[01:48] <erichammond> utlemming, smoser: I'm starting to use AWS CloudFormation but it looks like the Ubuntu AMIs do not include the cf-* command line tools for startup hooks.  Are there plans to add these or should I submit a request through launchpad?
[01:49] <agc93> on a default 12.04 x64 installation, what gets stored in /srv/ ?
[01:51] <erichammond> agc93: Based on the spec (and my experience with 12.04) I believe /srv/ should be empty by default.  It's there for the stuff that the end user wants to store on the server.
[01:51] <agc93> sweet. And where are OpenLDAP schemas stored by default? I'm having trouble finding it in the docs
[01:52] <agc93> wait, nevermind I think its in /etc/ldap
[01:52] <erichammond> http://tldp.org/LDP/Linux-Filesystem-Hierarchy/html/srv.html
[01:54] <erichammond> sounds like distros are allowed to put things in /srv/ but I haven't seen Ubuntu do it on the base installs.
[01:54] <patdk-lap> hmm, something I installed used that
[01:54] <patdk-lap> think it was one of the tftp servers
[02:02] <twb> erichammond: Debian policy compliant packages MUST NOT place any files in /srv
[02:03] <patdk-lap> what about making folders?
[02:03] <patdk-lap> tftp used to make /srv/tftpboot
[02:03] <patdk-lap> can't remember if that is new, or old
[02:03] <patdk-lap> as I still use /var/lib/tftpboot
[02:03] <twb> I think it's allowed if you do it in the postinst
[02:04] <patdk-lap> I just remember taking awhile figuring out why /var/lib/tftpboot wouldn't work :)
[02:06] <agc93> if you needed to (dont ask why, its an odd setup), you could always symlink /var/lib/whatever to /srv/whatever couldnt you?
[02:07] <twb> agc93: he just hadn't diagnosed the issue at the time
[02:07] <patdk-lap> I could have
[02:07] <patdk-lap> but I just edited /etc/default/tftpd
[02:07] <agc93> yeah, i meant hypothetically. You were saying packages aren't allowed to install in there, but if I wanted something in there, i could symlink it couldnt I?
[02:08] <twb> agc93: packages aren't allowed to, but sysadmins are
[02:08] <agc93> ah right. Cool.
[02:54] <blendedbychris> guys in general is it easier to chroot or setup something like vsftpd/proftpd?
[02:55] <blendedbychris> chroot sftp that is
[03:00] <twb> You want chrooted sftp?
[03:02] <twb> blendedbychris: ^
[03:05] <ubuntucloud227> noob question: can I host a production Ubuntu cloud on ESXi?
[03:07] <blendedbychris> twb: well… i just want to figure out a good way to give a specific group of users access only to a few dirs… i was going to chroot them and use sftp
[03:07] <blendedbychris> and symlink the dirs in
[03:07] <blendedbychris> or even mount
[03:08] <blendedbychris> bah google fails heh … it was like "proftpd" can be used for ln -s… baloney
[03:08] <blendedbychris> still ahve to use mount --bind
[03:09] <twb> blendedbychris: chrooted SFTP is very easy.  However note that SFTP is not FTP.  SFTP is part of SSH, *not* vsftpd or proftpd
[03:10] <blendedbychris> right
[03:10] <blendedbychris> i think sftp might be easier to setup considering i don't have to add addition certs
[03:11] <twb> http://paste.debian.net/175387/
[03:11] <patdk-lap> certs? using ftps is near impossible, even if you have a cert
[03:11] <twb> Yes, do not do FTP or FTPS ever.
[03:11] <twb> http://mywiki.wooledge.org/FtpMustDie
[03:12] <twb> blendedbychris: see my paste
[03:12] <blendedbychris> don't newer openssh versions do better than what you pasted twb?
[03:13] <twb> AFAIK no, all of those are important for a locked-down SFTP service
[03:13] <twb> In *older* SSH it was a lot more difficult
[03:13] <patdk-lap> well, depending on what your doing, it's still hard
[03:13] <patdk-lap> my users can't take advantage of the new ssh config to chroot
[03:14] <twb> patdk-lap: why not?  Because they're on hardy?
[03:14] <patdk-lap> no
[03:14] <patdk-lap> cause it's a group issue
[03:14] <patdk-lap> they all don't belong to a common group
[03:14] <patdk-lap> I want a chroot *all* option
[03:15] <blendedbychris> why isn't there an cond.d in /ssh
[03:15] <twb> patdk-lap: add them all to a new group
[03:15] <twb> blendedbychris: because openbsd devs are dumb
[03:15] <twb> blendedbychris: it annoys me a lot with ssh_config
[03:16] <blendedbychris> does that allowgroups interfere with ful acces?
[03:17] <patdk-lap> twb, not easy
[03:17] <twb> blendedbychris: well you also want AllowGroups root or something
[03:17] <twb> blendedbychris: so you can still SSH in
[03:18] <twb> patdk-lap: you might be able to have multiple match groups to say "chroot everyone, but don't chroot root"
[03:18] <blendedbychris> getting "Could not open channel (Closing all channels)."
[03:19] <patdk-lap> twb, would be ideal
[03:19] <blendedbychris> i just dumped what you gave me at the end of sshd_config
[03:19] <patdk-lap> it's just I have 30k users
[03:19] <twb> patdk-lap: you would have to do some experimenting
[03:19] <blendedbychris> on wait i didn't change your subsystem
[03:19] <twb> patdk-lap: http://cyber.com.au/~twb/.ssh/config has some notes about how ssh does matching
[03:20] <twb> blendedbychris: you should UNDERSTAND the changes
[03:20] <blendedbychris> oddly still same error
[03:20] <blendedbychris> penSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
[03:20] <twb> blendedbychris: what is this channel business... are you getting this from the sshd logs?
[03:20] <twb> openssh 5.3 here
[03:21] <blendedbychris> do i have to use syslogs?
