[00:06] New bug: #978458 in samba (main) "CVE-2012-1182: "root" credential remote code execution" [Undecided,New] https://launchpad.net/bugs/978458 [00:44] which irc webchat is most featurefull and can be stable under heavy load? [00:45] loym, you mean irc server? [00:45] ya. i need a webchat facility [00:45] for the ircd [00:47] I don't know what that means. [00:47] If you just want a browser-based IRC client, I can't help you. [00:47] twb, I guess he wants to run a webchat service for his irc server [00:47] well. there can be a webchat facility like for example http://en.irc2go.com/webchat/?net=QuakeNet . [00:47] right? [00:48] which irc webchat application is most featurefull and can be stable under heavy load? [00:48] Why not just use that client, then? [00:48] like this http://webchat.freenode.net/ [00:48] 2 reasons. [00:48] i dont own freenode. [00:48] and second i need a website facility [00:48] there are 2 you could use [00:48] alice IRC, and subway IRC [00:48] its for my own network [00:49] Why would the client care what server it's connecting to? [00:49] alice is more mature, but subway has a real nice UI [00:49] that's interesting jcastro [00:49] Ursinha: I also have charms for both! [00:49] cool! [00:50] twb, because he wants to have his own :) [00:50] I don't see a problem with that :P [00:50] Why? [00:50] ok [00:50] So he can have corporate branding on it or something? [00:52] twb jcastro i use inspircd as an ircd [01:20] whats an easy way to log a channels chat. even if you logout as a user [01:21] Deploy a log bot === jtv1 is now known as jtv [01:32] loym, well, lots of people run an irc bouncer or proxy on a mostly-all-the-time-up host [01:32] i use bip [01:32] in my case, my desktop _is_ a mostly-all-the-time-up host [01:33] but I use screen to a shell server for my mobile [01:51] qman__, what do you mean by this but I use screen to a shell server for my mobile [01:52] loym: cellphones change IP all the time, so he can't easily run long-running connections on them. So instead, he runs them on a "real" machine, and uses SSH and GNU Screen to connect to them [01:52] screen to a shell server for my mobile? [01:52] oh [01:52] s/to/on [01:52] s/to/on/ [01:52] wrong preposition, I use irssi connectbot on the phone, to the shell server, which runs irssi in a screen [01:53] ? [01:53] i hope irssi make folders of different irc.servers and put the channel files in those folders [01:54] channel log files** [01:54] I actually don't log with my irssi, you have to configure it [01:54] qman__, twb making irc chats open to general public and search engines will be a nice idea ? [01:54] but I'm sure it'll configure the way you want, irssi is hugely popular [01:54] hm [01:55] loym: at that point why don't you jsut make a channel on an existing public network [01:55] loym: e.g. /join ##wanktasm -- ta da, you now have your own channel [01:56] running xchat on the desktop, I set this up in 2006, and, well, inertia [01:56] ya but if i have many good channels like #irssi #google #linux [01:57] qman__, twb making irc chats open to general public and search engines will be a nice idea ? [01:58] loym: plonk. [02:37] SpamapS, around ? [02:41] New bug: #978507 in tgt (main) "tgt default config should use config.d" [Medium,In progress] https://launchpad.net/bugs/978507 [02:48] so I'm looking for recommendations on software for local backup to USB drive, I would just rsync but I'd like to keep deleted files for a while [02:48] and get deduplication [02:49] heh, dedup is hard [02:50] I use backupPC at work for remote backups, which I guess could work for local [02:50] but I was wondering if there's a better choice [02:50] qman__: rsnapshot [02:50] ya, I use backuppc currently [02:50] Or just rsync --link-dest + manual expunge [02:50] but think I need to change to something else [02:51] bup looks promising but it's a ways off from production use [02:52] rsnapshot pretty much looks like what I want [02:52] thanks [02:52] I now need to make sure I have less than 3TB of stuff on my source directory [02:53] FWIW my $boss maintains it and we're looking to replace it with something slightly less funky [02:54] Specifically the two key issues I want to address are 1) literal tabs in the config file; and 2) name backups by their timestamp, not daily.N [02:54] well, this is just my home stuff, going from no backup to a couple 3TB USB3 drives [02:55] qman__: another good trick is to configure udev to run rsnapshot as soon as you plug the drive into the server [02:55] qman__: so all you need to do is rotate the drives and it'll kick off on its own [02:55] was thinking about dd'ing the filesystem on them so they have the same uuid [02:56] then automount, scheduled backup [02:56] Or just tune2fs, dude [02:56] good idea [03:08] * Patrickdk sticks to, zfs send -> tape [03:15] next time I rebuild it I'll go with zfs or btrfs, but that's a ways off [03:15] did a raid 6 with hot spare after it failed, and now I'm adding a real backup [03:15] heh, it took a large push to get me to use zfs [03:16] it just seemed way too good to be true, some of it is though [03:16] I've already had