[00:07] <seijirou_> I have an issue with ubuntucloudInfrastructure.   Following the guide... after running juju bootstrap... I am stuck in a loop of remote server refused the client connect.   Connecting to the remote end directly I can see in /var/log/auth.log that it's trying to connect to localhost on 2181..
[00:07] <seijirou_> I don't think localhost is correct.. I think it's supposed to connect back to the initial maas box
[00:11] <seijirou_> any ideas greatly appreciated
[00:34] <CyclicFlux> Good evening fellow Ubuntu-Server enthusiasts. I have a bit of a problem, and I am not exactly clear on how to fix it, my assistant made a bit of a hiccup
[00:37] <CyclicFlux> While using tor-proxy he saw in the log that the patch to the unix control socket didn't have proper permissions of the user.  He then changed the ownership of the /var/run folder to chown -R hisusername:root /var/run, in hopes of solving the problem in a rather crude way.  I was curious what the default permissions were on the /var/run directory so I could change them back via chmod to recursively correct this
[00:38] <ChmEarl> CyclicFlux,  http://paste.ubuntu.com/1149845/
[00:38] <CyclicFlux> I was thinking a chmod 757
[00:38] <ChmEarl> thats lucid
[00:39] <CyclicFlux> ChmEarl, thanks! I appreciate it
[00:39] <seijirou_> the folder /var/run itself is root:root 755
[00:39] <ChmEarl> about half are 644
[00:39] <CyclicFlux> ChmEarl, thanks! I am going to go check it out, and let you know how it goes
[00:40] <ChmEarl> seijirou_, gave you an important tip
[00:41] <CyclicFlux> seijirou, thanks as well!!!! The irc-client is on transparent and I am having trouble seeing the blues with my background, lol!!!
[00:41] <CyclicFlux> I'll be right back
[01:24] <seijirou_> Lol so far cloud infrastructure 12.04 walk-through and pre-built image has been a catastrophe
[02:08] <three18ti> seijirou_, no "cloud infrastructure" in 12.04, that's a < 11.10 thing.  post 12.04 we're using MaaS and Juju.
[02:08] <three18ti> but I agree.
[02:09] <three18ti> have you checked out openQRM?
[02:16] <disown>  ok I have installed open-iscsi on a computer the services is running but from another computer what clientside software do I need to access iscsi based things ? Or is it built in to the os so a share will show up in any browser ...
[02:16] <disown> confused on where the iscsi client side package is
[02:19] <disown> Is it different from an NFS setup where you have a client and a server side program
[02:20] <disown> client program being the mounting command and the server side being the service
[02:22] <disown> Or maybe this open-iscsi is just the client side daemon that detects when a san enable devices is on the network and mounts it. Though the san device has to have the builting software on its side
[02:22] <melmoth> disown,  the server is called a target
[02:22] <melmoth> and people tned to use tgt for the target side
[02:22] <melmoth> the client is called the initiator
[02:23] <melmoth> and i think open-iscsi (iscsadm and stuff) is the client part
[02:23] <disown> so then whats the server part
[02:23] <melmoth> tgt
[02:24] <disown> what is that stand for
[02:24] <disown> and what is tned
[02:24] <melmoth> hmmm. How should i know ? :)
[02:24] <melmoth> i never heard of tned
[02:24] <disown> " and people tned to use tgt for the target side"
[02:25] <melmoth> ahh, i think tgtd means TarGeT Daemon or something
[02:25] <melmoth> ahh :) that was me mispelling "tend". I meant to say people use tgt for the server side.
[02:25] <disown> ok but what package is that server stuff part of
[02:25] <melmoth> tgt
[02:26] <melmoth> Linux SCSI target user-space tools
[02:27] <three18ti> any ideas on how to preseed an install?  I'm stumped.  Thanks.
[02:28] <three18ti> so you don't have to look through the scollback, I'm looking for a good syslinux.cfg mine is loading vmlinuz and initrd.gz, but I won't load my preseed.cfg
[02:28] <disown> ok so then tgt is the equivalent to NFS client side package nfs-common
[02:29] <disown> sorry meant nfs-kernel-server
[02:30] <melmoth> disown, yep , i think one can say that
[02:30] <disown> meant serverside package when I said client
[02:30] <three18ti> this is all I have in my syslinux.cfg http://paste.scsys.co.uk/205590
[02:30] <melmoth> three18ti, i use it with cobbler, but as it s cobbler i did not generated the syslunx.cfg file myself
[02:31] <three18ti> heh, I'm trying to preseed the cobbler server ;) maybe I'll install cobbler on another machine then use that to provision this machine...  it seriously shouldn't be this hard to automate an install.
[02:32] <three18ti> unfortunately the docs are just missing that one piece.
[02:32] <disown> Ok then it would seem to me iscsi is more fundamental or lower level then NFS since not only can it act as hosting shares but can do more general things like issue scsi over tcp/ip commands
[02:32] <three18ti> maybe I'll try zipping a custom initrd
[02:33] <melmoth> disown, iscsi is about block devices, nfs is about filesystems
[02:34] <disown> so iscsi is not for accessing files or filesystems it can only issue scsi command to like tell a cd/dvd player to burn a cd/dvd ,...etc
[02:34] <disown> scsi is part of a HDD ATAPI is scsi based
[02:35] <disown> so it should beable to retrevie any sector on a HDD
[02:35] <disown> confused
[02:35] <melmoth> three18ti, http://pastebin.com/EHveL9aS
[02:36] <disown> seems to me iscsi would be more general then nfs since iscsi could in theory have a layer on top add to do the same thing as nfs
[02:36] <melmoth> its a _block device_ server
[02:37] <melmoth> it does not do the same thing than nfs.
[02:37] <three18ti> sonofab*** I just rebooted my dns server... lol
[02:37] <disown> any harddrive is a block devices
[02:37] <melmoth> yep, but nfs is not a drive, it s a filesystem.
[02:38] <disown> and as such cann't you uses iscsi to retreive any sector of a HDD with a scsi / atapi command then once you can do that one could eventually add a file system to the top or better yet run any filesystem on top ,
[02:38] <melmoth> three18ti, in my example the preseed file is http://192.168.122.2/cblr/svc/op/ks/profile/precise-x86_64-auto
[02:39] <melmoth> disown, exactly, this is the idea.
