jamespage | o/ | 14:42 |
---|---|---|
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | Openstack Charms | Url: http://summit.ubuntu.com/uos-1406/meeting/22270/openstack-charms/ | ||
jamespage | http://pad.ubuntu.com/uos-1406-openstack-charms | 14:55 |
beisner | o/ | 14:55 |
* Beret watches gaughen on TV | 15:02 | |
jamespage | any questions on stable policy | 15:07 |
jamespage | ? | 15:07 |
* jamespage looks at Beret | 15:07 | |
Tribaal | There's a session about the charm store later today | 15:07 |
jamespage | Tribaal, thanks - I'll raise this then | 15:08 |
Beret | jamespage, nope | 15:08 |
jamespage | Beret, cool | 15:08 |
sparkiegeek | jamespage: stable policy seems sane | 15:08 |
Tribaal | QUESTION: lots of openstack charms rely on charm-helpers - are there plans to streamline the changes from charm helpers to openstack charms? | 15:10 |
jamespage | Tribaal, I'll inject your question after this topic | 15:11 |
Tribaal | jamespage: sure! | 15:11 |
Tribaal | (there would be value to inject charm-helper branches before the tests run to prevent regressions) | 15:12 |
sparkiegeek | QUESTION: Are these Amulet tests being run in CI? Where can I see the results? | 15:14 |
jamespage | sparkiegeek, not yet but that is the plan | 15:14 |
avoine | heh that was my question :) | 15:14 |
jamespage | sparkiegeek, you should be able to grab a charm and run 'juju test' against it | 15:14 |
sparkiegeek | jamespage: ok | 15:14 |
Tribaal | cool | 15:14 |
sparkiegeek | jamespage: each charm is tested in isolation? | 15:15 |
jamespage | sparkiegeek, kinda - it can rely on charms already in store | 15:15 |
sparkiegeek | beisner: (corey): jamespage: thanks guys. All makes sense | 15:21 |
sparkiegeek | haha Tribaal's topic got skipped | 15:21 |
Tribaal | :/ | 15:22 |
sparkiegeek | Tribaal: try to sneak in after gnuoy :) | 15:22 |
jamespage | Tribaal, I've not forgotten you :-) | 15:22 |
Tribaal | hehe | 15:22 |
Tribaal | maybe that gives me the opportunity to rephrase: are there any plans to streamline changes from charm-helpers to various charms, and will/should there be a stable branch of charm-helpers as well? | 15:23 |
sparkiegeek | lag on hangouts compared to pad makes for an interesting experience | 15:23 |
Tribaal | hehe | 15:23 |
jamespage | Tribaal, we have a stable branch for charm-helpers already | 15:23 |
jamespage | (under ~openstack-charmers) | 15:24 |
Tribaal | jamespage: ah, thanks | 15:24 |
Beret | yeah, timing was a question I had | 15:26 |
sparkiegeek | gnuoy: do you have published branches for this that we can preview? | 15:27 |
Tribaal | gnuoy: what mailing list are you refering to in particular? | 15:27 |
gnuoy | sparkiegeek, I'm going to send the details to openstack-charmers@lists.launchpad.net | 15:27 |
Tribaal | ok | 15:27 |
* sparkiegeek finds the sign up page | 15:28 | |
gnuoy | I'll add something to etherpad now | 15:28 |
smoser | gnuoy, its there. | 15:28 |
smoser | http://tinyurl.com/per67x3 | 15:28 |
sparkiegeek | "Policy: You must be a team member to subscribe to the team mailing list. " | 15:28 |
smoser | oh. funny. duh. i thought sparkiegeek was going to join hangout. | 15:28 |
smoser | duh. | 15:28 |
Tribaal | oh - bummer | 15:28 |
sparkiegeek | QUESTION: Can openstack-charmers@lists.launchpad.net be opened up for everyone to join? | 15:30 |
Tribaal | sparkiegeek: +1 | 15:30 |
mattyw | QUESTION: Trove is mentioned in the pad - what are the plans for this charm (when is it likely to be available to play around with) | 15:30 |
