/srv/irclogs.ubuntu.com/2012/06/20/#ubuntu-server.txt

uvirtbotNew bug: #1015348 in openssh (main) "openssh-server package does not start sshd on a live CD boot" [Undecided,New] https://launchpad.net/bugs/101534800:05
uvirtbotNew bug: #1015350 in openvpn (main) "openvpn connection start successfully, and fail in ~ 2 minutes" [Undecided,New] https://launchpad.net/bugs/101535000:21
=== Aaton is now known as Aaton_off
uvirtbotNew bug: #1015359 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 1015337)" [Undecided,New] https://launchpad.net/bugs/101535901:16
uvirtbotNew bug: #1015361 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1, fails to install and uninstall. i believe i have been attacked, also getting system error notifications" [Undecided,New] https://launchpad.net/bugs/101536101:30
erichammondutlemming, smoser: I'm starting to use AWS CloudFormation but it looks like the Ubuntu AMIs do not include the cf-* command line tools for startup hooks.  Are there plans to add these or should I submit a request through launchpad?01:48
agc93on a default 12.04 x64 installation, what gets stored in /srv/ ?01:49
erichammondagc93: Based on the spec (and my experience with 12.04) I believe /srv/ should be empty by default.  It's there for the stuff that the end user wants to store on the server.01:51
agc93sweet. And where are OpenLDAP schemas stored by default? I'm having trouble finding it in the docs01:51
agc93wait, nevermind I think its in /etc/ldap01:52
erichammondhttp://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/srv.html01:52
erichammondsounds like distros are allowed to put things in /srv/ but I haven't seen Ubuntu do it on the base installs.01:54
patdk-laphmm, something I installed used that01:54
patdk-lapthink it was one of the tftp servers01:54
twberichammond: Debian policy compliant packages MUST NOT place any files in /srv02:02
patdk-lapwhat about making folders?02:03
patdk-laptftp used to make /srv/tftpboot02:03
patdk-lapcan't remember if that is new, or old02:03
patdk-lapas I still use /var/lib/tftpboot02:03
twbI think it's allowed if you do it in the postinst02:03
patdk-lapI just remember taking awhile figuring out why /var/lib/tftpboot wouldn't work :)02:04
agc93if you needed to (dont ask why, its an odd setup), you could always symlink /var/lib/whatever to /srv/whatever couldnt you?02:06
twbagc93: he just hadn't diagnosed the issue at the time02:07
patdk-lapI could have02:07
patdk-lapbut I just edited /etc/default/tftpd02:07
agc93yeah, i meant hypothetically. You were saying packages aren't allowed to install in there, but if I wanted something in there, i could symlink it couldnt I?02:07
twbagc93: packages aren't allowed to, but sysadmins are02:08
agc93ah right. Cool.02:08
uvirtbotNew bug: #1015369 in mailman (main) ""IOError: [Errno 32] Broken pipe" on start when many lists are present" [Undecided,New] https://launchpad.net/bugs/101536902:51
uvirtbotNew bug: #1015365 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 (dup-of: 1015337)" [Undecided,New] https://launchpad.net/bugs/101536502:52
blendedbychrisguys in general is it easier to chroot or setup something like vsftpd/proftpd?02:54
blendedbychrischroot sftp that is02:55
twbYou want chrooted sftp?03:00
twbblendedbychris: ^03:02
ubuntucloud227noob question: can I host a production Ubuntu cloud on ESXi?03:05
blendedbychristwb: well… i just want to figure out a good way to give a specific group of users access only to a few dirs… i was going to chroot them and use sftp03:07
blendedbychrisand symlink the dirs in03:07
blendedbychrisor even mount03:07
blendedbychrisbah google fails heh … it was like "proftpd" can be used for ln -s… baloney03:08
blendedbychrisstill ahve to use mount --bind03:08
twbblendedbychris: chrooted SFTP is very easy.  However note that SFTP is not FTP.  SFTP is part of SSH, *not* vsftpd or proftpd03:09
blendedbychrisright03:10
blendedbychrisi think sftp might be easier to setup considering i don't have to add addition certs03:10
twbhttp://paste.debian.net/175387/03:11
patdk-lapcerts? using ftps is near impossible, even if you have a cert03:11
twbYes, do not do FTP or FTPS ever.03:11
twbhttp://mywiki.wooledge.org/FtpMustDie03:11
twbblendedbychris: see my paste03:12
blendedbychrisdon't newer openssh versions do better than what you pasted twb?03:12
twbAFAIK no, all of those are important for a locked-down SFTP service03:13
twbIn *older* SSH it was a lot more difficult03:13
patdk-lapwell, depending on what your doing, it's still hard03:13
patdk-lapmy users can't take advantage of the new ssh config to chroot03:13
twbpatdk-lap: why not?  Because they're on hardy?03:14
patdk-lapno03:14
patdk-lapcause it's a group issue03:14
patdk-lapthey all don't belong to a common group03:14
patdk-lapI want a chroot *all* option03:14
blendedbychriswhy isn't there an cond.d in /ssh03:15
twbpatdk-lap: add them all to a new group03:15
twbblendedbychris: because openbsd devs are dumb03:15
twbblendedbychris: it annoys me a lot with ssh_config03:15
blendedbychrisdoes that allowgroups interfere with ful acces?03:16
patdk-laptwb, not easy03:17
twbblendedbychris: well you also want AllowGroups root or something03:17
twbblendedbychris: so you can still SSH in03:17
twbpatdk-lap: you might be able to have multiple match groups to say "chroot everyone, but don't chroot root"03:18
blendedbychrisgetting "Could not open channel (Closing all channels)."03:18
patdk-laptwb, would be ideal03:19
blendedbychrisi just dumped what you gave me at the end of sshd_config03:19
patdk-lapit's just I have 30k users03:19
twbpatdk-lap: you would have to do some experimenting03:19
blendedbychrison wait i didn't change your subsystem03:19
