[03:04] <hallyn> tjaalton: just tested debian sid xserver-xorg-video-qxl in precise guest, worked fine for me.
[03:05] <hallyn> tjaalton: i can't say whether it fixes the standing bugs i pointed to, but quick test didn't show up any new bugs for me
[04:11] <tjaalton> hallyn: nice to hear, thanks
[08:01] <jamespage> Daviey: around? wanted to check something euca related with you for precise?
[08:11] <Daviey> jamespage: hola
[08:13] <jamespage> Daviey: there are a number of packages which won't install anymore due to euca being removed from precise
[08:14] <jamespage> Daviey: python-image-store-proxy being one of them - should I go ahead and request they are dropped as well?
[08:21] <Daviey> jamespage: yes please
[08:22] <jamespage> Daviey, ack
[08:22] <Daviey> jamespage: utlemming was removing the UEC branding i understood.
[08:22] <Daviey> jamespage: We want to be as close to upstream Euca as we can.
[08:30] <lynxman> morning o/
[08:38] <huats> morning
[09:24] <brontosaurusrex> hi, how would i go updating karmic server to 10.04 or something?
[10:21] <rbasak> Daviey: I've filed bug 968124. What's the right way for it to be tracked appropriately? Milestone for 12.04? Or subscribe someone appropriate? Or a tag? Or something else?
[10:22] <jamespage> rbasak, ah - I think I just hit that - bah
[10:22] <rbasak> jamespage: there's a workaround. I'll post in the bug
[10:23] <jamespage> rbasak, ta - I'll target that for you as well if that helps
[10:23] <jamespage> is this for beta-2?
[10:23] <rbasak> beta-2 is today, isn't it?
[10:23] <rbasak> I was wondering what the appropriate mechanism for targeting is really
[10:23] <jamespage> rbasak, not beta-2 then
[10:23] <jamespage> :-)
[10:23] <jamespage> rbasak, I normally nomiate for release and target to a milestone
[10:24] <jamespage> rbasak, I think you can nominate but it won't be automatically accepted
[10:24] <rbasak> jamespage: does that make it show up in http://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html? What does that report filter on?
[10:25] <Daviey> rbasak: it's fixed in trunk
[10:25] <Daviey> rbasak: roaksoax will be uploading a fix today, so it's in the archive for beta-2 release time
[10:25] <jamespage> rbasak, ah - subscribe ubuntu-server-release-tracking
[10:25] <rbasak> Daviey: ah cool, thanks
[10:26] <Daviey> i literally just tested his package :)
[10:27] <rbasak> Daviey: I literally just reproduced on amd64 :)
[10:27] <Daviey> rbasak: from the PPA?
[10:27] <rbasak> Daviey: no from the archive
[10:27] <Daviey> well then.
[10:27] <Daviey> :)
[11:10] <PedroGomes> Hi, I have dozens of machines on my lab, all equal among themselves. When I try to install the ubuntu 12.04 some machines, but not all report an error when mounting the ram disck
[11:11] <PedroGomes> there is a kernel panic because it can't find the /dev/rd/0 partition
[11:11] <PedroGomes> but If I install the stable version with the same pxe file
[11:11] <PedroGomes> it works
[11:11] <PedroGomes> any idea?
[11:27] <andygraybeal> hold up, so pgadmin isn't a web interface?
[11:27] <andygraybeal> *pgadmin3 ? it's asking for gtk.
[11:27] <andygraybeal> grrrrr!
[11:31] <andygraybeal> hmm i guess i can install it on my workstation.. and then connect to the server.. doh
[11:35] <zul> beta is out yet?
[11:42] <dork> its been out for weeks
[12:34] <piquadrat> Hi! Is there a packed version of solr 3.x available  somewhere? 1.4 from the repos is quite ancient
[12:51] <zul> good morning
[12:56] <jamespage> piquadrat, not in either the debian or ubuntu archives at the moment
[12:56] <jamespage> sorry - on my list for next release...
