[00:01] <Patrickdk> guegs, don't use ftp
[00:01] <Patrickdk> atleast use rsync or sftp
[00:01] <Guegs> yeah, sftp is what I meant.
[00:01] <Guegs> Might even go for vsftp. Depends on how ambitious I'm feeling.
[00:04] <Patrickdk> that would be horrible
[00:04] <Patrickdk> vsftp is just ftp
[00:04] <sarnold> don't do vsftp
[00:04] <Patrickdk> sftp is a million times more secure
[00:08] <pmatulis> a million?  wow!
[00:09] <sarnold> yeah I think sftp has 7.3 million security units :)
[00:15] <mwhudson> sftp is also not a completely horrible protocol
[00:16] <Patrickdk> well, when you go from 0 security to 1 security, it's just infinitly better :)
[00:16] <sarnold> so true. ftp scores a few million suckitude points. :)
[00:19] <Patrickdk> it was a nice design, till nat was invented
[00:19] <Patrickdk> then doing ssl+ftp become impossible
[00:20] <Patrickdk> and after all that, I can't believe they went and designed sip to do the same stupid thing
[00:37] <guampa> hello, a little question on amavisd-new. I know it supports listening on several inet sockets and plugging different policy banks to that, what I want to know is if amavis supports the same with unix sockets
[00:38] <guampa> i only see a single $interface_policy{'SOCK'} in the default config
[00:40] <guampa> hmm, i you can do $inet_socket_port = [10040,10041,10042,10043,10044]; maybe something alike can be done with $unix_socketname
[00:44] <guampa> nope, inet sockets it is then
[03:11] <lstefani> lstefani> hello. how i can change a file with drwxr-xr-x 5 nobody nobody   to  drwxr-xr-x 5 root root? ok i run chown root:root file_name, but not work
[03:48] <ubunter> Any one have experience PXE booting?
[03:51] <ubunter> Hello?
[03:52] <ubunter>  Any one have experience PXE booting with Ubuntu server?
[03:55] <ubunter> After completing Ubuntu installation through PXE booting, the client has no internet access, what would cause that issue?
[04:03] <Phibs> ubunter: i use cobbler to do that
[04:03] <Phibs> and it sets up the interface config post install
[04:04] <ubunter> After using cobbler does your client have internet access after installations are complete?
[04:04] <ubunter> Or do you have to make changes to the interfaces?
[04:07] <Phibs> ubunter: yes
[04:09] <ubunter> If possible could you briefly explain the steps involved in the process maybe like the 4 point summary. Let me give you mine: 1. Configured DHCP server 2. Install tftpd-hpa inetutils-inetd 3. Made Configurations for those tools 4. Download Ubuntu 12.04 ISO 5.Extracted and put proper files into proper directories. 6 PXE boot and installed Ubuntu 7. After installation no internet access for the client.
[04:10] <ubunter> Where would I make the mistake of not allowing my clients to lose internet access after installation is complete?
[04:15] <Phibs> ubunter: it is your preseed
[04:15] <Phibs> you have to customize it
[04:16] <Phibs> cobbler ships with a post network config script taht should work
[04:16] <Phibs> it is possible it is not setting the default gateway
[04:16] <Phibs> this might help, http://tech.five3genomics.com/cobbler-tips/
[04:16] <Phibs> ubunter: I am going to sleep but if you still need help tomorrow I will give you my preseed/script
[04:17] <ubunter> I see, Thank you very much I will see if I can fix the issue
[04:17] <ubunter> Ok thank you very much been working on this for week for a non profit I volunteer for thank you
[04:30] <hallyn> smb: suspect it's too early for you, but in any case - was there some option you said earlier that i have to give to mount nfs from a saucy host onto a trusty client?
[04:31] <hallyn> it hangs while doing mount("10.42.43.16:/srv", "/srv", "nfs", 0, "vers=4,addr=10.42.43.16,clientad", but '-o nfsvers=2 or =3 is not supported
[04:52] <hallyn> hm, seems to be working now <shrug>
[06:21] <ruben23> hi guys any help when i run /usr/sbin/iptables ruless  --> it says no directory..? how do i run the path for iptables in ubuntu server..?
[06:29] <verdeP> ruben23: which iptables
[06:29] <verdeP> err thats the command xD
[06:30] <verdeP> its in /sbin/
[07:07] <smb> hallyn, I certainly said nothing earlier anyway. But it should be ok with no special magic.
[09:01] <lifeless> jamespage: I'm hoping you're in UK time :)
[09:01] <lifeless> jamespage: cause, https://bugs.launchpad.net/tripleo/+bug/1300663 - I'm thinking its an upstart bug
[09:07] <rbasak> lifeless: could that be an errant upstart job, perhaps, causing some sort of loop? If it is an upstart bug, you haven't provided the release or version of upstart or anything.
