/srv/irclogs.ubuntu.com/2014/06/10/#ubuntu-uds-devops-2.txt

jamespageo/14:42
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | Openstack Charms | Url: http://summit.ubuntu.com/uos-1406/meeting/22270/openstack-charms/
jamespagehttp://pad.ubuntu.com/uos-1406-openstack-charms14:55
beisnero/14:55
* Beret watches gaughen on TV15:02
jamespageany questions on stable policy15:07
jamespage?15:07
* jamespage looks at Beret15:07
TribaalThere's a session about the charm store later today15:07
jamespageTribaal, thanks - I'll raise this then15:08
Beretjamespage, nope15:08
jamespageBeret, cool15:08
sparkiegeekjamespage: stable policy seems sane15:08
TribaalQUESTION: lots of openstack charms rely on charm-helpers - are there plans to streamline the changes from charm helpers to openstack charms?15:10
jamespageTribaal, I'll inject your question after this topic15:11
Tribaaljamespage: sure!15:11
Tribaal(there would be value to inject charm-helper branches before the tests run to prevent regressions)15:12
sparkiegeekQUESTION: Are these Amulet tests being run in CI? Where can I see the results?15:14
jamespagesparkiegeek, not yet but that is the plan15:14
avoineheh that was my question :)15:14
jamespagesparkiegeek, you should be able to grab a charm and run 'juju test' against it15:14
sparkiegeekjamespage: ok15:14
Tribaalcool15:14
sparkiegeekjamespage: each charm is tested in isolation?15:15
jamespagesparkiegeek, kinda - it can rely on charms already in store15:15
sparkiegeekbeisner: (corey): jamespage: thanks guys. All makes sense15:21
sparkiegeekhaha Tribaal's topic got skipped15:21
Tribaal:/15:22
sparkiegeekTribaal: try to sneak in after gnuoy :)15:22
jamespageTribaal, I've not forgotten you :-)15:22
Tribaalhehe15:22
Tribaalmaybe that gives me the opportunity to rephrase: are there any plans to streamline changes from charm-helpers to various charms, and will/should there be a stable branch of charm-helpers as well?15:23
sparkiegeeklag on hangouts compared to pad makes for an interesting experience15:23
Tribaalhehe15:23
jamespageTribaal, we have a stable branch for charm-helpers already15:23
jamespage(under ~openstack-charmers)15:24
Tribaaljamespage: ah, thanks15:24
Beretyeah, timing was a question I had15:26
sparkiegeekgnuoy: do you have published branches for this that we can preview?15:27
Tribaalgnuoy: what mailing list are you refering to in particular?15:27
gnuoysparkiegeek, I'm going to send the details to openstack-charmers@lists.launchpad.net15:27
Tribaalok15:27
* sparkiegeek finds the sign up page15:28
gnuoyI'll add something to etherpad now15:28
smosergnuoy, its there.15:28
smoserhttp://tinyurl.com/per67x315:28
sparkiegeek"Policy: You must be a team member to subscribe to the team mailing list. "15:28
smoseroh. funny. duh. i thought sparkiegeek was going to join hangout.15:28
smoserduh.15:28
Tribaaloh - bummer15:28
sparkiegeekQUESTION: Can openstack-charmers@lists.launchpad.net be opened up for everyone to join?15:30
Tribaalsparkiegeek: +115:30
mattywQUESTION: Trove is mentioned in the pad - what are the plans for this charm (when is it likely to be available to play around with)15:30
mattywjamespage, it does thank you15:35
sparkiegeekcan you not do source -> package -> charm?15:41
sparkiegeekoh, gaughen beat me to that question15:41
sparkiegeekthanks!15:47
Tribaalnice!15:47
Tribaalthanks a15:48
Tribaalall15:48
* Tribaal waves15:48
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | LXC: Clones | Url: http://summit.ubuntu.com/uos-1406/meeting/22281/lxc-clones-snapshots-and-nesting-oh-my-a-demo/
gaughenabout to start the next session - LXC: Clones, snapshots and nesting, oh my! A demo.16:01
apwgaughen, you are live16:02
bmullanI'd still like to see juju be able to deploy all of openstack using local provider for all openstack services16:02
gaughenapw, cool thanks!16:02
