/srv/irclogs.ubuntu.com/2013/03/26/#ubuntu-server.txt

=== Ursinha-afk is now known as Ursula
buengeniohello, routing question - I'm connecting via VPN to another site on a WiFi connection (client IP: 10.0.0.4). On the local wired connection I have another machine connected (ip: 192.168.0.222). Question: how to access ping or http on 192.168.0.222 from the VPN server-side ?00:03
=== blkperl_ is now known as blkperl
=== pug is now known as Guest31299
=== Ursinha-afk is now known as Ursinha
=== fenris is now known as Guest24195
=== fenris is now known as Guest18389
zerooneonei just started using ubuntu for some servers i'm managing. question: how long does it usually take for security vulns to be fixed, such as the issue with apache 2.2.22?04:46
TheLordOfTimezerooneone, #ubuntu-hardened might be a better place to ask.  but which vulnerability are you talking about>?04:58
zerooneonenm i think i found it. i'm confused by the ubuntu version numbers. i should just look at the USN from now on :)04:59
TheLordOfTimei'm still curious though :P05:00
zerooneoneTheLordOfTime: it was apache2 http://www.ubuntu.com/usn/usn-1765-1/05:04
zerooneoneapache2 says to upgrade to 2.2.23 but the ubuntu security upgraded version is 2.2.22-1ubuntu1.3 for ubuntu 12.0405:06
TheLordOfTimezerooneone, note the four CVE links in the USN.,05:06
TheLordOfTimethey're all "released" or "not-affected"  :)05:06
zerooneonetell me that's not confusing05:06
TheLordOfTimenope.05:06
TheLordOfTimeit isn't confusing.05:06
TheLordOfTimebut... i've worked with the security process for a couple of packages, so... :P05:06
TheLordOfTimehere's how to see if they've been fixed though05:06
TheLordOfTimehttp://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1048.html    http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4558.html    people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-4557.html05:07
uvirtbotTheLordOfTime: The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1048)05:07
uvirtbotTheLordOfTime: Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558)05:07
uvirtbotTheLordOfTime: The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4557)05:07
TheLordOfTimehttp://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3499.html05:07
uvirtbotTheLordOfTime: Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499)05:07
TheLordOfTimecan we disable that thing?05:07
zerooneonehaha05:07
* TheLordOfTime slaps uvirtbot with /dev/null05:07
TheLordOfTimezerooneone, anyways, if you look at those links, you'll see it also says which "version" each CVE was fixed in.05:07
zerooneonei can see that now thanks. but can't we just call it 2.2.23 then? help me understand...05:08
TheLordOfTimebecause it isn't 2.2.23.05:09
zerooneoneit's just been patched then05:09
TheLordOfTimethere may be other code changes between the version in the repos for a software, but the security patch has been applied05:09
TheLordOfTimebut not the other code changes.05:09
TheLordOfTimethere ARE cases where a security update may need a version bump05:09
TheLordOfTimebut i've never seen that in any of the packages I monitor.05:09
TheLordOfTime(it's rare is what I"m trying to say)05:10
zerooneoneso when our security guy wags his finger at the fact that apache 2.2.22 is installed i can just tell him to go find his black hat then05:12
zerooneoneok i understand. but i'm not happy about it05:12
zerooneonethanks for your help TheLordOfTime05:12
TheLordOfTimeyep05:17
oneHow doos I change console font?08:50
oneandol: how doos i change console font?08:51
onekevinsky: how doos i change console font?08:54
onefreeflying: how doos i change console font?08:55
onediplo: thank you that look better09:03
onediplo: how about do you know how to turn down the brightness my eyes hurt09:04
=== AlanChicken is now known as AlanBell
oneDo they still sell radiation filters for screens maybe it is burning my retina.09:05
=== tedski- is now known as tedski
=== skarface is now known as antix
=== Myrtti_ is now known as Myrtti
onehow does I lower the brightness from console only?09:10
one^ slightly different question09:10
uvirtbotone: Error: "slightly" is not a valid command.09:10
one^ help09:11
uvirtbotone: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.09:11
one^ help gdef09:11
uvirtbotone: Error: There is no command "gdef".09:11
one^ help ping09:11
uvirtbotone: (ping takes no arguments) -- Checks to see if the bot is alive.09:11
Myrttione: can you please stop09:11
=== tsimpson_ is now known as tsimpson
oneMyrtti: ok that is cat toy for someoneelse09:12
onemy eyes are burning how to stop the radiation?09:13
oneDo i have to buy a filter or is there a way to tell it from console?09:13
=== huats_ is now known as huats
Myrttione: can you please stop playing around? I'm sure there are other hobbies available for you than fooling around in IRC channels. My personal recommendation is either medieval and renessaince literature, knitting or woodwork.09:14
