[00:00] <pukeko> how ?
[00:00] <tarvid> a mixture of www, ftp and ssh
[00:00] <pukeko> from internal network or ext ?
[00:00] <tarvid> external
[00:01] <tarvid> ssh I suspect was password cracking]
[00:01] <pukeko> what do you mean by that ?
[00:01] <tarvid> constantly trying to log in?
[00:02] <pukeko> where you limiting the attempts etc ?
[00:02] <tarvid> iptables
[00:02] <pukeko> sshd_config
[00:03] <pukeko> and iptables
[00:03] <tarvid> no I don't want to bother with auth, I just want to dsrop the packets
[00:03] <tarvid> I don't want them to even know whawt doesn't work
[00:04] <tarvid> this box does dns for my domains to the world and nat for the boxes behind it
[00:04] <pukeko> are you writing the iptables script yourself ?
[00:04] <tarvid> I need administrative access from other locations
[00:04] <tarvid> yes
[00:04] <tarvid> hard enough to understand when you write your own
[00:04] <pukeko> good whay to learn though..
[00:05] <tarvid> old dog new tricks
[00:05] <tarvid> hotel california
[00:05] <tarvid> i've been in networking 101 25 years
[00:05] <pukeko> makes "learning" something like Pfsense a walk in the park
[00:06] <tarvid> what does that do
[00:07] <pukeko> http://pfsense.org/
[00:07] <tarvid> ah, i have been ubuntu monogamous
[00:08] <tarvid> did try one of those distros about 5 years ago
[00:08] <pukeko> its easy peasy - only gets abit weird if yr installing onto a softraid
[00:08] <pukeko> "they" use different naming convensions
[00:08] <tarvid> doing a softraid install of 12.04 as we chat
[00:09] <pukeko> server ?
[00:09] <tarvid> run into that on my pbx box
[00:09] <tarvid> yes
[00:09] <pukeko> what pbx dist you use ?
[00:09] <tarvid> erasing the md at the moment should finish by morning
[00:10] <pukeko> ..you can set it up in "disabled" mode load the data and "fix' the md later of course ..
[00:11] <pukeko> : )
[00:11] <tarvid> mdadm create failed so I am building the md first
[00:12] <pukeko> what sort of machine is it ?
[00:12] <tarvid> I suspect replacing a failed rive would go better
[00:13] <tarvid> pentium 4 socket LGA 775 sata drives 2GB
[00:13] <tarvid> a gift
[00:13] <tarvid> all I have to do is replace the stock colling fan
[00:13] <tarvid> cooling
[00:14] <tarvid> i thanked them for the machine and they said free like in free cats
[00:14] <pukeko> btw anyone here have any thoughts regarding my samba sync query above ?
[00:14] <pukeko> hehe
[00:15] <tarvid> wish I did, I have a samba based nas at home
[00:15] <tarvid> ubuntu windows at home
[00:15] <tarvid> ubuntu mac osx at the condo
[00:15] <pukeko> only one and a quarter hours to go before beer oclock
[00:17] <pukeko> barbeque and beers at 3 !!!!
[00:17]  * pukeko pretends to get back to work
[00:18]  * pukeko rolls up sleeves and frowns a lot
[00:18] <pukeko> but seriously ... better get back to it .. catch you later tarvid
[00:29] <micahg> Daviey: SpamapS: I don't see a backport of apache being possible it just breaks too much
[01:39] <adam_g> Daviey: fyi, i think those swift bugs from earlier may be specific to the diagnostic tools and not swift itself. ive just xfered ~25GB on  precise swift cluster w/o issue
[01:46] <pukeko> i have 2 samba servers i want to keep in sync - which other files/dirs do i need apart from /etc/samba/* /etc/group /etc/passwd /var/lib/samba/* ?
[01:47] <pukeko> *one of the servers has the smbd service disabled so no clash
=== KM0201 is now known as hello
=== hello is now known as KM0201
[03:19] <jtran> hey all.  i have 4 ubuntu natty servers all installed the same method.   3 of them automatically load 'bonding' module, verified via lsmod bonding.    however, 1 of them does not.   i've verified it has ifenslave pkg installed.   insmod bonding:    insmod: can't read 'bonding': No such file or directory
[03:19] <jtran> any idea why this is happening?
