=== zexcriz is now known as Guest88976
=== stiv2k_ is now known as stiv2k
=== peter is now known as Guest5090
=== Guest88976 is now known as zexcriz
[02:41] <The_Acid_Toy> how do i set multiple ipv6 addresses on the same interface
=== HisaoNakai_ is now known as HisaoNakai
[03:36] <Paulus68_1> how can I install ubuntu server 13.04 on a HP proliant ML310? I have problems with the iSCSI raid configuration
[04:51] <TripSec> sudo apt-get install git. how do i access once it has dl'd
[04:57] <raub> Is 01-mail-stack-delivery.conf an ubuntu/debian-specific dovecot config file?
[05:50] <Paulus68_1> how can I install ubuntu server 13.04 on a HP proliant ML310? I have problems with the iSCSI raid configuration
=== HisaoNakai_ is now known as HisaoNakai
[05:59] <raub> Paulus68_1: elaborate?
[06:27] <Paulus68_1> raub: I have a sata raid enabled through bios
[06:28] <Paulus68_1> raub: during install I get the notification that it found sata raid and if I wan to activate
[06:29] <Paulus68_1> raub: then I get the question  to configure ISCSI volumes and on the next tab I need to enter and IP and port for source and target and there I don't know what to enter especially when both drives are inside the server
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Index> a
[06:36] <Paulus68_1> Index: stop that
[06:36] <Index> hahha
[06:37] <Index> i am indo haxor
[06:37] <Index> u here? http://irclogs.ubuntu.com/2013/10/07/%23ubuntu-server.txt
[06:41] <Paulus68_1> !ops
[06:41] <ubottu> Help! Channel emergency! soren, lamont, mathiaz, Pici, Daviey, Tm_T or pmatulis
[06:41] <Myrtti> Paulus68_1: er, why?
[06:41] <Paulus68_1> Myrtti: Index is hacking here
[06:42] <Tm_T> that's not hacking, just ignore it
[06:42] <Paulus68_1> Myrtti: and flooding without any reason
[06:42] <Paulus68_1> http://irclogs.ubuntu.com/2013/10/07/%23ubuntu-server.txt
[06:42] <Myrtti> yes, and I can't see either
[06:43] <tsimpson> Myrtti: it was a few minutes before you joined
[06:43] <Myrtti> probably was
[06:43] <Paulus68_1> thanks anyways
[06:43] <Myrtti> but since I joined nothing has happened and now there's several ops awake, so I fail to see why the need to call ops again...
[06:44] <Myrtti> anyway, going back to work
[06:44] <Paulus68_1> like I said thanks anyway
[06:45] <Index> http://www.regiohits.com/ina.php
[06:46] <Index> http://zone-h.org/archive/notifier=Index%20Php list hacked :)
[06:47] <Myrtti> Index: do you have a support question or are you here just to paste links?
[07:19] <Rory> He's here to be a waste of the global ipv4 address space
=== psivaa-afk is now known as psivaa
[09:35] <Paulus68_1> how can I install ubuntu server 13.04 on a HP proliant ML310? I have problems with the iSCSI raid configuration
=== freeflying_away is now known as freeflying
[10:14] <zexcriz_> i have to deploy 20 ubuntu machines in my college lab, which is the best way to implement such that, 1. no user can chroot that machine and access the root access. 2. only necessary application's like firefox and terminal runs.
[10:15] <zexcriz_> i thought of controlling this machine use one server which controls all the 20 machines.
[10:20] <zexcriz_> any  rough idea which will be the correct thing to do ?
[10:21] <TJ-> zexcriz_: Sounds like a job for Puppet, Chef, Salt and the like
[10:25] <zexcriz_> TJ-, the main prob is that students chroot in and get the root access how can i prevent them ?
[10:27] <TJ-> zexcriz_: Sounds like you have a severe permissions problem then, if regular unprivileged user accounts can gain root
[10:30] <zexcriz_> TJ-, what they do is use a live cd chroot into the current installation
[10:32] <zexcriz_> and change config files
[10:36] <TJ-> zexcriz_: So block the use of the liveCD in the system BIOS/firmware by enabling adminstrator password and locking down what regular users can do, or else use LUKS encrypted systems that either require manual entry of the pass-phrase by a sysadmin (and an automatic penalty for any student rebooting the PC) or dropbear in the initrd to get the pass-phrase from a remote server and log the reboot(s)
[10:46] <zexcriz_> TJ-, nice info reading it multiple times to understand clearly.
[10:48] <zexcriz_> TJ-, i can
[10:49] <zexcriz_> TJ-, i can't understand this  line "  dropbear in the initrd to get the pass-phrase from a remote server and log the reboot(s) "
[10:50] <TJ-> zexcriz_: "https://matt.ucc.asn.au/dropbear/dropbear.html
[10:51] <TJ-> zexcriz_: But your simplest route is to use the Motherboard BIOS/Firmware security options to prevent boot from CD or USB or even PXE
[10:51] <zexcriz_> disabling USB would not be possible as they require to copy their programs on the the USB drives.
[10:51] <zexcriz_> so the USB ports are enabled.
[10:52] <TJ-> zexcriz_: Protect against PXE else students could simply move the ethernet cable to a device they control that provides BOOTP/TFTP services
[10:52] <TJ-> zexcriz_: You can often have the disabled in BIOS but Linux will still find/use them when it has loaded
[10:52] <zexcriz_> nice point.
[10:53] <TJ-> zexcriz_: Your best weapon is severe penalties, clearly explained, to each student
[10:53] <TJ-> zexcriz_: With good logging to a remote syslogd and active scripts monitoring those logs for systems going offline unexpectedly
[10:53] <zexcriz_> implementing SElinux would help ?
[10:53] <TJ-> zexcriz_: How?
[10:54] <TJ-> zexcriz_: Your problem is not with Linux... your problem is *before* the operating system even loads
[10:54] <zexcriz_> yeah correct
[10:54] <TJ-> zexcriz_: Have you secured the power and reset buttons? made them non-operational?
[10:55] <zexcriz_> no i have not done anything to power and reset button, can i make then non-operational ? i was not knowing this before.
[10:55] <TJ-> zexcriz_: As I said, you can spend a lot of time trying to come up with technical measures to prevent this, or your institution can set clear rules with penalties for anyone breaking them, and then all you need is good active monitoring to catch reboots as they occur.
[10:57] <zexcriz_> i can manage those machines from a server, and boot the machines when the period is there and shutdown as it get's over, this is one thing i can do by setting power and reset button non-operational.
[10:58] <eagles0513875_> hey guys what is the reason there are 3 php ini files on ubuntu server one for apache one for php and a 3rd for php-fpm if you use that sort of setup?
[11:00] <zexcriz_> TJ-, thanks for the guidance :)
[11:01] <Paulus68_1> how can I install ubuntu server 13.04 on a HP proliant ML310? I have problems with the on board iSCSI raid configuration
[12:07] <AntelopeSalad> i have an upstart question, if i make a script that looks like this: http://askubuntu.com/a/251581
[12:07] <AntelopeSalad> and i have an init.d script to make sure a process loads on boot up will they still conflict?
=== psivaa is now known as psivaa-afk
[12:21] <rbasak> AntelopeSalad: yes. You should either have an init.d script, or use an upstart script to both start a service on boot and to respawn it. You shouldn't have both.
[12:21] <babinlonston> there are 20 machines in a local area network and all machines are installed with ubuntu 12.04, now i want to access the current users screen graphically how can i get connect and they too need to work at same time
[12:22] <rbasak> Once you have an upstart script, symlink /etc/init.d/your-service to /lib/init/upstart-job (debhelper does this automatically).
