[00:13] <moparisthebest> I'm using Lucid and need a package which shows up on packages.ubuntu.com, but won't install, does it work for anyone else? http://paste.ubuntu.com/906458/
[06:10] <joosengee> someone use samba domain
[06:10] <joosengee> or not?
[06:15] <joosengee> I have some question?
[06:15] <joosengee> anyone help me, please.
[07:03] <Jeeves_> Hmm
[07:04] <Jeeves_> A new libreoffice in an LTS is possible during beta
[07:04] <Jeeves_> but a new apache2 isn't
[07:05] <henkjan> no apache 2.4 in precise?
[07:11] <Jeeves_> No
[07:11] <Jeeves_> At least, not currently
[07:11] <Jeeves_> https://bugs.launchpad.net/ubuntu/+bug/939300
[07:14] <henkjan> *click  "yes this affects me"
[07:30] <micahg> no, apache 2.4 will probably be a backport though
[07:30] <twb> Oops, my LDAP server's cert expired... no logins for nearly half an hour
[08:10] <jamespage> morning all
[08:17] <mgw> good morning
[09:20] <PedroGomes> I, does anyone here can give me a functional PXE file for Ubuntu 12.04?
[09:20] <PedroGomes> *Hi
[09:23] <Daviey> Here is a function pxelinux file, http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/pxelinux.0
[09:23] <Daviey> functional*
[09:30] <PedroGomes> Daviey: not quite what I need, but maybe it can help. This is the PXEfile that goes in the tftpboot folder, what I need was a boot configuration file that is deployed for each machine
[09:31] <PedroGomes> but I will try and change this one
[09:31] <PedroGomes> maybe it will do the trick
[09:36] <PedroGomes> Daviey: no luck…
[09:39] <PedroGomes> why does 11.10 install without problems and 12.04 has ram disk problems….
[09:40] <xranby> jamespage: morning
[09:40] <jamespage> xranby, good morning! how are you?
[09:41] <xranby> jamespage: im fine thanks, i have beem focusing on GUI backend perfomance
[09:42] <xranby> mostly since i do not have any crash report to investigate :)
[09:42] <xranby> jamespage: please tell if you observe any instability issue
[09:42] <xranby> during your testing rounds
[09:42] <jamespage> xranby, sure will :-)
[09:42] <jamespage> things have been pretty stable TBH
[09:43] <xranby> nice, thats what i want to hear
[12:31] <dcramer> why would the default setup of 10.04 LTS postfix not use aliases
[12:31] <dcramer> I send mail to root and it sends it out
[12:33] <_ruben> it does use it, but i recall a "bug" where the postinst doesn't populate /etc/aliases even tho it makes you think it does
[12:34] <_ruben> and after modifying /etc/aliases, make sure you run newaliases
[12:37] <dcramer> _ruben: no it's because mail -s test root doesn't sent to root@localhost
[12:37] <dcramer> it sends it to root@hostname
[12:37] <dcramer> for some strange reason
[12:40] <_ruben> a default config should accept mail for @hostname as well
[12:41] <_ruben> what does 'postconf myorigin myhostname' show?
[12:44] <dcramer>  /etc/mailname
[12:44] <dcramer> which is my domain name
[12:45] <_ruben> and postconf mydestination?
[12:45] <dcramer> mydestination = beaver1.postgresintl.com, localhost.postgresintl.com,localhost
[12:45] <dcramer> postgresintl.com
[12:45] <dcramer> is the domain name
[12:46] <_ruben> and beaver1 is the hostname i assume?
[12:46] <dcramer> yes
[12:46] <_ruben> beaver1 oughta be in mydestination as well
[12:47] <dcramer> I have other setups where this is not the case
[12:47] <dcramer> nm I'll try that
[12:50] <dcramer> actually postgresintl.com needs to be in mydestination
[13:02] <zul> good morning
[13:29] <stgraber> hallyn: ping
[13:30] <stgraber> hallyn: could it be that we forgot to allow lxc-start to call change_profile? setting lxc.aa_profile prevents the container from starting here
[13:30] <stgraber> hallyn: ah, no, my bad
[13:30] <stgraber> hallyn: I should have read the main profile and see that it needs to be prefixed by lxc- :)
[13:37] <stgraber> hallyn: hmm, so I added a profile lxc-upgrader01 in /etc/apparmor.d/lxc/ and called it lxc-container-upgrader01 in the profile
[13:37] <stgraber> hallyn: but now /etc/init.d/apparmor reload fails ...
[13:48] <stgraber> hallyn: bug 969228
[14:22] <hallyn> stgraber: d'oh, again i didn't see the notification here.  but i saw the email :)
[14:22] <stgraber> hallyn: hehe :)
[14:23] <stgraber> hallyn: I also reproduced the weird dpkg diverts and locales being blocked by apparmor. I'm upgrading the machine to linux-image-3.2.0-21-generic before reporting that one
[14:23] <stgraber> hallyn: bug 969228 is either and LXC or an apparmor parser bug, so shouldn't depend on the kernel version
[14:25] <hallyn> stgraber: yes, could you try removing the #include from the top of your new file?