[03:22] <twb> Well, yes, normally you would be looking in /var/log/syslog and /var/log/auth.log
[03:22] <twb> If you have changed that, then obviously you should know where to look
[03:22] <blendedbychris> Jun 19 22:22:22 gva-web-1 sshd[5480]: fatal: bad ownership or modes for chroot directory "/home/uespinoza" << guessing it can't be user writable
[03:23] <blendedbychris> or needs to be owned by root?
[03:23] <blendedbychris> dar
[03:28] <blendedbychris> can you use —bind to force permissions and ownership?
[03:32] <blendedbychris> that looks epically complex .. http://wiki.lapipaplena.org/index.php/How_to_mount_SFTP_accesses
[03:33] <twb> What does ls -ld /home/uespinoza look like
[03:38] <blendedbychris> twb: dunno i ended up doing —bind :P
[03:38] <blendedbychris> twb: so Subsystem sftp /usr/lib/openssh/sftp-server << why do i have to do "internal-sftp" ?
[03:38] <blendedbychris> also do i have to do the allowgroups?
[03:47] <twb> Because otherwise it won't work
[03:47] <twb> internal-sftp is built into the sshd binary, so it remains accessible after chroot(2)ing.  This is not the case for external binaries like /usr/lib/openssh/sftp-server
[03:51] <blendedbychris> twb: later versions must work
[03:51] <blendedbychris>  /usr/lib/openssh/sftp-server != /usr/lib/openssh/sftp-server.sh (lucid)
[03:51] <blendedbychris> precise works without that
[03:52] <twb> Whatever
[03:52] <twb> The approach I described works for me on lucid.
[03:52] <patdk-lap> heh? I have no sftp-server.sh in a default lucid install
[03:53] <blendedbychris> ya lucid is #Subsystem sftp /usr/lib/openssh/sftp-server.sh
[03:53] <patdk-lap> that must be someones hack at external chroot support
[03:53] <blendedbychris> oh maybe haah
[03:53] <blendedbychris> probably mine
[03:53] <patdk-lap> that isn't lucid
[03:53] <blendedbychris> ages ago
[03:53] <twb> I agree w/ patdk-lap
[03:54] <patdk-lap> that is just so wrong
[03:56] <blendedbychris> so do you two rely on sticky bit to keep perms?
[03:57] <patdk-lap> hmm?
[03:57] <patdk-lap> sticky doesn't keep perms, it overrides them
[03:59] <blendedbychris> well that heh
[03:59] <blendedbychris> overriding the group perm to always be writable?
[04:00] <blendedbychris> or rather group?
[04:01] <blendedbychris> so the mount —bind doesn't allow write
[04:01] <hallyn> stgraber: hm, as i'm finishing up the code to write out lxc config (holy tedium, batman) i think i spot a bug in src/lxc/conf.c - inet_ntop(AF_INET, netdev->ipv6_gateway, buf, sizeof(buf));
[04:01] <hallyn> assume that should be AF_INET6
[04:01] <hallyn> course i'ts just in a rare error reporting case...
[04:03] <blendedbychris> twb: are you able to do ls -sd with sftp?
[04:03] <twb> No, because it's SFTP
[04:04] <blendedbychris> okay —bind is my next option but it wont write :|
[04:04] <twb> I don't know what you're talking about wrt -bind
[04:04] <blendedbychris> mount —bind /var /foo
[04:05] <twb> Uh, what?
[04:05] <twb> What does mount have to do with any of this
[04:05] <blendedbychris> i'm trying to mount /var/www into that users dir
[04:05] <twb> Don't
[04:05] <blendedbychris> okay what else can i do?
[04:06] <twb> Chroot them into /var/www instead
[04:06] <blendedbychris> wrong ansewr
[04:06] <blendedbychris> haha
[04:06] <twb> Why is it wrong?
[04:07] <blendedbychris> well really i want to mount /var/www/foo and /var/www/bar in the dir
[04:07] <blendedbychris> as baz is not theirs
[04:08] <twb> So move them to /srv/www/<user>/foo and /srv/www/<user>/bar, chroot them into /srv/www/<user>, and tell apache to expose those dirs accordingly
[04:08] <twb> Rather than just telling apache to serve /srv/www as a unit and then trying to make the directory structure exactly match the desired http structure
[04:10] <blendedbychris> well that's annoying
[04:13] <twb> What I do is give users a forced command rrsync [sic] key-based root SSH access
[04:13] <twb> I grant that this is suboptimal
[04:15] <patdk-lap> hmm, why not just leave user stuff in their home dir?
[04:15] <patdk-lap> then just symlink it
[04:15] <patdk-lap> ln -s /home/<user>/public_html/ /var/www/<user>/
[04:15] <patdk-lap> or whatever
[04:15] <twb> patdk-lap: you don't need a symlink, at least under apache
[04:15] <patdk-lap> well, if you have apache virtualhost using that folder directly
[04:16] <twb> But I assumed he was doing something like "give the web dev access to /srv/www/<product>"
[04:16] <blendedbychris> well more likely it' be /srv/group/foo
[04:17] <twb> patdk-lap: /etc/apache2/userdir.conf is what I was thinking of
[04:17] <blendedbychris> not a fan of that though
[04:17] <blendedbychris> i'm used to this structure … /srv/http/domain.tld/subdomain
[04:17] <blendedbychris> so now i have to do something weird to accommodate sftp permissions.
[04:18] <patdk-lap> I don't like userdir
[04:18] <twb> patdk-lap: any particular reason?
[04:19] <patdk-lap> ~user is annoying :)
[04:19] <twb> Ha
[04:19] <blendedbychris> you guys think it might be possible to chroot them to /srv/http and rely on permissions?
[04:19] <blendedbychris> (hate the room for error there)
[04:21] <twb> Well, why are you chrooting them at all?
[04:21] <twb> What attack are you guarding against?
[04:21] <blendedbychris> they just don't need read access to the other sites
[04:21] <blendedbychris> or write
[04:29] <blendedbychris> why doesn't —bind work :(
[04:33] <twb> Well for one thing it's --bind
[04:34] <blendedbychris> my client keeps converting it to a &mdash;
[04:34] <blendedbychris> so bite me :P
[04:38] <blendedbychris> now it seems to work :|
[04:38] <blendedbychris> the - - bind
[04:38] <blendedbychris> whatever :)
[04:38] <blendedbychris> thanks for the help guys
[05:49] <Corey> Wheeeeeee packaging.  NEVER again. *shudder*
[06:01] <kblin> morning folks
[06:03] <kblin> I'm currently trying to debug an application crash in swat reported by one of our users. I fail to get debugging symbols for the binary though..
