| roaksoax | sidnei: we are still early in the process, it will be merged /synced soon | 00:01 |
|---|---|---|
| sidnei | roaksoax, ok, thanks! | 00:03 |
| pdtpatrick | I've got to be missing something in this setup. Is the maas server expecting some node to connect to it with the MAC address i created in the webUI? or is it going to create a new node with that mac and fire it up? if so - where do i see what the individual nodes are doing? I see it talks about virsh and WOL (almost as if it expects me to setup a new KVM node using PXE) | 00:05 |
| harushimo | hey my maas installation got messed up | 00:07 |
| jtv | pdtpatrick: MAAS fires it up. We have no way to show what a node is doing yet. | 00:08 |
| harushimo | I was wondering is there a way to do complete reinstall of maas | 00:08 |
| harushimo | it gave me an fatal error last night | 00:08 |
| pdtpatrick | jtv: so having gone through the MAAS setup and bringing up the UI, setting up the MAC addy in there pretty much sets up a node for first boot using the images it downloaded. That said, do u know why my setup is stuck on Commissioning ? | 00:09 |
| jtv | pdtpatrick: do you see any errors on the node's page in the UI, or on its own console? | 00:10 |
| harushimo | anyone | 00:10 |
| jtv | harushimo: what kind of error? | 00:10 |
| harushimo | fatal error: password authenciation | 00:11 |
| harushimo | I just want to complete wipe the install and do a reinstall | 00:11 |
| harushimo | I don't know if that is possible | 00:11 |
| harushimo | that should fix it | 00:12 |
| jtv | You might be able to dump the database, uninstall-reinstall, and then restore the database. But haven't tried that. | 00:12 |
| harushimo | how do I do that? | 00:13 |
| jtv | harushimo: before you even start trying, please understand that I have no idea whether it'll work! | 00:14 |
| harushimo | it may not | 00:14 |
| harushimo | unless I try | 00:14 |
| jtv | If you overlap with European timezones, another thing worth trying may be to ask allenap (who should not be online now) | 00:14 |
| jtv | I think he did the authentication. | 00:14 |
| harushimo | oh okay | 00:15 |
| harushimo | thanks | 00:15 |
| jtv | There may be some way to re-generate the credentials. | 00:15 |
| harushimo | that is what I'm trying to figure out | 00:15 |
| jtv | If you're interested (perhaps just for exploration), the MAAS database is in postgres. I think on an installed system (as opposed to our dev setups) you can log in using “psql maas” or dump it using “pg_dump maas” | 00:16 |
| harushimo | log in where? | 00:16 |
| harushimo | I can't even access the web interface now | 00:17 |
| harushimo | through the terminal? | 00:17 |
| harushimo | I can't even install apache on the computer | 00:17 |
| harushimo | maas total screwed up a lot of stuff | 00:17 |
| harushimo | which is okay | 00:17 |
| harushimo | I'm learning | 00:18 |
| harushimo | its okay. that is how I learn | 00:19 |
| harushimo | I just want to get maas working | 00:19 |
| jtv | (sorry, was afk for a brief spell) | 00:24 |
| jtv | What I mean is you should be able to log in directly to the database by typing “psql maas” on the command line. I'm not sure you'd be authorized though; haven't worked with an installed setup yet. | 00:24 |
| harushimo | its on my computer | 00:25 |
| harushimo | I'm authorized | 00:25 |
| jtv | Then try it! | 00:25 |
| jtv | If it works, it'll give you an SQL shell on the MAAS database. | 00:25 |
| harushimo | sudo apt-get psql maas | 00:25 |
| harushimo | sudo psql mass? | 00:25 |
| harushimo | i get an error fatal: role "harushimo" does not exist | 00:26 |
| jtv | Just “psql maas” — do you have psql installed? | 00:27 |
| jtv | (Stupid me. Of course you do or you wouldn't have gotten that error) | 00:27 |
| harushimo | that is cool | 00:28 |
| harushimo | I can't apt-get install anything | 00:28 |
| jtv | Then “psql maas -U maas” may work. | 00:28 |
| harushimo | ok | 00:28 |
| harushimo | peer authentication failed for user "maas: | 00:29 |
| harushimo | I mean maas | 00:29 |
| harushimo | this is always happens | 00:29 |
| jtv | So you're not authorized. :( | 00:29 |
| harushimo | how do I authorize myself | 00:30 |
| harushimo | I even did this on sudo | 00:30 |
| jtv | Basically, the database is set up to authenticate the maas user by checking what _system_ user is making the connection. | 00:30 |
| harushimo | ok | 00:30 |
| jtv | Try sudo'ing to the user “postgres” | 00:30 |
| jtv | (It's the PostgreSQL equivalent of root) | 00:30 |
| harushimo | sudo postgres -U | 00:31 |
| harushimo | or sudo postgres | 00:31 |
| harushimo | I may have to do a reinstall of the system | 00:32 |
| harushimo | luckily I don't have anything on it | 00:32 |
| pdtpatrick | jtv: I'm not seeing any errors | 00:32 |
| harushimo | I want to know if there is a way to fix maas | 00:32 |
| jtv | pdtpatrick: depending on the version you have, there may be a “Retry commissioning” button on the node's page. | 00:33 |
| pdtpatrick | jtv: so here's the node page: http://cl.ly/19452c2d3M1B3S0Z1J2j and here's the page when i click on edit: http://cl.ly/3S2R1Y43132M1D11291O | 00:33 |
| jtv | harushimo: it's a very young project still, so a lot of this will have to mature over time. | 00:33 |
| * jtv follows links | 00:33 | |
| harushimo | thats okay | 00:33 |
| harushimo | I just want to get a basic cloud setup | 00:34 |
| pdtpatrick | jtv: here's the version of maas i have | 00:34 |
| pdtpatrick | ii maas 0.1+bzr482+dfsg-0ub Ubuntu MAAS Server | 00:34 |
| * jtv juggles conversations | 00:34 | |
| harushimo | thanks guys. I'll be back on later | 00:34 |
| jtv | Good luck! | 00:34 |
| harushimo | thank you | 00:34 |
| jtv | pdtpatrick: I think that's pretty old… I haven't kept track of the packaging side of MAAS; any chance there's an upgrade available? | 00:35 |
| pdtpatrick | did a full system upgrade and no luck | 00:35 |
| jtv | In the original version, I think a node in this state is just stuck. | 00:36 |
| pdtpatrick | unless there's a ppa I'm unaware of | 00:36 |
| jtv | I can't think of one; maybe there's a backport. Daviey: do we have newer versions of MAAS available somewhere? | 00:36 |
| pdtpatrick | should i use this? : https://launchpad.net/~maas-maintainers/+archive/dailybuilds | 00:36 |
| === Arc_ is now known as a5m0 | ||
| jtv | pdtpatrick: that looks like the same version you have, actually. | 00:37 |
| jtv | pdtpatrick: do you have just the one node? | 00:38 |
| pdtpatrick | Version: 0.1+bzr482+dfsg-0ubuntu1 vs 0.1+bzr482+dfsg-0+557+50~precise1 | 00:38 |
| pdtpatrick | i have 7 nodes | 00:38 |
| pdtpatrick | http://cl.ly/0j0K2Q2S023E47081i1E | 00:38 |
| jtv | And all stuck in Commissioning? :( | 00:39 |
| jtv | What should have happened is this: | 00:39 |
| jtv | MAAS fires up the node. It boots and runs a small script. | 00:39 |
| jtv | The MAAS server provides some setup data to it over http. | 00:40 |
| jtv | Finally, the script contacts that same http service to signal that it's done commissioning and is now ready to use. | 00:40 |
| jtv | Pardon me: the script contacts that same http service to signal that it's done commissioning and *the node* is now ready to use. | 00:40 |
| jtv | (The Ready state means that a node is ready for a user to allocate it) | 00:41 |
| pdtpatrick | :( | 00:41 |
| jtv | What this may mean is that the node was unable to reach the MAAS service. | 00:41 |
| pdtpatrick | aahh the daily build was different than mine | 00:42 |
| jtv | Then I guess the daily build comes off trunk (lp:maas) rather than the 1.0 branch we released with the 12.04 CD. | 00:42 |
| pdtpatrick | http://cl.ly/033t1A1v3D013z163u2R | 00:42 |
| jtv | That's a much newer version. There are some schema changes; I hope the installation script will know how to apply them. | 00:43 |
| pdtpatrick | i can see that now | 00:43 |
| jtv | Yup, that's from trunk. | 00:43 |
| jtv | In that version, you should have a “Retry commissioning” option on the node page. | 00:44 |
| pdtpatrick | don't see that | 00:44 |
| jtv | Do you get the “Delete node” option? | 00:44 |
| pdtpatrick | http://cl.ly/3k0U40461L1h1Z1z083H | 00:44 |
| pdtpatrick | yup | 00:44 |
| jtv | Ah, I'm being dense again. The retry option only appears when commissioning has actually _failed_, and we don't time it out yet if it never finishes. | 00:45 |
| pdtpatrick | should i check in /var/log/maas to see if anything is happening ? | 00:45 |
| jtv | Always good to have a look. | 00:46 |
| pdtpatrick | I'm looking at maas.log and pserv.log and txlongpoll.log | 00:46 |
| jtv | In particular, see if you can find an http log that shows requests to MAAS. Look for the /metadata/ path. | 00:46 |
| pdtpatrick | tail -f shows nothing happening | 00:46 |
| jtv | That's not surprising. | 00:46 |
| jtv | The txlongpoll.log is of no interest; it's basically for ajax interaction in the UI. | 00:47 |
| jtv | The pserv.log is for the provisioning server. That's the component that (using another product called Cobbler) fires up the node. | 00:47 |
| pdtpatrick | http://cl.ly/2u331N1J2p2q3f2h3v0r | 00:47 |
| jtv | MAAS did succeed in turning the nodes on, right? | 00:47 |
| pdtpatrick | there's my apache2 log | 00:47 |
| jtv | (Maybe we should add a favicon.ico just to shut up those errors) | 00:48 |
| pdtpatrick | Here's what i did - i installed the maas server according to the guide, i logged into the UI, added nodes and its being stuck on commissioning since | 00:48 |
| jtv | Did MAAS manage to power up the nodes? | 00:49 |
| pdtpatrick | when u say power? are u expecting a VM to be running somewhere? like in KVM or xbox ? | 00:50 |
| pdtpatrick | vbox* | 00:50 |
| pdtpatrick | i c this in settings | 00:51 |
| pdtpatrick | http://cl.ly/0U0M1B0j3b0G2w2P2X44 | 00:51 |
| jtv | No, but MAAS needs to turn those machines on in order to control what image they boot into. | 00:51 |
| jtv | Now, if you turned those machines on by hand before adding them to MAAS and then left them on, then just rebooting them by hand may do the trick. | 00:52 |
| pdtpatrick | in that case, how can i check a machine is turned on is what confuses me. Unless maas gives you a vnc console like KVM and I'm supposed to connect to some node. I also only know the MACs of the servers | 00:52 |
| jtv | pdtpatrick: wait, are these virtual or physical machines? | 00:53 |
| pdtpatrick | hmmmm i think the docs didn't explain something. It sounds like ur asking whether i have a physical server setup to listen to maas to be provisioned | 00:53 |
| jtv | No, just whether these are physical machines we're talking about, or whether these nodes are virtual machines. | 00:54 |
| pdtpatrick | jtv: i've not setup any physical or virtual sever which is why i was asking whether maas creates these VMs or is it expecting a machine to be running virtual box or a physical machine with those specific macs that it can go ahead and provision | 00:54 |
| jtv | Ah! Yes, in order to manage servers, you need servers. | 00:54 |
| pdtpatrick | Okay so there's no machine -- i've not setup anything besides entering the MACs on the UI | 00:54 |
| jtv | Well that explains why MAAS isn't hearing from those servers. :) | 00:55 |
| pdtpatrick | haha wow -- i think the docs should have explained that :) | 00:55 |
| jtv | MAAS is meant to manage physical servers, with as one application, the ability to deploy cloud infrastructure on those machines. | 00:55 |
| jtv | I sort of assumed that that would be documented somewhere as well! | 00:55 |
| pdtpatrick | i was thinking it is like AWS where it'll fire up an instance and then give u access to it | 00:56 |
| pdtpatrick | well - that solves that confusion | 00:56 |
| jtv | Yeah. :) | 00:56 |