twbpatdk-lap: http://cyber.com.au/~twb/.ssh/config has some notes about how ssh does matching03:19
twbblendedbychris: you should UNDERSTAND the changes03:20
blendedbychrisoddly still same error03:20
blendedbychrispenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 201203:20
=== nath_will is now known as nathwill
twbblendedbychris: what is this channel business... are you getting this from the sshd logs?03:20
twbopenssh 5.3 here03:20
blendedbychrisdo i have to use syslogs?03:21
twbWell, yes, normally you would be looking in /var/log/syslog and /var/log/auth.log03:22
twbIf you have changed that, then obviously you should know where to look03:22
blendedbychrisJun 19 22:22:22 gva-web-1 sshd[5480]: fatal: bad ownership or modes for chroot directory "/home/uespinoza" << guessing it can't be user writable03:22
blendedbychrisor needs to be owned by root?03:23
blendedbychrisdar03:23
blendedbychriscan you use —bind to force permissions and ownership?03:28
blendedbychristhat looks epically complex .. http://wiki.lapipaplena.org/index.php/How_to_mount_SFTP_accesses03:32
twbWhat does ls -ld /home/uespinoza look like03:33
uvirtbotNew bug: #1015378 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101537803:36
blendedbychristwb: dunno i ended up doing —bind :P03:38
blendedbychristwb: so Subsystem sftp /usr/lib/openssh/sftp-server << why do i have to do "internal-sftp" ?03:38
blendedbychrisalso do i have to do the allowgroups?03:38
twbBecause otherwise it won't work03:47
twbinternal-sftp is built into the sshd binary, so it remains accessible after chroot(2)ing.  This is not the case for external binaries like /usr/lib/openssh/sftp-server03:47
blendedbychristwb: later versions must work03:51
blendedbychris /usr/lib/openssh/sftp-server != /usr/lib/openssh/sftp-server.sh (lucid)03:51
blendedbychrisprecise works without that03:51
twbWhatever03:52
twbThe approach I described works for me on lucid.03:52
patdk-lapheh? I have no sftp-server.sh in a default lucid install03:52
blendedbychrisya lucid is #Subsystem sftp /usr/lib/openssh/sftp-server.sh03:53
patdk-lapthat must be someones hack at external chroot support03:53
blendedbychrisoh maybe haah03:53
blendedbychrisprobably mine03:53
patdk-lapthat isn't lucid03:53
blendedbychrisages ago03:53
twbI agree w/ patdk-lap03:53
patdk-lapthat is just so wrong03:54
blendedbychrisso do you two rely on sticky bit to keep perms?03:56
patdk-laphmm?03:57
patdk-lapsticky doesn't keep perms, it overrides them03:57
blendedbychriswell that heh03:59
blendedbychrisoverriding the group perm to always be writable?03:59
blendedbychrisor rather group?04:00
blendedbychrisso the mount —bind doesn't allow write04:01
hallynstgraber: hm, as i'm finishing up the code to write out lxc config (holy tedium, batman) i think i spot a bug in src/lxc/conf.c - inet_ntop(AF_INET, netdev->ipv6_gateway, buf, sizeof(buf));04:01
hallynassume that should be AF_INET604:01
hallyncourse i'ts just in a rare error reporting case...04:01
blendedbychristwb: are you able to do ls -sd with sftp?04:03
twbNo, because it's SFTP04:03
blendedbychrisokay —bind is my next option but it wont write :|04:04
twbI don't know what you're talking about wrt -bind04:04
blendedbychrismount —bind /var /foo04:04
twbUh, what?04:05
twbWhat does mount have to do with any of this04:05
blendedbychrisi'm trying to mount /var/www into that users dir04:05
twbDon't04:05
blendedbychrisokay what else can i do?04:05
twbChroot them into /var/www instead04:06
blendedbychriswrong ansewr04:06
blendedbychrishaha04:06
twbWhy is it wrong?04:06
uvirtbotNew bug: #1015386 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101538604:06
blendedbychriswell really i want to mount /var/www/foo and /var/www/bar in the dir04:07
blendedbychrisas baz is not theirs04:07
twbSo move them to /srv/www/<user>/foo and /srv/www/<user>/bar, chroot them into /srv/www/<user>, and tell apache to expose those dirs accordingly04:08
twbRather than just telling apache to serve /srv/www as a unit and then trying to make the directory structure exactly match the desired http structure04:08
blendedbychriswell that's annoying04:10
twbWhat I do is give users a forced command rrsync [sic] key-based root SSH access04:13
twbI grant that this is suboptimal04:13
patdk-laphmm, why not just leave user stuff in their home dir?04:15
patdk-lapthen just symlink it04:15
patdk-lapln -s /home/<user>/public_html/ /var/www/<user>/04:15
patdk-lapor whatever04:15
twbpatdk-lap: you don't need a symlink, at least under apache04:15
patdk-lapwell, if you have apache virtualhost using that folder directly04:15
twbBut I assumed he was doing something like "give the web dev access to /srv/www/<product>"04:16
blendedbychriswell more likely it' be /srv/group/foo04:16
twbpatdk-lap: /etc/apache2/userdir.conf is what I was thinking of04:17
blendedbychrisnot a fan of that though04:17
blendedbychrisi'm used to this structure … /srv/http/domain.tld/subdomain04:17
blendedbychrisso now i have to do something weird to accommodate sftp permissions.04:17
patdk-lapI don't like userdir04:18
twbpatdk-lap: any particular reason?04:18
patdk-lap~user is annoying :)04:19
twbHa04:19
blendedbychrisyou guys think it might be possible to chroot them to /srv/http and rely on permissions?04:19
blendedbychris(hate the room for error there)04:19
twbWell, why are you chrooting them at all?04:21
twbWhat attack are you guarding against?04:21
blendedbychristhey just don't need read access to the other sites04:21
blendedbychrisor write04:21
blendedbychriswhy doesn't —bind work :(04:29
twbWell for one thing it's --bind04:33
blendedbychrismy client keeps converting it to a &mdash;04:34
blendedbychrisso bite me :P04:34
blendedbychrisnow it seems to work :|04:38
