GH0Hello, I seem to have run into an issue with two files not appearing in KDE's menu, however, when attempting to rescan and re-add these, I get the following errors.00:25
GH0kbuildsycoca4(16401) KConfigGroup::readXdgListEntry: List entry Keywords in "/usr/share/applications/firefox.desktop" is not compliant with XDG standard (missing trailing semicolon).00:25
GH0kbuildsycoca4(16401) KConfigGroup::readXdgListEntry: List entry Categories in "/usr/share/applications/kde4/k4dirstat.desktop" is not compliant with XDG standard (missing trailing semicolon).00:25
GH0However, I noticed that not all files in the folder have a trailing semicolon, so I was wondering if anyone could either paste their files listed in that folder, or if they could show me a way to replace those files through a reinstall or something?00:25
GH0Because purge doesn't remove the files.00:25
sarnoldGH0: you may wish to try #ubuntu, most servers don't have desktops installed :)00:28
GH0Lol, well, I figured that because I was running a server build, the best thing to do was ask in here first before being told to bring it in this channel. Will do though.00:28
sarnoldGH0: the difference is more in package selection than anything else :)00:28
=== Smark is now known as Smark[Gone]
arooni-mobile__i have a ubuntu VPS linode server running 10.04.  i want to upgrade to ubuntu 12.04.  its giving me a warning about doing it over SSH... any precautions i should take?00:42
sarnoldarooni-mobile__: make sure the linode console lets you request "reboots" or whatever it is you get to do there when things go wrong :)00:44
frezemy vps has the option for a reverse dns for all my ips. What is this used for?00:58
arooni-mobile__for my ubuntu 12.04 server;  is there a way to run updates on it automatically?  or do i have to manually do upgrades for packages?  im thinking specifically for security issues00:59
sarnoldarooni-mobile__: install the unattended-upgrades package01:00
arooni-mobile__sarnold, so that will auto download security updates and install them?01:01
arooni-mobile__dont need to do antyhing else?01:01
sarnoldarooni-mobile__: I believe it can also be easily configured to get other updates, not just security updates, if you wish01:02
hallynsarnold: i'll have to reread it later, but i didn't quite get your dnsmasq proposal01:29
hallynmaybe it'll make sense to me next time :)01:29
sarnoldhallyn, darn, I was afraid of that. I _knew_ waving my hands about would have helped..01:29
hallynsarnold: you talk about having containers put dnsmasq-libvirt into their resolv.conf.  but the whole point (istm) is that dnsmasq doesn't want to do secondary dns servers01:30
hallyni.e. every dns server should be a primary01:30
sarnoldhallyn: but I _think_ glibc's resolver is more forgiving01:30
hallynso if we're giogn that route, then it seems tome wejust need to teach people to put server=/lxc/ and the like into their dnsmasq.conf01:30
hallynthat would explain why the other guy wasn't having a problem when dnsmasq-lxc is not in strict-order01:31
sarnoldhallyn: and since the bug you pointed out has ~25 people affected, it might even be worth writing a forwarder that behaves as we'd like it...01:31
hallynmy argumetn was that dnsmasq should still half the time be failing - but maybe glibc is "magically" making it work01:31
hallynsarnold: there is a patch shipped with the dnsmasq source to do it01:31
sarnoldhallyn: oh?01:31
hallynbut nto applied01:32
hallynand in face there are two versions,a nd both are again out of date01:32
sarnoldhallyn: I'll have to admit, after I spent two weeks trying to backport a security fix through all five versions of dnsmasq that we support, I kinda of grew some serious distaste for it. heh.01:32
hallynbut there's that bug which i think i quoted in your bug, which poses and does nto answer the fundamental question: do we want dnsmasq to behave that way or not01:32
hallynyou and i, i think, agree it should01:33
hallynbut kelley, the dnsmasq author,d oes not01:33
sarnold(I even spent two hours tring to smack a powerdns recursor in front of the whole thing, but got stymied by the lack of .lxc and .libvirt TLDs to forward to, as appropriate..)01:33
hallynand thood wants to respect the author i iiuc01:33
sarnoldand I'm even reasonably certain kelley's got very good reasons. at least when I read them, they make sense.01:33
hallynstgraber had mentinoed some other rsolver he had considered, but dnsmasq was already in main01:33
sarnoldbut the sum total of what we've got is a very frustrating experience. :(01:33
hallynsarnold: well i can sum it up like this:01:34
hallynwe can solve this problem pretty easily using server=/domain/resolver in dnsmasq.conf, but01:34
hallynthat does NOT solve it generically, whereas resolv.conf did01:34
hallynso in that sens this is a regression01:34
sarnoldI have a feeling that dnsmasq is trying to do too many things at once. It feels like dhcp+authoritative should be one part. and forwarding+caching shuold be another part. and maybe even outright recursive a third part. but having all of them in one big blob is just .. a lot.01:34
hallynwell, you might be right, but i don't think that really needs to affect this :)  this seems like just a question of teaste01:35
hallyn"all resolvers should be primary" vs "we should allow secondaries"01:35
arooni-mobile__hey folks;  recently upgraded my ubuntu 10.04 box to 12.04 ... now the SSH is FUBARd... i cant ssh in on my port.  i'm logged in as rot; how can i fix?01:35
sarnoldyeah, that's just me redesigning the world to fit my preconcieved notions. :) But I _do_ think the problem might be more easily solved if we pretend it worked that way...01:36