mattyw | jamespage, it does thank you | 15:35 |
sparkiegeek | can you not do source -> package -> charm? | 15:41 |
sparkiegeek | oh, gaughen beat me to that question | 15:41 |
sparkiegeek | thanks! | 15:47 |
Tribaal | nice! | 15:47 |
Tribaal | thanks a | 15:48 |
Tribaal | all | 15:48 |
* Tribaal waves | 15:48 | |
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | LXC: Clones | Url: http://summit.ubuntu.com/uos-1406/meeting/22281/lxc-clones-snapshots-and-nesting-oh-my-a-demo/ | ||
gaughen | about to start the next session - LXC: Clones, snapshots and nesting, oh my! A demo. | 16:01 |
apw | gaughen, you are live | 16:02 |
bmullan | I'd still like to see juju be able to deploy all of openstack using local provider for all openstack services | 16:02 |
gaughen | apw, cool thanks! | 16:02 |
jamespage | gaughen, hallyn: can you increase the font size please? | 16:03 |
rbasak | The color of that background looks like puke! | 16:03 |
apw | gaughen, yeah that ... | 16:03 |
marcoceppi | bmullan: almost everything in openstack can be deployed on LXC with the exception of like nova-compute, but who would want to put compute in LXC? | 16:04 |
tych0 | rbasak: you puke different colors than i do :-) | 16:04 |
gaughen | rbasak, remember this is hallyn... we're just happy he's in a hangout. | 16:04 |
jamespage | gaughen, ++ | 16:05 |
roadmr | font size is ok now | 16:05 |
rbasak | gaughen: yeah I'm impressed. What did you have to do to him? :) | 16:05 |
rbasak | Yeah that always bothered me. I never want a tty and can never remember the escape sequence so I never use it. | 16:07 |
roadmr | ctrl-a q (like closing "screen") | 16:08 |
rbasak | I've never used that sequence in screen. I either close the last window (ctrl-d) or detach (ctrl-a d), etc. | 16:08 |
roadmr | QUESTION: can you lxc-attach as a non-root user? | 16:09 |
rbasak | I do: lxc-attach -n foo -- login -f ubuntu | 16:09 |
rbasak | Then I get a login shell | 16:09 |
roadmr | oh nice! thanks | 16:09 |
gdeciantis | Would this be different with aufs? | 16:15 |
gdeciantis | QUESTION: Does aufs have the same gotcha on shared files as overlayfs? | 16:16 |
bmullan | with SDN taking over in the Datacenters... what is Ubuntu Openstack doing in this area or are you relying on neutron solely for this | 16:19 |
gaughen | jamespage, can you answer bmullan's question | 16:20 |
gdeciantis | Thanks! | 16:21 |
jamespage | bmullan, sure - all solutions for openstack are based on neutron for SDN - but the packages support several different plugins | 16:21 |
jamespage | bmullan, NVP/NSX and the ML2 plugin are supported via Juju charms right now | 16:22 |
gaughen | gdeciantis, no problem, sorry for the irc nick name pronunciation. ;-) | 16:22 |
gdeciantis | You nailed it | 16:22 |
bloodearnest | I've had this device busy thing before - needed to reboot the vm to free it up | 16:22 |
urulama | QUESTION: is this documented anywhere? There are many parameters to deal with :D | 16:26 |
roadmr | urulama: in the lxc man pages, and stgraber has a great series of blog posts illustrating many of the more arcane parameters | 16:27 |
stgraber | https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/ | 16:27 |
mattyw | QUESTION: download isn't a template in precise - is there a way to get it on precise? | 16:28 |
urulama | great, tnx | 16:28 |
mattyw | ok thanks | 16:29 |
apw | gaughen, and soooo small font | 16:30 |
