[01:13] <frank_> Buenas alguien me pueden ayudar
[01:57] <lifeless> smoser: around?
[04:58] <hecsa> Hi! Does somebody know something about bind9 troubleshooting?
[04:59] <twb> hecsa: what is the real question
[05:00] <hecsa> Hi twb! I'm having some strange issue in an Ubuntu server 10.04 starting some days ago...
[05:00] <hecsa> It is the internal dns server, which has my other machines declared in my bind9 files
[05:01] <pehden> ok any one want to help me with ubuntu server with postfix/dovecot/ using mysql based accounts, via ispconfig3
[05:01] <pehden> ok any one want to help me with ubuntu server with postfix/dovecot/ using mysql based accounts, via ispconfig3 server 12.04
[05:01] <hecsa> yesterday something strange started to happen...I can ping all the machines using their IPs
[05:01] <twb> pehden: sorry, I don't support WHCPs
[05:01] <hecsa> but when using dns names, it does NOT loose any package, but takes too long to answer
[05:01] <pehden> whcp?
[05:02] <twb> pehden: web hosting control panel
[05:02] <twb> pehden: ispconfig, webmin, cpanel, etc
[05:02] <hecsa> I took a look into /var/log/daemon.log
[05:02] <pehden> i dont need help on that part, its the config files theres somthing wrong there
[05:02] <twb> hecsa: IP packets are still called "packets" in English, not "packages"
[05:02] <hecsa> hehe...sorry!
[05:03] <pehden> wierd thing im able to log into the aemail account but cant send email from my accont and server is rejecting all incoming mail
[05:03] <hecsa> sometimes I translate from Spanish to English the wrong way
[05:03] <twb> hecsa: no problem
[05:04] <twb> hecsa: I tell you so you know, not because I am angry or anything
[05:04] <hecsa> well...the daemon.log file has something like this:
[05:04] <pehden> wow im now getting : Relay access denied
[05:04] <pehden> Transaction failed
[05:04] <pehden> 554 5.7.1
[05:04] <pehden> thats more then i was before
[05:04] <hecsa> named[2345]: client 10.1.4.40#58694: update 'pirulo.com.ar/IN' denied
[05:05] <hecsa> BUT 10.1.4.40 is my bind9 server
[05:05] <hecsa> this is what confuses me
[05:05] <twb> hecsa: have you hooked bind up to your DHCP daemon?
[05:06] <hecsa> not that I know
[05:06] <twb> pehden: so probably it thinks the sender is not in mynetworks and is not authenticated, and is (correctly) refusing to be an open relay
[05:06] <pehden> ok that points me in the right area, ill loook at that for a min twb
[05:07] <hecsa> this machine is a dhcp server too...
[05:09] <twb> pehden: oh obviously it's not an open relay if the mail is destined for a domain postfix handles itself
[05:09] <hecsa> I don't know if this has or hasn't something to do with the troubles I'm experiencing when pinging my machines using IPs vs DNS names
[05:09] <twb> hecsa: so the symptoms are that local host names do not resolve anymore?
[05:09] <pehden> i kow right, the wierd thing is it should still be able to send an email from itself to itself right
[05:10] <hecsa> they resolve instantly, but take a long time to answer when pinging if I use dns names
[05:10] <twb> pehden: that depends
[05:10] <hecsa> I loose no packet (I said packet ;-) )
[05:10] <hecsa> but the answer time is 1 vs 10
[05:10] <pehden> email@mydomain.com to email@mydomain.com
[05:10] <pehden> should send
[05:10] <twb> pehden: use postconf to compare your current main.cf to the default main.cf and see what is there and what is missing
[05:11] <twb> diff -U0 <(postconf -d) <(postconf)
[05:11] <pehden> ok will do that
[05:11] <hecsa> the ping issue happens when trying to access a web server too if I use dns names. If I use IP address, everything works perfectly
[05:11] <twb> Or -U999 to see everything
[05:12] <twb> (There will be a handful of differences that are Ubuntu defaults which you don't need to worry about, e.g. default mailbox size)
[05:12] <twb> *size cap
[05:12] <twb> hecsa: are you testing this on 10.1.4.40 itself?
[05:12] <twb> hecsa: what is in resolv.conf on the test host?
[05:13] <hecsa> twb: I have domain pirulo.com.ar
[05:13] <twb> hecsa: on 10.1.4.40, try "dig @127.0.0.1 foo.pirulo.com.ar".  In particular, see if it responds quickly or takes a while.
[05:13] <hecsa> twb: search pirulo.com.ar
[05:14] <hecsa> twb: instantly
[05:14] <twb> OK.  Now try "dig @10.1.4.40 foo.pirulo.com.au" on the host you were having slow ping from
[05:14] <twb> We are testing to see if this is slowness in DNS or elsewhere
[05:15] <hecsa> twb: instantly too
[05:15] <twb> OK, now try "getent hosts foo.pirulo.com.ar" on that host
[05:15] <hecsa> twb: I tried something with nslookup
[05:16] <hecsa> twb: that host = the dns server?
[05:16] <twb> hecsa: well on the slow-ping host, but it is interesting on any host if dig is fast but getent is slow
[05:17] <twb> Note that by foo.pirulo.com.ar I mean you should be testing with a real hostname at your site
[05:17] <hecsa> twb: no output...is this normal?
[05:17] <pehden> crazy i went to reset the install for ispconfig and there is an update so one moment
[05:17] <pehden> lol
[05:18] <hecsa> twb: I wrote it wrong...sorry...it answer instantly
[05:19] <hecsa> twb: it answers instantly
[05:20] <hecsa> twb: when I ping using dns names, it resolves them instantly, but the answer time is driving me crazy
[05:20] <twb> It makes no sense that if foo.pirulo.com.ar = 1.2.3.4, pinging foo.pirulo.com.ar is slower than pinging 1.2.3.4
[05:20] <twb> Except if DNS was slow, and we have shown that it is not
[05:21] <hecsa> twb: and something strange too is that when I try to cancel the ping with Ctrl-C it takes a lot of time to give me the prompt back...as if it is waiting for somthing to timeout
[05:21] <twb> hecsa: hm, then perhaps your system is under very heavy load?
[05:21] <hecsa> twb: that's right! I'm very confused with this...
[05:21] <twb> Look at e.g. free -m, to see if you are using a lot of swap.  Look at top, to see if all the CPU is used.  Look at iostat to see if the disks are using lots of I/O
[05:22] <hecsa> twb: I monitored it too...it's 99.5% free with top. I try¿ied iotop too, and there is no overloaded disk
[05:22] <twb> Also if you are in the same building you might be able to listen to it or see it doing the washing machine dance
[05:23] <hecsa> twb: hahaha...now there is nobody here...only me and my dns...and this machine is really free of load
[05:24] <twb> hecsa: sorry but I am out of ideas
[05:25] <hecsa> twb: don't worry, thanks a lot for taking your time to answer
[05:25] <hecsa> twb: I'll continue digging into this, let's see if there is something else
[05:26] <twb> If you find it, and it is interesting, come back and let me know what it was
[05:26] <hecsa> twb: sure I will! Thanks again!
[05:29] <pehden> um twb postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
[05:29] <pehden> /usr/sbin/postconf: warning: /etc/postfix/master.cf: unused parameter: smtpd_bind_address=127.0.0.1
[05:30] <twb> pehden: so fix that
[05:30] <pehden> where do i start lol
[05:30] <twb> Well who wrote that file?
[05:30] <twb> My bet is it was ispconfig and ispconfig has fucked it up.  Which is why I originally said: I don't do WHCPs
[05:30] <pehden> right
[05:31] <twb> I don't know offhand how to fix it.
[05:31] <twb> If I were you I'd probably talk to #postfix
[05:31] <twb> It's probably a variable that has a different name in the version of postfix you have, to the version ispconfig assumes
[05:32] <pehden> im looking at the .conf right now for them to see
[05:33] <pehden> #postfix
[05:35] <pehden> um looking in postfix now it shows mynetworks = 127.0.0.0/8 [::1]/128
[05:36] <pehden> hmm let me test it now
[05:39] <pehden> http://pastebin.com/MtHyB0VG
[05:47] <pehden> there was a typo
[05:47] <pehden> thats fixed now i cant log in
[05:47] <pehden> to my email
[06:28] <pehden> whats the netstat to see listening ports only
[07:03] <soren> pehden: -l (1.4 seconds looking at netstat's man page would have told you that, too)
[07:05] <Nafallo> wait. use netstat when we have ss? I'm confused.