[09:08] <lifeless> rbasak: oh sorry ! still gathering data but saucy
[09:08] <lifeless> rbasak: so yes, certainly an errant job, but that should never be able to wedge upstart
[09:08] <lifeless> rbasak: upstarts job is to be unwedgable ;)
[09:10] <rbasak> jodh: ^^
[09:11] <rbasak> lifeless: agreed, but is upstart actually wedged there? Or is it trying as hard as it can to do what an errant upstart job might have said, while still being able to process other things?
[09:14] <lifeless> rbasak: service nova-compute stop hangs
[09:15] <lifeless> rbasak: even though the nova-compute process can be killed (have done so) and is now a zombie
[09:15] <lifeless> rbasak: also can't reboot the machine
[09:15] <lifeless> we think we know how we're tickling this now
[09:18] <jodh> lifeless: looks like that server needs to raise its limits. what does 'ls -l /proc/1/fd' show?
[09:21] <lifeless> jodh: 0 through 1023
[09:21] <lifeless> jodh: but no - its a genuine leak in one of our scripts - my complaint here is that upstart has allowed itself to become nonfunctional
[09:21] <lifeless> jodh: can't reboot, can't stop services.
[09:26] <jodh> lifeless: try modifying /proc/1/limits to raise max files to the hard limit
[09:31] <lifeless> echo 2048 > /proc/1/limits
[09:31] <lifeless> -su: echo: write error: Invalid argument
[09:31] <lifeless> jodh: ^
[09:46] <jodh> lifeless: I've updated the bug with questions and suggestions.
[09:46] <lifeless> jodh: brilliant, many thanks
[09:47] <lifeless> I've restarted that server, but I've 9 more with the symptom intact, will grab a stack from them
[09:48] <jodh> lifeless: thanks
[09:48] <lifeless> jodh: I'm not sure what you mean by raise the limits, since upstart starts before any limits are able to be set
[10:35] <vlad_starkov> QUESTION: Ubuntu 14.04 Server 64bit. Does it support 16Gb memory?
[10:40] <rbasak> vlad_starkov: http://askubuntu.com/q/142043/7808 suggests that it should be fine. I'm not aware of any other restriction.
[10:40] <rbasak> (assuming your hardware supports it)
[10:41] <vlad_starkov> rbasak: nice)
[10:41] <vlad_starkov> THanks.
[10:53] <bekks> hi
[10:54] <bekks> how can I enforce iscsi target to be presented over a specific network only? I defined a public lan, and a separated iscsi lan, but targets are visible over public lan, too.
[10:58] <rbasak> bekks: arrange for it to "bind" to the correct interface or address. I'm not sure how to do that, but the wording might help your search.
[10:59] <bekks> rbasak: yeah, I'm gonna try that. thank you :)
[11:09] <bekks> for the logs: binding to a specific iscsi interface can be done by setting ISCSITARGET_OPTIONS="--address a.b.c.d" in /etc/default/iscsitarget
[11:09] <bekks> Thanks for the clue :)
[11:11] <rbasak> No problem. Thanks for reporting back - useful to know next time someone asks :)
[11:12] <jamespage> lifeless, I see that rbasak and jodh are helping you
[11:14] <lifeless> jamespage: they are, thanks!
[11:14] <lifeless> oh nuts, I just realised I didn't get the stacktrace from the host
[11:14] <lifeless> I bulk-removed the cause that triggered the issue :(
[11:14] <jamespage> adam_g, just promoting everything aside from the rc1's to -updates now
[11:14] <jamespage> lifeless, ooops
[11:15] <lifeless> assuming we a) analysed it right and b) the fix works
[11:15] <lifeless> we won't tickle the problem again
[11:15] <lifeless> :/
[11:15] <lifeless> should be fairly easy to reproduce on demand with a little scripting
[11:15] <lifeless> I'll see what I can do tomorrowish
[11:24] <jamespage> zul, coreycb: we need to switch over the CI lab to use the milestone-proposed branches as they appear
[11:29] <mdeslaur> Daviey: mitre descriptions are often wrong, you can't rely on them. Here's the upstream link: http://security.libvirt.org/2013/0012.html
[11:32] <vlad_starkov> QUESTION: Ubuntu 14.04 Server 64bit. Successfully boots with 12GB RAM. Fails with 16GB RAM raising "mtrr_cleanup: can not find optimal value, please specify mtrr_gran_size/mtrr_chunk_size" errors. How to choose correct values for mtrr_gran_size and mtrr_chunk_size?
