/srv/irclogs.ubuntu.com/2012/06/19/#ubuntu-server.txt

=== niemeyer_ is now known as niemeyer
uvirtbot	New bug: #1001725 in clamav (main) "(could not find var/log/clamav DIR to create file in; did not autocreate directory) package clamav-daemon 0.97.3+dfsg-1ubuntu0.11.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [High,New] https://launchpad.net/bugs/1001725	01:11
frank_	Buenas alguien me pueden ayudar	01:13
uvirtbot	New bug: #1014916 in lxc (universe) "simultaneously started lucid containers pause while starting after the first seven" [Undecided,New] https://launchpad.net/bugs/1014916	01:41
lifeless	smoser: around?	01:57
hecsa	Hi! Does somebody know something about bind9 troubleshooting?	04:58
twb	hecsa: what is the real question	04:59
hecsa	Hi twb! I'm having some strange issue in an Ubuntu server 10.04 starting some days ago...	05:00
hecsa	It is the internal dns server, which has my other machines declared in my bind9 files	05:00
pehden	ok any one want to help me with ubuntu server with postfix/dovecot/ using mysql based accounts, via ispconfig3	05:01
pehden	ok any one want to help me with ubuntu server with postfix/dovecot/ using mysql based accounts, via ispconfig3 server 12.04	05:01
hecsa	yesterday something strange started to happen...I can ping all the machines using their IPs	05:01
twb	pehden: sorry, I don't support WHCPs	05:01
hecsa	but when using dns names, it does NOT loose any package, but takes too long to answer	05:01
pehden	whcp?	05:01
twb	pehden: web hosting control panel	05:02
twb	pehden: ispconfig, webmin, cpanel, etc	05:02
hecsa	I took a look into /var/log/daemon.log	05:02
pehden	i dont need help on that part, its the config files theres somthing wrong there	05:02
twb	hecsa: IP packets are still called "packets" in English, not "packages"	05:02
hecsa	hehe...sorry!	05:02
pehden	wierd thing im able to log into the aemail account but cant send email from my accont and server is rejecting all incoming mail	05:03
hecsa	sometimes I translate from Spanish to English the wrong way	05:03
twb	hecsa: no problem	05:03
twb	hecsa: I tell you so you know, not because I am angry or anything	05:04
hecsa	well...the daemon.log file has something like this:	05:04
pehden	wow im now getting : Relay access denied	05:04
pehden	Transaction failed	05:04
pehden	554 5.7.1	05:04
pehden	thats more then i was before	05:04
hecsa	named[2345]: client 10.1.4.40#58694: update 'pirulo.com.ar/IN' denied	05:04
hecsa	BUT 10.1.4.40 is my bind9 server	05:05
hecsa	this is what confuses me	05:05
twb	hecsa: have you hooked bind up to your DHCP daemon?	05:05
hecsa	not that I know	05:06
twb	pehden: so probably it thinks the sender is not in mynetworks and is not authenticated, and is (correctly) refusing to be an open relay	05:06
pehden	ok that points me in the right area, ill loook at that for a min twb	05:06
hecsa	this machine is a dhcp server too...	05:07
twb	pehden: oh obviously it's not an open relay if the mail is destined for a domain postfix handles itself	05:09
hecsa	I don't know if this has or hasn't something to do with the troubles I'm experiencing when pinging my machines using IPs vs DNS names	05:09
twb	hecsa: so the symptoms are that local host names do not resolve anymore?	05:09
pehden	i kow right, the wierd thing is it should still be able to send an email from itself to itself right	05:09
hecsa	they resolve instantly, but take a long time to answer when pinging if I use dns names	05:10
twb	pehden: that depends	05:10
hecsa	I loose no packet (I said packet ;-) )	05:10
hecsa	but the answer time is 1 vs 10	05:10
pehden	email@mydomain.com to email@mydomain.com	05:10
pehden	should send	05:10
twb	pehden: use postconf to compare your current main.cf to the default main.cf and see what is there and what is missing	05:10
twb	diff -U0 <(postconf -d) <(postconf)	05:11
pehden	ok will do that	05:11
hecsa	the ping issue happens when trying to access a web server too if I use dns names. If I use IP address, everything works perfectly	05:11
twb	Or -U999 to see everything	05:11
twb	(There will be a handful of differences that are Ubuntu defaults which you don't need to worry about, e.g. default mailbox size)	05:12
twb	*size cap	05:12
twb	hecsa: are you testing this on 10.1.4.40 itself?	05:12
twb	hecsa: what is in resolv.conf on the test host?	05:12
hecsa	twb: I have domain pirulo.com.ar	05:13
twb	hecsa: on 10.1.4.40, try "dig @127.0.0.1 foo.pirulo.com.ar". In particular, see if it responds quickly or takes a while.	05:13
hecsa	twb: search pirulo.com.ar	05:13
hecsa	twb: instantly	05:14
twb	OK. Now try "dig @10.1.4.40 foo.pirulo.com.au" on the host you were having slow ping from	05:14
twb	We are testing to see if this is slowness in DNS or elsewhere	05:14
hecsa	twb: instantly too	05:15
twb	OK, now try "getent hosts foo.pirulo.com.ar" on that host	05:15
hecsa	twb: I tried something with nslookup	05:15
hecsa	twb: that host = the dns server?	05:16
twb	hecsa: well on the slow-ping host, but it is interesting on any host if dig is fast but getent is slow	05:16
twb	Note that by foo.pirulo.com.ar I mean you should be testing with a real hostname at your site	05:17
hecsa	twb: no output...is this normal?	05:17
pehden	crazy i went to reset the install for ispconfig and there is an update so one moment	05:17
pehden	lol	05:17
hecsa	twb: I wrote it wrong...sorry...it answer instantly	05:18
hecsa	twb: it answers instantly	05:19
hecsa	twb: when I ping using dns names, it resolves them instantly, but the answer time is driving me crazy	05:20
twb	It makes no sense that if foo.pirulo.com.ar = 1.2.3.4, pinging foo.pirulo.com.ar is slower than pinging 1.2.3.4	05:20
twb	Except if DNS was slow, and we have shown that it is not	05:20
hecsa	twb: and something strange too is that when I try to cancel the ping with Ctrl-C it takes a lot of time to give me the prompt back...as if it is waiting for somthing to timeout	05:21
twb	hecsa: hm, then perhaps your system is under very heavy load?	05:21
hecsa	twb: that's right! I'm very confused with this...	05:21
twb	Look at e.g. free -m, to see if you are using a lot of swap. Look at top, to see if all the CPU is used. Look at iostat to see if the disks are using lots of I/O	05:21
hecsa	twb: I monitored it too...it's 99.5% free with top. I try¿ied iotop too, and there is no overloaded disk	05:22
twb	Also if you are in the same building you might be able to listen to it or see it doing the washing machine dance	05:22
hecsa	twb: hahaha...now there is nobody here...only me and my dns...and this machine is really free of load	05:23
twb	hecsa: sorry but I am out of ideas	05:24
hecsa	twb: don't worry, thanks a lot for taking your time to answer	05:25
hecsa	twb: I'll continue digging into this, let's see if there is something else	05:25
twb	If you find it, and it is interesting, come back and let me know what it was	05:26
hecsa	twb: sure I will! Thanks again!	05:26
pehden	um twb postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1	05:29
pehden	/usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1	05:29
twb	pehden: so fix that	05:30
pehden	where do i start lol	05:30
twb	Well who wrote that file?	05:30
twb	My bet is it was ispconfig and ispconfig has fucked it up. Which is why I originally said: I don't do WHCPs	05:30
pehden	right	05:30
twb	I don't know offhand how to fix it.	05:31
twb	If I were you I'd probably talk to #postfix	05:31
twb	It's probably a variable that has a different name in the version of postfix you have, to the version ispconfig assumes	05:31
pehden	im looking at the .conf right now for them to see	05:32
pehden	#postfix	05:33
pehden	um looking in postfix now it shows mynetworks = 127.0.0.0/8 [::1]/128	05:35
pehden	hmm let me test it now	05:36
pehden	http://pastebin.com/MtHyB0VG	05:39
pehden	there was a typo	05:47
pehden	thats fixed now i cant log in	05:47
pehden	to my email	05:47
