/srv/irclogs.ubuntu.com/2017/05/03/#ubuntu-server.txt

help-im-stuckthem all does nowdays00:20
help-im-stucklxd.... been on it all day00:29
help-im-stuckjust want a vpn+dnscrypt-proxy that gives out ip's to other containers such as my torrent-lxc00:30
sarnolddoesn't each lxd container get their own network stack? i'm curious if 'gives out ips' is realistic or feasible00:31
help-im-stuckthey get their ip from the lxcbr0.. managed by dnsmasq.. wonder if a lxc could create a bridge on the host..00:34
help-im-stuckit could work with static routing00:41
help-im-stucki'm so tired of my crappy hardware for my "server".. wish esxi har support for the nics.. or if i had money to buy a nic that is supported by esxi00:45
=== CodeMouse92 is now known as CodeMouse92__
TLoFPHow well supported is ZFS in Ubuntu 17.04? I have to decide between Motherboard Raid 0 and a ZFS implementation; any suggestions?03:20
YankDownUnderTLoFP, I made the mistake of ReiserFS a long time ago...I shan't do that again...03:21
YankDownUnderTLoFP, If this is a VM situation - you can experiment..given the time and energy and ambition...03:22
TLoFPYankDownUnder: unfortunatly I have no time :P03:22
YankDownUnderTLoFP, THAT can be a problem.03:22
TLoFPYankDownUnder: this is going to be an 2x4TB for a video system03:22
TLoFPI will have two days to get the system operational, and that includes reinstalling the Hyper-V host03:23
TLoFPso I am preparing the ubuntu VM ahead of time so that I will be ready to deploy once the host is operational03:23
TLoFPunfortunaly that means I don't get to really play with the direct attach disks untill deployment though03:23
YankDownUnderTLoFP, In considering 1.) Time frame 2.) Application 3.) Priority => I'd not "experiment" with ZFS...too many "unknowns" in the mix for comfort.03:24
TLoFPYankDownUnder: thanks, thats kind of what I was trying to feel out with "how well is it supported"03:24
YankDownUnderTLoFP, I'd also RE-THINK using 17.04 - since it is NOT an LTS release...03:25
YankDownUnderI'd love to say that "problems MAY happen in upgrades/updates" - but nowadays I'd be more apt to say "problems WILL happen"...ergo, sticking to LTS releases...yadda yadda yadda.03:26
TLoFPYankDownUnder: ture I hadn't thought about that03:27
TLoFPI just read ubuntu systems are only supported for 9 months, LTS is 5 years... wow03:28
TLoFPI though the regular relases had 2 year support, boy was I wrong03:28
YankDownUnderTLoFP, "Plan the work, work the plan" - K.I.S.S. - saves YOU time and frustration/stress/anxiety.03:28
TLoFPso 16.04 must be a little over a year old now, yes? and in about a year we will see 18.04 LTS at which point 16.04 will be 2 years old03:30
TLoFPeventually I will have to upgrade.. so I am not sure that the fear of upgrading really makes sense03:30
TLoFPplus it is a VM so making a backup and restoring is trivial, shoudl something go awray03:30
YankDownUnderYeah...something like that...I can wait for 18.04...ain't like it's a stress...and things just work...and if they don't work, there's enough resource that is DEPENDABLE to get it to work...know what I mean?03:31
TLoFPYea03:31
TLoFPI think what I am most afraid of is me03:31
YankDownUnderPutting off "upgrades" - like on a two year basis - ain't a bad thing. Gives one time to "work it all out" prior to an actual upgrade...03:31
TLoFPin otherwords I "forget" to "maintain/update" 17.04 than in less then a year I am in a bad situation03:32
TLoFPwhereas 16.04 will continue to install security updates for almost half a decade without me having to do major/if any maintance03:32
YankDownUnderLess work, less stress.03:33
TLoFPYankDownUnder: either your old or you work in IT... wise words03:34
YankDownUnderI started in 86, bro.03:34
TLoFPi'll stick to 16.04 and upgrade to 18.04 if im in a good place when it comes out03:34
lyn||ianI run development releases day to day on my laptop but still use LTS for servers03:35
