[00:00] @thomas What mail daemon are you using? [00:00] Anyone here work on the Ubuntu Virtualization PPA? Just went to install a VM on an Ubuntu 10.04 host, and got an error saying 'virt-install: error: no such option: --initrd-inject' Went to https://launchpad.net/~ubuntu-virt/+archive/ppa Added the PPA. Trying to update, I get this error from apt: qemu-common: Depends: vgabios (>= 0.6c-2ubuntu2) but 0.6c-2ubuntu1 is to be installed. Also, it looks like the packages are old: [00:00] virtinst is at version 0.500 from a year ago. The CentOS 6.2 box I'm on has a virtinst package of 0.600. [00:00] fosterdv, I'm assuming you mean sendmail. I'm a bit green just trying to do some leg work for my engineer [00:01] Yeah, :) [00:01] Are you using mbox or maildir? [00:01] mbox = mailboxes show up as a single file... [00:02] maildir = each email is a file to itself [00:30] fosterdv, Sorry for the delay ribs finished :) Had to have some family time there. Anyways, I belive mailboxes show up as a single file. [00:32] Hi all [00:32] o/ [00:33] setting up rsyslog server on ubuntu. the server is receiving remote logs, but outputting them to /var/log/rsyslog instead of my specified /var/log/remote.log [00:33] here's the conf snippet: https://gist.github.com/2590703 [00:34] im new on ubuntu. I need to install the libreadline5-dev, but I cant found it with apt-cache search. I have only libreadline5, libreadline6 and libreadline6-dev. I need to add another repos on apt-get? Im using Ubuntuserver 11.10 [00:37] jkyle, I did this before using some sort of 'finger' and doing something with the /etc/mail dir. [00:38] wut [00:38] should be able to do it all in rsyslog [00:42] hi guys any help regarding running a particualr script, what shoudl be done-------> http://sites.google.com/site/kjalleda/mysqlreplicationconsistency [00:44] I can't find the rsyslog lol === thomas is now known as thomasu [01:01] EduFrazao: What version? libreadline5-dev was only available in hardy through natty. [01:02] pedahzur, yes... On 11.10 it is deprecated... but it is needed by vmware vcap.... [01:02] I think that I will need to downgrade my virtual machine... [01:02] =/ [01:04] EduFrazao: Are you locked in to VMWare? Could you use KVM? [01:04] pedahzur, im using cloud-foundry =/ [01:04] EduFrazao: Ah. They should have support for recent Ubuntu versions. [01:04] from vcap user manual: Note that the recommended version is Ubuntu Server 10.04-2 LTS. [01:06] =/ [01:12] yay, got it [01:16] is the ssl private key bound to the machine that created it? [01:18] wiherek: no [01:25] anyone know the ls command which list list all the mail files by size and date last modified? [01:25] thomas, did you ever figure it out? [01:26] I also stepped away for lunch, sorry about the delay. [01:26] http://manpages.ubuntu.com/manpages/precise/man1/ls.1.html thomasu [01:27] Well, I figured out that I use dovecot for email and I have each email file in my /var/spool/mail directory. From there if I can ls it in a way to show date last modified I'd be set :P [01:27] I didn't know that reflects logins.... well, that's cool :P [01:29] I was trying to figure out how to do it myself, it's been a while since I checked for things like that... but, if you save your maillogs, future reference... when you're going through your users, you could also attempt using grep -r 'username' in the maillog, and look for anything showing the last time they accessed the account. [01:29] or at least attempted... :P [01:31] yeah this is a pain but i'm close :) [01:31] Nice, :D [01:31] Mail is always a pain in my experience.. [01:32] mail just takes time [01:32] That it does. === matsubara is now known as matsubara-afk [02:42] When invoking ftp from the CLI, how can I get all files in a given folder? [02:44] ls ? [02:44] I mean get, as in the command. In other words, I need to download all files, and I don't have access to the parent. [02:44] mget [02:45] qman__: thank you. [02:45] mget *, specifically [02:45] http://mywiki.wooledge.org/FtpMustDie [02:45] or any other wildcard [02:47] twb: I hate ftp with bleeding daggers, but this isn't my server, or even my project. I'm merely stepping in to provide a few solutions, then exiting stage left. [02:51] Fair enough [02:52] Could someone tell me what these dependency problems are about when trying to install php5: http://pastebin.com/eq8cpUq1 I have gnome-session-fallback installed as well. [02:57] qman__: Why, when I mget -i *, does it still ask me about every file? [02:58] Probably because the basic ftp client is crap -- you might get better behaviour with lftp or something [02:59] Or better would be rsync, scp, &c of course [02:59] yeah, I don't know [02:59] sftp's works better [02:59] ugh. I may just tell the vendor I'm not providing the solution to the client until they give me ssh access. [03:00] Seriously, ftp? Even the IIS teams I work with treat me better than this. :( [03:00] tohuw: +1 [03:00] Im getting a cp: reading 'file': Input/output error but running fsck on the drive shows no errors [03:00] I'm about to email a customer saying "upgrade your switch so it