zulDaviey: so sendfile is not really needed so i dropped it for f1, but python-jsonschema is at https://bugs.launchpad.net/ubuntu/+source/python-jsonschema/+bug/100372900:10
uvirtbotLaunchpad bug 1003729 in python-jsonschema "[MIR] python-jsonschema" [High,New]00:10
zulDaviey: can you also get them to look at dwarves-dfsg, its blocking a new libvirt00:11
zulDaviey: after that we are all set00:12
Davieyzul: do you have MIR's open for all of them?00:12
zulDaviey: yeah00:13
Davieyzul: ~ubuntu-server as subscriber to the package?00:13
zuldamn it give me a sec00:13
Davieyhttp://status.qa.ubuntu.com/reports/ubuntu-server/release-bugs.html .. missing a bunch00:13
zulDaviey: how do i get it on that list00:15
zulDaviey: python-repoze.lru, dwarves, python-jsonschema are on the list00:16
Davieyzul: ~ubuntu-server as bug subscriber, and ~ubuntu-mir subscribed to the actual MIR bug00:18
Davieyand != Fix Released00:19
zulDaviey: ack00:19
=== iggi_ is now known as iggi
wolferzDoes anyone have a good suggestion for hosting PDF files on a server, like SubSonic does for audio/video?01:14
=== jtv1 is now known as jtv
tashI'd like real-time file sync between two servers.  I could use Rsync to run every minute or something, but I want closer to real-time than that.03:26
tashDoes anyone have any practical experience setting something like that up?03:26
twbBut it's a pain, don't bother03:26
mgwNFS is no good for you?03:26
twbYeah or a simple NFS03:26
twbExcept of course then the content actually only lives on one host03:26
tashnever worked with NFS, and if that data only lives on 1 host, not interested.  If server 1 kicks the bucket I want server 2 to essentially be a mirror of that.03:27
tashI don't need to sync the entire filesystem either03:27
tashjust a few directories03:27
twbtash: so put those dirs on their own filesystem03:28
tashhow does that accomplish anything? Not being sarcastic here, maybe ignorant... ?03:29
blkperlsounds like you want drbd.03:41
blkperlits not trivial though03:42
twbdrbd is a pain in the arse03:42
twbFWIW I just do a nightly rsync and if you lose a day of data that's just tough03:42
blkperloh theres also glusterfs03:43
twbFor something fancier you need to pay me 10 or 100 times more and in the end it'll probably still be flaky03:43
qman__that kind of uptime requires serious infrastructure, too03:45
qman__you _can_ set it up on regular old servers, but it won't work as intended unless you've got the hardware to back it up03:46
twbqman__: and a NOC monkey to babysit it04:00
patdk-lap_twb, I thought noc monkeys normally caused the issues04:03
twbThey cause DIFFERENT issues04:06
patdk-lap_well, maybe, normally same solutions04:07
twbAlways mount a scratch monkey04:13
sponzorhi. i was timeout from the session. (i was yust installing one problem and went timeout in the midle of setup) how to log in to session again? is there any way? the process is still running04:51
vadi2Has anyone ran into issues with encryptfs's private file storage size not reflecting original files size?05:15
twb"reflecting" how05:18
twbencryption will obviously increase the flie size05:18
twbIt probably can't show the decrypted size without decrypting it, which would be a linear or superlinear operation -- not appropriate for a simple ls -l05:19
lifelessI think it caches it05:20
lifelessencryptfs uses backing files05:20
lifelessbut each backing file will be a rounded size (rounded to the size of the cypher block05:20
lifelessvadi2: ^05:20
vadi2lifeless: my issue is that my home folder is 10gb, my encryptfs for my home folder is 80%, and available space on disk is 0.05:21
vadi2The situation is critical at this point with 'out of disk space05:21
vadi2 errors coming up every half an hour.05:21
vadi2er, 80gb, not %. So something is awfully really broken without my touching it on a clean 12.04 install and I'm hoping there's someone who knows this thing.05:22
twbpastebin df -h and df -i output05:22
twbMake that df -m not df -h05:22
lifelessalso mount05:22
twbcat /proc/mounts05:23
twbmount output is full of lies05:23
vadi2It says the following: http://pastebin.com/raw.php?i=LSKJqxVP05:23
twbWell you've managed to fill both of them apparently05:25
twb"tune2fs -l /dev/sda1" please05:25
twbI want to know what percentage is reserved for root; it should be at least 5%05:25
vadi2I did not. Observe this screenshot: http://i.imgur.com/EQuKp.png05:25
vadi2My home partition is only 9.7gb. I've been cleaning and cleaning it of things without realizing where the issue is. It's 10% of the drive.05:26
vadi2Sure, moment.05:26
twbI don't trust baobab.  Try "du -hx / | sort -hr | head -20"05:26
lifelessvadi2: your / is full; the question is what has filled it05:26
vadi2One must imagine that it should be trustable... tune says this: http://pastebin.com/c2vryzJP05:27
vadi2lifeless: is it not encryptfs private files that filled it?05:27
twbbaobab is probably reporting --apparent-size05:27
twbOK at least you have a reserved %, that's good05:27
vadi2Here is that du command: http://pastebin.com/pGvLqNEv05:27
twbvadi2: you need to be root when you run it05:28
twbsudo du ...05:28
lifelessvadi2: quite possibly05:28
twbBut it's indicating your /home is using all the space05:28
lifelessvadi2: twb is, sensibly, assuming that there may be a lot of confusion going on.05:28
twbSo do it on /home as well as /05:28
lifelessvadi2: due to the encryption layering and so forth.05:28
vadi2Here is du: http://pastebin.com/7dsLvhYW05:28
twblifeless: not to mention there is more than one way to count files05:29
vadi2That was on / ? I will try /home05:29
twbvadi2: good.05:29
mgwtash: re your earlier issue — I just came across ceph — fairly complex as well, though05:29
twbvadi2: er, you might need to run it on /home/vadi not /home05:29
vadi2Here is /home : http://pastebin.com/q12fK4cJ05:29
vadi2I only really have 1 user.05:29
twbvadi2: run it on /home/vadi05:30
vadi2It's different: http://pastebin.com/xXLCy0pW05:31
vadi2Guess that works it out, baobab was wrong! Thanks, I'll stick with this command until it's fixed. Crisis averted...05:42
twbIf you want GUI, xdu can take the output of du and render it graphically05:42
twbIt is much faster than baobab05:42
vadi2I do, thanks. Baobabs speed is OK on this SSD that sits at the top of the benchmarks I've seen... just need something reliable05:43
qbitzaHi guys08:11
qbitzaAnyone know if snapshot functions have been removed from virsh? on Ubuntu-10.0408:11
qbitzaand how do I get them back?08:11
twbRemoved as compared to what?08:23
twblibvirt-bin is not in 8.0408:23
qbitzatwb, 8.04? I'm talking about 10.0408:25
twbqbitza: to be removed, they must have existed in an earlier release.08:26