YankDownUnderTLoFP, In giving a solution that is "rock solid" to the client, you're only ensuring your own reputation for "doing the right thing" and being also dependable...03:35
TLoFPlol, it's been a while I am afraid I hadn't even seen day light back then03:35
TLoFPYankDownUnder: true. This is a high risk / high reward client too. Failure would be unacceptable. (read: the wife) hahah  :D03:36
YankDownUnderWife: Most important client. Do *NOT* fail client.03:36
TLoFPPretty much03:37
YankDownUnderTLoFP, Women do NOT forget. Anything. Ever. Infinitely.03:37
TLoFPtrue words03:38
TLoFPthat still leavs: crappy on-board raid 0 or ubuntu-software raid 0.03:39
YankDownUnderKinda been married a few times...AND some...ahem...yersh...MEANWHILE, back to the topic - the entire ideology about building ON and around an LTS release is safer in the long run, and you're warranted support. As well, since it's tried and true and tested, your "support" toward the client would be minimal (without hardware issues).03:39
TLoFPunfortunatly I am not a pro, but I know enough that pro's typically look at motherboard raid controllers with distain. But that was years ago and typically had to do with higher raid systems that actually have to do parity calculations03:40
TLoFPYankDownUnder: true03:40
TLoFPYankDownUnder: i'll take that to heart and play with 17.04 on my desktop sandbox. I get to have both :D03:40
YankDownUnderTLoFP, Software based RAID is easy to fix. Hardware based RAID - well, things can (and generally will) go "south"03:41
TLoFPYankDownUnder: and performance of RAID 0? overhead?03:43
YankDownUnderTLoFP, It's a server OS...YOU tweak the performance of the disk i/o...YOU tweak the server to do - well, whatever...and it's all tweak-able...hardware based RAID is, well, not very tweak-able...given the situation with the OS running in a VM and all that lovely jazz...hmm...03:44
TLoFPYankDownUnder: I figured i might get away with less dedicated resources to this particular VM, thus freeing up more for others03:45
YankDownUnderTLoFP, You're running a VM on a machine - and the VM is talking to external drives...what is this "host" machine doing aside from just hosting a VM?03:46
TLoFPYankDownUnder: the host is being downgraded from 2012 R2 to Win10; it will host a Ubuntu-server install with minimal resources. Three 2012 R2 or 2016 Servers (Storage Server, Domain Controller, Radius Server) and a Ubuntu-Desktop VM03:49
TLoFPYankDownUnder: to clarify the drives are internally connted SATA drives.03:49
YankDownUnderI have an absolute dislike/loathing/deep seated hatred for ANYTHING MS based - server or otherwise. Sorry.03:49
TLoFPYankDownUnder: I get that, and I don't blame you for it.03:50
YankDownUnderI was around before MS destroyed the industry and turned it into a complete lie/scam/legal nightmare/lie/illusion/lie/scam/lie...03:51
TLoFPI have tried to ditch MS many times but my professional career has always prevented me from doing that03:51
TLoFPso at some point I decided to put on the waders and embrace the sh*t03:52
YankDownUnder...hence my move to Mac and linux...clients were told to either switch or be ditched. The ones that switched have all been very happy. The ones that were ditched - whinged about it - some came around eventually - the rest still try to "bait" me into fixing their crud.03:53
TLoFPIt's not possible in many cases. Allot of software runs only on WinSux03:54
YankDownUnder"That which you allow - continues" - I'll take a higher ground. I will stay away from it and stay in the niche and in the background. MS already has planted the seeds for their own destruction. Long ago. I'll just sit in the background making use of OS's that have lived a longer life...hmm... :)03:55
TLoFPYankDownUnder: nice play. Just in case you haven't heard, but apparenlty MS is embracing linux/open source now03:56
TLoFPalso btw. I am currently having this issue with my boss: how do you explain to people that open-source isn't evil?03:57
TLoFPor even, what I take for granted, that open-source is NOT less secure than MS but in fact more secure due to its open-source nature03:57
