[06:28] <lordievader> Good morning.
[09:28] <jamespage> coreycb, zul: bumped new versions of oslo.db and vmware into utopic for ceilometer
[09:30] <kubblai> hi i have W: Failed to fetch http://gb.archive.ubuntu.com/ubuntu/dists/precise/Release.gpg  Connection failed [IP: 91.189.92.200 80] error on 12.04.5 server. I have tried rm -rf /var/lib/apt/lists/* with a clean but no luck
[09:31] <kubblai> I have also tried removing the gb. from apt/sources.list
[09:31] <jpds> kubblai: It says Connection failed.
[09:32] <jpds> kubblai: Tried checking the connection between you and that IP?
[09:33] <skataria> I need help, i have ubuntu 12.04 and openssl 1.0.1 but it's not support for TLSv 1.2 how i can i enable it with my server so i can enable with apache
[09:45] <kubblai> jpds if i try with de or fr or gb it fails
[09:46] <jpds> kubblai: Works for me.
[09:50] <jpds> skataria: https://serverfault.com/questions/372943/ssl-tls-1-2-on-apache-with-openssl-1-0-1
[09:52] <kubblai> jpds: i can wget the file but it retries 5 times with HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.
[09:53] <kubblai> jpds: mtr shows no packetloss between my host and the ip 91.189.91.15
[09:55] <skataria> thanks jpds let me check for that
[10:06] <skataria> jpds: i don't understand that link as i checked supported version of my ssl server and it's showing Supported versions: SSLv3 TLSv1.0 TLSv1.1
[10:06] <skataria> it's not showing TLSV1.2 then how can i add it
[10:14] <kubblai> ah jpds there is an issue with my wireless i believe, I'm getting loads of DUP!'s when pinging that host
[10:26] <jpds> skataria: Change the config as the link suggests?
[10:37] <jamespage> zul, also fixed tooz - the problem was the git generated orig.tar.gz
[10:37] <jamespage> switching to the actual upstream release tarball makes everything just work
[10:58] <jamespage> zul, working on re-enabling the neutron test suite
[11:16] <Vladimir_> I have set a script that execute a timestamp script every 10 minutes, it adds a time/date for all the files that has changed during the past 10 minutes, the problem is it adds timestamps to files that has already got its timestamp, so it just adds over and over again :/
[11:24] <zul> jamespage: im going to update oslo depdenencies this morning
[11:42] <coreycb> jamespage, zul: I'm looking at the python-glance-store test failures
[11:43] <coreycb> jamespage, zul: looks like several of the python-xstatic syncs haven't happened yet
[12:06] <jamespage> coreycb, re xstatic yes that is the case
[12:06] <jamespage> zul, did you see I updated db and vmware?
[12:06] <jamespage> and fixed up tooz
[12:07] <jamespage> zul, we also need a MIR for oslo.serialization
[12:27] <zul> jamespage: yep going to do that today
[12:28] <jamespage> zul, three neutron failures - something is racey
[12:28]  * jamespage digs some more
[12:28] <zul> jamespage: surprised?
[12:28] <jamespage> zul, no
[12:28] <jamespage> they pass individually
[12:29] <rrittenhouse> If I dd a drive from an ubuntu server (with one nic, eth0) why does it register as eth1 or eth2 in some cases? Is there a quick fix or script to run to have it re-detect the drives like it does on a normal install? Thanks.
[12:30] <smb> hallyn, I got the patches I care about back on top of libvirt 1.2.8. Do you want to peek at things or shall I just push the upload?
