[00:05] <hallyn_> ahs3: awesome, thanks
[00:49] <jdstrand> adam_g: fyi, https://launchpad.net/ubuntu/+source/nova/2012.2.3-0ubuntu2.2
[00:57] <adam_g> jdstrand, great, thank you
[00:57] <jdstrand> sure thing
[01:46] <monokrome> Hey. Does anyone know how I can tell UFW to always allow anything that comes from localhost?
[01:47] <sarnold> monokrome: try 'ufw allow from 127.0.0.1 to 127.0.0.1'
[01:48] <monokrome> will
[01:48] <monokrome> ufw allow 127.0.0.0
[01:48] <monokrome> allow the entire 127.0.0 network?
[01:48] <monokrome> Technically those are all localhost, so that'd be best
[01:49] <RoyK> 127.0.0.0/8 perhaps
[01:50] <RoyK> rarely a need to deny anything from localhost
[01:51] <monokrome> I'm not even sure if ufw blocks localhost
[01:51] <RoyK> monokrome: try iptables -vnL
[01:51] <RoyK> it shouldn't
[01:51] <monokrome> RoyK: Everything is on 0.0.0.0
[01:52] <monokrome> So, unless localhost doesn't hit iptables then it does
[01:52] <RoyK> I don't think localhost goes through iptables
[01:53] <monokrome> okay
[01:53] <monokrome> Thanks :)
[01:53] <RoyK> the input chain is usually bound to a nic
[01:53] <RoyK> and lo isn't really one
[01:56] <monokrome> hmm
[01:58] <RoyK> that is, ufw has an accept for all -i lo and -o lo
[01:58] <RoyK> my bad
[01:58] <monokrome> :}
[01:58] <monokrome> I was pretty sure that lo was a virtual interface
[01:58] <monokrome> so it looked like a devikce
[01:58] <monokrome> device*
[01:59] <monokrome> IE, `ip addr` shows it
[02:01] <RoyK> it's virtual, but somewhat real
[02:02] <monokrome> right...
[02:02] <monokrome> There isn't a piece of hardware on your computer that it's using to make the connection is what I'ms aying
[02:03] <monokrome> There's a virtual device in /dev/ that acts like it's a piece of hardware
[02:03] <monokrome> but probably just funnels things through unix sockets or something similar
[02:17] <RoyK> monokrome: network devices aren't in /dev
[02:18] <RoyK> for som odd reason
[04:03] <tohuw> When implementing an OpenLDAP server in an existing server infrastructure, is the general expectation that you will migrate existing local users to LDAP inetorgperson entries?
[05:22] <tohuw> If I am configuring OpenLDAP on my already established server, ought I consider migrating local accounts to LDAP accounts? If so, what is the migration process?
[05:46] <adam_g> Daviey, there's a new nova in queue for quantal-proposed (nova 2012.2.4-0ubuntu3) which is another rebase to include a new security update (which is a fix for a regression introduced in the last security update we rebased on)
[05:47]  * sarnold grabs a whiteboard to diagram that sentence..
[05:47] <adam_g> Daviey, that should trump whats in quantal-proposed for nova currently (ubuntu2). also, verification done on bug #1179626
[05:49] <tohuw> If I am implementing an OpenLDAP server into an existing single-server infrastructure, ought I consider migrating local user accounts to LDAP? There are only ~5 or so I care about, but I am uncertain how to cleanly migrate these, as each of these users have home directories and own files outside of their home, have certain server rights, etc.
[05:49] <tohuw> (by "certain server rights" I really mean they are members of local groups conferring privileges such as access to sudo or ability to ssh in)
[05:53] <sarnold> tohuw: find can help you find files owned by some userid, -exec chown to change the owner..
[05:54] <sarnold> tohuw: (a) the inconsistency would annoy me :)  (b) I've heard it is sometimes useful to have local users in case the server goes down..
[05:54] <tohuw> sarnold: So, just remove the old user, create the new user in LDAP, and chown as needed? That feels too simple...
[05:54] <sarnold> tohuw: you could probably keep the old user around until after chowned..
[05:54] <tohuw> Yeah, I'd definitely keep a local user in case slapd went banannas.
[05:55] <tohuw> sarnold: even if they have the same name?
[05:55] <sarnold> tohuw: heh, I spent a very confused few hours to find out that an ldap "sarnold" had a different userid than a local account "sarnold", and nfs didn't care about names...
[05:57] <tohuw> sarnold: really? I was aware the uids would be different (I just finished reading about that), but the system lets you dupe usernames? That seems somewhat insane
[05:57] <tohuw> Do new ldap accounts get a home directory and follow other useradd procedures when they are created?