[11:33] <cfhowlett> vlad_starkov, unreleased ubuntu support = 14.04 is in #ubuntu+1
[11:34] <vlad_starkov> cfhowlett: ooops, didn't mention that I'm in #ubuntu-server. Sorry. But anyways, the same errors and boot fail I've got with 12.04.4 and 13.10.
[11:35] <jamespage> vlad_starkov, please raise a bug - 16GB should be just fine with the 64 bit kernel
[11:35] <vlad_starkov> jamespage: How to do it?
[11:35] <jamespage> vlad_starkov, that will at least get your issue infront of the kernel team who can triage this sort of thing more effectively
[11:35] <jamespage> vlad_starkov, use the ubuntu-bug tool
[11:36] <jamespage> vlad_starkov, https://help.ubuntu.com/community/ReportingBugs
[11:37] <vlad_starkov> jamespage: thanks
[11:43] <jamespage> zul, did you upload coreycb's nova rc1?
[11:43] <zul> jamespage:  yep
[11:44] <zul> jamespage:  Daviey is sitting on it because of this https://launchpadlibrarian.net/171386104/buildlog_ubuntu-trusty-i386.nova_1%3A2014.1%2Bgit201403311446~trusty-0ubuntu1_FAILEDTOBUILD.txt.gz
[11:45] <zul> jamespage:  i have narrrowed down the  commit that caused it
[11:46] <jamespage> zul: oh joy
[11:47] <zul> jamespage:  yeah
[11:47] <jamespage> zul, can you reproduce that locally?
[11:47] <zul> not yet..have to start the day first :)
[11:48] <jamespage> zul, ack
[11:48] <jamespage> zul, anything I can help with?
[11:48] <zul> jamespage:  not yet
[11:49] <rbasak> smoser: sometimes I see the "WARNING! Your environment specifies an invalid locale." message to run locale-gen, even after /var/lib/cloud/instance/boot-finished exists. This means that "uvt-kvm wait" still feels racy.
[11:49] <rbasak> smoser: is this expected?
[12:06] <vlad_starkov> YAY!!! My system boots with 16GB RAM. Finally!!!)
[12:08] <vlad_starkov> Strange thing (possibly BUG). System doesn't boot with BIOS settings "Memory Branch Mode -> Interleave". But successfully booted with BIOS settings "Memory Branch Mode -> Sequential". Anyone can explain me why this could happen?
[12:30] <JBtje> My samba server stopped, can anyone help me find out the problem? (have tried for many hours now w/o success)
[12:41] <shredding> What’s the difference between $VAR and ${VAR} ?
[12:42] <shredding> i have cd $CURRENT_DIR and my ide says i should use ${CURRENT_DIR}
[12:42] <shredding> But lacks an explanation.
[12:46] <ivoks> shredding: it's easy
[12:46] <henrik> shredding: in certain contexts, you need to use ${VAR} - otherwise they're the same. consider "$VARsuffix" vs ${VAR}suffix"
[12:46] <ivoks> shredding: this$CURRENT_DIRwill not work
[12:46] <ivoks> while
[12:46] <shredding> Ah, thanks.
[12:46] <ivoks> shredding: this${CURRENT_DIR}will work
[12:47] <shredding> So its for string interpolation.
[12:47] <ivoks> ${CURRENT_DIR} is always on the safe side
[12:48] <smoser> rbasak, yes.
[12:48] <smoser> its still racy.
[12:49] <ivoks> hah
[12:49] <smoser> although if you had a sane locale, i think you wouldnt see it.
[12:49] <ivoks>  /etc/security/limits.conf is useless
[12:49] <smoser> :)
[12:50] <ivoks> no really, it is
[12:50] <ivoks> i mean, you can set there whatever you want, it's ignored
[12:50] <zul> jamespage:  neutron is available
[12:56] <ivoks> why don't we include pam_limits in pam's common-session?
[12:56] <rbasak> smoser: what, en_GB.UTF-8 isn't sane? :)
[12:57] <smoser> LANG=en_US.UTF-8 ==> fix-released.
[12:57] <rbasak> :)
[12:57] <rbasak> So cloud-init runs stuff after boot-finished?
[12:57] <rbasak> I'm a bit confused about that.
[12:57] <smoser> i dont think so.
[12:58] <smoser> i think you must be getting in before that.
[12:58] <smoser> oh. wait, o. its simply expected behavior.
[12:58] <smoser> no rce.
[12:58] <smoser> i think
[12:58] <smoser> if you *don't* see it then something is wrong.
[12:58] <zul> jamespage:  have you changed it over to the milestone-proposed branches already? if not ill do it right now
[12:59] <rbasak> smoser: http://paste.ubuntu.com/7189555/ is what I'm running on the guest for the wait. I can amend it as needed.