[12:32] <zul> jamespage: yeah i did see you did the updates as well
[12:32] <jamespage> zul, awesome
[12:32] <zul> jamespage: im going to update oslo.messaging
[12:32] <jamespage> zul, having a distro day today - charms tomorrow
[12:32] <jamespage> zul, +1
[12:33] <zul> jamespage: i usually do 50/50...most days
[12:33] <jamespage> zul, I didn't bump to the very latest of things
[12:33] <jamespage> just to the minimum requirement
[12:33] <zul> ok
[12:33] <jamespage> zul, oh - we might need to bump eventlet as well - I've avoided it so far
[12:33] <zul> jamespage: ok ill do that this morning
[12:33] <jamespage> zul, lets check first
[12:34] <jamespage> zul, zigo has a new version in experimental - the very latest oslo.vmware wanted it but the previous release was OK
[12:34] <zul> jamespage: ok
[12:35] <zul> jamespage: dhellman is also cutting the final oslo libraries today, mostly just version bumps though
[12:35] <jamespage> zul, ack - eventlet bug - https://bugs.launchpad.net/ironic/+bug/1321787
[12:35] <jamespage> zul, awesome
[12:36] <jamespage> zul, let me know if you need to pickup anything
[12:36] <jamespage> zul, fyi I've been reviewing minimum requirements and updating d/controls'
[12:36] <zul> jamespage: sure
[12:36] <jamespage> ceilometer done and uploaded, neutron still working on tests
[12:36] <zul> jamespage: i have a charm question for n-c-f later though
[12:37] <zul> jamespage: im going to make sure we have the latest clients as well
[12:41] <zul> jamespage: i dont know if you saw this but rather than patching out requirements.txt i been adding depdencies to pydist-overrides so that they dont get installed so we carry less packages
[12:41] <zul> patches
[12:42] <jamespage> zul, that does not always work depending on how things are loaded
[12:42] <jamespage> stevedore can error with that
[12:42] <jamespage> it parses requirements and explodes....
[12:42] <zul> doh
[12:43] <zul> jamespage: well it was websockify and rtlsib i think
[13:31] <hallyn> smb: are they just re-writes of xen patches whcich were ther epreviously?
[13:31] <hallyn> smb: if so, then just push.  if new, then i'll take a look
[13:31] <smb> hallyn, no, just rewrite/adds
[13:32] <smb> ok, I will push them
[13:51] <hallyn> smb: thx
[13:59] <zul> jamespage/coreycb: just updated python-novaclient, python-glanceclient, python-swiftclient, python-cinderclient, python-keystoneclient, python-neutronclient, if there is no major bugs between now and release these are the versions we are gonig with
[13:59] <jamespage> zul, so we probably need keepalived dependency for the neutron l3 agent
[14:00]  * koolhead17 looks around
[14:00] <zul> in neutron or neutronclient?
[14:01] <jamespage> zul, neutron - but the feature is not inb3
[14:02] <jamespage> grrr
[14:02] <jamespage> anyway - I'll leave that for now
[14:02] <zul> jamespage: lovely
[14:03] <zul> jamespage: saw this as well https://review.openstack.org/#/c/121509/
[14:04] <jamespage> zul, meh - thats a bugfix - no objection to that.
[14:04] <zul> jamespage: apparently you have to wait for 1.0.4
[14:55] <zul> jamespage: final oslo.messaging uploaded, oslo.serialiazation MIR is (#1371163)
[15:05] <jamespage> zul, awesome
[15:06] <jamespage> zul, cinder/barbicanclient?
[15:06] <jamespage> just revising versioned depends and noticed that one
[15:06] <zul> jamespage: right
[15:08] <zul> jamespage: 1371171 for barbicanclient
[15:09] <jamespage> bug 1371171
[15:44] <jamespage> zul, tidying cinder right now btw
[15:45] <jamespage> versioning checking etc...
[15:45] <zul> jamespage: cool just doing the final oslo namespace stuff
[15:46] <zul> jamespage: olso.config, oslo.db, olso.messaging have been updated so far
[15:47] <zul> jamespage,: a newer oslo.db might fix the database races in neutron tests
[15:47] <jamespage> zul, might do - lets see
[15:47] <zul> jamespage: yep
[15:48] <jamespage> zul, I hit the button of despair a few times to get it to go through
[15:48] <zul> jamespage: lol
[15:50] <zul> coreycb,done
[17:29] <zul> jamespage/coreycb: we should be good for oslo dependencies for juno now
[17:29] <coreycb> zul, nice
[17:31] <jamespage> zul, awesome
[19:23] <jdstrand> hallyn: hey, what do you use to create a container for use with libvirt-lxc?