qbitzathis page says it exists: http://manpages.ubuntu.com/manpages/maverick/man1/virsh.1.html08:26
twbmaverick post-dates lucid.08:26
twbi.e. it is newer08:26
qbitzatwb, thanks so I need to upgrade the entire server to get snapshots :(08:27
twbIt would not be surprising if maverick's virsh had featurse that were not present in lucid; I cannot vouch for this specific case.08:27
twbqbitza: or you could perhaps do it by hand and bypass libvirt-bin.  Depends on what you want, precisely.08:28
twbIt is worth noting that maverick is not a LTS release and will EOL much sooner than precise08:28
qbitzaI just need to create and rollback snapshots - for testing08:28
twbFor KVM?08:29
qbitzatwb, yeah if I upgrade, I'd go to 12.0408:29
twbThat functionality is present in KVM, if you can work out how to connect to KVM's control pty (or stream, depending on how libvirt-bin invoked it) you can simply tell it to make/delete snapshots as necessary08:30
twbIn kvm -curses, it's Alt+3 to switch to the relevant control console.  I don't remember how you'd do it via libvirt-bin08:30
twbIt's probably using a fifo in which case you can't do it while libvirt-bin is running that VM08:30
qbitzaAny chance of just upgrading libvirt? cause once I manage that, testers (read newbees that like to break things) will be using the functionality08:31
twbprobably not without grief, but you can check backports and so on08:32
qbitzatwb, Okay thanks - gives me some new places to go dig around in08:32
twbEspecially not if you have newbies08:32
twbOh and note that virt-manager is utterly terrible as at lucid, and it is also dangerous to hook up a newer virt-manager to an old lucid libvirt-bin08:32
lynxmanmorning o/08:33
twbTo the point where I have basically given my users instructions "do not EVER click this, this this or this" re their newer mavericks and my old lucid libvirt-bin08:33
qbitzaOh... so, an upgrade might not be such a bad idea?08:33
twbIf I could get away with it I'd just ban virt-manager entirely since it's clearly still alpha quality software08:33
twbIIRC even the virt people said it was not production ready as at the versino lucid shipped08:33
qbitzaPhew that's harsh - so you use KVM straight?08:34
twbqbitza: I use kvm straight when I'm in charge, when I have some users I use libvirt-bin and as little virt-manager as possible08:34
twbAnd try to get them to use virsh instead08:34
qbitza:) Gotcha08:34
twbUnfortunately virsh consoel doesn't work at all over libvirt's inbuilt ssh magic &c &C08:35
twbit's all quite griefful when you are used to kvm -curses and kvm -stdio08:35
twbEr, kvm -nographics?  Whatever the one is that connects stdio to the guest's serial port08:35
twbI should point out that my VMs are all servers, not GUI desktop things.  So graphics is either unnecessary or pointless08:36
qbitzaThat's our setup here too08:36
qbitzaalthough we *might* need to do one or two Windoze boxes08:37
twbI have one, to talk to the stupid goverment tax people who are in bed with MS08:37
qbitzaI find the lack of console access to my VMs a pain, but I manage...08:38
qbitzakvm -somat/nographics/curses should conenct me?08:38
twbqbitza: well something like kvm -hda /dev/mapper/VG0-Guest17 -curses08:40
twbExcept that since the guest is probably expecting whatever environment libvirt-bin provides, you might need to pass extra args.  Look at /var/log/libvirt-bin/guest.log IIRC to see how it was started08:41
twbIt's pretty hairy IIRC08:41
=== koolhead17 is now known as koolhead17_afk
=== pdtpatrick_ is now known as pdtpatrick
jamespageadam_g, does bug 1003854 link into the stuff you where doing for openldap? sounds similar11:21
uvirtbotLaunchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Undecided,New] https://launchpad.net/bugs/100385411:21
SyriaDaviey:  Hi!11:47
Davieyhi Syria11:48
SyriaDaviey: Lost the connection yesterday sorry about that, is this correct please? ssh -D my-ip-address:4000 user@VPS-address11:50
DavieySyria: no.11:50
SyriaDaviey: I did not what should I use instead of !11:51
Davieydid not what?11:51
=== matsubara-afk is now known as matsubara
SyriaDaviey: Do I have to do this exactly? ssh -D user@VPS-address ??11:52
Davieythat is what i would do.11:52
SyriaDaviey: Okay, Then you told me to set the socks proxy as the ip of the laptop and port will be 4000, but my ipad doesn't have a feild for socks proxy? is that okay? it is just a normal proxt field.11:56
* Daviey has to go11:56
_rubenproxy != socks proxy in 99% of the time11:57
_rubenso if the ipad doesn't do socks, you'll need to use squid for instance instead11:57
SyriaDaviey: Thank you for your help. It was useful.11:58
Syria_ruben:  Good news, I will test it later.11:58
vrturboWhats the recommended method for setting up MAAS server, dnsmasq seem buggy?12:10
vrturboshould I use my normal dhcp network server and just use "next server" ?12:10
hallynstgraber: I'm about to test http://people.canonical.com/~serge/lxc-always-close-fds.debdiff for bug 100358312:46
uvirtbotLaunchpad bug 1003583 in lxc "make the "--close-all-fds" option in lxc-start on by default" [Low,Confirmed] https://launchpad.net/bugs/100358312:46
zapotahdid someone repackage and check xen-hypervisor for precise?13:00
zapotahCould not read keymap file: '/usr/share/qemu/keymaps/en-us'13:02
zapotahbecause the path for some reason is /usr/share/qemu-linaro/keymaps/en-us13:02
zapotahgave a good headache13:03
jamespagezul: could you give me an opinion on bug 99335513:04
uvirtbotLaunchpad bug 993355 in keystone "package keystone 2012.1-0ubuntu1 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/99335513:04
zuljamespage: yeah lemme try to figure out whats going on here13:04
zuljamespage:  havent seen that one before13:05
Italian_Plumberin a situation where more than one user needs to update a website directory, is it customary just ato add them to the www-data group13:08
jamespagezul, I'm going to fix that nmbd upstart configuration to not fail when testparm returns a non-zero error code13:08
jamespageits not the intent of the check anyway and generates lots of cruft.13:09
zuljamespage: ack13:09
* jamespage -> lunch13:11
jamespageand then those last 21 bugs a in my target for today....13:11
=== beerbro is now known as juudi
=== juudi is now known as beerbro
biebI installed ltsp with Ubuntu 12.04, I have to connect to Active directory, so I installed pbis (Likewise-open's replacement), I am connected to the AD domain, I can run the commands from command line to verify AD (find-user, find-dc, etc) and can ssh into the ltsp server with my AD credentials. BUT.. on the server I can not get login as an AD user, there is no option for it, I see the user that I created when installing Ubuntu, and guest session.13:32