[06:03] <kblin> what's the trick on using the -dbg package?
[08:09] <th0mz> any1 using opendedup ?
[08:10] <twb> Never heard of it.
[08:11] <twb> Heh, it needs 250MB of RAM per TB of data being dedupped
[08:12] <twb> No worse than ZFS I suppose
[08:13] <th0mz> twb: http://opendedup.org/
[08:22] <twb> th0mz: looks like it's written in java.  Automatic fail in my book
[08:23] <th0mz> héhé
[08:23] <th0mz> :)
[08:23] <th0mz> and using fuse
[08:23] <twb> Well fuse is not surprising
[08:23] <twb> If your choices are using fuse or having a java developer try to write kernel code, fuse is clearly the better choice
[09:00] <excalibr> How do you crate a new route table?
[09:00] <excalibr> create*
[09:04] <twb> http://paste.debian.net/175422/
[09:05] <twb> Names tables go in /etc/iproute2/rt_tables; otherwise you can simply refer to them by number
[09:11] <excalibr> oh must manually edit the file to add/del table?
[09:42] <arussel> I've lost the partition on which I had an empty postgres db, usually found in postgres/9.1/main
[09:42] <arussel> how can I recreate those file ?
[09:42] <twb> arussel: lost it how
[09:43] <twb> arussel: if you haven't written over that part of the disk, just add the partition back into the partition table and it should reappear
[09:43] <arussel> I move it from /var/lib/postgresql/ ... to /mnt/postgresql on a differnt volume
[09:43] <arussel> the volume died
[09:44] <arussel> twb: no, I lost eb
[09:44] <arussel> s
[09:44] <twb> Of course you have been backing up your postgres database regularly, right
[09:44] <twb> So start restoring from backup
[09:44] <arussel> once again, this is an empty db, I just want to get the default files from the ubuntu package
[09:44] <arussel> I can restore from a dump
[09:45] <twb> Oh, I missed that
[09:45] <twb> I supopse the easiest way would be to purge and reinstall
[09:46] <arussel> if hte files have been changed it will keep them, but if it was removed it will re-create ?
[09:54] <arussel> purge tries to stop postgres that fails because of the missing files => purge is cancelled
[09:55] <twb> Well I would brute-force that by hacking the shit out of the .prerm
[09:55] <twb> But I am not officially recommending that because you can make it worse
[09:59] <arussel> I could purge but reinstall doesn't recreate the 9.1/main cluster
[10:00] <twb> reinstall without purging generally doesn't recreate deleted stuff
[10:00] <twb> But I am no expert; someone else might know better
[10:00] <twb> *I am no postgres expert
[10:43] <Womkes> When I use virt-manager to connect to one of my Ubuntu KVM hosts I cannot see the network interfaces listed. I have to enter a interface name manually when creating a VM with "br0". This works fine as far as I can tell but it would be nice to have virt-manager working properly. I dont have this issue with CentOS KVM hosts.
[10:43] <Womkes> Any idea why and how I can fix this?
[10:44] <Womkes> Hmmm
[10:44] <Womkes> is it this bug? https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/520386
[10:45] <Womkes> Thanks bot, you are so awesome
[11:18] <thisismyname> got some problems with KVM here
[11:18] <thisismyname> i want to assign a virtual machine to a harware NIC
[11:18] <thisismyname> like it's shown here:
[11:19] <thisismyname> http://www.linux-kvm.com/content/using-bridged-networking-virt-manager
[11:19] <thisismyname> but my virt-manager (version 0.9.1) doesn't have the option "Shared Physical device"
[11:19] <thisismyname> do i have to compile something special??
[11:20] <thisismyname> i cloned the git repository... but the option is still not available
[11:23] <thisismyname> by cloning i mean, downloading and copmpiling it
[11:27] <thisismyname> i even tried 2 different distributions Fedora and Ubuntu... the option is not available in both
[11:36] <patdk-lap> it depends on your hardware
[11:36] <patdk-lap> what motherboard/cpu are you using?
[11:43] <thisismyname> cat /proc/cpuinfo http://pastebin.com/xxcbMGCB
[11:44] <thisismyname> it's a gujisu server... u need more information?
[11:44] <thisismyname> funjitsu
[11:48] <RoyK> thisismyname: I think that server may run a bit better without ht
[11:48] <RoyK> (not related to your question, though)
[11:49] <thisismyname> why that? i want to do lots of virtualized machines
[11:49] <thisismyname> so, lots of different threads
[11:49] <thisismyname> i thought thats perfect for hyperthreading
[11:57] <RoyK> thisismyname: hyperthreading may be better, but then, it may not. the linux scheduler may, in many cases, be better than the in-cpu-scheduler. the hyperthreading creates two (or more) logical cpus per core, and effectively reduces the amount of cache available to each of them for that reason
[11:58] <RoyK> thisismyname: IIRC the best game for hyperthreading is large amounts of threads handling small amounts of data, like (maybe) an email or web server
[11:59] <RoyK> for compute nodes, hyperthreading is rather worthless
[12:03] <Defusal> hi everyone
[12:04] <Defusal> putting "kernel.isolcpus = 2-7" in my sysctl.conf and rebooting does not have any effect
[12:04] <Defusal> and "cpuset" says command not found
[12:05] <Defusal> so how can i force the system to not run processes on most of the servers cores?
[12:21] <patdk-wk> thisismyname, maybe http://www.linux-kvm.org/page/How_to_assign_devices_with_VT-d_in_KVM looking at step 3
[12:22] <Defusal> $ cset
[12:22] <Defusal> ...
[12:22] <Defusal> ImportError: No module named cpuset.main
[12:22] <Defusal> can anyone help please?