three of the new drives go bad [03:16] first one RMA'd, second one's mid-RMA [03:16] always fun [03:16] third when that one shows up [03:17] fortunately they didn't all die at the same time this time [03:17] lost everything before [03:18] I had a raid50 (6 disk) go bad, with 4 bad disks [03:18] it lasted months though [03:19] just off the raid cards cache ram [03:19] and os buffers [03:19] ha [03:19] the only thing that killed it, was a reboot [03:19] my previous raid 5, lost three drives in one day [03:20] when I built it, I figured the odds were low that they'd die at the same time, and I was horribly mistaken [03:20] how did they fail? [03:21] they were ticking [03:21] been a very long time, since I had one of them [03:21] they were about two years old when they quit [03:21] the other five still work [03:21] for the past 6 years or so, just have bad sectors, or bearing issues [03:22] not using them in that server, just for miscellaneous use [03:23] the new ones, the first two had bad sectors, the third just up and died, no longer detects, clicking [03:24] they sure don't make them like they used to [03:24] my 2tb drive was unpacked with a bad sector :( [03:24] the drive refused to remap it [03:24] said server has a 4GB quantum fireball as /, with many years of service [03:24] ended up locating that sector, calculating it's lvm offset, luks offset, ext2 offset, and telling ext2 to not use that sector [03:25] and it'll probably outlast this second set of raid drives [03:25] as it did the first, and a couple computers before that [03:25] ya, I have two 8gb disks that are good :) [03:25] don't own any ide stuff anymore though [03:26] have 50+ 250gig wd ide drives [03:27] I originally built it on a tight budget, that's why I used it [03:27] but it just keeps working [03:27] no reason to replace it [03:27] qman__: you could arrange an "accident" [03:27] I couldn't believe the new hitachi 1tb disks I got [03:28] they where like 1/4th the weight of a normal harddrive [03:28] patdk-lap: wait til you see SSDs [03:28] spinning metal? fing o der parst [03:28] twb, what ones? I have 6 [03:28] 10 that is I mean [03:28] patdk-lap: well they're lighter again, is all [03:28] na, these hitachi drives are almost the same :) [03:30] my current server builds involve 22 disks, and 4 ssd's [03:30] it's not big or fast, but it doesn't need to be, it just needs to work, the raid 6 is still the performance bottleneck [03:30] That's because raid6 is a shitty algorithm [03:30] mine's got 11 in the raid, 1 spare, and the IDE / [03:30] Necessarily so, of course, but I'll stick to raid1 unless I actually need to extra capacity [03:30] this are raid10 systems [03:31] next time I put real money into it I'm getting one of those 20+ hot swap 4Us and doing it up right [03:31] it's in a mid tower right now === virusuy is now known as sudo [03:32] norco rpc4220 [03:32] 20 disks, and I shove 6 ssd's in the top area [03:33] patdk-lap: how does that 4u hook up to the computer? [03:33] I started with a microATX emachine and some creative drilling and erector set [03:33] twb, normal cables? [03:34] So what, a shitload of esata? [03:34] this case actually fits all the drives, but it's crammed with cables [03:34] what? who uses esata? [03:34] sff8087 [03:34] patdk-lap: you were talking about having a 4u unit to house all the disks, so I don't see how that would connect to a (presumably separate) rackmount server [03:35] * twb looks up that string [03:35] easy, install motherboard in case :) [03:35] plug in sas cable [03:35] well 5x sas cables [03:35] 5 SAS cables for 20 drives? [03:35] one sas cable does 4 disks [03:35] so 5x4 = 20 :) [03:35] Good to know [03:36] My exposure to SAS is mostly "fuck that, SATA is good enough" [03:36] Unless $boss is in "gouge the taxpayers" mode [03:36] first iteration: http://qman.strangled.net:8080/pics/fileserver/0119080025.jpg current: http://qman.strangled.net:8080/pics/ryan/fileserver13drives/2011-06-25%2022.42.58.jpg [03:36] now if you wanted external storage: SC847E16-RJBOD1 [03:36] connect with 2 sff8088 cables (external sas cable) [03:37] "They'll never believe we can run this off a pair of mdadm RAID1'd 2TB SATAs, so we will be using hw RAID5 of four SATA plus another hw RAID1 SATA for the actual real data" [03:37] Sigh [03:38] hmm, I just run sata over sas cables [03:38] yeah, that's what I have with my new card [03:38] keeps the cable clutter down [03:38] but it actually doesn't keep my clutter down, because they're like 3 feet long [03:39] and my case needs like 6" cables [03:39] I have a bunch of 12", 18" and 24" ones [03:40] that power supply popped the other night, replacing it is going to be a real pain [03:40] heh, it's not good to run sata over 3' cables [03:41] oh, 3' is the sata limit [03:41] 3' eh [03:41] so sas is good for 6' (if using real sas drives) [03:41] Oh for the cable, nm :-) === bemu_ is now known as bemu === Lcawte is now known as Lcawte|Away [04:26] hi guys any help how do i setup on my ubuntu server apache web with commercial ssl certificates..? any guide [04:29] hi [04:30] ruben23: define "commercial" [04:31] can ubuntu server