TLoFPidk... that both souded really stupid when I read it back03:57
TLoFPbut the really is I am dumbfounded when somebody tells me that they think MS is more secure "because it is a closed software and thus people don't know how to exploit it"03:58
YankDownUnderF.O.S.S. newsletters and open document media presentations. Always good to offer information to the uninformed.03:58
TLoFPlike all exploits ever where discovered by reading the source code.... sigh03:58
YankDownUnderCould show the documentation about "Section 7"...hmm...03:59
YankDownUnderEither which, I digress.04:00
cpaelzergood morning everybody05:36
lordievaderGood morning.06:13
SkittishtriggerI could use the advice for 16.04-server.  No ufw or isp tables (All disabled/flushed, etc atm)  Installed a basic lamp(apache/info.php all work as expected. all defaults)then did basic vsftp server.  Functioned with basic setup locally and remotely(did the ssl/userlist/chroot_list setup) everything worked fine up until the chroot_list.  Removed/purged reinstalled, default config, no response/connection refused.08:38
SkittishtriggerEver ran into this on a simple vfstp setup or possible have a point in the direction I should be using??.08:38
SkittishtriggerMaybe I am missing something for 16.04(14 was the last I was really active with servers at all)08:39
sarnoldSkittishtrigger: check netstat -tlnp output to see what state the socket is in08:40
sarnoldof course I took long enough to find your question that there's a chance it's already fallen out of the various TIME_WAIT states and is free to use again08:41
Skittishtrigger(lol) ya, that was the first think I tried. everything was listening where it should be at the time(in the middle of purging it all again. lol)08:41
SkittishtriggerI am probably missing something obvious since I am so tired.08:42
sarnolddo you -need- an ftp server? it's a terrible protocol..08:42
Skittishtriggerit is, and I set up ftp then do sftp08:43
SkittishtriggerI might have to just go with something like elfnider08:43
Skittishtriggereflnider/slfidner08:44
Skittishtriggerscrewit. close enough08:44
=== KaeltenAway is now known as Kaelten
cpaelzerrbasak: I also mass submit remaining Delta this morning even though hope is low to be taken given what happened last time09:31
cpaelzerrbasak: I'd guess if we really want that Delta in I'd need to adopt ntp in Debian09:32
cpaelzera step I considered but not yet want to take09:32
cpaelzerwe will see how things work with this round of changes09:32
cpaelzeryou also remember the long set of potential-delta we submitted last year09:32
cpaelzerthat isn't in either09:32
cpaelzerskip the last sentence09:33
cpaelzerbut it is not accepted09:33
cpaelzerthe only thing that was accepted is accepted wrong (bug closed no change done)09:33
cpaelzerI already reopened09:33
TafThorneI am trying to setup a telnet server on an Ubuntu test machine (I need it because I am writing a noddy Telnet client on an eCos platform and want a server to test against).  I have tried following a few instructions about installing xinetd and telnetd and editing the /etc/init.d/xinetd files but I don't think the server is accepting traffic.  Any time I try to connect in I get a connection refused.  Can anyone suggest what I am missing?10:34
tomreynTafThorne: the servers (both inetd and telnetd) will be logging, check their log files.10:40
tomreynstart with /var/log/syslog10:40
tomreynTafThorne: also, are you aware that you can run ssh clients on eCos? there are multiple implementations.10:41
tomreynmy understanding is that even in RTOS people are starting to move away from insecure protocols wherever possible.10:42
TafThornetomreyn: I am working on a _very_ old version of eCos with a few layers of a 3rd partie's code and then my code on a resource constrained platform.10:43
tomreynokay, i just felt the need to point it out in case you have other options.10:44