hallynarooni-mobile__: is sshd running?  did you have a custmo config?01:36
hallynsarnold: I think "allowing secondaries allows more general solutions" is compelling01:36
sarnoldhallyn: or, at least, I thought it'd be worth floating past thood and you..01:36
hallynAny time that libvirt docs have to say "if you're running dnsmqsq, do this;  if you're running optimus, do that" we lose01:36
hallynsarnold: but i still didn't grok what you were saying in the email :)01:37
hallyni'll reread in the morning though01:37
arooni-mobile__hallyn, sshd appears to be running; and yes my config file is custom; just changed the port; really01:37
sarnoldheh, libvirt "fixed" it by putting the whole configuration in C source anyway. damn near impossible to modify. :(01:37
hallynsarnold: yeah, that's a pain01:37
hallyntaht's why i only mentioned lxc in my server=/lxc/ example :)01:38
hallynarooni-mobile__: have you checked the config file to make sure it hasn't been overwritten?01:38
sarnoldarooni-mobile__: does netstat -lntp show sshd listening?01:38
sarnoldhallyn: please do let me know if it makes more sense in the morning. just go to bed thinking "flat dns" rather than "chained dns" and see if that helps... :)01:38
hallynsarnold: ok :)01:39
arooni-mobile__hallyn, checked config file already; not overritten01:39
arooni-mobile__tcp6       0      0 :::22222                :::*                    LISTEN      2247/sshd         ...its listening on the right port01:40
sarnoldarooni-mobile__: ipv6 okay? :)01:40
arooni-mobile__ooh its because linode moved my IP address during the migration01:41
arooni-mobile__and i was SSH'ing directly to the IP address01:41
arooni-mobile__no wait01:41
arooni-mobile__the IP address is the same01:41
arooni-mobile__so im missing why i cant ssh from my box;  i just checked to make sure my keys are in ~/username/.ssh/authorized_keys01:42
arooni-mobile__they are01:42
arooni-mobile__on the connecting computer debug says: "debug1: Connecting to 70.87.XX.XX [70.87.XX.XX] port 22222."01:42
=== peter is now known as Guest93788
arooni-mobile__dont' get past htat01:42
sarnoldarooni-mobile__: can netcat connect and collect a banner?01:43
sarnoldarooni-mobile__: (echo "" | netcat ip-address 22222)01:43
arooni-mobile__netcat: getaddrinfo: Temporary failure in name resolution01:44
arooni-mobile__ugh dns resolution again?01:44
arooni-mobile__can someone help me getting DNS resolution fixed?  i'm seeing "/etc/network/interfaces:11: misplaced option"  on line: dns-nameservers
GH0sarnold, typical main channel. lol, no one answers.01:51
sarnoldGH0: sigh :)01:52
GH0i can probably find the files online.l and fix it that way. Or just k owibg what would replacw the foles01:53
GH0Oh dear god the misspellings01:53
sarnoldarooni-mobile__: I don't see it obviously.. can you pastebin the whole thing?01:54
arooni-mobile__sarnold, one sec01:54
arooni-mobile__sarnold, http://paste.ubuntu.com/5964666/01:55
arooni-mobile__thats from my desktop01:55
arooni-mobile__one sec01:56
sarnoldarooni-mobile__: hrm, is that comma supposed to be there? I don't see commas in the resolvconf(8) manpage..01:56
arooni-mobile__sarnold, the second one is actual file01:57
sarnoldarooni-mobile__: looks like you're missing an 'iface eth0' line01:57
arooni-mobile__sarnold, what should it look like ?  iface eth0  ... dhcp ?01:58
arooni-mobile__i think ubuntu 12.04 overwrote whatever i had before that was working01:58
sarnoldGH0: try debsums -cs firefox01:59
sarnoldarooni-mobile__: try "inet eth0 inet dhcp"01:59
GH0sarnold, will do, hold on02:00
arooni-mobile__sarnold, cool, getting a different error on networking restart "ifup: couldn't read interfaces file "/etc/network/interfaces"02:01
sarnoldarooni-mobile__: woo. :) I'd put that 'auto eth0' line up near the other 'auto' line.02:01
arooni-mobile__sarnold, cool; now it restarts; but i'm still not getting dns resolution02:02
GH0sarnold, is it supposed to report anything back?02:02
GH0It seems to newline after pressing enter02:03
sarnoldGH0: that means there were no corrupted files in the package02:03
sarnoldGH0: so your firefox.desktop is just as it should be.02:03
sarnoldwell, just as it was delivered. :)02:03
sarnoldarooni-mobile__: any nameserver lines in /etc/resolv.conf?02:04
arooni-mobile__sarnold, nope nothing there02:05
sarnoldarooni-mobile__: do you have a /etc/resolvconf/update.d/libc file?02:05
arooni-mobile__sarnold, dont know if it matters but lrwxrwxrwx 1 root  root      31 May 16  2011 resolv.conf -> /etc/resolvconf/run/resolv.conf   ... its a symlink02:05
arooni-mobile__sarnold, -rwxr-xr-x 1 root root 5093 Jul 18  2012 libc  ...02:06
sarnoldhrm, that should have written the new nameserver lines for you..02:06
arooni-mobile__should i try rebooting?02:06
sarnoldonly if the vps makes it easy to get back without working networking on the system :) hehe02:07
arooni-mobile__my ubuntu never wants to talk to the outside world02:07
arooni-mobile__fixed it sarnold ;  thanks02:19
arooni-mobile__htere was a bad symlink apparently in /etc/resolv.conf02:20
sarnoldarooni-mobile__: really? how odd. could you file a bug against resolvconf (ubuntu-bug resolvconf) and copy-and-paste some of your more enlightening commands and results?02:22
sarnoldarooni-mobile__: upgrades from 10.04 to 12.04 really ought to work :)02:22
sarnoldarooni-mobile__: thanks :)02:22
arooni-mobile__sarnold, geez i wish i would have kept better track of what it linked to before02:35
sarnoldarooni-mobile__: this is what you pasted before.. lrwxrwxrwx 1 root  root      31 May 16 2011 resolv.conf -> /etc/resolvconf/run/resolv.conf02:36
arooni-mobile__oh good;  cuz i straight up deleted that bad symlink02:36
arooni-mobile__it wasnt pointing to anything02:36