[05:58] <sarnold> tohuw: well, it was a decade back. perhaps things have improved. :)
[06:01] <tohuw> sarnold: fair enough! :P I guess I could try it on my dev server... what's the worst that could happen? (famous last words)
[06:01] <sarnold> tohuw: hehe
[06:02]  * tohuw has parted: all local accounts purged. Executing rm -rf /...
[06:03] <sarnold> hehehe
[06:05] <tohuw> Somewhat related: http://qntm.org/suicide
[06:05] <tohuw> Okay, more tinkering with LDAP tomorrow. Bed time
[06:05] <tohuw> thanks for the input, sarnold.
[06:06] <sarnold> goood night, good luck tohuw :) sorry I didn't have concrete answers..
[08:27] <Daviey> hallyn_: smsoer, jamespage and myself are re-reviewing them all today
[08:30] <jamespage> Daviey, morning
[08:31] <jamespage> Daviey, post lunch review?
[08:32] <Daviey> mornin' jamespage
[11:50] <jamespage> zul, I think we may need to upgrade ovs to 1.10.0
[11:50] <jamespage> backporting fixes for the 3.9 kernel to 1.9.0 is proving awkward (lots of code changes in the newer version)
[11:50] <jamespage> giving it a test now.
[12:00] <zul> jamespage:  ack
[12:01] <zul> jamespage:  im having problems with this can you have a look please http://10.189.74.7:8080/job/backport_package/118/console
[12:02] <jamespage> zul, you can't backport twice
[12:02] <jamespage> zul, as the checksum changed and reprepro rejects the inclusion
[12:03] <zul> jamespage:  yeah the problem is i already blew away the deb
[12:03] <jamespage> same is happening in the PPA on upload
[12:03] <jamespage> zul, how?
[12:03] <zul> rm'ed it
[12:07] <jamespage> zul, please 'man reprepro' in future
[12:07] <zul> jamespage:  yeah sorry about this
[12:07] <jamespage> you have removed the deb but not the entries from the packages lists
[12:15] <jamespage> zul, ok fixed
[12:15] <zul> jamespage:  cool thanks
[12:47] <hXm> i have a binary program which uses a library that is in a different path
[12:47] <hXm> but when i use ldd i see the missing library but not the current path
[12:48] <hXm> how to see the path?
[13:27] <GH0> How am I supposed to disable the KDE Wallet service for a user if one doesn't exist in the Account Details page? http://i.imgur.com/Cdqm4N6.png I don't see anything about disabling the service via cli either.
[13:30]  * ogra_ wonders how that is server related
[13:30] <ogra_> GH0, try asking in a kubuntu channel instead
[13:31] <amkei> hello, is here the right place to solve specific problems? in my case a crashed system/boot problem?
[13:33] <GH0> ogra_, I am on ubuntu-server and installed a slim-down copy of kde,  but unfortunately that installed along with it. Which is why I thought to ask in here. I can ask there though.
[13:33] <amkei> after a fsck-repair-operation where some blocks and nodes changed wasnt my system able to boot.
[13:33] <ogra_> GH0, i think your chances to get support for a GUI app are better over there, yes :)
[13:33] <amkei> before the grub-screen I got a short message "error: invalid environment block", then comes the grub-screen.
[13:34] <amkei> if I choose my default entry the boot process hangs up, if i choose recovery-mode the console says "Kernel panic - not syncing: Attempted to kill init!"
[13:35] <amkei> hm, seems to be the wrong place...sry, I'll ask in #ubuntu
[13:35] <zul> jamespage:  do you have some time to review heat/heatclient changes later this week?
[13:36] <jamespage> zul, either today or next week
[13:36] <zul> jamespage:  next week it is then (i havent started it yet)
[14:17] <jamespage> zul, OK - I have a ovs 1.10.0 upload prepped and tested OK; I've pinged upstream for some verification that this is the best way forwards
[14:18] <jamespage> zul, fwiw 1.10 drops support for the brcompat module - I think its a good thing todo this now rather than right on the LTS release next cycle
[14:18]  * jamespage goes for coffee
[14:18] <zul> jamespage:  cool
[14:46] <jamespage> rbasak, hey - remind me again where your patch for mongodb 2.4.x is again
[14:46]  * jamespage <- brain fell out last week again
[14:46] <RoyK> hm... in my zfs days, I learned a typical 7200rpm disk can deliver something like 120iops, but when I monitor my raid disks with iostat, I see far higher tps numbers than that
[14:46] <jamespage> RoyK, read caching maybe?
[14:47] <RoyK> or NCQ...
[14:47] <RoyK> not much read caching on rebuilding a raid, last I checked
[14:49] <_ruben> 120iops is max fully random .. linear max is much higher
[14:49] <_ruben> less seeking, less latency, more stuff done in same amount of time
[14:50] <zul> jamespage:  did your brain get slippery when it fell out?