[14:25] <stgraber> hallyn: no change...
[14:26] <hallyn> drat
[14:28] <hallyn> note i *did* test this...  how odd
[14:29] <hallyn> reproduced now though
[14:31] <hallyn> stgraber: oh i didn't go far enough in my request
[14:32] <hallyn> stgraber: if you pull the #include from both container profiles and put it at top of /etc/apparmor.d/lxc-containers, it works
[14:33] <hallyn> jjohansen: is there a way to say '#ifndef tunables #include <tunables/home> #endif' in a apparmor profile?
[14:33] <hallyn> jjohansen: i want users to be able to just 'apparmor_parser /etc/apparmor.d/lxc/lxc-new' rather than /etc/init.d/apparmor reload', is the only reason
[14:33] <hallyn> (maybe that's not worthwhile)
[14:34] <sbeattie> hallyn: #ifdef> not... really, but I haven't looked at the bug report yet.
[14:36] <hallyn> (drat, this coudl require a server guide update)
[14:39] <jamespage> hallyn, is there anything I can do to help diagnose/fix the 'failed to fstat previous diversions file' issue we see with postgresql under lxc?
[14:39] <jamespage> I just hit the same issue in another charm
[14:40] <hallyn> jamespage: turn off apparmor and see if it's still broken
[14:40] <hallyn> if not, mark it as affecting linux and critical priority, owned by jjohansen
[14:40] <jamespage> hallyn, OK - testing now
[14:42] <stgraber> hallyn: sorry, was working on something else, looking now
[14:43] <stgraber> hallyn: worked
[14:44] <hallyn> stgraber: ok, i guess i'll move the #include, and ask for server guide update.  users will need to reload all container profiles at once.
[14:45] <stgraber> hallyn: btw: [ 1022.059598] type=1400 audit(1333118643.042:36): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=23460 profile="lxc-container-upgrader01" name="/var/lib/ureadahead/debugfs/" pid=23666 comm="ureadahead" fstype="debugfs" srcname="none" flags="rw"
[14:45] <stgraber> hallyn: I guess we should silent that one
[14:46] <hallyn> we do that with just an explicit deny right?
[14:46] <stgraber> hallyn: yep
[14:46] <hallyn> (sorry doing a bunch of bugs at a time)
[14:47] <sbeattie> hallyn|stgraber: can you post the problematic version of the /etc/apparmor.d/ tree to bug 969228
[14:48] <hggdh> roaksoax: aldebaran (the cobbler server), alkaid and phact are available now
[14:48] <hggdh> roaksoax: sorry for the delay, but I only ended the upgrade around 0100 UTC today
[14:55] <stgraber> sbeattie: there you go
[14:55] <sbeattie> stgraber: thanks, peeking.
[15:01] <jamespage> hallyn, if I turn off apparmor I can't start any containers
[15:01] <jamespage> hallyn, http://paste.ubuntu.com/907334/
[15:03] <roaksoax> hggdh: no worries
[15:06] <stgraber> hallyn: hmm, the divert and locale apparmor bugs are still there with -21 ... I guess I'll have to file a bug this time as it's preventing the daily upgrade testing from working
[15:06] <jeh> anyone here happen to be using the mlx4_en ethernet driver on precise?
[15:07] <hallyn> stgraber: that's what jamespage is looking at
[15:07] <hallyn> stgraber: yes, if jamespage hasn't filed it yet, pls mark it critical
[15:07] <jamespage> hallyn, stgraber: I've not filed a bug yet
[15:07] <hallyn> jamespage: sorry, please at 'lxc.aa_policy = unconfined' to the container's config (/var/lib/lxc/container/config)
[15:07] <jamespage> hallyn, ack
[15:07] <hallyn> jamespage: it's explained in the server guide, but that's notreally online yet iiuc :)
[15:08] <stgraber> jamespage: I did :)
[15:09] <stgraber> sbeattie, hallyn, jamespage: bug 969299
[15:10] <jamespage> stgraber, hallyn: oddly if I put lxc-container-default into complain mode I don't get the issue - but neither does aa complain
[15:10] <stgraber> hallyn: targeted to final and marked critical
[15:10] <stgraber> jamespage: yay for debugging fixing the bugs ;)
[15:11] <hallyn> jamespage: might be worht commenting that int he bug
[15:11] <jamespage> hallyn, lemme double check that
[15:15] <hallyn> jjohansen: ^ bug 969229
[15:15] <hallyn> no that's not the one :)
[15:15] <hallyn> jjohansen: would you believe bug 969299
[15:16] <stgraber> hallyn: lxc-start: unknow key lxc.aa_policy
[15:16] <hallyn> wth
[15:16] <stgraber> (I think we also want s/unknow/unknown/g btw ;))
[15:16] <hallyn> d'oh
[15:16] <hallyn> aa_policy
[15:16] <hallyn> lxc.aa_profile
[15:17] <hallyn> stgraber: that's not *my* typo :)
[15:17] <stgraber> root@athos:/data/internal/containers# lxc-start -n upgrader01
[15:17] <stgraber> lxc-start: Permission denied - failed to change apparmor profile to unconfined
[15:17] <hallyn> stgraber: you haven't disabled apparmor
[15:18] <hallyn> usr.bin.lxc-start isn't allowed to transition to unconfined
[15:18] <stgraber> hallyn: why would I do that? I just want it off for one container ;)
[15:18] <smb> zul, Just read your answer to that xen feature mail. Just to make sure I am not doing something wrong because I am using still the xend based api between libvirt and xen host in precise.
