/srv/irclogs.ubuntu.com/2012/03/22/#ubuntu-server.txt

adam_g	hallyn: http://paste.ubuntu.com/894479	00:10
adam_g	hallyn: any ideas?	00:10
adam_g	Daviey: http://paste.ubuntu.com/894473/ that testing override look reasonable?	00:16
hallyn	adam_g: no, that shouldn't be happening...	00:22
hallyn	Daviey: bug 891232	00:22
uvirtbot	Launchpad bug 891232 in numactl "[MIR] numactl" [Undecided,Fix released] https://launchpad.net/bugs/891232	00:22
hallyn	adam_g: is your system uptodate? i'll try a fresh instance...	00:23
hallyn	adam_g: unless you have other files under /etc/apparmor.d/lxc that you created...	00:23
adam_g	hallyn: strange, this happened on one of the CI nodes, the same version installed fine across all of the other nodes, though.	00:24
hallyn	adam_g: disconcerting	00:24
hallyn	are they all using hte same mirror?	00:24
adam_g	i know juju is the one installing lxc, wonder if its doing anything strange	00:24
Daviey	hallyn: ok, thanks.. i bumped the status back, which makes it show on the tracking page	00:25
Daviey	adam_g: looks good, not tested it.. It's a shame there isn't a helper in the upstream src	00:26
hallyn	adam_g: is that instance still up?	00:26
hallyn	adam_g: if so, can you pastebin /etc/apparmor.d/lxc-container and /etc/apparmor.d/* ?	00:27
adam_g	hallyn: sure one sec	00:28
adam_g	Daviey: cool. seems to work just fine with jenkins builds	00:29
hallyn	i've gotta run out actually, backin awhile	00:29
Daviey	hallyn: o/	00:31
adam_g	hallyn: gonna tear down and redeploy, see if its a fluke. here is /etc/apparmor.d/ for you if interested, http://people.canonical.com/~agandelman/apparmor.tar	00:35
hallyn	adam_g: thx	01:00
hallyn	adam_g: really if it happens again, probably best to file a bug against lxc and mark it as also affecting apparmor (bc the files look fine, so it sounds like a transient error in the apparmor_parser)	01:02
adam_g	hallyn: ill keep an eye out for it, so far so good	01:03
stgraber	hallyn: http://people.canonical.com/~ubuntu-archive/livefs-build-logs/precise/edubuntu-dvd/20120322/livecd-20120322-i386.out	01:06
stgraber	hallyn: Edubuntu DVD build failed because of the new lxc's postinst	01:06
stgraber	hallyn: http://paste.ubuntu.com/894524/ is the important part	01:07
hallyn	stgraber: so apparmor is installed but not active? why couldn't it find the fs?	01:09
hallyn	maybe i'm supposed to use /lib/init/apparmor-profile-load	01:09
hallyn	jdstrand: in a postinst, should i be using /lib/init/apparmor-profile-load in place of apparmor_parser?	01:10
hallyn	jjohansen: ^	01:10
stgraber	hallyn: well, that's in a live-build environment so a chroot in a chroot on an older kernel :)	01:11
stgraber	hallyn: apparmor is indeed insalled in that chroot but certainly doesn't match the version in the kernel (probably 2.6.24) and no services are running as it's a chroot using policy-rc.d to prevent anything from starting	01:12
stgraber	so not your everyday use case except it's what we have on the CD builders and so it needs fixing before we can get dailies again :)	01:12
hallyn	stgraber: using apparmor-profile-load would check for the fs, but not kernel compatibility. so not sure that'd be 100% fix	01:13
hallyn	will push a fix as soon as i get guidance :)	01:13
hallyn	stgraber: open a bug?	01:14
hallyn	note i won't be in tomorrow	01:14
hallyn	ah	01:15
hallyn	maybe i can check /sys/kernel/security/apparmor/features/mount/	01:15
hallyn	stgraber: is it possible for you to walk into such a chroot and see if /sys/kernel/security/apparmor/features/mount/ exists ?	01:15
stgraber	hallyn: no, these builds run on a livefs builder in the DC and are flushed immediately when they fail	01:16
hallyn	stgraber: will they try to build+run a container?	01:16
stgraber	hallyn: I'll have a quick look through the log to see if I can find some information on /sys/kernel/security/apparmor/features/mount/	01:17
stgraber	hallyn: my guess is that nothing in /proc or /sys is mounted	01:18
hallyn	stgraber: ok i'll do the checks by hand. i also will update lxc-start bc i suspect it'll break you as well.	01:19
stgraber	hallyn: hmm, actually based on the logs /proc and /sys are mounted, no mention of securityfs though, so probably not mounted (unless some packages do it)	01:19
hallyn	stgraber: http://paste.ubuntu.com/894544/ is for the postinst part	01:31
hallyn	I'm going to add a patch to start.c before pushing	01:31
hallyn	stgraber: opinion q	01:32
hallyn	stgraber: if a transition to container polciy fails, should we just ignore it?	01:33
uvirtbot	New bug: #961824 in lxc (universe) "Edubuntu DVD livefs builds failed because of lxc failing to install" [Undecided,New] https://launchpad.net/bugs/961824	01:33
hallyn	ah	01:33
stgraber	hallyn: the problem isn't "on livecd" it's "on the livecd builder"	01:36
stgraber	hallyn: I think running lxc on the livecd will probably work fine	01:36
hallyn	stgraber: the reason i'm worried is that it looks as though apparmor policies don'et get loaded on livecd	01:37
hallyn	(look at /lib/init/apparmor-profile-load)	01:37
hallyn	soi want to quickly check, before we start loading the container, if apparmor module is loaded and we're in lxc-start profile, and skip the transition if not	01:38
stgraber	hallyn: ah, indeed, I guess no apparmor in the live environment was to make things faster	01:38
hallyn	well ok maybe i should push this fix, so you can get it built, and then we can fix lxc-on-livecd next (and try to do it properly)	01:39
stgraber	hallyn: running /lib/init/apparmor-profile-load would make sense as we'd avoid some code duplication in the process, unless it's bad to do that for some reason	01:39
hallyn	it still doesn't check for mount support, so it's not really enough	01:39
hallyn	inf act i guess the upstart job should be fixed to check for that too	01:40
hallyn	oh, but we can't	01:41
hallyn	can't be sure securityfs is mounted	01:41
hallyn	stgraber: heh i was being dense. so yes switching to that, as per http://paste.ubuntu.com/894559/	01:45