| jtv | It's _similar_ to AWS, but it manages proper metal. | 00:56 |
| jtv | (Hence the name: it manages metal, as a service) | 00:56 |
| pdtpatrick | good point :) | 00:57 |
| pdtpatrick | hmmm back to the drawing board. Now I'm not sure what the advantage is using this plus openstack vs using servers managed by puppet + mcollective | 00:57 |
| jtv | If you've got a minute, I'll file a bug for this and perhaps you can add a quick story of how you got to setting up a MAAS installation without getting presented with the basics along the way? | 00:57 |
| pdtpatrick | jtv: will try and do that | 00:58 |
| jtv | OK, just a mo' | 00:58 |
| pdtpatrick | thanks again | 00:59 |
| jtv | There goes my alarm clock. Scared the life out of me. | 01:00 |
| jtv | pdtpatrick: if you would just add the details here: https://bugs.launchpad.net/maas/+bug/1000509 | 01:01 |
| uvirtbot | Launchpad bug 1000509 in maas "Basics not explained?" [High,Triaged] | 01:01 |
| jtv | (You have a Launchpad account?) | 01:01 |
| pdtpatrick | yup | 01:01 |
| jtv | Great. Thanks for your patience! | 01:02 |
| pdtpatrick | jtv: added | 01:06 |
| pdtpatrick | Thanks for you help | 01:06 |
| jtv | Thanks. About the advantage over servers managed by puppet etc., I'm not a sysop and have very little experience with those, but I think the key thing is that you don't just set up servers, manage them, and deploy services on them; you get a pool of servers that you can deploy to specific tasks from the central command line. | 01:06 |
| jtv | Or, from the UI, you can allocate servers (or have your users allocate servers), use them, and later release them to the pool again. | 01:07 |
| pdtpatrick | that could be interesting | 01:07 |
| pdtpatrick | does maas have to control the DHCP server ? | 01:08 |
| pdtpatrick | I'm guessing it would since it needs to set up the params for PXE booting ? | 01:08 |
| pdtpatrick | most places already have DHCP server so I'm just wondering how is it going to listen on the network to grab those MACs entered in the UI | 01:09 |
| pdtpatrick | I guess for now I'm best to just follow the project until it is more mature | 01:10 |
| jtv | That's pretty much in a nutshell. I'm pretty sure we've got a work item in the backlog to make it work with an external DHCP server. | 01:10 |
| pdtpatrick | Yup - is there some mailing or newsletter i could follow ? | 01:10 |
| jtv | There's a mailing list — hang on, I'll dig it up. | 01:10 |
| jtv | maas-devel@lists.launchpad.net is the public development mailing list. | 01:11 |
| jtv | It's still pretty quiet; we do most of the work on IRC. | 01:12 |
| pdtpatrick | in here or a different room ? | 01:14 |
| jtv | A bunch of rooms, to be honest, some private. | 01:15 |
| pdtpatrick | i c | 01:15 |
| pdtpatrick | well i'll just try to keep with what I can get my hands on. | 01:15 |
| pdtpatrick | Thanks again | 01:15 |
| jtv | Now, this stuff is out in the open and we want it to be transparent, so feel free to prod us. | 01:15 |
| pdtpatrick | You got it | 01:16 |
| * jtv is dismayed by the volume of his inbox | 01:16 | |
| jtv | pdtpatrick: thanks for playing with it and giving us your feedback. That's important for getting it more mature. I'll move on to that inbox now! | 01:17 |
| pdtpatrick | You're welcome. Take care | 01:17 |
| three18ti_ | how would I configure bind9 for a local network? I would like to address my computers by name, so I attempted to to add the following record http://pastebin.com/dAZegGsY | 01:24 |
| three18ti_ | but I get a server fail when I attempt to dig the address | 01:24 |
| three18ti_ | /etc/bind/named.conf.local looks like this http://pastebin.com/j40z0Ht3 | 01:25 |
| three18ti_ | ok, just restarted bind and it seems to work...? | 01:27 |
| === Resistance is now known as LordOfTime | ||
| stgraber | hallyn: http://paste.ubuntu.com/991691/ | 02:22 |
| stgraber | hallyn: that seems easier to SRU than lxc-ip ;) | 02:22 |
| stgraber | it's abusing the netns function of ip a tiny bit, but well, it works ;) | 02:22 |
| twb | stgraber: is that a new thing? I'm still on 2.6.32 here, and I haven't noticed "ip netns" | 02:34 |
| twb | You should double-quote "$1" and probably error out if lxc-info exits unsuccessfully. | 02:35 |
| stgraber | twb: patch was submitted to iproute a year ago, so maybe 11.10 already had it, otherwise it's new in 12.04 | 02:36 |
| stgraber | twb: yeah, the script was meant as a proof of concept for hallyn more than something I'd really use ;) checking that the container indeed exists and is running, as well as ensuring you're root would be useful at least | 02:37 |
| hallyn | stgraber: oh right, I remember eric mentioning that ip supported that. | 02:38 |
| hallyn | stgraber: cool. I'll leave it in your capable hands :) | 02:38 |
| stgraber | hallyn: yeah, I've noticed it a few months ago on 12.04 but didn't try to use it with lxc, turned out it's really quite simple ;) | 02:38 |
| twb | Okey dokey | 02:38 |
| hallyn | do yo uwant to switch it out for q too? | 02:39 |
| stgraber | hallyn: not sure for Q, for P it seems like we can get away with just a 2-3 lines delta which should be much easier to SRU | 02:40 |
| hallyn | (btw if you want me to follow up on it that's fine, just tell me :) | 02:40 |
| hallyn | it's probably more robust to re-use ip... not that i can see much going wrong with using sys_setns from python | 02:41 |
| nathwill | i just bought one of these: http://www.newegg.com/Product/Product.aspx?Item=N82E16816401170 and 12.04 can't see it... any advice? | 02:42 |
| stgraber | hallyn: right, looking at lxc-ip's code, I think it'd be better for now to switch to using "ip netns" on both precise and quantal. I think we should also add a function to the API to retrieve all IPs from the container's network namespace so we can get that into lxc-info and the python module | 02:45 |
| nathwill | specifically, it can't see the nic. | 02:45 |
| stgraber | hallyn: or if you don't want that kind of code in the C library, it should be easy enough to do with ns_attach/execute_in_container from the python code (or in the C code of the python module) | 02:46 |
| hallyn | stgraber: yeah i'm not sure it needs to be in the c library. it's not dependent on anything in liblxc. But either way | 02:48 |
| hallyn | OTOH | 02:50 |
| hallyn | stgraber: I need to run soon, but I don't like the ln -s into /run/netns/$1 | 02:50 |
| hallyn | racy | 02:50 |
| hallyn | manpage says that's for named netns. But the name == the pid, so it seems like it should work just using the pid without that file? | 02:51 |
| stgraber | hallyn: apparently ip doesn't support "netns exec PID", only "netns exec NAME" | 02:52 |
| stgraber | though I can symlink to anything I want, including the pid | 02:52 |
| hallyn | stgraber: better to tmpfile that then | 02:53 |
| esuave | how come my server has a static IP set but every once in a while it looses its IP and pulls a dhcp IP | 02:54 |
| stgraber | hallyn: indeed, a random name is probably be best to avoid the (unlikely) race | 02:54 |
| hallyn | stgraber: yeah i guess that addresses my concern | 02:54 |
| hallyn | cool, thanks :) | 02:55 |
| hallyn | good night | 02:55 |
| stgraber | hallyn: I'll have a look at SRUing this tomorrow (well, putting it somewhere in the SRU queue) | 02:56 |
| hallyn | stgraber: wait there's another one waiting for SRU I think | 02:56 |
| stgraber | hallyn: and will also fix Jibel's bug in the process (package conflict) | 02:56 |
| stgraber | yeah, we have one in proposed currently, so I'll have this one ready to be pushed to -proposed once the other one has cleared | 02:57 |
| hallyn | ok cool - thanks | 02:57 |
| hallyn | good night | 02:57 |
| stgraber | good night | 02:57 |
| esuave | what does this mean? ADDRCONF(NETDEV_UP): eth0: link is not ready | 03:02 |
| nathwill | oh nm, haha. this damn thing is IPMI.. | 03:29 |
| nathwill | urgh | 03:29 |
| three18ti_ | how do I configure a secondary "storage' network? I set eth1 to address 10.10.10.1/2 and netmask 255.255.255.0 w/o gateway and am able to ping 1/2 from that machine but cannont ping 2/1 | 03:46 |
| twb | Uh, what? | 03:47 |
| twb | Oh I see, that's not a CIDR. | 03:47 |
| twb | three18ti_: do not use 1.2.3.4/5 notation, because the /x aready means something else. | 03:47 |
| three18ti_ | oh, yea. sorry. | 03:48 |
| three18ti_ | I mean I have two machines 10.10.10.1 and 10.10.10.2 (n/s 255.255.255.0) connected directly on eth1 | 03:48 |
| three18ti_ | I can ping 1 from 1 and 2 from 2 put I can't ping 2 from 1 and vice versa | 03:49 |
| twb | They can't BOTH be directly connected. | 03:53 |
| twb | Do you have a switch, or a hub, or what | 03:54 |
| three18ti_ | so, eht0 is connected to a switch -> router -> internet | 03:54 |
| twb | eth0 of which host | 03:54 |
| three18ti_ | I would like eth1 to be a private "storage" network, but don't have a second switch yet, so I have my two machines directly connected with a patch cable. | 03:55 |
| three18ti_ | both. both hosts are connected on eth0 to the internet. | 03:55 |
| three18ti_ | eth1 should be isolated from the internet. | 03:55 |
| twb | I still don't follow. Please sketch an ascii-art diagram and pastebin it | 03:56 |
| three18ti_ | ok. | 03:56 |
| twb | http://paste.debian.net/169201/ is an example of what I mean (yours need not be so elaborate) | 03:57 |
| three18ti_ | http://pastebin.com/7a5TK0H7 | 04:00 |
| three18ti_ | not exactly like your example. Let me know if I'm still unclear. | 04:01 |
| three18ti_ | I need to switch monitors around, so if I disconnect I'll be right back, | 04:03 |
| twb | OK so IIUC you have a normal switched 192.168/16 private network, and you want to additionally hook up a point-to-point connection over separate cables going into separate ethernet ports in the back of Machine1 and Machine2? | 04:07 |
| three18ti_ | ok, that was fun... | 04:13 |
| three18ti_ | twb, did that diagram make sense? | 04:14 |
| twb | OK so IIUC you have a normal switched 192.168/16 private network, and you want to additionally hook up a point-to-point connection over separate cables going into separate ethernet ports in the back of Machine1 and Machine2? | 04:17 |
| three18ti_ | yes. | 04:18 |
| three18ti_ | in the future, I would like this to be a dedicated network, but for the time being it's just a point to point connection. | 04:19 |
| twb | OK so just run a cable between them, and do ip link set eth1 up; ip address add dev eth1 brd + 10.10.10.1 peer 10.10.10.2 | 04:20 |
| twb | Er, sorry, of course "brd +" is not needed on a point-to-point link | 04:20 |
| three18ti_ | on both machines? | 04:21 |
| three18ti_ | linkseteth1 ip; ip address add dev eth1 10.10.10.1 peer 10.10.10.2 | 04:22 |
| twb | On the second machine the IPs would be reversed | 04:22 |
| three18ti_ | linkseteth1 ip; ip address add dev eth1 10.10.10.2 peer 10.10.10.1 | 04:22 |
| twb | I don't nkow what "linkseteth1 ip" is; I said "ip link set eth1 up" | 04:22 |
| three18ti_ | ip link set eth1 ip; ip address add dev eth1 10.10.10.2 peer 10.10.10.1 | 04:23 |
| three18ti_ | yea, apparently I can't type... | 04:24 |
| twb | *up* not *ip* | 04:24 |
| three18ti_ | ok, wow. thanks! :) | 04:24 |
| twb | And you might need to double-check the "peer" part; I usually just use /30's or so. | 04:24 |
| twb | The ip a add should set up the route automatically; otherwise you'll also need to use ip r | 04:25 |
| === Gallomimia_ is now known as Gallomimia | ||
| mr-rich | Ok, I'm setting up an Ubuntu web server. What is the best free (GPL'd) web control pannel software? | 04:35 |
| three18ti_ | i just installed webmin today. it's relatively painless to install. Not pretty, but it is functional. | 04:35 |
| mr-rich | three18ti: Ubuntu doesn't support Webmin | 04:36 |