[07:07] <twb> Because ss has stupid spacing behaviour in its output
[07:08] <twb> So if you have a 200-line terminal, and three columns that are like 8 characters wide, you end up with them separated by like 80 columns of whitespace
[07:09] <th0mz> ehlo
[07:09] <soren> twb: Exactly. Piping it through cat helps, though.
[07:10] <twb> Also I recall it excludes some results in certain circumstances that are easy to forget about
[07:11] <twb> I can't remember the details
[07:11] <twb> soren: yeah I do that, but it's a pain in the arse to have to do so
[07:11] <soren> Indeed.
[07:11] <soren> I always go back to netstat.
[07:13] <pehden> i tried -l but i didnt see it the way i wanted, soren
[07:16] <pehden> -ln is as close as i can get from what it looks like but there is still extra junk below
[07:17] <twb> ss -nlp | cat
[07:17] <pehden> i use watch -c .1 netstat -ln
[07:19] <soren> pehden: You should have mentioned that instead of wasting other people's tie.
[07:19] <pehden> im sorry i was waiting for a responce then didnt notice i had one
[07:20] <soren> pehden: I'm talking about your initial question.
[07:20] <soren> pehden: If you've already tried the obvious solution and it doesn't do what you want it to, say so instead of having to go through this useless bit of back and forth.
[07:20] <pehden> for some reason my imap isnt running
[07:21] <pehden> i was assuming it was part of postfix. but is that dovecot instead
[07:21] <soren> dovecot does imap, yes.
[07:21] <soren> And postfix does not.
[07:22] <soren> If you don't want the unix sockets at the end, use -lntu.
[07:22] <twb> soren: may be my fault for getting him fixated on postfix
[07:22] <pehden> ok i was a bit confused, i have been trying to get this part of my server running the way i want for months
[07:22] <pehden> ok thankts i will keep that saved
[07:23] <twb> IMO the real problem is his WHCP
[07:23] <pehden> it has worked before i upgraded to 12.04
[07:23] <soren> Don't waste brain matter memorizing stuff like that. Just understand that you (apparently) only want tcp and udp sockets. That's -t and -u, respectively.
[07:24] <soren> twb: whcp?
[07:24] <twb> Sigh
[07:24] <twb> ispconfig
[07:24] <twb> whcp = web hosting control panel.  /me pines for dpkg bot instead of ubottu :-/
[07:26] <twb> I have an -l1 -n3 md raid array.  I have a fourth disk plugged in.  I want to add it as a spare (not active) node in the array.
[07:26] <twb> What's the right way to do this?
[07:26] <pehden> im hosting sites, and i use one of them for my email, but due to the last upgrade the email servers have been unavailable. i have been dealing with many errors.
[07:27] <pehden> so far im the closest yet thanks to twb
[07:27] <twb> I'm still looking through the manpage
[07:28] <pehden> are you familier with dovecot?
[07:28] <pehden> i can pastebin my config
[07:28] <twb> pehden: dovecot config is not very interesting.
[07:29] <pehden> i think i see another typo
[07:29] <pehden> ssl_cert = </etc/postfix/smtpd.cert
[07:29] <pehden> ssl_key = </etc/postfix/smtpd.key
[07:29] <pehden> is the < supposed to be there
[07:30] <twb> pehden: yes
[07:30] <soren> twb: Isn't that just -a /dev/whatever?
[07:31] <twb> soren: that adds it as an active node
[07:31] <twb> At least it did just now when I removed the dead disk and added the first (or two) new ones.
[07:31] <soren> twb: Why?
[07:31] <soren> twb: Oh.
[07:31] <twb> Maybe add is smart enough to make it active if there is a slot for an active one, and a spare if there isn't?
[07:31] <soren> twb: Right, ok. Yes, in that case it'll probably try to reach the same number of replicas as it was created with.
[07:31] <twb> Otherwise I am guessing I need something like mdadm /dev/md0 --grow --spare-devices=1 ?
[07:31] <soren> twb: Yeah.
[07:32] <twb> I'll try just -a'ing it -- worst case is it'll be active and I can remove it again
[07:32] <twb> It made it active :-/
[07:32] <soren> twb: In reality, it's added as a hot-spare, but immediately turned into an active node, because there's a disk missing.
[07:32] <twb> Oops, no it didn't.  I can't read
[07:33] <twb> -a did the right thing -- http://paste.debian.net/175207/
[07:33] <twb> soren: thanks
[07:33] <soren> twb: Sure thing.
[07:44] <pehden> where would dovcot logs be, there not in /var/log
[09:02] <glance> Hi. I would like to automaticly coordinate reboots of cluster-machines. Eg. In a cluster of machines, no two machines may reboot at the same time. If both would like to reboot, eg. after a kernel update, One need to complete its reboot before the other one is allowed to start theres. Anyone bin poking around with this type of stuff before?
[09:03] <ikonia> glance: no idea how you could manage that outside of manually managing the machines
[09:04] <glance> I have some ideas about distributed databases with locks, but that feels just like a whole heap of troubble =)
[09:05] <glance> And, i like my systems to be as hands-off as posible.
[09:06] <ikonia> I can see possible ways of doing it, but as you say it's going to be a massive overkill
[09:06] <glance> I just thought that someone else might have thought about this before =)
[09:07] <ikonia> managing clusters (in my view) will always need some form of manual work needed
[12:43] <hallyn> lynxman: hey, did you have any opinion on bug 1014005 ?  i don't know enough about the various different rom s to know whether we care enough to say no
[12:43] <lynxman> hallyn: oh let me have a look
[12:44] <lynxman> hallyn: well it's definitely wishlist, wouldn't it be extremely hard to do I reckon
[12:44] <hallyn> would there be any reason not to?
[12:46] <lynxman> hallyn: hmm not really, unless its broken somehow (could be)
[12:53] <zul> good morning
[12:53] <zul> how do i configure grub
[13:01] <hallyn> lynxman: thanks
[13:05] <lynxman> zul: :)
[13:25] <hallyn> gary_poster: hey, for the 8+ lucid containers, have you tried running that on something cheaper like m1.xlarge, and it wasn't enough?  (just wondering)
[13:25] <hallyn> (just wondering whether i can save a few bucks :)
[13:32] <hallyn> gary_poster: and if not, which ami did yo use with the cc2.8xlarge?
[13:39] <koolhead17> Daviey, ping
[13:48] <hazmat> hallyn, ping
[13:50] <hallyn> hazmat: .
[13:50] <hazmat> hallyn, greetings, and thank you.. i wanted to ask about the ramifications of unconfined containers and arbitrary package selection causing problems on the host
[13:51] <hazmat> hallyn, the most common use case we use lxc for is basically for people to install on their primary desktop/laptop.. and then their installing and developing charms against fairly random packages.. the scenario i want to avoid is ofc toasting the host.
[13:52] <hazmat> ie. not so much malicious escape, but inadvertant perm changes to the host
[13:52] <hazmat> it wasn't clear to me to what extent the aa profile is helping against that
[13:53] <hazmat> its mostly just functional denial and afaics this is one of the few times we've come up against it directly
[13:55] <hallyn> hazmat: well the aa policy *does* prevent against accidents, but we used lxc for years without aa without worrying too much, or too manya ccidents
[13:55] <stgraber> hallyn: reading your e-mail now (one of these days where I need over an hour to catch up on feeds/e-mails/irc backlog/...)
[13:55] <hallyn> so i don't *expect* anyone to lose data or their host
[13:55] <hallyn> hazmat: there are still other protections, like the devices cgroup
[13:56] <hazmat> hallyn, what sort of ops would entail accidents that AA might prevent?
