server incase something happens
[06:42] <twb> I thought all the cool kids used S3/EC2 for load balancing shite
[06:42] <twb> I know drbd is a huge fuckign pain
[06:43] <SpamapS> drbd is easy.. its the cluster managers like corosync/pacemaker that are a PITA
[06:43] <SpamapS> but manually switching drbds in a catastrophic failure scenario is easy
[06:44] <SpamapS> brando753: mysql has several ways to make it HA so you can put it on all 3 servers
[06:44] <SpamapS> brando753: I really like Galera for that..
[06:44] <SpamapS> brando753: http://codership.com/products/mysql_galera
[06:45] <twb> SpamapS: if you have a NOC monkey that isn't an idiot, I guess
[06:46] <twb> SpamapS: oh did I mention the customer also wanted to drbd the root fs
[06:46] <brando753> thanks I will check that out, how about for actual file synchronization? is rsync the best choice?
[06:46] <twb> SpamapS: so I was estimating how hard it would be to manage drbd from within the initrd...
[06:46] <twb> brando753: rsync is good at moving arbitrary data from one place to another.
[06:46] <twb> brando753: for code, you should be using VCS not rsync
[06:47] <twb> brando753: for RDBMSs, you should be using database-specific sync mechanisms
[06:48] <SpamapS> brando753: no, for videos it would be a bad choice
[06:48] <SpamapS> brando753: since they could take quite a while, and be missing for a long time
[06:49] <SpamapS> twb: drbd root is a bit silly
[06:49] <twb> SpamapS: yes well, customer was more than a bit silly
[06:49] <brando753> thanks I will check some of this out
[06:50] <SpamapS> brando753: use a distributed object store.. looks like red5 has some massively complicated way to do that.. http://trac.red5.org/wiki/Documentation/Clustering/EdgeOriginSolutiononTerracotta
[07:38] <koolhead17> adam_g: hi there
[07:58] <mrintegrity> hi all, my local dhcp server is a little on the flakey side. is it possible to stop dhcpcd from deconfiguring the interface if the dhcp server dissapears for a few minutes?
[08:05] <_ruben>  a dhcp server disapearing for a few minutes shouldn't cause any issues, unless you have insanely small lease expiration times
[08:06] <mrintegrity> _ruben: hmm, guess that could be the problem actually
[08:06] <mrintegrity> a typ
[08:07] <mrintegrity> a typo
[08:10] <twb> _ruben: or it happens to be when that least expires
[08:10] <twb> *lease
[08:14] <_ruben> that's why it should work like most ipsec implementations (not sure if that's the case currently with dhcp implementations): attempt to renew long before expiry and only deconfig when it fails to do so at expiry time
[08:16] <twb> Maybe it does; I am only guessing
[08:16] <_ruben> makes 2 of us then :)
[08:17] <_ruben> then again, the most obvious solution would be to fix the dhcp server
[08:17] <twb> Pfft, fix things?  You must be new here
[08:17] <_ruben> :)
[08:18] <_ruben> breaking stuff does tend to be way easier
[08:22] <mrintegrity> _ruben: to be honest, I did fix the dhcp server and this is no longer a problem. my only consern is future dhcp server breakage causing unplanned downtime on the whole network because of this feature/miss configuration :)
[08:23] <mrintegrity> 08:14 < _ruben> that's why it should work like most ipsec implementations  ... I will test this
[08:25] <_ruben> i wonder if dhcp has seperate renew and expire lifetimes (like ipsec does), then you could set it to renew like every hour, but expire only after a day for instance. probably isn't the case though
[09:17] <diplo> Morning all
[09:19] <a_ok> I can stop mysql with service mysql stop. It gives a givea an error: stop: Method "Get" with signature "ss" on interface "org.freedesktop.DBus.Properties" doesn't exist. After that upstart is all messed up: start: Unknown job: mysql
[09:21] <twb> a_ok: why are you telling us?
[09:28] <a_ok> twb: how do I get to start mysql?
[09:29] <twb> Oh sorry, I thought this was #networking
[09:30] <twb> a_ok: it looks like it's pissed that dbus isn't running or some dbus backend magic isn't installed
[09:30] <twb> Or wait, are you root?
[09:30] <a_ok> yes i am
[09:30] <twb> "sudo stop mysql"
[09:31] <a_ok> twb: unknown job mysql...
[09:32] <twb> Is there an /etc/init/mysql.conf ?
[09:32] <a_ok> yes there is
[09:33] <twb> I am not convinced you're actually root
[09:33] <twb> It sure feels like you're not, from the symptoms
[09:36] <a_ok> twb: I am convinced I am root however I seem to have corrupted config. Weird that it would stop the first time though
[09:36] <twb> upstart might not reread the config file while the job is running
[09:38] <a_ok> twb: ah. that might explain it
[09:39] <a_ok> twb: I am trying to get a ulimit -n in there. it's in the pre-start now but not doing anyting
[09:49] <Jeeves_> A core dumping init... Should I worry? :)
[10:02] <lynxman> morning o/
[10:03] <koolhead17> hello lynxman
[10:07] <Jeeves_> http://imgur.com/8cePA
[10:08] <lynxman> koolhead17: ello!
