[00:19] <unclezipper> Hey, could anyone here help me out? I'm having a bit of a problem with OpenSSH.
[01:18] <_KaszpiR_> just state your problem, we're not reading in minds...yet
[01:18] <_KaszpiR_> sigh, split view ftw
[08:16] <lifeless> hallyn: you might enjoy https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/1077838
[08:16] <uvirtbot`> Launchpad bug 1077838 in qemu-kvm "qemu-nbd -r -c taints device for subsequent usage, even after -d" [Undecided,New]
[08:28] <soren> lifeless: Yeah, the nbd driver doesn't seem to clear the flags of the nbd_device struct on disconnect.
[08:29] <lifeless> soren: or alternatively set them to the desired state on connect
[08:29] <lifeless> soren: which I suspet is more robust; doing a narrow fix now
[08:35] <soren> lifeless: Hm. The NBD_SET_FLAGS ioctl doesn't seem to be handled by the kernel at all.
[08:36] <soren> lifeless: ...because qemu does try to reset the flags on init, but AFAICT, the ioctl is ignored.
[08:38] <lifeless> soren: I can't see any code to reset BLKROSET on init at the moment, except when RO is requested.
[08:38] <lifeless> soren: I'll have a test package in a second to see if this works
[08:40] <soren> lifeless: Oh, you're right.
[08:40] <soren> blockdev --getro /dev/nbd2
[08:40] <soren> 1
[08:40] <lifeless> :)
[08:40] <soren> I maintain, though, that the flags local to the nbd driver also don't seem to get reset. :)
[08:41] <lifeless> I don't disagree
[08:41] <lifeless> there may be security implications in there though
[08:41] <lifeless> which is why I think resetting on connect is better than resetting on disconnect
[08:44] <lifeless> I bet LP just corrupted the mime type...
[08:44] <lifeless> no, whew.
[08:45] <lifeless> soren: patch attached
[09:01] <lifeless> soren: are you testing the patch ?
[09:01] <lifeless> soren: I'm just fighting with my vm .. qemu makes gcc go large:
[09:01] <lifeless>   CC    x86_64-linux-user/target-i386/translate.o
[09:01] <lifeless> cc1: out of memory allocating 11522544 bytes after a total of 101806080 bytes
[09:08] <Daviey> mikal: Hey, you can approve an openstack CLA membership, right?
[09:11] <Daviey> lifeless: nice, you attached a patch.  As you identified, hallyn would be the best person to revew it.. but he probably won't be around today.
[09:11] <lifeless> Daviey: patch is bust, fixing :)
[09:11] <Daviey> (also, a dsc and changes doesn't really help.)
[09:11] <Daviey> (debdiff is plenty)
[09:11] <lifeless> Daviey: they were advance defense against the crazy triagers
[09:13] <Daviey> lifeless: the server team are indeed crazy.
[09:13] <lifeless> I had my senses reversed.
[09:14] <lifeless> soren: ^ switch the = 0 and = 1 lines, and it should work
[09:14] <lifeless> Daviey: :P
[09:22] <mikal> Daviey: oh hi
[09:22] <lifeless> Daviey: would love to see this backported to quantal & precise; should be pretty low risk
[09:22] <mikal> Yeah, that's one of the things I normally do
[09:22] <mikal> I'll take a look at the queue now
[09:25] <mikal> Daviey: who was asking for approval? I'll do the three in the queue now...
[09:26] <Daviey> mikal: yolanda has been wanting it since Friday
[09:27] <Daviey> lifeless: yeah, looks reasonable.. I'm sure hallyn will help it along.  Out of itnerest, what were you trying to achieve when you hit this?
[09:27] <lifeless> Daviey: I use qemu-nbd to extract the kernel and ramdisk from a qcow2 ami in openstack, so they can be passed to the NTT baremetal code, which PXE boots every time
[09:27] <lifeless> Daviey: avoids folk needing to manually configure it
[09:28] <mikal> I just approved Yolanda
[09:28] <mikal> Its super manual at the moment
[09:28] <lifeless> Daviey: but, I didn't want the image getting futzed with by ext4 journal replay or anything, so I passed -r
[09:28] <mikal> It takes one of two or three people to notice
[09:28] <mikal> They're working on automating it
[09:28] <lifeless> Daviey: separately, we use qemu-nbd when putting ami's together... and I noticed this when the put-it-together code depramed its toys without warning
[09:31] <lifeless> Daviey: or - https://plus.google.com/105660309458564946897/posts/Qpwi9LUDcAN :)
[09:34] <Daviey> lifeless: erm, isn't this what libsomethingsomething was invented for?