[12:59] <smoser> its correctly telling you "hey, i don't have locales generated for your exotic locale, if you want to generate them, here is how you can".
[12:59] <rbasak> smoser: except that if I wait a bit, I don't get that prompt, I don't think.
[12:59]  * rbasak will test
[12:59] <rbasak> (not even once is what I mean; I'll check for that)
[13:00] <smoser> hm..
[13:01] <jamespage> zul, not yet
[13:02] <zul> ill do it right now
[13:02] <rbasak> smoser: yeah I get the message on first ssh if I don't wait, and don't get the message on first ssh if I do wait, on a precise amd64 image.
[13:02] <smoser> rbasak, that makes sense.
[13:02] <rbasak> I can also see the message by it winning the race.
[13:02] <smoser> it runs once.
[13:02] <smoser> only.
[13:03] <rbasak> (even when I believe I'm checking for boot-finished)
[13:03] <smoser> and i suspect its running on your non-interactive run
[13:03] <jamespage> zul, did you want me todo neutron?
[13:03] <smoser> we need:
[13:03] <smoser>  [ -t 0 ]
[13:03] <rbasak> Non-interactive run?
[13:03] <zul> jamespage:  yes please
[13:03] <rbasak> I made sure not to trigger any outside ssh.
[13:03] <zul> if you dont mind
[13:04] <rbasak> smoser: that's what I mean by "first ssh". There was no other ssh.
[13:04] <smoser> hm.. . oh i thought you were running the 'wait' in that paste via ssh.
[13:04] <rbasak> I am, but I disabled it for my test.
[13:04] <jamespage> zul, no problem
[13:05] <smoser> rbasak, /etc/profile.d/Z99-cloud-locale-test.sh
[13:05] <smoser> thats what does it.
[13:05] <smoser> i'm not sure why you would not see it.
[13:05] <smoser> i just verified ssh'ing to an instance that'd been up for a couple days like:
[13:05] <smoser> env LC_ALL=en_GB.UTF-8 ssh sstack-5
[13:06] <smoser> and I see it. but only the first time.
[13:09] <rbasak> smoser: LC_ALL does trigger it, but LANG does not.
[13:10] <rbasak> smoser: once logged in (without seeing the message), "locale" gives me LANG=en_US.UTF-8. No sign of en_GB.
[13:10] <smoser> rbasak, i think this is because ssh does not allow your LANG through
[13:10] <smoser> but does allow LC_ALL
[13:10] <rbasak> OK, but why the race then?
[13:10] <smoser> oh. well, maybe.
[13:10] <smoser> i don tknow what the race is.
[13:10] <smoser> i can't explain this, so i think that you must be doing something wrong :)
[13:10] <smoser> you can look at how that works, i can't see how it could possibly result in not showing you that message.
[13:11] <smoser> other than if it has run once on a non-interactive login (but actually, motd which runs *it* should only be running on interactive login)
[13:11] <smoser> as showing that message to a computer isn't terribly useful
[13:12] <rbasak> I have a theory
[13:14] <smoser> rbasak, for what its worth, your 'wait for runlevel' has unsafe logic
[13:14] <zul> jamespage:  after using my 300 baud modem we are using the stable branches now for icehouse
[13:14] <jamespage> zul, milestone-proposed right?
[13:14] <rbasak> smoser: what's wrong with it?
[13:14] <zul> jamespage:  yes
[13:14] <smoser> if 'runlevel | awk .. ' prints a non-integer  it will fail with bad syntax and drop from that loop.
[13:14] <smoser> non-integer or "".
[13:14] <jamespage> zul: ++
[13:15] <zul> jamespage:  i cant reproduce the failure locally
[13:16] <smoser> i think. maybe i'm wrong.
[13:17] <rbasak> smoser: AIUI, the quotes fix that problem. I see people doing x$a = xfoo but I never understand why, since one can use quotes.
[13:17] <smoser> oh. yeah, you're right. i was thinking the other end.
[13:17] <smoser> xfoo is garbage.
[13:17] <smoser> you're currect.
[13:18] <smoser> i was thinking you were using -eq
[13:18] <smoser> which would complain about non-integer. but you're just doing string compare.
[13:18] <smoser> thats fine.
[13:19] <rbasak> While we're looking, I plan to implement a look for /run/.../boot-finished at some point.
[13:19] <rbasak> I just hadn't because I figured that I need to do a version test of cloud-init first, and I was in a hurry.
[13:19] <rbasak> The script is user-overridable, so it's not critical for Trusty I don't think.
[13:19] <rbasak> Scripts that call uvtool could supply their own, and users can use the PPA.