sarnoldI'm sorry I didn't recognize it at the time; I'm on 13.04, mostly, and I figured the path had changed from 12.04. :(02:37
arooni-mobile__i should have noticed it as a bad symlink02:37
arooni-mobile__i have color highligting on my terminal02:37
arooni-mobile__ahhh i know02:38
arooni-mobile__i was logged in as root02:38
arooni-mobile__so i didnt have color highlighting02:38
arooni-mobile__otherwise i would have noticed it was red02:38
arooni-mobile__sarnold, correct me if im wrong but isnt this the same issue: https://bugs.launchpad.net/ubuntu/+source/resolvconf/+bug/100024402:42
uvirtbotLaunchpad bug 1000244 in resolvconf "Symlink /etc/resolv.conf does not exist after installation or upgrade of resolvconf -- various causes" [Undecided,Confirmed]02:42
sarnoldarooni-mobile__: that looks like it. wow..02:45
uvirtbotLaunchpad bug 1000244 in resolvconf "Symlink /etc/resolv.conf does not exist after installation or upgrade of resolvconf -- various causes" [Undecided,Confirmed]02:46
arooni-mobile__sarnold, i guess checking the bugs on a package when im having troubles with it is a good idea02:48
=== virusuy is now known as tuviejaentanga
failmasteri have a problem switching luks passphrase authorization to key file for root fs on 13.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? =)04:59
uvirtbotLaunchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New]04:59
=== Smark[Gone] is now known as Smark
=== failmaster is now known as failmaster_faile
=== failmaster_faile is now known as failmasterfailed
=== failmasterfailed is now known as unfailedagain
brahmanaHi. Is there a way for me to block access to a particular domain from my machine?06:34
brahmanaThis is for my Ubuntu desktop. I was suggested to ask here when I asked the same in #ubuntu06:34
brahmanaWould adding an entry like ALL : my.domain.com to /etc/hosts.deny be the right approach?06:36
sarnoldcheap-and-kinda-busted is to put domainname.com   into your /etc/hosts file. That will only screw up domain resolution for the specific hostnames you list: it won't kill the whole domain, and if someone resolves the IPs elsewhere, they'll be able to use the IPs to connect...06:36
brahmanaI tried that but I can still access that my.domain.com via telnet06:36
sarnoldyou'd need to add in my.domain.com as well... it can get exhausting :)06:37
brahmanaIt's just one domian.. so its ok.06:37
sarnoldif the domain is entirely hosted in one netblock, you could use iptables to block access to the network. that'll be far more reliable, right up until they change their IPs.06:37
brahmanaFurthermore this is not from a security standpoint. I just want to block access to that domain temporarily.06:37
unfailedagaini have a problem switching luks passphrase authorization to key file for root fs on 13.04 https://bugs.launchpad.net/ubuntu/+source/cryptsetup/+bug/238163/comments/18 anyone? =)06:40
uvirtbotLaunchpad bug 238163 in cryptsetup "keyfile doesn't work in initramfs" [Undecided,New]06:40
sarnoldunfailedagain: http://paste.ubuntu.com/5965290/06:46
unfailedagainsarnold, it works without one for sdb106:46
sarnoldunfailedagain: does that KEYSCRIPT look familiar?06:46
sarnoldunfailedagain: sdb1 isn't going to be used for root06:47
unfailedagainsarnold, so what's the difference, it's being mounted during boot06:47
sarnoldunfailedagain: the difference is I found that string in this file in the source package: debian/initramfs/cryptroot-hook06:47
unfailedagainas well as / was on 12.04 without keyscript=06:47
sarnoldunfailedagain: .. perhaps that hook doesn't care about the other targets?06:47
unfailedagaini knwo about this hook, i even was able to find out the moment where it was suggested06:48
unfailedagainbut if i was that good enough - i would already fix it06:49
unfailedagainsarnold, hm, the strange thing is that i somehow thought it should be grepable under /etc/ and appears there is none06:51
sarnoldunfailedagain: check /usr/share/initramfs-tools/hooks/  ?06:51
unfailedagainsorry, my bad06:52
sarnoldgood luck :) bed time here06:53
unfailedagainsarnold, many thanks!06:53
unfailedagaini'll investigate around hooks06:53
sarnoldunfailedagain: if you find it, let me know, I'm curious what it ought to be..06:53
unfailedagaindefinitely i will06:53
sarnold:) thanks06:53
=== smb` is now known as smb
unfailedagainlooking at cryptroot hook i really don't get it, how that thing "# If keyscript is set, the "key" is just an argument to the script" is related popping-up a warning07:36
unfailedagainmost probably because i'm too noob07:36
=== unfailedagain is now known as srsly
=== srsly is now known as wtffailor
=== wtffailor is now known as rtfmdude
rtfmdudeis it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)?08:15
adam_gjdstrand, any security updates in the pipe for openstack? putting together a new SRU batch08:16
stemiddoes ubuntu use vixie cron? I noticed crontab(5) says Vixie.08:44
stemidnot anacron then08:44
stemidjust wondering because I have a problem with a crontab file on two ubuntu 12.04 servers, but none of my debian servers (anacron). I always use /etc/cron.d and very basic format MAILTO=me PATH=/to/script 0 4 * * * root script.sh08:45
stemidand it never runs08:45
stemidbut manually it works08:45
stemidmanually the script works08:45
stemidand cron.allow does not exist08:47
rtfmdudeis it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)?08:59
jamespageadam_g, zul, Daviey, smoser: just flushed everything in havana proposed CA through to updates.09:03
adam_gjamespage, nice09:04
jamespageadam_g, there are a few deps that need a resync - I'll look at those later today09:04
adam_gjamespage, non-neutron havana is deploying and testing good09:04