| three18ti_ | tell that to... me... | 04:36 |
| mr-rich | I just did ... :) | 04:36 |
| three18ti_ | http://www.webmin.com/deb.html | 04:37 |
| three18ti_ | Well, you should tell my computers that it doesn't work... | 04:37 |
| three18ti_ | literally added the repos, updated the key, and apt-get installed it... | 04:37 |
| three18ti_ | http://i.imgur.com/FGbYO.png | 04:39 |
| three18ti_ | mr-rich, ^ | 04:39 |
| twb | I have maintained webmin modules, and in my professional opinion "it is functional" is an outrageous lie. | 04:43 |
| twb | It is, as best, marginally less bumbling than a FNG sysadmin | 04:43 |
| three18ti_ | well, as you can see, I've installed it three hours ago. So I cannot attest to the functionality of the product. | 04:44 |
| three18ti_ | */I've/I/ | 04:45 |
| three18ti_ | what do you like twb? | 04:45 |
| twb | Learning to use the bloody system. | 04:46 |
| linocisco | twb, what is bloody system? | 04:46 |
| twb | linocisco: the ubuntu server that you're tasked with babysitting | 04:46 |
| linocisco | twb, ok | 04:47 |
| three18ti_ | twb, what about for reselling web services? Unfortunately, you can't expect your customers to know what they're doing and expect to make money. | 04:56 |
| twb | That industry can die in a fire. | 04:57 |
| three18ti_ | twb, +1... but it pays my rent... | 04:59 |
| three18ti_ | I work for a data centre that started as a web hosting company... we do some bass ackwards $4!t... | 04:59 |
| twb | FWIW in that situation, we wrote a little in-house python WHCP that was hard-coded to do what we needed and nothing more. | 05:01 |
| twb | Which I'm not happy about, but I'm a lot less unhappy about it than I was about webmin | 05:02 |
| three18ti_ | ... I hate RHE/CentOS... (don't mind Fedora) but cPanel is not... horrible. I support mostly WebSitePanel and Helm though... :( | 05:03 |
| twb | cpanel is horrible | 05:04 |
| twb | It even ships its own broken apache instead of using the distro's one. | 05:04 |
| three18ti_ | haha, you're just a hater. :P seriously though, what's so horrible about cPanel? it's certainly better than Webmin. | 05:06 |
| twb | three18ti_: 15:04 <twb> It even ships its own broken apache instead of using the distro's one. | 05:09 |
| twb | And there was this "easy_apache" thing that got in the way | 05:09 |
| three18ti_ | it ships with an independent web server so if there is an issue with the apache config, you can still access the CP. what's so "broken" about it? I agree with you about easy_apache... it's a pain in the ass. but as long as you use easy_apache you won't break cPanel (don't even get me started on this). | 05:11 |
| three18ti_ | so yea, I agree, there's lots of problems with it. but I challenge you to name a "good" control panel. | 05:12 |
| three18ti_ | I'm just trying to understand your point of view. | 05:13 |
| twb | My point is there is *no* good WHCP. And it's impossible to build one, because the very idea that a piece of software can take an incompetent user's requests and convert them into competent sysadmin actions, is absurd. | 05:18 |
| twb | If the user wants to learn, give them the CLI. If the user doens't want to learn, let them pay for a competent human operator. | 05:19 |
| three18ti_ | I can agree with that. Very astute. | 05:19 |
| twb | If there are security reasons to prevent them getting a root shell, then a WHCP is... probably not the best way to enact that security policy. | 05:20 |
| three18ti_ | it's like I always say, wordpress is a remote shell with a neat blog feature. | 05:25 |
| blendedbychris | how can i check if nfs service is running ? | 05:31 |
| blendedbychris | http://gluster.org/pipermail/gluster-users/2010-November/005685.html | 05:31 |
| blendedbychris | having a issue related to that | 05:31 |
| twb | blendedbychris: nfs kernel server? | 05:31 |
| blendedbychris | ya | 05:31 |
| twb | It will be listed in /proc/mounts | 05:32 |
| twb | Oh sorry, brain fart | 05:32 |
| twb | rpcinfo -p localhost will mention it, at least | 05:32 |
| twb | exportfs will mention specific exports I think | 05:33 |
| blendedbychris | twb: The program 'exportfs' is currently not installed. You can install it by typing: | 05:33 |
| blendedbychris | apt-get install nfs-kernel-server | 05:33 |
| twb | yes, if you run exportfs without -r it queries the current state of affairs | 05:33 |
| twb | blendedbychris: if that package is not installed, you definitely don't have a an NFS server running | 05:33 |
| blendedbychris | twb: well | 05:33 |
| blendedbychris | http://pastie.textmate.org/private/wbz1tqczepsuc7gtdkoqzq | 05:33 |
| pdtpatr1ck | in cluster theres an option to enable nfs | 05:33 |
| pdtpatr1ck | it is disabled by default | 05:34 |
| pdtpatr1ck | u need to turn that on | 05:34 |
| blendedbychris | pdtpatr1ck: i've enabled it | 05:34 |
| pdtpatr1ck | r u using version 3 of NFS or version 4 ? | 05:34 |
| twb | I am discussing *actual* NFS; I don't know anything about gluster "pretending" to be an NFS server or whatever | 05:34 |
| blendedbychris | yes | 05:34 |
| blendedbychris | twb: does that look like a nfs server trying to be run though? the last line maybe? | 05:34 |
| blendedbychris | twb: i understand that btw :) | 05:35 |
| twb | http://paste.debian.net/169208/ is an active lucid NFSv3 kernel server | 05:35 |
| blendedbychris | i just wasn't sure if nfs-server was hidden somewhere considering that post references a "kernel" nfs service | 05:35 |
| pdtpatr1ck | http://www.gluster.org/community/documentation/index.php/Gluster_3.2:_Using_NFS_with_Gluster | 05:35 |
| twb | quota and lock services are TECHNICALLY not required, but it would be unusual for them to be absent | 05:35 |
| twb | NFSv4 of course has additional gssapi/krb stuff | 05:36 |
| twb | pdtpatr1ck: have you spoken to the gluster people about it? | 05:36 |
| blendedbychris | pdtpatr1ck: i have that set to off | 05:36 |
| twb | Sorry, wrong nick | 05:36 |
| blendedbychris | twb: ya i'm bugging them | 05:36 |
| blendedbychris | but i figured i'd ask the rudimentary "is nfs running" question in here heh | 05:36 |
| mr-rich | wow ... webmin seems a bit ... overkill | 05:37 |
| pdtpatr1ck | so let me understand ur issue -- ur using glusterfs and trying to mount the gluster shares as NFS right ? | 05:37 |
| blendedbychris | pdtpatr1ck: indeed | 05:37 |
| pdtpatr1ck | u don't need NFS-kernel-server | 05:37 |
| blendedbychris | pdtpatr1ck: right... | 05:38 |
| pdtpatr1ck | you just need the glusterfs package and nfs.enable should be on | 05:38 |
| pdtpatr1ck | then u would run mount.nfs -o vers=3 and then the rest of ur setup | 05:38 |
| blendedbychris | [2012-05-17 00:26:12.71863] C [nfs.c:240:nfs_start_subvol_lookup_cbk] 0-nfs: Failed to lookup root: Input/output error | 05:39 |
| blendedbychris | [2012-05-17 00:29:03.552540] E [nfs3.c:724:nfs3_getattr] 0-nfs-nfsv3: Failed to map FH to vol | 05:39 |
| pdtpatr1ck | cluster volume info <vol-name> | 05:40 |
| pdtpatr1ck | damn auto correct | 05:40 |
| pdtpatr1ck | s/cluster/gluster | 05:41 |
| blendedbychris | http://pastie.textmate.org/private/2dyi2vaeqmye7ptvazhrq | 05:41 |
| blendedbychris | this has me somewhat concerned [2012-05-17 00:26:12.71806] I [afr-self-heal-common.c:705:afr_mark_sources] 0-srv-replicate-0: split-brain possible, no source detected | 05:41 |
| pdtpatr1ck | r u able to mount using the mount.gluster option ? | 05:42 |
| blendedbychris | let me try again… i wasn't able to earlier | 05:42 |
| blendedbychris | ah | 05:43 |
| blendedbychris | pdtpatr1ck: yes but i get -bash: cd: /srv.gluster: Input/output error | 05:43 |
| blendedbychris | [2012-05-17 00:43:10.513155] I [afr-self-heal-common.c:705:afr_mark_sources] 0-srv-replicate-0: split-brain possible, no source detected | 05:43 |
| blendedbychris | is related | 05:43 |
| blendedbychris | [2012-05-17 00:43:07.409932] W [fuse-bridge.c:419:fuse_attr_cbk] 0-glusterfs-fuse: 2: LOOKUP() / => -1 (Input/output error) | 05:44 |
| pdtpatr1ck | does ur status say created? when u run volume info ? | 05:44 |
| blendedbychris | says "Started" | 05:44 |
| blendedbychris | fwiw these two bricks are empty | 05:44 |
| pdtpatr1ck | does lsmod show the driver? | 05:44 |
| blendedbychris | driver? | 05:45 |
| pdtpatr1ck | try "modproble cluster" | 05:45 |
| pdtpatr1ck | whoops | 05:45 |
| pdtpatr1ck | "modprobe gluster" | 05:45 |
| blendedbychris | FATAL: Module gluster not found. | 05:45 |
| pdtpatr1ck | u don't have gluster installed on the client then | 05:45 |
| blendedbychris | i don't think that's true | 05:46 |
| pdtpatr1ck | does gluster --version show anything ? | 05:46 |
| blendedbychris | yes | 05:46 |
| blendedbychris | plus i'm using the cli? | 05:46 |
| pdtpatr1ck | is fuse loaded ? | 05:46 |
| pdtpatr1ck | "modprobe fuse" && dmesg | grep -i fuse | 05:46 |
| twb | !ur | 05:46 |
| ubottu | U is the 21st letter of the modern latin alphabet. Neither 'U' nor 'Ur' are words in the English language. Neither are 'R', 'Y', 'l8', 'ryt', 'Ne1' nor 'Bcuz'. Mangled English is hard for non-native English speakers. Please see http://geekosophical.net/random/abbreviations/ for more information. | 05:46 |
| blendedbychris | modprobe fuse returns nothing | 05:47 |
| blendedbychris | [ 1.283854] fuse init (API version 7.17) | 05:47 |
| nathwill | wat? | 05:48 |
| blendedbychris | welcome back? | 05:48 |
| pdtpatrick | switched to computer i have gluster running on | 05:48 |
| blendedbychris | fuse is running | 05:49 |
| blendedbychris | modprobe fuse | 05:49 |
| blendedbychris | [ 1.283854] fuse init (API version 7.17) | 05:49 |
| pdtpatrick | okay | 05:49 |
| pdtpatrick | type "mount." and press tab | 05:49 |
| pdtpatrick | is gluster one of your options ? | 05:49 |
| blendedbychris | i have glusterfs, nfs, fuse | 05:49 |
| blendedbychris | yes | 05:49 |
| blendedbychris | otherwise i wouldn't have been able to mount -t glusterfs :) | 05:49 |
| twb | Grumble intermitting non-breaking spaces, grumble | 05:50 |
| blendedbychris | i think this split brain crap is throwing off | 05:50 |
| blendedbychris | pdtpatrick: care to take this in #gluster | 05:50 |
| pdtpatrick | sure -- those guys know a lot more than i do but let's talk there. | 05:50 |
| blendedbychris | twb seems to want a dead chan :) | 05:51 |
| twb | blendedbychris: I want people to stop writing IRC clients that automatically convert " " into " " | 05:53 |
| twb | (Where is a non-breaking space, but I assume you can't actually SEE them because if you could, you would fix your IRC client.) | 05:53 |
| blendedbychris | twb: ah. i thought you were referring to the multiple lines of thought | 05:54 |
| blendedbychris | it's adium, i'm sure it sucks | 05:54 |
| twb | blendedbychris: well yo uclaim to be using libpurple | 05:54 |
| twb | I mean, if you're going to pretend that IRC is HTML, and want to force whitespace folding, at least do five in a row instead of interposing non-breaking and regular spaces :-/ | 05:55 |
| twb | >rage< | 05:55 |
| twb | *forcibly prevent whitespace folding | 05:55 |
| three18ti_ | ok... I'm an idiot... I've followed these destructions: https://help.ubuntu.com/community/SettingUpNFSHowTo | 06:07 |
| three18ti_ | when I attempt to write to my mounted nfs partition I get a permission denied. | 06:07 |
| three18ti_ | I mounted as root and am attempting to write as root... | 06:07 |
| three18ti_ | will need to also be able to write as libvirt user | 06:08 |
| three18ti_ | machine1 from before is the storage machine and machine2 is the KVM hypervisor. | 06:09 |
| twb | three18ti_: if this is just to push data from one host to another temporarily, just use scp or rsync | 06:09 |
| three18ti_ | twb, ^ machine1 from before is the storage machine and machine2 is the KVM hypervisor. | 06:09 |