supposed key-based SSH" [03:00] sounds like a good plan to me [03:01] is there something more i can run to check it? [03:01] slide: did you check dmesg, system logs, smart self-test? [03:01] Hah... mget refused to download directories because they aren't regular files. [03:01] My path is clear. [03:01] tohuw: usually you need a client that can walk the tree a la -r [03:02] slide, you can use dmesg or smartctl to find out if it's a hardware error or a filesystem one [03:02] twb, yes, i am getting an error in the syslog, gist.github.com/776739c3c680a9bbc2c5 [03:03] looks like the drive is dead [03:03] grab what you can and hope you have a backup [03:03] hrm [03:03] its just that one file [03:03] means that section of the disk is what's bad [03:04] but it's only going to get worse [03:04] ddrescue may be able to save some of it, but that's just gambling [03:05] is there a tool that will actually tell me what areas are bad etc? [03:05] slide: your drive is dead/dying; make sure your backups are up to date, and then schedule a replacement ASAP [03:05] k [03:05] the error told you [03:05] slide: what that's saying is there are so many bad areas already, there are no spare areas left to allocate replacements from [03:06] modern drives manage themselves, they decide where to store data on the actual disk and they automatically handle a certain amount of bad sectors [03:06] when you start getting unreadable files, it's beyond that point [03:07] wow its been run for 14000 hours [03:08] Night all. Datz, If it's an option on that host, backup, purge apache (or at least apache-mpm* and apache-php*) and any php-* packages, install php5, see how it feels about that. Otherwise, figure out how to resolve the conflicts your installed apache-mpm packages are causing: dpkg -L name_of_package. [03:08] slide, that's actually not very good, one of the disks in this machine is at 46319 hours [03:16] I bet it's a green drive [03:18] thanks tohuw [03:21] could be anything, my newly rebuilt file server, less than a year old, already lost three drives and a fourth will come soon, already has an offline uncorrectable sector [03:21] fortunately this time around they didn't all go at once [03:21] so I could RMA and replace [03:22] and those are samsung hd103sj [03:24] See I buy whitebox junk so I don't have those problems ;-P [03:25] nah i dont think its a green drive [03:25] Seagate Barracuda LP [03:26] qman__: we used to explicitly request disks from different batches, and/or different manufacturers, to try to avoid them all dying at the same time [03:26] I don't think we bother anymore [03:33] ok backing up now [03:33] luckily had a drive with just about the exact amount of space free heh [03:33] You should consider using md raid in future [03:33] im poor [03:35] ok got about 100 or so servers at this point...some physical..mostly vm's [03:35] how much is your data worth? [03:35] How much is your TIME worth to try to recover it from a dead rive? [03:35] we want aaa type of server..nis... [03:36] im thinking nis..seems simple.. [03:36] nis is dead [03:36] isnt there something that works directly with pam though [03:36] no im so poor i can barely afford food sooo extra hds arent really viable ha [03:36] You should not use nis on any untrusted network, because it allows ANYONE on the network to see ALL your passwords [03:36] slide where are you [03:36] louisiana [03:36] what kind of drives do you need [03:36] grendal-prime: you should look at LDAP, which is the only actively maintained solution. [03:37] grendal-prime: to do it properly you should be using kerberos, but that's a huge pain so at least use LDAP. [03:37] i dont NEED drives, ive got a few hundred gigs left, hopefully i can save up before they fully fill up [03:38] i have a pile if drives [03:38] I dunno about .us but in .vic.au there are recycling shops that take three-year-old machines and refurbish them with linux, and sell them too poor people for like $10 [03:38] twb i do something similar [03:38] in my spare time.. [03:39] which i dont have much of now [03:39] but i charge more like 100 or so [03:39] and people bring me their hardware [03:39] http://bytebackaustralia.com.au/ [03:39] I think that's the site [03:39] slide you want me to send you some hd's [03:40] Maybe they just throw them away and there's a different mob, I'm not sure [03:41] hrm tempting heh but no thanks :) [03:41] thank you though [03:47] has anyone used boa webserver? the server is not running,with no errorlogs [03:47] I think I used it for about three minutes [03:50] has anyone used boa webserver? the server is not running,with no errorlogs [03:54] i got an adaptec filer sitting here [03:55] ok so ldap server... [03:55] slapd? [03:55] that filer by the way is a noisy fkr [03:56] and heavy, prolly cost 100 bucks to ship to florida from cali [03:58] grendal-prime: yes, you will need to do some reading [03:58] is there some sort of application i think i heard of it that u can installed on your ubuntu server [03:58] grendal-prime: unfortunately most of the LDAP documentation is written by cargo-culters who don't know what