stgraber	hallyn: looks good	01:47
jjohansen	hallyn: hrmm I honestly don't know, I will have to defer to jdstrand, I still haven't dug into the debian packaging end of things. Its one of those perpetual I look at it this cycle ... things	01:53
hallyn	jjohansen: I'm feeling pretty good about the patch i'm whipping up :)	01:54
hallyn	jjohansen: will you be around in a few mins to proofread?	01:54
jjohansen	hallyn, stgraber: apparmor was pulled from the livecd environment ages ago because of unionfs issues actutally, and it was never reinstated because it wasn't considered to be important there	01:55
jjohansen	hallyn: yeah I'll be around, I just got back from dinner	01:55
hallyn	jjohansen: that's funny, bc i thought it was a regression when overlayfs didn't work with it. But now I see why it was never found :) good good	01:55
jjohansen	hallyn: actually it is a regression, it works with aufs, and unionfs. I know why its not working with overlayfs but get a proper fix (not attach_disconnected) just isn't going to happen this cycle.	01:57
=== Ursinha is now known as Ursinha-away
jjohansen	the unionfs bug is back when I was at Novell and Ubuntu tried switching to unionfs 2.1 instead of 1.4, it was buggy and crashed and they endup pull AA to try fixing it and then reverting to unionfs 1.4 in the end but not restoring AA	01:58
hallyn	jjohansen: oh noes. what the heck do the contents of /sys/modules/apparmor/enabled mean?	01:58
hallyn	why is it 10 instead of 1	01:59
jjohansen	hallyn: 10? It should be Y	02:00
hallyn	hmm, when i read it as %c it's 'm'	02:00
hallyn	gah	02:00
hallyn	sorry. my bad	02:01
hallyn	runlevel 2 is entered AFTER rc-sysinit right?	02:04
hallyn	jjohansen: http://paste.ubuntu.com/894576/ is what I'm looking at...	02:10
hallyn	jjohansen: pls critique :)	02:10
twb	SYSF sounds like its missing an -S	02:11
hallyn	oh is that why it looked funny :)	02:12
twb	Why are you binding it to a variable if you only evaluate the variable once?	02:12
hallyn	<shrug> to keep the condition easy to read?	02:12
hallyn	and under 80 cols	02:12
hallyn	over-conditioned	02:12
twb	I have a coworker who does things like	02:13
twb	PATH_TO_ETC_EXPORTS=/etc/exports	02:13
hallyn	:)	02:14
twb	FWIW, type is not SUS portable, nor is which. But Debian is (AFAIK) guaranteed to have both. I would generally use which on Debian because that seems to be the convention.	02:14
hallyn	i suppose if it's going to be dereference tons of times...	02:14
twb	(I'm assuming the postinst is #!/bin/sh and not #!/bin/bash	02:14
hallyn	twb: oh, i always used which in the past,	02:15
twb	It's merely a style issue	02:15
hallyn	then saw type, and thought "huh, must be som ereason they're using that"	02:15
twb	If the existing code is already using type you might as well keep to that convention	02:16
twb	Typo: 94 ++ INFO("apparmor not emabled");	02:17
hallyn	d'oh, landed my var decl inside a long #else	02:17
hallyn	thanks	02:17
twb	Does this affect both lxc-start and lxc-exec? And if so, does it DTRT for both cases?	02:17
twb	(I'm looking at the patch part but it's beyond my expertise.)	02:18
hallyn	twb: they both use lxc_start() from start.c. so it should, and seems to be here	02:21
jjohansen	hallyn: twb has caught more things than I did	02:26
hallyn	twb: ah, but, it doesn't	02:26
hallyn	the lxc-init wants to mount /proc and /sys. it's not allowed to	02:26
jjohansen	hallyn: there is an aa_is_enabled fn if you want, but your rolling your own is fine	02:27
twb	I WIN	02:27
hallyn	jjohansen: d'oh! i looked for a manpage but couldn't find anything like that	02:28
twb	paranoia strikes again	02:28
hallyn	guess i only tried aa_enabled	02:28
hallyn	jjohansen: i trust aa_is_enabled would be more robust?	02:28
jjohansen	hallyn: hrmm, sorry they really should be bread crumbs between the different man pages but that one seems to be missing	02:28
hallyn	right i looked for 'see also' in the others :)	02:29
jjohansen	hallyn: heh, it does much the same thing but includes a search of mount points in case things get mounted else where	02:29
hallyn	how often do they get mounted elsewhere?	02:30
hallyn	my inclination is, if they're mounted elsewhere, we want to disable aa for containers... but not sure	02:30
jjohansen	but I think most of the scripts would break if things weren't mounted at /sys	02:30
jjohansen	hallyn: call it a hold over from by gone times before securityfs	02:30
jjohansen	hallyn: like I said rolling your own is fine	02:31
jjohansen	I really don't see a need to change it	02:31
jjohansen	hallyn: I guess it does let you detect a little more about how/why apparmor is disabled	02:32
jjohansen	eg. available but disabled at boot	02:32
hallyn	stgraber: I really think we'll want to allow containers to mount proc ->/proc and sys -> /sys just to reduce # of complaints	02:32
stgraber	hallyn: yeah, I didn't do it because it worked without it	02:33
stgraber	hallyn: but it's safe to allow so no problem with that	02:33
hallyn	stgraber: the only reason i'm hesitating is they'll just want to mount devpts next (and that they cant)	02:34
stgraber	hallyn: you could add a generic "deny mount fstype=devpts," with a comment explaining why we never want it	02:35
hallyn	all right i'm adding it	02:35
hallyn	good idea (long as it doesn't confuse apparmor)	02:35
stgraber	it'll silence anything trying to do it and if they look at the profile they'll see why	02:35
jjohansen	stgraber, hallyn: so I working through the fixes for change_onexec, and the deny mount bug. They should be in tomorrows up load	02:35
uvirtbot	New bug: #961839 in postfix (main) "FFe - Sync latest postfix release (2.9) from Debian" [Wishlist,Triaged] https://launchpad.net/bugs/961839	02:36
stgraber	jjohansen: great, thanks!	02:36
jjohansen	hallyn: as well as the getcon fixes I have	02:36
jjohansen	stgraber: there is a small syntactic change to the mount rules	02:37
