[00:48] <surjikal> Hey guys, for some reason, my sshd service isn't starting on boot. I see no errors in syslog. I'm able to mount the server's drive onto another ubuntu distro. Is there a way I can make sshd boot on startup by modifying some config file? Alternatively, can I somehow chroot into my mounted drive?
[00:51] <sarnold> surjikal: check /etc/init/ssh.conf, /etc/init/ssh.conf.override, /etc/default/ssh, /etc/ssh/sshd_config
[00:52] <sarnold> surjikal: you can chroot into the filesystem with ... drum roll ... cd /path/mounted/filesystem ; chroot .
[00:53] <surjikal> sarnold, would I be able to start sshd from the chroot?
[00:54] <sarnold> surjikal: I would expect so, unless your system already has an sshd bound to port 22...
[00:55] <sarnold> surjikal: upstart has some chroot awareness, it might be worth reading about that a bit before just starting sshd..
[02:47] <shauno> what am I missing here?  quantum is complaining I haven't specified an sql_connection, but it's right where I expect it to be; http://paste.ubuntu.com/5666366/
[02:53] <three18ti> shauno, I don't know the application you'
[02:54] <three18ti> re trying to configure
[02:54] <three18ti> but the sql_connection
[02:54] <three18ti> sql_connection = mysql://quantum:quantum@192.168.1.10/quantum_db
[02:54] <three18ti> doesn't look right to me.
[02:54] <three18ti> where is the config manual?
[02:56] <shauno> http://docs.openstack.org/grizzly/basic-install/apt/content/basic-install_network.html  is for a different plugin (ovs), but the same format is used for sql_connection throughout
[02:56] <three18ti> I <3 ovs
[02:57] <three18ti> well... it's identical to the manual so... there goes that line of thinking.
[02:59] <shauno> this "Option 'sql_connection' not specified in any config file" feels like it's not even getting that far, and this config file isn't being parsed
[03:03] <resno> i have a python process that should always run. if it fails, i want to reboot it. i remember there being an app to handle it... any suggestions
[03:03] <resno> sysserv or something...?
[03:05] <resno> daemontools with supervise?
[03:13] <resno> hmm, theres monit too
[03:28] <BlackWeb> I'm currently using Ubuntu Server 12.04, Which it use to WOL, But then did a update and it killed the WOL function, Which I have the correct entries in /etc/rc.local & ethtool eth0 shows that its enabled but still nothing Does anyone have any IDeas?
[06:12] <dfo1981> anyone who can help me with setting up vsftpd ?
[06:12] <dfo1981> its not so much the setting up vsftpd, its more the user/permission part of logging into vsftpd
[09:36] <yolanda> Daviey, jamespage, i have several approved MPs for dep-8-tests
[09:36] <Daviey> yolanda: super, fancy showing me the first one?
[09:37] <yolanda> https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/postfix/dep-8-tests/+merge/161610
[09:38] <Enich> I was looking for a solution to unattended installations of mysql and i came across this..  http://stackoverflow.com/questions/7739645/install-mysql-on-ubuntu-without-password-prompt    My question is this.     in question 2, when the person does the sudo debconf ....<<< '.... password'   will that password stay in the debconf-set-selections permenantly or is it a temporary thing.  It might be a stupid question, but i would rather ask then messing stuff
[09:38] <Enich>  up ..  i was thiking of using the third answer, with the noninteractive, and then instead of doing a mysqladmin thing, then put in the hashed password directly instead of the changepassword option with mysqladmin
[09:40] <yolanda> Daviey, i submitted all the changes to debian for the approved MP, does it make sense to wait until they are included, or do we incorporate in our packages?
[09:41] <rbasak> Enich: permanantely, if I understand your question correctly. This is the same as if you had entered in the password by hand on installation. Unless there's a bug, the password is held so that only root can read it, though. This is the same as if you had created a ~root/.my.cnf manually. I think the package might do that anyway?
