=== kees_ is now known as kees | ||
uvirtbot | New bug: #987051 in samba (main) "advice" [Undecided,Invalid] https://launchpad.net/bugs/987051 | 00:41 |
---|---|---|
=== AntORG_ is now known as AntORG | ||
=== statik_ is now known as statik | ||
JoeCoder | Hello. I'd like to share / via samba. This is a virtual machine used for development only, and I want the host os to have complete read/write access to the drive. | 03:10 |
JoeCoder | however, chmod -R 777 / would cause things to break, since some processes require their files to have certain permissions. | 03:11 |
twb | You don't need to chmod -R to export a directory tree via samba, and you almost certainly don't want to export / in any case. | 03:12 |
JoeCoder | I do want to export /. I realise this is atypical. | 03:12 |
JoeCoder | I'm developing software to run on an ubuntu server. all of my development environment is on windows and tied to it for other reasons. | 03:13 |
twb | A safer way to arrange this would probably be to use SFTP with passphraseless SSH keys, with the host OS sshing in as root if superuser write access is necessary. | 03:13 |
JoeCoder | I don't have a good way to mount sftp as a drive on windows. | 03:13 |
twb | Windows will make that harder, but AIUI it can still be done with filezilla or something | 03:14 |
twb | If this is development code, syncing between hosts should almost certainly be done with a VCS, e.g. git or svn. | 03:14 |
twb | (code as opposed to a configuration management, or word processor documents or something.) | 03:15 |
JoeCoder | I use mercurial for code storage, but I don't want to have to commit for every small change I want to test. I also have config file changes spread throughout the filesystem. | 03:15 |
seekwill | JoeCoder: Why do you want to have full control via SMB? | 03:15 |
twb | You could make tiny commits in a dev branch and then squash them into coherent logical commits when they are working. But hg may make this tedious and painful. | 03:16 |
JoeCoder | yeah | 03:16 |
seekwill | WinSCP? | 03:16 |
twb | As for configuration management, this might best be done with puppet or cfengine or such. | 03:16 |
twb | Broadly, instead of making changes directly, you write a version-controlled config file which is under VCS and is applied by the configuration manager. | 03:17 |
JoeCoder | I have a shell script that can does this already | 03:17 |
JoeCoder | but for development I just need to fiddle with things. | 03:17 |
twb | Also, if you are developing software for an Ubuntu server, you should consider packaging it formally (i.e. as a .deb), which has some deployment implications (both bonus and malus). | 03:17 |
JoeCoder | it's somewhat of a shared hosting package. I'll be the only user. | 03:18 |
JoeCoder | the only *direct user. | 03:18 |
twb | It can still be useful to package in-house stuff formally, but often less so. | 03:18 |
JoeCoder | and with such, there's code being deployed across multiple user accounts, since apache runs each hosted site as a separate user. | 03:18 |
JoeCoder | I have eclipse, photoshop, and half a dozen other tools running on windows. not that I prefer windows, but I need it for other work. And I don't want to have to setup my development environment twice on two different os's. | 03:19 |
twb | Well, you're pretty fucked there, since Windows won't have the same UIDs | 03:19 |
JoeCoder | UIDs? | 03:19 |
twb | users | 03:19 |
JoeCoder | I don't see how that limits me? | 03:20 |
JoeCoder | so far I've developed this thing and ftp'd my code up to a rackspaces server for testing. but that's getting tedious. | 03:20 |
=== Tm_K is now known as Tm_T | ||
JoeCoder | so I had hoped to smb share a local ubuntu server vm with eclipse running on windows with multiple projects directly in the ubuntu server filesystem. | 03:21 |
twb | You said you want to blat files owned by different users, on the remote host (the ubuntu server). This means you'd either need to have your upload infrastructure auth as different users for each bit, or have a munger script to fix things. | 03:21 |
twb | If eclipse can only talk SMB and not SSH/scp/SFTP, it's pretty crap. | 03:21 |
JoeCoder | I don't know if it can talk any of those. smb is handled a layer below by windows. | 03:22 |