jamespageadam_g, also looking to push in a rc for the next ceph LTS later as well09:04
jamespageadam_g, yeah - I guess we need todo the charm work to deal with that upgrade now09:04
adam_gjamespage, we need to have the quantum + nova charms be naming aware09:04
jamespagelol - snap09:05
jamespageanyway - back later09:05
adam_gjamespage, i think we can handle it easy enough in the new py redux, but maybe we can just temporarily fix in the qa charm branches09:05
rtfmdudeis it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)?09:24
=== DenBeiren is now known as zz_DenBeiren
=== zz_DenBeiren is now known as DenBeiren
=== jibel_ is now known as jibel
frezeHow much memory will ubuntu server on average for a default setup?10:34
maswan.5G or so, is my guesstimate. of course, then you want memory for your services too.10:35
frezeI'm gettin 125MB10:36
frezeanyone know what  sendmail: MTA:  is for?10:39
thumperapw: ping10:45
rbasakfreze: mail transfer agent. That isn't on a default install, though.10:47
frezedo I need it?10:51
frezeit came with my vps ubuntu image10:52
frezealong with apache which I delted10:52
andolfreze: You might not need (or even want) sendmail specifically, but you probably want some kind of local MTA so that the server can send mail. If nothing else you might want your server to be able to send cron mail and stuff.11:04
andolfreze: Oh, and for extra fun, there is a bit confusion regarding the sendmail name. In addition to it being the name of mail server, it is also the name of a system binary, which also other mail servers use, for compability reasons.11:05
frezeThanks andol. I guess my VPS by default included additional packages in the iso image.11:08
andolfreze: The default MTA for Ubuntu is Postfix, which (as hinted earlier) do provide a /usr/sbin/sendmail binary.11:09
=== DenBeiren is now known as zz_DenBeiren
frezeanyone here using fail2ban?12:07
frezeI'm following this guide: http://felipeferreira.net/?p=47. However I do not see a [ssh-iptables] block in my config file.12:08
cisshi, i'm running 12.04 server (upgraded from 10.04 server), and i've run into some dependency issues while installing samba that i am unable to resolve. apt output: http://pastebin.com/PHbAQ8wL, sources.list: http://pastebin.com/zdTbEJbq12:13
cisssamba had been installed before the dist-upgrade, but seems to have been removed in the process (i assume - it's been a while, i can't remember)12:13
rbasakciss: please pastebin the output of "apt-cache policy samba".12:15
cissrbasak: http://pastebin.com/MJyLS6qz12:17
rbasakciss: looks like you're trying to install a different samba from the one in the archive.12:18
rbasakciss: the 9v-shaun-42 ppa that you have enabled there.12:18
=== dosaboy_ is now known as dosaboy
cissrbasak: ah, i remember now. thanks a lot, now i have something to work with :)12:21
jdstrandadam_g: yes, a whole slew of them just came through12:21
jdstrandadam_g: they should be pushed out next week12:21
=== zz_DenBeiren is now known as DenBeiren
adam_gjdstrand, affecting which packages? i guess i can just move forward and rebase as necessary12:22
=== DenBeiren is now known as zz_DenBeiren
thumperapw: ping?12:35
jdstrandadam_g: please give me a few minutes12:37
jdstrandadam_g: looks like python-glanceclient, swift, cinder, nova, keystone and python-keystoneclient12:40
stgraberhallyn, sarnold: uploaded lxc to saucy-proposed with hardening-wrapper enabled, so that should be all for that MIR.12:40
stgrabersarnold: if you could confirm that you're fine with that change, I'll seed lxc and promote it12:40
jdstrandadam_g: actually, keystone may not be on the list-- I need to deep dive into the python-keystoneclient one12:41
hallynstgraber: scary12:44
hallynstgraber: did you rip the mkifname source from mktemp in libc by chance?  or whip it up from scratch?12:47
stgraberhallyn: mostly from scratch12:48
stgraberhallyn: it was intiially roughly based on bionic's mktemp implementation but I don't think I really kept much as they were using some random number generation function that didn't exist in eglibc12:49
stgraber(and extracting the equivalent function from eglibc was too painful thanks to all their generated code...)12:49
stgraberhowever I did run a bunch of tests to confirm it does the right thing when getting a name conflict and that it's not racy (won't return the same thing twice, no matter how fast it runs), also ran it under valgrind to make sure I didn't forget to free anything12:50
hallyni've gotta go over a 20M of valgrind data at some point :(12:51
stgraberhehe, it's much easier to deal with when adding single self contained functions than running against something like lxc-start ;)12:52
hallynstgraber: but how cna there not be a memory leak?12:52
hallynyou strdup name ina loop but dno't free it12:53
hallynthat i can see12:53
hallyni must be missing something (/me keeps looking)12:53
stgraberhallyn: oh, yeah, I probably should free it when I don't break out of the loop12:57
hallynsurprisedh valgrind didn't spot that12:57
stgraberwell, I'd have to go through that specific code path which I guess wasn't the case when run under valgrind12:58
stgraberif the first name it comes up with doesn't already exist, then it's fine12:59
stgraberit's only if it already exists and it needs to generate another one that the leak happens12:59
hallynstgraber: one more:12:59
stgraberhallyn: http://paste.ubuntu.com/5966322/12:59
hallyni think you need to do padchar[random() % (strlen(padchar)-1)]12:59
hallynthough really that number should probably be set with a #define :)13:00
hallynstgraber: lastly, really should check that strdup() didn't return null13:00
hallynstgraber: say, is it safe to install dnsmasq on a running precise server, or will precise hit some snafus and i'll lose network?13:02
