=== ValicekB_ is now known as ValicekB
[00:47] <jamespage> coreycb, neutron-vpnaas uploaded - ta
[00:50] <jamespage> coreycb, manila also sponsored - ta
[00:51] <jamespage> coreycb, final freeze kicks in tomorrow - worth noting - release team will be aware that openstack release will be coming down the pipe - as we're not on media we should be OK
=== markthomas is now known as markthomas|away
=== SJrX is now known as SJr
=== neurotus is now known as Guest47710
=== Lcawte|Away is now known as Lcawte
[10:58] <adun153> Sanity check: Is there a very good reason not to use LVM over DRBD,  when the DRBD disk has already been provisioned as an LV? I just want to make an LVM PV highly-available.
[11:04] <RoyK> why don't you just put drbd on the disk or md device and then lvm on top of that?
[11:06] <adun153> Let's say that this is a system with "running targets", all underlying HDs are configured into a sinlge RAID5.
[11:06] <adun153> *single
[11:06] <adun153> to make it "flexible", LVM was layered on top of the RAID5 disk.
[11:07] <adun153> and then it was found out that certain data needed to be DRBD'ed, so LVs were used to quickly provision DRBD disks.
[11:08] <adun153> Now, those "highly-available" DRBD disks need to have an LVM on top.
[11:08] <adun153> Is there a show-stopping problem with that? Efficiency is not important, just data integrity/safety.
[11:11] <RoyK> adun153: can't you just use drbd on top of md- or hwraid and then just resize drbd if the underlying storage is resized?
[11:13] <adun153> RoyK, I'm pretty averse to that, since that would mean that I would have to re-partition on a running system.
[11:13] <RoyK> why partition?
[11:13] <RoyK> there's no need for partitions
[11:16] <adun153> Do you mean that I can use a file as a DRBD backing storage?
[11:16] <adun153> rOYk
[11:16] <RoyK> adun153: erm... I don't get it
[11:16] <RoyK> adun153: you said you had one big raid-5 for data, right?
[11:17] <adun153> Yes.
[11:17] <RoyK> or do you have the root there as well?
[11:17] <adun153> Iyep
[11:17] <RoyK> *not* recommended
[11:17] <adun153> already have partitioned that
[11:17] <RoyK> use a dedicated disk or pair of disks for the system
[11:17] <adun153> I know
[11:17] <adun153> :D
[11:18] <RoyK> where's your /boot?
[11:18] <adun153> Let's say that this is a system I inherited.
[11:18] <RoyK> let's say it's better to reinstall the PoS to make it right :P
[11:18] <adun153> That's in /sda1 of the RAID5 array.
[11:18] <RoyK> I didn't know grub could boot from raid5
[11:18] <adun153> But what if it is not just possible?
[11:18] <RoyK> oh
[11:18] <RoyK> sda1
[11:18] <RoyK> damn
[11:19] <RoyK> so what if that disk dies?
[11:19] <adun153> It's HW RAID, so this is all kind of transparent to the OS.
[11:19] <adun153> the OS sees it all as a single, large, physical disk.
[11:19] <RoyK> adun153: it should be perfectly possible if the other end of the DRBD mirror isn't installed ;)
[11:20] <RoyK> then just setup the new system the way things should be done and reconfigure the other afterwards
[11:20] <adun153> You mean if the DRBD peers, aren't up? :p
[11:21] <adun153> So, to my original answer: yes?
[11:21] <adun153> *question, I mean.
[11:21] <adun153> RoyK It is not *totally* insane, right? As in, it would work?
[11:21] <RoyK> well, it sounds a mess, but I wouldn't think it should be a problem to use hwraid -> lvm -> drbd -> lvm -> somefs, no
[11:25] <adun153> RoyK, alirght, thanks :D
[12:12] <coreycb> jamespage, ok thanks
[12:35] <ciscam> ubuntu core is a big lie
[12:36] <RoyK> ciscam: why is that?
[12:36] <ciscam> it's awesome and intuitive how it generally works, but nothing's actually working.
