| hallyn_ | ahs3: awesome, thanks | 00:05 |
|---|---|---|
| jdstrand | adam_g: fyi, https://launchpad.net/ubuntu/+source/nova/2012.2.3-0ubuntu2.2 | 00:49 |
| adam_g | jdstrand, great, thank you | 00:57 |
| jdstrand | sure thing | 00:57 |
| monokrome | Hey. Does anyone know how I can tell UFW to always allow anything that comes from localhost? | 01:46 |
| sarnold | monokrome: try 'ufw allow from 127.0.0.1 to 127.0.0.1' | 01:47 |
| monokrome | will | 01:48 |
| monokrome | ufw allow 127.0.0.0 | 01:48 |
| monokrome | allow the entire 127.0.0 network? | 01:48 |
| monokrome | Technically those are all localhost, so that'd be best | 01:48 |
| RoyK | 127.0.0.0/8 perhaps | 01:49 |
| RoyK | rarely a need to deny anything from localhost | 01:50 |
| monokrome | I'm not even sure if ufw blocks localhost | 01:51 |
| RoyK | monokrome: try iptables -vnL | 01:51 |
| RoyK | it shouldn't | 01:51 |
| monokrome | RoyK: Everything is on 0.0.0.0 | 01:51 |
| monokrome | So, unless localhost doesn't hit iptables then it does | 01:52 |
| RoyK | I don't think localhost goes through iptables | 01:52 |
| monokrome | okay | 01:53 |
| monokrome | Thanks :) | 01:53 |
| RoyK | the input chain is usually bound to a nic | 01:53 |
| RoyK | and lo isn't really one | 01:53 |
| monokrome | hmm | 01:56 |
| RoyK | that is, ufw has an accept for all -i lo and -o lo | 01:58 |
| RoyK | my bad | 01:58 |
| monokrome | :} | 01:58 |
| monokrome | I was pretty sure that lo was a virtual interface | 01:58 |
| monokrome | so it looked like a devikce | 01:58 |
| monokrome | device* | 01:58 |
| monokrome | IE, `ip addr` shows it | 01:59 |
| RoyK | it's virtual, but somewhat real | 02:01 |
| monokrome | right... | 02:02 |
| monokrome | There isn't a piece of hardware on your computer that it's using to make the connection is what I'ms aying | 02:02 |
| monokrome | There's a virtual device in /dev/ that acts like it's a piece of hardware | 02:03 |
| monokrome | but probably just funnels things through unix sockets or something similar | 02:03 |
| === dannf` is now known as dannf | ||
| RoyK | monokrome: network devices aren't in /dev | 02:17 |
| RoyK | for som odd reason | 02:18 |
| tohuw | When implementing an OpenLDAP server in an existing server infrastructure, is the general expectation that you will migrate existing local users to LDAP inetorgperson entries? | 04:03 |
| tohuw | If I am configuring OpenLDAP on my already established server, ought I consider migrating local accounts to LDAP accounts? If so, what is the migration process? | 05:22 |
| adam_g | Daviey, there's a new nova in queue for quantal-proposed (nova 2012.2.4-0ubuntu3) which is another rebase to include a new security update (which is a fix for a regression introduced in the last security update we rebased on) | 05:46 |
| * sarnold grabs a whiteboard to diagram that sentence.. | 05:47 | |
| adam_g | Daviey, that should trump whats in quantal-proposed for nova currently (ubuntu2). also, verification done on bug #1179626 | 05:47 |
| uvirtbot | Launchpad bug 1179626 in quantum "Meta bug for tracking Openstack 2013.1.1 Stable Update" [Undecided,Fix committed] https://launchpad.net/bugs/1179626 | 05:47 |
| tohuw | If I am implementing an OpenLDAP server into an existing single-server infrastructure, ought I consider migrating local user accounts to LDAP? There are only ~5 or so I care about, but I am uncertain how to cleanly migrate these, as each of these users have home directories and own files outside of their home, have certain server rights, etc. | 05:49 |
| tohuw | (by "certain server rights" I really mean they are members of local groups conferring privileges such as access to sudo or ability to ssh in) | 05:49 |
