=== cpg|away is now known as cpg === Ursinha-afk is now known as Ursinha === Ursinha is now known as Ursinha-afk [02:14] which file defines the default PATH ? do not see it in /etc/profile or /etc/bash.bashrc [02:16] is it /etc/environment ? [02:18] looks like /etc/login.defs [02:21] /etc/bash.bashrc will do.. === cpg is now known as cpg|away === n0ts_off is now known as n0ts === cpg|away is now known as cpg === ibiris|afk is now known as ibiris === Psi-Jack_ is now known as Psi-Jack === Psi-Jack_ is now known as Psi-Jack === ibiris is now known as ibiris|afk === ibiris|afk is now known as ibiris [08:57] morning peoples! [08:58] would anyone happen to know where I can find the source-rpms for apache on the latest ubuntu-release? [09:03] mjau^: ubuntu doesn't use rpm's [09:03] ikonia: lols, I meant the source-debs of course :) [09:03] just use apt-get source [09:12] hey guys I have a piece of software which i just purchased which is encrypted with ioncube does apache on 12.04 support ioncube [09:14] there doesn't appear to be a module referencing iocube [09:14] ion [09:14] :-/ ok [09:14] thanks [09:17] apt-get source eh? great, thx, I'll do that :) [09:25] so i have a peculiar problem with my server [09:25] ever since i installed 12.10 it kernel panics every so often [09:25] and i noticed after a few panics, it happens on the 14th day [09:25] of uptime [09:25] each time [09:26] any ideas why? [09:26] could it be the clock? [09:33] what does the actual panic message suggest [09:34] stiv2k: pastebin logs [09:35] if it panics so badly it can't write logs, enable netconsole or use an old-fashioned serial console to get the logs === mcclurmc_away is now known as mcclurmc === mcclurmc is now known as mcclurmc_away === pcarrier_ is now known as pcarrier === n0ts is now known as n0ts_off === mcclurmc_away is now known as mcclurmc === acidflash_ is now known as acidflash === yofel_ is now known as yofel === Tribaal_ is now known as Tribaal === cpg is now known as cpg|away === ubuntu is now known as Guest92904 [13:42] zul: around? [13:42] koolhead17: kind of...whats up? [13:48] zul: coolbhavi is my guide/mentor [13:49] hey zul koolhead17 said something needs to be repatched and gave me a buildlog [13:49] yep [13:50] stgraber: are you going to send another version of your lxc-create template naming patch? [13:50] zul, it was a build failure and what exactly is the background? [13:51] stgraber: on a separate note, I fear that for 13.10 I am going to have to either spend a lot of time writing apparmor integration for libvirt-lxc, or we have to get the lxc2 driver working. for the sake of openstack [13:51] coolbhavi: basically patch failed to apply [13:51] zul, yes I could see that [13:52] coolbhavi: what do you mean background? [13:52] zul, I meant was it applied to some source package? [13:53] nova source package for precise [13:54] ah never mind got it from the complete buildlog. thanks! [14:05] hallyn: hopefully the second option will be easier, then we can just use that as a reason to drop libvirt-lxc ;) [14:07] hallyn: I sent a v2 of the lxc-create patch on Friday adding the sha1 sum. I'm not planning on fixing the bash issues at this point as that's out of the scope for that patch (I just moved code around so the bashisms were already there) [14:11] stgraber: the '-n ""' is a serious issue though, worth a v3 [14:11] we've had bugs due to such before - it's not jsut a posix issue [14:12] jdstrand: so i've spend way too many hours on this before, only to finally realize i don't know how to best pass the hugepages mount path to virt-aa-helper. Options are: [14:12] 1. add it to the xml so it can be passed [14:13] 2. add a new virSecurityAddSimplePath call [14:13] 3. harcode /run/hugepages/kvm in the apparmor policy :) [14:13] I don't see that (1) would really be acceptable upstream [14:14] hallyn: doesn't this fail with selinux? [14:15] I would think it would-- so they would be interested in whatever in this too [14:15] s/whatever in this/whatever fix is used/ [14:16] also, how would virSecurityAddSimplePath work? [14:16] hallyn: there were already two of those in the current lxc-create. I didn't add that code, just moved it around :) [14:17] (and just so I understand, the path to /run/hugepages/kvm is a qemu compile time option so libvirt doesn't inherently know what that is-- correct?) [14:21] stgraber: those need to be fixed too then :) Worth a script to find all the instances [14:21] you can specify the hugepages path in libvirt xml config [14:21] jdstrand: no, /run/hugepages/kvm is not a compile time option... [14:21] patdk-wk: oh?? [14:21] you can specify it in qemu.conf, and otherwise libvirt finds it automatically, but all i've foudn for xml is [14:22] [14:22] hmm, damned been a few months since I last did it [14:22] patdk-wk: ok - i'll look for it thanks [14:22] if it's supported then that's the way to go. [14:23] ya, Itested it, found it really didn't help much for me, and just wrote it off as, not worth messing with currently [14:23] jdstrand: the virSecurityAddSimplePath would just call virt-aa-helper with a new path and ask it to append that to the current policy [14:23] we could then also use that for monitor and other stuff [14:24] but i'll follow up on patdk-wk's suggestion and get back to you later - thanks [14:24] ok [14:28] hmm, maybe I used the qemu automatic mount detection :( [14:28] heh, fuzzy memory :( [14:28] was back in sept when I was doing lots of hugepages work [14:29] no qemu takes it as command line option, doesn't detect automatically, [14:29] but libvirt will detect it automatically if not specified [14:29] sadly i don't think it's specificable in the xml [14:29] specifiable [14:30] and the problem with adding it there is that then we have to decide what to do if it's in the xml at define time [14:32] hallyn: sent the lxc-create cleanup patch to the mailing-list [14:32] yolanda: can you have a a look please? [14:32] jdstrand: ok so yeah, virSecurityAddSimplePath would basically work like AppArmorSetFDLabel but without resolving /proc/self/fd/N [14:32] stgraber: thanks! [14:33] zul, about the lxc-create cleanup patch? [14:34] yolanda: oops https://code.launchpad.net/~zulcss/quantum/grizzly-fix/+merge/137576 [14:35] stgraber: sigh, i personally feel tabs would be better than spaces, but i'm sure i'm alone on that :) [14:37] zul, hmm - can I express and opinion? [14:38] or maybe ask a question at least [14:38] hallyn: well, I usually prefer spaces, don't necessarily mind tabs but really hates mixed tabs and spaces which was what we had :) [14:38] hallyn: as 90% of the script was indented with spaces, I just replaced the remaining tabs by spaces [14:39] stgraber: yup, i'm going to ack it of course. [14:39] stgraber: you didn't make any other changes on any lines where you changed indent? [14:40] hm, i wonder why $opt doesn't need to be "$opt" in optarg_check [14:40] oh, that's why. nm [14:41] hallyn: nope, those were just reindents [14:42] stgraber: one more q - is 'if [ $a -eq 1 -a $b -eq 2 ]; versus 'if [ $a -eq 1 ] && [ $b -eq 2 ] really a bashishm? [14:44] hallyn: no, it's not, that's the 'Use shell syntax for and/or in if statements instead of the "test" [14:44] syntax.' part of my commit [14:45] oh. oops. i just replied with the q (and ack). oh well [14:46] hm, [14:46] does that mean that your new version results in more forks? [14:46] oh well [14:48] hallyn: nope, it doesn't because those aren't spawned in sub-shells and test is a shell builtin [14:49] even in dash? [14:50] Can iMacros be run with Lynx? [14:50] hallyn: yep [14:51] yolanda, zul: comment on that merge proposal re quantum metadata proxy stuff [14:51] serious? [14:51] I want to be able to browser automate on a headless box...is that possible? [14:51] hallyn: you said that hugepages is specifiable in qemu.conf? [14:51] jamespage: son of a bitch [14:51] hi, i have a problem with virt-intsall on ubuntu server [14:52] zul, I'm happy to spend some time on it in the next couple of days [14:52] (that specific stuff works around a really ugly bit in folsom quantum) [14:53] jamespage: i just merged it in the master branch but i can do it this afternoon should the package be like quantum-metadata or something? [14:53] using --location=, the kernel and initrd are downloaded to /var/lib/libvirt/boot but disappear when virt-install finishes, seabios hangs on 'booting from rom' because the files aren't there to boot from [14:53] hallyn: also, while you can't detect the path to hugepages in the xml, can virt-aa-helper see if hugepages is specified at all in the xml? [14:53] zul, lemme take a lok [14:53] k [14:54] zul, quantum-metadata-agent I think - there is an /etc file for it as well [14:55] awesome..im