TafThornetomreyn: I cannot add new utilities to the eCos system.  Only write my own little bif of applicaiton code to run on the side.  These coms should all stay inside the metal case of the unit so security on the channel is not that critical. Thanks for checking though.10:44
TafThornetomreyn: all static linking and using 3rd party closed code too.  Else I would be looking at getting someone else's anything client installed.10:45
tomreyn:-/ hope you can finish that task soon. ;)10:46
TafThorneWe really, really, really want to move on to a more modern Linux Kernel.10:47
tomreynhere are some hints on making inetd log more: http://ubuntuguide.net/install-and-enable-telnet-server-in-ubuntu-linux10:48
tomreynany luck with the logs?10:49
TafThorneAnyway back to telnet.  In the syslog I can see http://pastebin.ubuntu.com/24504511/10:49
TafThorneAnd further down I have noticed that freshclam is still moaning "freshclam[1036]: WARNING: getpatch: Can't download daily-21693.cdiff from db.local.clamav.net" becasue once appon a time I used apt-cacherng and it seems to think its a full http mirror proxy even after it is disabled >_<10:51
tomreyncan you also share the configuration file(s) you modified?10:51
TafThorneSure10:51
tomreyn"missing service keyword [file=/etc/xinetd.d/telnet] [line=1]" sounds like an issue10:51
TafThorneThat bit did look a bit iffy to me too http://pastebin.ubuntu.com/24504515/10:52
tomreyni'm not sure about initd configuration really, haven't used it for ages, but i guess this line is wrong, or misplaced: telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd10:53
tomreynalso uncomment the log_type statement so you actualyl get logs10:55
tomreynso the "telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd" line should probably go into /etc/inetd.conf (no 'x' there!)10:56
tomreyn(so not into /etc/xinetd.d/telnet where you have it now)10:58
tomreynAs a result, /etc/xinetd.d/telnet will start with a 'service' line, which it must.10:58
tomreyn(comments as indicated by a # character are ok)10:58
tomreyndoes this help?10:59
TafThorneOK I shall try out those suggestions.  I will be AFK for a couple of minutes while I run out to the sandwidch van.10:59
TafThorneIt does all sound helpful.  Thank you.10:59
Harishello all11:00
tomreyngood luck. i may or may not be around when you return11:00
tomreynhi Haris11:00
Harisdirectoryindex is not working on 14.04 lts apache 2.4.7, even after explicit mention in vhost config11:01
HarisI have a laravel framework in a vhost, where I'm redirecting / to /public via index.html. that index.html is not being found. apache is returning me an empty page for /11:02
Harison the vhost11:02
Haris..laravel framework install+. ...11:02
Harismost likely directoryindex function is not working. I'v verified, the dir mod is loaded, so it should be working out of the box11:03
TafThornetomreyn: I am back.  I shall give your suggestions a spin.11:04
tomreynchances are you have conflicting or overriding configurations?11:04
tomreynHaris: ^11:04
tomreynhttps://httpd.apache.org/docs/2.4/mod/mod_dir.html#directoryindex is the documentation11:05
HarisI agree. that may be the case11:05
tomreynHaris: maybe you have a .htaccess file with an Options statement aroudn somewhere?11:05
Harishmm11:05
Harisnot on / path11:06
Harisin /public yes11:06
tomreyntemporarily disabling .htaccess files via https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride may help identify this11:06
HarisOptions -MultiViews <---11:06
Harisin /public/.htaccess11:06
Harispasting vhost config11:08
tomreynthat might help11:08
tomreyn"Options -MultiViews" is not an issue in this context11:09
Harishttps://pastebin.ca/380664011:11
Haristhis is my vhost config file11:12
Harismost other than this is out of the box11:12
TafThornehmm... got a little further, syslog had complaints about the only_from and access_times lines so I dropped those.  No errors now but no telnet either.11:12
tomreyncan you post your updated configurations?11:12
Hariswhich updated ones11:13
tomreynthis was to TafThorne11:13