pehden	whats the netstat to see listening ports only	06:28
=== zyga-afk is now known as zyga
soren	pehden: -l (1.4 seconds looking at netstat's man page would have told you that, too)	07:03
Nafallo	wait. use netstat when we have ss? I'm confused.	07:05
twb	Because ss has stupid spacing behaviour in its output	07:07
twb	So if you have a 200-line terminal, and three columns that are like 8 characters wide, you end up with them separated by like 80 columns of whitespace	07:08
th0mz	ehlo	07:09
soren	twb: Exactly. Piping it through cat helps, though.	07:09
twb	Also I recall it excludes some results in certain circumstances that are easy to forget about	07:10
twb	I can't remember the details	07:11
twb	soren: yeah I do that, but it's a pain in the arse to have to do so	07:11
soren	Indeed.	07:11
soren	I always go back to netstat.	07:11
pehden	i tried -l but i didnt see it the way i wanted, soren	07:13
pehden	-ln is as close as i can get from what it looks like but there is still extra junk below	07:16
twb	ss -nlp \| cat	07:17
pehden	i use watch -c .1 netstat -ln	07:17
soren	pehden: You should have mentioned that instead of wasting other people's tie.	07:19
pehden	im sorry i was waiting for a responce then didnt notice i had one	07:19
soren	pehden: I'm talking about your initial question.	07:20
soren	pehden: If you've already tried the obvious solution and it doesn't do what you want it to, say so instead of having to go through this useless bit of back and forth.	07:20
pehden	for some reason my imap isnt running	07:20
pehden	i was assuming it was part of postfix. but is that dovecot instead	07:21
soren	dovecot does imap, yes.	07:21
soren	And postfix does not.	07:21
soren	If you don't want the unix sockets at the end, use -lntu.	07:22
twb	soren: may be my fault for getting him fixated on postfix	07:22
pehden	ok i was a bit confused, i have been trying to get this part of my server running the way i want for months	07:22
pehden	ok thankts i will keep that saved	07:22
twb	IMO the real problem is his WHCP	07:23
pehden	it has worked before i upgraded to 12.04	07:23
soren	Don't waste brain matter memorizing stuff like that. Just understand that you (apparently) only want tcp and udp sockets. That's -t and -u, respectively.	07:23
soren	twb: whcp?	07:24
twb	Sigh	07:24
twb	ispconfig	07:24
twb	whcp = web hosting control panel. /me pines for dpkg bot instead of ubottu :-/	07:24
twb	I have an -l1 -n3 md raid array. I have a fourth disk plugged in. I want to add it as a spare (not active) node in the array.	07:26
twb	What's the right way to do this?	07:26
pehden	im hosting sites, and i use one of them for my email, but due to the last upgrade the email servers have been unavailable. i have been dealing with many errors.	07:26
pehden	so far im the closest yet thanks to twb	07:27
twb	I'm still looking through the manpage	07:27
pehden	are you familier with dovecot?	07:28
pehden	i can pastebin my config	07:28
twb	pehden: dovecot config is not very interesting.	07:28
pehden	i think i see another typo	07:29
pehden	ssl_cert = </etc/postfix/smtpd.cert	07:29
pehden	ssl_key = </etc/postfix/smtpd.key	07:29
pehden	is the < supposed to be there	07:29
twb	pehden: yes	07:30
soren	twb: Isn't that just -a /dev/whatever?	07:30
twb	soren: that adds it as an active node	07:31
twb	At least it did just now when I removed the dead disk and added the first (or two) new ones.	07:31
soren	twb: Why?	07:31
soren	twb: Oh.	07:31
twb	Maybe add is smart enough to make it active if there is a slot for an active one, and a spare if there isn't?	07:31
soren	twb: Right, ok. Yes, in that case it'll probably try to reach the same number of replicas as it was created with.	07:31
twb	Otherwise I am guessing I need something like mdadm /dev/md0 --grow --spare-devices=1 ?	07:31
soren	twb: Yeah.	07:31
twb	I'll try just -a'ing it -- worst case is it'll be active and I can remove it again	07:32
twb	It made it active :-/	07:32
soren	twb: In reality, it's added as a hot-spare, but immediately turned into an active node, because there's a disk missing.	07:32
twb	Oops, no it didn't. I can't read	07:32
twb	-a did the right thing -- http://paste.debian.net/175207/	07:33
twb	soren: thanks	07:33
soren	twb: Sure thing.	07:33
pehden	where would dovcot logs be, there not in /var/log	07:44
=== fenris is now known as Guest13007
glance	Hi. I would like to automaticly coordinate reboots of cluster-machines. Eg. In a cluster of machines, no two machines may reboot at the same time. If both would like to reboot, eg. after a kernel update, One need to complete its reboot before the other one is allowed to start theres. Anyone bin poking around with this type of stuff before?	09:02
ikonia	glance: no idea how you could manage that outside of manually managing the machines	09:03
glance	I have some ideas about distributed databases with locks, but that feels just like a whole heap of troubble =)	09:04
glance	And, i like my systems to be as hands-off as posible.	09:05
ikonia	I can see possible ways of doing it, but as you say it's going to be a massive overkill	09:06
glance	I just thought that someone else might have thought about this before =)	09:06
ikonia	managing clusters (in my view) will always need some form of manual work needed	09:07
uvirtbot	New bug: #1015058 in dovecot (main) "package dovecot-ldap 1:2.0.19-0ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1015058	10:35
=== railsraider_ is now known as railsraider
=== railsraider__ is now known as railsraider
uvirtbot	New bug: #1015041 in ntp (main) "Conflict between NTP and NTPDATE " [Undecided,New] https://launchpad.net/bugs/1015041	11:58
hallyn	lynxman: hey, did you have any opinion on bug 1014005 ? i don't know enough about the various different rom s to know whether we care enough to say no	12:43
uvirtbot	Launchpad bug 1014005 in ipxe "Please generate and include ipxe.dsk to the ipxe binary package" [Wishlist,Triaged] https://launchpad.net/bugs/1014005	12:43
lynxman	hallyn: oh let me have a look	12:43
lynxman	hallyn: well it's definitely wishlist, wouldn't it be extremely hard to do I reckon	12:44
hallyn	would there be any reason not to?	12:44
uvirtbot	New bug: #1015104 in samba (main) "package winbind 2:3.6.3-2ubuntu2.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1015104	12:46
lynxman	hallyn: hmm not really, unless its broken somehow (could be)	12:46
zul	good morning	12:53
zul	how do i configure grub	12:53
hallyn	lynxman: thanks	13:01
lynxman	zul: :)	13:05
=== hito_jp0 is now known as hito_jp
hallyn	gary_poster: hey, for the 8+ lucid containers, have you tried running that on something cheaper like m1.xlarge, and it wasn't enough? (just wondering)	13:25
hallyn	(just wondering whether i can save a few bucks :)	13:25
hallyn	gary_poster: and if not, which ami did yo use with the cc2.8xlarge?	13:32
koolhead17	Daviey, ping	13:39
=== niemeyer_ is now known as niemeyer
=== zyga is now known as zyga-afk
hazmat	hallyn, ping	13:48
hallyn	hazmat: .	13:50
hazmat	hallyn, greetings, and thank you.. i wanted to ask about the ramifications of unconfined containers and arbitrary package selection causing problems on the host	13:50
hazmat	hallyn, the most common use case we use lxc for is basically for people to install on their primary desktop/laptop.. and then their installing and developing charms against fairly random packages.. the scenario i want to avoid is ofc toasting the host.	13:51
hazmat	ie. not so much malicious escape, but inadvertant perm changes to the host	13:52
hazmat	it wasn't clear to me to what extent the aa profile is helping against that	13:52
hazmat	its mostly just functional denial and afaics this is one of the few times we've come up against it directly	13:53
hallyn	hazmat: well the aa policy does prevent against accidents, but we used lxc for years without aa without worrying too much, or too manya ccidents	13:55