hallyn(istr it was phased in at or right after precise, so i worry)13:02
stgraberhallyn: I "think" we backported all the needed bits13:03
stgraberhallyn: http://paste.ubuntu.com/5966334/ ?13:03
hallynheh, i\'d only want it to do the server=/lxc/, maybe i shouldn't risk it13:03
hallynstgraber: +1, you can just add my Acked-by too then13:04
stgraberhallyn: ok, thanks13:04
hallynno no, thank you :)13:04
alex88erm, i just dist-upgraded and apache 2.4 just broke everything :)13:06
alex88is there a way to get back?13:06
hallynsmoser: thanks, i agree i didn't like the clone() name there :)  reviewing, will push to staging soon.13:11
smoserneat, thanks.13:12
hallyn(in general we prefer patchsets sent to lxc-devel rather than pushed though github, but this is specific to lxc-ubuntu-cloud, which noone will comment on anyway :)13:12
smoserdo you want me to squash it?13:12
smoserto one commit13:12
hallyni've already pulled it, just looking over the commits now13:14
hallynsmoser: i also wonder if these commits fix any of the open bugs against lxc-ubuntu-cloud13:16
hallynsmoser: oh, but you didn't sign off on your commits13:17
hallynsmoser: so if you dno't mind signing them off - squash them or not - then i'll sign-off and push13:18
smoseri can do that.13:18
smoserok. so i push --forced over13:28
smoserok, and the pull request figured that out13:29
cissif a package install fails due to an exception during interactive configuration (and thus the package is in a broken state), how can i force another configuration dialog when reinstalling? (right now it seems to always use the last provided inputs)13:34
hallynsmoser: how weird, git pull acted differently this time (asking for a merge msg).  oh - i see13:34
yolandajamespage :https://code.launchpad.net/~yolanda.robla/charms/precise/jenkins/fix_nogroup/+merge/17943413:35
=== zz_DenBeiren is now known as DenBeiren
hallynsmoser: pushed13:36
smoserhallyn, awesome. thank you.13:38
hallynwtf - containers don't have 'ed' by default?13:39
stgraberhallyn: we've got vim, why would you want ed? ;)13:42
rbasakalex88: in what way did it break everything?13:42
hallynstgraber: so i can edit a file while keeping the compiler errors on teh screen :)13:44
hallynstgraber: woohoo, i'm creating N, and no more than N, veths as unpriv user.  re-integrating into lxc will be uglier than i'd like though13:44
stgraberhallyn: ah, I just background vim in such cases ;)13:44
stgraberhallyn: nice!13:44
hallynmight just post the standalone toy i'm testing with for comment first13:45
hallyncause boy does this have the potential for disaster :)13:45
=== DenBeiren is now known as zz_DenBeiren
alex88rbasak: new modules, changed configuration13:46
bkfitzI'm currently running proftpd on 10.04, but I'm concerned about passwords being passed in clear text... has anyone set up sftp for proftpd and/or have any recommendations for me?13:47
rbasakalex88: please can you be more specific? Apache 2.2 -> 2.4 is a major change so it's expected that if you have a custom setup you will need to update it. So I'd like to understand whether your breakage is reasonable for the package, or if there are bugs that need to be fixed.13:47
alex88rbasak: well first it doesn't support dav svn13:48
rbasakalex88: which package is that, please?13:49
alex88and for some reason, it was installed but still apache2 and related upgraded to 2.4 breaking it13:49
psivaahallyn: connecting to mysql with today's precise images return "ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)"13:49
psivaawith lamp server installations13:50
rbasakpsivaa: from -proposed?13:50
rbasakpsivaa: bug 1121874 - SRU verification failure.13:50
uvirtbotLaunchpad bug 1121874 in mysql-5.5 "MySQL launch fails silently if < 4MB of disk space is available" [Medium,Fix committed] https://launchpad.net/bugs/112187413:50
=== lborda is now known as lborda_afk
rbasakalex88: looks like the problem is that subversion doesn't support apache 2.4 yet.13:53
alex88but shouldn't it block apache upgrade?13:53
psivaarbasak: i dont think it's from proposed, the versions are of 5.5.32-0ubuntu0.12.04.213:53
rbasakalex88: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712004 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=66679413:53
uvirtbotDebian bug 712004 in libapache2-svn "/usr/lib/apache2/modules/mod_dav_svn.so: undefined symbol: ap_log_perror_" [Grave,Fixed]13:53
alex88rbasak: uh ok thanks!13:53
ikoniabkfitz: what information are you looking for ?13:53
rbasakalex88: the solution was to disable the subversion module in Debian for now, so as not to block apache moving to 2.413:53
psivaarbasak: those pkgs are in main13:54
alex88rbasak: ok thanks for the info, btw I've now installed first libapache2-svn to it installed 2.213:55
bkfitziknonia: well... I guess advise on using proftpd's sftp module vs openssh13:56
bkfitziknonia: and/or suggestions for allowing my dev to upload content to my wwwroot folder securely13:57
rbasakpsivaa: 5.5.32-0ubuntu0.12.04.2 was from -proposed, though it's been deleted now. AIUI, it's never been in -updates.13:57
Pici!tab | bkfitz13:57
ubottubkfitz: You can use your <tab> key for autocompletion of nicknames in IRC, as well as for completion of filenames and programs on the command line.13:57
bkfitzPici, yeah... knew it just wasn't thinking13:58
psivaarbasak: ack, thanks14:00
bkfitzikonia, any advise?14:05
ikoniabkfitz: what's wrong with just connecting to sshd via sftp ?14:05
ikoniabkfitz: I'm assuming you've got ssh running, so any reason not to use it ?14:06
stgraberhallyn: debugged and fixed the autopkgtest failure which prevented the past 3 lxc uploads from reaching the archive (it was adt-run messing with TMPDIR and confusing debootstrap, adding an unset TMPDIR did the trick)14:32