blendedbychristhe - - bind04:38
blendedbychriswhatever :)04:38
blendedbychristhanks for the help guys04:38
uvirtbotNew bug: #1015390 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101539004:46
CoreyWheeeeeee packaging.  NEVER again. *shudder*05:49
uvirtbotNew bug: #1015405 in clamav (main) "ClamAV error: CL_EFORMAT: Bad format or broken data" [Undecided,New] https://launchpad.net/bugs/101540505:50
kblinmorning folks06:01
kblinI'm currently trying to debug an application crash in swat reported by one of our users. I fail to get debugging symbols for the binary though..06:03
kblinwhat's the trick on using the -dbg package?06:03
=== zyga-afk is now known as zyga
uvirtbotNew bug: #1015414 in clamav (main) "package clamav-base 0.97.3+dfsg-2.1ubuntu1 failed to install/upgrade: sub-processo script post-installation instalado retornou estado de saída de erro 1" [Undecided,New] https://launchpad.net/bugs/101541406:52
=== smb` is now known as smb
uvirtbotNew bug: #1015429 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101542907:51
th0mzany1 using opendedup ?08:09
twbNever heard of it.08:10
twbHeh, it needs 250MB of RAM per TB of data being dedupped08:11
twbNo worse than ZFS I suppose08:12
th0mztwb: http://opendedup.org/08:13
twbth0mz: looks like it's written in java.  Automatic fail in my book08:22
th0mzhéhé08:23
th0mz:)08:23
th0mzand using fuse08:23
twbWell fuse is not surprising08:23
twbIf your choices are using fuse or having a java developer try to write kernel code, fuse is clearly the better choice08:23
excalibrHow do you crate a new route table?09:00
excalibrcreate*09:00
twbhttp://paste.debian.net/175422/09:04
twbNames tables go in /etc/iproute2/rt_tables; otherwise you can simply refer to them by number09:05
excalibroh must manually edit the file to add/del table?09:11
uvirtbotNew bug: #1015466 in clamav (main) "package clamav-base 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101546609:31
arusselI've lost the partition on which I had an empty postgres db, usually found in postgres/9.1/main09:42
arusselhow can I recreate those file ?09:42
twbarussel: lost it how09:42
twbarussel: if you haven't written over that part of the disk, just add the partition back into the partition table and it should reappear09:43
arusselI move it from /var/lib/postgresql/ ... to /mnt/postgresql on a differnt volume09:43
arusselthe volume died09:43
arusseltwb: no, I lost eb09:44
arussels09:44
twbOf course you have been backing up your postgres database regularly, right09:44
twbSo start restoring from backup09:44
arusselonce again, this is an empty db, I just want to get the default files from the ubuntu package09:44
arusselI can restore from a dump09:44
twbOh, I missed that09:45
twbI supopse the easiest way would be to purge and reinstall09:45
arusselif hte files have been changed it will keep them, but if it was removed it will re-create ?09:46
arusselpurge tries to stop postgres that fails because of the missing files => purge is cancelled09:54
twbWell I would brute-force that by hacking the shit out of the .prerm09:55
twbBut I am not officially recommending that because you can make it worse09:55
arusselI could purge but reinstall doesn't recreate the 9.1/main cluster09:59
twbreinstall without purging generally doesn't recreate deleted stuff10:00
twbBut I am no expert; someone else might know better10:00
twb*I am no postgres expert10:00
WomkesWhen I use virt-manager to connect to one of my Ubuntu KVM hosts I cannot see the network interfaces listed. I have to enter a interface name manually when creating a VM with "br0". This works fine as far as I can tell but it would be nice to have virt-manager working properly. I dont have this issue with CentOS KVM hosts.10:43
WomkesAny idea why and how I can fix this?10:43
WomkesHmmm10:44
Womkesis it this bug? https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/52038610:44
uvirtbotLaunchpad bug 520386 in libvirt "libvirt-bin hypervisor does not support virConnectNumOfInterfaces / unable to create domain with virt-manager using network bridge" [Medium,Confirmed]10:44
WomkesThanks bot, you are so awesome10:45
=== almaisan-away is now known as al-maisan
thisismynamegot some problems with KVM here11:18
thisismynamei want to assign a virtual machine to a harware NIC11:18
thisismynamelike it's shown here:11:18
thisismynamehttp://www.linux-kvm.com/content/using-bridged-networking-virt-manager11:19
thisismynamebut my virt-manager (version 0.9.1) doesn't have the option "Shared Physical device"11:19
thisismynamedo i have to compile something special??11:19
thisismynamei cloned the git repository... but the option is still not available11:20
thisismynameby cloning i mean, downloading and copmpiling it11:23
thisismynamei even tried 2 different distributions Fedora and Ubuntu... the option is not available in both11:27
patdk-lapit depends on your hardware11:36
patdk-lapwhat motherboard/cpu are you using?11:36
thisismynamecat /proc/cpuinfo http://pastebin.com/xxcbMGCB11:43
thisismynameit's a gujisu server... u need more information?11:44
thisismynamefunjitsu11:44
RoyKthisismyname: I think that server may run a bit better without ht11:48
RoyK(not related to your question, though)11:48
thisismynamewhy that? i want to do lots of virtualized machines11:49
thisismynameso, lots of different threads11:49
thisismynamei thought thats perfect for hyperthreading11:49
RoyKthisismyname: hyperthreading may be better, but then, it may not. the linux scheduler may, in many cases, be better than the in-cpu-scheduler. the hyperthreading creates two (or more) logical cpus per core, and effectively reduces the amount of cache available to each of them for that reason11:57