they're doing [03:58] and external monitor like cpu usage, hd space and system health? [03:58] footvilla: there are many. collectd is what I use. [03:59] footvilla: nagios and munin are also worth investigating [04:00] footvilla, there are hundreds of things for that [04:00] htop is probaly the easyest quickest most usefull [04:01] grendal-prime: ah, he said "external" which threw me off [04:01] but its curses based you log into the server and watch it [04:02] your probaly right...nagios though..man that thing scares people off like crabs. [04:02] nagios free? [04:02] we monitor all our ubuntu servers ..and i dont know why they never fail [04:03] nagios free ya.. [04:03] so is zabbix [04:03] you need alerting? [04:04] zabbix is PHP though IIRC [04:04] php rocks [04:04] http://me.veekun.com/blog/2012/04/09/php-a-fractal-of-bad-design/ [04:04] tohuw: purged apache2, installed php5 without problem, then installed apache2 without problem; everything works.. Don't know what the problem was before. Might have purged some dep for a package I have installed and broken something I will find out about later. :) [04:04] anyone tells you other wise they are high [04:05] well running a webserver [04:05] alerting would be nice [04:05] footvilla: performance monitoring or availability monitoring? [04:05] also would like to see if the webserver gets overloaded or howmany people browsing the website [04:05] a little of both twb [04:06] id recommend ntop [04:06] network throughput and from where [04:06] easy setup web graphs..we use it alot [04:07] something simple that i can remotely log in [04:07] mem usage / network usage / cpu usage etc [04:07] it will give you very good statistics on nework traffic === jkyle_ is now known as jkyle [04:08] footvilla, if you want to quickly see whats happening..very directly monitor..htop is the thang [04:08] apt-get install htop [04:08] then ssh into the box and type htop [04:09] see what it gives you..that may be exactly what you want..you want something that logs tracks and charts stuff..you will need to look into something else [04:10] orion..zabbix, nagios.. [04:10] yea logs tracks and charts [04:10] much more setup usually [04:10] but also i could log into w/ username [04:10] gui interface [04:11] i would recomend you do the htop thing anyway..you can highlight processes and kill them [04:11] and see live..each proc how much is being used...what is top and you can scroll through all the processes with your arrow keys [04:12] yea installed htop [04:12] and run strace on any processs and see the actual data that is being processed by the kernel directly [04:12] and it runs from you smart phone as well. [04:13] anything that ssh's in [04:13] that thing has saved me a lot of hassle [04:13] nice! thanks grendal [04:14] np [04:14] its the first thing i install on all the linux boxes [04:15] in fact...heheh if its not installed...i know i prolly didnt build the box [04:16] twb, soo im looking at the webmin module for ldap. looks pretty straight forward. (the management and sups at my regular gig love that thing) [04:16] Do not use webmin. [04:17] you are just full of way to practical bummer type responces [04:17] Specifically regarding the webmin ldap users & groups modules, note that it requires full root bind privileges, and only speaks RFC 2307/bis -- which is manageable apart from password expiry. [04:18] unfortunatly, there is something we do that has become amazingly simple with that tool. to the point where it was required on most of the servers [04:18] RFC 2307 relies on the client to enforce locked/expired/needs-reset passwords, so anyone that has root on their own box can simply ignore them. [04:19] grendal-prime: we used to use webmin, too, for the same reason. We fixed that by taking our webmin custom modules and just running them under a thin hand-written shim instead of under webmin. [04:19] we only use it on isolated networks though [04:19] also its one of those things were very few people have access to the admin of the tool..most have access to one module [04:21] we are security audedted regularly by an outside source..we pass all the time..you just have to lock that bitch down.. [04:21] but i digress [04:22] soo you dont like the way that it works with ldap though [04:25] this is getting irratating [04:25] we got an emp that is leaving. [04:25] we have to change 100 or so admin passwords.. [04:26] and that blows..and ..we may wind up with 100 more servers. [04:26] i want to get this nailed down now. [04:27] was thinking about radius as well [04:28] but that seems somewhat complicated [04:35] morning everyone [04:37] hey pehden [04:37] does anyone have an idea how to change the default port on Owncloud away from port 80 ? [04:41] Knightwise: A quick look at ownclouds suggests it just being PHP running from Apache, etc? Shouldn't it just be to change the Apache port config then? [04:43] yeah , but i opened up the apache config in webmin and it doesnt show owncloud as a seperate virtual host. [04:49] 14:25 we have to change 100 or so admin passwords.. [04:49] grendal-prime: key-based auth [04:50] With monkeysphere they can be revoked; alternatively you can cheat and use the ssh blacklist patches (but they're Ubuntu/Debian-specific) [04:53] ya its not that simple though [05:06] grendal-prime: not in your current setup, no [05:06] But here, when someone leaves, I add their SSH key to the blacklist .deb and it's automatically installed on all hosts by the unattended-upgrades package [05:06] When I get around to adding my PPA to my customer's machines, they'll get it, too [05:07] Of course, that won't stop a malicious staffer from adding back-doors in advance. [05:07] ya [05:08] on a side note ...did you know that margaritas at this hour (even in california) is something that is frowned upon? [05:08] and...there is no more wine [05:08] im going to sleep [05:09] i have to. because of this bezar social glitch [05:09] night all [05:27] twb, are you still around? [05:28] fosterdv: what do you want [05:29] I was wondering if you know anything about installing ProFTPD on Ubuntu Server 11.04, and why it might be hanging during installation? [05:29] roaksoax: if you get a min, would you be able to push the debdiff attached at https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/990742 against openldap into -proposed? [05:29] Launchpad bug 990742 in cyrus-sasl2 "slapd fails to upgrade: requires libsasl2-2 (>= 2.1.24) installed" [Undecided,Fix committed] [05:30] 12:45 http://mywiki.wooledge.org/FtpMustDie [05:30] fosterdv: last time I ran ftpd it was vsftpd [05:32] Ah, okay... thanks anyways. === Lcawte|Away is now known as Lcawte [06:26] hi guys any helphow to make this run on my ubuntu-server do i need some additonal component to do this..? ---> http://sites.google.com/site/kjalleda/mysqlreplicationconsistency [06:36] hi everyone. this is more of a generic linux question but here it goes.. I have a server with a large mdadm raid array used for a file server and the os (ubuntu) running off of a single SSD. what i notice when the server is under any load is that commands will hang when I run them. commands like df, who, ps.. pretty much anything. I thought it would be related to disk IO but the OS SSD is not used by the file server so this doesn' === koolhead11|afk is now known as koolhead17 [06:37] i can literally run "time who" like 20 times, and 8/10 times its < 0.1 real, sometimes up to 6 seconds though. [06:45] anyone have any experience with Mumble server ? [06:56] adam_g: the value would be have an environment that you can evolve [06:57] adam_g: devstack is a start and an end to itself, it uses specific branches and installs in non-LHS compliant places [06:58] I'd very much prefer if the devs (at least those running Ubuntu) would use Juju to bootstrap an all-in-one locally, which would use proper Ubuntu packages... and could potentially be made to evolve into a multi-node setup by adding new nodes and relations [06:59] It sounds like a worthwhile target to encourage devs to run Juju & proper Ubuntu packages, as that's where the mindset starts === almaisan-away is now known as al-maisan === smb` is now known as smb [07:34] adam_g: so I think it warrants its own session. Something like "Promote OpenStack charm as a dev/tester bootstrap environment" [07:35] ttx, +1 === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [07:47] hello everyone [07:48] I have just installed Ubuntu Server 12.04LTS and I have noticed that it takes longer to boot than 10.04LTS [07:48] is there a way to get disable the logging that shows in the screen at startup? [07:50] I have already tried to search on google but only found how to disable sound on startup [07:50] can someone help me with this? [07:53] viegasfh: what kind of logging === koolhead17 is now known as koolhead17|afk [07:59] when you boot you get the screen where you can pick either normal boot or the safe mode [08:00] viegasfh: on a server install? [08:00] after that all the dmesg logs show up on the screen [08:00] I want it to go straigth to the login screen, and skip this one [08:00] yes, server install [08:00] ok with the desktop [08:00] don't get that on the desktop [08:00] viegasfh: if you're getting that, there is something wrong [08:00] and never noticed that on 10.04 [08:01] I am running it on vmware [08:01] <_ruben> and you cant *skip* it, as what you see is realtime [08:01] well, not really skip, but stop it from showing on screen [08:01] I can always go to the logs and see what went wrong [08:03] I checked the logs and the system seems to be running ok [08:03] it is just that it has been a long, long time since I noticed all the logs on screen, in similar fashion to CentOS or Red Hat [08:03] or FreeBSD [08:52] morning o/ === koolhead17|afk is now known as koolhead17 [09:04] good morning [09:05] I guess if you remove "splash" from grub options but keep "quiet" it will not output much [09:05] I remove both so that I actually see *useful* bootup messages [09:09] root@otrs:~# lsb_release -a [09:09] No LSB modules are available. [09:09] Distributor ID: Ubuntu [09:09] Description: Ubuntu 10.04.4 LTS [09:09] Release: 10.04 [09:09] Codename: lucid [09:09] root@otrs:~# do-release-upgrade [09:09] Checking for a new ubuntu release [09:09] No new release found [09:09] That's odd [09:10] Jeeves_: lts->lts upgrades start with 12.04.1 (NB!) [09:10] wtf? [09:10] * xnox it's always been like this. [09:11] Ehm, not that I know off. [09:11] But ok. [09:11] lts->lts upgrades need testing & ironing upgrade bugs out. [09:11] xnox: oh is *that* why [09:11] I didn't realize that was official policy, I thought it was just me being sensible [09:11] xnox: I thought that was why we had beta's and stuff [09:12] Jeeves_: .0 releases are always bullshit [09:12] * xnox and 0day SRU & updates.... [09:12] I don't mean in ubuntu, i mean in anything [09:52] Daviey, zul, adam_g: thread for you @ https://lists.launchpad.net/openstack/msg11152.html === al-maisan is now known as almaisan-away === daker__ is now known as daker === Ursinha is now known as Guest7047 === Ursinha_ is now known as Guest96131 === Ursinha__ is now known as Ursula === Ursula is now known as Ursinha === Ursinha is now known as Guest69236 === chris_ is now known as Guest47687 [11:58] hi === Guest47687 is now known as yeats [12:00] I broke my OS, and now I'm desperatly trying to fix this, to make long story short I made it to the point where apt-get install -f wants to fix a lot of packages but after retrieving them I get: E: Couldn't configure pre-depend libc6 for findutils, probably a dependency cycle. Anybody knows how to fix this? === Ursula is now known as Ursinha === matsubara-afk is now known as matsubara [12:58] good morning [12:59] evening [13:07] Can any one in here recomend an irc server daemon for ubuntu server? [13:07] I read that ircd-hybrid is no longer updated [13:09] jamespage: https://bugs.launchpad.net/openstack-ubuntu-testing/+bug/994572 [13:09] Launchpad bug 994572 in openstack-ubuntu-testing "Builds failing" [Undecided,New] [13:10] zul: not done that yet [13:10] need to switch to maas first - sorry [13:10] jamespage: yeah just filed a bug to nag you [13:10] Sandbag: the one you know best man. since you are interested in hybrid, which was popular on efnet, maybe you want to look at ratbox. [13:13] Thanks mardum - thats the one I was lead to. Here goes nothing... [13:15] *mardraum even ;) === almaisan-away is now known as al-maisan === JanC_ is now known as JanC === kirkland` is now known as kirkland [13:59] Hello all. I can't find the .torrent for Ubuntu Server 12.04. Can anyone put me in the right direction? [14:00] SpamapS: were you going to look at bug 988394 (upstart job woes) [14:00] Launchpad bug 988394 in autofs5 "Reboot hangs because /etc/rc6.d/S40umountfs chokes on non-existent mounts" [High,New] https://launchpad.net/bugs/988394 [14:00] oh wait [14:00] I think I found it - http://releases.ubuntu.com/precise/ubuntu-12.04-server-i386.iso.torrent [14:00] sorry [14:29] hallyn: looking now [14:36] hallyn: looks like slangasek commented. I think he's right. the stop on should be 'stop on deconfiguring-networking' === al-maisan is now known as almaisan-away [15:29] hallyn: starting the libvirt merge now [15:32] zul: cool [15:56] adam_g: around ? [15:59] kirkland: around? [16:00] if i have a running process referencing a symlink, then change what that link points to, does anyone know what the still-running proceses sees? [16:00] kirkland: fwiw, for q i'm about to merge debian's seabios. previously we always had our own. but since we'll merge debian's qemu-kvm too (hopefully)... [16:00] well, maybe i should wait until after the uds session [16:00] all right you've convinced me, i'll wait :) [16:02] claude2: if by 'referencing a symlink' you mean it has opened the file it points to, then it won't see a change [16:02] the open file is to the target inode [16:03] awesome. thanks hallyn === matsubara is now known as matsubara-lunch [16:19] Howdy... I've used aptitude to add the apparmor package, but aa-status still says apparmor module is not loaded [16:19] This is with 12.04 [16:19] Any idea why this might be? === funkyHat_ is now known as funkyHat [16:21] JamesB: shouldn't even have needed to add apparmor package.... how did you install the system? [16:23] It's just a standard Linode install [16:23] Do you think they screwed it up somehow, then? [16:25] Dunno - what does 'grep -i apparmor /boot/config*' show? [16:25] and what is in /proc/cmdline [16:26] root=/dev/xvda xencons=tty console=tty1 console=hvc0 nosep nodevfs ramdisk_size=32768 ip_conntrack.hashsize=8192 nf_conntrack.hashsize=8192 ro devtmpfs.mount=1 [16:26] and there is no directory /boot/config [16:27] lsb_release -a shows 12.04... however oddly uname -a shows kernel 3.0.18 [16:28] whereas Wikipedia suggests it should have kernel 3.2.14... very strange really [16:28] Yeah I'm guessing the xen kernel there doesn't have apparmor enabled [16:29] mount | grep security ? [16:29] then look under that directory. (hopefully it's /sys/kernel/security) [16:29] if it doesn't have 'apparmor' then the kernel doesn't have it [16:30] ask linode if they can enable it i guess... [16:33] mount lists nothing [16:34] How very annoying. Rackspace didn't have these screwy kernel