[12:22] <AntelopeSalad> rbasak: i can't just remove the init.d script?
[12:23] <rbasak> babinlonston: try #ubuntu for desktop questions. This is a server channel.
[12:23] <AntelopeSalad> or will the symlink carry over when i update the package?
[12:23] <babinlonston> rbasak: i asked there same issue and they said me to come here .. so what came here sir
[12:25] <rbasak> babinlonston: sorry you're being messed around. If you can't get help in #ubuntu, see http://www.ubuntu.com/support/community for other community support options.
[12:25] <babinlonston> ok
[12:25] <koolhead11> hi all
[12:33] <zul> hallyn:  so +1 for libvirt
=== psivaa-afk is now known as psivaa
=== gary_poster|away is now known as gary_poster
[12:51] <hallyn> zul: yeah, i guess.  except for the lateness factor, and the proliferation of CVEs for the first month or two of recent releases
[12:52] <AntelopeSalad> i can't believe how complicated upstart is haha
[12:52] <AntelopeSalad> even huge tools don't have upstart scripts available
[12:54] <rbasak> AntelopeSalad: really? I find upstart scripts remarkably simple to write. Especially compared to init.d scripts.
[12:54] <mdeslaur> AntelopeSalad: in what way are they complicated?
[12:54] <AntelopeSalad> i've spent close to 7 hours trying to figure out how to get process monitoring
[12:54] <AntelopeSalad> and i got no where
[12:54] <rbasak> Define "process monitoring"
[12:54] <AntelopeSalad> redis, postgres, elasticsearch -- none of these things have upstart scripts available
[12:55] <rbasak> upstart keeps track of whether the service is running.
[12:55] <AntelopeSalad> they have non-official gists that are untested
[12:55] <AntelopeSalad> i simply want 2 things to happen with a few processes
[12:55] <AntelopeSalad> 1. start when the machine boots , 2. reload if the process crashes for unknown reasons
[12:55] <rbasak> That's pretty much built in. Write an upstart script and "respawn" will work with it.
[12:56] <mdeslaur> AntelopeSalad: that's what upstart does pretty much by default
[12:56] <zul> hallyn:  yeah hmmm..
[12:56] <AntelopeSalad> yeah but those 3 tools i have do not have upstart scripts available to download
[12:56] <AntelopeSalad> and i'm in position to write one with zero knowledge
[12:56] <AntelopeSalad> *no position
[12:56] <rbasak> In what way is that a problem with upstart?
[12:56] <AntelopeSalad> because i thought it was some widely used tool
[12:56] <rbasak> And how does that make upstart "complicated"?
[12:56] <rbasak> http://upstart.ubuntu.com/cookbook/ is a great guide
[12:56] <AntelopeSalad> every single vendor seems to use the other version
[12:56] <AntelopeSalad> the init.d ver
[12:57] <hallyn> zul: i'm hoping this morning to figure out the virsh add-device problem...  would like that fixed before release!
[12:57] <rbasak> Well that's fine. Ubuntu works with init.d scripts too.
[12:57] <rbasak> Just use the init.d script then.
[12:57] <AntelopeSalad> yeah but init.d won't do the reloading right?
[12:57] <rbasak> No it won't.
[12:57] <AntelopeSalad> the reloading part is most important to me
[12:58] <rbasak> Sounds like "every single vendor" isn't making that feature available to you then.
[12:58] <zul> hallyn:  thats cool im fixing ftbfses this morning (yay!)
[12:58] <hallyn> glamorous :)
[12:58] <AntelopeSalad> yeah which makes me think upstart has no traction and is unused
[12:59] <AntelopeSalad> postgres, redis and elasticsearch are pretty popular tools, yet none of them have a conf available
[12:59] <rbasak> That's because upstart works fine with init.d scripts
[12:59] <rbasak> People tend to write upstart scripts when they need some functionality that upstart provides; otherwise the init.d script suffices fine on an upstart-using system.
[13:00] <rbasak> It sounds like nobody is using service supervision on your specific tools.
[13:00] <mdeslaur> AntelopeSalad: upstart is used by RHEL6 and by Ubuntu...both combined represents a pretty big market share :P
[13:00] <rbasak> Or else they do it themselves and don't share their config.
[13:01] <AntelopeSalad> i guess they don't share their configs
[13:01] <AntelopeSalad> are there other alternatives?
[13:02] <rbasak> An upstart job for a well-behaved daemon is about five lines. Perhaps they consider so trivial that they don't think it's worth sharing?
[13:02] <AntelopeSalad> it would likely be available somewhere
[13:02] <AntelopeSalad> if i search for upstart scripts for all 3 of those tools there's very little coverage
[13:03] <AntelopeSalad> there's a couple of gists where people say it doesn't work, or it has issues, etc.
[13:03] <AntelopeSalad> in elasticsearch's case i couldn't even find a single one
[13:03] <AntelopeSalad> just a random newsgroup post where the guy says up front it doesn't work
[13:05] <TJ-> AntelopeSalad: I recommend reading this http://jtimberman.housepub.org/blog/2012/12/29/process-supervision-solved-problem/
[13:07] <TJ-> AntelopeSalad: Also, "apt-cache show runit" and read the documentation
[13:08] <AntelopeSalad> TJ-: does runit have wide vendor support?
[13:09] <TJ-> AntelopeSalad: You need to ask the vendor's. runit is a solution for process supervision that can run alongside sysv init scripts.
[13:10] <AntelopeSalad> at this point it seems easier to just forget using monitoring
=== gary_poster is now known as gary_poster|away
[13:11] <rbasak> I fail to understand the real need for this. Need HA? Do proper HA. Need to fix things when they're broken? Monitor your actual service (rather than just a process) and redeploy your instance.
[13:12] <AntelopeSalad> redeploy your instance?
[13:12] <rbasak> Yes. You do have your deployment automated, right?
[13:12] <AntelopeSalad> it seems really common to me that something like postgres might crash out of the blue
[13:13] <AntelopeSalad> it seems really reasonable to me to have a script setup to detect and fix that without me having to ssh to the server and manually restart it
[13:13] <rbasak> If it does then I suggest that you have bigger problems. Hiding it under the carpet doesn't really solve anything. Have you actually had postgres crash out of the blue? I never have.
[13:13] <AntelopeSalad> automated deployment in what sense? i use git to push code to the server
[13:14] <AntelopeSalad> setting up the server instance from scratch wasn't automated, i just have a million things written down that i planned to move into puppet or something else later on
[13:14] <rbasak> In the sense that your entire deployment (server, services, scripts) deploys automatically.
[13:14] <rbasak> If you really have a process crashing problem your process will continue to crash and be restarted and you'll just have a less reliable service, instead of actually fixing it.
[13:15] <AntelopeSalad> it's never crashed randomly for me but it didn't seem impossible
[13:15] <rbasak> I suggest you focus on automating your deployments first, and worry about process crashes later.
[13:15] <AntelopeSalad> i've had ES occasionally lockup
[13:15] <AntelopeSalad> what's your definition of automated deployment?
[13:15] <rbasak> Google "devops".
[13:15] <AntelopeSalad> i mean, i type "git push production master" and it gets deployed
[13:16] <jrwren> heroku style! <3
[13:16] <AntelopeSalad> but that really involved almost nothing to setup and it's still very simple
[13:16] <rbasak> Your server gets stolen / your service provider goes bust / whatever. What do you do?