[12:26] <Daviey> hallyn: Morning, qemu-kvm is trying to pull in usbredir..  it needs a MIR or dropped. :)
[12:29] <hallyn> hm.  i swear i checked every dep
[12:30] <hallyn> gah
[12:30] <hallyn> comes from spice package.  will drop.  thx
[12:32] <Daviey> hallyn: hmm, looking at the diff.. + libusbredirhost-dev, does seem to be a new build-depends
[12:33] <hallyn> yup, didn't exist in p
[12:33] <hallyn> i'm just trying to see just how useful it is.  seems like something jdstrand would want :)
[12:34] <hallyn> but i really don't like that it comes from the spice page, and shares an author
[12:37] <Daviey> hah
[12:41] <hallyn> Daviey: I suspect this is useful enough we'll be wanting an MIR, maybe even this cycle if possible.  But for now, I've pushed a new build removing it.  thanks.
[12:44] <stgraber> hallyn: that does look wrong indeed ;) I'm using ipv6 with my containers but never used lxc's static assignation variables so never hit that bug
[12:46] <Daviey> hallyn: super, thanks
[12:47] <K4k> Hi, I was wondering if someone could help me figure out what I've done wrong with my ks.cfg file. I've re-spun my ISO to include a ks.cfg file in the root directory and modified /isolinux/txt.cfg to add the additional boot option which includes the ks=ks.cfg line. It boots without an issue but it only boots to the initramfs prompt...
[12:47] <smoser> erichammond, is that 'cf-*' ? or cfn-* ?  ie, what tools were you expecting would be there?
[12:48] <smoser> aws-cloudformation-cli ? http://aws.amazon.com/developertools/2555753788650372 ?
[12:49] <hallyn> stgraber: i pushed save-config support last night.  not sure if you noticed the commit msg, but i'm worried about the personality (lxc.arch) support wrt arm
[12:51] <hallyn> all lxc stores is PER_LINUX or PER_LINUX32, and lxc.conf just reds x86 for PER_LINUX32 and x86-64 for PER_LINUX
[12:51] <hallyn> well, i guess if it is a problem i'll just have to update the core personality code in lxc.  nm, no sense fretting
[12:51] <stgraber> yeah, IIRC arm doesn't have personalities, it's an x86 spcific weirdness
[12:53] <hallyn> my fear is,
[12:53] <hallyn> oh wait
[12:54] <hallyn> no yes.  my fear:  32-bit arm leaves personality 0 (PER_LINUX) and users don't write lxc.arch, so it all just works.  but, then they use api->save_config;
[12:55] <hallyn> it sees PER_LINUX and writes lxc.arch = x86-64.  next reader gets confused :)
[12:55] <thisismyname> patdk-lap, thanks... gotta have a look
[12:56] <thisismyname> patdk-lap, no... that's not the problem
[12:56] <hallyn> i guess it's all too magic to me (i.e. diff between PER_LINUX_32BIT and PER_LINUX32)
[12:56] <patdk-wk> hmm
[13:00] <hallyn> Daviey: drat, something went wonky with qemu-kvm build/versioning
[13:01] <Daviey> hallyn: looking
[13:01] <hallyn> eh waht, we have powerpc builds again???
[13:01] <hallyn> (separate issue but i'll need to address that)
[13:03] <stgraber> hallyn: hmm, yeah, I can see this being a problem... how difficult would it be to make save_config() never write a "default" value to the file?
[13:03] <hallyn> oh drat
[13:03] <hallyn> stgraber: the problem is we don't know if we need a default or not.  whic his why core will need to be updated
[13:03] <hallyn> Daviey: got it now the problem is with the kvm virtual package.  sigh.
[13:04] <stgraber> hallyn: right, having something clean in core would be nice. For lxc.arch itself, we should only write it if it's != 0
[13:05] <hallyn> stgraber: but what exactly does == 0 mean?  if you move a 64-bit continer rootfs from 64-bit to 32-bit host, does 0 mean something different?
[13:05] <hallyn> (I assume personality is 0 in 32-bit-on32-bit and in 64-bit -on-64-bit)
[13:05] <hallyn> (maybe not)
[13:06] <Daviey> hallyn: so you are building 'kvm'
[13:07] <hallyn> Daviey: i need to figure out how to reproduce the dh_gencontrol crap for kvm in the new rules file
[13:07] <hallyn> :(
[13:07] <Daviey> hallyn: what isn't clear to me, is why you are hitting this now, but not previously
[13:07] <hallyn> can i just override_dh_gencontrol?
[13:07] <Daviey> your diff didn't do this.
[13:07] <Daviey> hallyn: sure, you can.. but not sure that is the right fix
[13:07] <hallyn> Daviey: yes it did.  it's the change in rules file (complete grounds-up change)
[13:08] <hallyn> i think it is.  kvm has a different versioning scheme than qemu-kvm
[13:08] <hallyn> well,
[13:08] <Daviey> hallyn: ah! your prior build didn't build.. so didn't hit this
[13:08] <hallyn> oh, right :)
[13:08] <hallyn> you meant that diff :)
[13:08] <Daviey> hallyn: So.. it's a merge issue.
[13:08] <hallyn> Daviey: do you think i can get away with just not building kvm?
[13:08] <hallyn> the meta-package already exists and is out there...  doesn't need to change
[13:09] <Daviey> hallyn: should you be building the kvm package from this src package?
[13:09] <hallyn> let's say a user does 'apt-get install kvm'.  it installs qemu-kvm bc of depends.  i don't need to push a newer kvm to depend on newer qemu-kvm (for each build) do I?
[13:11] <Daviey> no
[13:11] <hallyn> stgraber: in a bit i'll do some experiments to get my bearings around what personality values are valid...
[13:11] <Daviey> hallyn: I haven't dug into this.. but this is myu understanding..
[13:11] <Daviey> Debian builds a kvm package from qemu-kvm
[13:11] <Daviey> we build a kvm package from a seperate source package, as a meta package
[13:11] <stgraber> hallyn: hmm, yeah, it's annoying ;) so moving a 64bit container to a 32bit host won't work as you need a 64bit kernel for it to boot but moving a 32bit container from a 64bit host to a 32bit host will make it have the i386 personality in the config file, that'd map to 1 but won't exist as 32bit doesn't have personalities
[13:11] <hallyn> Daviey: no
[13:12] <Daviey> hallyn: I thought that was the resolution we came up with last cycle?