[02:39] <disown> thats cool sort of like a VFS set up
[02:40] <three18ti> melmoth, thanks, the problem is that I'm trying to use a "local" preseed.
[02:40] <three18ti> as in it's on the FDD.
[02:41] <disown> so one can uses iscsi in theory to test out newly developed DFS
[02:41] <melmoth> in this case, it happen to be local too. I do not know why the cobbler guyes made it pass threw http
[02:42] <melmoth> may be because it s easier :)
[02:42] <three18ti> :)
[02:42] <three18ti> unfortunately, these instructions seem just incomplete enough, https://help.ubuntu.com/12.04/installation-guide/amd64/preseed-using.html
[02:43] <disown> if that is true that opens up whole new worlds in my ability to design a DFS without having to write the server/client socket programs to interperate those commands
[02:47] <seijirou_> three18ti, I tried MaaS and Juju.  It's incredibly broken.  Problems at every step.
[02:50] <three18ti> seijirou_, have you checked out openQRM?  What is broken about MaaS and Juju?  When was the last time you tried them?
[02:51] <bigjools> "incredibly broken" is not true at all
[02:51] <seijirou_> I've tried getting MaaS and Juju working for the last 2 days.  The 1st problem is related to system clock mismatch causing nodes not to boot correctly.
[02:51] <seijirou_> The errors are not discriptive, so it took a while to figure out what that was.  The fix was standing up NTP on the MaaS box, and modifying the tftp image with instructions for the remote boxes to pull ntp.
[02:52] <seijirou_> If you don't do that the nodes are stuck at comissioning
[02:53] <seijirou_> After that they do comission, and shut off.   if you turn them back on prrior to attempting to juju bootstrap, the SSH keys get hosed
[02:53] <bigjools> what ssh keys?
[02:54] <bigjools> https://bugs.launchpad.net/maas/+bug/978127
[02:54] <seijirou_> that would be problem #1
[02:54] <bigjools> what ssh keys are "hosed" ?
[02:55] <seijirou_> The MaaS server seeds the nodes with it's public ssh key with the cloud-init script ( I think)
[02:55] <seijirou_> without that working, you cannot authenticate to the node
[02:55] <bigjools> if you are using juju you don't need to care about maas's ssh keys
[02:56] <bigjools> and I still don't know what you mean by hosed
[02:56] <seijirou_> Actually I do, because when i juju -v status and is ee a screen full of invalid ssh key errors
[02:56] <seijirou_> i know why juju bootstrap never works
[02:56] <bigjools> no, you don't.  juju passes keys
[02:57] <bigjools> status fails because it's not finished installing and hence no keys are set
[02:57] <seijirou_> What I found to be repeatable, is if you turn the nodes back on after comissioning
[02:57] <seijirou_> prior to juju bootstrap
[02:57] <seijirou_> ubuntu is installed
[02:57] <seijirou_> but there's an issue with the ssh keys
[02:57] <bigjools> why are you turning them on?
[02:57] <seijirou_> so that when you then try to juju bootstrap
[02:57] <bigjools> it's not designed to work like that
[02:57] <seijirou_> there's a probelm with the keys, and it won't work
[02:58] <seijirou_> I did because they shut off unexpectedly.
[02:58] <seijirou_> I since learned, okay, don't turn them back on
[02:58] <bigjools> that's not unexpected at all, it's designed to work like that
[02:58] <seijirou_> juju bootstrap... then go turn them on
[02:58] <bigjools> juju bootstrap will turn them on again
[02:58] <seijirou_> I didn't design it
[02:58] <bigjools> no, I did
[02:58] <seijirou_> It's not well documented
[02:58] <seijirou_> Tehrefore I diddn't expect it
[02:58] <bigjools> I am happy to help
[02:58] <seijirou_> My clue to the cause, was another bug that i'd have to go find
[02:58] <seijirou_> where the last post someone mentioned they did the same thign
[02:59] <seijirou_> I'm not the only one
[02:59] <seijirou_> Anyhow, after realizing that mistake i started over
[02:59] <bigjools> which docs are you looking at, we can fix it
[02:59] <seijirou_> get past issue #1, don't turn them on after comissioning, issue juju bootstrap
[02:59] <seijirou_> it still fails
[02:59] <seijirou_> this time I can ssh to the node
[02:59] <seijirou_> when i look in /var/log/auth.log
[02:59] <seijirou_> it's repeatedly trying to connect to localhost on 2181
[03:00] <seijirou_> every time juju -v status loops it's connection attempt
[03:00] <bigjools> what do you mean by "it still fails", what are the external symptoms?
[03:00] <bigjools> bootstrap takes a long time, FWIW
[03:00] <seijirou_> well juju -v status shows me that the remote server rejected the connection
[03:00] <seijirou_> i can now ssh to the remote server though
[03:01] <bigjools> because it's not finished bootstrapping
[03:01] <seijirou_> i let that run for 16 hours
[03:01] <bigjools> ok that's not good :)
[03:01] <seijirou_> i left it last night before bed
[03:01] <seijirou_> checked it this afternoon after i got home from work lol
[03:01] <bigjools> ok so you  can ssh in?
[03:01] <seijirou_> I was able to yes... the environment is not up currently
[03:02] <bigjools> can you paste the output from these logs:
[03:02] <bigjools> /var/log/cloud-init-output.log
[03:02] <bigjools> /var/log/cloud-init.log
[03:03] <bigjools> also what is your DEFAULT_MAAS_URL in the /etc/maas/maas_local_settings.py file?
[03:03] <seijirou_> If you can stand by about 10 minutes I can re-create it.
[03:03] <bigjools> sure
[03:04] <bigjools> also please tell me which docs you were following so I can fix them
[03:04] <seijirou_> and I'm sorry if my description about it was offensive.. i'm slightly frustrated but i appreciate your willing to help.
[03:04] <bigjools> np, it's a frustrating experience when it goes wrong
[03:04] <bigjools> we're about to release quite a re-write in 10.10
[03:04] <bigjools> 12.10 even
[03:06] <disown> wait cann't iscsi be used for distributive based raid
[03:06] <seijirou_> I was following along here, using method2   https://help.ubuntu.com/community/UbuntuCloudInfrastructure
[03:06] <bigjools> ok
[03:08] <disown> wait is clustering a form of distributive based raid  I see DBRD is used to do clustering but is clustering distributive based raid ?