[10:28] <jamespage> Daviey: poke rabbitmq
[10:28] <jamespage> morning BTW :-)
[10:33] <Daviey> jamespage: poke received
[10:45] <jamespage> gah
[10:46] <jamespage> bencer: around? lots of empty packages...
[10:46] <bencer> jamespage: yup
[10:46] <bencer> tell me
[10:46]  * jamespage hates cdbs for this
[10:46] <jamespage> so
[10:47] <jamespage> side effect of adding the transitional packages I'm afraid
[10:47] <bencer> didnt check the launchpad build, jacalvo uploaded that
[10:47] <jamespage> when cdbs builds a source package with a single binary package
[10:48] <jamespage> $(DEB_DESTDIR) points to debian/<BINARY_PKG_NAME>
[10:48] <jamespage> when it has multiple binary targets it points to debian/tmp
[10:49] <bencer> jamespage: what do you suggest to do in this case then?
[10:49] <jamespage> just thinking about it
[10:52] <jamespage> bencer, http://build-common.alioth.debian.org/cdbs-doc.html#id2550863
[10:53] <jamespage> Alternatively, write a packagename.install file listing: debian/tmp/*
[10:53] <pabelanger> Well, after testing yesterday.  I'm happy with now nova and dbconfig-common are working together; uploading the patch to launchpad
[10:53] <jamespage> bencer: thats one way around it
[10:54] <jamespage> OR zbuildtools could be updated to target the right directory for the package.
[10:55] <bencer> ok, let me have a look at it
[10:55] <_ruben> Jeeves_: who needs init anyways ? :p
[10:56] <jamespage> bencer: I'm not looked yet but there could be a problem with upstart configuration getting installed into the transitional packages as well
[10:56] <bencer> ok, going to have a look at that too
[10:57] <jamespage> bencer: I'll do a quick local build to check now
[10:58] <jamespage> bencer: confirmed - both packages get all upstart configurations.
[10:59] <bencer> arr :-/ then maybe the easiest thing is to change zbuildtools?
[10:59] <Jeeves_> _ruben: Indeed. init is sooooooooo overrated :)
[11:04] <bencer> jamespage: going to have a look on a change on zbuildtools
[11:05] <jamespage> bencer: I think so
[11:32] <pabelanger> ok, I have 2 merge requests up, 1 for the glance package and the other is for the nova package.  Both add support for dbconfig-common.  Reviewers wanted / welcome :)
[11:54] <chmac> logwatch is run from /etc/cron.daily/00logwatch on 3 hosts. On 2 hosts it runs at 5:25 and on one at 6:25, any idea why it's different on one host?
[11:54] <chmac> I've checked the time and timezone on all three hosts, the output of `date` is the same on all.
[12:00] <_ruben> chmac: have a look at /etc/crontab
[12:01] <chmac> _ruben: Strange, they're all identical. I did change the timezone after setting up the servers, I wonder if it needs to reboot to take effect. I just restarted the cron service, maybe that will resolve it.
[12:01] <chmac> The two hosts at 5:25 are actually running wrong, it's meant to run at 6:25, so I'll keep an eye on it, maybe reboot those nodes if necessary.
[12:19] <chmac> _ruben: Thanks for the feedback btw
[12:29] <rsajdok> what are the minimum required for the ubuntu 10.04.4 server I have vps with 128 ram. Is it enough memory space?
[12:30] <patdk-wk> non-vps it uses like 26megs
[12:30] <patdk-wk> so with vps, it should use less
[13:15] <rsajdok> patdk-wk: thanks
[14:15] <Cryp71c> Does ubuntu server still store the default runlevel in /etc/inittab ?
[14:15] <lynxman> I'm trying to run libvirt in precise but is spewing all kinds of errors http://pastebin.ubuntu.com/883276/
[14:16] <lynxman> Any idea where to start looking at?
[14:24] <Cryp71c> lynxman, its not much, but looks like a process which is supposed to pull hardware info is failing terribly. I'm unsure as to why its doing this or what a fix may be, a quick google turned this up as the page of the process in question: http://www.nongnu.org/dmidecode/
[14:30] <lynxman> jamespage: so what would be better, reverse patch 2.7.11 or go to 2.7.12? Isn't too late at this height of the cycle to jump one version up?
[14:31] <jamespage> lynxman, hmm
[14:31]  * jamespage scratches his chin
[14:33] <lynxman> Daviey: ^^^ ??
[14:35] <jamespage> lynxman, bearing in mind the last few releases from upstream how do we feel about taking a whole new point release?
[14:35] <jamespage> has 2.7.11 proven a bit more stable?
[14:37] <jamespage> lynxman, anyone from puppetlabs/puppet devs around to help us make this decision?