make unmanaged switch to managed switch like adding VLAN feature? [04:51] can ubuntu server make unmanaged switch to managed switch like adding VLAN feature? [06:34] I can't seem to get ubuntu to share a folder over a network. Do I need to have a server computer to do this? [06:35] kaspir: there's no such thing as a 'server computer' ;) [06:36] RoyK: A computer running the server edition of Ubuntu if you will [06:36] kaspir: ubuntu server is mostly about stripping away unwanted stuff like X, gnome etc [06:36] and using a *slightly* different kernel [06:37] You want samba server package running on your computer kaspir [06:37] fluvvell: I sudo apt get'd samba and it didn't seem to change anything at all [06:38] jcastro, around [06:38] kaspir, you need to know which folders you want shared on your local network [06:38] RoyK: Thx for the explanation [06:39] fluvvell: I do. I just want to share one folder over a network. Like a free dropbox just on my network [06:39] IIRC recent nautilus has a context menu "share this folder" which internally uses samba [06:40] can ubuntu server make unmanaged switch to managed switch like adding VLAN feature? [06:40] But questions about that should be directed to #ubuntu unless you specifically have a problem with the samba part [06:40] linocisco: no. [06:40] kaspir, to know is to understand. Much of peoples ideas about server technology is wrongly attained from windows. [06:40] linocisco: unless you can somehow install ubuntu on the unmanaged switch [06:40] kaspir, if you're using ubuntu desktop, you can right click on a folder to access sharing options [06:40] fluvvell: unfortunately i have absolutely no knowledge of server [06:41] linocisco: linux *can* perform 802.1Q tagging, but this will not help you unless the other computer(s) can also untag. [06:41] kaspir, join #ubuntu [06:41] fluvvell: i did the right click, and it just gave me ghosted options [06:41] twb, if all computer network card support vlan tagging, is it ok? [06:41] linocisco: it's an OS issue, not a hardware issue [06:41] kaspir, as twb is suggesting, this is the more dedicated ubuntu-server channel. but pm me [06:42] ok sorry guys [06:42] twb, i dont understand [06:42] linocisco: and all the OSs would have to be told like "act as if you are on vlan 3" [06:42] fluvvell: the list of user online isn't showing up on the right can you pm me plz? [06:42] So if you want a managed switch for security, i.e. to lock some machines into a separate virtual switch segment, this will not help you, because anyone who controls those computers can simply configure them to be on a different virtual segment [06:43] twb, if we use cisco managed switches, OS of clients can vary. connected devices are divided according to different VLANs just through the config on switch [06:43] linocisco: yes, this is the difference between managed and unmanaged switches [06:44] linocisco: if you have an UNmanaged switch, you cannot do much -- only what I described above [06:44] twb, this is what i was thinking to make sure [07:00] [ 185.040107] bonding: bond0: link status definitely up for interface eth1. [07:01] "definetely", "no doubt about that", "sure" === smb` is now known as smb [08:55] morning o/ [09:43] New bug: #978698 in postfix (main) "sqlite maps are broken in postfix 2.9.1-2" [Undecided,New] https://launchpad.net/bugs/978698 [09:43] New bug: #978708 in puppet (main) "[Precise] puppet is vulnerable to CVE-2012-1906 and CVE-2012-1986 through CVE-2012-1989" [Medium,Confirmed] https://launchpad.net/bugs/978708 [09:58] smb, Daviey poked me about something you needed sponsoring? [09:58] jamespage, that likely is the iscsitarget thing... a sec [09:59] https://bugs.launchpad.net/ubuntu/+source/iscsitarget/+bug/882540 [09:59] Launchpad bug 882540 in iscsitarget "kernel crash whenever it is accessed" [Medium,In progress] [09:59] jamespage, I got a debdiff attached to the bug report that adds a patch backported from the upstream repo [10:00] smb: turns out i suck. [10:01] Daviey, Or being overworked :) [10:01] smb: something like that i guess :) [10:02] smb, OK - looking now [10:12] smb: I'm assuming that you have tested this? [10:13] jamespage, not personally as it did not happen in my testing. but comment #7 say it worked for someone affected [10:13] jamespage, For me it still worked (with or without the change) [10:13] smb, right-oh - uploading now. [10:16] smb, done [10:16] pending approval from release team.... [10:17] when i'm trying to do cobbler list i get: httpd does not appear to be running and proxying cobbler [10:17] i'm following this tutorial: http://cloud.ubuntu.com/2011/09/oneiric-server-deploy-server-fleets-p2/ [10:17] jamespage, thanks. of course. by now [10:18] never2far: silly question, but is httpd actually running ? [10:18] yup [10:18] root@ubuntu-lan:~# service apache2 status [10:18] Apache2 is running (pid 2471). [10:18] I'm assuming it's using mod_proxy for the proxying ? [10:19] ok [10:20] i haven't changed anything ...just apt-get install ubuntu-orchestra-server [10:21] worth looking what it thinks should be doing the proxying [10:21] ikonia, thank you i'll