stgraber	jjohansen: ah?	02:37
jjohansen	the options bit is picking up another keyword	02:37
hallyn	wait - what is the deny mount bug?	02:37
hallyn	will i hit it if i'm adding 'deny mount fstype=devpts" ?	02:38
stgraber	hallyn: "deny mount..." won't match with the current apparmor	02:38
jjohansen	hallyn: it doesn't always result in the correct denial at the moment, depending on the options being set	02:38
hallyn	will it deny a different mount potentially, or just not deny it?	02:38
hallyn	the latter's ok, the former is bad :)	02:38
stgraber	not that I could see	02:38
jjohansen	hallyn: no that should not cause a problem	02:39
hallyn	cool	02:39
hallyn	ok, testing http://people.canonical.com/~serge/debdiff	02:39
jjohansen	stgraber: so you can do option=(X, Y) that means this rule requires those options be set to match	02:39
jjohansen	and you can do	02:39
jjohansen	options in (X, Y)	02:40
jjohansen	meaning any of the options can be set	02:40
hallyn	i dn't envy the person who's going to document that :)	02:40
jjohansen	heh, no. Its ugly, we kicked around a lot of different ways to express it, and decided that with the current time frame ...	02:41
stgraber	jjohansen: oh, that's nice, the "options in (a, b)" will definitely be useful for stuff like devpts	02:42
jjohansen	stgraber: yeah, it has its uses	02:43
jjohansen	especially around writing deny mount options in (X, Y, Z)	02:43
jjohansen	hallyn, stgraber: we will be looking at revising the syntax for the next release, so any improvements you can think of are more than welcome	02:44
hallyn	pls keep me posted if it's going to require lxc chagnes to keep up :)	02:44
hallyn	d'oh. stgraber: another thing occurred to me- would be good to get apport info into lxc	02:45
jjohansen	hallyn: we plan to keep it backwards compatible, so changes should not be required but if you have something you would like I would like to hear about it	02:45
jjohansen	the current syntax is an uncomfortable compromise	02:46
hallyn	will think about it, thanks	02:50
hallyn	(long drive tomororw, time to think :)	02:50
hallyn	ok i think i'm pushing	02:50
stgraber	debdiff looked good, didn't look the C change too closely though but I'm sure you tested it so it probably won't be any worse at least ;)	02:51
hallyn	and that should be my last upload before this freeze :)	02:52
hallyn	now i can go back to fretting over how brittle libvirt and qemu feel	02:53
stgraber	I'll do some LXC tests tomorrow now that the installer sprint is over, if I find something broken I'll fix it	02:54
hallyn	great, thanks	02:55
hallyn	hm, so server guide string freeze is tomorrow	02:55
hallyn	so i have tonight to get in an update to the lxc section about apparmor	02:55
stgraber	lxc is only affected by beta2 freeze because it's part of Edubuntu but as I'm the product manager for Edubuntu I should be able to get something trough even post-freeze time if needed (as long as I have time to test the new images)	02:56
stgraber	I believe someone asked for a later freeze time of the server guide, hold on a sec I'll dig a link	02:56
hallyn	that'd be great	02:56
hallyn	(i suppose we can always just put that documentation on the wiki and integrate into server guide later)	02:57
stgraber	hallyn: https://lists.ubuntu.com/archives/ubuntu-release/2012-March/000991.html	02:57
hallyn	for middle-of-the-night driving, it helps staying awake to think through a paper or docs to write	02:57
hallyn	cool, thanks. that also gives me time to review the libvirt part	02:58
hallyn	good night, see you all friday	03:15
=== nonotza_ is now known as nonotza
=== himcesjf1 is now known as himcesjf
uvirtbot	New bug: #961115 in update-inetd (main) "update-inetd failed due missing File/Temp.pm during samba upgrade" [Undecided,New] https://launchpad.net/bugs/961115	07:21
smb	smoser, No, smb usually has no ideas after sensible working hours and even more on Wednesdays. ;)	07:55
koolhead11	hi all	08:20
=== himcesjf1 is now known as himcesjf
Znow	Ive followed the guide on ubuntu, for setting up Samba fileshare - so I can map a drive on my windows machine to the ubuntu virtual machine. I can ping the ubuntu machine, but cant map the drive, it says network error. does the ubuntu virtual machine need a static ip address for this?	08:57
uksysadmin	hey guys	08:59
uksysadmin	great work on openstack btw - I've got Ubuntu 12.04 running Essex: Nova, Glance, Keystone, Horizon and Swift	08:59
uksysadmin	wanted to make sure that your efforts are not going unnoticed	08:59
koolhead11	uksysadmin: :D	09:03
ejv	openstack?	09:15
ejv	interesting	09:16
koolhead11	ejv: i was execting "O WAO" reaction TBH :)	09:18
koolhead11	*expecting	09:18
Znow	my top bar with menues wont show on 11.10???	09:23
Znow	how can I get it to show?	09:23
* koolhead11 points Znow to #ubuntu		09:24
thevinci	how do i install third party drivers from the command line in ubuntu server?	09:29
thevinci	I need my broadcom wireless driver to work	09:29
jamespage	morning all	09:36
ejv	sorry i haven't drank the cloud koolaid just yet koolhead11 ;)	09:39
koolhead11	ejv: :P	09:39
blizzkid	Hi all. might not be the most appropriate chan to ask in, but has the UCP programme been cancelled? I still find some info about it, but seems outdated...	09:49
jamespage	bencer_, binary packages just got accepted - should appear in the archive in the next couple of hours	09:53
rbasak	thevinci: the jockey-common package will give you a jockey-text command which I think is the equivalent of the GUI tool for proprietary drivers on the desktop, but I've never used it (I avoid that kind of hardware). That might be a starting point. Or you could do whatever jockey does manually - perhaps there's a package in the archive for your hardware?	09:57
lynxman	morning o/	09:59
jamespage	jodh, whats the recommended way to disable an upstart configuration these days?	10:01
jodh	jamespage: http://upstart.ubuntu.com/cookbook/#disabling-a-job-from-automatically-starting	10:02