[13:16] <AntelopeSalad> well
[13:16] <rbasak> One command = devops.
[13:16] <AntelopeSalad> if my ec2 instance gets stolen then i expect amazon to do something about it
[13:16] <rbasak> Ha ha
[13:17] <AntelopeSalad> if ec2 goes out then i'm SOL i guess
[13:17] <rbasak> EC2 instances are defined to have an expectation of doing away at any time.
[13:17] <AntelopeSalad> and since this is my first project, i haven't looked into setting up the actual server automatically, that was next on my list after i got everything setup
[13:17] <jrwren> and they do, even if you don't run your own chaos monkey
[13:17] <rbasak> I suggest you defer worrying about process crashes then.
[13:18] <rbasak> Just use the init.d scripts for now.
[13:18] <AntelopeSalad> that feels really wrong but i'll take your advice and forget about it
[13:18] <jrwren> user-data with cloud-config can get you a long way.
[13:19] <AntelopeSalad> it feels like flying blind with no monitoring
[13:19] <rbasak> I suggest you set up external monitoring instead.
[13:19] <rbasak> Check that the actual service works, rather than some process.
[13:19] <AntelopeSalad> it's not so much the monitoring, it's having to fix the problem manually
[13:19] <rbasak> Worry about automation of fixing *after* you've had to fix the same thing a few times manually.
[13:19] <rbasak> Otherwise you waste effort on fixing things that never go wrong anyway.
[13:20] <AntelopeSalad> i just incorrectly assumed upstart was widely used and ridiculously easy to setup for common services
[13:20] <rbasak> It is.
[13:20] <AntelopeSalad> google says otherwise haha
[13:21] <jrwren> the manual is really good.
[13:21] <AntelopeSalad> if you searched for terms like "restart postgres automatically ubuntu" you'll find dozens of people having issues and no real good solutions
[13:22] <rbasak> That's because the people really using postgres in production don't have that problem.
[13:22] <rbasak> They monitor whole instances.
[13:22] <rbasak> They implement real HA.
[13:22] <AntelopeSalad> so you think all of those people asking the questions are newbies like myself who think they need it but actually don't?
[13:22] <rbasak> They don't implement band-aid solutions.
[13:23] <AntelopeSalad> at the very least i should set it up for my application
[13:23] <jrwren> why would you want to restart postgres automatically?
[13:23] <rbasak> Yes, or they've implemented something themselves (daemontools, upstart's "respawn", whatever) without further comment.
[13:23] <AntelopeSalad> i could easily see a node or rails app dying but then working fine if it gets restarted
[13:23] <rbasak> Or they fix the root cause of postgres crashing.
[13:24] <jrwren> postgres crashes?
[13:24] <jrwren> we've had instance run for years.
[13:24] <rbasak> If postgres really is crashing, and you're using it in real production, then you'll fix the root cause, or have a support contract with someone else to fix the root cause.
[13:24] <AntelopeSalad> so the moral of the story is trust vendors that their software is rock solid?
[13:25] <jrwren> hahahaha
[13:25] <AntelopeSalad> at least the popular ones like nginx/postgres/redis/etc.
[13:25] <rbasak> The moral of the story is to monitor your actual service, and fix problems that really happen, rather than theoretical ones that never do.
[13:25] <jrwren> AntelopeSalad: no, 1000x no. also, none of those things are vendors. they are open source projects.
[13:25] <rbasak> For real production use, you bring in people with experience, or have support contracts with people who have real experience, who can tell you what to focus on.
[13:26] <rbasak> For a newbie, worrying about postgres crashing is not one of them.
[13:26] <rbasak> (unless it actually is crashing)
[13:26] <rbasak> Anyway, I have work to do...
[13:26] <AntelopeSalad> jrwren: sure but the end result is the same, they are widely used services that are supposedly battle hardened
[13:27] <jrwren> AntelopeSalad: i'm not sure where you get those impressions and suppositions.
[13:27] <AntelopeSalad> it's easy to get caught up in monitoring because if you google on the topic there's many different tools/etc.
[13:27] <jrwren> widely used compared to what?  certainly NOT widely used compared to apache/mysql/php/memcached
[13:28] <AntelopeSalad> i don't have a usage chart handy
[13:28] <jrwren> monitoring is great. I say yes to monitoring. If someone tells you that you don't need monitoring, tell htem, yes, and they don't NEED coffee, but it is great to have.
[13:29] <AntelopeSalad> a quick stat check says nginx is being used on about 22 million sites
[13:29] <jrwren> AntelopeSalad: getting back to nginx/postgres/redis, I've use the first two quite a bit. The reason I don't monitor them directly is that in my experience, they don't go down. I monitor my apps which use them.
[13:30] <patdk-wk> what does popularity have to do with stability?
[13:30] <AntelopeSalad> so you have absolutely nothing in place for those tools?
=== gary_poster|away is now known as gary_poster
[13:30] <rbasak> AntelopeSalad: monitoring that your web site is up indirectly monitors nginx. There's no need to monitor it specifically.
[13:30] <jrwren> that is right, absolutely nothing. I've also never had an outage where monitoring those would have helped.
[13:30] <AntelopeSalad> patdk-wk: if ~20 million people are actively using something there's a very good chance all parts of the code gets stressed, bugs emerge and get fixed, etc.
[13:30] <rbasak> What matters is that your web site is working. Not whether nginx is running or not.
[13:31] <patdk-wk> AntelopeSalad, not true
[13:31] <AntelopeSalad> compare that to a home grown web server that you wrote in a weekend , chances are it will be less stable than nginx
[13:31] <jrwren> AntelopeSalad: you'd think there is a very good chance, but then see java, windows, adobe flash, other common zero day attack vectors.
[13:31] <patdk-wk> even in high usage,  I doubt 50% of it's capabilities are used
[13:32] <jrwren> less stable? so lets say I did write a web server in a weekend, I built it off libevent's evhttp and I put some sane limits on request size. What would make it less stable?
[13:32] <AntelopeSalad> jrwren: could you prove that it's equally as stable as a widely used server?
[13:33] <jrwren> prove?
[13:33] <patdk-wk> heh
[13:33] <patdk-wk> I have seen extreemly stable software in high usage, crash horrible on idle servers
[13:33] <jrwren> proof of code correctness is not something I'm interested in, nor willing to spend time doing. I respect others who do it. It is not for me.
[13:34] <patdk-wk> only took me 2 years, for them to agree it was a bug that should be fixed
[13:34] <AntelopeSalad> jrwren: btw are you using upstart scripts for your actual application or something else?
[13:35] <jrwren> an upstart configuration, yes.
[13:35] <jrwren> +1 for this converstation. It made me realize I should probably figure out how to use it with respawn.
[13:35] <jrwren> or wait, no. I think I'm using an older style init.d script.
[13:36] <jrwren> its just a trivial uwsgi config. I've not spent time investigating how to start it with upstart, because I have not needed it.
[13:37] <patdk-wk> I have moved all my stuff to upstart awhile ago
[13:37] <jrwren> AntelopeSalad: all of the above opinions stated, you should consider your goals and your values. If your organizational values are to solve these kind of problems first, in favor of a feature release time, then by all means, follow those values. Do the monitoring.
[13:37] <jrwren> patdk-wk: uwsgi configs to upstart? can you share how you did it?
