/srv/irclogs.ubuntu.com/2013/12/06/#ubuntu-server.txt

=== freeflying_away is now known as freeflying
=== tom[`tom`] is now known as tom[]
zzxc	Hey does anyone have any experience with setting up AFP?	03:01
sarnold	zzxc: I used netatalk 13, 14 years ago with good success. Of course that predated OS X clients... :)	03:03
zzxc	sarnold: Is there a need to create an afp user and password like there is with samba?	03:04
markthomas	zzxc: afp uses user-based authentication if that's what you're asking.	03:08
sarnold	zzxc: In a quick search of the code, initscripts, I don't see any code that'd require creating a user for netatalk, it looks like it should run as root in the usual case	03:09
=== gfrog_afk is now known as gfrog
zzxc	markthomas: If it works as it does for osx I would imagine that it would just be the user's login (as in the same that you ssh into)	03:11
markthomas	yes.	03:11
zzxc	sarnold markthomas: I"m trying to share the /mount directory. I get prompted for a user name and password, but the login creds error.	03:13
zzxc	I'm going to make the pretty obvious guess that the reason is that my user may not have be the owner or have rwx premissions for that directory...	03:14
markthomas	zzxc: why afp?	03:14
zzxc	markthomas: primary os is osx. I also have a samba share right now but honestly its a pain in the ass.	03:15
sarnold	yup, that sounds like samba. :/	03:16
markthomas	I have smb and afp here, and between linux and mac i find smb less of a hassle. and yes, i just used samba and "less hassle" in the same context.	03:17
sarnold	zzxc: does netatalk use pam to authenticate users? if so does your /etc/pam.d/netatalk look correct?	03:17
zzxc	sarnold: Let me check one second.	03:17
zzxc	sarnold: The pam.d/netatalk doesn't have any documentation. It includes common-{auth,account,password,session). But I'm not really sure what its suppost to look like	03:21
sarnold	zzxc: okay, that'd probably be sufficient for the user to log in at the console.	03:21
sarnold	zzxc: is there anything more useful in the logs?	03:22
sarnold	check both /var/log/auth.log and netatalk logs	03:22
zzxc	markthomas: honeslty the majority of my issues boil down to premissions, though being able to let other users login in should they want and having it broadcast via bonjour (since only two of my close friends have windows) would be nice.	03:22
zzxc	sarnold: There are afp log messages in auth, but when I tail it nothing and try the same creds, nothing happens/	03:26
sarnold	zzxc: sigh sorry, I'm not seeing anythjin in the manpages or source that looks useful. :/	03:32
sarnold	zzxc: if you give it username/password you know are bogus, do you get the same or different error?	03:33
zzxc	sarnold: Nope tells me its a bad login and reprompts me.	03:34
sarnold	zzxc: different error?	03:34
zzxc	That please contact you're network admin message is soo irrating when you're the network admin.	03:34
sarnold	hehehe, yes	03:35
zzxc	sarnold: No error message, the login prompt shakes and prompts you to try agian.	03:35
sarnold	zzxc: is that the same or different than happens when you give it the good username and password?	03:36
sarnold	I'm curious if the authentication works but it fails somewhere else..	03:36
zzxc	sarnold: "Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator." is when its a valid user and password. Otherwise it just shakes the prompt and ask me for it agian.	03:37
zzxc	sarnold: Nothing is showing up in the netatalk logs, and when it does error out I don't get a message in the auth logs.	03:38
sarnold	zzxc: okay, cool, a thread to pull on. :) are you trying to mount a filesystem / directory that isn't exported? how do permissions look like for that directory and all directories above it?	03:40
zzxc	sarnold: I'm trying to mount my /mount/sda directory.	03:42
zzxc	sarnold: Orginally I was just trying to mount my /mount drive, figuring it would be nice to have access to everthing there.	03:43
zzxc	and orginally mount was owned by root, Its currently owned by me now and I ahve full permissions to it and everything inside.	03:44
