[00:33] <jdstrand> ufw is not enabled by default
[00:33] <jdstrand> those are libvirt rules
[00:34] <jdstrand> CheckIn: ^
[00:38]  * jdstrand wanders off
[01:02] <CheckIn> jdstrand: umm hmm
[01:03] <CheckIn> it knows that it's in a virtual machine?
[01:23] <qman__> CheckIn, it does, but that's not why
[01:23] <qman__> it must have been created by a vm builder of some kind, or has libvirt stuff installed on it
[01:24] <qman__> in any case, those rules don't really affect anything you're trying to do
[01:25] <qman__> it simply added some accept rules to the input chain, which is an accept policy already
[01:25] <qman__> and configured forwarding, probably to get the VM online
[01:25] <qman__> that would only affect you if you're trying to configure as a router
[01:37] <CheckIn> qman__: So why can't I ping the machine before I drop the rules?
[01:41] <qman__> plenty of reasons, but the rules showing there aren't it
[01:42] <qman__> not directly anyway
[01:42] <qman__> it could be that your VM networking is messed up out of the box
[01:42] <qman__> and that those rules it creates cause it to be unpingable
[01:55] <CheckIn> qman__: dropping the rules makes it pingable but it's not the rules?
[02:05] <qman__> not _just_ those rules
[02:05] <qman__> check the nat table, and check the VM config
[02:05] <qman__> they might in combination be breaking it
[02:19] <CheckIn> hmm ok thanks
[02:20] <CheckIn> qman__: What would libvirt be used for?
[02:20] <CheckIn> It's installed I'm wondering if I can just remove it
[02:21] <CheckIn> Is that what is giving me a virbr0 network card?
[02:21] <pabelanger> Friendly reminder bug 953093 and bug 954915 both have branches ready for review (merge request).
[02:22] <qman__> CheckIn, my guess is yes, but I don't know enough about libvirt to say for certain
[02:27] <CheckIn> qman__: Yes as in I can remove it or yes as in it's providing things for the computer ?
[02:28] <qman__> yes as in it's providing the interface
[02:29] <CheckIn> qman__: Ah well I don't use it and it doesn't seem to do anything
[02:53] <ChmEarl> CheckIn, you never make virtual machine in Kvm or Xen? thats what libvirt helps with
[03:05] <CheckIn> ChmEarl: Nope this is an install within a virtual machine which is VirtualBox based
[03:09] <qman__> that may explain things
[03:09] <qman__> did you install the virtualbox extensions in the VM?
[03:10] <qman__> IME, virtualbox's networking is hoakey and hard to get working right
[03:39] <larry> i wonder if somebody is trying to attack my website, i got visit from anonymous proxy, with the IP address 65.49.2.185, a whois shows this belongs to sophidea, and searches show bad things about it, like this: www.wilderssecurity.com/showthread.php?t=286100 and this: http://www.wilderssecurity.com/showthread.php?t=302402   and this: http://thewhiterace.com/showthread.php?1720-Whitenewsnow-com-attacked-by-Anonymous/page2
[03:42] <larry> anybody waked?
[03:42] <qman__> not for long, but you haven't stated why you think you were attacked
[03:43] <qman__> a hit doesn't mean an attack
[03:43] <qman__> most attacks will leave you with bizarre looking requests in the apache log
[03:43] <larry> well i found that IP was browsing my website
[03:43] <larry> maybe they are preparing to attack?
[03:44] <larry> so they can take money from customers later?
[03:45] <endra> What do you guys make of this: http://pastebin.com/XqSQGqS9
[03:45] <Maleko> larry: cloudflare it
[03:45] <Maleko> :p
[03:46] <larry> is it necessary?
[03:46] <qman__> doubtful
[03:47] <qman__> a hit's a hit, doesn't necessarily mean anything
[03:47] <larry> well any idea who what this thing was?
[03:47] <qman__> if you're worried, check for CVEs on the software you run
[03:47] <larry> just random?
[03:47] <qman__> and patch your server
[03:47] <qman__> and of course, check your backups
[03:48] <larry> if its hosted by godaddy will godaddy do any security or its all up to me?
[03:48] <qman__> depends
[03:48] <qman__> VPS, it's up to you
[03:49] <qman__> they have certain measures in place to cover themselves, but not you
[03:49] <larry> CVE = common vulnerabilities?
[03:52] <qman__> point is, a random hit from an anonymous proxy doesn't make you any more or less vulnerable or at-risk than normal
[03:52] <qman__> make sure your software is patched and reasonably secured
[03:53] <qman__> and that your backups are good, because stuff happens
[03:54] <qman__> now, if you're seeing strange behavior from that IP, then you might have something to look into, but so far, I don't see any reason to investigate it much further
[04:24] <larry> ok thank you
[04:51] <timebox> need help installed ubuntu server 64bit 11.10 to HP proliant ML150G6 but its as if I cant connect to the net I cannot even ping anyone had same experience?
[05:14] <timebox> my bad wrong port used thanks!
[09:16] <koolhead17> hi all
[09:21] <lynxman> morning o/
[09:24] <lynxman> jamespage: will be tackling the puppet merge this morning
[09:25] <jamespage> lynxman, you read my mind :-)
[09:25] <Maleko> hello
[09:26] <Maleko> how do you add route?
[09:26] <lynxman> jamespage: I'm like that ;)
[09:27] <lynxman> jamespage: I had to do it yesterday, but I didn't find the time finally :/
[09:27] <koolhead17> Maleko: route add
[09:28] <koolhead17> Maleko: man route <--
[09:28] <_ruben> eew
[09:28] <_ruben> man ip
[09:28] <_ruben> ip route add ...
[09:29] <lynxman> koolhead17: route is obsolete, ip route add is how it should be done
[09:29] <lynxman> !man
[09:31] <koolhead17> sorry Maleko
[09:31] <koolhead17> thaks lynxman
[09:31] <koolhead17> *thanks
[09:31] <Maleko> ahh people replied me. thought this place is dead
[09:32] <Maleko> i actually want to ask why "route add" adds an extra entry in routing
[09:32] <Maleko> http://pastebin.com/auxBfhV8
[09:34] <Maleko> why ip route doesn't do that?