[09:41] <Daviey> yolanda: I think it's reasonable for us to do it in parallel with Debian on most packages
[09:41] <yolanda> ok, so there is the MP for postfix
[09:43] <Daviey> jodh: Are you sponsoring https://code.launchpad.net/~yolanda.robla/ubuntu/saucy/postfix/dep-8-tests/+merge/161610 ?
[09:44] <hXm> btw reading the log i got this http://pastebin.com/TgDCVXPf
[09:44] <hXm> it repeats for a long time
[09:44] <Enich> rbasak, thanks for the answer..  i wouldnt want the root password floating around in files in plaintext.. even though it might only be readable by root.
[09:44] <hXm> is someone trying to do something weird or what? and what can i do
[09:44] <rbasak> Enich: I agree. It's what the package does anyway though, I think.
[09:45] <Enich> i guess its better having it "float around" less places then.   :)   now for the second question.
[09:45] <rbasak> Enich: since mysql doesn't present any other way to get to the server AFAIK, and the package does things like certain upgrades for you, I don't think it has any choice. If you try and go against that, test it carefully because I'm not sure if the packaging will break or not (it may be fine - I just don't know).
[09:45] <rbasak> I just noted in the askubuntu.com answer that using "echo ...|" is bad because it may leave your password in the shell history of the unprivileged user.
[09:46] <Enich> we really dont want that.
[09:46] <rbasak> But if you get it into debconf-set-selections securely yourself (eg. in a here doc), you'll get exactly the same result in terms of plaintext passwords floating around as if you had entered it by hand.
[09:48] <Enich> Would any of you know of application(with scripting support) that would let me connect to a serial interface, and then send ascii strings (i am basically trying to make a script that connects and sends the initial configuration to a device with a serial interface.)
[09:48] <rbasak> echo "foo" > /dev/ttyS0
[09:49] <rbasak> With stty first to set the serial parameters up.
[09:49] <Enich> iv been looking at miniterm.py  cutecom and a few others
[09:49] <rbasak> Or about three lines of python with the pyserial module
[09:49] <Enich> /dev/pts/x
[10:02] <Enich>  rbasak, the echo "foo" > /dev/pts/3   does not work im afraid,  i think i would need a application like miniterm.py, cutecom etc to establish the negotiation etc.
[11:16] <RoyK> hi all. any idea how to open an ssh tunnel from A to B so that C can reach A through B directly? I'm testing with 'ssh -f -n -N -o ExitOnForwardFailure yes -R 3035:0.0.0.0:22 -D 0.0.0.0:3035 asdf@adsf.karlsbakk.net', but that only makes B listen on 127.0.0.1:3035
[11:20] <patdk-lap> not sure what -D does for that
[11:21] <patdk-lap> but it's as simple as, -R localip:localport:Cip:Cport user@b
[11:21] <patdk-lap> wait, you want to go from C to A
[11:22] <patdk-lap> you will have to do that ssh from C to B
[11:22] <patdk-lap> unless you wanted to do that, double-ssh trick to break through nat
[11:23] <patdk-lap> http://www.howtoforge.com/reverse-ssh-tunneling
[11:26] <RoyK> patdk-lap: testing...
[11:30] <RoyK> patdk-lap: so something like ssh -f -n -N -o ExitOnForwardFailure\ yes -R 0.0.0.0:3035:0.0.0.0:22 u@b ?
[11:30] <RoyK> patdk-lap: tcp        0      0 127.0.0.1:3035          0.0.0.0:*               LISTEN
[11:30] <RoyK> sitll
[11:31] <patdk-lap> the first 0.0.0.0 if missing becomes localhost, if you only need to connect from that computer, the second one is the computer the connection should go to (with source b)
[11:31] <patdk-lap> maybe some ssh option limiting it
[11:33] <RoyK> GatewayPorts
[11:33] <patdk-lap> oh wait, I'm thinking -L not -R
[11:33] <RoyK> GatewayPorts yes helped
[11:44] <RoyK> patdk-lap: in sshd_config
[12:42] <hXm> hi
[12:42] <hXm> how can i disallow postfix for external use
[12:42] <hXm> i only want from localhost
[12:43] <greppy> hXm: you could setup firewall rules, or you could configure it to bind to 127.0.0.1
[12:44] <hXm> it could be in main.cf?