[13:20] <smoser> agreed.
[13:21] <rbasak> The only restriction is that currently it must be an "sh" script.
[13:21] <rbasak> It would probably be nice to fix that at some point, but I didn't worry about it.
[13:21] <rbasak> (it's documented)
[13:34] <zul> jamespage:  hey are you agreeable to push out one more oslo.messaging http://pastebin.ubuntu.com/7189681/
[13:39] <tomixxx5> how can i found out which version of package <package1> is going be installed with "sudo apt-get install <package1>"
[13:42] <cfhowlett> tomixxlx5, apt-cache policy <package>  wil
[13:42] <tomixxx5> cfhowlett: ty a lot
[13:47] <jamespage> zul, +1
[14:11] <jamespage> Daviey, just as a heads up - the neutron upload for rc1 includes some new binary packages; some of its renaming and some of its new since b3
[14:19] <jamespage> zul, Daviey, I should really have pushed those changes in before rc1 - but hindsight is 20:20
[14:19] <zul> jamespage:  agreed
[14:38] <zul> Daviey/coreycb/jamespage:  I guess that nova test regression got fixed I dont see it anymore
[14:39] <coreycb> zul, hmm ok
[14:40] <zul> odd
[14:45] <zul> jamespage:  oslo.messaging builds fine for me modulo a patch
[15:23] <jamespage> zul, neutron uploading
[15:23] <zul> jamespage:  huzzah
[15:23] <jamespage> coreycb, I almost have nova-cloud-controller upgrading again
[15:24] <jamespage> something is caching in do_openstack_upgrade
[15:26] <coreycb> jamespage, ok great.  I hadn't attempted an upgrade in a few days so I hadn't come across any recent issues.
[15:27] <jamespage> coreycb, I convinced quantum-gateway todo the switches between grizzly->havana->icehouse OK
[15:27] <jamespage> still working on ncc
[15:28] <coreycb> jamespage, cool
[15:28] <coreycb> jamespage, btw, for the nova db updates
[15:30] <coreycb> jamespage, my approach has been to compare old vs new databases after migration and make any changes to get the new db to look the same as the old
[15:31] <coreycb> jamespage, I'm putting most of the changes into the new 216*.py version - should have something for you to look at in the next day or so
[15:42] <jamespage> coreycb, OK _ if we are going to put this is it needs to happen this week
[15:42] <jamespage> any later...
[15:43] <zul> then it would make me nervous
[15:51] <coreycb> jamespage, ok
[15:51] <Haven|Work> installing ubuntu 13.10 server, I want to unlock encrypted drives with a USB Key, can I configure that during install or is it best to wait till the installer finishes and set up the crypt with the unlock file?
[15:52] <rbasak> Haven|Work: I've done something similar before, and I set it up afterwards. You could set up an encrypted volume during install, and then change the passphrase later.
[15:53] <rbasak> Change it with a random key that's only on your USB stick, and arrange for a keyscript to supply that.
[15:53]  * rbasak isn't sure of any other installer option to achieve this
[15:53] <vlad_starkov> TJ-: Hi! This is just to let you know. I won it :)
[15:54] <Haven|Work> okay, let me give you a little background. I want to install the OS on an IDE Drive, then want to configure and unlock the encrypted RAID Array at boot with a USB Stick.
[15:54] <TJ-> vlad_starkov: Fab... how!?
[15:54] <Haven|Work> Probably best to make the array and everything after install rbasak ?
[15:54] <TJ-> vlad_starkov: I think your case needs a bug report write-up, for others than might suffer the same issues
[15:54] <rbasak> So I'm clear, your encrypted RAID array will not be on an IDE drive?
[15:54] <Haven|Work> no its two 2.5tb sata drives
[15:54] <Haven|Work> for storage
[15:55] <rbasak> OK. Yes - then I'd arrange that all after install.
[15:55] <rbasak> cryptsetup + keyscript in /etc/crypttab, etc.
[15:55] <rbasak> /etc/fstab entry to mount it. I think with an auto mount from /etc/fstab, it'll correctly see /etc/crypptab and call the keyscript.
[15:56] <rbasak> I can't remember the details, though.
[15:56] <Haven|Work> I have a guide I intend to follow for the making the USB encryption. so that shouldn't be too bad
[15:56] <Haven|Work> once I do that though if I install Zentyal will it overwrite the /etc/fstab?
[15:56] <rbasak> No idea about how things will interact with Zentyal, sorry.