gaughen | apw, just had him fix that. realized I was leaning fwd and squinting | 16:30 |
rbasak | Green font with black background definitely wins appreciation from me :) | 16:30 |
hallyn | note the ":mixed" is implied | 16:31 |
* gaughen rolls her eyes | 16:31 | |
hallyn | (well, only with cgmanager) | 16:31 |
hallyn | good i wanna see 10.0.5.1 | 16:34 |
roadmr | I read that stgraber has a local mirror of the archive :) a poor man's option is to install apt-cacher-ng and configure it in /etc/default/lxc; IIRC, containers will be auto-setup to apt-get stuff from the cache too, so FTW | 16:37 |
hallyn | (the list is on my screenshare for root user fwiw) | 16:40 |
bloodearnest | QUESTION: (or a request really) - more about setting up unprivileged containers please! :) | 16:40 |
hallyn | bloodearnest: thursday we'll go over that in great detail | 16:41 |
bloodearnest | hallyn: ack, thanks | 16:41 |
hallyn | (I had planned on showing the basics, 2-3 steps, today, but as you can see we'd probably run out of time :) | 16:41 |
hallyn | java?? | 16:43 |
mattyw | This session has been great thanks very much everyone! | 16:45 |
stgraber | hallyn: yep, new from last week or so :) | 16:53 |
hallyn | #lxcontainers | 16:54 |
stgraber | https://linuxcontainers.org | 16:54 |
mattyw | thanks very much! | 16:54 |
urulama | Thanks everyone, loved the session! | 16:54 |
stgraber | https://lists.linuxcontainers.org for the mailing lists | 16:54 |
roadmr | thanks! | 16:55 |
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Currently no events are active in this room - http://summit.ubuntu.com/uos-1406/devops-2/ - http://irclogs.ubuntu.com/2014/06/10/%23ubuntu-uds-devops-2.html | ||
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | lxc in 14.10: planning session | Url: http://summit.ubuntu.com/uos-1406/meeting/22273/lxc-in-1410-planning-session/ | ||
hallyn | blueprint: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-u-lxc | 17:58 |
smoser | http://pad.ubuntu.com/uos-1406-lxc-in-1410-planning-session | 18:01 |
tych0 | http://criu.org/Main_Page | 18:05 |
xnox | please show smoser's backdrop zoomed in =) | 18:08 |
bmullan | any thoughts on moving from using lxcbr0/bridge to openvirtualswitch (OVS)? given excitement/use of containers now and larger container deployments... it would seem that OVS's programmabilty would have lots of advantages to LXC servers | 18:09 |
xnox | NICE =) | 18:09 |
gaughen | bmullan, will raise your question in a sec | 18:12 |
xnox | hallyn: ubiquity testing also wants mounting isos =) | 18:17 |
sforshee | xnox: if we get fuse working there's already an iso driver for it | 18:19 |
bmullan | it was nice seeing virt-manager now supporting LXC but its still pretty limited... will that get more capable in the future? | 18:19 |
smoser | yeah, the centos download sucks to work from. | 18:35 |
xnox | gaughen: stgraber is very fishy person, watchout! =) | 18:41 |
gaughen | xnox, lol | 18:42 |
stgraber | :) | 18:42 |
* xnox the art of convincing status updates | 18:42 | |
gaughen | xnox, it was just a confirmation of what I already knew.. gotta keep an eye on stgraber | 18:44 |
karambo | QUESTION why openstack? | 18:48 |
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Track: Cloud DevOps | Security team reads mean tweets | Url: http://summit.ubuntu.com/uos-1406/meeting/22278/security-team-reads-angry-tweets/ | ||
mdeslaur | \o | 19:00 |
sarnold | o/ | 19:01 |
sbeattie | woo | 19:02 |
xnox | \o/ | 19:02 |
xnox | \o\ | 19:02 |