[13:56] <hallyn> echo b > /proc/sysrq-trigger
[13:56] <hallyn> playing with binfmt-misc module params
[13:56] <hallyn> (installing some qemu packages)
[13:57] <gary_poster> hallyn, I use the big machine because that's what we need for our own tests now, so it's easy.  We saw it on the 4 core hyperthreaded machine I think, but not sure.  I can try to replicate it there too.  AMI: juju handles that for me, but I had some notes on what API to use from before; lemme see if I can figure it out really quickly
[13:58] <hallyn> hazmat: is this what my writing a custom apparmor profile for will help a bit?
[13:58] <hallyn> hazmat: in any case, i dont' think you need to not use lxc just bc you have to disable apparmor
[13:58] <hazmat> hallyn, definitely, i'm just trying to eval if we put this fix in on the short term
[13:58] <hazmat> re custom profile
[13:59] <hazmat> shared fs are going to be a common thing for setting up app charm stacks via lxc
[14:00] <gary_poster> hallyn, here are somewhat old instructions on getting an AMI for the big machine: http://pastebin.ubuntu.com/1049152/
[14:00] <hallyn> hazmat: you can share with bind mounts?
[14:01] <hallyn> gary_poster: thanks
[14:01] <hazmat> hallyn, i think given the current state of juju local provider, which is isn't great, its probably better for us  to leave off on disabling aa  for a few weeks till the next upload..
[14:02] <gary_poster> welcome.  thank you for looking at it.  you want me to try the 4 core/8 hyperthreaded machine and see how to dupe?  Happy to if it helps.
[14:02] <hazmat> hallyn, the goal is that they take what they've done locally and deploy it to public cloud or bare metal without changes.. bind mounts don't really help
[14:02] <stgraber> hazmat: so far I've been recommeding users to copy the default apparmor profile and add the required overrides in there, though anything that is known to be "safe" should find its way into the main profile
[14:02] <hallyn> hazmat: makes sense, thx
[14:03] <stgraber> hazmat: you should also be able to make these mounts from lxc's fstab instead of the fstab inside the container, that'll bypass apparmor
[14:03] <hallyn> stgraber: (this is re the email last night) we just need to provide them with custom rules, and they can have juju always add those
[14:03] <hazmat> hallyn, stgraber that sounds good re custom profile
[14:04] <hallyn> ok i need to go for a bit, bbl
[14:04] <hazmat> hallyn, thanks
[14:04] <hazmat> stgraber, we don't actually know per se what the mounts are when we allocate the container
[14:05] <stgraber> hazmat: right, but the mounts can be allowed per fstype, and if that fstype is "safe" we can even allow it in our default profile
[14:05] <stgraber> hazmat: (the definition of "safe" being whether the container can bypass apparmor restrictions by mounting it)
[14:06] <stgraber> hazmat: in your case, you may want to:
[14:06] <hazmat> stgraber, ic what would that look like
[14:07] <stgraber> 1) cp /etc/apparmor.d/lxc-default /etc/apparmor.d/lxc-default-with-glusterfs
[14:07] <stgraber> 2) edit /etc/apparmor.d/lxc-default-with-glusterfs
[14:07] <Daviey> koolhead17: hey
[14:07] <stgraber>  - change the profile name at the beginning of the file
[14:07] <stgraber>  - add "mount fstype=glusterffs," to the content
[14:07] <stgraber> 3) /etc/init.d/apparmor reload
[14:08] <stgraber> 4) edit your containe config to use lxc.aa_profile = <profile name you put at the beginning of the new file>
[14:09] <stgraber> hazmat: the problem being that you then need to keep our main profile and your alternative profile in sync somehow. I suppose you could script the generation of your profile or simply get us to merge your changes in the main one (we can even SRU these)
[14:10] <hazmat> stgraber, is there an include for a profile?
[14:10] <hazmat> ie. inheritance of some form.. or is that limited to separate policy files
[14:11] <hazmat> its not clear that's really a solution though, it means white listing things on a case by case basis
[14:13] <hazmat> just going through rdepends on a few fuse packages, get's me a list of 84.. http://paste.ubuntu.com/1049175/
[14:13] <stgraber> hazmat: apparmor supports includes but it works like #include in C, so won't help there as it'd include the whole profile including the profile definition
[14:13] <K4k> Are there any alternatives to landscape for managing Ubuntu client systems? I'm trying to get things more organized around here and I've got our Redhat systems managed under Spacewalk but the Ubuntu machines are still unmanaged and I'm relying on "unattended-updates" to ensure machines stay current which is not really an ideal solution for patch vetting.
[14:14] <stgraber> hazmat: let me test this quickly, I'd be surprised that we wouldn't have a way to allow any fuse based filesystem at once
[14:14] <hazmat> stgraber, thanks
[14:14] <stgraber> hazmat: and if there isn't, we can probably convince jjohansen to add one ;) nice thing of being the upstream
[14:15] <hazmat> stgraber, :-)
[14:15] <hazmat> K4k, puppet?
[14:16] <K4k> hazmat: I thought puppet was more for configuration deployment. Does it handle binary deb files as well?
[14:17] <stgraber> hazmat: http://paste.ubuntu.com/1049182/
[14:17] <hazmat> K4k, well you can have it setup to cron a check against installable updates/deltas or report back via any preferred protocol, and then have it install a given set of package updates specific to a release, its quite a bit more fiddling/development than something like landscape, but it can definitely be done.
[14:18] <hazmat> stgraber, perfect
[14:18] <stgraber> hallyn: ^ looks like we should allow fstype=fuse.*, in the default profile. I can't think of any problem with that, do you?
[14:18] <hazmat> stgraber, so the ideal would be just getting that into the default profile
[14:18] <K4k> hazmat: I'll consider that. Thanks. I'm mainly looking for alternatives to save costs but perhaps, if landscape isn't terribly expensive, I could convince management to approve some sort of budget for this.
[14:20] <stgraber> hazmat: yep, I'm working on a few other apparmor profile changes for quantal, will include this one in the set unless hallyn thinks it can be a problem, then this one should be SRUed back to 12.04 with the next batch (in couple of weeks)
[14:21] <hazmat> stgraber, sweet! thanks again
[14:26] <Womkes> Hey guys, I have a windows 7 machine with virtual box and one of my vm's is my Ubuntu workstation (for development and stuff) and I have two bare-metal servers connected to my home network. When I connect through ssh from my Ubuntu vm to these bare-metal server I get a ssh timeout during a session (doesn't have to be idle just happens after a few minutes). I do not have this problem when
[14:26] <Womkes> I connect through ssh from my windows box using putty.
[14:26] <Womkes> Any thoughts why this might happen?
[14:29] <RoyK> Womkes: connecting from the vm to a server should work well. does other types of networking work?
[14:30] <Womkes> yeah no other problems as far as I can tell RoyK
[14:30] <Womkes> The Terminal session to the server just die with this message
[14:31] <Womkes> Timeout, server srv2.bluejay.nl not responding.
[14:31] <Womkes> And when I reconnect the last commands I entered are not in my bash history
[14:31] <RoyK> Womkes: telnet server 22
[14:31] <RoyK> Womkes: just to see if networkingworks
[14:31] <stgraber> hallyn: I think I have a pretty nice improvement for our apparmor config, will put that in a branch so you can have a look
[14:31] <RoyK> Womkes: just to see if networking works
[14:31] <Womkes> When I connect from my Windows 7 PC to the server there is no problem
[14:31] <Womkes> from the ubuntu vm or from my windows box RoyK?
[14:31] <RoyK> from where it doesn't work
[14:32] <RoyK> meaning the ubuntu vm, I guess?
[14:32] <Womkes> yes
[14:32] <Womkes> Ok
[14:32] <Womkes> you want the output pastbinned ?
[14:32] <RoyK> k
[14:32] <Womkes> http://paste.ubuntu.com/1049198/
[14:32] <hallyn> stgraber: sounds good
[14:33] <Womkes> I have of course put 192.168.178.110 srv1.bluejay.nl in my /etc/hosts file
[14:33] <RoyK> Womkes: that means you should be able to ssh there
[14:33] <RoyK> why?
