[01:05] <_PehdeN_> Party in #moshpit everyone is op!
[04:53] <Neozonz> hello
[04:53] <Neozonz> I've used ufw allow 10336
[04:53] <Neozonz> but when i do a port scan on my server it doesnt allow it
[08:36] <jamespage> adam_g, https://code.launchpad.net/~james-page/charms/precise/nova-cloud-controller/grizzly-upgrade/+merge/165032
[08:36] <jamespage> glance looks OK
[08:45] <jamespage> adam_g, and https://code.launchpad.net/~james-page/charms/precise/nova-compute/grizzly-upgrade/+merge/165033
[09:18] <Phoenixxl> Do any of you have experience installing MOM ?
[09:18] <Phoenixxl> I have 2 guests that do things that have low cpu requirements , and do fine with 192 mb ram .. but one of them needs to inflate to about 512 for an hour every day .. If there's other options than mom i'm open to suggestions .
[09:19] <Phoenixxl> it's not on a regular basis and it's automated.. so a cron job is not possible
[09:32] <Enich> I am currently using apt-cacher-ng to in a project.  I was wondering if anyone could tell me the pros and cons regarding using bindaddress: 0.0.0.0(listen on all interfaces, as far as i understand) compared to defining the server ip address.    I can imagene that it is best practice to set the specific interface address and not using 0.0.0.0, but i was wondering if someone could give me some hints why :)
[09:37] <Phoenixxl> @enich , mainly security and management reasons.
[09:37] <jamespage> Enich, I'd only set a specific interface if the server has multiple external network interfaces and you want to restrict where it can be accessed from
[09:37] <Phoenixxl> your firewall might give out while you mess with it
[09:38] <Phoenixxl> in that case the port used would be open to the outside world
[09:39] <Phoenixxl> also when setting up rules in your firewall it's easier to have a specific nic the thing is bound on
[09:39] <jamespage> Enich, fyi squid-deb-proxy covered most of apt-cacher-ng plus is has nice features such as supporting proxy peering/chaining
[09:41] <Phoenixxl> I personally have some servers that are running on my lan nic so i can limit traffic , ie transmission .
[09:42] <Enich> jamespage, that is actually a great piece of info, regarding squid-deb-proxy..     where does it fall short ?   (you write it covers most)
[09:42] <jamespage> Enich, I see one awkward features
[09:42] <Enich> jamespage, im not sure what you mean?
[09:42] <jamespage> apt-cacher-ng maps all *.archive.ubuntu.com requests to the same locally cached files
[09:42] <Enich> Phoenixxl, thanks for the info
[09:43] <jamespage> Enich, so you need to ensure that all clients are using exactly the same mirror
[09:43] <jamespage> with squid-deb-proxy
[09:43] <Ng> if everything in the world could stop being named foo-ng, that would be great :D
[09:44] <jamespage> Enich, I'm tempted to trust the scalability of squid more than I am apt-cacher-ng as well :-)
[09:44]  * rbasak has called on project foo-nih, because foo-ng already existed
[09:44] <Ng> rbasak: since -nih doesn't make irssi highlight me, I am ok with that ;)
[09:44] <Enich> i will take a look, though i think apt-cacher-ng is my solution, i am doing a fully automated setup with several servers etc, and i have a part of my script,which checks for the existence of the  apt-cacher.. if people want to reinstall the environemnt.   (im sorry if taht makes not sense.. im a bit off atm)
[09:45] <jamespage> Enich, you can restrict access to squid-deb-proxy using ACL's as well - it defaults to all private network ranges
[09:45] <Enich> jamespage, scalability is not a issue, i am doing a project where bandwidth preservation is highly important, though only about 10 servers are spun up via kickstarter files and so on.