Myrtticycling is also a nice hobby.09:14
onehuh09:15
oneim serious I want to know how to turn down brightness09:15
Myrttiin most cases you can do it with the hardware. The displays usually have a button for doing it.09:16
oneits a fuction key which isn't working from console only09:16
rbasakone: this is on a laptop?09:17
oneAlso I know some software can make it go lower than usual even to black, yes a laptop.09:17
oneI want it very vary low barley readable.09:17
rbasakone: try #ubuntu, or perhaps askubuntu.com is more likely to get an answer. This is a server channel.09:17
oneI am not fooling around I think it is burning my retina laptop screens look brighter than looking out the window on a sunny day.09:18
oneI have to stop and cool my eyeballs off from time to tiem09:19
onerbasak: for some reason or another I am unable to join #ubuntu09:26
Myrttithat would be because you are banned there. If you want to discuss it, join #ubuntu-ops.09:27
oneMyrtti: unsuccessful10:37
Myrttithat would be because you didn't actually discuss.10:37
Myrttibut it's your choice.10:37
onefalse10:38
onebearing false witness against a neighbor10:38
ikoniathis isn't going to end well10:38
Myrttione: how about you just stop there, and we can go on with our lives?10:39
oneMyrtti and consider every day a blessing in that you have another chance to repent of your false witness before JUDGMENT DAY10:40
=== masACC is now known as maswan
zulgrrr12:59
zuljamespage: so im lookin at this bug: https://bugs.launchpad.net/ubuntu/+source/quantum/+bug/1107114 and it depends on a ryu package which isnt packaged in ubuntu or debian13:01
uvirtbotLaunchpad bug 1107114 in quantum "quantum-ryu-agent crashed with ImportError in /usr/lib/python2.7/dist-packages/quantum/plugins/ryu/agent/ryu_quantum_agent.py: No module named ryu.app" [Medium,New]13:01
jamespagezul, might be a propreity bit13:02
zuljamespage:  you would think so but its available on pypi13:02
jamespagehmm OK13:02
zulhttps://pypi.python.org/pypi/ryu/1.713:03
=== jrib1 is now known as jrib
jamespagezul, I'm guessing the unit testing covers none of that plugin then13:05
* jamespage sighs13:05
jamespageand its not in pip-requires or anything13:05
jamespagebah13:05
zuldoubt it13:05
zulive seen other stuff that is not in pip-requires13:05
drag0niusi've installed zentyal on non-standard port, but web access does not start (netstat doesnt show port open)13:14
jamespagezul, cinder rc3 out yet?13:17
zuljamespage:  not yet quantum rc2 is out though13:18
jamespagezul, oh - and can you prepare a update for the grizzly cloud archive for that latest libvirt fix as well pls13:18
zulack13:18
jamespagezul, marvellous13:18
jamespagezul, also all of the rc1's are in grizzly-updates now - did you want to tweet that or something?13:21
zuljamespage:  sure13:21
jibelhallyn, stgraber another annoying bug with lxc on arm bug 1160360 . I filed it against lxc although it is more like something in flash-kernel that should detect the platform it is running on.13:24
uvirtbotLaunchpad bug 1160360 in lxc "flash-kernel failed in an armhf lxc container on ARM: /usr/sbin/flash-kernel: 214: /usr/sbin/flash-kernel: mkimage: not found" [Undecided,New] https://launchpad.net/bugs/116036013:24
stgraberjibel: ah, sounds like the same kind of problem we had with grub on x8613:26
stgraberjibel: btw, I'm still trying to figure out what happened with the python module, it's a really weird bug ;)13:26
jibelstgraber, I'm sorry :)13:26
stgraberjibel: well, I'm glad you noticed it before we release the final 0.9 :)13:27
hallynstgraber: so to deal with the veth create scalability, we might want to have all templates default to specifying names and peer names for all veths13:27
jibelstgraber, I'm feeling like the only user of lxc on ARM13:27
stgraberhallyn: ah, I didn't follow the discussion too closely but is the extra delay caused by the generation of a unique name for the pair?13:28
hallynjibel: you might be, but i'm setting up my arm laptop right now so you won't be13:28
stgraberjibel: you're not, I'm using it on my pandaboard for package builds ;)13:28
hallynstgraber: yeah finding a new name is o(n^2)13:28
hallynstgraber: but those build containers don't get upgraded?13:29
stgraberhallyn: they do but they don't have a kernel in them ;)13:29
hallyni've got a bad feeling about 1160360,13:29
hallynwe had to go to some effort to fix that with grub13:29
hallynso will mkimage have to detect if it's in a container too?13:29
jamespagezul, could you ack the python-coverage update here please - http://people.canonical.com/~jamespage/ca-updates/13:30
stgraberhallyn: so I'm not sure I like the idea of forcing people to set the names for the pair in the config as it may be a bit tricky for people to figure out when moving containers around13:30
stgraberhallyn: however we can easily generate something better than the current random names13:30