stgraber	hallyn: reading your e-mail now (one of these days where I need over an hour to catch up on feeds/e-mails/irc backlog/...)	13:55
hallyn	so i don't expect anyone to lose data or their host	13:55
hallyn	hazmat: there are still other protections, like the devices cgroup	13:55
hazmat	hallyn, what sort of ops would entail accidents that AA might prevent?	13:56
hallyn	echo b > /proc/sysrq-trigger	13:56
hallyn	playing with binfmt-misc module params	13:56
hallyn	(installing some qemu packages)	13:56
gary_poster	hallyn, I use the big machine because that's what we need for our own tests now, so it's easy. We saw it on the 4 core hyperthreaded machine I think, but not sure. I can try to replicate it there too. AMI: juju handles that for me, but I had some notes on what API to use from before; lemme see if I can figure it out really quickly	13:57
hallyn	hazmat: is this what my writing a custom apparmor profile for will help a bit?	13:58
hallyn	hazmat: in any case, i dont' think you need to not use lxc just bc you have to disable apparmor	13:58
hazmat	hallyn, definitely, i'm just trying to eval if we put this fix in on the short term	13:58
hazmat	re custom profile	13:58
hazmat	shared fs are going to be a common thing for setting up app charm stacks via lxc	13:59
gary_poster	hallyn, here are somewhat old instructions on getting an AMI for the big machine: http://pastebin.ubuntu.com/1049152/	14:00
hallyn	hazmat: you can share with bind mounts?	14:00
hallyn	gary_poster: thanks	14:01
hazmat	hallyn, i think given the current state of juju local provider, which is isn't great, its probably better for us to leave off on disabling aa for a few weeks till the next upload..	14:01
gary_poster	welcome. thank you for looking at it. you want me to try the 4 core/8 hyperthreaded machine and see how to dupe? Happy to if it helps.	14:02
hazmat	hallyn, the goal is that they take what they've done locally and deploy it to public cloud or bare metal without changes.. bind mounts don't really help	14:02
stgraber	hazmat: so far I've been recommeding users to copy the default apparmor profile and add the required overrides in there, though anything that is known to be "safe" should find its way into the main profile	14:02
=== guampa is now known as Guest59391
hallyn	hazmat: makes sense, thx	14:02
stgraber	hazmat: you should also be able to make these mounts from lxc's fstab instead of the fstab inside the container, that'll bypass apparmor	14:03
hallyn	stgraber: (this is re the email last night) we just need to provide them with custom rules, and they can have juju always add those	14:03
hazmat	hallyn, stgraber that sounds good re custom profile	14:03
hallyn	ok i need to go for a bit, bbl	14:04
hazmat	hallyn, thanks	14:04
hazmat	stgraber, we don't actually know per se what the mounts are when we allocate the container	14:04
stgraber	hazmat: right, but the mounts can be allowed per fstype, and if that fstype is "safe" we can even allow it in our default profile	14:05
stgraber	hazmat: (the definition of "safe" being whether the container can bypass apparmor restrictions by mounting it)	14:05
=== guampa_ is now known as guampa
stgraber	hazmat: in your case, you may want to:	14:06
hazmat	stgraber, ic what would that look like	14:06
stgraber	1) cp /etc/apparmor.d/lxc-default /etc/apparmor.d/lxc-default-with-glusterfs	14:07
stgraber	2) edit /etc/apparmor.d/lxc-default-with-glusterfs	14:07
Daviey	koolhead17: hey	14:07
stgraber	- change the profile name at the beginning of the file	14:07
stgraber	- add "mount fstype=glusterffs," to the content	14:07
stgraber	3) /etc/init.d/apparmor reload	14:07
stgraber	4) edit your containe config to use lxc.aa_profile = <profile name you put at the beginning of the new file>	14:08
stgraber	hazmat: the problem being that you then need to keep our main profile and your alternative profile in sync somehow. I suppose you could script the generation of your profile or simply get us to merge your changes in the main one (we can even SRU these)	14:09
hazmat	stgraber, is there an include for a profile?	14:10
hazmat	ie. inheritance of some form.. or is that limited to separate policy files	14:10
hazmat	its not clear that's really a solution though, it means white listing things on a case by case basis	14:11
hazmat	just going through rdepends on a few fuse packages, get's me a list of 84.. http://paste.ubuntu.com/1049175/	14:13
stgraber	hazmat: apparmor supports includes but it works like #include in C, so won't help there as it'd include the whole profile including the profile definition	14:13
K4k	Are there any alternatives to landscape for managing Ubuntu client systems? I'm trying to get things more organized around here and I've got our Redhat systems managed under Spacewalk but the Ubuntu machines are still unmanaged and I'm relying on "unattended-updates" to ensure machines stay current which is not really an ideal solution for patch vetting.	14:13
stgraber	hazmat: let me test this quickly, I'd be surprised that we wouldn't have a way to allow any fuse based filesystem at once	14:14
hazmat	stgraber, thanks	14:14
stgraber	hazmat: and if there isn't, we can probably convince jjohansen to add one ;) nice thing of being the upstream	14:14
hazmat	stgraber, :-)	14:15
hazmat	K4k, puppet?	14:15
K4k	hazmat: I thought puppet was more for configuration deployment. Does it handle binary deb files as well?	14:16
stgraber	hazmat: http://paste.ubuntu.com/1049182/	14:17
hazmat	K4k, well you can have it setup to cron a check against installable updates/deltas or report back via any preferred protocol, and then have it install a given set of package updates specific to a release, its quite a bit more fiddling/development than something like landscape, but it can definitely be done.	14:17
hazmat	stgraber, perfect	14:18
stgraber	hallyn: ^ looks like we should allow fstype=fuse.*, in the default profile. I can't think of any problem with that, do you?	14:18
hazmat	stgraber, so the ideal would be just getting that into the default profile	14:18
K4k	hazmat: I'll consider that. Thanks. I'm mainly looking for alternatives to save costs but perhaps, if landscape isn't terribly expensive, I could convince management to approve some sort of budget for this.	14:18
stgraber	hazmat: yep, I'm working on a few other apparmor profile changes for quantal, will include this one in the set unless hallyn thinks it can be a problem, then this one should be SRUed back to 12.04 with the next batch (in couple of weeks)	14:20
hazmat	stgraber, sweet! thanks again	14:21
Womkes	Hey guys, I have a windows 7 machine with virtual box and one of my vm's is my Ubuntu workstation (for development and stuff) and I have two bare-metal servers connected to my home network. When I connect through ssh from my Ubuntu vm to these bare-metal server I get a ssh timeout during a session (doesn't have to be idle just happens after a few minutes). I do not have this problem when	14:26
Womkes	I connect through ssh from my windows box using putty.	14:26
Womkes	Any thoughts why this might happen?	14:26
RoyK	Womkes: connecting from the vm to a server should work well. does other types of networking work?	14:29
Womkes	yeah no other problems as far as I can tell RoyK	14:30
Womkes	The Terminal session to the server just die with this message	14:30
Womkes	Timeout, server srv2.bluejay.nl not responding.	14:31
Womkes	And when I reconnect the last commands I entered are not in my bash history	14:31
RoyK	Womkes: telnet server 22	14:31
RoyK	Womkes: just to see if networkingworks	14:31
stgraber	hallyn: I think I have a pretty nice improvement for our apparmor config, will put that in a branch so you can have a look	14:31
RoyK	Womkes: just to see if networking works	14:31
Womkes	When I connect from my Windows 7 PC to the server there is no problem	14:31
Womkes	from the ubuntu vm or from my windows box RoyK?	14:31