hallynand now all fixed?14:32
stgraberI got a succesful run on my laptop and just uploaded to the archive, so hopefully Jenkins will succeed too14:32
mdeslaurrbasak: d'oh, sorry for breaking apache214:33
rbasakmdeslaur: np, it wasn't you.14:33
bkfitzikonia, i do have ssh (openssh) running, but i need sftp to be run over port 2114:35
ikoniabkfitz: ok, then setup an sftp server14:35
rbasakI noticed the problem weeks ago, but wanted to write a dep8 test. Which involved writing adt-virt-lxc so that I could test my test. Took a while :)14:35
bkfitzikonia, proftpd with modsftp suggested?14:36
bkfitzikonia, or vsftpd14:36
ikoniaup to you14:37
ikoniathey all do the same thing really14:37
smoserhallyn, suck.14:38
smosercan you pull tip of my staging14:38
smoserhold on. you want signed off by14:38
bkfitzikonia, so will running proftpd with modsftp conflict with my openssh service?14:43
bkfitzikonia, i'd like to run ssh on 22 and sftp on 2114:44
ikoniabkfitz: why would it conflict with open ssh ?14:45
andolbkfitz: I assume you know that regular ssh usually also handles sftp? But no, running a separate sftp on port 21 wuldn't conflict, even it it might possibly confure.14:45
bkfitzandol, yeah... but i need ssh to run on 22 and sftp to run on 21... so i'm assuming i need two daemons14:48
bkfitzopenssh -> ssh -> 2214:48
bkfitzproftpd or some other sftp server -> sftp -> 2114:48
ikoniathey are two seperate services14:48
ikoniaopenssh is nthing to do with proftp/vsftpd etc etc14:49
ikoniawhy do you need it running on port 21 thought ?14:49
stgraberhallyn: damn, lxc no longer builds on Android... I really need to add that to my build server so we catch those earlier.14:50
bkfitzikonia, because my devs are inside our lan which doesn't allow port 22 traffic outside... only 2114:50
bkfitzi use my mifi to get out on 2214:51
bkfitzikonia, don't ask why the policy is to close 2214:51
ikoniajust run an sftp server then, nice and simple14:51
bkfitzikonia, yeah... just doing some reading on that now... thx14:51
hallynstgraber: is that bc of an alloca or somesuch that i threw in?14:52
stgraberhallyn: nope, utils.h the __NR_* defines don't include the values for arm14:53
hallynsmoser: trying to figure out how to get that with a git cmomand (git fetch isn't doing it).  maybe i'll just hand-apply :)14:53
hallynoh there we go14:54
hallynsmoser: ok, pushed14:55
* hallyn biab14:57
hallynstgraber: nah i guess i'll pull the lxc-user-nic into lxc before i post it, which only means i need to think about how to port the tests.  bbl15:03
hallynhopefully will post something tonight15:03
medberry_Daviey, smoser, et al: Is this where cloud-image contents are defined?  http://bazaar.launchpad.net/~ubuntu-core-dev/ubuntu-seeds/ubuntu.saucy/files/ (wihin cloud-image). Is this where the default contents of a cloud-image are set?15:23
=== medberry_ is now known as med_
=== marcoceppi is now known as marcoceppi|away
=== nate-finch is now known as natefinch
rtfmdudeis it necessary to have a keyscript option in order to use luks authorization based on a key file for drive with mount point on / (root fs)?15:42
xnoxrtfmdude: that, or modify the initramfs scripts that do so.15:43
xnoxrtfmdude: you may notice in the scripts that plymouth is prefered over keyscript, you may want to revert it locally.15:43
rtfmdudexnox, is it defined somewhere across references?15:43
rtfmdudebecause is that case i see the reason to file a bug report =)15:44
xnoxrtfmdude: what do you mean "across references"? Sorry, i don't understand.15:44
rtfmdudexnox, man pages?15:44
xnoxrtfmdude: i have no idea. I'm telling you what's in the code.15:46
rtfmdudexnox, many thanks, mate!15:47
rtfmdudebut honestly i don't get it, why it works for non-root devices and can't work for /15:49
rtfmdudeand why it was working for all drives presented into system in 12.04 for me15:49
frezeHi guys I  just setup a webserver to host sites using niginx on an ubuntu server in a VPS. what are the most important things that I should be aware of when running a server/what do you wish you knew when running your webserver15:53
rtfmdudefreze, basically until you really care looking through logs from time to time, it's already more than many others do lol15:55
blib on my ubuntu box: apt-get upgrade gave this error: Errors were encountered while processing:  /var/cache/apt/archives/nginx_1.4.2-1~lucid_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)15:57
blibany ideas how to fix this?15:57
frezertfmdude: yeah. what about security? I have  secured ssh and installed fail2ban15:58
frezeanything else I should look at?15:58
rtfmdudei usually start removing login shells against users that don't need it, tuning things to keep only established connections, setting ssh auth over key files, setting up portsentry sometimes, if it's vds - ksplice, fail2ban too maybe, but consider also moving ssh default port somewhere else15:59
rtfmdudefreze, but not everyone finds it necessary15:59
rtfmdudesoz for my english btw15:59
frezessh auth over key files? what do you mean? Alsoo what is a VDS? virtual disk?16:02
rtfmdudemy bad, sorry for messing up with words, was meaning certificates, vds again oh gosh... i'd better shut up dedicated server lol16:03
rtfmdudeno, i definitely should talk less16:03
stgraberhallyn: wow, that's quite a few changes needed to get lxc to build with bionic again...16:10
rizukanyway to repair bootmanager grub was on 3.2 kernel i update to 3.5 never came back online via ssh. So in ovh set it to kernel network rescue that booted fine...But now I'm stuck on this kernel i was trying to go back to 3.2 but still wouldn't work i even changed the /boot/grub/grub.cfg to the 3.2 kernel16:19