[03:27] <axisys> is it possible to get 3Gbps write with disks ? may be with raid10
[03:28] <twb> Probably not on whitebox hardware
[03:29] <qman__> dependent on a lot of factors, but if you get some SSDs and raid, you can probably do it
[03:30] <axisys> qman__: how do I benefit from ssd with ext4 or ext3 may be? I know how, with ZFS
[03:30] <qman__> the current gen SSDs simply have faster data rates than hard disks
[03:30] <axisys> twb: how about with sun hardware or some other.. company is looking to purchase it
[03:30] <qman__> and would be possible to achieve that level of speed, with the right controller, and the right configuration
[03:31] <axisys> qman__: can you do hybrid (disk + ssd)
[03:31] <qman__> that's a whole mess I want none of, personally
[03:31] <axisys> qman__: with linux's available fs ?
[03:31] <qman__> but some people do it
[03:31] <twb> axisys: I was thinking more like non-persistent RAM
[03:32] <qman__> simple fact is, though
[03:32] <axisys> qman__: with zfs you can setup hybrid .. where write log part of raid can be ssd.. never done anything like this in linux
[03:32] <qman__> a hybrid system doesn't give you anything that more RAM wouldn't do better, cheaper, with less potential for problems
[03:32] <twb> hear hear
[03:33] <twb> Even better would be /dev/null -- that's only slightly less recoverable
[03:33] <axisys> twb: lol
[03:33] <axisys> twb: what is non-persistent RAM ?
[03:33] <axisys> should google it, I guess
[03:34] <axisys> no luck yet
[03:34] <twb> axisys: normal ram
[03:34] <twb> i.e. volatile RAM, data is lost when you lose power
[03:35] <axisys> qman__: what is a good raid controller? i thought sftware raid is pretty good with lots of cpu and mem ?!
[03:35] <axisys> twb: ok
[03:35] <twb> whereas SSDs are non-volatile but still basically RAM
[03:35] <qman__> it is, but it's not as fast as a good dedicated controller under certain circumstances
[03:35] <qman__> also, I said disk controller, not raid controller
[03:35] <axisys> qman__: oh
[03:35] <qman__> you need a disk controller that can sustain your disks' data rates
[03:36] <twb> hw raid makes sense when bandwidth is more important than flexibility, reliability, and ease of management
[03:36] <twb> i.e. almost never
[03:36] <axisys> :-)
[03:36] <twb> I'm with qman__ -- work out where the bottlenecks are and fix those
[03:36] <qman__> for example, my file server has an LSI non-RAID SAS controller for 8 of the disks
[03:36] <twb> Or better, fix your app to not need 3gbps sustained
[03:37] <qman__> which I selected specifically because it can handle SATA 3's full data rate
[03:37] <qman__> my disks aren't that fast yet, but I'm future proofing
[03:37] <axisys> qman__: dell or hp or supermicro ?
[03:37] <qman__> none
[03:37] <axisys> qman__: or sun ?
[03:37] <qman__> it's a Gigabyte AM3+ board
[03:38] <qman__> with a phenom II x4
[03:38] <qman__> you'd want something better if you're needing that level of performance though
[03:38] <axisys> and for raid .. i suppose dont look at anything but raid10 ?
[03:39] <qman__> depending on your application
[03:39] <qman__> you can make up for a slower disk subsystem by throwing more RAM at it
[03:39] <qman__> put 32, 64GB of RAM in, and that's all disk cache
[03:39] <axisys> do I have to do anything special except just put more rams in the system for that?
[03:40] <qman__> nothing special, linux does this by default
[03:40] <axisys> ok
[03:40] <qman__> all unused memory is automatically used as disk cache
[03:40] <qman__> of course cache is cache, and doesn't apply in all situations
[03:41] <qman__> raid 10 will be fastest
[03:41] <TylerW> whats the deal with webmin vs. Zentyal; everyone claims webmin can mess up an Ubuntu system but nobody brings proof or facts, and those of us that love it find no issues...
[03:42] <qman__> webmin violates the debian package management system, and mucks up config files in a nonstandard way
[03:42] <axisys> qman__: now I need some hardware for enterprise..