[14:50] <al-maisan> hello there! Is there a way to see actual cloudinit errors; all I get to see now is: http://paste.openstack.org/show/37866/ and that does not help :(
[16:29] <hXm> someone using bitcoin?
[16:34] <BlackBoxCoder> hi :)
[16:37] <BlackBoxCoder> I have a little question: I use apache2 and created a subdomain via virtual hosts. after this i put some content to the subdomain. after this I uploaded a .htacces file. now i cant access die subdomain anymore. have i to configure the apache service?
[16:37] <BlackBoxCoder> die = the
[16:48] <sarnold> BlackBoxCoder: did you reload the apache configuration?
[16:49] <BlackBoxCoder> ohhh i dont think so
[16:49] <BlackBoxCoder> one second please
[16:52] <RoyK> apache config shouldn't matter for an .htaccess file (two s-es). but you could check the apache error log
[16:53] <sarnold> RoyK: .. but if the config with the new subdomain was never loaded, it'll never even bother lookin for the .htmlaccess ...
[16:53] <sarnold> err. yes.
[16:53] <sarnold> me tip gud.
[16:55] <hXm> hi, in my server using dpkg --get-selections i see some x11proto-* packages, do i really need them? or how can i see if some daemon is using those dependences?
[16:57] <BlackBoxCoder> thanks for your help, i will have a look :) *thumbs up*
[16:57] <sarnold> hXm: you can just apt-get purge those packages, it will complain if something else requires them
[16:58] <hXm> im scared, i wont break anything
[16:59] <hXm> i'll take a coke for this
[16:59] <sarnold> hXm: .. of course, you might have installed something that requires them outside of the packaging system..
[16:59] <sarnold> hXm: (for example, I don't have any *x11*proto* packages installed on my laptop.)
[17:00] <hXm> yes, i understand what you mean
[17:00] <hXm> i just unnistalled some packages and now i am not sure if thats related or not
[17:00] <hXm> i will just try
[17:37] <adam_g> zul, http://people.canonical.com/~agandelman/ca/folsom/2012.2.4_rebase/nova_2012.2.4-0ubuntu3~cloud0/
[17:38] <zul> adam_g:  +1
[17:48] <adam_g> zul, http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/havana_versions.html
[17:48] <adam_g> zul, the CA pockets will remain empty till the ca havana pockets show up at http://ubuntu-cloud.archive.canonical.com/ubuntu/dists/precise-proposed/ and precise-updates
[17:49] <zul> adam_g:  cool thanks
[17:49] <adam_g> zul, wait a minute, that report is wrong
[17:50] <zul> ?
[17:51] <adam_g> zul, wait, nevermind. its right, kinda. havan-staging is just mostly a snapshot of the grizzly staging PPA, so it looks wonky atm
[17:51] <zul> heh ok
[17:59] <zul> adam_g/yolanda/jamespage/Daviey: always happy to share the pain https://code.launchpad.net/~zulcss/heat/heat-refresh-ubuntu-style/+merge/166337
[18:10] <zul> adam_g:  python-keystoneclient 0.2.4 just got released can you have a look please? https://code.launchpad.net/~zulcss/python-keystoneclient/0.2.4/+merge/166343
[18:10] <hXm> i have disabled ipv6 in sysctl.conf and ran sysctl -p, but there are still some tcp6 sockets alive
[18:11] <hXm> i did restart networking too
[18:14] <sarnold> hXm: if you kill all the tasks with those sockets open, probably you can get to 0 open ipv6 sockets again, and stay that way
[18:51] <zul> adam_g:  ping https://code.launchpad.net/~zulcss/python-keystoneclient/0.2.4/+merge/166343
[18:51] <adam_g> zul,  gettin there
[18:51] <zul> k
[19:05] <adam_g> Daviey, if you're still around, what was the motivation behind dropping the markdown dependency to begin with. re: https://bugs.launchpad.net/ubuntu/+source/cheetah/+bug/1183634
[19:06] <Daviey> adam_g: I think it was just that during that cycle we were overwhelmed by MIR's, and at that time we didn't need MD support
[19:08] <Daviey> adam_g: but now, removing the delta with Debian seems smarter.. i think.
[19:09] <adam_g> Daviey, okay, i guess we can work around it in the meantime with an openstack patch
[19:09] <blenderman_> are ubuntu sharing options secure?
[19:09] <adam_g> (while MIRs are in-flight)
[19:09] <blenderman_> like on ubuntu desktop
[19:09] <Daviey> adam_g: yeah, interim patches sound smart TBH
[19:09] <Daviey> Being able to get H-1 out is more pressing IMO