[09:35] <_ruben> because the route command is broken? use ip route to list the routing table instead
[09:35] <lynxman> Maleko: it does
[09:35] <lynxman> Maleko: the thign being, you're adding on ip route a default gateway
[09:35] <lynxman> maknz: then with route add a gateway to THAT network
[09:36] <lynxman> Maleko: then with route add a gateway to THAT network
[09:36] <lynxman> Maleko: I'd suggest you getting a bit more familiarised with routing basics
[09:37] <lynxman> Maleko: you don't need a gateway for a network that you're part of, it's completely redundant and not desired
[09:40] <Maleko> im lost when you said i dont need a gateway for a net im part of :\
[09:43] <maxb> gateways take you other places. why would you go through a gateway to get to where you already are? that makes no sense
[09:56] <Maleko> so your point is i don't need to specify a gateway if i only want to talk to other computers in the same net i am?
[10:00] <lynxman> Maleko: exactly
[10:00] <lynxman> Maleko: gateways are only to be able to talk to computers in other networks
[10:41] <jamespage> lynxman, whilst you are working on puppet you should credit glenn's work in the changelog entry (working through the sponsors queue ATM and noticed he did some debdiff's)
[10:41] <lynxman> jamespage: hmm sure, didn't use any of his code though
[10:42] <jamespage> lynxman, sorry - you are quite correct - just noticed you added the debdiff
[10:42]  * jamespage faceplants
[10:42] <lynxman> jamespage: ;)
[11:19] <Zx432> How do I enable ethernet card on Ubuntu server? I searched on the net but I was unsucessfull. I must warn you I am a noob and this is my first server.
[11:20] <koolhead17> https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/935585
[11:21] <koolhead17> is fix for this  getting merged today?
[11:24] <Jeeves_> koolhead17: I fixed it by moving a file in /etc/init
[11:25] <Maleko> Zx432: ip link set eth0 up/down
[11:28] <Jeeves_> Maleko: Well, that is a bit too basic, I suspect :)
[11:28] <Jeeves_> Zx432: See /etc/network/interfaces
[11:28] <Jeeves_> And 'man interfaces'
[11:46] <Zx432> well now I get no picture... :)
[11:46] <Zx432> Monitor is showing: Not optimum mode
[11:46] <Zx432> I have done nothing.
[11:56] <Zx432> My server doesn't display picture. Monitor displays: Not optimum mode Recommended mode 1280x1024 60 hz
[12:11] <soren> Daviey: I've worked out how to create Keystone stuff (roles, services, endpoints, etc.) on install.
[12:13] <Daviey> soren: oh?
[12:13] <soren> Daviey: http://bazaar.launchpad.net/~ciscosystems/keystone/ubuntu/revision/37
[12:14] <soren> Daviey: Specifically, see the upstart job changes and the postinst.
[12:14] <Daviey> soren: should they be medium or low priority ?
[12:14] <soren> Daviey: Which ones?
[12:14] <soren> Daviey: The create_* questions?
[12:14] <Daviey> soren: creating the user
[12:15] <Daviey> Ie, should we default to prompting it, or make it a main target for preseeding?
[12:15] <soren> The basic assumption is:
[12:16] <soren> If you're doing a large deployment, you'll be using preseeding.
[12:16] <Daviey> soren: what is the point of /var/lib/keystone/run_on_start.bak ?
[12:16] <soren> If you're not using preseeding, you're fairly likely just setting up a simple test environment.
[12:17] <Daviey> ahh
[12:18] <Daviey> it's a run once operation
[12:18] <soren> Daviey: Yeah.
[12:18] <soren> Daviey: I think it's rude to do things like that and then remove the evidence.
[12:19] <soren> Daviey: It's nice to have around for me for debugging, but it's also nice to anyone else to be able to see what "I" did on their behalf.
[12:20] <soren> Daviey: E.g. the rightscale init script used to delete itself. I hated that.
[12:20] <Daviey> soren: I think, if you can document that in the d/changelog.. lets get it included in the upload today
[12:20] <Daviey> (would like a QA run of it first.)
[12:20] <soren> Daviey: It's not entirely appropriate for Ubuntu right now.
[12:20] <Daviey> soren: oh?
[12:21] <soren> Daviey: It renames the database.
[12:21] <soren> WEll..
[12:21] <soren> Rather: It doesn't.
[12:21] <soren> ...but expects to find it elsewhere.
[12:21] <Daviey> 24             SQL_CONNECTION="sqlite:///$dbc_basepath/$dbc_dbname.db" 24            SQL_CONNECTION="sqlite:///$dbc_basepath/$dbc_dbname"
[12:21] <soren> dbconfig-common lets you specify a dir and a db name.
[12:21] <Daviey> ?
[12:21] <soren> Yeah, but dbconfig creates $dbc_basepath/$dbc_dbname
[12:22] <Daviey> soren: you dropped the .db?
[12:22] <soren> Anyway, a bit of care needs to be applied there and I haven't worried about that just yet. It's minor.
[12:22] <soren> Daviey: dbconfig-common does.
[12:22] <soren> Daviey: dbconfig-common creates the db.
[12:23] <soren> Daviey: ...but names it just $dbc_basepath/$dbc_dbname
[12:23] <soren> Daviey: Not $dbc_basepath/$dbc_dbname.db
[12:23] <Daviey> oh
[12:23] <Daviey> soren: Well, regardless - this would be nice to get into precise.
[12:23] <soren> Daviey: ...and if you set dbc_dbname to keystone.db by default, the mysql and postgresql backends get upset.
[12:23] <Daviey> right!
[12:24] <KM0201> is there a walkthrough to install ubuntu server from USB?  i fail at the cd rom detection, and i don't have a cd drive.
[12:24] <soren> Daviey: I'd be happy to get it into Ubuntu, I just haven't thought through all the migrations paths yet at all.
[12:24] <Daviey> soren: Are you committed to doing that?
[12:25] <koolhead17> !unetbootin
[12:25] <KM0201> koolhead17: no kidding?... why don't you try reading that.
[12:25] <KM0201> ii've done what it says there, it doesn't seem to work
[12:25] <soren> Daviey: The migration stuff?
[12:25] <Daviey> soren: yes
[12:25] <soren> Daviey: I'm not sure, really. I have no clue what state keystone was in in Oneiric.