[13:12] <hallyn> Daviey: we always built kvm from qemu-kvm, but debian/rules had two dh_gencontrol lines to change version on kvm
[13:12] <hallyn> Daviey: oh, maybe i misunderstood.  if you'res saying that is waht we *should* do, we can...  but it's not something we ever did in the past
[13:13] <Daviey> hallyn: kvm is just a meta package, no?
[13:13] <hallyn> yup
[13:13] <Daviey> hallyn: yeah, i thought we discussed this last cycle.. maybe we didn't complete it.
[13:13] <hallyn> if we did, it went over my head
[13:13] <hallyn> but again, if two dh_gencontrol lines fix it without a new source package, then why not?
[13:14] <Daviey> hallyn: if that fixes it, then it seems the cheapest fix.
[13:14] <hallyn> ok lemme try
[13:14] <Daviey> hallyn: i'm interested in what your 2 lines say.
[13:15] <Daviey> hallyn: if your two lines create a lie, then it seems nastier IMO.
[13:15] <hallyn>         dh_gencontrol -s -Nkvm
[13:15] <hallyn>         dh_gencontrol -pkvm -- -v1:84+dfsg-0ubuntu16+$(debsrc_ver)+$(debian_rev)
[13:16] <Daviey> hallyn: it seems hard to document why the heck that version number exists by that.. but perhaps less overhead.
[13:17] <hallyn> Daviey: well it came from the switch from upstream kvm to upstream qemu-kvm.  remember they used to have version numbers like 66,67, etc
[13:17] <hallyn> then they switched to qemu-kvm-0.x
[13:19] <hallyn> Daviey:  can you kick the current -ubuntu2 qemu-kvm source pkg so i can re-use that version #, or shall i bump the version?
[13:20] <hallyn> stgraber: 32-bit doesn't have personalities?
[13:21] <hallyn> i thought sunos/irix etc personalities long pre-dated 64-bit
[13:22] <stgraber> hallyn: well, it might have personalities but only have a single one as it's not technically able to run something else than 32bit
[13:23] <Daviey> hallyn: no, the source package is published, so need to bump revision regardless
[13:23] <stgraber> I'd have to check the code again, last I poked at this was during our sprint last year ;)
[13:23] <hallyn> Daviey: ok, thx
[13:23] <hallyn> stgraber: do you have an arm box handy, where you could compile+run http://people.canonical.com/~serge/getpers.c ?
[13:24] <stgraber> hallyn: sure
[13:24] <stgraber> root@delmak:~# ./getpers
[13:24] <stgraber> personality is 8388608
[13:24] <stgraber> hallyn: ^
[13:25] <hallyn> eh hrm?
[13:25] <hallyn> what if you change the printf to '%u' from '%d' ?
[13:25] <hallyn> (though i think it's only char, not int, that becomes unsigned on arm)
[13:26] <stgraber> same thing
[13:27] <hallyn> hm
[13:29] <hallyn> that's FDPIC_FUNCPTRS
[13:30] <hallyn> heh, or just ADDR_LIMIT_32BIT
[13:31] <hallyn> stgraber: nm, i was wrong about the lxc code.  it initializes pers to -1, so we're goot.
[13:31] <hallyn> i'll fix it in your branch in a bit (once i'm over qemu killing me)
[13:32] <stgraber> ok :)
[13:35] <hallyn> stgraber: in a debian/rules file, will ifeq ($(DEB_HOST_ARCH_CPU),arm always be true for all arm arches?
[13:37] <stgraber> hallyn: it at least seems to work on armel and amrhf, not sure that'll be true for arm64
[13:37] <stgraber> (but we don't care yet)
[13:38] <hallyn> great, thanks.  will suffice for now
[13:43] <hallyn> Daviey:  weren't ppc builders offline last cycle?  is their being up a new thing?
[13:44] <Daviey> hallyn: no, powerpc was on last cycle.
[13:44] <Daviey> hallyn: a powerpc build failure, isn't a release blocker.
[13:45] <Daviey> hallyn: qemu-kvm did build fine in precise, https://launchpad.net/ubuntu/+source/qemu-kvm/1.0+noroms-0ubuntu13
[13:45] <hallyn> Daviey: yeah but it disabled kvm acceleration
[13:46] <Daviey> hallyn: right, but the fact that the package is failing in quantal for armel, armhf and powerpc, when in precise it worked.. probably should be investigated :)
[13:46] <hallyn> i'm not sitting here twiddling my thumbs
[13:48] <hallyn> (the arm is fixed in my local pkg, jsut looking into ppc to see if i can get the built to succeed with --enable-kvm, as i know some folks would like that)
[14:11] <hallyn> stgraber: actually i guess what i pushed last night should do the right thing!  have you run that branch on arm at all?
[14:14] <stgraber> hallyn: nope, not yet. Busy writting meeting minutes and will then have a team meeting... but should have some time to test it later this morning
[14:24] <hallyn> stgraber: thanks!
[15:02] <streulma> hello, I want to proxypass another url, but I have already proxypass / how can I do that ?
[15:31] <hallyn> Daviey: still waiting for confirmation that ppc builds, but i'm looking at http://people.canonical.com/~serge/qemu-kvm.debdiff
[15:32] <hallyn> (then hopefully i can get back to plentiful lxc work :)
[15:32] <Daviey> hallyn: sorry for the interrupt :)
[15:35] <CharlieSu> Hi all.  What is console-kit-daemon for?  I'm running 10.04 server w/ no graphical interface and I'm seeing this process take a lot of resources...
[15:39] <hallyn> CharlieSu: 'apt-cache show consolekit' suggests it's the "we're so much cooler than our elders" utmp replacement
[15:41] <CharlieSu> hallyn: do I need it though?