zuljamespage:  +113:30
jibelstgraber, oh wait, about the kernel bug, maybe it's just me doing weird things because I reused a cloud-config script that is normally used to provision local VMs13:30
hallynstgraber: they're usually random, how is 'containername.1 and containername.2' worse?13:30
jibelI'm trying something13:30
hallynthough there is probably a rather short length limit13:31
stgraberhallyn: veth<PID of lxc-start>-<index>13:31
hallynjibel: no i'm guessing any instance based from cloud image will have a kernel and cause this13:31
stgraberhallyn: I'd rather we have LXC generate good unique names than assuming that people or our template will ;)13:31
hallynstgraber: or just v<initpid>.1 and v<initpid>.2.  something like that, yeah13:31
jamespagezul: ta13:32
hallynstgraber: sounds good13:32
stgraberhallyn: right. The only problem I can think of with initpid is when doing nesting, as you can technically get a clash13:32
=== masACC is now known as maswan
stgraberhallyn: not sure what else we can use though ;)13:33
jamespagezul, "        self.fake_ryu = fake_ryu.patch_fake_ryu_client().start()"13:34
hallynstgraber: that should still be mostly not o(n^2), and should be very rare13:34
jamespageso it does have unit tests but it stubbs out the client - which is fair enough13:34
zuljamespage:  well thats something i guess13:34
hallynjamespage: at first glance i thought you were telling zul off13:34
zulhallyn:  wouldnt surprise me ;)13:34
stgraberhallyn: oh nevermind, with nesting we also get a new netns so the veth name won't clash13:35
hallyntrue :)13:35
stgraberhallyn: so yeah, v<initpid>.<increment> sounds good, should be reliable and will fix the allocation time issue13:35
zulyolanda/jamespage: https://code.launchpad.net/~zulcss/quantum/rc2/+merge/15548613:35
stgraberhallyn: is that something you want to do for 0.9?13:36
* jamespage hopes he's not getting a rep for telling people off13:36
hallynstgraber: yeah i think so13:37
hallynstgraber: not right now though, and i'm not sure where to record that task :)13:38
hallynwe need a 0.9 and 1.0 blueprint13:38
hallyns13:38
stgraberhallyn: ok. My hope is to send the pull request for 0.9 on Monday13:38
hallynoh.  hm.13:39
stgraberhallyn: assuming I figure out that damn python bug by then ;) I did a dozen test build yesterday and it's just plain weird...13:39
hallynok i'm still waiting for my arm to update.13:39
hallyn(and then of course i'll have to drop back into android to flash the old kernel since new kernel doesn't work)13:40
stgraberso far, I've come to the conclusion that it's not some kind of weird function name clash (my function was called get_version so could have clashed with one of the LXC ones) and it's not caused by what we get from the LXC API as even returning a fixed string gives the error13:40
hallyn/build/buildd/sparc-cross-toolchain-base-0.9ppa1/debian/tmp/usr/include/stdc-predef.h:30:26: fatal error: bits/predefs.h: No such file or directory    hmmmmm13:41
hallynoh.  feh.  my arm kernel doesn't have bridge support13:43
hallynguess i'll leave that to stgraber13:44
stgraberI found quite a few bugs so far, but none that explain what I see ;)13:46
=== hito_jp0 is now known as hito_jp
gQuigsI can't seem to find documentation on the Ubuntu 10.04 Kernel Backports; the best I could find was http://askubuntu.com/questions/29961/why-are-only-some-versions-of-the-kernel-backported-to-certain-releases13:49
gQuigsbut no "official" doc backing that up13:49
gQuigsspecifically I'm wondering if support for the 3.0 kernel ends in April with Oneiric13:50
stgraberhallyn: oh wow, so I can confirm that it's nothing to do with the function in my python binding, it seems to have something to do with the structure listing the functions related to the python module13:52
hallynhuh13:52
stgraberhallyn: the bug happens whenever that struct contains two items. If I remove get_current_config_dir, then get_version works13:52
hallyndoes it need to be (and is not) null terminated?13:52
stgrabernow to go check the python documentation to figure out what I missed ;)13:53
stgraberit needs to be NULL terminated and it's13:53
hallyn:)13:53
hallyn+1 then :)13:53
=== wedgwood_away is now known as wedgwood
=== manjo` is now known as manjo
=== wedgwood is now known as Guest28578
jamespagezul: +1 on quantum rc2 MP14:08
zuljamespage:  cool thanks14:08
jamespagezul, sorry - got distracted by something else14:08
zuljamespage:  no worries i had other things to keep me busy14:08
zuljamespage:  http://people.canonical.com/~chucks/ca/14:27
hallynstgraber: actually, i wasn't thiniing right.  since we always pass in a random name, we should be ok now in lxc - we're passing in a name, so kernel doesn't have to find one.14:32
eagles0513875hey guys quick question ufw automatically denies all or do i need to setup a rule to deny everything14:33
RoyKeagles0513875: "ufw enable" will deny all incoming access14:34