jodh	jamespage: specifically, http://upstart.ubuntu.com/cookbook/#override-files	10:02
jamespage	jodh, was just reading that - thanks for the confirmation	10:02
=== fenris is now known as Guest95871
uvirtbot	New bug: #962001 in autofs5 (main) "Nfs mount hangs while automounting home" [Undecided,New] https://launchpad.net/bugs/962001	10:14
jamespage	jodh, are you around for a question about wait-for-state?	10:26
jodh	jamespage: that's one of SpamapSs, but you can try :)	10:27
jamespage	jodh, OK - just let me frame my question	10:31
jamespage	jodh, actually I think I just answered by own question - I;m looking at a bug in the autofs startup	10:35
jodh	jamespage: ok. I've raised bug 962047 as wait-for-state needs to be documented both in a man page and the cookbook IMHO.	10:38
uvirtbot	Launchpad bug 962047 in upstart "document wait-for-state" [Undecided,New] https://launchpad.net/bugs/962047	10:38
jamespage	jodh, I think by default wait-for-state waits for the 'started' event - which stops autofs restart if ypbind is installed and already running	10:38
jamespage	I think that if I target WAIT_STATE=running that should do the trick	10:39
freaky_	hi, i'm upgrading 8.04 lts to 10.04 lts (do-release-upgrade). It's near the end I think, it just restarted PowerDNS and now nothing is happening... haven't seen output in 10 mins or something any ideas?	10:39
uksysadmin	hello all	11:06
uksysadmin	I've just been in a meeting with some of our folks over RabbitMQ HA options... what is the best resource, person to have a chat to pick the brains on what we want to achieve?	11:07
* koolhead11 points uksysadmin to lynxman :P		11:07
* lynxman feels pointed at		11:08
* uksysadmin will get one of our guys to ping lynxman if he doesn't mind...		11:08
lynxman	uksysadmin: it's fine :)	11:09
uksysadmin	lynxman: best coming from them on what they want to set up, what they have setup and what challenges they came up against.	11:09
uksysadmin	they're not on irc atm, but I'll send them you're way when they are.	11:09
koolhead11	uksysadmin: BTW lynxman is in UK too.	11:10
* koolhead11 hides		11:10
uksysadmin	lol	11:11
uksysadmin	helps with timezones :)	11:11
lynxman	uksysadmin: it does ;)	11:12
* koolhead11 needs extra beer from lynxman when he meets 4 that		11:13
aljosa	anybody knows if there is a deb package for java 1.5 sdk available somewhere that can be used on ubuntu 12.04?	11:19
freaky_	is there any way to prevent apparmor from returning? Just ran a apt-get dist-upgrade and in reinstalled (and started) apparmor	11:20
freaky_	apparmor screws plesk over badly unfortunately	11:20
=== jtv is now known as mup
=== mup is now known as jtv
thevinci	I HATE BROADCOM DRIVERS!	12:08
thevinci	Can anyone help me figure out hoe to get my ubuntu server laptop connected to the wireless internet?	12:08
ikonia	thevinci: checkout the desktop guide, the process is the same	12:09
thevinci	from command line?	12:09
thevinci	I installed b43-fwcutter from the desktop cd	12:10
thevinci	but it's saying i need other firmware drivers that i can't find anywhere...	12:10
=== Ursinha-away is now known as Ursinha
Daviey	uksysadmin: Glad to hear things are working out for you :)	12:18
Daviey	uksysadmin: I think some of the frustrations you have been feeling has been lack of doc's, meaning that often the wrong this has been done by the end user.	12:18
Daviey	Hopefully, by release - this will be easier.	12:18
ednolivers	hey all. does anyone know the recommended approach to upgrading apache in 10.04 LTS? i thought there'd be a backport but i can't find one	12:18
uksysadmin	Daviey: I think so too	12:19
uksysadmin	keystone -> redux didn't help	12:19
Daviey	uksysadmin: no.. that was more painful than we hoped.	12:21
Daviey	uksysadmin: It's so easy to go down ratholes with this :/	12:21
uksysadmin	Daviey: indeed!	12:21
uksysadmin	BUT - the upshot - OpenStack is alive and kicking on 12.04 - that's some achievement.	12:22
Daviey	uksysadmin: Great job!	12:22
Daviey	uksysadmin: What is your install method?	12:22
uksysadmin	closing eyes and praying	12:23
uksysadmin	;-)	12:23
uksysadmin	at the mo - scripted apt-get installation	12:24
uksysadmin	hoping to get some Canonical love though for when we do this for real though	12:24
Daviey	uksysadmin: sounds great :)	12:24
Daviey	uksysadmin: Have you documented your workflow?	12:25
uksysadmin	if I was a developer, I'd say yes ;-) ... its work in progress	12:26
* uksysadmin goes to get free pizza		12:26
Daviey	uksysadmin: Can i have free pizza?	12:27
zul	Daviey: i saw the keystone ftbfs this morning once of the requirements is to have a working MIR however in order to test the keystone that failed you need to have swift installed and there is a fix for it proposed but it uses a git checkout to get swift	12:28
Daviey	zul: linky?	12:28
Daviey	to the MP	12:29
zul	just a sec	12:29
zul	https://review.openstack.org/#change,5595	12:29
smoser	kirkland, around ?	12:57
smoser	lynxman, ?	12:58
=== smb` is now known as smb
uvirtbot	New bug: #962150 in openvswitch (universe) "openvswitch-datapath-dkms neads linux-headers" [Undecided,New] https://launchpad.net/bugs/962150	13:01
smoser	lynxman, well, when you see this..	13:02
smoser	http://bazaar.launchpad.net/~orchestra/orchestra/trunk/revision/61	13:02
smoser	that seems like you added the rsyslog stuff.	13:02
smoser	and i'm trying to move it to maas	13:02
=== bladernr_afk is now known as bladernr_
zul	Daviey: so you dont like the polling?	13:16
Daviey	zul: if poll doesn't scale to the regularity of the baud of the serial console being reasonabnle to fill up the disk :)	13:19
Daviey	OTP btw	13:19
zul	Daviey: k so daemon then?	13:19
Daviey	smoser: http://bazaar.launchpad.net/~orchestra/orchestra/trunk/revision/61/monitoring-server/etc/rsyslog.d/99-orchestra.conf <-- dump to disk	13:20
smoser	Daviey, yes, i just had some questoins about that.	13:20
smoser	i'm thinking i'm not going to bother with gnutls at the moment.	13:20