| three18ti_ | is there a better solution than nfs? | 06:09 |
| twb | Not really | 06:10 |
| twb | Rule #1 of network filesystems is: they all suck. They especially suck at locking, and they also suck at authentication. (Except for kerberized ones, which get auth right, but are a royal pain to configure and babysit.) | 06:10 |
| twb | Some VM technologies use a sort of fake filesystem implemented in both the host and guest kernels, to exchange data without using the network stack. e.g. vmware has hgfs. AFAIK this is not available for KVM at this time. | 06:11 |
| twb | If you are on a trusted network, I suggest you avoid NFSv4 and stick to NFSv3 which is much simpler to get going | 06:13 |
| three18ti_ | well, cloudstack uses NFS for its KVM storage. I've gotten it to work there, but now I'm trying to do it manually... | 06:13 |
| three18ti_ | sure, got a link on NFSv3? | 06:13 |
| twb | Try the ubuntu server guide | 06:13 |
| twb | basically just install nfs-kernel-server and write an exports(5) line; and on the other box install nfs-common and write an fstab(5) line | 06:13 |
| three18ti_ | lol 8.04 is the first google link. | 06:13 |
| twb | three18ti_: /topic | 06:14 |
| three18ti_ | lol, that's 10.04 | 06:14 |
| three18ti_ | fortunately, the version is canonicalized in the link. | 06:15 |
| twb | Shrug. | 06:15 |
| yaboo | has anyone used mgetty+sendfax | 06:26 |
| KXTwo | Hi everyone, I just installed ubuntu server on an old machine I had ubuntu desktop on. For some reason eth0 is down, even when I use ifconfig to set it to up, I does not connect to my router, when I reboot eth0 is set back to down | 06:31 |
| twb | KXTwo: pastebin your /etc/network/interfaces | 06:36 |
| KXTwo | twb: It just had lo in there | 06:47 |
| KXTwo | I just added eth0 in there | 06:47 |
| KXTwo | but now my system is hanging out waiting for network configuration | 06:47 |
| twb | it should be auto lo eth0; iface lo inet loopback; iface eth0 inet dhcp | 06:47 |
| twb | ...more or less | 06:47 |
| KXTwo | yes hold on ill show you what I have | 06:48 |
| KXTwo | twb: here is a dumb question that I SHOULD know | 06:48 |
| KXTwo | I can set a static ip address outside the range of dhcp on my router right? | 06:48 |
| twb | I'm not stopping you | 06:48 |
| KXTwo | twb: ok I found a typo. | 06:50 |
| KXTwo | rebooting | 06:50 |
| three18ti_ | IDK WTF, but purging and reinstalling nfs seems to have solved the problem... chock one up to the great ubuntu gods. | 06:52 |
| * three18ti_ shrugs | 06:52 | |
| three18ti_ | * s/nfs/nfs-kernel-server/ | 06:53 |
| twb | three18ti_: well, NFS and upstart do not play nice together IME | 06:53 |
| twb | three18ti_: so if you restarted recently that might have pissed it off | 06:53 |
| KXTwo | I hope this works, for some reason my ps2 keyboad wouldnt let me navigate the bios so had to switch to usb | 06:57 |
| KXTwo | twb: it worked, I just ahd a typo in my interfaces file. 15- istead of 150 | 06:58 |
| KXTwo | now for the hard part, setting up services! | 06:58 |
| three18ti_ | twb, fscking upstart... well, I was trying to get NFSv3 to work and was still getting errors, so I rebooted, had to hard power down, then after reboot upon still having errors, apt-get purge / apt-get install nfs-kernel-server and every thing seems to be kosher. | 07:02 |
| three18ti_ | > 500 MB xfer speeds via nfs and rsync | 07:02 |
| three18ti_ | (small files for a quick test... | 07:02 |
| three18ti_ | ) | 07:02 |
| three18ti_ | twb, thanks for the tip, | 07:03 |
| three18ti_ | mr-rich, see puppet http://docs.puppetlabs.com/learning/ | 07:07 |
| blendedbychris | is there an easy way to strace a set of pids based on their process name? | 07:07 |
| blendedbychris | like in one command instead of doing a ps aux and typing in the pids | 07:08 |
| blendedbychris | ah brilliant found something | 07:10 |
| blendedbychris | pidof apache2 |sed 's/\([0-9]*\)/\-p \1/g' | 07:10 |
| KXTwo | When I installed server, I opted for guided use entire disk and setup LVM. what is LVM though? | 07:12 |
| KXTwo | I know it stands for logical volume management and as Im raeding about it, it sounds like I didn't need itk, I only have one harddrive in there | 07:14 |
| twb | LVM is useful if you don't know /a priori/ how much space a filesystem will need. | 07:15 |
| twb | i.e. it's pretty much always useful | 07:15 |
| twb | In the simplest case, you probably want to keep your OS (/) and user data (/home) on separate filesystems, and so LVM is still useful to avoid reserving too much or too little space for the OS | 07:16 |
| KXTwo | twb: oh I dont think tahts how im setup at all | 07:16 |
| KXTwo | twb: ive never done that before, where / and /home were different file systems | 07:17 |
| KXTwo | or at least if I had I was unaware | 07:17 |
| twb | KXTwo: well otherwise if you need to reinstall the OS, you have to take more care not to trash the user data | 07:19 |
| KXTwo | twb: something tells me that is a lesson I will learn the hardway | 07:19 |
| twb | Shrug | 07:19 |
| KXTwo | if thats what LVM does though why does it go with the option use entire disk? If you were going to have multiple partitions I could see it, but with just swap and primary it seems useless? | 07:20 |
| twb | Because partman's guided choices are crap | 07:21 |
| twb | The way you use LVM is you say "OK in the first six months, / will need about 2GB and /home will need about 8GB, so allocate those and leave the rest of the disk as unallocated LVM space" | 07:22 |
| twb | Then when your users whinge about needing more space, you grow /home to say 16GB | 07:22 |
| twb | If you use LVM and you allocate everything up-front, you have missed the point | 07:23 |
| twb | LVM is also useful for making temporary snapshots of filesystems, but this also requires (a little) unallocated space in the volume group | 07:23 |
| KXTwo | ahh server uses aptitude, I thought apt-get was taking that over | 07:26 |
| twb | Uh, you can use either on any ubuntu | 07:27 |
| twb | Historically aptitude had substantially better functionality; nowadays that is less noticable. apt-get still starts substantially faster. | 07:27 |
| KXTwo | I actually dont even know the syntax of apt-get lol | 07:28 |
| KXTwo | twb: in the past when ive updated via shell, I would type aptitude update then aptitude upgrade. This howto Im looking at changes it to aptitude update then aptitude dist-upgrade. Is there a difference? | 07:29 |
| twb | That's wrong. | 07:31 |
| KXTwo | which part? | 07:32 |
| KXTwo | I did it my way | 07:32 |
| twb | As at precise it should be "aptitude update"; "aptitude safe-upgrade" and "aptitude full-upgrade". | 07:32 |
| twb | The second will apply upgrades that do not require packages be removed; the third does not have that constraint. | 07:32 |
| twb | Historically, "safe-upgrade" was "upgrade", and "full-upgrade" was "dist-upgrade". | 07:32 |
| KXTwo | oh | 07:33 |
| twb | But as at precise the old command names should emit a warning | 07:33 |
| KXTwo | what do you recommend then | 07:33 |
| KXTwo | I did upgrade | 07:33 |
| KXTwo | then dist-upgrade but no packages were upgraded when i did | 07:33 |
| KXTwo | the second one | 07:33 |
| twb | In a released version, it would be unusual for full-upgrade to have any effect. | 07:33 |
| KXTwo | so my way is fine? | 07:34 |
| KXTwo | just update upgrade? | 07:34 |
| twb | Sure, whatever | 07:34 |
| KXTwo | lol | 07:34 |
| KXTwo | ok server question, during install i chose lamp. that means I already have the apache mysql and php packages right? | 07:35 |
| twb | NFI | 07:36 |
| blendedbychris | any idea why flock would hang on nfs? | 07:37 |
| twb | blendedbychris: nfs client or server | 07:37 |
| ARTSIOM | sorry, for asking it again, but I still can't make it work. here is my full conf file placed in /etc/init folder http://paste.org/49317 , but the app is still not starting on boot (but starting fine with "start app"). Am I missing smth? | 07:37 |
| KXTwo | the answer is yes lol | 07:37 |
| blendedbychris | twb: no idea? heh… i just see flock in my strace from a php app and it hangs | 07:37 |
| twb | ARTSIOM: that script should not work at all | 07:37 |
| blendedbychris | php can't write files because of this | 07:37 |
| ARTSIOM | twb: but it is for sure working when I am doing "service start torquebox" | 07:38 |
| ARTSIOM | twb: what is wrong with it? | 07:38 |
| twb | ARTSIOM: you should use this: exec su -u torquebox -c 'exec torquebox run >>/var/log/... 2>&1" | 07:38 |
| twb | ARTSIOM: well if it "works" it's only because you're running it as root | 07:39 |
| twb | ARTSIOM: that is, your sudo -i line doesn't do what you think | 07:39 |
| twb | ARTSIOM: I also encourage you to use syslog(3) or logger(1) to push log entries through the standard log infrastructure, instead of writing to log files directly. | 07:39 |
| blendedbychris | twb: you mentioned a bunch of stuff about locking… should i enable like a nolock option maybe? | 07:40 |
| ARTSIOM | twb: I have switched to "sudo -i -u", because of my previous problem: "can someone please explaine me how "su - user" command works. In documantation it is said that "-" option will "Provide an environment similar to what the user would expect had the user logged in directly.". But this is not the case for me on 12.04. When I am loging in directly with the user I have a $PATH, which differs... | 07:40 |
| ARTSIOM | ...from the one I get when login in with "su - user"" | 07:40 |
| twb | blendedbychris: that depends if you need locking | 07:40 |
| twb | blendedbychris: if you have exactly one NFS client, you probably do not need locking | 07:40 |
| twb | ARTSIOM: sorry, I don't care enough to help you further. | 07:41 |
| rcsheets | am I crazy, or should I see a hostname *and* an IP address on each "64 bytes from..." line when I "ping 74.125.224.81"? | 07:50 |
| rcsheets | e.g. "64 bytes from nuq04s07-in-f17.1e100.net (74.125.224.81): icmp_req=1 ..." | 07:50 |
| twb | That depends on the ping | 07:51 |
| twb | If there are appropriate forward/reverse resolutions, Ubuntu's ping appears to print both on each echo-reply. | 07:51 |
| rcsheets | ok, so if it's in DNS, it should show up? | 07:51 |
| twb | if you're resolving stuff via DNS, yes | 07:51 |
| twb | Check your resolv.conf and query the DNS server directly with dig, 7c &C | 07:52 |
| twb | &c &c, I mean | 07:52 |
| rcsheets | ok, so nsswitch has hosts set to "files dns" | 07:52 |
| rcsheets | and "host 74.125.224.81" gives me the right hostname | 07:52 |
| rcsheets | but if i ping 74.125.224.81, the hostname doesn't show up in the echo-reply output | 07:53 |
| twb | "getent hosts 74..." | 07:53 |
| rcsheets | fair point... | 07:53 |
| rcsheets | that returns the hostname | 07:53 |
| twb | Then I don't know why you aren't seeing it | 07:53 |
| twb | ping and getent hosts should be using the same syscalls | 07:53 |
| rcsheets | ok, so i'm not crazy (at least not because of this)? | 07:54 |
| twb | rcsheets: can you reproduce the issue for arbitrary IPs? | 07:54 |
| twb | What does ping say for 203.7.155.1 | 07:54 |
| rcsheets | well i'd call one of google's web servers pretty arbitrary, but sure i'll try that one | 07:54 |
| rcsheets | 64 bytes from 203.7.155.1: icmp_req=1 ttl=55 time=196 ms | 07:55 |
| rcsheets | etc | 07:55 |
| rcsheets | 'getent hosts ...' gives me alpha.cyber.com.au | 07:55 |
| twb | Yeah something is wrong there. Double-check that you get a PTR by other means. | 07:55 |
| rcsheets | 'host ...' also yields the hostname | 07:56 |
| twb | That is the correct PTR | 07:56 |
| rcsheets | DNS seems to be working fine, getent works fine, but whatever ping uses doesn't work fine | 07:56 |