RoyK	from where it doesn't work	14:31
RoyK	meaning the ubuntu vm, I guess?	14:32
=== zyga-afk is now known as zyga
Womkes	yes	14:32
Womkes	Ok	14:32
Womkes	you want the output pastbinned ?	14:32
RoyK	k	14:32
Womkes	http://paste.ubuntu.com/1049198/	14:32
hallyn	stgraber: sounds good	14:32
Womkes	I have of course put 192.168.178.110 srv1.bluejay.nl in my /etc/hosts file	14:33
RoyK	Womkes: that means you should be able to ssh there	14:33
RoyK	why?	14:33
Womkes	Yeah ssh works	14:33
Womkes	it just get disconnected	14:33
RoyK	ah	14:33
Womkes	after a few minutes	14:33
RoyK	setup ssh keepalives, then	14:34
Womkes	even when the session isn't idle, like in the middle of doing stuff	14:34
RoyK	or use bridged networking	14:34
Womkes	I tried, but still occurs	14:34
Womkes	lemme check if I used bridge in vbox	14:34
RoyK	Womkes: ServerAliveInterval 5	14:34
arussel	how do you create an ec2 snapshot without lvm installed and with default fs (ie, not xfs) ?	14:34
Womkes	Yeah, I use Bridged Adapter in virtual box	14:34
RoyK	in $HOME/.ssh/config	14:34
RoyK	arussel: you can't	14:35
RoyK	arussel: that is, unless amazon lets you do that from their tools	14:35
arussel	with lvm I could freeze the fs while doing the backup, but I kind of 'forgot' to install lvm on that one.	14:36
Womkes	Ok, I will try RoyK, I think I tried it before though and it didn't work	14:36
Womkes	but I put it in /etc/ssh/ssh_config	14:36
Womkes	not in ~/.ssh/config	14:36
RoyK	arussel: only fs with snapshot support in ubuntu is, afaik, btrfs, and then, zfs, but that's with fuse	14:37
RoyK	arussel: lvm snapshots aren't very good - the more snapshots, the slower i/o	14:37
RoyK	Womkes: shouldn't matter much	14:37
arussel	amazon doc says: 'Some file systems, such as xfs, can freeze and unfreeze activity so a snapshot can be made without unmounting.', but I'm with ext3	14:37
arussel	and if I umount, postgres might be pissed off.	14:38
RoyK	arussel: stop postgres ;)	14:38
RoyK	arussel: and ext3 will probably handle that rather well	14:38
RoyK	arussel: a filesystem without a journal will have a harder time, though	14:38
RoyK	Womkes: erm - you put that in /etc/ssh/ssh_config on the client or server?	14:41
arussel	wasn't lvm by default on previous ami ?	14:41
arussel	I don't remember installing it is there on the 10.x	14:42
Womkes	on the client	14:42
RoyK	ok - that's where it belongs	14:43
Womkes	I believe it is /etc/ssh/sshd_config for server and then it is ClientKeepAlive something	14:43
Womkes	I tried that also :)	14:43
RoyK	Womkes: I haven't used client VMs like that, so I wouldn't know, but all my ssh sessions survive all sorts of gateways with just that line I gave you	14:44
arussel	fuck it, I'll redo the volume. Any advice between lvm or xfs ?	14:44
Womkes	ok, I have it running now	14:44
Womkes	we'll know in a few minutes :)	14:44
stgraber	hallyn: lp:~stgraber/ubuntu/quantal/lxc/apparmor-profiles-rework	14:44
stgraber	hallyn: I haven't tried a build of the new package but I'm running with these profiles on my machine and they work great	14:45
stgraber	hallyn: these should be much easier to customize as /etc/apparmor.d/lxc/* can now just inherit from the main profile, that also greatly simplifies the with-nesting profile	14:45
hallyn	(looking)	14:48
hallyn	stgraber: looks great	14:49
hallyn	stgraber: presumably not SRUable, but perhaps we can put up a wiki page with a script for people to convert to that setup	14:50
stgraber	hallyn: yeah, we won't be able to SRU that, though the fstype=fuse.*, stuff is SRUable if you can't think of a reason why it'd be bad allowing it	14:51
stgraber	hallyn: when we get the API work and the hooks in a good enough shape and get these uploaded to quantal, I'll probably start maintaining backports of lxc as well as continuing with the srus, that way people can choose whether they want just bugfixes or also new features	14:53
hallyn	stgraber: regarding always allowing fuse... i dunno, it does scare me a little	15:03
stgraber	hallyn: I think the potentially dangerous thing is /dev/fuse, not the filesystems themselves and we already allow /dev/fuse	15:04
stgraber	hallyn: I'll go ahead and upload these changes including the fuse.* change to quantal. Will rediscuss whether it's safe or not with the next batch of SRUs. I think that if we consider fuse to be risky, we should block it in the ubuntu profile but still allow it in apparmor (so one doesn't need to change their profile if they allow the node in their config)	15:11
stgraber	hazmat: FWIW, fuse.* is now allowed in quantal. Making alternate profiles is also much simplified as you can now do it without duplicating the default one	15:15
hallyn	stgraber: agreed, given that /dev/fuse is allowed, i must have agonized over it before and decided it was ok :)	15:16
hallyn	interestingly i can't reproduce gary_poster's parallel-lxc-start-ephemeral/dnsmasq race on a m1.xlarge. i wonder if it's a race that needs faster/more cpus	15:17
hallyn	(race in dnsmasq is my guess, really)	15:17
stgraber	hallyn: apparmor changes uploaded to quantal. Rebased my liblxc+python-lxc branch on that one and uploaded to my ppa for precise and quantal	15:23
hallyn	just ppa:stgraber/ppa ?	15:23
stgraber	hallyn: ppa:stgraber/experimental	15:23
hallyn	ok	15:23
stgraber	I'm still running precise on my laptop but like to have the new shiny lxc with python-lxc support ;)	15:24
grendal-prime	i use to be able to change wich physical interface was atached to wich eth device in 10.04 with the /etc/udev.rules/70-persistent-net file..how do i do that with 12.04	15:29
patdk-wk	same way?	15:31
grendal-prime	ya but there is nothing in there.	15:35
patdk-wk	yep, hmm	15:40
grendal-prime	i mean it currently has to be stored somewhere	15:41
* patdk-wk tests		15:41
pteixeira	hello! i need to run the vmbuidler command from a web application (takes the info related to the packages to be installed from the web application and uses vmbuilder to create the VM image), but i need sudo permissions to run it.. is there a way to overrun this or is it simply not possible?	15:42
pteixeira	(jeos and vmbuilder page redirected me here, dont know if this is the right place...)	15:42
grendal-prime	it seems to me that the 75-persistent-net-generator.rules does not run automatically anymore	15:43
grendal-prime	pteixeira, ya the www-data user having sudo privilages may not be good..you may want to just make your script sudo	15:44
hazmat	stgraber, nice	15:44
grendal-prime	meaning making it the one script that that particular user has sudo access to.	15:44
hallyn	stgraber: syslog corruption... what do you think? do we continue to put up with it until after user namespaces are complete? (preferable from a dev point of view, not from user pov)	15:46
hallyn	(but only not preferable from user pov if we can get a real fix in :)	15:46
pteixeira	grendal-prime, thanks! i didnt even know that was possible :)	15:46
grendal-prime	pteixeira, np here	15:49
grendal-prime	http://www.cyberciti.biz/tips/allow-a-normal-user-to-run-commands-as-root.html	15:49
pteixeira	thank you very much :)	15:49
stgraber	hallyn: that doesn't sound like an easily fixable thing so I don't think it's worth risking delaying the user namespaces work for it, especially as it's really just annoying, it's not dangerous.	15:50
grendal-prime	well shucks...ill tell ya what you can repay me by marrying my sister (The ugly one).	15:50
uvirtbot	New bug: #1009579 in tomcat7 (universe) "[MIR] tomcat7 (replaces tomcat6)" [High,In progress] https://launchpad.net/bugs/1009579	15:51
hallyn	the biggest reason it's not 'easily' fixable is that it still isn't clear which namespace should own the syslog ns :) (or how to control unsharing it)	15:51
grendal-prime	in my country that is the honorable way to repay such a debt.	15:51
