[14:42] <jamespage> o/
[14:55] <jamespage> http://pad.ubuntu.com/uos-1406-openstack-charms
[14:55] <beisner> o/
[15:02]  * Beret watches gaughen on TV
[15:07] <jamespage> any questions on stable policy
[15:07] <jamespage> ?
[15:07]  * jamespage looks at Beret
[15:07] <Tribaal> There's a session about the charm store later today
[15:08] <jamespage> Tribaal, thanks - I'll raise this then
[15:08] <Beret> jamespage, nope
[15:08] <jamespage> Beret, cool
[15:08] <sparkiegeek> jamespage: stable policy seems sane
[15:10] <Tribaal> QUESTION: lots of openstack charms rely on charm-helpers - are there plans to streamline the changes from charm helpers to openstack charms?
[15:11] <jamespage> Tribaal, I'll inject your question after this topic
[15:11] <Tribaal> jamespage: sure!
[15:12] <Tribaal> (there would be value to inject charm-helper branches before the tests run to prevent regressions)
[15:14] <sparkiegeek> QUESTION: Are these Amulet tests being run in CI? Where can I see the results?
[15:14] <jamespage> sparkiegeek, not yet but that is the plan
[15:14] <avoine> heh that was my question :)
[15:14] <jamespage> sparkiegeek, you should be able to grab a charm and run 'juju test' against it
[15:14] <sparkiegeek> jamespage: ok
[15:14] <Tribaal> cool
[15:15] <sparkiegeek> jamespage: each charm is tested in isolation?
[15:15] <jamespage> sparkiegeek, kinda - it can rely on charms already in store
[15:21] <sparkiegeek> beisner: (corey): jamespage: thanks guys. All makes sense
[15:21] <sparkiegeek> haha Tribaal's topic got skipped
[15:22] <Tribaal> :/
[15:22] <sparkiegeek> Tribaal: try to sneak in after gnuoy :)
[15:22] <jamespage> Tribaal, I've not forgotten you :-)
[15:22] <Tribaal> hehe
[15:23] <Tribaal> maybe that gives me the opportunity to rephrase: are there any plans to streamline changes from charm-helpers to various charms, and will/should there be a stable branch of charm-helpers as well?
[15:23] <sparkiegeek> lag on hangouts compared to pad makes for an interesting experience
[15:23] <Tribaal> hehe
[15:23] <jamespage> Tribaal, we have a stable branch for charm-helpers already
[15:24] <jamespage> (under ~openstack-charmers)
[15:24] <Tribaal> jamespage: ah, thanks
[15:26] <Beret> yeah, timing was a question I had
[15:27] <sparkiegeek> gnuoy: do you have published branches for this that we can preview?
[15:27] <Tribaal> gnuoy: what mailing list are you refering to in particular?
[15:27] <gnuoy> sparkiegeek, I'm going to send the details to openstack-charmers@lists.launchpad.net
[15:27] <Tribaal> ok
[15:28]  * sparkiegeek finds the sign up page
[15:28] <gnuoy> I'll add something to etherpad now
[15:28] <smoser> gnuoy, its there.
[15:28] <smoser> http://tinyurl.com/per67x3
[15:28] <sparkiegeek> "Policy: You must be a team member to subscribe to the team mailing list. "
[15:28] <smoser> oh. funny. duh. i thought sparkiegeek was going to join hangout.
[15:28] <smoser> duh.
[15:28] <Tribaal> oh - bummer
[15:30] <sparkiegeek> QUESTION: Can openstack-charmers@lists.launchpad.net be opened up for everyone to join?
[15:30] <Tribaal> sparkiegeek: +1
[15:30] <mattyw> QUESTION: Trove is mentioned in the pad - what are the plans for this charm (when is it likely to be available to play around with)
[15:35] <mattyw> jamespage, it does thank you
[15:41] <sparkiegeek> can you not do source -> package -> charm?
[15:41] <sparkiegeek> oh, gaughen beat me to that question
[15:47] <sparkiegeek> thanks!
[15:47] <Tribaal> nice!
[15:48] <Tribaal> thanks a
[15:48] <Tribaal> all
[15:48]  * Tribaal waves
[16:01] <gaughen> about to start the next session - LXC: Clones, snapshots and nesting, oh my! A demo.
[16:02] <apw> gaughen, you are live
[16:02] <bmullan> I'd still like to see juju be able to deploy all of openstack using local provider for all openstack services
[16:02] <gaughen> apw, cool thanks!
[16:03] <jamespage> gaughen, hallyn: can you increase the font size please?
[16:03] <rbasak> The color of that background looks like puke!