[14:33] <Womkes> Yeah ssh works
[14:33] <Womkes> it just get disconnected
[14:33] <RoyK> ah
[14:33] <Womkes> after a few minutes
[14:34] <RoyK> setup ssh keepalives, then
[14:34] <Womkes> even when the session isn't idle, like in the middle of doing stuff
[14:34] <RoyK> or use bridged networking
[14:34] <Womkes> I tried, but still occurs
[14:34] <Womkes> lemme check if I used bridge in vbox
[14:34] <RoyK> Womkes: ServerAliveInterval 5
[14:34] <arussel> how do you create an ec2 snapshot without lvm installed and with default fs (ie, not xfs) ?
[14:34] <Womkes> Yeah, I use Bridged Adapter in virtual box
[14:34] <RoyK> in $HOME/.ssh/config
[14:35] <RoyK> arussel: you can't
[14:35] <RoyK> arussel: that is, unless amazon lets you do that from their tools
[14:36] <arussel> with lvm I could freeze the fs while doing the backup, but I kind of 'forgot' to install lvm on that one.
[14:36] <Womkes> Ok, I will try RoyK, I think I tried it before though and it didn't work
[14:36] <Womkes> but I put it in /etc/ssh/ssh_config
[14:36] <Womkes> not in ~/.ssh/config
[14:37] <RoyK> arussel: only fs with snapshot support in ubuntu is, afaik, btrfs, and then, zfs, but that's with fuse
[14:37] <RoyK> arussel: lvm snapshots aren't very good - the more snapshots, the slower i/o
[14:37] <RoyK> Womkes: shouldn't matter much
[14:37] <arussel> amazon doc says: 'Some file systems, such as xfs, can freeze and unfreeze activity so a snapshot can be made without unmounting.', but I'm with ext3
[14:38] <arussel> and if I umount, postgres might be pissed off.
[14:38] <RoyK> arussel: stop postgres ;)
[14:38] <RoyK> arussel: and ext3 will probably handle that rather well
[14:38] <RoyK> arussel: a filesystem without a journal will have a harder time, though
[14:41] <RoyK> Womkes: erm - you put that in /etc/ssh/ssh_config on the client or server?
[14:41] <arussel> wasn't lvm by default on previous ami ?
[14:42] <arussel> I don't remember installing it is there on the 10.x
[14:42] <Womkes> on the client
[14:43] <RoyK> ok - that's where it belongs
[14:43] <Womkes> I believe it is /etc/ssh/sshd_config for server and then it is ClientKeepAlive something
[14:43] <Womkes> I tried that also :)
[14:44] <RoyK> Womkes: I haven't used client VMs like that, so I wouldn't know, but all my ssh sessions survive all sorts of gateways with just that line I gave you
[14:44] <arussel> fuck it, I'll redo the volume. Any advice between lvm or xfs ?
[14:44] <Womkes> ok, I have it running now
[14:44] <Womkes> we'll know in a few minutes :)
[14:44] <stgraber> hallyn: lp:~stgraber/ubuntu/quantal/lxc/apparmor-profiles-rework
[14:45] <stgraber> hallyn: I haven't tried a build of the new package but I'm running with these profiles on my machine and they work great
[14:45] <stgraber> hallyn: these should be much easier to customize as /etc/apparmor.d/lxc/* can now just inherit from the main profile, that also greatly simplifies the with-nesting profile
[14:48] <hallyn> (looking)
[14:49] <hallyn> stgraber: looks great
[14:50] <hallyn> stgraber: presumably not SRUable, but perhaps we can put up a wiki page with a script for people to convert to that setup
[14:51] <stgraber> hallyn: yeah, we won't be able to SRU that, though the fstype=fuse.*, stuff is SRUable if you can't think of a reason why it'd be bad allowing it
[14:53] <stgraber> hallyn: when we get the API work and the hooks in a good enough shape and get these uploaded to quantal, I'll probably start maintaining backports of lxc as well as continuing with the srus, that way people can choose whether they want just bugfixes or also new features
[15:03] <hallyn> stgraber: regarding always allowing fuse...  i dunno, it does scare me a little
[15:04] <stgraber> hallyn: I think the potentially dangerous thing is /dev/fuse, not the filesystems themselves and we already allow /dev/fuse
[15:11] <stgraber> hallyn: I'll go ahead and upload these changes including the fuse.* change to quantal. Will rediscuss whether it's safe or not with the next batch of SRUs. I think that if we consider fuse to be risky, we should block it in the ubuntu profile but still allow it in apparmor (so one doesn't need to change their profile if they allow the node in their config)
[15:15] <stgraber> hazmat: FWIW, fuse.* is now allowed in quantal. Making alternate profiles is also much simplified as you can now do it without duplicating the default one
[15:16] <hallyn> stgraber: agreed, given that /dev/fuse is allowed, i must have agonized over it before and decided it was ok :)
[15:17] <hallyn> interestingly i can't reproduce gary_poster's parallel-lxc-start-ephemeral/dnsmasq race on a m1.xlarge.  i wonder if it's a race that needs faster/more cpus
[15:17] <hallyn> (race in dnsmasq is my guess, really)
[15:23] <stgraber> hallyn: apparmor changes uploaded to quantal. Rebased my liblxc+python-lxc branch on that one and uploaded to my ppa for precise and quantal
[15:23] <hallyn> just ppa:stgraber/ppa ?
[15:23] <stgraber> hallyn: ppa:stgraber/experimental
[15:23] <hallyn> ok
[15:24] <stgraber> I'm still running precise on my laptop but like to have the new shiny lxc with python-lxc support ;)
[15:29] <grendal-prime> i use to be able to change wich physical interface was atached to wich eth device in 10.04 with the /etc/udev.rules/70-persistent-net  file..how do i do that with 12.04
[15:31] <patdk-wk> same way?
[15:35] <grendal-prime> ya but there is nothing in there.
[15:40] <patdk-wk> yep, hmm
[15:41] <grendal-prime> i mean it currently has to be stored somewhere
[15:41]  * patdk-wk tests
[15:42] <pteixeira> hello! i need to run the vmbuidler command from a web application (takes the info related to the packages to be installed from the web application and uses vmbuilder to create the VM image), but i need sudo permissions to run it.. is there a way to overrun this or is it simply not possible?
[15:42] <pteixeira> (jeos and vmbuilder page redirected me here, dont know if this is the right place...)
[15:43] <grendal-prime> it seems to me that the 75-persistent-net-generator.rules does not run automatically anymore
[15:44] <grendal-prime> pteixeira, ya the www-data user having sudo privilages may not be good..you may want to just make your script sudo
[15:44] <hazmat> stgraber, nice
[15:44] <grendal-prime> meaning making it the one script that that particular user has sudo access to.
[15:46] <hallyn> stgraber: syslog corruption...  what do you think?  do we continue to put up with it until after user namespaces are complete?  (preferable from a dev point of view, not from user pov)
[15:46] <hallyn> (but only not preferable from user pov if we can get a real fix in :)
[15:46] <pteixeira> grendal-prime, thanks! i didnt even know that was possible :)
[15:49] <grendal-prime> pteixeira,  np here
[15:49] <grendal-prime> http://www.cyberciti.biz/tips/allow-a-normal-user-to-run-commands-as-root.html
[15:49] <pteixeira> thank you very much :)
[15:50] <stgraber> hallyn: that doesn't sound like an easily fixable thing so I don't think it's worth risking delaying the user namespaces work for it, especially as it's really just annoying, it's not dangerous.
[15:50] <grendal-prime> well shucks...ill tell ya what you can repay me by marrying my sister (The ugly one).
[15:51] <hallyn> the biggest reason it's not 'easily' fixable is that it still isn't clear which namespace should own the syslog ns :)  (or how to control unsharing it)
[15:51] <grendal-prime> in my country that is the honorable way to repay such a debt.
[15:51] <gary_poster> hallyn, I saw your comments about not being able to dupe.  Weird.  I'm going to try making a fresh ec2 instance with nothing else on it.  I'll try both the sizes you did.
[15:51] <hallyn> gary_poster: thanks.  i tried your exact commands from the bug report...
