[01:51] lynxman: hey, any chance i can still get to that machine? [01:51] i figure i'll try rebuilding v13 to see if it's the build itself [01:52] will try in another instance meanwhile [03:56] New bug: #955681 in php5 (main) "php5-common's /etc/cron.d/php5 session expiration can go crazy" [Undecided,New] https://launchpad.net/bugs/955681 [05:15] New bug: #955720 in apache2 (main) "package apache2-utils 2.2.14-5ubuntu8.8 failed to install/upgrade: ErrorMessage: package apache2-utils is already installed and configured" [Undecided,New] https://launchpad.net/bugs/955720 [07:06] hi all [07:06] :q [07:06] ahh.. the dreaded :q [07:07] It's a smilie that says "oops I accidentally the vim" [07:08] supposed i have my company email with domain abc.org. but the port of the email is blocked by our ISP we are using. every one has username@abc.org accounts. So i want to set up email server to allow or configure that accounts [07:09] linocisco: so your ISP won't let you take incoming email on port 25? [07:10] linocisco: I bet they'll be happy to host your MX for you. [07:10] SpamapS, our Novell server use port 1914. that is blocked by ISP [07:10] wtf? [07:11] incomming mail isn't 25 anyway [07:11] Yes it is. [07:11] that's smtp port, outgoing [07:12] Incoming mail from roaming users might be on 587, but mail from random other MTAs will come in on 25 [07:12] use imap with ssl [07:12] twb ahh good point [07:12] taipres: um, if I subscribe to a mailing list, say on sf.net, and it sends me mail, sf.net will connect to the 25 of my MX (or A) [07:13] yeah I got it [07:13] was thinking purely client, but the fact the client outgoing is 25 then that must mean the server is listening on 25 [07:14] linocisco what are you using as a host? shared, cloud, vps, dedi? [07:15] taipres: uh, no. If my MTA talks to your MTA, my MTA doesn't need 25 open [07:15] I connect your 25 to my [07:15] taipres, my email accounts are in my office Novell Server but internet traffic is going through HQ hub [07:15] it's only if you want to give ME mail that MY 25 must be open [07:16] twb that's what I said [07:16] At no point is my 25 connected to your 25 in a single TCP connection [07:16] taipres: OK, I misread, nm [07:16] linocisco sounds like a big setup, they have no reason to block common ports like that === tsimpson_ is now known as tsimpson [07:18] hi all [07:19] taipres, they dont' block us . because HQ internet's is open to all offices in the world. we are connected using VSAT link to HQ. but in some remote office, we cann't have bigger VSAT overseas satellite. so we are stil using local ISP which blocks our port we need [07:19] yeah your ISP has no reason to block port 25, that's ridiculous and extremely unprofessional [07:19] taipres, i m thinking only easy email access for those offices with slow and limited port connection via local ISP [07:20] taipres, yes. but local ISP here do the same way country wide [07:20] taipres: it is (and should be!) done by default on residential DSL plans [07:20] taipres: this reduces the amount of spam generated in general. If you want to operate a mailserver, a good ISP will allow you to opt out of 25 blocking. [07:21] taipres, that is why I am thinking how their email accounts created in HQ be accessible in those office rather than using webmail [07:21] ISPs that don't have that policy tend to get added to DNS RBLs [07:21] twb glad I don't use DSL then, ISP should not block any port, for any reason [07:21] and anyway he said the ISP his company is using [07:21] am assuming that's not residental [07:21] IIRC linocisco is in burma, so it's probably a junta-owned ISP [07:22] taipres, here is our gov owned ISP does [07:22] taipres, as a workaround, i m thinking about port mapping or something like that [07:22] i'm really sorry to hear that [07:23] linocisco port may may work but the clients would need to know of the new port [07:24] taipres, I am not so smart in linux and ubuntu config. Just checking something possible [07:26] linocisco if your local ISP is able to block ports and stop your emails, that means you must control the domain(assuming you're not