[14:39] <lynxman> jamespage: I can ask stahnma later today
[14:39] <lynxman> jamespage: at this point we're pretty much high in the release cycle, the version should be stable
[14:39] <lynxman> *should*
[14:39] <jamespage> I agree
[14:39] <jamespage> so the patch makes more sense
[14:39] <jamespage> lynxman, whats the impact of not taking that patch
[14:39] <jamespage> I did not ask that in the MP
[14:42] <lynxman> jamespage: it reverts a newly introduced lock file mechanism
[14:43] <lynxman> jamespage: looks like it broke existing platforms running 2.7.x so it was decided to reintroduce it in 3.0 and drop it out 2.7.x
[14:43] <jamespage> lynxman, ack - fix it up and ill upload
[14:43] <lynxman> jamespage: thanks :)
[14:44] <lynxman> jamespage: will fix it right away
[14:44] <jamespage> lynxman, you might want to run 'update-maintainer' on that branch as well
[14:44] <jamespage> saves me typing it :-)
[14:44] <lynxman> jamespage: hehe will do
[14:48] <Daviey> lynxman: yeah, we can resolve that in euca
[14:48] <Daviey> Have a patch
[14:49] <lynxman> Daviey: cool
[15:45] <hallyn> stgraber: did you have any complaints about my manpages patch?  if not i'll roll it into the package right now (along with a patch from gary_poster)
[15:47] <stgraber> hallyn: nope, I only briefly looked at it but it looked good
[15:48] <hallyn> ok, thanks.
[15:48] <stgraber> hallyn: btw, I have apparmor working fine here now but I'm not too sure what we should do with the profile to make it block what we want (moving /proc and /sys) while allowing everything else so we don't need to patch it every other week for other distros/versions/...
[15:48] <stgraber> hallyn: http://paste.ubuntu.com/883431/ is what I have now
[15:49] <hallyn> stgraber: well i think we want to allow tmpfs anywhere,
[15:49] <hallyn> restrict /proc and /sys to those locations,
[15:49] <hallyn> and refuse securityfs
[15:49] <hallyn> (and debugfs)
[15:49] <hallyn> and maybe add a comment (or a conditional if possible?) to just allow all mounts
[15:50] <hallyn> stgraber: what you have now works with current kernel and apparmor userspace?
[15:50] <hallyn> or still waiting on pushes?
[15:50] <stgraber> hallyn: you need a new parser and kernel
[15:50] <hallyn> if it works, i can just stage my changes in ubuntu:lxc and let you update?
[15:50] <hallyn> ok
[15:50] <stgraber> 12:44 <@jjohansen> people.canonical.com/~jj/linux-image-3.2.0-18-generic_3.2.0-18.29_amd64.deb
[15:50] <stgraber> 12:44 <@jjohansen> people.canonical.com/~jj/apparmor_parser
[15:50] <stgraber> hallyn: ^
[15:53] <stgraber> hallyn: blocking debugfs and securityfs caused mountall to fail in an interesting way for me, we might need to patch it to deal with apparmor denying the mount
[15:54] <stgraber> hallyn: or allow these fs only at the "right" location and then deny access to the content
[15:54] <hallyn> i guess the latter is ok
[15:54] <hallyn> can we let lxc-start mount it, and deny the container mounting it?
[15:54] <hallyn> (i.e. if it's mounted will mountall ignore it)
[15:55] <stgraber> yeah, if it's mounted mountall won't touch it
[15:56] <hallyn> I guess our existing restrictions already refuse writes to those, so it's not a big deal either way
[15:56] <hallyn> but the advantage of having the host mount it is that it keeps the contaienr policy easier to understand
[15:57] <hallyn> disadvantage, we need to update contaienr fstab in templates
[15:57] <hallyn> stgraber: meanwhile, shoudl i push the two fixes i have, or do you have something else to stage today?
[15:58] <stgraber> hallyn: push what you have, the apparmor changes still depend on having some other bug fixed in apparmor and new userspace + kernelspace upload
[15:58] <hallyn> kthx
[16:04] <stgraber> hallyn: what was the reason for blocking /sys/fs/fuse/connections/ ?
  fuse is scary?  :)
[16:05] <hallyn> i don't know the fuse api.  i just don't want the containers being able to muck with the kernel through the fuse stuff
[16:05] <hallyn> if everything under /sys is safe, then we can remove that.
[16:05] <hallyn> (but i have my doubts)
[16:07] <stgraber> hallyn: don't we allow /dev/fuse already?
[16:07] <hallyn> yes but /dev/fuse is world writeable
[16:08] <hallyn> looking at /sys/fs/fuse on my laptop i guess it looks ok
[16:08] <hallyn> how do you register a new fuse handler?
[16:08] <hallyn> (that's what i want a container to be refused)
[16:08] <hallyn> does that require a modprobe?