[12:44] <hXm> talking about postfix
[12:44] <hXm> ah, inet_interfaces
[12:44] <hXm> thanks
[12:45] <NginUS> I'm having trouble with xrdp in that it disconnects me as soon as the desktop loads- right after the kdm splash screen. Anyone have ideas as to a solution?
[13:05] <lamont> df
[13:05] <lamont> doh
[13:17] <RoyK> -bash: doh: command not found
[13:18] <Nafallo> nafallo@wizard:~$ doh
[13:18] <Nafallo> No command 'doh' found, did you mean:
[13:18] <Nafallo>  Command 'dh' from package 'debhelper' (main)
[13:18] <Nafallo> doh: command not found
[13:19] <Pici> zsh: correct 'doh' to 'dot' [nyae]?
[13:23] <zul> Daviey:  ping can we look at dropping Samba 3 in favor of Samba 4
[13:24] <Daviey> zul: i'd rather we went to samba 5!
[13:24] <Daviey> zul: it would be good to work out the upgrade path. is smb3 dead upstream?
[13:25] <zul> Daviey:  no its just everyone is moving to Samba 4 (i think) and good to have active diretory support
[13:26] <Daviey> zul: for sure, especially before the next LTS
[13:26] <mardraum> I think "everyone" might be an overstatement; those using samba reliably for simply file/print sharing have work to do
[13:27] <Daviey> mardraum: do you think smb3 will be supported for the next few years upstream?
[13:27] <mardraum> for security, yeah
[13:27] <mardraum> all that said samba4 has been a long time coming, and I bet they want to get it out there...
[13:29] <Daviey> mardraum: Yeah, I thought it made sense to get it in this release - prior to throwing it into the next LTS release (next)
[13:29] <mardraum> yeah, that makes sense
[13:30] <zul> Daviey:  its already in universe at least
[13:30] <Daviey> mardraum: that said, if smb3 is still OK upstream - we can keep it in the archive
[13:30] <zul> Daviey:  i would see what slangasek would say though as well
[13:32] <Daviey> zul: good thinking
[13:49] <jamespage> plars, ping re http://summit.ubuntu.com/uds-1305/meeting/21806/servercloud-s-seeded-qa-workflow/
[13:49] <jamespage> first up this afternoon/morning - are you able to attend and join the g+ please
[13:49] <plars> jamespage: yes, I'm planning to be there, and also pitti and jibel
[13:49] <plars> jamespage: they are the dep8 test experts :)
[13:50] <jamespage> plars, marvellous!
[13:50] <jamespage> thanks
[14:00] <zul> yolanda:  https://code.launchpad.net/~zulcss/python-swiftclient/pbr/+merge/163949
[14:42] <zul> yolanda:  https://code.launchpad.net/~zulcss/python-ceilometerclient/ftbfs/+merge/163961
[15:17] <zul> yolanda:  couple more https://code.launchpad.net/~zulcss/horizon/ftbfs/+merge/163967
[15:18] <yolanda> python-d2to1? first time i see it!
[15:19] <yolanda> i see a diff of local_settings.py.example , with only the dir names changed, is that ok?
[15:19] <yolanda> zul ^
[15:20] <zul> yeah
[15:35] <paco1> hello all!
[15:36] <paco1> if anyone can help me. I have a problem with my servers ldap 2.4.28 > => bdb_idl_delete_key: c_del id failed: DB_LOCK_DEADLOCK: Locker killed to resolve a deadlock (-30994) | conn=-1 op=0: attribute "entryCSN" index delete failure
[15:37] <paco1> it affects all my ldap servers (15 servers) :s
[15:40] <paco1> si quelqu'un a une idée d'oú peut provenir le probleme...