biebThere is no option for domain\username to login..13:32
stgraberhallyn: cool, let me know if it works fine, if it does I'll start preparing the SRU13:40
=== matsubara is now known as matsubara-afk
hallynstgraber: it works fine as far as running with open fds.  running lxc-test just to be sure13:47
hallynadded the SRU justification to the bug report13:54
hallynall right i need to change the lxc-test to only duplicate one, not all tests :)  (for testing with empty and primed caches)13:55
jamespagesmoser, reckon we can get New/Undecided to 0 today?14:01
smoserjamespage, apt-get --purge remove samba openldap14:03
jamespagesmoser: +114:03
jamespagesmoser: see my comment above to zul re samba nmbd failures14:04
zuljamespage: no ones uses samba anyways14:04
hallynstgraber: tests pass14:05
stgraberhallyn: cool14:05
zuljamespage: thats old sk00l14:06
jkyleso, a question. when deploying the MaaS + Juju, you have to have the initial MaaS server to orchastrate the rest of the nodes. And, if I understand juju's model, it has to have a provider like MaaS, EC2,OpenStack, etc. to manage a node.14:08
jkyleThat leaves the MaaS/admin node unmanaged. so it has to be set up manually. Have a missed a feature/ability of juju or some such?14:09
jkyles/Have a/Have I/14:09
hallynjamespage: o/14:11
jamespagehey hallyn14:11
hallynheh, sorry, that wasy supposed to be \o/14:12
hallynbut one \ gets filtered by my input script :)14:12
martmanis there a guide/wiki somewhere for installing xen on 12.04? i cant seem to find much14:15
zuljamespage: filed the python-webob sru btw14:26
jamespagezul: nice one14:26
smoserjamespage, so https://bugs.launchpad.net/ubuntu/+source/nmap/+bug/1003326 is confirmed?14:29
uvirtbotLaunchpad bug 1003326 in nmap "IPv6 hosts incorrectly reported down" [Undecided,Incomplete]14:29
smoseryou left incomplete.14:29
jamespagesmoser: yes it is - I was just looking to see if nmap6 fixes ipv6 stuff14:30
jamespagemethinks we might be overlapping14:30
smoseryeah. i was acutally buildin gnmap614:30
smoseron a brain-dead-hope-it-works merge.14:31
biebany lightdm gurus around?14:35
smoserjamespage, well, simple merge failed. so that'd be more work to figure that out (i just tried building hte debian package). didn't even bother with building nmap14:35
smoserbuilding nmap outside of ubuntu package.14:36
smoseri'm always confused as to what constitutes triage.14:36
jamespagesmoser, I think thats probably a step to far TBH14:36
jamespageits about confirming bugs in the current version in the archive - rather than their absence from a future version14:37
* apw has hit an upgrade bug on a server package (lucid->precise) is there somewhere these get tracked for the .1 point release ?14:42
apwbug #100397114:42
uvirtbotLaunchpad bug 1003971 in isc-dhcp "on upgrade lucid -> precise /etc/default/isc-dhcp-server is not migrated" [Undecided,New] https://launchpad.net/bugs/100397114:42
apwDaviey, ^^14:43
Davieyapw: the bug task is pointed to .1.. so it should be good14:48
Daviey(we need to do some work to create better SRU reports)14:48
Davieythanks for letting me know14:48
jkyleDaviey: hey, what do you guys use to orchastrate your initial admin node?14:49
apwDaviey, heh yeah only cause i pointed there :)14:51
jamespageadam_g, is the no-change rebuild still required for openldap for bug 990742?14:55
uvirtbotLaunchpad bug 990742 in openldap "slapd fails to upgrade: requires libsasl2-2 (>= 2.1.24) installed" [High,Fix released] https://launchpad.net/bugs/99074214:55
stgraberhallyn: nice to see Christian's patchset on lxc-devel this morning!14:58
jamespageanyone know anything about how kolab works?15:03
mr-richIs https set up by default on Ubuntu Server 12.04?15:04
zuljamespage:  it needs php i think15:05
jamespagezul, more wondering what it does with openldap configuration15:05
jamespagebug 99484315:05
uvirtbotLaunchpad bug 994843 in openldap "package slapd 2.4.25-1.1ubuntu4.1 failed to install/upgrade: ErrorMessage: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/99484315:05
jamespageI *think* its failing because it can't access the kolab ldif files...15:06
zuljamespage: its a recommend for kolabd15:06
jamespagezul, yeah - I just read the README - it has a kolab_bootstrap step which munges your system15:07
zuljamespage: bah15:07
jamespagesorry - that sounded derogatory to kolab - 'configures' would be a better work15:07
=== koolhead17_afk is now known as koolhead17
tashI setup software raid on my server that has 2 drives in it. It is RAID1.  If I lose a drive, do I have to do anything to rebuild the array?15:29
tashOr does it rebuild on its own when I put a new drive in?15:29
stgraberhallyn: wrt close-fds, I'm wondering if it doesn't make sense to actually completely drop the option but just keep it in the SRU15:31
stgraberhallyn: IIRC upstream LXC never actually released a version with that change so I don't see any reason to keep backward compatibility with something that was never released15:31
hallynstgraber:  but we want the option to keep working for precise15:37
stgraberhallyn: correct. Your debdiff looks good for the SRU, I just don't think we want to use that one for quantal and upstream15:38
hallynstgraber: quantal and upstream already automatically close them, so there's nothing to do15:40
stgraberhallyn: ah, ok, I missed that sorry.15:41
hallynoh, maybe not.  what on earth15:41
hallynstgraber: upstream does seem to have -C --close-all-fds option15:41
hallynbut, apparently, when that isn't specified, it simply warns but doesn't fail nor close the fds15:42
hallynif im' reading this right15:42
stgraberand I just confirmed that quantal still lists --close-all-fds in --help, I think this should go away15:42
hallyndo you have a precise lxc handy?15:42
stgraberyep, I have precise lxc pretty much everywhere15:42
hallynsorry i meant a quantal lxc15:43
stgraberI have that too15:43
hallynso you could run the testcase from the bug description15:43
hallynand see if it starts the container15:43
stgraberexcept the kernel in quantal is still buggy and tends to oops/panic on container startup :)15:44
stgraberlet's try, maybe I'll be lucky and will just get an oops ;)15:44
hallynstgraber: as for remving the close-all-fds, i think maybe we should just suggest it upstream but let them do it15:45
stgraberhallyn: ./execme works fine on qunatal15:46
hallynand 'works' means the container starts up?  :)15:47
stgraberhallyn: I'll send an e-mail to lxc-devel with a proposed patch to drop --close-all-fds (making it clear it's just a suggestion :))15:48
* jamespage high 5's smoser15:51
jamespagehttp://reports.qa.ubuntu.com/reports/ubuntu-server/triage-report.html - New/Undecided bugs == 015:51
smoser1 bucket empty.15:51