just fixing up the jenkins build but ill have a look this afternoon [14:56] zul, something ugly happening in python-keystoneclient I think [14:56] I've been trying to get something else finished today otherwise I would have dived in.... [14:56] jamespage: oh? [14:56] zul, forget that - upstream already fixed it [14:57] they added a pip-requires which was part of python core [14:57] which made the package un-installable [14:57] jamespage: awesome [14:57] https://github.com/openstack/python-keystoneclient/commit/0f83602b6251c2547a9f3211037f65f6dd1105f1 [14:58] jdstrand: yes, specifiable through qemu.conf, otherwise it automatically tries to find a hugepages mount [14:58] jdstrand: yes, it can find that hugepages are in use [14:58] jdstrand: so virt-aa-helper *could* reproduce the qemu logic for detecting the mount point [14:59] but that involves in part parsing /etc/libvirt/qemu.conf, so prefer not to [14:59] hallyn: what I was thinking was that we could make it easier-- I think it might make an acceptable compromise: [14:59] zul, trying to figure out the differences between the two [14:59] ns and no ns [14:59] if virt-aa-helper detects that hugepages are in use, it uses the hard-coded path [15:00] jamespage: glance-precise-grizzly is still failing for some reason [15:00] jdstrand: I guess on the bright side that won't break any current users... [15:00] *perhaps* we could hardcode that path in qemu.conf with a note saying that changing it means you would want to also upadte the apparmor profile [15:00] hallyn: right-- the idea here is that hugepages are only granted to those VMs that are configured to use it [15:00] zul, I've seen that test fail before - I think it may be a little flakey [15:01] ack...say it aint so :) [15:01] hallyn: as soon as an admin toggles them on or off, then the profile will be updated [15:01] jdstrand: sadly that doesn't seem upstreamable either though. I'm afraid I need to go ask this upstream [15:01] jdstrand: heh, there is one other possibility - [15:02] hmm, I think that could be upstreamable personally, but really, this needs to be fixed in all svirt drivers [15:02] have qemu_driver.c open the hugeapges_mount dir, and call the AppArmorSetFDLabel on that fd :) [15:02] so they may have an idea on how to fix it to give you, or may just fix it themselves once they realize it is busted in selinux [15:02] right [15:03] you know i think in the meantime i might go the fd route [15:03] jdstrand: it's possible i misunderstand though - is that the purpose of AppArmorSetFDLabel ? [15:04] must be - lemme go try that, then email the list [15:04] after breakfast :) [15:06] hallyn: so, AppArmorSetFDLabel is very much apparmor specific [15:06] hallyn: you don't want to call taht from qemu_driver.c [15:06] jdstrand: right, i'd use the virSecurityWhatever hook === Ursinha is now known as Ursinha-afk [15:07] AppArmorSetFDLabel is code refactoring for SetSecurityImageFDLabel and SetSecurityTapFDLabel [15:07] those are pretty specific [15:07] oh. drat [15:08] I'm guessing upstream would want a new SetSecurityHugepagesFDLabel [15:08] i see. not what it hought [15:08] ok then i'll just email them. [15:08] then we would do something like: [15:08] .domainSetSecurityHugepagesFDLabel = AppArmorSetFDLabel, [15:08] but I'm guessing what they would want there [15:08] jdstrand: but actually taht wouldn't do for selinux [15:09] well, maybe. [15:09] selinux would implement SELinuxSetSecurityHugepagesFDLabel [15:09] or whatever [15:09] but yeah, get upstream involved :) [15:09] right, it's just that they wouldn't change the fd label :) but that's ok [15:09] yup [15:09] thanks jdstrand ! [15:09] np [15:14] hi, what packages should i install on 12.04 to run 32bit apps? [15:15] ia32-libs-multiarch:i386 [15:16] thanks [15:16] i have this problem with it: http://pastebin.com/NVM6eHxX [15:17] what causes this, can I solve it somehow? [15:17] it says you have issues [15:17] you did run, apt-get update, right before attempting to isntall right? [15:18] yes, even dist-upgrade because i had held back packages [15:18] and even rebooted [15:18] right now i have no issues reporter by apt-get install (no arguments) [15:18] *reported, sorry [15:43] how can i install ia32-libs without those 2 libs having problems? you know gphoto and sane are totally useless on a server :) [15:45] stgraber: do you think all templates