twb | Dunno. Emacs can use the OS's mountpoints, but it can also speak both SMB and SSH directly i.e. in userspace, to access remote files. I assume Eclipse can do the same. | 03:23 |
JoeCoder | if there's a way to smb share /, and make newly created files via smb inherit the permissions of the parent folder, I'm pretty srue it will all work. | 03:23 |
JoeCoder | when I tried emacs, it couldnt' handle php and html code in the same file. #emacs didn't have any solutions. | 03:23 |
twb | POSIX DACs don't work that way. | 03:23 |
twb | New files in a setgid dir will by default have the same group as the dir, but that's all you can do. | 03:24 |
JoeCoder | twb: eclipse isn't an operating system :) | 03:24 |
twb | You MIGHT be able to have samba export, say, /srv/www/alice and /srv/www/bob directly and have *samba* squash permissions and usage to thei respective users. | 03:25 |
twb | But I doubt you can or should do what you are asking for, for / as a whole | 03:25 |
JoeCoder | twb: that might work. | 03:25 |
JoeCoder | this is only a share between a guest vm and a host os, so I don't see any dangers in sharing /. Whether it can be done is sitll an issue. | 03:26 |
twb | You could also investigate non-DAC access control (i.e. LSMs, NFSv4/SMB2 ACLs), but that's almost certainly a lot of hassle and probably not going to help. | 03:26 |
JoeCoder | this solution was actually suggested by users in #virtualbox | 03:26 |
JoeCoder | what's DAC? | 03:26 |
twb | discretionary access control | 03:26 |
twb | i.e. rwxrwxrwx | 03:26 |
JoeCoder | ah, ok | 03:26 |
twb | https://en.wikipedia.org/wiki/Discretionary_access_control | 03:27 |
JoeCoder | if I share /home/alice, and /home/bob, I'll still have to make them 777. | 03:27 |
twb | Why? | 03:27 |
JoeCoder | maybe I'm wrong? | 03:27 |
JoeCoder | in my current share of /, I can only browse, but not read or write. | 03:27 |
JoeCoder | I had assumed 777 was required. | 03:28 |
twb | If someone says you need to chmod -R 777, you should shoot them in the head | 03:28 |
twb | Because they are a fucking cowboy. | 03:28 |
JoeCoder | nobody has said that. | 03:28 |
JoeCoder | and I certainly don't want to do that. | 03:28 |
JoeCoder | as I said in the beginning, certain processes will only work with certain permissions on their config files. | 03:29 |
twb | Then set those permissions. | 03:29 |
JoeCoder | they're already set. I'm explaining why 777 is a terrible idea. | 03:29 |
JoeCoder | moreso, in my testing of sharing /media/share, i can only write to it if it's 777. 755 prevents me from writing via samba. | 03:31 |
JoeCoder | this problem will prevent even the home/alice, home/bob solution. | 03:31 |
twb | That is because you are logging in as the wrong user | 03:32 |
twb | Perhaps this would be a good time for you to pastebin your smb.conf | 03:32 |
JoeCoder | I wonder how I can control that. | 03:32 |
qman__ | by logging in as a user that has permission | 03:34 |
JoeCoder | it's the default smb.conf from 12.04 with this added at the bottom: https://gist.github.com/1bc9a5d1390e0c4adc4a | 03:34 |
JoeCoder | when I first connected via windows, I typed Guest as the username. | 03:34 |
JoeCoder | later, I created a Guest user in ubuntu and added that user to the root group | 03:34 |
JoeCoder | but that didn't make a difference. | 03:35 |
twb | Pastebin the whole file. ICBF downloading the 12.04 samba source to find out what its default config file looks like. | 03:37 |
twb | Adding a user to group 0 won't give it superuser privileges. It must be user 0. | 03:37 |
JoeCoder | https://gist.github.com/1bc9a5d1390e0c4adc4a | 03:37 |
JoeCoder | I forgot that I had also changed the workgroup name to match the rest of my network, on line 38 | 03:38 |
JoeCoder | I'm working on logging on as the root user via windows. I have to figure out a way to make windows let me re-enter the crednetials. | 03:40 |
qman__ | JoeCoder, in vista/7, credentials manager, in XP it's more hidden, "rundll32.exe keymgr.dll, KRShowKeyMgr" | 03:42 |
JoeCoder | impressive knowledge | 03:43 |
JoeCoder | but the list is empty. I recently deleted it via net use, and also in the saved network credentials in control panel. | 03:44 |
qman__ | my day job is a sysadmin for about 50 people running windows SBS, I run into it all the time | 03:44 |
