[01:11] <marvelouzone> was wondering if someone could help me with a strange problem
[01:23] <marvelouzone> anybody on?
[01:24] <genii-around> !details
[01:26] <smw> genii-around, I like !ask better
[01:26] <smw> !ask
[01:28]  * genii-around makes more coffee and waits for the strange problem specifics
[01:28] <marvelouzone> I have a problem with all passwords stop working the only thing I have installed is zentyal. if I try to log in it tells me incorrect password, on both user accounts that I have. if I do sudo nano, it ask me for password, I enter correct password, and it just drops back to prompt with no error message, if I do plain nano it works, this happensa with any command I put sudo or gksu in
[01:28] <marvelouzone> front of. I cant log in through ssh, ttyl, etc.. I'm lost, Ive been searching for answers for hours..
[01:29] <marvelouzone> I have checked to make sure I'm in the admin group, and I am
[01:29] <marvelouzone> I'm running 12.04
[01:34] <ChmEarl> marvelouzone, sudo -s;grep admin /etc/sudoers
[01:38] <JanC> marvelouzone: are you in the sudoers group too?
[01:46] <marvelouzone> yes
[04:23] <twb> http://paste.debian.net/174600/ WTF?
[04:23] <twb> Oh, never mind, I can't read
[04:24] <twb> Apparently the aptitude full-upgrade I ran five minutes ago, didn't actually run
[04:25] <twb> Ah, because I forgot to teach apt to mount /boot read-write when it is upgrading a kernel
[05:13] <twb> In lucid, what turns on rp_filter?
[05:13] <twb> Because it's on by default AFAICT, but it's commented out in sysctl.conf
[05:14] <twb> Never mind, I can't tell when I'm logged into two hosts at once
[05:14] <twb> MOAR COFFEE
[07:48] <samba35> if i want to use MAAS on thin client what kind of hardware i should have
[07:56] <twb> Sorry, I am not buzzword compliant.
[07:57] <twb> I run netboot end-user Ubuntu 10.04 desktops on diskless machines with an Atom n4xx CPU and 1GB of RAM.  2GB is preferable, but not necessary.
[07:59] <twb> The netboot server is usually an ordinary $1500-ish server and can serve around 100 to 255 desktops.  It would have 7200 SATAs in an md RAID1 or RAID5, one to four gigE NICs bonded together, and 4GB to 16GB of RAM.  I don't know offhand where the bottlenecks are.
[07:59] <twb> If you are netbooting over the internet, obviously that would be the bottleneck.
[08:03] <RoyK> twb: how many drives? in what config? linux md?
[08:04] <twb> RoyK: two (RAID1) or three/four (RAID5).  md, unless I am overruled.
[08:05] <samba35> ok
[08:06] <samba35> do you use boot rom or any other method ? if i want to boot over internet what kind of nic i should use ?
[08:07] <RoyK> twb: k
[08:07] <twb> If you copy the OS into the desktop's RAM, obviously that means you need to increase the desktop's available RAM by the image size (anything from 80MB to 4GB), and that will also severly limit your ability to turn on all the desktops at once.  OTOH it does mean that the desktops can operate stand-alone without network, as long as they don't lose power.
[08:08] <twb> You can guard against transient issues my having the desktop mount the OS partition -o hard instead of -o soft.
[08:09] <twb> But you should understand the full implications of that change before you run with it...
[08:09] <twb> samba35: what nic you use doesn't matter a damn, other than 1) if it's 100MB of gige; and 2) if it has a PXE ROM
[08:10] <twb> I suppose it must also be supported by the kernel.
[08:10] <samba35> ok
[08:10] <twb> You can only PXE boot off the local network, so you will need an on-site device that can act as the DHCP and TFTP server.  Once the kernel and ramdisk are loaded, you can pull the OS down using e.g. HTTP
[08:11] <twb> I would not run NFS over the public internet.
[08:11] <twb> Also I strongly recommend you roll out 12.04, not 10.04.  And use live-initramfs, not casper.
[08:11] <twb> The casper/10.04 stack can be made to work, but it's far more annoying.
[08:13] <samba35> so in nutshell if i want to boot ubuntu i should have some storage space /local boot
[08:14] <samba35> for thin clinet stup
[08:14] <twb> What is your end goal?
[08:15] <samba35> if i want to put ubuntu to boot over internet
[08:15] <twb> But why do you want that
[08:16] <samba35> school student can use this at thier home
[08:16] <samba35> not a good idea ?
[08:17] <twb> What kind of internet connection do they have?
[08:17] <samba35> 512 kb
[08:17] <twb> Guarateed or maximum?
[08:17] <samba35> max
[08:17] <twb> It would be better to just give them a USB key with a live Ubuntu on it, I think
[08:18] <twb> A 2GB USB key will cost perhaps $5, and that's a one-time cost.
[08:18] <samba35> ohh that is good idea and use ltsp
[08:18] <samba35> yes very much true
[08:19] <twb> If you need to periodically update the image, you could do that when they come on site.
[08:19] <twb> e.g. have them hand in their keys once a month for updating
[08:19] <samba35> ok
[08:19] <twb> I am surprised you're talking about LTSP instead of just havnig everything be web-apps
[08:19] <twb> But LTSP will probably be OK over 512kB provided that the school has a decent pipe
[08:20] <samba35> 8 mb for 100 students
[08:20] <twb> if your school also has say 512kbps down / 64kbps up, you are not going to be able to have more than a handful of LTSP users at once
[08:20] <twb> Also it is definitely worth talking to the LTSP people about use NX, because that can significantly reduce bandwidth costs
[08:21] <twb> I do not know if LTSP can do NX yet
[08:21] <samba35> ic
[08:21] <twb> Although really you don't need LTSP, you can just have a live CD that uses normal remote X (or NX) over SSH.