[16:08] <stgraber> apparently when creating a new fuse mount through /dev/fuse a new entry appeares in /sys/fs/fuse/connections/
[16:08] <stgraber> owned by the user owning the mount
[16:09] <hallyn> so the only problem is a privacy one with root in container seeing info for user on host
[16:09] <stgraber> so in my case I see an entry in /sys/fs/fuse/connections/ that's owned by my user (500 for directory and some files at 600 in there)
[16:10] <hallyn> well i did an sshfs mount, and don't see anything bad there
[16:10] <stgraber> hallyn: well, currently it can access it, it just can't write to it
[16:10] <hallyn> so container could do a DOS with max
[16:10] <hallyn> max_connections
[16:10] <hallyn> but that's it
[16:11] <hallyn> and i don't thin it needs to write to it :)  but near as I can tell it's not bad if it can
[16:11] <hallyn> you know, compared to other stuff it can do :)
[16:12] <stgraber> I guess I'm fine keeping it read-only for now and allowing read/write when we have a bug report, does that sound good?
[16:13] <hallyn> yup
[16:14] <hallyn> stgraber: i'm about to turn back to qemu and libvirt bugs.  do you want me to be testing the apparmor stuff right now instead, or are you ok fleshing that out still?
[16:14] <hallyn> (i wonder if anyone would notice that there isn't a lxc-clone manpage...)
[16:15] <stgraber> hallyn: I'm working a bit on it now, will need jjohansen's help on a mount weirdness though
[16:15] <stgraber> hallyn: one more question, shouldn't we deny /proc/sys/fs/**?
[16:15] <stgraber> hallyn: mostly thinking of /proc/sys/fs/binfmt_misc/
[16:17] <stgraber> hallyn: oh, we do, sorry, I'm blind :)
[16:26] <stgraber> hallyn: nice side-effect of apparmor: [ 9736.120788] type=1400 audit(1331742393.327:650): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=8952 profile="/usr/bin/lxc-start//lxc_container" name="/" pid=8964 comm="mount" flags="ro, remount"
[16:32] <hallyn> ah yes.  i was hoping for that, and have bugged poor jjohansen like 20x over the last 2 months asking whether that would happen :)
[16:32] <hallyn> \o/
[16:32] <hallyn> heck now we could drop the rootfs.pin file...  so ppl coudl stop asking me to put text in there
[16:33] <hallyn> (but as i'm sure ppl will be dsiabling apparmor in some cases, better not)
[16:36] <stgraber> hallyn: http://paste.ubuntu.com/883514/
[16:36] <stgraber> hallyn: with the FIXMEs fixed, I think I'll be happy to use that for precise
[16:37] <lynxman> hallyn: hey hallyn, I see you uploaded a new version of libvirt that solves a couple issues, it's not still on the archive but installing from scratch the previous one I have this problem http://pastebin.ubuntu.com/883276/ have you seen this before?
[16:38] <pabelanger> Quick question, I've posted a few merge request for nova and glance (OpenStack), I'm unsure if I have set them up to notify the properly people; I have not heard much feed back yet.  Its only been a day, but want to make sure I did the review properly
[16:41] <adam_g> pabelanger: where did you propose the merges?
[16:42] <pabelanger> adam_g: bug 954915 and bug 953093 have each being linked to the merge request
[16:42] <azertyu> hello
[16:42] <azertyu> my system reboot 3 times per day
[16:43] <azertyu> i got this error : [kern.info] kernel Copyright (C) 2004 MontaVista Software - IPMI Powerdown via sys_reboot.
[16:43] <azertyu> on my log
[16:43] <EvilResistance> azertyu:  is your system a VPS?
[16:43] <azertyu> correct
[16:43] <EvilResistance> i'd assume the hardware node went down for updates/upgrades
[16:44] <EvilResistance> sys_reboot might be being called from the hardware node
[16:44] <adam_g> pabelanger: oh nice. would you mind redirecting the proposals to lp:~ubuntu-server-dev/nova/essex and lp:~ubuntu-server-dev/glance/essex ?
[16:44] <EvilResistance> thereby signaling to the VPSes to shutdown, and come back up after the upgrades
[16:44] <pabelanger> adam_g: Okay sure, did I link to the wrong branches?
[16:45] <hallyn> stgraber: hm.  should all regular block devices be allowed to be mounted in contaienrs you think?
[16:45] <hallyn> or should we make that configurable?
[16:45] <adam_g> pabelanger: well, we do all the packaging work in the ubuntu-server-dev branches, and then merge into the lp:ubuntu/precise/ branches. im not sure if theres a way to make that more obvious, so sorry if its unclear.
[16:46] <hallyn> I think ppl will complain about it being denied.  But certainly a bad FS risks corrupting the host
[16:46] <pabelanger> adam_g: Okay
[16:46] <hallyn> lynxman: looking
[16:46] <adam_g> pabelanger: proposals to the ubuntu-server-dev get run thru the openstack CI testing before uploading to ubuntu
[16:47] <hallyn> lynxman: no, that's new to me
[16:47] <stgraber> hallyn: I'm guessing most people would do that through the fstab outside of the container to avoid giving access to the block device
[16:47] <stgraber> hallyn: doing so will be allowed by my current profile
[16:47] <stgraber> (as lxc-start can mount anything it wants to /usr/lib/lxc/root/**)
[16:47] <hallyn> stgraber: ok.  perhaps the server guide should give guidance on that
[16:47] <stgraber> hallyn: probably a good idea indeed
[16:47] <hallyn> (but i've sent the merge requerst so that'll have to wait)
[16:48] <stgraber> hallyn: we definitely shouldn't recommend allowing block devices in the lxc config, it's much easier to have lxc-start mount them
[16:48] <hallyn> stgraber: thanks for getting the policy working!