[09:46] <jamespage> Enich, ok - well you know about the alternative if you hit issues with apt-cacher-ng :-)
[09:46] <jamespage> fwiw I used to use apt-cacher-ng but switched to squid-deb-proxy
[09:46] <jamespage> specifically for the peering features
[09:46] <jamespage> and for the avahi enabled client (squid-deb-proxy advertises its services)
[09:47] <Enich> yeah, that is really good to know.  There is currrently only 1 interface in the vm running the apt-cacher and the ip addresses will be the same for each install (its a learning environment that people can run on there own machine)
[09:48] <Enich> by peering features, what do you mean?  having several mirrored squid proxies etc ?
[10:24] <Enich> when i look in the manpages for hostname, it says that SET NAME defines the hostname but it isnt persistant and will revert after a reboot, (edit /etc/hostname for permanent change)    is there a command line to make it pemanent, like hostnamectl set-hostname myhostname   on archlinux
[10:29] <rbasak> Enich: this is an Ubuntu channel. On Ubuntu, you can edit /etc/hostname to make it persistent. But you should check if there's an Arch support channel so that you can ask how to do it on Arch.
[10:30] <jamespage> adam_g, http://pad.ubuntu.com/openstack-series-upgrade-testing
[10:30] <jamespage> roaksoax, ^^
[10:52] <jamespage> roaksoax, promulgated hacluster charm - should appear in the store soon
[11:10] <diegonat> hi guys, Ive got an instance on AWS but although I open the port 53, it is still filtered. Why? Anybody can help me?
[11:11] <mardraum> how did you open it?
[11:13] <diegonat> I went to the consolde
[11:13] <diegonat> and in security group
[11:13] <diegonat> I added port 53 udp
[11:13] <diegonat> source 0.0.0.0/0
[11:14] <diegonat> mardraum is there any other way?
[11:18] <patdk-lap> you did add it to the security group assigned to that instance?
[11:18] <diegonat> yep
[11:26] <mardraum> dns also really needs tco open for large queries and axfr etc
[11:26] <mardraum> tcp*
[11:29] <diegonat> i opened tcp as well
[11:39] <mardraum> are you sure your daemon is actually listening?
[11:45] <diegonat> yes
[11:46] <diegonat> however now ive got a problem that if I leave my ssh session idle for a few minutes, it drops. There is some problem
[11:48] <patdk-lap> isn't that normal?
[11:48] <patdk-lap> generally happens with nat
[11:49] <diegonat> i dont think it is normal
[11:49] <RoyK> diegonat: turn on ssh keepalives
[11:49] <diegonat> never happened before
[11:50] <diegonat> royk demon side ?
[11:50] <RoyK> clientside
[11:50] <RoyK> ServerAliveInterval 5 in $HOME/.ssh/config
[11:50] <RoyK> 5 seconds may be overkill, 60 should do, but then, bandwidth normally isn't an issue
[11:52] <diegonat> however i dont understand why AWS is filtering my port 53
[11:52] <diegonat> despite I think it is wierd
[11:53] <diegonat> ;; global options: +cmd
[11:53] <diegonat> ;; connection timed out; no servers could be reached
[11:54] <RoyK> some (like what we do here) don't allow access to external DNS server in case they are hijacked or otherwise if the client is compromised and dns is changed by whoever or whatever compromised it
[11:55] <RoyK> so use amazon's dns servers
[11:57] <diegonat> is it free?
[12:05] <diegonat> bisogna pagare
[12:06] <diegonat> I should pay, i dont like paying =D
[12:14] <lotia> Hi All, If I want to run a script at boot on a 10.04 and 12.04 machine, is the best place to do so via an upstart job?
[12:14] <lotia> Ths script will be a python script.
[12:14] <lotia> And need only run once.
[12:17] <mollerup_> lotia, depends if it depends on specific services an init-script should do. else you could make a crontab entry starting with @reboot, see man 5 crontab
[12:20] <Daviey> rbasak: great to see your application in
[12:20] <Daviey> .
[12:21] <rbasak> Thanks
[12:22] <rbasak> I was hoping for 3 June. I didn't consider that it would be full so soon.