gary_poster	hallyn, I saw your comments about not being able to dupe. Weird. I'm going to try making a fresh ec2 instance with nothing else on it. I'll try both the sizes you did.	15:51
hallyn	gary_poster: thanks. i tried your exact commands from the bug report...	15:51
hallyn	oh maybe i did just reproduce it	15:52
gary_poster	hallyn, yeah, I figured you did. They worked for me. Maybe the fact that I had used the system quite a bit before affected it. I'll report back. thanks again.	15:52
gary_poster	I mean I figured you tried the exact commands. but if you did just repro, yay!	15:53
patdk-wk	grendal-prime, I just tested it, using udev/rules.d/70-persistent-net works fine	15:53
patdk-wk	it's just not auto-filled anymore	15:54
hallyn	gary_poster: yeah. so the bear is going to be writing a script to figure out which container doesn't yet have an address :)	15:54
grendal-prime	ok so is there anyway to initally have it grabe whats there so i can just move around what it found?	15:54
hallyn	dhclient3 didn't start until after the 3 mins, so the q is did the first one die, or did something wait for 3 mins	15:54
hallyn	i'm going to blame udev	15:55
gary_poster	:-)	15:55
grendal-prime	patdk-wk, i tried to fire off the 75-persisant-net-generator script but i got to mess with the perms to do that. (no Xecute)	15:56
grendal-prime	or execute it with bash..	15:56
grendal-prime	but ...well it doesnt seem to do what i want	15:56
grendal-prime	and it just pukes a buch of errors.	15:58
gary_poster	hallyn, should I bother continuing to spin up ec2 instances or is that moot since you duped?	15:58
grendal-prime	starting with 75-net-description.rules: line 4: SUBSYSTEM!=net,: command not found	15:58
hallyn	gary_poster: moot - thanks	15:59
gary_poster	cool	15:59
hallyn	i'm going to try with separate containers	15:59
hallyn	(still i'm pretty sure the problem is udev pauses and the containers don't get an eth0 to run dhcp on )	16:00
=== zyga is now known as zyga-afk
uvirtbot	New bug: #1015186 in bind9 (main) "bind9 init script relies on unavailable capability kernel module" [Undecided,New] https://launchpad.net/bugs/1015186	16:21
smoser	roaksoax, i suspect this is magically all working...	16:21
smoser	but can you verify that the maas/cobbler pxe install path uses	16:21
smoser	http://www.syslinux.org/wiki/index.php/SYSLINUX#IPAPPEND_flag_val_.5BPXELINUX_only.5D	16:21
smoser	ie, that pxelinux appends "BOOTIF=" for us? and then the installer (if given 'auto' for the netcfg/choose_interface uses that)?	16:22
=== Lcawte\|Away is now known as Lcawte
grendal-prime	this kinda blows..alot	16:24
grendal-prime	i just want to change the order of these damn interfaces	16:24
adam_g	zul: what are we waiting on specifically, wrt nova hitting -proposed?	16:41
uvirtbot	New bug: #1015194 in postfix (main) "package postfix 2.9.1-5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1015194	16:45
stgraber	hallyn: http://paste.ubuntu.com/1049431/ <- unicode works fine in python3-lxc + liblxc now (though utf-8 is hardcoded, so I'd expect it to explode quite badly if using another encoding)	16:48
hallyn	stgraber: excellent, i can start my ki-ich, ki-ni, and ki-san containers now	16:56
hallyn	stgraber: do you know offhand of a rate limit imposed by either udevd or the kernel's uevent subsystem?	16:58
hallyn	feh, i suppose kernel could just be running out of memory for th euevents	17:02
hallyn	<chuckle> a per-container syslog woudl sure be helpful ehre :)	17:05
hallyn	gary_poster: is the given workaround (disable udevam trigger) worakble for you? (set that up in the initial lucid container, and it gets copied into the pehemeral ones)	17:07
hallyn	gary_poster: i don't knwo whether (a) udev in container is failing to allocate a netlink socket and then timing out,	17:07
hallyn	(b) kernel is failing to allocate memory for some events (can certainly happen), or (c) kernel or userspace is just throttling	17:08
hallyn	i'm guessing a. in any case, i prefer to ignore it and move to other stuff, if the workaround works for you	17:08
jjohansen	hazmat: I'd like to get some more info from you on how you would like to extend apparmor profiles	17:09
gary_poster	hazmat completely understood that you want to move on. I'll give it a try and report back. What would be symptoms of it not working?	17:10
hallyn	gary_poster: it works (i tried it), i meant - is it doable for you to modifiy the initial container every time	17:10
hazmat	jjohansen, so with the change to allow fuse in the default its not clear we need to. but if we do need to customize it, the ideal scenario is that we can include the default and override the relevant bits	17:10
stgraber	jjohansen: not sure if you saw my lxc upload to quantal but I moved most of our apparmor profiles around ;) basically adding two entries in /etc/apparmor.d/abstractions that are then included in usr.bin.lxc-start, lxc-default and lxc-default-with-nesting. This now allows people to "inherit" from our implementation and removes the need for copy/pasting everything	17:10
jjohansen	stgraber: right	17:11
hallyn	stgraber: which is of course what i always wanted to do :) just hadn't gotten around to it	17:11
hallyn	stgraber: we might even introduce a lxc-set-profile -n containername script,	17:11
hallyn	which just creates a new empty profile, sets the config to use that, and then the user can go hack from there. small improvement, but at the same time huge usability improvement i think	17:12
jjohansen	hazmat: right I understand what you want, let me rephrase I am looking for ideas/visions of how you would like to see it function.	17:12
Plizzo	My Ubuntu Server has been disconnected from the network for some hours, and now that I plugged it back in it only gets an IPv6 address, and no IPv4 one. This means I cannot access it properly, what do I do?	17:12
gary_poster	hallyn, oh, ok. Yeah, we do surgery for various other issues already. Thanks! I'll report back on the bug after I have a bit of experience with it, to make sure it works for us	17:12
hallyn	btw can i just say, for all the wanting lxc-devel to stick around, there's not a lot of review there! <grumpy>	17:12
hallyn	gary_poster: awesome, thanks. ttyl	17:13
gary_poster	ttyl	17:13
stgraber	hallyn: sounds useful indeed. I've been helping quite a few folks do the copy/pasting, reloading, lxc.aa_profile stuff and it's getting a bit boring having to copy/paste the same instructions over and over again ;)	17:13
jjohansen	stgraber: I can imagine :)	17:14
hallyn	heh	17:14
jjohansen	stgraber, hallyn: same basic question applies to you too. If you have ideas on extending the language to make this easier lmk	17:15
hallyn	jjohansen: well, the per-fs thin would be very useful. i.e "deny write to sysrq-trigger on any procfs". i relize that's more than a language change :)	17:16
jjohansen	hallyn: yeah I am working on that	17:17
hallyn	jjohansen: great :)	17:17
hallyn	for instance, debootstrap isn't allowed bc of that :(	17:17
hallyn	anyway, dont' know that i have anything more. (back to hackhackhack)	17:18
Plizzo	How can I force my server not to accept an ipv6 address?	17:18
Plizzo	Or atleast to obtain an ipv4 one	17:18
Plizzo	Like it used to	17:18
RoyK	Plizzo: ipv6 should work by default with address discovery	17:20
RoyK	Plizzo: ipv4 can be set manually or by dhcp/bootp in /etc/network/interfaces	17:20
Plizzo	RoyK: IPv6 is working, but for some reason my server is not getting an IPv4 address	17:20
RoyK	do you have dhcp around?	17:20
Plizzo	RoyK: My router is set to give my server a static IPv4 address, and the server is the only computer which obtains IPv6	17:20
Plizzo	RoyK: It's always been getting the same IPv4 one until now	17:21
uvirtbot	New bug: #1015207 in juju (universe) "juju setup fails, ERROR Invalid SSH key - 12.04 LTS" [Undecided,New] https://launchpad.net/bugs/1015207	17:21