| sarnold | tohuw: find can help you find files owned by some userid, -exec chown to change the owner.. | 05:53 |
| sarnold | tohuw: (a) the inconsistency would annoy me :) (b) I've heard it is sometimes useful to have local users in case the server goes down.. | 05:54 |
| tohuw | sarnold: So, just remove the old user, create the new user in LDAP, and chown as needed? That feels too simple... | 05:54 |
| sarnold | tohuw: you could probably keep the old user around until after chowned.. | 05:54 |
| tohuw | Yeah, I'd definitely keep a local user in case slapd went banannas. | 05:54 |
| tohuw | sarnold: even if they have the same name? | 05:55 |
| sarnold | tohuw: heh, I spent a very confused few hours to find out that an ldap "sarnold" had a different userid than a local account "sarnold", and nfs didn't care about names... | 05:55 |
| tohuw | sarnold: really? I was aware the uids would be different (I just finished reading about that), but the system lets you dupe usernames? That seems somewhat insane | 05:57 |
| tohuw | Do new ldap accounts get a home directory and follow other useradd procedures when they are created? | 05:57 |
| sarnold | tohuw: well, it was a decade back. perhaps things have improved. :) | 05:58 |
| tohuw | sarnold: fair enough! :P I guess I could try it on my dev server... what's the worst that could happen? (famous last words) | 06:01 |
| sarnold | tohuw: hehe | 06:01 |
| * tohuw has parted: all local accounts purged. Executing rm -rf /... | 06:02 | |
| sarnold | hehehe | 06:03 |
| tohuw | Somewhat related: http://qntm.org/suicide | 06:05 |
| tohuw | Okay, more tinkering with LDAP tomorrow. Bed time | 06:05 |
| tohuw | thanks for the input, sarnold. | 06:05 |
| sarnold | goood night, good luck tohuw :) sorry I didn't have concrete answers.. | 06:06 |
| === smb` is now known as smb | ||
| === airtonix_ is now known as airtonix | ||
| === wedgwood_away is now known as wedgwood | ||
| Daviey | hallyn_: smsoer, jamespage and myself are re-reviewing them all today | 08:27 |
| jamespage | Daviey, morning | 08:30 |
| jamespage | Daviey, post lunch review? | 08:31 |
| Daviey | mornin' jamespage | 08:32 |
| === histo_ is now known as histo | ||
| jamespage | zul, I think we may need to upgrade ovs to 1.10.0 | 11:50 |
| jamespage | backporting fixes for the 3.9 kernel to 1.9.0 is proving awkward (lots of code changes in the newer version) | 11:50 |
| jamespage | giving it a test now. | 11:50 |
| === wedgwood is now known as wedgwood_away | ||
| zul | jamespage: ack | 12:00 |
| zul | jamespage: im having problems with this can you have a look please http://10.189.74.7:8080/job/backport_package/118/console | 12:01 |
| jamespage | zul, you can't backport twice | 12:02 |
| jamespage | zul, as the checksum changed and reprepro rejects the inclusion | 12:02 |
| zul | jamespage: yeah the problem is i already blew away the deb | 12:03 |
| jamespage | same is happening in the PPA on upload | 12:03 |
| jamespage | zul, how? | 12:03 |
| zul | rm'ed it | 12:03 |
| jamespage | zul, please 'man reprepro' in future | 12:07 |
| zul | jamespage: yeah sorry about this | 12:07 |
| jamespage | you have removed the deb but not the entries from the packages lists | 12:07 |
| jamespage | zul, ok fixed | 12:15 |
| zul | jamespage: cool thanks | 12:15 |
| === himcesjf_ is now known as himcesjf | ||
| hXm | i have a binary program which uses a library that is in a different path | 12:47 |
| hXm | but when i use ldd i see the missing library but not the current path | 12:47 |
| hXm | how to see the path? | 12:48 |
| GH0 | How am I supposed to disable the KDE Wallet service for a user if one doesn't exist in the Account Details page? http://i.imgur.com/Cdqm4N6.png I don't see anything about disabling the service via cli either. | 13:27 |