[03:42] <axisys> qman__: really dont want SUN hardware
[03:42] <qman__> so, in practice, it can work okay, but if it breaks it, we can't help you
[03:43] <TylerW> qman: thanks for a straight answer! I prefer cli for most practices, there are a couple things i find much easier/less time consuming on webmin <-- and for some of my staff that NEED it because they can't even understand the "ls" command
[03:43] <TylerW> But seeing as though I don't use webmin for many configs... maybe setting up some apache virtual hosts from time to time... but once established I usually go in and manually write out a lotof the configs I know by heart
[03:44] <TylerW> one last thing if you don't mind; any absolute no no for running zentyal AND webmin on the same system? By the looks of it they wouldn't compete/interact with eachother so long as I wasn't trying to edit the same config in both
[03:44] <qman__> sounds like a really bad idea
[03:45] <qman__> especially because of the way webmin does it
[03:45] <qman__> you can try it, but make sure you do it non-production, and spend plenty of time on it
[03:46] <TylerW> yeah, definitely good points
[03:46] <qman__> axisys, I've worked on a few supermicro systems, they're alright, but I don't have enough to say if any one is better than any other
[03:47] <qman__> I buy based on reviews, and the last time I priced one out (didn't end up getting it) I actually picked an ASUS board for dual opterons
[03:47] <qman__> most of the hardware I work on isn't enterprise grade
[03:48] <TylerW> I find enterprise grade hardware to be more expensive and not last any longer or offer any other additional benefits (for the most part) than consumer hardware most of the time
[03:49] <qman__> lots of entry level server boards, single socket, just glorified desktops, and lots of actual desktop hardware
[03:49] <qman__> couldn't justify the cost for my server, just don't need that much RAM or dual chips
[03:50] <qman__> 16GB and a quad core is overkill enough for what it does
[03:50] <micahg> Daviey: SpamapS: I take that back, the way Debian has the current 2.4 packaging, a backport should be fine as nothing is allowed to be coinstallable, but to make it useful, you'll need to backport other stuff with it as any of the current apache modules in precise won't work
[03:50] <TylerW> oh gee, Zentyal vm image for quick testing... excellent
[04:57] <twb> qman__: personally, I *do* just buy desktop/workstation ATX boards
[05:13] <uvirtbot> New bug: #962779 in samba (main) "package samba 2:3.6.3-2ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/962779
[05:50] <Error404NotFound> Is there a way i can override the path of where a certain scripts looks for libs from /lib or /usr/lib to some other directory in runtime without sudo access?
[07:01] <uvirtbot> New bug: #962826 in samba (main) "package samba-common 2:3.6.3-2ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/962826
[08:18] <uvirtbot> New bug: #943000 in cobbler (main) "update to system fails with  Exception value: 'NoneType' object has no attribute 'os_version'" [Critical,Fix committed] https://launchpad.net/bugs/943000
[08:38] <Daviey> morning all!
[08:38] <koolhead17> good morning Daviey
[08:38] <Daviey> morning koolhead17
[08:39]  * koolhead17 wants to go back sleep again.
[09:43] <jamespage> morning all
[10:22] <Qten> lo, 12.04, anyone have any guesses as to why i get a kernel panic when using the bonding driver on bootup but works ok if i do a networking restart?
[10:23] <Qten> and one some servers it works fine every reboot but on others never works at all
[10:23] <Qten> one some = one
[10:33] <Qten> found the issue /facepalm i need bridge-utils and ifenslave for bonding why isnt it a depend of ifenslave
[11:39] <dforthman> Good morning. Does anyone know where I can download Groundwork 6.5? I'm running 32-bit Ubuntu Server and the latest version (6.6) only supports 64-bit.
[11:45] <ikonia> dforthman: is that in the repos or a comercial product
[11:45] <dforthman> not sure if it's in the repos or not. that's why i'm asking
[11:45] <ikonia> I don't see it
[11:45] <ikonia> is it a comercial product or open source ?
[11:46] <dforthman> it's supposedly open source, http://www.gwos.com - but they don't have a link to previous versions
[11:47] <ikonia> I don't see it as open source
[11:47] <ikonia> I see licenses
[11:48] <dforthman> there's support contracts per device, but the software itself is free
[11:48] <ikonia> their website has terrible layout for information
[11:48] <ikonia> I'd contact them direct
[11:48] <dforthman> yeah, i'll do that. thanks for your help
[11:49] <ikonia> thank you, I'm having a look at groundworks, never heard of it
[11:49] <dforthman> it's pretty much a pretty front-end for nagios
[11:50] <dforthman> it also lets you make changes, test it, and store it in mysql, then commit them all at once
=== smb` is now known as smb
[12:25] <_ruben> bah .. groundwork seemed nice, until i noticed that the free edition is limited to 50 hosts
[12:28] <koolhead17> _ruben: i saw it too :D
[12:29] <koolhead17> http://www.gwos.com/downloads/core/ :P
[12:32] <_ruben> which makes it useless for us
[12:32] <_ruben> grep -c host_name /etc/nagios/hosts.cfg
[12:32] <_ruben> 242
[12:33]  * koolhead17 wants to learn nagios as well
[12:33] <_ruben> $10000 per year aint fun :P
[12:33] <_ruben> and that'd be only level1 :)
[12:41] <uvirtbot> New bug: #963034 in openssh (main) "package openssh-server (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/963034
[12:57] <zul> morning
[13:19] <husien> hye..