[15:42] <CharlieSu> hallyn: I've got a server that is used as a SFTP server bigtime..  and it looks like it is slowing my computer down
[15:42] <hallyn> CharlieSu: it's part of ubuntu-core, so i think so.
[15:42] <hallyn> CharlieSu: but no harm waiting for someone who knows more than i to answer
[15:42] <hallyn> (all i know is what apt-cache just told me)
[15:44] <hallyn> then again maybe not
[15:44] <hallyn> dpkg -L consolekit sure seems very system-d and X11-ish
 i don't know that i'd advise this, but i just did dpkg -r policykit-1 consolekit on a server, still seems ok.
[15:50] <CharlieSu> hallyn: ya i disabled it on a server and it still runs.. lol
[15:51] <hallyn> CharlieSu: new-fangled &^*&^*
[15:52] <MarcelT3> hi. trying to get my first MaaS node installed via PXE, but i always run into 'bad archive mirror' no matter what i do. got a hit for me?
[16:01] <smoser> kirkland, is ther ea way that i can create ~/.byobu ?
[16:02] <smoser> i want to create it, and then disable one status update
[16:02] <smoser> (via user-data so its not htere first time i run it)
[16:14] <Daviey> jamespage: hey, around?
[16:15] <Daviey> smoser: removing cost estimation, by chance?
[16:16] <stgraber> hallyn: load_config() => save_config() => http://paste.ubuntu.com/1051146/
[16:17] <stgraber> hallyn: is multiple lxc.cap.drop lines allowed/parsed properly by lxc?
[16:17] <stgraber> hallyn: and do we need lxc.rootfs.mount to be stored if it's not a weird non-standard path? because it looks like I won't be able to move that container to a 32bit host without patching the config after that change...
[16:18] <SpamapS> smoser: seems like byobu should have a system wide config file that you can edit first
[16:20] <hallyn> stgraber: i guess i can compare lxc.rootfs.mount to the #defined one, so that is fixable
[16:21] <hallyn> stgraber: multiple cap.drops are fine
[16:21] <stgraber> cool
[16:22] <hallyn> sigh why am i not getting cgroup-lite bug mail
[16:38] <hallyn> woudl anyone here miss it if qemu-kvm were not built on arm and powerpc?  (they have always been built with --disable-kvm anyway, so you could use qemu-linaro)
[16:42] <Daviey> hallyn: Is it worth revisiting if qemu-linaro and qemu-kvm can be consolidated now?
[16:42] <hallyn> Daviey: debian is pondering their own qemu/qemu-kvm merge.
[16:43] <hallyn> i have a feeling qemu-linaro would want to be independent of debian's qemu
[16:43] <hallyn> lool: ^ ?
[16:44] <Daviey> hallyn: ISTR slangasek was one of the drivers for qemu-linaro... he might have useful context to see if/when they can be converged.
[16:58] <hallyn> Daviey: (yeah, i should chat with him, but right now i'm still trying tom ake the package build)
[16:58] <hallyn> if anyone is looking for something to do and wants to fix the two open cgroup-lite bugs, ping me.  (else i'll get to it later today)
[17:04] <hallyn> ok got a build to work on ppc.  now to copy those changes back and re-test on x86...
[17:05] <hallyn> seeing a lot of work being done on the debian-selinux packages.  would be great to merge those
[17:06] <zul> do we care about ppc?
[17:07] <hallyn> zul: at some point we will.  for now, we care enough to want the package to build
[17:07] <hallyn> zul: but that was why i asked before whether we should simply not build for ppc/arm.
[17:07] <zul> hallyn: heh ok
[17:07] <hallyn> really rtg was asking that on #ubuntu-devel earlier too
[17:08] <hallyn> i just figured i'd get yelled at by someone who has that as a crucial part of their custom server :)
[17:08] <zul> hallyn: well i can see for arm yes :)
[17:08] <ironm> hello. As I missed "ifenslave" and "ethtool" after off-line installation of ubuntu-server 12.04 I asked myself if there is perhaps a new way for setting interface bonding (teaming). Thank you in advance for any hints.
[17:08] <hallyn> you know how that goes
[17:09] <zul> hallyn: quite
[17:16] <matt_keys> re
[17:46] <K4k> Anyone here familiar with using kickstart to automate Ubuntu installations? I've got what I believe is a valid ks.cfg file and I think I'm getting hung up with the isolinux/txt.cfg file and somehow it's not reading my ks.cfg file. I've put this in my txt.cfg line "append file=cdrom/preseed/ubuntu.seed initrd=/casper/initrd.lz ks=cdrom:/ks.cfg --"
[17:46] <K4k> Does that look right or am I missing something?
[17:50] <matt_keys> K4k : initrd.lz .. shouldn't that be a gz?
[17:50] <K4k> matt_keys: I was looking but I don't see an initrd.gz file anywhere in the directory where I extracted the ISO contents.
[17:51] <matt_keys> what about an initrd.img?
[17:52] <K4k> I did a find in the iso directory for initrd.* and all it found was the lz file
[17:53] <matt_keys> 12.04?
[17:53] <K4k> yes
[17:54] <matt_keys> matt@www:/sdb/test$ find . -name initrd*
[17:54] <matt_keys> ./install/initrd.gz
[17:54] <matt_keys> ./install/netboot/ubuntu-installer/amd64/initrd.gz
[17:54] <K4k> :/
[17:55] <K4k> that is on what 12.04 version?
[17:55] <matt_keys> amd64
[17:55] <K4k> desktop, server or alt
[17:55] <matt_keys> server
[17:55] <K4k> Would the contents be different on desktop?
[17:55] <matt_keys> prolly
[17:55] <K4k> That might be why then...
[17:55] <K4k> I'll try doing my server cfg next
[17:55] <K4k> using this ks cfg and see how far I get
[17:56] <matt_keys> you can install desktop from server
[17:56] <K4k> Just use the ubuntu-desktop task group I assume?
[17:57] <matt_keys> yeah
[17:57] <matt_keys> but i bet it's this /install/mt86plus
[17:57] <matt_keys> on desktop amd64
[17:57] <K4k> yup
[17:59] <K4k> I've also just tried creating an auto.seed file. I might give that a shot as well and see if that works any better...