should use -H in the rsync to install? [15:45] well i'll start with just lxc-clone [15:46] hi guys, is generally a bad practice to set tap devices 777? [15:46] hallyn: that'd make sense [15:47] jazzkutya, not sure you about, but for me, they are only *suggested* packages, and therefor not installed by default [15:48] not even installed on my system, but ia32-libs-multiarch is [15:50] apt-get install --no-install-recommends ia32-libs-multiarch gives same error and man page shows no similar option for suggested packages [15:51] suggested are not installed by default, recommends are [15:52] libsane is on a Depends: line of apt-cache show [15:53] libsane != sane, and libsane doesn't depend on sane === ubuntu is now known as Guest63960 [15:55] but it depends on libsane which it can't install and i awfully not need that on a server anyway [15:58] solved my problem temporarily by installing libc6:i386 instead of ia32-libs-multiarch [15:58] i hope the fucked up (i think the problem is this) will be fixed sometime [15:59] *repo === matsubara is now known as matsubara-lunch [16:13] yolanda, quantum-ns-metadata-proxy must be included in the quantum-l3-agent package [16:14] yolanda, I think it also makes sense to include the quantum-metadata-agent in that package as well (along with the configuration file) [16:14] I can't see a use-case where you could deploy then separately [16:14] yolanda, we also need an upstart configuration for quantum-metadata-agent [16:15] the one for quantum-server is probably a good template to follow [16:16] ok, i'm taking a look at these packages, i need to browse them a bit first to understand better [16:17] yolanda, okay-dokey - zul - do you have an opinion on the above re the quantum-metadata-agent [16:17] jamespage: sounds good to me [16:18] yolanda: youll have to patch the metadata agent conf file for the right state path directory and the right rootpath as well [16:18] zul, is that something we should try to upstream? [16:19] jamespage: yeah i was thinking of diong the rootwrapper at least [16:26] hey all [16:33] yolanda/jamespage: i would suggest holding off on making that change for a couple of hours so this can get in: https://review.openstack.org/#/c/17362/ [16:38] zul, ok, i'm studying the code now [16:38] ack === yofel_ is now known as yofel === Malediction_ is now known as Malediction [16:54] adam_g, when you have time; I've put all of the changes for initial quantum support into the openstack charms up for review [16:54] adam_g, bug 1079782 [16:54] Launchpad bug 1079782 in charms "Charm needed: Openstack Quantum" [High,New] https://launchpad.net/bugs/1079782 [16:54] jamespage: i'll propose a MP tomorrow for the cluster stuff [16:55] jamespage: and integrate it with your deployer === VonKrank1 is now known as VonKranke [16:55] roaksoax, the quantum charm has now gone; I've renamed it 'quantum-gateway' [16:55] quantum is now a core part of nova-compute and nova-cloud-controller [16:56] jamespage: ok cool, good to know [16:57] roaksoax, the metadata service stuff sucks for quantum on folsom; so I would recommend testing with a quantal image + --config-drive True [16:57] that way the network is not required for initialization by cloud init [16:57] ack [16:57] jamespage: i was testing this in canonistack and things seemed to work just fine though [16:58] roaksoax, yeah - it does [16:58] the only bit you can't do is connect up the external port for floating ip access; but you can access stuff from the gateway if need be [16:59] right, ack! === matsubara-lunch is now known as matsubara [17:10] jamespage, so just deploy nova-compute/nova-cc and it uses Quantum. Does it also use cinder? [17:10] med_, it can do yes [17:10] thanks. === gary_pos` is now known as gary_poster [17:22] I have setup a iptables table. I put all info in /etc/iptables.rules . How do I properly apply the settings? [17:24] sliddjur: I just use ufw - it's simpler to work with and does most things [17:24] !ufw [17:24] Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist. [17:24] RoyK, hey [17:25] RoyK, i've already looked at the logs and cant seem to find anything useful [17:25] but i might be overlooking things [17:25] logs? what logs? [17:25] RoyK, sorry, im just now replying to you from my question 8 hours ago [17:25] oh, repeat it, please. it's been a long day [17:25] about my server panicking