zzxc	sarnold: this is the line from the how to guide I was looking up "/mount/sda BlackBox allow:james options:userdots,upriv"	03:45
sarnold	zzxc: sorry, got into a conversation...	03:54
sarnold	zzxc: how about ls -ld /mount /mount/sda ?	03:54
zzxc	sarnold: No worries rwxr-xr-x and james:root on both	03:56
sarnold	zzxc: man. that sounds like it ought to work. :(	03:57
zzxc	yeah I know its getting super annoying at this point.	03:58
sarnold	zzxc: so I guess it's time to bring out the unfun tools -- you could use fatrace to see what files are being accessed, or you could strace -p <pid of the server> -- and see if you can follow the system calls that lead to the decision to reject access.	03:58
sarnold	zzxc: if neither of those give you much to work with, you can try ltrace -- that traces function / library calls, not just system calls -- maybe it'll be more direct about the problem, but it's often like drinking from the firehouse	03:59
sarnold	firehose :)	03:59
zzxc	ack. I think I'll call it quits and look at it later with a fresh pair of eyes.	04:00
sarnold	zzxc: good luck! if you figure it out and don't mind, I'd be curious to hear the result.	04:00
sarnold	zzxc: time for me to call it a day too :)	04:00
zzxc	sarnold: Thanks for you help with it. I'll let you know if I figure it out.	04:01
blueking	hello again	04:36
blueking	just wonder: route -n shows 169.254.0.0 netmask 255.255.0.0 are added to routing table right out of sky... interfaces file or hosts file does not have this ip/netmask saw one could Append the following directive: NOZEROCONF = yes in file /etc/sysconfig/network but there are NO sysconfig folder in /etc on ubuntu 13.10 installation	04:41
blueking	I am lost :(	04:41
fishcooker	im on ubuntu server there is an option about the kernel thing?	05:07
fishcooker	which one should i choose	05:07
fishcooker	im on ubuntu server installation.. there is options about to choose the kernel, which one should i choose?	05:10
=== rdw200169_ is now known as rdw200169
e_t_	fishcooker: Choose the one with the highest version number, probably the one at the top of the list.	05:13
fishcooker	thanks e_t_: i go with linux-image-generic	05:32
fishcooker	https://help.ubuntu.com/community/ServerFaq#Is_a_dedicated_SMP_kernel_available_from_the_Ubuntu_Server_installation_CD.3F	05:33
=== rdw200169_ is now known as rdw200169
=== markthomas is now known as markthomas_away
=== rdw200169_ is now known as rdw200169
=== markthomas_away is now known as markthomas
=== markthomas is now known as markthomas_away
=== jml_ is now known as jml
=== funkyHat_ is now known as funkyHat
=== EntropyWorks_ is now known as EntropyWorks
=== xerxas_ is now known as xerxas
=== rdw200169_ is now known as rdw200169
=== rdw200169_ is now known as rdw200169
eagles0513875	hey guys any samba experts in here. I have a question in regards to ACL's im guessing samba ignores the ACL's on ubuntu server and uses its own correct?	09:13
jamespage	zul, I uploaded webtest again with waitress as depends - it really is needed	09:31
jamespage	the package won;t work without it - however pyquery and lxml are suggests IMHO so did that as well	09:31
=== yofel_ is now known as yofel
=== wedgwood is now known as Guest45906
=== Tribaal_ is now known as Tribaal
=== gfrog is now known as gfrog_afk
=== DzAirmaX_ is now known as DzAirmaX
jamespage	zul, I took a libbo and re-introduced the sqlite patch you dropped back into the heat packaging - it was causing a dep-8 failure	11:28
jamespage	pushed and uploaded	11:28
jamespage	zul, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728425 is blocking backporting python-babel - which is preventing other things from passing tests right now	11:34
jamespage	nova	11:34
uvirtbot	Debian bug 728425 in src:python-babel "FTBFS in a sbuild chroot" [Serious,Open]	11:34
makara	what was to blame for the Ubuntu Forums being hacked?	11:47
=== ivoks_ is now known as ivoks
jamespage	zul, babel fixed - I've submitted the fix back upstream	11:55
jamespage	non-deterministic test cases - gotta love-em	11:55