smosernow noone open any new bugs!15:51
jamespageonly 252 in the next bucket!15:52
lynxmanjamespage: "only" :)15:53
RoyKtesting one two15:53
stgraberhallyn: I'm not sure I see why --close-all-fds isn't needed on quantal. Looking at the code, it's only set to 1 if -d is specified.15:55
lynxmanRoyK: three15:55
RoyKthanks ;)15:56
RoyK<offtopic>just doing some testing to see if irssi is logging while on an encrypted fs, which is automatically closed when I log out, and it seems at least it's buffering sufficiently to flush it when I get back in...</offtopic>15:57
biebUbuntu 12.04 LTSP.. connecting to Active Directory with Likewise, to get the other user option back, one must disable the user list and guest account in lightdm or use the gtk greeter... is it as simple as going into lightdm.conf and change the line greeter-session=unity-greeter to "gtk-greeter" or is there more to it?16:01
stgraberbieb: http://paste.ubuntu.com/1004958/16:02
stgraberbieb: for /etc/lightdm/lightdm.conf16:02
hallynstgraber: no, case 'C': args->close_all_fds = 1; break16:02
biebstgraber: awesome! will try it now16:03
stgraberhallyn: right, but that should only apply when called with -C no?16:05
stgraberhallyn: I don't see why close_all_fds would be set to 1 if I don't start with -C or -d16:05
hallynmy_longopts has {"close-all-fds", no_argument, 0, 'C'},16:05
hallynso if you pass --close-all-fds, it'll send 'C' tothat fn16:06
=== zooko` is now known as zooko
hallynso, the argument is there.  But it's quite useless to have not passing the arg as an option :)16:06
zookoHey folks! Does anyone have strong juju fu and you value privacy and security for end users, and you want to collaborate on writing a charm for Tahoe-LAFS?16:07
zookoI think it should be pretty easy.16:07
stgraberhallyn: right, let me rephrase that then ;) I don't see why close_all_fds would be to set to 1 if I don't start with one of -C, -d, --daemon or --close-all-fds16:07
zookoFor one thing, Tahoe-LAFS servers do not need to do anything in response to other servers or clients coming or going.16:07
zookoSo that's some charm code that we don't need to write right there. :-)16:07
hallynstgraber: correct, it would not.16:08
stgraberso WTH is execme working on quantal? it should surely fail :)16:08
hallynno, it is giving you a warning message and then not failing, bc the code to make it fail was taken out :)16:09
stgraberoh right, it'll print a warning "inherited fd %d" but won't actually close the fd...16:10
zookoAlso, Tahoe-LAFS is already in Ubuntu, so we don't even need to configure a PPA.16:10
hallynright.  IMO a worse behavior than failing :)16:10
stgraberagreed... I'll send a patch dropping all the close_all_fds stuff and making the close() stuff the default (instead of printing a warning)16:11
stgrabernow things make sense ;)16:11
hallynexcellent :)16:11
stgraberhallyn: looking at the code, I'm not sure to understand the reason for the "goto restart" in the loop iterating all the fds, was there an actual problem with just calling close(fd) and continuing?16:14
hallynstgraber: yes, because originally that was then where we returned an error16:14
hallyn(look at the precise package's code)16:14
hallynso you can get rid of that now16:14
stgraberoh, right, yeah, makes sense :) whoever moved it to a warning probably could have removed the goto though...16:15
hallynyeah i don't know when that happened.  it may have been a merge of two patches.  (it's possible i did it, but i don't think so)16:16
hallynyeah that was a commit by Greg Kurz (92c7f6295518decd3989b2790d758888551e7d9a)16:18
grendal-primeok..this is sort of irratating16:20
grendal-primeI have a bit of a "involved" network configuration (vlans..and openvpn bridging to them ..stuff of that nature right)16:21
grendal-primewell for whatever reason on system boot i get this....prolonged networking start up.16:21
grendal-primewaiting for network configureation.  then Waiting 60 more seconds for network configuration...16:22
grendal-primethen "booting system without full network configuration"16:22
grendal-primeeverything seams to work right. but i dont understand what it does not like and more importantly i dont like the 2 min prolonged boot time.16:23
RoyKgrendal-prime: server? if so, pastebin output of ifconfig -a and pastebin /etc/network/interfaces16:25
grendal-primeya its server..16:26
RoyKgrendal-prime: only thing I can think of is that using eth0:x is somewhat outdated, but then, using the iproute2 way with 'up ip addr add ...' probably won't let you specify the vlan16:33
grendal-primeshould i set up the vlan using a raw device16:41
=== matsubara-afk is now known as matsubara
grendal-primei thought that the eth0.1 was the way to do it now?16:42
stgraberhallyn: I really need to spend a couple of hours playing with git send-email... every time I have to use it I end up spending 30min trying to figure out the right way of calling it and it never sends exactly what I want ;)16:44
hallynI think I always just do : git format-patch -o subdir -n HEAD~n; cat > intro_msg << EOF ... EOF;  then git-format-patch --no-chain-reply-to --to thelist --compose subdir (:r intro_msg in editor)16:46
stgraberhallyn: yeah, I guess I should switch back to doing format-patch and send-email separately, being able to do it in a single call is nice until you want to change anything ;)16:48
adam_gjamespage: bug 1003854 looks to be something different than what i had fixed via SRU16:48
uvirtbotLaunchpad bug 1003854 in openldap "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] https://launchpad.net/bugs/100385416:48
rbasakI just git format-patch and then just cat and :r in mutt when writing my email16:48
hallyncringe - yeah i like to stage everything ahead of time :)16:49
zulhallyn: ill fix dwarves17:00
hallynit's broken?17:02
zulhallyn: ftfbs due to some multi-arch issue (mterry is doing the mir)17:04
hallynzul: thanks17:04
RoyKgrendal-prime: seems ip(8) has vlan support these days17:04
RoyKgrendal-prime: but I don't get it - you have an ip address on that interface and then a tagged vlan virtual interface on the same?17:04
RoyKgrendal-prime: is eth0 connected to a tagged vlan port on the switch, or an untagged one, or are you using a mix? a mix would probably be quite messy IMHO17:06
RoyKgrendal-prime: or, on what vlan does belong?17:07
RoyKgrendal-prime: if it's a tagged vlan interface, the address set on eth0 won't get any connection...17:08
grendal-primei always get confused about this.17:11
RoyKok, is eth0 connected to a tagged port?17:12
grendal-primethe vlan is physically attached to the eth0 (aparetnly)  I then bridge my vpn traffic to it17:12
RoyKthe vlan isn't physical ;)17:13