smoser	its boot logging only	13:20
Daviey	smoser: agreed	13:20
smoser	so, mark this place in your irc history	13:20
smoser	so you can come back and blame me	13:20
smoser	:)	13:20
Daviey	:D	13:20
smoser	the thing htat sucks here.	13:21
smoser	i think we're baically going to open up a udb listening rsyslog server	13:21
smoser	udp	13:21
smoser	that will log whatever traffic anyone wants	13:21
smoser	and fill /var/log appropriately	13:22
Daviey	smoser: notice the paths?	13:23
Daviey	different files for each node	13:23
smoser	so?	13:23
smoser	different files for each attacker?	13:24
smoser	well thats convieneint	13:24
Daviey	smoser: make sure it's not dependant on hostname.. as it can chane easily.	13:24
Daviey	change*	13:24
Daviey	smoser: just pointing it out	13:24
smoser	not dependant on hostname ?	13:24
smoser	why?	13:24
smoser	its useful	13:24
smoser	i was just putting everything into	13:24
smoser	/var/log/maas/rsyslog/OSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/messages	13:24
smoser	(no need to separate, i dont think)	13:25
smoser	so this is what i've got right now	13:27
smoser	http://paste.ubuntu.com/895081/	13:27
Daviey	smoser: HOSTNAME isn't stable	13:28
zul	i dont like the hostname/$year/$month/$day/meesages	13:28
Daviey	there needs to be another metric	13:28
smoser	why?	13:28
Daviey	smoser: it can change too easily..	13:28
smoser	so?	13:28
smoser	are you trying to be safe against an attack ?	13:28
Daviey	smoser: i'd rather it used the UUID :)	13:29
Daviey	smoser: no, just consistent logging locations for each node	13:29
Daviey	sorry for being sparse, OTP	13:29
smoser	http://www.rsyslog.com/doc/property_replacer.html	13:30
smoser	thats what we can use	13:30
smoser	without modifying the syslog support in the installer to read a kernel parameter that is passed (UUID)	13:30
smoser	maybe fromhost-ip ?	13:31
Daviey	smoser: UUID is certainly more interesting.. but right.. do what you think is best :)	13:34
smoser	uuid is also a helluva lot more difficult to find	13:34
smoser	oh look, host 972035b7-f428-4127-8f0c-582d948c6a79 logged a message	13:35
smoser	let me go to that host	13:35
lynxman	smoser: around!	13:37
smoser	well, see my pastebin above.	13:37
smoser	do you think that is a sane rsyslog config ?	13:38
lynxman	smoser: yeah, rsyslog according to the MaaS design (let me know if somehting has changed) should only be installer logs	13:38
lynxman	Daviey: we're still set on that right?	13:38
Daviey	yes please, for now.	13:38
smoser	lynxman, that is correct.	13:38
lynxman	smoser: it looks like a sane rsyslog conf	13:39
lynxman	smoser: although messages will filter, you still need something else	13:39
smoser	k.	13:39
smoser	curious	13:39
lynxman	smoser: looks around	13:39
smoser	why are there 2 ?	13:39
smoser	why did orchesta logging server have 2 configs	13:40
Daviey	install time, and long term.	13:40
Daviey	?	13:40
lynxman	smoser: it has one per client and one to the server, we didn't fully cover install time	13:41
lynxman	smoser, Daviey: We just need to know the install time channel and divide that into local and not local, then filter it from the rest, should do	13:41
lynxman	smoser: otherwise any message to let's say user.* will go both to local and remote file locatios, the filter is not exclusive and needs to be explicitly filtered out	13:43
lynxman	smoser: I'll be around in case I can be of help :)	13:43
smoser	lynxman, right now, boot logs go both places	13:43
smoser	in orchestra	13:43
smoser	they go to syslog and to the remote	13:43
smoser	were you saying that was not intended ?	13:43
smoser	anyone want to test something for me and maybe open a bug ?	13:43
lynxman	smoser: that was not intended indeed :)	13:44
smoser	i am under the impression that virtio net and possibly virtio disk are considerably slower in the guest	13:44
smoser	in precise compared to lucid	13:44
lynxman	smoser: can do later today, right now I'm heads down doing a juju openstack install	13:44
smoser	i would like someone to (with precise host) boot kvm guests of both and prove me wrong or right.	13:44
lynxman	smoser: could do :)	13:45
lynxman	smoser: as soon as I got this hammered I'll be glad to	13:45
smoser	(on canonistack, it seems to me that i can hit almost 50M/s writing to /dev/null in lucid, but only half that or worse in precise)	13:45
smoser	lynxman, http://paste.ubuntu.com/895099/	13:46
smoser	that is how you stop messages from going to the default location	13:46
smb	hallyn, So it seems bug 929626 which I thought was virt-manager might actually be a libvirt issue. mdeslaur found a rh bugilla with a good lead: https://bugzilla.redhat.com/show_bug.cgi?id=746007	13:48
uvirtbot	Launchpad bug 929626 in libvirt "virt-manager misses xen guests shutting down" [Undecided,Confirmed] https://launchpad.net/bugs/929626	13:48
uvirtbot	bugzilla.redhat.com bug 746007 in libvirt "After using 'shutdown' on a xen guest, virt-manager still reports guest is running" [Unspecified,Assigned]	13:48
smb	hallyn, Would you know better which area needs inspection when an acquired object seems not to get certain updates?	13:50
lynxman	smoser: I know, the difference is that you have messages coming from the same syslog channels, so you need to define both remote and local and then filter out :)	13:56
smoser	lynxman, so you're syaing that the same does not work ?	13:57
smoser	i just assumed i could put the & ~ after the last matching condition	13:58
smoser	and it would drop it	13:58
smoser	basically i though "& ~" meant "drop this message if the last condition was true"	13:58
smoser	so...	13:58
smoser	http://paste.ubuntu.com/895109/	13:58
lynxman	smoser: as far as I know you're dropping the channel, although that is a filtering rule...	14:00
lynxman	smoser: let's try that and see how it goes :)	14:01
uvirtbot	New bug: #962189 in openvswitch (universe) "dkms module is not automatically rebuild when installing new linux-image package" [Undecided,New] https://launchpad.net/bugs/962189	14:05