[15:18] <hallyn> stgraber: you think the default lxc-start profile should allow that?
[15:19] <zul> smb: no you arent i think they are refering to the XCP stuff that citrix was doing this cylce in debian/ubuntu
[15:19] <stgraber> hallyn: I think we should allow for a container to set "lxc.aa_profile = unconfined" without turning apparmor off for all containers, yes
[15:19] <smb> zul, Yes, well generally the xcp stuff, right. Reading about the blueprint gave a bit the impression this is what is used in Precise
[15:20] <zul> smb:  right i dont think anyone on the platform team has used the xcp stuff really
[15:20] <hallyn> stgraber: ok so there's that, the #include fix, and what was the other thing is houdl add right now?
[15:20] <hallyn> (and by right now i mean, "sometime soon")_
[15:21] <hallyn> maybe that was it
[15:22] <stgraber> hallyn: "#include fix", "deny for debugfs in /var/lib/ureadahead/debugfs/", "allow switch to unconfined in usr.bin.lxc-start"
[15:25] <hallyn> ah right debugfs, thanks
[15:26] <hallyn> mabe the ubuntu template should add a commented '# lxc.aa_profile = unconfined'
[15:27] <hallyn> stgraber: really we want debugfs anywhere to be silenetly denied, right?
[15:27] <brontosaurusrex> finnaly updated my old intranet server from 9.10 to 10.04 and noticing some magic: mp4/h.264 videos can be seeked without preloading in html5 mode on chrome..., is it a chrome magic or a combo of smarter apache and chrome, or some other mistery?
[15:27] <stgraber> hallyn: hmm, indeed, "deny mount fstype=debugs," should be fine
[15:28] <stgraber> hallyn: also +1 on adding some lxc.aa_profile line to the template, either "lxc.aa_profile = lxc-container-default" or a commented "# lxc.aa_profile = unconfined"
[15:28] <stgraber> hallyn: as long as there's a way for people to easily figure it out, that's fine
[15:28] <jamespage> hallyn, stgraber: not sure whether its related but I'm getting some excellent kernel message cruft - http://paste.ubuntu.com/907382/
[15:30] <stgraber> jamespage: I've always blamed the lack of logging namespace for that one ;) not sure if that's the real cause though
[15:30] <jamespage> stgraber, it does not appear to impact function as far as i can tell
[15:32] <stgraber> jamespage: I'm testing aa-complain now ;) sounds like an interesting workaround
[15:34] <Daviey> jamespage, adam_g, zul: What is the story of precise-openstack-essex-swift-trunk failing?
[15:35] <zul> Daviey:  the story is that swift needs openstack-nose-plugins to build the testsuite and its 95% done on my todo list
[15:35] <zul> Daviey:  its packaged just not in the archive
[15:37] <hallyn> stgraber: jamespage: actually we still have attach_disconnected in the policy, that *might* be causing problems.  not sure
[15:37] <hallyn> biab
[15:37] <Daviey> zul: ok, thanks
[15:38] <stgraber> hallyn: good point, I'll test that before trying jamespage's trick
[15:45] <autif> is apt-proxy now called apt-cacher?
[15:46] <patdk-wk> no
[15:46] <patdk-wk> different project
[15:46] <patdk-wk> apt-cacher is slow
[15:46] <patdk-wk> apt-cacher-ng is faster by many times
[15:47] <autif> apt-cache search apt-proxy did not return apt-proxy - it returned apt-cacher and apt-cacher-ng
[15:47] <autif> I was looking to caching packages because I want to install and update many machines and want to save bandwidth
[15:47] <autif> came accross https://help.ubuntu.com/community/AptProxy
[15:47] <patdk-wk> find apt-proxy for me :)
[15:47] <autif> should I be using apt-cacher-ng?