[08:21] <twb> So that would be a bit like having a citrix client on a windows laptop
[08:22] <samba35> ok
[08:22] <twb> It depends how much of the desktop you want to be hosted on the local machine, and how much remote.  Since they're (presumably) going to be running fat client hardware, it makes sense for e.g. the window manager and so on the be hosted on the live USB key, and to only remotely host the app itself on the school app server
[08:23] <samba35> ok
[08:23] <twb> If the app server is a Unix system and has each student as a normal shell account, the only real hard part would be teaching the students to use key-based SSH securely
[08:23] <twb> Otherwise they can use essentially a stock standard ubuntu live CD and then just basically run ssh -X <student account>@<your app server> <the app name>
[08:24] <samba35> students are about 10-15 year age
[08:24] <twb> So probably what you'd do is set up the keypair in advance on the live USB key
[08:24] <samba35> ok
[08:24] <twb> Maybe also print the passphrase on a sticker on the side of the USB key
[08:25] <twb> It's suboptimal, since then *YOU* would also have their keypair, but if they are nontechnical there is not much else you can do
[08:25] <twb> Well you could use password-based auth and forego keys entirely, but I don't like that
[08:26] <samba35> this project is on planning stage once i get some thin clients i will get in touch with you
[08:27] <twb> samba35: are you also givng the students specific hardware?
[08:27] <samba35> may be next week
[08:27] <twb> If so what is your hw budget per student
[08:27] <lynxman> morning o/
[08:27] <twb> Ballpark, I mean -- $100, $500, $1000 or $5000
[08:28] <samba35> if they have already a pc then as you sugguested usb of they cant  pay for then rent
[08:29] <samba35> i was reading more about thin client and arm based thin client are costing around 100 -200 usd that is around 5500 - 11000 indian rupee
[08:29] <twb> Renting would be a pain.  You can get previous-generation netbooks for about $300 new, probably a bit less if you have a bulk buy.  If that is within budget, I would suggest that
[08:30] <samba35> plus key and monitor and mouse
[08:30] <twb> I suggest you stick to x86 (e.g. atom) and avoid ARM unless you have time to fix all the exciting hardware issues that ARM usually has
[08:30] <samba35> so arond 300 us $
[08:31] <twb> For the use case you describe, I would recommend netbook rather than traditional thin client, because it has keyboard/mouse/screen/ups built in
[08:31] <samba35> ok i will go with atom
[08:32] <twb> Since you are a school you might be able to ring up a vendor and get them to do a deal where they get good press in return for a discount
[08:32] <samba35> yes very much true netbook is good option ,they will able to travell also with in school
[08:32] <twb> Also if they are netbooks, you can just flash the netbook instead of using USB keys
[08:32] <samba35> yes
[08:37] <twb> Hmm, current listings seem to be giving *current* generation 10" and 11" netbooks at around AU$330, new
[08:40] <samba35> do you have link so i will also get idea about hardware and software
[08:40] <twb> A link about what?
[08:41] <samba35> netbook price
[08:41] <twb> Well I just went to jbhifi.com.au
[08:41] <samba35> ok
[08:41] <samba35> thanks
[08:41] <twb> Obviously if you are in india, you will need a different site :-)
[08:45] <samba35> yes i just want the make and hardware spec
[08:45] <samba35> did you played with MAAS ?
[08:45] <twb> No
[08:45] <twb> Like I said, I do not do buzzwords
[09:13] <Zanzacar> I keep getting errors that read Assuming drive Cache: write through and failed
[09:13] <Zanzacar> I am not sure why it keeps saying this and there is no way I can do much work since everything is view the terminal
[09:15] <Zanzacar> through not view*
[09:30] <Zanzacar> it appears that it is related to a sdcard reader
[09:50] <ttx> jamespage: around ?
[09:51] <jamespage> ttx: yep
[09:51] <ttx> jamespage: was wondering about progress on your OpenStack PPAs front
[09:51] <ttx> I'm in a hurry to deprecate our own (stale) PPAs
[09:52] <ttx> jamespage: what's the current state ?
[09:53] <jamespage> ttx, let me just check - I think its all running now
[09:54] <jamespage> ttx: https://wiki.ubuntu.com/ServerTeam/OpenStack
[09:54] <jamespage> folsom on quantal is up and running
[09:55] <jamespage> but it would appear that folsom on precise is not yet
[09:55] <ttx> looking
[09:55] <jamespage> I would need to check with zul as to when he expects that to start happening - its linked in with the cloud-archive work
[09:59] <ttx> jamespage: we also need "PPA tracking tip of (Folsom) milestone-proposed on Precise"
[09:59] <ttx> so that we can completely replace the current state @ http://wiki.openstack.org/PPAs
[10:00] <jamespage> ttx, OK - I need to check with zul and adam_g on plans for dealing with milestone-proposed - but we will do something
[10:00] <ttx> jamespage: was supposed to help with producing the cloud archive Folsom updates
[10:01] <ttx> and would replace our "milestone-proposed" testing PPAs
[10:01] <jamespage> ttx, I'm sure you are right (have been working on other things so not as close to what zul and adam_g are doing as I have been)
[10:02] <ttx> jamespage: ok, we'll wait for them
[10:09] <Daviey> ttx: Can i clarify what you are expecting ?
[10:20] <ttx> Daviey: my expectations are well summarized in my May 22 email
[10:21] <ttx> If we have a spot for everything, we can completely deprecate our own setup
[10:21] <Daviey> ttx: I'll re-read and circle back.
[10:21] <ttx> Daviey: awesome, thanks.
[10:21]  * ttx lunches
[11:11] <freddyb> hiya. I just noticed that some lxc problem I have is fixed in precise-proposed and precise updates. when will they arrive on my 12.04 lts server via normal updates?