[15:52] <hallyn> oh maybe  i did just reproduce it
[15:52] <gary_poster> hallyn, yeah, I figured you did.  They worked for me.  Maybe the fact that I had used the system quite a bit before affected it.  I'll report back.  thanks again.
[15:53] <gary_poster> I mean I figured you tried the exact commands.  but if you did just repro, yay!
[15:53] <patdk-wk> grendal-prime, I just tested it, using udev/rules.d/70-persistent-net works fine
[15:54] <patdk-wk> it's just not auto-filled anymore
[15:54] <hallyn> gary_poster: yeah.  so the bear is going to be writing a script to figure out which container doesn't yet have an address :)
[15:54] <grendal-prime> ok so is there anyway to initally have it grabe whats there so i can just move around what it found?
[15:54] <hallyn> dhclient3 didn't start until after the 3 mins, so the q is did the first one die, or did something wait for 3 mins
[15:55] <hallyn> i'm going to blame udev
[15:55] <gary_poster> :-)
[15:56] <grendal-prime> patdk-wk, i tried to fire off the 75-persisant-net-generator script but i got to mess with the perms to do that. (no Xecute)
[15:56] <grendal-prime> or execute it with bash..
[15:56] <grendal-prime> but ...well it doesnt seem to do what i want
[15:58] <grendal-prime> and it just pukes a buch of errors.
[15:58] <gary_poster> hallyn, should I bother continuing to spin up ec2 instances or is that moot since you duped?
[15:58] <grendal-prime> starting with 75-net-description.rules: line 4: SUBSYSTEM!=net,: command not found
[15:59] <hallyn> gary_poster: moot - thanks
[15:59] <gary_poster> cool
[15:59] <hallyn> i'm going to try with separate containers
[16:00] <hallyn> (still i'm pretty sure the problem is udev pauses and the containers don't get an eth0 to run dhcp on )
[16:21] <smoser> roaksoax, i suspect this is magically all working...
[16:21] <smoser> but can you verify that the maas/cobbler pxe install path uses
[16:21] <smoser>  http://www.syslinux.org/wiki/index.php/SYSLINUX#IPAPPEND_flag_val_.5BPXELINUX_only.5D
[16:22] <smoser> ie, that pxelinux appends "BOOTIF=" for us? and then the installer (if given 'auto' for the netcfg/choose_interface uses that)?
[16:24] <grendal-prime> this kinda blows..alot
[16:24] <grendal-prime> i just want to change the order of these damn interfaces
[16:41] <adam_g> zul: what are we waiting on specifically, wrt nova hitting -proposed?
[16:48] <stgraber> hallyn: http://paste.ubuntu.com/1049431/ <- unicode works fine in python3-lxc + liblxc now (though utf-8 is hardcoded, so I'd expect it to explode quite badly if using another encoding)
[16:56] <hallyn> stgraber: excellent, i can start my ki-ich, ki-ni, and ki-san containers now
[16:58] <hallyn> stgraber: do you know offhand of a rate limit imposed by either udevd or the kernel's uevent subsystem?
[17:02] <hallyn> feh, i suppose kernel could just be running out of memory for th euevents
 a per-container syslog woudl sure be helpful ehre :)
[17:07] <hallyn> gary_poster: is the given workaround (disable udevam trigger) worakble for you?  (set that up in the initial lucid container, and it gets copied into the pehemeral ones)
[17:07] <hallyn> gary_poster: i don't knwo whether (a) udev in container is failing to allocate a netlink socket and then timing out,
[17:08] <hallyn> (b) kernel is failing to allocate memory for some events (can certainly happen), or (c) kernel or userspace is just throttling
[17:08] <hallyn> i'm guessing a.  in any case, i prefer to ignore it and move to other stuff, if the workaround works for you
[17:09] <jjohansen> hazmat: I'd like to get some more info from you on how you would like to extend apparmor profiles
[17:10] <gary_poster> hazmat completely understood that you want to move on.  I'll give it a try and report back.  What would be symptoms of it not working?
[17:10] <hallyn> gary_poster: it works (i tried it), i meant - is it doable for you to modifiy the initial container every time
[17:10] <hazmat> jjohansen, so with the change to allow fuse in the default its not clear we need to.  but if we do need to customize it, the ideal scenario is that we can include the default and override the relevant bits
[17:10] <stgraber> jjohansen: not sure if you saw my lxc upload to quantal but I moved most of our apparmor profiles around ;) basically adding two entries in /etc/apparmor.d/abstractions that are then included in usr.bin.lxc-start, lxc-default and lxc-default-with-nesting. This now allows people to "inherit" from our implementation and removes the need for copy/pasting everything
[17:11] <jjohansen> stgraber: right
[17:11] <hallyn> stgraber: which is of course what i always wanted to do :)  just hadn't gotten around to it
[17:11] <hallyn> stgraber: we might even introduce a lxc-set-profile -n containername script,
[17:12] <hallyn> which just creates a new empty profile, sets the config to use that, and then the user can go hack from there.  small improvement, but at the same time huge usability improvement i think
[17:12] <jjohansen> hazmat: right I understand what you want, let me rephrase I am looking for ideas/visions of how you would like to see it function.
[17:12] <Plizzo> My Ubuntu Server has been disconnected from the network for some hours, and now that I plugged it back in it only gets an IPv6 address, and no IPv4 one. This means I cannot access it properly, what do I do?
[17:12] <gary_poster> hallyn, oh, ok.  Yeah, we do surgery for various other issues already.  Thanks!  I'll report back on the bug after I have a bit of experience with it, to make sure it works for us
[17:12] <hallyn> btw can i just say, for all the wanting lxc-devel to stick around, there's not a lot of review there!  <grumpy>
[17:13] <hallyn> gary_poster: awesome, thanks.  ttyl
[17:13] <gary_poster> ttyl
[17:13] <stgraber> hallyn: sounds useful indeed. I've been helping quite a few folks do the copy/pasting, reloading, lxc.aa_profile stuff and it's getting a bit boring having to copy/paste the same instructions over and over again ;)
[17:14] <jjohansen> stgraber: I can imagine :)
[17:14] <hallyn> heh
[17:15] <jjohansen> stgraber, hallyn: same basic question applies to you too. If you have ideas on extending the language to make this easier lmk
[17:16] <hallyn> jjohansen: well, the per-fs thin would be very useful.  i.e "deny write to sysrq-trigger on any procfs".  i relize that's more than a language change :)
[17:17] <jjohansen> hallyn: yeah I am working on that
[17:17] <hallyn> jjohansen: great :)
[17:17] <hallyn> for instance, debootstrap isn't allowed bc of that :(
[17:18] <hallyn> anyway, dont' know that i have anything more.  (back to hackhackhack)
[17:18] <Plizzo> How can I force my server not to accept an ipv6 address?
[17:18] <Plizzo> Or atleast to obtain an ipv4 one
[17:18] <Plizzo> Like it used to
[17:20] <RoyK> Plizzo: ipv6 should work by default with address discovery
[17:20] <RoyK> Plizzo: ipv4 can be set manually or by dhcp/bootp  in /etc/network/interfaces
[17:20] <Plizzo> RoyK: IPv6 is working, but for some reason my server is not getting an IPv4 address
[17:20] <RoyK> do you have dhcp around?
[17:20] <Plizzo> RoyK: My router is set to give my server a static IPv4 address, and the server is the only computer which obtains IPv6
[17:21] <Plizzo> RoyK: It's always been getting the same IPv4 one until now
[17:21] <hazmat> jjohansen, so std include statement should work fine to grab a definition, and then a stanza prefix/statement to specify an override/modification block over an existing entity (program, profile, etc)
[17:21] <RoyK> then your router is probably having a fit
[17:22] <hazmat> so something like @override\n profile lxc-container-default  { deny /dev/zero }
[17:24] <jjohansen> hazmat: okay thanks
[17:33] <stgraber> hallyn: just looked at my bug mail, does that mean that gary_poster's bug doesn't happen with >=precise containers?