[17:59] <K4k> since...you know it's native to debian and all
[18:25] <matt_keys> looks like it takes about 170 minutes to mkfs.ext3oon a 250gb sata with badblocks write test
[18:25] <matt_keys> 3gb/s sata
[18:26] <hallyn> phew.  cgroup-lite pushed.  lunching
[18:43] <matt_keys> anybody know if libvirt/qemu is running within a lxe/cgroup by default on 12.04 lts amd64?
[18:43] <Qeb_user> HI, should I use '$ sudo adduser <user> sudo' or '$ sudo adduser <user> admin' to add user with sudo privalidges? I see both sudo and admin group now?!?!?!
[18:44] <Nafallo> Qeb_user: sudo
[18:44] <Qeb_user> ok, it used to be admin right?
[18:44] <Qeb_user> or at least that's what docs said
[18:45] <Nafallo> yes
[18:46] <matt_keys> i don't see an admin group in 12.04, just an adm group
[18:46] <matt_keys> but it's defined in /etc/sudoers.
[18:47] <Qeb_user> what's the default time for .bash_history to get cleaned out, or does it keep history forever?
[18:47] <matt_keys> till you history -c :)
[18:47] <guntbert> matt_keys: the admin groups has been replaced by the sudo group, but remains valid for updated systems
[18:48] <matt_keys> ahh
[18:50] <matt_keys> Qeb_user : i take that back, history -c doesn't clear .bash_history.
[18:50] <Qeb_user> matt_keys: so it'd keep it for XXXXX years, until I do that?
[18:51] <guntbert> Qeb_user: no, there is a limit to the size of the file ( if I remember correctly )
[18:52] <matt_keys> Qeb_user : check ~/.bashrc for HISTSIZE
[18:52] <matt_keys> and HISTFILESIZE
[18:53] <matt_keys> Qeb_user : don't forget to "source ~/.bashrc" after making changes.
[18:54] <Qeb_user> oh ok :) cheers
[19:26] <K4k> After creating a custom preseed file and setting up txt.cfg to load it I'm getting a message for "Detect and mount CD-ROM" saying "Incorrect CD-ROM detected" Is there a way to get a more detailed message as to what it's looking for and why it can't be found?
[19:30] <matt_keys> dmesg?
[19:30] <matt_keys> or is it getting that far?
[19:30] <K4k> it's a red screen, no prompt
[19:31] <K4k> it almost appears that it's not even reading my preseed file because it's still asking me half the questions
[19:31] <K4k> (I'm using the alternate install cd now)
[19:34] <lool> hallyn, Daviey: qemu-linaro is tracking qemu quite closely, so if Debian merges and gets closer to tip, that's all good
[19:34] <lool> hallyn, Daviey: In fact, I believe we do our KVM work on top of qemu-linaro, so it would be easier for us to deal with this
[19:35] <matt_keys> doesn't sound like it's loading initrd.gz
[19:35] <lool> hallyn, Daviey: But we'd likely want to keep the same setup where the qemu-linaro source package provides the same bits as the qemu source package does in Debian but uses the Linaro releases as a basis
[19:36] <K4k> matt_keys: I suspect you're correct, just not sure why. initrd=/install/initrd.gz -- is at the end of my append line
[19:36] <adam_g> jamespage: what were you using to generate jobs based on the templates in the openstack-ubuntu-testing tree?
[19:38] <matt_keys> K4k : have you had a look at this? https://apps.ubuntu.com/cat/applications/precise/system-config-kickstart/
[19:40] <adam_g> jamespage: nvm, found it.
[19:40] <K4k> matt_keys: yes
[19:40] <K4k> I've moved away from using the ks file though
[19:40] <K4k> trying to simply load my own .seed file
[19:40] <K4k> which, supposedly, is the official way to do it
[19:41] <matt_keys> K4k : ahh, try without the preceeding /, e.g. "initrd=install/initrd.gz
[19:41] <K4k> I will try that but the default append lines show w/ a preceeding /... let see what happens...
[19:41] <K4k> I'm about ready to try anything
[19:42] <K4k> this is all I've been doing for two days straight now, the lines are starting to blur together if you know what I mean
[19:42] <matt_keys> fo sho...
[19:42] <K4k> matt_keys: without the preceeding / it fails to locate the initrd.gz
[19:45] <tdn> I have a 3TB Seagate GoFlex drive attached to USB 3.0 port on Ubuntu Server 12.04 LTS. When I boot the computer after a poweroff, it come up just fine, however, if I then reboot, the USB disk does not show up in /dev nor does it show up in fdisk -l. It does show up af reboot on a Debian Squeeze server with USB 2 port. How do I make the drive "reconnect" on reboot?
[19:45] <tdn> I can see the drive after reboot on lsusb and usb-devices. Output is here: http://paste.adora.dk/P2431.html   So I guess I have to send some kind of USB "wake up" command or something?
[19:46] <K4k> omg, I think I found what I did wrong... didn't copy the .disk directory from the CD over to the build directory >_<
[19:46] <matt_keys> hehe
[19:47] <matt_keys> good indication you need a break from it :)
[19:47] <K4k> yessir! It's installing now W00T
[19:47] <arussel> how can I know of a partition is frozen (with xfs_freeze) or not ?
[19:47] <arussel> s/of/if/
[19:50] <arussel> hmm, xfs_freeze has frozen ...
[19:54] <arussel> how do you kill a process when 'kill -9' doesn't kill it ?
[19:56] <BinaryMaster> question I am using vmbuilder can anyone tell me what the valid flag for 12.04 is for --flavour option?
[20:00] <arussel> I've tried remounting hte fs, but this hangs too.
[21:05] <aFeijo> hi all, anyone uses varnish in the channel?
[21:06] <nathwill> aFeijo, yep.
[21:06] <aFeijo> nathwill, thanks.  I have this site where we use a cookie to save the Location of the user, how can I configure varnish to create a cache per location?
[21:06] <aFeijo> nathwill, today it does not cache at all
[21:08] <nathwill> aFeijo, that's a super-good question, i have never attempted something like that
[21:08] <aFeijo> nathwill, yeah, tricky one!