[11:11] <freddyb> how safe is it to just get the .deb for precise proposed and install manually? i.e. what side-effects would it have?
[11:12] <jamespage> freddyb, you will get 0.7.5-3ubuntu58 as part of you regular server updates
[11:13] <freddyb> the normal apt-get updates, apt-get upgrades?
[11:13] <freddyb> I didn't see it yet. maybe my mirror is just slow then?
[11:13] <freddyb> my hosted server is using a local mirror for apt ;)
[11:16] <freddyb> jamespage? --^
[11:16] <jamespage> freddyb, could be - what do you see with 'apt-get policy lxc' ?
[11:17] <freddyb> E: Invalid operation policy
[11:18] <freddyb> oh cache. nvm :P
[11:18] <freddyb> 0.7.5-3ubuntu58 for Installed and Candidate
[11:20] <freddyb> hm
[11:21] <freddyb> the problem I have looks fixed as of this bug, which went into 53. https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/993706
[11:21] <freddyb> maybe it's another bug I am seeing.
[11:21] <freddyb> lxc-create fails for me, it says permission denied when it mounts proc into the container
[11:40] <freddyb> let's see. I reported it as #1013618
[12:32] <Anomie21> Can anyone help with this cronjob?, I know its the positioning of my quotation marks, but don't know how to fix it, I tried escaping them (as you can see by the /'s) but its still not working  http://bpaste.net/show/WWp04DgpgszmGARPE7rg/
[12:33] <ikonia> Anomie21: please don't cross post your question in multiple ubuntu channels (please)
[12:35] <Anomie21> ikonia: Why not? I remembered about this channel after I made my post in #ubuntu and didnt get a response
[12:36] <ikonia> Anomie21: it was less than 2 minutes after posting it
[12:36] <ikonia> it dilutes the channel, please try to pick the best channel for your needs and focus your questions there
[12:37] <zul> good morning
[13:02] <pmatulis> morning
[13:05] <hallyn> smoser: would you say qemu-io belongs in qemu-kvm or qemu-utils?
[13:05] <hallyn> it's been in qemu-kvm.  i was going to move it, but now i'm thinking it doesn't really belong in qemu-utils after all
[13:05]  * smoser types 'man qemu-io'
[13:06] <smoser> i wouldn't move it from wherever debian has it.
[13:06] <hallyn> ok thanks
[13:25] <zul> jamespage: back from lunch yet?
[13:25] <jamespage> zul: yep!
[13:25] <zul> jamespage:  so im doing some openstack-qa stuff today and working on package installation testing and thinking of using piuparts
[13:26] <jamespage> zul, +1
[13:26] <jamespage> that would be fantastic
[13:27] <jamespage> zul: oh great - https://merges.ubuntu.com/b/bacula/REPORT
[13:27] <zul> jamespage:  i would like to get all of keysone rather than testing than individual deb
[13:27] <zul> jamespage: yeah i saw want me to merge it?
[13:27] <zul> jamespage: since its a workload type merge ;)
[13:28] <jamespage> zul, I'm actually wondering whether we can just sync it....
[13:28] <zul> jamespage: ack
[13:28] <jamespage> bacula is broken in precise ATM - uploaded the fixes yesterday hence my name is against that merge
[13:28] <jamespage> sorry - upgrade to bacula in precise are broken - not fresh installs
[13:29] <zul> jamespage:  *sigh*
[13:29] <jamespage> zul, anyway - back to openstack qa
[13:29] <zul> jamespage: yes!
[13:29] <jamespage> "i would like to get all of keysone rather than testing than individual deb"
[13:29] <zul> jamespage:  try to distract me...*nngnh*
[13:29] <jamespage> not sure I understand
[13:29] <zul> well looking at the piuparts it does invidual debs unless im reading it wrong
[13:30] <jamespage> zul, you can pass it a .changes file I think
[13:30] <jamespage> that way it will test all of the debs for a given build
[13:30] <zul> jamespage: ah yes
[13:30] <zul> thats better
[13:31] <jamespage> zul, you can also select the packages as well from .changes - we would need todo that for nova
[13:31] <jamespage> nova-compute-kvm | nova-compute-lxc | nova.....
[13:32] <zul> jamespage: so i was thinking the script grabs the source, generates the changes and then runs piuparts
[13:33] <jamespage> zul, why would we not just integrate it into the upstream triggered package build process?
[13:33] <jamespage> or is that what you mean?
[13:33] <zul> jamespage thats the other option i was thinking
[13:34] <zul> yeah thats what im going to do
[13:34] <jamespage> sounds good
[13:34] <jamespage> hmm - but
[13:34] <jamespage> having something we can use for general install testing would be good
[13:34]  * jamespage goes to check with jibel that we don;t already have something
[13:34] <zul> jamespage: thats what i was thinking
[13:36] <jamespage> zul, I'd actually like to test the installability of all server related packages regularly during the dev cycle
[13:37] <zul> jamespage: so a python script that queries the packages ubuntu-server is subscribed to or just grab the seeds and just run piupart
[13:39] <jamespage> zul, +1
[13:39] <jamespage> I guess we need some way to tune each piuparts run
[13:39] <jamespage> Debian do this sort of stuff regularly
[13:40] <zul> yeah i was looking at collab-qa to see if i could find something but they use perl..*grin*
[13:46] <smb> zul, Not wanting to rush in any way. I am just not sure how well just subscribing you is really getting to your attention. Did you see my merge request for xen?
[13:46] <zul> smb: yeah ill get to it today
[13:47] <smb> zul, Oh, only if it really looks good. There are a few questions (and puzzles) for the reviewer, you know.