[17:33] <hallyn> stgraber: right
[17:34] <hallyn> stgraber: which is why i had assumed it would turn out to be udev :)
[17:39] <hallyn> stgraber: where is your bzr tree for the lxc api now?  i'll make my destroy/create changes against that
[17:40] <stgraber> hallyn: lp:~stgraber/ubuntu/quantal/lxc/lxc-api-and-python
[17:41] <stgraber> hallyn: actually, are you part of the ubuntu-lxc team?
[17:41] <stgraber> because I guess it'd make sense to just share that branch for now instead of branching/merging for every little bits
[17:43] <arussel> is it a problem for xfs_freeze if a subdirectory is used as mount point ?
[17:43] <stgraber> hallyn: now at lp:~ubuntu-lxc/ubuntu/quantal/lxc/lxc-api-and-python and I added you to ~ubuntu-lxc so you can directly push to it
[17:43] <stgraber> hallyn: the liblxc changes are in the last quilt patch, so you can simply update the files and refresh the patch
[17:44] <stgraber> no need to create any more patches at this time
[17:44] <roaksoax> smoser: we don't specify bootif=XYZ
[17:45] <roaksoax> smoser: but we do have ksdevice=bootif
[17:45] <smoser> roaksoax, i think we end up specifying BOOTIF=
[17:45] <smoser> as it seemed our pxelinux (in grepping cobbler) hyas 'ipappend 2'
[17:46] <roaksoax> smoser: http://pastebin.ubuntu.com/1049530/ we don't specify a bootif=XYZ
[17:46] <hallyn> stgraber: do you think lxc-destroy should now be deleting custom profiles?
[17:46] <hallyn> maybe best not...  but hate to have those proliferate too much
[17:46] <roaksoax> smoser: but in this one we specify ksdevice=bootif
[17:47] <roaksoax> smoser: http://pastebin.ubuntu.com/1049531/
[17:47] <smoser> roaksoax, we dont specify bootif=
[17:47] <smoser> we specify ipappedn 2
[17:47] <hallyn> stgraber: thanks  (i'd have ben happy doing merge proposals :)
[17:48] <stgraber> hallyn: unless we decide to always have one profile per container which IIRC we said wasn't a good idea, we probably shouldn't be removing them. At some point it might be interesting to detect unused profiles and show the list at the end of lxc-destroy
[17:48] <roaksoax> smoser: right we do
[17:48] <roaksoax> smoser: i think those don't really apply to Ubuntu though as they are for anaconda...
[17:49] <hallyn> stgraber: yeah, a purge command shouldn't be too hard.  look for all profiles not mentioned in a config, and query the user one at a time.  anyway, later.
[17:49] <stgraber> hallyn: and will be even easier to do in python ;)
[17:49] <roaksoax> smoser: though, I just found this: https://bugs.launchpad.net/ubuntu/+source/casper/+bug/923219
[17:50] <roaksoax> smoser: so yes, it should be using the bootif for the installer if netcfg/choose_interface=auto
[17:50] <hallyn> stgraber: lp:~serge-hallyn/ubuntu/quantal/lxc/lxc-aa-custom-profile adds a lxc-aa-custom-profile, works for me
[17:51] <hallyn> lunch, bbl
[17:51] <smoser> which magically makes BOOTIF= appear on the linux command line
[17:51] <smoser> roaksoax, ^
[17:52] <stgraber> hallyn: ok, having a look and will merge in lp:ubuntu/quantal/lxc if it looks good (and then rebase my lxc-api-and-python branch on the main branch)
[17:52] <hallyn> stgraber: i'm not sure it's worth a separate commit, was thinking we'd just queue it in ubuntu:lxc until a more important one
[17:52] <stgraber> hallyn: (oh yeah, you might have to use "bzr pull --overwrite" with lxc-api-and-python from time to time as I rebase it on the main quantal branch whenever something lands)
[17:52] <hallyn> then again, you've done more of the tedious repetition than i have (explaining how to do it) :)
[17:52] <stgraber> hallyn: yeah, I'd merge it but not upload it
[17:52] <hallyn> ok
[18:00] <roaksoax> smoser: bootif=XYZ
[18:00] <roaksoax> smoser: so my guess is that ipappend 2 adds bootif=XYZ as a kernel param on runtime rather than in the file itself?
[18:00] <smoser> roaksoax, right.
[18:01] <smoser> its magic/genius pxelinux. and it appears that our whole stack uses it for automated install.
[18:01] <smoser> really clever idea from pxelinux to do that. it basically passes the interface that it booted from up to linux.
[18:02] <roaksoax> smoser: indeed, which really make sense
[18:05] <smoser> SpamapS, if you wanted to think about https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1015223
[18:05] <smoser> i'd appreciate it.
[18:12] <SpamapS> smoser: reading
[18:29] <matt_keys> I had a 250gb sata disk running 10.04 and replaced it with a 120gb ssd running 12.04. My kvm images are now on sdb3, how do I move them into sda3?
[18:39] <RoyK> matt_keys: they're normally under /var/lib/libvirt/images
[18:39] <RoyK> just files
[18:40] <miceiken> okay this is weird
[18:40] <miceiken> insserv is installed, but when I use it it says command not found
[18:40] <RoyK> matt_keys: the vm config is under /etc/libvirt/qemu - you might want to move them over as well
[18:49] <Aaton> anyone having problems with 12.04 LTS not rebooting when your doing a network install?
[18:49] <fraterm> matt_keys, if you have any good references for configuring those Virtual Machines networking statically I'd like to pick your brain.
[18:50] <matt_keys> RoyK : I've got sdb3 mounted on /sdb, so I recursive copied /sdb/var/lib/libvirt/* and /sdb/etc/libvirt/ , but they're not showing up in virt-manager
[18:50] <fraterm> permissions I bet.
[18:50] <Aaton> the debian-installer seems to be caught in a loop. if I have a preseed/late_command it will try to run it twice but fails the second time since /target is unmounted
[18:50] <matt_keys> fraterm : worked for me just configuring static since they're bridged.
[18:51] <fraterm> matt_keys, are all of your VMs ubuntu ones?
[18:52] <roaksoax> Aaton: afaik you can only have 1 late_command in the preseed
[18:52] <fraterm> I only have one and it's a centos 6.2 beasty.
[18:52] <matt_keys> RoyK : I do see the volumes on the storage screen, though.
[18:52] <RoyK> matt_keys: restarted libvirt?
[18:52] <matt_keys> RoyK : ahh... one sec.
[18:53] <Aaton> roaksoax: yep I have only one.
[18:54] <Aaton> I get a dialog box about the machine rebooting but it then tries the late_command again instead
[18:55] <matt_keys> RoyK : restarted qemu-kvm and libvirt-bin both, still not there
[18:55] <matt_keys> fraterm : not all of them. I have centos 6.2 ones too.
[18:55] <fraterm> I must have a squirrelled up resolv.conf I suspect.
[18:55] <matt_keys> fraterm : dns keep getting wiped?
[18:56] <fraterm> /etc/resolv.conf is there.
[18:57] <roaksoax> Aaton: how are you running your late_command?
[18:57] <Aaton> d-i preseed/late_command string wget -Y off -P /target http://10.X.Y.Z/d-i/precise/late_command.sh ; chmod +x /target/late_command.sh ; chroot /target/ /bin/bash /late_command.sh
[18:58] <Aaton> it works. and completes the commands I have inside it.
[18:58] <roaksoax> Aaton: I think you should do it like this:
[18:58] <matt_keys> fraterm : I've seen network manager wipe out the static dns settings... you have to set a few things in ifcfg-eth0 to keep it from doing that
[18:59] <fraterm> basically broken network configuration here I think then.
[18:59] <fraterm> it´s that networks are unreachable.
[18:59] <roaksoax> d-i preseed/late_command in-target sh -C 'wget http://10.X.Y.Z/d-i/precise/late_command.sh; etc etc etc'
[19:00]  * fraterm turns off NM_CONTROLLED
[19:00] <roaksoax> Aaton: or similar, but you need to use in-target so that it does stuff in the targe
[19:00] <roaksoax> Aaton: it is probably because of the way you are doing it that it fails
[19:00] <Aaton> roaksoax: ok I'll give that a try
[19:01] <roaksoax> fraterm: man resolvconf will tell you how to set static dns
[19:02] <fraterm> I dunno that it's resolvers.