[13:34] <lynxman> zul: morgen
[13:36] <smb> lynxman, ist Samstag
[13:37] <lynxman> smb: jetzt? Ich denke auf Freitag war
[13:37] <smb> lynxman, Heute ist Freitag, "morgen" ist Samstag ;-P
[13:38] <lynxman> smb: heh :)
[13:39]  * smb blames the increasing silliness on the weather...
[13:40] <lynxman> smb: yeah, not miserable = fun ;)
[13:42] <smb> At least while not required to be working ... home office at 26° = not so much fun, at least until one is used to it
[13:48] <lynxman> smb: ouch, that's slightly too hot for my taste
[13:48] <Daviey> soren: How is your keystone-common looking
[13:49] <Daviey> ?
[13:49] <soren> Daviey: Lovelier and lovelier by the day.
[13:49] <soren> Daviey: *Just* finished adding the ability to add the service and endpoints to keystone as well.
[13:49] <soren> Daviey: Literally two minutes ago.
[13:49] <Daviey> soren: this is great news.. what branch are you using?
[13:50] <soren> It's at lp:~soren/+junk/keystoneconfig-common/
[13:50] <soren> I don't want to create a project for it. I expect to maintain it as a native package.
[13:50] <soren> ...so until Q opens and I can upload it properly, it'll just be under +junk
[13:51] <ogra_> you plan to upload junk to Q ?
[13:51] <ogra_> tsk
[13:51] <soren> ogra_: That's all I have.
[13:51] <soren> ogra_: Gotta put it somewhere.
[13:51] <ogra_> server guys ...
[13:51] <soren> :)
[13:51] <ogra_> :)
[13:51] <Daviey> I really wish there was a "misc" project, rather than +junk for catchall
[13:52] <soren> Daviey: I got the impression it was too late for you guys to make use of it in Precise anyway, so didn't bother uploading it.
[13:52] <soren> Daviey: Create one?
[13:52] <Daviey> soren: I'd rather get it in, if adam_g thinks we can.
[13:52] <soren> Daviey: Would be fun to see what sort of stuff turns up there.
[13:53] <soren> Daviey: I'm surprised the config project on LP hasn't been abused more.
[13:53] <Daviey> soren: /me starts a homeless project.
[13:53] <soren> Daviey: Well, let me know if you want me to push it.
[13:53] <soren> Daviey: I'd just rather not waste time on it if it won't be used anyway.
[13:54] <Daviey> soren: lets see what adam_g thinks when he arrives.
[13:54] <soren> Cool beans.
[13:54] <Daviey> soren: We've abused jdstrand enough this cycle, reviewing NEW's. :)
[13:55] <zul> Daviey: i dont think jdstrand should pay for his drinks at uds when a server team member is around ;)
[13:59] <Nafallo> what's the favourite way to combat spam on a postfix/dovecot setup? :-)
[13:59] <Nafallo> in particular spam that comes from a forwarder, such as @ubuntu.com ;-)
[14:01] <zul> Nafallo: /dev/null? :)
[14:02] <Nafallo> that's sounds like the end goal. there must be a good path to get there ;-)
[14:02] <Nafallo> i.e. I need a classifier.
[14:06] <patdk-wk> nafallo, the only way to get spamass to better classify forwarder email, is to add the forwarder to your trustednetworks
[14:07] <patdk-wk> but then, that can also bit you, for emails that originate from there
[14:08] <Nafallo> hmm. yeah. I'd like to avoid any kind of host-based checks. I'd rather spend the CPU cycles to check each message.
[14:08] <Nafallo> how about dspam?
=== jvdz_ is now known as jvdz
[14:31] <rbasak> Can anyone suggest why "d-i netcfg/choose_interface select auto" might not work? I've tried eth0 as well. It keeps asking me!