[16:03] <apw> gaughen, yeah that ...
[16:04] <marcoceppi> bmullan: almost everything in openstack can be deployed on LXC with the exception of like nova-compute, but who would want to put compute in LXC?
[16:04] <tych0> rbasak: you puke different colors than i do :-)
[16:04] <gaughen> rbasak, remember this is hallyn... we're just happy he's in a hangout.
[16:05] <jamespage> gaughen, ++
[16:05] <roadmr> font size is ok now
[16:05] <rbasak> gaughen: yeah I'm impressed. What did you have to do to him? :)
[16:07] <rbasak> Yeah that always bothered me. I never want a tty and can never remember the escape sequence so I never use it.
[16:08] <roadmr> ctrl-a q (like closing "screen")
[16:08] <rbasak> I've never used that sequence in screen. I either close the last window (ctrl-d) or detach (ctrl-a d), etc.
[16:09] <roadmr> QUESTION: can you lxc-attach as a non-root user?
[16:09] <rbasak> I do: lxc-attach -n foo -- login -f ubuntu
[16:09] <rbasak> Then I get a login shell
[16:09] <roadmr> oh nice! thanks
[16:15] <gdeciantis> Would this be different with aufs?
[16:16] <gdeciantis> QUESTION: Does aufs have the same gotcha on shared files as overlayfs?
[16:19] <bmullan> with SDN taking over in the Datacenters... what is Ubuntu Openstack doing in this area or are you relying on neutron solely for this
[16:20] <gaughen> jamespage, can you answer bmullan's question
[16:21] <gdeciantis> Thanks!
[16:21] <jamespage> bmullan, sure  - all solutions for openstack are based on neutron for SDN - but the packages support several different plugins
[16:22] <jamespage> bmullan, NVP/NSX and the ML2 plugin are supported via Juju charms right now
[16:22] <gaughen> gdeciantis, no problem, sorry for the irc nick name pronunciation. ;-)
[16:22] <gdeciantis> You nailed it
[16:22] <bloodearnest> I've had this device busy thing before - needed to reboot the vm to free it up
[16:26] <urulama> QUESTION: is this documented anywhere? There are many parameters to deal with :D
[16:27] <roadmr> urulama: in the lxc man pages, and stgraber has a great series of blog posts illustrating many of the more arcane parameters
[16:27] <stgraber> https://www.stgraber.org/2013/12/20/lxc-1-0-blog-post-series/
[16:28] <mattyw> QUESTION: download isn't a template in precise - is there a way to get it on precise?
[16:28] <urulama> great, tnx
[16:29] <mattyw> ok thanks
[16:30] <apw> gaughen, and soooo small font
[16:30] <gaughen> apw, just had him fix that. realized I was leaning fwd and squinting
[16:30] <rbasak> Green font with black background definitely wins appreciation from me :)
[16:31] <hallyn> note the ":mixed" is implied
[16:31]  * gaughen rolls her eyes
[16:31] <hallyn> (well, only with cgmanager)
[16:34] <hallyn> good i wanna see 10.0.5.1
[16:37] <roadmr> I read that stgraber has a local mirror of the archive :) a poor man's option is to install apt-cacher-ng and configure it in /etc/default/lxc; IIRC, containers will be auto-setup to apt-get stuff from the cache too, so FTW
[16:40] <hallyn> (the list is on my screenshare for root user fwiw)
[16:40] <bloodearnest> QUESTION: (or a request really) - more about setting up unprivileged containers please! :)
[16:41] <hallyn> bloodearnest: thursday we'll go over that in great detail
[16:41] <bloodearnest> hallyn: ack, thanks
[16:41] <hallyn> (I had planned on showing the basics, 2-3 steps, today, but as you can see we'd probably run out of time :)
[16:43] <hallyn> java??
[16:45] <mattyw> This session has been great thanks very much everyone!
[16:53] <stgraber> hallyn: yep, new from last week or so :)
[16:54] <hallyn> #lxcontainers
[16:54] <stgraber> https://linuxcontainers.org
[16:54] <mattyw> thanks very much!
[16:54] <urulama> Thanks everyone, loved the session!
[16:54] <stgraber> https://lists.linuxcontainers.org for the mailing lists
[16:55] <roadmr> thanks!