[13:38] <jrwren> AntelopeSalad: and then, when you do have some monitoring in place for all of it, share it with the rest of us :)
[13:38] <patdk-wk> uwsgi? dunno what that is
[13:39] <AntelopeSalad> jrwren: that's a fun topic in itself because i spent about 15 hours total setting up this machine
[13:39] <AntelopeSalad> it could have been better spent
[13:39] <jrwren> AntelopeSalad: if it could have been better spent, sounds like its not mixing with your values.
[13:40] <AntelopeSalad> working on features, etc. but i didn't treat this as something to compared vs an hourly wage, i wanted to be able to provision an ec2/vps instance and learning has an expense
[13:40] <jrwren> with the best payoff, IMO
[13:40] <AntelopeSalad> i don't mind spending time on certain things but i really did get hung up for a silly amount of time on the topic of monitoring
[13:40] <AntelopeSalad> installing everything was really straight forward with no problems
[13:41] <jrwren> i'm curious, is this based on past experience? or something else?
[13:41] <AntelopeSalad> no, all of this is happening right now
[13:41] <AntelopeSalad> if i already had a solution and things were smooth i wouldn't be in this channel
[13:42] <jrwren> I mean to ask, do you know what caused you to get hung up for a silly amount of time on the topic of monitoring?
[13:42] <jrwren> why did you even think about it?
[13:42] <AntelopeSalad> oh, i was just reading general information on system deployment
[13:42] <AntelopeSalad> and i like automating things, it seemed like a good idea to make sure my web server could self heal
[13:43] <AntelopeSalad> i didn't want to have that feeling that i need to keep checking in on it
[13:43] <jrwren> Can you share what you were reading? I'm just curious.
[13:43] <AntelopeSalad> or checking my inbox all the time for errors that my app sent
[13:45] <AntelopeSalad> jrwren: i spent a while over a few days just generally googling for deployment for xyz runtimes
[13:45] <AntelopeSalad> i don't have a specific link
[13:51] <jrwren> I'd guess that it was a lot of trade rag and academic stuff.
[13:53] <AntelopeSalad> jrwren: mostly just blog posts
[13:53] <AntelopeSalad> the other bits came from sites like SO
[13:54] <AntelopeSalad> i started with the highest level topics like deploying a server to ec2 and they introduced tools like upstart/etc.
[14:03] <hallyn> jdstrand: zul: so fwiw, virsh attach-device runs virt-aa-helper differently in saucy than raring:  http://paste.ubuntu.com/6205041/
[14:09] <zul> jamespage:  https://code.launchpad.net/~zulcss/glance/precise-ftbfs-rc1/+merge/189613
[14:22] <garrettkajmowicz> Greetings! I have a server which I've upgraded from 10.04LTS to 12.04LTS. Upon doing so, the server now kicks me to the busybox shell on boot. The old kernel still boots fine. When kicked to the busybox prompt, I can simply mount the RFS without a problem. How can I debug this issue?
[14:22] <zul> jamespage:  just rebuilding libvirt now
[14:23] <jamespage> zul, great
[14:24] <hallyn> no, false alarm.  that doesn't appear to be the problem
[14:24] <hallyn> i guess i can try the raring apparmor userspace package
[14:34] <zul> jamespage/hallyn: builds fine
[14:34] <jamespage> zul, good-oh
[14:35] <jamespage> zul, I'm not comfortable with skipping that glance test
[14:35] <jamespage> I'm concerned its pointing at something wrong
[14:35] <zul> jamespage:  thinking about it im not either
[14:35] <zul> jamespage:  lemme just fix libvirt and ill poke at it again
[14:35] <jamespage> adam_g, roaksoax: I just hit a nasty bug in the glance charm
[14:35] <jamespage> two contexts both using the 'ceph' interface naming
[14:36] <jamespage> I fixed it to specialize the glance CephContext -> CephGlanceContext with a new interface name ceph-glance
[14:40] <jdstrand> hallyn: virt-aa-helper is being called wrong
[14:40] <jdstrand> hallyn: /usr/lib/libvirt/virt-aa-helper -h
[14:40] <jdstrand>     -f | --add-file <file>         add file to profile
[14:40] <jdstrand> hallyn: the apparmor userspace won't make a difference
[14:41] <jdstrand> hallyn: some commit made it so libvirt doesn't recognize that it needs to pass -f
=== freeflying is now known as freeflying_away
[14:48] <hallyn> jdstrand: the thing is when I install the libvirt package from raring into saucy, it still doesn't do the right thing
[14:48] <hallyn> and when i isntall saucy's pkg on raring, it does
[14:50] <hallyn> jdstrand: my paste was wrong.  -f /tmp/d.img *is* being added with sauc's package
[14:50] <hallyn> (there are 3 calls, one with -f /tmp/d.img)
[15:03] <jdstrand> hallyn: that is... weird
[15:04] <jdstrand> hallyn: are there any denials? "grep DEN /var/log/syslog"
[15:09] <garrettkajmowicz> I have a server which I've upgraded from 10.04LTS to 12.04LTS. Upon doing so, the new kernel image now kicks me to the busybox shell on boot. The old kernel still boots fine. When kicked to the busybox prompt, I can simply mount the RFS without a problem. How can I debug this issue? I've run fsck. The SW RAID driver (RAID0) mdadm shows the array as healthy.
[15:11] <TJ-> garrettkajmowicz: That could be caused by several issues. What have you checked so far?
[15:12] <garrettkajmowicz> TJ-: The health of the RAID device, the health of the filesystem. Everything mounts fine. I don't know why I'm being dumped to the busybox prompt.
[15:13] <TJ-> garrettkajmowicz: How is the rootfs specified in the GRUB config? By UUID, device mapper name?
[15:13] <TJ-> garrettkajmowicz: "cat /proc/cmdline" should help there
[15:13] <hallyn> jdstrand: not for virt-aa-helper or apparmor_parser.
[15:14] <hallyn> jdstrand: I just got apparmor_parser to stop before actually laoding the profile;  and /tmp/d.img rw *is* in the libvirt-$uuid.files file
[15:14] <garrettkajmowicz> TJ-: root=/dev/md0 ro
[15:14] <jdstrand> hallyn: are there any denials related to libvirt?
[15:15] <jdstrand> hallyn: also, remind me what the exact problem is?
[15:15] <hallyn> jdstrand: http://paste.ubuntu.com/6205324/
[15:16] <hallyn> just a sec
[15:16] <jdstrand> hallyn: oh
[15:16] <hallyn> yeah so that is the root of the problem :)
[15:16] <jdstrand> hallyn: can you paste /etc/apparmor.d/libvirt/libvirt-7d781722-69b7-8801-fe96-caf37b7a8969.files?
[15:16] <TJ-> garrettkajmowicz: OK, so mdadm should have a config in the initrd, in "/conf/conf.d/" I seem to recall, which gets there via an update-initramfs hook
[15:16] <hallyn> http://paste.ubuntu.com/6205337/
[15:16] <hallyn> jdstrand: ^
[15:17] <hallyn> I didn't create that by hand
[15:17] <jdstrand> hallyn: oh, that is the wrong file-- apparmor_parser shouldn't run on that
[15:18] <jdstrand> hallyn: /etc/apparmor.d/libvirt/libvirt-7d781722-69b7-8801-fe96-caf37b7a8969 is the file
[15:18] <hallyn> oh yeah :)
[15:18] <jdstrand> hallyn: so, I assume apparmor_parser -r /etc/apparmor.d/libvirt/libvirt-7d781722-69b7-8801-fe96-caf37b7a8969 works?
[15:18] <hallyn> jdstrand: it does.  BUT!