[14:32]  * rbasak is using priority=critical
[14:32] <tjaalton> rbasak: it won't work in a preseed file, you need to give it on the kernel cmdline
[14:33] <rbasak> tjaalton: oh yeah of course, it won't be able to read the preseed yet
[14:33] <tjaalton> yeah, unless you build your own boot image, can put the preseed file there but it's simpler to feed the kernel directly..
[14:36] <rbasak> tjaalton: doing it on the cmdline worked - thanks!
[14:38] <jdstrand> heh
[14:47] <gabebug> I have a server running Natty that's got a vulnerability report for https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/837991 - but that but report only lists patches for oneric. shouldn't natty and maverick get back ported patches for this too?
[14:47] <uvirtbot> Launchpad bug 837991 in apache2 "Please merge apache2 2.2.20-1 to fix CVE-2011-3192+regressions" [High,Fix released]
[14:51] <SpamapS> gabebug: that bug is for a regression in the CVE update, not the actual CVE
[14:51] <gabebug> ah
[14:51] <SpamapS> gabebug: http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3192.html
[14:51] <uvirtbot> SpamapS: The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192)
[14:55] <gabebug> i have controlscan complaining that my natty install is vulnerable, but i'm running apache2-2.2.17-1ubuntu1.5. suppose that's just a false positive from controlscan?
[15:02] <mdeslaur> SpamapS: new mysql versions apparently
[15:10] <SpamapS> mdeslaur: been waiting for 5.5.22 actually.. 5.5.21 had some kind of regression IIRC
[15:10] <mdeslaur> SpamapS: they mention security stuff in the 5.1.x release notes, but not 5.5 and 5.0
[15:10] <mdeslaur> SpamapS: although they have updated yassl in 5.5 and 5.0 also, and I suspect that's security realted
[15:10] <SpamapS> Oh joy, 5.5.22 has "yaSSL was upgraded from version 1.7.2 to 2.2.0."
[15:10] <mdeslaur> SpamapS: do we use yassl?
[15:11] <SpamapS> yes we enable SSL
[15:11] <mdeslaur> or do we build with openssl or something else
=== bladernr_ is now known as bladernr_afk
[15:11] <SpamapS> mdeslaur: yassl is their only solution
[15:12] <jdstrand> mdeslaur: I saw some yassl stuff recently-- that is probably CVE-2012-0882
[15:12] <uvirtbot> jdstrand: ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0882)
[15:12] <mdeslaur> jdstrand, SpamapS: yeah, probably that one
[15:12] <SpamapS> Yeah, mysql has always embedded yassl
[15:13] <SpamapS> There's an open bug against the Debian mysql packages to package yassl separately and use that
[15:13] <SpamapS> I think that may end in disaster though ... mysql hates playing nice with others.
[15:13] <mdeslaur> SpamapS: ok, thanks for the clarification...I'm probably thinking of something else that bundles yassl that we disable
[15:28] <zul> there swift down to one failing test
[15:33]  * smb wonders whether hallyn is to be expected today...
[15:49] <_ruben> ugh, nice challenge for next week: fresh install of 10.04.4 on software, at boot time it complains /boot is not ready yet or unavail, enter recovery shell, issue mount /boot, ctrl-d, boot continues without issue
[15:50] <_ruben> s/software/software raid/
[15:55] <henkjan> _ruben: i see that happen a lot with lucid
[15:55] <henkjan> randomly droppen to initramfs while booting from mdadm
[15:55] <henkjan> after a powercycle booting mostly works correct
[15:58] <_ruben> henkjan: tried 3 reboots just now, keeps failing
[15:58] <_ruben> and i don't really end up in the initramfs i think
[15:59] <_ruben> as / is already mounted and after exiting that shell, it just continues starting some services and be done
[15:59] <_ruben> guess should've requested hw raid after all :P
[16:00] <henkjan> mwah, mdadm raid is fine most of the time
[16:00] <_ruben> this shouldn't be a disk intensive box anyways: border router :)
[16:00] <_ruben> tho reliable booting would be nice :)
[16:01]  * jamespage is killing qemu quite convincingly this afternoon trying to automate iscsi root testing
[16:01] <henkjan> _ruben: routing on ubuntu + ?
[16:01] <_ruben> henkjan: bird
[16:01] <henkjan> quagga? bird?