qman__ | ok, if it's not in there you need to log off and back on again | 03:44 |
JoeCoder | of my windows account? | 03:44 |
qman__ | yes | 03:44 |
JoeCoder | brb | 03:44 |
JoeCoder | that allowed me to re-enter my credentials. But even when connecting via root, I don't have write access. | 03:46 |
twb | qman__: you poor bastard | 03:46 |
JoeCoder | in case you're wondering, I have no heartfelt feelings for windows and would migrate completely to linux, if I didn't need it for other tasks. | 03:47 |
JoeCoder | we do windows software development at my day job, heavily tied to visual studio and the windows libraries. | 03:48 |
twb | Shrug. | 03:48 |
qman__ | not sure what user samba runs as, might be an issue there | 03:49 |
qman__ | or it might be some safety thing preventing root from being root | 03:50 |
qman__ | because normally such a thing is a very bad idea | 03:50 |
twb | It probably acts like sshd where the master proc runs as root and it drops privs in subprocs | 03:50 |
twb | Nope, all procs run as root as at 8.04 | 03:50 |
JoeCoder | I've read that samba runs as root. | 03:51 |
JoeCoder | thanks for the help so far, everyone. | 03:53 |
qman__ | I guess next steps would be to see if it's really a permission problem or a root safety, or maybe it's a multi filesystem block, or a setting on the samba share | 03:56 |
JoeCoder | I'm reading the smb.conf docs now | 03:56 |
JoeCoder | they're unfortunately long. | 03:56 |
qman__ | yes, lots of options | 03:56 |
qman__ | SMB is pretty complex | 03:56 |
qman__ | and samba's got lots of auth methods and stuff to convert the permissions | 03:57 |
twb | SMB is a clusterfuck. SMB2 looks a lot nicer, but the client side support isn't available in Linux yet AFAIK. | 03:57 |
twb | Remember SMB was designed before IP had won! | 03:58 |
qman__ | yeah, all that netbios garbage and then you've got the leftovers from windows 9x | 03:58 |
qman__ | even just getting rid of the pre-NT stuff would help immensely | 03:58 |
twb | qman__: um, NT defaults to using NetBIOS in preference to DNS up until about 6.0 or 6.1 | 03:59 |
qman__ | yeah | 03:59 |
twb | And kerberized CIFS isn't mandatory even now | 03:59 |
qman__ | and people wonder why windows networking is so buggy and unreliable | 04:00 |
twb | NTLM should be shit-canned as well, since we're wishing | 04:00 |
twb | qman__: it's unreliable because it's stolen from BSD ;-) | 04:00 |
qman__ | true enough, a very old version of BSD | 04:00 |
JoeCoder | solved all my problems | 04:34 |
JoeCoder | I added these flags to smb.conf: | 04:34 |
JoeCoder | admin users = %U inherit permissions = yesinherit owner = yes | 04:34 |
JoeCoder | err, with line returns and spaces, that is. | 04:34 |
JoeCoder | the first makes the currently connected user have root access to everything. | 04:34 |
JoeCoder | I also had to set the sgid flag on the directories I'll be working in, so that newly created files will inherit the same group | 04:35 |
twb | If you have your heart set on doing this in samba, you should probably discuss it with #samba, who will understand the intricacies better than us | 04:43 |
=== flepied_ is now known as flepied | ||
=== smb` is now known as smb | ||
=== andol_ is now known as andol | ||
=== android is now known as jussi | ||
koolhead17 | hi all | 09:50 |
brainysmurf | hi, i am running a server for a school with 1000 students. Is there a distinct advantage to making virtual users instead of system users? | 11:01 |
rbasak | brainysmurf: virtual users have less admin overhead, since you don't need to manage disk quotas and other resources as much, and there's less scope for users to do something they shouldn't be able to. But it depends entirely on what services your server actually needs to provide its users. | 11:07 |
rbasak | (you'll still want disk quotas if you're providing a file server, for example) | 11:08 |
brainysmurf | rbasak: If say a student's login could change due to passport name changes or something, do system users have a way of doing this easily? | 11:10 |
brainysmurf | er, to admin have an easy way to change it for them | 11:11 |
brainysmurf | Also, the server should have an ldap service | 11:13 |