[17:58] <hallyn> blueprint: https://blueprints.launchpad.net/ubuntu/+spec/servercloud-u-lxc
[18:01] <smoser> http://pad.ubuntu.com/uos-1406-lxc-in-1410-planning-session
[18:05] <tych0> http://criu.org/Main_Page
[18:08] <xnox> please show smoser's backdrop zoomed in =)
[18:09] <bmullan> any thoughts on moving from using lxcbr0/bridge to openvirtualswitch (OVS)? given excitement/use of containers now and larger container deployments... it would seem that OVS's programmabilty would have lots of advantages to LXC servers
[18:09] <xnox> NICE =)
[18:12] <gaughen> bmullan, will raise your question in a sec
[18:17] <xnox> hallyn: ubiquity testing also wants mounting isos =)
[18:19] <sforshee> xnox: if we get fuse working there's already an iso driver for it
[18:19] <bmullan> it was nice seeing virt-manager now supporting LXC but its still pretty limited... will that get more capable in the future?
[18:35] <smoser> yeah, the centos download sucks to work from.
[18:41] <xnox> gaughen: stgraber is very fishy person, watchout! =)
[18:42] <gaughen> xnox, lol
[18:42] <stgraber> :)
[18:42]  * xnox the art of convincing status updates
[18:44] <gaughen> xnox, it was just a confirmation of what I already knew.. gotta keep an eye on stgraber
[18:48] <karambo> QUESTION why openstack?
[19:00] <mdeslaur> \o
[19:01] <sarnold> o/
[19:02] <sbeattie> woo
[19:02] <xnox> \o/
[19:02] <xnox> \o\
[19:03] <dobey> nobody wearing a smoking jacket sat next to a fireplace?
[19:03] <dobey> disappoint :)
[19:03] <zul> mdeslaur:  see? ^^^
[19:04] <sarnold> I am, but my laptop's camera isn't working. sorry.
[19:05] <rbasak> http://www.ubuntu.com/usn/
[19:05] <rbasak> https://lists.ubuntu.com/archives/ubuntu-security-announce/
[19:05] <mdeslaur> http://www.ubuntu.com/usn/usn-2165-1/
[19:08] <mdeslaur> http://www.ubuntu.com/usn/
[19:09] <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-0160.html
[19:09] <sarnold> it's so unfortunate you know that number by heart..
[19:11] <sparkiegeek> if I search for that CVE number on the search field at http://www.ubuntu.com/usn/ I get a CSRF error page
[19:11] <sparkiegeek> 403 Django error
[19:11] <sparkiegeek> :/
[19:11] <sarnold> ouch, thanks
[19:12] <sparkiegeek> ahh, CVE tracker is http://people.canonical.com/~ubuntu-security/cve/
[19:12] <sparkiegeek> right?
[19:12] <sarnold> sparkiegeek: correct
[19:12] <sarnold> but the search box should still be useful :)
[19:13] <rbasak> dpkg -l libssl1.0.0
[19:14] <smoser> $ dpkg-query --show libssl1.0.0
[19:14] <smoser> libssl1.0.0:amd64	1.0.1f-1ubuntu4
[19:14] <rbasak> dpkg-query -W libssl1.0.0
[19:14] <sarnold> dpkg -l 'foo*' | cat
[19:14] <sparkiegeek> dpkg-query -W libssl1.0.0
[19:14] <rbasak> libssl1.0.0:amd64	1.0.1f-1ubuntu2.1
[19:14] <rbasak> libssl1.0.0:i386	1.0.1f-1ubuntu2.1
[19:14] <sparkiegeek> so many different ways of finding it out :)
[19:14] <mdeslaur> apt-cache policy libssl1.0.0
[19:15] <rbasak> openssl version
[19:15] <rbasak> OpenSSL 1.0.1f 6 Jan 2014
[19:22] <sparkiegeek> at least once they get root, they can reboot it (j/k)
[19:22] <sarnold> :)
[19:22] <hallyn> and how do we know when we need to reboot?  motd?
[19:22] <hallyn> (assuming we're not logged in on the desktop)
[19:27] <zul> keep your server powered off
[19:28] <sparkiegeek> zul: hahaha
[19:29] <rbasak> "apt-get install unattended-upgrades" or "dpkg-reconfigure unattended-upgrades" if you already have it installed.
[19:29] <sarnold> fail2ban - ban hosts that cause multiple authentication errors
[19:29] <rbasak> Configure it by editing /etc/apt/apt.conf.d/50unattended-upgrades
[19:29] <rharper> do you want to get hackers?  because that's how you get hackers
[19:29] <smoser> cloud images come with ssh password auth disabled by default.