[16:02] <_ruben> working like a charm
[16:02] <_ruben> replacing my current dell pe860 boxes with pe r210 ones
[16:02] <_ruben> if they'd boot....
[16:02] <_ruben> properly that is :)
[16:02] <henkjan> ...
[16:02] <_ruben> but that's for next week to tackle, time to head home now
[16:04] <pabelanger> nice to see bug 935585 is fixed.  The only real issue I have had with 12.04
[16:04] <uvirtbot> Launchpad bug 935585 in upstart "[kernel panic] init: log.c:786: Assertion failed in log_clear_unflushed: log->remote_closed" [High,Fix released] https://launchpad.net/bugs/935585
[16:14] <KM0201> why is NFS so hard to setup?
[16:15] <smb> hallyn, Morning, I got two little libvirt presents you may want to have a look at (bug 929626 and bug 963006). I would also try to get them upstream but if they pass you review and we could get that uploaded it would be great.
[16:15] <uvirtbot> Launchpad bug 929626 in libvirt "virt-manager misses xen guests shutting down" [Medium,In progress] https://launchpad.net/bugs/929626
[16:15] <uvirtbot> Launchpad bug 963006 in libvirt "libvirt: xen: hypervisor driver fills log with internal errors after shutdown" [Low,In progress] https://launchpad.net/bugs/963006
[16:26] <iclebyte> does any one know how to specify the pppX interface from within the /etc/ppp/peers/provider files?
[17:08] <adam_g> zul: have tried uploading that swift patch against the current ubuntu pkg to a buildd and see if the other tests pass? if that works, i think the keystone tests should as well
[17:09] <zul> adam_g: not yet im going to build it locally before i upload it to a ppa
[17:11] <zul> adam_g: btw that patch is specifically for 1.4.7 though
[17:11] <uvirtbot> New bug: #963280 in zookeeper (universe) "Memory leak on any async python call" [Undecided,New] https://launchpad.net/bugs/963280
[17:19] <apw> hallyn, i presume the memory cgroup is enabled so we can use it with lxc?  do we recommend a base OS for lxc use (for x86)
[17:20] <stgraber> hallyn: arkose is broken with new lxc ;)
[17:20] <stgraber> hallyn: I'll look at it after my current meeting
[17:22] <l3dx> I have a 3-disk array that previously was setup with lvm2 and raid5. These disks are now inserted into a different server. Is it possible to "recover" the setup? How do I do that without losing the data?
[17:24] <tarvid> new RAID 1 installation, how do I check synchronization
[17:26] <stgraber> hallyn: right, I'm out of my meeting
[17:27] <stgraber> hallyn: I had to downgrade lxc in a hurry to make arkose work again :)
[17:27] <stgraber> hallyn: so arkose calls lxc-init using a shell script as init script, so far so good
[17:27] <stgraber> hallyn: but starting with the new LXC, it complains it can't find the apparmor profile and just fails to start at all
[17:30] <l3dx> nvm, I found out (mdadm -A)
[17:32] <tarvid> any way to monitor RAID 1 remotely?
[17:35] <Nafallo> cat /proc/mdstat
[17:36] <tarvid> Nafallo, I would like to monitor from an external host or get machine eo email a message if status changes
[17:37] <Nafallo> munin, nagios, mdadm... choose your poison :-)
[17:38] <tarvid> I'd have to poll with mdadm
[17:39] <tarvid> munin looks interesting
[17:39] <Nafallo> mdadm does include a monitor that can e-mail stuff, you know... :-)
[17:46] <foo> hmm, just to confirm: if someone has an e-mail client, and they get e-mail via pop3, and all of a sudden we change the pop3 server (eg. migrate their e-mail system to a new one), then they start getting e-mail from the new server and all of their old e-mail still stays in their e-mail client, right?
[17:46] <uvirtbot> New bug: #963301 in php5 (main) "php5 crashed with SIGSEGV when i was compiling XDebug using pear" [Medium,New] https://launchpad.net/bugs/963301
[18:04] <zul> adam_g: it built locally fine here just threw it in a ppa
[18:19] <instabin> Would it be better to run a web server on ubuntu or freebsd?
[18:19] <instabin> and why
[18:20] <SpamapS> instabin: better implies that there is a measurement that can be applied
[18:21] <instabin> They both can use apache? So is one more secure than the other?