problems. Teach me to try saving $5 :P [16:50] how can I get the dependencies for a .deb? [16:51] jkyle, look at apt-cache [16:52] for a .deb file? [16:52] hm, of a .deb, jkyle; may or may not work, but worth a check [16:52] yeah prob not sorry [16:52] :) [16:53] yeah, it searches for a package with name "foo.deb" [16:54] dpkg -I file.deb [16:54] I upgraded my server to 12.04 but it no longer connects to the internet after a reboot. Any ideas? [16:54] oal: does it have an ip/ nic is active and working? [16:54] can you ping it? [16:55] resno: nope [16:55] if its disappeared, can you login on the phyiscial machine? [16:56] resno: yes, I have logged in to the physical machine, ifconfig tells me it has no ip [16:56] do you know which eth is your connection on? [16:56] I'm not a command line ninja, so maybe this is just a one liner to get it fixed [16:56] resno: eth0? [16:56] ifconfig eth0 up [16:57] i think that should do it [16:57] resno: no difference, I'm afraid [16:58] how did it respond? === Ursinha is now known as Guest78578 [16:58] No errors or anything, it just ran the command [16:58] Sounds like a driver issue [16:58] and so it begins... :( [16:58] jkyle: Did you get my response earlier? [16:59] resno: This is a hp laptop (yes, a laptop, but I use it because it gives me an hour extra before it suddenly cuts off). [17:00] ... in case of a power outage [17:00] hallyn, we had an unusual lxc-start-ephemeral issue today: dhcp leases file didn't exist. We already wait up to 30 seconds for it to exist. Should we just up the timeout, or would something like lxcip help, or would you be suspicious of something else? If it helps, the pertinent bit in the script is http://pastebin.ubuntu.com/967318/ . The last "if" in the excerpt was false. [17:01] I'll try to reboot it and see if it magically fixes itself [17:03] Wow, it did... [17:08] oal: cool [17:11] jjohansen: hey there. Are you aware that the kernel currently in quantal gives stacktraces when starting an LXC container (seems to be related to apparmor/audit), /etc/init.d/apparmor reload is also very slow and complains about the network rules [17:11] jjohansen: (I know it's very very early in the quantal cycle and I shouldn't be expecting things to be stable/working at this point ;)) [17:11] I guess I'll just install Precise's kernel for now [17:11] stgraber: nope I haven't poked at quantal at all [17:12] stgraber: but thanks for the heads up, that means something upstream is probably broken [17:12] * jjohansen hasn't checked that recently either [17:12] jjohansen: ok, let me pastebin my dmesg, maybe you'll see something obviously broken in there :) [17:13] jjohansen: http://paste.ubuntu.com/967351 [17:14] sigh, yeah audit. eparis pushed out a patch changing lsm audit that affected apparmor and /me never got a chance to look at/check it :( [17:16] jjohansen: http://paste.ubuntu.com/967358/ is what apparmor reload gives me on quantal :) [17:17] stgraber: yeah it seems the kt dropped a patch when it failed to apply [17:18] * jjohansen will kick them for not pinging /me to fix it [17:18] ok :) === matsubara-lunch is now known as matsubara [17:23] can someone explain to me how to get an apache install going? i don't even know what to enter into apt tools to see if it's installed :/ [17:24] Gallomimia: sudo apt-get install apache2 [17:25] ahhhhh twooooo [17:25] thanks [17:26] i am running ubuntu server for about half a year now and recently this has been happening maybe a day or so of server uptime : May 4 11:51:57 xseries kernel: [174049.008015] INFO: rcu_bh_state detected stalls on CPUs/tasks: { 7} (detected by 6, t=4653300 jiffies) [17:26] anyone know how to fix? [17:27] what release of ubuntu server is running? [17:27] the one before the most recent 11.something [17:27] i know thats not helpful uhh [17:27] no it is. it only came out 1 week ago [17:27] some people like to wait more than 1 week before upgrading [17:28] 11.10 generic [17:28] the more adoption a product has, the bigger upswing there is between tested bugs and found bugs upon release (as in, by users instead of testers) [17:29] anyways that error shows up every 15 minutes or so, and i cant do anything on the server. Background htings like the web server and ftp server keep working, but if i type any commands they do nothing. i have to reboot it [17:29] gary_poster: i think using lxc-ip would be best [17:29] hallyn: merging libvirt is not fun [17:30] i can paste the whole syslog is that would help [17:30] zul: i know :) did you look at my old 0.9.9 merge for a start? [17:30] i assume you're doing 0.9.11 now or somesuch [17:30] hallyn: no i just went straight to 0.9.11 [17:30] ok [17:31] hallyn: 32 lines for chanelog entry so far [17:31] zul: do you see any bits there that we can push back to debian? [17:31] one or two patches so far [17:32] why do we use libvirtd for group when debian continues to use libvirt, for instance? [17:32] hallyn, that's what I thought. We can make a version of lxc-start-ephemeral that does this. That won't help Precise though, right? Not sure if a fix for this kind of problem would even be