[15:40] <guma> I was asking yesterday about my multicast problem on my new setup 12.10 x64 multi home system. After adding missing static route "route add -net 224.0.0.0/4 dev p1p1" when starting my app server I see in tcpdump that data in coming. But my application does not gets it.
[15:40] <paco1> if anyone can point me to the right direction to resolve that issue
[15:42] <guma> So i have another (two) test apps to send and listen using the same socket settings. If I send data from the same box to p1p1 or 127.0.0.1 and listen on the same box it works
[15:43] <guma> but when I try to send multicast test message from different box my other test app listening on p1p1 does not see that message. but while doing it tcpdump shows such message on the same machine where listener is running on?
[15:44] <guma> I tried to disable rp_filter and that does not have any affect. Any ideas? Is there some setting in 12.10 that is turned off by default?
[15:45] <bcessa> hi there, can someone point to a channel where I can ask a bit about x509/ssl? I mean other than #openssl, apparently nobody's there
[15:46] <smokie> hey guys, is it possible to run weekly backups of a running ubuntu server thats acting as a webserver?
[16:13] <zul> yolanda:  https://code.launchpad.net/~zulcss/ceilometer/havana-ftbfs/+merge/163992
[16:32] <guma> Is there something like SELinux on Ubuntu? And how can you turn it off?
[16:35] <roaksoax> guma: we have apparmor
[16:35] <sarnold> guma: https://help.ubuntu.com/community/AppArmor
[16:35] <sarnold> .. I bet that's out of date. heh.
[16:35] <roaksoax> guma: https://help.ubuntu.com/13.04/serverguide/apparmor.html
[16:35] <guma> I just found this before your post :). Does this in any way control is app can receive multicast data?
[16:36] <sarnold> guma: no.
[16:36] <sarnold> guma: check /var/log/audit/audit.log or dmesg output to see AppArmor DENIED messages
[16:37] <guma> sarnold: Good idea. Did not think about that. Let me check
[16:38] <guma> I have no audit I have auth.log only
[16:40] <sarnold> guma: auditd is responsible for the audit log. if auditd isn't installed, MAC messages go through dmesg/syslog
[16:44] <guma> sarnold: Ok I did installed auditd. After it was installed I tail -f on audit.log  dmsg and syslog. After starting my app I see multicast coming in tcpdump but my app does not get it. And no messages of any kind
[16:45] <sarnold> guma: good :) then apparmor isn't involved. :)
[16:45] <guma> I also disabled apparmor. Perhaps he is responsible to write errors?
[16:45] <guma> let me enable it back on and try again
[16:47] <guma> sarnold: Just rebooted system get get it back to initial state. And will try on clean
[16:51] <guma> sarnold: ok So while tailing on dmsg, syslog and audit logs I did not see any messages when I started my mcast program
[16:52] <guma> so as you stated it is not apparmor
[16:52] <sarnold> guma: yeah. sorry, you'll still have to keep digging :(
[16:53] <guma> if I send test message from same box I can receive just fine. But when coming from another box it is a problem.
[16:53] <guma> tcpdump shows activity with correct src IP and multicast addrs
[16:54] <guma> sarnold: I was wondering if there are better channels to ask this? Well I keep digging
[16:55] <adam_g> jamespage, okay to pull the trigger on these to CA staging and ubuntu -proposed? http://people.canonical.com/~agandelman/ca/folsom/2012.2.4/nova/  http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1/
[16:56] <sarnold> guma: if you can write a program to reproduce the problem in 30~50 lines of code, stackoverflow.com would be ideal. it might take a bit longer than IRC, but there's plenty of smart folks over there, someone might know what's going on
[16:56] <guma> sounds like a plan
[16:56] <Daviey> zul: You are driving the mysql session in 1hr?
[16:57] <zul> yeah i guess so
[16:57] <Daviey> jamespage: did we invite any external people to it?