try to find more info about mod_proxy [10:21] never2far: (I'm only guessing it's mod_proxy - but it seems a logical assumption) [10:29] ikonia, i fixed my problem using dpkg-reconfigure cobbler [10:30] thx for advices [10:31] no problem [10:33] never2far: out of interest did anything change in the config ? [10:52] ikonia, yes the internal ip was a wrong one [10:53] ahh [10:53] simple enough error [10:57] hello, is it possible to install postgresql (v. 8.4) in Pangolin? I suppose I have to do it by manually downloading packages from oneric ? [10:59] !crossposting | pawdro [10:59] pawdro: Please don't ask the same question in multiple Ubuntu channels at the same time. Many helpers are in more than one channel and it's not fair to them or the other people seeking support. [10:59] pawdro, you were told that 12.04 is only supported in #ubuntu+1 [11:40] ec2 question: is it possible to change the security group on a machine after it has been launched? [12:29] Riddell: unfortunately it's not possible, you'll have to snapshot it into an AMI or an EBS image and launch a new one [12:32] lynxman: hmm those sound like useful things to learn about [12:33] Riddell: if your instance is not EBS rooted this is a pretty good tutorial http://alestic.com/2009/06/ec2-ami-bundle [12:33] Riddell: have in mind that creating your own AMI will consume space on S3 [12:34] lynxman: why are some instances EBS and some not? (or is that a question with a complex answer?) [12:35] Riddell: it really depends on what you want from your instance, having an EBS root based instance gives you persistent storage, that's good for some kind of machines that are not design to be rebuilt quickly, let's say a database or some kind of complicated app server (as examples) [12:36] Riddell: whereas memory based instances don't have persistent storage, so you can spawn a lot of them very quickly and template them up using some solution like juju or puppet or chef, then a regular not ebs rooted based instance is the right thing for you, since if the instance dies and all the data from that instance goes away you don't mind [12:37] gosh lots to learn with this cloud stuff [12:37] Riddell: lots of little concepts, once you get the gist of all of them it's pretty sweet actually :) [12:38] good morning [12:38] zul: morning sir [12:52] Ubuntu server is just comandline? [12:53] Debru: unless you install a GUI [12:56] sw: what is suggested for speed, to install ubuntu desktop or server with gui..? [12:57] Debru: it's quite simple. do you need a desktop computer, or a server computer? [12:58] Debru: if you want something minimal, then there's a !minimal version of Ubuntu that might suit you ... [12:58] !minimal | Debru [12:58] Debru: The Minimal CD image is very small in size, and it downloads most packages from the Internet during installation, allowing you to select only those you want (the installer is like the one on the !Alternate CD). See https://help.ubuntu.com/community/Installation/MinimalCD [12:59] sw want somethin what uses less resources and what can be customized to my needs [12:59] Debru: use !minimal then, and install only what you need [13:03] sw one more question what is difference if i install 10.04 or 11.04? after update to 12.04 both will be supported LTS? [13:06] Debru: 12.04 will be LTS for 5 years (desktop + server) [13:06] you can not update directly from 11.04 to 12.04 [13:06] (needs an update to 11.10 first) [13:07] yes, but if i update 11.10 to 12.04 will it be LTS? [13:07] it will be 12.04 ... which will be LTS, yes [13:07] ogra_, so i dont see any difference wich version i take now.. :P [13:07] Debru: well one is old, and one is new - quite simple [13:08] but all can be updated to 12.04 and all get LTS.. [13:08] one might have different ways to configure stuff than the other [13:09] Debru: 11.10 and upgrade to 12.04 when it's released [13:09] ogra_, yes, from that side.. [13:10] ok thanks for your help.. === Lcawte|Away is now known as Lcawte [13:40] ipv6 addresses are assigned automatically for my server, but overtime i accumulated 6/7 ipv6 addresses though all with the same shared prefix. anyone who can point me to a doc on ipv6 that explains this behaviour? [13:42] anyone know why on precise server beta 2, when i run "apt-get remove g++", it fails with the error "g++ is already the newest version"? [13:45] melter: #ubuntu+1 [13:49] hello: I'm seeing something strange. cat /proc/swaps shows nothing yet I have a swap partition defined in /etc/fstab. Any ideas on things to check? [13:50] i guess i can just run swapon, but i'm trying to figure out why it's not showing up, or why it disappeared [13:50] actually, swapon failed, heh [13:51] lamont, is the sqlite fixup for postfix in 2.9.1-3 going to make it for precise final freeze? [13:52] is there a method to disable IPv6 on a specific interface in a machine with multiple nics? [13:52] jamespage: yes [13:52] lamont, \o/ thanks [13:52] I'll upload it today and ScottK tells me he'll smack it through the process [13:54] jamespage: if you wanna help me even more, bug 970921 just needs someone to clone the reporter's main.cf (and fix