| rcsheets | the actual reason i'm asking though is because this is happening on my mysql server (but also other servers), and that's bad because the users' host specifications are written as hostnames. | 07:56 |
| rcsheets | so it relies on getaddrinfo (or whatever) working properly | 07:56 |
| rcsheets | so access is denied right now for everyone, because the host-by-addr lookup fails | 07:57 |
| rcsheets | i would understand this if DNS were failing, but... i'm just really confused | 07:57 |
| twb | rcsheets: just in case: know that mysql hard-codes either "localhost" or "127.0.0.1" specially to mean "use sockets instead of ports" | 07:58 |
| rcsheets | yeah this is non-local | 07:59 |
| rcsheets | but a good thing to note. i've been bitten by that before. localhost is the one it forces to a socket. | 07:59 |
| twb | Where is your resolv.conf pointing? | 07:59 |
| rcsheets | my ISP's three recursors | 07:59 |
| rcsheets | 216.218.196.2, 65.19.175.2, and 65.19.176.2 | 07:59 |
| twb | If you're chrooted, /etc/resolv.conf might point to a different file | 07:59 |
| === Arc_ is now known as a5m0 | ||
| rcsheets | nothing is running chrooted. ping _certainly_ isn't. | 08:00 |
| rcsheets | and this is happening on multiple systems | 08:00 |
| twb | Try limiting it to a single resolver, or to 8.8.8.8 specifically. Check if nscd is running. | 08:00 |
| twb | It's also worth noting that ping is setuid | 08:00 |
| rcsheets | ah that's a good point | 08:00 |
| twb | And of course tcpdump | 08:01 |
| twb | And check logfiles :-) | 08:01 |
| rcsheets | nscd would be the process name, right? | 08:01 |
| twb | Dunno | 08:02 |
| rcsheets | ok, a system far away on a different network is doing the same thing (with ping) | 08:02 |
| twb | To make things extra interesting, sometimes things work only if nscd *is* running... | 08:02 |
| rcsheets | fully updated 64-bit lucid system | 08:02 |
| rcsheets | 64 bytes from 203.7.155.1: icmp_seq=1 ttl=49 time=331 ms | 08:03 |
| twb | Is this a contanier or openvz ve or anything like that? | 08:03 |
| rcsheets | the far-away system is virtual. the ones i was looking at before are one KVM virtual machine and one physical box | 08:03 |
| twb | That can cause bizarre issues due to different kernel than expected. | 08:03 |
| rcsheets | i will try another physical box | 08:03 |
| twb | KVM should be fine | 08:04 |
| rcsheets | same result pinging 203.7.155.1 | 08:04 |
| rcsheets | i'll try changing recursors | 08:04 |
| twb | Might also want to compare dig with and without that option that makes it do its own recursing | 08:05 |
| rcsheets | dig gives the same results regardless of my resolv.conf settings (modulo the info about where it connected, of course) | 08:05 |
| rcsheets | do you have a system where you can verify for sure that 'ping 203.7.155.1' shows the hostname on each echo-reply line? | 08:06 |
| rcsheets | btw i don't have nscd installed on any of these boxes | 08:07 |
| twb | rcsheets: yes, that happens here, on 203.7.155.1 :-) | 08:08 |
| rcsheets | "that" being the reverse lookup? | 08:08 |
| twb | Oh, crap | 08:09 |
| rcsheets | crap? | 08:09 |
| twb | OK, ignore everything I've said for the last twenty minutes | 08:09 |
| rcsheets | okay | 08:09 |
| twb | It looks up As but not PTRs | 08:09 |
| twb | http://paste.debian.net/169212/ | 08:10 |
| rcsheets | okay | 08:10 |
| rcsheets | so the results of 'ping' were a red herring, but mysql still seems to be broken. | 08:10 |
| rcsheets | for instance, from margaret.picosecond.org, connecting to kumquat.picosecond.org, i get | 08:11 |
| rcsheets | ERROR 1130 (HY000): Host '184.105.204.160' is not allowed to connect to this MySQL server | 08:11 |
| rcsheets | which is because 184.105.204.160 doesn't match any users' host patterns | 08:12 |
| rcsheets | but normally that wouldn't matter, because mysql would look up the hostname | 08:12 |
| twb | Have you asked #mysql about that? | 08:12 |
| rcsheets | no, i thought i had a general nss-related issue, because of the ping stuff | 08:13 |
| rcsheets | woah, wait a sec. i restarted mysqld and now it's okay?! | 08:14 |
| twb | IME when you are using <stupid thing>, it doesn't hurt to check with them if it's a known issue | 08:14 |
| rcsheets | i mean, i made a config change. i _turned logging on_. | 08:14 |
| rcsheets | you know, i wouldn't be the least bit surprised if whether logging is turned on somehow effects whether hostnames are looked up for new connections. | 08:14 |
| rcsheets | just because, well, mysql | 08:15 |
| twb | tell me about it | 08:15 |
| rcsheets | yeah, and now <random website that was broken> is now fine | 08:15 |
| rcsheets | what. the. FFFFFFFFFFFFF | 08:15 |
| twb | So the obviousl solution, is to have a cron job that restarts mysqld every ten minutes amirite | 08:16 |
| rcsheets | remind me to start charging extra for mysql databases. | 08:16 |
| twb | Not that I have ever been ordered to deploy such a solution, ohnono | 08:16 |
| rcsheets | ok, well i'm putting the laptop down for a bit and letting my brain relax now that i'm done with that | 08:18 |
| rcsheets | many thanks, twb, for talking through all that with me. | 08:18 |
| twb | No worries | 08:18 |
| rcsheets | even being wrong together about the behavior of ping is better than being wrong alone :) | 08:19 |
| twb | !beer | 08:21 |
| twb | Useless bots in #ubuntu-* :-/ | 08:21 |
| three18ti_ | twb, you wouldn't -DOWNLOAD- a -BEER- would you? | 08:27 |
| * rcsheets pours twb a cold beer | 08:29 | |
| rcsheets | also, here's a seahorse. http://i.imgur.com/ciTzp.jpg | 08:29 |
| twb | In separate steins, I trust | 08:32 |
| rcsheets | of course | 08:33 |
| samba35 | if i have to setup pexlinux what do i require on client side ? do i require bootrom on nic ? | 08:34 |
| blendedbychris | is there like an iotop ? | 08:35 |
| blendedbychris | indeed | 08:35 |
| twb | samba35: do you mean pxelinux? | 08:44 |
| samba35 | yes | 08:45 |
| nibalizer | 142 | 08:45 |
| nibalizer | thats waht you need | 08:45 |
| twb | If so, all you need is a PXE ROM. Most ethernet NICs ship with one onboard, you simply enable it in the BIOS. | 08:45 |
| twb | Otherwise, get either ipxe or gpxe, and bootstrap that from something else (e.g. CD or USB key). | 08:45 |
| samba35 | ok | 08:46 |
| samba35 | is ipxe boot over internet ? never heard of ipxe just read about gpxe | 08:47 |
| twb | ipxe is a fork of gpxe | 08:48 |
| twb | Each claims to be better than the other | 08:48 |
| samba35 | ahh ok | 08:48 |
| samba35 | twb, have you ever hard or is it possible to boot ubuntu desktop form (?)pxe from ubuntu server | 08:49 |
| samba35 | sorry just thinking of played very long time back on ltsp | 08:50 |
| twb | samba35: http://prisonpc.com | 08:50 |
| twb | That's an ubuntu desktop booted off PXE | 08:50 |
| samba35 | ok thank you | 08:51 |
| samba35 | have you ever tryed ? | 08:51 |
| samba35 | and sorry not a native english speaker | 08:52 |
| twb | samba35: PrisonPC is my product. | 08:53 |
| samba35 | ahhhhh | 08:54 |
| samba35 | can i send you pm ? | 08:54 |
| === Mez_ is now known as Mez | ||
| twb | Whatever | 08:57 |
| twb | Technical questions should be addressed to the channel. | 08:57 |
| blendedbychris | night guys | 08:58 |
| lynxman | morning o/ | 09:02 |
| linocisco | hi all | 09:17 |
| linocisco | how can I get myname@Ubuntu.com ? | 09:17 |
| linocisco | just by signing ubuntu COC? | 09:17 |
| nathwill | linocisco, need to be an ubuntu member | 09:22 |
| nathwill | https://wiki.ubuntu.com/Membership | 09:22 |
| linocisco | nathwill, can you check if I am already a member by seeing my page https://launchpad.net/~naymyowin ? I want to know what to do next | 09:23 |
| lynxman | jamespage: thanks for triaging, it was on my todo list for today :) | 09:25 |
| jamespage | lynxman, np | 09:25 |
| nathwill | linocisco, you'll need to read the section "prodedure for obtaining membership" | 09:25 |
| jamespage | lynxman, something weird going on with triggers for mcollective + plugins | 09:26 |
| lynxman | jamespage: I reckon its missing the option in the postinst | 09:27 |
| linocisco | nathwill, to my understanding, after signing COC, it was done. but now all changed | 09:31 |
| nathwill | linocisco... not to my knowledge. ubuntu membership has always been more involved | 09:31 |
| nathwill | signing the COC is a prereq, certainly... | 09:31 |
| rcsheets | a necessary condition, but not a sufficient condition | 09:33 |
| nathwill | linocisco: #ubuntu-community-team is more likely to have details | 09:35 |
| linocisco | nathwill, thanks | 09:35 |
| nathwill | linocisco: yw. glad you're interested :) | 09:36 |
| rcsheets | i have to admit, realvnc enterprise is pretty decent stuff | 09:41 |
| eagles0513875 | hey guys how can i setup my mail server to work with a different domain if i have a client that wants email hosting and restrict the Maildir accounts to their domain? as well as how can i set quotas on other users in regards to email except for my account | 11:02 |
| Mischinka | Is there anyway to install a package that is dependent libmysql16 on ubuntu 12.04 ? | 11:03 |
| Daviey | hey zul, fancy checking if the Dep is *needed*? https://launchpad.net/ubuntu/+source/routes/1.13-1/+build/3496282 | 11:05 |
| zul | Daviey: ack when i get in | 11:06 |
| Daviey | get in there! | 11:08 |
| Mischinka | hmm this APE Server installation is a pain on precise. | 11:09 |
| livtyler | Hello, can EAP and LDAP as a bind user store coexist without interfering with each other? | 11:14 |
| zul | Daviey: its in the archive so i dont know whats happening there | 11:19 |
| Mischinka | ANyone know how to get this libmysql16 on precise? | 11:25 |
| Daviey | zul: Are you kidding me? | 11:28 |
| zul | Daviey: too early in the morning | 11:30 |
| Daviey | zul: heh, ok. You had me there. | 11:30 |
| lollisoft | Hi, I have installed ubuntu server (cloud) on my Mac within VirtualBox using a 8GB disk. Then I installed open ssh and made a snapshot. Then after installing open jdk 6 and rebooting I got a grub error out of partition. Any help? | 11:40 |
| === matsubara-afk is now known as matsubara | ||
| brainysmurf | I need an afp share on ubuntu, what's the best package to use? | 12:45 |
| brainysmurf | the afp share comes from a mac | 12:46 |
| RoyK | netatalk | 12:47 |
| brainysmurf | I thought netatalk turns ubuntu into a server; I need a client to connect to afp server | 12:48 |
| RoyK | oh | 12:48 |
| RoyK | http://bit.ly/L2Ixwv | 12:49 |
| veet | Hi! I installed Ubuntu MaaS server, but I have Internal Server Error on http://my.ip.address/MAAS. Can you help me to solve this problem? | 12:52 |
| RoyK | veet: have you checked the apache logs? | 12:53 |
| brainysmurf | How about sharing via ssh? | 12:56 |
| RoyK | sshfs? | 12:57 |
| brainysmurf | I found sshfs, but can't get it installed ... | 12:58 |
| RoyK | brainysmurf: does the server *only* support afp? | 12:58 |
| brainysmurf | RoyK: no, anyway I'm root there | 12:58 |
| RoyK | then using something else would possible be desirable | 12:58 |
| brainysmurf | you mean not using afp? | 12:59 |
| RoyK | yep | 12:59 |
| RoyK | nfs is probably better | 13:00 |
| veet | I have these errors on apach log: http://pastebin.com/mevBTjqF | 13:00 |
| patdk-wk | veet, fix your cgi programs | 13:01 |
| veet | All my cgi programs seems correct. I think trouble is in something else. | 13:19 |
| hallyn | zul: your libvirt has swarves in build-deps, but dwarves is in univers? | 13:37 |
| drPoO | hi all, I am having difficulties installing sun java6 jre on 10.04 LTS. Could anybody point me to a working tutorial? | 13:42 |
| cocoa117 | drPoO, u still using 10.04? | 13:47 |
| drPoO | cocoa117, I will update to 12.04 soon but need to fix java ASAP | 13:47 |