[19:02] <Aaton> will it use the wget that is in busybox or the wget in /target. I have to make sure it doesn't try to use the proxy I'm behind.
[19:03] <roaksoax> Aaton: in-target
[19:03] <roaksoax> Aaton: that's why you use the in-target
[19:03] <fraterm> I can ssh in to the machine over the bridged network, I can't ping anything outside of my subnet from within the machine.  I can ssh out to machines inside my subnet.
[19:03] <matt_keys> fraterm : http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s1-networkscripts-interfaces.html . you'll want to use PEERDNS=yes, then DNS1=8.8.8.8 DNS2=8.8.4.4
[19:04] <fraterm> I´m behind a proxy though.
[19:04] <fraterm> But I will give that a look.
[19:04] <matt_keys> fraterm : unless you're restricting icmp out, proxy shouldn't interfere with it... just http/https traffic
[19:05] <fraterm> But I should still be able to ping X host in a different network... I bet I have a gateway or netmask or other setting a bit off.
[19:06] <matt_keys> fraterm : can you ping internal network hosts?
[19:07] <fraterm> matt_keys, certain ones yes
[19:07] <fraterm> my host vm IP address, and one host that is in our subnet.
[19:08] <fraterm> dns no, gateway...
[19:09] <matt_keys> fraterm : traceroute 8.8.8.8
[19:09] <fraterm> can ping the gateway... hurmph
[19:09] <matt_keys> where does it stop?
[19:09] <fraterm> installing traceroute would help.
[19:10] <fraterm> matt_keys, no more assistance til I get some good debugging tools though.
[19:10] <fraterm> I don´t want to waste your time with this.
[19:10] <matt_keys> np
[19:10] <matt_keys> still trying to figure out why i can't see my vms :p
[19:11] <matt_keys> brb
[19:11] <fraterm> I had a big problem with 12.04 recognising my ability to alter the configuration to use the bridge.
[19:11] <fraterm> Until I did it as root.
[19:12] <fraterm> the virtual machine manager gui isn't able to alter that setting unless you have the VM "powered off" as well... and as a normal user it doesn't alter the parameter for the network away from using NAT.
[19:19] <axisys> HP DL380 would be a good server to run mysql? I have about 20GB worth of ibdata with one table with 6 million transactions and another for 1 million.. running RT
[19:22] <rockets> Here's a silly question: How does Ubuntu pick which version of a package to install, if I have multiple apt repositories in my sources.list that contain that package? Does it just pick the newest one?
[19:29] <ikonia> rockets: if you don't have pinning setup, pretty much yes
[19:36] <rockets> Thanks ikonia
[19:47] <K4k> When creating an install disk with a ks.cfg file. Is it possible in the %packages section to somehow tell the system to install all normal packages and then just specify the individual packages you specifically need to apt-get install in addition?
[19:47] <muszek> hi... I'm running Nginx and PHP on my computer.  Today update manager told me there's a few php5* packages to be upgraded.  But along with this upgrade it wants to install a bunch of Apache packages... I don't run apache and don't want it installed... what gives?
[20:20] <smoser> SpamapS, that bug make sense? the same basic issue is present in failsafe.conf
[20:21] <SpamapS> smoser: totally makes sense
[20:21] <SpamapS> smoser: seems like that shouldn't be on the console
[20:21] <smoser> is there a way to gracefully be terminated? so that init would'nt output such a scary message?
[20:21] <SpamapS> seems like it should be lowered to 'info' priority. Who cares about the TERM?
[20:21] <SpamapS> it is being "gracefully" terminated
[20:21] <SpamapS> by upstart is all
[20:22] <SpamapS> smoser: anyway, I'm running off to lunch, bbiab. Agreed that it should be solved. Not sure exactly how though.
[20:22] <SpamapS> smoser: IMO thats a bug in upstart
[20:22] <smoser> yeah, i agree.
[20:23] <smoser> fwiw, SpamapS you have mixed tabs and space in failsafe.conf
[20:23] <matt_keys> back, can't remember who I was helping earlier
[20:32] <arussel> I've configured postfix to forward mail to an smtp server following: https://help.ubuntu.com/community/GmailPostfixFetchmail I'm not using gmail as a server, but I've  been using my own mail server
[20:32] <arussel> when I test the setting with "sendmail -bv me@gmail.com"
[20:33] <arussel> I don't have any error but I get the message "Mail Delivery Status Report will be mailed to <ubuntu>."
[20:33] <arussel> and ubuntu does get a mail in its mailbox on the server
[20:34] <arussel> telling that delivery to was OK
[20:34] <arussel> the problme is I've got nothing in my mailbox at gmail.
[20:34] <arussel> Where should I start looking to fix this ?
[20:35] <derpyderp> hi! is it normal that i get the message "--libvirt command not found; --addpkg command not found" when trying to run the vmbuilder command in the jeos-and-vmbuilder page? i can boot the image and login, but there are no packages created, i dont have grub and apparently nothing on he disk...
[20:36] <Aaton> roaksoax: tried your preseed/late_command method. it did not fix the problem I was having where the debian-installer does not reboot. d-i finished the late_command and then tried to reboot but doesn't. then runs the late_command again which fails.
[20:37] <Aaton> have to cold reboot the system
[20:43] <derpyderp> anyone?
[20:44] <miceiken> Hi.
[20:44] <miceiken> Virtual packages like 'gitosis' can't be removed <- what does this mean? how do I remove it
[20:45] <lifeless> you can't, because its not installed
[20:45] <lifeless> some other package is installed, which is providing it.
[20:45] <lifeless> This is crazy UI wise, sure, but it is what it is :)
[20:47] <miceiken> ah thanks lifeless
[20:47] <miceiken> while i have you here
[20:47] <miceiken> insserv is installed, but when I use it it says command not found
[20:49] <derpyderp> let me rephrase my question: i need to create custom VM images, and im trying to do so via the bash script provided in the JeOS and vmbuilder page in the ubuntu website. however, i get three error messages when the process is complete: --libvirt =qemu:///system command not found, --addpkg command not found, --addpkg command not found" :|
[20:51] <derpyderp> actually it says "--libvirt=qemu:///system: No such file or location", plus the other two --addpkg command not found, my bad
[20:55] <roaksoax> Aaton: is it possible for you to show me the syslog of the installtion process?
[21:01] <Aaton> roaksoax: sure once the system comes back up I'll grab it from /var/log/installer/syslog
[21:41] <hallyn> stgraber: d'oh, src/lxc/tests is empty in your bzr branch :)
[21:41] <hallyn> stgraber: and IIUC lxclock.h and lxccontainer.h will no longer be exported to /usr/include/lxc
[21:42] <stgraber> hallyn: what?
[21:42] <hallyn> nm, i'm an idiot
[21:42] <stgraber> root@python-lxc:~/lxc-api-and-python# ls src/tests/
[21:42] <stgraber> containertests.c  locktests.c  Makefile.am  startone.c
[21:42] <hallyn> (quilt patches were not applied)
[21:43] <stgraber> oh yeah, you need to fight with quilt as usual ;)
[21:43] <hallyn> well it seems like policy has changed - i thought bzr used to keep the patches applied <shrug>
[21:43] <stgraber> I usually fight until the point where "bzr st" looks reasonable, then look at the code ;)
[21:43] <stgraber> well, they definitely are applied in the branch
[21:43] <stgraber> root@python-lxc:~/lxc-api-and-python# bzr revno
[21:43] <stgraber> 120
[21:43] <stgraber> root@python-lxc:~/lxc-api-and-python# bzr st
[21:43] <stgraber> root@python-lxc:~/lxc-api-and-python#
[21:44] <hallyn> really???  try a clean fetch
[21:44] <hallyn> bzr branch lp:~ubuntu-lxc/ubuntu/quantal/lxc/lxc-api-and-python
[21:44] <hallyn> cd lxc-api-and-python; quilt ap
[21:46] <stgraber> hallyn: hmm, let me try to convince LP that what I have locally is right :)
[21:47] <stgraber> hallyn: gah, my bad, didn't push at the right place, that's why it's all broken...