whitespace cut-n-waste issues), and demonstrate the failure in a chroot, followed by maybe actually figuring out wtf it's doing that [13:54] Launchpad bug 970921 in postfix "Postfix 2.9.1 Crashing with Signal 6 - Postfix 2.8.5-2 works perfectly" [Undecided,Incomplete] https://launchpad.net/bugs/970921 [13:54] lamont, lemme take a look [13:54] I want to have that in there, even if it winds up being in -4 tomorrow or some such [13:54] iclebyte: you're probably looking for /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6 [13:55] jamespage: I'm just a bit timepressed today wrt working on distro stuff [13:55] lamont, I'll look at it now while I wait for php5 to build [13:56] a [13:56] ta [13:56] hmm, this is weird. swapon: cannot find the device for UUID=fe038e8e-382e-4828-869e-8de7d86eacf5 and blkid doesn't show the swap partition either. I'm perplexed. [13:59] robo_: does fdisk show a swap partition ? [13:59] ikonia, good call. No it doesn't. I get an error Disk /dev/sdb doesn't contain a valid partition table [13:59] well, that's why. I wonder what the heck happened [14:00] ty for that breadcrumb ikonia [14:00] not at all, sometimes the obvious stuff is easy to miss [14:03] iptables question: I am trying to check the rule in my forward chain. [14:03] So I do iptables -L FORWARD and my rule shows as "ACCEPT all -- anywhere anywhere" [14:04] Now, I know I have defined I want it to use eth1 and the input and eth0 as output. How can I see that? [14:04] stgraber: d'oh. lxc-init is linked against libapparmor1. It doesn't need to be. Fixing that would require splitting out the functions it uses into their own source files I assume. [14:05] NVM -v did the trick [14:06] Well, I see the rule now: ACCEPT all -- eth1 eth0 anywhere anywhere, but it does not work [14:13] hallyn, re lxc-ip: we are tempted to write the script in Python rather than bash. We expect to call out to host via subprocess (e.g., in Python we will parse the output of "host NAME DNSSERVER"). We can of course do it in bash instead. Would writing it in Python make it less likely that it could be included in the lxc package? If so, we'll go with bash. [14:14] hola buenos dias a todos [14:14] alguien me podria ayudar [14:15] no puedo hacer que ubuntu levante con raid1 por hardware [14:15] alguien tiene algun manual paso a paso de como instalar ubuntu server haciendo raid1 por hardware [14:16] English would help :) [14:16] mi controladora raid es perch700 de dell, tengo un servidor intel xeon de 2.4 el dell es r510 [14:17] spok spanish or engleash [14:17] help === dendro-afk is now known as dendrobates [14:23] !es | ealexmp [14:23] ealexmp: En la mayoría de los canales de Ubuntu, se habla sólo en inglés. Si busca ayuda en español entre al canal #ubuntu-es; escriba "/join #ubuntu-es" (sin comillas) y presione intro. [14:23] gary_poster: no objections to python :) or go for that matter [14:23] hallyn, :-) cool [14:24] gary_poster: i'd frankly like to rewrite a bunch of it in python or go [14:24] sounds great to me [14:25] ubottu: no sabes de algun manual con raid por hardware para ubuntu [14:25] ealexmp: I am only a bot, please don't think I'm intelligent :) [14:27] !sp | ealexmp [14:27] !spanish | ealexmp [14:27] ealexmp: En la mayoría de los canales de Ubuntu, se habla sólo en inglés. Si busca ayuda en español entre al canal #ubuntu-es; escriba "/join #ubuntu-es" (sin comillas) y presione intro. [14:27] what [14:28] someone manual in english [14:28] now yes [14:31] New bug: #978961 in keystone (universe) "add release note that OpenStack should be used on a protected network (dup-of: 978963)" [High,Triaged] https://launchpad.net/bugs/978961 [14:31] New bug: #978963 in keystone "add release note that OpenStack should be used on a protected network" [High,Triaged] https://launchpad.net/bugs/978963 [14:32] ealexmp: https://help.ubuntu.com/11.10/serverguide/C/advanced-installation.html [14:33] I have forgotten my password and my user name for my samba folder, how to recover? [14:56] is there a reason why cobbler precise-x86_64-auto formats root as ext3 ? why not ext4 ? [15:08] tgardner, I suspect that depends on the seeds... [15:09] smb, well, yes. but _why_ is it ext3 ? [15:09] tgardner, I think not in mine... [15:10] tgardner, which kickstart template is used on your system? [15:11] Hm, I see there is a server seed using ext3 and the orchestra seed is using ext4 [15:11] smb, it says this in the web page: /cblr/svc/op/ks/profile/precise-x86_64-auto . Where does that exist on the server? All I can find are /var/lib/cobbler/kickstarts [15:12] tgardner, I usually look at the web interface on the profiles [15:13] tgardner, Doh and -auto would use the ext3 as well... I just use the non-auto version and my own seed... :/ [15:14] smb, so it ultimately resolves to /etc/cobbler/ubuntu-server.preseed which has ext3 as the root fs format. [15:14] yes [15:14] that default seems bogus to me [15:15] tgardner, I wonder whether that is some sort of neglected bastard child config... [15:17] smb, the other thing that preseed is missing is $SNIPPET('orchestra_proxy') [15:17] or kickstart, rather [15:17] tgardner, It