[15:19] <hallyn> then when I add the file I'm attaching explicitly, and reload, I still can't attach-device
[15:19] <hallyn> hm.  it removed it
[15:19] <jdstrand> can you restate the problem-- I'm confused
[15:19] <hallyn> jdstrand: ok, sorry, so here is the problem
[15:20] <hallyn> I'm just doing the attach-device test (from qa-regression-tests) by hand.
[15:20] <hallyn> I define a vm;  create a img file in /tmp/ to attach;  say virsh attach-device qatest-i386 d.xml
[15:20] <hallyn> it updates the .files; loads  a new profile;  but libvirt gets denials (logged in syslog) opening the .img file either r or rw
[15:21] <zul> adam_g/jamespage: libvirt first
[15:21] <hallyn> I've verified that apparmor_aprser is being called, and it does seem to have the new .img in the .files at that point
[15:21] <zul> adam_g/jamespage: libvirt fixed even
[15:21] <jdstrand> hallyn: can you paste those denials?
[15:21] <garrettkajmowicz> TJ-: The file does exist at /etc/initramfs-tools/conf.d/mdadm. There are pretty much no contents, though, other than BOOT_DEGRADED=true
[15:21] <hallyn> http://paste.ubuntu.com/6205364/
[15:22] <jdstrand> hallyn: http://paste.ubuntu.com/6205337/ doesn't have /tmp/d.img
[15:23] <hallyn> jdstrand: correct.  it gets added only for the attempt; then libvirt immediately removes it
[15:23] <hallyn> auto-cleanup code is not a debugger's friend
[15:23] <TJ-> garrettkajmowicz: The hooks and scripts from the mdadm package are installed at /usr/share/initramfs-tools/{hooks,scripts}. If you've got it mounted and booted right now, I'd suggest doing "sudo update-initramfs-tools -vuk all" to rebuild the initrd images
[15:26] <jdstrand> hallyn: virt-aa-helper seems to be doing the right thing: http://paste.ubuntu.com/6205377/ (using a vm of my own)
[15:26] <hallyn> jdstrand: I agree.  that's why I think it's apparmor userspace or kernel bug
[15:27] <jdstrand> we would have widespread breakage if it was
[15:28] <jdstrand> it seems more like the access is happening before the profile is reloaded
[15:28] <hallyn> jdstrand: well
[15:28] <hallyn> "/tmp/d.img" rw,
[15:28] <hallyn> is in the *.files
[15:28] <hallyn> so I just dont' know what's goin gon
[15:28] <hallyn> biam
[15:29] <garrettkajmowicz> TJ-: I performed a sytem update the other day and installed a newer kernel. That built a new initramfs image. That didn't boot either.
[15:29] <jdstrand> hallyn: did upstream refactor the attach code? they could have moved something so that the lsm hook is wrong at the wrong time. it would (maybe) work on selinux because of file labelling
[15:30] <jdstrand> s/is wrong/is run/
[15:30] <jdstrand> hallyn: when developing the driver, some stuff had to be moved around for things like that
[15:30] <TJ-> garrettkajmowicz: OK, crack open the initrd image and figure out why it isn't starting and mounting the array
[15:31] <zexcriz_> after entering this command ln -s /home/UbuntuMirror /var/www/ubuntu   ,  on my apache server i am only getting parent directory displayed nothing else.
[15:36] <garrettkajmowicz> TJ-: I can crack open the image somewhere. But how do I figure out why it's breaking. I think I managed to save a copy of the output of dmesg somewhere, though it didn't look like it provided anything useful.
[15:38] <zexcriz_> solved the prob :)
[15:39] <TJ-> garrettkajmowicz: I had a server I had to do similar to last week due to various broken RAID arrays on it. my procedure was "mkdir /tmp/initrd; cd /tmp/initrd' zcat /boot/initrd.img-`uname -r` | cpio -id" at which point you've got the root of the initrd in the current working directory, and can poke about without the limitations of being in the busybox environment
[15:47] <garrettkajmowicz> TJ-: I don't think it's a broken RAID array simply because a previous kernel still boots flawlessly. In any case, I've opened up the image. The mdadm binary is there, as is the mdadm config file. The mdadm config file has notably:
[15:47] <garrettkajmowicz> ARRAY /dev/md0 level=raid1 metadata=0.90 num-devices=2 UUID=5c92f0d9:9cf5be95:03611c5e:a540b92f and DEVICE partitions
[15:48] <hallyn> jdstrand: here was my experiment.  Wrote a program which does sleep 100; try to open /tmp/a for reading.
[15:49] <hallyn> start it in a profile which denies read of /tmp/*;  open is denied
[15:49] <hallyn> start it in that profile; update the profile to allow those reads while it is sleeping;  open is still denied
[15:49] <TJ-> garrettkajmowicz: I wasn't implying the array is broken, but that something in the scripts/config is not doing what it ought to.
[15:49] <hallyn> is that expected?  If so, then how does a running libvirt get updated so as to be able to open the new image file?
[15:49] <TJ-> garrettkajmowicz: Does that config match the one from the initd of the known-working kernel? Be a good idea to crack open the working intrd in another directory and compare
[15:53] <garrettkajmowicz> TJ-: I wanted to make sure we didn't go down the 'broken RAID' rat hole. I just compared the config files and they have nearly identical contents. The older one doesn't have the parameter "metadata=0.90" in it.
[15:53] <jdstrand> hallyn: can you give me the test program and profile?
[15:54] <garrettkajmowicz> TJ-: However that matches the metadata version of the array.
[15:57] <hallyn> jdstrand: heh, it's not very sophisticated.   program is http://paste.ubuntu.com/6205500/
[15:57] <hallyn> policies are http://paste.ubuntu.com/6205501/ and http://paste.ubuntu.com/6205502/
[15:58] <hallyn> uh, sed -i 's/sleep(100)/getchar()/' to make it more usable i guess
[15:58] <darkXploit> hiii guys anyone can tell me how to unset ETags on ubuntu server.. each time im creating a file in conf.d or add the header unset.. there is an error when restarting apache2.. any hints please with etags.. thnkxx
[16:01] <darkXploit> in the previous ubuntu server, the etag file.conf can be added.. but not in this one.. i dont understand where is the issue about configuration of etags
[16:01] <darkXploit> hiii guys anyone can tell me how to unset ETags on ubuntu server.. each time im creating a file in conf.d or add the header unset.. there is an error when restarting apache2.. any hints please with etags.. thnkxx
[16:01] <darkXploit> Ruetobas has left IRC ()
[16:01] <darkXploit> 20:01 darkXploit
[16:01] <darkXploit> in the previous ubuntu server, the etag file.conf can be added.. but not in this one.. i dont understand where is the issue about configuration of etags
[16:02] <TJ-> garrettkajmowicz: That sounds right - the newer version of mdadm supports a newer metadata format so that is needed. My checks now would be on the scripts that handle the root device. The root device name is being passed on the kernel command-line, and is extracted to an env. variable I think via the /init script. Then the scripts/* are called in turn... mdadm has a script there. I'd be checking it is in place reading it to see if there is as way to get it
[16:02] <TJ-> to report debug info of some sort to help when it fails so you know where it has got to and what it is seeing
[16:02] <hallyn> jdstrand: ok, yes i get different behavior on precise.  So I guess I can formalize the testcase and open a bug.