RoyKthisismyname: IIRC the best game for hyperthreading is large amounts of threads handling small amounts of data, like (maybe) an email or web server11:58
RoyKfor compute nodes, hyperthreading is rather worthless11:59
Defusalhi everyone12:03
Defusalputting "kernel.isolcpus = 2-7" in my sysctl.conf and rebooting does not have any effect12:04
Defusaland "cpuset" says command not found12:04
Defusalso how can i force the system to not run processes on most of the servers cores?12:05
patdk-wkthisismyname, maybe http://www.linux-kvm.org/page/How_to_assign_devices_with_VT-d_in_KVM looking at step 312:21
Defusal$ cset12:22
Defusal...12:22
DefusalImportError: No module named cpuset.main12:22
=== G is now known as Nigel
Defusalcan anyone help please?12:22
Davieyhallyn: Morning, qemu-kvm is trying to pull in usbredir..  it needs a MIR or dropped. :)12:26
hallynhm.  i swear i checked every dep12:29
hallyngah12:30
hallyncomes from spice package.  will drop.  thx12:30
Davieyhallyn: hmm, looking at the diff.. + libusbredirhost-dev, does seem to be a new build-depends12:32
hallynyup, didn't exist in p12:33
hallyni'm just trying to see just how useful it is.  seems like something jdstrand would want :)12:33
hallynbut i really don't like that it comes from the spice page, and shares an author12:34
Davieyhah12:37
hallynDaviey: I suspect this is useful enough we'll be wanting an MIR, maybe even this cycle if possible.  But for now, I've pushed a new build removing it.  thanks.12:41
stgraberhallyn: that does look wrong indeed ;) I'm using ipv6 with my containers but never used lxc's static assignation variables so never hit that bug12:44
Davieyhallyn: super, thanks12:46
K4kHi, I was wondering if someone could help me figure out what I've done wrong with my ks.cfg file. I've re-spun my ISO to include a ks.cfg file in the root directory and modified /isolinux/txt.cfg to add the additional boot option which includes the ks=ks.cfg line. It boots without an issue but it only boots to the initramfs prompt...12:47
smosererichammond, is that 'cf-*' ? or cfn-* ?  ie, what tools were you expecting would be there?12:47
smoseraws-cloudformation-cli ? http://aws.amazon.com/developertools/2555753788650372 ?12:48
hallynstgraber: i pushed save-config support last night.  not sure if you noticed the commit msg, but i'm worried about the personality (lxc.arch) support wrt arm12:49
hallynall lxc stores is PER_LINUX or PER_LINUX32, and lxc.conf just reds x86 for PER_LINUX32 and x86-64 for PER_LINUX12:51
hallynwell, i guess if it is a problem i'll just have to update the core personality code in lxc.  nm, no sense fretting12:51
stgraberyeah, IIRC arm doesn't have personalities, it's an x86 spcific weirdness12:51
hallynmy fear is,12:53
hallynoh wait12:53
hallynno yes.  my fear:  32-bit arm leaves personality 0 (PER_LINUX) and users don't write lxc.arch, so it all just works.  but, then they use api->save_config;12:54
hallynit sees PER_LINUX and writes lxc.arch = x86-64.  next reader gets confused :)12:55
thisismynamepatdk-lap, thanks... gotta have a look12:55
thisismynamepatdk-lap, no... that's not the problem12:56
hallyni guess it's all too magic to me (i.e. diff between PER_LINUX_32BIT and PER_LINUX32)12:56
patdk-wkhmm12:56
hallynDaviey: drat, something went wonky with qemu-kvm build/versioning13:00
Davieyhallyn: looking13:01
hallyneh waht, we have powerpc builds again???13:01
hallyn(separate issue but i'll need to address that)13:01
stgraberhallyn: hmm, yeah, I can see this being a problem... how difficult would it be to make save_config() never write a "default" value to the file?13:03
hallynoh drat13:03
hallynstgraber: the problem is we don't know if we need a default or not.  whic his why core will need to be updated13:03
hallynDaviey: got it now the problem is with the kvm virtual package.  sigh.13:03
stgraberhallyn: right, having something clean in core would be nice. For lxc.arch itself, we should only write it if it's != 013:04
hallynstgraber: but what exactly does == 0 mean?  if you move a 64-bit continer rootfs from 64-bit to 32-bit host, does 0 mean something different?13:05
hallyn(I assume personality is 0 in 32-bit-on32-bit and in 64-bit -on-64-bit)13:05
hallyn(maybe not)13:05
Davieyhallyn: so you are building 'kvm'13:06
hallynDaviey: i need to figure out how to reproduce the dh_gencontrol crap for kvm in the new rules file13:07
hallyn:(13:07
Davieyhallyn: what isn't clear to me, is why you are hitting this now, but not previously13:07
hallyncan i just override_dh_gencontrol?13:07
Davieyyour diff didn't do this.13:07
Davieyhallyn: sure, you can.. but not sure that is the right fix13:07
hallynDaviey: yes it did.  it's the change in rules file (complete grounds-up change)13:07
hallyni think it is.  kvm has a different versioning scheme than qemu-kvm13:08
hallynwell,13:08
Davieyhallyn: ah! your prior build didn't build.. so didn't hit this13:08
hallynoh, right :)13:08
hallynyou meant that diff :)13:08
Davieyhallyn: So.. it's a merge issue.13:08
hallynDaviey: do you think i can get away with just not building kvm?13:08
hallynthe meta-package already exists and is out there...  doesn't need to change13:08
Davieyhallyn: should you be building the kvm package from this src package?13:09
hallynlet's say a user does 'apt-get install kvm'.  it installs qemu-kvm bc of depends.  i don't need to push a newer kvm to depend on newer qemu-kvm (for each build) do I?13:09
Davieyno13:11
hallynstgraber: in a bit i'll do some experiments to get my bearings around what personality values are valid...13:11
Davieyhallyn: I haven't dug into this.. but this is myu understanding..13:11
DavieyDebian builds a kvm package from qemu-kvm13:11
