[01:17] <adrien2> Hello
[01:17] <adrien2> I have reason to believe 5 or so people are attempting to hack my computer
[01:17] <adrien2> is there any recent security flaws in ubuntu 11.10?
[01:17] <twb> Yes.
[01:17] <adrien2> I'm scared
[01:17] <adrien2> I logedd off from there though
[01:17] <twb> Then unplug all your computers and leave them off forever
[01:18] <adrien2> Why? I did nothing wrong
[01:18] <twb> That's the only way to be safe
[01:18] <adrien2> You guys sure are helpful
[01:18] <twb> Also run an angle-grinder through your hard disks
[01:18] <adrien2> what is your problem?
[01:18] <twb> Man, he was uptight.
[01:18] <fyrfaktry> lol
[01:19] <twb> I was just trying to give him some perspective.
[01:27] <twb> https://en.wikipedia.org/wiki/Computer_security offers some background theory
[01:33] <twb> Also http://cwe.mitre.org/top25/
[01:47] <CyberAlejo17> Hello, someone speaks Spanish?
[01:59] <virusuy> CyberAlejo17: si
[01:59] <CyberAlejo17> Hola :) que gusto
[01:59] <virusuy> :-D
[01:59] <CyberAlejo17> será que puedes ayudarme con un pequeño problema que tengo en un server openvpn?
[02:00] <CyberAlejo17> mas precisamente en la configuracion de iptables con politica por defecto drop
[02:00] <virusuy> uy.. conozco poco de iptables
[02:00] <CyberAlejo17> mira mas info: http://www.ubuntu-es.org/node/166700
[02:00] <twb> CyberAlejo17: are you using ucf, or iptables directly?
[02:01] <CyberAlejo17> ucf?
[02:02] <twb> ucf is Ubuntu's wrapper around iptables
[02:02] <twb> http://cyber.com.au/~twb/doc/iptab is an example using iptables directly
[02:03] <CyberAlejo17> Estoy aplicando iptables directamente.
[02:03] <CyberAlejo17> Mediante un script.sh
[02:04] <twb> CyberAlejo17: please pastebin your script.sh
[02:05] <twb> Also please read http://jengelh.medozas.de/documents/Perfect_Ruleset.pdf, and consider joining #netfilter (which is English only)
[02:06] <CyberAlejo17> ohhh, no tengo ahora acceso al servidor. No puedo hacer conexión mediante SSH, creo que quedó confgurado con DROP cuando salí.
[02:06] <CyberAlejo17> De esta forma no es mucho lo que se pueda hacer :(
[02:16] <twb> CyberAlejo17: I'm sorry to hear that.
[02:17] <twb> CyberAlejo17: ask me again, when you have access to your server.
[02:20] <CyberAlejo17> ok. Eso haré. Muchas gracias. Disculpa la molestia.
[02:22] <stgraber> hallyn: I pushed a very minor fix to ubuntu:lxc (won't upload just for that), just adds a missing space before the = sign of "lxc.network.hwaddr"
[02:23] <stgraber> hallyn: http://paste.ubuntu.com/912396/
[02:43] <psusi> bug #919281 appears to be an iso spin error for the server iso... kernel modules are missing... what is the correct package that should be assigned to?
[04:58] <Hodgy> I just installed Ubuntu Server 11.10 and I am accessing it from SSH, is there anything neat I could try out with it?
[05:06] <FrozenFire> For some reason, on my gateway/router server running Ubuntu Server, the internal interface which is supposed to always be set to 192.168.0.1, dhclient is reconfiguring that interface with a DHCP address.
[05:06] <FrozenFire> The interface is set to static in /etc/network/interfaces
[05:06] <FrozenFire> And I've even set supersede fixed-address 192.168.0.1 in dhclient.conf
[05:06] <FrozenFire> But it keeps happening
[05:07] <FrozenFire> It's getting frustrating as heck, because something's causing dhclient to reconfigure the interfaces on a regular basis
[05:08] <FrozenFire> Any ideas as to why?
[05:12] <FrozenFire> https://bugzilla.redhat.com/show_bug.cgi?id=556001 Essentially equivalent to this
[06:06] <RoyK> hi all. I have two kvm nodes setup with ssh auth between them, both running oneiric. When I try to migrate this vm, it tells me http://paste.ubuntu.com/912552/ - source kvm host has been running for some weeks, dst host has just been rebooted for good measure
[06:07] <RoyK> oh, and after that attempt, the vm loses contact with its root device
[06:15] <RoyK> anyone awake?
[07:34]  * RoyK += 0xc0ffee
[07:59] <lynxman> morning o/
[08:01] <twb> RoyK: surely you should XOR that
[08:06] <RoyK> twb: heh
[08:10] <jamespage> morning all
[08:32] <twb> What's nomodeset called in lucid?