[03:12] <bigjools> ok I fixed the wiki to say it shuts down after commissioning
[03:14] <bigjools> heading out to eat, back later, just leave the logs and I'll check when back
[03:14] <seijirou_> Thanks
[03:15] <seijirou_> Ok
[03:17] <seijirou_> DEFAULT_MAAS_URL = "http://192.168.10.10/"
[03:17] <disown> iscsi melmoth if your still out there is more general then even issuing scsi commands over tcp/ip for a HDD it can be used if I am correct for any device that excepts or understands scsi commands this allows you a distributive way to control anything. 1) create a scsi device that does what you want 2) uses iscsi as a means to issue the commands over the network. I can see it used for remote controling thing....hell this opens up
[03:17] <disown>  many worlds for me
[03:19] <disown> one could basically but any computer or electronic based device online with this or make it remote controllable
[03:21] <disown> so cool so cool now I know how I would do home surveillances or automation
[03:36] <seijirou_> Here is the bug were the last post describes the situation I was in.
[03:36] <seijirou_> https://bugs.launchpad.net/ubuntu/+source/juju/+bug/1015207
[05:09] <seijirou_> Okay so 1st issue after juju bootstrap and ubuntu is installed on remote node.  Box1 tries to connect to it by hostname, but it will not resolve.
[05:09] <seijirou_> Therefore errors liek this will repeat idefinitely
[05:10] <seijirou_> http://pastebin.com/GwYC1Q4E
[05:10] <seijirou_> To move past this, I must manually reboot the node
[05:11] <seijirou_> It will pull DHCP again, and then the name will resolve.
[05:11] <seijirou_> I am then prompted if i want to connect with ssh to which i say yes.
[05:11] <seijirou_> The errors in that pastebin will still continue indefinitely
[05:12] <seijirou_> It never changes.
[05:13] <bugzc_> Hey guys, I was wondering if anyone could tell me why the following outputs in chunks every now and then instead of the intended 'tail -F'-esque live output (one liner)? tail -F /var/log/squid3/access.log | perl -pe 's/^\d+\.\d+/localtime($&)/e;' | ccze -C
[05:14] <seijirou_> This time I'm not sure what went wrong, but I also can't manually "ssh ubuntu@Galaxy2" successfully... so the keys are broken again
[05:14] <bugzc_> passing tail's output to either ccze or the perl script works fine, but having both the script and ccze in there seems to cause the issue
[05:26] <seijirou_> So i'm going to try creating ssh keys again, and running maas-import-isos again because perhaps that updates the ssh key seeding thing, i'm not sure
[05:26] <seijirou_> then i'll pxe boot the node again
[05:28] <bigjools> seijirou_: maas-import-isos doesn't touch keys
[05:29] <bigjools> seijirou_: I need your cloud-init logs
[05:29] <bigjools> I can't see any DNS problems in that log
[05:33] <bigjools> the error is also nothing to do with ssh as far as I can see, it's zookeeper
[05:43] <seijirou_> at the end, the name resolves to some internet IP
[05:44] <seijirou_> if you try to nslookup any bogus name, you get 63.251.179.13 and 8.15.7.117
[05:45] <seijirou_> The pastebin shows attempts to connect to Galaxy2, the hostname of the node...
[05:45] <seijirou_> and then a ping of Galaxy2 comes back with the 63.251.179.13 IP.  not the correct 192.168.10.7
[05:46] <MicSat> Is anyone familiar with tomcat6 and apache2?
[05:46] <seijirou_> Previously I could ssh to the node manually but currently I cannot
[05:47] <seijirou_> I believe when the node PXE boots it should receive the MaaS' public ssh key.   THat doesn't seem to work consistently
[05:47] <seijirou_> Which is getting in the way of me retrieving those logs.
[05:48] <bigjools> is your dhcp server telling the nodes to use the right dns?
[05:48] <seijirou_> The maas box is the dhcp server
[05:48] <seijirou_> it claims itself for DNS
[05:49] <bigjools> let me repeat my previous answers and questions:
[05:49] <bigjools> 1. using juju doe *not* depend on maas ssh keys
[05:49] <bigjools> 2. please paste your cloud init logs
[05:49] <seijirou_> how can i retrieve them?
[05:50] <bigjools> put this in the preseed:
[05:50] <bigjools> d-i   passwd/user-password-crypted  password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4
[05:50] <bigjools> it'll set the password of the ubuntu user to "ubuntu"
[05:50] <bigjools> then you can ssh in
[05:51] <bigjools> or log in on the console
[05:51] <seijirou_> is this done through the same emthod the "
[05:51] <seijirou_> method the ntpdate -8  was done
[05:51] <seijirou_> mount and chroot
[05:51] <bigjools> when I say "is your dhcp server telling the nodes to use the right dns?" I mean, does the dhcp server have a configured domain?
[05:52] <bigjools> no
[05:52] <seijirou_> No domain
[05:52] <bigjools> just edit the preseed
[05:52] <seijirou_> Okay, I don't know where the preseed is
[05:53] <bigjools> have you got cobbler-web installed?
[05:53] <seijirou_> I'm not sure, does the guide I'm following install cobbler-web ?
[05:53] <bigjools> that would be the easiest way
[05:53] <bigjools> no
[05:53] <seijirou_> Ok.   apt-get install cobbler-web suffice?
[05:54] <bigjools> hang on a sec
[05:54] <seijirou_> Ok.
[05:56] <bigjools> ok just edit /var/lib/cobbler/snippets/maas_preseed
[05:56] <bigjools> and stick that line in there
[05:56] <bigjools> thankfully this cobbler stuff will not be around for much longer
[05:57] <seijirou_> donald@Galaxy1:/etc/cobbler$ cat /var/lib/cobbler/snippets/maas_preseed #import base64 #set $maas_preseed_data = base64.b64decode($getVar("MAAS_PRESEED","")) $maas_preseed_data  cloud-init   cloud-init/local-cloud-config string manage_etc_hosts: localhost d-i   passwd/user-password-crypted  password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4
[05:58] <seijirou_> formatting got lost, but otherwise look ok?
