=== freeflying_away is now known as freeflying === kermit is now known as kermitamine === freeflying is now known as freeflying_away === kermitamine is now known as kermit === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away [02:41] hi all [02:58] smoser: lurking on your sunday? [02:58] smoser: I have a cloud init based question [02:58] quick. [02:58] smoser: :-) [02:58] context: creating an lxc template image for faster lxc local provider [02:59] I want the template to start up, do the package install, apt-get update/upgrade, and then shutdown [02:59] what is the easiest way? [02:59] I thought of adding "shutdown -h now" at the end of the scripts [02:59] bit I thought that might not have the cloud init process finish cleanly [03:00] maybe "shutdown -h +1m ?" [03:01] well, 'power_state' at http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/doc/examples/cloud-config.txt is the cleanest way. [03:01] but that wont work in 12.04, === freeflying_away is now known as freeflying [03:01] smoser: yeah, kinda need a precise solution [03:02] what i think i migh do is suggest writing a upstart job that runs on 'stopped cloud-final' [03:02] i'm pretty sure that shoudl work on all, and will guarntee that cloud-init is done. [03:02] smoser: so "shutdown -h +1" will give cloud init time to finish? [03:03] ah... [03:03] well, +1 is 1 minute ? [03:03] yeah [03:03] it doesn't seem to support resolution shorter than that [03:03] if I created an upstart job for the template [03:03] that should work. [03:03] that would be copied across to the new container [03:03] and the upstart job can remove itself. [03:03] after running. [03:04] interesting [03:04] smoser: so the upstart script would be, what, two or three lines? [03:05] i sweare i've written this before [03:05] :) [03:05] probably [03:06] haha, a google takes me to read the docs, which then has your example from above [03:07] smoser: you didn't implement the powerdown as an upstart job did you? [03:07] something like this: [03:07] http://paste.ubuntu.com/7025430/ [03:08] thumper, no. it forks a process that watches its pre-forked pid for exiting. [03:08] http://bazaar.launchpad.net/~cloud-init-dev/cloud-init/trunk/view/head:/cloudinit/config/cc_power_state_change.py [03:08] run_after_pid_gone [03:10] I'll try the upstart script approach I think [03:10] * thumper goes to hack it in [03:11] thumper, one thing you could od if you didn't trust the "remove myself" [03:12] is put it in /etc/init as a symlink into /run [03:12] * thumper waits [03:12] which would mean next boot it woudl definitely not be there (possibly a dangling symlink) [03:12] haha [03:12] I'll be testing it, don't stress [03:12] I'll try it and let you know [03:12] i suspect there is some sort of race condition [03:12] where by init could turn the system off before the job actually stopped. [03:13] but i really doubt it. [03:13] but we should delete the job, then restart :) [03:13] whack an echo in there too so we can see in the logs that it ran :) === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away [04:31] hello. i think someone hacked into my server box through vnc service. i'm not sure how this is possible since i had no port forwarding and i had a random password required. how can i autopsy this before reinstall? === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away [06:45] "kernel: Cannot read proc file system: 1 - Operation not permitted. " getting these repeated messages million times every minute in my syslog on 12.04 ubuntu VPS based on OpenVZ, anyone has any idea please ??? === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying [07:39] "kernel: Cannot read proc file system: 1 - Operation not permitted. " getting these repeated messages million times every minute in my syslog on 12.04 ubuntu VPS based on OpenVZ, [07:39] anyone has any idea please ??? === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying === freeflying is now known as freeflying_away === freeflying_away is now known as freeflying [09:59] Is there a way to construct a glob that matches all files except one? [12:13] hey, I