[13:49] <zul> smb: gee thanks :)
[13:49] <smb> zul, Always ready to entertain. :)
[13:53] <Daviey> jamespage: re-install testing.. i started doing this a couple of weeks ago.. rebuild testing, and instability of all packages in our set
[13:53] <jamespage> Daviey, marvellous
[13:53] <Daviey> jamespage: i was mainly working on the infrastructure
[13:53] <Daviey> jamespage: wasn't jenkins based.. do you feel it should be?
[13:53] <jamespage> jibel say's he'll stick it in the QA lab whenever
[13:53] <jamespage> Daviey, what is is based on?
[13:53] <Daviey> jamespage: django, celery, sbuild and piuparts :)
[13:54] <jamespage> Daviey, hmm
[13:54] <jamespage> whats the django and celery stuff used for?
[13:55] <Daviey> jamespage: the approach i went for scaled out to N nodes.
[13:55] <Daviey> jamespage: django as the datastore and viewer, celery as the job dispatcher and workers for nodes
[13:55] <jamespage> Daviey, so pretty much what jenkins does for all the other QA activity we do?
[13:55] <Daviey> uses rabbitmq for pushing out jobs
[13:56] <Daviey> jamespage: yes
[13:56] <Daviey> jamespage: if you think it should be moved to jenkins, i'd be happy with that.
[13:57] <jamespage> Daviey, I think it would make sense - mainly due to the investment we have already made in jenkins deployments to execute testing activity
[13:57] <zul> Daviey: you have a bit too much time on your hands :)
[13:57] <jamespage> we would be able to leverage the existing infrastructure and publish results alongside everything else QA related at jenkins.qa.ubuntu.com
[13:58] <Daviey> zul: this was a few weeks ago.. as a weekend hobby project.
[13:58] <jamespage> lol
[13:58] <zul> hehe
[13:58] <Daviey> jamespage: i agree.
[13:58] <jamespage> Daviey, we can scale out by using jenkins slaves so I think we get the same characteristics
[13:59] <jamespage> it will just be about setting up the jobs in the right way more than anything else
[14:00] <jibel> Hi :)
[14:01] <jamespage> Daviey, zul: I asked jibel to drop by to discuss durther
[14:01] <zul> heylo
[14:01] <jamespage> jibel: Daviey has been working on a tool todo this
[14:02] <jamespage> we where just discussing django/celery vs jenkins - but as we already do alot of jenkins in QA that seemed to make sense
[14:02] <jamespage> Daviey: what state is your work in today?
[14:03] <Daviey> jamespage: it's crap.. it was basically a POC.. I was mainly working on mimicking the buildd infrastructure.. making use of /CurrentlyBuilding etc
[14:04] <jamespage> Daviey: do we actually need to build the packages? or just test that they install from the distro itself during development?
[14:04] <Daviey> jamespage: One of the other motivations was to also have an area people can dput signed packages.. run through some validation, if passes - upload it to the archive.
[14:04] <jamespage> Daviey, actually that is quite nice
[14:04] <jamespage> we could do that with Merge Proposals as well
[14:05] <zul> i think for my use case just the installability
[14:05] <Kagee> &part
[14:05] <Daviey> yeah, that wasn't something i was thinking.. but yes, that sounds valid.
[14:05] <Daviey> zul: in your case, it's the buildability :P
[14:05] <zul> Daviey: i already have buildablitiy :P
[14:05] <jamespage> jibel: are we doing anything in QA re automate build and install testing of projects?
[14:05] <jibel> Daviey, we have this for example which seems to match your description https://wiki.ubuntu.com/QATeam/AutomatedTesting/UnityAutolandingSetup
[14:06] <jibel> it's called 'unity' put can be used for any project in bzr
[14:06]  * Daviey stabs vmbuilder
[14:06] <Daviey> vmbuilder AND pbuilder.
[14:06]  * Daviey cries
[14:06]  * LordOfTime hands Daviey a tissue
[14:07] <jibel> for package builds there is an infrastructure based on pbuilder that we uses to build and tests libreoffice for exmaple
[14:07] <Daviey> jibel: So the thing i was working on would have differing sources.list for main/universe packages.. and do the pkgmangler crap.
[14:08]  * SpamapS points at sbuild
[14:08] <SpamapS> buildd in a box :)
[14:08] <jibel> :)
[14:08] <Daviey> Yeah, i am kinda suprised pbuilder was used.
[14:08] <Daviey> sbuild even has much nicer build logs :)
[14:09] <SpamapS> and it is 3 higher in ASCII
[14:09] <SpamapS> *3*
[14:09] <SpamapS> S totally kicks P's rear
[14:09] <LordOfTime> SpamapS: is sbuild what is used on the LP PPA builders?
[14:09] <Daviey> SpamapS: P does kick S in morse IMO.. S is so boring
[14:10] <SpamapS> true
[14:10] <Daviey> LordOfTime: an old, forked version of sbuild which only does part of it.
[14:11] <SpamapS> Daviey: in semaphore tho.. P is really annoying and tiring.. while S lets you rest a bit
[14:13] <zul> bah
[14:14] <Daviey> SpamapS: inversely, P is more uniformed than S in Braille
[14:14]  * Daviey likes uniformed.
[14:14] <zul> guys focus...installation testing :)
[14:15] <robbiew> seriously bad when zul tells you to "focus"
[14:15] <robbiew> lol
[14:16] <zul> :p
[14:16] <robbiew> ;)
[14:16] <Daviey> hah
[14:18] <zul> that wouldnt hurt so much if it wasnt so true :)
[14:26] <feisar> hi, what's the name of the script that secures a mysql install?
[14:26] <feisar>  I've used it but can't remember what it was called - it's installed by default
[14:30] <Daviey> jamespage: how is https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-tomcat7 working out?