handing out isps) [07:26] so just rent a vps or dedicated server in another country and toss your email server on there [07:27] http://cheapvpsdeals.info/feature-search/ can find plenty using that $10 or less a month, usually $3 is [07:27] taipres, to have a dedicated server in other country is not also possible [07:27] what about VPS? [07:27] I'm using a VPS right now 1Gbps [07:27] allows everything [07:27] < $5 [07:27] taipres: lots of ISPs block port 25 as a way of mitigating abuse issues, especially on residential plans. [07:27] taipres, how could I communicate from that remote office. In those offices, we are just to use that local ISP line only [07:28] http://cheapvpsdeals.info/vps6-net-4-76-openvz-vps-256mb-1gbps-in-chicagous-los-angelesus-germany-turkey/ [07:29] linocisco you'll use the VPS's ISP, just setup a dns server or use a free one and point the dns(hostname yourcompany.com) to the ip ofyour VPS [07:29] where your mail server is sitting [07:29] taipres, in HQ [07:29] taipres, the thing is how the link will be established [07:30] where is the hostname pointing, to HQ servers? [07:32] either way I don't see why the local ISP is even in the picture, if they want to be zealots and try and control things you can cut them out, use a VPN to securely connect to the VPS where your stuff is forwarded from the HQ or is recieving directly [07:33] btw greppy ISP's that block port 25 are lame [07:33] the days of email bouncers are over [07:33] and most large email servers will reject residental anyway unless you login with credentials [07:34] like gmail, yahoo.com etc...they'll all reject [07:35] taipres, our main office has bigger VSAT dish and using that, we are connected to HQ, so our main office is fine. but in remote offices, they are to rely on local ISP which is slow and required ports are blocked [07:36] linocisco: if this is a corporate/sattelite situation.. you probably should be using a VPN anyway [07:37] taipres, previously , mail accounts from those diffcult remote offices are in our main office server, but later to reduce one segment in communication, we tell HQ to create those account on HQ, now they are using webmail only [07:37] linocisco yeah I think VPS can solve your problem [07:37] is cheap solution, and no more local ISP non-sense [07:38] taipres, ok. If I go with VPS, how can I get that link using which kind ? ADSL or VSAT or Fiber or type of media? [07:42] linocisco I think a VPN connection to hq servers via TCP would work, I don't know anything about VSAT, but if it's the only way you can communicate with HQ [07:42] then VPS won't help [07:42] at least it doesn't appear so [07:44] linocisco if you don't get any solutions in here, from these fine folks #networking may bare fruit [07:45] taipres, ths === mtaylor_ is now known as mtaylor [08:32] taipres: sorry, I disagree, and if they were over, the counters on the rules wouldn't be incrementing :) [08:43] hi all. anyoen here using kvm with oneiric or precise? [08:43] s/oen/one/ [08:52] !ask [08:52] Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience === Leseb_ is now known as Leseb [08:55] henkjan: yeah [08:55] I was curious if anyone had used sanlock [08:55] or managed to get it to work with current packages at all [08:56] i'm using kvm on oneiric. but not sanlock [08:56] because running kvm on a shared storage (currently nfs) is nice, but it's not very nice if a VM is started on two hosts at the same time... [08:56] because that makes filesystem integrity rather interesting [09:04] jamespage, lamp-reboot test failed [09:05] jamespage, File "/usr/bin/run-test", line 727, in [09:05] post_reboot_results = test['post-reboot-results'] [09:05] KeyError: 'post-reboot-results' [09:07] jibel: wip [09:07] I'll fix that up today [09:10] jibel: hmm - on it now [09:16] jamespage: btw, I'm up for a few more minutes.. :) [09:16] hey SpamapS! [09:16] nearly have that sorted [09:16] that test actually timed out - but the handling on timeout does not work so well [09:17] jamespage: ahh, a common thread amongst unit testing frameworks that are being bent into doing functional/integration