[12:57] <jamespage> (your are not the first to ask :-))
[12:57] <piquadrat> jamespage: it's simple enough to set it up manually, so no worries :)
[12:57] <jamespage> 1.4 is not quite that ancient - its only one major release behind
[12:57] <jamespage> solr skipped 2.x
[13:04] <piquadrat> yeah, but Solr 3 has all these shiny new things like spatial support :)
[13:23] <koolhead11> anyone around!! :P
[14:30] <Amoug> What is the use of nosuid mount option if one is already mounting with noexec ? From a security perspective
[14:37] <xranby> Amoug: there do pop up bugs that enable execution of binarys on noexec filesystems
[14:37] <xranby> like the  /lib/ld*.so /mnt/binary  trick
[14:37] <xranby> that plauged some kernels
[14:37] <xranby> nosuid of course makes sure the suid bit are not set
[14:39] <Amoug> xranby, so it is more of a defense in depth
[14:40] <Amoug> because modern kernels fixed that trick
[14:40] <xranby> Amoug: all i am saying, it looks hard to execute a binary and misuse the suid bit,  people belived it to be impossible before that trick got discovered
[14:40] <xranby> net tricks can get discovered
[14:41] <xranby> if you are security paranoid,, be paranoid :)
[14:41] <xranby> and try secure your system before someone finds out how to get you
[14:41] <xranby> its a cat and mouse race after all
[14:42] <Amoug> xranby, I am more of a pentester than a sysadmin... But you have to learn how to secure, in order to know how to find flaws
[14:43] <Amoug> and vice versa :)
[15:25] <stgraber> hallyn: ping
[15:25] <hallyn> stgraber: hey
[15:26] <stgraber> hallyn: lxc-execute is mounting the mqueue filesystem on /dev/mqueue/ showing a failure with arkose (though still working fine afterwards)
[15:26] <hallyn> stgraber: yes, lxc-init always does that.
[15:26] <stgraber> hallyn: so I was wondering if mqueue is considered safe and if so if we should add a "mount fstype=mqueue," to the profile
[15:26] <stgraber> stgraber@castiana:~/data/code/ubuntu-archive-tools$ sudo arkose -h
[15:26] <stgraber> lxc-init: failed to mount /dev/mqueue : Permission denied
[15:26] <stgraber> stgraber@arkose-tmpTkI6d7:~/data/code/ubuntu-archive-tools$
[15:27] <stgraber> at least lxc-init is kind enough to ignore the failure and continue so that didn't break arkose ;)
[15:28] <hallyn> stgraber: yeah, it didn't used to ignore that :)  hold on, i'm checking whether that is definately namespace-safe
[15:29] <hallyn> yeah, no reason not to imo
[15:30] <hallyn> ('mount -t mqueue /dev/mqueue /mnt' after lxc-unshare -s IPC /bin/bash does not show the contents from the host's equivalent mount)
[15:30] <stgraber> good, I'll upload the change as soon as the freeze is lifted then
[15:32] <stgraber> hallyn: isn't bug 948447 fixed with the apparmor profile?
[15:34] <hallyn> stgraber: no
[15:34] <hallyn> stgraber: that's fixed with precise guests bc udevadm trigger doesn't run
[15:34] <hallyn> stgraber: apparmor can't stop that
[15:34] <hallyn> that's the one we coudl do if we coudl write a BPF filter to reject the uevent netlink msgs from container
[15:35] <hallyn> heck, with seccomp2 now in our kernel, maybe we could do something with that.  if it wasn't too late
[15:35] <stgraber> hallyn: ok, good, so we can probably mark it fixed for good next cycle then
[15:38] <hallyn> hopefully.  i'm not 100% clear on how it'll work in practice
[15:44] <hallyn> stgraber: is that the only bug you're getting from lxc-execute?
[15:48] <stgraber> hallyn: yep
[16:07] <gary_poster> hallyn, hey.  -b in current lxc-create sets up an fstab that has "$homedir $homedir none bind 0 0" instead of "$homedir /var/lib/lxc/$container/rootfs/$homedir none bind 0 0".  This doesn't seem to work.  I'm about to file a bug, unless you stop me along the way. :-)
[16:08] <Daviey> roaksoax: Hey, are you planning that rabbit upload?
[16:09] <Daviey> roaksoax: we are now in thaw btw
[16:11] <hallyn> gary_poster: why does it not work?  that shoudl work
[16:11] <hallyn> bug is good
[16:12] <gary_poster> cool hallyn, will give details
[16:12] <roaksoax> Daviey: already uploaded
[16:12] <Daviey> roaksoax: awesome
[16:13] <roaksoax> hggdh: I need free machines to work on the fence_cdu issue you were seeing
[16:15] <hggdh> roaksoax: we are upgrading aldebaran to the jenkins precise backport right now. When we are done, you can test it there (as long as you do not destroy the system ;-))
[16:15] <roaksoax> hggdh: hehe I just need a couple of machines to 1. see what's going on. 2. work on a fix
[16:16] <roaksoax> hggdh: so, the cobbler server and 2 free machines not being used
[16:16] <roaksoax> to try to reproduce what you are seeing
[16:16] <hggdh> roaksoax: deal
[16:16] <hggdh> roaksoax: it will be aldebaran as the cobbler server, and alkaid and phact as the cannon fodder
[16:17] <roaksoax> hggdh: cool, just let me know when they are free
[16:17] <roaksoax> i'll work on it this afternoon
[16:18] <gary_poster> hallyn, a bot will announce it soon I'm sure, but I filed bug 968371.  Running to lunch.