hazmat	jjohansen, so std include statement should work fine to grab a definition, and then a stanza prefix/statement to specify an override/modification block over an existing entity (program, profile, etc)	17:21
RoyK	then your router is probably having a fit	17:21
hazmat	so something like @override\n profile lxc-container-default { deny /dev/zero }	17:22
jjohansen	hazmat: okay thanks	17:24
stgraber	hallyn: just looked at my bug mail, does that mean that gary_poster's bug doesn't happen with >=precise containers?	17:33
hallyn	stgraber: right	17:33
hallyn	stgraber: which is why i had assumed it would turn out to be udev :)	17:34
hallyn	stgraber: where is your bzr tree for the lxc api now? i'll make my destroy/create changes against that	17:39
stgraber	hallyn: lp:~stgraber/ubuntu/quantal/lxc/lxc-api-and-python	17:40
stgraber	hallyn: actually, are you part of the ubuntu-lxc team?	17:41
stgraber	because I guess it'd make sense to just share that branch for now instead of branching/merging for every little bits	17:41
arussel	is it a problem for xfs_freeze if a subdirectory is used as mount point ?	17:43
stgraber	hallyn: now at lp:~ubuntu-lxc/ubuntu/quantal/lxc/lxc-api-and-python and I added you to ~ubuntu-lxc so you can directly push to it	17:43
stgraber	hallyn: the liblxc changes are in the last quilt patch, so you can simply update the files and refresh the patch	17:43
stgraber	no need to create any more patches at this time	17:44
roaksoax	smoser: we don't specify bootif=XYZ	17:44
roaksoax	smoser: but we do have ksdevice=bootif	17:45
smoser	roaksoax, i think we end up specifying BOOTIF=	17:45
smoser	as it seemed our pxelinux (in grepping cobbler) hyas 'ipappend 2'	17:45
roaksoax	smoser: http://pastebin.ubuntu.com/1049530/ we don't specify a bootif=XYZ	17:46
hallyn	stgraber: do you think lxc-destroy should now be deleting custom profiles?	17:46
hallyn	maybe best not... but hate to have those proliferate too much	17:46
roaksoax	smoser: but in this one we specify ksdevice=bootif	17:46
roaksoax	smoser: http://pastebin.ubuntu.com/1049531/	17:47
smoser	roaksoax, we dont specify bootif=	17:47
smoser	we specify ipappedn 2	17:47
hallyn	stgraber: thanks (i'd have ben happy doing merge proposals :)	17:47
stgraber	hallyn: unless we decide to always have one profile per container which IIRC we said wasn't a good idea, we probably shouldn't be removing them. At some point it might be interesting to detect unused profiles and show the list at the end of lxc-destroy	17:48
roaksoax	smoser: right we do	17:48
roaksoax	smoser: i think those don't really apply to Ubuntu though as they are for anaconda...	17:48
hallyn	stgraber: yeah, a purge command shouldn't be too hard. look for all profiles not mentioned in a config, and query the user one at a time. anyway, later.	17:49
stgraber	hallyn: and will be even easier to do in python ;)	17:49
roaksoax	smoser: though, I just found this: https://bugs.launchpad.net/ubuntu/+source/casper/+bug/923219	17:49
uvirtbot	Launchpad bug 923219 in casper "[Oneiric] PXE/NFS boot requires "IPAPPEND 2" in PXE menus" [High,Confirmed]	17:49
roaksoax	smoser: so yes, it should be using the bootif for the installer if netcfg/choose_interface=auto	17:50
hallyn	stgraber: lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-aa-custom-profile adds a lxc-aa-custom-profile, works for me	17:50
hallyn	lunch, bbl	17:51
smoser	which magically makes BOOTIF= appear on the linux command line	17:51
smoser	roaksoax, ^	17:51
stgraber	hallyn: ok, having a look and will merge in lp:ubuntu/quantal/lxc if it looks good (and then rebase my lxc-api-and-python branch on the main branch)	17:52
hallyn	stgraber: i'm not sure it's worth a separate commit, was thinking we'd just queue it in ubuntu:lxc until a more important one	17:52
stgraber	hallyn: (oh yeah, you might have to use "bzr pull --overwrite" with lxc-api-and-python from time to time as I rebase it on the main quantal branch whenever something lands)	17:52
hallyn	then again, you've done more of the tedious repetition than i have (explaining how to do it) :)	17:52
stgraber	hallyn: yeah, I'd merge it but not upload it	17:52
hallyn	ok	17:52
roaksoax	smoser: bootif=XYZ	18:00
roaksoax	smoser: so my guess is that ipappend 2 adds bootif=XYZ as a kernel param on runtime rather than in the file itself?	18:00
smoser	roaksoax, right.	18:00
smoser	its magic/genius pxelinux. and it appears that our whole stack uses it for automated install.	18:01
smoser	really clever idea from pxelinux to do that. it basically passes the interface that it booted from up to linux.	18:01
roaksoax	smoser: indeed, which really make sense	18:02
smoser	SpamapS, if you wanted to think about https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1015223	18:05
uvirtbot	Launchpad bug 1015223 in cloud-init "cloud-init-nonet main process killed by TERM signal" [Undecided,New]	18:05
smoser	i'd appreciate it.	18:05
uvirtbot	New bug: #1015223 in cloud-init (main) "cloud-init-nonet main process killed by TERM signal" [Undecided,New] https://launchpad.net/bugs/1015223	18:06
=== koolhead17 is now known as koolhead17\|afk
SpamapS	smoser: reading	18:12
=== emobathtub_ is now known as emobathtub
matt_keys	I had a 250gb sata disk running 10.04 and replaced it with a 120gb ssd running 12.04. My kvm images are now on sdb3, how do I move them into sda3?	18:29
RoyK	matt_keys: they're normally under /var/lib/libvirt/images	18:39
RoyK	just files	18:39
miceiken	okay this is weird	18:40
miceiken	insserv is installed, but when I use it it says command not found	18:40
RoyK	matt_keys: the vm config is under /etc/libvirt/qemu - you might want to move them over as well	18:40
Aaton	anyone having problems with 12.04 LTS not rebooting when your doing a network install?	18:49
fraterm	matt_keys, if you have any good references for configuring those Virtual Machines networking statically I'd like to pick your brain.	18:49
matt_keys	RoyK : I've got sdb3 mounted on /sdb, so I recursive copied /sdb/var/lib/libvirt/* and /sdb/etc/libvirt/ , but they're not showing up in virt-manager	18:50
fraterm	permissions I bet.	18:50
Aaton	the debian-installer seems to be caught in a loop. if I have a preseed/late_command it will try to run it twice but fails the second time since /target is unmounted	18:50
matt_keys	fraterm : worked for me just configuring static since they're bridged.	18:50
fraterm	matt_keys, are all of your VMs ubuntu ones?	18:51
roaksoax	Aaton: afaik you can only have 1 late_command in the preseed	18:52
fraterm	I only have one and it's a centos 6.2 beasty.	18:52
matt_keys	RoyK : I do see the volumes on the storage screen, though.	18:52
RoyK	matt_keys: restarted libvirt?	18:52
matt_keys	RoyK : ahh... one sec.	18:52
Aaton	roaksoax: yep I have only one.	18:53
Aaton	I get a dialog box about the machine rebooting but it then tries the late_command again instead	18:54
matt_keys	RoyK : restarted qemu-kvm and libvirt-bin both, still not there	18:55
matt_keys	fraterm : not all of them. I have centos 6.2 ones too.	18:55
fraterm	I must have a squirrelled up resolv.conf I suspect.	18:55
matt_keys	fraterm : dns keep getting wiped?	18:55
fraterm	/etc/resolv.conf is there.	18:56
roaksoax	Aaton: how are you running your late_command?	18:57
Aaton	d-i preseed/late_command string wget -Y off -P /target http://10.X.Y.Z/d-i/precise/late_command.sh ; chmod +x /target/late_command.sh ; chroot /target/ /bin/bash /late_command.sh	18:57
Aaton	it works. and completes the commands I have inside it.	18:58
roaksoax	Aaton: I think you should do it like this:	18:58
matt_keys	fraterm : I've seen network manager wipe out the static dns settings... you have to set a few things in ifcfg-eth0 to keep it from doing that	18:58
fraterm	basically broken network configuration here I think then.	18:59
fraterm	it´s that networks are unreachable.	18:59
roaksoax	d-i preseed/late_command in-target sh -C 'wget http://10.X.Y.Z/d-i/precise/late_command.sh; etc etc etc'	18:59