grendal-primeshould i just add another interface for the vlan?17:13
grendal-primeok soo let me explain what i am trying to do..17:13
grendal-primeyou might be able to explain a better path.17:13
RoyKgrendal-prime: no, what I'm saying is that the port in the switch to which your server is connected, is usually configured as either a static port or a tagged port, static being a member of one (or sometimes more) VLANs17:14
RoyKor, can be a "tagged" port, accepting VLAN-tagged packages17:14
RoyKnot packages17:14
RoyKa tagged frame is like any ethernet frame, but with a VLAN tag attached17:14
grendal-primei have alot of vpn clients that all connect with a tap and bridge to a huge network space.  (ya i understand the traffic is taged.)17:15
RoyKit can also be a "mixed" port, allowing both untagged frames and tagged ones, but personally I find that messy17:15
grendal-primeok well the eth0 is a public interface17:15
RoyKI'm talking about the switch port17:16
RoyKnot sure here - vpn clients attach to tap and it's *bridged* to the inside?17:16
RoyKwouldn't it be easier to route it, to stop unwanted broadcasts and whatnot to pass through?17:17
grendal-primeya but that would require changes to clients wich we do not have the ability to do17:17
grendal-primei want to bridge the traffic to a vlan.  (this has to do alot with the fact that the appliances that are connected point to a specific ip address)17:18
RoyKok, so apparently, the port in the switch is in mixed mode, meaning untagged traffic goes to port N as decided by the switch, and it allows some other (or all) VLANs set by the OS17:18
grendal-primethe machine is a vm17:19
grendal-primeby the way it does work...the way it is configured.17:19
zuladam_g: after f1 is uploading we can start thinking about SRU17:19
RoyKand the host handles the different VLANs?17:19
* RoyK wouldn't setup a system like that, not like that, or perhaps, at gunpoint17:20
grendal-primeRoyK, the info i pastedbined is all from the openvpn server (ubuntu12.04)17:21
grendal-primeit is a vm on vmware17:21
grendal-primeya well i dont have much choice17:21
RoyKhence the gunpoint? ;)17:21
RoyKok, so it works, but takes a while to boot up?17:21
grendal-primeas far as the vlan.  what is the best way to set that up.17:21
grendal-primeya it works great..but like i say..the error bothers me17:22
grendal-primeand slows down the boot...but back to the vlan..17:22
grendal-primeis thats what it dows not like..what would make it..well..cleaner?17:22
RoyKgrendal-prime: AFAICS, iproute (or ip(8)) doesn't support that flexibility with VLANs(yet?)17:23
grendal-primeshould i add another interface and associate the vlan with that ?17:23
RoyKno, an interface belongs to its hardware (or virtware if you want)17:24
RoyKI was just a bit confused with both eth0 and eth0.1 having connections with eth0.1 being the only one tagging frames17:25
grendal-primewell i have to have a physical device for the vlan.17:26
grendal-primei always thought of it as...a container for the lan17:26
grendal-primesorry a container for the vlan.17:26
grendal-primeso would it help if i just make another interface that is just for vlans?17:27
grendal-primeim a little confused why a vlan has to have a physical interface at all honestly17:27
RoyKif vmware could give that vm a "physical" interface for that vlan, that would probably be the easiest17:28
grendal-primei was under the impression that a vlan is like a ...virtual box that you can put networkable connections onto..like a software switch...17:28
RoyKmy short version: If you want to separate two LANs on a switch, use two VLANs, say, ports 1-12 for VLAN1 and ports 13-24 for VLAN2. Then someone says "let's connect another switch", and you use port 25 for VLAN trunking, meaning "tagged VLAN" in which the ethernet frames are prefixed with a small tag saying "I belong to VLAN X"17:31
RoyKthat way, you can configure a firewall with, say, four networks on the same NIC, given a switch supporting VLAN tagging like 802.1Q17:31
stgraberhallyn: will you have some time later this afternoon to review the lxc SRU? it looks like it's going to be a pretty big one17:32
grendal-primeare you mixing subinterface type traffic with vlan..because my understanding was subinterface traffic is just thrown around with everthing else on the interface were vlan tagging is taged and the phisical interface traffic does not see it17:33
grendal-primeis subinterface traffic what you mean when you say untaged traffic?17:33
RoyKgrendal-prime: pre-up vconfig add eth0 117:34
RoyKthat's vlan tagging17:34
RoyKoh, why is that under eth0.1?17:35
RoyKgrendal-prime: try moving those vconfig lines under th017:35
stgrabergrendal-prime: defining eth0.1 is enough to tell ifupdown to setup VLAN ID 1 on eth0, no need for the pre-up/post-down17:37
stgraberhaving them there will most likely mean one of them returning non-zero breaking part of your setup17:37
RoyKstgraber: vconfig is VLAN (802.1q) things - a virtual NIC!=VLAN17:38
stgraberRoyK: as the maintainer of the vlan tool and ifupdown, trust me, I know ;)17:39
RoyKstgraber: :)17:39
grendal-primelooks like i came to the right place17:39
stgraberhttp://paste.ubuntu.com/1005121/ is my test machine17:39
grendal-primeok stgraber sooo you can tell me what the bootup check does not like in there?17:40
stgraberas you can see, you can perfectly define an interface called <physical interface>.<VLAN-ID> and it'll just work, no need for pre-up or post-down17:40
RoyKstgraber: sorry, misundestood there - : =! . in this setting, right?17:40
RoyKgot it17:40
stgrabergrendal-prime: you can check in /var/log/upstart/network-*.log but my guess is that your pre-up and post-down are breaking it, try to comment them and see if that solves it (they shouldn't be needed)17:41
RoyKstgraber: thanks :) (not that I'm grendal-prime, but I learned another thing just now)17:42
stgraberthe ifupdown vlan hook will automatically run vconfig as a pre-up if the interface entry in /etc/network/interfaces contains a . followed by a vlan id. Running vconfig twice will likely fail, causing the interface to fail to come up and your system to hit the 120s fallback code17:42
stgraberRoyK: http://www.stgraber.org/2012/01/04/networking-in-ubuntu-12-04-lts/ contains some more if you're interested, trying to cover the changes that happened in 12.0417:43
grendal-primei knoticed in your config you dont specify a vlan anywhere..17:43
grendal-primeim just asking by the way17:43
stgrabergrendal-prime: I do, read carefully :)17:44
stgraberauto bond0.100517:44
stgraberiface bond0.1005 inet dhcp17:44
grendal-primeauto bond0.1005  ?  does that syntax just imply a vlan?17:44
RoyKimplies vlan 100517:44
