[03:09] <krababbel> Hi, why is there a relative path in openssl.cnf for CA_default? Where should I keep my files like certs if I want to be my own CA for a LAN? Some say in /root/ca but others suggest /etc/ssl
[03:14] <krababbel> Also I want to create a certificates for my webserver and mailserver. Without my own CA signing both certs, I'd need to install multiple certificates on clients, correct? With my CA, a client could verify both mail and web certs using only the CA cert, correct?
[03:16] <patdk-lap> depends on what you do
[03:17] <patdk-lap> you could have some other ca sign them
[03:17] <krababbel> patdk-lap: I need to sign them myself, it is just a test LAB.
[03:19] <krababbel> patdk-lap: So if I sign them myself, my clients in the lab could verify all server certificates, which were signed by my CA, and the clients would only need to install my CA certificate, correct? I am a bit unsure now.
[03:20] <krababbel> patdk-lap: Otherwise I could just self sign the certs on the mailserver and webserver for example each.
[03:20] <patdk-lap> yes
[03:20] <patdk-lap> but the server would need it's certificates and any intermediate certs (that doesn't sound like your making)
[03:23] <krababbel> patdk-lap: OK, thank you a lot.
[03:48] <rsd> any good suggestions for a MON replacement (if any)?
[03:49] <patdk-lap> what is a mon
[03:49] <rsd> system monitoring, alert, etc
[05:31] <krababbel> I am unsure about LDAP authentication and /home on an NFS server. If the LDAP and NFS servers are different machines on the network, could pam_mkhomedir create the homedirs on the NFS server on first login?
[05:39] <krababbel> Why is it a problem with having both local and LDAP homedirs in /home? I read that usually you should separate them, but I don't see why. Aren't UID and GID enough?
[05:45] <krababbel> Maybe that's only for users which already exist locally.
[05:49] <krababbel> Or is the problem that a local user trying to login and mounting their /home/... could be rejected by the NFS server because NFS may not find that user in LDAP and locally, I guess.
[05:51] <krababbel> So if the same local user already exists on all machines, and the only additional users in /home would be LDAP users, then separating /home wouldn't be necessary?
[09:25] <Rar9> morning. need some help with an Error 503 for installing Solr4 with Tomcat7  .. Anyone?
[09:43] <ikonia> Rar9: 503 is service unavailable suggesting that it's not listening on the port you have defined, or it is listening but the application is not configured (which is common with solr)
[13:08] <krababbel> Why is it a problem with having both local and LDAP homedirs in /home? I read that usually you should separate them, but I don't see why. Aren't UID and GID enough? But if there is only the same local user on all machines, and the only additional users in /home would be LDAP users, then separating /home wouldn't be necessary?
[15:52] <zul> rbasak/hallyn: im adding that arm64 patch before uploading a new libvirt (1.2)
[15:54] <ahnkle> i am thinking of getting a Proliant DL140 G3 for personal use. there is an Ubuntu 10.04 release. is this retired now?
[15:54] <rbasak> zul: I'm not sure we should right now.
[15:54] <rbasak> zul: I don't want to cause a future conflict with a Linaro patch.
[15:55] <rbasak> I emailed Clark (Linaro) to get his view.
[15:55] <zul> rbasak:  arrgh after i rediffed it
[15:55] <rbasak> Since he's doing the libvirt armhf/arm64 enablement work which involves pushing it upstream.
[15:55] <rbasak> zul: well, I did say in the bug·
[15:55] <zul> rbasak:  yes but im not awake yet :)
[16:25] <hallyn> zul: bug 1264955 - any objections to nfs-common being in libvirt build-dep?
[16:28] <zul> hallyn:  nah
[16:28] <zul> hallyn:  1.2.0 has been uploaded like a half hour agao
[16:34] <hallyn> yeah - and on the one hand i don't want a new uplaod just for that, but otoh if we don't do it now we'll never remember :)
[16:35] <hallyn> well i've added it to my long list of libvirt bugs to work on when i have time
[16:35] <zul> hallyn:  sweet...just batch them up :)
[16:50] <krababbel> Hi, is there a problem sharing one public folder over samba and nfsv4 at the same time?
[16:51] <jrwren_> no, no problem.
[16:51] <krababbel> jrwren_: OK thanks, I'll try that.
[16:51] <jrwren_> why would there be a problem :)
[16:52] <krababbel> jrwren_: I asked because NFSv4 uses usually this special folder /exports
[16:53] <krababbel> So I was unsure if they'd work nicely together. (samba and nfs)
[16:55] <jrwren_> oh no.
[16:55] <jrwren_> that /exports is just a default config. you can export anything
[16:55] <krababbel> jrwren_: Thank you a lot. :)
[17:23] <hallyn> zul: is ppa:ubuntu-cloud-archive/havana-staging "the havana cloud archive" ?
