[03:01] <zzxc> Hey does anyone have any experience with setting up AFP?
[03:03] <sarnold> zzxc: I used netatalk 13, 14 years ago with good success. Of course that predated OS X clients... :)
[03:04] <zzxc> sarnold: Is there a need to create an afp user and password like there is with samba?
[03:08] <markthomas> zzxc: afp uses user-based authentication if that's what you're asking.
[03:09] <sarnold> zzxc: In a quick search of the code, initscripts, I don't see any code that'd require creating a user for netatalk, it looks like it should run as root in the usual case
[03:11] <zzxc> markthomas: If it works as it does for osx I would imagine that it would just be the user's login (as in the same that you ssh into)
[03:11] <markthomas> yes.
[03:13] <zzxc> sarnold markthomas: I"m trying to share the /mount directory. I get prompted for a user name and password, but the login creds error.
[03:14] <zzxc> I'm going to make the pretty obvious guess that the reason is that my user may not have be the owner or have rwx premissions for that directory...
[03:14] <markthomas> zzxc: why afp?
[03:15] <zzxc> markthomas: primary os is osx. I also have a samba share right now but honestly its a pain in the ass.
[03:16] <sarnold> yup, that sounds like samba. :/
[03:17] <markthomas> I have smb and afp here, and between linux and mac i find smb less of a hassle. and yes, i just used samba and "less hassle" in the same context.
[03:17] <sarnold> zzxc: does netatalk use pam to authenticate users? if so does your /etc/pam.d/netatalk look correct?
[03:17] <zzxc> sarnold: Let me check one second.
[03:21] <zzxc> sarnold: The pam.d/netatalk doesn't have any documentation. It includes common-{auth,account,password,session). But I'm not really sure what its suppost to look like
[03:21] <sarnold> zzxc: okay, that'd probably be sufficient for the user to log in at the console.
[03:22] <sarnold> zzxc: is there anything more useful in the logs?
[03:22] <sarnold> check both /var/log/auth.log and netatalk logs
[03:22] <zzxc> markthomas: honeslty the majority of my issues boil down to premissions, though being able to let other users login in should they want and having it broadcast via bonjour (since only two of my close friends have windows) would be nice.
[03:26] <zzxc> sarnold: There are afp log messages in auth, but when I tail it nothing and try the same creds, nothing happens/
[03:32] <sarnold> zzxc: *sigh* sorry, I'm not seeing anythjin in the manpages or source that looks useful. :/
[03:33] <sarnold> zzxc: if you give it username/password you know are bogus, do you get the same or different error?
[03:34] <zzxc> sarnold: Nope tells me its a bad login and reprompts me.
[03:34] <sarnold> zzxc: different error?
[03:34] <zzxc> That please contact you're network admin message is soo irrating when you're the network admin.
[03:35] <sarnold> hehehe, yes
[03:35] <zzxc> sarnold: No error message, the login prompt shakes and prompts you to try agian.
[03:36] <sarnold> zzxc: is that the same or different than happens when you give it the good username and password?
[03:36] <sarnold> I'm curious if the authentication works but it fails somewhere else..
[03:37] <zzxc> sarnold: "Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator." is when its a valid user and password. Otherwise it just shakes the prompt and ask me for it agian.
[03:38] <zzxc> sarnold: Nothing is showing up in the netatalk logs, and when it does error out I don't get a message in the auth logs.
[03:40] <sarnold> zzxc: okay, cool, a thread to pull on. :) are you trying to mount a filesystem / directory that isn't exported? how do permissions look like for that directory and all directories above it?
[03:42] <zzxc> sarnold: I'm trying to mount my /mount/sda directory.
[03:43] <zzxc> sarnold: Orginally I was just trying to mount my /mount drive, figuring it would be nice to have access to everthing there.
[03:44] <zzxc> and orginally mount was owned by root, Its currently owned by me now and I ahve full permissions to it and everything inside.
[03:45] <zzxc> sarnold: this is the line from the how to guide I was looking up "/mount/sda BlackBox allow:james options:userdots,upriv"
[03:54] <sarnold> zzxc: sorry, got into a conversation...