jamespage	ttx: around - have a question about milestone-proposed branches for https://github.com/openstack/*	14:24
ttx	jamespage: yes	14:24
jamespage	ttx: coolio	14:24
jamespage	ttx: so we have had a few issues in the Ubuntu OpenStack CI lab with FOLSOM opening for dev - most of which we have resolved by switching to the milestone-proposed branch	14:25
jamespage	I just wanted to understand what the Openstack approach to master/milestone-proposed branches was between now and release so I can update the test configurations correctly	14:26
ttx	So the RCs will be generated in the milestone-proposed branches	14:26
ttx	at release time we'll cut stable/essex branches	14:26
ttx	and hand them to stable maintenance team	14:26
jamespage	ttx: OK - that was what I expect to happen.	14:27
ttx	the trick is everyone is not using mliestone-proposed branches yet	14:27
ttx	since keystone is not RC1 yet	14:27
jamespage	ttx: so I noticed	14:27
ttx	so you should actually use "milestone-proposed and master if not"	14:27
jamespage	ttx: OK - thats what we have been doing	14:27
ttx	I hope keystone will be RC1 today	14:28
jamespage	ttx: https://github.com/openstack/python-novaclient/branches is giving us a few issues as folsom has opened but no milestone-proposed?	14:28
jamespage	does this apply to core projects only or all projects?	14:28
ttx	hmmm	14:29
ttx	there should be one	14:29
ttx	https://github.com/openstack/python-novaclient/tree/milestone-proposed	14:30
ttx	and there is ^	14:30
ttx	it wasn't committed to, though	14:30
ttx	since novaclient didn't need Final=True pushed to it	14:30
ttx	so maybe it didn't trigger on your side	14:30
=== jvdz_ is now known as jvdz
jamespage	ttx: hmm - showing my lack of git knowledge now - thanks for pointing that out	14:32
jamespage	ttx: OK - think I'm all set now -thanks for the advice (see you in a couple of weeks!)	14:35
ttx	np, see ya	14:36
MRCracker2	hi all, my ssh speed is too low how i can speed it up?	14:38
MRCracker2	not any idea?	14:53
Matrix3000	need help, this nfs mount in my fstab is causing boot to hang	15:23
Matrix3000	how can i make it timeout the nfs mount and continue booting in like 20 seconds	15:23
Matrix3000	or something instead of it just perm hanging	15:23
ikonia	why not make it an auto mount map	15:24
ikonia	why is it hanging ? why can't it mount at boot time ?	15:24
Matrix3000	cause, its offline right now	15:24
Matrix3000	lol	15:24
Matrix3000	it's an nfs mount that is under maintenance at the moment and it's not an essential mount	15:25
Matrix3000	just gives us some extra files	15:25
ikonia	stick an automount map in	15:25
Matrix3000	let me look that up	15:25
Matrix3000	cause i don't know where automap is	15:25
ikonia	have a dig on "NFS automount map"	15:26
ikonia	you'll get some idea of how to do it,	15:26
ikonia	if you get stuck ask	15:26
Matrix3000	but you are saying using autofs will prevent a boot hang when the system cant connect to the nfs mount?	15:32
Matrix3000	nfs share I mean	15:32
ikonia	Matrix3000: yes, as it doesn't mount it untilt it's called eg: something needs/wants it	15:33
Matrix3000	ok	15:33
Kiall	ikonia, cant you just add the "nobootwait" flag to the fstab line?	15:33
Kiall	ikonia / Matrix3000: http://askubuntu.com/questions/120/how-do-i-avoid-the-s-to-skip-message-on-boot	15:34
Matrix3000	that actually looks like an easier sollution as apache does use files on that mount	15:35
Matrix3000	for one of the sites	15:35
Matrix3000	but that site is down right now as expected	15:35
ikonia	Kiall: that would work too, good call	15:38
Kiall	ikonia, Yea, when you use EC2, you learn about that option pretty quick ;)	15:42
Kiall	There's no console to press the 'S' for Skip etc	15:42
ikonia	it's a good suggestion, didn't think of it at all	15:43
Matrix3000	lol	15:45
Matrix3000	that would be terrible	15:45
Matrix3000	that's why i am not fan of ec2	15:45
Matrix3000	but, EC2 is affordable and works for the most part	15:45
Matrix3000	wish it was like vCloud	15:46
uvirtbot	New bug: #962262 in openssh (main) "package openssh-server 1:5.3p1-3ubuntu7 failed to install/upgrade: il sottoprocesso nuovo script pre-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/962262	15:46
uvirtbot	New bug: #957682 in juju (universe) "juju crashed with IOError in write_sample(): [Errno 13] Permission denied: '/home/username/.juju/environments.yaml'" [Low,New] https://launchpad.net/bugs/957682	16:02
tolland	any idea why this request to httpd is waiting 20 secs to return;	16:11
tolland	http://pastebin.com/N3xq8SWg	16:11
tolland	(cross posted sorry, ignore the other one)	16:11
Decepticon	hi people	16:11
Decepticon	good day	16:11
Decepticon	I have ubuntu serve of 10.04 but i have problem with my sqladmin	16:12
Decepticon	this is error: #2003 Cannot log in to the MySQL server	16:12
Decepticon	but i have user and password fine!	16:12
Decepticon	please help me please!!!...	16:13
Decepticon	hi people!	16:14
tolland	Decepticon: i would start by resetting the user/pass http://is.gd/7kL2vj	16:18
Decepticon	tolland: ok! i´m check this	16:19
Decepticon	thanks	16:19
tolland	you can use the show grants command once you have either reset the admin user, or dropped grants	16:19
tolland	to see what the server thinks of your user/pass	16:20
Decepticon	tolland: you are the maximun	16:20
Decepticon	thanks thanks	16:20
Decepticon	wueeeeeeeeeeeeeeeeeeeeeeeeeeeeee	16:20
Decepticon	thank you brother	16:20
Decepticon	jejejee ,)	16:20
Decepticon	i´m configure a server ubuntu 10.04 for my job	16:21
Decepticon	thanks	16:21
tolland	Decepticon: there is also a pretty good #mysql channel which might be more appropriate for service specific questions... there is a lot of mysql server admin types there	16:23
brendand	are there any known issues with running apport-collect on ubuntu-server?	16:26
Decepticon	tuxbin: thanks of, only mysql	16:27