eagles0513875thankjs RoyK :) deny everythign unless i tell it to allow a certain port or service14:35
RoyKeagles0513875: if you need external access, such as ssh, run "ufw allow 22/tcp" *before* running "ufw enable"14:35
RoyKeagles0513875: deny everything *incoming*. It normally allows everything outgoin and related/established return traffic14:35
eagles0513875ok kool :)14:36
eagles0513875all i do know RoyK is that there is lots of inbound attempts thank god it denys everything except what i have allowed14:36
stgraberhallyn: ah, we already do that now?14:38
nottheoilrigsmoser: i'm getting a lot of 403 errors from one of the ec2 archive mirror14:58
stgraberhallyn: fixed!14:58
nottheoilrige.g. http://us-east-1.ec2.archive.ubuntu.com/ubuntu/pool/universe/a/aria2/aria2_1.15.1-1.debian.tar.gz14:58
stgraberhallyn: you were right on a null-terminated list that wasn't null-terminated, except it wasn't the one I changed at all ;) it was some get/setters list that we've had around for ages14:59
stgraberhallyn: properly ending that one fixed everything...14:59
nottheoilrigis this a known issue? can you please help me find the right bug number for this 403 behavior?15:00
smosernottheoilrig, are you sure you have apt-get updated ?15:00
stgraberhallyn: I'll upload a fixed lxc in a few minutes15:01
stgraberjibel: ^15:01
nottheoilrigsmoser: yes, that was the first thing i thought, but even after apt-get update i get the same 403 error15:01
jibelstgraber, great, I'll be happy to test it.15:02
smosernottheoilrig, looking at it.15:02
nottheoilrigsmoser: thank you15:03
jamespagezul, +1 on ca update for quantum rc2 as well if I've not already done so15:03
zuljamespage:  thanks15:04
hallynstgraber: great :)15:04
nottheoilrigis there an option that i can pass to apt-get update to print the actual URL it uses for the line:15:06
nottheoilrigHit http://us-east-1.ec2.archive.ubuntu.com quantal/universe Sources15:06
Jeeves_https://github.com/tuxis-ie/monitoring/tree/master/mklivestatus15:06
Jeeves_(For those of you playing with Nagios :))15:06
nottheoilrigah, --print-uris15:09
smosernottheoilrig, just so you're aware, that is "just" a source package.15:10
smoserie, i can 'apt-get install aria2', just not 'apt-get source aria2'15:10
stgraberhallyn: patch sent to the ML, not sure how long it'll take for you to get it though :)15:10
hallynstgraber: was right quick that time15:12
nottheoilrigsmoser: yes, i was trying to "apt-get source" to find all the places in ubuntu where Libgcrypt GCRYCTL_SET_THREAD_CBS is invoked15:12
SpamapSI believe some people were working on getting opengrok setup for everything in Ubuntu main15:14
smosernottheoilrig, right. its a valid problem, just making sure you realized that it wasnt affecting binaries.15:15
* nottheoilrig nods15:15
smoserits being worked, by canonical IS, nottheoilrig15:16
nottheoilrigsmoser: thank you!15:16
hallynsmoser: it seems to me canonistack is suffering frmo bug 1100843.  where after some time, qemu vm performance degrades significantly.  Have you ever noticed that anywhere?15:16
uvirtbotLaunchpad bug 1100843 in qemu-kvm "Live Migration Causes Performance Issues" [Medium,Confirmed] https://launchpad.net/bugs/110084315:16
hallyn(i.e. start up a vm, it's quick, let it sit for a few hours or days, then it's slow)15:16
stgraberhallyn: I'm glad we found that one before 0.9 because it could have been the source of quite a few very very weird python-related bugs :)15:16
hallynstgraber: now q is is that the last one for this release :)15:17
stgraberhallyn: it's almost a miracle it showed up as that simple UnicodeError and not as some kind of weird corruption15:17
stgraberhallyn: well, I've got a dozen production servers running rc1 with a ton of containers and sub-containers using hooks, seccomp and everything scripted with the API, if there was anything horrible, I should have noticed ;)15:18
stgraber(though that's not on arm, so the python one went unnoticed)15:18
smoserhallyn, i've noticd that, yes. but i'm not sure that that has to do with live migration.15:19
smoserwhat evidence of live migration link do you have?15:19
Davieym_3: around?15:19
hallynsmoser: i have none, and was the one who pointed out that it may not be related to live migration at all15:20
hallynall right i'll see if i can get some metrics on that15:21
stgraberhallyn: so for bug 1159818 I guess the right solution is to allow armhf, copy some of the non-native arch magic from lxc-ubuntu and nag utlemming until cloudimg-query works with armhf?15:31
uvirtbotLaunchpad bug 1159818 in lxc "Allow architecture armhf with template ubuntu-cloud when running on ARM" [High,Confirmed] https://launchpad.net/bugs/115981815:31
=== Ursinha_ is now known as Ursinha-afk
hallynstgraber: yeah,15:34
hallyni think utlemming may be dev-nulling his lxc bugmail :)15:35
utlemminghallyn: I saw it...I just haven't had a chance15:35