blueking	hello	12:40
blueking	kernel sets iprouting 169.154.0.0 netmask 255.255.0.0 been reading that one can set nozeroconf=yes in /etc/sysconfig/network but on ubuntu 13.10 there are no folder /etc/sysconfig couldn't find solution on ubuntu someone who can help me ?	12:42
blueking	when I connect ethernet cable to laptop it gets two IP 192.168.2.10 and was given auto 169.254.x.x and net unreachable	12:43
blueking	anyone knows if one can put nozeroconf= yes in /etc/network/interfaces ?	13:05
rbasak	blueking: can you specify exactly what you're trying to do? Ubuntu people aren't necessarily familiar with RH/Fedora config syntax.	13:09
blueking	rbasak: problem are kernel somehow adds iprouting 169.254.0.0	13:10
blueking	I need to disable that	13:10
blueking	I disabled some avahi stuff but kernel kept on putting iprouting 169.254.0.0 back	13:11
rbasak	blueking: are you getting this address on a desktop machine? Or a server machine?	13:11
blueking	route -n show 169.254.0.0	13:12
blueking	and mine laptop that I connect to net with cable gets 192.168.2.10 AND 169.254.x.x	13:13
blueking	and the net are pending on off all the time	13:13
blueking	when connect to another basic router no problem	13:13
rbasak	It sounds like you have a desktop issue. Try #ubuntu.	13:13
blueking	not desktop issue	13:14
rbasak	It sounds like you need to adjust your network manager settings in some way, since that's what gets you your address on a desktop machine by default.	13:14
blueking	route -n show that kernel adds iproute 169.254.0.0	13:14
blueking	on other distro they can set nozeroconf= yes to turn it off	13:14
rbasak	blueking: are you getting this address on a desktop machine? Or a server machine?	13:15
blueking	rbasak: on server machine	13:20
blueking	with route -n that is	13:20
rbasak	blueking: I don't understand why you'd get that. A default Ubuntu server installation does not use Zeroconf.	13:22
blueking	rbasak: I even tried to set up static ip to my laptop and turned off dhcp on laptop and put in ip manual still it received 169.254.x.x adress	13:22
rbasak	If your laptop gets a 169.254 address it is because it cannot find a DHCP server to give it a correct address (or, very unusually, a DHCP server is handing out bad addresses)	13:22
rbasak	Do you have a DHCP server daemon running on your server?	13:23
blueking	isc-dhcp-server	13:25
rbasak	It sounds like you have some significant non-default thing going on either on the server or on your laptop. Getting a Zeroconf 169.254 address is automatic. There's nothing to disable on a server for this since normally there is no server component that "issues" such an address; a client just picks up one that is available without the help of a server.	13:26
zul	jamespage: cool	13:27
rbasak	Exceptionally, I suppose a DHCP server could be misconfigured to hand these out, but that seems unlikely. I suggest you run a tcpdump on both the server and laptop to figure out where from and how you get that address.	13:28
jamespage	zul, babel is backported now	13:28
jamespage	I think that might mean nova can build ok on precise now :-)	13:28
blueking	ok have to figure out how to make tcpdump	13:28
zul	jamespage: cinder as well	13:28
jamespage	zul, unfortunately it missed the last b-o-m run	13:29
blueking	rbasak: think problem came after I installed webmin	13:29
rbasak	blueking: could be.	13:30
rbasak	!webmin \| blueking	13:30
ubottu	blueking: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.	13:30
blueking	and had some issues with making isc server visible on it... and might be that dhcp3 server been enabled somehow	13:30
blueking	oh so webmin are reason	13:30
jamespage	rbasak, what was so bad about how webmin managed configuration files?	13:31
rbasak	jamespage: no idea. All I know is that everyone says it's broken!	13:31
jamespage	rbasak, well I agree that webmin is probably so out-of-date	13:31
jamespage	but was it not superceded by ebox and then zentyal?	13:32