[19:29] <sbeattie> smoser: \o/
[19:30] <kickinz1> it can check other srevices too, and be customized
[19:30] <kickinz1> (fail2ban)
[19:30] <sarnold> smoser: thanks :)
[19:33] <smoser>  the file is: /var/run/reboot-required
[19:34] <sarnold> oh, I'm five days overdue for a reboot. neat. :)
[19:34] <tyhicks> the most authoritative way to know if you need to reboot is to follow the Ubuntu Security Notices
[19:34] <dobey> rbasak: is that apparmor profile radicale in the package? if not, can you generalize it and get it in the package? :)
[19:34] <tyhicks> you can use those details to determine the status of your system
[19:35] <tyhicks> IMO, the alert from motd tells me that I may need to reboot
[19:35] <tyhicks> then I look at the USNs for more information
[19:35] <hallyn> tyhicks: i haven't noticed that when i login which is why i asked
[19:35] <smoser> for cloud-init, that config looks like:
[19:35] <smoser> #cloud-config
[19:35] <smoser> package_reboot_if_required: true
[19:36] <smoser> package_upgrade: true
[19:38] <rbasak> apt-cache policy libssl1.0.0
[19:39] <sparkiegeek> there's a "Supported: 5y" field in dpkg somewhere - is there an apt/dpkg command to extract that?
[19:39] <smoser> $ apt-cache policy docker | grep utopic/
[19:39] <smoser>         500 http://us.archive.ubuntu.com/ubuntu/ utopic/universe amd64 Packages
[19:39] <sparkiegeek> e.g. apt-cache show python | grep Supported
[19:40] <rbasak> Any more questions before we go to mean tweets?
[19:41] <smoser> i think we should get rid of irc
[19:41] <smoser> and only use live tweeting for virtual uds
[19:45] <tyhicks> sparkiegeek: I don't think there's any other tool that exposes the Supported field
[19:45] <sparkiegeek> tyhicks: shame. Thanks
[19:45] <smoser> i nominate gaughen as a honorary ubuntu security team member for this purpose
[19:45] <sparkiegeek> +1
[19:46] <sarnold> I believe the Supported fields aren't properly maintained
[19:46] <tyhicks> I was wondering about that...
[19:47] <hallyn> lol - #yolo
[19:49] <sparkiegeek> hahahaha shopping!
[19:49] <smoser> ask the guy without his picture in the video if *he* thinks its a privacy issue
[19:50] <smoser> * AppArmor is teh suck.
[19:50] <smoser>    @melgray 2009-06-04 https://twitter.com/melgray/status/1697960784
[19:50] <rickspencer3> mdeslaur but think of the children!
[19:51] <mdeslaur> hehe
[19:51] <sparkiegeek> "Translated from Estonian by bing"
[19:51] <smoser>  * Damn you AppArmor.  Damn you.
[19:51] <smoser>    @garethgreenaway 2012-12-04 https://twitter.com/garethgreenaway/status/276067285762981888
[19:51] <smoser>  * WHAAAAAAAAAAAAAAAAA???? RT @linux_training Canonical Will Remove Java From Ubuntu http://bit.ly/uZNE61
[19:51] <smoser>    @nickraptis 2011-12-16 https://twitter.com/nickraptis/status/147803800105791489
[19:51] <mbruzek> what?
[19:52] <mbruzek> smoser, This is fake right?
[19:53] <smoser> mbruzek, not fake. listen. old.
[19:53] <smoser>  * Linux is totally secure. The only reason my Ubuntu system patches itself constantly is that it likes to look busy and productive
[19:53] <smoser>    @jamesbannan 2011-10-11 https://twitter.com/jamesbannan/status/
[19:53] <sparkiegeek> smoser: not a good URL
[19:53] <sbeattie> mbruzek: and openjdk is still there in the archive.
[19:53] <nxvl> QUESTION: Where did mdeslaur's other half went?
[19:53] <smoser>  * Heartbleed is a huge security bug, but it's hard to take seriously on Ubuntu because part of the fix is this:  service whoopsie restart
[19:53] <smoser>    @gknauss 2014-04-07 https://twitter.com/gknauss/status/453396609699553280
[19:54] <sparkiegeek> hahahah
[19:54] <smoser>  * OpenBSD feels like it's been engineered. Ubuntu feels like it's been  deposited layer by layer over time, like guano in a bat cave.
[19:54] <smoser>    @cortesi 2011-08-23 https://twitter.com/cortesi/status/106216551602065411
[19:55] <sbeattie> mdeslaur: we should add 'service whoopsie restart' to all our USN texts.
[19:55] <sarnold> haha
[19:55] <smoser> golf clap for security team
[19:56] <tyhicks> don't let us fool you
[19:56] <tyhicks> we make our own messes from time to time :)
[19:56] <sparkiegeek> thanks guys!
[19:59] <sarnold> thanks :)