hallynutlemming: ive been assuming you want to be cloud template maintainer, but if you just don't have time for it let me know i guess15:36
hallyn(presumably you can crank it out a lot faster than I)15:37
stgraberhallyn: I'll take a look at the lxc-ubuntu-cloud change myself as I've done the armhf stuff in lxc-ubuntu and I think we want to allow for lxc-ubuntu-cloud armhf on x8615:37
stgraberbut I'll let utlemming deal with cloudimg-query15:37
hallyncool15:40
tedskii am so fucking spoiled on coffee15:43
tedskii just pulled a shot from the superauto at work15:43
tedskii had to go pour it down the drain15:46
tedskiwhoops, wrong channel15:47
tedskiderp15:47
oneHow do I share a connection over wifi on the server system?16:05
oneIs it going to be in the server guide?16:05
hallynone: http://s3hh.wordpress.com/2011/12/15/simple-netboot-setup/  is how i do it16:11
onehallyn: how do I export a link into another console from irssi in console?16:12
hallynif you're under screen you can cut/paste the link in screen16:13
hallynreally that link isn't so unworkable to not be typable16:13
onetheres no mouse in my console though16:13
hallynbut, in a mtg, bbl16:13
hallynyou don't need a mouse if you're under screen16:13
hallynctrl-a esc, j/k/h/l over, 'space' to start sleecting, $ to end of line, space to finish selectnig, enter, ctrl-a ] to ppaste16:14
onehallyn: how long will you be gone16:15
onelet me move to a screen session and try it16:15
one_I am in screen now16:16
one_please repaste the link so I can try this16:16
onescreen looks very useful but there arent any apparmor profiles made for it so I have been shying away from it16:19
oneI will have to make an apparmor profile for it16:20
oneseems like every progrum access the root password file16:20
oneso pretty much everything needs apparmor16:20
Braceone: I can strongly recommend byobu, it's a userfriendly overlay onto screen16:20
Braceone: this is ubuntu, you shouldn't have a root password really16:21
oneBrace: come on im not a sucker16:21
oneplease16:21
onerefrain from antagonizing me16:21
Braceone: sorry, I'm not trying antagonise you, it's just that as I understand it, the 'ubuntu way' is not to have a root password16:22
oneyes its called stupid by default16:22
Braceone: or if you mean byobu, then it's a really good program, I strongly recommend it16:22
oneBrace: thanks but im not interested in extras16:23
oneI am trying to cut and paste a link at the moment16:23
onewill you repaste that link for me16:23
kirklandBrace: :-)16:23
onewill you repaste that link for me16:25
onehey nutmeg16:26
Braceone: as I'm feeling nice - http://s3hh.wordpress.com/2011/12/15/simple-netboot-setup/16:26
Bracekirkland: I see what you mean :-)16:26
hallynone: link repaste http://s3hh.wordpress.com/2011/12/15/simple-netboot-setup/16:27
andolBrace: Why make generalized statements about (not) having a root password? Assuming I have my server setup not to accept root logins over ssh I might still find a root password very convenient if I need to repair something from the physical console.16:27
hallynBrace: oh, thx :)  missed yoru repaste16:29
hallynok, bbl16:29
Bracehallyn: np :)16:29
Braceandol: it wasn't really generalised, I was directing it at one, if you want to have root passwords, then that's your choice16:30
oneok I got it into buffer now how do I open a new window?16:36
zuljamespage:  https://code.launchpad.net/~zulcss/ceilometer/rc1/+merge/15555216:38
one_screen is pretty nice, figured it out16:39
hallynctrl-a c16:40
one_If you want to get to the Father you must go through the Son.16:40
one_Not the wife not the mother, try it only mutilate her it is similar to quantum encryption.16:41
one_Brace: choose the way of the Master16:41
=== one_ is now known as one
jamespagezul: ceilometer LGTM16:50
zuljamespage:  thanks16:51
zuljamespage:  i expect to get happybase from debian anyways16:51
jamespagezul, yeah - zigo uploaded it - its in NEW16:52
jamespagezul, we still need to package ming tho16:52
jamespagezul, next cycle along with ryu for quantum I think16:52
zuljamespage:  pythyon-ceilometerclient is still in new as well16:52
jamespageDaviey, please please please ^^16:52
jamespageDaviey, oh and please please please openstack folsom updates in quantal-proposed queue16:53
samba35i have 2 ubuntu systems 1 is on physical desktop and another on vmware ,i want to access firefox of vmware ubuntu from physical desktop using ssh or better option (???)16:53
holsteinaccess? you mean,, you want to forward -x via ssh ?16:54
holsteinsamba35: ^16:54
samba35yes16:55
holsteinsamba35: sure.. that'll work16:55
samba35but i am not able to get desktop /remote firefox16:55
samba35try export display also16:56
holsteinsamba35: can you ping them from each other? did you set the networking up properly? can you ssh in?16:56
samba35if you dont mind can you pls tell me how it can be achive16:56
samba35yes16:56
holsteinsamba35: yes, you can ping? and ssh in?16:56