[16:48] <stgraber> hallyn: np, just need to nag jjohansen some more, have the parser fixed (or my profile) and get all that in the archive
[16:49] <lynxman> hallyn: it's very weird indeed ./
[16:50] <azertyu> anyone ?
[16:50] <azertyu> i got this error : [kern.info] kernel Copyright (C) 2004 MontaVista Software - IPMI Powerdown via sys_reboot.
[17:01] <hallyn> lynxman: i've seen it before apparently https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/922628
[17:01] <lynxman> hallyn: ooh :)
[17:01] <lynxman> hallyn: so it just happened on a new VM here
[17:02] <lynxman> hallyn: interesting... anything you want me to check on the system? I rebooted it twice with the same result
[17:03] <hallyn> lynxman: still the internal error Child process (/usr/sbin/dmidecode -q -t 0,1,4,17) status unexpected: fatal signal 15  has me wondering if something else is causing the root problem
[17:04] <Ng> /4/
[17:04] <Ng> 6/
[17:07] <hallyn> lynxman: what does '/sbin/iptables -L -t nat' show?
[17:08] <lynxman> hallyn: http://paste.ubuntu.com/883568/
[17:09] <hallyn> lynxman: is that with libvirt sucessfully restarted?
[17:09] <hallyn> lynxman: waht confuses me is that virPidWait is supposed to ignore -EINTR
[17:09] <lynxman> hallyn: restarted it yeah, but still complains
[17:09] <lynxman> hallyn: also can confirm that /dev/virbr0 doesn't exist
[17:10] <hallyn> lynxman: but that you can reproduce it is good news :)  can you set the log level to 1 in /etc/libvirt/libvirt.d and restart libvirtd?
[17:10] <hallyn> eh.  maybe not worth it.
[17:10] <hallyn> lynxman: your iptables output shows 192.168.122.0 redirects existing.  what created those?
[17:11] <lynxman> hallyn: I reckon libvirt did
[17:11] <lynxman> hallyn: http://paste.ubuntu.com/883574/
[17:12] <lynxman> hallyn: also the interface virbr0 exists with the correct IP, but /dev doesn't :)
[17:12] <lynxman> hallyn: *duh*
[17:12] <hallyn> ?
[17:12] <hallyn> what do you mean by /dev doesn't?
[17:13] <lynxman> hallyn: nah, me being sleepy, nevermind
[17:13] <lynxman> hallyn: it created the network interface properly
[17:13] <lynxman> hallyn: still log says error
[17:14] <hallyn> and vms have a good working network?
[17:14] <hallyn> but on your first start of libvirt, they didn't?
[17:14] <lynxman> hallyn: it does
[17:14] <lynxman> hallyn: ah no, nova-compute doesn't start because libvirt errors
[17:14] <lynxman> hallyn: it waits forever to connect to libvirt and doesn't show up in nova-manage service list
[17:15] <lynxman> hallyn: can do a reverse ssh tunnel for you to connect to the VM
[17:19] <hallyn> lynxman: ah. i see.  i'm confusing errno and waitpid status
[17:19] <hallyn> lynxman: woudl it be possible for you to jsut reboot and not try to restart libvirt?
[17:19] <hallyn> i want to know if the network still comes up right
[17:19] <lynxman> hallyn: let me do that right now
[17:21] <lynxman> hallyn: same result, compute waiting forever on libvirtd, virb0 is there so is libvirtd it's just sitting ducks
[17:22] <lynxman> hallyn: http://paste.ubuntu.com/883591/
[17:22] <lynxman> hallyn: iptables http://paste.ubuntu.com/883594/
[17:25] <hallyn> lynxman: this is annoying.  -4 is not supposed to be a valid exit code for iptables.  and the rule *is* being added.
[17:25] <hallyn> I don't want to go and blindly patch the code to be quiet though
[17:25] <lynxman> hallyn: :/
[17:25] <pabelanger> adam_g: okay, I think I got it. Thanks for the pointer
[17:25] <lynxman> hallyn: anything else I can test? If not as said, I can do a reverse tunnel so you can connect in
[17:26] <hallyn> lynxman: i'm afraid if i do that my afternoon will be sucked up by it :)
[17:26] <hallyn> but ig uess we should
[17:26] <lynxman> hallyn: heh :)
[17:26] <lynxman> heidar: be my guest
[17:27] <hallyn> lynxman: how do you want to do it?  ssh-import-id serge-hallyn and give me an ip addr to go to?
[17:27] <adam_g> pabelanger: cool, ill hopefully give it a look today
[17:27] <adam_g> pabelanger: thanks for the help, btw
[17:28] <lynxman> hallyn: no need to, PMing you the details
[17:28] <hallyn> thx
[17:28] <pabelanger> adam_g: no problems, I needed them locally, that's why I did it
[17:29] <Kiall> Heya, I'm trying to install nagios3, but I'm not wanting apache to come in a dependency . According to the package deps, apache is a recommends.. Yet, using --no-install-recommends still brings it in.. How can I find out where the hard "Depends" rather than "Recommends" is coming from?