[09:34] <Daviey> libguestfs?
[09:35] <lifeless> Daviey: if I could find said thing, sure.
[09:35] <lifeless> Daviey: well, presumably it will run smack bang into the same thing, or would need fixing to use readonly block devices, and then run into the same thing
[09:36] <lifeless> Daviey: (thanks for the pointer, may simplify our code)
[09:36] <lifeless> Daviey: I knew something was out there but had 0 luck remembering the name at the relevant time
[09:38] <jotterbot1234> Hello everyone, does anyone have any experience with Hardware RAID here?
[09:38] <lifeless> jotterbot1234: assume the answer is yes
[09:39] <lifeless> Daviey: so - guestmount -r, should in principle hit the same bug.
[09:39] <jotterbot1234> indeed I do assume so
[09:39] <jotterbot1234> Am I able to post a link to serverfault with a problem I am having ?
[09:40] <jotterbot1234> does that violate any channel rules?
[09:40] <lifeless> not that I'm aware of
[09:42] <soren> lifeless: Why would it hit the same bug?
[09:42] <soren> lifeless: It doesn't use nbd at all.
[09:44] <soren> lifeless: It fires up a VM, attaches your disk image, and marshalls requests from your application through to a deamon running in the VM.
[09:46] <jotterbot1234> http://serverfault.com/questions/447682/raid-50-24port-fast-writes-slow-reads-ubuntu
[09:46] <jotterbot1234> Any help with this would be greatly appreciated!
[09:49] <lifeless> soren: *blink*
[09:49] <lifeless> soren: that is not at all how I imagined it would work
[09:51] <lifeless> soren: that said, what code does kvm use for dealing with qcow2? - I guess it manages it without a kernel block device?
[09:51] <soren> lifeless: I can relate.
[09:51] <soren> lifeless: Yeah, it's all userspace. qcow2 originated in qemu.
[09:51] <lifeless> yah, I knew that :>
[09:52] <soren> lifeless: I can appreciate the fact that it keeps everything neatly in userspace. I can also appreciate the fact that it probably protects your from a bunch of security problems as a result.
[09:52] <soren> ...but it still just feels... wrong.
[09:53] <lifeless> the guestfs-faq is very ... opinionated
[09:54] <lifeless> if I wasn't so keen on nuking openstack disk param injection, I'd consider porting it to use libguestfs if it doesn't already.
[09:55] <lifeless> 'Ubuntu .. Canonical decided to change the permissions on the kernel so that it's not readable except by root.  This is completely stupid, but they won't change it... So
[09:55] <lifeless>            every user should do this:
[09:55] <lifeless>             sudo chmod 0644 /boot/vmlinuz*
[09:55] <lifeless> '
[09:57] <lifeless> soren: *very* opinionated :)
[09:59] <lifeless> unless I'm missing something though, richard jones is assuming root access in the first place
[09:59] <lifeless> which kindof misses the point, doesn't it ?
[10:38] <soren> lifeless: Where is he assuming that?
[12:12] <taalas1> Hi, I am currently trying to provide an Ubuntu 12.04.1 Server network install image. I do ave a working PXE environment using tftp and nfs exports. This works very well for Ubuntu Desktop, but following the same configuration for server the installation stops and says that it cannot find the installation medium (CDROM). Is there anything I should be doing differently when netbooting server install?
[12:14] <rbasak> Using NFS sounds a bit odd to me. What are you using NFS for, and is there a particular reason you went down that route?
[12:16] <taalas1> I am using an NFS export to provide client access to the installation files. Is there a better way I should be doing this?
[12:20] <rbasak> The usual way is to PXE/TFTP for the d-i netboot kernel and initrd images, supply a preseed URL on the kernel command line, serve the preseed over HTTP and then the installer will fetch everything else directly from an archive mirror over http. You can run your own mirror or proxy cache there if you want, using the preseed to point to it.