[15:47] <patdk-wk> or, it works for me, to locate apt-proxy
[15:48] <autif> ubuntu-server 11.10
[15:48] <patdk-wk> 10.04 here
[15:48] <autif> hmmn - that may do it
[15:48] <patdk-wk> apt-proxy downloads the all .deb's for a version if I remember right
[15:48] <patdk-wk> using gigs of space
[15:48] <patdk-wk> where apt-cacher-ng only downloads the .deb's you use, like a http proxy
[15:48] <autif> yup - that should be find - I have a 2TB disk :-)
[15:49] <autif> ah, I see the difference
[15:49] <patdk-wk> last time I used apt-proxy I think it was using 600gigs of space for me
[15:49] <autif> will try out apt-cacher-ng
[15:49] <patdk-wk> just all the updates for things I didn't use, kept using up all my bandwidth
[15:49] <autif> thanks patdk-wk
[15:50] <patdk-wk> heh, my apt-cacher-ng is using 1.9gigs of space
[15:52] <Ng> I think everyone should stop saying the names of software that ends in -ng
[15:52] <Pici> heh
[15:52]  * patdk-wk renames amavisd-new to amavisd-ng
[15:53] <Ng> -1
[15:53] <Daviey> zul: bug 965551 ?
[15:54] <patdk-wk> ng, not bad, only 15 packages in lucid have -ng
[15:54] <zul> Daviey: i think adam_g said he was going to work on that one
[15:54] <Daviey> zul-ng, What is the status of that bug?
[15:54] <Daviey> ok, great
[15:56] <zul> heh zul-ng
[15:56] <patdk-wk> that one is overrated!
[16:01] <Ng> Daviey: you stop that!
[16:05]  * Daviey wonders how hard an irrsi pluggin would be to add -ng to any verb. :)
[16:06] <Daviey> err noun
[16:06] <Ng> I hope it would be very very difficult
[16:07] <Daviey> zul / adam_g: Are you uploading new snapshots today?
[16:08] <zul> Daviey: no im going to wait for rc2
[16:08] <Daviey> zul: no date set, or confirmed there will be an rc2, is there?
[16:09] <zul> Daviey: lemme check my sources
[16:11] <hallyn> stgraber: uh, what is jamespages' trick?
[16:16] <zul> Daviey: if they get their stuff together it will be today otherwise monday
[16:17] <stgraber> hallyn: aa-complain ;)
[16:18] <hallyn> ah ok
[16:18] <Daviey> zul: feel free to tell your sources that i haven't seen that discussed anywhere, or on the release schedule.
[16:18] <Daviey> Or just tell ttx.
[16:19] <stgraber> hallyn: dropping the attach_disconnected seems to have worked here
[16:19] <stgraber> jamespage: can you try doing that too? ^
[16:19] <hallyn> stgraber: interesting.
[16:20] <jamespage> stgraber, OK - I'll try - where do I set that?
[16:20] <hallyn> it does make some sense
[16:20] <hallyn> remove it from the top of /etc/apparmor.d/{usr.bin.lxc-start,lxc/lxc-default}
[16:21] <hallyn> probably just remove the whole flags=(.*)
[16:22] <azertyu> hello there
[16:23] <azertyu> is tehre any specialist bladecenter ?
[16:24] <azertyu> anyone there ?
[16:41] <patdk-wk> what is a, specialist bladecenter?
[16:41] <patdk-wk> I would assume all bladecenters to be special
[16:42] <azertyu> sure
[16:42] <azertyu> well i got a small on my bladecenter
[16:42] <azertyu> Chassis Cooling Devices
[16:43] <azertyu> 1
[16:43] <azertyu> 	
[16:43] <azertyu> Chassis Cooling Device status OK
[16:43] <azertyu> 	  78%
[16:43] <azertyu> 2
[16:43] <azertyu> 	
[16:43] <azertyu> Chassis Cooling Device status OK
[16:43] <azertyu> 	  79%
[16:43] <azertyu> what can be ?
[16:45] <ironm> hello. Is there an approved possibility to create own ubuntu server images with some third party packages (for off-line installations? I have played a bit with debian live-builder 3.0a-45-1 but was not successful. Thank you in advance for any hints.
[16:50] <xT_Bash> hey ppl
[16:51] <xT_Bash> any1 willing to help me with a 10.04 LTS install?
[16:51] <xT_Bash> wanna install the kde but yet dont have any clue how
[16:52] <arthurjohnson> Why would you want to install KDE on a server install?
[16:52] <xT_Bash> any other desktop u suggest?^^
[16:52] <xT_Bash> or does the question target the desktop thing itself?
[16:53] <arthurjohnson> None.  At least thats my opinion.
[16:53] <xT_Bash> well
[16:53] <arthurjohnson> I would never put a desktop on a server.  Wastes resources.
[16:53] <arthurjohnson> But if you must, go with something a little lighter, like xubuntu
[16:53] <xT_Bash> im not that fit with with console yet
[16:53] <xT_Bash> still too miseducated by microsoft stuff :P
[16:53] <arthurjohnson> Desktops aren't going to make configuring and maintaining a server any easier.