| * ogra_ wonders how that is server related | 13:30 | |
| ogra_ | GH0, try asking in a kubuntu channel instead | 13:30 |
| amkei | hello, is here the right place to solve specific problems? in my case a crashed system/boot problem? | 13:31 |
| GH0 | ogra_, I am on ubuntu-server and installed a slim-down copy of kde, but unfortunately that installed along with it. Which is why I thought to ask in here. I can ask there though. | 13:33 |
| amkei | after a fsck-repair-operation where some blocks and nodes changed wasnt my system able to boot. | 13:33 |
| ogra_ | GH0, i think your chances to get support for a GUI app are better over there, yes :) | 13:33 |
| amkei | before the grub-screen I got a short message "error: invalid environment block", then comes the grub-screen. | 13:33 |
| amkei | if I choose my default entry the boot process hangs up, if i choose recovery-mode the console says "Kernel panic - not syncing: Attempted to kill init!" | 13:34 |
| amkei | hm, seems to be the wrong place...sry, I'll ask in #ubuntu | 13:35 |
| zul | jamespage: do you have some time to review heat/heatclient changes later this week? | 13:35 |
| jamespage | zul, either today or next week | 13:36 |
| zul | jamespage: next week it is then (i havent started it yet) | 13:36 |
| === wedgwood_away is now known as wedgwood | ||
| jamespage | zul, OK - I have a ovs 1.10.0 upload prepped and tested OK; I've pinged upstream for some verification that this is the best way forwards | 14:17 |
| jamespage | zul, fwiw 1.10 drops support for the brcompat module - I think its a good thing todo this now rather than right on the LTS release next cycle | 14:18 |
| * jamespage goes for coffee | 14:18 | |
| zul | jamespage: cool | 14:18 |
| jamespage | rbasak, hey - remind me again where your patch for mongodb 2.4.x is again | 14:46 |
| * jamespage <- brain fell out last week again | 14:46 | |
| RoyK | hm... in my zfs days, I learned a typical 7200rpm disk can deliver something like 120iops, but when I monitor my raid disks with iostat, I see far higher tps numbers than that | 14:46 |
| jamespage | RoyK, read caching maybe? | 14:46 |
| RoyK | or NCQ... | 14:47 |
| RoyK | not much read caching on rebuilding a raid, last I checked | 14:47 |
| _ruben | 120iops is max fully random .. linear max is much higher | 14:49 |
| _ruben | less seeking, less latency, more stuff done in same amount of time | 14:49 |
| zul | jamespage: did your brain get slippery when it fell out? | 14:50 |
| al-maisan | hello there! Is there a way to see actual cloudinit errors; all I get to see now is: http://paste.openstack.org/show/37866/ and that does not help :( | 14:50 |
| hXm | someone using bitcoin? | 16:29 |
| BlackBoxCoder | hi :) | 16:34 |
| BlackBoxCoder | I have a little question: I use apache2 and created a subdomain via virtual hosts. after this i put some content to the subdomain. after this I uploaded a .htacces file. now i cant access die subdomain anymore. have i to configure the apache service? | 16:37 |
| BlackBoxCoder | die = the | 16:37 |
| sarnold | BlackBoxCoder: did you reload the apache configuration? | 16:48 |
| BlackBoxCoder | ohhh i dont think so | 16:49 |
| BlackBoxCoder | one second please | 16:49 |
| RoyK | apache config shouldn't matter for an .htaccess file (two s-es). but you could check the apache error log | 16:52 |
| sarnold | RoyK: .. but if the config with the new subdomain was never loaded, it'll never even bother lookin for the .htmlaccess ... | 16:53 |
| sarnold | err. yes. | 16:53 |
| sarnold | me tip gud. | 16:53 |
| hXm | hi, in my server using dpkg --get-selections i see some x11proto-* packages, do i really need them? or how can i see if some daemon is using those dependences? | 16:55 |