[16:20] <hggdh> roaksoax: ack
[16:37] <smoser> ha.
[16:37] <smoser> this is pretty awesome
[16:37] <smoser> http://www.erikyyy.de/invaders/
[16:37] <smoser> download, extract, run:
[16:37] <smoser>  kvm -kernel invaders
[17:19] <koolhead17> Daviey, please let me know when you around, something important
[17:19] <koolhead17> to talk
[17:19] <koolhead17> help needed
[17:50] <gary_poster> hallyn, we are trying to decide whether to manually fix a one-off instance of our machinery and run some tests, or wait for the fixes (ubuntu template and lxc-start-ephemeral, I'm guessing) to bug 968371.  (Note that we're also willing to help with that bug, but it sounded like you were working on it already.)  Is this something we can hope to have fixed by, say, tomorrow; or will it be later?
[17:52] <hallyn> stgraber: ^ when is freeze to be lifted?
[17:52] <stgraber> hallyn: it's
[17:52] <stgraber> hallyn: I already uploaded lxc a few minutes ago with the lxc-execute fix
[17:53] <hallyn> ok
[17:53] <hallyn> gary_poster: i'd really like to finish digging into this libvirt bug, but i didn't realize you had a deadline.  I can pusha fix by tomorrow morning at leatest
[17:55] <gary_poster> hallyn, thank you; like I said, I'm happy to help, and also, if you want to dig into libvirt and then do this, that's fine, but it will change our plans a bit.  No biggie.  Would Monday be a better goal for 968371?
[17:56] <axisys> do I make change in logrotate.d/rsyslog or some other file to make sure mail.log in always 644 ?
[17:56] <hallyn> gary_poster: no let's plan on tomorrow.  LIke I say i'ts just a matter of removing the leading '/' from the second field in fstab, so if you want to post a debdiff that'd be great;  but i'll do it.  (once i decide how best to do it in bash :)
[17:57] <hallyn> gary_poster: really, I feel like I should re-write the lxc-start-ephemeral to be cleaner script (local vars, exit early if first part of pipline fails, etc).
[17:58] <gary_poster> heh, cool, thanks hallyn.  And then we might need an ephemeral change too, right, for the lines that parse fstab?  re-write: yeah, that sounds nice.  If it fits in your schedule, and we still have some time to test and debug it before final freeze, sounds good
[17:59] <hallyn> gary_poster: actually,
[17:59] <hallyn> gary_poster: originall someone wanted lxc-start-ephemeral to work for non-root,
[17:59] <hallyn> gary_poster, but some of the parsing being done now should make that fail.  Do you care?
[17:59] <hallyn> (i.e. 'while read line do < fstab.orig > fstab' type of stuff)
[17:59] <gary_poster> yeah, we talked about that
[18:00] <hallyn> i hope you don't mean you and i
[18:01] <hallyn> (just bc i have no recollection, and worry about my memory)
[18:01] <gary_poster> (no sorry, talked about it on our team.) I suspect it was me caring.  I'm into it just working now. :-)  We (our team) actually talked about proposing to rip all of the support for non-root for simplicity
[18:01] <gary_poster> We didn't do it, but would be fine with it now.
[18:02] <hallyn> right, we should either fix it somehow, or do a check early on for id == 0 and fail cleanly if not
[18:02] <gary_poster> +1
[18:04] <gary_poster> hallyn, so having the fix in tomorrow is plenty early for us, and much appreciated.  Please ask us if you want us to work on it, and we'll be happy to, but by default we won't, and will leave it to you.
[18:04] <gary_poster> Can also do testing if that would be helpful
[18:39] <zul> adam_g: im looking to upload a newish keystone tomorrow
[18:43] <adam_g> zul: with what?
[18:44] <zul> adam_g: the one with the git clone stuff removed from the testusite
[18:44] <adam_g> zul: please push to -proposed first, im going to be squashing some packaging bugs later today too
[18:44] <adam_g> nova has a few, and id really like to get the quantum package installabel
[18:44] <zul> adam_g: its already in there
[18:44] <adam_g> k
[19:12] <melter> does anyone know if the 12.04 focus on new hardware applies to ubuntu server?