rbasak	I'm not saying that it is webmin in this case. Just that webmin does stuff, and is not recommended, and blueking seems to have had stuff done to his server and it's not working, so it's worth investigating that possibility.	13:32
jamespage	right	13:32
jamespage	fair enought	13:32
blueking	could u mention how to search/find packages that currently are installed on system ?	13:33
blueking	without webmin that is	13:33
blueking	apt-cache search looks for all packages but want to check what are current in system	13:34
rbasak	blueking: dpkg -l	13:39
blueking	ok	13:39
rbasak	blueking: that'll also show you removed packages that aren't purged. See the dpkg manpage for details, but I think "dpkg -l\|grep ^ii" or something will filter to installed packages.	13:39
jamespage	zul, cinder and heat have flushed through to the CA staging area	13:49
jamespage	zul, I think everything else is still held up in trusty-proposed right now	13:49
zul	jamespage: ok ill kick off the builds for precise testing (nova/cinder)	13:49
jamespage	?	13:49
zul	precice-icehouse-nova/cinder	13:50
jamespage	zul, nova should go through next run - it missed new babl	13:50
jamespage	precise-icehouse-nova is running right now	13:50
zul	ack	13:50
=== gary_poster is now known as gary_poster\|away
=== gary_poster\|away is now known as gary_poster
zul	jamespage/roaksoax: https://code.launchpad.net/~zulcss/keystone/tests-refresh/+merge/198066	14:23
zul	jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-heatclient/mox3/+merge/198068	14:26
zul	jamespage: it looks like swift-bench has moved out into its own project	14:29
jamespage	zul, your heatclient branch conflicts	14:36
zul	jamespage: damn it	14:36
zul	jamespage: better branch https://code.launchpad.net/~zulcss/python-heatclient/mox3/+merge/198072	14:41
jamespage	yolanda, did you push a new update with more unit tests for the heat charm?	14:42
zul	jamespage: i added a WI for swift-bench	14:43
zul	jamespage/roaksoax: https://code.launchpad.net/~zulcss/swift/swift-bench/+merge/198073	14:43
jamespage	zul, minor niggle on keystone	14:46
jamespage	zul, swift +!	14:46
jamespage	1 rather	14:46
zul	jamespage: keystone niggle fixed	14:48
jamespage	zul, nova just b-o-m'ed	14:49
jamespage	gonna milk this for all its got!	14:49
zul	jamespage: sweet	14:49
jamespage	zul, oh - I tried your patch for libvirt - that was OK _ but I got a test failure - any chance you can take a look sometime today and see if its easily fixable/reproducable?	14:50
zul	jamespage: it was failing on some client test?	14:50
zul	jamespage: (backporting python-mox3)	14:51
jamespage	zul, http://paste.ubuntu.com/6530065/	14:52
jamespage	zul, so I see	14:52
hallyn_	stgraber: might be nice to have options to the ubuntu and ubuntu-cloud templates to specify apparmor profile	14:52
hallyn_	(preferably by shorter names)	14:52
hallyn_	lemme know if you have thoughts on that	14:52
jamespage	zul, I get email on uploades (james page == openstack ubuntu testing bot)	14:52
zul	jamespage: yeah i had the same problem	14:53
zul	jamespage: unfortunately the libvirt tests are light on the verbage	14:54
jamespage	zul, any idea on the qemu failuer?	14:56
zul	jamespage: not yet	14:57
zul	jamespage: i blame hallyn somehow ;)	14:57
hallyn_	i accept nothing	14:58
=== oop is now known as w0rmie
jamespage	zul, python-crypto builds OK locally - odd	15:05
* jamespage looks deeper		15:05
zul	jamespage: looking at qemu	15:05
jamespage	zul, ta	15:06
jamespage	something about DTC not being avaliable	15:06
zul	jamespage: it would help if i used the right release :)	15:10
hallyn_	zul: all right, re-running the libvirt tests on trusty, first without your ppa then with.	15:12
zul	hallyn_: ack	15:14
zul	jamespage: "ERROR: DTC not present." ?	15:15
=== freeflying is now known as freeflying_away
=== freeflying_away is now known as freeflying
roaksoax	rbasak: when an arm machine is first booted in MAAS, it loads an i386 ephemeral image to get it enlisted?	15:20
rbasak	roaksoax: ?	15:21
rbasak	roaksoax: no, it uses an armhf ephemeral image.	15:21
rbasak	Did I say i386 somewhere?	15:21
roaksoax	rbasak: how does it know to use one?	15:21