[16:54] <xT_Bash> mkay
[16:54] <arthurjohnson> But if you must, go for something a bit lighter, like xubuntu.
[16:54] <xT_Bash> combined with the ressource facts its quite a reason to leave it awys
[16:54] <xT_Bash> away*
[16:54] <ironm> !xubuntu
[16:55] <xT_Bash> so.. could u gimme a source with tutorial how to start up with ub-server?
[16:55] <ironm> !ubuntu-live
[16:56] <arthurjohnson> xT_Bash: have you installed your ubuntu server yet?
[16:56] <xT_Bash> yep
[16:56] <JanC> xT_Bash: even most serious Windows servers are administered remotely using AD (or other ways) anyway, so why do they need a GUI? ;)
[16:57] <xT_Bash> i already said i wont install a KDE/GNome etc
[16:57] <xT_Bash> actually just sitting in front of the commandline and dunno how to get the thing running
[16:58] <xT_Bash> well
[16:58] <xT_Bash> anyways thx for your advice so far
[16:58] <xT_Bash> am a bit busy and g2g
[16:58] <JanC> generally, services just run
[16:59] <xT_Bash> TTYL
[16:59] <xT_Bash> bb
[17:07] <hallyn> roaksoax: hi, would you mind pushing lp:~kroq-gar78/ubuntu/precise/rsyslog/fix-846818 ?  I don't have the upload rights.  IT's a trivial, correct, typo fix.
[17:09] <roaksoax> hallyn: howdy! sure!
[17:09] <hallyn> roaksoax: thanks!
[17:17] <roaksoax> hallyn: done!
[17:17] <hallyn> thanks again :)
[17:27] <zul> adam_g: hey are you workin on quantum?
[17:35] <stgraber> hallyn: I have a weird bug for you ;)
[17:35] <stgraber> hallyn: running: ubuntu-vm-builder kvm oneiric --kernel-flavour generic --ssh-key /data/auto-upgrade-tester/ssh-key.pub --components main,restricted --rootsize 15G --addpkg openssh-server --destdir /tmp/stgraber --arch i386
[17:35] <stgraber> hallyn: outside a container works fine
[17:35] <stgraber> hallyn: in a container, fails with: http://paste.ubuntu.com/907564/
[17:35] <stgraber> hallyn: wrong pastebin, http://paste.ubuntu.com/907541/
[17:36] <adam_g> zul: havent yet
[17:36] <adam_g> zul: would like to, tho
[17:36] <stgraber> hallyn: so we get that weird "mkdir: cannot create directory `/dev/shm': File exists"
[17:36] <adam_g> or, would like it to be fixed, if you wanna take it :)
[17:36] <zul> adam_g: ill get it fixed today
[17:36] <stgraber> hallyn: but only when running ubuntu-vm-builder in a container ... apparmor doesn't tell me it rejected anything
[17:37] <hallyn> stgraber: well the mkdir *should* fail if it exists...
[17:37] <hallyn> whey doesn't it onthe host?
[17:38] <stgraber> hallyn: it's ubuntu-vm-builder so that error appears during a deboostrap in a chroot...
[17:39] <stgraber> hallyn: and the mkdir call in sysvinit is guarded by a [ -d /dev/shm ] || mkdir /dev/shm
[17:39] <stgraber> hallyn: looks like bug 891045
[17:39] <hallyn> that sucks
[17:39] <stgraber> yeah :)
[17:40] <stgraber> I'm trying to figure out exactly what's different between the host and the container...
[17:42] <hallyn> stgraber: test -d /dev/shm in container
[17:42] <hallyn> 127
[17:42] <hallyn> umount /run/shm
[17:43] <hallyn> test -d /dev/shm -> 0
[17:43] <mgw> hey… what would cause ssh to stall for 4 seconds on login
[17:43] <mgw> $ ssh localhost ls
[17:43] <mgw> takes 4 seconds
[17:45] <stgraber> hallyn: interesting, though test -d /dev/shm = 0 in my container
[17:45] <stgraber> hallyn: but that may explain what's going on in ubuntu-vm-builder
[17:46] <stgraber> hallyn: my apparmor profile allows any mount in /tmp at the moment, I may try to restrict that to proc and sysfs which are the two I identified in vmbuilder as must-have
[17:51] <benji> mgw: does logging in locally take that long?
[17:51] <zul> adam_g: ok fixed
[17:52] <JJarvis> Hi, would someone please be able to help me in installing a wireless driver?
[17:52] <mgw> benji, it did… found the problem (ldap)… thanks!
[17:53] <benji> mgw: cool
[17:53] <JJarvis> I know Ubuntu-Server isn't supposed to run on anything other than LAN, but there is a reason.
[17:53] <zul> adam_g: problem was that i suck ;)
[17:53] <JJarvis> How would I activate a Broadcom STA driver (restricted) in the console?