samba35i can ping to each other able to use ssh from both side16:56
holsteinsamba35: did you configure ssh to forware x?16:58
holsteinforward*16:58
Davieyjamespage: ack16:58
samba35on which machine16:58
samba35X11Forwarding yes16:59
holsteinsamba35: http://unix.stackexchange.com/questions/12755/how-to-forward-x-over-ssh-from-ubuntu-machine16:59
holsteinsamba35: and you restarted the service?16:59
samba35yes17:00
jamespageDaviey, ya17:00
jamespageta rather17:00
samba35infact restart system also :)17:00
holsteinsamba35: what error messages are you getting?17:00
samba35Error: no display specified17:01
holsteinsamba35: https://bbs.archlinux.org/viewtopic.php?id=8894517:02
holsteinhttps://wiki.archlinux.org/index.php/SSH#X11_forwarding17:03
holsteinsamba35: use a pastebin to paste your terminal with the command and the error message17:03
samba35ok let me try17:03
samba35pls wait ,be right back17:03
stgraberhallyn: wow, make dist was really quite broken in upstream LXC :) I just noticed when comparing my tarball with Daniel's. Patch incoming17:03
stgraberhallyn: next up is fixing make clean to actually cleanup everything, then I think I'll be happy with our build system :)17:04
hallynstgraber: why is lxc.c in EXTRA_DIST?17:09
stgraberhallyn: that's the python lxc.c so it's not built through the standard automagic17:09
stgraberhallyn: so needs to be specifically included in EXTRA_DIST along with setup.py if we want to see it in the tarball at all17:10
hallynoh the release tarball17:10
hallyngotcha, thx :)17:11
samba35now i am getting X11 connection rejected because of wrong authentication.17:11
samba35Error: cannot open display: localhost:10.017:11
stgraberright, that whole commit is about fixing the release tarball not including quite a bunch of files :)17:11
stgraber(and including some files it shouldn't)17:11
hallynyup, ack is in the mail.  not sure when you'll getit17:11
stgraberhallyn: got it17:11
hallyni hear sf.net doesn't deliver email on saturdays any more17:11
hallynk :)17:11
stgraberhallyn: I just hope Dwight will be able to answer my follow-up lxc.spec question17:12
hallynmaybe you shouldn't have beatn around the bush :)17:13
hallynwoohoo, got past install-gcc117:15
ikonia? install-gcc1 ?17:16
stgraberjibel: updated lxc should be in the archive now17:17
jibelstgraber, okay, I'll try in a moment.17:18
smoserjibel, ping17:28
smoserbug 116046217:29
uvirtbotLaunchpad bug 1160462 in cloud-init "Don't run resizefs hook during installation of an LXC container with cloud-init" [Undecided,New] https://launchpad.net/bugs/116046217:29
smoseris that a regression ? i dont think it stricktly is.17:29
jibelstgraber, python3-lxc 0.9.0~rc1-0ubuntu2 works fine.17:29
stgraberjibel: yay!17:30
jibelsmoser, I don't think it's a regression17:30
jibelsmoser, in the context of LXC it just doesn't make sense to try to resize the hard drive of the host.17:33
smoserjibel, right. it doesn't make sense to do it. i should have caught the ENOENT on the stat.17:42
smoserbut it doesn't make sense specifically to *not* do it just because its lxc17:42
jibelsmoser, right too :)17:51
=== hatch_ is now known as hatch
Free99hello everyone, I'm running an asterisk server on a ubuntu server via linode, having trouble getting phones to call each other, but they can call asterisk and run the echo test just fine18:28
Kubes_Hello, cloudinit question.  How does cloudinit determine initial boots (for run once) vs post start-ups?  Can this be reset?  (Testing and build amis from a current instance?>  Thanks!18:41
Kubes_Is this correct place for ask cloud init questions?18:58
sarnoldKubes_: it's not wrong..18:59
zuljamespage:  http://people.canonical.com/~chucks/ca/18:59
Kubes_Ok, thanks.  the #ubuntu channel send me here, what is the correct place?19:03
holsteinKubes_: just ask, and we'll see what the issue is19:03
sarnoldKubes_: I don't know if this is the _best_ place, but at least this is good enough. :) feel free to re-ask in another few minutes...19:03
Kubes_How does cloudinit determine initial boots (for run once) vs post start-ups?  Can this be reset?  (Testing and build amis from a current instance?19:04
smoserutlemming, fun19:13
smoserhttp://paste.ubuntu.com/5650240/19:13
smoserraring instance19:13
=== JanC_ is now known as JanC
jamespagezul: +119:17
zulthanks19:17
zulDaviey:  *cough* python-ceilometerclient *cough*19:19
Davieyzul: yes, i will do it today.19:23
zulDaviey:  cool then we should be ok for grizzly19:23
smoserutlemming, https://bugs.launchpad.net/ubuntu/+source/linux/+bug/116054319:33
uvirtbotLaunchpad bug 1160543 in linux "kernel crash on EC2 raring" [Undecided,Incomplete]19:33
hallynwoohoo!  sparc-cross-toolchain-base built19:39
stgraberhallyn: congrats!19:42
philpemAny postfix gurus in the building? I'm getting this when I try to send mail: Mar 26 19:46:16 wolf postfix/smtp[11111]: 7842A2C0E04: to=<philpem@philpem.me.uk>, relay=mail.philpem.me.uk[96.47.225.116]:587, delay=0.84, delays=0.2/0/0.37/0.26, dsn=5.0.0, status=bounced (host mail.philpem.me.uk[96.47.225.116] said: 550 SMTP AUTH is required for message submission on port 587 (in reply to RCPT TO command))19:48