| cocoa117 | drPoO, so what's the problem | 13:49 |
| drPoO | I added http://archive.canonical.com/ubuntu lucid partner to my sources.lst | 13:49 |
| cocoa117 | that method won't work anymore | 13:49 |
| cocoa117 | Oricle change Java distribution license | 13:50 |
| drPoO | but still get the following message http://pastebin.com/EGmSm2wf | 13:50 |
| cocoa117 | ubuntu can't distributed anymore | 13:50 |
| jpds | drPoO: You have to download it from the Oracle site. | 13:50 |
| drPoO | but how can I install it then? | 13:50 |
| drPoO | ah | 13:50 |
| drPoO | the .bin file? | 13:50 |
| cocoa117 | yes | 13:50 |
| kayakyakr | Alright, I would love to get another eye on this issue I'm having. Trying to get a single server instance of openstack set up and have everything working except for the most important part: launching instances. | 13:58 |
| kayakyakr | This is the error I'm getting: http://pastebin.com/21MXmrfX | 13:58 |
| kayakyakr | Essentially boils down to one line: libvir: Security Labeling error : internal error cannot load AppArmor profile 'libvirt-8daa5252-9795-42e1-8e5a-f16df7d5932d' | 13:58 |
| kayakyakr | I can launch new instances in KVM using virsh and virt-manager, just can't get openstack to launch them | 14:00 |
| Hoyt | hi , apt-get dist-upgrade doesn't work in ubuntu server ? | 14:34 |
| tash | I've never setup Ubuntu Server on a system with fake raid ( aka bios raid, not a real raid controller ), and I'm having some issues in doing so. Ubunt 12.04, Supermicro X8SIL-V Mobo, 2 X 500 GB Westerd Digital hdd's, bios Intel raid, everything works until the installer tries to install Grub and it fails. Anyone else had similar issues that you were able to conquer?? | 14:40 |
| tash | I tried again and am at the "Detect disks" screen. Says that one or more drives contains SATA RAID and wants to know if I want to activate the Serial ATA RAID devices. I assume "Yes", and that's what I did the first couple of times.... | 14:41 |
| tash | any help would be greatly appreciated. | 14:41 |
| rbasak | Daviey: it looks like openipmi in main is too low level. It could be used but ipmitool from freeipmi (in universe) matches the level we need, ie. no low level IPMI knowledge, just commands like "chassis power reset" and "chassis bootdev pxe". ipmitool doesn't look to have any dependencies that aren't in main already. What do you think about promoting ipmitool to main and then using that? | 14:44 |
| rbasak | Daviey: apparently ipmitool is already the de-facto standard too. | 14:44 |
| Daviey | rbasak: that is the plan. | 14:45 |
| rbasak | Daviey: so that's fine then, right? If ipmitool works then there's nothing further for me to test? | 14:45 |
| NCommander | Daviey: so we're going to promote ipmitool to main? | 14:45 |
| Daviey | rbasak: how come ipmitool from openipmi doesn't work? | 14:46 |
| Daviey | NCommander: That is what i am pushign for.. it's a more healthy and polished project IMO. | 14:47 |
| rbasak | Daviey: I think it could be made to work, but it's low level so I'd need inside IPMI knowledge. It would make sense to write a wrapper around it to issue high level commands like reboot and change boot device. But is there any need to write such a wrapper when it already exists in ipmitool, even if ipmitool uses its own stack? | 14:47 |
| NCommander | Daviey: ipmitool is really just a very small tool that speaks ipmi. open/freeipmi look like IPMI implementations and do other stuff. I'm not quite sure why we even ship those (though I'mstillhaving trouble wrapping my head around openipmi) | 14:47 |
| Daviey | rbasak: what do you by low level? | 14:48 |
| Daviey | mean by* | 14:49 |
| rbasak | Daviey: I would have to use commands like ipmicmd channel [ipmb] IPMB-addr lun netfn [seq] cmd [data1 [data2 ...]] | 14:49 |
| rbasak | No idea what that means. ipmitool uses commands like "ipmitool chassis power reset". Presumably that can be translated to the former syntax with a wrapper. | 14:49 |
| iSeeDeadPixels | hey, i'm having a MAAS problem | 14:50 |
| rbasak | But the wrapper would have to be written. | 14:50 |
| iSeeDeadPixels | two actually | 14:50 |
| rbasak | Not so much the wrapper but gathering the knowledge needed, at which point the wrapper would fall out of that knowledge. | 14:50 |
| iSeeDeadPixels | one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission | 14:50 |
| NCommander | In addition an entire new program would have to be written for SOL support | 14:51 |
| NCommander | as far as I can tell | 14:51 |
| rbasak | Essentially high level command to binary blob translation as I see it. | 14:51 |
| Daviey | rbasak: right... so the promotion opportunity is for http://www.gnu.org/software/freeipmi/, when http://ipmitool.sourceforge.net/ is alreayd in main | 14:51 |
| Daviey | ^^ two high level projects. | 14:51 |
| uvirtbot | Daviey: Error: "^" is not a valid command. | 14:51 |
| rbasak | Daviey: no, ipmitool is in universe. ipmicmd is in main (it's from the openipmi package) | 14:51 |
| Daviey | openipmi provides a kernel interface, which is useful for poking the BMC directly.. i don't actually know if freeipmi covers that scope | 14:52 |
| Daviey | (that scope is required for setting auth and network details on first comission) | 14:52 |
| rbasak | ipmitool can poke the BMC directly. | 14:52 |
| rbasak | I tried that yesterday | 14:52 |
| Daviey | rbasak: So.. ipmitool is the tool we traditionally recommended.. but looking to bump that to freeipmi | 14:52 |
| rbasak | auth details I'm not that clear about. I don't full understand the IPMI auth model yet. But it appears that this should work too. | 14:53 |
| rbasak | OK so freeipmi I haven't looked at yet. Looks like it's a third one, in universe. What's the reason we want to switch to that? | 14:54 |
| Daviey | rbasak: variations of what i use, http://pb.daviey.com/p3xx/ | 14:55 |
| Daviey | but that uses ipmitool.. which i'm keen to move away from | 14:55 |
| rbasak | Looks like freeipmi does have the high level functions I want, but I need to test it | 14:55 |
| rbasak | Why do you want to move from ipmitool to freeipmi? | 14:55 |
| Daviey | rbasak: freeipmi is a more healthy project IMO, over ipmitool | 14:55 |
| rbasak | The vendors appear to be behind ipmitool. They are patching that for their custom commands, not freeipmi. | 14:56 |
| Daviey | ipmitool last released in 2007 | 14:57 |
| Daviey | freeipmi is averaging on montly releases | 14:57 |
| rbasak | freeipmi does appear to work for me | 14:58 |
| Daviey | rbasak: Where are you seeing the patches? | 14:58 |
| rbasak | Daviey: I know of one vendor with unpublished patches for support of some of their vendor-specific stuff. | 14:58 |
| Daviey | rbasak: well if it's unpublished, it doesn't impact the Ubuntu Archives :) | 14:59 |
| === Lcawte|Away is now known as Lcawte | ||
| rbasak | Daviey: that same vendor reckons that "everyone else" is also using ipmitool. But I don't think that they're particularly averse to switching if we can convince them it's a good idea. | 14:59 |
| Daviey | rbasak: Well the project activity alone is a good indicator | 15:00 |
| rbasak | Maybe not the ubuntu archives, but if we want MAAS to have the widest support possible, it would make sense to use the IPMI tool that vendors want us to use and are prepared to patch when necessary. This could still be freeipmi - I'm just asking the question. | 15:00 |
| Daviey | freeipmi uses saner config files than ipmitool | 15:00 |
| jhobbs | ipmitool uses config files? | 15:00 |
| rbasak | config files? Why would we need any? | 15:00 |
| Daviey | you can dump the config in xml, edit it, and push it back | 15:01 |
| Daviey | ipmitool doesn't support this | 15:01 |
| rbasak | Why do we need config files? | 15:01 |
| Daviey | freeipmi you can also do 192.168.1.[100-200] chasis power on | 15:01 |
| rbasak | What extra state should an ipmi tool be storing? | 15:01 |
| Daviey | and it'll do the whole range | 15:01 |
| Daviey | rbasak: not state, but config.. i suggest trying it to see what i mean | 15:02 |
| kayakyakr | welp, got the openstack running | 15:02 |
| kayakyakr | tore down apparmor completely and it works | 15:02 |
| rbasak | I just tried it. I have no idea what you mean. What exactly would be in these config files that you would want in there/ | 15:02 |
| rbasak | ? | 15:02 |
| kayakyakr | now have to see if i can do it without destroying system protection. | 15:02 |
| hallyn | zul: hm, also i'm getting test failure at build (on q, will try on p to compare) | 15:02 |
| Daviey | rbasak: freeipmi was originally declared on https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-system-management .. so vendors were aware. | 15:03 |
| stgraber | hallyn: hey, I'm doing some SRU validation for lxc. The testcase in bug 997687 seems weird to me, I don't see anything in there that'd get expanded by the shell, did I miss something? | 15:03 |
| uvirtbot | Launchpad bug 997687 in lxc "lxc-start-ephemeral needs to quote $line when echoing" [Undecided,Fix committed] https://launchpad.net/bugs/997687 | 15:03 |
| rbasak | Daviey: and from what I remember of that session, they objected right at that time. | 15:03 |
| jhobbs | <-- I objected | 15:04 |
| Daviey | jhobbs: you did? why? | 15:04 |
| rbasak | Daviey: I'm just asking why exactly we want freeipmi. So far the only reason I understand is the range facility. | 15:04 |
| jhobbs | because we use ipmitool, as do most of the partners that we've discussed with | 15:04 |
| Daviey | rbasak: no, i also stated it's a more healthy project. | 15:04 |
| hallyn | stgraber: abc:abc gets expanded | 15:04 |
| hallyn | well, '*:*' gets expanded to abc:abc | 15:04 |
| jhobbs | and fwiw, that blueprint mentions openmpi, not freeipmi | 15:05 |
| rbasak | ok so that's one other (IMO weak) reason. If it's stable and works, why does it need to have a recent release? | 15:05 |
| jhobbs | openipmi that is | 15:05 |
| stgraber | hallyn: oh, I see, I guess I should have actually checked the code :) | 15:05 |
| hallyn | stgraber: the "echo $line" (with $line unquoted) gets expanded for "lxc.cgroup.devices.allow = c *:* m" :) | 15:05 |
| jhobbs | we also use freeipmi sometimes, it has better dcmi support | 15:06 |
| Daviey | rbasak: please investigate the differences yourself. | 15:06 |
| hallyn | luckily i see that my scripts forwarding what i type to my irc client are properly quoting :) | 15:06 |
| stgraber | hallyn: right, fix confirmed. That's all of the fixes from the current SRU confirmed, so we just need to wait for the wait period, then I can upload the next one ;) | 15:08 |
| hallyn | here's hoping we don't ge tmore int he meantime | 15:09 |
| === marrusl_ is now known as marrusl | ||
| Daviey | rbasak: Personal experience with openipmi has shown that the kernel module isn't that robust.. it previously has locked up cores for myself. Parallel execution of tasks lends itself to hyperscale more. Having a 'detect' utility ipmi-locate fits MAAS well for initial setup (does this work on that box? it *might* use dmi tables). Provides some nice abstractions for status, richer bmc watchdog, SOL seems more polished, user experience provides | 15:28 |
| rbasak | OK those sound like good reasons - thanks! | 15:29 |
| Daviey | the sensor output is more reliably parsible IME. | 15:33 |
| SpamapS | Daviey: who would be good MaaS people to invite to hang out in #juju? We get on average 2-3 questions per 24 hour period in there about MaaS | 15:37 |
| stgraber | hallyn: currently running tests, but it looks like all the package lists in lxc-ubuntu are actually useless. We could achieve the exact same by just having a single packages=vim,ssh for all distro versions | 15:37 |