currently have this in my upstart: http://pastie.org/8835007 - are there any suggestions to clean that up a bit? [13:33] Daviey: around? === psivaa is now known as psivaa-lunch [13:38] Daviey/jamespage: fyi https://bugs.launchpad.net/ubuntu/+bug/1287173 [13:50] zul: hey [13:51] Daviey: can you do a quick review of python-oslo.vmware i filed a bug first #1287173 [13:53] zul: yes (with comment) [13:56] Daviey: thanks [13:59] zul: you might want to raise a MIR asap. [13:59] afk [13:59] Daviey: ack === edu-afk_ is now known as edamato [14:29] hallyn: ill work on 1.2.2 this afternoon === psivaa-lunch is now known as psivaa [14:41] how to change the dir mode for other to be T ? [14:42] like this [14:42] drwx-wx--T 2 root crontab 4096 Aug 30 2013 crontabs/ [14:43] chmod o+s crontabs [14:46] soren: still showing drwxr-xr-t === mjohnson15_2 is now known as mjohnson15 [15:07] anyone here authenticating to AD with sssd? [15:09] yes [15:10] actually, I don't think I am [15:10] just for user attributes and group stuff [15:10] but using radius for auth, against ad + 2factor [15:11] pmatulis2: I am, well, samba4 technically but same thing on the client side anyway [15:11] stgraber: do you need to install anything on the client beyond configuring sssd? [15:11] stgraber: and AD doesn't require any extra bits at all? [15:12] kerberos [15:12] pmatulis2: you need ssd and samba-common on the client, that'll pull all the needed bits. You then need to configure /etc/samba/smb.conf and /etc/krb5.conf, join the domain (to grab a machine ticket), then configure sssd to use the machine ticket and the AD server(s) [15:12] *sssd [15:13] stgraber, Patrickdk: ok, thanks [15:14] pmatulis2: here (domain=stgraber.net workgroup=STGRABER), http://paste.ubuntu.com/7028007/ (smb.conf), http://paste.ubuntu.com/7028009/ (krb5.conf) and http://paste.ubuntu.com/7028010/ (sssd.conf) [15:14] this is misleading: [15:14] https://wiki.ubuntu.com/Enterprise/Authentication/sssd [15:15] there are some bits you probably don't need in the sssd.conf. I hardcode the domain SID to guarantee a lower uid/gid range on all machines and I have custom OUs for a few things as well as ssh and sudo support (extended schema is needed for those two) [15:15] stgraber: that stuff will help. thanks [15:15] hmm, I don't remember configuring smb.conf at all [15:15] pmatulis2: yeah, that documentation seems to refer to a rather old sssd, newer sssd has the ad provider which does it all for you [15:16] Patrickdk: it's only really needed if you don't put a password in sssd.conf (which is usually recommended) [15:16] stgraber: yeah, i figured id_provider should be 'ad' [15:16] Patrickdk: the smb.conf is only used for the domain join (net join -U username domainname) which then generates /etc/krb5.keytab that sssd will use to authenticate [15:16] I did do a domain join [15:17] maybe I did, have to look it up, been a year since I setup that cluster [15:17] hello, [15:17] could be that the right parameters to net join also let you specify all the bits from smb.conf and not require it at all [15:18] anyone know where ubuntu server has logs for the cifs & smb services? [15:18] StathisA: /var/log/samba/* [15:18] i just noticed in the console the following message: CIFS VFS: Send error in Close = -9 [15:19] I should continue my, trusty testing and upgrading today [15:19] I'm sure I have many more bugs to report :) [15:19] StathisA: that's a kernel message, more likely to be related to something using the cifs filesystem on the box [15:20] pmatulis2: oh yeah, the config I gave you is for current sssd in trusty (which I backport for my precise boxes) [15:20] but how can i find what that is? [15:20] afaik smb/cifs works without any problems [15:20] pmatulis2: That sssd wiki entry is incomplete. You need to enable unix attributes in AD for it to work. [15:21] At least, I had to on Friday. [15:21] StathisA: well, that error just means there was some kind of bad communication with the server when disconnecting from it. Could be some network glitch, ... it can probably be ignored. [15:21] markthomas: but you