[08:33] <twb> post-install I want it to fuck off and stop loading a fuzzy, larger font than the 80x25 it starts with
[08:33] <twb> That is, vga16fb
[08:36] <twb> Fuck it, blacklisting it in modprobe.d works
[08:39] <twb> grub-common has an update in lucid/updates, but grub-efi-amd64 doesn't -- WHY?  They're from the same source package.
[08:46]  * smb chants iscsitarget into Daviey 's generic direction...
[08:50] <Tm_T> language ...
[08:52] <_ruben> iscsitarget as in iet? yuck :P
[08:53] <twb> _ruben: it's OK provided you remember to use a non-terminated BLACK goat
[09:02] <_ruben> twb: hehe
[09:09] <twb> OK, this is confusing.  lucid's grub-efi-amd64 says that it needs an EFI partition, and doesn't take a device.  The same program in precise, DOES take a device, and if you just do "grub-install /dev/sda" without an EFI partition on that device, it succeeds without output.  Looking at the partition table afterwards shows there is still no EFI partition.  WTF?
[09:09]  * twb reboots to see if anything has changed
[09:09] <twb> rebooting makes it boot from the MBR still
[09:38] <kokyu> is anyone here (kind of) experienced with Ubuntu plus OpenStack?
[09:39] <uksysadmin> kokyu: what do you need to know? dev support or end user help/
[09:39] <kokyu> I just installed 12.04 (daily build) and despite the fact, that OpenStack enabled during installation process, it did not succeed without telling me why, so I excluded it again, and did continue install
[09:39] <kokyu> (still writing my issue :-) )
[09:39] <kokyu> now, after install reboot, I see, that it actually has installed OpenStack, but SWIFT failed to start up, Compute (nova) seems to be running, at least when checking the process list.
[09:40] <kokyu> I am kind of new to both, Ubuntu (not Linux et al) and OpenStack, so I am a little confused on how to fix things now. is OpenStack now half or fully installed, or am I missing just some db configuration bits?
[09:41] <kokyu> maybe choosing 12.04 wasn't that a great idea, but this is going to be the next LTS and to be released in a few weeks, so I chose this one (also due to the recent kernel and userland :)
[09:42] <kokyu> uksysadmin: I kind of need someone to give me hints to get OpenStack initially running :)
[09:42] <kokyu> we're currently using Proxmox 1.9 with OpenVZ, with LTS 8.04 and would like to switch to OpenStack for the new hardware with 12.04 LTS ideally
[09:43] <kokyu> and since OpenStack seems to be core part of Ubuntu now, it just seems ideal.
[09:45] <uksysadmin> kokyu: check this out: http://uksysadmin.wordpress.com/2012/03/28/screencast-video-of-an-install-of-openstack-essex-on-ubuntu-12-04-under-virtualbox/
[09:45] <kokyu> oha, interesting. I'll watch that. many thanks so far ;)
[09:51] <kokyu> uksysadmin: thanks :)
[09:52] <uksysadmin> np kokyu - check out #openstack too - other guys can help you in there with OpenStack issues
[10:04] <kokyu> uksysadmin: is your vimeo video guide really without sound, or is it my audio messing up right now?
[10:05] <uksysadmin> ah - sorry - I should put a message up - it is without sound
[10:05]  * uksysadmin went for the 1900s silent movie genre ;-)
[10:05] <kokyu> lol damn it, and I was searching for the issue locally :D
[10:06] <uksysadmin> I'll update my blog. sorry! :S
[10:07] <kokyu> never mind, now that I now, I really apreciate ppl doing screencats, however, I can just encourage you to actually speak with it, it is really much more helpful with audio text :)
[10:08] <kokyu> uksysadmin: I also found this one, btw: http://www.hastexo.com/resources/docs/installing-openstack-essex-4-ubuntu-1204-precise-pangolin
[10:09] <koolhead17> uksysadmin: ^^
[10:10] <uksysadmin> that's a great tutorial too
[10:10] <uksysadmin> and don't encourage koolhead17 to make me do a voice over
[10:10] <uksysadmin> ;-)
[10:10] <uksysadmin> There are some great guides coming out now that accompany the documentation
[10:10] <kokyu> hehe
[10:10] <koolhead17> lol. you should definately do that man
[10:11] <uksysadmin> ok ok, I'll try and find some time to add some audio
[10:25] <sergevn> hi
[10:45] <ironm> !daily
[11:07] <sergevn> hi
[11:08] <ironm> !ubuntu-server+1
[11:08] <ironm> !ubuntu-server
[11:24] <hlan> hello, I'm using the ppa ondrej/php5 because I need php 5.4 but php segfaults so I also need the debug symbols so I can do a gdb backtrace... how do I proceed?
[11:58] <ironm> hello. Please allow me one question. I use XCP 1.5 (xen) as host and I can successfully install ubuntu-server 11.10 as VM but I am running in "CD-ROM mount" issue with ubuntu-server 12.04. Mor detals are in: xcp1.5-ubuntu-server12.04.error.txt
[11:58] <ironm> http://paste.debian.net/161870/
[11:59] <ironm> can anyone confirm this issue? Thank you in advance for any hints.