tjaalton	hallyn: hey, there's a new xserver-xorg-video-qxl on debian, do you think it would make sense to have in precise?	16:50
tjaalton	0.0.17	16:50
adam_g	zul: jamespage Daviey so keystone's test suite is not going to pass unless we patch swift and carry additional patches to test suites that use it, AFAICS	16:52
jamespage	adam_g, grrr	16:52
zul	the swift /dev/log stuff?	16:53
adam_g	or, alternatively, we can try to disable the swift related keystone tests, which look more like integration tests than unit tests	16:53
adam_g	zul: yeah	16:53
zul	adam_g: im in favor of disabling those tests	16:53
adam_g	we probably would have come across this a while ago if swift's tests were enabled	16:53
adam_g	zul: im sure we all are, but what about the requirements of the MIR?	16:55
zul	adam_g: well we can add it to the ubuntu-qa testsuite probably	16:55
zul	jdstrand: ^^^	16:55
uvirtbot	New bug: #960690 in quantum (universe) "bug in the debian/control file" [Medium,Fix released] https://launchpad.net/bugs/960690	16:56
adam_g	zul: well, we are running the entire test suite (swift stuff included) already when we package	16:58
adam_g	i was able to get those to actually pass on our builds yesterday	16:58
zul	adam_g: right i mean disabling the tests in the build and add the tests to the ubuntu-qa testsuite	16:59
zul	adam_g: getting swift and keystone working in a buildd is not pratical imho	17:00
hallyn	tjaalton: that might fix an open bug, sounds good. i'm out today though	17:00
jdstrand	zul: which mir are you referring to?	17:08
zul	jdstrand: keystone	17:08
jdstrand	zul: what about it?	17:08
jdstrand	I did the mir and it has a conditional ack	17:09
jdstrand	see 'Requirements for main inclusion' in https://bugs.launchpad.net/ubuntu/+source/keystone/+bug/881464/comments/15	17:09
uvirtbot	Launchpad bug 881464 in keystone "[MIR] keystone" [High,In progress]	17:09
zul	jdstrand: the testsuite does alot of integration tests for keystone, which is good, however the testsuite uses git to fetch swift and sets it up for you, however running testsuite in keystone during the buildd to make it past is not pratical	17:10
zul	s/past/pass/g	17:10
jdstrand	zul: can you comment on that in the bug?	17:10
zul	jdstrand: of course	17:10
jdstrand	zul: so the 139 of the 266 test cases are all a result of swift?	17:11
jdstrand	that is more than half	17:11
uvirtbot	New bug: #962348 in autofs5 (main) "Automount segfaults if it can't parse an LDAP entry." [Undecided,New] https://launchpad.net/bugs/962348	17:11
zul	jdstrand: no the keystoneclient tests have been disabled as well becuase of the git usage as well	17:12
jdstrand	zul: what is it pulling in? why can't the tests be updated to point at packages that are in ubuntu rather than fetching via git?	17:13
jdstrand	zul: the testsuite is basically invalid otherwise because git will move to bigger and better things but the keystone testsuite will stay static in the archive	17:13
zul	jdstrand: we tried patching it upstream but they have rejected it	17:13
zul	jdstrand: agreed	17:14
jdstrand	zul: right, but can we carry an ubuntu delta? we only really care that the testsuite for a specific version in ubuntu works with a specific version of other packages in ubuntu	17:14
zul	jdstrand: yeah we can carry the delta	17:15
tjaalton	hallyn: ok, maybe I'll skip the sync and wait for you to test it first :)	17:15
jdstrand	zul: if the tests are worthless, then we can drop it. however, they seem to be worthwhile	17:17
=== fenris is now known as Guest70667
jdstrand	zul: please comment in the bug and I will respond with alternatives	17:18
zul	jdstrand: ack	17:18
=== Guest70667 is now known as ejat
jdstrand	zul: thanks for bringing it up	17:18
zul	jdstrand: thanks for discussing it	17:18
hallyn	tjaalton: sounds good. pls email or ping me tomorrow?	17:20
tjaalton	hallyn: sure	17:21
=== Jasonn is now known as juicy
uvirtbot	New bug: #962373 in juju (universe) "unhelpful error message when .ssh/known_hosts doesn't match" [Undecided,New] https://launchpad.net/bugs/962373	17:46
=== koolhead17\|away is now known as koolhead17
zul	lovely..	17:47
zul	Daviey/adam_g: looks like swift likes to use eventlet-0.9.15	17:47
uvirtbot	New bug: #962383 in juju (universe) "ec2-key-pair went away, but juju doesn't say it is unsupported" [Undecided,New] https://launchpad.net/bugs/962383	17:56
Daviey	zul: Golly.. can you investigate ?	17:57
zul	Daviey: looking	17:58
uvirtbot	New bug: #962389 in juju (universe) "juju Recommends on lxc installs libvirt-bin which causes problems when testing in virtualized environments" [Undecided,New] https://launchpad.net/bugs/962389	18:06
smoser	lynxman, so i think i know why logging goes to syslog	18:09
smoser	it already goes there before your ocnfig can stop it	18:12
smoser	as your config runs after 50	18:12
smoser	(50-default.conf)	18:12
=== Lcawte\|Away is now known as Lcawte
zul	Daviey: i just run the swift excercises from devstack i dont see anything wrong from the tests, im waiting for more info about that bug	18:49
adam_g	zul: on precise?	18:56
zul	adam_g: yes	18:56
adam_g	zul: what about the swift-bench utility that was run to produce the bug?	18:57
zul	adam_g: they havent provided any more info on how to reproduce it	18:57
Daviey	zul: ugreat!	18:59
adam_g	zul: i think you should have everything you need to run swift-bench in openrc	19:00
zul	adam_g: you sure?	19:01
adam_g	zul: not certain, but swift-bench -h shows a config file that needs only the keystone endpoint and credentials	19:01
adam_g	er, s/keystone/swift	19:01
zul	adam_g: got it working havent been able to reproduce it so it might be smething with the guy's config	19:20
uvirtbot	New bug: #962426 in keystone (universe) "keystone package install doesn't create logrotate.d entry" [Undecided,New] https://launchpad.net/bugs/962426	19:23
uvirtbot	New bug: #956578 in asterisk (universe) "Remote crash vulnerability in SIP channel driver" [Undecided,Confirmed] https://launchpad.net/bugs/956578	20:06