hallynstgraber: do you have a diff up i can look at, or are you comfortable with it?16:27
rtfmdudesarnold, i got rid of warning changing the order of devices in crypttab, which is total bs16:28
rtfmdudeinitiatin reboot to see if it ate it, but i could mess editing the hook lol should check everything16:29
stgraberhallyn: I'm fixing stuff slowly, we got some new strdupa calls in the code I need to get rid off. Also Android fixed a few things in recent bionic so I need to drop some of my hacks16:29
hallynstgraber: is strdupa just not posssible?16:37
jamespagerbasak, any chance you can do a test build of my workaround for mongodb - lp:~james-page/ubuntu/saucy/mongodb/fixup-arm16:37
stgraberhallyn: doesn't exist16:37
stgraberhallyn: I guess we could re-implement it as I've been doing with getline and mntent_*16:37
ovidiu-florinI'm trying to install ubuntu server on a virtual machine on my kubuntu desktop. My kubuntu desktop is x86_64, but the ubuntu server says that the CPU is i686. why?16:38
rbasakjamespage: "16:38
rbasakThis branch has not been pushed to yet.16:38
rbasakIn progress?16:38
hallynstgraber: does alloca() exist?16:39
ovidiu-florinand how can I resolve that?16:39
jamespagerbasak, done now16:39
stgraberhallyn: looks like it does16:40
=== natefinch is now known as natefinch-lunch
hallyncool then strdupa should be trivial16:40
stgrabercrap, should have seen that one coming:16:41
stgraberconf.c:34:21: fatal error: ifaddrs.h: No such file or directory16:41
stgraberlooks like Android already has a re-implementation of it in platform-external-dhcpd though, so I'll just steal that...16:42
rbasakjamespage: just realised I'm not going to have time to do it now. I'll leave it on my TODO for Monday. BTW, I'm not sure about the status of mysql-server right now. Waiting for stokachu to get back to us about a regression that was uploaded to saucy + various proposed pockets.16:43
jamespagerbasak, no problem - it can wait16:45
sarnoldrtfmdude: crazy! please file a bug :)16:54
rtfmdudesarnold, no, my bad16:55
hallynstgraber: is android just gonna keep diverging though?  is this sustainable?16:57
stgraberhallyn: they seem happy with their own libc so yeah... I guess with time they'll re-implement more and more of the GNU extensions to the point where it'll be roughly equivalent to eglibc (but not GPL licensed)16:57
hallynstgraber: guess that'll become moot when we re-implement lxc in go :)16:59
sarnoldrtfmdude: I really wouldn't expect order to matter ..16:59
stgrabersure because it'd all be staticly linked ;)16:59
stgrabersarnold: hey there16:59
sarnoldstgraber: hey! :) nice work. thanks. :D17:00
stgrabersarnold: are you happy with the current binaries? (if so, I'll promote LXC and EOW)17:00
sarnoldstgraber: yes, please do :)17:00
stgraberand after almost 4 years, LXC is finally seeded in supported!17:02
rtfmdudesarnold, yeah i was playing with it17:02
stgraberhallyn: I just seeded it for now, will wait for component-mismatches to notice, then override it and we'll be done. Now time for dinner. ttyl17:02
rtfmdudesarnold, i'm getting deeper and deeper with the very simple configuration http://paste.ubuntu.com/5967000/, i'm just surprised how hordes of people which need only xfce/kde/gnome/unity desktop change distro maintaining priorities :D17:06
sarnoldrtfmdude: nice :)17:08
=== natefinch-lunch is now known as natefinch
michelehi there. I'm trying to install ncdu. http://packages.ubuntu.com/search?keywords=ncdu&searchon=names&suite=raring&section=all - however, apt-get does not find it. http://pastie.org/pastes/8222288/text . how come? thanks17:21
sarnoldmichele: have you run an "apt-get update" lately?17:23
michelejust run.17:23
michelenothing change17:23
axisysdo I need avahi-daemon running on ubuntu precise server? All IPs are static and DNS configs are static17:43
axisysthis server is running at work17:44
axisysalso do I need cups ?17:47
axisysI know I am never going to use it.. but I dont want to break something by removing this pkg17:48
sarnoldaxisys: both should be fine to remove if you know you won't care about .local name resolution or printing17:49
axisyssarnold: yep, I don't .. thanks17:52
axisyssarnold: how about plymouth.. not sure what all these doing on ubuntu server17:52
sarnoldaxisys: plymouth does something during early boot. I'd leave it alone strictly because I don't know what it does. :)17:53
axisyshttp://paste.ubuntu.com/5967171/ looks like mountall and udev has dependencies.17:54
axisysalthough plymouth wiki https://wiki.ubuntu.com/Plymouth says17:54
axisys"Plymouth is the application which provides the graphical "splash" screen when booting and shutting down an Ubuntu system."17:54
axisysI do not use splash in my grub..17:58
Richterhi, today i have a strange surprise, the ubuntu server auto disconect the NFS mount (I dont have any idea why), i reboot the server and he works again, someone have this problem? how i can find when this happen in my giant log?18:47
ewookRichter: perhaps in /var/log/messages18:53
jkitchendepends on system18:53
Richtermessages dont exist anymore18:53
Richterubuntu server 12.0418:54
Richteri cant find the moment18:54
jkitchencentos still uses messages18:54
Richterbecause my log is huge18:54
jkitchenI thought I was in a diff channel. ignore me.18:54
Richteri want use my "little friend" grep18:54
Richternp :P18:54
jkitchenRichter: use 'less' and search is what I would do18:55
jkitchenless handles really huge files just fine18:55
Richtermy syslog is giant man... i cant18:55
jkitchensure you can18:55
Richtertoo much information18:55
jkitchenI use less on 1GB+ files all the time18:55