[12:25] <koolhead17> KM0201: because i use it.
[12:25] <KM0201> not working for me, i tried doing what is said
[12:25] <soren> Daviey: What I *can* do, though, is handle the upgrade from the version immediately before the one wehre these changes land.
[12:26] <Daviey> soren: No, i'm not sure we can migrate from ks->ksl nicely
[12:26] <Daviey> adam has more info.
[12:26] <soren> Daviey: Oh, we can.
[12:26] <soren> Daviey: Well, at least we're supposed to.
[12:26] <koolhead17> KM0201: tell me where are you stuck?
[12:26] <Daviey> soren: I thought there was an issue?
[12:26] <Daviey> soren: markmc also mentioned concerns for them aswell.
[12:26] <KM0201> detecting the cdrom.. says it couldn't be mounted
[12:26] <Daviey> Maybe i'm missing something.
[12:26] <soren> Daviey: Code has been written that's meant to handle that. Whether it works or not... I don't know.
[12:27] <soren> Daviey: It's just a rather awkward procedure.
[12:27] <KM0201> i get the unetbootin screen, boot the usb, choose keyboard, language, etc..
[12:27] <Daviey> soren: oh cool, my views might have predated that then :)
[12:27] <KM0201> but it fails to mount the cd
[12:27] <soren> Daviey: You have to create a new database, point a migration script at the old one as well as at your old Nova install..
[12:27] <soren> Daviey: It's very, very non-trivial.
[12:27] <Daviey> *awesome*
[12:27] <soren> Daviey: See http://keystone.openstack.org/
[12:28] <Daviey> soren: If i were a production admin, i'd not want you to do that much fiddling without permission :)
[12:28] <soren> Daviey: Let me qualify that a bit: It looks pretty easy to do *manually*. Driving it automatically in a postinst scenario... Not much fun at all.
[12:28] <Daviey> right!
[12:28] <Daviey> I think we should provide a debconf warning, linking to steps to provide
[12:29] <Daviey> Handling a seemless, automatic upgrade seems risk prone.. and not that beneficial imo
[12:29] <soren> Daviey: Yeah, something like that.
[12:29] <soren> Daviey: It's a lot of work for sure, and not anywhere near the top of my list of priorities.
[12:30] <Zx432>  I have a graphic card Gigabyte GV R925128T all of a sudden I get Not optimum mode Recommended mode 1280x1024 60 hz on my monitor, I can still see boot sequence normally.
[12:31] <soren> Daviey: But handling the upgrade from a very recent keystone should be quite easy.
[12:31] <soren> Daviey: I just haven't looked at it yet. I'm focused on making a fresh install work.
[12:35] <Daviey> soren: agreed
[12:36] <Daviey> soren: If you are happy to put the work into this, i think it would be a great addition
[12:36] <patdk-wk> zx432, that is cause your using a lcd monitor
[12:36] <patdk-wk> and the resolution doesn't match the lcd display
[12:37] <patdk-wk> either ignore it, or change your screen size
[12:37] <Zx432> Ihe problem is I can't do a thing.
[12:37] <Zx432> And the mponitor is new
[12:37] <Zx432> *monitor
[12:37] <patdk-wk>  Idon't know what that means, can't do a thing
[12:38] <Zx432> The screen is black and only the ewarning is dancing around.
[12:38] <Zx432> *warning
[12:39] <patdk-wk> hmm, probably need to use the nomodeset kernel option on boot
[12:39] <patdk-wk> and then either fix the screen resolution, or just make that perm
[12:41] <Zx432> Never did that, checking the internet
[12:41] <Zx432> The funny thing is it worked a week ago.
[12:44] <jamespage> smoser: https://code.launchpad.net/~james-page/swift/essex-fixup-upstart/+merge/97690
[12:51] <Zx432> I must be doing stg wrong, I cant even get the the nomodeset to show
[12:55] <bencer_> jamespage: i saw you changed into Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
[12:55] <bencer_> do we need to do this in all packages?
[13:09] <lynxman> jamespage: around?
[13:13] <jamespage> bencer_, no - that was only because I did the delta for testing that build fix
[13:13] <jamespage> lynxman, yep
[13:13] <bencer_> jamespage: ok thx
[13:13] <lynxman> jamespage: nah, nevermind it was a git issue :)
[13:14] <xpistos> hello everyone.
[13:15] <xpistos> are there any utilities that i should be running on my Ubuntu server to keep it healthy? Like H-top or something?
[13:21] <bencer_> jamespage: btw, even you delete the packages, you are not allowed to upload again the same version :-/
[13:21] <jamespage> bencer_, thats what I thought but I though I managed todo it the other day
[13:22] <jamespage> hmm - maybe not.
[13:28] <Zx432> ok i sort of fixed the monitor problemm.
[13:28] <Zx432>  but I still can't get the internet to work.
[13:30] <Zx432> Is there a way to restart the ethernet card and force it to connect using dinamic ip?
[13:48] <michael_tn> good day all
[13:49] <Zx432> Hi
[13:49] <michael_tn> i'm looking for a little help with using d-i and preseed to format 4 disks in LVM during an auto install via pxe
[13:50] <michael_tn> i can have partman do a single disk  with no issue
[13:50] <michael_tn> if someone has a preseed example that would fantastic
[13:51] <michael_tn> all this is on 11.10 server builds
[13:59] <lynxman> jamespage: question, in order to ensure a proper sync, I've patched the local fs, which would be the most appropriate command to push that to a patch file in debian/patches ? I normally do run debuild but I'm sure there's a better way
[13:59] <jamespage> lynxman, I'd use quilt
[14:00] <lynxman> jamespage: quilt itself? gotcha
[14:00]  * lynxman trying to do things right
[14:00] <jamespage> lynxman, quilt new <patchname>
[14:00] <jamespage> quilt add filea
[14:00] <jamespage> quilt add fileb
[14:00] <jamespage> quilt refresh
[14:00] <lynxman> jamespage: it's a big load of files, but yeah, will do :)
[14:00] <jamespage> of course that does require that you start by doing it that way :-)
[14:00] <jamespage> lynxman, is it an upstream patch?
[14:00] <lynxman> jamespage: quilt supports file deletion as well?