every 14 days [17:25] every 14 days it kernel panics [17:25] every 14 days?? [17:26] yes [17:26] thats what ive noticed so far [17:26] is there a cron job scheduled to run at that time? [17:26] maybe its just coincidence , but it seems like on the 14th day it panics [17:26] um [17:26] i have a couple cron jobs that run several times a day [17:26] do you have the panic message? [17:27] no [17:27] then little can be do to help... [17:27] anything for me to keep in mind for the next time? [17:27] what i'd do first if it was my server, was to start a thorough memory test [17:27] yes, setup network console [17:28] network console? [17:28] that way, the panic message will (probably) be loggable [17:28] yeah, gotta get that kernel panic message [17:28] !netconsole [17:28] google it [17:28] ok [17:28] !netcon [17:29] https://help.ubuntu.com/community/Installation/NetworkConsole [17:29] this one? [17:29] afaics, that's for installing with a network console [17:29] you probably don't need that [17:29] oh [17:29] whoops [17:30] https://wiki.ubuntu.com/Kernel/Netconsole [17:30] I have a question, I'm trying to restore a hardy system from file backup, and I've been fighting my hardware for close to a month now [17:30] thanks [17:30] yes this looks like it will be helpful [17:30] I finally got something that will boot in the system but it's quitting during the boot, saying it can't find the filesystem by UUID [17:30] if it will allow me to get the panic message [17:31] I think I may have accidentally created the filesystem as ext4, but my question is, would a hardy kernel be able to boot it as ext3 or not? [17:31] stiv2k: still - I'd recommend running memtest86+ on that box. bad memory can make a system panic very easily [17:31] RoyK, pretty sure ive done that before [17:32] and it runs solid for 14 days straight [17:32] but on the 14th day it just goes kaput [17:32] im pretty sure that's the third time in a row it crashed on the 14th day [17:32] are you sure it's 14 days? [17:32] i installed it the day 12.10 came out [17:32] and its been doing it ever since [17:33] * RoyK only uses LTS for servers... [17:33] same [17:33] where as on 11.04 i had a >1y uptime [17:33] hence the above problem trying to restore a hardy server [17:33] same here, servers get LTS for stability! :P [17:33] stiv2k: you need the panic dump, then [17:33] ok [17:33] thanks for info [17:34] think it'd be possible/advisable to try a do-release-upgrade from within a chroot via systemrescuecd? [17:34] that's how I got in to get grub working [17:36] RoyK, qman__, here is my server: http://stats.stiv2k.info [17:36] zul, yolanda, adam_g: I really do need to get the auto-lander working for MP's for the lab don't I [17:37] uh? [17:37] yeah [17:38] stiv2k: I'd install munin on that as well to get nice graphs showing performance numbers over time - something might be eating memory or similar. with only 512MB, a memory leak can kill the system within rather short time [17:40] RoyK, cool, ill check it out... been waiting until i stumble upon some old DDR333 modules to upgrade the ram [17:40] server was built from random parts i acquired for free [17:40] stiv2k: http://munin.karlsbakk.net/munin/ <-- that's my servers ;) [17:41] whoa [17:41] munin is cool [17:41] you get pretty detailed graphs from munin [17:42] RoyK, why do you have so many servers [17:42] RoyK, I am using ufw now. when doing ufw status i get port 53 allowed. But nmap myhostname doesnt show port 53 open... [17:42] i restarted aswell [17:43] stiv2k: only two physical, lamia and smilla, the others are VMs for different purposes [17:43] oh [17:43] what language is your blog [17:43] sliddjur: try 'ufw disable' and then 'iptables -vnL' [17:43] I've got six physical [17:43] iptables rules aren't removed by ufw [17:44] while realistically I could get away with three physical if I virtualized the old junk, I can't afford to replace them right now [17:44] RoyK, what does iptables vnL do [17:44] then just start ufw again? [17:44] sliddjur: it just prints whatever tables are present in iptables [17:45] btw, how do you run the nmap scan? [17:45] nmap myhostname [17:45] not fqdn [17:45] a better way would be to test for the service - 'host google.com ip.of.dns.server' [17:45] unless you're running something else than dns on port 53 :P [17:46] also, that nmap scan only scans for tcp, and dns is *usually* udp [17:46] I am setting up a dns server on my class. But I must first pass first problem in opening port :) [17:46] (except zone transfers aren't, and tcp can be used otherwise) [17:46] nmap localhost gives me port 53 open [17:47] the port is open unless blocked [17:47] does bind listen to 0.0.0.0:53? [17:47] just because it's not blocked, doesn't mean anything is listening, either [17:49] RoyK, wouldnt it be listening by default on port 53? im a bit lost... [17:49] only if it's configured to [17:50] qman__, where is that setting in bind? [17:50] sliddjur: netstat -ln --tcp | pastebinit [17:50] sliddjur: netstat -ln --inet | pastebinit [17:50] i mean [17:52] http://pastebin.com/r1DRaAbv [17:53] sliddjur: http://paste.ubuntu.com/1408341/ [17:53] hmm [17:54] why isnt it showing up when i do it locally on my hostname?? [17:54] what? [17:55] this is why: 127.0.0.1:53 [17:55] you're only listening on localhost [17:55] you need to configure it to listen on other addresses [17:55] qman__: no, bind listens to all addresses [17:56] qman__: it just doesn't listen to 0.0.0.0, it uses a socket per address [17:56] oh, I see [17:56] typical bindishness [17:56] yeah, that's strange [17:58] na, that is a udp thing [17:58] oh, it is? [17:58] to make sure the source udp package comes from the same location [17:58] ok [17:58] makes sense... [17:59] but then why do it on tcp too? [17:59] no idea :) [17:59] probably cause they already have the *function* setup to do it, and just reused code [17:59] probably just uses the same socket setup code ;) [18:00] what is best practice to configure dns on 12.04.1 when i have domain /static ip with isp and i want to host mail and web server for personal use [18:00] hrmf! -19.2 ̊C and falling - I don't like winter! [18:01] samba35: just install bind and point your domain to the server's IP - and make sure you have a secondary somewhere [18:01] samba35, the best practice is to leave your DNS on the hosting provider unless you have a good reason to run it yourself [18:01] heh - yeah [18:02] registrars do it for free, no sense putting up the effort or risk in doing it [18:02] [slightly offtopic] Any idea what might cause this (on a RHEL server)? http://paste.ubuntu.com/1404641/ [18:02] sorry i dont know much about dns setting ,it was complex for me [18:03] bind configuration is a PITA before you get used to it. after that, it's just a slightly less PITA [18:03] qman, well, registers also get ddos a lot too [18:03] pita ? [18:03] samba35: put it in /etc/resolvconf/resolv.head [18:04] samba35: Pain In The Almightly [18:04] not in /etc/hosts [18:04] jacobw2, what does that have to do with it? [18:04] samba35: /etc/resolvconf/resolv.conf.d/head even [18:04] oh, that [18:04] I was thinking DNS server, not DNS client [18:05] I still do it the old way, I just remove the link and make a file [18:05] * patdk-wk just puts it in interfaces file [18:05] * jacobw2 is a hipster :p [18:06] * RoyK uses the interfaces file as well - works stably... [18:06] I'll have to agree with that path though [18:06] using the interfaces file makes more sense logically and will work on more systems [18:07] # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) [18:07] # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN [18:07] meaning - don't edit /etc/resolvconf/resolv.conf.d/head manually ;) [18:07] right === mcclurmc is now known as mcclurmc_away === glebihan__ is now known as glebihan [18:14] Hi! [18:17] more confused [18:19] My someone help me generate the certificates for this tutorial? https://help.ubuntu.com/12.04/serverguide/postfix.html (Mail-stack-delivery) [18:22] halvors, you mean step 2 of SMTP auth? [18:22] refer to https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html [18:22] since that's what it links,' [18:22] jamespage: FYI ive been working on packaging the new kombu + pyamqp in ppa:gandelman-a/ppa [18:22] halvors: selfsigned? [18:23] RoyK: I don't know what i need to enable SMTPS? [18:23] usually you would want an official certificate [18:24] I'd guess some servers will deny talking to something with a self-signed certificate [18:24] some, or most [18:24] http://www.openssl.org/docs/HOWTO/certificates.txt [18:25] I know. [18:25] But self signed is ok. [18:25] What i need help for is to generate these: [18:25] halvors, only for testing, not public deployment [18:26]