[17:53] <hallyn> t doesn't always fail
[17:54] <hallyn> stgraber: it doesn't always fail
[17:54] <stgraber> JJarvis: jockey-text?
[17:54] <stgraber> hallyn: fun, so we have a race that mounts another tmpfs on top of /run/shm but only some of the time? :)
[17:54] <hallyn> stgraber: uh, i dont' think so,
[17:55] <hallyn> stgraber: the fs is always mounted, but someimtes test -d /dev/shm returns 0
[17:55] <stgraber> hmm
[17:55] <JJarvis> @stgraber Will try that now. Thanks.
[17:56] <JJarvis> exit
[17:56] <hallyn> stgraber: do you know if '[ -d /dev/shm ] || mkdir /dev/shm calls out to /usr/bin/test or something else?
[17:56] <hallyn> cause /usr/bin/test's -d code looks pretty unassailable
[17:57] <stgraber> hallyn: it's called with /bin/sh (dash) so I think it's using dash's builtin test
[17:57] <hallyn> d'oh
[17:58] <hallyn> feh, this could be a libc bug..
[17:58] <hallyn> i assume the stat must occasionally fail...
[18:01] <hallyn> jamespage: have you confirmed that remove attach_disconnected works for you?
[18:01] <hallyn> jjohansen: can you confirm that it should be safe to remove attach_disconnected from lxc profile?
[18:05] <smoser> utlemming, SpamapS http://paste.ubuntu.com/907621/
[18:05] <smoser> look for Setting up postgresql-9.1 (9.1.3-2)
[18:07] <adam_g> zul: can we disable that console monitor thing till its been merged upstream, or has gone through sufficient testing?
[18:07] <zul> adam_g: sure go ahead
[18:10] <stgraber> hallyn: you can also remove the FIXME for that "deny umount" line, it's fixed with -21
[18:10] <hallyn> where is that?
[18:15] <adam_g> zul: can you checkin those *.logrotate files to the nova branch?
[18:15] <zul> adam_g: yeah hold on
[18:16] <zul> adam_g: they should already be there
[18:16] <hallyn> biab
[18:17] <adam_g> zul: doh
[18:17] <adam_g> zul: my bad
[18:18] <adam_g> zul: though it looks like nova-network provides dhcpbridge, not nova-common. ill update
[18:18] <zul> adam_g: ack
[18:19] <jjohansen> hallyn: it is not.
[18:19] <jjohansen> hallyn: those fixes/changes just aren't ready for this cycle
[18:20] <jjohansen> hallyn: so for 12.04 attach_disconnected is the required work around.  I really, really wish it wasn't that way, but ...
[18:35] <Blah1> hey all.  anyone familiar w/ preseed ?  I remastered oneiric mini.iso, stuck a preseed.cfg file in it.   fired up a vm w/ that iso yet ubuntu installer doesn't appear to pickup the preseed.
[18:36] <Blah1> and the only way i can tell that is because it stops to ask me the ubuntu mirror question, when i've specified it in the preseed file.
[18:39] <hallyn> jjohansen: ok, i asked because of bug 969228
[18:44] <jjohansen> hallyn: hrmm, okay, yet another stupid bug in the compiler that needs to be fixed.
[18:45] <hallyn> jjohansen: hooray if it's obvious to you how to fix :)
[18:45] <stgraber> hehe, looks like LXC is pretty useful at finding apparmor bugs ;)
[18:46] <jjohansen> hallyn: I don't know about obvious, but I know its at least part of its in the compiler
[18:48] <hallyn> stgraber: drat
[18:50] <stgraber> hallyn: I "think" I got ubuntu-vm-builder working here ;)
[18:50] <hallyn> did you change anything?
[18:50] <stgraber> hallyn: that thing does "mount --bind /dev/ /tmp/<something>/dev" which means it also gets /dev/shm in the process which is a dangling symlink
[18:51] <stgraber> hallyn: instead I added a new upstart script to that container that does "rm /dev/shm && mkdir /dev/shm && mount --bind /run/shm /dev/shm"
[18:51] <stgraber> hallyn: so now ubuntu-vm-builder gets an empty dir instead of dangling symlink and seems happy
[18:51] <stgraber> hallyn: then it failed running kpartx as I forgot to enable loop devices ;)
[18:51] <hallyn> what does 'mount --bind /dev /tmp/<something>/dev" ?
[18:52] <stgraber> hallyn: ubuntu-vm-builder
[18:52] <hallyn> oh
[18:52] <stgraber> which is fine if the VM knows that /dev/shm can be a symlinkto /run/shm which in some cases doesn't exist yet
[18:52] <hallyn> now originall /dev/shm was a symlink to, not bind mount of, /runs/hm right?