[14:01] <lynxman> jamespage: yes but it requires some fine tuning, won't patch cleanly as it is
[14:01] <jamespage> lynxman, hrm it does quilt add the file and then remove it - pretty ugly
[14:02] <lynxman> jamespage: it removes a couple files
[14:02] <lynxman> jamespage: apart from patching around ~20 files
[14:02] <lynxman> jamespage: that's why I was wondering if it's supported to delete a file in a patch
[14:02] <jamespage> lynxman, well it is - by removing every line in the file
[14:02] <jamespage> its brittle tho
[14:03] <lynxman> jamespage: yeah, I saw that going wrong a couple of times, this patch is a bit of a pita
[14:03] <lynxman> jamespage: upstream patch has line differences and a couple patches that require manual editing
[14:03] <jamespage> lynxman, is this still the one that reverts something thats dropped in 2.7.12?
[14:03] <lynxman> jamespage: yessir
[14:03] <lynxman> jamespage: just trying to redo the patch as it should
[14:04] <lynxman> jamespage: otherwise when I do debuild it always complains about something
[14:04] <jamespage> lynxman, you might be best to rebase the patch in github based on applying it to 2.7.11 to generate a clean patch
[14:04] <jamespage> i.e. use git todo that
[14:04] <lynxman> jamespage: been looking that way, unfortunately I didn't find a way to do it cleaner than the patch I've been provided
[14:04] <lynxman> jamespage: so I'll have to make do with that one :)
[14:05] <hallyn> stgraber: can you explain bug 956655?
[14:05] <lynxman> hallyn: still need my VM?
[14:06] <hallyn> lynxman: oh, if possible.
[14:06] <Zx432> How to restart ethernet card?
[14:06] <pabelanger> jamespage, re: bug 907152. I think 'start on runlevel [2345] or started libvirt-bin' should be good for upstart.  Since using 'and' is no recommended
[14:06] <lynxman> hallyn: of course, let me fire it up
[14:07] <jamespage> pabelanger, I don't think it avoids the race condition tho
[14:07] <pabelanger> I know
[14:07] <stgraber> hallyn: looking
[14:07] <lynxman> hallyn: done, port 65222 as usual
[14:08] <jamespage> pabelanger, I wish upstart could check to see if an event could ever be generated and use it conditionally
[14:08] <jamespage> jodh, feature for next release ^^ ?
[14:08] <jamespage> :-)
[14:08] <pabelanger> jamespage, initially I had 'start on (filesystem and net-device-up IFACE!=lo) and started libvirt-bin' but that got rejected
[14:09] <jamespage> pabelanger, yeah - I guess we're slowly deprecating (filesystem and net-device-up IFACE!=lo)
[14:09] <stgraber> hallyn: right, it's his fault ;) people shouldn't create loop between their dnsmasq servers
[14:09] <stgraber> hallyn: I've seen a few other people get into the same problem with the libvirt one ;)
[14:10] <jamespage> pabelanger, I'm not sure there is a good fix for this in upstart
[14:10] <pabelanger> jamespage, I have to admit, I still don't know why 'start on runlevel [2345] and started libvirt-bin' would not work; my upstart foo is weak
[14:11] <stgraber> hallyn: one trick might that might work is putting the LXC dns server in /etc/resolvconf/resolv.conf.d/tail instead
[14:12] <stgraber> hallyn: that would make the libc use it only if dnsmasq can't resolve
[14:19] <hallyn> stgraber: tail instead of head?
[14:19] <hallyn> lynxman: thanks
[14:22] <stgraber> hallyn: head would put you in an infinite loop again as the libc would take the first entry, use the lxc dnsmasq which will want to resolv through the external resolve and so use itself as it's the first entry in /etc/resolv.conf ;)
[14:23] <lynxman> hallyn: np :)
[14:23] <stgraber> hallyn: tail still has the potential of looping but it should be much reduced as you'll need to have the libc fallback to it, have it be a record that the lxc dnsmasq doesn't know how to resolve and have it for some reason forward it to itself
[14:26] <koolhead17> seems like i found bug with glance :( failing to upload image. need to rechack it though
[14:31] <hallyn> stgraber: should i just drop that suggestion from the server guide?
[14:32] <hallyn> it was based on a suggestion on the security team's wiki pagefor testing with qemu/libvirt
[14:35] <stgraber> hallyn: I think that'd be the safest, yes
[14:37] <hallyn> sigh
[14:38] <hallyn> too bad.  it's such a nice feature
[14:38] <hallyn> stgraber: how's the mounts stuff?  I saw tgardner applied some new kernel patches this morning...
[14:38] <hallyn> are you pushing anything today?
[14:40] <stgraber> hallyn: probably not today, I need to wait for everyone to be on the new kernel
[14:40] <stgraber> hallyn: so probably on Monday when linux-meta has been uploaded and the new kernel built on all the architectures
[14:41] <stgraber> pivot_root fails with our current kernel so we need to keep apparmor off until the new kernel lands, then deal with the bugs asking everyone to reboot to get LXC working ;)
[14:43] <hallyn> ok
[14:43] <hallyn> what did we ever decide about per-container policies
[14:44] <smoser> roaksoax, ok. so runparts late command stuff...
[14:44] <smoser>  http://paste.ubuntu.com/886406/ is the perl script that we'd run
[14:44] <hallyn> ah yes.  waiting on ffe for bug 953453
[14:45] <smoser> and http://paste.ubuntu.com/886407/ is an example of what debconf content would look likje
[14:45] <smoser> but i can't figure out how to remove the values from the database
[14:45] <smoser> or, have given up on that at the moment.
[14:49] <smoser> utlemming, ping
[14:49] <utlemming> smoser: pong
[14:50] <smoser> so, 2 things.
[14:50] <smoser> your 2 merges
[14:50] <smoser> first hte locale one
[14:50] <smoser> how safe is that?
[14:51] <smoser> i'm kind of confused on it (https://code.launchpad.net/~utlemming/cloud-init/cloud-init.lc_all/+merge/97768)
[14:51] <hallyn> smoser: for ubuntu-cloudimg-query, should i allow any streams other than 'released' or 'daily'?
[14:51] <hallyn> (the code is ..  not 100% obvious)
[14:51] <smoser> you could, but there are only those 2
[14:51] <smoser> and i really can't imagine another one.