[16:02] <hallyn> <sob>
[16:02] <hallyn> (that's a sob, not 's.o.b' :)
[16:05] <jdstrand> hallyn: your test program fails without confinement
[16:05] <jdstrand> $ ./a.out
[16:05] <jdstrand> failed
[16:06] <jdstrand> hallyn: "r" is for reading. /tmp/ab doesn't exist
[16:06] <garrettkajmowicz> TJ-: In the non-working image I have ./mdadm-functions ./local-premount/mdadm ./init-premount/mdadm. The working image has only ./init-premount/mdadm
[16:06] <darkXploit> sudo rm -rf /
[16:06] <darkXploit> tru this guys
[16:06] <darkXploit> try
[16:07] <hallyn> jdstrand: so create it :)
[16:07] <jdstrand> hallyn: adjusting to 'w', then I get:
[16:07] <jdstrand> $ aa-exec -p /usr/bin/serge -- ./a.out
[16:07] <hallyn> jdstrand: like i said i'll create an actual test tarball that does the work for you
[16:07] <jdstrand> success
[16:07] <hallyn> don't aa-exec
[16:07] <hallyn> copy the profile into /etc/apparmor.d/usr.bin.serge
[16:08] <hallyn> start the program; switch the profile;  continue the program (by hitting a key)
[16:08] <hallyn> before saucy, it'll continue with the new profile
[16:08] <hallyn> as of saucy, it continues with the old
[16:08] <jdstrand> hallyn: hit a key? what you gave me doesn't look at user input
[16:09] <hallyn> jdstrand: I said to 'sed -i 's/sleep(100)/getchar()/' :)
[16:09] <hallyn> like i said lemme get it fully automated
[16:09] <jdstrand> I missed that
[16:11] <TJ-> garrettkajmowicz: I'm not sure why there are two, probably some difference in local versus possible NFS rootfs
[16:12] <jdstrand> hallyn: I can confirm
[16:12] <jdstrand> jjohansen: we have a bug regarding reloading the profile
[16:14] <jdstrand> jjohansen: hallyn is creating a reproducer and filing a bug. but basically, if start a program under confinement that doesn't have an allow rule for a file, the later use apparmor_parser -r on a profile with the access, the running process doesn't have the new rule in effect
[16:15] <garrettkajmowicz> TJ-: I concur. Likely to handle assembling other arrays after the rootfs is mounted.
[16:15] <garrettkajmowicz> What's next?
[16:17] <jdstrand> hallyn: thanks for finding a reproducer. we'll get that fixed up-- but almost certainly in an sru
[16:21] <TJ-> garrettkajmowicz: Well, I'd change the mdadm script to add "set -x" to the top so that the shell echos each line being executed, then I'd rebuild the initrd with that change included. Then I'd reboot the system with "break=top" or similar to stop the init scripts at a suitable point either just before or just after mdadm runs. If you do "grep -rn 'maybe-break' ./init ./scripts/* " you should get a list of the scripts and lines where those scripts might be b
[16:21] <TJ-> roken-into, with the break 'name' you can use at the kernel's "break=..." parameter.
[16:21] <garrettkajmowicz> TJ-: Here's the output from dmesg from a boot attempt from a few weeks ago. The long delay at the end was because I manually mounted the filesystem with 'mount /dev/md0 /root -o ro'
[16:22] <garrettkajmowicz> http://pastebin.com/BM1PydAF
[16:22] <darkXploit> hiii guys anyone can tell me how to unset ETags on ubuntu server.. each time im creating a file in conf.d or add the header unset.. there is an error when restarting apache2.. any hints please with etags.. thnkxx
[16:22] <darkXploit> in the previous ubuntu server, the etag file.conf can be added.. but not in this one.. i dont understand where is the issue about configuration
[16:26] <TJ-> garrettkajmowicz: I don't see any clues there. The only thing I can think of is, the command-line refers to /dev/md0. I've seen instances in the past whereby mdadm brings the device up as /dev/md127 or similar... that'd easily break rootfs.
[16:27] <ikonia> that's normally a glitch in either the static mdadm.conf or persistant udev rules
[16:27] <garrettkajmowicz> TJ-: I'd agree, except that in these cases there is only 1 MD device, *and* it is brought up as md0. If I was getting a funky md device I'd be all over that.
[16:28] <garrettkajmowicz> I will be able to try rebooting my server with that option in about 5 hours (when I get home from work).
[16:29] <TJ-> garrettkajmowicz: I'm looking at "./scripts/local-premount/mdadm" - the last line "mountroot_fail || panic ..." is probably where its failing for you, so we need to work back starting with the mountroot_fail function
[16:30] <hallyn> jdstrand: jjohansen: bug 1236455
[16:30] <uvirtbot> Launchpad bug 1236455 in apparmor "Running tasks are not subject to reloaded policies" [Undecided,New] https://launchpad.net/bugs/1236455
[16:30] <hallyn> nice number
[16:32] <jdstrand> hallyn: thanks!
[16:32] <hallyn> np - ttyl :)
[16:32] <jdstrand> hallyn: maybe it will get in before release, but not the next upload
[16:32] <jdstrand> jjohansen: ^ your call on timing
[16:32] <hallyn> jdstrand: ok.  let's all give a quiet thanks for the qa-regression-tests :)
[16:33] <hallyn> now i suppose i should track down the qemu nic test failure :(
[16:35]  * jdstrand hugs qrt
[16:40] <TJ-> garrettkajmowicz: Is the hostname set? I see mention of mdadm needing that, in the "./init" script
[16:45] <smoser> adam_g, jamespage i'im going to open a SRU bug for "pull in openstack released havana packages"
[16:45] <jamespage> smoser, I think that makes sense
[16:45] <smoser> should i just make it affect all openstack packages ?
[16:46] <smoser> ie, nova, ceilometer, python-nova-client. ....
[16:46] <jamespage> smoser, yeah: including heat and ceilometer
[16:46] <jamespage> but not the clients
[16:46] <garrettkajmowicz> TJ-: I'm not certain. I'm looking at my image and not seeing anything which sets that. I thought hostname was supposed to be set up as a part of the main boot after we switch root.
[16:46] <smoser> not the clients?
[16:46] <TJ-> garrettkajmowicz: What file-system is used for the rootfs?
[16:47] <TJ-> garrettkajmowicz: hostname will be copied into initrd from the real /etc/hostname when doing update-initramfs. I was wanting to be sure it is set there.
[16:47] <jamespage> zul, not the clients right?
[16:47] <jamespage> smoser, they don't line up with havana normally
[16:48] <zul> no not the clients
[16:52] <garrettkajmowicz> TJ-: ext3 is used. I don't see anything in either the working or non-working images which set the hostname.
[16:53] <TJ-> garrettkajmowicz: That'll be set via a script in the rootfs, but probably no important in this case.
[16:53] <smoser> novnc?
[16:54] <TJ-> garrettkajmowicz: When the system boots have you removed "quiet splash" so you can see any messages from the initrd scripts before the busybox shell starts? The scripts emit some useful diags that will help pinpoint where the issue is by correlating those back to the scripts
[16:54] <smoser> zul, ^
[16:54] <garrettkajmowicz> TJ-: That's what I thought. A /etc/hostname does exist in the rootfs, though I don't see it copied anywhere into the initfs.
[16:54] <smoser> duh. never mind.
[16:55] <TJ-> garrettkajmowicz: Well the ./init script looks for it in /etc/hostname
[16:56] <garrettkajmowicz> TJ-: Yes - I removed quiet and splash. There's nothing printed which I've seen which useful. I captured dmesg as I was hoping anything interesting would be there.