[12:02] <ironm> would be #ubuntu+1 channel better for the question above?
[12:18] <alein> Hi can I ask in the channel?
[12:18] <uksysadmin> alein: I can't speak for everyone, but I'll let you. :p
[12:20] <alein> Ok thanks, I have one big problem with one of my servers. The problem is that some bad person make a huge ddos syn flood on port 80. That overload my server, http stop working and other services become slow and useless.
[12:21] <ahxcjb> your front end firewalls should mitigate against syn floods
[12:21] <alein> I don't talk about webserver flood - I mean tcp syn flood on port 80
[12:21] <alein> I talk about 200Mbps syn flood traffic
[12:22] <uksysadmin> +1 on ahxcjb.
[12:22] <alein> ahxcjb what you mean? my ISP should stop the flood?
[12:22] <rbasak> alein: what's your question?
[12:22] <uksysadmin> ok, few solutions - set up your systems to not allow the creation of many syn connections without the full ack etc... firewall, ips.
[12:22] <alein> how to deffend myself
[12:23] <uksysadmin> if its to port 80... another quick win - check out www.cloudflare.com and have your site live behind that
[12:23] <ahxcjb> set your front end firewall to mitigatge against the attack
[12:23] <ahxcjb> what is your front-end firewall?
[12:23] <ahxcjb> is it Ubuntu?
[12:23] <rbasak> Enabling syn cookies should protect against a plain syn flood
[12:23] <alein> ahxcjb iptables doesn't help at all
[12:23] <ahxcjb> http://www.lainoox.com/tag/syn-flood-iptables/
[12:24] <ahxcjb> alein: of course it does!
[12:24] <alein> I can drop all the traffic and the server gets overloaded
[12:24] <ahxcjb> then you're not doing it correctly
[12:24] <alein> lol
[12:24] <ahxcjb> if you're getting a 200Mbps syn flood, you should involve your ISP
[12:24] <alein> iptables -I INPUT -i eth0 -s 0.0.0.0/0 -j DROP
[12:24] <patdk-wk> http://www.symantec.com/connect/articles/hardening-tcpip-stack-syn-attacks
[12:24] <ahxcjb> well that's just silly
[12:24] <alein> that doesn't help
[12:25] <ahxcjb> it doesn't help because you clearly haven't got clue
[12:25]  * patdk-wk has never been syn flooded
[12:25] <alein> ;)
[12:25] <patdk-wk> atleast not more than my server could handly by itself
[12:25] <patdk-wk> without adjustments
[12:26] <patdk-wk> people do love to do POST floods for some reason
[12:26] <ahxcjb> if you're suffering a major DoS you need to involve your ISP
[12:26] <ahxcjb> as they can mitigate against the flood far better than a home user can.
[12:27] <alein> ahxcjb I call them, wtite them a letter nad the answer was "We can't handle it"
[12:27] <ahxcjb> alein: then change ISPs
[12:27] <alein> write*
[12:27] <alein> its not that easy
[12:27] <alein> so  http://www.lainoox.com/tag/syn-flood-iptables/ should help?
[12:28] <ahxcjb> I think if you are being hit by the size of DoS  that you state, then you have to involve your ISP
[12:28] <ahxcjb> and if your ISP doesn't act, then MOVE ISP
[12:28] <alein> I have 1gbps connection so they hardly can owerload my bandwith
[12:28] <alein> but that last flood was ugly
[12:29] <ahxcjb> if you have a 1gbps connection, then you're a fixed line user
[12:29] <ahxcjb> and should have budget for proper firewalls
[12:29] <ahxcjb> which i suggest you purchase
[12:29] <ahxcjb> to allow you to mitigate against such attacks
[12:29] <alein> Nope, I don't have it
[12:30] <ahxcjb> then how and why do you have a 1gbps connection? Are you a business?
[12:30] <alein> Nope, I'm not a business, I have little game server
[12:30] <ahxcjb> on 1gbps? pull the other one
[12:30] <alein> just have friends in that ISP and I have 1 Gbps
[12:31] <ahxcjb> so are you paying for this co-lo
[12:31] <ahxcjb> ?
[12:31] <alein> Yes with 9 years work in that company
[12:31] <patdk-wk> sound like a, I'll put it under my desk, deal
[12:32] <alein> possible SYN flooding on port 80. Sending cookies I sick of this
[12:36] <dork> how distributed is it
[12:38] <dork> are the bots leaving any sort of fingerprint in the access log?