dobey | nobody wearing a smoking jacket sat next to a fireplace? | 19:03 |
dobey | disappoint :) | 19:03 |
zul | mdeslaur: see? ^^^ | 19:03 |
sarnold | I am, but my laptop's camera isn't working. sorry. | 19:04 |
rbasak | http://www.ubuntu.com/usn/ | 19:05 |
rbasak | https://lists.ubuntu.com/archives/ubuntu-security-announce/ | 19:05 |
mdeslaur | http://www.ubuntu.com/usn/usn-2165-1/ | 19:05 |
mdeslaur | http://www.ubuntu.com/usn/ | 19:08 |
mdeslaur | http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html | 19:09 |
sarnold | it's so unfortunate you know that number by heart.. | 19:09 |
sparkiegeek | if I search for that CVE number on the search field at http://www.ubuntu.com/usn/ I get a CSRF error page | 19:11 |
sparkiegeek | 403 Django error | 19:11 |
sparkiegeek | :/ | 19:11 |
sarnold | ouch, thanks | 19:11 |
sparkiegeek | ahh, CVE tracker is http://people.canonical.com/~ubuntu-security/cve/ | 19:12 |
sparkiegeek | right? | 19:12 |
sarnold | sparkiegeek: correct | 19:12 |
sarnold | but the search box should still be useful :) | 19:12 |
rbasak | dpkg -l libssl1.0.0 | 19:13 |
smoser | $ dpkg-query --show libssl1.0.0 | 19:14 |
smoser | libssl1.0.0:amd641.0.1f-1ubuntu4 | 19:14 |
rbasak | dpkg-query -W libssl1.0.0 | 19:14 |
sarnold | dpkg -l 'foo*' | cat | 19:14 |
sparkiegeek | dpkg-query -W libssl1.0.0 | 19:14 |
rbasak | libssl1.0.0:amd641.0.1f-1ubuntu2.1 | 19:14 |
rbasak | libssl1.0.0:i3861.0.1f-1ubuntu2.1 | 19:14 |
sparkiegeek | so many different ways of finding it out :) | 19:14 |
mdeslaur | apt-cache policy libssl1.0.0 | 19:14 |
rbasak | openssl version | 19:15 |
rbasak | OpenSSL 1.0.1f 6 Jan 2014 | 19:15 |
sparkiegeek | at least once they get root, they can reboot it (j/k) | 19:22 |
sarnold | :) | 19:22 |
hallyn | and how do we know when we need to reboot? motd? | 19:22 |
hallyn | (assuming we're not logged in on the desktop) | 19:22 |
zul | keep your server powered off | 19:27 |
sparkiegeek | zul: hahaha | 19:28 |
rbasak | "apt-get install unattended-upgrades" or "dpkg-reconfigure unattended-upgrades" if you already have it installed. | 19:29 |
sarnold | fail2ban - ban hosts that cause multiple authentication errors | 19:29 |
rbasak | Configure it by editing /etc/apt/apt.conf.d/50unattended-upgrades | 19:29 |
rharper | do you want to get hackers? because that's how you get hackers | 19:29 |
smoser | cloud images come with ssh password auth disabled by default. | 19:29 |
sbeattie | smoser: \o/ | 19:29 |
kickinz1 | it can check other srevices too, and be customized | 19:30 |
kickinz1 | (fail2ban) | 19:30 |
sarnold | smoser: thanks :) | 19:30 |
smoser | the file is: /var/run/reboot-required | 19:33 |
sarnold | oh, I'm five days overdue for a reboot. neat. :) | 19:34 |
tyhicks | the most authoritative way to know if you need to reboot is to follow the Ubuntu Security Notices | 19:34 |
dobey | rbasak: is that apparmor profile radicale in the package? if not, can you generalize it and get it in the package? :) | 19:34 |
tyhicks | you can use those details to determine the status of your system | 19:34 |
tyhicks | IMO, the alert from motd tells me that I may need to reboot | 19:35 |
tyhicks | then I look at the USNs for more information | 19:35 |
hallyn | tyhicks: i haven't noticed that when i login which is why i asked | 19:35 |
smoser | for cloud-init, that config looks like: | 19:35 |
smoser | #cloud-config | 19:35 |
smoser | package_reboot_if_required: true | 19:35 |
smoser | package_upgrade: true | 19:36 |