[17:32] <cwillu_at_work> Kiall, works fine here
[17:32] <Kiall> Actually, Looks like I found it.. But would still like to know an easier way than tracing through the deps manually :)
[17:33] <cwillu_at_work> Kiall, are you seeing apache2-utils and thinking that it's installing apache?
[17:33] <Kiall> No, it was depending on libapache2-mod-php OR php-cgi ..
[17:33] <Kiall> adding php-cgi let it work correctly..
[17:33] <pabelanger> Kiall: apt-get install nagios3-core
[17:34] <cwillu_at_work> Kiall, huh, it doesn't attempt to install php-cgi nor libapache2-mod-php here
[17:34] <Kiall> But, I would still love to know a better way to list a dependency tree for what apt is selecting..
[17:34] <Kiall> cwillu_at_work: http://packages.ubuntu.com/oneiric/nagios3-cgi
[17:35] <cwillu_at_work> Kiall, nagios3-cgi is not nagios3
[17:35] <cwillu_at_work> hmm, although it does seem to depend on it too
[17:35] <Kiall> Yes but, nagios3 Depends on nagios3-cgi, which Depends on libapache2-mod-php5|php5-cgi|php5..
[17:36] <cwillu_at_work> deps must have changed since 10.04
[17:36] <Kiall> Anyway.. All sorted, but is there an easier way to have apt list a tree of what its about to install? I'm sure I've seen a method of doing that before.. But cant find it!
[17:37] <cwillu_at_work> (on a tangental note: not requiring php is a hard requirement for any software I use :p)
[17:37] <Kiall> lol
[17:38] <smoser> SpamapS, ping
[17:38] <smoser> https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/615545
[17:49] <SpamapS> smoser: pong
[17:49] <SpamapS> smoser: sup?
[17:50] <smoser> that bug...
[17:50] <smoser> there has been an update un-verried sitting in lucid-proposed for quite some time
[17:50] <smoser> and it appears that it wouldn't even fix the issue any more
[17:51] <smoser> that... and i'm looking to fix https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/615545
[17:51] <smoser> oops
[17:51] <smoser> https://bugs.launchpad.net/ubuntu/+source/apt/+bug/948461
[17:51] <SpamapS> smoser: how do we test cloud-init from proposed? do we build AMI's for proposed updates?
[17:52] <smoser> so i'm thinking i should just get the lucid-proposed dropped.
[17:52] <smoser> SpamapS, well you can build with -proposed, but the easiest thing really is to just launch an instance
[17:52] <smoser> then
[17:52] <smoser> upgrade
[17:52] <smoser> rm -Rf /var/lib/cloud
[17:52] <smoser> reboot
[17:52] <smoser> its reasonable for most things
[17:52] <SpamapS> ah ok
[17:52] <smoser> but for this, i tihnk i just need to drop that fix, and we need to pave the way for the S3 mirrors
[17:53] <smoser> drop as it forget
[17:53] <smoser> so, thats why i pinged you
[17:53] <smoser> i thikn you can pull it from -prposed
[17:53] <smoser> right?
[17:58] <SpamapS> smoser: Probably, but I wouldn't know how to do that.
[17:59] <SpamapS> I only know how to let things in. :)
[18:00] <konradb> hi, how can i install oidentd on ubuntuserver?
[18:01] <Daviey> smoser: seen, https://wiki.ubuntu.com/Testing/EnableProposed ?
[18:02] <smoser> Daviey, i'm confused.
[18:02] <smoser> i was asking how i can get something removed from proposed.
[18:03] <konradb> i have just installed package "oidentd", i typed "/etc/init.d/oidentd start", i changed conf like here: http://is.gd/Z3Z3C3
[18:03] <konradb> and its not working
[18:03] <konradb> :/
[18:04] <konradb> i added iptables -A INPUT --protocol tcp --destination-port 113 -j ACCEPT
[18:04] <konradb> and output too
[18:04] <konradb> whats wrong?
[18:05] <Daviey> smoser: Oh.. sorry
[18:05] <Daviey> smoser: I don't think you need to bother?
[18:06] <smoser> well, i'm gonna do another upload
[18:06] <Daviey> smoser: it's a published source, which you can declare as failed verification.. so just ignore it.
[18:06] <Daviey> smoser: well you need to bump the version regardless.
[18:06] <smoser> "declare as failed verification"
[18:06] <Daviey> smoser: as in, treat it as a failed verification
[18:19] <SpamapS> smoser: if you have another change for cloud-init.. just revert the failed one in the next upload.
[18:26] <lynxman> hallyn: machine won't reboot until you manually kill process 23846
[18:38] <hallyn> lynxman: actually i killed the dmidecode and that did it.  what IS that dmidecode and why does it fail?