[19:13] <dork> absolutely
[19:15] <jamespage> SpamapS, m_3: any opinion on whether I should spend some time FFe'ing/merging nodejs 0.6.x from debian for precise?
[19:17] <melter> dork: was that a reply to me?
[19:20] <dork> melter: yes
[19:21] <smoser> utlemming, need your help.
[19:27] <m_3> jamespage: don't really know what depends on the new version
[19:28] <jamespage> m_3: nothing in the archive
[19:28] <m_3> jamespage: as a general rule, sure... but
[19:28] <jamespage> but node seems to move along at a fair pace
[19:30] <m_3> jamespage: yup, I'm for it if you have tim
[19:30] <m_3> e
[19:30] <jamespage> m_3: I'll push it all somewhere to see if it works
[19:30] <jamespage> sure it will but...
[19:32] <smoser> utlemming, when you see this, please look at https://code.launchpad.net/~smoser/cloud-init/precise-locale-warning
[19:32] <smoser> it seems to function as designed, but then when i tried to get french error messages i failed.
[19:33] <smoser> ie, i set LC_ALL=fr_FR.UTF-8, and ssh'd in.
[19:33] <smoser> it gave me a friendly error message
[19:34] <smoser> i ran sudo localegen.... set LANG and LANGUAGE to fr_FR but then when i do somethin glike: ls asdf
[19:34] <smoser> the error message is english
[19:34] <Daviey> wfm
[19:53] <smoser> utlemming, i assigned bug 859814 to you.
[19:53] <smoser> i'd suggest starting from my branch and making sure that when you foloow the given directions it works.
[19:55] <adam_g> zul: were you able to successfully run all keystone tests lately?
[19:56] <zul> not since friday
[19:56] <zul> are they broken again?
[19:58] <adam_g> oh i see
[19:59] <adam_g> zul: the ksc test cases target (and git checkout) 3 different keystoneclient branches
[20:00] <zul> lovely..
[20:01] <adam_g> zul: we can just get rid of KcMasterTestCase + KcEssex3TestCase i think
[20:01] <adam_g> ill look into after luch. bb in a few
[20:01] <zul> adam_g: agreed
[20:04] <utlemming> smoser: ack
[20:05] <SpamapS> jamespage: what is our delta for node where we can't just sync it?
[20:05] <smoser> i can' tseem to make it give me french error messages
[20:06] <utlemming> smoser: do you have a paste of what your doing?
[20:07] <smoser> utlemming, well, not really.
[20:07] <smoser> :)
[20:08] <smoser> but the goal is to just launch instance
[20:08] <smoser> install new deb
[20:08] <smoser> exit
[20:08] <smoser> LC_ALL=some_other_lang ssh instance
[20:08] <smoser> see message, follow instructions
[20:08] <utlemming> so this is interesting
[20:08] <smoser> exit
[20:08] <smoser> LC_ALL=some_other_lang ssh instance
[20:08] <smoser> ls asdf
[20:08] <utlemming> if you have a proper locale generated and defined in the settings, then you get localized messages
[20:08] <smoser> see failed message in some othe rlanguage
[20:09] <utlemming> if, however, any of your locales defined in LANG=? or LC_*=?, are bad, then you get english
[20:09] <smoser> i'm completley locale iillterate.
[20:09] <utlemming> http://paste.ubuntu.com/906193/
[20:18] <_ruben> what determines the resolution of the console nowadays? (or on O actually)
[20:18] <_ruben> got two boxes, installed in the same way, but they ended up with different resolutions
[20:19] <_ruben> one of 'em might've had a monitor attached and the other not, during install
[20:35] <jamespage> SpamapS, mainly tests - we get some different test failures/timeouts
[20:35] <SpamapS> jamespage: ugh
[20:50] <jseutter> anyone here running maas from trunk?
[20:53] <jacobw> maas?
[20:54] <jacobw> assume that i want to learn juju, how could i do that?
[20:59] <jseutter> jacobw: do you want to use juju, or write charms?
[21:00] <jseutter> jacobw: if you want to simply use it, juju.ubuntu.com is pretty much the only spot for docs.
[21:02] <jseutter> jacobw: the tutorial there is pretty good at explaining how things work.  The other place you can look for stuff is on youtube.
[21:04] <smoser> utlemming, ok. you and i need to figure out how to do basic locale stuff
[21:04] <utlemming> smoser: like?
[21:04] <smoser> ie, i want to see an error message that i dont undretsand.