[18:52] <stgraber> but apparently something in oneiric doesn't ;) (I'm building an oneiric VM in a precise container)
[18:53] <hallyn> so how would you fix the reported bug/
[18:53] <stgraber> yeah and that's fine in 99% of the cases, except when something stupidly bind-mounts /dev to a chroot of another vresion of Ubuntu ...
[18:53] <stgraber> in my specific case, I think the fix should be in ubuntu-vm-builder, I don't see any reason to bind-mount /dev to start with
[18:53] <stgraber> debootstrap gives you a minimal /dev that should work just fine
[18:54] <stgraber> and that won't have a dangling symlink as your /dev/shm
[18:58] <jamespage> ;q!
[19:00] <jamespage> hallyn, looking now
[19:01] <hallyn> jamespage: no need!
[19:01] <hallyn> jjohansen says that's wrong
[19:01] <jamespage> hallyn, standing down....
[19:02] <hallyn> :)
[19:07] <stgraber> jjohansen, hallyn: reading scrollback, that bug isn't linked to the attach_disconnected
[19:08] <stgraber> jjohansen, hallyn: the problem with attach_disconnected is localedef and dpkg-divert failing
[19:08] <stgraber> jjohansen, hallyn: bug 969299
[19:09] <hallyn> oh no did i mis-paste?
[19:09] <hallyn> but in any case, jjohansen says removing attach_disconnected is not yet safe
[19:11] <hallyn> jamespage: the debdiff attached to bug 968912 (not by me) works for me, and adds a patch identical to what is already upstream.  Do you mind sponsoring it?
[19:11] <stgraber> right, then ^ needs urgent fixing (as in, we need that for the release)... that upgrade testing container just won't work with it, so I'm currently running it without
[19:12] <hallyn> stgraber: you marked it critical right?  jjohansen is on it iiuc
[19:12] <hallyn> all right i'll go ahead and test and push the rest of the changes we've discussed then
[19:12] <stgraber> hallyn: yeah, critical + targeted, should be on the right buglists with that
[19:13] <hallyn> worst case i guess we pull the apparmor profiles for now
[19:14] <stgraber> I don't think it's so bad we should pull the apparmor profile
[19:14] <stgraber> as pulling the profile introduces its own problems ;)
[19:14] <stgraber> at least with lxc.aa_profile I can workaround it for that specific container and keep the standard profile for the others
[19:25] <hallyn> stgraber: would you say that non-ubuntu containers should still start in lxc-container-default, or in unconfined?
[19:26] <hallyn> i'd prefer lxc-container-default of course, but i don't know if they need special mounting abilities offhand...
[19:26] <hallyn> eh i'll leave it as is for now
[19:26] <stgraber> hallyn: I'd prefer lxc-container-default, we'll deal with the bugs if anyone files one
[19:34] <amarcolino> quick question , is ubuntu 12.4 stable enough to be used as a development apache server?
[19:39] <hallyn> amarcolino: I suspect the official stance is "don't do that"
[19:39] <hallyn> !release
[19:39] <hallyn> hm, was hopin gfor more :)
[19:40] <hallyn> amarcolino: that said, i'm running it everywhere...  except my mail server where i run lucid
[19:41] <amarcolino> thanks for the info and it has been stable for you till now?
[19:47] <hallyn> amarcolino: not always.  you'd like to think we're close to release and no major library upgrade will mess us up now, but you never can tell...
[19:53] <jjohansen> stgraber: I updated Bug#969299 with my initial guess, I will check as soon as my vm is finished updating
[19:54] <hallyn> stgraber: have you noticed that lxc no longer builds on precise?  http://paste.ubuntu.com/907772/
[20:00] <stgraber> hallyn: it built fine yesterday
[20:00]  * stgraber tries locally
[20:01] <hallyn> hmmm.
[20:04] <stgraber> local build failed somewhere in the doc (usually does when not in sbuild) but lxc itself built
[20:06] <hallyn> stgraber: "debian/rules build" fails.  is your schroot 100% uptodate?
[20:07] <stgraber> hallyn: I'm building in arkose directly on my laptop that was updated 10min ago, so yeah should be up to date
[20:07] <amarcolino> hallyn, will take note of that, I aint planning to do much at the moment other than use it for site development, it should be stable enough for that...
[20:08] <hallyn> i'm just wondering whether to worry about the failure, or be happy it builds in buildds
[20:08] <stgraber> hallyn: http://paste.ubuntu.com/907790/
[20:09] <hallyn> what cmd did you use?
[20:09] <stgraber> hallyn: ./configure --disable-doc && make
[20:09] <stgraber> hallyn: I'll try building the full package now
[20:10] <stgraber> hmm, actually looks like I'm not completely up to date ... upgrading again first then
[20:10]  * stgraber wonders what machine he updated 10min ago ;)
[20:11] <hallyn> stgraber: jinkeys, it doesn't happen when i remove automake and autoconf!
[20:12] <stgraber> hallyn: always blame the automagic :)
[20:13] <hallyn> stgraber: well i'd noticed it when working on 0.8.0, so i knew we'd have to deal with it at some point...