* fraterm turns off NM_CONTROLLED		19:00
roaksoax	Aaton: or similar, but you need to use in-target so that it does stuff in the targe	19:00
roaksoax	Aaton: it is probably because of the way you are doing it that it fails	19:00
Aaton	roaksoax: ok I'll give that a try	19:00
roaksoax	fraterm: man resolvconf will tell you how to set static dns	19:01
fraterm	I dunno that it's resolvers.	19:02
Aaton	will it use the wget that is in busybox or the wget in /target. I have to make sure it doesn't try to use the proxy I'm behind.	19:02
roaksoax	Aaton: in-target	19:03
roaksoax	Aaton: that's why you use the in-target	19:03
fraterm	I can ssh in to the machine over the bridged network, I can't ping anything outside of my subnet from within the machine. I can ssh out to machines inside my subnet.	19:03
matt_keys	fraterm : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html . you'll want to use PEERDNS=yes, then DNS1=8.8.8.8 DNS2=8.8.4.4	19:03
fraterm	I´m behind a proxy though.	19:04
fraterm	But I will give that a look.	19:04
matt_keys	fraterm : unless you're restricting icmp out, proxy shouldn't interfere with it... just http/https traffic	19:04
fraterm	But I should still be able to ping X host in a different network... I bet I have a gateway or netmask or other setting a bit off.	19:05
matt_keys	fraterm : can you ping internal network hosts?	19:06
fraterm	matt_keys, certain ones yes	19:07
fraterm	my host vm IP address, and one host that is in our subnet.	19:07
fraterm	dns no, gateway...	19:08
matt_keys	fraterm : traceroute 8.8.8.8	19:09
fraterm	can ping the gateway... hurmph	19:09
matt_keys	where does it stop?	19:09
fraterm	installing traceroute would help.	19:09
fraterm	matt_keys, no more assistance til I get some good debugging tools though.	19:10
fraterm	I don´t want to waste your time with this.	19:10
matt_keys	np	19:10
matt_keys	still trying to figure out why i can't see my vms :p	19:10
matt_keys	brb	19:11
fraterm	I had a big problem with 12.04 recognising my ability to alter the configuration to use the bridge.	19:11
fraterm	Until I did it as root.	19:11
fraterm	the virtual machine manager gui isn't able to alter that setting unless you have the VM "powered off" as well... and as a normal user it doesn't alter the parameter for the network away from using NAT.	19:12
axisys	HP DL380 would be a good server to run mysql? I have about 20GB worth of ibdata with one table with 6 million transactions and another for 1 million.. running RT	19:19
rockets	Here's a silly question: How does Ubuntu pick which version of a package to install, if I have multiple apt repositories in my sources.list that contain that package? Does it just pick the newest one?	19:22
ikonia	rockets: if you don't have pinning setup, pretty much yes	19:29
rockets	Thanks ikonia	19:36
K4k	When creating an install disk with a ks.cfg file. Is it possible in the %packages section to somehow tell the system to install all normal packages and then just specify the individual packages you specifically need to apt-get install in addition?	19:47
muszek	hi... I'm running Nginx and PHP on my computer. Today update manager told me there's a few php5* packages to be upgraded. But along with this upgrade it wants to install a bunch of Apache packages... I don't run apache and don't want it installed... what gives?	19:47
smoser	SpamapS, that bug make sense? the same basic issue is present in failsafe.conf	20:20
SpamapS	smoser: totally makes sense	20:21
SpamapS	smoser: seems like that shouldn't be on the console	20:21
smoser	is there a way to gracefully be terminated? so that init would'nt output such a scary message?	20:21
SpamapS	seems like it should be lowered to 'info' priority. Who cares about the TERM?	20:21
SpamapS	it is being "gracefully" terminated	20:21
SpamapS	by upstart is all	20:21
SpamapS	smoser: anyway, I'm running off to lunch, bbiab. Agreed that it should be solved. Not sure exactly how though.	20:22
SpamapS	smoser: IMO thats a bug in upstart	20:22
smoser	yeah, i agree.	20:22
smoser	fwiw, SpamapS you have mixed tabs and space in failsafe.conf	20:23
matt_keys	back, can't remember who I was helping earlier	20:23
arussel	I've configured postfix to forward mail to an smtp server following: https://help.ubuntu.com/community/GmailPostfixFetchmail I'm not using gmail as a server, but I've been using my own mail server	20:32
arussel	when I test the setting with "sendmail -bv me@gmail.com"	20:32
arussel	I don't have any error but I get the message "Mail Delivery Status Report will be mailed to <ubuntu>."	20:33
arussel	and ubuntu does get a mail in its mailbox on the server	20:33
arussel	telling that delivery to was OK	20:34
arussel	the problme is I've got nothing in my mailbox at gmail.	20:34
arussel	Where should I start looking to fix this ?	20:34
derpyderp	hi! is it normal that i get the message "--libvirt command not found; --addpkg command not found" when trying to run the vmbuilder command in the jeos-and-vmbuilder page? i can boot the image and login, but there are no packages created, i dont have grub and apparently nothing on he disk...	20:35
uvirtbot	New bug: #1015294 in samba (main) "package samba 2:3.6.3-2ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/1015294	20:36
Aaton	roaksoax: tried your preseed/late_command method. it did not fix the problem I was having where the debian-installer does not reboot. d-i finished the late_command and then tried to reboot but doesn't. then runs the late_command again which fails.	20:36
Aaton	have to cold reboot the system	20:37
derpyderp	anyone?	20:43
miceiken	Hi.	20:44
miceiken	Virtual packages like 'gitosis' can't be removed <- what does this mean? how do I remove it	20:44
lifeless	you can't, because its not installed	20:45
lifeless	some other package is installed, which is providing it.	20:45
lifeless	This is crazy UI wise, sure, but it is what it is :)	20:45
miceiken	ah thanks lifeless	20:47
miceiken	while i have you here	20:47
miceiken	insserv is installed, but when I use it it says command not found	20:47
derpyderp	let me rephrase my question: i need to create custom VM images, and im trying to do so via the bash script provided in the JeOS and vmbuilder page in the ubuntu website. however, i get three error messages when the process is complete: --libvirt =qemu:///system command not found, --addpkg command not found, --addpkg command not found" :\|	20:49
derpyderp	actually it says "--libvirt=qemu:///system: No such file or location", plus the other two --addpkg command not found, my bad	20:51
=== pjdc_ is now known as pjdc
roaksoax	Aaton: is it possible for you to show me the syslog of the installtion process?	20:55
Aaton	roaksoax: sure once the system comes back up I'll grab it from /var/log/installer/syslog	21:01
uvirtbot	New bug: #1015311 in clamav (main) "package clamav-base not installed failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1015311	21:15
hallyn	stgraber: d'oh, src/lxc/tests is empty in your bzr branch :)	21:41
hallyn	stgraber: and IIUC lxclock.h and lxccontainer.h will no longer be exported to /usr/include/lxc	21:41
stgraber	hallyn: what?	21:42
hallyn	nm, i'm an idiot	21:42
stgraber	root@python-lxc:~/lxc-api-and-python# ls src/tests/	21:42
stgraber	containertests.c locktests.c Makefile.am startone.c	21:42
hallyn	(quilt patches were not applied)	21:42
stgraber	oh yeah, you need to fight with quilt as usual ;)	21:43
hallyn	well it seems like policy has changed - i thought bzr used to keep the patches applied <shrug>	21:43
stgraber	I usually fight until the point where "bzr st" looks reasonable, then look at the code ;)	21:43
stgraber	well, they definitely are applied in the branch	21:43
stgraber	root@python-lxc:~/lxc-api-and-python# bzr revno	21:43
stgraber	120	21:43
stgraber	root@python-lxc:~/lxc-api-and-python# bzr st	21:43
stgraber	root@python-lxc:~/lxc-api-and-python#	21:43