rbasak | brainysmurf: I'd say that login name changes are best avoided completely. There may be many services that key on the username instead of the uid. Config files probably key on usernames rather than uids. If absolutely necessary, I've dealt with these requests in the past by creating an entirely new user and migrating necessary items across to avoid unexpected issues. With virtual users, the issues are usually much easier to enumerate. | 11:13 |
rbasak | brainysmurf: you can of course change the full name associated with a username easily. | 11:13 |
ruben23 | guys you tried setting up mysql serevr on ubuntu serevr and i cant find samples config fiels like --> my-huge.cnf and my medium-cnf | 11:13 |
ruben23 | any idea..? | 11:14 |
brainysmurf | that's really helpful thanks rbasak | 11:14 |
rbasak | no problem! | 11:19 |
Patrickdk | ruben23, those files are extreemly dated | 11:19 |
ruben23 | Patrickdk:what you mean dated..? | 11:20 |
chmac | I recently deployed a handful of servers on 11.10 and now I want to upgrade to 12.04 when it goes final. Any advice on whether `apt-get dist-upgrade` is a better option than re-installing from scratch? | 11:22 |
chmac | I have only remote access to the machines, and I'm not sure how quickly the hosts will release the 12.04 image, so a fresh install might present some challenges. | 11:23 |
brainysmurf | Patrickdk 'dated' means old, out of use | 11:24 |
rbasak | chmac: you should use "do-release-upgrade" rather than "apt-get dist-upgrade". If there's anything that stops dist-upgrade from just working, do-release-upgrade is where that knowledge goes. | 11:28 |
chmac | rbasak: Ok, great, this'll be my first upgrade after 4/5 years of using Ubuntu, I've alwasy re-installed before, thanks for the advice. | 11:29 |
rbasak | chmac: as for your actual question, I'm not sure what the best answer for you would be. It's a trade-off. Both approaches should work. But they have different failure modes. There's no substitute for testing before doing any kind of update on production servers. | 11:29 |
chmac | rbasak: Right, we have 3 identical servers and I'll upgrade the non-production box first, fail over to it, upgrade production and fail back. | 11:30 |
rbasak | chmac: that sounds like a good plan | 11:30 |
chmac | rbasak: I'm already running mysql from a PPA, so I'm guessing that switching from the ppa version to precise's 5.5 should be fairly seamless. | 11:31 |
chmac | rbasak: I think that's the major area for potential breakage, hopefully it goes smoothly. | 11:31 |
rbasak | chmac: you might be interested in reading https://lists.ubuntu.com/archives/ubuntu-server/2012-February/006073.html and https://lists.ubuntu.com/archives/ubuntu-server/2012-February/006129.html | 11:34 |
chmac | rbasak: Reading now, thanks | 11:35 |
afuentes | im going to upgrade my jaunty server to lucid... im not even in the latest jaunty so im going to upgrade first to latest jaunty and then to the latest lucid. Is it advisable to reboot (i watched the upgraded and it includes a new kernel) after upgrading to latest jaunty and before upgrading to lucid? | 11:36 |
rbasak | afuentes: yes, and I think the supported path is jaunty->karmic->lucid rather than jumping a release. But I'm not sure. | 11:38 |
afuentes | well, i plan to just do dist-upgraded... i tested in a similar test machine and it worked fine :) | 11:38 |
afuentes | i basically only have lvm and kvm in that machine | 11:39 |
chmac | rbasak: Interesting reading, thanks for the links. | 11:41 |
rbasak | chmac: no problem | 11:41 |
chmac | I'd be happy to see percona-server replace mysql as the "default" database.If it were included in the official repos that would give me a great deal more confidence than having to figure out what's required to get it directly from percona, etc. | 11:42 |
maedox | Hi all, I booted a 12.04 server in EC2, and even though there's no NOPASSWD statements in /etc/sudoers I'm not asked for a password when sudo -i. Anyone know how it's configured? | 11:42 |
rbasak | maedox: /etc/sudoers.d/90-cloudimg-ubuntu | 11:43 |
maedox | oh god, I just found that myself | 11:43 |
maedox | lol | 11:43 |
maedox | thanks :D | 11:43 |
rbasak | chmac: I *think* percona or mariadb is the direction it's headed, since oracle make it difficult to cherry pick security fixes which has been the way debian and ubuntu have always worked in order to maximise stability. Looks like neither percona and mariadb are available in precise though - I presume they missed the release for time reasons. There will probably be a session and decision made at UDS-Q on this. | 11:45 |