[19:23] <hallyn> jdstrand: https://wiki.ubuntu.com/SergeHallyn_libvirtlxc
[19:23] <hallyn> substitute utopic for oneiric :)  but still works
[19:24] <jdstrand> rocking
[19:24] <jdstrand> thanks
[19:46] <jdstrand> hallyn: I'm not seeing that the container started under apparmor. is that enabled in 1.2.8-0ubuntu2?
[19:47] <hallyn> jdstrand: should be.  did /etc/libvirt/lxc.conf get installed for you from the new package ?
[19:47] <hallyn> should have security_driver = "apparmor"
[19:47] <jdstrand> yes
[19:48] <jdstrand> I wonder if I need to restart libvirtd
[19:48] <hallyn> huh.  definately was working in my test vms.  I assume you have /etc/apparmor.d/libvirt/TEMPLATE.lcx
[19:48] <jdstrand> cause I installed it, then installed lxc
[19:48] <jdstrand> well, no
[19:48] <jdstrand> I started a container
[19:48] <hallyn> no that shouldn't need that
[19:48] <jdstrand> I do
[19:49] <jdstrand> wow, that is a pretty open rofile
[19:50] <hallyn> ?
[19:51] <jdstrand> "file,"
[19:51] <jdstrand> /etc/apparmor.d/libvirt/TEMPLATE.lxc
[19:51] <hallyn> hm, yeah.  that came from upstream.  might wanna tighten that down at some point
[19:51] <hallyn> but still, that will at least prevent cases where containers change your root disk to ro :)
[19:52] <jdstrand> that, lxc and docker.io should really have very similar profiles
[19:52] <jdstrand> anyhoo
[19:53] <jdstrand> virsh -c lxc:// capabilities|grep -C1 secmodel
[19:53] <jdstrand>     <secmodel>
[19:53] <jdstrand>       <model>none</model>
[19:53] <jdstrand>       <doi>0</doi>
[19:53] <jdstrand>     </secmodel>
[19:53] <hallyn> yeah, and both it and docker.io have ripped parts out of the lxc one :)  then opened it up
[19:54] <hallyn> serge@sl:~$ virsh -c lxc:/// capabilities | grep -C1 secmodel
[19:54] <hallyn>     </topology>
[19:54] <hallyn>     <secmodel>
[19:54] <hallyn>       <model>apparmor</model>
[19:54] <hallyn>       <doi>0</doi>
[19:54] <hallyn>     </secmodel>
[19:54] <hallyn>   </host>
[19:54] <hallyn> you've got /etc/apparmor.d/abstractions/libvirt/libvirt-lxc ?
[19:54] <hallyn> I don't know why you're getting htat.  weird.
[19:54] <jdstrand> oh, libvirt doesn't have its profile loaded
[19:55] <jdstrand> ok, that fixed it
[19:55] <jdstrand> hallyn: ^
[19:55] <jdstrand> that was almost certainly my fault
[19:56] <hallyn> how could that happen?
[19:56] <jdstrand> unloading it manually
[19:56] <jdstrand> I was playing around with the profile
[19:56] <jdstrand> I clearly made a mistake :)
[19:57] <jdstrand> hallyn: oh, I bet it was qrt that unloaded it
[19:58] <jdstrand> anyhoo, it is working
[19:59] <hallyn> hm, that reminds me, did i ever send the patch to the m-l to allow the apparmor security driver to be missing?  Probably not...
[19:59] <jdstrand> idr
[20:10] <jdstrand> hallyn: fyi, I'll be uploading ubuntu4 for a small apparmor change
[20:10] <hallyn> make that 5
[20:10] <hallyn> jdstrand: ^
[20:11] <hallyn> i've got a feeling this is gonna be touch-n-go for the next week :(
[20:11] <jdstrand> hallyn: launchpad is only showing ubuntu3
[20:12] <hallyn>  oh, right you are!