[12:37] <ciscam> not much of a preview if you can't do a thing but set basic configurations
[12:43] <OerHeks> lots of things to do with snappy core, http://www.unixmen.com/getting-started-with-snappy-ubuntu-core/
[12:44] <ciscam> also no command completion in snappy
[12:45] <ciscam> and I can't seem to get the test webservers running, nor find a form of manual or documentation on the installed snappys
[12:47] <ciscam> they only play with snappy in that link
[12:47] <ciscam> I did that. besides the missing autocmpletion it's nice
[12:48] <ciscam> also the help text is like it's made from a newbie
[12:48] <OerHeks> Seems like they can use your help :-)
[12:49] <ciscam> nice! ubuntu has a pastebin
[12:50] <ciscam> I'd really like to do what I am able to
[12:50] <ciscam> at least details like this: http://paste.ubuntu.com/12788696/
[12:50] <ciscam> why would the [OPTIONS] parameter be described with the heading 'help options'? that is illogical
[12:52] <ciscam> how would you communicate something like this?
[12:54] <ciscam> If I knew my way around git could I just somehow propose this as a change, easily checkable and approvable by a dev with limited time?
[12:59] <ciscam> It'd be awesome if snappy could be daily drivable by this yeart
[13:22] <jcastro> hey sarnold, check this out: https://major.io/2015/10/14/what-i-learned-while-securing-ubuntu/
=== shirgall_ is now known as shirgall
=== markthomas|away is now known as markthomas
[16:42] <atralheaven_> Hello. I get "Permission denied (publickey)." error when I try to ssh to my server. how can I solve it?
[16:48] <pmatulis> atralheaven_: first make sure the server you're connecting to is the one you should be connecting to and that the user account you're attempting to log into has the appropriate public key installed
[16:49] <atralheaven_> pmatulis: I've checked, Im sure about it
[16:49] <pmatulis> atralheaven_: check /var/log/auth.log on the server
[16:51] <atralheaven_> how can I be sure that owner of the keys in the .ssh folder is the user?
[17:12] <atralheaven_> pmatulis: please take a look at output of ssh -v: http://pastebin.com/4Z0x2RYc
[17:20] <pmatulis> atralheaven_: looking
[17:22] <pmatulis> atralheaven_: yep, key auth problem
[17:22] <pmatulis> atralheaven_: did you check the server logs as advised?
[17:23] <atralheaven_> no, I thought you mean logs on local machine. I'll look at it now
[18:06] <atralheaven_> pmatulis: fixed :)
[18:07] <pmatulis> at... grrr
=== Malediction_ is now known as Malediction
=== markthomas is now known as markthomas|away
[18:39] <sarnold> jcastro: interesting, it's always nice to get an outsider's perspective. the automatically-starting-daemons thing is going to be miserable to fix.. and funny enough I saw bug report about that just the other day
[18:40] <jrwren> it was recently discussed on debian-devel too.
[18:40] <sarnold> jcastro: I tried to find a chapter and verse to quote fromthe debian manual that covers automatically starting daemons but couldn't find one
[18:41] <sarnold> jcastro: .. and funny enough, just last week I was -also- annoyed that we don't have anything like suse's /etc/permissions to keep track of what permissions, users, groups, are expected..
[18:41] <sarnold> jcastro: and there's just no getting around the fact that our apparmor profiles are woefully thin :(
[18:41] <jcastro> I am convinced that that's just an ecosystem thing
[18:41] <jcastro> RH people expect it not to start, Debian people expect a service to run when you apt-get install it
[18:42] <jcastro> IMO it's not that big a deal in a world of config management
[18:44] <maswan> Also, Debian people don't expect a service to run *if* the service requires configuration in order to run. But, say, installing bind and getting a working resolver is the intentional result
[18:44] <jcastro> indeed
[18:45] <dft> um, Bruce Campbell invented "Boom"
[18:45] <dft> ugh wrong window
[18:45]  * dft bows out
[19:00] <sarnold> maswan: heh, bind may in fact be a better argument in favor of not starting the service: you may want a dns recursor, you may want a dns authoritative, you may want both, you probably have to configure ACLs on the recursor to prevent running an open recursor, or at least configure which NICs it should bind to, etc...
[19:01] <maswan> sarnold: If you want authorative you need to reconfig, but until then you get a recursor, so what?
[19:02] <sarnold> maswan: is it open?
[19:02] <maswan> sarnold: default acl is localnet
[19:02] <sarnold> no one likes contributing to ddos networks..