philpemRelayhost is set up, smtp_sasl_auth_enable is set, smtp_sasl_password_maps is set, smtp_sasl_security_options is clear.19:49
jcastro_sebrock: hallyn: so which one of you is putting docker in ubuntu? :)19:51
jcastro_sorry sebrock, I meant stgraber19:52
hallynwow i've never gotten so many 'your email is awaint approval' msgs from just one email :)19:53
stgraberjcastro_: well, unlikely to happen for 13.04 considering how new it's and that we're about to freeze for good, but for 13.10, I'm sure we'll find volunteers19:54
stgraberjcastro_: ideally by then they'll have talked to upstream LXC and we can get them to use the API instead of wrapping around our binaries19:54
hallynjcastro_: personally i'm still waiting for the hype to settle down19:54
jcastro_I was more hoping for a ppa than anything else19:55
hallynbut maybe i'll go learn some go from their github repo :)19:55
jcastro_stgraber: ack.19:55
hallynstgraber: this thread may be a sign that at the next 'ubuntu irc days'/whatever another lxc demo is needed19:56
stgraberhallyn: I guess so, I've been pretty consistent at showing off LXC at every single conference I've been attending in the past 3 years, but I guess not everyone attends those, so maybe an IRC session would be a good idea too (or an hangout? hangout on air has the advantage that we can screenshare)19:57
hallynstgraber: that's a good idea20:00
hallynperhaps to celebrate 0.9 :)20:01
stgraberas good a pretext as any ;)20:02
hallynall right lemme finally take care of the libvirt dnsmasq.d sru, then i'll look at the lxc-clone patch20:02
hallynwe dont have clone in teh api yet do we?20:02
stgraberno, I have it in the python API though but it just calls lxc-clone20:02
stgraberbut I have plans to kill all of those in 1.0 anyway and move to a clean C implementation + backend plugins in shell20:03
hallyni think we need lxc-clone rewritten in python20:03
* hallyn looks around for a volunteer20:03
stgraberso that create/destroy/clone/... can all use some common functions to deal with the various backends20:03
hallynright20:03
stgrabersure, once we have clone() in C with the plugins and everything, lxc-clone can be made a 5 lines python script ;)20:04
hallynstgraber: can you put up a wiki page with the todolist (including rewriting lxc-clone as c) so we can easily prioritize?20:04
hallyntodolist for 0.9 and 1.0 i mean20:04
hallyn(i can start it if you prefer, but i think you have an actual list you can start from :)20:05
stgraberhallyn: I'll publish something after 0.9 is out, I don't want to confuse people :)20:05
hallynok20:05
stgraberfor now I want bugfixes, then get 0.9 out next week, then start preparing 1.0 and getting people to start sending feature patches for 1.020:06
hallynright20:06
hallynok, biab20:06
hggdh/join #ubuntu20:10
stgraberjibel: testing a patch to the lxc-ubuntu-cloud template to support armhf on x86 and armhf on armhf (will still need manually passing the URL until utlemming uploads a new cloudimg)20:23
blistovAnyone having issues with AMD-Vi initialization failing after updating to xen-hypervisor-4.1-amd64:amd64 (4.1.2-2ubuntu2.5, 4.1.2-2ubuntu2.6) ?20:30
stgraberhallyn, jibel: So I'll send a patch to make armel/armhf work on armel/armhf hosts for both lxc-ubuntu and lxc-ubuntu-cloud. armel/armhf on x86 for the cloud image is working here but the change is rather massive and I'd rather avoid rushing this in 0.920:40
hallynsend to lxc-devel?20:41
stgraberespecially as it wouldn't work out of the box anyway until flash-kernel is fixed or removed20:41
stgraberhallyn: yeah. Finishing the tests here, will send in a few minutes. The bits I'll send for 0.9 are just some simple changes to the arch checks. For 1.0 I'll push the rest of the changes I have here which basically doubles the size of lxc-ubuntu-cloud (we need function sharing between our two templates ;))20:42
hallynthx will look for it20:42
hallynhm, yeah, with abstraction/templating (in the OO sense :) we could actually make fn sharing between lxc templates pretty nice20:43
hallyni've been looking for a good way to move all that away from shellscript20:43
hallynideally would've been to c, but this might make it worth doing in python (or c++) and continuing to have the c api wrap program calls20:44
stgraberI think python would be better for the Ubuntu templates. I'm not a huge fan of subprocess handling and wgetting stuff from C :)20:44
stgraberyay, got an armhf cloud instance running in LXC on my x86 machine, so that patch works too. Just need to keep it around for LXC 1.021:02
Kubes_A cloudinit question I asked prior, but still answered, maybe there's a expert here now.  How does cloudinit determine initial boots (for run once) vs post start-ups?  Can this be reset?  (Testing and build amis from a current instance?21:05