rbasak	Ah. Now that's a very good question :-)	15:21
roaksoax	rbasak: i mean, when it pxe boots, config.commissioning.template is used, and that itself tests for amd64 or i386	15:22
rbasak	Right now, highbank does it by falling back to fetching /pxelinux.cfg/default.arm.highbank (or something like that), then default.arm, then finally default.	15:22
rbasak	MAAS' dynamic TFTP implementation picks up on that, and serves a suitable default file, which fetches the correct arch kernel/initrd.	15:22
rbasak	I never had to connect anything between the correct arch kernel/initrd and the correct arch ephemeral as far as I can remember. I presume the code already DTRT.	15:23
rbasak	Another possible mechanism is a DHCP vendor identifier option, which U-Boot does provide. But we ended up not using that.	15:23
rbasak	So the amd64/i386 differentiating pxelinux template is never used in the armhf case.	15:24
yogeshsarwate	Hi all i got a dns addresses on noip.com i want to run my own email server and irc chat server can anybody guide	15:24
zul	qemu: i think it needs a newer libfdt-dev so i back ported it	15:25
rbasak	roaksoax: notice that /etc/maas/templates/pxe/config.commissioning.armhf.template is distinct from the more generic config.commissioning.template	15:25
rbasak	IMHO it should be the other way round, as it's the Intel case that's special, but never mind.	15:26
roaksoax	rbasak: yeah... for some reason I thought it, by default, any type of hardware uses cponfig.commissioning.template, but I guess for arm it uses config.commissioning.armhf.template before the machine is even enlisted	15:26
rbasak	Right	15:26
rbasak	The TFTP server does the detection.	15:26
rbasak	(currently)	15:26
roaksoax	rbasak: where in the code is that exactly, do you know?	15:27
=== chaos_ is now known as soahccc
rbasak	Looking	15:28
rbasak	roaksoax: http://bazaar.launchpad.net/~maas-maintainers/maas/trunk/view/head:/src/provisioningserver/tftp.py	15:28
rbasak	roaksoax: the regex picks up the default-(whatever) in lines 93-111.	15:28
roaksoax	rbasak: eah that's where I'm looking	15:28
roaksoax	rbasak: i see now, cool thanks!	15:29
rbasak	The code that used the resulting match used to be in there, but I guess it's moved now.	15:29
jamespage	zul, for some reason python-crypto won't build in the lab	15:29
jamespage	its OK on ppa and locally	15:29
zul	jamespage: weird	15:29
hallyn_	zul: what time is the openstack-lxc mtg?	15:32
jamespage	zul, i see the issue	15:33
* jamespage twiddles a knob		15:33
jamespage	zul, fixed - for reference the schroot's where not providing a /dev/shm	15:37
jamespage	(using tmpfs)	15:37
jamespage	zul, you need to fix that niggle for keystone harded - forwarded is spelt incorrectly	15:38
yogeshsarwate	Hi	15:38
=== freeflying is now known as freeflying_away
jamespage	zul, urgh - heatclient needs mox and well as mox3 btw	15:51
jamespage	I'll fix that and merge your change if thats ok	15:52
zul	jamespage: okies	15:52
zul	jamespage: that needs to be fixed upstream it should use mox3	15:53
jamespage	zul, ah - OK	15:53
jamespage	zul, well I pushed it with both for the time being	15:53
zul	jamespage: yeah im submitting a patch upstream	15:54
=== markthomas_away is now known as markthomas
jamespage	zul, keystone and we are all green in ci for icehouse btw	16:45
zul	jamespage: ill poke at keystone	16:45
jamespage	zul, your mp is not merged yet	16:46
zul	jamespage: qemu is building in bom btw	16:46
jamespage	yeah - I see	16:46
jamespage	nice	16:46
=== Gnubie is now known as Guest45295
=== wedgwood is now known as Guest77125
zul	jamespage: https://code.launchpad.net/~zulcss/keystone/tests-refresh/+merge/198066	16:58
w0rmie	i've some problems with tftp-hpa configuration, the package is installed, but no file such /etc/default/tftpd-hpa to set	17:02
=== Guest11806 is now known as DWSR
w0rmie	any ideas?	17:02
markthomas	w0rmie: check /etc/default/tftp-hpa	17:05
=== Guest77125 is now known as wedgwood
w0rmie	markthomas: the default folder with a simple ls does not contain any file named tftp-hpa	17:16