[12:22] <soren> Which application? Core dev?
[12:23] <rbasak> soren: well I don't know. Just the server set at the moment: https://lists.ubuntu.com/archives/devel-permissions/2013-May/000487.html
[12:24] <lotia> mollerup: I was under the impression that @reboot wouldn't run from cold boot
[12:25] <Daviey> lotia: need only run once?  per boot, or forever?
[12:25] <lotia> assuming I run it from upstart, non daemon jobs are well supported?
[12:26] <rbasak> It's actually really easy to write an upstart job that isn't a daemon
[12:26] <lotia> thanks all
[12:27] <rbasak> You just need a "start on" line, "task" and a "script" stanza
[12:27] <rbasak> "start on runlevel [2345]" to do it on boot
[12:27] <lotia> rbasak: that wouldbe a 'task' in upstart parlance?
[12:27] <rbasak> Right
[12:28] <mollerup> lotia: @reboot is once at every start, be beware that it starts as soon as cron starts, which can be an issue if you depend on other services
[12:29] <Daviey> start on startup, is more readable IMO
[12:31] <rbasak> That might happen before filesystems are mounted though - potentially too early
[12:31] <mollerup> Daviey: yeah, I only use it for starting up "services" on my own user, such as irssi in a screen and so forth
[12:34] <lotia> I like the upstart route.
[12:37] <Daviey> mollerup: upstart does have per-user stuff now.
[12:37] <Daviey> mollerup: http://upstart.ubuntu.com/cookbook/#session-job
[12:44] <Daviey> zul: do we want WI's with a leading *?
[12:44] <zul> i think so
[12:44] <mollerup> Daviey: thanks for the info, but my personal servers run FreeBSD :)
[12:46] <Daviey> mollerup: Ah, there is a discussion about upstart support for GNU/kFreeBSD Debian right now :)
[12:46] <soren> rbasak: I see. Well, good luck.
[12:46] <rbasak> Thanks!
[12:49] <lotia> Daviey: need to do stuff as superuser. So would stick it in /etc/init
[12:50] <zul> jamespage:  hey can you look at my horizon branch again?
[12:54] <lotia> So what would be my stopon value for an upstart job that calls a script. That called script will just exit when done.
[12:54] <rbasak> lotia: if you're using "task", AIUI you don't need any stop conditions defined at all.
[12:54] <jamespage> zul, url?
[12:54] <zul> jamespage:  hold on
[12:55] <zul> https://code.launchpad.net/~zulcss/horizon/horizon-pbr/+merge/164914
[12:55] <lotia> are tasks available in the upstart version in 10.04?
[12:58] <lotia> Do software raid devices get started by upstart, or is that done once the box is considered "started"
[13:08] <jamespage> zul:acked
[13:09] <zul> jamespage:  thanks
[13:26] <zul> jamespage/yolanda: https://code.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/+merge/165123
[13:29] <jcastro> rbasak: have you replied to the auth thread yet? I'm thinking it should be on -server instead of -devel-discuss
[13:30] <jcastro> rbasak: or do you think it touches enough packages to be a distro-wide thing?
[13:31] <jcastro> man, Timo really is all over it though, heh
[13:31] <MonkeyDust> i'm looking for graphical ISA-like serversoftware for linux - I found smoothwall - any other suggestion?
[13:31] <tjaalton> :)
[13:31] <tjaalton> it's a client thing mostly
[13:31] <tjaalton> whatever the client is
[13:32] <MonkeyDust> it's not for me, the person in question is a windows administrator in a local school
[13:33] <yolanda> zul, looks good to me, the only question is why there are 2 different entries in changelog for debian/control
[13:34] <zul> yolanda: ok ill clean that  up
[13:34] <yolanda> and python-testtools is duplicated in debian/control?