=== Pyus is now known as contigi
hallynstgraber: now, arm ubuntu-cloud containers on amd64, that should just be a matter of updateing the template a bit right?  no technical reason for that restriction?21:53
stgraberhallyn: correct and I have a patch for that, expect that "a bit" is around 80 lines of pretty weird code to deal with qemu-user-static and multi-arch21:54
hallynstgraber: also, on raring on arm i thought qemu-i386-static should work21:54
hallynstgraber: yup, ok.21:54
stgraberso I'm not planning on allowing qemu-user-static for cloud images in 0.9, but for 1.0 I expect to have it21:54
stgraberi386 on arm is interesting, I didn't know it actually worked nowadays21:55
hallynit should, with the new qemu source in raring21:55
hallynbut, not worth worrying about now :)21:55
hallynthx - ttyl21:55
stgraberI'll run a quick test, if it works, I'll allow it in lxc-ubuntu21:55
stgraberhallyn: is that just i386 or x86_64 too?21:56
hallynstgraber: should both be there...21:57
stgraberhallyn: ok. I'll run a test. Last I tried, they were "there", working was a whole other thing though :)21:57
stgraber(things segfaulting all over)21:57
hallynsigh21:58
stgraberhallyn: /bin/sh: 1: Cannot fork22:13
stgraberhallyn: that's what I get under qemu-i386-static on armhf22:14
stgraberhallyn: so I can spawn a first process but that's about it :)22:14
stgraberhallyn: same with amd64 on armhf22:16
Fleckhello, ubuntu server uses old package for courier-imap22:16
Fleckhave some problems because of this!22:17
Iapetushello!22:22
IapetusCan someone help this newb with directions to make my server available to the world?22:22
IapetusIt's working and I can access it on my own network, but no one elsewhere can seem to get to it.22:23
Iapetusand I suck at networking ;_;22:23
sarnoldIapetus: can you ping from your server to e.g. google.com? can you ping to 4.2.2.1? Is your server on an rfc1918 private network address? do you have NAT in place?22:25
Iapetusooo hang on22:26
Iapetusyes, and yes, I do not know what a rfc1918 private network is, and I don't think so about NAT22:27
sarnoldrfc1918 is the 192.168/16, 10/8, and ... 172.something addresses22:28
Iapetusone second22:28
Iapetusoh and to be a little more clear: I am running two computers. One of them has the server installation, and this is the one I am chatting with. I can SSH to the server as well.22:32
Iapetusafter reading a little more, I would say yes the server is on an rtf191822:33
sarnoldIapetus: okay, hosts in the private unroutable address space tend to get internet access through network address translation; that complicates other machines contacting the host directly. (ping, for example, will never really work.) you'll need to do some port forwarding on your NAT firewall.22:34
Iapetususing router settings?22:36
sarnoldIapetus: yeah; how you do that varies from system to system...22:36
IapetusI logged into my router and set the Port Forwarding Range to point to the server's IP address, with start port at 22 and and port at 80, allowed both TCP and UDP. Was this wrong?22:39
sarnoldIapetus: heh, forwarding port 53 dns may cause you problems looking up hosts -- depends on how well the designers of your router thought things through :)22:40
sarnoldIapetus: I'd start with only ports 22 and 80 over tcp. use only what you need..22:41
Iapetusright on22:41
Iapetusgood to know I'm on the right path22:42
Iapetusdamn that %10 configuration and %90 content :S22:43
Iapetusis the 192.168.0.xxx address accessable from anywhere though? or do I need to change that to something more unique?22:45
sarnoldIapetus: that address range can't be routed over the internet. (Every reasonable ISP will perform ingress and egress filtering on those address ranges to prevent them from being on the internet.)22:46
Iapetusmakes sense22:46
sarnoldIapetus: we ran out of ipv4 addresses, so you don't really have an option. You can still get IPv4 addresses from some ISPs, but they've all been handed out now, so...22:46
Iapetuswait, what?22:47
Iapetusdoes that mean I cannot make my home server accessable to the internet?22:48
sarnoldIapetus: you can, it just means using NAT and setting up port forwarding.22:50
Iapetusthank you for the help btw, sometime google is a needle in a haystack22:50
Iapetustime to read some more :S22:51
sarnoldIapetus: if you're like most home-users, you'll next want to read about "dynamic DNS" systems; if your NAT firewall's IP address changes due to a new dhcp lease, a dynamic dns thing will let you continue using a convenient hostname.22:53
Iapetusyeaaaah, I just read about NAT on wikipedia FML22:58
IapetusI went to school for programming, not networking ;_;22:59
Iapetuswell fudge23:02
Iapetusthink you could walk me through this?23:03
=== wedgwood is now known as wedgwood_away

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!