looks quite old actually... [15:18] some late greetings from kirkland... ;) [15:33] SpamapS: whenever you're around, found the issue [15:33] lynxman: what was it? === Guest91689 is now known as jolaren [15:35] lynxman: I am at the largest annual gathering of mysql professionals in the world.. so if you need help, I can find it. :) [15:35] SpamapS: it was due to a couple of phased out configuration parameters from 5.1 to 5.5, when running mysqld standalone it complains about these config parameter then exits non-zero, upstart doesn't have that in mind and the error was cryptic [15:35] SpamapS: oooh have fun :D [15:36] SpamapS: maybe it would be convenient to add that to the upstart script somehow? A small config sanity checker of sorts [15:40] SpamapS: can you go beat oracle for security stuff please :) [15:40] zul: I plan to [15:40] * SpamapS goes to keynotes [15:40] SpamapS: goody [15:41] zul: beating people for security stuff is always the first choice amongst packagers ;) === bladernr_ is now known as bladernr_afk === dendrobates is now known as dendro-afk [16:33] jamespage: ping [16:34] adam_g, pong squid3? [16:34] jamespage: yea, given it any more thought? was gonna take a crack at that today with some other packaging things [16:37] adam_g, I did quite a bit of thinking but I've not come up with any miracle solutions I'm afraid [16:37] whichever way we cut its its not going to work for someone. [16:37] jamespage: my original idea was to find the version of squid we're upgrading from, compare on-disk config hash with the hash that was shipped for that version (they arent conffiles so dpkg can't be queried for that, hence that list i showed you last week), and warn users of potential conflicts/problems and to investigate [16:38] jamespage: perhaps give them the option of migrating the config to the new location? [16:38] adam_g, I think that is the best approach we have - there will still be edge cases where people have not taken -updates.... [16:39] adam_g, I think we should preserve the old config file if it has been changed - but I don't think we should drop it into the squid3.conf location [16:39] I think informing the user that they need to review and update to squid3 is the right way to go in that scenario [16:40] good release notes :-) and NEWS. [16:40] jamespage: AFAICS, the default config file has is the same for all versions of a distro release and doensn't change per-build [16:40] Daviey: thoughts? [16:40] ^ [16:40] adam_g, well that makes things easier [16:40] those are the hashes going back to lucid. i can get earlier ones if we need http://paste.ubuntu.com/925109/ [16:41] adam_g, although I think the opportunity to display information during a release upgrade is somewhat limited. [16:42] adam_g: yeah.. a note and release notes is perfect for that IMO [16:42] adam_g, Daviey: so I think this is what we are proposing [16:42] superb [16:42] if hashes match on old file - i.e. default config - all is good in the world - no further action required [16:43] if the config has been changed - preserve it but don't overwrite the default config shipped with squid3 [16:43] does that sounds about right [16:43] oh - and write a good release note :-) [16:44] jamespage: so forget about popping up a dialague? i seem to remember thats bad form unless theres actually some choice for the user, eg not a warning [16:44] +1 [16:44] yep [16:44] ok [16:44] adam_g, put something in NEWS about upgrading from squid2 [16:44] probably the same text as the release note. [16:45] http://www.debian.org/doc/debian-policy/ch-binary.html#s-maintscriptprompt [16:46] lamont, I've been scratching at the postfix bug on-and-off all afternoon but I've not been able to reproduce === tgardner is now known as tgardner-otp [16:59] could I get a puppet "expert" to look at https://bugs.launchpad.net/lucid-backports/+bug/978571/comments/2, I just want to know if the comment at the end is something we need to worry about [16:59] Launchpad bug 978571 in natty-backports "Please backport puppet 2.7.1-1ubuntu3.6 (main) from oneiric-security" [Undecided,New] [17:00] jamespage: well, that's maybe a good thing... dunno === matsubara is now known as matsubara-lunch [17:04] lamont, hmm - not sure - quite a few people reporting the same issue. [17:06] jamespage: that was what I did not want to hear [17:06] I'll spin up a text instance tonight then [17:06] lamont, quite a few = 3 people on that bug report.... [17:10] "sufficent" == ">1" [17:23] jjohansen: have you had a chance to test the apparmor+upstart changes for containers? [17:24] hallyn: I am going through testing a set of changes including those, so far things look good [17:24] jjohansen: ok, thanks [17:25] hallyn: and thanks for doing the patch, I ended up have car issues last night and not getting back until late, so it really saved me :) [17:25] i guess thank your car for having the issues now and not in 10 days :) [17:25] hallyn: I've tested a tweaked version of the apparmor init script outside of a container to make sure things didn't break, and incorporated it into what's going to go into the next apparmor upload (today) at