[16:57] <Daviey> zul: ^
[16:57] <zul> Daviey:  SpamapS said he was coming
[16:57] <jamespage> adam_g, grizzly looks OK
[16:57] <SpamapS> Indeed I should be there
[16:58] <Daviey> SpamapS: Greta
[16:58] <Daviey> Great*
[16:59]  * Daviey struggles to think of SpamapS as external to Ubuntu. :)
[16:59] <jamespage> adam_g, folsom to - I'm assuming they when through merge proposals first anyway right?
[16:59] <adam_g> jamespage, yup
[16:59] <jamespage> adam_g, +1 then
[17:00] <SpamapS> Daviey: Norvald Ryeng from Oracle will join us too
[17:01] <Daviey> SpamapS: oh splendid, what is his IRC nick?
[17:03] <SpamapS> Daviey: ryeng
[17:03] <SpamapS> Daviey: he might only be on OFTC in debian-mysql
[17:04] <Daviey> SpamapS: when the time comes, can i give you the hangout url and you pass it to him?
[17:05] <SpamapS> Daviey: sure.
[17:05] <Daviey> ta
[17:07] <dlloyd> hmm mariadb not in ubuntu repos yet?
[17:07] <SpamapS> dlloyd: no, but packages are nearly done for Debian
[17:07] <dlloyd> ah, thanks
[17:07] <SpamapS> dlloyd: undergoing review right now
[17:07] <dlloyd> ironically this wasnt the channel i meant to ask that in
[17:07] <dlloyd> but thanks!
[17:08] <SpamapS> ooohh the irony
[17:13] <NomadJim> so I've got a silent install of mysql using something like: echo mysql-server mysql-server/root_password select PASSWORD | sudo debconf-set-selections
[17:13] <NomadJim> and I want to do a silent install of citadel's mail server as well
[17:14] <NomadJim> where do I look to find the variables to set like "mysql-server/rootpassword select PASSWORD"
[17:14] <NomadJim> but for citadel
[17:15] <rbasak> NomadJim: install debconf-utils and then after installation grep the output of debconf-get-selections to see what the config option names are against what you answered.
[17:15] <NomadJim> so, I install debconf-utils, then install citadel manually, then grep debconf-get-selections
[17:15] <NomadJim> ?
[17:16] <rbasak> Right.
[17:16] <NomadJim> rbasak:  thanks
[17:16] <rbasak> Doesn't matter if you install debconf-utils at the end; it'll still work.
[17:16] <NomadJim> cool
[17:16] <SpamapS> Daviey: FYI, I may be a few minutes late, have an errand to run and not sure it will be completed by 1800 UTC.. will get there ASAP
[17:17] <rbasak> NomadJim: note that echoing passwords into commands is bad because it may temporarily show up in a ps listing, and may end up in an unprivileged user's shell history file.
[17:18] <NomadJim> is there a secure way for setting debconf-set-selections
[17:19] <rbasak> The debconf-set-selections end is secure. It's the echo end that's not necessarily secure.
[17:20] <rbasak> You can use a heredoc from a script. Then it's down to whether the script can be read by unprivileged users.
[17:20] <NomadJim> i guess I could put a file on the server i'm deploying
[17:20] <NomadJim> never heard of heredocs. I'll check that out
[17:20] <rbasak> Yes - if in a secure file, then "cat /path/to/file|debconf-set-selections" would be secure.
[17:21] <NomadJim> rbasak:  sweet thanks
[17:34] <zul> Daviey:  mayhe we should have someone from the security team as well
[17:39] <rbasak> zul, Daviey: +1
[17:42] <zul> Daviey:  they are sending two or 3 poeple
[17:51]  * SpamapS returns in time
[17:51] <SpamapS> zul: hah, are they bringing torches and pitchforks?
[17:51] <zul> SpamapS:  perhaps
[18:00] <hallyn> stgraber: that lxc-alpine patch is kind of scary.  Does a wget $url | tar x > apk; ./apk
[18:05] <hallyn> stgraber: could you take a look at bug 1176287 when you get a chance, and comment on whether there's anything in the steam-lxc script which woudl cause this?