considered SRU material, and if so, I's guess that a solution that added an entirely new script would not be an easy sell. [17:33] i think it greatly improves a bug in lxc-start-ephemeral to use lxc-ip for it, and therefore we may be able to get lxc-ip in as part of that fix [17:33] stgraber: ^ what od you think? [17:33] hallyn: reading backscroll [17:34] does this have anything to do with it? https://bugs.launchpad.net/ubuntu/+source/linux/+bug/855684 [17:34] Launchpad bug 855684 in linux "The machine locks up hard on heavy load [SATA errors]" [Undecided,Invalid] [17:36] Pinkamena_D: seems this bug is related and possibly means it's a kernel bug [17:37] hallyn: not sure what's the qestion/problem here. AFAIK lxc-start-ephemeral doesn't currently provide you with the IP address, so I don't see how you'd justify adding lxc-ip through an SRU [17:37] unless I'm missing something here [17:37] so, is thewir anything i can do [17:38] that does look like almost the same bug [17:38] i assums the 0 is replaced with a 7 in mine because thats the cpu core that is stalled? [17:40] stgraber, it needs to get an ip address, so it can ssh into the container, in the absence of lxc-attach. it currently gets the ip address with a dhcp lease parsing hack. using lxcip, we hope, would be less hacky and more robust. [17:41] Pinkamena_D: find more. perhaps someone who knows more about the cpu stall bug will pipe up in here [17:42] (you are correct that it does not provide the user with the IP address; it is a consumer of the IP address) [17:42] gary_poster: right, but looking at the dhcp lease file isn't something the lxc package does at the moment, it's something you're doing. So you should be carrying lxcip if you want to have it reliable, I don't see a reason for us to SRU it in the lxc package [17:42] we certainly want that fixed in 12.10 though and hopefully we'll have an official python module then [17:42] Pinkamena_D: compare your kernel version to the versions discussed in that bug. i think it's ubuntu cause google got searched. but make sure. there seems to be a fix present [17:42] and can then backport 12.10's LXC to 12.04 [17:43] stgraber, lxc-start-ephemeral is in ubuntu's lxc; is the distinction you are making that it is not upstream? [17:45] gary_poster: no, the distinction I'm making is that lxc-start-ephemeral doesn't deal with IP addresses at all, so the fact that looking at the dhcpd lease file isn't reliable isn't an LXC bug [17:45] adding lxcip to lxc post-release would be adding a new feature, not fixing a bug [17:47] stgraber: i'd argue that ssh'ing into the container is a core part of lxc-start-ephemeral. when that doesn't work it's broken/worthless [17:47] right, that's kind of where I was about to go [17:48] hallyn: IIRC lxc-start-ephemeral gives you the container name and the matching lxc-console call, not it's IP and ssh command [17:50] stgraber: it does also do that, but it's main purpose was to be able to run a command in a ephemeral container as in 'lxc-start-ephemeral -- dosomething' [17:51] still i certainly agree adding a new program is not to be taking lightly :) [17:51] gary_poster: any ideas on why the leases file wasn't created? [17:51] hallyn: oh, now that I actually looked at lxc-start-ephemeral code, what you two are saying makes sense :) [17:51] :-) [17:51] hallyn: so yeah, adding lxcip instead of messing with the lease in [17:51] lxc-start-ephemeral sounds good [17:52] sru time might of course still disagree :) but it's definately the less hacky fix [17:53] yeah, and I know some people will be happy to have lxcip in 12.04 ;) [17:53] highvoltage: ^ :) [17:53] Psi-Jack, are you here :-D [17:53] barely [17:53] lol [17:53] hallyn, the only thing I could figure was that the (EC2) machine was under heavy load (seven other lxcs initializing and running things inside them) and 30 seconds was not enough. I've gotten two of those failures today so I'm trying to simply bump the timeout up to 60 to test that hypothesis. [17:55] Pinkamena_D: did you find out what kernel your server is running? [17:55] hallyn, stgraber: fixing with lxcip: cool, we can make a first stab at it if that helps. I'll file a bug now. [17:57] how do you find that out [17:58] hm. i'm not too sure. i'm a bit of a noob. === Ursinha- is now known as Ursinha [17:58] me too [17:58] ;) === Ursinha is now known as Guest84854 [17:59] be back in a little bit... [17:59] alright let's be noob together. go find out how in some manuals. i think a related command is called uname [17:59] uname -r === Guest84854 is now known as Ursula [17:59] ty bazhang === Ursula is now known as Ursinha [18:01] amazing. i completely couldn't remember uname until you caused me to think about it Pinkamena_D. [18:03] stgraber: hehe [18:03] (indeed) === qhartman_ is now known as qhartman [18:13] How do I make sure all the dependencies, like network, database, etc. are running before a service starts. I'm having a problem with glance-registry loading before the network dev and database is up. So I then have to go in and manually start after a reboot === dendrobates is now known as dendro-afk [18:15] just edit the upstart script in /etc/init to make sure it depends on networking and database [18:15] I did that for postfix, to depend on dovecot being up, works so much better now [18:15] since postfix won't start if dovecot auth file doesn't exist [18:16] Where do I get documentation on the /etc/init/*.conf syntax. I've messed with it, but something isn't right. === dendro-afk is now known as dendrobates [18:18] I changed "start on (local-filesystems and net-device-up IFACE!