jamespagegaughen, hallyn: can you increase the font size please?16:03
rbasakThe color of that background looks like puke!16:03
apwgaughen, yeah that ...16:03
marcoceppibmullan: almost everything in openstack can be deployed on LXC with the exception of like nova-compute, but who would want to put compute in LXC?16:04
tych0rbasak: you puke different colors than i do :-)16:04
gaughenrbasak, remember this is hallyn... we're just happy he's in a hangout.16:04
jamespagegaughen, ++16:05
roadmrfont size is ok now16:05
rbasakgaughen: yeah I'm impressed. What did you have to do to him? :)16:05
rbasakYeah that always bothered me. I never want a tty and can never remember the escape sequence so I never use it.16:07
roadmrctrl-a q (like closing "screen")16:08
rbasakI've never used that sequence in screen. I either close the last window (ctrl-d) or detach (ctrl-a d), etc.16:08
roadmrQUESTION: can you lxc-attach as a non-root user?16:09
rbasakI do: lxc-attach -n foo -- login -f ubuntu16:09
rbasakThen I get a login shell16:09
roadmroh nice! thanks16:09
gdeciantisWould this be different with aufs?16:15
gdeciantisQUESTION: Does aufs have the same gotcha on shared files as overlayfs?16:16
bmullanwith SDN taking over in the Datacenters... what is Ubuntu Openstack doing in this area or are you relying on neutron solely for this16:19
gaughenjamespage, can you answer bmullan's question16:20
gdeciantisThanks!16:21
jamespagebmullan, sure  - all solutions for openstack are based on neutron for SDN - but the packages support several different plugins16:21
jamespagebmullan, NVP/NSX and the ML2 plugin are supported via Juju charms right now16:22
gaughengdeciantis, no problem, sorry for the irc nick name pronunciation. ;-)16:22
gdeciantisYou nailed it16:22
bloodearnestI've had this device busy thing before - needed to reboot the vm to free it up16:22
urulamaQUESTION: is this documented anywhere? There are many parameters to deal with :D16:26
roadmrurulama: in the lxc man pages, and stgraber has a great series of blog posts illustrating many of the more arcane parameters16:27
stgraberhttps://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/16:27
mattywQUESTION: download isn't a template in precise - is there a way to get it on precise?16:28
urulamagreat, tnx16:28
mattywok thanks16:29
apwgaughen, and soooo small font16:30
gaughenapw, just had him fix that. realized I was leaning fwd and squinting16:30
rbasakGreen font with black background definitely wins appreciation from me :)16:30
hallynnote the ":mixed" is implied16:31
* gaughen rolls her eyes16:31
hallyn(well, only with cgmanager)16:31
hallyngood i wanna see 10.0.5.116:34
roadmrI read that stgraber has a local mirror of the archive :) a poor man's option is to install apt-cacher-ng and configure it in /etc/default/lxc; IIRC, containers will be auto-setup to apt-get stuff from the cache too, so FTW16:37
hallyn(the list is on my screenshare for root user fwiw)16:40
bloodearnestQUESTION: (or a request really) - more about setting up unprivileged containers please! :)16:40
hallynbloodearnest: thursday we'll go over that in great detail16:41
bloodearnesthallyn: ack, thanks16:41
hallyn(I had planned on showing the basics, 2-3 steps, today, but as you can see we'd probably run out of time :)16:41
hallynjava??16:43
mattywThis session has been great thanks very much everyone!16:45
stgraberhallyn: yep, new from last week or so :)16:53
hallyn#lxcontainers16:54
stgraberhttps://linuxcontainers.org16:54
mattywthanks very much!16:54
urulamaThanks everyone, loved the session!16:54
stgraberhttps://lists.linuxcontainers.org for the mailing lists16:54
roadmrthanks!16:55
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Currently no events are active in this room - http://summit.ubuntu.com/uos-1406/devops-2/ - http://irclogs.ubuntu.com/2014/06/10/%23ubuntu-uds-devops-2.html