Davieywe build a kvm package from a seperate source package, as a meta package13:11
stgraberhallyn: hmm, yeah, it's annoying ;) so moving a 64bit container to a 32bit host won't work as you need a 64bit kernel for it to boot but moving a 32bit container from a 64bit host to a 32bit host will make it have the i386 personality in the config file, that'd map to 1 but won't exist as 32bit doesn't have personalities13:11
hallynDaviey: no13:11
Davieyhallyn: I thought that was the resolution we came up with last cycle?13:12
hallynDaviey: we always built kvm from qemu-kvm, but debian/rules had two dh_gencontrol lines to change version on kvm13:12
hallynDaviey: oh, maybe i misunderstood.  if you'res saying that is waht we *should* do, we can...  but it's not something we ever did in the past13:12
Davieyhallyn: kvm is just a meta package, no?13:13
hallynyup13:13
Davieyhallyn: yeah, i thought we discussed this last cycle.. maybe we didn't complete it.13:13
hallynif we did, it went over my head13:13
hallynbut again, if two dh_gencontrol lines fix it without a new source package, then why not?13:13
Davieyhallyn: if that fixes it, then it seems the cheapest fix.13:14
hallynok lemme try13:14
Davieyhallyn: i'm interested in what your 2 lines say.13:14
Davieyhallyn: if your two lines create a lie, then it seems nastier IMO.13:15
hallyn        dh_gencontrol -s -Nkvm13:15
hallyn        dh_gencontrol -pkvm -- -v1:84+dfsg-0ubuntu16+$(debsrc_ver)+$(debian_rev)13:15
Davieyhallyn: it seems hard to document why the heck that version number exists by that.. but perhaps less overhead.13:16
hallynDaviey: well it came from the switch from upstream kvm to upstream qemu-kvm.  remember they used to have version numbers like 66,67, etc13:17
hallynthen they switched to qemu-kvm-0.x13:17
hallynDaviey:  can you kick the current -ubuntu2 qemu-kvm source pkg so i can re-use that version #, or shall i bump the version?13:19
hallynstgraber: 32-bit doesn't have personalities?13:20
hallyni thought sunos/irix etc personalities long pre-dated 64-bit13:21
stgraberhallyn: well, it might have personalities but only have a single one as it's not technically able to run something else than 32bit13:22
Davieyhallyn: no, the source package is published, so need to bump revision regardless13:23
stgraberI'd have to check the code again, last I poked at this was during our sprint last year ;)13:23
hallynDaviey: ok, thx13:23
hallynstgraber: do you have an arm box handy, where you could compile+run http://people.canonical.com/~serge/getpers.c ?13:23
stgraberhallyn: sure13:24
stgraberroot@delmak:~# ./getpers13:24
stgraberpersonality is 838860813:24
stgraberhallyn: ^13:24
hallyneh hrm?13:25
hallynwhat if you change the printf to '%u' from '%d' ?13:25
hallyn(though i think it's only char, not int, that becomes unsigned on arm)13:25
stgrabersame thing13:26
hallynhm13:27
hallynthat's FDPIC_FUNCPTRS13:29
hallynheh, or just ADDR_LIMIT_32BIT13:30
=== benji is now known as Guest14462
hallynstgraber: nm, i was wrong about the lxc code.  it initializes pers to -1, so we're goot.13:31
hallyni'll fix it in your branch in a bit (once i'm over qemu killing me)13:31
stgraberok :)13:32
=== benji___ is now known as benji
hallynstgraber: in a debian/rules file, will ifeq ($(DEB_HOST_ARCH_CPU),arm always be true for all arm arches?13:35
stgraberhallyn: it at least seems to work on armel and amrhf, not sure that'll be true for arm6413:37
stgraber(but we don't care yet)13:37
hallyngreat, thanks.  will suffice for now13:38
hallynDaviey:  weren't ppc builders offline last cycle?  is their being up a new thing?13:43
Davieyhallyn: no, powerpc was on last cycle.13:44
Davieyhallyn: a powerpc build failure, isn't a release blocker.13:44
Davieyhallyn: qemu-kvm did build fine in precise, https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu1313:45
hallynDaviey: yeah but it disabled kvm acceleration13:45
Davieyhallyn: right, but the fact that the package is failing in quantal for armel, armhf and powerpc, when in precise it worked.. probably should be investigated :)13:46
hallyni'm not sitting here twiddling my thumbs13:46
hallyn(the arm is fixed in my local pkg, jsut looking into ppc to see if i can get the built to succeed with --enable-kvm, as i know some folks would like that)13:48
=== zyga is now known as zyga-food
hallynstgraber: actually i guess what i pushed last night should do the right thing!  have you run that branch on arm at all?14:11
stgraberhallyn: nope, not yet. Busy writting meeting minutes and will then have a team meeting... but should have some time to test it later this morning14:14
uvirtbotNew bug: #1015582 in puppet (main) "package puppetmaster-passenger 2.7.11-1ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101558214:16
hallynstgraber: thanks!14:24
=== zyga-food is now known as zyga
=== skaet_ is now known as skaet
streulmahello, I want to proxypass another url, but I have already proxypass / how can I do that ?15:02
=== Lcawte|Away is now known as Lcawte
=== zyga is now known as zyga-afk
hallynDaviey: still waiting for confirmation that ppc builds, but i'm looking at http://people.canonical.com/~serge/qemu-kvm.debdiff15:31
hallyn(then hopefully i can get back to plentiful lxc work :)15:32
Davieyhallyn: sorry for the interrupt :)15:32
CharlieSuHi all.  What is console-kit-daemon for?  I'm running 10.04 server w/ no graphical interface and I'm seeing this process take a lot of resources...15:35
hallynCharlieSu: 'apt-cache show consolekit' suggests it's the "we're so much cooler than our elders" utmp replacement15:39
CharlieSuhallyn: do I need it though?15:41
CharlieSuhallyn: I've got a server that is used as a SFTP server bigtime..  and it looks like it is slowing my computer down15:42