[03:54] <sarnold> zzxc: how about ls -ld /mount /mount/sda  ?
[03:56] <zzxc> sarnold: No worries rwxr-xr-x and james:root on both
[03:57] <sarnold> zzxc: man. that sounds like it ought to work. :(
[03:58] <zzxc> yeah I know its getting super annoying at this point.
[03:58] <sarnold> zzxc: so I guess it's time to bring out the unfun tools -- you could use fatrace to see what files are being accessed, or you could strace -p <pid of the server> -- and see if you can follow the system calls that lead to the decision to reject access.
[03:59] <sarnold> zzxc: if neither of those give you much to work with, you can try ltrace -- that traces function / library calls, not just system calls -- maybe it'll be more direct about the problem, but it's often like drinking from the firehouse
[03:59] <sarnold> firehose :)
[04:00] <zzxc> ack. I think I'll call it quits and look at it later with a fresh pair of eyes.
[04:00] <sarnold> zzxc: good luck! if you figure it out and don't mind, I'd be curious to hear the result.
[04:00] <sarnold> zzxc: time for me to call it a day too :)
[04:01] <zzxc> sarnold: Thanks for you help with it. I'll let you know if I figure it out.
[04:36] <blueking> hello again
[04:41] <blueking> just wonder:  route -n shows 169.254.0.0     netmask 255.255.0.0 are added to routing table  right out of sky...  interfaces file or hosts file does not have this ip/netmask    saw  one could Append the following directive: NOZEROCONF = yes  in file /etc/sysconfig/network     but there are NO sysconfig folder in /etc on ubuntu 13.10 installation
[04:41] <blueking> I am lost :(
[05:07] <fishcooker> im on ubuntu server there is an option about the kernel thing?
[05:07] <fishcooker> which one should i choose
[05:10] <fishcooker> im on ubuntu server installation.. there is options about to choose the kernel, which one should i choose?
[05:13] <e_t_> fishcooker: Choose the one with the highest version number, probably the one at the top of the list.
[05:32] <fishcooker> thanks e_t_: i go with linux-image-generic
[05:33] <fishcooker> https://help.ubuntu.com/community/ServerFaq#Is_a_dedicated_SMP_kernel_available_from_the_Ubuntu_Server_installation_CD.3F
[09:13] <eagles0513875> hey guys any samba experts in here. I have a question in regards to ACL's im guessing samba ignores the ACL's on ubuntu server and uses its own correct?
[09:31] <jamespage> zul, I uploaded webtest again with waitress as depends - it really is needed
[09:31] <jamespage> the package won;t work without it - however pyquery and lxml are suggests IMHO so did that as well
[11:28] <jamespage> zul, I took a libbo and re-introduced the sqlite patch you dropped back into the heat packaging - it was causing a dep-8 failure
[11:28] <jamespage> pushed and uploaded
[11:34] <jamespage> zul, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728425 is blocking backporting python-babel - which is preventing other things from passing tests right now
[11:34] <jamespage> nova
[11:47] <makara> what was to blame for the Ubuntu Forums being hacked?
[11:55] <jamespage> zul, babel fixed - I've submitted the fix back upstream
[11:55] <jamespage> non-deterministic test cases - gotta love-em
[12:40] <blueking> hello
[12:42] <blueking> kernel sets iprouting 169.154.0.0   netmask 255.255.0.0     been reading that one can set  nozeroconf=yes in /etc/sysconfig/network   but on ubuntu 13.10 there are no folder  /etc/sysconfig     couldn't find solution on ubuntu   someone who can help me ?
[12:43] <blueking> when I connect  ethernet cable to laptop   it gets two IP  192.168.2.10   and  was given auto  169.254.x.x     and net unreachable
[13:05] <blueking> anyone knows if one can put nozeroconf= yes in /etc/network/interfaces ?
[13:09] <rbasak> blueking: can you specify exactly what you're trying to do? Ubuntu people aren't necessarily familiar with RH/Fedora config syntax.