[18:38] <hallyn> (but, i'm afk doing lunch - bbl)
[18:39] <patdk-wk> don't you need dvi/hdmi/displayport for dvidecode to work?
[18:39] <patdk-wk> dmidecode :)
[18:56] <foo> If it takes about 15 seconds to finish doing something like "mkdir folder" (where I create a folder) - what does that typically mean?
[19:00] <patdk-wk> foo, using dm
[19:01] <patdk-wk> other issues is if your running out of diskspace/inodes
[19:02] <foo> patdk-wk: hm, I don't have dm - what is that? CLI only. I don't see a problem with diskspace, how would I know if I'm running out of inodes? I wonder if I need an fsck.
[19:02] <patdk-wk> df -h, and df -hi
[19:06] <patdk-wk> dm would be if your using, encryption, non-mdadm software raid, lvm, luks
[19:24] <cwillu_at_work> patdk-wk, I don't believe btrfs has an inode limit of that nature
[19:24] <patdk-wk> I didn't see him say btrfs at all
[19:25] <foo> Thanks, this is the output: /dev/sdc1                59M    646K     58M    2% /public
[19:25] <cwillu_at_work> er, sorry
[19:25] <cwillu_at_work> wrong channel
[19:25] <foo> looks ok to me. hmm. is it possible I just need a fsck?
[19:25] <patdk-wk> unlikely
[19:25] <foo> weird. in that case, drive maybe going bad?
[19:25] <patdk-wk> my system used to take upto 5min to do a mkdir on ext3
[19:25] <patdk-wk> could be
[19:26] <patdk-wk> to a smartctl test on it
[19:26] <patdk-wk> smartctl -t long /dev/....
[19:26] <patdk-wk> then check the results in a few hours
[19:27] <foo> patdk-wk: I am on ext3. This is a small home based server, nothing too crazy
[19:27] <hallyn> lynxman: i now can't reproduce it
[19:28] <hallyn> lynxman: eh, but reverting my debug patch lets me reproduce.  heisenbug?
[19:30] <smoser> hallyn, did you test IO at all in vms ?
[19:30] <hallyn> smoser: no
[19:30] <smoser> what am i paying you for
[19:30] <smoser> oh
[19:30] <hallyn> smoser: i started to set up an oneiric vm on marula, but it failed to boot
[19:30] <smoser> wait
[19:30] <smoser> never mind.
[19:31] <hallyn> smoser: i really do want to know if it's regressed...
[19:31] <smoser> yeah. i know.
[19:31] <hallyn> i think that is third in line, after lynxman's bug, and daviey's patch for nested vmx
[19:50] <Harald__> Hi. what do I need to do to make my USB WLAN-dongle "listen" at boot-up? Currently, when I boot and the ethernaet cable is NOT connected, I cannot access the system. If I connect the ethernet cable to eth0, then all of a sudden the wlan0 becomes active and I can ssh into the box. Both are configured with static IPs, wlan0 is lested first in /etc/network/interfaces (not that I think that matters), and I'm running 11.10 Serve
[19:50] <Harald__> Help much appreciated!!
[20:03] <esuave> is there any way i can tell how or when an IP changed on my server?
[20:03] <esuave> the machine was rebooted.. and the IP is assigned statically.. but some how it still changed..
[20:03] <esuave> im thinking it may have been a user.. but is there a sure way i can tell? maybe a log or something?
[20:04] <esuave> *correction.. the machine was never rebooted.. been up for 133 days
[20:09] <Harald__> Doesn't anybody have an idea?
[20:13] <SpamapS> Harald__: can you pastebin your /etc/network/interfaces file?
[20:14] <SpamapS> Harald__: (hint: apt-get install pastebinit && pastebinit < /etc/network/interfaces)
[20:15] <Harald__> auto lo
[20:15] <Harald__> iface lo inet loopback
[20:15] <Harald__> # The primary network interface
[20:15] <Harald__> auto wlan0
[20:15] <Harald__> iface wlan0 inet static
[20:15] <Harald__> address 192.168.xxx.6
[20:15] <Harald__> gateway 192.168.xxx.1
[20:15] <Harald__> netmask 255.255.255.0
[20:15] <Harald__> wpa-ssid <my-essid>
[20:15] <Harald__> wpa-psk <my-psk>
[20:15] <Harald__> auto eth0
[20:15] <Harald__> iface eth0 inet static
[20:15] <Harald__> address 192.168.xxx.5
[20:15] <Harald__> gateway 192.168.xxx.1
[20:17] <Harald__> the hint about pastebinit came too late, sorry...
[20:18] <Harald__> would it help to put a 'sudo ifup wlan0' in my /etc/rc.local?
[20:19] <Harald__> at least this answer (http://askubuntu.com/questions/3677/disable-wireless-on-startup) would lead me to believe that could work
[20:19] <Harald__> though there the person wants to disable it...
[20:20] <ses1984> hey, i had a question not sure if this is the place to ask or #ubuntu+1, anyway i just installed precise x64 in a VM and noticed that python-django* packages were not in the repos,
[20:20] <ses1984> i was wondering if those were intentionally left out, or they will be added in for the final release
[20:20] <ses1984> i've been using the last LTS and it included django and associated packages, and a lot more python packages
[20:24] <SpamapS> ses1984: which ones are missing?