hallynCharlieSu: it's part of ubuntu-core, so i think so.15:42
hallynCharlieSu: but no harm waiting for someone who knows more than i to answer15:42
hallyn(all i know is what apt-cache just told me)15:42
=== al-maisan is now known as almaisan-away
hallynthen again maybe not15:44
hallyndpkg -L consolekit sure seems very system-d and X11-ish15:44
hallyn<shrug> i don't know that i'd advise this, but i just did dpkg -r policykit-1 consolekit on a server, still seems ok.15:48
CharlieSuhallyn: ya i disabled it on a server and it still runs.. lol15:50
hallynCharlieSu: new-fangled &^*&^*15:51
MarcelT3hi. trying to get my first MaaS node installed via PXE, but i always run into 'bad archive mirror' no matter what i do. got a hit for me?15:52
smoserkirkland, is ther ea way that i can create ~/.byobu ?16:01
smoseri want to create it, and then disable one status update16:02
smoser(via user-data so its not htere first time i run it)16:02
=== fenris is now known as Guest34289
Davieyjamespage: hey, around?16:14
Davieysmoser: removing cost estimation, by chance?16:15
stgraberhallyn: load_config() => save_config() => http://paste.ubuntu.com/1051146/16:16
stgraberhallyn: is multiple lxc.cap.drop lines allowed/parsed properly by lxc?16:17
stgraberhallyn: and do we need lxc.rootfs.mount to be stored if it's not a weird non-standard path? because it looks like I won't be able to move that container to a 32bit host without patching the config after that change...16:17
SpamapSsmoser: seems like byobu should have a system wide config file that you can edit first16:18
hallynstgraber: i guess i can compare lxc.rootfs.mount to the #defined one, so that is fixable16:20
hallynstgraber: multiple cap.drops are fine16:21
stgrabercool16:21
hallynsigh why am i not getting cgroup-lite bug mail16:22
=== Guest34289 is now known as ejat
hallynwoudl anyone here miss it if qemu-kvm were not built on arm and powerpc?  (they have always been built with --disable-kvm anyway, so you could use qemu-linaro)16:38
Davieyhallyn: Is it worth revisiting if qemu-linaro and qemu-kvm can be consolidated now?16:42
uvirtbotNew bug: #1015678 in cobbler (universe) "Cobbler exits with status 0 when failure occurs" [Undecided,New] https://launchpad.net/bugs/101567816:42
hallynDaviey: debian is pondering their own qemu/qemu-kvm merge.16:42
hallyni have a feeling qemu-linaro would want to be independent of debian's qemu16:43
hallynlool: ^ ?16:43
Davieyhallyn: ISTR slangasek was one of the drivers for qemu-linaro... he might have useful context to see if/when they can be converged.16:44
hallynDaviey: (yeah, i should chat with him, but right now i'm still trying tom ake the package build)16:58
hallynif anyone is looking for something to do and wants to fix the two open cgroup-lite bugs, ping me.  (else i'll get to it later today)16:58
hallynok got a build to work on ppc.  now to copy those changes back and re-test on x86...17:04
hallynseeing a lot of work being done on the debian-selinux packages.  would be great to merge those17:05
zuldo we care about ppc?17:06
hallynzul: at some point we will.  for now, we care enough to want the package to build17:07
hallynzul: but that was why i asked before whether we should simply not build for ppc/arm.17:07
zulhallyn: heh ok17:07
hallynreally rtg was asking that on #ubuntu-devel earlier too17:07
hallyni just figured i'd get yelled at by someone who has that as a crucial part of their custom server :)17:08
zulhallyn: well i can see for arm yes :)17:08
ironmhello. As I missed "ifenslave" and "ethtool" after off-line installation of ubuntu-server 12.04 I asked myself if there is perhaps a new way for setting interface bonding (teaming). Thank you in advance for any hints.17:08
hallynyou know how that goes17:08
zulhallyn: quite17:09
matt_keysre17:16
=== koolhead17|afk is now known as koolhead17
=== LordOfTime is now known as TheLordOfTime
uvirtbotNew bug: #1004373 in rabbitmq-server (main) "Please sync rabbitmq-server 2.8.2 from Debian" [Medium,In progress] https://launchpad.net/bugs/100437317:41
uvirtbotNew bug: #1007139 in mcollective (universe) "Merge mcollective 2.0.0+dfsg-1 (main) from debian testing (main)" [Medium,Fix released] https://launchpad.net/bugs/100713917:41
K4kAnyone here familiar with using kickstart to automate Ubuntu installations? I've got what I believe is a valid ks.cfg file and I think I'm getting hung up with the isolinux/txt.cfg file and somehow it's not reading my ks.cfg file. I've put this in my txt.cfg line "append file=cdrom/preseed/ubuntu.seed initrd=/casper/initrd.lz ks=cdrom:/ks.cfg --"17:46
K4kDoes that look right or am I missing something?17:46
matt_keysK4k : initrd.lz .. shouldn't that be a gz?17:50
K4kmatt_keys: I was looking but I don't see an initrd.gz file anywhere in the directory where I extracted the ISO contents.17:50
matt_keyswhat about an initrd.img?17:51
K4kI did a find in the iso directory for initrd.* and all it found was the lz file17:52
matt_keys12.04?17:53
K4kyes17:53
matt_keysmatt@www:/sdb/test$ find . -name initrd*17:54
matt_keys./install/initrd.gz17:54
matt_keys./install/netboot/ubuntu-installer/amd64/initrd.gz17:54
K4k:/17:54
K4kthat is on what 12.04 version?17:55
matt_keysamd6417:55
K4kdesktop, server or alt17:55
matt_keysserver17:55
K4kWould the contents be different on desktop?17:55
matt_keysprolly17:55
K4kThat might be why then...17:55
K4kI'll try doing my server cfg next17:55
K4kusing this ks cfg and see how far I get17:55
matt_keysyou can install desktop from server17:56
K4kJust use the ubuntu-desktop task group I assume?17:56
matt_keysyeah17:57
matt_keysbut i bet it's this /install/mt86plus17:57
matt_keyson desktop amd6417:57
K4kyup17:57