[15:56] <Haven|Work> I'd suppose it wouldn't matter if i had the keyfile generated and on the USB stick I could still unlock the drives by telling it to look there :)
[15:57] <Haven|Work> so that answers that question :)
[15:57] <vlad_starkov> TJ-: Eventually it turned out that system successfully boot in 2 cases: 1) When BIOS's "Memory Branch Mode" param is "Interleave" and max 12Gb RAM installed; AND 2) When BIOS's "Memory Branch Mode" param is "Sequential" and 16Gb RAM installed :-)
[15:57] <rbasak> BTW, on my home server machine I supply the LUKS passphrase over the network (loopback cable) using a keyscript I wrote: https://github.com/basak/netkeyscript
[15:57] <TJ-> Haven|Work: It's pretty straight-forward cryptsetup processes. An entry in "/etc/crypttab" will ensure udev/cryptsetup unlocks and create a DM device node, which is what /etc/fstab will refer to
[15:57] <Haven|Work> TJ-, perfect thanks
[15:57] <Haven|Work> thank you also rbasak
[15:58] <TJ-> vlad_starkov: So, BIOS issue after all ... I was looking at those MTRRs so that might have been another route to fix it
[15:58] <xnox> rbasak: how does that with plymouth?
[15:58] <TJ-> Haven|Work: I've done extensive work with cryptsetup, so if you need assistance, ping me
[15:58] <rbasak> xnox: you mean my netkeyscript, or keyscripts in general?
[15:58] <hallyn> zul: were you planning any libvirt upload soon?
[15:58] <xnox> rbasak: ideally i'd like something like that for a desktop machine such that i can enter password via plymouth or via external means.
[15:58] <vlad_starkov> TJ-: By the way, MTTRs fixes just by adding the following boot params "enable_mtrr_cleanup mtrr_spare_reg_nr=1 mtrr_gran_size=64K mtrr_chunk_size=1M"
[15:58] <zul> hallyn:  no
[15:59] <zul> hallyn:  1.2.3 is out though ;)
[15:59] <rbasak> xnox: cryptsetup comes with some kind of keyscript/built in thing that can speak to plymouth, I presume.
[15:59] <TJ-> vlad_starkov: Yes, that was one of the options I was going to suggest
[15:59] <hallyn> zul: haha, yeah.  no i may be pushing the 2.0 qemu to trusty archive soon, so would need to push the corresponding libvirt
[15:59] <rbasak> xnox: to integrate with my netkeyscript, I'd suggest some kind of keyscript multiplexing keyscript, that calls out to both a plymouth keyscript and my netkeyscript.
[15:59] <zul> hallyn:  okies
[15:59] <hallyn> i need to check how i said i would do it
[16:00] <vlad_starkov> TJ-: So now I have working Ubuntu Server 14.04 64bit, 2xCPU (8 cores), 16Gb RAM, 2x80Gb SSD (RAID 1), 4x 2Tb HDD (RAID 10) :)
[16:00] <TJ-> vlad_starkov: About time :) Glad it got sorted.
[16:01] <vlad_starkov> TJ-: Thank you for all your time you have spent for helping me! I got many good lessons and learned many new cool things!
[16:01] <TJ-> vlad_starkov: you're welcome
[16:01] <Haven|Work> TJ-, have you ever done anything like I am attempting?
[16:02] <TJ-> Haven|Work: Yes. I think I have an article about something similar from a few years ago, might not be precisely what you're wanting, but gives a good overview of the approach.
[16:02] <Haven|Work> heh, good overview would be perfect, from there I can modify whatever I need to make it work
[16:02] <TJ-> Haven|Work: http://tjworld.net/wiki/Linux/Ubuntu/HardyRAID5EncryptedLVM
[16:03] <TJ-> Haven|Work: Nowadays many of the steps are built into the tools so the manual steps aren't required
[16:03] <Haven|Work> okay, I really play on encrypting the Raid1 Array and unlocking that with Key, that's all the further I need to go this looks almost perfect for what I'm doing
[16:03] <TJ-> Haven|Work: I have all our laptops using LUKs full-disk encryption, including the /boot/grub/ partition, via GRUB_ENABLE_CRYPTODISK
[16:04] <Haven|Work> so afterinstall i make the Raid array then once that's done I run cryptsetup and it should walk me through the process at least somewhat :)
[16:08] <TJ-> Haven|Work: If you're going to randomise the disk surfaces, use the 'quick' method of creating (luksFormat $LUKS_CONTAINER $LUKS_DEVICE) an initial sacrificial LUKS container spanning all the space, doing luksOpen, then using "dd if=/dev/zero of=/dev/mapper/$LUKS_DEVICE bs=4M" to quickly randomise, then luksClose followed by a wipe of the LUKS header with "dd if=/dev/urandom of=/dev/mapper/$LUKS_CONTAINER bs=1M count=1", then create the real LUKS containers.