[14:31] <Daviey> zul: are you driving https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-openstack-deployment-on-arm ?
[14:31] <jamespage> Daviey, I got distracted by other things this week
[14:31] <jamespage> but it was going OK
[14:31] <zul> Daviey: yeah
[14:31] <jamespage> it WILL be done for a2
[14:31] <Daviey> smoser: any progress on https://blueprints.launchpad.net/ubuntu/+spec/servercloud-q-apt-improvements ?
[14:31] <Daviey> jamespage: super
[14:31] <jamespage> Daviey, beer all round if I don't make it
[14:32] <Daviey> jamespage: \o/
[14:34] <smoser> robbiew, ^
[14:34] <smoser> i was hoping to get robbiew to look at that today
[14:35] <robbiew> ok...I looked at it...done
[14:36] <Daviey> lol
[14:36] <robbiew> and by "done", I mean I set a priority...hard work
[14:38] <smoser> robbiew, sorry.
[14:38] <smoser> brain failure
[14:38] <smoser> rbasak, ^
[14:38] <robbiew> lol...I kinda figured that...but kept trolling
[14:39] <Daviey> hah
[14:39]  * robbiew knows the low to nothing value he now brings to blueprint evaluation
[14:41] <robbiew> ...and by the silence I see you all are in 100% agreement
[14:41] <robbiew> lol
[14:41] <Daviey> robbiew: Oh no.. you are most valuable ! :)
[14:42] <robbiew> ass
[14:43] <robbiew> Daviey: I have little kids too, you know
[14:43] <robbiew> "oh no...that's a beautiful drawing"
[14:43] <Daviey> robbiew: haha
[14:44] <Daviey> robbiew: You are also my favourite princess in the whole wide world.
[14:45] <robbiew> yeah...yeah...I got your princess alright
[14:52] <rbasak> smoser: I've been working on apt today. It's slow going because the code path is really twisted
[14:52] <rbasak> I think I've identified a place to get a PoC in
[14:52] <rbasak> So making some progress, but slowly
[14:53] <smoser> rbasak, thank you, kind sir.
[14:53] <smoser> let me know if you need anything
[14:53] <rbasak> Will do
[14:53] <rbasak> I haven't even looked at debootstrap yet. I don't see how a debootstrap patch could possibly be harder than the apt one, though :)
[14:54] <rbasak> I had to fire up eclipse to help me make sense of the apt code :-(
[15:29] <zul> jamespage: : looks sane? http://bazaar.launchpad.net/~zulcss/+junk/piuparts/revision/70
[15:42] <zul> jamespage:  did you eod on me?
[15:43] <jamespage> zul, nah - sorry - just trying to get something done before I do in 20 mins
[15:43]  * jamespage looks
[15:43] <zul> jamespage: im suggesting we use piuparts to do upgrade tests after this
[15:43] <jamespage> zul, OK
[15:44] <jamespage> I'm not sure but we may want to create tarballs or make piuparts use schroots for speed
[15:44] <jamespage> I've not used it for a while TBH so would need to grok it
[15:44] <zul> jamespage: yeah lemme worry about that :)
[15:45] <jamespage> zul, we do need to consider configuring which packages to test from changes as well
[15:45] <jamespage> it will fail for some with 'default' options is my guess
[15:45] <zul> jamesapge: for the upgrade test?
[15:49] <jamespage> zul, and for the install test as well
[15:49] <jamespage> I think
[15:49] <smb> smoser, utlemming, Just a heads up that today was a patch committed to the Quantal kernel that is replacing one we were carrying to fix an early crash on some EC2 instances with old Xen versions. Not that I would expect it but _if_ there are early crashes again, please let me know asap.
[15:49] <utlemming> smb: ack
[15:50] <utlemming> smb: has that landed in the archives yet?
[15:50] <smb> utlemming, No it just went into git today
[15:50] <utlemming> smb: okay, I'll be sure to beat up the quantal build from Sunday night
[15:53] <smb> utlemming, I am not sure when exactly the next upload happens. The changelog for it would have "UBUNTU: SAUCE: Mask CR4 writes on older Xen hypervisors" in it
[16:04] <koolhead17> hi all
[16:06] <RoyK> hi
[16:39] <zul> smb: whats the bug number for the xen merge again?
[18:13] <hallyn> jdstrand: I'm (so far) holding up the qemu-kvm 1.1 push bc it mysteriously makes libvirt qrt fail.  But it fails having a test user do virsh define (at line 1841), but when i manualy do sudo -H -u tUQmyVnL virsh define /tmp/bad.
[18:13] <hallyn> xml I succeed
[18:13] <hallyn> does this ring a bell at all?
[18:13] <hallyn> /dev/kvm is root:kvm...
[18:15] <jdstrand> hallyn: not otoh. might check the libvirt groups in /etc/libvirt/qemu.conf
[18:16] <hallyn> jdstrand: same libvirt with quantal's qemu-kvm (1.0) has no errors
[18:16] <jdstrand> hmm
[18:16] <hallyn> i just can't imagine what's different
[18:18] <jdstrand> did you try the complicated "su -c 'sudo -H -u <user> -c <uri> define <xml>'"
[18:18] <hallyn> heh, only the sudo part
[18:18] <jdstrand> that is what the script is doing for I don't remember what reason
[18:19] <jdstrand> I can say it was intentional
[18:19] <hallyn> what does '-H' to su do i wonder?  it's not int he man page
[18:19] <hallyn> oh.  nm
[18:19] <jdstrand> sets HOME
[18:19] <hallyn> i was thinking that was part of the su command
[18:20] <hallyn> still succeeds
[18:20] <hallyn> (except i'm not giving the uri)
[18:32] <smoser> ok. i feel stupid.