jamespage	zul: just checking that now - I'll merge it if its good	17:16
zul	jamespage: okies we just have libvirt and libunwind to worry about	17:17
w0rmie	markthomas: should i create a file to set the tftp-hda to default task?	17:17
markthomas	w0rmie: checking. sec	17:18
jamespage	zul, I did an install of everything from the trunk testing ppa	17:18
markthomas	w0rmie: trying to figure out why I have one.	17:18
jamespage	swift appears to have lost all is upstart configs for some reason	17:18
markthomas	w0rmie: yes, the upstart job for tftp-hpa loads /etc/default/tftp-hpa	17:19
w0rmie	markthomas: ok, should i create a new file with the defaults for tftp-hpa or i should fin an existing file into /etc/defaults/ named tftp-hpa?	17:20
markthomas	There are four options listed in the tftp-hpa defaults file. You can find them in the upstart script.	17:21
zul	jamespage: er?	17:22
markthomas	w0rmie: have a username of tftp, directory is whatever, address is 0.0.0.0:69, options="--secure -vvv"	17:22
jamespage	zul, its odd - non of the packages have upstart configs any longer	17:22
zul	jamespage: wtf?	17:23
jamespage	zul, same on trusty and precise	17:23
highvoltage	it was zapped with lennart's deathray	17:23
zul	jamespage: keystone does.	17:24
jamespage	zul, yes - it appears to be isolated to swift	17:24
zul	jamespage: hmm...ill have a look	17:24
jamespage	zul, I'm looking	17:25
zul	jamespage: ok ill poke libvirt then	17:25
* jamespage breaths again		17:26
jamespage	the release version in saucy/trusty does	17:26
jamespage	must be something in the branch	17:26
jamespage	zul, keystone merged	17:26
zul	jamespage: cool thanks	17:27
zul	jamespage: could be over zealous cleanup by me	17:27
jamespage	zul, http://paste.ubuntu.com/6530751/	17:30
jamespage	wanna +1 that? saves a mp	17:30
zul	jamespage: arrgh...yeah +1	17:30
jamespage	zul, I've dropped b-o-m to run daily instead of hourly now	17:32
zul	jamespage: ack	17:34
jwal	Hi. I am trying to setup a non-interactive install of roundcube from the debs. It is all working - using debconf-set-selections - except I am being prompted for a password. I just have to hit enter for it to continue (using pgsql ident). Can somebody help me debug what is happening? (also asked in #ubuntu, sorry for cross post)	17:42
zul	jamespage: maybe leave it at daily and when the milestones come around turn it on for hourly?	17:43
ersi	Kind announcement: Today is the last day to do the FLOSS survey 2013: http://floss2013.libresoft.es/	17:44
jamespage	zul, well it can be run manually as well	17:47
zul	jamespage: true just thinking	17:48
jamespage	smoser, I'm getting bored of syncing image data - have you started on a simplestreams charm yet - or can I start hacking on one	17:48
smoser	jamespage, not started on said charm.	17:49
smoser	you are welcome to do that for sure.	17:49
jamespage	great	17:49
smoser	i dont know that i understood why you think its a separate charm thoug	17:50
smoser	rather than just confiuration of glance charm	17:50
jamespage	smoser, so when we want to use it with maas - its not tied to glance :-)	17:50
smoser	i dont follow	17:51
jamespage	that's entirely hypothetical	17:51
smoser	oh. maybe i see a bit.	17:51
jamespage	smoser, I actually pushed back on a MP to include this in the glance charm this week; I think it complicates the glance charm when it does not need to	17:51
smoser	boo	17:52
smoser	link to mp ?	17:52
jamespage	smoser, can't find it now	17:54
jwal	The answer was to 1) run install in interactive mode 2) copy the relevant output from debconf-get-selections 3) [the step I was missing] change any line ending "password" to "select" (for an empty password) 4) apply the config using debconf-set-selections	18:51
bitbyte	hey guys I have a quick question any one able to answer ?	19:24
bitbyte	basically i'm setting up strong swan with my home router and its not got a static ip and the server sits behind a firewall performing NAT I keep getting policy=PSK error. Am i going to be able to resolve this issue ? as some suggest the L2TP/IPSEC vpn can not work if the router is performing NAT which the server sits behind	19:24