[05:58] <bigjools> yes
[06:01] <seijirou_> So when it pxe boots... it doesn't go through a re-install
[06:01] <seijirou_> it drops in to console pretty rapidly
[06:01] <seijirou_> and the login doesn't work, but i imagine nothing changed.  should i expect another OS install?
[06:02] <bigjools> yeah you probably need to reinstall
[06:03] <blackshirt> helllo
[06:03] <bigjools> sorry
[06:03] <blackshirt>  I have log entries like this in syslog : dovecot: imap(paijo): Error: user paijo: Couldn't drop privileges: User is missing UID (see mail_uid setting)
[06:03] <blackshirt> I try to setup dovecot to use LDAP backend
[06:03] <blackshirt> paijo was user entry on ldap database...
[06:04] <blackshirt> how we resolve this ??
[06:04] <blackshirt> anyone could help me ?
[06:09] <CyclicFlux> I had a bit of a follow-up question from a few hours ago.  I unfortunately had to roll away from the desk, and then had one thing to do after the other.  But my issue had to do with my assistant's crude tactics to essentially resolve an issue he saw in the tor-proxy log, to give tor's unix control domain socket the proper permissions, he applied chown -R username:root(he didn't realize that it was occuring due to him
[06:09] <CyclicFlux>  running it w/sudo as opposed to his user) to the /var/run directory in a crude attempt to resolve it.  for the past 30 min.'s or so I was
[06:10] <CyclicFlux> getting carried away with learning more about the access-controls in sockets/etc... so I can confidently fix it next. Could someone give me the output on their '/var/run' & then '/var/run/' sockets so I can account for any variance in application-specific differences in permissions.
[06:11] <CyclicFlux> Its this command stat -c '%A %a %n' /var/run
[06:12] <CyclicFlux> That will do the /var/run directory.  Then cd into /var/run do 'stat -c '%A %a %n' *' (this will get the sockets)
[06:12] <seijirou_> looks like maybe that encrypted passwords ends with a . ?
[06:13] <CyclicFlux> seijirou, hey bud! You remember me? I apologize for almost missing you earlier, but your insight proved to be the most beneficial!
[06:14] <seijirou_> lol hey, cool glad it helped
[06:15] <CyclicFlux> Do you mind running the stat commands above for me, and letting me know the octal outputs, the short-hand %'s allow for more customized formatting, and then octal output(accounts for all the bits whereas the ls -al doesn't)
[06:15] <CyclicFlux> Yessssireeee, it def. did!
[06:16] <seijirou_> lrwxrwxrwx 777 /var/run
[06:17] <seijirou_> http://pastebin.com/zC05Xej3
[06:17] <CyclicFlux> seijirou_, Thanks!!!!
[06:17] <seijirou_> No problem o7
[06:18] <CyclicFlux> seijirou_, I had a question, are you familiar with those 4-length octal permissions? Those are what I was just reading about
[06:19] <seijirou_> like the 1777 ?
[06:20] <CyclicFlux> seijirou_, yessssir
[06:20] <seijirou_> I don't use them... I got stuck on one once and I think it turned out to be some sort of access lsit
[06:20] <seijirou_> maybe it's an app-armor thing or something of that nature?
[06:21] <CyclicFlux> seijirou_, yeah they are like stick bits, but because most don't compile their own software anymore, its no biggie, but when messing around with the daemons, proxies, and other more advanced stuff I have ran into issues with users+group+UID&GID sticky/non-sticky bits.  So I was going over it, and playing around with it some.
[06:21] <seijirou_> ahh
[06:22] <seijirou_> Yeah i can't be much help there :)
[06:22] <CyclicFlux> seijirou_, you were a huge help! I wouldn't be much of a help either, lol!!!
[06:23] <seijirou_> lol every squirrel gets a nut eventually!  glad it helped :)
[06:24] <CyclicFlux> seijirou_, but the article is here if you ever get into trouble(it took me a while to find it, but it is legit, and goes through it in a way that you'll understand), I got eclipse to securely run and access server document root/etc.... w/o privilege, which I am not sure if your familiar is quite a feat, lol!
[06:24] <seijirou_> bigjools, in true murphy's law fashion i can log in to the node, but something is now broke with the juju box.
[06:24] <CyclicFlux> http://www.unixpeople.com/HOWTO/advanced.permissions.and.ACLs.html
[06:24] <seijirou_> That's Cyclic
[06:24] <seijirou_> Thanks even
[06:25] <seijirou_>  INFO Bootstrapping environment 'maas' (origin: distro type: maas)... Unexpected Error interacting with provider: 409 CONFLICT 2012-08-16 02:25:13,347 ERROR Unexpected Error interacting with provider: 409 CONFLICT
[06:25] <CyclicFlux> seijirou_, no doubt!!! I owe you one, and you were right they all fall under the ACLs
[06:26] <seijirou_> donald@Galaxy1:~$ juju status 2012-08-16 02:26:03,461 INFO Connecting to environment... juju environment not found: is the environment bootstrapped? 2012-08-16 02:26:03,497 ERROR juju environment not found: is the environment bootstrapped?
[06:26] <seijirou_> So 409 conflict i believe is when there's no available nodes
[06:26] <seijirou_> i did a juju destroy-environment
[06:27] <seijirou_> but I think the node is still considered deployed
[06:28] <seijirou_> And i can't delete the allocated node in the web ui
[06:29] <seijirou_> at this point i need to call it a night i will try to try again later.
[07:16] <Calthropstu> hi
[07:17] <Calthropstu> anyone alive in here?
[07:18] <Calthropstu> Starting web server apache2                                                  apache2: Syntax error on line 214 of /etc/apache2/apache2.conf: Syntax error on line 3 of /etc/apache2/httpd.conf: Syntax error on line 1 of /home/calthropstu/webpolicy/web_agents/apache_agent/Agent_001/config/dsame.conf: Cannot load /home/calthropstu/webpolicy/web_agents/apache_agent/lib/libamapc2.so into
[07:18] <Calthropstu> server: /home/calthropstu/webpolicy/web_agents/apache_agent/lib/libamapc2.so: undefined symbol: ap_run_http_method
[07:18] <Calthropstu> Action 'start' failed.