tests === Leseb_ is now known as Leseb [09:21] SpamapS: you have no idea of that pain... :) .. Do you think it's proper that a unit testing framewrok is used to do integration testing, by git cloning the client of the tool the tests belong to? :) [09:23] Daviey: if your goal was to send me off muttering curses to bed.. its working. ;) [09:24] Got a bug in my bonnet to get the aws-status tray-icon-thingy ported to app indicators.. [09:24] nearly done [09:30] morning Daviey! [09:38] SpamapS: nice [09:39] morning jamespage.. i haven't forgotten! [09:39] Daviey, lol [09:39] SpamapS, zentyal is nearly ready to go - adding the transitional packages broken all of them due to the way zbuildtools users CDBS [09:40] bencer is working on a fix ATM [09:42] jamespage: yeah, the CDBS insanity that they have embraced needs to go. :-/ [09:42] jamespage: thanks for tracking that.. I've had almost no time to spend on it [09:42] SpamapS, yeah - I've been caught out by that issue twice in the last week [09:42] lynxmans changes to rabbitmq-server had the same problem [09:43] jamespage: *gah* [09:43] jamespage: going to the doc now to get blood out of me, will review afterwards if thats okay ;) [09:46] jamespage: ok, well good luck on fixing the lamp stuff.. ttyl! [09:46] * SpamapS passes out [09:48] jibel: I've made the collection of test results a bit more rugged - https://code.launchpad.net/~james-page/ubuntu-server-iso-testing/reboot-testing-fixes/+merge/97598 [09:55] I have encrypted rootfs with lvm/luks as chosen during install. How do I change the keys? I am aware that I can normally change luks keys with cryptsetup luksAddKey /dev/sdX, however, I am not sure whereto change the key, when using luks with LVM? [09:59] jamespage, qck, I'll review your merge request today [09:59] s/q/a [10:00] jibel: ta === himcesjf1 is now known as himcesjf [10:56] lynxman, just as I am not completely confident in subscribing people would make then aware (well it may or may not for me): may I point you to bug 948323 which I believe you could have an opinion about. :) [10:56] Launchpad bug 948323 in ipxe "Rom images for e1000 and ne2k missing vendor and device id" [Low,Confirmed] https://launchpad.net/bugs/948323 [11:06] New bug: #955883 in squid3 (main) "Squid3 Crash assertion failed: comm.cc:349" [Undecided,New] https://launchpad.net/bugs/955883 [11:57] hello [11:57] there [11:57] i try to install ipmitool [11:57] i got this error : [11:58] Could not open device at /dev/ipmi0 or /dev/ipmi/0 or /dev/ipmidev/0: No such file or directory [11:58] what that it means ? [12:08] <_ruben> azertyu: you need to load the various ipmi kernel modules [12:19] `netstat -lp` shows a process listening on localhost:domain but under pid / name it lists only "-". How do I find out what process it is that's listening on port 53? [12:20] Never mind, needed sudo netstat instead :-) [12:21] New bug: #955938 in lxc (universe) "Unable to create lxc instances with ubuntu-cloud template for release other than precise" [Undecided,New] https://launchpad.net/bugs/955938 [12:27] jamespage: back! [12:27] jamespage: so what do I need to fix from rabbitmq-server? [12:28] lynxman, only what was in the merge proposal [12:33] New bug: #955935 in lxc (universe) "Creating lxc instances using ubuntu-cloud template throws warning" [Undecided,New] https://launchpad.net/bugs/955935 [12:35] jamespage: hmm rabbitmq-server is only a debdiff afaict [12:35] jamespage: puppet is the merge proposal, going to fix that now [12:36] lynxman, you are quite correct [12:36] still waiting on FFe approval for rabbit [12:36] I was commenting on the CDBS behaviour you saw when you switched rabbitmq-server to be multi-binary [12:45] jamespage: aaah okay, got confused then [12:47] lynxman, how do you feel about upstartifying puppet? [12:47] something for next release? [12:48] jamespage: I can do that now if we might [12:48] jamespage: I fear no upstart :) [12:48] bug 954368 [12:48] Launchpad bug 954368 in puppet "Upstart script puppet agent" [Low,New] https://launchpad.net/bugs/954368 [12:48] lynxman, I think its not bad idea [12:48] jamespage: taking that one :) [12:48] however I'm reticient todo it this late in the cycle [12:48] jamespage: well, if we do it properly it should be fine [12:49] lynxman, I also thing the entire package should be done - it has three init scripts. [12:49] jamespage: yeah, the puppetmaster ones and the puppet client one [12:49] jamespage: shouldn't be a problem [12:49] lynxman, we really need to be restricting changes to bugfixes now [12:49] I think this is a new feature [12:49] jamespage: your call, you're wiser than me ;) [12:50] jamespage: I think it would be a nice feat for an LTS [12:50] lynxman, hmm === medberry is now known as med_ [12:52] lynxman, personally I don't think we should now; lets park it for early next cycle [12:52] I'll comment on that bug [12:53] jamespage: your call :) [12:58] lynxman: Is there a bug with how it's currently handled ? [12:58] lynxman: What will it do to improve things? [12:59] Daviey: it will just make things the same, on an upstart fashion, that's why I'm neither for or against [13:03] lynxman: nah, hold off. [13:08] Daviey: will do :) === fjlacoste is now known as flacoste === bladernr_afk is now known as bladernr_ [13:36] New bug: #955999 in unixodbc (main) "package odbcinst1debian2 2.2.14p2-5ubuntu3 failed to install/upgrade: ErrorMessage: dependency problems - leaving unconfigured" [Undecided,New] https://launchpad.net/bugs/955999 [13:36] New bug: #956000 in juju (universe) "'juju' with no arguments gives confusing message" [Undecided,New] https://launchpad.net/bugs/956000 [13:42] I have an LXC question: after creating and starting (in daemon mode) a container I use lxc-console to log in. I get a command prompt and when I issue my first command (no matter what that command is) I am then sent back to the login prompt. Thoughts? [14:03] New bug: #956019 in keystone (universe) "keystone doesn't install the copyright file" [High,New] https://launchpad.net/bugs/956019 [14:04] New bug: #950935 in glance (main) "Allow adm group to read log files" [Medium,Fix released] https://launchpad.net/bugs/950935 [14:08] benji: thought: "that's whack" [14:08] heh [14:09] actually it sounds like a problem with libraries. our OOM. [14:09] anything in syslog about SEGVs or OOM? [14:11] hallyn: ooh: [14:11] [ 6448.889458] zsh[5057]: segfault at 10000 ip b758b914 sp bff1dd64 error 4 in libc-2.11.1.so[b755d000+153000] [14:11] * benji disables his .zshrc and tries to log in. [14:12] ok, that is insane: something in my .zshrc is causing zsh to segfault (but only in a container, not on the host) [14:13] but, it mean's I'm at least working again; thanks hallyn! [14:14] * benji wonders how that stray apostrophe got in here. [14:24] wtf, postgresql-8.3 was removed from lucid, so you no longer have an upgrade path for a hardy postgresql server? it used to work a year or two ago [14:32] lynxman, around? have a question about the swift upstart configs that I think you authored [14:34] maswan, the upgrade path is likely http://www.postgresql.org/docs/current/static/pgupgrade.html [14:43] jamespage: i've fixed zbuildtools so now we dont get empty packages, uploaded here, going to copy now the other packages from previous ppa to force the rebuild [14:43] and everything should be ready: https://launchpad.net/~bencer/+archive/zentyal-2.3-precise [14:43] ogra_: thanks for the upload [14:45] welcome [14:46] jamespage: otp, 1 sec :) [14:46] bencer: nice one [14:47] lynxman, np [14:55] hello ubutu-server. can i boot ubuntu-server from usb-hdd? [14:56] jamespage: do you need something else? should we wait until all packages are built? [14:56] bencer_, that should be enough [14:56] I'll take a look later today/early tomorrow. [14:57] anyway, i'll copy the other packages to that ppa when zbuildtools is published [14:57] yp [14:57] yes please [14:57] jamespage: ok thanks! [14:57] bencer_, no problem! [14:57] jamespage: I'm back, shoot! :) [14:57] lynxman, OK - so I just picked up a bug re the swift upstart configurations [14:57] hallyn: sorry, went to bed yesterday, the machine is available again at the same location as before [14:59] lynxman, http://paste.ubuntu.com/884885/ [14:59] I don't understand the "find" bit [15:00] I need some suggestions for bandwidth monitoring, $boss wants to know how much bandwidth certain people are using on the network, so I want to get totals per host over time, preferrably with nice graphs [15:00] jamespage: it is to check that we have at least one configuration file available in the configuration directory, because it comes with none by default [15:00] maxon: sure, why not. Assuming your BIOS supports it [15:01] ntop is the only thing I know of which does this, though it doesn't do it well, and it keeps crashing, and every time it does, restarting it loses all the data collected [15:02] lynxman, bug 954477 [15:02] Hi. In Ubuntu server, cluster and ctdb support is not compiled at build time anymore since years. How do you - Ubuntu server users - use samba in an Ubuntu cluster? [15:02] Launchpad bug 954477 in swift "swift config doesn't match upstart expectations, required upstart configurations not installed." [High,In progress] https://launchpad.net/bugs/954477 [15:03] I guess the config locates have moved around a bit [15:03] locations.... [15:06] jamespage: could really be, I already patched one of them :) [15:06] jamespage: Mind these scripts were created for diablo [15:06] lynxman, OK _ I just wanted to check I was not missing anything - I'll fix up now [15:07] jamespage: thank you very much ;) [15:08] cwillu_at_work: ok, will try that then [15:09] maswan, I believe the problem is that 8.3 will be eol before lucid is eol, so it had to happen eventually [15:09] and an automatic migration from 8.3 to 8.4 would be silly [15:10] (where "silly" is defined to mean "would work fine for people who use postgres as a toy, and cause massive homicide-inducing disruption for those who don't") [15:10] cwillu_at_work: but upgrades from hardy needs to work until hardy is eos [15:10] maswan, upgrades work fine [15:11] nobody ever made a promise that upgrade will not require any manual intervention, just that you'll have support in doing so [15:11] and migrating from 8.3 to 8.4 is supported by postgres [15:11] (in the "it should work, and people won't say it's unsupported if it breaks") [15:11] (...sense) [15:20] cwillu_at_work: sure, I know how it worked when I upgraded the previous batch of db servers [15:24] lynxman, OK have enough to work with now [15:28] hey guys, i got a 10.04 kvm/libvirt server, often when i go to build a new machine, it fails. it seems that after an automatic update this happens, after i reboot all is well. i don't have any debug information, i just wonder if anyone has an idea of what might be going on with this simple description. [15:33] lynxman: gosh!! [15:40] If I have two encrypted partitions with the same passphrase, is there a way to enter the passphrase only once during bootup? === Lcawte|Away is now known as Lcawte [16:05] New bug: #956128 in multipath-tools (main) "find_multipaths feature missing from upstream" [Undecided,New] https://launchpad.net/bugs/956128 [16:22] jamespage: you're coredev? [16:23] hallyn, yep [16:23] jamespage: can you plz push lp:~serge-hallyn/ubuntu/lucid/procps/procps-e to lucid-proposed? [16:23] hallyn, lemme take a look [16:23] thx [16:23] maybe i should send you a debdiff... [16:24] i can't push to lp:~serge-hallyn/ubuntu/lucid-updates/procps/procps-e, so i'm not convinced lp did the right ting... [16:25] eh it should [16:25] jamespage: the debdiff is just http://people.canonical.com/~serge/procps-e.debdiff [16:29] hallyn: on it now [16:30] hallyn, uploaded [16:37] jamespage: thanks [16:37] i think that bug pre-dates my familiarity with SRU process === bladernr_ is now known as bladernr_afk [16:51] New bug: #956177 in nova (main) "python-nova should include openssh-client as a dependency" [Undecided,New] https://launchpad.net/bugs/956177 === lifeless_ is now known as lifeless === medberry is now known as Guest35857 [17:13] How stable is the server version of 12.04 right now [17:13] relatively speaking === bladernr_afk is now known as bladernr_ [17:25] bencer_, I still see upstart configurations in the transitional packages? [17:26] jamespage: uhm i checked that but maybe only on packages without upstart scripts? [17:26] damm it, let me check again [17:27] jamespage: you are right [17:28] let me see how i can fix that [17:36] bencer_, this works - http://paste.ubuntu.com/885126/ [17:36] jamespage: yup [17:37] that's what i was testing :) [17:37] bencer_, longer term it would be nice to move these packages away from CDBS [17:37] and use debhelper instead [17:38] jamespage: now the unfriendly thing of launchpad comes, i've to increase the version only for fixing that small thing that was only a poc [17:39] bencer_, I think you can delete the package from the PPA now and re-upload a fixed version === Guest35857 is now known as med12345 === med12345 is now known as med___ === med___ is now known as med__ === med__ is now known as med_ === marcoceppi_ is now known as marcoceppi [19:08] hallyn: I "think" we should allo /lib/init/fstab.lxc to be bind mounted over /lib/init/fstab in the new apparmor profile ;) [19:08] hallyn: just had my machine crash because I forgot that on [19:08] *one [19:08] (as in, my container starting messing with my host's ttys until X and everything else crashed) [19:09] jjohansen: how's the apparmor bugfix release coming along? [19:10] stgraber: it should be going up soon [19:10] stgraber: patches are under review. we are hopeful it will be uploaded in a few hours [19:10] jjohansen, jdstrand: that's good news, thanks [19:11] jjohansen: will we need a matching kernel upload or is the kernel I'm running currently only adding a few debug statements? [19:12] stgraber: you will need the matching kernel for the full pivot_root /blah, but pivot_root, will work until the new kernel goes up [19:12] jjohansen: ok, will that be in the next kernel upload? I think there's one planned tomorrow [19:13] stgraber: yeah I think so I am test building a kernel from scratch just to make sure on the patches, and the patch request is going out after that, so they should go in this afternoon [19:14] cool [19:17] smoser: dont suppose you know why euc2ools/euca-authorize uses the 'authorize_security_group_deprecated' method instead of 'authorize_security_group' [19:18] from ? [19:18] boto ? [19:23] smoser: yeah, i think [19:24] smoser: i cant seem to create self-referential security groups with the _deprecated method its calling, using the non-_deprecated call seems to work tho. [19:32] adam_g, i'm not sure. [19:37] hi all [19:37] adam_g, https://answers.launchpad.net/keystone/+question/190793 can you help me with it? [19:37] koolhead17|away: not atm, sorry [19:37] adam_g, np === koolhead17|away is now known as koolhead11 [19:46] hallyn: mind if I share the link to your lxc doc pdf? I had a few comments on blog posts/g+ lately about lack of LXC documentation, so even if not really ready, I think it'd be useful to point them to it [19:56] New bug: #956366 in nova (main) "self-referential security groups can not be deleted" [Undecided,New] https://launchpad.net/bugs/956366 === bladernr_ is now known as bladernr_afk [20:03] There's a new(er) OpenStack quantum source package ~e4 available but only ~e2 packages are built. Anyone know why? ... I guess I should know why or be able to find out. [20:06] roaksoax: what issues are you seeing with ubuntu-cobbler-import? === bladernr_afk is now known as bladernr_ [20:30] jamespage: Hi, I see that the rds source package has made it into universe [20:31] jamespage: How long does it usually take for binary packages to be built? [20:36] How do I set ntp.conf in ubuntu to listen to multicast? [20:38] adam_g: quantum IIRC had a binary app that was moved from one package to the other or something.. without appropriate Breaks/Replaces.. do you know if it was fixored? [20:38] Daviey: you might be thinking of keystone? im not sure, quantum is all chuck shork [20:38] i even typo'd the typo [20:47] adam_g: lol [20:48] adam_g: Okay, well, the last upload the binary was rejected for that reason. [20:48] adam_g: so it needs fixoring before the next upload, if not already [20:50] * RoyK [20:51] * Daviey [20:51] Daviey: the trunk builds in jenkins are