stgraberthese two lines mean, create a interface bond0.1005 that's VLAN 1005 on top of bond0 and run dhclient on it17:44
grendal-primeok cool i didnt realize that would do it17:45
stgraber"man vlan-interfaces" also contains some examples of the supported syntax17:45
grendal-primethan you very much.17:45
* RoyK just found out that Windows 2008R2 server doesn't have native support for VLAN at all, but allows the NIC driver software to add some17:47
grendal-primeand i know why that is17:48
RoyKthe win thing?17:48
grendal-primewindows suck...and blows...at the same time!  It sort of   "Blucks"17:48
RoyKwindows sucks, sure, but I'd have thought not that badly17:49
=== dendro-afk is now known as dendrobates
grendal-primeit was working for me some time back...but after some time...it started sucking again..pretty quickly really17:49
stgraberyeah, Windows never had VLAN support for some weird reason... maybe to try and get people to buy more managed switches and NICs17:50
grendal-primethats exactly why17:50
grendal-primethey sell some sort of software switch im sure for 1200 bucks17:50
RoyKstgraber: most larger setups have managed switches, but I was setting up a 10Ge NIC for some Hyper-V node and it'd be rather nice to have that VLAN support in the OS and not in some driver with no support from M$17:52
grendal-primeactually the sofware switch will be 10 the piece of digital pvc reducer that is needed to connect it is 1190 bucks17:54
RoyKnot that M$ support matters much - it's merely worthless anyway17:54
grendal-primeits great if you get paid by the hour17:54
grendal-primeyou can even play light sports while you are waiting.. just need  a blue tooth headset.17:55
RoyKreally, unmanaged switches isn't much fun in a large network17:55
RoyKI know they're overpriced, but then, I'm not the one paying17:56
RoyKbut try to setup a redundant network with non-managed switches without SPT and you'll have a hard time17:57
RoyKSTP even17:57
patdk-wkheh, I have a single 8 port unmanaged switch, not used18:08
patdk-wkonly use l2 or l3 switchs everywhere, even at home18:08
patdk-wkI love vlans :)18:08
shimoanyone know how to get OS on bochs emulator to communicate with browser on localhost? Bochs can hear browser request, but browser can't hear Bochs.18:09
hallynstgraber: one thing,18:13
=== dendrobates is now known as dendro-afk
hallynstgraber: have you tested with two open fds?18:14
hallynstgraber: bc i'm not sure that readdir() won't get messed up after you close one of the files18:14
hallynafter all, /proc/self/fd/5, after you close it, goes away, and changes the list of files under /proc/self/fd :)18:14
hallynI'm not sure whether readdir caches and is safe from that18:15
stgraberoh, good question. I didn't test that case, no. I'll test it once I'm done with the SRU (which wouldn't be affected by that problem anyway)18:15
hallynright iw as just looking at your email.  would be easy enough to write a standalone test prog :)18:16
hallynmaybe i'll do that.  be fun.18:16
stgraberyeah, I supposed you could just do two fopen, then call the same loop looking at /proc/self/fd and trying to close them, see what happens18:17
jkylewhen using juju in combination with MaaS can you specify which servers are to be used for which services?18:19
axisyshow to find the exact size of disk?18:20
axisysvgdisplay or pvdisplay does not give it18:21
hallynstgraber: eh, my stupid testcase suggests it's fine18:21
hallyn(I fopen 3 files, do a similar loop closing the files, and look at the remaining /proc/self/fd/ contents at end)18:21
stgraberhallyn: good :)18:23
axisysalso how do I find the disk rpm?18:24
stgraberSpamapS: hey, SRU question for you. I'm working on the next lxc SRU. Quantal got quite a few improvements to lxc-ubuntu that I want to SRU (missing entries in /etc/hosts, hardcoded ubuntu releases, wrong package list, potentially racy DNS config, ...) but there also are 1-2 changes that are just cosmetic (replacing making space indent consistent, adding the missing header to /etc/network/interfaces)18:25
axisysfond some info in dmesg18:25
axisys[   10.377599] ata1: SATA link up 3.0 Gbps (SStatus 123 SControl 300)18:25
axisys[   10.451994] sd 0:0:0:0: [sda] 3907029168 512-byte logical blocks: (2.00 TB/1.81 TiB)18:25
axisys[   10.384558] ata1.00: ATA-8: HITACHI H7220AA30SUN2.0T 1031MS6EHZ, JKAOA28A, max UDMA/13318:25
stgraberSpamapS: I could certainly cherry-pick the 90% of the changes we want and skip these bits, but as it's changing the indent, it's going to make it a pain for any other fix we want to backport later on18:25
axisysgoogle gave me the rest18:26
stgraberSpamapS: so are you fine with me pushing these cosmetic changes along so we can keep the patches identical and keep the ability to cherry-pick whole patches without having to rebase them all everytime?18:26
SpamapSstgraber: yes, a cleaner patch is much better than a weird one. :)18:30
SpamapSstgraber: make it easy on us in the SRU team, and we'll make it easier on you. :)18:31
stgraberSpamapS: perfect, thanks. Any preference on the changelog side? I was wondering if it's worth splitting the actual bugfixes from the nice to haves that we get by pulling the whole patch?18:32
RoyKaxisys: just cat /proc/partitions - that's the easy way18:32
grendal-primestgraber, thanks man you were right i took those out and it booted rigth up18:33
grendal-primei was using a gui tool to manage that..(i was asked to do that)  it added those i believe18:34
zuladam_g: ping for 979745 the patch has made it into stable/essex right?18:34
RoyKgrendal-prime: gui tools are worthless compared to configuring things the right way ;)18:35
zuladam_g: nm i answered my own question18:35
grendal-primeagreed. unfortunatly its not always my call.18:35
grendal-primeand if i dont try out what they want to use..i cant explain why they should not use it18:36
SpamapSstgraber: the changelog needs to document all the bugs that are being fixed18:36
SpamapSstgraber: and be somewhat human readable18:36
SpamapSstgraber: other than that, I think its up to you18:36
=== nxvl_ is now known as nxvl
adam_gzul: http://paste.ubuntu.com/1005256/ going to upload glance f1 unless you've got any objections18:45
zuladam_g: ensure_versioned_db_models.patch why isnt it upstream again?18:46
zulother than that i dont18:46
adam_gzul: not sure if its upstream-able.  i hope to work that out in the coming weeks18:47
zulim fine with it18:47
stgraberhallyn: hmm, while reviewing the lxc-ubuntu delta between precise and quantal I noticed that we apparently upgrade the chroot twice in download_ubuntu, can you take a look? I believe it's your code :)18:51
hallynlemme check18:52
hallyn"cause I don't believe you" :)18:52