maedox | If I keep upgrading 12.04 beta will it go into release mode, as in lose the (development branch) tag, or is that a release upgrade? | 11:45 |
rbasak | maedox: I'm not sure but I presume so. I can't think of any other way it would happen. | 11:46 |
maedox | rbasak: Hope so. Can't remember what has happened in the past though. I guess we'll see soon enough. | 11:47 |
chmac | rbasak: Sounds like Ubuntu made a big commitment to support mysql-5.5 in Precise for 5 years, which gives me comfort. I'll probably stick with it for now, but if percona had been a drop in replacement from the repos, boom, I'd have switched. | 11:54 |
chmac | rbasak: Do you know if Maria is a drop-in replacement? I noticed a different version number, wasn't sure if it was moving in a new direction rather than following mysql. | 11:54 |
rbasak | chmac: "MariaDB 5.3, in release-candidate now, is 100% backward compatible with MySQL 5.1.". I don't know any more. Sticking with mysql-5.5 for now makes complete sense. The unfortunate position though is that security updates may affect stability, since the security team may have to blindly take releases from upstream rather than being able to see the corresponding upstream commits. | 11:57 |
rbasak | chmac: I don't know that there's any other option though. | 11:58 |
chmac | rbasak: I might put an hour or two into investigating percona-server. If it's a drop in replacement, could be an option, although I dare say that means I'm dependent on percona release updates rather than ubuntu. | 11:58 |
=== jdstrand_ is now known as jdstrand | ||
=== alaing is now known as funkymonk | ||
zul | good morning | 12:42 |
koolhead17 | evening zul :) | 12:58 |
chmac | afternoon | 13:00 |
memoryleak | When I use apt-add-repository to add a new repository, where does it writes the repository to? I want to undo that, can't find in /etc/apt/source.list | 13:03 |
=== jcastro_ is now known as jcastro | ||
koolhead17 | adam_g, let me know your around. will need your helping hand in getting vnc viewer via horizon up and running. :( | 13:20 |
phaidros | hi, I have troubles with openssl, trying to setup my own CA and deploy a simple *.tld wildcard cert for my local TLD. Creating CA and importing the CA certificate into the browser works nice. | 13:22 |
phaidros | creating, signing and deploying the *.tld certificate does well, too. | 13:22 |
phaidros | but, firefox as well as chromium complain about a domain name mismatch between the cert stating *.tld and the actual site being something like phpmyadmin.tld .. | 13:23 |
henkjan | memoryleak: /etc/apt/sources.list.d | 13:57 |
memoryleak | henkjan: thanks, I've found it allready | 13:57 |
=== Lcawte|Away is now known as Lcawte | ||
brainysmurf | Can email users be defined by an ldap on the same server? | 14:47 |
resno | without having kvm extensions whats the next best virtualizer i can use? | 15:11 |
zul | Daviey: can you review quantum please? | 15:11 |
zul | Daviey: nm thanks though | 15:14 |
hallyn | resno: depending on what you need to do, might look into lxc, openvz, linux-vserver | 15:24 |
resno | hallyn: do you suggestion against something like proxmox? | 15:25 |
resno | i know it runs openvz inside of it | 15:26 |
* koolhead17 thinks its not so lucky day :( | 15:41 | |
hallyn | jjohansen: bug 987371 :( | 15:44 |
uvirtbot` | Launchpad bug 987371 in lxc "unconfined containers are not starting" [Undecided,New] https://launchpad.net/bugs/987371 | 15:44 |
hallyn | jjohansen: it sounds like aa_change_profile() wants /etc/apparmor.d/unconfined to exist? This used to work, i'm quite sure... | 15:54 |
hallyn | sounds like i get to add a test to the suite when this is fixed | 15:54 |
jjohansen | hallyn: :( | 15:59 |
jjohansen | hallyn: wait can you try with | 16:01 |
jjohansen | http://people.canonical.com/~jj/linux-image-3.2.0-23-generic_3.2.0-23.36~aa_amd64.deb | 16:01 |
jjohansen | jdstrand: so you are aware ^ | 16:01 |
sanguisdex | where can I read up in Turing off password authentication for ssh connections | 16:02 |
hallyn | jjohansen: i'm testing on cloud image :( | 16:03 |
jdstrand | jjohansen: I am not aware of this | 16:03 |