[12:20] <rbasak> Also look into MAAS, though I'd recommend running 12.10 MAAS as there were major improvements over the 12.04 version
[12:21] <rbasak> (you can still deploy 12.04 servers)
[12:24] <taalas1> fetching the packages from an official mirror would be fine. the main reason I am doing this is, that I need a diskless install
[12:25] <taalas1> Is there any article you know of that would explain the needed steps in detail (where to get the netboot kernel, etc)
[12:26] <rbasak> I'm not sure
[12:27] <rbasak> (of an authoritative place where this is documented)
[12:27] <rbasak> To see it in action install maas from 12.10
[12:27] <rbasak> If that does what you need then great
[12:27] <rbasak> If not, http://archive.ubuntu.com/ubuntu/dists/precise/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/ for the netboot installer kernel/initrd
[12:29] <rbasak> Also https://help.ubuntu.com/12.04/installation-guide/amd64/appendix-preseed.html
[12:29] <taalas1> great, thank you. I will look into both options
[12:30] <taalas1> Do I have to use preseeding, or can I simply boot the netboot and then supply the source manually? which source would that be for 12.04.1 server?
[12:30] <rbasak> Without preseeding it'll work fine, but you'll have to answer all the questions manually. Preseeding just pre-answers all the questions for a fully automated install
[12:31] <rbasak> When netbooting, the 12.04/12.04.1 distinction doesn't really matter. You'll always get the latest from precise-updates
[12:32] <rbasak> It'll default to the correct source
[12:32] <taalas1> thank you very much
[12:32] <rbasak> When you netboot you basically just get what you'd get if you had booted the CD manually. The installer will just do the right thing
[12:32] <rbasak> (there are some minor differences but I don't think they'll matter to you)(
[13:24] <taalas1> rbasak: Just wanted to let you know that the netboot option worked flawlessy, thanks again. Will look into MAAS, too, but for now this did exactly what I wanted to achieve
[13:24] <taalas1> rbasak: I did get the initrd for this netboot from the server install iso. At later stages of the installation it is possible to also choose desktop components. Can I use this netboot to install any flavor of Ubuntu? Also, is there any difference between server and desktop except for these package options?
[13:25] <rbasak> taalas1: the only differences between server and desktop are install method and package selection
[13:26] <rbasak> (AFAIK. I hope I'm not missing something)_
[13:26] <taalas1> rbasak: I see. So I could use this PXE Netboot for Desktop clients as well...that's very neat :)
[13:57] <janet> I wonder how long it would take to run an internet-wide port scan
[14:00] <TheLordOfTime> infinitely long/.
[14:23] <zul> alrighty libvirt 1.0.0. uploaded
[15:12] <Pooper> Hi all, I created a software based array of disks (4x3TB) using mdadm RAID 5. I then used mkfs.ext4 to partition with the following parameters:  -b 4096 -E stride=128,stripe-width=384... Now that the array is mounted, when I transfer files to it the md5sum of the files changes with respect to the original.... Any ideas as to why this is happening?
[15:13] <xnox> anything interesting in the /var/log/syslog?
[15:13] <xnox> or dmesg?
[15:17] <Pooper> xnox, here is a snippet of dmesg http://paste.ubuntu.com/1353328/
[15:17] <Pooper> xnox, /var/log/syslog looks fine
[15:19] <Pooper> xnox, any ideas?
[15:21] <xnox> Pooper: there is not enough details, but there have been reports of checksum mismatches on files on linux-raid mailing lists. I have not seen / reproduced them.
[15:22] <xnox> but it sounds like the best place for you to seek expert advice.
[15:22] <Pooper> xnox, but is this an issue with GPT partitions?
[15:23] <xnox> that. should not matter at all.
[15:38] <smoser> adam_g, jamespage gwd is interested in trying to get openstack xen/xcp path installable as juju charms
[15:38] <smoser> (whoohoo!)
[15:38] <smoser> i pointed him at http://bazaar.launchpad.net/~gandelman-a/+junk/juju-deployer/files
[15:38] <smoser> but i'm sure there is omething better.