[14:51] <smoser> sub-daily
[14:51] <smoser> :
[14:51] <utlemming> what do you mean by
[14:52] <utlemming> "safe"?
[14:52] <smoser> how likely is it to break someone who had been using these happily before. or otherwise wreak havok on an image.
[14:52] <hallyn> smoser: thanks
[14:53] <utlemming> I think it is safe, from that stand point. It will get rid of all the error messages about invalid locales
[14:53] <utlemming> if a user like, say Davey, who exports "LC_ALL=en_GB" logs in, which is invalid, they will get the default
[14:53] <stgraber> hallyn: jodh added your upstart branch for SIGPWR to the list of things to merge and upload with the next upstart release (by Thursday if all goes well)
[14:54] <utlemming> so in reality, I would argue that this enhances the user experience by disallowing the setting of invalid or unsupported locales
[14:54] <smoser> so, does that happen only if the locale is not installed ?
[14:55] <utlemming> the bug with db-common? yes. If the locale is valid (i.e. installed/generated), then db-common works fine.
[14:55] <utlemming> if not, then it errors out and refuses to install
[14:57] <smoser> i dont knwo of the bug with db-common
[14:58] <utlemming> that was the impitus...Davey discovered that db-common in precise will fail the installation dialog if the LC_* are invalid.
[15:00] <hallyn> lynxman: complete rebuild of v13 does not reproduce.  it really appears v13 was a bad build.  which is scary
[15:00] <smoser> utlemming, so the presense of hte locale file forces locale
[15:00] <hallyn> i'll try 3 more builds to see if i can randomly get a bad one
[15:00] <smoser> right?
[15:00] <lynxman> hallyn: oops
[15:00] <hallyn> but maybe it was just a bad toolchain lineup
[15:00] <lynxman> hallyn: okay! :)
[15:01] <hallyn> lynxman: is my building slowing down your laptop?
[15:03] <smoser> so as far as I can see this, the images have basically never allowed someone with a different local to actually use their other locale
[15:03] <smoser> utlemming, ^ Daviey ^ ?
[15:03] <smoser> is this true ?
[15:04] <smoser> ie, it seems to me that the content in that file (/etc/default/locale) *forces* those settings onto the user (ie, they are not then passed through ssh)
[15:05] <lynxman> hallyn: nah, it's an i7, has enough juice :)
[15:05] <smoser> utlemming, and if we put LC_ALL in there, all it does is force *that* LC_ALL also.
[15:09] <smoser> utlemming, ?
[15:09] <smoser> and then, i'm not sure that (this is probably a bug in cloud-init), but LANG != LC_ALL.
[15:15] <barbo91> hi guys, i need help, i need to censure some sites for my clients pc's... I want to configure a server to do that, and i don't know well how can i do it, new on linux tbh i'm a junior... i thinked about a DNS server with some kind of restriction... can someone help me? clients pc's are windows and have a limited user, and i want to force them to use my server
[15:19] <barbo91> i already got some services up like bind, apache and squid+guard
[15:24] <utlemming> smoser: sorry, phone call
[15:25] <utlemming> smoser: it only force the LANG LC_* variables, not things like byobu
[15:26] <smoser> well, it forces LC_ALL
[15:27] <smoser> (which in behavior forces othe rthings)
[15:28] <smoser> so cloud-init is generally broken
[15:30] <smoser> utlemming, so i'm generally very unqualified to have this conversation
[15:31] <smoser> but to me it looks like, cloud-init as a cloud-config setting 'locale', which defaults to a value 'en_US.UTF-8'
[15:31] <smoser> it then runs localegen with that (which is probably correct)
[15:31] <smoser> but then, it sets 'LANG' to that value
[15:31] <utlemming> smoser: the real issue is tha the SSH sends the LC_* values, which are then incorrect
[15:31] <smoser> i'm not sure oif that is right at all.
[15:32] <smoser> no, thats useful.
[15:32] <smoser> and if we populate templates/default-locale.tmp, we break that useful functionality
[15:32] <utlemming> it is...but the values may not be valid (or generated), which breaks the userland experience
[15:32] <smoser> so we shouldn't be doing that at all
[15:32] <utlemming> then we need to generate all the locales
[15:32] <smoser> but getting messgaes saying "you have invalid locale", to which a quick google would show you how to fix that
[15:33] <smoser> is much better than breaking for anyone who would know how to fix this situation the ability to fix it
[15:33] <smoser> ie, our /etc/default/locale file means you cannot 'locale-gen your-locale' and then start using it via ssh.
[15:34] <smoser> basically, cloud-init is insisting that all users of this system use the system locale when they ssh in.
[15:34] <utlemming> yes
[15:34] <smoser> instead of the default behavior on a non-cloud server, where it would work or they would get warned.
[15:35] <utlemming> on a non-cloud, the locale would be choosen as installation time
[15:35] <smoser> yes (it is here too)
[15:35] <smoser> and on a non-cloud, you might ssh to a system that did not have your locales installed
[15:35] <smoser> (just as here)
[15:36] <smoser> the difference is that on our cloud images, you cannot use your locale!
[15:36] <smoser> (without rm /etc/default/locale)
[15:37] <smoser> isnt that right?
[15:37] <utlemming> I spoke with one of th locale folks a while back about coming up with a dynamic way to handle the installation of locales...and the concesus is that it would take a lot of work.
[15:37] <utlemming> yes it the same situations between non-cloud and cloud, just felt more on cloud
[15:37] <smoser> actually wait.
[15:37] <smoser> this is the same as it is on my desktoip system
[15:38] <smoser> the install populated /etc/default/locale with LANG="en_US.UTF-8"
[15:38] <smoser> so we're doing what normal ubuntu server would do
[15:38] <smoser> (although that is generally sucky, i think)
[15:38] <utlemming> one could argue that if your locale is hu_HU on the client, you'll likely have hu_HU on the server, so its not a problem there
[15:38] <steakknife> After --set-selections on lucid, is there a standard way to trigger dselect without an upgrade?
[15:39] <utlemming> and if you track the problem to the roots, the reason you can't override LANG is because of /etc/pam.d/sshd uses pam_env to force the LANG anyway.