hallyn | jjohansen: trying to get a machine up where i can test, but the installer is not cooperating | 16:03 |
jjohansen | jdstrand: just making you aware | 16:03 |
jjohansen | hallyn: ah, hrmmm | 16:05 |
hallyn | jjohansen: (but bookmarked, will try it) | 16:06 |
hallyn | I assume it should be easy enough to whip up a program and test profile to reproduce | 16:07 |
hallyn | if the lxc way is too much overhead | 16:07 |
jjohansen | hallyn: if its what I think it is, we already have a couple tests for it, but it came to late for the kernel | 16:09 |
jjohansen | and is scheduled with a couple of other fixes for the next one | 16:10 |
hallyn | jjohansen: ok, that'd be good, thanks. i'll mark it as affecting kernel, and if your .deb fixes it i'll mark it fix committed | 16:12 |
hallyn | was about to add the same comment to the bug as you did :) thanks | 16:13 |
=== dendro-afk is now known as dendrobates | ||
=== matsubara is now known as matsubara-lunch | ||
=== dendrobates is now known as dendro-afk | ||
* koolhead17 wonders why we don`t have swift config files after installing it from repo. | 17:32 | |
erichammond | I just got dropped from #ubuntu-cloud and got an alert that it now requires an invitation. | 18:16 |
Pici | erichammond: it forwards here now, and since you're already here.... | 18:17 |
Pici | Just a quirk of the ircd. | 18:18 |
erichammond | Pici: Ah, thanks. | 18:19 |
hallyn | jjohansen: that kernel does seem to fix it | 18:22 |
jjohansen | hallyn: okay thanks for the confirmation | 18:22 |
=== matsubara-lunch is now known as matsubara | ||
Laice | anyone here used ISPConfig? | 18:50 |
=== dendro-afk is now known as dendrobates | ||
resno | our server infrastrucutre needs to move, and i need a bit of help knowing what hardware to pick out... if anyone could help | 19:11 |
=== hggdh_ is now known as hggdh | ||
=== Muska_ is now known as Muska | ||
=== Timothy is now known as Taftse | ||
resno | RoyK: ping? | 19:35 |
=== pangolin is now known as quantal | ||
=== dendrobates is now known as dendro-afk | ||
=== quantal is now known as pangolin | ||
=== bemu_ is now known as bemu | ||
grendal-prime | grrrr | 20:10 |
grendal-prime | postfix | 20:10 |
grendal-prime | i just need to be able to send mail from this server via another smtp server on the network | 20:11 |
lamont` | lots of choices there | 20:11 |
grendal-prime | lamont`, ya but i have to use postfix | 20:13 |
lamont` | grendal-prime: I have personal reasons to applaud that decision | 20:14 |
grendal-prime | ok | 20:15 |
grendal-prime | so what is the simplest config to foward anything going out to another smtp server | 20:15 |
el_seano | lamont`: postfix dev :D | 20:38 |
=== lamont` is now known as lamont | ||
=== dendro-afk is now known as dendrobates | ||
=== blendedbychris2 is now known as BlendedByChris | ||
Aison | i'm going to hate ubuntu server :) since 11.10 networking sucks completly. Eg. a simple network setup with bonding and vlan that worked for years suddenly stopped. After a reboot, all my machines are lost and I have to got to the console and manually setup bonding with ifenslave and vlans | 21:42 |
rbasak | Aison: sorry to hear about that. If you can work out steps to reproduce, please do file a bug and we can look into it. I couldn't call a network setup involving bonding and vlans "simple" though! | 21:44 |
Aison | that's my network/interfaces file. maybe there were some slight changes required, no idea | 21:46 |
Aison | http://pastebin.com/MN5Pi86V | 21:46 |
Aison | after rebood, bond0 is up, but eth0 and eth1 not, so no real device is enslaved by bond0 | 21:47 |
Aison | somehow eth0 and eth1 are not started | 21:47 |
Aison | so I have to login into the console and do ifconfig eth0 up and eth1 up | 21:48 |
Aison | then ifenslave bond0 ..... | 21:48 |
rbasak | Aison: looks like there's documentation on this in /usr/share/doc/ifenslave-2.6/README.Debian.gz. You need bond-master and bond-primary lines in /etc/network/interfaces against eth0 and eth1. | 21:55 |
robbiew | zul: do we need a blueprint for this -> https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-openstack-stable | 21:56 |
robbiew | seems like it's business as usual...maintaining the stuff we ship | 21:56 |