[16:10] <Haven|Work> I actually already have the partitions set and formatted on the disk space. I played with this forever in the install on Thursday and Friday and managed to get that far before the asshole janitor unplugged my server over the weekend
[16:10] <Haven|Work> found out though CMOS battery is bad
[16:10] <Haven|Work> so that was at least a partial help
[16:26] <jamespage> zul, https://code.launchpad.net/~james-page/ceilometer/fixup-dbsync/+merge/213686
[16:47] <zul> jamespage:  +1
[16:58] <zul> jamespage:  looks like ceilometer needs a newer happybase
[16:58]  * jamespage sighs
[17:11] <Daviey> zul: How was the nova issue fixed?
[17:15] <Daviey> jamespage: neutron accepted.
[17:15] <jamespage> Daviey, thanks
[17:16] <zul> Daviey:  I am not sure how built it this morning no problems...going to be dropping the patch soon
[17:19] <pycoderf> Hi all. I am troubleshooting an ltsp server issue and ran into problems but #ltsp seems dead. Anyone able to help?
[17:23] <Daviey> zul: It's concerning having unknown test failures that now work... Sure you didn't change anything else? :)
[17:23] <zul> Daviey:  no i didnt change anything
[17:24] <zul> Daviey:  other than change to milestone branches in the lab
[17:25] <jamespage> Daviey,zul: was the test failure in the trunk PPA?
[17:25] <zul> yeah
[17:26] <zul> jamespage: Re-uploaded with the patch that disabled the test failures to the ppa now it builds fine
[17:31] <Daviey> zul: withOUT?
[17:32] <zul> without
[17:45] <Daviey> zul: Out of interest, why is >=0.7 keystoneclient needed?
[17:46] <zul> Daviey:  https://github.com/openstack/requirements/commit/65a913ef036de59ad84a7fb369a5e6df93bb5ac0
[17:48] <Daviey> zul: I wish they weren't so vague on WHY.
[17:48] <zul> Daviey:  agreed
[17:48] <Daviey> We want a newer version because we want newer shiiitz
[17:49] <zul> its shiney
[17:55] <zul> Daviey/jamespage: glance should be ready today
[17:56] <jamespage> zul, great
[17:56] <jamespage> Daviey, neutron built and binary NEW awaiting review :-)
[17:59] <imdea> Hi one question, I've a user "roberto" in my machine and want that it be able to do "sudo su - fyf"  and execute commands as that user without entering a password, I have edited as root the /etc/sudoers file using visudo and added this:  http://paste.debian.net/91019/  but if I'm root and switch to this user as: sudo su - roberto and then do sudo su - fyf it asks me for a password, any ideas?
[18:02] <Daviey> jamespage: accepted
[18:02] <keithzg> Oh hey, the Subversion project is switching to Git: https://issues.apache.org/jira/browse/INFRA-7524
[18:02] <keithzg> ;)
[18:04] <sarnold> imdea: every NOPASSWD: in the sudoers(5) has a space afterwards
[18:05] <jamespage> Daviey, ta
[18:06] <imdea> sarnold: curious, since I have another entry like this one: git     ALL = NOPASSWD:ALL (with no space afterwards) and it works great.
[18:06] <sarnold> imdea: drat. it was reaching for straws anyway, i didn't like it much as a suggestion. :)
[18:07] <sarnold> imdea: OH! rather than 'sudo su - fyf' try 'sudo -u fyf -s'
[18:07] <sarnold> imdea: I like this one :) this one ought to work
[18:07] <imdea> sarnold: what's the difference?
[18:08] <sarnold> imdea: in your version, you're switching to root and then running the 'su' command to switch to fyf. in my version, sudo switches to fyf directly and then starts a shell.
[18:12] <imdea> sarnold, thanks!
[18:12] <sarnold> :D
[18:23] <keithzg> Had my company's email go down earlier today while I was asleep, I was more tempted to use "sudo su - fml" :P
[18:24] <sarnold> keithzg: :)
[18:28] <patdk-wk> hmm, apache is moving
[18:28] <patdk-wk> https://issues.apache.org/jira/browse/INFRA-7524
[18:30] <sarnold> I suspect it's aprilfoolsism.