[07:18] <Calthropstu> The Apache error log may have more information.
[07:18] <Calthropstu>                                                                          [fail]
[07:19] <Calthropstu> :(
[07:29] <melmoth> Calthropstu, do you put an apache module in your home directory ?
[07:29] <melmoth> if you choose to have your home directory encrypted, apache will never be allowed to read its content
[07:33] <dax_roc> Morning all
[07:33] <dax_roc> Is it possible to get a list of installed packages and what categories they belong to ?
[07:33] <dax_roc> *Grouped by category
[09:04] <amcsi_work> I have problems on my ubuntu 10.04. When git pushing to it though ssh, it gets stuck while writing files. There seems to be some sshd problem that causes this. Is anyone familiar with this?
[09:27] <chm007> Hi. I have successfully installed Ubuntu OpenStack following this procedure (http://uksysadmin.wordpress.com/2012/03/28/screencast-video-of-an-install-of-openstack-essex-on-ubuntu-12-04-under-virtualbox/#comment-649). Unfortuanetely, when I tried to create a new instance, I get this Nova message (Error: Unable to launch instance: Can not find requested image (HTTP 400)). Where can I found nova error log as I use the Ubuntu Dashboard
[09:27] <rbasak> amcsi_work: if that's not just a slow upload, it could be an MTU problem
[09:29] <amcsi_work> http://pastebin.com/px5FuxG7 <- here is when I try to scp a large file onto this bad server
[09:31] <amcsi_work> with scp -vvv
[09:39] <freakynl> hi, i'm having really poor write performance on a 7 disk raid-5 set, even after some tuning I can get around 60MB/s max sequential. The disks I have tested individually before putting them in the raid did around 110-90MB/s (depending where on the disk you write, beginning of the disk is faster than the end oc)
[09:39] <freakynl> now I did notice when I was at the noc last time that on 2 of the disks the activity led burns permanently, on the other 5 it just blinks a bit
[09:40] <freakynl> smart doesn't show any unusual things tho', some reallocated sectors and CRC errors but that's it
[09:46] <_ruben> freakynl: does iostat show any uneven distribution of activity?
[09:49] <freakynl> _ruben: no, but since I have buffers it should be trying to complete entire stripe writes before moving to the next
[09:50] <freakynl> so I wouldn't quite expect that either. That said, since they do show the same cmds/s one would expect all activity leds to burn more or less the same instead of 2 constantly and the others blinking
[09:54] <freakynl> what is horrible tho' is that one of the disks (the spare) has pending sectors so running badblocks on it (badblocks doesn't find anything, yet the sectors remain pending... weird too). That disk does 100MB/s and the entire md4 is stuck at around 8MB/s now. Not checksumming either, cpu is hardly loaded (~95% idle)
[09:54] <freakynl> it's random now tho', but even then considering it's 7 disks it's horrible
[09:55] <freakynl> running smartctl -t offline on the disk with the pending sectors doesn't help either. If anyone has some ideas on that, would be welcome too. Receiving e-mails from smartd every day now. At some point one stops looking at them and that's bad ;)
[09:56] <AdvoWork> silly question maybe, but how can i tell if my version of ubuntu is server or non-server, from the CLI?
[09:58] <freakynl> AdvoWork: not sure, is it not in /etc/issue?
[09:59] <bhosmer> If you cat /etc/lsb-release there isn't anything that dustinguishes server from desktop.
[10:01] <bhosmer> Is there really any difference aside from x and some desktop software?
[10:11] <AdvoWork> bhosmer, i suppose actually, when i boot up, i only get CLI, so that would indicate server
[10:14] <bhosmer> AdvoWork: or x was disabled. If you type starts does anything happen?
[10:14] <bhosmer> Sorry, startx
[10:14] <AdvoWork> to bne fair, ive just looked at the iso i downloaded "server" springs to mind lol
[10:14] <AdvoWork> doh!
[10:14] <bhosmer> This autocorrect is driving me nuts!
[10:14] <freakynl> afaik there isn't much difference expect the default kernel and package selection
[10:15] <bhosmer> Does the default desktop install include sshd?
[10:16] <freakynl> I dunno don't run desktop ;)
[10:16] <bhosmer> Me either!
[10:16] <freakynl> but ssh is very common, even on desktops
[10:17] <bhosmer> I was trying to think of a package included in the server but not the desktop.
[12:45] <afuentes> how to purge packages installed with tasksel?
[12:51] <freakynl> _ruben: extended stats (iostat -x 2) show await, r_await and w_await values 4-20* larger than the other disks in the set consistently
[13:09] <_ruben> freakynl: all disks on same controller?
[13:09] <_ruben> I'd say either dying disks or crappy controller for those disks
[13:11] <freakynl> _ruben: lsi sas controller. All disks (in this set) are on the same controller
[13:12] <_ruben> freakynl: then if the IO/s are similar, but the waits higher, I'd be blaming the disks
[13:36] <rbasak> Is vmbuilder the current recommended way of setting up fresh installs on libvirt? Or should I be using something else?
[13:52] <njin> Hallo, in raid1 when I reconnect one of the disks, teorically them will be automatically synced, but this not happens, syncing is starting only when manually add the device to mdadm. Can you tell me wich is the package responsible of this fail so I can open a bug report. Thanks in advance
[13:52] <xnox> njin: mdadm if you use software raid
[13:53] <xnox> njin: this is not a bug, but a known feature
[13:53] <xnox> njin: because if two drives have modifications, at resync you can get silent data loss
[13:53] <njin> xnox, thanks, so i will update the testcase
[13:54] <xnox> njin: e.g. unplug one drive: modify a document; unplug the first drive, plug the second one in: modify a document; plug both in & try to sync
[13:54] <xnox> you will loose data =/
[13:54] <xnox> it's not git it doesn't know about conflicts well enough =)
[13:55] <njin> ok, thanks for the clarify
[14:23] <rbasak> hallyn: we couldn't SRU a feature change to start using distro-info - that's why I filed a separate bug just to backport the quantal support using the same mechanism being used currently.
[14:28] <dr-fnord> anyone has a fix for apt-mirror and the i18n bug?