https://code.launchpad.net/~sbeattie/apparmor/apparmor-precise [17:26] (I adjusted the reported strings and made the if-level only one deep) [17:26] sbeattie: cool, thanks. suppose we need to beg someone else to dput upstart [17:26] cool [17:26] yes, should run it by slangasek, I think. [17:26] somehow tests in dash and bash always treat me wrong, so i'm very conservative :) [17:27] ah, heh, that's not a bad thing. [17:38] could somebody please help me with a reinstall issue. I installed samba through the terminal and was configuring. I messed up configuration, didn't know how to fix it so I uninstalled, and reinstalled. It still had the messed up configuration so I uninstalled and manually deleted from /etc. Now upon install no folders or files installed in /etc [17:46] kaspir: sounds like you need to purge the package rather than just remove it. The former removes configuration files; the latter does not. [17:46] rbasak: no i did that [17:47] rbasak: sudo apt-get --purge remove samba # command i used === tgardner-otp is now known as tgardner-lunch === matsubara-lunch is now known as matsubara [18:11] hello [18:11] could someone help me with this tutorial [18:11] http://ubuntuforums.org/showthread.php?t=236093 [18:12] i wanna set bind for my domain, but i don't know how [18:12] i already buy domain and i have settings for two ip's [18:12] how to set those two IP's on my server [18:12] ? [18:17] stgraber: heads up, the deny mounts fix will not make freeze, there are some last minute semantic tweaks happening around 'in' and having multiple option= statements on the same line, that necessitate changes in the deny mounts patch as well. [18:17] * jjohansen is really sorry but doesn't see a better option atm [18:24] utlemming, [18:24] precise-server builds are failing [18:24] needs fixing [18:25] i believe ev is responsible for whoopsie, which is what is causing issues [18:25] smoser: looking now... [18:25] can you chase that for me? [18:26] smoser: it was on my todo list today anyway [18:26] smoser: working on it [18:27] New bug: #856067 in txaws "s3/client.py should not depend on epsilon library" [Low,Fix released] https://launchpad.net/bugs/856067 [18:27] New bug: #862595 in txaws "terminate_instances raises NoneType not iterable on machine shutdown with Openstack" [High,Fix released] https://launchpad.net/bugs/862595 [18:27] New bug: #912607 in txaws "zope.datetime should be dropped in favor of dateutil" [Low,Fix released] https://launchpad.net/bugs/912607 [18:27] utlemming, background is that ev recently added whoopsie to the server seed. [18:27] where recently == after last successful build [18:28] ah, okay, I was wondering where that came from [18:31] I can't find the equivalent of a netinstall image or a business card image for ubuntu server, are these minimal images provided? [18:34] is there a terminal command for finding out what type of server a website is running [18:35] xr1rr: could you be more specific? Type in OS, CPU, memory...? [18:36] lynxman: Yes OS === tgardner-lunch is now known as tgardner [18:36] i.e. Ubuntu.. Apache [18:36] xr1rr: if it's a linux or unix kind /etc/issue should have the version running [18:38] What's the proper way to set the FQDN of an ubuntu server host? (i cant do it via dhcp in this case) [18:39] i know i can set the hostname in /etc/hostname but what about the rest of the fqdn [18:40] lynxman: can you get this info from a domain name [18:41] xr1rr: nmap [18:41] xr1rr: or do you mean from the local shell? [18:42] jkyle: for example if I wanted to find out the server OS of somewebsite.com [18:43] ask it's webbrowser :) [18:43] IT IS WEB BROWSER [18:44] xr1rr: hostname --fqdn [18:44] patdk-wk: can you explain ;) [18:45] you can only find out, what they tell you [18:45] you can attempt to infer all you want though [18:47] ok [18:48] jkyle: http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/ or s/precise/oneiric/ or lucid as needed. [18:48] xr1rr: nmap [18:48] jkyle: ok i'll try [18:48] rbasak: those are netinstalls for pxeboots [18:49] xr1rr: http://nmap.org/book/osdetect.html [18:49] wait, mini.iso looks promising [18:49] jkyle: I'm not sure mini.iso is. I think you can install from that without pxe [18:50] streaming those nigh 1gb images over wan for remote installs is overkill [18:51] New bug: #979223 in etckeeper (main) "etckeeper tries/fails to autocommit on clean trees with shelved changes" [Undecided,New] https://launchpad.net/bugs/979223 === viezerd- is now known as viezerd [20:15] hallyn, I have reason to suspect that sem_open is broken in lxc (ENOSYS). I need to write a simple C program to verify, but does this wring a bell at all? [20:16] heh, or ring [20:16] no, neither [20:17] ENOSYS... is this i386 on amd64? === bladernr_afk is now known as bladernr_ [20:19] gary_poster: maybe you need access to /dev/shm? [20:19] hallyn, it is a 4 bit machine; uname -a saus i686 [20:19] gary_poster: mount | grep shm ? should have a tmpfs on /dev/shm [20:20] awesome [20:20] heh 64 bit machine [20:20] host is i686, or only the lxc container? [20:20] mount | grep shm shows nothing hallyn [20:20] host and container are 64 