K4kI've also just tried creating an auto.seed file. I might give that a shot as well and see if that works any better...17:59
K4ksince...you know it's native to debian and all17:59
matt_keyslooks like it takes about 170 minutes to mkfs.ext3oon a 250gb sata with badblocks write test18:25
matt_keys3gb/s sata18:25
hallynphew.  cgroup-lite pushed.  lunching18:26
=== dendro-afk is now known as dendrobates
matt_keysanybody know if libvirt/qemu is running within a lxe/cgroup by default on 12.04 lts amd64?18:43
Qeb_userHI, should I use '$ sudo adduser <user> sudo' or '$ sudo adduser <user> admin' to add user with sudo privalidges? I see both sudo and admin group now?!?!?!18:43
NafalloQeb_user: sudo18:44
Qeb_userok, it used to be admin right?18:44
Qeb_useror at least that's what docs said18:44
Nafalloyes18:45
matt_keysi don't see an admin group in 12.04, just an adm group18:46
matt_keysbut it's defined in /etc/sudoers.18:46
Qeb_userwhat's the default time for .bash_history to get cleaned out, or does it keep history forever?18:47
matt_keystill you history -c :)18:47
guntbertmatt_keys: the admin groups has been replaced by the sudo group, but remains valid for updated systems18:47
matt_keysahh18:48
matt_keysQeb_user : i take that back, history -c doesn't clear .bash_history.18:50
Qeb_usermatt_keys: so it'd keep it for XXXXX years, until I do that?18:50
guntbertQeb_user: no, there is a limit to the size of the file ( if I remember correctly )18:51
matt_keysQeb_user : check ~/.bashrc for HISTSIZE18:52
matt_keysand HISTFILESIZE18:52
matt_keysQeb_user : don't forget to "source ~/.bashrc" after making changes.18:53
Qeb_useroh ok :) cheers18:54
=== dendrobates is now known as dendro-afk
K4kAfter creating a custom preseed file and setting up txt.cfg to load it I'm getting a message for "Detect and mount CD-ROM" saying "Incorrect CD-ROM detected" Is there a way to get a more detailed message as to what it's looking for and why it can't be found?19:26
matt_keysdmesg?19:30
matt_keysor is it getting that far?19:30
K4kit's a red screen, no prompt19:30
K4kit almost appears that it's not even reading my preseed file because it's still asking me half the questions19:31
K4k(I'm using the alternate install cd now)19:31
loolhallyn, Daviey: qemu-linaro is tracking qemu quite closely, so if Debian merges and gets closer to tip, that's all good19:34
loolhallyn, Daviey: In fact, I believe we do our KVM work on top of qemu-linaro, so it would be easier for us to deal with this19:34
matt_keysdoesn't sound like it's loading initrd.gz19:35
loolhallyn, Daviey: But we'd likely want to keep the same setup where the qemu-linaro source package provides the same bits as the qemu source package does in Debian but uses the Linaro releases as a basis19:35
K4kmatt_keys: I suspect you're correct, just not sure why. initrd=/install/initrd.gz -- is at the end of my append line19:36
adam_gjamespage: what were you using to generate jobs based on the templates in the openstack-ubuntu-testing tree?19:36
matt_keysK4k : have you had a look at this? https://apps.ubuntu.com/cat/applications/precise/system-config-kickstart/19:38
adam_gjamespage: nvm, found it.19:40
K4kmatt_keys: yes19:40
K4kI've moved away from using the ks file though19:40
K4ktrying to simply load my own .seed file19:40
K4kwhich, supposedly, is the official way to do it19:40
matt_keysK4k : ahh, try without the preceeding /, e.g. "initrd=install/initrd.gz19:41
K4kI will try that but the default append lines show w/ a preceeding /... let see what happens...19:41
K4kI'm about ready to try anything19:41
K4kthis is all I've been doing for two days straight now, the lines are starting to blur together if you know what I mean19:42
matt_keysfo sho...19:42
K4kmatt_keys: without the preceeding / it fails to locate the initrd.gz19:42
tdnI have a 3TB Seagate GoFlex drive attached to USB 3.0 port on Ubuntu Server 12.04 LTS. When I boot the computer after a poweroff, it come up just fine, however, if I then reboot, the USB disk does not show up in /dev nor does it show up in fdisk -l. It does show up af reboot on a Debian Squeeze server with USB 2 port. How do I make the drive "reconnect" on reboot?19:45
tdnI can see the drive after reboot on lsusb and usb-devices. Output is here: http://paste.adora.dk/P2431.html   So I guess I have to send some kind of USB "wake up" command or something?19:45
=== dendro-afk is now known as dendrobates
K4komg, I think I found what I did wrong... didn't copy the .disk directory from the CD over to the build directory >_<19:46
matt_keyshehe19:46
matt_keysgood indication you need a break from it :)19:47
K4kyessir! It's installing now W00T19:47
arusselhow can I know of a partition is frozen (with xfs_freeze) or not ?19:47
arussels/of/if/19:47
arusselhmm, xfs_freeze has frozen ...19:50
arusselhow do you kill a process when 'kill -9' doesn't kill it ?19:54
BinaryMasterquestion I am using vmbuilder can anyone tell me what the valid flag for 12.04 is for --flavour option?19:56
arusselI've tried remounting hte fs, but this hangs too.20:00
=== dendrobates is now known as dendro-afk
=== dendro-afk is now known as dendrobates
aFeijohi all, anyone uses varnish in the channel?21:05
nathwillaFeijo, yep.21:06
aFeijonathwill, thanks.  I have this site where we use a cookie to save the Location of the user, how can I configure varnish to create a cache per location?21:06
aFeijonathwill, today it does not cache at all21:06
nathwillaFeijo, that's a super-good question, i have never attempted something like that21:08
aFeijonathwill, yeah, tricky one!21:08
nathwillhttps://www.varnish-cache.org/docs/3.0/tutorial/cookies.html?highlight=cookies << possibly relevant21:08
aFeijonathwill, I'm reading that page already :) varnish is quite confusing, and I'm new to it21:08