[13:34] <tjaalton> MonkeyDust: sorry, it was for jcastro
[13:37] <jamespage> zul, comments in MP
[13:37] <zul> ack
[13:45] <xnox> lotia: depends. those that are needed to mount the root file system are started in the initramfs. generally all of them are started by udev rules.
[13:47] <zul> jamespage:  fixed
[13:49] <jacobw> What's the fastest way to Openstack from Ubuntu Server?
[13:55] <MonkeyDust> is Firestarter still being maintained?
[13:55] <Pici> I was under the impression that it was not.
[14:05] <jcastro> jacobw: https://help.ubuntu.com/community/UbuntuCloudInfrastructure
[14:47] <zul> yolanda:  ping https://code.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/+merge/165123
[14:49] <yolanda> zul, the only thing i see is the 2 lines in debian/control
[14:49] <zul> yolanda:  http://bazaar.launchpad.net/~zulcss/python-novaclient/pbr-ftbfs/revision/70
[14:50] <sk1pper> hi all, how can I check if there is an active reversed ssh tunnel on my box?
[14:50] <yolanda> in debian/changelog i mean
[14:55] <lunaphyte_> sk1pper: something like ps or lsof could be used for that
[14:57] <zul> yolanda:  huh?
[14:58] <yolanda> +  * debian/control: Add python-pbr and python-d2to1 as build depends.
[14:58] <yolanda> 9	+  * debian/control: Add python-testtools and testrepository as build depends.
[14:59] <sk1pper> lunaphyte_:i used netstat -tan | grep 22 but i don't know if that is enough
[14:59] <lunaphyte_> sk1pper: to start with, the method you'd use depends on which computer you're checking on
[15:00] <lunaphyte_> the computer you're sshing from, or the computer you're sshing to?
[15:01] <sk1pper> lunaphyte_: on the computer behind the FW, meaning on the computer which is NATed
[15:01] <lunaphyte_> the computer you're sshing from, or the computer you're sshing to?
[15:01] <sk1pper> the computer i am sshing to
[15:03] <sk1pper> lunaphyte_: does it make a difference actually? with netstat -tan | grep 22 i can see the established connection, does it make a difference to which computer i am checking?
[15:03] <lunaphyte_> that tells you nothing about a tunnel.
[15:03] <lunaphyte_> ssh connection != ssh tunnel
[15:05] <sk1pper> lunaphyte_: how can I check then?
[15:08] <lunaphyte_> what is the ssh command you're using?
[15:10] <sk1pper> lunaphyte_: i am not trying to create one, I want to check if already exists, meaning if someone got access on my box and created an reversed ssh tunnel, how can I check if it's still active?
[15:10] <lunaphyte_> oh, i see.
[15:12] <sk1pper> that's why I thought that netstat -tan | grep 22 should show me if there is an active ssh tunnel
[15:12] <hXm> everytime i use apt-get upgrade it says i should restart, but i wont stop the server
[15:12] <hXm> can i remove that warning? makes me stress
[15:12] <lunaphyte_> sk1pper: why would someone create a reverse ssh tunnel on your computer?
[15:13] <lunaphyte_> meaning that they connected to your computer and then used ssh to create a reverse tunnel to somewhere else?
[15:14] <sk1pper> lunaphyte_: yes
[15:14] <lunaphyte_> oh, then just do ps -aefwww | grep -iF ssh
[15:14] <lunaphyte_> and look to see if any ssh processes exist that don't belong
[15:15] <lunaphyte_> you'll see -R for any reverse tunnels which have originated from your computer
[15:26] <sk1pper> lunaphyte_: i cannot see any -R in the output that i get from ps -aefwww | grep -iF ssh
[15:26] <sk1pper> this mean that there is no reversed ssh tunnel?
[15:33] <skrite> hey all, i am running software that sends text messages to agriculture customers that update them on their field conditions, but my email server (postfix) only accepts about 1 mail / second. How can i speed that up?