rbasak | apt-cache policy libssl1.0.0 | 19:38 |
sparkiegeek | there's a "Supported: 5y" field in dpkg somewhere - is there an apt/dpkg command to extract that? | 19:39 |
smoser | $ apt-cache policy docker | grep utopic/ | 19:39 |
smoser | 500 http://us.archive.ubuntu.com/ubuntu/ utopic/universe amd64 Packages | 19:39 |
sparkiegeek | e.g. apt-cache show python | grep Supported | 19:39 |
rbasak | Any more questions before we go to mean tweets? | 19:40 |
smoser | i think we should get rid of irc | 19:41 |
smoser | and only use live tweeting for virtual uds | 19:41 |
tyhicks | sparkiegeek: I don't think there's any other tool that exposes the Supported field | 19:45 |
sparkiegeek | tyhicks: shame. Thanks | 19:45 |
smoser | i nominate gaughen as a honorary ubuntu security team member for this purpose | 19:45 |
sparkiegeek | +1 | 19:45 |
sarnold | I believe the Supported fields aren't properly maintained | 19:46 |
tyhicks | I was wondering about that... | 19:46 |
hallyn | lol - #yolo | 19:47 |
sparkiegeek | hahahaha shopping! | 19:49 |
smoser | ask the guy without his picture in the video if *he* thinks its a privacy issue | 19:49 |
smoser | * AppArmor is teh suck. | 19:50 |
smoser | @melgray 2009-06-04 https://twitter.com/melgray/status/1697960784 | 19:50 |
rickspencer3 | mdeslaur but think of the children! | 19:50 |
mdeslaur | hehe | 19:51 |
sparkiegeek | "Translated from Estonian by bing" | 19:51 |
smoser | * Damn you AppArmor. Damn you. | 19:51 |
smoser | @garethgreenaway 2012-12-04 https://twitter.com/garethgreenaway/status/276067285762981888 | 19:51 |
smoser | * WHAAAAAAAAAAAAAAAAA???? RT @linux_training Canonical Will Remove Java From Ubuntu http://bit.ly/uZNE61 | 19:51 |
smoser | @nickraptis 2011-12-16 https://twitter.com/nickraptis/status/147803800105791489 | 19:51 |
mbruzek | what? | 19:51 |
mbruzek | smoser, This is fake right? | 19:52 |
smoser | mbruzek, not fake. listen. old. | 19:53 |
smoser | * Linux is totally secure. The only reason my Ubuntu system patches itself constantly is that it likes to look busy and productive | 19:53 |
smoser | @jamesbannan 2011-10-11 https://twitter.com/jamesbannan/status/ | 19:53 |
sparkiegeek | smoser: not a good URL | 19:53 |
sbeattie | mbruzek: and openjdk is still there in the archive. | 19:53 |
nxvl | QUESTION: Where did mdeslaur's other half went? | 19:53 |
smoser | * Heartbleed is a huge security bug, but it's hard to take seriously on Ubuntu because part of the fix is this: service whoopsie restart | 19:53 |
smoser | @gknauss 2014-04-07 https://twitter.com/gknauss/status/453396609699553280 | 19:53 |
sparkiegeek | hahahah | 19:54 |
smoser | * OpenBSD feels like it's been engineered. Ubuntu feels like it's been deposited layer by layer over time, like guano in a bat cave. | 19:54 |
smoser | @cortesi 2011-08-23 https://twitter.com/cortesi/status/106216551602065411 | 19:54 |
sbeattie | mdeslaur: we should add 'service whoopsie restart' to all our USN texts. | 19:55 |
sarnold | haha | 19:55 |
smoser | golf clap for security team | 19:55 |
=== ChanServ changed the topic of #ubuntu-uds-devops-2 to: Currently no events are active in this room - http://summit.ubuntu.com/uos-1406/devops-2/ - http://irclogs.ubuntu.com/2014/06/10/%23ubuntu-uds-devops-2.html | ||
tyhicks | don't let us fool you | 19:56 |
tyhicks | we make our own messes from time to time :) | 19:56 |
sparkiegeek | thanks guys! | 19:56 |
sarnold | thanks :) | 19:59 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!