[13:10] <blueking> rbasak:  problem are  kernel somehow adds iprouting  169.254.0.0
[13:10] <blueking> I need to disable that
[13:11] <blueking> I disabled some avahi stuff but  kernel kept on putting iprouting 169.254.0.0 back
[13:11] <rbasak> blueking: are you getting this address on a desktop machine? Or a server machine?
[13:12] <blueking> route -n show  169.254.0.0
[13:13] <blueking> and mine laptop   that I connect to net with cable  gets  192.168.2.10 AND 169.254.x.x
[13:13] <blueking> and the net    are pending on off   all the time
[13:13] <blueking> when connect to another  basic router  no problem
[13:13] <rbasak> It sounds like you have a desktop issue. Try #ubuntu.
[13:14] <blueking> not desktop issue
[13:14] <rbasak> It sounds like you need to adjust your network manager settings in some way, since that's what gets you your address on a desktop machine by default.
[13:14] <blueking> route -n show that kernel adds iproute 169.254.0.0
[13:14] <blueking> on  other distro they can set nozeroconf= yes to turn it off
[13:15] <rbasak> blueking: are you getting this address on a desktop machine? Or a server machine?
[13:20] <blueking> rbasak:  on server machine
[13:20] <blueking> with route -n that is
[13:22] <rbasak> blueking: I don't understand why you'd get that. A default Ubuntu server installation does not use Zeroconf.
[13:22] <blueking> rbasak:  I even tried to set up static ip to my laptop   and turned off dhcp on laptop   and put in ip manual  still it received 169.254.x.x adress
[13:22] <rbasak> If your laptop gets a 169.254 address it is because it cannot find a DHCP server to give it a correct address (or, very unusually, a DHCP server is handing out bad addresses)
[13:23] <rbasak> Do you have a DHCP server daemon running on your server?
[13:25] <blueking> isc-dhcp-server
[13:26] <rbasak> It sounds like you have some significant non-default thing going on either on the server or on your laptop. Getting a Zeroconf 169.254 address is automatic. There's nothing to disable on a server for this since normally there is no server component that "issues" such an address; a client just picks up one that is available without the help of a server.
[13:27] <zul> jamespage:  cool
[13:28] <rbasak> Exceptionally, I suppose a DHCP server could be misconfigured to hand these out, but that seems unlikely. I suggest you run a tcpdump on both the server and laptop to figure out where from and how you get that address.
[13:28] <jamespage> zul, babel is backported now
[13:28] <jamespage> I think that might mean nova can build ok on precise now :-)
[13:28] <blueking> ok have to figure out how to make tcpdump
[13:28] <zul> jamespage:  cinder as well
[13:29] <jamespage> zul, unfortunately it missed the last b-o-m run
[13:29] <blueking> rbasak:  think problem came after I installed webmin
[13:30] <rbasak> blueking: could be.
[13:30] <rbasak> !webmin | blueking
[13:30] <blueking> and had some issues with making isc server visible on it... and might be that dhcp3 server been enabled somehow
[13:30] <blueking> oh so webmin are reason
[13:31] <jamespage> rbasak, what was so bad about how webmin managed configuration files?
[13:31] <rbasak> jamespage: no idea. All I know is that everyone says it's broken!
[13:31] <jamespage> rbasak, well I agree that webmin is probably so out-of-date
[13:32] <jamespage> but was it not superceded by ebox and then zentyal?
[13:32] <rbasak> I'm not saying that it is webmin in this case. Just that webmin does stuff, and is not recommended, and blueking seems to have had stuff done to his server and it's not working, so it's worth investigating that possibility.
[13:32] <jamespage> right
[13:32] <jamespage> fair enought
[13:33] <blueking> could u mention how to search/find packages that currently are installed on system ?
[13:33] <blueking> without webmin that is
[13:34] <blueking> apt-cache search  looks for all packages   but want to check what are current in system
[13:39] <rbasak> blueking: dpkg -l
[13:39] <blueking> ok
[13:39] <rbasak> blueking: that'll also show you removed packages that aren't purged. See the dpkg manpage for details, but I think "dpkg -l|grep ^ii" or something will filter to installed packages.