[15:35] <qhartman> skrite, have you looked at this? http://www.postfix.org/TUNING_README.html
[15:36] <skrite> qhartman: thanks
[15:36] <qhartman> sure
[15:51] <skrite> qhartman: still having trouble with it, adjusted the parameter that was supposed to slow things down, and not really any chnage.
[15:55] <`brendan> anyone running an hp blade 420c gen8 with ubuntu 12.04 w/ emulex OneConnect 10gb NICs?
[15:56] <`brendan> having issues getting online with the be2net
[15:57] <`brendan> just installed 12.04.2
[16:00] <qhartman> skrite, how do you know that the mail server is only accepting about 1 mail per second? Also, what is the load on the server like? Is it a "real" server, or a low resource embedded system?
[16:02] <skrite> qhartman: it is a vm, and, according to top and htop, it isn't working all that hard. it seems that the delays get longer if sending to the same destination.
[16:03] <skrite> writing another test script to be sure
[16:04] <qhartman> skrite, how is the postfix server configured? Does it pass the messages to a smart host or relay  upstream, or is it delivering the mail directly ? If it's passing it on to another interim mail server, it's entirely possible you're being throttled there, and no config changes in the world will fix it
[16:06] <skrite> no, i am delivering directly
[16:06] <skrite> and script shows same delay, actually about 3 seconds between mails out
[16:07] <skrite> whether to same destination or not (different mail server recipiants)
[16:07] <qhartman> Kind of an aside, but do you have an SPF record pointing at this machine as a valid sender for your domain?
[16:07] <qhartman> What happens if you send mail to a local recipient, like root?
[16:08] <skrite> qhartman: will check
[16:13] <skrite> qhartman: no, do not think i have an SPF record.
[16:14] <qhartman> skrite, that may not be related to this problem, but may cause you issues at some point.
[16:18] <skrite> ok
[16:20] <qhartman> Also, it would be useful if you would paste log output into a pastebin or gist
[16:23] <skrite> qhartman: will do, also delay is still there if sending to another user on the localhost
[16:23] <qhartman> ok, then it's almost certain that you are dealing with a config issue
[16:24] <qhartman> Is DNS on that box working correctly?
[16:24] <qhartman> delays like that can be caused by DNS tomeouts
[16:24] <qhartman> s/tome/time/
[16:27] <skrite> dns seems ok, can ping different domains and first hit is quick. also, the 3.1 delay on sending these messages out seems very specific.
[16:28] <skrite> think you are right. config
[17:16] <adam_g> zul, http://people.canonical.com/~agandelman/ca/grizzly/2013.1.1_rebase/  + http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/  can you take a look plz?
[17:17] <zul> adam_g: +1
[17:17] <adam_g> thanks
[17:35] <adam_g> zul: ugh https://launchpadlibrarian.net/140473550/buildlog_ubuntu-precise-i386.keystone_2012.2.4-0ubuntu2~cloud0_FAILEDTOBUILD.txt.gz
[17:36] <zul> adam_g:  interesting! :)
[17:36] <adam_g> notAfter=May 18 19:41:42 2013 GMT
[17:37] <adam_g> we apparently are not supposed to run tests after last saturday :P
[17:39] <Daviey> adam_g: Hmm, i'd like to find the commit where this went in
[17:39] <adam_g> Daviey, i remember certs expiring in a stable branch in the past, but dont remember if it was keystone
[17:39] <adam_g> checking now
[17:40] <Daviey> Ah no.. I vaguely remember commenting on an expiring time.. but it wasn't keystone
[17:41] <Daviey> adam_g: Fancy landing the fix upstream first, then cutting a fresh snapshot? :)
[17:42] <adam_g> Daviey, ya. ill make sure the new expiry is +1 hour after our PPA build
[17:42] <Daviey> adam_g: lol.. clearly the proper fix for this is to change the buildd time in packaging.
[17:43] <Daviey> for giggles, do it in postinst aswell.