[21:47] <stgraber> hallyn: should be good now
[21:47] <hallyn> i should re-fetch?
[21:47] <stgraber> yeah
[21:47] <hallyn> i'll wait until i finish writing my testcase and then just copy that over
[21:47] <hallyn> thanks
[21:49] <stgraber> >>> test.start(cmd=["/sbin/init", "--debug"])
[21:49] <stgraber> True
[21:49] <stgraber> hallyn: ^ I have support for the *args => char** in my local branch now too
[21:50] <stgraber> hallyn: still need to fix the refcounting/memory management part of that hack though :)
[21:51] <hallyn> stgraber: cool
[21:56] <hallyn> stgraber: I'm going to suggest that container->destroy() doesn't need to try and stop the container, that is, it'll jsut fail if the container is running, and caller can sto pit if need be?
[21:56] <hallyn> (lemme know if you disagree)
[21:56] <stgraber> hallyn: that's what my python function does at the moment (throw an exception if the container is running), so WFM
[21:57] <hallyn> great
[22:16] <stgraber> hallyn: just checking, the container name is mandatory and can't be set after lxc_container_new()?
[22:18] <hallyn> stgraber: correct
[22:18] <hallyn> idea would be to use lxc-clone to get one with a new name
[22:18] <hallyn> of course, you can cheat and just set c->name :)
[22:18] <hallyn> why do you ask?
[22:18] <hallyn> destroytest passed, yay.  now the tough part, create :)
[22:19] <hallyn> stgraber: do you think it should b set-able?
[22:20] <hallyn> (this of course shoudl be reminding me that we need clone still...  but i'll wait until someone asks for it)
[22:20] <stgraber> hallyn: wanted to check that my current implementation of .name being read/only was correct and for some reason I don't currently enforce a name to be passed to Container(), fixing that now
[22:28] <blendedbychris> cna i resize a partition of a drive that is mounted?
[22:33] <hallyn> stgraber: what did you think about whether c->create(c) should save the config to disk?
[22:33] <hallyn> i suppose it should
[22:34] <stgraber> hallyn: I just pushed a small debian/rules change to match your introduction of another test binary and I also pushed an update python binding including the switch to the new liblxc destroy()
[22:35] <stgraber> hallyn: I think it'd make sense for it to save the current config yeah
[22:35] <stgraber> hallyn: so I guess you'll need to implement save_config() first ;)
[22:38] <hallyn> drat
[22:41] <stgraber> >>> test.destroy()
[22:41] <stgraber> lxc_container: No such file or directory - failed to open freezer for 'test'
[22:41] <stgraber> False
[22:41] <stgraber> hallyn: ^ did I miss something?
[22:43] <stgraber> hallyn: oh, my bad ;) wrong mapping
[22:43] <hallyn> phew
[22:43] <stgraber> works fine now ;)
[22:55] <stiv2k> i am having problems with ecryptfs
[22:55] <stiv2k> trying to run ecryptfs-umount-private
[22:55] <stiv2k> i keep getting this
[22:55] <stiv2k> fopen: No such file or directory
[22:55] <stiv2k> fopen: No such file or directory
[22:55] <stiv2k> Cannot chdir into mountpoint.
[22:56] <stiv2k> any idea?
[23:06] <tyhicks> stiv2k: Lets get the obvious question out of the way first... is your ~/Private directory actually mounted?
[23:06] <tyhicks> stiv2k: Take a look at /proc/mounts to verify that it is currently mounted.
[23:10] <AceFace> hello all!
[23:10] <AceFace> im looking for help configuring a startup script, would anyone be willing to help?
[23:20] <SpamapS> AceFace: can you be more specific?
[23:21] <stiv2k> tyhicks i fixed it
[23:21] <tyhicks> stiv2k: good to hear
[23:21] <stiv2k> tyhicks i was running the command as sudo when i shouldnt have been
[23:22] <stiv2k> tyhicks i had to uninstall and disable the encryption because the web site hosted on that user's account would only work when he was logged in
[23:22] <stiv2k> otherwise it couldnt see any of the files
[23:22] <AceFace> SpamapS:
[23:22] <AceFace> SpamapS: sure
[23:22] <AceFace> i have a script that i want to execute at bootup (script located here: http://pastebin.com/hxk4fwVD ) and this script is supposed start a service called connection manager (binaries located here: http://download.igniterealtime.org/connectionmanager/connection_manager_3_6_3.tar.gz ) so i extracted the folder "connection_manager" to /opt , to see directory structure please look inside the tarball. ive tried a few things and i just cant make the scri
[23:23] <SpamapS> AceFace: chopped at 'just cant make the scri'
[23:23] <tyhicks> stiv2k: Right. You've got to enter some type of secret to provide an encryption key.
[23:24] <tyhicks> (the login password decrypts the encryption key, in this case)
[23:24] <AceFace> ive tried a few things and i just cant make the script start at bootup. does anyone have any suggestions?
[23:25] <SpamapS> AceFace: you don't say what you've tried
[23:27] <AceFace> ok, ive tried copying the script located at /opt/connection_manager/bin/cmanager.sh to /etc/init.d/conmgr.sh
[23:27] <SpamapS> AceFace: the simplest thing would probably be to make an upstart job.. http://paste.ubuntu.com/1050091/ .. put that in /etc/init/cmanager.conf ..
[23:27] <AceFace> then doing sudo chmod +x /etc/init.d/conmgr.sh
[23:27] <SpamapS> AceFace: init.d's shouldn't have .sh suffixes
[23:28] <SpamapS> AceFace: they also need to take start/stop arguments
[23:28] <AceFace> oh...
[23:28] <AceFace> shows how much i know! haha
[23:28] <rockets> Is the final version of server 12.10 going to have apache 2.4?
[23:28] <AceFace> i will try your given paste and report back in a few minutes
[23:28] <SpamapS> AceFace: this is actually better http://paste.ubuntu.com/1050095/
[23:30] <AceFace> SpamapS: what the difference between adding "post-start" and not?
[23:33] <AceFace> SpamapS: please take a look, is this what you mean?: http://img.ctrlv.in/4fe10c29022c9.jpg
[23:33] <SpamapS> AceFace: first one is just a bit more "hacky" .. the second one will work more reliably if you, say, go to single user mode and come back
[23:34] <SpamapS> AceFace: yes that screenshot looks good
[23:34] <SpamapS> well except the theme on those windows.. ;)
[23:34] <SpamapS> that looks like a prison
[23:35] <AceFace> then after making /etc/init/cmgr.conf i then can reboot and expect the "conf" script to start /opt/connection_manager/bin/cmanager.sh ?
[23:36] <AceFace> well, the workstations in the office are all MS windows, whereas the server rack is ubuntuserver located in a locked room
[23:36] <AceFace> so i putty into the rack...
[23:37] <SpamapS> AceFace: yeah should work fine
[23:39] <SpamapS> \o/
[23:39] <SpamapS> Openstack summit in San Diego
[23:39] <SpamapS> *woot*
[23:40] <AceFace> SpamapS: i really appreciate your help, but the service doesnt seem to start
[23:40] <AceFace> do i have to chmod +x the /etc/init/cmgr.conf ?
[23:44] <AceFace> if you look here http://pastebin.com/wWskn4MW i have to normally cd /opt/connection_manager/bin/ and then do ./cmanager.sh to make the program work
[23:45] <SpamapS> AceFace: no
[23:46] <SpamapS> AceFace: ahh, add a new line    chdir /opt/connection_manager/bin
[23:47] <AceFace> ok, me being new to linux, i figured i  needed to make the script change paths, but i didnt know what to say to explain such a thing
[23:47] <AceFace> i will try it
[23:49] <AceFace> SpamapS: !!! SUCCESS!!!!
[23:49] <AceFace> thank you very very much
[23:52] <AceFace> i would paypal you a couple bucks to show my appreciation
[23:52] <AceFace> but i guess thats a practice usually frowned upon