| SpamapS | Daviey: and frankly, most of us know almost nothing about maas | 15:37 |
| stgraber | hallyn: I think these lists were only relevant before we switched the deboostrap mode to be closer to that of the distro. | 15:37 |
| stgraber | hallyn: I confirmed it on precise for now and I'm running tests on lucid, natty and oneiric now | 15:38 |
| kayakyakr | woo! openstack server up and running | 15:39 |
| kayakyakr | without any sort of apparmor security >_< | 15:39 |
| Daviey | SpamapS: roaksoax, smoser, robbiew, jtv, bigjools, flacoste, rvba, allenap, sabdfl.. all MAAS experts :) | 15:39 |
| Daviey | i know a thing or two, but those are the best people :D | 15:39 |
| robbiew | SpamapS: right...so the same could have been said about juju..until people started *using* it ;) | 15:40 |
| anoo | if you mean "Magic As A Service," I want some of that. | 15:40 |
| anoo | if it's that same ol' "metal", not really as interesed :) | 15:43 |
| SpamapS | robbiew: right, so perhaps what we need is a "beginner's maas" so that we can speak intelligently when people ask about how to fix the provider. | 15:43 |
| robbiew | beginner's maas? | 15:45 |
| robbiew | like a wiki page? | 15:45 |
| pdtpatrick | kayakyakr: was there a guide u followed for Openstack? if so - can you please share? | 15:45 |
| robbiew | just trying to understand what's needed...if folks are having problems with the provider...bigjools is their man | 15:46 |
| robbiew | and I would agree that he should probably hang out in #juju | 15:46 |
| robbiew | but he's also asleep right now ;) | 15:46 |
| Daviey | slackr. | 15:46 |
| kayakyakr | pdtpatrick: http://docs.openstack.org/trunk/openstack-compute/install/content/ch_installing-openstack-overview.html | 15:46 |
| stgraber | hallyn: looks good on all ubuntu releases, so I'll probably SRU it like that, only real changes will be that I'll drop resolvconf on < precise (as it's known to be broken/unreliable) and we won't install dialog (but whiptail is there by default, so if that was for debconf, it'll work exactly as it does today) | 15:47 |
| pdtpatrick | ahh you used their docs - that's what i had used earlier as well. Very long guide. They've got to trim that down or automate it a bit more or allow some setup via a UI. | 15:48 |
| kayakyakr | pdtpatrick: it took me about 3 days. i used devstack at first, but you can't transition devstack into a full deployment | 15:48 |
| kayakyakr | it really wasn't nearly as complex as getting cloudstack set up... which I never successfully did. | 15:49 |
| pdtpatrick | Yeah i spent an entire day getting my setup working. I like how they don't tell you hey - don't lose this "ID" you're going to need it shortly. Or they don't really tell you how the IDs are related so you have to play a bit of guess game. Anyway - once it is up and running, it's a SEKSY project. | 15:50 |
| kayakyakr | The hard parts were getting the endpoints properly set up in the identity service, and getting past that apparmor crap | 15:50 |
| pdtpatrick | :) | 15:50 |
| kayakyakr | Would be nice is openstack had a bit more you could do from the interface. uploading new images, managing endpoints, stuff like that. | 15:51 |
| pdtpatrick | I tried the juju openstack charms - FAIL. Was quite excited when i saw the charm | 15:51 |
| kayakyakr | ha | 15:51 |
| jdstrand | I wrote https://wiki.ubuntu.com/SecurityTeam/TestingOpenStack and didn't have to adjust apparmor at all | 15:51 |
| jdstrand | kayakyakr: please file bugs and include your kern.log that has the denials | 15:51 |
| kayakyakr | yeah, I saw that option in the 12.04 server install. didn't think it'd work out well. | 15:51 |
| kayakyakr | jdstrand: it wasn't a denial, it was http://pastebin.com/21MXmrfX | 15:52 |
| kayakyakr | and it failed in both enforce and complain modes | 15:52 |
| jdstrand | kayakyakr: can you paste the output of 'cat /etc/apparmor.d/libvirt/libvirt-8daa5252-9795-42e1-8e5a-f16df7d5932d*' | 15:53 |
| kayakyakr | doesn't exist | 15:54 |
| jdstrand | kayakyakr: I suggest you file a bug using 'ubuntu-bug libvirt-bin' | 15:55 |
| jdstrand | and details the steps used to reproduce the bug, etc | 15:55 |
| kayakyakr | jdstrand: I'll do that later, though I am unsure if anyone will be able to reproduce. It seems to be rare. The only other mention of the same error with openstack + libvirt in google is in this same IRC. | 15:57 |
| hallyn | stgraber: is it bc we stopped doing minbase variant? | 15:57 |
| kayakyakr | right now i'm going to be working on getting it imaged | 15:57 |
| stgraber | hallyn: yeah | 16:02 |
| stgraber | hallyn: I'm doing quite a few other changes to lxc-ubuntu, trying to reduce/remove the need for update every time we release a new ubuntu | 16:04 |
| hallyn | stgraber: excellent | 16:05 |
| kayakyakr | jdstrand: that's a clean tutorial. some suggestions from my experience: I got mine up with a single network interface. This might be better for a lot of smaller installs. You also skip over the 'volume' service, which is tougher to explain but very, very useful (and not difficult to get set up if you set up LVM properly). euca is useful, but no longer necessary, you can do everything without it. | 16:06 |
| jdstrand | yeah, I wanted swift too. it is a work in progress | 16:06 |
| jdstrand | thank adam_g-- he walked me through it | 16:07 |
| kayakyakr | i skipped over swift for now. wanted to get it running first. | 16:07 |
| kayakyakr | something to make a note of: logs for the nova services, when you're using upstart to run them, are located at /var/log/upstart/nova-____.log | 16:08 |
| kayakyakr | that took me a few hours of frustration to figure out. | 16:08 |
| kayakyakr | and getting the endpoints right was the other thing that took me ages. using the template file might be a much more maintainable method of handling endpoints for small deployments) | 16:09 |
| === anoo is now known as an00 | ||
| === an00 is now known as anoo | ||
| stgraber | hallyn: I think my changes are good to go for lxc-ubuntu. I'll write a changelog based on them then will ask you to review (as there are a good lot of them) | 16:20 |
| stgraber | hallyn: http://paste.ubuntu.com/992635/ | 16:25 |
| stgraber | hallyn: better with the changelog: http://paste.ubuntu.com/992636/ | 16:26 |
| hallyn | stgraber: part of me wants to suggest waiting until 12.04.1 to change default to precise, but given the feature diff, precise is worth it | 16:53 |
| zul | hallyn: gah? | 16:54 |
| zul | hallyn: where is it failiting? | 16:54 |
| hallyn | test-nonblocking-socket.sh | 16:55 |
| hallyn | /home/ubuntu/libvirt-0.9.12/./gnulib/tests/test-nonblocking-reader.h:153: assertion failed | 16:55 |
| zul | weird | 16:57 |
| hallyn | taht was interesting | 16:59 |
| hallyn | there went my byobu session | 16:59 |
| hallyn | zul: so you don't get such a failure? | 17:00 |
| hallyn | if not i guess i'll dig in... how utterly weird | 17:00 |
| hallyn | zul: oh, what about the universe build-dep ? | 17:00 |
| zul | no that doesnt happen for me | 17:00 |
| zul | which one? | 17:00 |
| hallyn | stgraber: looks good, thanks | 17:02 |
| hallyn | zul: dwarves | 17:03 |
| zul | hmm...thats something i cherrypicked from debian | 17:03 |
| hallyn | it may end up being something we need MIRd, based on the description | 17:04 |
| zul | yeah ill get that started | 17:04 |
| hallyn | heh, apologies to jdstrand | 17:05 |
| zul | hallyn: lemme do the build again and see if i can reproduce again | 17:06 |
| hallyn | d'oh. it's a gnulib test, not a libvirt test | 17:06 |
| zul | hallyn: this will disable it: http://anonscm.debian.org/gitweb/?p=pkg-libvirt/libvirt.git;a=blob;f=debian/patches/Disable-gnulib-s-test-nonplocking-pipe.sh.patch;h=64f6968fd48f9161cd515d8a1f22e78048dac497;hb=0c361401bb36be6326021182d0e6d28b6495e5ec | 17:07 |
| hallyn | zul: ok i guess we need that. t he problem is that the '*-main' test for that one failed to compile, so the test script fails | 17:08 |
| zul | logs? | 17:08 |
| hallyn | cd gnulib/tests and make test-nonblocking-socket-main | 17:09 |
| hallyn | test-nonblocking-socket-main.c:18:20: fatal error: config.h: No such file or directory | 17:09 |
| hallyn | sounds to me like bad gnulib | 17:09 |
| zul | grrr | 17:10 |
| zul | ok ill look into it | 17:11 |
| hallyn | no wait, the patch you linked to was for test-nonblocking-pipe. this is -socket | 17:11 |
| zul | hallyn: this is building on precise right? | 17:12 |
| hallyn | zul: nope | 17:13 |
| zul | hmmmm | 17:13 |
| hallyn | I think this has been mentioned to me before in ubuntu-devel, at least some gnulib breakage was known | 17:13 |
| hallyn | but ... probably not exactly this | 17:13 |
| zul | hallyn: yeah i get that as well, im getting network tests failure as well | 17:21 |
| hallyn | zul: networkxml2argvtest ? | 17:22 |
| zul | yeah | 17:22 |
| hallyn | yeah that seems to not happen every time. it happened first and third, but not second time... weird | 17:22 |
| zul | it might have failed because i have dnsmasq running | 17:22 |
| zul | but yeah its weird | 17:23 |
| === Ursinha` is now known as Ursinha | ||
| stgraber | hallyn: doh, you were faster than me ;) (at replying to the lxc-net e-mail on lxc-devel) | 17:39 |
| stgraber | hallyn: so the guy will get twice the same answer (though I linked my shell script to my reply, so hopefully he can use that in the mean time) | 17:40 |
| hallyn | cool | 17:40 |
| hallyn | my hope was he'd come back with the lxc-attach patch :) | 17:40 |
| hallyn | jjohansen: I notice we didn't put down an action item for relating to apparmor for lxc. Are those in the apparmor blueprint? | 18:00 |
| zul | Daviey: routes was using a custom repoze.lru | 18:03 |
| iSeeDeadPixels | hey, i'm having a MAAS problem | 18:12 |
| iSeeDeadPixels | one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission | 18:13 |
| zul | Daviey: https://bugs.launchpad.net/ubuntu/+source/python-repoze.lru/+bug/1000914 | 18:20 |
| uvirtbot | Launchpad bug 1000914 in python-repoze.lru "[MIR] python-repoze.lru" [Undecided,New] | 18:20 |
| hallyn | all right, i'm trying to udpate the server guide (https://help.ubuntu.com/12.04/serverguide/dns-configuration.html) to clarify earlier that bind cannot write under /etc/bind | 18:20 |
| hallyn | but i'm not entirely clear on, under what conditions will it try to do so? | 18:20 |
| KXTwo | Does anyone know if what server might have a dokuwiki channel, I am looking fo rhelping with using dokuwiki on my webserver | 18:20 |
| hallyn | is it an allow-update line in the zone section? | 18:20 |
| hallyn | stgraber: you need to do something about your mailer :) | 18:21 |
| hallyn | people can get uppity about that... | 18:22 |
| stgraber | hallyn: my mailer is the default mailer with the default config ;) | 18:23 |
| stgraber | hallyn: let me see if I have some broken settings ... | 18:23 |
| stgraber | hallyn: hmm, the e-mail preview looks good, so thunderbird is messing with it afterwards... | 18:24 |
| hallyn | weird | 18:25 |
| hallyn | would be worth makign sure that ubuntu users aren't automatically shunned from lkml and the likes | 18:25 |
| Daviey | zul: super | 18:27 |
| stgraber | hallyn: looks like enigmail is to blame actually... | 18:28 |
| hallyn | ah. good, i guess | 18:28 |
| KXTwo | wow did i ask a dumb question | 18:30 |
| iSeeDeadPixels | hey, i'm having a MAAS problem | 18:41 |
| iSeeDeadPixels | one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission | 18:41 |
| hallyn | zul: would you mind taking 3 minutes today, any time, and quickly reviewing https://code.launchpad.net/~serge-hallyn/serverguide/serverguide-dns-varlibbind/ ? | 18:44 |
| zul | hallyn: sure but i dont think i can merge it | 18:44 |
| === skaet_ is now known as skaet | ||