[12:38] <dork> try tarpit'ing the string of their client
[12:38] <dork> http://www.spinics.net/lists/netfilter/msg17583.html
[12:39] <dork> but bottom line is anyone who runs a box and gets dos'd only mitigates and eventually contacts upstream carrier to filter
[12:39] <dork> so do it the right way
[12:39] <dork> and stop making excuses :)
[12:39] <rbasak> jamespage: I apt-get installed jenkins on oneiric, but it failed to start because /etc/init/jenkins.conf uses JAVA_HOME=/usr/lib/jvm/default-java which doesn't exist. Changing it to /usr/lib/jvm/java-6-openjdk fixed it. Is this a bug? Any idea why I don't have a /usr/lib/jvm/default-java?
[12:39] <jamespage> rbasak, bug 971952
[12:40] <rbasak> thanks :)
[12:40] <jamespage> jenkins depends of default-jre-headless | java6-runtime-headless...
[12:40] <jamespage> rbasak, you can fix it bey installing default-jre-headless
[12:41] <jamespage> it works differently in precise so its an oneiric specific issue
[12:41]  * jamespage wishes for good JAVA_HOME detection
[12:41] <jamespage> virtually every server type package has this problem
[12:42] <jamespage> rbasak, hence things like bigtop-utils....
[12:42] <ironm> hello. Does anyone run ubuntu-server 12.04 on XCP 1.5 host? (free xen-server)
[12:43] <rbasak> jamespage: that worked - thanks!
[12:45] <jamespage> rbasak, its a PITA
[12:46] <jamespage> rbasak, BTW I've been backporting precise jenkins to ppa:hudson-ubuntu/backports if you want something a bit more up-to-date for the next few weeks
[12:47] <rbasak> jamespage: thanks, I'll use that if I find something I need that's missing
[14:08] <ironm> hello. Anyone around running a kvm  based host on ubuntu-server 11.10 or 12.04? I am looking for some documentation about configuring and running kvm VMs
[14:10] <SpamapS> lynxman: pong, was out yesterday.
[14:11] <SpamapS> ironm: https://help.ubuntu.com/8.04/serverguide/C/libvirt.html
[14:11] <ironm> thanks a lot SpamapS :)
[14:12] <lynxman> SpamapS: hey I'm having some problems with the splice command, wanted to pick your brain for a bit :)
[14:12] <SpamapS> hrm.. why does google insist on giving me the hardy docs? We need to setup a sitemap for help.ubuntu.com
[14:12] <lynxman> SpamapS: http://pastebin.ubuntu.com/913051/ <-- already converted all the soft links to regular files, still errors
[14:12] <SpamapS> ironm: https://help.ubuntu.com/11.10/serverguide/C/libvirt.html probably more current :)
[14:13] <ironm> SpamapS,  I will check this one too. Merci :)
[14:16] <SpamapS> lynxman: hmm
[14:18] <lynxman> SpamapS: easily reproducible, negronjl suggested me that soft links wouldn't work so I ran a small script to convert them
[14:18] <lynxman> SpamapS: the error message is kinda confusing, that's why I wanted to ask you :)
[14:18] <SpamapS> lynxman: the logic looks a bit out of order
[14:19] <lynxman> SpamapS: what would you suggest?
[14:19] <lynxman> SpamapS: do the charms need to be in any special order?
[14:19] <lynxman> SpamapS: even if I try to do one it's failing I'm afraid
[14:20] <SpamapS> lynxman: yeah I think the lack of tests for splice is showing. ;)
[14:20] <lynxman> SpamapS: hah yeah :)
[14:20] <koolhead17> Daviey: around?
[14:20] <SpamapS> lynxman: I believe the simple fix is to add an os.mkdir before the proxy_relation calls
[14:22] <lynxman> SpamapS: just create a silently failing os.mkdir before the proxy_relation call to create the dir if it doesn't exist?
[14:24] <SpamapS> lynxman: yeah, or perhaps move the make_hook calls before the proxy relation calls.
[14:25] <SpamapS> (they do a mkdir)
[14:27] <lynxman> SpamapS: could you pass me a small diff so I know where to look at quickly? :)
[14:28] <lynxman> SpamapS: ah neverminds scripts/splice
[14:29] <lynxman> SpamapS: I've been too long doing ruby, almost forgot python now ;)
[14:31] <lynxman> SpamapS: yeah that worked \o/
[14:32] <SpamapS> lynxman: I think its probably time that we merge splice into charm-tools
[14:32] <lynxman> SpamapS: would be good, it's extremely useful
[14:33] <SpamapS> lynxman: still feels very experimental though.. hrm
[14:35] <ironm> SpamapS, I am wondering a bit, why virtinst has not been installed even I have chosen the host tasksel option (for kvm)
[14:38] <SpamapS> ironm: dunno, I have to admit, my libvirt knowledge is pitiful, I usually just use virt-manager
[14:40] <ironm> SpamapS, wirt-manager hasn't been installed too
[14:40] <SpamapS> ironm: its a GUI so thats no surprise
[14:41] <ironm> oh .. I see :)
[15:01] <hlan> I'm trying to automate apt and I'm copying sources.list however that makes apt hang on /var/lib/dpkg/info/base-passwd.postinst
[15:02] <hlan> I guess some trust/security files must also be copied...  what more files do I need to copy except /etc/apt/sources.list
[15:02] <hlan> ?