[18:32] <smoser> $ echo "ls /tmp >/tmp/log 2>&1" | atq
[18:32] <smoser> 2	Fri Jun 15 15:15:00 2012 a smoser
[18:33] <smoser> er...
[18:33] <smoser> echo "ls /tmp >/tmp/log 2>&1" | at 00:00
[18:33] <smoser> $ atq
[18:33] <smoser> 2	Fri Jun 15 15:15:00 2012 a smoser
[18:33] <smoser> how can i later see what is actually *in* job 2 ?
[18:34] <smoser> its a file in /var/spool/cron/atjobs/ , but as a normal user, i can't even list that directory (or view the file explicitly)
[18:35] <greppy> ls /tmp 2>&1 > /tmp/tmp.txt
[18:35] <smoser> greppy, it was just an example of a command.
[18:35] <smoser> i want to see "details" about my atq
[18:36] <greppy> smoser: ah, sorry, I thought you were trying to get the contents into the file :)
[18:36]  * greppy should go to sleep.
[18:44] <zul> smoser: what do you mean by details?
[18:46] <smoser> zul, after i've ran:
[18:46] <smoser>  echo "echo hi mom" | at 00:00
[18:46] <smoser> how do i see that the job it created (say job '2')
[18:47] <smoser> how do i see the content of that 'job 2'
[18:47] <smoser> i forgot that i said "hi mom" and want to remember
[18:47] <smoser> if i'm root, i can cat that file
[18:47] <zul> smoser: ah....i have no idea
[18:54] <leojrfs> what did change in samba or samba default conf? i cant get clients to login
[18:55] <leojrfs> security is set to user
[18:55] <leojrfs> but no login required for the clients
[18:55] <leojrfs> im using 12.04
[19:15] <hallyn> jdstrand: yeah, i know have test-libvirt.py print out the command it tried and failed to do, then sleep 1000 seconds; then i try it by hand, and it succeeds.
[19:18] <jdstrand> only thing I can think of is there is a race of some sort or it is terminal related
[19:25] <TheLordOfTime> any idea if php 5.4.x will be included in quantal?
[19:34] <blendedbychris> what's the proper way to add a apt source? It's not a ppa… i noticed there is a sources.list.d should i put it there?
[19:34] <guntbert> blendedbychris: what are you trying to add?
[19:35] <blendedbychris> http://projects.puppetlabs.com/projects/1/wiki/Puppet_Ubuntu
[19:35] <blendedbychris> but it seems that's actually might be a ppa
[19:36] <blendedbychris> ah no nm ya apt.puppetlabs.com ?
[19:37] <blendedbychris> guntbert: ?
[19:37] <guntbert> blendedbychris: just sudo apt-get install puppetmaster
[19:37] <guntbert> it is in the repos
[19:37] <blendedbychris> guntbert: i need 2.7.16 or whatever
[19:38] <blendedbychris> because my lucid client is 2.7.16 it's a bitch
[19:38] <guntbert> !info puppetmaster
[20:05] <hallyn> jdstrand: your hunch about a race was right.  when I add a time.sleep(2) before the virsh define, it passes
[20:06] <jdstrand> huh, weird
[20:06] <hallyn> leaving just 3 failures, maybe all stemming from some difference in shutoff behavior
[20:07] <hallyn> (test-qemu all passes, btw;  i really did not expect test-libvirt failures)
[20:26] <gary_poster> hallyn, do you happen to know any reason why we could not start a relatively large number (we see this with approx >7 on a 16 core hyperthreaded machine) of lxc instances at once, and expect them to all be initialized, if io is not an issue (these are ephemeral instances, so disk is RAM)?  We're investigating, but wanted to make sure you didn't already know the answer :-)
[20:26] <gary_poster> sorry, expect them all to be initialized within a minute or so
[20:27] <gary_poster> cpu is not an issue according to load averages and vmstat
[20:27] <hallyn> jdstrand: fooi, but next time it died there again.  (error: unknown OS type hvm)
[20:27] <gary_poster> and neither is memory
[20:27] <gary_poster> or io
[20:27] <gary_poster> well, memory might be an issue if we are running into some bus issue I guess, but that seems unlikely
[20:27] <hallyn> gary_poster: not really
[20:28] <hallyn> are they all ubuntu containers, precise or above?
[20:28] <hallyn> if not, it could be udev storm
[20:28] <gary_poster> hallyn, lucid containers
[20:28] <hallyn> could be udev storm.  try precise ones and see if they do better (for confirmation)
[20:28] <gary_poster> ah, ok hallyn.  where would we look for an indication of that?
[20:28] <gary_poster> ph ok
[20:28] <gary_poster> oh ok
[20:28] <hallyn> syslog on the host should be overflowing
[20:28] <gary_poster> it is not really
[20:29] <gary_poster> just dnsmasq stuff
[20:29] <gary_poster> seems relatively normal stuff
[20:29] <hallyn> maybe /var/log/udev.log?
[20:29] <hallyn> /var/log/udev that is
[20:32] <gary_poster> hallyn that is there.  It's just over 7000 lines and as far as we know nothing has happened since about 22 seconds since boot time ("UDEV [21.996436] add ... sda1
[20:32] <gary_poster> ")
[20:38] <rwb> Hi, I'm using Ubuntu 10.04LTS and everything is up to date, however, my squirrelmail program is at version 1.4.2  I would like to upgrade past 1.5.  Is there a way I can trick apt-get in order to get a newer version?  I don't want to manually install this.  I want to keep using apt-get...
[20:39] <hallyn> gary_poster: how exactly are they failing?  do they come up badly, or just not come up?
[20:40] <hallyn> gary_poster: it's possible there is something funky with overlayfs
[20:40] <hallyn> could you clone 8 containers and start them all at once, and see if *that* succeeds?