uvirtbot	New bug: #956580 in asterisk (universe) "Remote Crash Vulnerability in Milliwatt Application" [Undecided,Confirmed] https://launchpad.net/bugs/956580	20:06
uvirtbot	New bug: #956581 in asterisk (universe) "Stack Buffer Overflow in HTTP Manager " [Undecided,Confirmed] https://launchpad.net/bugs/956581	20:06
uvirtbot	New bug: #962503 in mysql-5.1 (universe) "mysql fails to start due to error in /etc/apparmor.d/usr.sbin.mysqld" [Undecided,New] https://launchpad.net/bugs/962503	20:41
uvirtbot	New bug: #962507 in juju (universe) "[FFE] Latest juju snapshot enables maas provider" [Undecided,New] https://launchpad.net/bugs/962507	20:46
=== IdleOne is now known as pangolin
uvirtbot	New bug: #962560 in libpam-ldap (main) "pam-auth-update Account-Type should be "Additional"" [Undecided,New] https://launchpad.net/bugs/962560	21:36
eb_	I'm trying Orchestra and Juju but with juju bootsrap	22:05
eb_	I'm trying Orchestra and Juju but juju bootstrap return an error	22:06
eb_	The error is "error: Environments configuration error: /home/localadmin/.juju/environments.yaml: environments.orchestra.acquired-mgmt-class: required value not found"	22:07
uvirtbot	New bug: #962393 in phpmyadmin (main) "Installation loops in db-config-common when ran from software-center" [Undecided,New] https://launchpad.net/bugs/962393	22:12
Daviey	SpamapS: Plans to backport apache 2.4.1 to precise-backports?	22:23
SpamapS	Daviey: would love to!	22:23
Daviey	SpamapS: gonna happen? :)	22:24
Daviey	SpamapS: Didn't you have one knocking around in a PPA?	22:24
SpamapS	No	22:24
SpamapS	I'm not sure its worth it	22:25
SpamapS	2.2 .. 2.4 .. its still just apache	22:25
=== Lcawte is now known as Lcawte\|Away
meerkats	where did the offtopic room go?	22:28
Daviey	SpamapS: How is PHP looking?	22:29
SpamapS	Daviey: about to start driving nails into 5.4's coffin	22:30
ajmitch	still no suhosin patch on the horizon?	22:30
SpamapS	nope	22:31
adam_g	Daviey: IN: glance, quantum, swift (assuming 1.4.7), horizon. NOT IN: keystone (rc not released yet), nova (in queue), melange	22:36
Daviey	adam_g: okay! thanks for the update.. do we have an ETA on keystone upstream RC?	22:38
adam_g	Daviey: i think theres just one bug still in progress with a review in gerrit	22:38
Daviey	adam_g: great!	22:39
arosales	adam_g: for the blueprint Implementation status for https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-openstack-testing seems it should at least be marked at least with "Good Progress" your thoughts?	22:59
adam_g	arosales: oh, ya. the only TODO will hopefully be DONE after ODS.	23:00
adam_g	arosales: the INPROGRESS regarding the stress tests is misleading now, i guess. ive been working with the upstream on getting a new stress test suite working nicely and implementing it on our openstack CI	23:01
arosales	adam_g: "deployment" might also be fitting then.	23:02
adam_g	arosales: not so much a porting effort anymore. should i postpone/defer or just change the wording?	23:02
arosales	adam_g: If you still will get to it this cycle you can leave the remaining to do as is, perhaps just update the "Implementation" status to something other than "Unknown"	23:03
adam_g	arosales: will do, for sure	23:04
arosales	adam_g: thanks	23:04
adam_g	arosales: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-openstack-charms this one needs a bit more TLC, but honestly im not sure how much of those TODOs will be done this cycle. note that none are really tied to the release schedule	23:07
arosales	adam_g: tough to work on the charms with the packages being in such flux	23:07
arosales	we'll revisit all the "postponed" work items for the next cycle too, so those items don't get forgotten	23:08
arosales	adam_g: If your pretty sure they are not going to happen this cycle then might as well postpone, kind of odd since they are not tied to the release	23:09
arosales	we can pick them up next cycle, at least for work item tracking ;-)	23:11
fluvvell	are people generally more in favour of virtual machines using vmware, or kvm. ( it will be a windows vm)	23:18
adam_g	arosales: ok cool. yeah, they're really wishlist features for current juju charms, which can be added anytime really	23:18
arosales	adam_g: thank for the updates	23:25
_johnny	hi, i'm trying to upgrade from 10.04 to 10.10. network and cd (alternate) both give me the following halt: The package 'update-manager-core' is marked for removal but it is in the removal blacklist.	23:34
_johnny	any ideas as to what i'm doing wrong?	23:34
tarvid	!iptables	23:48
ubottu	Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW \| An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo \| GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist.	23:48
pukeko	howdy	23:49
tarvid	https://help.ubuntu.com/community/IptablesHowTo#Logging is short about logging explicitly dropped packets	23:50
tarvid	can I add a "log" option to a rule?	23:50
pukeko	tarvid: setup a new rule and if the packets met certain requirments jump to that rule and log	23:53
tarvid	thanks pukeko , I've been under attack for weeks	23:54
tarvid	finally came with a firewall that works	23:54
tarvid	just curious who the culprits are	23:54
pukeko	hey.. i need to "sync" two samba servers one is offline but needs to be available if the other one dies..	23:55
pukeko	what else do i need to sync apart from /etc/group /etc/passwd /etc/samba /var/lib/samba ?	23:56
pukeko	* and the data of course	23:56
pukeko	tarvid: i used to do it via the interfaces.. if it came in / or out of and matched - then jump to a ruleset	23:58
tarvid	basically I just want to drop the sh*t	23:58
pukeko	but that could get a bit hard on the brain - when monitoring both out going and incomming over 3 or more interfaces	23:59
tarvid	only two	23:59
tarvid	someone or someones were sucking me dry	23:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!