[15:02] <SpamapS> hlan: what exactly are you trying to automate?
[15:03] <SpamapS> hlan: sources.list would have nothing to do with /var/lib/dpkg/info/base-passwd.postinst ..
[15:03] <SpamapS> hlan: if you want to create a new, tiny ubuntu, you want debootstrap, not apt
[15:03] <hlan> SpamapS: apt-get spawns that process and it waits for some kind of user prompt
[15:04] <SpamapS> hlan: that process is the post install script for a package. dpkg is spawning it, not apt
[15:04] <hlan> SpamapS: what kind of information is it asking for?
[15:04] <hlan> it's trying to read from stdin
[15:04] <hlan> unfortunately I can't see stdout
[15:05] <SpamapS> hlan: no idea, but if you want to not be prompted you can use export DEBIAN_FRONTEND=noninteractive
[15:06] <SpamapS> hlan: it wil then choose defaults for all questions
[15:09] <konradb> hi, is it possible to make dist-upgrade without rebooting?
[15:24] <NGNTNT> hi everybody
[15:24] <konradb> everypony*
[15:25] <NGNTNT> can anyone help me with my stucked-at-the-boot ubuntu server ?
[15:29] <NGNTNT> noone ?
[15:33] <SpamapS> NGNTNT: can you be more specific than "stuck at the boot" ?
[15:33] <SpamapS> konradb: yes you can upgrade almost anything without rebooting.. notable exceptions are upstart and the kernel (though there is 'ksplice' for kernels, I don't know how stable it is)
[15:42] <NGNTNT> at the boot sequence the server goes to busybox prompt. The previouse lines said mounting /dev to /root/dev failed
[15:42] <NGNTNT> I tried to launch fsck booting from a live cd but nothing worked yet
[15:44] <jamespage> Ursinha,  http://reports.qa.ubuntu.com/reports/ubuntu-server/triage-report.html is looking better (if a little scary)
[15:45] <Ursinha> jamespage, is the data correct? I removed one constraint that was making that miss some bugs
[15:45] <jamespage> Ursinha, well I could see bugs moving through the queue so I think so
[15:46] <jamespage> Ursinha, ~260 New bugs was the scary bit (was 275 this morning :-))
[15:54] <raubvogel> Does ubuntu now do disk alignment when partitioning hard drives?
[15:55] <SpamapS> Ursinha: thanks for fixing that
[15:55] <SpamapS> jamespage: and well done noticing it was wrong ;)
[15:55] <Ursinha> thanks guys for using it
[15:55] <Ursinha> :)
[15:55] <jamespage> Ursinha, makes my life easier (well it does now)
[15:56]  * jamespage thinks we need to have a blitz on New bugs
[16:01] <jamespage> ubuntu-server team meeting in #ubuntu-meeting about to start...
[16:14] <ironm> SpamapS, I used the following line to create VM. I am not sure if it is correct syntax. How can I connect to the install console?
[16:14] <ironm> virt-install -n web70 -r 2048 --disk path=/dev/sdd -c /var/lib/libvirt/ubuntu-11.10-server-amd64.iso  --network network=default --connect=qemu:///system --graphics none -v
[16:15] <ironm>  10 web70                running
[16:17] <ironm> hmm... : ironm@dev10:~$ virt-viewer --connect qemu:///system 10
[16:20] <SpamapS> ironm: you're asking the wrong person. ;)
[16:20] <SpamapS> hallyn: ^^ perhaps you can help ironm ?
[16:21] <ironm> ok .. thanks a lot anyway SpamapS :)
[16:21] <ironm> it looks like the VM is running. I don't know how to connect to console using virt-viewer
[16:22] <ironm> console of this VM ...
[16:23] <hallyn> i don't use virt-install.  but perhaps 'virsh console 10', if you have a serial console hooked up inthe guest
[16:23] <ironm> thank you hallyn  .. i will check it
[16:24] <ironm> hmm ... I am gettint the following output but nothing happen anymore and I am not able to type in  ...
[16:24] <ironm> Connected to domain web70
[16:24] <ironm> Escape character is ^]
[16:28] <ironm> hallyn, has the following line a correct syntax? virt-install -n web70 -r 2048 --disk path=/dev/sdd -c /var/lib/libvirt/ubuntu-11.10-server-amd64.iso  --network network=default --connect=qemu:///system --graphics none -v
[16:29] <hallyn> ironm: as I say I don't use virt-install.  looks fine based on what i know
[16:30] <hallyn> i wonder if mdeslaur uses it...