robbiew | arosales: do you know if jamespage wanted a session for this or just a blueprint to track work items -> https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-tomcat7 | 21:58 |
* arosales looking | 21:59 | |
arosales | robbiew: looks to just track, doesn't look like it needs a lot of discussion | 22:00 |
arosales | robbiew: ah, whiteboard, "no session needed" :-) | 22:01 |
robbiew | ah..damn it | 22:01 |
robbiew | thanks | 22:01 |
arosales | robbiew: np, thanks for taking a look at the proposed blueprints | 22:02 |
rbasak | Daviey: please see backscroll for Aison's upgrade breaking bonding and making the system unreachable. Looks like it's a required documented change in /etc/network/interfaces, and I think it'll hit Lucid->Precise upgraders too. Something for the release notes, perhaps? | 22:09 |
* Daviey lookies | 22:10 | |
rbasak | Daviey: http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/precise/ifenslave-2.6/precise/view/head:/debian/README.Debian#L39 for the documentation on this. | 22:12 |
Daviey | robbiew: I think, as we aren't planning to do traditional SRU's for openstack.. grab the latest stable tree and upload, we could do with a session.. along with SRU team, to formalise what we need to do for testing and process. | 22:12 |
robbiew | ah | 22:12 |
Daviey | robbiew: That being said, i suspect a 30 min session would be ideal. | 22:12 |
robbiew | 30min? | 22:13 |
robbiew | maybe add to the openstack next steps session | 22:13 |
Daviey | robbiew: yeah, i think they could sit together well. | 22:13 |
Daviey | robbiew: i'll make sure pitti and SpamapS are aware of their requested attendance for the start/trailing 30 mins. | 22:14 |
Aison | rbasak, thx, going to try that | 22:14 |
adam_g | personally i think we need at least a whole hour dedicated to the openstack SRU stuff. we really have a lot to cover among each other on the server team + others outisde | 22:14 |
Daviey | adam_g: depends how fast we talk :).. but yes, you are probably right. | 22:15 |
Daviey | we can also work out what extended manual/human vs automated validation we need. | 22:15 |
adam_g | Daviey: how and what we decide wrt to supporting multiple versions of openstack has a big impact on other things like general openstack next steps and CI next steps | 22:16 |
Aison | rbasak, nice one, just found something related in ubuntu forums: http://ubuntuforums.org/showthread.php?t=1876061 | 22:18 |
Daviey | adam_g: not sure, will know more shortly :) | 22:18 |
Daviey | Aison: Hey, did you open a bug? | 22:18 |
Aison | Daviey, no, maybe it's not a bug. I guess 11.10 requires some changes in the config files | 22:19 |
rbasak | Aison: if upgrading breaks bonding to the point where the server fails to bring up network interfaces, I'd say that it's a bug. | 22:20 |
Aison | rbasak, well, it's not the upgrade to 11.10. After upgrade to 11.10 it continued to work. But some weeks ago it suddenly stopped | 22:21 |
Aison | maybe some later upgrade breaked it | 22:21 |
=== Lcawte is now known as Lcawte|Away | ||
rbasak | Aison: ah. In that case it may be the race condition that the documentation refers to. | 22:23 |
Daviey | Aison: can you throw what you know on a bug, it would really benefit trackability. | 22:26 |
Aison | it's working now, it was really a change in the config file | 22:28 |
Daviey | Aison: yeah, as rbasak points out.. we probably want to release note the fact that it's less than joyful. | 22:28 |
Daviey | But currently, i don't fully grok the issue.. So i'll read it via a bug, in the morning? :) | 22:29 |
Aison | Daviey, the only bug I can see is, that the documentation is missing ;) or I was too stupid to find the right documentation | 22:31 |
Aison | but if I follow README.Debian.gz then everything is clear | 22:32 |
Daviey | Aison: right, but i'd like to warn users before upgrading if config isn't safely handled on upgrade. | 22:32 |
Aison | ok, I understand | 22:32 |
RamJett | Good afternoon. I have a question on a problem with boot up with 12.04 .. pretty sure it is a RAID detection race condition. Anyone want to take it on? | 22:33 |
Aison | Daviey, i'm going to file a bug report. but all I can file is my old configuration and the new one that was required to work with 11.10 | 22:35 |
Daviey | Aison: sounds good to me, for the lazy can you provide the readme? | 22:35 |