=eth2)" it was "start on (local-filesystems and net-device-up IFACE!=lo)" .. I still have the problem [18:20] It also has "respawn" set. Which seems to work for glance-api .. but not glance-registry === glebihan_ is now known as glebihan [18:35] Is there any way with AppArmor to determine what file a DENIED dac_override capability is for? [18:48] RamJett: what version of glance are you using? that was fixed upstream to retry database connection on startup, to avoid what you are seeing [18:48] after upgrade to precise, I get this error when I try to start mysql server [18:48] init: mysql pre-start process (7861) terminated with status 1 [18:48] no idea what's up [18:51] adam_g: glance 2012.1 . It's what is latest LTS 12.04 . I will see what the upstream looks like [18:51] RamJett: its the same. what does /var/log/glance/glance-registry.log show during its failed startup? [18:55] adam_g: Not sure right now on exact error, but something about not being able to bind, syslog log says "init: glance-registry main process (1435) terminated with status 1" ..rep 11ist times "glance-registry respawning too fast, stopped" [18:57] glance-registry error .. Error configuring registry database with supplied sql_connection ... (OperationalError) could not connect to server: Connection refused" [18:59] adam_g: biggest difference than most I think. I'm running with postgresql instead of mysql that most online docs use === alamar_ is now known as alamar === mahmoh1 is now known as mahmoh [19:08] RamJett: hmm, yeah, the workaround to get glance started up with database retries is mysql-specific. can you file a bug? we should get get that fixed for postres too [19:08] anyone familiar with dovecot here? === gustav- is now known as beerbro [20:11] So I put a 3 second sleep in there so the respawn won't fail because of respawn too fast. But I will see about filing a bug for it. I imagine all the openstack processes are complaining on startup [20:14] adam_g: Do you know where the mysql specific bug got filed? So I can do in the same place. [20:48] RamJett: https://review.openstack.org/#/c/5938/ [20:48] thank [20:48] RamJett: the fix is outside of packaging/upstart and in the actual glance-registry itself [20:50] Daviey: around? === Arc_ is now known as a5m0 [22:15] hallyn: hmm, I'm sure I saw someone mention this in the past, but why exactly isn't "lxc.aa_profile = unconfined" working in 12.04? [22:15] uh, it is. should be. [22:16] not for lxc-execute [22:16] oh no, that is the only one that *does* work for lxc-execute :) [22:16] root@castiana:~# sudo lxc-start -n ubucloud-precise [22:16] lxc-start: No such file or directory - failed to change apparmor profile to unconfined [22:16] oh, right, [22:16] (noticed that when trying the examples from my upcoming blog post ;)) [22:16] i think jjohansen was pushing a fix [22:16] jjohansen: ^ [22:17] I'm talking about LXC nesting, but for cgroup-lite to work, I need to move to unconfined (easier than writing a custom profile for it) [22:17] stgraber, hallyn: yep its one of the fixes that is coming [22:18] jjohansen: cool, I'll work around it for now by linking an apparmor profile that's working with nesting then. [22:21] stgraber: jjohansen: ppa:serge-hallyn/userns-natty shoudl soon have a new quantal kernel with eric's userns patches ready for testing, btw [22:21] jjohansen: what's the approx eta on the unconfined fixes/ [22:22] hallyn: hrmm, let me pester kt [22:26] hallyn: well it will depend on the timing of the next kernel upload, I expect next week to mess things up a little [22:27] ok, thanks. (i just ahd figured it would've happened this past week) === Lcawte is now known as Lcawte|Away [22:38] hallyn: still working on my apparmor profile for nested containers, I think we should include it in the lxc package for quantal once it's done, so people have an example of an alternate profile [22:45] stgraber: sounds great [23:07] Does anyone know a good Fiber 1000base NIC that works with Ubuntu? It needs to be Multi Mode [23:12] ramjett, pretty much any? [23:12] just get an intel one :) [23:15] Nice. I've always used ImageStream routers in the past if I needed them with fiber, but the company I'm working with now needs me to get it from Dell. Dell just told me .. the do not know any 1000base fiber .. let us know a part number and we'll see if they are one of our vendor. They did mention Intel being one === dendrobates is now known as dendro-afk === dendro-afk is now known as dendrobates [23:49] hallyn: http://www.stgraber.org/2012/05/04/lxc-in-ubuntu-12-04-lts/ <-- will be appearing on Planet Ubuntu in a few minutes