[16:30] <hallyn> i'll give it a whirl though
[16:30] <ironm> thanks a lot hallyn
[16:33] <hallyn> looks fine especiallly per https://help.ubuntu.com/11.10/serverguide/C/libvirt.html
[16:34] <mdeslaur> ironm: I don't think you can connect to a virt-install console
[16:34] <hallyn> ironm: why exactly did you say --graphics=none?  if you do vnc, you'll get the console over vnc
[16:34] <hallyn> which i think is what you need right now
[16:34] <hallyn> it won't cause x to be installed
[16:34] <mdeslaur> ironm: ah, I take it back, hallyn is right
[16:35] <ironm> hallyn, I am on console of the host (ssh)
[16:36] <ironm> it looks like I need a client with vnc ...
[16:36] <hallyn> ironm: i'm afraid we have terminology confusion.  'ssh' gives you a pty, fwiw.  'console' usually means a getty running on /dev/ttyX
[16:37] <hallyn> right.  once it's all set up you can then ssh into the guest
[16:37] <hallyn> virsh console itself "works", but I dont' knwo if virtinst is setting /dev/ttyS0 up, nor do i think ubuntu server is setting it up
[16:37] <hallyn> so virsh console gives nothing bc there is no getty running
[16:37] <utlemming> kirkland: ping
[16:37] <ironm> hallyn, yes .. I thought it is possible to use an install console also from the KVM host
[16:38] <hallyn> i don't know what you mean
[16:38] <smoser> kirkland, you see https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/966686
[16:38] <ironm> hallyn, I try to follow you
[16:38] <smoser> RoyK, you were asserting somewhere that a cd install in a vm results in an empty console on server install, is that right?
[16:39] <smoser> gah
[16:39] <smoser> s/RoyK/RoakSoax/
[16:39] <roaksoax> smoser: i'm here
[16:40] <smoser> roaksoax, then look above. stupid caps change.
[16:40] <smoser> anyway
[16:40] <roaksoax> lol
[16:40] <roaksoax> smoser: yeah, I've seen that issue
[16:40] <smoser> can you open a bug.
[16:40] <smoser> hallyn, ^
[16:40] <roaksoax> smoser: sure, let me test it again to confirm and will open a bug
[16:40] <smoser> and we should determine if thats vm only.
[16:41] <roaksoax> k ;)
[16:42] <hallyn> smoser: eh what?
[16:43] <hallyn> if you install a non-server iso without x, grub.conf still redirects you to vt7, which is empty.  is that what you're referring to?
[16:43] <hallyn> it's not only in vms
[16:43] <hallyn> you can edit /etc/default/grub, or jsut hit alt-left to get a console
[16:43] <smoser> this was server iso install
[16:43] <smoser> but admittedly possibly via preseed and cobbler/maas
[16:44] <hallyn> and what does /proc/cmdline show
[16:44] <roaksoax> hallyn: yes
[16:44] <roaksoax> hallyn: that's it, it shows a black screen with cursor, but changing ttys gives you the login prompt
[16:45] <hallyn> I assume there is vt.handoff=7 in /proc/cmdline
[16:45] <roaksoax> let me check, doing a new install
[16:47] <kirkland> utlemming: howdy
[16:48] <utlemming> kirkland: have you perchance seen my bug on byobu clearing the screen on login?
[16:48] <utlemming> bug 966686
[16:48] <kirkland> utlemming: yeah, haven't had time to look into that
[16:48] <kirkland> utlemming: is that a difference between tmux and screen, perhaps?
[16:49] <kirkland> utlemming: I think that's because the older byobu used the /usr/bin/byobu-shell to launch a shell
[16:49] <kirkland> utlemming: which cats the motd
[16:50] <utlemming> kirkland: yeah, the tmux version is the one that clears the screen
[16:54] <kirkland> utlemming: do you think this is release critical?
[16:54] <kirkland> utlemming: I reckon it is, since it removes the landscape commercial, huh?
[16:55] <utlemming> kirkland: yes...we are putting some logic in to warn people of invalid or uninstalled locales. There is a problem with some packages where if LC_* variable are exported, the package may not installed.
[16:55] <utlemming> kirkland: and it removes the blatant commerical advertising too
[16:55] <kirkland> utlemming: well, byobu is off by default now, so meh :-)
[16:56] <utlemming> kirkland: hence the reason I filed it as "high" instead of critical. Although, the tmux version of byobu is pretty slick. I'm using it a whole lot more myself.
[16:56] <kirkland> utlemming: okay, I'll get that one fixed, please assign it to me, mark it triaged/high and milestone it appropriately
[16:56] <kirkland> utlemming: i *love* it ;-)
[16:56] <kirkland> utlemming: 1920x1080 with about ~6 splits usually
[16:56] <kirkland> utlemming: and rarely more than 1 window
[16:56] <kirkland> utlemming: okay, i'll get on that today
[16:57] <utlemming> kirkland: thanks :) Marked triaged, assigned and targeted
[17:35] <hallyn> roaksoax: i really don't know what's to be done about htat :)  unless we have the core x package do the appending of vthandoff line
[18:01] <bobweaver> Does anyone know where to get this how much it costs . Is it real ? does it work on deb systems or only rpm ? ect   http://www.hepsia.com/ .Talk about bad advertising, All I can find is demo lol
[18:01] <jamespage> adam_g, around? want to discuss squid3?