[19:02] <maswan> well, localhost + localnet
[19:03] <maswan> so for a serious recursor, you might need to enlargen the ACLs, but for just handling your LAN of servers or clients it "just works"
[19:06] <|TheWolf|> Hi!
[19:10] <|TheWolf|> I need to upgrade from Legacy Grub to Grub2 on a 14.04 server. The "official" upgrade guide (https://help.ubuntu.com/community/Grub2/Upgrading) recommends an approach for which you need BIOS access (chainloading), which I don't have. Are there any obvious problems with simply installing the grub-pc package and then running "upgrade-from-grub-legacy" ?
[19:23] <OerHeks> |TheWolf|,  sudo apt-get install grub-pc # this should do the trick
[19:25] <|TheWolf|> OerHeks : when prompted, I decline the offer to do the chainloading stuff, I guess. And that's it?
[19:25] <arcsky> anyone know any good malware protection for ubuntu?
[19:26] <OerHeks> |TheWolf|,  yes, that is ok, as described in that wiki
[19:28] <|TheWolf|> OerHeks : ok, thx!
[19:45] <EmilienM> so openvswitch had a new release 16h ago, and I think it's broken
[19:46] <EmilienM> https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1314887 - see my comment
[19:46] <ubottu> Launchpad bug 1314887 in openvswitch (Ubuntu Trusty) "ifupdown hook is missing in upstart script" [Undecided,New]
[19:47] <EmilienM> zul, coreycb ^
[19:52] <sarnold> arges: ^^^ https://bugs.launchpad.net/ubuntu/+source/openvswitch/+bug/1314887
[19:52] <ubottu> Launchpad bug 1314887 in openvswitch (Ubuntu Trusty) "ifupdown hook is missing in upstart script" [Undecided,Confirmed]
[19:52] <EmilienM> it's breaking a lot of CIs :)
[19:53] <coreycb> EmilienM, looking
[19:53] <EmilienM> http://logs.openstack.org/82/235482/1/check/gate-puppet-openstack-integration-scenario002-dsvm-trusty/bd79764/logs/syslog.txt.gz#_Oct_15_16_48_29
[19:53] <arges> sarnold: ok shall i revert it? Was patch piloting it
[19:53] <arges> or we could add extra logic if BRIDGES is empty
[19:55] <sarnold> arges: dunno, I just saw you had touched it..
[19:57] <coreycb> arges, arata just posted  a new patch
[19:58] <arges> coreycb: ok I just changed teh && to an if
[19:58] <arges> coreycb: pretty similar fix
[19:59] <arges> coreycb: i'll sponsor it
[20:01] <coreycb> arges, thanks
[20:01] <coreycb> EmilienM, we'll get that backported to the cloud archive asap once it's available in wily
[20:02] <EmilienM> coreycb: any timeline?
[20:03] <arges> EmilienM: just uploaded, last time it took 4-5 hours it seems...
[20:03] <NegativeFlare> Hey guys, I'm having an issues with trying to create a VM with virt-install. I think apparmor is preventing me from creating the VM. Every time I run the virt-install command I get this error in syslog: http://lpaste.net/143091
[20:04] <EmilienM> arges: ok thanks
[20:04] <coreycb> arges, thanks.  EmilienM I'll check back in 4-5 hours and backport to -staging at that point.  and likely get it into -updates tomorrow early.
[20:04] <jjohansen> NegativeFlare: that is just a status message about libvirt changing profiles
[20:05] <coreycb> jamespage, fyi ^
[20:05] <EmilienM> coreycb: ack
[20:05] <NegativeFlare> jjohansen: then why do I get this generic error message: http://lpaste.net/143092
[20:06] <jjohansen> NegativeFlare: no idea, just saying the other message you pointed out is not an apparmor denial
[20:06] <NegativeFlare> Alrighty
=== matsubara__ is now known as matsubara
=== markthomas|away is now known as markthomas
[21:40] <sarnold> NegativeFlare: are you a member of the libvirt group? you may need to use newgrp or sg in existing shells if you just added yourself to the group
[21:43] <NegativeFlare> sarnold: yes
=== Lcawte is now known as Lcawte|Away
=== dasjoe_ is now known as dasjoe
=== cryptodan_androi is now known as cryptodan