[15:39] <steakknife> utlemming: sounds like something that could be pushed out like ssh keys with puppet, but that would be work
[15:40] <smoser> utlemming, so... right now, my limited understanding of this...
[15:40] <utlemming> steakknife: perhaps, we need to solve the problem at a lower level than puppet since not all cloud users use puppet
[15:40] <smoser> in my opinion, i'd like to not touch /etc/default/locale (remove it)
[15:40] <smoser> yeahy
[15:40] <smoser> this is not right
[15:40] <smoser> because ssh allows LC_* but not LANG
[15:41] <smoser> so you set default LANG because there was none
[15:41] <smoser> that makes sense.
[15:41] <utlemming> actually, in testing, LANG is passed
[15:41] <smoser> oh wait. it does
[15:41] <smoser> yeah
[15:41] <smoser> you're reight
[15:41] <smoser> so really.. the way i think woudl be best to fix it would be to removfe that file and not touch it at all
[15:41] <smoser> which woudl suck
[15:41] <smoser> but at least then, 'locale-gen $LANG' would make you happy
[15:41] <smoser> as it is, that wont work
[15:42] <smoser> oh.
[15:42] <utlemming> oh?
[15:43] <smoser> i guess outside of dynamically installing locales... the best thing to do would be for ssh to look at the list of locales available, and muck your environment only if your settings didn't match the system you were ssh'ing to
[15:43] <lynxman> jamespage: puppet new branch ready, what was the command you told me I should run? :)
[15:43] <smoser> utlemming, so heres what i think right now:
[15:43] <jamespage> lynxman, just push it to the merge proposal branch
[15:43] <lynxman> jamespage: doing so
[15:43] <utlemming> smoser: I'll have to look at the debian bug...but that _is_ a bug upstream
[15:43] <smoser>  * ubuntu cloud images default install is basically the same as a stock ubuntu server install
[15:44] <smoser>  * adding LC_ALL to /etc/default/locale actually makes us not like stock ubuntu install, and makes it more difficult to use LC_ALL after installation of locales on the cloud image.
[15:44] <smoser> i agree that it sucks
[15:45] <smoser> and i will admit that i iprobably care less becauase i have the "proper" LC_ALL in my environment right now :)
[15:45] <smoser> do you see what i'm saying though?
[15:45] <smoser> doing this actually makes things different and worse.
[15:45] <smoser> in some way
[15:45] <utlemming> alternatively, we could force LC_ALL=C
[15:45] <smoser> right, but that would be no better.
[15:46] <smoser> its just a different default
[15:46] <smoser> that is also pre-installed
[15:46] <utlemming> except that it is no internationally compatable
[15:46] <utlemming> s,no,now
[15:47] <smoser> well, changing a default, and making it worse for some people and better for no people is not really progress.
[15:47] <smoser> :)
[15:47] <lynxman> jamespage: overwrote branch, all yours
[15:48] <smoser> utlemming, do you agree with that ? or not?
[15:48] <steakknife> Btw, see if I get the use case... is the goal to provide users with their locale, which may not be yet installed on a given box?
[15:48] <utlemming> this is a rock and hardplace, really. Fixing it in the cloud-images is the wrong place. I did mock up an /etc/profile.d script that magically detected and generated the right locale, but fixing it there is the wrong place too.
[15:50] <utlemming> steakknife: the goal is ensure that the SSH locale is generated and useable, to prevent userland problems due to invalid locale settings
[15:52] <smoser> utlemming, ok. now more quickly... i hope
[15:52] <smoser> on your other proposal
[15:52] <jamespage> lynxman, looking now
[15:52] <lynxman> jamespage: cool :)
[15:59] <Captain_Proton> I know this is not a ubuntu ? but I am running it on  a ubuntu server. I need some help with spf_record? here is my record : v=spf1 ip4:173.162.32.1 ip4:75.98.169.177 include:_spf.google.com -all
[15:59] <jamespage> bencer_, hows it going?
[15:59] <Captain_Proton> but I still get alot of spam hit on the 173.162.32.1
[15:59] <Captain_Proton> did I type it right
[16:04] <steakknife> Captain_Proton: i usually set an spf and a txt record, just to be sure.
[16:04] <Captain_Proton> is the syntax right?
[16:05] <steakknife> Captain_Proton: try http://www.kitterman.com/spf/validate.html
[16:15] <smoser> utlemming, Daviey i'd appreciate your input on my comments at https://code.launchpad.net/~utlemming/cloud-init/cloud-init.lc_all/+merge/97768
[16:24] <hallyn> lynxman: this is quite the heisenbug.  I can't reproduce it today.  I'm going to mark my bug as confirmed, and comment about all the ways i couldn't reproduce it, and email the m-l
[16:24] <hallyn> lynxman: thanks!
[16:24] <lynxman> hallyn: no problem, glad to be of help :)
[16:40] <hallyn> lynxman: let's see if any discussion gets spawned: https://www.redhat.com/archives/libvir-list/2012-March/msg00733.html
[16:41] <lynxman> hallyn: *crossing fingers*
[16:46] <Zx432> I tryed to set static ip on my server to finally make it work (connect to internet) it does not work. Anyone willing to help a noob out?
[16:48] <Captain_Proton> Zx432, did you set dns in /etc/resolv.conf
[16:50] <genii-around> And possibly gateway
[16:51] <Captain_Proton> Zx432, it should be set by your dhcp server but if not  - nano /etc/resolv.conf and type this -- nameserver 8.8.8.8
[16:51] <Captain_Proton> gateway should be set in interface.conf
[16:52] <Captain_Proton> sorry interfaces
[16:52] <genii-around> Yes, /etc/network/interfaces
[16:53] <Captain_Proton> guess he's sleeping :D
[16:54] <Zx432> Captain_Proton, yes I did.
[16:55] <Captain_Proton> c an you pastbin you interfaces?
[16:55] <Captain_Proton> hho  did you restart networking?
[16:55] <genii-around> Zx432: Did you set IP to a valid IP ( not for instance ending in .0 or .255 )
[16:55] <Zx432> Network won't restart.
[16:56] <Captain_Proton> Zx432, /etc/init.d/networking restart
[16:56] <Captain_Proton> then you have a typo somewhere
[16:56] <Zx432> Sistem plugged in router for now all ip-s should work.