[13:49] <jamespage> zul, cinder and heat have flushed through to the CA staging area
[13:49] <jamespage> zul, I think everything else is still held up in trusty-proposed right now
[13:49] <zul> jamespage:  ok ill kick off the builds for precise testing (nova/cinder)
[13:49] <jamespage> ?
[13:50] <zul> precice-icehouse-nova/cinder
[13:50] <jamespage> zul, nova should go through next run - it missed new babl
[13:50] <jamespage> precise-icehouse-nova is running right now
[13:50] <zul> ack
[14:23] <zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/keystone/tests-refresh/+merge/198066
[14:26] <zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-heatclient/mox3/+merge/198068
[14:29] <zul> jamespage:  it looks like swift-bench has moved out into its own project
[14:36] <jamespage> zul, your heatclient branch conflicts
[14:36] <zul> jamespage:  damn it
[14:41] <zul> jamespage:  better branch https://code.launchpad.net/~zulcss/python-heatclient/mox3/+merge/198072
[14:42] <jamespage> yolanda, did you push a new update with more unit tests for the heat charm?
[14:43] <zul> jamespage:  i added a WI for swift-bench
[14:43] <zul> jamespage/roaksoax:  https://code.launchpad.net/~zulcss/swift/swift-bench/+merge/198073
[14:46] <jamespage> zul, minor niggle on keystone
[14:46] <jamespage> zul, swift +!
[14:46] <jamespage> 1 rather
[14:48] <zul> jamespage:  keystone niggle fixed
[14:49] <jamespage> zul, nova just b-o-m'ed
[14:49] <jamespage> gonna milk this for all its got!
[14:49] <zul> jamespage:  sweet
[14:50] <jamespage> zul, oh - I tried your patch for libvirt - that was OK _ but I got a test failure - any chance you can take a look sometime today and see if its easily fixable/reproducable?
[14:50] <zul> jamespage:  it was failing on some client test?
[14:51] <zul> jamespage: (backporting python-mox3)
[14:52] <jamespage> zul, http://paste.ubuntu.com/6530065/
[14:52] <jamespage> zul, so I see
[14:52] <hallyn_> stgraber: might be nice to have options to the ubuntu and ubuntu-cloud templates to specify apparmor profile
[14:52] <hallyn_> (preferably by shorter names)
[14:52] <hallyn_> lemme know if you have thoughts on that
[14:52] <jamespage> zul, I get email on uploades (james page == openstack ubuntu testing bot)
[14:53] <zul> jamespage:  yeah i had the same problem
[14:54] <zul> jamespage:  unfortunately the libvirt tests are  light on the verbage
[14:56] <jamespage> zul, any idea on the qemu failuer?
[14:57] <zul> jamespage:  not yet
[14:57] <zul> jamespage:  i blame hallyn somehow ;)
[14:58] <hallyn_> i accept nothing
[15:05] <jamespage> zul, python-crypto builds OK locally - odd
[15:05]  * jamespage looks deeper
[15:05] <zul> jamespage:  looking at qemu
[15:06] <jamespage> zul, ta
[15:06] <jamespage> something about DTC not being avaliable
[15:10] <zul> jamespage:  it would help if i used the right release :)
[15:12] <hallyn_> zul: all right, re-running the libvirt tests on trusty, first without your ppa then with.
[15:14] <zul> hallyn_:  ack
[15:15] <zul> jamespage:  "ERROR: DTC not present." ?
[15:20] <roaksoax> rbasak: when an arm machine is first booted in MAAS, it loads an i386 ephemeral image to get it enlisted?
[15:21] <rbasak> roaksoax: ?
[15:21] <rbasak> roaksoax: no, it uses an armhf ephemeral image.
[15:21] <rbasak> Did I say i386 somewhere?
[15:21] <roaksoax> rbasak: how does it know to use one?
[15:21] <rbasak> Ah. Now that's a very good question :-)
[15:22] <roaksoax> rbasak: i mean, when it pxe boots, config.commissioning.template is used, and that itself tests for amd64 or i386
[15:22] <rbasak> Right now, highbank does it by falling back to fetching /pxelinux.cfg/default.arm.highbank (or something like that), then default.arm, then finally default.