[21:08] <nathwill> https://www.varnish-cache.org/docs/3.0/tutorial/cookies.html?highlight=cookies << possibly relevant
[21:08] <aFeijo> nathwill, I'm reading that page already :) varnish is quite confusing, and I'm new to it
[21:08] <nathwill> other than that i'd suggest checking #varnish on irc.linpro.no
[21:09] <nathwill> since your question is about varnish more than ubuntu
[21:09] <nathwill> g'luck!
[21:47] <sw> there's no server guide for 12.04 yet?
[21:48] <TheLordOfTime> what differences would there be between 11.10 and 12.04 for the server guide?
[21:51] <halvors> Hi! I'm trying to use iptables and the NAT functionallity (MASQUERADE) with the command "iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE",but when i reboot i have to run the command over again....
[21:51] <halvors> I did "iptables-save". Any ideas?
[21:56] <andol> halvors: Are you also using iptables-restore somewhere?
[21:56] <halvors> No,
[21:57] <andol> halvors: All iptables-save does it printing your iptables config to stdout, allowing to save (redirect) it to a file, which can then be loaded at boot time.
[21:57] <halvors> But how do i do that+
[21:57] <halvors> ?*
[21:58] <andol> halvors: See https://help.ubuntu.com/community/IptablesHowTo#Configuration_on_startup for a few different ways. Partly comes down to whatever you use NetworkManager or not.
[21:59] <halvors> That looks like a hackish solution to me... Is there not any simple command?
[22:02] <halvors> ?
[22:03] <miceiken> okay so my server wont send mails, and I'm thinking a good first step is removing all the packages that handle that. one of them is postfix?
[22:14] <sw> miceiken: incorrect. 1) should be 'check logs'
[22:15] <miceiken> huh?
[22:15] <miceiken> is there any way i can remove ALL packages that has something to do with mail?
[22:15] <miceiken> including settings
[22:16] <sw> miceiken: you said that the first step to correct that would be to remove the packages. did you check the logs to find out what the actual problem is, first?
[22:16] <miceiken> what logs do i check?
[22:16] <sw> miceiken: your mail server logs
[22:16] <miceiken> which would be where?
[22:18] <sw> miceiken: wherever you set your mail server to log to, possibly /var/log/mail or /var/log/maillog
[22:19] <miceiken> Jun 21 00:14:45 celeste postfix/master[10892]: fatal: bind 0.0.0.0 port 25: Address already in use
[22:19] <sw> miceiken: there's your problem then
[22:20] <miceiken> yeah but i have no idea how to fix it
[22:20] <miceiken> what other program could be blocking it?
[22:21] <sw> miceiken: there's something already using port 25, do '$ sudo netstat -lnp | grep ':25 ''
[22:21] <miceiken> miceiken@celeste:~$ sudo netstat -lnp | grep ':25 '
[22:21] <miceiken> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1768/sendmail: MTA:
[22:22] <sw> miceiken: sendmail is already using that port then
[22:30] <miceiken> okay
[22:30] <miceiken> so postfix and sendmail are the same thing but different 'products'?
[22:31] <miceiken> sw?
[22:33] <lamont> they are both mail-transport-agents
[22:33] <lamont> and conflict with each other, so if you managed to get both installed, you haven't told the packaging system what you've done
[22:33] <miceiken> and which one is easiest to get up and running?
[22:34] <lamont> depends.  (and I'm heads down on some other stuff right now)
[22:35] <miceiken> I just need to get mail working asap :p
[22:35] <miceiken> idc which one i choose
[22:37] <miceiken> also how do I get rid sendmail if not through package manageR?
[22:41] <miceiken> please help
[22:41] <miceiken> Removing sendmail ...
[22:41] <miceiken> miceiken@celeste:~$ sudo netstat -lnp | grep ':25 '
[22:41] <miceiken> tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1768/sendmail: MTA:
[22:45] <genii-around> miceiken: "sendmail" is also a generic name for the process of sending mail. What says result of: ls -l /usr/sbin/sendmail
[22:49] <miceiken> miceiken@celeste:~$ sudo ls -l /usr/sbin/sendmail
[22:49] <miceiken> -rwxr-xr-x 1 root root 21856 Apr 24 15:18 /usr/sbin/sendmail
[22:50] <miceiken> I think I managed to remove it now though
[22:51] <miceiken> I can send mail using "sendmail <recipient>" right?
[22:51] <genii-around> Did you manually install it or something, instead of using the package manager?
[22:51] <miceiken> I can't recall but I usually use apt-get, yes
[22:51] <miceiken> I can never imagine me installing it manually
[22:52] <lamont> could be that it just didn't kill the daemon in prerm
[22:52]  * lamont didn't look
[22:54] <miceiken> Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 550 550 5.1.1 <admin@miceiken.net>: Recipient address rejected: User unknown in local recipient table (state 13).
[22:54] <miceiken> so now I need to install that
[22:54] <miceiken> what should I use? dovecot?
[22:55] <genii-around> miceiken: If you have mailutils installed, you can mail like: mail -s "subject" whoever@wherever       ...then you type in the body of the message. When done, ctrl-d
[23:08] <miceiken> genii-around, okay nice
[23:08] <miceiken> so now I have one more question
[23:08] <miceiken> I'm using mutt to read mails
[23:08] <miceiken> but I receive my mails in /var/mail/<user>
[23:08] <miceiken> mutt reads /home/<user>/Mail
[23:11] <genii-around> There should be some mbox entry in your muttrc
[23:13] <genii-around> But /var/mail/name  is where they are supposed to go.
[23:13] <miceiken> sweet, seems to work now
[23:13] <miceiken> thanks!
[23:13] <genii-around> Work, afk
[23:36] <hallyn> stgraber: I'm going to commit a version of the create api.  If you don't like how I ended up doing the api, pls shout.  it's close to what i'd said i'd do
[23:38] <hallyn> we'll probably want to add the ability to watch the progress of the template over a file or pipe...
[23:39] <hallyn> pushed, ducking out for dinner soon