stgraberit looks like you do it once without lxc-unshare and once without, so it looks like a bad merge18:53
zulhallyn: cmake is fun18:54
hallynstgraber: oh, in q.  i was looking in p18:57
stgraberhallyn: yeah, in q. I noticed it when diffing p and q for stuff to document in the changelog18:58
stgraberhallyn: another thing I noticed and isn't mentioned in the changelog is added mac_override to the list of dropped capabilities18:58
hallynthe list of dropped caps went back and forth last cycle iirc18:59
stgraberI'm not going to get these two for the SRU as the upgrade code looks like a merge mistake and I can't find the rational for dropping mac_override18:59
hallynanyway the duplication is also upstream18:59
stgraberoh, nice :)18:59
stgraberhallyn: planned SRU: http://paste.ubuntu.com/1005289/19:01
hallynstgraber: yeah commits 2e44ed1e647d9fd1544b7ad855bda22ca71abd12 and 15da01b3938d7ba45472e6c9d3b183a94dd86ca9 both introduce that bit19:02
stgraberhallyn: k, do you want to take care of fixing that in Quantal and upstream or should I put it on my list?19:03
hallynheh, oh no, did we duplicate the effort of writing a patch to remove '()' from cleanup()?  :)19:03
stgraberoh, no, just put it under the wrong name :)19:04
stgraberI cherry picked yours19:04
hallynsigh.  can i ask, is there an advantage to have every line in lxc-start-ephemeral be sudo'd, versus just requiring sudo access to lxc-start-ephemeral?19:05
hallyni mean, thinking in therms of an admin having to give sudo access to each tool...19:05
hallynas well as cleaning up the script itself19:06
hallynI realize something needed to be done, but i woudl think the thing to do is remove all sudo calls19:06
hallynzul: "what was wrong with make?"  :)19:07
hallynstgraber: in any case, that's one honkin' patch, but nothing stands out to me that woudl be wrong.19:10
hallynpasses the tests I assume?19:10
hallynstgraber: oh, I'll send the patch to fix the template.  thanks.19:10
stgraberhallyn: I wondered the same for lxc-start-ephemeral, the problem is that it unfortunately kind-of works in 12.04 without these fixes, so I can't simply change the behavior in the SRU19:11
hallyngood point19:11
stgraberhallyn: I'd definitely be happy to drop all the sudo calls in quantal and check for root privileges though19:11
hallyngary_poster: ^ can you give a good reason not to do that?19:12
stgraberhallyn: haven't tested it yet ;) I just wanted to make sure I have everything in there, I'll now push it to my PPA for a test build, then run the tests against it.19:14
stgraberhallyn: where's your lxc test suite again (for some reason I don't have it around anymore...)?19:14
hallyni didn't find any other bugs that still have 'needsru' tag19:14
gary_posterhallyn, +1 on removing sudo calls19:14
gary_posterthey don't quite work anymore anyway IIRC19:15
hallynwell stgraber fixed those.  but i don't like them :)19:15
stgrabergary_poster: well, they work now in Quantal and will be fixed in Precise with the SRU ;) it's just that it makes the code quite complicated when it could just be fixed by calling the whole thing with sudo19:15
gary_posterstgraber, heh.  As I said, I'm +1 on simplifying and removing19:16
gary_poster"it seemed like a good idea at the time..."19:16
gary_posterbut in retrospect maybe not so much19:16
hallynstgraber: so you have no fixes queued for quantal right now?19:17
hallynnot sure i want to push a new version just for this little fix19:18
stgraberhallyn: nope, nothing queued here19:18
stgraberhallyn: I opened a bug for it so we don't forget it, so if you want to simply stack it in the branch, I guess that's fine19:19
=== dendro-afk is now known as dendrobates
hallynstgraber: I don't see the bug yet.  do you have a #?19:24
hallynstgraber: meanwhile, we should at some point brainstorm about bug 100388819:24
uvirtbotLaunchpad bug 1003888 in lxc "corrupted kernel messages being logged to syslog" [High,Confirmed] https://launchpad.net/bugs/100388819:24
=== dendrobates is now known as dendro-afk
stgraberhallyn: bug 100411819:27
uvirtbotLaunchpad bug 1004118 in lxc "Duplicate upgrade code in lxc-ubuntu in Quantal" [Undecided,Triaged] https://launchpad.net/bugs/100411819:27
zulhallyn: dwarves ftbfs fixed19:27
stgraberhallyn: Launchpad likes hiding any bug that's fixed in the dev release and not in SRU, so I'm now using this instead: https://bugs.launchpad.net/ubuntu/+source/lxc/+bugs?field.searchtext=&orderby=-date_last_updated&search=Search&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.status%3Alist=FIXRELEASED&field.status%3Alist=INCOMPLETE_WITH_19:28
stgraberhmm, I doubt IRC will have let me paste it in one chunk...19:28
stgraberhallyn: http://goo.gl/jW02g19:29
hallynstgraber: i guess that's probably a more robust solution than adding 'needsru' tags :)19:30
hallynall right, i feel like i've fiddled the day away with nick-nack bugs :)  one more though (libcgroup)19:31
stgrabergary_poster: can I get you to update the description of bug 994752 with the needed information for the SRU?20:08
uvirtbotLaunchpad bug 994752 in lxc "lxc-start-ephemeral's use of dhcp lease table is fragile" [High,In progress] https://launchpad.net/bugs/99475220:08
gary_posterstgraber, will do.  tomorrow ok?20:09
stgrabergary_poster: yeah, I'll probably upload to -proposed in an hour or so (waiting for test suite to finish running) but the packages won't land into -proposed until tomorrow I guess20:09
gary_postercool stgraber I made a todo and will ping you when done as well20:11
stgrabergary_poster: cool, thanks20:12
bencord0hi, I've been trying out ubuntu 12.04 MaaS and I'm trying to add it to my own network.20:17
bencord0https://wiki.ubuntu.com/ServerTeam/MAAS#Configuring_DHCP says that I can use my own dhcp server, but I can't find any documentation.20:17
bencord0I'm using ISC dhcp btw20:17
=== Arc_ is now known as a5m0
bencord0anybody know what options the dhcp server needs to send out?20:18
RoyKbencord0: iirc the trick is to set the boot server parts and point it to the right server20:18
bencord0RoyK: any idea which ones they are? I'm assuming it's just a PXE boot or similar mechanism, but I don't know which options to use20:20
RoyKbencord0: no idea, for tftp boot, 66,67 seems likely20:22
RoyKbencord0: or google tells me so ;)20:22
patdk-lap_dhcp = 67/68 and tftp is 6920:26
bencord0I think I figured it out, ISC DHCP has an option literally called 'next-server'20:27
bencord0I've just added ... "next-server <ip>;" to my /etc/dhcp/dhcpd.conf and restarted20:28
bencord0no complaints so far20:28
bencord0but I still need a 'option bootfile-name' line20:31
RoyKman dhcp-options20:33
bencord0I mean, I need the string to put into that option. it's a file name20:34