[18:16] <dexter76> hello, on a fresh ubuntu 11.10 server virt-install raise "Could not find an installable distribution at" error whatever iso/http/ftp i give to the --location
[18:16] <dexter76> any ideas what to check?
[18:20] <adam_g> jamespage: sorry, lost in an email. yea
[18:21] <adam_g> jamespage: still around or did i miss you?
[18:40] <kklimonda> huh, it seems like idmapd doesn't start early enough on precise when used with autofs..
[18:42] <kklimonda> ah, it's a different issue - my network doesn't start early enough so idmapd can't figure out the domain..
[18:42] <kklimonda> but that makes no sense
[18:54] <imjustmatthew> I'm having some trouble getting an upstart job to work right, is there an even fires when a DHCP lease is accepted?
[19:05] <smoser> hallyn, ping
[19:05] <hallyn> .
[19:05] <KM0201> !ping
[19:05] <KM0201> lol
[19:06] <smoser> how would you boot a kvm instance with networking other than guest net
[19:06] <smoser> ie, i'd like to use kvm without libvirt, but the only time i ever do something other than guest net is with libvirt
[19:07] <hallyn> smoser: hold on lemme pastebin what i do
[19:08] <hallyn> smoser: http://paste.ubuntu.com/913492/
[19:09] <hallyn> or are you asking for libvirt xml to do that?
[19:09] <smoser> hallyn, thats what i wanted
[19:09] <smoser> minus...
[19:09] <smoser> how do you get a network interface there
[19:09] <hallyn> you mean br0?
[19:10] <smoser> in the guest
[19:10] <smoser> static?
[19:10] <hallyn> i dno't understand.  the cmds above will give you an eth0 in the guest
[19:11] <smoser> right.
[19:11] <smoser> but how does it get an IP
[19:13] <hallyn> depends on how br0 is set up
[19:13] <smoser> ah
[19:13] <smoser> i see
[19:13] <smoser> br0 from libvirt ?
[19:13] <hallyn> it should ping the same dhcp sever as your host does
[19:14] <hallyn> or br0 that eth0 is slaved to
[19:14] <smoser> ah.
[19:14] <smoser> yeah.
[19:14] <smoser> i need to provide it one then.
[19:14] <smoser> k.
[19:14] <hallyn> or,
[19:14] <hallyn> you can set one in the guest by hadn i suppose, but it probably won't talk to the network right
[19:18] <smoser> hallyn, thanks.
[19:20] <hallyn> np
[19:34] <hlan> will the log rotator process any log directly stored in /var/log ?
[19:34] <hlan> or just "syslogs"
[20:29] <zul> adam_g:  so novnc doesnt have tarballs per say, like release tarballs, so i think we should be doing another snapshot with the horizon patches applied
[20:30] <alein> hi all
[20:30] <alein> I would like to ask, is there any way to catch NULL TCP packets with tcpdump?
[21:02] <RoyK> alein: "Null Packets are neither sent nor acknowledged when not received."
[21:04] <RoyK> 2.1. Formal Definition
[21:04] <RoyK> [This section is intentionally left blank, see also Section 0 of [NULL].]
[21:05]  * RoyK loves april fool RFCs :D
[21:05] <alein> RoyK I'm trying to catch the true ip address of spoofed syn flood attack.
[21:05] <alein> Can I do this with tcpdump and wireshark
[21:06] <RoyK> how do you want to catch the real IP when it's spoofed?
[21:06] <RoyK> spoofed means it's overwritten
[21:07] <RoyK> and the routers don't track what they do
[21:07] <alein> The only way to detect default ip is to looking for NULL TCP packets (meaning no TCP flags set) with destination ports of 0.
[21:09] <alein> but I'm not sure that I can do this with tcpdump or only with an intrusion-detection system
[21:21] <RoyK> alein: what should generate that null packet, then?
[21:21] <alein> meaning no TCP flags set
[21:21] <zul> adam_g: we 600 the keystone config files dont we?
[21:23] <adam_g> zul: keystone.conf, yeah, we should
[21:24] <adam_g> zul: also, /var/lib/keystone/keystone.db if it exists
[21:24] <zul> k
[22:09] <rmk> Alright so the Ubuntu dhcp client seems to just give up and die if the dhcp server is down during the time a request is bad..
[22:09] <rmk> s/bad/made
[23:15] <rmk> So, when we lose our dhcp server, our dhclient process retries for about a minute then exits rather than sleeping.  Ubuntu 11.10 64-bit server.  Is this expected behavior and is there a way to change that?
[23:15] <rmk> I can obviously script aorund it but I figure there has to be a cleaner way.