[17:04] <TJ-> garrettkajmowicz: Looking at ./scripts/local-premount/mdadm it'll exit the script returning 0 (success) if the function "degraded_arrays" returns false. That implies that mountroot_fail won't be executed. The console messages should indicate if mountroot_fail is being called prior to the shell
=== Ursinha is now known as Ursinha-afk
=== Ursinha-afk is now known as Ursinha
[17:05] <TJ-> garrettkajmowicz: If you could tar.gz the /boot/grub/grub.cfg and /boot/initrd.img-${KVER} and upload them somewhere I could replicate the issue in a VM here
[17:05] <garrettkajmowicz> I'd like to point out that the naming of these functions is a little counter-intuitive.
[17:05] <TJ-> Is it?
[17:06] <garrettkajmowicz> Do you have a place I can scp them to?
[17:07] <adam_g> smoser, is there a TLDR for curtin + maas setup?
[17:10] <garrettkajmowicz> Found something ... hold on.
[17:10] <TJ-> garrettkajmowicz: Yes.... in private
[17:10] <smoser> adam_g, http://bazaar.launchpad.net/~smoser/+junk/xinstall/view/head:/maas-usage.txt
[17:10] <smoser> see line 20 to 42
[17:10] <smoser> but basically:
[17:10] <smoser> maas-cli $MAASNAME tags new name='use-fastpath-installer' \
[17:10] <smoser>      comment='XINSTALL' "definition=true()"
[17:11] <smoser> should "just work".
[17:11] <adam_g> smoser, so its basically just install pkg and tag nodes?
[17:13] <smoser> adam_g, should be.
[17:14] <adam_g> cool thanks
[17:16] <garrettkajmowicz> TJ-: I've scp'd both of those. I'm using grub version1 (no mandate to upgrade), so I sent the menu.lst file. I think that's what you're looking for.
[17:17] <TJ-> yes thanks, just wanted to be able to recreate the boot sequence exactly
[17:17] <garrettkajmowicz> TJ-: Would you like the kernel binaries as well?
[17:17] <TJ-> garrettkajmowicz: No, I have everything else here in VM-land
[17:33] <TJ-> garrettkajmowicz: Just to be clear - there is no partition-table on md0, it is a pure ext3 file-system?
[17:34] <sk1pper> hi folks, are there any settings required on apache if an mp3 file is included in html code?
[17:36] <garrettkajmowicz> TJ-: What would be the best way to figure this out? fdisk -l of /dev/md0 shows: Disk /dev/md0 doesn't contain a valid partition table
[17:38] <garrettkajmowicz> I *believe* it's a pure filesystem.
[17:39] <Rory> garrettkajmowicz: You could try to mount it
[17:40] <garrettkajmowicz> Rory: The 'mount' command shows: /dev/md0 on / type ext3 (rw,errors=remount-ro)
[17:41] <Rory> sk1pper: What do you mean "included in html code?" could you give a quick example of what you mean, and what sort of behaviour you want?
[17:41] <TJ-> garrettkajmowicz: Yes, thought it was, but losing track of everything we've covered :)
[17:43] <TJ-> sk1pper: You'll possibly need to set the mime-type of .mp3 files so that the Content-Type HTTP header causes the browser to render the MP3 via a media player
[17:43] <garrettkajmowicz> TJ-: No worries. I'm thrilled to have somebody helping. This has been an issue for ... a while.
[17:45] <sk1pper> Rory: here is an example: <embed src="test_music/test05.mp3"/ width="300"height="100">
[17:45] <sk1pper> this is suppose to play the test05.mp3 when i visit the page, but it doesn't
[17:46] <sk1pper> TJ: thanks, I will try that
[17:47] <TJ-> sk1pper: You'll need to know the correct mime-type, then use this: http://httpd.apache.org/docs/current/mod/mod_mime.html#addtype
[17:48] <TJ-> sk1pper: According to RFC3003 it should be "audio/mpeg"
[17:48] <sarnold> sk1pper: I could imagine some browsers may not auto-play or might be configured to not load embedded objects like that..
[17:57] <sk1pper> TJ-: thanks, i have to add "AddType audio/mpeg mp3 MP3" in apache configuration
[17:59] <TJ-> sk1pper: "The extension argument is case-insensitive"
[17:59] <TJ-> sk1pper: So you don't need "MP3"
[18:09] <TJ-> garrettkajmowicz: I'm taking a break for dinner here whilst deboostrap completes the Precise install into md0, will report back later.
[18:13] <garrettkajmowicz> TJ-: Sounds good. I should go look for late lunch. Thank you for your time and dedication.
[18:18] <adam_g> smoser, using curtin + newer maas, tagged fast-path nodes should have a cloud-config file associated with it instead of a traditional pressed?
[18:24] <smoser> adam_g, yes.
[18:26] <adam_g> smoser, is /etc/maas/preseeds/preseed_xinstall still relevant?
[18:26] <smoser> no.
[18:27] <smoser> adam_g, /etc/maas/preseeds/curtin_userdata
[18:27] <smoser> that is the config file that is sent to curtin
[18:28] <adam_g> oh
[18:28] <adam_g> updating the 'maas' package doesn't actually update maas
[18:29] <adam_g> ii  maas                             1.4+bzr1656+dfsg-0ubuntu2~ctools0 Ubuntu MAAS Server
[18:29] <adam_g> ii  maas-cli                         1.4+bzr1551+dfsg-0ubuntu1~ctools0 Ubuntu MAAS Client Tool
[18:39] <zul> adam_g: https://code.launchpad.net/~zulcss/glance/run-full-suite/+merge/189684
[18:50] <adam_g> smoser, [Mon Oct 07 18:50:06 2013] [crit] [client 127.0.0.1] configuration error:  couldn't perform authentication. AuthType not set!: /MAAS/static/images/amd64/generic/precise/xinstall/root.tar.gz   <- any hint?
[18:51] <smoser> adam_g, join #maas
[19:04] <zul> adam_g: http://people.canonical.com/~chucks/ca/
[19:05] <adam_g> zul, looks okay.what do we need it for?
[19:06] <zul> adam_g:  need to rebuild kombu with a newer version of python-pika because it exposes a bug with glance
[19:06] <adam_g> zul, ah
[19:11] <resno> can anyone suggest a union filesystem, aka one that presents several seperate disks asone? i looked at aufs but its not support but with a patchd kernel
[19:24] <tarvid> http://pastebin.com/NVuQCFEt
[19:24] <tarvid> The directory sites/default/files is not writable.
[19:25] <tarvid> is there a security setting that would make that directory non-writable?
=== hatch is now known as lbox
=== lbox is now known as hatch
[19:53] <bitbyte> hey guys
[19:54] <bitbyte> I'm trying to move data to one folder and get it ready for transfer to another drive, going to use rsync but the drive dosnt have much space to play with what would you recommend
[19:54] <bitbyte> the command i was using was rsync -v -r --remove-source-files SRC DEST but the source files last time were never removed and the size was just doubled
[20:35] <adam_g> smoser, hallyn  filed this against juju-core but not sure if its an lxc or cloud-init thing. https://bugs.launchpad.net/juju-core/+bug/1236577
[20:35] <uvirtbot> Launchpad bug 1236577 in juju-core "container's /home/ubuntu/ spawns with incorrect permissions, preventing SSH access" [Undecided,New]
[20:49] <hallyn> oh i thought you were saying that i filed that bug :)
[20:49] <adam_g> hallyn, doh
[20:50] <hallyn> utlemming: are you still watching the ubuntu-cloud template?  up for an easy fix?