[15:22] <rbasak> MAAS' dynamic TFTP implementation picks up on that, and serves a suitable default file, which fetches the correct arch kernel/initrd.
[15:23] <rbasak> I never had to connect anything between the correct arch kernel/initrd and the correct arch ephemeral as far as I can remember. I presume the code already DTRT.
[15:23] <rbasak> Another possible mechanism is a DHCP vendor identifier option, which U-Boot does provide. But we ended up not using that.
[15:24] <rbasak> So the amd64/i386 differentiating pxelinux template is never used in the armhf case.
[15:24] <yogeshsarwate> Hi all i got a dns addresses on noip.com i want to run my own email server and irc chat server can anybody guide
[15:25] <zul> qemu: i think it needs a newer libfdt-dev so i back ported it
[15:25] <rbasak> roaksoax: notice that /etc/maas/templates/pxe/config.commissioning.armhf.template is distinct from the more generic  config.commissioning.template
[15:26] <rbasak> IMHO it should be the other way round, as it's the Intel case that's special, but never mind.
[15:26] <roaksoax> rbasak: yeah... for some reason I thought it, by default, any type of hardware uses cponfig.commissioning.template, but I guess for arm it uses config.commissioning.armhf.template before the machine is even enlisted
[15:26] <rbasak> Right
[15:26] <rbasak> The TFTP server does the detection.
[15:26] <rbasak> (currently)
[15:27] <roaksoax> rbasak: where in the code is that exactly, do you know?
[15:28] <rbasak> Looking
[15:28] <rbasak> roaksoax: http://bazaar.launchpad.net/~maas-maintainers/maas/trunk/view/head:/src/provisioningserver/tftp.py
[15:28] <rbasak> roaksoax: the regex picks up the default-(whatever) in lines 93-111.
[15:28] <roaksoax> rbasak: eah that's where I'm looking
[15:29] <roaksoax> rbasak: i see now, cool thanks!
[15:29] <rbasak> The code that used the resulting match used to be in there, but I guess it's moved now.
[15:29] <jamespage> zul, for some reason python-crypto won't build in the lab
[15:29] <jamespage> its OK on ppa and locally
[15:29] <zul> jamespage:  weird
[15:32] <hallyn_> zul: what time is the openstack-lxc mtg?
[15:33] <jamespage> zul, i see the issue
[15:33]  * jamespage twiddles a knob
[15:37] <jamespage> zul, fixed - for reference the schroot's where not providing a /dev/shm
[15:37] <jamespage> (using tmpfs)
[15:38] <jamespage> zul, you need to fix that niggle for keystone harded - forwarded is spelt incorrectly
[15:38] <yogeshsarwate> Hi
[15:51] <jamespage> zul, urgh - heatclient needs mox and well as mox3 btw
[15:52] <jamespage> I'll fix that and merge your change if thats ok
[15:52] <zul> jamespage:  okies
[15:53] <zul> jamespage:  that needs to be fixed upstream it should use mox3
[15:53] <jamespage> zul, ah - OK
[15:53] <jamespage> zul, well I pushed it with both for the time being
[15:54] <zul> jamespage:  yeah im submitting a patch upstream
[16:45] <jamespage> zul,  keystone and we are all green in ci for icehouse btw
[16:45] <zul> jamespage:  ill poke at keystone
[16:46] <jamespage> zul, your mp is not merged yet
[16:46] <zul> jamespage:  qemu is building in bom btw
[16:46] <jamespage> yeah - I see
[16:46] <jamespage> nice
[16:58] <zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/tests-refresh/+merge/198066
[17:02] <w0rmie> i've some problems with tftp-hpa configuration, the package is installed, but no file such /etc/default/tftpd-hpa to set
[17:02] <w0rmie> any ideas?
[17:05] <markthomas> w0rmie: check /etc/default/tftp-hpa
[17:16] <w0rmie> markthomas: the default folder with a simple ls does not contain any file named tftp-hpa
[17:16] <jamespage> zul: just checking that now - I'll merge it if its good
[17:17] <zul> jamespage:  okies we just have libvirt and libunwind to worry about
[17:17] <w0rmie> markthomas: should i create a file to set the tftp-hda to default task?