[17:43] <adam_g> :)
[18:07] <resno> i dont have the root password for a server, how can i change it? i tried going into single mode, but it required knowing the password
[18:07] <sarnold> resno: quite often root doesn't even have a password configured
[18:07] <resno> oh! thats right
[18:08] <resno> so im sunk to find the username and then reset password aye?
[18:08] <sarnold> resno: if you boot init=/bin/sh, you'll be presented with a root shell, no password, and no standard services running. _you_ are init. you can fix problems like unknown root passwords :)
[19:51] <ScottK> resno: You have to upgrade through 10.04 though, you can't go straight to 12.04.
[19:56] <smoser> http://paste.ubuntu.com/5691513/
[19:56] <resno> ScottK: but it "should" work?
[19:56] <ScottK> As long as you go via 10.04, yes.
[19:56] <smoser> "welcome to Ubuntu 13.04.  You can upgrade to Ubuntu 13.04"
[19:57] <ScottK> smoser: IIRC there's an outstanding bug/SRU for that.
[20:00] <kirkland> smoser: I fixed that in saucy, bdmurray was working on the SRU
[20:01] <smoser> good.
[20:53] <Jeeves> why does my AD logins on my CLI only servers take so long to auth?
[20:53] <sarnold> Jeeves: often long delays can be traced to failing / timeout DNS resolving or reverse resolving.
[20:53] <Jeeves> sarnold, how would one go about tracing that?
[20:54] <Jeeves> sarnold, I'm sure that ONLY the AD servers are listed in the resolv.conf file
[20:54] <sarnold> Jeeves: you could throw tcpdump or wireshark on one of the clients, login, and see if DNS entries don't get answered quickly or correctly..
[20:54] <sarnold> Jeeves: .. and repeat on or near the AD server, to see if the slowdown is on the server trying to resolve the client hostnames
[20:55] <sarnold> there may be log entries about failing resolving somewhere, too; it never hurts to look to see if the software tells you why something is funny :)
[20:55] <Jeeves> sarnold, ok, thanks.  I'm going to update the box, hit the gym, then have a look when I get home.  The VPN client from here is too slow to see what's going on.
[20:55] <sarnold> Jeeves: yikes
[20:55] <sarnold> Jeeves: good luck :)
[20:55] <Jeeves> sarnold, thanks.
[20:56] <Jeeves> sarnold, I'm using likewise-open.
[20:59] <sarnold> Jeeves: more directly, you could use host or dig or nslookup or ping to try resolving and reverse-resolving the server addresses on the client, and the client addresses on the server. ifthose all go quickly enough, you may need to look elsewhere anyhow..
[21:02] <Jeeves> lol, holly crap batman, that's FAST!
[21:08] <Jeeves> good bye all. I'm going the gym to remind me how out of shape I am!
[21:42] <lunaphyte_> i'm doing a new install of 13.04, and having trouble installing grub.
[21:43] <lunaphyte_> the installer says "unable to install grub in /dev/sda.  executing grub-install /dev/sda failed."
[21:44] <lunaphyte_> the loggin console says "usr/sbin/grub-bios-setup: error: embedding is not possible, but this required for raid and lvm install"
[21:44] <lunaphyte_> i'm using the 13.04 mini iso [64 bit].
[21:46] <lunaphyte_> i have a gpt partition table, with a 25mb bios_grub partition, and the remainder an lvm partition.  this configuration works with 12.10 [and priot]
[21:50] <lunaphyte_> oh, hmm.  it seems to be trying to install grub to the usb disk i'm booting/installing from.  hmm.
[21:52] <lunaphyte_> aha, yes, that was it.
[21:52] <lunaphyte_> saying no to it's "default" attempt and then explicitely specifiying /dev/sdb seems to have worked.
[23:20] <adam_g> jamespage, merged a buncha your pending stuff, filed some new ones and added some notes to http://pad.ubuntu.com/openstack-series-upgrade-testing