bit [20:21] gary_poster: guessing that is the problem [20:21] this is happening locally on my machine and on a ec2 instance [20:21] gary_poster: can you add an entry to /var/lib/lxc//fstab [20:21] none /dev/shm tmpfs defaults 0 0 or something [20:22] ack [20:22] if that works we'll need to do it in the templates [20:23] hallyn, no initial slash so "none dev/shm tmpfs defaults 0 0" yeah? trying [20:24] good point :) [20:25] hallyn, that fixed it [20:25] hallyn, want me to file a bug just to help out with bookkeeping, or not bother? [20:25] gary_poster: thanks, I'll get that fixed in the templates [20:26] cool thank you [20:26] gary_poster: sure, that'll look less fishy :) thanks [20:26] (keep the release team from thinking i'm trying to trick them) [20:26] WARNING: 27.37˚C > 25˚C <-- Datacentre is getting cozy... [20:27] lol [20:28] * RoyK just got to work and is in a foul mood [20:31] hallyn, bug 974584 [20:31] Launchpad bug 974584 in lxc "Semaphores cannot be created in lxc container" [Undecided,New] https://launchpad.net/bugs/974584 [20:36] gary_poster: thanks [20:39] welcome [20:42] New bug: #974584 in lxc "Semaphores cannot be created in lxc container" [Undecided,New] https://launchpad.net/bugs/974584 [21:01] is there a channel for MAAS? [21:03] gary_poster: well fooi. it's not so simple [21:03] stgraber: containers have a problem with /dev/shm. [21:04] hallyn: /dev/shm pointing to /run/shm which doesn't exist? [21:04] hallyn, darn [21:04] ok [21:05] (I saw that case a couple of times but didn't have time to track it down and didn't seem like it was always happening for me) === dendro-afk is now known as dendrobates [21:09] stgraber: not quite. /run/shm is fine. but /dev/shm exists as a file, so the initscript doesn't create it as a symlink to /run/shm [21:10] hallyn: oh, that's the source of the issue! what's creating it as a file? [21:10] dunno [21:10] (sorry, network keeps stalling here) [21:11] I can't see any case where it'd make sense for it to be a file, a directory makes sense, a symlink does too, but a file ... besides using it as a target for a bind mount, I don't see what that'd do [21:11] stgraber: sorry a regular dir [21:11] it's waht debootstrap creates... [21:12] hmm, ok, so just remove it and replace with a symlink then? [21:13] stgraber: do that where? in our template? or in mounted-dev.conf? [21:15] curse /run [21:18] hallyn: actually the problem is likely initscrips postinst [21:18] which should convert it? [21:18] hallyn: from what I read in /var/lib/dpkg/info/initscripts.postinst [21:20] hallyn: it's a bit unclear really, but there's code in there to ln -sf it as well as code to make it a directory, so I'm a bit confused :) [21:20] do people that maintain the ec2 ami for ubuntu hang out here or is that another room? [21:20] stgraber: oh i get it [21:21] stgraber: in non-chroot, mount -bind /run/shm to /dev/shm, and /dev will be re-created (so shm go away) on reboot [21:21] stgraber: in chroot, don't bother with the bind mount (bc it wn't go away cleanly) just ln s-sf [21:21] question is, why aren't we being treated as a chroot? [21:21] so if we got a clean /dev on reboot of container, we'd be fine [21:22] (maybe, iiuc :) [21:22] oh yeah, and since dev isn't a separate fs from /, it does the mkdir on line 290 [21:22] 390 [21:23] thesheff17: you want utlemming or smoser i think [21:23] thesheff17: what's up? [21:24] sun-java6-jdk isn't found even though I add partner mirror. [21:24] us-east-1e ami ami-0baf7662 [21:25] stgraber: oh wait! mounted-dev never even runs bc we don't mount /dev [21:26] thesheff17, nothing to do with the mirror unfortunately. [21:26] but more to do with the partner [21:26] i think you'll need to call Mr. Ellison. [21:26] heh === leo-nel is now known as leonel [21:26] this worked on previous ami :) [21:27] thesheff17, no. it worked at a previous point in time. [21:27] https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-December/001528.html [21:27] ah ok thanks [21:27] didn't see thise [21:27] it sucks. [21:27] smoser: thanks, you beat me to that link [21:27] there are ways around it. [21:28] but i will leave yo to google that. [21:28] hehe ok thanks [21:32] stgraber: it seems like the code starting on line 390 in the psotinst is legacy [21:33] the /dev/shm dir/symlink will always exist by then [21:33] unless i'm missing some conditional somehwere === bladernr_ is now known as bladernr_afk [21:53] hey, I have Lucid installed, I want to upgrade to the next releast, I have Prompt=normal in /etc/update-manager/release-upgrades, I did apt-get update, but do-release-upgrade -d shows No new release found :/ - what am I doing wrong? === matsubara is now known as matsubara-afk === caveat-_ is now known as caveat- === bladernr_afk is now known as bladernr_ [22:46] New bug: #979414 in juju (universe) "juju bootstrap failed - 12.04 beta" [Undecided,New] https://launchpad.net/bugs/979414 [22:55] hi all, I wonder if someone can help me figure out a problem with libvirt and virsh [22:55] currently I'm just trying to run virsh but any virsh command will just hang forever unless ctrl+c [22:55] I'm on precise 12.04