[21:04] <smoser> how do you do that
[21:05]  * utlemming works on it
[21:10] <smoser> i was using 'ls' because i'm almost certain its "no such file or directory" is translated.
[21:11] <utlemming> try apt
[21:12] <utlemming> so it depends on the language. But I've exported "LC_ALL=fr_FR
[21:12] <utlemming> and I get:
[21:12] <utlemming> $ apt-get --fail-miserably-you-stupid-machine
[21:12] <utlemming> E: L'option --fail-miserably-you-stupid-machine de la ligne de commande n'est pas reconnue
[21:14] <utlemming> and the language pack is not installed.
[21:15] <utlemming> After installing "language-pack-fr-base":
[21:15] <utlemming> $ ls foo
[21:15] <utlemming> ls: impossible d'acc�der � foo: Aucun fichier ou dossier de ce type
[21:15] <utlemming> smoser: ^
[21:18] <utlemming> smoser: so the conclusion that we can draw here is 1) unless the appropriate language pack is installed, then errors messages are in english and 2) the default error language is english
[21:41] <jetole> Hey guys. Don't know if this is the best spot to ask but does anyone know how I can add a user to sudo-ldap who can execute all commands except certain ones, for example if I wanted to set a rule that allowed a user to execute all commands except /usr/bin/perl and /usr/bin/python, does anyone know how I would do that?
[21:42] <lifeless> man sudoers
[21:44] <jetole> lifeless: you know sudo? Can you take a look at my questions and see if you have any suggestions related to my problem?
[21:46] <SpamapS> jetole: if they can execute "all commands except perl" , they can execute /bin/bash .. or /usr/bin/top .. and run other commands
[21:47] <SpamapS> jetole: consider defining the exact commands they can execute, and just let them do that
[21:51] <jetole> SpamapS: actually I can set these rules on normal sudo so they can execute all commands except the ones I specify and I can make it so they cannot execute other command from the command called by sudo. On normal sudo I can say define a command alias SHELLS and have it contain all the shells on the system and then I say the user rule is """user ALL=ALL, !SHELLS""" (without the quotes) and then I use the option noexec which makes it so if I try ...
[21:51] <jetole> ... to run anything from say top, or vim, etc that it will fail. Now I know how I can easily implement noexec with sudo-ldap but, it doesn't have aliases and there are some weird limitions with the order it processes rules so not sure how to do the first part
[22:09] <SpamapS> jetole: heh.. sounds like complexity to me.. I'm like frankenstein with complexity.. COMPLEXITY BAD!!!
[22:09]  * SpamapS goes on a rampage
[22:21] <zul> SpamapS: braaains....braiiins
[22:23] <EvilResistance> zul, stop being a zombie, or i'll have to get my zombie-buster out
[22:25] <mcloy>  wget -r is not showing sometimes layout and  the links are always not working
[22:34] <SpamapS> EvilResistance: do you call it 'Waitpid The Destroyer'? ;)
[22:47] <jetole> SpamapS: yeah it's actually pretty easy and basic sudo stuff typically but something is different in sudo-ldap and while I can't put my finger on it, someone will come by and say "oh you just do it like this"
[22:47] <jetole> ...and I will scream "why didn't I think of that?"
[22:47] <jetole> on that not I'm going home for the day. Later
[23:12] <Aethor> hi all :) any network guru available for help/advice?
[23:12] <SpamapS> Aethor: best to just ask your question, and if somebody is around who can answer, they will
[23:13] <Aethor> ok - ubuntu 11.10, trying to bond 2 NICs, and at the end of my wits - /etc/network/interfaces looks ok and yet it doesn't work
[23:13] <Aethor> on network restart, I get a "RTNETLINK answers: File exist" error
[23:13] <Aethor> and then "Failed to bring up bond0"
[23:14] <Juv1228> hello, im trying to configure a server here. it has a single IP and needs to run several lxc containers
[23:14] <Juv1228> so it needs to use a nat and internal bridge correct?
[23:15] <SpamapS> Juv1228: lxc containers can use nat, or bridged networking
[23:16] <Juv1228> SpamapS, but with a bridged networking they each have to have their own public ip right?
[23:18] <SpamapS> Juv1228: right, so you probably want NAT
[23:18] <Juv1228> to avoid that i am trying to setup a nat and use shorewall to firewall/forward things
[23:19] <Juv1228> the problem is none of my containers can reach the outside world
[23:50] <taipres> That bug report is confusing
[23:51] <taipres> oh missing files, nevermind