didn't put the provider as 'ad' [15:21] markthomas: no you don't [15:21] ok thanks stgraber [15:21] StathisA: you can also enable a kernel-level cifs filesystem debugging ( echo 1 | sudo tee /proc/fs/cifs/cifsFYI ) === JanC_ is now known as JanC [15:22] hmm i now noticed that if i login to the console, it says a "system restart required" [15:22] but not the reason [15:24] StathisA, there is only one reason :) [15:25] pending kernel upgrade [15:28] so i just "sudo shutdown -r now" or do i need to initiate any updates first? [15:28] crontab -e [15:28] crontabs/ipin/: fdopen: Permission denied [15:28] hmm.. any idea what the issue is? [15:29] ls -ld /var/spool/cron/crontabs/ipin [15:29] -rw------- 1 ipin crontab 23088 Feb 6 11:39 /var/spool/cron/crontabs/ipin [15:33] doh! crontabs dir group owner was not crontab .. fixed [15:36] any idea what can cause ntpq> peers shows .INIT. for refid instead of IPs ? [15:48] i have login to the server box.. i want to implement those configuration to another box [15:48] how to do that? === edamato is now known as edu-afk [16:22] which pkg has snmp client? [16:25] got it [16:42] zul, the job to know about for triggering the test runs in the lab is [16:42] .... [16:43] are you telling me or are you quizzing me? :) [16:45] lol [16:46] why does date for file1 shows Nov 10 and not Nov 10 2013, but date for file2 showing Aug 10 2013 ? [16:46] $ ls -al /tmp/file? [16:46] -rw-r--r-- 1 iqbala iqbala 0 Nov 10 10:10 /tmp/file1 [16:46] -rw-r--r-- 1 iqbala iqbala 0 Aug 10 2013 /tmp/file2 [16:47] zul, pipeline_manual_trigger [16:47] sorry - it was being slow [16:47] jamespage: cool ill take a look [16:47] zul, fwiw I did kickoff a run on saucy last week [16:48] how did it go? [16:59] zul, can't see now [17:00] zul, I think the three scenarios did pass for saucy [17:00] jamespage: cool...ill kick off a new one just to make sure [17:53] zul, jamespage when will 2013.2.2 go from -proposed to -updates? Any eta? any bug I can go verify/poke? [17:54] ^ openstack [17:54] * med_ should have added that tiny bit of context === edu-afk is now known as edamato [17:57] med_, this week I hope [17:58] needs verification still [17:58] nodz. [17:59] is verification a jenkins run on your end or users (like me) weighing in? [18:02] jamespage: is python-keyring functional for you on trusty? python -c 'import keyring' bails on a dbug socket error, so does anything using keystoneclient [18:03] adam_g, I've not had issues [18:03] I'm running openstack testing from a trusty client [18:03] adam_g, oh - one second - this rings a bell [18:03] smoser, ^^ [18:04] I think you fixed me when I hit this - something in my local config [18:04] adam_g, ^^ but I can't remember exactly what... [18:04] jamespage: yeah ive seen similar reported a bunch in the past but never saw it myself.. till now [18:05] jamespage, could you please tell adam_g that I don't talk to him any more. [18:05] Daviey, if you're around can you accept the openvswitch-lts-saucy binaries stuffed up in precise-proposed [18:05] adam_g, smoser does not talk to you any more [18:05] let me look, though. i hit this in trusty and fixed somewhere. [18:05] lol [18:05] adam_g, hows the new desk ;-) [18:06] jamespage: its cool except none of my openstack clients work anymore. i leave for two weeks.... [18:06] :) [18:06] https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1260017 [18:07] is that what you're seeing adam_g ? [18:07] i dont think you should hit the issue unless you have .local/share/python_keyring/ [18:10] smoser: no different [18:10] er.. no, its different [18:11] really. hm.. [18:12] adam_g, oh yeah, i read your issue now :) and yeah, that woudlnt fix it. [18:12] http://paste.ubuntu.com/7028925/ [18:12] adam_g, try with: [18:13] env -u DBUS_SESSION_BUS_ADDRESS -u XDG_DATA_HOME [18:13] the XDG_DATA_HOME might be only a result of me using a different HOME for the way i interact with canonistack. i'm not sure. [18:16] maybe thats not waht you wanted, adam_g . but either something died and there is no dbus server ther to talk to you dont have perms to it. [18:22] smoser: hmph. DBUG_SESSION_BUS address pointed to path different than what dbus-daemon was passed, but neither actually exist. unsetting DBUS_SESSION_BUS_ADDRESS fixes it [18:24] adam_g, screen ? [18:24] ie, i get that when i log in, start a screen (it inherits variables), and then i log out. [18:24] smoser: ugh yeah [18:24] good point [18:24] tmux [18:25] its why i do the uncrypted file path. as described there. [18:25] in https://bugs.launchpad.net/ubuntu/+source/python-keyring/+bug/1260017 [18:26] jamespage: already done by someone? [18:26] Oh, sru done? [18:26] Daviey, no - "Binary packages awaiting approval in NEW queue:" [18:27] jamespage, fyi, some typoes in your blogpost (opening paragraph for sure) [18:27] I just need the built binaries in -proposed so we can test them [18:27] med_, oh great [18:27] jamespage: Oh.. NEW [18:27] jamespage: done [18:27] Daviey, ta [18:27] but EXCELLENT TOPIC [18:28] med_, thanks [18:28] med_, I've been negligent on blogging [18:28] I've been trying to tell folks for a while they need to be using newer tools than plain ol' precise. [18:28] med_, can't wait for " Ubuntu 14.04/Linux 3.13: N/A" [18:29] is there something like a libvirt-saucy? [18:29] for precise? [18:29] hallyn/jamespage: i think libvirt 1.2.2 should be our final unless there is a compelling reason [18:30] zul: i'm still hoping i'll have time to address some of the apparmor issues, but soudns good to me [18:30] and maybe bug 1279176 [18:30] nevermind, that's just the cloud archive for libvirt. [18:32] med_, yup [19:03] hallyn: arrg http://pastebin.ubuntu.com/7029163/ [19:06] looks like just a conflict with ./dnsmasq-as-priv-user [19:06] zul ^ [19:06] yeah fixing it now [19:07] just needed to vent my spleen [19:34] hallyn: libvirt building now [20:25] hallyn: its available here when it builds: https://launchpad.net/~zulcss/+archive/libvirt [20:32] zul: i'll set up tests tonight (when my box isn't busy) [20:32] k === Ser|Away is now known as Sereil === Sereil is now known as Ser|Away [22:07] smoser: what would you think about including virtio-scsi in the cloud-image so we could use fstrim to keep the sparse images from growing over time? in qemu1.5, discard works against raw files, in 1.6+ works in qcow2 images. [22:07] rharper, how is it not there now ? [22:07] ie, whwat do we hae to do? [22:07] smoser: we use virtio-blk [22:07] ? [22:08] wouldn't that be a host level thing? how should the guest knwo which driver it should use ? [22:08] it';s two things [22:09] its not something i'd recommend we change in a released ubuntu, but in trusty, i'd push for it if its fairly well known stable. [22:09] the host backing device needs to support discard (ext4 fs has file punch through) or lvm which can issue discard, or host ssd. [22:10] yeah; I want to test the newer qemu in trusty to check out the qcow2 trim support since that's the "normal" use-case, like uvtool creating backing images etc. [22:10] rharper, so would there be changes to the images ? [22:11] only including virtio-scsi module [22:11] i'm confused. [22:11] change to the guest XML when deployed to enable virtio-scsi bus and discard support in the qemu block device [22:11] right. ok. [22:11] change in the guest OS to load up the viriio-scsi module [22:11] guest OS already has ext4 which can do discard [22:11] or fstrim [22:12] might need to patch up fstrim-all to make sure it things it can run against the virtio-scsi devices (it checks via hdparm and sees if it's Intel or Samsung) [22:13] but I know I would be really happy to not have ever growing qcow2 images for my long running virtual maas instances === mjohnson15_2 is now known as mjohnson15 [22:14] rharper, please open a bug against linux [22:14] and say: [22:14] please include virtio-scsi in linux-virtual [22:14] ooh that'd be nice, shrinking qcow2s is hassle enough I just don't do it, it'd be nice if they just did the right thing :) [22:15] exactly [22:15] sarnold, you'll have to change the way you launch vms to present that driver though [22:15] and you have to know if your guest supports that driver ... [22:15] smoser: likely that's a one-time change, right? [22:15] but sometime in 16.04 you'll be able to just assume. [22:15] smoser: well, I guess I'm just thinking about -my- use cases, hehe [22:15] you've got a different set of cares :) [22:16] smoser: https://bugs.launchpad.net/ubuntu/+source/linux ? [22:16] rharper, i suppose if we're already building the module for older releases and we just needed to move it, and it was know stable, we could even do it on 12.04. [22:16] rharper, thats right [22:16] but i would just use 'ubuntu-bug /boot/vmlinuz-$(uname -r)' [22:16] smoser: cool; I can file that from my trusty beta1 vm image [22:17] yeah. just run that [22:17] smoser: let me see what we package in 12.04 [22:17] then follow the link [22:17] and fill out the data. [22:17] i hae to run. [22:17] np [22:17] have to run [22:17] thanks [22:17] later. [22:25] smoser: done: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1287401 === Kaffien__ is now known as kaffien [23:19] ubuntu server seems to have an issue with iscsitarget either that or something is gummed up on this mostly fresh install. can someone point me in the right direction? http://pastebin.com/Zp2Sb62R [23:24] kaffien: looks like the iscsitarget kernel module folks need to update their source [23:24] kaffien: the first warning is just a warning -- it -might- lead to kernel memory corruption but probably not. the second, the error, must be fixed by updating the source code. [23:25] so i need to go back to an earlier kernel? [23:26] kaffien: that's likely the easiest course of action, but it might be nice to file a bug report all the same, so the need to update doesn't get lost [23:26] there are reports filed hehe [23:26] good good [23:26] they haven't updated since may of last year [23:26] unless it moved [23:27] althought this is an svc perhaps i should try from sourch on sourceforge ..... [23:31] bah either way its not working with that one either [23:31] how far back do i need to go do you think? [23:33] kaffien: hrm, that might be hard to guess without looking into the code [23:34] kaffien: I'd try the different 'stable' branches listed here, starting with newest, just because I'm optimistic :) https://www.kernel.org/ [23:34] I do have a server running 3.11.0-14-generic that is working fine with iscsitarget [23:35] cool [23:37] how can i tell the current server currently running trusty to go back to that kernel? [23:38] kaffien: if you have an exact version number handy (dpkg -l 'linux*' | cat on the other machine) then you can use apt-get install linux = [23:39] i'll give it a try [23:46] hi, i have a problem connecting to the net in ubuntu server. apache, ssh and samba are still working fine, but apt-get doesnt work etc. [23:47] i think it may have something to do with when i installed virtualbox, and set up windows xp [23:47] that is not working apt-get install linux-image-3.11.0-14-generic doesn't seem to work [23:47] probably becaue im on trusty now and not percise? [23:52] kaffien: drat. you can find specific versions here: http://archive.ubuntu.com/ubuntu/pool/main/l/linux/ [23:54] m1sf1t: you need to make sure your virtualbox thing is configured correctly, whether it is NATting your guests or whether the guests have their interfaces bridged with the local area network vs a complete isolation bridge which is sometimes set up to prevent the guests from being a security problem [23:55] i should just nuke it from orbit lol [23:55] grub.cfg changed a bunch to eh? [23:56] thats odd i tried pasting to my server and it says this. unable to resolve host address âarchive.ubuntu.comâ [23:56] whats up with the special characters? [23:57] keep in mind searching in command history does not show the special characters [23:57] sarnold: i've just apt-get purged virtualbox... lol didnt work [23:58] m1sf1t: oh, I thought your ubuntu was running in virtual box under windows :) sorry... [23:59] sarnold: nope, it's installed on a hdd. i installed virtualbox just messing around. it was around that time that it stopped connecting to the web. [23:59] sarnold: everything else is working fine though