[20:50] <hallyn> adam_g: these are ubuntu-cloud right?
[20:50] <smoser> --numeric-uid ?
[20:51] <smoser> yem.
[20:51] <adam_g> hallyn, i think?
[20:51] <smoser> yep. carp.
[20:51] <smoser> that sucks.
[20:51] <smoser> hm..
[20:51] <hallyn> the ubuntu cloud template chowns it manually...
[20:52] <smoser> what!
[20:52] <smoser> no it doesnt
[20:52] <smoser> why haven' twe seen this before ?
[20:52] <hallyn> sorry, the *ubuntu* one does
[20:53] <smoser> because adam_g's system has an *existing* user 'ubuntu' that isn't uid 1000.
[20:53] <hallyn> adam_g: whatrelease and what lxc versions?
[20:53] <smoser> this iwll only be a problem for 12.04 instances.
[20:56] <hallyn> smoser: lxc-ubutu-cloud just uses metadata.  so is this a cloudinit issue?    /me confused
[20:56] <smoser> hallyn, http://paste.ubuntu.com/6206704/
[20:57] <hallyn> didn't we do that already?
[20:59] <adam_g> hallyn,   1.0.0~alpha1-0ubuntu6~ctools0 on precise
[20:59] <hallyn> i swear we've been over this...   what in blazes
[21:00] <hallyn> ~ctools0 ? :)
[21:00] <smoser> hallyn, that line is completely wrong as it is
[21:00] <smoser> tar -xzf if just plain stupid
[21:01] <smoser> i'm surprised it has not caused issues before.
[21:01] <smoser> its only a problem for ubuntu 12.04 where the ubuntu user already exists
[21:01] <smoser> in 12.10 and later the ubuntu user is created during boot (done from inside where it doesn't matter)
[21:02] <garrettkajmowicz> TJ-: Heading home. Back online in about an hour.
[21:02] <TJ-> garrettkajmowicz: OK, I'm fighting grub1 :)
[21:03] <hallyn> smoser: ok but that doen't limit what needs fixing.  all releases can install precise guest
[21:03] <hallyn> adam_g: so if i fix i in saucy will that percolate to the cloud archive?
[21:03] <smoser> hallyn, right.
[21:03] <adam_g> hallyn, it should
[21:03] <hallyn> smoser: if tar -zxf is dumb beyond needing numeric-owner, do you want to give a proper patch?
[21:04] <smoser> http://paste.ubuntu.com/6206704/
[21:04] <smoser> is there something else necessar ythere?
[21:05] <hallyn> oooooh.   it was rsync we dealt with before
[21:06] <hallyn> ok will push soon, thx
[21:08] <smoser> hallyn, note '-p' and '--numeric-owner'
[21:08] <smoser> adam_g, thanks.
[21:08] <hallyn> smoser: yes
[21:09] <smoser> luckily, i think that in most cases where juju will use this it wont matter.
[21:09] <smoser> as juju will have deployed an instance of a cloud image
[21:09] <smoser> so the tar will luckily do just about everything right
[21:19] <hallyn> smoser: so will the two tar's in build_root_tgz not need that?
[21:20] <hallyn> (it only gets called if there is no *-rootfs.tar.gz...  dunno what cases that happens in)
[21:21] <hallyn> i guess not as it should be symmetric :)  (it untars then tars)
[21:26] <hallyn> zul: so you were going to push the new libvirt, or not?
[21:26] <hallyn> if not, can you stick it in ubuntu-virt ppa?
[21:27] <hallyn> i'm gonna stick qemu 1.6 in there as well in the next few days
[21:28] <hallyn> eh, sent an email, read at your leisure :)
[21:48] <jamespage> adam_g, you will enjoy bug 1236439
[21:48] <uvirtbot> Launchpad bug 1236439 in neutron "switch to use not fully qualified hostnames breaks upgrades of l3-agent" [High,New] https://launchpad.net/bugs/1236439
[21:48] <jamespage> that gave me a moment this afternoon
[21:51] <adam_g> jamespage, jeez
[21:51] <adam_g> jamespage, if they're going to break that there, they should do the same for compute nodes
[21:51] <adam_g> or wait, i read it wrong
[21:52] <jamespage> adam_g, neutron lined up behind compute
[21:52] <adam_g> that changes aligns with how nova handles hostnames, too
[21:52] <jamespage> nova rather
[21:52] <adam_g> yea
[21:52] <jamespage> adam_g, interestingly the dhcp services where OK - they can run HA now on multiple nodes
[21:52] <jamespage> but l3 can't yet afaict
[21:53] <jamespage> adam_g, neutron actually cleared down all of the router definitions on the gateway post upgrade...
[21:55] <zul> hallyn:  yeah ill start it tonight
[21:55] <zul> jamespage:  so glance i got it to past with testsuite with ./run_test.sh -N -P
[21:55] <zul> jamespage:  so i am gonig to upload a glance ubuntu2 with the run_test.sh
[21:56] <jamespage> ok
[21:57] <adam_g> zul, dont we need to specify -N to avoid venv?
[21:57] <zul> adam_g:  yeah i meant what we have in bzr currently
=== JanC_ is now known as JanC
[23:36] <qwebirc191198> TJ-: I'm baaaack.  :-)
=== qwebirc191198 is now known as garrettk
=== garrettk is now known as gkajmowicz
=== gkajmowicz is now known as garrettk
[23:38] <TJ-> garretk: ha. I sent messages to your other log-in expecting you'd be using 'screen'
[23:39] <garrettk> Multiple computers. I *though* I'd exited at work, but, well.
[23:42] <garrettk> I will let you know that my home computer NIC resets on occasion (driver problem which is why I want to upgrade kernels), so I may occasionally disconnect and reconnect.
[23:44] <smoser> hallyn, probably, yes.
[23:44] <smoser> oh. symetric. funny.
[23:44] <smoser> no it would need it. its not symettric
[23:45] <smoser> because if the host had a user 'ubuntu' (uid=500), the tarball will get that users uid.
[23:45] <smoser> and then when extracted would have (uid=500)
[23:45] <smoser> but inside, the /etc/passwd had the user uid=1000
[23:45] <smoser> so that'd screw up.
[23:50] <justizin> anyone else have piles of tmpfs .. /run/shm lines in output of things like 'df' ?
[23:54] <sarnold> justizin: $ df | grep run | wc -l
[23:54] <sarnold> 4
[23:54] <sarnold> duno if that's _piles_... :)
[23:54] <justizin> $ df | grep run | wc -l
[23:54] <justizin> 2700
[23:55] <sarnold> 2700 is definitely _piles_. Wow.
[23:55] <justizin> yeah it just increases all of the time, all of my 12.04 boxen
[23:55] <justizin> it means that someone who doesn't know how to use grep can't easily read the output of df. ;)
[23:56] <sarnold> justizin: what are they? per-user mountpoints? or per-application shared memory segments? or...?
[23:56] <justizin> tmpfs on /run/shm type tmpfs (ro,noexec,nosuid)
[23:56] <justizin> all of them
[23:57] <justizin> the fstab line on 12.04 is odd, it's : tmpfs /dev/shm tmpfs defaults,ro,noexec,nosuid 0 0
[23:57] <justizin> however /dev/shm is a symlink to /run/shm .. haven't had much exp with symlink mount targets, but seems like it could cause some funniness
[23:58] <justizin> http://askubuntu.com/questions/169495/what-are-run-lock-and-run-shm-used-for <- seems to suggest that all of /run should be one tmpfs in the modern world, as well