[18:05] <uvirtbot`> Launchpad bug 1176287 in lxc "lxc-start: Error creating cgroups" [High,Confirmed] https://launchpad.net/bugs/1176287
[18:07] <hallyn> oooh, wait, i wonder...
[18:17] <hallyn> nm, i see the problem the steam guy is having
[18:32] <nedbat> I have a web server running as www-data.  I want to spawn subprocesses running as user sandbox, and have the sandbox process killed after a certain amount of real time.
[18:33] <nedbat> I tried spawning the process "sudo -u sandbox blah blah", but then I can't kill the process later.
[18:36] <sarnold> nedbat: can you start up fastcgi or something similar as your user sandbox?
[18:37] <nedbat> sarnold: i don't understand how fastcgi would help: the sandbox code is not trying to be a web server.
[18:37] <sarnold> nedbat: just that it represents a known way for a web server to interact with code potentially running as another user
[18:38] <nedbat> sarnold: an interesting idea.
[18:40] <nedbat> sarnold: apart from the web-server nature of the problem, do you know why I can't kill the process, or how I can?
[18:40] <sarnold> nedbat: one user can't kill another user's processes. root can, so perhaps you could write a setuid program to let you kill processes owned by another user..
[18:42] <nedbat> sarnold: I'm trying "sudo kill -9 <pid>", and www-data is in the sudoers with: "www-data ALL=(ALL) NOPASSWD:/bin/kill"
[18:42] <nedbat> sarnold: it feels like I'm missing one small piece of this puzzle.
[18:43] <sarnold> nedbat: 'kill' is quite often a shell-builtin, try /bin/kill in that command
[18:44] <nedbat> sarnold: that sounded really good, but doesn't seem to fix it.  Looking some more...
[18:46] <sarnold> nedbat: anything in the logs?
[18:47] <nedbat> sarnold: right now I'm testing this in a Python module running unittests, are there system log files you think might have info?
[18:48] <sarnold> nedbat: sudo will log to /var/log/auth* something at a minimum
[18:49]  * nedbat looks
[18:59] <nedbat> sarnold: http://paste.pound-python.org/show/33118/  There's one line there about a failure, I don't know what it means.
[19:01] <sarnold> nedbat: pam_xdg_support is a pam module to set up all that newfangled /run/user/ business. I'm not sure why'd it happen through sudo, and it probably doesn't affect whether or not this works.
[19:03] <nedbat> sarnold: and when I run the /bin/kill, I get an exit status of 0, and nothing written to stdout or stderr.
[19:03] <sarnold> nedbat: is the process dead? :)
[19:04] <nedbat> sarnold: for the test, the process is just a sleep(5), and it ends naturally after the 5-second sleep.
[19:04] <sarnold> nedbat: can you change to sleep 20 or something and check?
[19:06] <nedbat> yes, it's still running.
[19:06] <sarnold> :(
[19:06] <nedbat> sarnold: in fact, it's python: "sleep(5); print 'Done'", and I get the Done string on the stdout.
[19:07] <nedbat> sarnold: i really appreciate you spending time on this.  It seems like it should be possible.
[19:07] <sarnold> nedbat: indeed, I'd expect that to Just Work
[19:14] <jdstrand> yolanda: how far along is bug 1089488 to being verified?
[19:14] <uvirtbot`> Launchpad bug 1089488 in nova "Meta bug for tracking Openstack Stable Updates" [Undecided,Fix committed] https://launchpad.net/bugs/1089488
[19:20] <arosales> smoser, thanks for the update in bug 1020695
[19:20] <uvirtbot`> Launchpad bug 1020695 in cloud-init "Add variable for local IP address to /etc/hosts manager" [Low,Triaged] https://launchpad.net/bugs/1020695
[19:22] <jdstrand> jamespage: ^
[19:23] <nedbat> sarnold: a new piece of data: the pid I'm trying to kill is not the same as the sleeping process.  Can I kill the process and any that it spawned?