bitbyte	Basically i'm setting up strong swan with my home router and its not got a static ip and the server sits behind a firewall performing NAT I keep getting policy=PSK error. Am i going to be able to resolve this issue ? as some suggest the L2TP/IPSEC vpn can not work if the router is performing NAT which the server sits behind	19:25
markthomas	bitbyte: why IPSEC and not OpenVPN?	19:26
bitbyte	I've elected to use Strongswan and try setup IPSEC	19:27
markthomas	bitbyte: Is this a learning project, or does it fit a specific business or technical need?	19:28
bitbyte	It's just personal learning to setup a strong IPSEC VPN	19:29
sarnold	I don't know the technical details since our admin set it all up for us eight years back, but we used ipsec for our vpn and we all had NAT systems at home and at the office and things worked out great. though our admin did have the ability to set up the ipsec gateway on the firewall itself, iirc.	19:29
bitbyte	the real issue i can see at the moment is that I'm having issues defining the inbound ip's cause they will all be dynamic ones connecting as it will be from different locations.	19:30
bitbyte	but I did think that having right=%any and rightsubnet=0.0.0.0/24 would resolve that	19:31
bitbyte	but I keep running into this pesky PSK error	19:31
markthomas	bitbyte: It's been quite a few years since I deployed an IPSec VPN as well.	19:35
bitbyte	It's been a challenging project the security guys at my work suggested strong swan but only get to quiz them during work hours sadly	19:36
sarnold	an excuse to stay home! :)	19:37
bitbyte	I work for a banks technical support so their very "official" and shy away from any personal project items	19:38
bitbyte	I feel in my config i'm missing something so simple gerrr	19:38
=== tom[] is now known as chaps[`tom`]
=== JonnyNomad_ is now known as JonnyNomad
zul	jamespage: libvirt fixed	20:17
=== oop is now known as w0rmie
hallyn_	zul: which libvirt is fixed?	20:22
zul	hallyn_: 1.1.2 backport for precise	20:22
hallyn_	stgraber: if you happen to have time to add an apparmor profile to trusty's lxc that allows mount fstype=ext*, please feel free :)	20:23
hallyn_	you know, in case youthought i'd feel you were stepping on my toes...	20:23
hallyn_	zul: ok	20:23
stgraber	hallyn_: I found the source of the IPv6 bug, one char fix :)	20:26
hallyn_	excellent	20:27
stgraber	hallyn_: http://paste.ubuntu.com/6531493/	20:27
hallyn_	i'm drafting a message to satan's advisory group^W^W^W dbus m-l	20:27
stgraber	(I was looking for bugs in the parser instead of the writer... once I looked at the latter, the bug was rather obvious...)	20:28
=== markthomas is now known as zz_markthomas
hallyn_	stgraber: no way!	20:53
hallyn_	i swear i straightened those out...	20:53
=== gary_poster is now known as gary_poster\|away
=== zz_markthomas is now known as markthomas
kieppie	hi folks	21:27
kieppie	anyone here familiar with LXC?	21:27
kieppie	I've been giving it a go on vanilla Debian (wheezy) - but the "stable" & docco's are fubar & it seems absolutely nothing has even been tried to remedy the situation since 2011/2012	21:28
e_t_	!anyone	21:30
ubottu	A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.	21:30
hallyn_	zul: ok, the new failures in libvirt 1.2.0 are http://paste.ubuntu.com/6532080/	22:37
hallyn_	perhaps just a virt-install regression	22:38
hallyn_	re-running to get the exact error msg	22:42
=== chaps[`tom`] is now known as tom[]
=== freeflying_away is now known as freeflying
hallyn_	zul: d'oh, virtinst was not installed.	23:33
hallyn_	<slap>	23:33
hallyn_	zul: but, do you have a fix yet for libvirt-python upgrade?	23:33
hallyn_	zul: all right. so virtinst depend on python-libvirt which conflicts with libvirt-python.	23:55
hallyn_	so if you're not going to rename libvirt-python to python-libvirt, then you must at least create an empty python-libvirt depending on libvirt-python.	23:55

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!