[20:41] <gary_poster> hallyn, they come up slowly.  So, the first 7 or so on this 32 core machine come up within, say, 10 or 20 seconds; then after about 2 or 3 minutes, the other 9 (in the case of 16) will come up within about 10 seconds of one another
[20:41] <gary_poster> you can see this in the syslog from dnsmasq logs
[20:41] <gary_poster> as well as from user experience
[20:42] <hallyn> hm, 2 mins.  you're sure dnmasq isn't dying and restarting, and then containers continue?
[20:42] <Daviey> hallyn: I can't remember what you said before, but are you handling the ipxe merge?
[20:42] <hallyn> Daviey: the ipxe merge is as done as it's going to be
[20:42] <gary_poster> hallyn no, we're not sure, we are only going by the syslog
[20:43] <gary_poster> so you think we ought to get the pid of dnsmasq before and after maybe, ok
[20:43] <hallyn> gary_poster: ok, i don't have any brilliant ideas.  if you'd like pls feel free to open a bug with the script and i'll try to reproduce
[20:43] <Daviey> hallyn: we don't want, http://pb.daviey.com/X1bV/ ?
[20:43] <gary_poster> ack hallyn thank you.  We'll try the lxc-clone test and the dnsmasq pid test and a few other things and then file the bug with the details.  thanks again
[20:44] <hallyn> Daviey: i'd say ask lynxman about those
[20:44] <Daviey> hallyn: ok, thanks
[20:44] <hallyn> Daviey: we have our own version of 'disable banner timeout' which was what we wanted most
[20:45] <hallyn> Daviey: if there is more we want, we'll cherrypick, but we don't want to merge from debian, and given that ipxe is currently working, we don't want to grab latest upstream (and have it break).  it's volatile stuff
[20:45] <hallyn> Daviey: btw i'm open to arguments about that, those are just the conclusions we came to when lynxman and i talked about it
[20:47] <nathwill> rwb, squirrelmail 1.4.2 is stable version, even in precise. even from the squirrelmail project download page...
[20:48] <rwb> Yea, but I was over talking on the SM chat, and they are saying it is WAY out of date.
[20:49] <rwb> I am basically having problems with the gpg plugin...
[20:49] <rwb> I guess I will just wait it out...
[20:52] <Daviey> hallyn: no, i'm happy with that.. just wanted to check in, making sure it was considered :)
[20:53] <Daviey> hallyn: whilst i have you... what would you think about making libvirt default to providing a qemu/kvm watchdog?
[20:58] <hallyn> hm
[21:00] <hallyn> Daviey: not sure how we would do that by default,a s it's usually specified in xml
[21:01] <hallyn> Daviey: unless it's already possible (which i don't think it is), we'd then have to check whether the xml already specifies one, and if not, then specify a watchdog model
[21:01] <Daviey> hallyn: right, got that.. but can you see issues with using xml to 'opt out'?
[21:01] <hallyn> how would xml opt out?
[21:01] <hallyn> Daviey: I see no downsides
[21:01] <hallyn> if the guest doesn't want to use it it doesn't ahve to use it
[21:02] <Daviey> model='' i assumed
[21:02] <hallyn> (guest kernel, that is)
[21:02] <hallyn> Daviey: apart from potential ugliness in impelmentation, i'm certainly fine with it and see no problems
[21:02] <Daviey> hallyn: thanks
[21:02] <hallyn> Daviey: going to opena  bug?
[21:03] <Daviey> hallyn: i'll dig into viability first.
[21:03] <hallyn> Daviey: while *i* still have *you*, woudl you sai it's early enough in q cycle still to upload qemu-kvm-1.1 even though it seems to do something to libvirt testcases?
[21:03] <hallyn> it *runs* fine.  i have no idea what the problemis.  but there's a problem.
[21:03] <Daviey> hallyn: most certainly early enough.. i assume you've done some local testing :)
[21:04] <hallyn> yeah, it works perfectly for me :)
[21:04] <Daviey> ah, libvirt fails against it?
[21:04] <hallyn> nope
[21:04] <hallyn> libvirt qa-regression-test fails against it
[21:04] <hallyn> but doing it all by hand, it works
[21:04] <hallyn> *magic*
[21:04] <Daviey> how odd :/
[21:05] <Daviey> hallyn: maybe speak with zul/adam_g about trying it in the openstack-ci lab first, if you want it exercised ?
[21:05] <hallyn> Daviey: good idea, thanks
[21:05] <hallyn> (in that case i'll first upload one tweak to ppa)
[21:07] <hallyn> zul: adam_g: is it possible, no, easy, to run the openstack-ci lab with a qemu-kvm from ppa (ppa:serge-hallyn/virt) ?
[21:14] <hattorihanzo> hey, i just brought up 2x 12.04 box's
[21:15] <hallyn> stgraber: for the lxc 'start' hook, do you think we should (a) expect the user to specify a script that exists in the container, or (b) copy the script into the container, run it, then delete it ?
[21:15] <hattorihanzo> 1 box, easy_install pyzmq fails
[21:15] <hattorihanzo> or just easy_install itself
[21:16] <hallyn> (that detail aside, pre-start, mount, and post-stop hooks are working.  as is aid, the other stop hooks may not be possible, due to the way reboot/shtudown worksin the kernel for containers)
[21:16] <stgraber> hallyn: OpenVZ does the later (or at least something that gives a similar behavior), so I think we should go for b)
[21:17] <hallyn> heh, drat
[21:17] <hallyn> ok
[21:21] <stgraber> hallyn: would have to look at exactly how OpenVZ does it, but I wouldn't be surprised if they were opening the script before the chroot, then reading it and piping it to bash after the chroot() call. Avoiding the need to copy it (and the risk of the rootfs being read-only)
[21:23] <hallyn> stgraber: how bad would it be to just run it out of mnt.put_old after pivot_root but before the umounts of mnt.put_old :)
[21:24] <hallyn> stgraber: if what you say is true, and we follow that, then we'd be tying ourselves to bash scripts
[21:24] <hallyn> no python, go, or c
[21:25] <hallyn> dare i say it - not even haskell!