[18:21] <SpamapS> instabin: I'd guess that there are quite a few measurements that would be used to measure the success or failure of running a web server... but they are likely specific to each web site/server :)
[18:22] <SpamapS> instabin: security is a process, and not a single thing that can be measured
[18:22] <instabin> I been running on 10.4 lts for the last 2 years
[18:22] <SpamapS> instabin: then you'll find apache in 'apt-cache search apache' ;)
[18:23] <instabin> I have been running apache on it for the last 2 years with php
[18:23] <instabin> Friend of mine is trying to convince me to switch to freebsd
[18:24] <instabin> Says it more secure.. because its designed to be a server only
[18:24] <mdeslaur> uhm, "more secure because it's designed to be a server only" sounds fishy to me
[18:25] <instabin> I think its just cuz hes a freebsd fanboy
[18:26] <instabin> But i figured I would evaluate since I was planning on upgrading to 12.04 when its released
[18:27] <instabin> I think that since they run the same web server it would depend on your firewall for how secure the system is.
[18:40] <hallyn> hggdh: Daviey: boy!  i'm wondering whether bug 961217 turns out to be due to libnl3!
[18:40] <uvirtbot> Launchpad bug 961217 in libvirt "virsh start domain sometimes fail in oneiric" [High,Confirmed] https://launchpad.net/bugs/961217
[18:40] <hggdh> hallyn: if so, how to check?
[18:40]  * hggdh is glad there is some light at the end of the tunnel
[18:41]  * hggdh is not sure it is not a train comming in
[18:41] <hallyn> hggdh: im' not sure :)  so far i've just got that i can reproduce it with upstream git with our patches on top, but not without our patches
[18:41] <hggdh> ah
[18:41] <hallyn> so now i'll try all our patches except libnl3...
[18:41] <hggdh> and we patched for using libnl3?
[18:42] <hggdh> yes, of course, already answered
[18:43] <hallyn> mind you i'm not 100% clear on why we do that.  it introduces delta over debian for libvirt and netcf.  but i assume we had to do it for something so now do ti for everything
[18:59] <pdtpatr1ck> Question - does anyone know of a similar service like Moonwalk (http://www.moonwalkinc.com/products/moonwalk-for-linux) for Ubuntu  ?
[19:04] <Daviey> koolhead17|away: around? (i note your nick suggests a no)
[19:04] <koolhead17|away> Daviey, am very much here sir
=== koolhead17|away is now known as koolhead17
[19:07] <koolhead17> i log in with default away nice :P
[19:07] <stgraber> hallyn: ping
[19:07] <Daviey> koolhead17: hah, did you ever get a solution for bug 807038?
[19:07] <uvirtbot> Launchpad bug 807038 in dbconfig-common "dbconfig-common fails to preseed phpmyadmin on natty/lucid" [Medium,Triaged] https://launchpad.net/bugs/807038
[19:08] <instabin> what web gui is recommeded for managing a ubuntu server
[19:08] <koolhead17> instabin, landscape :)
[19:09] <koolhead17> Daviey, i moved to oneiric and then never looked at it. i can check it again
[19:10] <koolhead17> Daviey, or you have some other suggestion?
[19:11] <instabin> How do you get landscape
[19:12] <instabin> Do you have to buy Ubuntu Advantage?
[19:14] <Daviey> koolhead17: no, just wondered
[19:15] <koolhead17> instabin, i think 5 machine its free for more yes you have to buy support which comes with many other services i suppose
[19:15] <koolhead17> Daviey, i will look at it again and get back to you.
[19:16] <uvirtbot> New bug: #963368 in bind9 (main) "dnssec-keygen takes forever to generate a keyfile" [Undecided,New] https://launchpad.net/bugs/963368
[19:17] <koolhead17> Daviey, i saw some openssh-server bug reported today for 10.04
[19:18] <stgraber> hallyn: tracked my lxc bug down to the fact that I'm running a container without a /proc mounted by lxc
[19:19] <stgraber> hallyn: if /proc isn't mounted by lxc (through a fstab entry), then you get "lxc-start: No such file or directory - failed to change apparmor profile to lxc-container-default"
[19:19] <stgraber> hallyn: I'll file a bug about it, would be great if it could be fixed very soon as it'd need to be included for beta2 (arkose is broken because of that)
[19:20] <instabin> koolhead17: how do i get it
[19:21] <koolhead17> instabin, http://www.canonical.com/enterprise-services/ubuntu-advantage/landscape
[19:21] <koolhead17> it has everything you need
[19:24] <stgraber> hallyn: bug 963388
[19:24] <uvirtbot> Launchpad bug 963388 in lxc "Unable to start containers without proc entry in fstab" [High,Triaged] https://launchpad.net/bugs/963388
[19:31] <uvirtbot> New bug: #963388 in lxc (universe) "Unable to start containers without proc entry in fstab" [High,Triaged] https://launchpad.net/bugs/963388
[19:31] <mgw> are the certificates signed by two intermediate CAs of the same root CA interchangeable?