[20:16] <hallyn> jjohansen: adding change_profile -> unconfined,  isn't allowing me to transition to unconfined?
[20:18] <jjohansen> hallyn: urgh, f$#@!!!!!!
[20:18] <hallyn> well it's possible i'm doing something wrong!
[20:18] <hallyn>  have two rules,
[20:18] <hallyn> transition -> lxc-*,
[20:18] <hallyn> transition -> unconfined,
[20:19] <jjohansen> hallyn: unlikely, unconfined is a special path, as soon as you said it, it hit me that I didn't try it
[20:19] <hallyn> ok
[20:19] <stgraber> :)
[20:19] <jjohansen> hallyn: I will get a patch out today
[20:20] <stgraber> jjohansen: did you consider using lxc as your official test suite? seems like we have pretty good code coverage there ;)
[20:20] <hallyn> stgraber: when i use 'deny mount fstype=debugfs,' before the allow rule for /sys/kernel/debug, container does not start
[20:20] <hallyn> (or after)
[20:21] <jjohansen> stgraber: I don't think I am ready for that yet :)
[20:21] <hallyn> jjohansen: thanks
[20:21] <jjohansen> stgraber: actually lxc will be, being rolled into the testing more
[20:22] <stgraber> hallyn: oh right, I'm guessing it's "normal" in apparmor world... "deny mount fstype=debugs" denies all debugfs including the one we explicitly allowed for /sys/kernel/debug
[20:22]  * jjohansen shakes head at the bugs this cycle
[20:22] <stgraber> jjohansen: ^ is that right? "deny mount fstype=debugfs," blocking our "mount fstype=debugfs -> //sys/kernel/debug/,"
[20:23] <hallyn> jjohansen: but look at how cool it'll be when done :)
[20:23] <jjohansen> stgraber: erm yeah deny, will actually subtract permissions from allow rules.  Its an absolute this is denied
[20:23] <stgraber> ok, that's what I thought
[20:23] <hallyn> so do i just wnat 'dontaudit' ?
[20:23] <jjohansen> hallyn: yeah, one of these days ...
[20:23] <jjohansen> hallyn: dontaudit?
[20:24] <stgraber> hallyn: just go with "deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/", then
[20:24] <hallyn> yeah i guess so. technically that's the only one we're sure we're ok being quiet about anyway!
[20:24] <stgraber> hallyn: so we only silently deny this one and will update if we discover any other one we didn't know about :)
[20:26] <hallyn> and that actually works :)  will do
[20:27] <Jeeves_> Hi all
[20:27] <Jeeves_> Can I ask for some non-ubuntu-related advice on disks and smartctl?
[20:33] <hallyn> stgraber: i'm getting ready to push http://people.canonical.com/~serge/lxc.debdiff
[20:33] <stgraber> looking
[20:34] <stgraber> hallyn: lxc-0.7.5/debian/lxc-default.apparmor: can you drop the FIXME in there too? it's no longer relevant with the new kernel
[20:34] <stgraber> hallyn: (FIXME above the deny for remount,ro of /)
[20:34] <hallyn> the 'Doesn't match yet' ?
[20:34] <stgraber> yep
[20:35] <stgraber> rest looks good, thanks
[20:35] <hallyn> thanks, pushing
[21:25] <mcloy> well i have a domain . and i host it on  my box. i need an email@mydomain.com ..............
[21:25] <mcloy>  i want to setup email accounts for my domains. i have a linux server avaialabe for hosting. how can i setup the emails ?
[21:33] <qman__> mcloy, this is covered in the server guide under postfix: https://help.ubuntu.com/10.04/serverguide/C/postfix.html
[21:34] <qman__> and a more advanced, complete setup here: https://help.ubuntu.com/community/PostfixVirtualMailBoxClamSmtpHowto
[21:36] <mcloy> isnt this what i need https://help.ubuntu.com/community/MailServer    ?
[22:09] <psyferre_> Hey folks,  I've got a machine running Ubuntu 10.10 server.  Given that the support EOL is "April 2012", does that mean I have two days before do-release-upgrade will cease to work?
[22:15] <Myrtti> no, it means you've got until the last thursday of April or so
[22:19] <SpamapS> uh
[22:20] <SpamapS> do-release-upgrade will work as long as natty is available
[22:20] <SpamapS> psyferre_: you have until the last thursday of April to keep getting support and security updates...
[22:20] <SpamapS> psyferre_: do-release-upgrade will work at *least* 6 more months.
[22:20] <SpamapS> I'd expect that one could coax it to work even after natty goes EOL too.
[22:21] <SpamapS> but I don't know for sure if that works
[22:21] <psyferre_> Awesome.  Thanks!  I knew it would eventually stop working, but I wasn't sure when and couldn't seem to hit the right google search string to find out for sure.