| BlackBoxCoder | thanks for your help, i will have a look :) *thumbs up* | 16:57 |
| sarnold | hXm: you can just apt-get purge those packages, it will complain if something else requires them | 16:57 |
| hXm | im scared, i wont break anything | 16:58 |
| hXm | i'll take a coke for this | 16:59 |
| sarnold | hXm: .. of course, you might have installed something that requires them outside of the packaging system.. | 16:59 |
| sarnold | hXm: (for example, I don't have any *x11*proto* packages installed on my laptop.) | 16:59 |
| === dosaboy_ is now known as dosaboy | ||
| hXm | yes, i understand what you mean | 17:00 |
| hXm | i just unnistalled some packages and now i am not sure if thats related or not | 17:00 |
| hXm | i will just try | 17:00 |
| adam_g | zul, http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/nova_2012.2.4-0ubuntu3~cloud0/ | 17:37 |
| zul | adam_g: +1 | 17:38 |
| adam_g | zul, http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/havana_versions.html | 17:48 |
| adam_g | zul, the CA pockets will remain empty till the ca havana pockets show up at http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/precise-proposed/ and precise-updates | 17:48 |
| zul | adam_g: cool thanks | 17:49 |
| adam_g | zul, wait a minute, that report is wrong | 17:49 |
| zul | ? | 17:50 |
| adam_g | zul, wait, nevermind. its right, kinda. havan-staging is just mostly a snapshot of the grizzly staging PPA, so it looks wonky atm | 17:51 |
| zul | heh ok | 17:51 |
| === e_t__ is now known as e_t_ | ||
| zul | adam_g/yolanda/jamespage/Daviey: always happy to share the pain https://code.launchpad.net/~zulcss/heat/heat-refresh-ubuntu-style/+merge/166337 | 17:59 |
| === danjared_ is now known as danjared | ||
| === wedgwood is now known as wedgwood_away | ||
| zul | adam_g: python-keystoneclient 0.2.4 just got released can you have a look please? https://code.launchpad.net/~zulcss/python-keystoneclient/0.2.4/+merge/166343 | 18:10 |
| hXm | i have disabled ipv6 in sysctl.conf and ran sysctl -p, but there are still some tcp6 sockets alive | 18:10 |
| hXm | i did restart networking too | 18:11 |
| sarnold | hXm: if you kill all the tasks with those sockets open, probably you can get to 0 open ipv6 sockets again, and stay that way | 18:14 |
| zul | adam_g: ping https://code.launchpad.net/~zulcss/python-keystoneclient/0.2.4/+merge/166343 | 18:51 |
| adam_g | zul, gettin there | 18:51 |
| zul | k | 18:51 |
| adam_g | Daviey, if you're still around, what was the motivation behind dropping the markdown dependency to begin with. re: https://bugs.launchpad.net/ubuntu/+source/cheetah/+bug/1183634 | 19:05 |
| uvirtbot | Launchpad bug 1183634 in cheetah "cheetah pkg does not depend on markdown, but egg requires.txt does" [High,Triaged] | 19:05 |
| Daviey | adam_g: I think it was just that during that cycle we were overwhelmed by MIR's, and at that time we didn't need MD support | 19:06 |
| Daviey | adam_g: but now, removing the delta with Debian seems smarter.. i think. | 19:08 |
| adam_g | Daviey, okay, i guess we can work around it in the meantime with an openstack patch | 19:09 |
| blenderman_ | are ubuntu sharing options secure? | 19:09 |
| adam_g | (while MIRs are in-flight) | 19:09 |
| blenderman_ | like on ubuntu desktop | 19:09 |
| Daviey | adam_g: yeah, interim patches sound smart TBH | 19:09 |
| Daviey | Being able to get H-1 out is more pressing IMO | 19:09 |
| === hXm is now known as HackeMate | ||
| === HackeMate is now known as hxm | ||
| === mikehale_ is now known as mikehale | ||
| === FUF_ is now known as FUF | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!