[15:39] <smoser> he's hoping to basically go from maas to xen/xcp based openstack
[15:40] <gwd> adam_g, jamespage: So glancing through the "deployments.cfg", it looks like I might want to take the "nova-compute" charm and add some new "virt-type" options to it...?
[15:41] <jamespage> smoser, gwd: no adam_g this week :-)
[15:41] <jamespage> gwd: thats a good place to start
[15:42] <jamespage> nova-compute is the nux of the openstack charms in terms of hypervisor
[15:42] <jamespage> so its where xen should be integrated...
[16:08] <jamespage> gwd: I actually see ""xen") compute_pkg="nova-compute-xen";;" already in the compute charm
[16:08] <jamespage> gwd: but I know its never been tested....
[16:10] <gwd> jamespage: Ah, right -- hmm, I can check it out, but there's no way I can actually get a test setup to test a whole open-stack rig top to bottom.  How hard would it be for someone to give that a quick smoke-test?
[16:14] <ninjix> why am I getting "user does not match any options" with Quantal when I try 'sudo nova-manage user admin user1' ?
[16:15] <ninjix> I'm following 12.10 serverguide docs on Folsom install
[16:19]  * RoyK wonders why on earth 32bit desktop is the default for downloads...
[16:19] <ninjix> RoyK: agreed
[16:20] <RoyK> ubuntu+unity is rather on the heavy side, so using a 32bit machine is likely to be dead slow for that anyway
[16:23] <ninjix> ahh... looks like the official 12.10 server pages for ubuntucloud need to be updated
[16:24] <ninjix> current pages are referencing essex commands instead of openstack folsom
[16:24] <ninjix> see: https://answers.launchpad.net/nova/+question/204905
[18:06] <lifeless> soren: walking the kernel memory to determine its symbol table
[18:06] <lifeless> soren: kmem isn't readable w/out root, right ?
[18:16] <RoyK> lifeless: don't think so, no
[18:17] <RoyK> imho that'd be a jolly bad idea
[18:24] <lifeless> RoyK: exactly ;)
[18:25] <Daviey> smoser: do you have capacity to look into bug 1064835?  Looks like the upstream commit doesn't really fix the issue?
[18:25] <uvirtbot`> Launchpad bug 1064835 in python-keystoneclient "[SRU] keystoneclient fails on SSL certificates that work for other services" [Critical,Fix committed] https://launchpad.net/bugs/1064835
[18:25] <Daviey> (verification failed of quantal sru)
[18:26] <smoser> suck.
[18:27] <Daviey> smoser: if you don't, that is also ok
[18:29] <smoser> dai'd like to defer on it. i was chasing other fires at the moment. raring cloud images are not booting. :-(
[18:29] <smoser> and i keep wanting to get a raring cluod-inti upload
[18:35] <PineappleCLock> Would setting up pptpd on my server mess with DNS? I can't seem to get ubuntu to use my DNS servers, but querying them manually works fine via nslookup
[18:42] <patdk-wk> PineappleCLock, are you using 12.*?
[18:42] <PineappleCLock> yes 12.04 LTS
[18:43] <patdk-wk> you aren't editing resolv.conf are you?
[18:44] <PineappleCLock> nope, I added "dns-nameservers" to the end of /etc/network/interfaces and restarted networking
[18:44] <PineappleCLock> I can see that resolvconf has the correct lines in resolv.conf
[18:45] <PineappleCLock> the only networking change was to allow pptpd to work and that was adding a iptables masquerading command to rc.local per a howto
[18:46] <PineappleCLock> I can ping IP addresses just fine like google.com, but DNS is kaput :\
[18:48] <PineappleCLock> I know it's not that because even if I flush iptables, I can't resolve hostnames... very weird
[18:48] <smoser> SpamapS, around ?
[18:48] <smoser> looking for feedback on bug 1057195
[18:48] <uvirtbot`> Launchpad bug 1057195 in cloud-init "cloud_config apt_proxy has no option to specify HTTPS or not" [Medium,Incomplete] https://launchpad.net/bugs/1057195
[18:57] <PineappleCLock> Any thoughts on why DNS client would not work at all, even though the nameservers are properly configured
[19:26] <smoser> utlemming, did you make any progress on raring images boot issues ?