[19:47] <kklimonda> stgraber: how secure is lxc nowadays?
[19:49] <Steve[MBA]> anyone happen to know why I keep getting the following error when running virt-install with kvm? "ERROR    Unable to resolve address 'system' service '16514': Name or service not known"
[19:49] <Steve[MBA]> seems that libvirt isnt running, but dunno why
[19:51] <Steve[MBA]> actually libvirt is running, just not listening on that port
[19:51] <Steve[MBA]> im trying to connect locally as well
[19:52] <stgraber> kklimonda: pretty secure when you have the apparmor profile turned on. We won't guarantee it to be root-safe until we have the user namespace though, but we're definitely interested in any feedback on how to escape a container and will update our profiles accordingly.
[20:10] <hallyn> stgraber: dangit, sorry, my forwarded didnt' fwd your pings.
[20:11] <hallyn> i did see the bug;  guess we'll end up seeing whether aa_change_onexec is fixed :)
[20:30] <smoser> hallyn, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/963420
[20:30] <uvirtbot> Launchpad bug 963420 in linux "https download performance significantly worse in precise than lucid" [Undecided,New]
[20:30] <smoser> thats what i came  up with for network performance in precise
[20:30] <smoser> guests.
[20:31] <smoser> good news is that if i do http rather than https, I can probably saturate the link
[20:31] <smoser> precise http: 88.1 MB/s
[20:32] <hallyn> smoser: interesting :)
[20:32] <hallyn> hggdh: well, fooi - today i can't reproduce the bug at all
[20:32] <hallyn> even with stock
[20:32] <smoser> precise https: 11.5 MB/s
[20:32] <hallyn> maybe...
[20:32] <smoser> lucid http: 78.8 MB/s
[20:32] <hallyn> i wonder if there's any chance that i didn't reboot after do-dist-upgrade, and oneiric kernel is the problem
[20:32] <hggdh> hallyn: welcome to my hell :-)
[20:33] <smoser> lucid https: 46.7 MB/s
[20:33] <hallyn> cozy
[20:33] <smoser> hallyn, the good news is my attempt to show precise virtio disk regression has so far failed.
[20:33] <smoser> (ie, seeing similar write speeds of /dev/zero to /dev/vdb)
[20:34] <smoser> i realize thats very non-scientific, but it was my first test
[20:34] <hallyn> smoser: jinkeys i sure hope that can get fixed
=== koolhead17 is now known as koolhead17|afk
[20:36] <hallyn> wtf - there's no kernels in /boot?
[20:37] <hallyn> well, i'm going to have to reinstall oneiric again for this.  bbl.
[20:38] <hallyn> oh wait.  stgraber: do you need that lxc fix this weekend?
[20:44] <stgraber> hallyn: no, if it lands on Monday that'll be fine
[20:45] <hallyn> when is freeze over?
[20:46] <hallyn> stgraber: you want me to ask in #ubuntu-release for an exception for that?
[20:52] <mgw> Any PKI or openvpn pros here? I'm having a problem where a cert issued by one intermediate seems to be recognized/validated by another intermediate… both intermediates have the same root.
[20:52] <stgraber> hallyn: no, it's a bugfix, just upload and they'll poke me as it only affects Edubuntu
[20:53] <stgraber> hallyn: the freeze is over on Thursday but I want that fix for beta2 as it's completely breaking arkose
[20:53] <hallyn> ok, thx
[20:53] <stgraber> hallyn: so whenever you have a fix, just upload it
[20:53] <hallyn> will do.
[20:53] <hallyn> ttyl
[21:33] <primeras> hi all. Good evening. Where is the Ubuntu Server bug list
=== _Gabber is now known as Gabber
[23:58] <axisys> why would pulling a preseed file fail? https://imgur.com/pKNs9
[23:58] <axisys> that url is valid and reachabled
[23:59] <axisys> network setup through is successful