Aison | yes | 22:35 |
=== matsubara is now known as matsubara-afk | ||
Daviey | Aison: thanjs | 22:36 |
RamJett | Anyone ? | 22:39 |
Aison | hmm, there's already a similar bug report for 12.04 | 22:41 |
Aison | https://bugs.launchpad.net/ubuntu/+source/ifenslave-2.6/+bug/974218 | 22:41 |
uvirtbot` | Launchpad bug 974218 in ifenslave-2.6 "Ifenslave-2.6 problem in ubuntu 12;04 precise" [Undecided,Confirmed] | 22:41 |
Aison | so in fact it's a problem of the ifenslave package upgrade | 22:42 |
ThiagoCMC | Hi! I just start Ubuntu MAAS (with maas-dhcp / maas import isos / etc), added my first node Okay... The node boots up using PXE smoothly BUT, what is the user login of my newly added node?!!? Or the root password?! | 22:51 |
ThiagoCMC | Second question: Can I use MAAS to deploy a Ubuntu Server to a server's harddisk (instead of using diskless servers)?! | 22:53 |
ThiagoCMC | Also, how to join #ubuntu-cloud channel? | 22:54 |
EvilResistance | i dont think you can | 22:55 |
EvilResistance | #ubuntu-cloud redirects here | 22:55 |
EvilResistance | so... | 22:55 |
EvilResistance | that means that channel is empty | 22:55 |
EvilResistance | :P | 22:55 |
EvilResistance | (or secured) | 22:55 |
ThiagoCMC | ok | 23:18 |
ThiagoCMC | EvilResistance, do you know what is the default login of a Ubuntu MAAS node? | 23:19 |
ThiagoCMC | It is all installed here but, I can't login into my fresh nodes... lol | 23:19 |
ThiagoCMC | Sounds newbie but... I need some help here... | 23:19 |
ThiagoCMC | ^^ | 23:19 |
uvirtbot` | ThiagoCMC: Error: "^" is not a valid command. | 23:19 |
EvilResistance | don't assume i know what you mean :P | 23:19 |
* EvilResistance doesnt use MAAS, whatever that is\ | 23:19 | |
ThiagoCMC | Ubuntu 12.04 - MAAS... | 23:19 |
* EvilResistance may know a lot about how IRC works, but not everything about Ubuntu Server deployments | 23:20 | |
ThiagoCMC | ok | 23:20 |
ThiagoCMC | no problem | 23:20 |
EvilResistance | usually i'm quiet in here until i have a question that I ask :p0 | 23:20 |
ThiagoCMC | :-P | 23:20 |
EvilResistance | but today i've had too much coffee :P | 23:20 |
ThiagoCMC | Me too! | 23:20 |
ThiagoCMC | LOL | 23:20 |
ThiagoCMC | Where can I talk about Ubuntu MaaS / Cloud deployments? | 23:22 |
RamJett | So I'm guessing no one is here. I'm thinking my RAID boot problem should be a easy one. I'm just not expert on Ubuntu yet .. been using Gentoo for way to long. | 23:23 |
EvilResistance | !patience | 23:25 |
ubottu | Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/ | 23:25 |
EvilResistance | everyone here needs patience :P | 23:25 |
EvilResistance | ThiagoCMC: this'd be the place, but this channel isnt as active as #ubuntu is. you jsut need patience :) | 23:28 |
Aison | new question to samba smb.conf | 23:38 |
Aison | in one share i've got | 23:38 |
Aison | read list = someuser | 23:38 |
Aison | write list = someuser | 23:38 |
Aison | why can all other users also connect to this share?!? | 23:39 |
ThiagoCMC | EvilResistance, Okay! Sorry!! ^^ | 23:40 |
EvilResistance | no need to apologize :) | 23:40 |
ThiagoCMC | :) | 23:42 |
cwillu_at_work | Aison, read list/write list doesn't give an exclusive list of who's allowed to connect | 23:42 |
cwillu_at_work | Aison, read list limits the listed users, write list unlimits the listed users | 23:43 |
cwillu_at_work | and at no point have you restricted all users | 23:43 |
cwillu_at_work | (and write list = aison will override read list = aison) | 23:44 |
=== dendrobates is now known as dendro-afk | ||
=== AntORG_ is now known as AntORG | ||
Aison | cwillu_at_work, when I connect to the share, where a user is neither in read nor in write list | 23:58 |
Aison | cwillu_at_work, why can this user then read the files? | 23:58 |
cwillu_at_work | because you didn't say he couldn't | 23:58 |
cwillu_at_work | "read list" means "users on this list can only read" | 23:59 |
cwillu_at_work | it doesn't mean "only the users on this list can read" | 23:59 |
Aison | cwillu_at_work, hmm, how do I exclude all user but one? | 23:59 |
cwillu_at_work | do you see the difference? | 23:59 |
Aison | yes | 23:59 |
Aison | how can I exclude all users by default and allow just some of them to read/write from the cifs/samba share | 23:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!