[16:57] <Captain_Proton> let us see you interfaces. it is something simple I am sure
[16:57]  * genii-around prepares a new pot of coffee
[16:58] <Zx432> ? How do I do that? Restarting gives me an error.
[16:59] <Captain_Proton> cat /etc/network/interfaces than copy and paste in http://pastebin.com/ and give us the link
[16:59] <genii-around> Captain_Proton: If he can't connect, pastebin is probably not an option ;)
[16:59] <Zx432> First I need graphicall interface.
[17:00] <Zx432> And yes. No connection might be a problemm.
[17:01] <Captain_Proton> Zx432, are sitting in front of the computer that has the problem?
[17:04] <Zx432> Captain_proton: Yes. The problematic one has no connection. So I am naturaly using anotherone to talk here.
[17:05] <Captain_Proton> Zx432, ok then you type what you have in interfaces here so we can see where the problem is
[17:06] <Zx432> Ok
[17:12] <Zx432> /etc/network/interfaces
[17:12] <Zx432> #This file describes the network interfaces available on your system
[17:12] <Zx432> #and how to activate them. For more information, see interfaces(5).
[17:12] <Zx432> #The loopback network interface
[17:12] <Zx432> auto lo
[17:12] <Zx432> iface lo inet loopback
[17:13] <Captain_Proton> that all that in there
[17:16] <Zx432> #the primary network interface
[17:16] <Zx432> auto eth0
[17:16] <Zx432> iface eth0 inet static
[17:16] <Zx432> adress 192.168.1.110
[17:16] <Zx432> netmask 255.255.255.0
[17:16] <Zx432> network 192.168.1.225
[17:16] <Zx432> gateway 192.168.1.1
[17:16] <Zx432> That is all.
[17:16] <Captain_Proton> well address is missing a "d"
[17:18] <Zx432> Anything else?
[17:18] <Captain_Proton> network you do not really need but whatever
[17:18] <Zx432> Or do I fix that and try again?
[17:18] <Captain_Proton> fix the d will most likly make it work
[17:20] <Captain_Proton> Zx432, did that work
[17:21] <genii-around> I'm not sure if "network 192.168.1.225" is valid
[17:23] <Captain_Proton> your right that would be broadcast network should be 192.168.1.0
[17:24] <genii-around> broadcast should end in 255 not 225 ...
[17:24] <Captain_Proton> broadcst is 255
[17:24] <Zx432> File is read only?
[17:24] <Captain_Proton> sudo before you command
[17:25] <Captain_Proton> sudo nano/vim /etc/networking/interfaces
[17:30] <Zx432> Ok. Fixed, address and changed brodcast to 192.168.1.255
[17:30] <Zx432> Did I forget something?
[17:30] <A-KO> How does one install the isc versions of dhcp4 and dhcp6 in Ubuntu?
[17:31] <genii-around> Zx432: Did you spell it "brodcast" or "broadcast" ?
[17:31] <genii-around> ( eg: avoid another typo ! )
[17:31] <Zx432> brodcast
[17:32] <genii-around> Zx432: It should be "broadcast"
[17:32] <genii-around> Zx432: ( in the file )
[17:33] <Zx432> Sorry english is not my native language.:)
[17:33] <Zx432> Ok now restart?
[17:34] <Zx432> Sudo /etc/init.d/networking restart?
[17:35] <Captain_Proton> no capital S just sudo
[17:37] <Zx432> Yes sorry. My phone did that automatic. Looks good now i ping something?
[17:38] <Captain_Proton> sweet
[17:38] <Captain_Proton> sudo apt-get update see if that works
[17:42] <Zx432> No
[17:42] <Zx432> I must have done something wrong.
[17:43] <Captain_Proton> can you ping ggole.com
[17:43] <Captain_Proton> google.com
[17:43] <Zx432> Yes?!@:-D
[17:43] <Zx432> I can ping!
[17:43] <Captain_Proton> :)
[17:44] <Zx432> Now, why doesn't the update work?
[17:45] <Captain_Proton> what error did you get?
[17:45] <Zx432> Sec. How to stop pinging? Isn't it ctrl+c?
[17:46] <Captain_Proton> yup
[17:46]  * Captain_Proton be right back
[17:46] <Zx432> It won't stop.
[17:48] <Zx432> There are pages of the same error. Eth0: mismatched ead page pointers 4c vs fa.
[17:48] <Zx432> Well it stopped now.
[17:48] <stgraber> hallyn: do we have a bug report for clean shutdown of LXC containers?
[17:49] <stgraber> (I just merged your branch in upstart and will upload in a few minutes)
[17:54] <Captain_Proton> can you reboot it?
[17:55] <Zx432> Whole system?
[17:56] <Captain_Proton> yes
[17:57] <Zx432> Ok.
[18:00] <Zx432> It is alive!
[18:00] <Captain_Proton> :D
[18:02] <Captain_Proton> Zx432, all better now
[18:02] <Zx432> sudo apt-get update it clearly gets the updates but does it install them? It finished so fast.
[18:02] <Zx432> Almost no download.
[18:02] <Captain_Proton> nope then you do apt-get upgrade to update the system
[18:03] <Captain_Proton> update downloads the new package list
[18:03] <Zx432> Ah. Should i do that?
[18:03] <Captain_Proton> yes
[18:03] <Pici> dist-upgrade will pull in all the upgrades.
[18:03] <Pici> !dist-upgrade
[18:06] <Zx432> There seems to be a lot of upgrade/update commands...
[18:27] <patdk-wk> Zx432, it's easy
[18:27] <patdk-wk> update = get current list of what is available
[18:27] <patdk-wk> upgrade = update anything that is currently installed
[18:27] <patdk-wk> dist-upgrade = update anything that is installed, that requires new stuff to also be installed
[18:28] <patdk-wk> kernel upgrades are going almost always be dist-upgrade
[18:32] <ninjix> any orchestra + juju users in channel?
[18:36] <SpamapS> ninjix: you're more likely to find juju folks in #juju
[18:39] <ninjix> SpamapS: tnx
[19:25] <adam_g> dv310p3r: ping
[19:37] <dv310p3r> adam_g, ping
[19:38] <adam_g> dv310p3r: oh jeez, sorry, pinged the wrong person!