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | lxc in 14.10: planning session | Url: http://summit.ubuntu.com/uos-1406/meeting/22273/lxc-in-1410-planning-session/
hallynblueprint: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-u-lxc17:58
smoserhttp://pad.ubuntu.com/uos-1406-lxc-in-1410-planning-session18:01
tych0http://criu.org/Main_Page18:05
xnoxplease show smoser's backdrop zoomed in =)18:08
bmullanany thoughts on moving from using lxcbr0/bridge to openvirtualswitch (OVS)? given excitement/use of containers now and larger container deployments... it would seem that OVS's programmabilty would have lots of advantages to LXC servers18:09
xnoxNICE =)18:09
gaughenbmullan, will raise your question in a sec18:12
xnoxhallyn: ubiquity testing also wants mounting isos =)18:17
sforsheexnox: if we get fuse working there's already an iso driver for it18:19
bmullanit was nice seeing virt-manager now supporting LXC but its still pretty limited... will that get more capable in the future?18:19
smoseryeah, the centos download sucks to work from.18:35
xnoxgaughen: stgraber is very fishy person, watchout! =)18:41
gaughenxnox, lol18:42
stgraber:)18:42
* xnox the art of convincing status updates18:42
gaughenxnox, it was just a confirmation of what I already knew.. gotta keep an eye on stgraber18:44
karamboQUESTION why openstack?18:48
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | Security team reads mean tweets | Url: http://summit.ubuntu.com/uos-1406/meeting/22278/security-team-reads-angry-tweets/
mdeslaur\o19:00
sarnoldo/19:01
sbeattiewoo19:02
xnox\o/19:02
xnox\o\19:02
dobeynobody wearing a smoking jacket sat next to a fireplace?19:03
dobeydisappoint :)19:03
zulmdeslaur:  see? ^^^19:03
sarnoldI am, but my laptop's camera isn't working. sorry.19:04
rbasakhttp://www.ubuntu.com/usn/19:05
rbasakhttps://lists.ubuntu.com/archives/ubuntu-security-announce/19:05
mdeslaurhttp://www.ubuntu.com/usn/usn-2165-1/19:05
mdeslaurhttp://www.ubuntu.com/usn/19:08
mdeslaurhttp://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html19:09
sarnoldit's so unfortunate you know that number by heart..19:09
sparkiegeekif I search for that CVE number on the search field at http://www.ubuntu.com/usn/ I get a CSRF error page19:11
sparkiegeek403 Django error19:11
sparkiegeek:/19:11
sarnoldouch, thanks19:11
sparkiegeekahh, CVE tracker is http://people.canonical.com/~ubuntu-security/cve/19:12
sparkiegeekright?19:12
sarnoldsparkiegeek: correct19:12
sarnoldbut the search box should still be useful :)19:12
rbasakdpkg -l libssl1.0.019:13
smoser$ dpkg-query --show libssl1.0.019:14
smoserlibssl1.0.0:amd641.0.1f-1ubuntu419:14
rbasakdpkg-query -W libssl1.0.019:14
sarnolddpkg -l 'foo*' | cat19:14
sparkiegeekdpkg-query -W libssl1.0.019:14
rbasaklibssl1.0.0:amd641.0.1f-1ubuntu2.119:14
rbasaklibssl1.0.0:i3861.0.1f-1ubuntu2.119:14
sparkiegeekso many different ways of finding it out :)19:14
mdeslaurapt-cache policy libssl1.0.019:14
rbasakopenssl version19:15
rbasakOpenSSL 1.0.1f 6 Jan 201419:15
sparkiegeekat least once they get root, they can reboot it (j/k)19:22
sarnold:)19:22
hallynand how do we know when we need to reboot?  motd?19:22
hallyn(assuming we're not logged in on the desktop)19:22
zulkeep your server powered off19:27
sparkiegeekzul: hahaha19:28
rbasak"apt-get install unattended-upgrades" or "dpkg-reconfigure unattended-upgrades" if you already have it installed.19:29
sarnoldfail2ban - ban hosts that cause multiple authentication errors19:29
rbasakConfigure it by editing /etc/apt/apt.conf.d/50unattended-upgrades19:29
rharperdo you want to get hackers?  because that's how you get hackers19:29
smosercloud images come with ssh password auth disabled by default.19:29
sbeattiesmoser: \o/19:29
kickinz1it can check other srevices too, and be customized19:30
kickinz1(fail2ban)19:30
sarnoldsmoser: thanks :)19:30
smoser the file is: /var/run/reboot-required19:33