[21:25] <stgraber> hmm, indeed and that'd be a bit annoying
[21:25] <hallyn> course, some of that may not work due to missing libs either
[21:25] <hallyn> so maybe a simple script is the best
[21:26] <hattorihanzo> how can i have apt force a reinstall of python-setuptools
[21:27] <stgraber> hallyn: I'm sure that if we restrict to only bash, people will be complaining (that and we can't guarantee that bash or even /bin/sh will always be there...)
[21:28] <hallyn> stgraber: at the same time, i'm sure we'll have problems with users having incompatible libc bc they're specifying a program that's compiled on the host and in different distro/release in container
[21:28] <hallyn> maybe for my POC patch i'll just say the script/program must be installed in the container
[21:28] <hallyn> in a way it's the most sensible
[21:29] <hallyn> (waiting for you to argue :)
[21:29] <stgraber> well, I'd just argue that it'd be good to do it like OpenVZ did and changing behaviour later on will break everything, so it'd be best to do it "right" from the start
[21:30] <stgraber> if we require for it to be in the container, there isn't much difference between that and an init script
[21:30] <hallyn> i argue with 'like openvz did it' being 'right' by definition :)
[21:30] <hallyn> i agree, which is why i 'm not sure we need that hook :)
[21:30] <hallyn> but,
[21:30] <stgraber> that's why I wrote it "right" ;)
[21:30] <hallyn> the biggest difference is that this will run before init starts
[21:30] <hallyn> could be valueable still
[21:30] <hallyn> like an initramfs
[21:31] <stgraber> hmm, one quick question on the subject, what will happen in that pid namespace, as init won't be exec() from that start script, will it still get pid 1?
[21:31] <SpamapS> somebody who is an admin of the ubuntu-server team please add mysql-5.5 to the bug subscriptions
[21:32] <hallyn> stgraber: i think so
[21:32] <SpamapS> we are not triaging at all there
[21:32] <SpamapS> very bad
[21:32] <SpamapS> just noticed all the NEW bugs
[21:32] <hallyn> Daviey: ^
[21:32] <TheLordOfTime> SpamapS:  any idea on php 5.4 and when it'll be included into Ubuntu?
[21:32] <TheLordOfTime> (Quantal)
[21:32] <TheLordOfTime> last i checked its in Debian
[21:35] <hallyn> stgraber: just tried it, i was pid 5
[21:36] <hattorihanzo> whats the best way to reinstall python2.7? the dist-packages are broken one 1 of my boxes
[21:36] <RoyK> apt-get purge?
[21:36] <hallyn> stgraber: ok there are enough questions there it's probably worth asking on m-l
[21:37] <stgraber> hallyn: sounds good
[21:39] <hattorihanzo> python_debian-0.1.21ubuntu1.egg-info/top_level.txt/top_level.txt/top_level.txt
[21:40] <hattorihanzo> the hell python
[21:45] <stgraber> hallyn: the binding is 90% done, I have everything working, except for the arguments of start(). I'll need to write some magic to convert them all to chars, build an array of char pointers and pass that to start()
[21:48] <hallyn> stgraber: why not just support startl() only?
[21:48] <hallyn> startl pretty much only exists to make the python stuff easier
[21:49] <stgraber> hallyn: well, I still need to convert everything to char* before sending them to startl :(
[21:50] <stgraber> (and that's the tricky part, becaus of all the references and Unicode => Bytes => char* conversion...)
[21:53] <hallyn> oh i see.  got it
[21:58] <taipres> what's the deal with the mysql exploit
[21:58] <taipres> has ubuntu released patched version yet?
[21:58] <taipres> am using 11.04
[21:59] <TheLordOfTime> taipres:  which exploit?
[22:08] <erichammond> I wish rsync had an option to transfer the most recently modified files first.  Or a way of giving me the list of files that it's going to update and let me order them.
[22:22] <taipres> @Time its the one that lets you get pass the login after certain number of trys
[22:22] <taipres> some memcpy sse bug or somthing
[22:23] <taipres> Flaw Grants Access to 900,000 Servers By Guessing Username A flaw in MySQL and MariaDB
[22:23] <taipres> A flaw in MySQL and MariaDB databases allows someone to merely guess a username and be granted access to 900,000 Internet connected servers while able to attempt logging in 256 times. MySQL and MariaDB databases both assign an SHA-encrypted token to every user who logs in to the server so users only have to log in at the beginning of the session, not every time they send a request to
[22:23] <taipres> the database. This flaw is due to an error when comparing the token to the expected value. Some editions of the database can not tell if the login is authentic or not, assumes that it is, and allows users access whether the password is correct or not.
[22:30] <TheLordOfTime> taipres:  i meant a link to the thing, and a link to the CVE
[22:30] <TheLordOfTime> (such a vulnerability must have a CVE)
[22:31] <jdstrand> thatwas fixed in http://www.ubuntu.com/usn/usn-1467-1/
[22:34] <TheLordOfTime> http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-2122.html  <-- yep
[22:34] <TheLordOfTime> oh quiet you
[22:34] <TheLordOfTime> did i mention how much i hate the bots that do that?
[22:34] <TheLordOfTime> even in -hardened :/
[22:35] <TheLordOfTime> for -bugs, its useful
[22:35] <TheLordOfTime> for -* its not as useful