| hallyn | zul: right, i just want to make sure it's right. | 18:45 |
| zul | hallyn: looks ok to me | 18:46 |
| hallyn | i'll do a proper merge request after i can get both you and jdstrand to look at it :) | 18:46 |
| hallyn | thanks | 18:46 |
| hallyn | jdstrand: if you get a few minutes this afternoon, could you look at https://code.launchpad.net/~serge-hallyn/serverguide/s | 18:46 |
| hallyn | erverguide-dns-varlibbind and see if it makes sense to you? | 18:46 |
| stgraber | hallyn: can you confirm the e-mail I just sent you appears correctly? | 18:49 |
| stgraber | hallyn: apparently the problem was with the needed wrapping when doing inline gpg signing. I changed my settings to do pgp/mime instead which should fix the issue. | 18:49 |
| === fij0_ is now known as fij0 | ||
| jdstrand | hallyn: what is the reference to /var/lib/ypbind/db.example.com? Other than that, it seems fine. I might note that the apparmor policy is based on the packaging rather than dictating it. not sure if that really needs to be captured in the serverguide, but it seemed sorta like there is a problem with apparmor | 18:58 |
| hallyn | jdstrand: what do you mean by what is the reference? (I'll reword to make clear it comes from policy) | 19:03 |
| === Arc_ is now known as a5m0 | ||
| jdstrand | hallyn: I didn't read the whole thing-- ypbind is the method to use DDNS? | 19:04 |
| hallyn | d'oh | 19:04 |
| hallyn | typo. that was supposed to just be /var/lib/bind. thanks | 19:04 |
| hallyn | i'll just drop the apparmor bit again. it's probably extraneous info. | 19:05 |
| jdstrand | ok, that is what I thought (I was not familiar with ypbind in this context :) | 19:05 |
| RoyK | yp* == NIS != DNS | 19:05 |
| hallyn | yup :) i was also looking at an nis bug last night, hence... | 19:05 |
| stgraber | hallyn: did you have a chance to look at these lxc-ubuntu changes? (planning to get these into quantal later today along with dropping lxc-ip) | 19:10 |
| koolhead17 | hi all | 19:13 |
| iSeeDeadPixels | anyone have experience with MAAS? | 19:14 |
| koolhead17 | iSeeDeadPixels, shoot your query am sure someone will respond | 19:14 |
| iSeeDeadPixels | one is a python piston error (oauth) the other is a Internal Server Error on Accept and Commission | 19:16 |
| iSeeDeadPixels | but because there seems to be missing stuff | 19:16 |
| iSeeDeadPixels | it's a clean MAAS install. | 19:16 |
| hallyn | stgraber: the ones from the pastebin? yes, sorry, thought i had said - they look good | 19:16 |
| hallyn | i especially like the improved tests (over 'release = "precise"') | 19:16 |
| === wolferz_ is now known as wolferz | ||
| stgraber | hallyn: good, I'll run a batch of test to make sure I can actually bootstrap and boot all the supported releases, then I'll look at what I want to SRU to precise | 19:20 |
| koolhead17 | iSeeDeadPixels, if you think something is missing file a bug with all the details and distribution your trying it on, am sure someone will have a look at it. It will help the devs at same time | 19:23 |
| stgraber | hallyn: looks like that guy will take care of your lxc-attach work item after all ;) | 19:29 |
| hallyn | woot! | 19:34 |
| iSeeDeadPixels | and now i am greppin' COMMISSIONING_SCRIPT | 19:35 |
| === kirkland` is now known as kirkland | ||
| === nxvl_ is now known as nxvl | ||
| arooni-mobile | generally accepted opinion on using ext4 versus ext3 on a ubuntu production server enviornment? | 20:32 |
| KXTwo | I finally have my web server up! | 20:39 |
| * wolferz is downloading ubuntu-server now and will be setting up shortly | 20:45 | |
| poorangus | Good day all. I'm having a very frustrating problem with Postfix. Is this an appropriate place to ask for help? | 20:47 |
| JonEdney | poorangus, Go ahead and ask your question. If someone knows the answer or can provide input, they will. | 20:48 |
| poorangus | Excellent. | 20:48 |
| poorangus | Under Ubuntu 12.04 LTS, Postfix receives all mail 100% of the time from every service, except Gmail. | 20:51 |
| JonEdney | Are there any log entries? | 20:52 |
| poorangus | Yes, this is what gets written to mail.log when GMail tries to deliver the email: | 20:52 |
| poorangus | May 17 10:23:29 myhostname postfix/smtpd[3547]: connect from mail-pb0-f51.google.com[209.85.160.51] | 20:52 |
| poorangus | May 17 10:23:29 myhostname postfix/smtpd[3547]: warning: TLS library problem: 3547:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20: | 20:52 |
| poorangus | May 17 10:23:29 myhostname postfix/smtpd[3547]: lost connection after EHLO from mail-pb0-f51.google.com[209.85.160.51] | 20:52 |
| poorangus | May 17 10:23:29 myhostname postfix/smtpd[3547]: disconnect from mail-pb0-f51.google.com[209.85.160.51] | 20:52 |
| poorangus | So, the connection is being dropped immediately. | 20:53 |
| poorangus | Nothing gets written to mail.err .. | 20:53 |
| poorangus | Strangely, this only happens with email sent from an email client using Google's SMTP server. | 20:53 |
| poorangus | GMail sent from the browser-based client is delivered as expected. | 20:53 |
| poorangus | Real stumper, eh? | 20:56 |
| poorangus | This is a very clean install too .. installed from DVD, installed the dovecot-postfix package, and did some basic configuration.. | 20:59 |
| KXTwo | So I forwarded ports 22 adn 80 but when people outside my network put in my public ip address its not connecting? | 21:05 |
| stgraber | hallyn: did you notice the natty containers being broken lately? | 21:23 |
| stgraber | hallyn: I don't think it's my change breaking them, the rootfs looks good but none of the tty/console jobs start | 21:24 |
| stgraber | hallyn: ssh starts though and forcing the console jobs to start works fine, so I'm suspecting something is wrong in whatever triggers rc RUNLEVEL=... | 21:24 |
| stgraber | hallyn: lucid, oneiric, precise and quantal all work fine, so it seems to be limited to natty | 21:26 |
| hallyn | stgraber: nope, last i ran the tests a few days ago, all worked. | 21:33 |
| hallyn | (or is natty not in my list in the testsuite?) | 21:33 |
| stgraber | hallyn: tracked it down to the missing "net-device-up IFACE=lo" event | 21:35 |
| stgraber | hallyn: wasn't that SRUed to the releases that ship lxcguest? | 21:35 |
| stgraber | hallyn: oh right, you fixed it but the SRU is still in -proposed... | 21:36 |
| stgraber | hallyn: bug 924337 | 21:36 |
| uvirtbot | Launchpad bug 924337 in lxc "lxc on precise is not working with lucid containers (container does not reach runlevel 2)" [Undecided,Fix committed] https://launchpad.net/bugs/924337 | 21:36 |
| stgraber | hallyn: I marked the SRU as verification-done, so it should be moved to -updates soonish | 21:37 |
| hallyn | gah. hate that. need to start actively looking for those weekly | 21:38 |
| hallyn | thanks | 21:39 |
| stgraber | hallyn: in case you don't know about it: http://people.canonical.com/~ubuntu-archive/pending-sru.html | 21:40 |
| lamont | poorangus: what version of postfix is installed? | 21:44 |
| lamont | poorangus: because it feels like a libssl issue actually | 21:50 |
| iggi | Can someone help me with recovering a RAID 5 array after OS drive failure? I have a USB live cd in, I installed mdadm, did modprobe raid5, mdadm -E -s shows arrays present, but they are not in /dev/md* | 21:51 |
| lamont | iggi: mdadm --assemble --scan | 21:51 |
| iggi | lamont, Thanks, that started most of my arrays ( I have 4) the largest one is sating that only 4 of the 6 drives are present, but I can see all 4 partitions in the OS | 21:54 |
| iggi | err all 6 | 21:55 |
| lamont | iggi: that's where you --examine all of them and figure out if you're willing to just tell it to force assembly even though things are technically not happy | 21:55 |
| lamont | as in see the revno for all 6 drives, and you'll probably find that 2 of them are out of date | 21:55 |
| * lamont needs to run | 21:55 | |
| iggi | thanks, I'll look into it | 21:56 |
| poorangus | lamont - it's Postfix 2.9.1 | 21:57 |
| poorangus | Dang it, looks like I missed him. | 22:01 |
| iggi | Well hopefully I can get someone else to give me a bit of assistance | 22:08 |
| iggi | I'm trying to force mdadm to make the array, but I'm getting Device or Resource busy when it's not even mounted that I can tell | 22:09 |
| iggi | Looks like it might be dmraid messing around with it, I'm going to try removing it | 22:13 |
| Mischinka | Has anyone properly set up an ape server before? I cant seem to get any guidance as to do so using Precise | 22:22 |
| pdtpatrick | Mischinka: http://www.ape-project.org/wiki/index.php/Setup | 22:41 |
| pdtpatrick | ? | 22:41 |
| hattorihanzo | anyone deal with isseus in byobu in 12.04 | 22:46 |
| poorangus | so many questions, so few answers :) | 22:46 |
| pdtpatrick | hattorihanzo: what issues? I believe Dustin Kirkland is in this room. He might be able to answer if no one else can tackle it | 22:46 |
| grendal-prime | hey..im runing 12.04 on vmware. I removed all the nics. In the past with 10.04 i needed to remove the /etc/udev/rules.d/70-persistant-net.rules | 22:47 |
| grendal-prime | otherwise it would remember the interface isingments for the hardware. I just deleted that file..and it no longer gets regenerates the file on system start.. | 22:49 |
| === Lcawte is now known as Lcawte|Away | ||
| === matsubara is now known as matsubara-afk | ||
| iggi | I'm trying to force assemble a software raid 5 array, however it seems to detect all of my disks as spares, any help? | 23:00 |
| jMCg | Hey folks - bug in MySQL on 12.04: http://dpaste.com/749584/ | 23:04 |
| jose__ | hi | 23:06 |
| jose__ | may i ask a question | 23:06 |
| jMCg | jose__: you already did. | 23:06 |
| jose__ | trolling like a sir | 23:06 |
| jose__ | ok , here it goes, i have two internet connections (two modems) i want to have 2 gateways in nthe same interface, is it posible? | 23:07 |
| jose__ | so i can router some ports with one modem, and some other with the other router | 23:08 |
| ZenMaster | One hour left of work. | 23:09 |
| kees | hallyn: shouldn't clone(..., CLONE_NEWNS, ...) fail if I don't have CAP_SYS_ADMIN ? | 23:12 |
| kirkland | hattorihanzo: pdtpatrick: thanks, I'll have a look at that later tonight! | 23:23 |
| poorangus | Totally stumped .. anyone able to help with my Postfix woes? | 23:29 |
| poorangus | When receiving from GMail: "May 17 10:23:29 myhostname postfix/smtpd[3547]: warning: TLS library problem: 3547:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1247:SSL alert number 20:" | 23:29 |
| ZenMaster | poorangus: Do you have the write ports? | 23:32 |
| ZenMaster | I know that I have to setup a lot of outlook accounts here. | 23:33 |
| ZenMaster | imap 993 and ssl and smtp 587 and tls. | 23:33 |
| ZenMaster | Of course the log record you posted looks tay say something about a library problem, and a bad recorrd. | 23:34 |
| ZenMaster | So sorry i guess that did not really help. | 23:34 |
| poorangus | TLS connections using with other ciphers including DHE-RSA-AES256-SHA (256/256 bits), ECDHE-RSA-RC4-SHA (128/128 bits) and RC4-SHA (among others, probably) seem to work. mail-*.google.com usually uses RC4-MD5 (always causing a warning/lost collection), but sometimes uses ECDHE-RSA-RC4-SHA (128/128 bits). | 23:45 |
| poorangus | Thinking this is related to the cipher. | 23:46 |
| patdk-lap | poorangus, for ubuntu 12.04? this was solved awhile ago on the postfix list, no idea if it made it into ubuntu | 23:48 |
| iggi | when I force assembly of my software raid 5 array I get "mdadm: /dev/md3 assembled form 0 drives and 6 spares - not enough to start the array. My question is why does it recognize all the drives as spares? | 23:50 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