[14:42] <smb> zul, Ok, so chinstrap/~smb/4review would be fixing my little annoyance ;)
[14:42] <zul> smb: cool ill get to it today
[14:42] <smb> zul, Ok, thanks
[14:56] <hallyn> rbasak: we couldn't?
  ok.  patches for both bugs welcome :)
[14:56] <rbasak> hallyn: I'll dig into it if I get time. But bug 1037607 is a bit more serious :-/
[14:57] <hallyn> rbasak: i believe it was at oneiric that we decided to phase out vmbuilder
[14:57] <hallyn> maybe it was natty
[14:58] <rbasak> hallyn: what should I be using instead?
[14:58] <hallyn> anyway first i'll be focusing on bugs 1035320, 997978 and 1037331
[14:58] <hallyn> rbasak: cloud images?
[15:22] <freakynl> _ruben: thx :)
[15:25] <p0s> i just figured out a fundamental security issue with terminal-only ubuntu machines: if i run malicious software with a restricted account, the terminal typically allows full control of everything which is displayed on screen. the software therefore could fake the whole shell and when i type "logout" it could display its own fake login screen to grab passwords for other accounts. if it cannot "su" to the user account which i entered the data for, it
[15:25] <p0s> could just display "wrong password" and drop to the real login screen. it could repeat this until it has acquired root.
[15:26] <p0s> i am wondering whether there is a standard fix to this vulnerability?  IMHO the easiest would be a reserved key on the keyboard which forces logout, which cannot be re-directed by any software, and which cannot be even monitored by non-root software. is there a software which allows this?
[15:27] <hallyn> friend of mine harvested a slew of passwords that way in 1994
[15:27] <p0s> another solution would be to make /etc/issue only readable by root and make it display a special private "reverse" password, that is a password which the system login screen displays to authenticate itself to the user. however i think it is questionable whether all system software treats /etc/issue as private?
[15:27] <p0s> hallyn:  ewww.
[15:28] <p0s> i think this issue is so severe that i cannot understand why there seems to be nothing against it in ubuntu or debian standard setup.
[15:28] <hallyn> but the key already exists - google sysrq
[15:29] <p0s> hallyn: i know about sysqr but AFAIK it is more of a debug settings than a standard key, isnt it?
[15:29] <hallyn> p0s: no.  alt-syrq-k
[15:29] <hallyn> see http://www.mjmwired.net/kernel/Documentation/sysrq.txt
[15:30] <p0s> hallyn: ooh, just found that: http://en.wikipedia.org/wiki/Secure_Access_Key
[15:32] <p0s> hallyn: your document says that it is not really a secure access key. line 138
[15:33] <hallyn> p0s: i don't remember why that's there.  read the c2 reqs.  I suspect it does what you want, but not enough for government compliance purposes.
[15:33] <hallyn> (or go ask on #ubuntu-hardened, they probably remember)
[15:33] <p0s> thank you
[15:36] <p0s> "alt+print+k" seems to work on my ubuntu 12.04 server
[16:49] <zul> adam_g: looks like we have another weird ass ftbfs for nova http://pastebin.ubuntu.com/1151019/
[17:13] <RoyK> any idea how long it should take for linux md/ubuntu to give up on a drive? I think one of my drives failed, some 15 minutes ago, and the system is still blocking i/o. shouldn't md get rid of this drive soon?
[17:35] <hallyn> stgraber: I"m going to look at fixing bugs 1031043, 1037331, 1037626, 918327, and 1019398 in q.  Anything to add, or any objections?
[17:37] <stgraber> hallyn: looks good, can't think of something to add
[17:37] <hallyn> thx, ttyl
[18:09] <hallyn> stgraber: gah.  ubuntu:lxc tree is out of date
[18:09] <hallyn> also, arm builds are out of date (?)
[18:09] <hallyn> i guess i'll import-dsc into ubuntu:lxc
[18:10] <hallyn> hm, dep wait
[18:13] <hallyn> d'oh.  i need to make it only depend on seccomp on x86
[18:13]  * hallyn files a bug for himself against himself 
[20:10] <shadeslayer> has anyone here setup a custom apt archive using reprepro?
[20:20] <Daviey> adam_g: hey
[20:20] <Daviey> Are you currently working on the lessc issue with horizon?
[20:22] <adam_g> Daviey: i was looking at it yesterday
[20:23] <adam_g> Daviey: https://answers.launchpad.net/horizon/
[20:23] <adam_g> Daviey: er, https://answers.launchpad.net/horizon/+question/20592
[20:23] <adam_g> Daviey: gabriel's suggestion seems... not feasible
[20:23] <sauce> if i want to config static IP, it is "sudo dpkg-reconfigure <what goes here>??"
[20:24] <jpds> sauce: sudo vim /etc/network/interfaces
[20:24] <sauce> i want the text UI
[20:24] <jpds> sauce: That is a text UI.
[20:24] <jpds> sauce: And $ man interfaces
[20:25] <sauce> i think you know what i mean good sir :)
[20:25] <jpds> No, dpkg doesn't handle networking.
[20:25] <adam_g> Daviey: i'd think you would be able to use the lessc interpreter to generate all of the static files from a directory of the dynamic .less files. if thats the case, we could snapshot it all at the end of the cycle, and include it in our packages instead
[20:25] <Daviey> adam_g: right.. so i was thinking.. we either compress at source package creation time.. using something smarter..
[20:25] <Daviey> OR.. if using it at run time.. make node a Suggests: and wrap usage in an if statement
[20:25] <Daviey> what do you think?
[20:25] <Daviey> ie, compressing isn't /required/
[20:26] <sauce> jpds: i think you are right, cause i can't find it
[20:26] <Daviey> adam_g: requiring nodejs as a source package developer dep is ok.
[20:27] <adam_g> Daviey: what do you mean 'something smarter
[20:27] <adam_g> TBH yesterday was the first time i've ever looked at anything like this, so i don't fully grok it yet
[20:29] <Daviey> adam_g: smarter than the lp-answers suggestion
[20:29] <adam_g> Daviey: oh, right
[20:29] <sauce> jpds: i think i was thinking of centos
[20:29] <adam_g> Daviey: same. AFAIU, lessc can be used to generate the static files
[20:30] <adam_g> Daviey: but i had no luck with that yesterday given the horizon source tree, so..