fine. [20:52] adam_g: right, it's not a build issue.. it's an upgrade issue [20:52] dpkg needs to know to remove the old binary before instlaling the new one to avoid trying to overite a file. [20:53] Daviey: i cant make any promises that ill be getting to that today, sorry [20:54] adam_g: no, i don't expect you to.. but i'm saying it needs to be resolved before the next glance upload. :) [20:54] Doesn't seem glance is uploaded weekly. [20:54] Daviey: which is tomorrow, no? [20:54] So perhaps leave it [20:54] glance *should* be uplaoded weekly with the rest [20:54] adam_g: last uploaded on the 5th [20:55] Oh bug. [20:55] great [20:55] Not galnce, quantum ! [20:55] sorry. [21:06] On server i got a kernel panic, suppossingly because of the disk space on boot. any ideas how to solve this? can I just delete data from boot device? [21:06] utlemming: Hey, are you around? [21:06] Daviey: for you, yup [21:07] adac: well, not something you care about, right... :) [21:07] utlemming: Great! Any news on the locale issue? [21:07] with cloud images? [21:08] Daviey, hehe. Well i'm not sure even what uses that much diskpsace on it. i guess has seomthin to do with new kernels [21:09] Daviey: not really...cloud-init gets in the way by setting /etc/default/locale and then pam prevents you chaning it via ssh [21:15] utlemming: right... [21:15] utlemming: it's a really, poor experience atm === webmonkey_ is now known as webmonkey [21:17] utlemming: pam *prevents* ? [21:17] Daviey: I whole-heartedly agree on that point. [21:19] utlemming: if i $ LC_ALL=C ssh ubuntu@foo , the locale of C is passed through [21:19] How is pam preventing that? [21:19] or rather, pam isn't preventing that [21:19] Isn't the issue more that the instance doesn't have non-US locales? [21:20] no, its not. Run "locale" [21:20] http://pb.daviey.com/cm [21:21] Daviey: "Internal server error" [21:21] utlemming: refresh? [21:21] no dice [21:21] utlemming: if i use my local, and don't overide. http://pb.daviey.com/gwLc/ [21:21] the problem is "pam_env.so envfile=/etc/default/locale" [21:22] utlemming: hang on.. [21:22] LANG is hard coded to /etc/default/locale [21:22] yes, but cloud-init [21:22] the rest are passed through the ssh connection from the local machine, right [21:22] yes [21:23] Sooo... if LC_ALL is set to en.US.UTF-8 in /etc/default/locale.. we should be ok? [21:25] yummm....yeah...I'll submit a patch to smoser on that [21:31] hallyn: I posted the link to the .pdf and made it clear that it was a work in progress. [21:31] hallyn: I also proposed a plenary for UDS on LXC to cover all the cool stuff we have in 12.04, some unusual use of containers and what are the next big steps. If it's accepted, you're welcome to contribute :) === bladernr_ is now known as bladernr_afk [21:44] utlemming: So.. the locale issue seems to also cause problems with certain package installs. [21:44] Daviey: that is _new_. Before I've seen errors, but never a package failure [21:44] dbconfig'ing packages craps out.. so it's really not just a cosmetic issue, but a Critical one === bladernr_afk is now known as bladernr_ [21:45] Daviey: agreed === Lcawte is now known as Lcawte|Away [22:36] stgraber, hallyn: fyi, new apparmor uploaded [22:37] jdstrand: yeah! thanks [22:37] stgraber: sure thing-- be sure to thank jjohansen :) [22:37] jjohansen: thanks! [22:47] Hello. Does Ubuntu server come with a set of firewall rules on by default? [22:50] CheckIn: no but it does not open any ports by default [22:50] CheckIn: and ufw is available, which is the "Uncomplicated FireWall" [22:51] SpamapS: How does it close the ports? [22:51] Just not install any server software ? [22:52] CheckIn: right [22:53] Hmm [22:53] CheckIn: you can optionally install the firewall and server software during the installer of course. [22:53] I don't know where these firewall rules came from then [22:53] I've installed mysql apache freeradius and php5 [22:53] and I have a list of firewall rules [23:02] SpamapS: http://imgur.com/UPvUG is what I get on boot [23:08] CheckIn: looks like ufw.. perhaps I was wrong and it is turned on by default [23:10] SpamapS: Ok thanks