[19:27] <utlemming> smoser: not yet....hopefully soon
[20:00] <Fatguy> anyone know why I'm only able to modify properties for one of my network cards?
[20:04] <Fatguy> why would my secondary NIC be locked up so that I can't modify the properties in the network manager (GUI)?
[20:04] <patdk-wk> heh? you do know this is ubuntu-server?
[20:04] <patdk-wk> there is no gui
[20:04] <Fatguy> im using 12.10 server with desktop GUI installed
[20:05] <Fatguy> i would use the commands if i knew what they were but im just getting into the development for personal and business cloud vpn's and use the GUI for ease of use
[20:06] <patdk-wk> well, network-manager is a total unknown in here
[20:06] <Fatguy> ok, do you know what I would have to do in terminal to change the properties of my secondary NIC?
[20:07] <Fatguy> my primary is eth1 and i have it set where i need it but the secondary eth0 wont let me modify anything, at first it wouldn't work at all but I finally got it enabled
[20:09] <Fatguy> all i need to do is modify the ipv4 address to static and change the gateway and dns info. what would I have to edit to do that?
[20:12] <Fatguy> looks like linux is getting just about as useless as windows, #ubuntu sent me here for some help but noone here knows how to modify network settings...guess ill have to find help elsewhere
[20:12] <patdk-wk> heh
[20:14] <philipballew> Whats the best web server if I only have 128 mb's of ram?
[20:23] <Erik_D> philipballew: is nginx too much?
[20:25] <philipballew> Erik_D, I have not tried nginx,
[20:25] <RoyK> philipballew: apache will probably be heavy, but nginx should work
[20:25] <philipballew> I was considering that or lighttpd
[20:25] <RoyK> lighty isn't that good
[20:25] <philipballew> Its just my wp blog that feeds to the planet
[20:26] <philipballew> so unless I put a blog title up like "Ubuntu sucks" noones ever gonna visit
[20:26] <RoyK> lighttpd is rahter old, nginx is better
[20:26] <philipballew> alright, and the repos version id good enough?
[20:27] <RoyK> should do
[20:27] <philipballew> alright. Thanks for the confirmation.
[20:27] <philipballew> peace
[20:28] <milestone> hi folks i have a problem with a precise server, which hangs after printing Running /scripts/init-bottom
[20:28] <milestone> there does not seem to be an error
[20:28] <milestone> i have let the machine run for a day and still no luck
[20:28] <milestone> what is happening after /scripts/init-bottom ?
[20:37] <pseudonymous> A good reference for upstart ? Specifically I'm looking to understand how I disable services from starting on boot
[20:41] <FroMaster> Running Ubuntu 12.04.1 on ESX 5.1 and wondering if i should install open-vm-tools (via apt-get) or vmware-tools (via cdrom/compile). Thoughts/suggestions?
[20:42] <jjcm> FroMaster: doesnt hurt to compile
[20:43] <jjcm> but the vmware proprietary tools will offer more features
[21:06] <episteme> morning everyone. I'm experiencing an issue with vsftpd where if i connect using a local user account i get the message that the login is incorrect. I have overly checked that i was entering the username and password correctly. and i do have local user enabled. Anyone else having this issue or knows how i can fix it? TIA
[21:10] <pseudonymous> Question #2: Do people run Ubuntu LTS for their servers or Ubuntu ? Is there any distinction, security-wise ?
[21:21] <genii-around> pseudonymous: http://upstart.ubuntu.com/cookbook/
[21:22] <ScottK> pseudonymous: There's no distinction security wise.
[21:27] <pseudonymous> damned be all the fragmentation. Sometimes it seems to me that FreeBSD's biggest boon is that there's no distribution hell to consider. Why can't base things such as service management be agreed upon ? Why are most proposals unnecessarily complex ? Grrr.
[21:31]  * ScottK thought FreeBSD's biggest boon was the lack of kernel features.
[21:33] <lifeless> Daviey: so when is hallyn around :>
[21:36] <Daviey> lifeless: when it's not a US Holiday :)
[21:37] <Daviey> (he did check in earlier, but he's out right now.)
[21:55] <lifeless> Daviey: ah :)
[23:12] <lifeless> hallyn: thanks ;)