nathwillother than that i'd suggest checking #varnish on irc.linpro.no21:08
nathwillsince your question is about varnish more than ubuntu21:09
nathwillg'luck!21:09
swthere's no server guide for 12.04 yet?21:47
TheLordOfTimewhat differences would there be between 11.10 and 12.04 for the server guide?21:48
halvorsHi! I'm trying to use iptables and the NAT functionallity (MASQUERADE) with the command "iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE",but when i reboot i have to run the command over again....21:51
halvorsI did "iptables-save". Any ideas?21:51
andolhalvors: Are you also using iptables-restore somewhere?21:56
halvorsNo,21:56
andolhalvors: All iptables-save does it printing your iptables config to stdout, allowing to save (redirect) it to a file, which can then be loaded at boot time.21:57
halvorsBut how do i do that+21:57
halvors?*21:57
=== Aaton_off is now known as Aaton
andolhalvors: See https://help.ubuntu.com/community/IptablesHowTo#Configuration_on_startup for a few different ways. Partly comes down to whatever you use NetworkManager or not.21:58
halvorsThat looks like a hackish solution to me... Is there not any simple command?21:59
halvors?22:02
miceikenokay so my server wont send mails, and I'm thinking a good first step is removing all the packages that handle that. one of them is postfix?22:03
=== Lcawte is now known as Lcawte|Away
uvirtbotNew bug: #1015819 in cyrus-sasl2 (main) "sb_sasl_generic_pkt_length: received illegal packet length when using ldapsearch and sasl with ssl or tls" [Undecided,New] https://launchpad.net/bugs/101581922:11
swmiceiken: incorrect. 1) should be 'check logs'22:14
miceikenhuh?22:15
miceikenis there any way i can remove ALL packages that has something to do with mail?22:15
miceikenincluding settings22:15
swmiceiken: you said that the first step to correct that would be to remove the packages. did you check the logs to find out what the actual problem is, first?22:16
miceikenwhat logs do i check?22:16
swmiceiken: your mail server logs22:16
miceikenwhich would be where?22:16
swmiceiken: wherever you set your mail server to log to, possibly /var/log/mail or /var/log/maillog22:18
miceikenJun 21 00:14:45 celeste postfix/master[10892]: fatal: bind 0.0.0.0 port 25: Address already in use22:19
swmiceiken: there's your problem then22:19
miceikenyeah but i have no idea how to fix it22:20
miceikenwhat other program could be blocking it?22:20
swmiceiken: there's something already using port 25, do '$ sudo netstat -lnp | grep ':25 ''22:21
miceikenmiceiken@celeste:~$ sudo netstat -lnp | grep ':25 '22:21
miceikentcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1768/sendmail: MTA:22:21
swmiceiken: sendmail is already using that port then22:22
miceikenokay22:30
miceikenso postfix and sendmail are the same thing but different 'products'?22:30
miceikensw?22:31
lamontthey are both mail-transport-agents22:33
lamontand conflict with each other, so if you managed to get both installed, you haven't told the packaging system what you've done22:33
miceikenand which one is easiest to get up and running?22:33
lamontdepends.  (and I'm heads down on some other stuff right now)22:34
miceikenI just need to get mail working asap :p22:35
miceikenidc which one i choose22:35
miceikenalso how do I get rid sendmail if not through package manageR?22:37
miceikenplease help22:41
miceikenRemoving sendmail ...22:41
miceikenmiceiken@celeste:~$ sudo netstat -lnp | grep ':25 '22:41
miceikentcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1768/sendmail: MTA:22:41
genii-aroundmiceiken: "sendmail" is also a generic name for the process of sending mail. What says result of: ls -l /usr/sbin/sendmail22:45
miceikenmiceiken@celeste:~$ sudo ls -l /usr/sbin/sendmail22:49
miceiken-rwxr-xr-x 1 root root 21856 Apr 24 15:18 /usr/sbin/sendmail22:49
miceikenI think I managed to remove it now though22:50
miceikenI can send mail using "sendmail <recipient>" right?22:51
genii-aroundDid you manually install it or something, instead of using the package manager?22:51
miceikenI can't recall but I usually use apt-get, yes22:51
miceikenI can never imagine me installing it manually22:51
lamontcould be that it just didn't kill the daemon in prerm22:52
* lamont didn't look22:52
miceikenGoogle tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.1.1 <admin@miceiken.net>: Recipient address rejected: User unknown in local recipient table (state 13).22:54
miceikenso now I need to install that22:54
miceikenwhat should I use? dovecot?22:54
genii-aroundmiceiken: If you have mailutils installed, you can mail like: mail -s "subject" whoever@wherever       ...then you type in the body of the message. When done, ctrl-d22:55
miceikengenii-around, okay nice23:08
miceikenso now I have one more question23:08
miceikenI'm using mutt to read mails23:08
miceikenbut I receive my mails in /var/mail/<user>23:08
miceikenmutt reads /home/<user>/Mail23:08
genii-aroundThere should be some mbox entry in your muttrc23:11
genii-aroundBut /var/mail/name  is where they are supposed to go.23:13
miceikensweet, seems to work now23:13
miceikenthanks!23:13
genii-aroundWork, afk23:13
uvirtbotNew bug: #1015828 in clamav (main) "package clamav-milter 0.97.5+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/101582823:26
hallynstgraber: I'm going to commit a version of the create api.  If you don't like how I ended up doing the api, pls shout.  it's close to what i'd said i'd do23:36
hallynwe'll probably want to add the ability to watch the progress of the template over a file or pipe...23:38
hallynpushed, ducking out for dinner soon23:39

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!