[19:39] <dv310p3r> adam_g, lol, figured so.
[19:40] <koolhead17|away> :)
[19:49] <cr3> is there a way to set the group of an existing ec2 instance?
[20:07] <hallyn> stgraber: woohoo, just saw the power-chagned upstart uploaded :)  now i need to consider how best to use it.  copy the way debian does it through alternatives?
[20:09] <stgraber> hallyn: not sure what Debian does exactly, but I guess we should send SIGPWR to all containers, then enter a loop where every second we check if they're all dead. After let's say 45s, give up and kill them all
[20:09] <stgraber> I'm guessing Debian must be doing something similar
[20:11] <smoser> cr3 set the group ?
[20:13] <smoser> adam_g, is there a bug associated with the postsint change at https://code.launchpad.net/~openstack-ubuntu-testing/glance/precise-essex-proposed/+merge/97966
[20:15] <adam_g> smoser: yeah, thats the change that was applied to the ubuntu branch and cherrypicked into that one
[20:15] <adam_g> smoser: i left the changelog entry out because its already present in the ubuntu branch, tho ill add it if it should be there
[20:15] <smoser> ah. ok.
[20:21] <adam_g> smoser: https://code.launchpad.net/~openstack-ubuntu-testing/horizon/precise-essex-proposed/+merge/97979  theres the final one. im going to hold off on melange, its building locally fine but failing in the CI
[20:22] <smoser> adam_g, ok.
[20:22] <smoser> so with the glance, what would be best i think is if you would have grabbed the precise change and change log entry
[20:22] <smoser> and committed that
[20:22] <smoser> andt hen added yours
[20:22] <smoser> but i'll just insert the precise.dist one
[20:26] <adam_g> smoser: ahh.. so we're good on that or you want me to update?
[20:26] <smoser> i've got it.
[20:26] <smoser> we just dont want to delete the changelog entry
[20:29] <smoser> adam_g, python-quantumclient seemds to be missing some stuff also
[20:30] <adam_g> smoser: what kinda stuf
[20:31] <smoser> looking more
[20:33] <smoser> http://paste.ubuntu.com/886876/
[20:33] <smoser> adam_g, ^
[20:33] <smoser> thats diff of precise source (lp:ubuntu/precise/python-quantumclient) to lp:~ubuntu-server-dev/quantum/python-quantumclient/
[20:34] <adam_g> yeha
[20:34] <adam_g> it looks like the ubuntu-server-dev is not in sync
[20:34] <adam_g> smoser: we should create a lp:~ubuntu-server-dev/python-quantumclient/essex like all the others, not sure why that one differs
[20:35] <smoser> right.
[20:35] <adam_g> smoser: can you push a clone of lp:ubuntu/precise/python-quantumclient  there, ill create a -proposed and resolve the diff
[20:35] <smoser> well, this is hwere i gets hairy
[20:36] <smoser> the lp:ubuntu/precise/python-quantumclient are full branches
[20:36] <smoser> but the ones on ubuntu-server-dev are packaging only
[20:36] <smoser> i'll try to sort it out and get something to ubuntu-server-dev.
[20:39] <adam_g> smoser: oh i see, so that package isn't setup for this kinda workflow yet?
[20:39] <smoser> i guess not. do you know who initially did that ?
[20:41] <smoser> bah, adam_g last pastebinit was garbage
[20:41] <smoser> http://paste.ubuntu.com/886884/
[20:41] <smoser> is better.
[20:41] <smoser> but i'll resolve
[20:43] <adam_g> thanks
[20:47] <cr3> smoser: I can start an instance with a security group but what if I want to chnage that group for an existing instance later?
[20:47] <smoser> hm... maybe you can take a hike
[20:48] <smoser> http://serverfault.com/questions/237557/how-to-change-an-ec2-instances-security-group
[20:48] <smoser> yeah, looks like you can take a hike, cr3
[20:51] <cr3> smoser: I suspect there's a play on words there but it's totally lost on me; I blame it on my 300-word vocabulary
[20:51] <smoser> go jump in a lake?
[20:52] <smoser> hm...
[20:53] <smoser> cr3, i think this is correct:
[20:53] <smoser> Security Groups are being assigned to an instance at creating it. Once the instance is running, you cannot assign more groups nor can you remove groups from a running instance. You can only change individual rules in security groups.
[20:53] <smoser> http://blog.taggesell.de/index.php?/archives/68-Managing-Amazon-EC2-Networking-In-The-Cloud.html
[20:55] <smoser> adam_g, it looks like zul must have synced from debian on that.
[20:56] <adam_g> smoser: hmph, okay
[21:00] <smoser> adam_g, woudl you be opposed to waiting for chuck on this ?
[21:00] <adam_g> smoser: not at all
[21:00] <smoser> it seem smostly resolvable.
[21:00] <smoser> but the the debian/copyright has changes..
[21:01] <adam_g> smoser: yeah, quantum has been largely chucks deal anyway. first time touching those packages for me
[21:01] <smoser> well, i'm gonna leave that one.
[21:02] <smoser> ok.
[21:02] <smoser> i have
[21:02] <smoser> glance  keystone  nova  python-keystoneclient  python-novaclient
[21:02] <smoser> done
[21:02] <smoser> what else was there?
[21:02]  * med_ perks up his ears on the quantum stuff and reads scrollback.
[21:03] <adam_g> smoser: horizon
[21:04] <smoser> k. i'll get horizon and swift too.
[21:05] <adam_g> yeah, swift... just merge james' proposal, im not going to do a new upstream release till we know whast going there
[21:12] <adam_g> smoser: are we good on the rest? i need to run an errand downtown and probably wont be back till youre EOD
[21:12] <smoser> i have swift and horizon i should be abel to get.
[21:41] <Daviey> smoser: last quatum upload introduced a new binary package, which contained a moved bin from another package.  It didn't have appropriate Breaks.. so it was rejected.
[23:14] <KM0201> whats the command to move a folder (with data) to another location?   mv /path/to/folder /path/to/destination   keep stelling me "the directory is not empty" so i'm assuming i'm missing a switch
[23:36] <stgraber> hallyn: can you push your latest lxc upload to the udd branch?
[23:59] <stgraber> hallyn: did it the old school way :)