hallyn	really??? try a clean fetch	21:44
hallyn	bzr branch lp:~ubuntu-lxc/ubuntu/quantal/lxc/lxc-api-and-python	21:44
hallyn	cd lxc-api-and-python; quilt ap	21:44
stgraber	hallyn: hmm, let me try to convince LP that what I have locally is right :)	21:46
stgraber	hallyn: gah, my bad, didn't push at the right place, that's why it's all broken...	21:47
stgraber	hallyn: should be good now	21:47
hallyn	i should re-fetch?	21:47
stgraber	yeah	21:47
hallyn	i'll wait until i finish writing my testcase and then just copy that over	21:47
hallyn	thanks	21:47
stgraber	>>> test.start(cmd=["/sbin/init", "--debug"])	21:49
stgraber	True	21:49
stgraber	hallyn: ^ I have support for the args => char* in my local branch now too	21:49
stgraber	hallyn: still need to fix the refcounting/memory management part of that hack though :)	21:50
hallyn	stgraber: cool	21:51
hallyn	stgraber: I'm going to suggest that container->destroy() doesn't need to try and stop the container, that is, it'll jsut fail if the container is running, and caller can sto pit if need be?	21:56
hallyn	(lemme know if you disagree)	21:56
stgraber	hallyn: that's what my python function does at the moment (throw an exception if the container is running), so WFM	21:56
hallyn	great	21:57
=== LordOfTi- is now known as TheLordOfTime
=== jedney is now known as JonEdney
stgraber	hallyn: just checking, the container name is mandatory and can't be set after lxc_container_new()?	22:16
hallyn	stgraber: correct	22:18
hallyn	idea would be to use lxc-clone to get one with a new name	22:18
hallyn	of course, you can cheat and just set c->name :)	22:18
hallyn	why do you ask?	22:18
hallyn	destroytest passed, yay. now the tough part, create :)	22:18
hallyn	stgraber: do you think it should b set-able?	22:19
hallyn	(this of course shoudl be reminding me that we need clone still... but i'll wait until someone asks for it)	22:20
stgraber	hallyn: wanted to check that my current implementation of .name being read/only was correct and for some reason I don't currently enforce a name to be passed to Container(), fixing that now	22:20
blendedbychris	cna i resize a partition of a drive that is mounted?	22:28
hallyn	stgraber: what did you think about whether c->create(c) should save the config to disk?	22:33
hallyn	i suppose it should	22:33
stgraber	hallyn: I just pushed a small debian/rules change to match your introduction of another test binary and I also pushed an update python binding including the switch to the new liblxc destroy()	22:34
stgraber	hallyn: I think it'd make sense for it to save the current config yeah	22:35
stgraber	hallyn: so I guess you'll need to implement save_config() first ;)	22:35
hallyn	drat	22:38
stgraber	>>> test.destroy()	22:41
stgraber	lxc_container: No such file or directory - failed to open freezer for 'test'	22:41
stgraber	False	22:41
stgraber	hallyn: ^ did I miss something?	22:41
stgraber	hallyn: oh, my bad ;) wrong mapping	22:43
hallyn	phew	22:43
stgraber	works fine now ;)	22:43
stiv2k	i am having problems with ecryptfs	22:55
stiv2k	trying to run ecryptfs-umount-private	22:55
stiv2k	i keep getting this	22:55
stiv2k	fopen: No such file or directory	22:55
stiv2k	fopen: No such file or directory	22:55
stiv2k	Cannot chdir into mountpoint.	22:55
stiv2k	any idea?	22:56
=== Lcawte is now known as Lcawte\|Away
tyhicks	stiv2k: Lets get the obvious question out of the way first... is your ~/Private directory actually mounted?	23:06
tyhicks	stiv2k: Take a look at /proc/mounts to verify that it is currently mounted.	23:06
AceFace	hello all!	23:10
AceFace	im looking for help configuring a startup script, would anyone be willing to help?	23:10
SpamapS	AceFace: can you be more specific?	23:20
stiv2k	tyhicks i fixed it	23:21
tyhicks	stiv2k: good to hear	23:21
stiv2k	tyhicks i was running the command as sudo when i shouldnt have been	23:21
stiv2k	tyhicks i had to uninstall and disable the encryption because the web site hosted on that user's account would only work when he was logged in	23:22
stiv2k	otherwise it couldnt see any of the files	23:22
AceFace	SpamapS:	23:22
AceFace	SpamapS: sure	23:22
AceFace	i have a script that i want to execute at bootup (script located here: http://pastebin.com/hxk4fwVD ) and this script is supposed start a service called connection manager (binaries located here: http://download.igniterealtime.org/connectionmanager/connection_manager_3_6_3.tar.gz ) so i extracted the folder "connection_manager" to /opt , to see directory structure please look inside the tarball. ive tried a few things and i just cant make the scri	23:22
=== jedney is now known as JonEdney
SpamapS	AceFace: chopped at 'just cant make the scri'	23:23
tyhicks	stiv2k: Right. You've got to enter some type of secret to provide an encryption key.	23:23
tyhicks	(the login password decrypts the encryption key, in this case)	23:24
AceFace	ive tried a few things and i just cant make the script start at bootup. does anyone have any suggestions?	23:24
SpamapS	AceFace: you don't say what you've tried	23:25
AceFace	ok, ive tried copying the script located at /opt/connection_manager/bin/cmanager.sh to /etc/init.d/conmgr.sh	23:27
SpamapS	AceFace: the simplest thing would probably be to make an upstart job.. http://paste.ubuntu.com/1050091/ .. put that in /etc/init/cmanager.conf ..	23:27
AceFace	then doing sudo chmod +x /etc/init.d/conmgr.sh	23:27
SpamapS	AceFace: init.d's shouldn't have .sh suffixes	23:27
SpamapS	AceFace: they also need to take start/stop arguments	23:28
AceFace	oh...	23:28
AceFace	shows how much i know! haha	23:28
rockets	Is the final version of server 12.10 going to have apache 2.4?	23:28
AceFace	i will try your given paste and report back in a few minutes	23:28
SpamapS	AceFace: this is actually better http://paste.ubuntu.com/1050095/	23:28
=== qhartman_ is now known as qhartman
AceFace	SpamapS: what the difference between adding "post-start" and not?	23:30
uvirtbot	New bug: #1015337 in clamav (main) "clamav-base fails configure with `/usr/share/doc/clamav-base/examples/main.cvd': No such file or directory" [Undecided,New] https://launchpad.net/bugs/1015337	23:31
AceFace	SpamapS: please take a look, is this what you mean?: http://img.ctrlv.in/4fe10c29022c9.jpg	23:33
SpamapS	AceFace: first one is just a bit more "hacky" .. the second one will work more reliably if you, say, go to single user mode and come back	23:33
SpamapS	AceFace: yes that screenshot looks good	23:34
SpamapS	well except the theme on those windows.. ;)	23:34
SpamapS	that looks like a prison	23:34
AceFace	then after making /etc/init/cmgr.conf i then can reboot and expect the "conf" script to start /opt/connection_manager/bin/cmanager.sh ?	23:35
AceFace	well, the workstations in the office are all MS windows, whereas the server rack is ubuntuserver located in a locked room	23:36
AceFace	so i putty into the rack...	23:36
SpamapS	AceFace: yeah should work fine	23:37
SpamapS	\o/	23:39
SpamapS	Openstack summit in San Diego	23:39
SpamapS	woot	23:39
AceFace	SpamapS: i really appreciate your help, but the service doesnt seem to start	23:40
AceFace	do i have to chmod +x the /etc/init/cmgr.conf ?	23:40
AceFace	if you look here http://pastebin.com/wWskn4MW i have to normally cd /opt/connection_manager/bin/ and then do ./cmanager.sh to make the program work	23:44
SpamapS	AceFace: no	23:45
SpamapS	AceFace: ahh, add a new line chdir /opt/connection_manager/bin	23:46
AceFace	ok, me being new to linux, i figured i needed to make the script change paths, but i didnt know what to say to explain such a thing	23:47
AceFace	i will try it	23:47
AceFace	SpamapS: !!! SUCCESS!!!!	23:49
AceFace	thank you very very much	23:49
AceFace	i would paypal you a couple bucks to show my appreciation	23:52
AceFace	but i guess thats a practice usually frowned upon	23:52

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!