stgraberhallyn: test suite passed, uploaded to -proposed and poked #ubuntu-release about it so whoever sees it first isn't too scared at the big diff and changelog :)20:37
bencord0Ahah! found it21:12
bencord0option bootfile-name "/pxelinux.0";21:12
bencord0there were some hints under /etc/cobbler/dhcp.template21:13
roaksoaxadam_g: I can have various nova-schedulers for a single availability zone right? Or only 1? And what's the maximum amount of compute node's per scheduler?21:31
koolhead17hi roaksoax i suppose you can have only one scheduler and there is no limitation on number of compute node on a scheduler in a availablity zone21:38
adam_groaksoax: you can have many schedulers21:39
* koolhead17 scratches his head. adam_g i will test it tomorrow then21:40
roaksoaxadam_g: so do the schedulers share information about what they have been loadbalancing between compute nodes?21:41
roaksoaxadam_g: e.g. I can have 2 compute nodes and 2 schedulers and both schedulers balanace instance initiation between the two compute nodes?21:42
adam_gkoolhead17: i could be full of it, but IIRC they're just popping jobs of the message queue21:42
adam_groaksoax: you can, the scheduling policy used is configurable21:42
roaksoaxadam_g: ok cool, I'll look into that. Thanks for the info21:43
adam_groaksoax: compute hosts utilization is stored in the database, some schedulers use that information to make intelligent decisions as to where to cast new VMs21:43
koolhead17adam_g, yes sir. your right seems like i screwed up my config last time then21:44
adam_groaksoax: i havne't played around too much with the scheduler but you should look through the code. i know the default scheduler does some intelligent scheduling based on host utilization (memory, cpu, etc)21:44
=== matsubara is now known as matsubara-afk
roaksoaxadam_g: ok cool21:44
urthmoverhow do I figure out what the latest current stable version of apache is?21:45
roaksoaxadam_g: does this make sense to you? Am I correct? http://pastebin.ubuntu.com/1005564/21:46
adam_groaksoax: what is this for?21:49
adam_groaksoax: the first line is debatable :)21:49
roaksoaxadam_g: its the proposal I'm writing for integrating Powernap into OpenStack21:51
roaksoaxadam_g: and I'm gonna use it for a class I have lol21:51
blendedbychrisany idea21:53
blendedbychriswhere can i find out how to setup snmp for a remote monitoring system?21:53
blendedbychrisi installed it and am a bit confused as to how to add users21:53
jmedinawhat is that remote monitoring system?21:54
jmedinablendedbychris: do you want to configure the snmpd agent with snmp v3?21:55
blendedbychrisjmedina: it's solarwinds something something...21:56
blendedbychrisi think so?21:56
blendedbychrisi installed snmpd is all so far and commented the listen on localhost only and uncommented the 163 port listen21:56
jmedinawell that is all you need for a simple setup with snmp v1 or v3, if you want to use authentication, you need to setup snmp v321:57
jmedinaI always use the guide in the cacti wiki21:57
jmedinaI dont know if there is a official guide for ubuntu21:58
blendedbychrisokay how do i do the latter… it says not to edit /var/lib/snmp/snmpd.conf in that file but it says otherwise in /etc/snmp21:58
jmedinaprobably this can help: http://www.fineconnection.com/How_to_install_and_enable_SNMPv3_on_a_linux_system_for_authentication_en_encryption_testing21:58
blendedbychriswhich dern file do i put creds in heh22:01
blendedbychrisah i think just the createUser tokens :)22:01
blendedbychriswould help if they just put that first stuff in that lib file22:02
ZenMasterI have an issue with tomcat7 running on ubuntu-server and users not being able to login.22:03
jkyleanyone seen badly behaving apparmor with tcpdump issues before?22:08
jdstrandjkyle: please file a bug against tcpdump if you have apparmor denials22:09
jkyleit's tough to debug, going ot go poke around. but when it happens it crashes networking22:09
jkyleso I get kicked from the VM22:09
jdstrandjkyle: are there apparmor denials in /var/log/kern.log?22:09
jkylesec, gotta get into the dom0, kill the libvirt process, restart the vm, etc.22:10
jkylethis is all we really get22:13
jkyletype=1400 audit(1337897559.713:10): apparmor="STATUS" operation="profile_load" name="/usr/sbin/tcpdump" pid=470 comm="apparmor_parser"22:13
jkyleMay 24 22:12:39 i-00004bd4 kernel: [   13.465149] init: failsafe main process (423) killed by TERM signal22:13
jkylein kern.log22:14
jdstrandthen it shouldn't be apparmor22:14
jkylewe see this intermittantly (tcpdump killing eth0 on virts)22:14
jdstrandif you want to be sure, you can do 'sudo aa-disable /etc/apparmor.d/usr.sbin.tcpdump'22:14
jkylehad an engineer report that he got rid of it by killing apparmor22:14
jkylehm, no aa-disable22:15
jdstrandthere are no silenced denials in the tcpdump profile22:15
jkylelooks like a 10.1022:15
jdstrandjkyle: sudo apt-get install apparmor-utils22:15
jkyleno hang after disabling22:17
jdstrandjkyle: try this:22:18
jdstrandsudo sysctl -w kernel.printk_ratelimit=022:18
jdstrandsudo aa-enforce /etc/apparmor.d/usr.sbin.tcpdump22:18
jdstrandmaybe you are hitting kernel rate limiting22:18
jdstrandjkyle: do you have auditd installed?22:19
jkyledidn't hang that time22:19
jkylewhat is the unit of the rate limit?22:20
jdstrandjkyle: seems like it probably isn't apparmor, but an intermittent failure22:20
jkylejdstrand: could be that too. the rate limit idea is a start. I'm not keen on bringing this site down during this time of day..but this will give me something to debug around when it pops up again22:21
jdstrandjkyle: fyi, if you have auditd installed, apparmor denials are logged to /var/log/audit/audit.log22:22
blendedbychrisjdstrand: have you configured snmpd yourself?22:46
jdstrandme? not in ages22:47
grendal-primestgraber, hey man23:04
grendal-primeso question..23:04
grendal-primei mean really do i need to give any info to the vlan?23:04
grendal-primeif i just set it to manual..23:05
grendal-primethen bridge my vpn to it.   i guess what im wondering is do i really need to assign an ip, subnet and all that to something that is basically pretending to be switch..that i would not do that to in the first place?23:06
stgrabergrendal-prime: just use "iface <INTERFACE>.<VLAN> inet manual"23:11
grendal-primewhy would i assign one?23:12
stgraberif you use inet manual you won't need to set an address or netmask23:12
grendal-primei mean im just currious i use to set them up just like an interface.  with netmask and all that..  is there any advantage to that?23:14
=== Lcawte is now known as Lcawte|Away
blendedbychriswhy are the configs between lucid and precise for snmpd so drastically different?23:48

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!