[18:30] <patdk-wk> :)
[18:30] <patdk-wk> your no fun
[18:31] <sarnold> indeed :)
[18:31] <jamespage> zul: you need to use the setup-jenkins job to reconfigure the icehouse jobs for milestone-proposed btw
[18:32] <zul> jamespage:  ack..i did :)
[18:32] <jamespage> zul, sorry - so you did - I just happended to look at swift :-(
[18:33] <jamespage> doh
[18:33] <zul> jamespage:  heh
[18:33]  * jamespage eod's
[18:51] <tcstar> I have a quad core server, with 3953 MB of memory which runs apache and php...  it's running about 30 high traffic websites -- just wondering what an approximate acceptable load average would be when looking @ htop
[18:54] <sarnold> tcstar: load average is just one measurement number to indicate the 'load' of the system; it's just one more metric along with e.g. swap use and paging requests to help you determine if something has -changed- on the system
[18:55] <sarnold> tcstar: of course, whther or not you need to -do- anything about any of the measures is another thing -- probably best measured by request latencies on the websites in question
[18:56] <tcstar> yeah...  i started optimizing my apache a little...  had the cpu use drop from about 35% to no more than 7%...  load from 1.4 down to 0.43 memory down to 500 megs and ive never used any of the 4 gig of swap
[18:57] <sarnold> tcstar: wow :) that's cool
[18:58] <sarnold> tcstar: the 'bo' and 'bi' columns of 'vmstat 1' output is one of my favorite quick performance tools
[18:58] <tcstar> now whether or not that really means anything is another question that i can't give the answer lol
[18:59] <tcstar> mine shows:  https://gist.github.com/anonymous/4f447a8b086198b27d7e
[19:00] <sarnold> I don't know what kind of time just a bare 'vmstat' covers, but it sure looks like this machine is nearly asleep :) hehe
[19:00] <tcstar> just noticed the '1' so ran it again...  this is what i've got so far...
[19:00] <tcstar> https://gist.github.com/anonymous/a7b2db052e8870c27b6a
[19:01] <sarnold> aha, looks like heavy logging or light file uploading or similar?
[19:03] <tcstar> atm no file uploading, might be seeing the rsync stuff in there mirroring my 'upload server'...  i don't understand anything i see in vmstat honestly...  but we do have a crap ton of traffic going to different sites
[19:03] <tcstar> usually get about 500 unique hits per minute per site
[19:04] <sarnold> cool
[19:05] <tcstar> had one of my dual core servers lock up on us yesterday causing a 20 minute outage.. so spent the time to migrate over to the quad core machines -- and trying to optimize so it doesn't happen again...  that's the goal anyway
[19:06] <sarnold> machines die: hard drives, power supplies, etc etc. having a fail-over or N+1 redundancy in place from the start is a good idea when you can't tolerate downtime
[19:06] <sarnold> look into haproxy, it may be a nice simple stepping-stone to get to where you want to be
[19:07] <tcstar> can I run something like HaProxy over public ip?  2 of my servers are in one DC and 2 are in another
[19:10] <sarnold> tcstar: hrm that's way beyond my experience. I think your options there are limited to DNS-based solutions or anycast; dns is probably far easier to configure..
[19:12] <tcstar> Or I could just run dual HaProxy -- one on each set in each DC... then just seperate domains evenly between the servers
[19:12] <tcstar> so half of the domains on servers in DC1 and other in DC2
[19:14] <henrik> Anyone running unprivileged lxc containers here in trusty? The autostart stanza won't start unprivileged containers - is that intentional?
[19:14] <cfhowlett> henrik, until official release, trusty support = #ubuntu+1
[19:16] <henrik> 'k
[19:23] <ubunter_> http://paste.ubuntu.com/7191170/  tail -f /var/log/syslog is saying http://paste.ubuntu.com/7191174/ but I dont see it. Can I get some assistence?
[19:26] <ubunter_> Where am I missing a semicolon? http://paste.ubuntu.com/7191170/ I dont understand why I get this http://paste.ubuntu.com/7191174/  if everything is ok
[19:29] <sarnold> ubunter_: check out those quotes on line 7
[19:29] <sarnold> ubunter_: I suspect you copy-and-pasted from some website? :)
[19:29] <ubunter_> yes
[19:30] <ubunter_> cobbler dhcp server set up on ubuntu server 12.04
[19:30] <ubunter_> get rid of the quotes?
[19:31] <sarnold> or replace them with standard ascii quotes ""
[21:17] <coreycb> zul, jamespage : https://code.launchpad.net/~corey.bryant/glance/2014.1.rc1/+merge/213293
[21:18] <zul> coreycb: mind adding the bug number (LP: #1299055)
[21:18] <coreycb> zul, sure np
[21:18] <zul> ill upload it tonight
[21:19] <coreycb> zul, pushed again
[21:20] <zul> thanks ill take a look
[21:23] <coreycb> zul, thanks!
[22:32] <thumper> smoser: ping
[22:32] <thumper> smoser: nm
[23:00] <Cygnus-X1> Anybody else having a problem with libreoffice segfaulting?
[23:01] <Cygnus-X1> Sorry, wrong channel