[19:24] <sarnold> nedbat: ah!
[19:24] <sarnold> nedbat: look into cgroups
[19:25] <sarnold> nedbat: that's afaik the only way to track children of a process ..
[19:29] <jdstrand> Daviey: ^
[19:29] <yolanda> jdstrand, we've launched some tests in jenkins, tomorrow i'll work more on it and i expect is done
[19:30] <jdstrand> yolanda: cool, thanks. so, we expect this to be out the door this week?
[19:30] <jdstrand> (ie, in -updates)
[19:30] <yolanda> jdstrand, i hope so, tomorrow i'll have more time to work on it
[19:31] <yolanda> adam_g, what do you think?
[19:31] <jdstrand> yolanda: I have a keystone CVE I'd like to get fixed that is blocked currently
[19:31] <jdstrand> but I don't want to reset you work
[19:31] <jdstrand> s/you/your/
[19:31] <Daviey> jdstrand: Another one aswell?
[19:32] <jdstrand> it is the one that came out last week
[19:32] <adam_g> yolanda, you said you had tests passing with logs. right? should be good to mark verification done
[19:32] <yolanda> adam_g, yes, latest ones were ok
[19:33] <Daviey> adam_g: Can you make sure the jenkins results get lots of love?
[19:33] <adam_g> Daviey, what do you mean?
[19:33] <Daviey> jdstrand: It's looking close enough that it makes sense to base your update on this stuff.
[19:33] <Daviey> adam_g: You kicked off a fresh jenkins test for bug 1089488?
[19:33] <uvirtbot`> Launchpad bug 1089488 in nova "Meta bug for tracking Openstack Stable Updates" [Undecided,Fix committed] https://launchpad.net/bugs/1089488
[19:33] <jdstrand> ok, cool
[19:34]  * jdstrand rebases keystone on -proposed
[19:34] <adam_g> Daviey, yolanda and i have been running tests for whats in precise-proposed, yea
[19:34] <yolanda> had a problem with floating ips in some run, but today they worked ok
[19:34] <Daviey> adam_g: perfect, thanks
[19:36] <yolanda> tomorrow morning i'll take care of the logs and update the bug
[19:36] <Daviey> yolanda / adam_g: to check, the testing looks good.. we just need to double check the results and update the bug status?
[19:37] <yolanda> yes, that's it
[19:37] <Daviey> jdstrand: we look good :)
[19:37] <adam_g> yolanda, its probably EOD for you soon do you want me to post-back the verification and tags after this session is over?
[19:38] <yolanda> adam_g, it's ok for me, or i can do it tomorrow morning if that's on time
[19:39] <K4k> I'm looking for help with using a ks.cfg for automating ubuntu installs. I've got it working fine but I thought that specifying "url --url http://...." would install the packages from there instaed of the CD. Instead, it seems to still be installing from CD. Has anyone got experience with this or know why it isn't installed from the network mirror?
[19:51] <yolanda> leaving for today, bye!
[20:01] <nedbat> sarnold: just to close the loop: I got it working by killing the process group, and by using setsid() so that my spawned process was a new process group.  Thanks for the help! :)
[21:05] <codex> Is there a way to prevent apt-get dist-upgrade from doing a release upgrade?
[21:08] <codex> I am assuming /etc/update-manager/release-upgrades seeting to 'never' would be it, but not sure
[21:08] <dpb1> codex: it shouldn't do a release upgrade.  does it?