Richterits a web server18:55
Richteri can see the log18:56
sarnoldyour webserver logs to syslog? o_O18:56
Richterbut for what i must search18:56
jkitchensarnold: I was just thinking18:56
Richterthis is my question18:56
sarnoldRichter: check dmesg | grep -i nfs18:56
Richterps... sorry for my bad english18:56
sarnoldRichter: the kernel will complain, maybe it's still in the dmesg buffer.18:56
Richteri reboot18:56
sarnoldRichter: ah. check /var/log/ker*  something?18:56
Richter-rw-r----- 1 syslog adm 97061 Aug  9 15:19 kern.log18:57
Richter-rw-r----- 1 syslog adm 90112 Aug  4 04:18 kern.log.118:57
jkitchen12.04 I believe has a /var/log/dmesg too18:58
Richternothing usefull in kernel log18:58
sarnoldjkitchen: yeah but I've got a feeling it's just an early boot log. could be wrong.18:58
Richteri will look at dmesg18:58
Richter[   10.100369] FS-Cache: Netfs 'nfs' registered for caching18:59
Richter[   16.360044] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).18:59
Richterjust this18:59
RichterAug  9 14:29:47 gastao kernel: [   11.066902] FS-Cache: Netfs 'nfs' registered for caching19:00
RichterAug  9 14:29:47 gastao kernel: [   11.463457] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).19:00
RichterAug  9 15:19:33 gastao kernel: [ 2998.466853] nfs_readdir_search_for_cookie: 9 callbacks suppressed19:00
Richteri just want know when he fails19:01
=== klaas_ is now known as klaas
sarnoldis that an hour after you rebooted?19:01
Richteri am stupid19:02
RichterAug  9 14:29:47 gastao kernel: [   11.463457] Installing knfsd (copyright (C) 1996 okir@monad.swb.de).19:02
Richtermaybe the ubuntu auto security update down the nfs19:03
ewookdunno.. :S19:06
ewookNever happened to me.19:07
sgranit can do fun things, like restart one of the rpc services19:07
Richterthx dudes19:10
Richteryou calm my mind19:10
Richtersorry for my bad english19:10
Richter: D19:10
sarnoldgood luck Richter :)19:11
patdk-wktook it down *11 seconds* after bootup?19:11
patdk-wksounds more like it *started on boot*19:11
sgranyes, it did19:12
sgranand then an hour later, it logged a complaint abou tit19:12
sgranabout it, even19:13
rizukgrub sucks19:36
wmphello, anybody can help me? I create package, but apt-cache search droopy cant find them, but other packages form my repo work good: http://paste.kde.org/p2f84641f/20:26
wmpapt-get update...20:32
hallynstgraber: hm, somehow container starts, inside a container, using daily ppa, breaks - works with saucy's lxc.20:35
stgraberhallyn: related to the cgroup changes perhaps?20:36
hallyni think so20:36
hallynfinishing up tests of the user-nic thing, will look at it after that20:36
stgraberwe really need to add more tests to our autopkgtest, then I can just hook that to the builds on my server so we run the same tests everywhere20:37
hallynmaybe at plumbers we should whip up a list of things which should be tested at every build.  cause frankly the list seems intimidating20:39
stgraberyeah, ideally every time we push to staging we should be getting a build on amd64, i386, armhf for Ubuntu and for Android, then run all our tests against all 4 builds20:40
stgrabershould be reasonably quick and between building for all targets and running on all of them, should be able to catch most obvious regressions20:40
rizukbest command line tool to fix bootup repairs like bootloaders20:53
rizukwould someone be able to give me a hand21:14
justizinanybody know of a ppa for nginx with http_stub_status_module ?21:32
sarnoldTheLordOfTime: hey, justizin is curious if your nginx ppa has http_stub_status_module :)21:39
justizinthat would be siiii-iiiick!21:39
justizini mean i know how to gcc and all, i just, mleh.  and i hate doing it in chef recipes.21:39
sarnoldhehe :)21:40
justizini guess nginx cookbook will do it for me, there are worse fates in life..21:41
* justizin is pretty lazy about building packages21:41
justizinprobably one of those howtos i should finish after 15 years ;d21:41
aristeiaHi, Ive got a question about using apache on an ubuntu web server. Im able to access the web server accross the network using the local ip address, but how can I access it globaly using the network ip address?21:43
sarnoldaristeia: does the machine know its globally routed IP? or is it done through some port forwarding on a router?21:51
aristeiait knows its gloablly routed IP21:53
sarnoldaristeia: you could shove the globally routed IP into your /etc/hosts file while testing it out..21:55
sarnoldaristeia: or, just visit the thing http://ip.add.res.s/ .. if it isn't doing any virtual-host work.21:55
aristeiaalright, thanks21:57
rizukwhats the best linux for websever21:58
failmasterguys, i kinda afraid of reporting the bug, because the situation is not 100% clear for me, i suspect that i could miss something, what are my options to make sure it worth filing the bug report?21:59
blkperlrizuk: doesn't matter, ubuntu, debian,centos all work fine at webserving21:59
failmasterdepends on your own subjective decision according to habits mostly =)22:00
rizukUbuntu 12.04 vs latest much difference ? what would you go with22:02
blkperlrizuk: use 12.04 becuase LTS22:02
rizukI'm not sure whats going on here tbh my apache seems to timeout a lot with linux when its kinda busy but not that much any ideas22:03
rizukim in all sorts of problems one of my servers bootloaders are not working lol22:05
rizukin linux rescue mode re installed grub no luck22:05
rizukyes i have been on Google trying to fix it also lol22:05
rizuki can get into ssh easy with ovh kernel networkboot mode and rescue mode but  cant boot into the normal kernel22:06
=== zz_DenBeiren is now known as DenBeiren

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!