sarnoldoh, I'm five days overdue for a reboot. neat. :)19:34
tyhicksthe most authoritative way to know if you need to reboot is to follow the Ubuntu Security Notices19:34
dobeyrbasak: is that apparmor profile radicale in the package? if not, can you generalize it and get it in the package? :)19:34
tyhicksyou can use those details to determine the status of your system19:34
tyhicksIMO, the alert from motd tells me that I may need to reboot19:35
tyhicksthen I look at the USNs for more information19:35
hallyntyhicks: i haven't noticed that when i login which is why i asked19:35
smoserfor cloud-init, that config looks like:19:35
smoser#cloud-config19:35
smoserpackage_reboot_if_required: true19:35
smoserpackage_upgrade: true19:36
rbasakapt-cache policy libssl1.0.019:38
sparkiegeekthere's a "Supported: 5y" field in dpkg somewhere - is there an apt/dpkg command to extract that?19:39
smoser$ apt-cache policy docker | grep utopic/19:39
smoser        500 http://us.archive.ubuntu.com/ubuntu/ utopic/universe amd64 Packages19:39
sparkiegeeke.g. apt-cache show python | grep Supported19:39
rbasakAny more questions before we go to mean tweets?19:40
smoseri think we should get rid of irc19:41
smoserand only use live tweeting for virtual uds19:41
tyhickssparkiegeek: I don't think there's any other tool that exposes the Supported field19:45
sparkiegeektyhicks: shame. Thanks19:45
smoseri nominate gaughen as a honorary ubuntu security team member for this purpose19:45
sparkiegeek+119:45
sarnoldI believe the Supported fields aren't properly maintained19:46
tyhicksI was wondering about that...19:46
hallynlol - #yolo19:47
sparkiegeekhahahaha shopping!19:49
smoserask the guy without his picture in the video if *he* thinks its a privacy issue19:49
smoser* AppArmor is teh suck.19:50
smoser   @melgray 2009-06-04 https://twitter.com/melgray/status/169796078419:50
rickspencer3mdeslaur but think of the children!19:50
mdeslaurhehe19:51
sparkiegeek"Translated from Estonian by bing"19:51
smoser * Damn you AppArmor.  Damn you.19:51
smoser   @garethgreenaway 2012-12-04 https://twitter.com/garethgreenaway/status/27606728576298188819:51
smoser * WHAAAAAAAAAAAAAAAAA???? RT @linux_training Canonical Will Remove Java From Ubuntu http://bit.ly/uZNE6119:51
smoser   @nickraptis 2011-12-16 https://twitter.com/nickraptis/status/14780380010579148919:51
mbruzekwhat?19:51
mbruzeksmoser, This is fake right?19:52
smosermbruzek, not fake. listen. old.19:53
smoser * Linux is totally secure. The only reason my Ubuntu system patches itself constantly is that it likes to look busy and productive19:53
smoser   @jamesbannan 2011-10-11 https://twitter.com/jamesbannan/status/19:53
sparkiegeeksmoser: not a good URL19:53
sbeattiembruzek: and openjdk is still there in the archive.19:53
nxvlQUESTION: Where did mdeslaur's other half went?19:53
smoser * Heartbleed is a huge security bug, but it's hard to take seriously on Ubuntu because part of the fix is this:  service whoopsie restart19:53
smoser   @gknauss 2014-04-07 https://twitter.com/gknauss/status/45339660969955328019:53
sparkiegeekhahahah19:54
smoser * OpenBSD feels like it's been engineered. Ubuntu feels like it's been  deposited layer by layer over time, like guano in a bat cave.19:54
smoser   @cortesi 2011-08-23 https://twitter.com/cortesi/status/10621655160206541119:54
sbeattiemdeslaur: we should add 'service whoopsie restart' to all our USN texts.19:55
sarnoldhaha19:55
smosergolf clap for security team19:55
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Currently no events are active in this room - http://summit.ubuntu.com/uos-1406/devops-2/ - http://irclogs.ubuntu.com/2014/06/10/%23ubuntu-uds-devops-2.html
tyhicksdon't let us fool you19:56
tyhickswe make our own messes from time to time :)19:56
sparkiegeekthanks guys!19:56
sarnoldthanks :)19:59

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!