[20:30] <Daviey> adam_g: the other option is making node a Suggests and adding to the settings, if os.path.exists('/usr/bn/node'): COMPRESS_ENABLED = False
[20:31] <adam_g> Daviey: if compression is diabled, it would expect static versions of the js and css files, no? those would need to be generated and included in packaging
[20:31] <Daviey> pass.
[20:31] <adam_g> pass?
[20:32] <Daviey> NFI :)
[20:32] <adam_g> im going to open a bug so we can at least discuss and track there, hopefully with some help from people who know how this stuff works :)
[20:32] <Daviey> +1
[20:34] <adam_g> Daviey: in the menatime, http://people.canonical.com/~agandelman/nova-fail.tar <-- is there any obvious reason why 'debcommit' is failing with the given changelog?
[20:36] <adam_g> oh jeez, there are 18 entries for the last versoin
[20:38] <Daviey> adam_g: looking
[20:39] <Daviey> adam_g: all the same version number?!
[20:39] <adam_g> Daviey: ya, thats what the issue is
[20:40]  * adam_g probably broke the build-script 
[20:43] <Daviey> adam_g: dave@frap:/tmp/horizon-2012.2~f2$ bin/less/lessc ./openstack_dashboard/static/dashboard/less/horizon.less <--- seems to work
[20:44] <adam_g> Daviey: ya, there a few that actually compile into something.
[20:46] <Daviey> adam_g: some of them don't.. but i think that is because of inheritance
[20:46] <Daviey> horizon.less seems to be the lowest level of the stack, that imports the other crud.
[21:00] <smw_> how can I test if a cable is physically plugged into my server?
[21:00] <smw_> (ethernet cable)
[21:02] <smw_> nm, find mii-tool
[21:04] <jcastro> jamespage: hey so don't take this the wrong way
[21:05] <jcastro> but your blog background thing makes the whole thing unreadable
[21:31] <kyle__> On server, if I install ubuntu-desktop, will I get unity, and still have it boot right to console?
[21:36] <smw_> kyle__, no, it would end up starting X at boot
[21:36] <smw_> you would need to disable the lightdm service
[21:37] <smw_> but you probably do not want ubuntu-desktop for a couple reasons
[21:37] <smw_> 1. it installs a bunch of stuff you don't need
[21:37] <smw_> 2. It installs unity and there are better options out there
[21:38] <kyle__> smw_: I'm putting togeather a VM that I want a desktop on, but form my experience X run out of vncserver is more responsive on a VM, than X run off of the virtualized video card.
[21:38] <kyle__> smw_: For me, I'd go with xfce4, but we wanted to have unity for those who were fond of it.
[21:40] <smw_> heh, people are fond of it? That is interesting...
[21:41] <hallyn> stgraber: oy.  autoconf is kicking my ass with seccomp, especially as the package build doesn't automatically fix up configure from configure.ac.  I'm tepmted to drop seccomp from q, and wait until it comes in through upstream
[21:41] <hallyn> stgraber: do you care?
[21:42] <kyle__> smw_: We have a few adventurous (for our school) undergrads who play with ubuntu.  They seem to like unity.
[21:42] <hallyn> I'm also disheartened that i've not heard any response from Daniel :(
[21:42] <kyle__> smw_: I don't want to give them the impression that *nix is arcane, and I worry they'll feel that way if I force them into xfce or something odd.
[21:43] <smw_> kyle__, yeah, if they are adventurous, give them gnome-shell and point them to extensions.gnome.org ;-)
[21:43] <stgraber> hallyn: well, I'd rather have the features before feature freeze... didn'y you switch to dh-autoreconf to workaround that kind of problem?
[21:43] <hallyn> i thought so
[21:44] <smw_> kyle__, but anyways, that makes sense. I just can't stand unity. I gave it a fair hearing. I also put the same effort into gnome shell afterwards and ended up choosing gnome-shell
[21:44] <smw_> kyle__, but if giving it to people who have never seen linux before, I still recommend xfce
[21:44] <kyle__> smw_: Adventurous for this school is, opened terminal on OS X, or mounted network drive from CMD in windows.
[21:44] <hallyn> all right let me give it just a bit more time i gues
[21:44] <smw_> kyle__, even if it is not pretty and to some that would make it look "arcane" ;-)
[21:44] <smw_> kyle__, lol
[21:44] <hallyn> stgraber: note if i dropped it, it wouldn't go back in until r
[21:46] <kyle__> smw_: I've banished windows from all hardware, it's only available via virtualbox, and so far I've received no push back.  Most of my users are now comfortable using OS X and Ubuntu instead.  Baby steps.
[21:46] <smw_> kyle__, nice
[21:46] <hallyn> stgraber: am i supposed to manually call autoreconf?  i don't see anything in dh_auto_configure or debhelper manpages about it
[21:47] <smw_> kyle__, I don't know how people deal with unity... but whatever
[21:47] <smw_> kyle__, people will grow up using it and then eventually I will be considered the old guy who refuses to change :-P
[21:47] <stgraber> hallyn: I think there's a new shiny --with autoreconf or something similar
[21:48] <kyle__> smw_: On reasonable physical hardware  it doesn't get in the way enough for most people to change it.  And the big "CLICK ME!" buttons for office and firefox make it easy for newbs.
[21:48] <stgraber> hallyn: man dh-autoreconf
[21:48]  * kyle__ still uses fluxbox when he can.
[21:48] <stgraber> hallyn: apparently --with autoreconf is what you want
[21:48] <hallyn> for all dh commands?
[21:48] <hallyn> huh
[21:48] <smw_> kyle__, fair enough
[21:49] <smw_> kyle__, but once you start working with multiple workspaces...
[21:49] <hallyn> stgraber: so is the '--with autotools_dev' that's in there bogus?
[21:49] <smw_> kyle__, at this point. I suggest gnome-shell to someone who has the time to figure it out
[21:49] <smw_> kyle__, and xfce to the people who need something to just work :-)
[21:50] <hallyn> (trying)
[21:50] <stgraber> hallyn: it might be doing something else, don't know. You can have multiple --with statements IIRC
[21:50] <hallyn> yeah it didn't complain about it at least
[21:51] <hallyn> stgraber: thanks.  that still leaves my painful inability to get the right flags passed to gcc, but i'll figure it out :)
[21:51] <hallyn> ah actually i think that fixed that too
[21:58] <hallyn> stgraber: thanks
[21:58] <hallyn> (now configure just fails on arm.  i prolly messed up configure.ac)
[22:00] <jamespage> jcastro, which browser do you use?