[17:24] <zul> hallyn:  its the staging area http://www.ubuntu.com/download/cloud/cloud-archive-instructions
[17:24] <hallyn> where is the real havana cloud archive then?
[17:25] <hallyn> oh i see, thx
[17:25] <hallyn> how do i add the apt-key?
[17:26] <hallyn> eh, nm.  no matter for the test
[17:44] <hallyn> zul: are you doing anything right now on libvirt apparmor bugs?
[17:45] <hallyn> jdstrand: can I (later today/tomorrow) point you to some debdiffs relating to libvirt-apparmor?
[17:46] <zul> hallyn:  nope just getting libvirt-python ready for mir
[17:46] <hallyn> oh i thought with merge from debian you didnt' have to
[17:46] <hallyn> ok.  just one more lxc thingie and then i'm hitting libvirt-apparmor hard.
[17:46] <zul> hallyn:  nah i wish it was like that
[18:43] <adam_g> zul, if you get some minutes today could you plz take a look at the 2013.2.1 branch updates at https://code.launchpad.net/~ubuntu-server-dev/+activereviews ?
[18:44] <zul> adam_g: 2013.2.1?
[18:44] <adam_g> zul, the first havana stable release
[18:45] <zul> adam_g:  cool gimme a sec
[18:45] <adam_g> zul, no rush
[18:48] <zul> adam_g:  +1
[18:49] <adam_g> zul, nice thanks
[20:02] <krababbel> I want to export /home directories over NFS. Why do people say it is a problem if I do not separate the remote home folder from the local home?
[20:02] <krababbel> For example like described here in the second paragraph: http://nickportertech.blogspot.co.at/2010/02/ubuntu-machine-with-nfs-home-and-ldap.html
[20:04] <jrwren_> krababbel: its only a problem if you want to login to an nfs client system when the nfs server is down
[20:05] <krababbel> jrwren_: OK thanks a lot, of course, I am tired. :)
[20:05] <jrwren_> if that is not a requirement, then it is no problem.
[20:06] <krababbel> jrwren_: I see, yes.
[21:45] <hallyn> jdstrand: in qrt test-libvirt.py, there are two lines restoring "/etc/apparmor.d/abstracations/libvirt-qemu" <sic>.  Is that some intended genius, or a typo?
[21:49] <tclarke> I'm setting 12.04 MAAS and I'm having trouble following the install docs...I get to the point where I need to d/l initial boot images and run "maas-cli mynam node-groups import-boot-images" where mynam is the name of my login profile
[21:49] <tclarke> node-groups: error: argument COMMAND: invalid choice: u'import-boot-images' (choose from 'register', 'list', 'refresh-workers', 'accept', 'reject')
[22:01] <stdaro> https://bugs.launchpad.net/ubuntu/+source/openjdk-6/+bug/257857 is pretty unpleasant, still applies today
[22:20] <bravvve22> hello am newbe,in a vps ubuntu 10.04 is installed and if config gave me venet0:0,no eth0 what meen?
[23:06] <bigjools> tclarke|AFK: you need to run the version of maas in the cloud archive
[23:41] <adam_g> zul, ping
[23:44] <krababbe1> Hi, if I enable no_root_squash on an export, could it be dangerous for the NFS server, or would that "just" allow a remote root to do anything within that export folder?
[23:45] <bekks> krababbe1: yes, it could dangerous, dependingon what you are sharing.
[23:47] <krababbe1> The problem is, that I want to have an NFS server export /home to clients. These clients are LDAP accounts, and I want to use pam_mkhomedir to create their homes on first login. But I get 'permission denied', and I guess it has to do with the fact that remote machines are restricted by root_squash. With no_root_squash it seems to work.
[23:48] <krababbe1> bekks: The NFS server, LDAP server and client are three different machines on the LAN.
[23:49] <bekks> krababbe1: Which doesnt matter, and doesnt clarify which shares you are going to share with no_root_squash
[23:49] <krababbe1> bekks: The /home folder would be shared with no_root_squash.
[23:50] <krababbe1> bekks: On the NFS server it would be /mnt/home, since I separated local home from LDAP user's homes
[23:50] <bekks> krababbe1: Unless root isnt going to use stuff from /home, it's nasty, but somehow safe.
[23:51] <krababbe1> bekks: I guessed so. :) Is there an similar alternative?
[23:52] <krababbe1> using pam_mkhomedir I mean
[23:52] <krababbe1> I am doing this for the first time.
[23:52] <hitsujiTMO> krababbe1: i'd also ensure subtree_check is used
[23:53] <krababbe1> hitsujiTMO: Thanks, I'll try that.
[23:54] <adam_g> zul, anyway, /me needs sponsorship for http://people.canonical.com/~agandelman/heat-2013.2.1/ . can you help? guess heat is not seeded properly?