[17:18] <markthomas> w0rmie: checking.  sec
[17:18] <jamespage> zul, I did an install of everything from the trunk testing ppa
[17:18] <markthomas> w0rmie: trying to figure out why I have one.
[17:18] <jamespage> swift appears to have lost all is upstart configs for some reason
[17:19] <markthomas> w0rmie: yes, the upstart job for tftp-hpa loads /etc/default/tftp-hpa
[17:20] <w0rmie> markthomas: ok, should i create a new file with the defaults for tftp-hpa or i should fin an existing file into /etc/defaults/ named tftp-hpa?
[17:21] <markthomas> There are four options listed in the tftp-hpa defaults file.  You can find them in the upstart script.
[17:22] <zul> jamespage:  er?
[17:22] <markthomas> w0rmie: have a username of tftp, directory is whatever, address is 0.0.0.0:69, options="--secure -vvv"
[17:22] <jamespage> zul, its odd - non of the packages have upstart configs any longer
[17:23] <zul> jamespage:  wtf?
[17:23] <jamespage> zul, same on trusty and precise
[17:23] <highvoltage> it was zapped with lennart's deathray
[17:24] <zul> jamespage:  keystone does.
[17:24] <jamespage> zul, yes - it appears to be isolated to swift
[17:24] <zul> jamespage:  hmm...ill have a look
[17:25] <jamespage> zul, I'm looking
[17:25] <zul> jamespage:  ok ill poke libvirt then
[17:26]  * jamespage breaths again
[17:26] <jamespage> the release version in saucy/trusty does
[17:26] <jamespage> must be something in the branch
[17:26] <jamespage> zul, keystone merged
[17:27] <zul> jamespage:  cool thanks
[17:27] <zul> jamespage:  could be over zealous cleanup by me
[17:30] <jamespage> zul, http://paste.ubuntu.com/6530751/
[17:30] <jamespage> wanna +1 that? saves a mp
[17:30] <zul> jamespage:  arrgh...yeah +1
[17:32] <jamespage> zul, I've dropped b-o-m to run daily instead of hourly now
[17:34] <zul> jamespage:  ack
[17:42] <jwal> Hi.  I am trying to setup a non-interactive install of roundcube from the debs.  It is all working - using debconf-set-selections - except I am being prompted for a password.  I just have to hit enter for it to continue (using pgsql ident).  Can somebody help me debug what is happening? (also asked in #ubuntu, sorry for cross post)
[17:43] <zul> jamespage:  maybe leave it at daily and when the milestones come around turn it on for hourly?
[17:44] <ersi> Kind announcement: Today is the last day to do the FLOSS survey 2013: http://floss2013.libresoft.es/
[17:47] <jamespage> zul, well it can be run manually as well
[17:48] <zul> jamespage:  true just thinking
[17:48] <jamespage> smoser, I'm getting bored of syncing image data - have you started on a simplestreams charm yet  - or can I start hacking on one
[17:49] <smoser> jamespage, not started on said charm.
[17:49] <smoser> you are welcome to do that for sure.
[17:49] <jamespage> great
[17:50] <smoser> i dont know that i understood why you think its a separate charm thoug
[17:50] <smoser> rather than just confiuration of glance charm
[17:50] <jamespage> smoser, so when we want to use it with maas - its not tied to glance :-)
[17:51] <smoser> i dont follow
[17:51] <jamespage> that's entirely hypothetical
[17:51] <smoser> oh. maybe i see a bit.
[17:51] <jamespage> smoser, I actually pushed back on a MP to include this in the glance charm this week; I think it complicates the glance charm when it does not need to
[17:52] <smoser> boo
[17:52] <smoser> link to mp ?
[17:54] <jamespage> smoser, can't find it now
[18:51] <jwal> The answer was to 1) run install in interactive mode 2) copy the relevant output from debconf-get-selections 3) [the step I was missing] change any line ending "password" to "select" (for an empty password) 4) apply the config using debconf-set-selections
[19:24] <bitbyte> hey guys I have a quick question any one able to answer ?