[23:16] <jiboumans_> hi smoser, just tried to launch a new ami (ami-37af765e) in us-east-1a and cloud-init exited with code 1. Using the slightly older ami-3e9b4957 everythings works just dandy. figured you'd want to know.
[23:20] <dork> it is expected behavior because it's assuming you chose the wrong interface, meant to provision a static ip, etc
[23:20] <dork> just hit go back and do it again
[23:22] <smoser> jiboumans_, i suspect mirror issues. but will give a quick check.
[23:22] <smoser> hm.. i dont know of ami-37af765e
[23:22] <jiboumans_> http://uec-images.ubuntu.com/query/lucid/server/released.current.txt
[23:22] <jiboumans_> smoser: it's listed there ^
[23:23] <smoser> ah. k.  my cache was just out of date
[23:23] <jiboumans_> smoser: this is the last bits in the syslog: https://gist.github.com/2296262
[23:23] <smoser> well, i can't be sure why your pupet died.
[23:23] <dork> rmk: oh nevermind thought you meant during installation
[23:23] <smoser> perhaps it could not reach the master ?
[23:24] <rmk> no I need it to retry forever
[23:24] <dork> rmk: try dhclienf.conf
[23:24] <jiboumans_> smoser: possibly, but it left the ami in a non-good state and appeared to exit the run.
[23:24] <dork> dhclient.conf
[23:24] <jiboumans_> am i seeing that wrong?
[23:24] <dork> looks like the params are in there
[23:25] <jiboumans_> there was no /etc/puppet generated for example
[23:26] <smoser> jiboumans_, console output (get-console-output) is more helopful. it will have more info. i suspect it has a apt-get update failre.
[23:26] <smoser> but there will probably be something meaningful to you there.
[23:26] <jiboumans_> smoser: i've scrapped the instance, but happy to respin one if it helps you diagnose
[23:26] <smoser> (and note, in later releases, you should set
[23:26] <smoser>  output: {all: '| tee -a /var/log/cloud-init-output.log'}
[23:26] <smoser> you have access to the instance up to 1 hour after termination
[23:27] <smoser> jiboumans_, so above, then you'll have everything that output by cloud-inti or subprocess in that log file.
[23:28] <smoser> just easier to get at thene console
[23:28] <jiboumans_> smoser: i don't seem to be able to start it up again from the console though.. am i missing something?
[23:28] <jiboumans_> thanks, adding that to our start up script
[23:28] <smoser> you cant start it up again
[23:28] <smoser> but at least from the tools, you'll be able to get console output
[23:28] <smoser> its just stored for 1 hour.
[23:29] <smoser> ie, euca-get-console-output <i-iabababab>
[23:30] <jiboumans_> checking
[23:31] <jiboumans_> smoser: you're right. updated the gist: https://gist.github.com/2296312
[23:31] <jiboumans_> W: Failed to fetch http://us-east-1.ec2.archive.ubuntu.com/ubuntu/dists/lucid-updates/main/source/Sources.bz2  Hash Sum mismatch
[23:31] <smoser> jiboumans_, you  might be a good candidate for our s3 mirrors.
[23:32] <jiboumans_> smoser: i'm listening :)
[23:32] <smoser> which (given disabled apt pipelining , which is current in daily images, or anything with up to date cloud-init)
[23:32] <smoser> should be more stable.
[23:32] <smoser> we'll have offically released amis later this week that have the optoin already disabled inside them
[23:33] <utlemming> smoser, jiboumans_: lucid was officially released today with the update
[23:33] <smoser> but you can either laucnh the daily, or set the option in apt yourselfbefore update.
[23:33] <jiboumans_> sorry, you mean that new images will use the s3 mirror by default?
[23:33] <smoser> jiboumans_, so there ya go.
[23:33] <smoser> jiboumans_, no, htye use the other mirrors. but you can tell them fairly easily to use the s3
[23:33] <smoser> utlemming, can tell you how
[23:34] <utlemming> run 'sed -i "s,ec2.archive.ubuntu.com,ec2.archive.ubuntu.com.s3.amazonaws.com,g" /etc/apt/sources.list'
[23:34] <jiboumans_> then i didn't quite follow; what's the apt-pipelining option? I see the lp repo, but not the rationale behind it
[23:36] <utlemming> APT uses a micro-enhancement (HTTP Pipelining) to eak out a few microseconds of performance. S3, well, it doesn't get along with pipelining. If you disable apt's pipelining, then S3 works well.
[23:36] <jiboumans_> ah, that makes sense
[23:37] <jiboumans_> utlemming/smoser: is the s3 apt repo code viewable somewhere? it's on my bucket list to do that internally for our own apt repo too
[23:38] <utlemming> yup... lp:s3aptmirror
[23:39] <jiboumans_> thanks utlemming smoser, very helpful :)
[23:43] <smoser> utlemming, could you open an RT about the apt mirror issue
[23:47] <smoser> utlemming, oh, its the stale issue