[20:25] <SpamapS> python-django - High-level Python web development framework
[20:25] <SpamapS> ses1984: I see python-django-* in my precise system
[20:25] <ses1984> i just did "aptitude search django" and got nothing
[20:25] <SpamapS> Harald__: please *do not* paste text in the channel
[20:26] <SpamapS> Harald__: when I said "pastebin" I meant paste it into a pastebin website. http://paste.ubuntu.com/
[20:26] <ses1984> i didn't do apt-get update yet that's probably it...
[20:26] <ses1984> yup
[20:28] <SpamapS> Harald__: so, the ifup is a bit confusing. After udev is done detecting devices, 'ifup -a' is run, so wlan0 should be brought up then.
[20:28] <Harald__> putting that into the r.local had no effect anyway
[20:29] <SpamapS> yeah I didn't read the askubuntu page, but I doubt that would change much
[20:29] <SpamapS> I don't know how the wpa-* bits are handled..
[20:29] <SpamapS> but I've never had any luck using WIFI on Ubuntu w/o network manager.
[20:29] <Harald__> and what's better is, when I disconnect the ethernet cable then wlan0 goes down, too
[20:30] <Harald__> by 'going down' I mean I lose my ssh on that interface
[20:32] <Harald__> and here you go: http://paste.ubuntu.com/883847/
[20:32] <hallyn> lynxman: libvirt libvirt0_0.9.8-2ubuntu13 is the only one that gives me those errors.
[20:33] <hallyn> i find it hard to believe that enabling numa fixed it :)
[20:51] <lynxman> hallyn: heh :)
[20:51] <lynxman> hallyn: so it's a last minute bug
[20:56] <hallyn> my guess is it's so timing-related that a new build rearranges the code enough to hide it
[20:57] <hallyn> in which case, the bug is still there and real
[20:58] <hallyn> maybe worth looking at iptables src for clues
[21:11] <nancy--> how to ssh with a key?
[21:12] <guntbert> nancy--: see https://help.ubuntu.com/10.04/serverguide/C/openssh-server.html
[21:56] <nancy--> i just sudo apt-get apache2          . did i installed php and mysql too and how to start these. with httpd?
[22:04] <qman__> nancy--, no, those must be installed in addition, apache is just a web server
[22:11] <bitmonk> hey guys i'm trying to set up a basic samba share based on the default config that ships with lucid, but my auth fails (share works if i allow guest)
[22:11] <bitmonk> anyone know if there's anything about the default config that's wonky?
[22:11] <bitmonk> in the log i pretty much just get create_connection_server_info failed: NT_STATUS_ACCESS_DENIED
[22:11] <qman__> bitmonk, with the default config, you have to set up users in tdbsam
[22:12] <qman__> sudo smbpasswd -a username
[22:12] <bitmonk> ah
[22:12] <qman__> libpam-smbpass supposedly keeps them in sync, and users added hereafter should get smb passwords
[22:12] <qman__> but for existing users, you have to do that
[22:13] <bitmonk> ah. yeah our users are written out by chef, i don't think any sort of pam trigger will work on them ever.
[22:13] <bitmonk> but i only really need two users.
[22:13] <bitmonk> and they aren't unix users anyway. this'll do.
[22:13]  * bitmonk hasn't touched samba in so many years.
[22:16] <bitmonk> how is access controlled for these users? wow it really has been a while.
[22:16] <nancy--> how to install mysql after i have installed apache2 and php5 ?
[22:17] <SpamapS> bitmonk: the default setup will map them to unix users of the same name I THINK
[22:17] <SpamapS> nancy--: apt-get install mysql-server
[22:19] <nancy--> thx
[22:20] <nancy--> SpamapS,  how to give ftp access to /var/www folder ?
[22:21] <SpamapS> nancy--: do not use FTP :)
[22:22] <SpamapS> nancy--: ssh/scp/sftp is what you want
[22:22] <SpamapS> nancy--: I'd recommend putting your website in /srv/www rather than /var/www .. as some packages may put files in /var/www even though they shouldn't. :)
[22:22] <nancy--> really?
[22:23] <nancy--> ok.. so how to setup sftp?
[22:23] <SpamapS> nancy--: install openssh-server
[22:24] <nancy--> i already haave ssh acces. i dont know what is installed. iam using amazon free tier
[22:25] <SpamapS> nancy--: ahh ok. So you can scp files from your local machine to your instance then.
[22:26] <SpamapS> nancy--: or use 'sftp' for the same purpose
[22:26] <SpamapS> nancy--: you can also use 'rsync' to copy a whole directory tree
[22:27] <nancy--> hmm
[22:28] <nancy--> how to install sftp
[22:31] <nancy--> SpamapS,
[22:34] <SpamapS> nancy--: its built in with ssh
[22:34] <nancy--> hm
[22:38] <nancy--> thx guyes