[19:24] <bitbyte> basically i'm setting up strong swan with my home router and its not got a static ip and the server sits behind a firewall performing NAT I keep getting policy=PSK error. Am i going to be able to resolve this issue ? as some suggest the L2TP/IPSEC vpn can not work if the router is performing NAT which the server sits behind
[19:25] <bitbyte> Basically i'm setting up strong swan with my home router and its not got a static ip and the server sits behind a firewall performing NAT I keep getting policy=PSK error. Am i going to be able to resolve this issue ? as some suggest the L2TP/IPSEC vpn can not work if the router is performing NAT which the server sits behind
[19:26] <markthomas> bitbyte: why IPSEC and not OpenVPN?
[19:27] <bitbyte> I've elected to use Strongswan and try setup IPSEC
[19:28] <markthomas> bitbyte: Is this a learning project, or does it fit a specific business or technical need?
[19:29] <bitbyte> It's just personal learning to setup a strong IPSEC VPN
[19:29] <sarnold> I don't know the technical details since our admin set it all up for us eight years back, but we used ipsec for our vpn and we all had NAT systems at home and at the office and things worked out great. though our admin did have the ability to set up the ipsec gateway on the firewall itself, iirc.
[19:30] <bitbyte> the real issue i can see at the moment is that I'm having issues defining the inbound ip's cause they will all be dynamic ones connecting as it will be from different locations.
[19:31] <bitbyte> but I did think that having right=%any and rightsubnet=0.0.0.0/24 would resolve that
[19:31] <bitbyte> but I keep running into this pesky PSK error
[19:35] <markthomas> bitbyte: It's been quite a few years since I deployed an IPSec VPN as well.
[19:36] <bitbyte> It's been a challenging project the security guys at my work suggested strong swan but only get to quiz them during work hours sadly
[19:37] <sarnold> an excuse to stay home! :)
[19:38] <bitbyte> I work for a banks technical support so their very "official" and shy away from any personal project items
[19:38] <bitbyte> I feel in my config i'm missing something so simple gerrr
[20:17] <zul> jamespage:  libvirt fixed
[20:22] <hallyn_> zul: which libvirt is fixed?
[20:22] <zul> hallyn_:  1.1.2 backport for precise
[20:23] <hallyn_> stgraber: if you happen to have time to add an apparmor profile to trusty's lxc that allows mount fstype=ext*, please feel free :)
[20:23] <hallyn_> you know, in case youthought i'd feel you were stepping on my toes...
[20:23] <hallyn_> zul: ok
[20:26] <stgraber> hallyn_: I found the source of the IPv6 bug, one char fix :)
[20:27] <hallyn_> excellent
[20:27] <stgraber> hallyn_: http://paste.ubuntu.com/6531493/
[20:27] <hallyn_> i'm drafting a message to satan's advisory group^W^W^W dbus m-l
[20:28] <stgraber> (I was looking for bugs in the parser instead of the writer... once I looked at the latter, the bug was rather obvious...)
[20:53] <hallyn_> stgraber: no way!
[20:53] <hallyn_> i swear i straightened those out...
[21:27] <kieppie> hi folks
[21:27] <kieppie> anyone here familiar with LXC?
[21:28] <kieppie> I've been giving it a go on vanilla Debian (wheezy) - but the "stable" & docco's are fubar & it seems absolutely nothing has even been tried to remedy the situation since 2011/2012
[21:30] <e_t_> !anyone
[22:37] <hallyn_> zul: ok, the new failures in libvirt 1.2.0 are http://paste.ubuntu.com/6532080/
[22:38] <hallyn_> perhaps just a virt-install regression
[22:42] <hallyn_> re-running to get the exact error msg
[23:33] <hallyn_> zul: d'oh, virtinst was not installed.

[23:33] <hallyn_> zul: but, do you have a fix yet for libvirt-python upgrade?
[23:55] <hallyn_> zul: all right.  so virtinst depend on python-libvirt which conflicts with libvirt-python.
[23:55] <hallyn_> so if you're not going to rename libvirt-python to python-libvirt, then you must at least create an empty python-libvirt depending on libvirt-python.