[20:12] <hallyn> that was qemu.  nm
[20:12] <jdstrand> ok, so I am free to upload ubuntu4?
[20:13] <jdstrand> hallyn: ^
[20:13] <hallyn> jdstrand: yes  :)  thx
[20:13] <hallyn> what are you changing?
[20:13] <jdstrand> add 'network netlink,' to usr.sin.libvirtd
[20:13] <jdstrand> sbin*
[20:14] <jdstrand> it is needed for the kernel pull request that will be hitting the kt list later today
[20:14] <jdstrand> it was supposed to by in my ubuntu6 upload from before, but I missed it
[22:14] <fridaynext> if i'm sending mail from domain1.com's website, but the 'from' address is from domain2.com, do I need dkim for domain2 in domain1's dns records?
[22:16] <shauno> fridaynext: no; if domain1 could do that, so could randomspammer.ru.  the from address is canonical - only domain2 needs the record
[22:18] <fridaynext> shauno: it's just weird, b/c I have dkim set properly for domain2.com - which is where the mail's being sent from - but the test show dkim is not working properly when sent from domain1.com's wordpress site.
[22:19] <shauno> is domain1 signing anything?
[22:19] <fridaynext> I have it set up in my keytable, but i'm not sending anything from that domain.
[22:20] <fridaynext> like, nothing from example@domain1.com is being sent - but i do have an opendkim keytable entry for that domain
[22:21] <shauno> I mean is it signing stuff on behalf of domain2
[22:21] <fridaynext> It appears to not be.
[22:22] <fridaynext> when i send an email to brandonchecketts test DIRECTLY from domain2, it shows the dkim sig
[22:22] <fridaynext> but when i send 'from' that same email address, but via the domain2.com wordpress site's mailpoet plugin, the dkim sig does NOT show.
[22:23] <fridaynext> domain1 is using google apps for email
[22:24] <shauno> so that'll be where it's failing; not that it can't find the pubkey (so dns isn't an issue yet), but that there's no signature to even check
[22:24] <fridaynext> shauno: how do I fix that?
[22:25] <shauno> I'd assume you'll need the wordpress install to use domain2 as a mail relay (since the chances of getting google to install your dkim key is .. low)
[22:26] <fridaynext> I'm using google's dkim on domain1
[22:27] <fridaynext> well, there's this: https://wordpress.org/plugins/easy-wp-smtp/
[22:27] <fridaynext> I think Google limits the number of emails you can send at a time, but this site is not super highly trafficked, so I'm guessing that won't be an issue
[22:27] <fridaynext> only about 40 regular customers
[22:28] <fridaynext> Should I remove domain1's domainkey generated on my server, since I'm now using Google's?
[22:29] <shauno> I'm re-reading trying to keep track of what's sending from where  heh
[22:29] <fridaynext> so friday-next.com is where email comes from
[22:29] <fridaynext> i have that set up with google apps
[22:30] <fridaynext> and i have added google's dkim as a TXT record for friday-next in my DNS settings
[22:30] <fridaynext> before I switched to google apps, i generated my own domainkey for my postfix/dovecot server, and put that domainkey as a TXT record
[22:30] <fridaynext> should I delete that home-grown domainkey from my TXT records, since I don't really need it any more?
[22:31] <shauno> I'm actually not sure what the result of having two conflicting pubkeys would be
[22:32] <fridaynext> it doesn't seem to be using the old one, so i'm guessing it's not a problem, but i'm pretty sure i don't need it any more
[22:32] <shauno> but I think the first thing would be to figure out why the signature isn't present in the mail wp sends?
[22:32] <fridaynext> well with that "Easy WP SMTP" plugin, it'll just send via smtp, which will add the dkim sig.
[22:33] <shauno> ah, okay.  so without it's just sending straight from that box rather than from google's mailservers (so no key)
[22:34] <fridaynext> right. but it would still be nice to know why it's not signing, for my other clients with sites on my box
[22:34] <shauno> then yes, I'd assume from there you just need the right pubkey published in the domain that matches the sender's address
[23:06] <roaksoax> .1/win 8