[21:09] <codex> dpb1: my 10.04 lts just did to 11.04
[21:09] <codex> i was under the impression that it shouldn't either
[21:10] <codex> (ended up running into this: http://aaron-kelley.net/blog/2011/04/grub-prompt-after-upgrade-to-ubuntu-11-04/) which was frustrating
[21:11] <dpb1> codex: that should not happen unless the /etc/apt/sources.list* files were changed unintentionally ("lucid" -> "natty")
[21:12] <codex> looking into puppet, it doesn't seem to have been
[21:13] <codex> i wonder if there was some sort of a bug. I am looking at the log now and it looks like dist-upgrade had >308 packages that could be upgraded
[21:13] <mdeslaur> dist-upgrade never does a release upgrade unless you changed the sources.list file
[21:14] <dpb1> so, the only tool that you should run that updates those series names in ubuntu is "do-release-upgrade"
[21:15] <dpb1> If the series names get updated, then apt-get dist-upgrade will do something like a full update of your distro, but in a non-managed and non-recommended way. if that makes sense.
[21:15] <codex> yea, that was my impression too. I'll check with someone to make sure they didn't modify the sources, but this was definitely "interesting"
[22:16] <Lartza> Let's take a default OpenVZ Ubuntu 13.04 install... or even a disc maybe, what is running in Port 53 that answers to UDP?? :/
[22:20] <sarnold> Lartza: I have no idea where you'd get a "default openvz install", but check for dnsmasq
[22:21] <Lartza> sarnold, I have a VPS that just got DDOS'ed, and the provider told me it was UDP flood to port 53, but I have nothing installed there, so it must be something default
[22:23] <sarnold> Lartza: flood -to- port 53? or flood -from- port 53?
[22:25] <Lartza> sarnold, "it was an udp flood against the port 53 "
[22:26] <Lartza> So umm :S
[22:26] <Lartza> Don't know
[22:26] <Lartza> Do I need anything publicly accessible in 53?
[22:27] <sarnold> Lartza: only if you're intentionally providing authoritative DNS service...
[22:27] <Lartza> Yeah I'm not...
[22:27] <sarnold> Lartza: if you're just providing recursive DNS service on that port, it'd be wise to ensure you only answer queries from your own netblock..
[22:27] <Lartza> sarnold, It was just a default install from my VPS provider :/
[22:28] <K4k> after re-mastering an iso and re-creating the iso file with mkisofs, other than unetbootin, is there a way to get the iso onto a usb stick? I tried dd, but that didn't seem to work with the iso formatted in this way.
[22:28] <sarnold> Lartza: then no, nothing should be bound to port 53. check with sudo netstat -nlup  | grep :53   to see if anything is listening..
[22:29] <Lartza> sarnold, Just sending another message to support wether they could open the server back up before 24 hours... they nulled my IP
[22:30] <sarnold> Lartza: ow. do you have console access?
[22:30] <sarnold> nedbat: hey, glad to hear you found a good solution to killing your tasks :) nice.
[22:30] <Lartza> serial console from the VPS panel doesn't seem to work
[22:42] <Lartza> sarnold, It's named
[22:42] <Lartza> :/
[22:42] <sarnold> Lartza: ah. I wonder why you're running named.
[22:43] <Lartza> sarnold, I can't make it stop
[22:43] <Lartza> Unrecognized service
[22:43] <Lartza> ahh
[22:43] <Lartza> bind9
[22:44] <sarnold> you might wish to just apt-get purge bind9 and make sure that can't happen again
[22:44] <Lartza> Yeah I will
[22:44] <sarnold> .. if apt tells you something depends upon it, that might give some insight why it was there in the first place..
[22:44] <Lartza> Nope
[22:44] <Lartza> I think I've seen a DNS server on every DNS I've owned...
[22:45] <Lartza> sarnold, Just checked my smaller, Debian server, named listening there too :)
[22:45] <sarnold> Lartza: o_O
[22:53] <Lartza> sarnold, Yeah...
[22:54] <Lartza> sarnold, Uninstalled bind9 on both servers, now for some sleep since it's 1:53... Thank you for your help :)
[22:54] <sarnold> Lartza: have fun :)
[23:22] <RoyK> why do some people use 20 drives in a single raid-6?
[23:22] <RoyK> oh well, some people like base jumping ;)
[23:38] <Patrickdk> royk, heh, hp limits me to 16 disks per raid set
[23:38] <Patrickdk> so max 16 drive raid10, raid6, raid50, ...