[22:20] <trimeta> Are there any disadvantages to running smartctl tests on a regular basis? I'm considering writing a cronjob to test my drive once a week (well, it's an array of six drives, so each day I'd test a different drive), but I don't know if overtesting can cause problems.
[22:23] <RoyK> bug 882485
[22:23] <RoyK> seems ubuntu is a kiddie distro to me
[22:32] <PatrickDK> trimeta, test slow down the disks
[22:33] <PatrickDK> generally not noticable, but it can cause strange delays though
[22:33] <trimeta> Sure. But if I schedule it at like 3 AM when I'm unlikely to be using the disk, are there any other issues?
[22:33] <PatrickDK> other than the normal issues? no
[22:34] <trimeta> OK. I think I'll schedule that, just to give me some peace of mind on disk integrity.
[22:34] <PatrickDK> the only test worth running, is the long test
[22:34] <trimeta> I figured as much.
[22:43] <trimeta> I don't need anything fancy to install a cronjob, just dropping a script in /etc/cron.daily/ should work, right?
[22:51] <hallyn> trimeta: yup.
[22:51] <hallyn> (i usually prefer to use my crontab so i have precise control, but...)
[22:52] <trimeta> Awesome. I had a...slight problem with an earlier system (I had RAID 5, but when the system shut down due to unknown errors I turned it back on and waited a few weeks before actually diagnosing it, by which time a second drive had died), so I'm being really paranoid about this one.
[22:52] <SpamapS> hallyn: feature request for the ubuntu-cloud template... allow some way to have the tar file un-gzipped in cache...
[22:52] <SpamapS> hallyn: creating containers just sits and pegs my poor little core2duo
[22:52] <SpamapS> root     18588 21.7  0.0  23896  2068 pts/4    S+   15:51   0:02                          \_ tar -zxf /var/cache/lxc/cloud-precise/u
[22:52] <SpamapS> root     18589 81.8  0.0   8936   660 pts/4    R+   15:51   0:09                              \_ gzip -d
[22:54] <hallyn> SpamapS: soudns fine to me.  i do prefer to leave ubuntu-cloud template to utlemming.  utlemming: ^ sound ok?  do you have time to do it, if so?
[22:55] <SpamapS> hallyn: ah. :)
[22:56] <SpamapS> its possible I'll just be trading a pegged CPU for a pegged slow hard disk :p
[22:58] <hallyn> SpamapS: a slightly more cramped disk, but not by much.  no it's probably worth it
[23:08] <phillw> hi guys, I put a daily build onto a VM and it hung at the 4 dots. do you guys know of a way to get an error report from a remote VM?
[23:09] <phillw> quantal-server-amd64.iso from yesterday
[23:16] <xnox> phillw: please define yesterday in terms of image date =) as half the world has switched time now =)
[23:16] <xnox> s/time/date
[23:17] <xnox> phillw: according to https://jenkins.qa.ubuntu.com/view/Quantal/view/ISO%20Testing%20Dashboard/
[23:17] <xnox> last good image is 20120815
[23:17] <xnox> for server
[23:18] <phillw> xnox: okies, I'll go zsync it up and give it a try. Do any of you have a decent b/band speed?
[23:19] <xnox> phillw: i do.
[23:19]  * xnox has 100 Mbit/s
[23:19] <phillw> I'm happy to assign the last IPv4 and VM over to one of you guys, you can use it far more efficiently that I can.
[23:20] <SpamapS> hallyn: I dunno, might not be as much of a win as I thought
[23:20] <phillw> I'm lucky to get 512 Mb/s
[23:22] <xnox> phillw: not sure i need an IPv4 address. I am happy that HP has two blocks 15.* & 16.* because they now launched public cloud with all of those IPv4s ! Win =)
[23:24] <phillw> xnox: okies, if you do need that last ipV4, I can allocate it else where.
[23:24] <xnox> phillw: _I_ do not need it personally. But somebody else here might ;-)
[23:25] <phillw> it was reserved to test 12.10 server on a commercial VM
[23:25] <phillw> I can go allocate it to another team.
[23:35]  * xnox is not part of this team =)
[23:39] <SpamapS> weird
[23:40] <SpamapS> one container created with lxc-create manually works fine. the other one gives a perm denied when I run sudo while chrooted into its rootfs
[23:40] <SpamapS> or while the contianer is running
[23:40] <SpamapS> same perms..
[23:40] <SpamapS> open("/etc/sudoers", O_RDONLY)          = -1 EACCES (Permission denied)
[23:42] <SpamapS> hmmm.. locales...
[23:47] <stgraber> SpamapS: assuming you're getting this as root, that sounds like an apparmor weirdness
[23:47] <stgraber> SpamapS: anything relevant in dmesg?
[23:48] <SpamapS> stgraber: nothing
[23:48] <SpamapS> lxc-start does keep hanging enough for the hung process timer to kill it
[23:48] <SpamapS> and lots of these:
[23:48] <SpamapS> [193915.264149] unregister_netdevice: waiting for lo to become free. Usage count = 1
[23:49] <stgraber> oh, good, the kernel team was looking for people who can reproduce that on ^
[23:49] <SpamapS> oh?
[23:49] <SpamapS> Linux clint-MacBookPro 3.5.0-8-generic #8-Ubuntu SMP Sat Aug 4 04:42:28 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
[23:49] <SpamapS> I haven't rebooted in a while
[23:49] <stgraber> yeah, I've tried reproducing it here without much luck, it showed up a month or so ago
[23:50] <SpamapS> oh and I have like, 30 veth network-interface-security upstart instances running
[23:50] <stgraber> bug 1021471
[23:50] <SpamapS> stgraber: still the two seem unrelated. :-P
[23:51] <stgraber> yeah, the sudo stuff is really weird... might be worth starting it unconfined to check if it's apparmor or some other weirdness
[23:52] <stgraber> anyway, please confirm bug 1021471, that might help the kernel team figure out what they broke ;)