TafThorneSorry, I am confusing things.  I will do so.11:13
HarisDirectoryIndex explicit mention also doesn't help in making it work11:13
tomreynHaris: i can't access the pastebin:11:13
tomreynorry, an error has occurred. Reason: That is an invalid ID, or the post has expired.11:13
Harishttps://pastebin.ca/raw/3806640 ?11:13
tomreynthis one works, interesting11:14
Harishttps://pastebin.com/zz9QKz0P11:14
Ben64need more conf11:15
Hariswhich part ?11:15
Ben64/etc/apache2/apache2.conf probably11:15
Haristhat's the default one. no chagnes from my end in it11:15
Harischanges+11:15
Ben64oh well11:16
Ben64i tried11:16
HarisI was surprised not have found directoryindex on it11:16
Harison=it11:16
Harison=in11:16
TafThornetomreyn: here is my updated set of configs http://pastebin.ubuntu.com/24504607/11:16
tomreynHaris: and there's nothing in /var/log/apache2/devwebapp-error_log and /var/log/apache2/devwebapp-access_log ?11:16
Harisnope11:16
Ben64its a conf problem11:17
Haristhat's also surprising11:17
Harisit should at least say / was accessed11:17
Harisapachectl -t says OK11:17
Harisapachectl -S also says ok11:17
HarisAH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message <--- just this msg. but this is inconsequential11:17
Harisbut this won't detect conflicts11:18
tomreynTafThorne: /etc/init.d/telnet is not /etc/inetd.conf11:18
Harisapache is not even logging when I access /index.html or / specifically11:19
tomreynHaris: unless you have much traffic on this server, run tail -f across all apache log file and use it to find out which vhost your requests are hitting11:20
Harisalready doing that11:20
Haris=)11:20
tomreynyour requests seem to end up on a different vhost or the default vhost11:20
Haristhe index.html file only 3 lines of html code, for redirecting to /public11:21
Harishmm11:22
tomreyni'm suggesting that this file is never read or returned11:22
tomreynbecause your requests hit a different vhost11:22
TafThorne tomreyn: moved the file.11:23
tomreyn(but it's really just a guess)11:23
Harisits like links has cached the pages11:23
Haris:@11:23
tomreynHaris: use curl or wget -O- to debug this11:24
tomreynTafThorne: any change?11:25
Hariswget is getting the 3 liner html code i.e., <script> window.location = 'public'; </script>11:25
tomreynHaris:  "curl -I <url>" that is11:25
Harisperhaps its the links text browser which is not yet capable of going through html redirects ?11:26
tomreynokay so your index.html IS returned11:26
Harisyep11:26
Harislinks is just not parsing it correctly11:26
Harisor not giving the "user friendly" parsing11:26
Ben64still a conf problem11:26
tomreynhttp redicrections with javascript are ugly, why do you do this?11:26
HarisI just have the <script> 3 liner snippet in index.html11:26
TafThornetomreyn: I thought not based on netstat but I just tried to run telnet from PuTTY and it is working!  Thank you for all your assistance.11:26
Ben64yeah, should be a 301 or something though11:27
Haristhere's no 3xx in log :@11:27
tomreynTafThorne: a pleasure ;)11:27
Harisjust a 200 for / or /index.html11:27
Ben64no i mean do that instead of that silly redirect11:27
Harisat most11:27
tomreynright, use a Redirect statement11:28
TafThornetomreyn: I'll go try setting some IP range limits and things now.  Not the end of the world as I am behind a corporate firewall and I mostly trust my work colleges.11:28
tomreynTafThorne: trusting your co,legues helps with the work athmosphere ... and breaks stuff. ;)11:29
TafThornetomreyn: sounds about right11:38
=== petevg is now known as petevg_afk
cpaelzerrbasak: are you SRU duty anyway today?13:01
cpaelzerrbasak: and even if not might I ask for a share of this hat of yours :-)13:01
cpaelzerI just realized I might better continue to ask in ubuntu-release so that others can pick if they want as well13:02
rbasakSure13:02
cpaelzerjamespage: is there an even more minimal version of getting openstack to control my system than e.g. the conjure-up openstack?13:31
cpaelzerjamespage: all I'd need is a setup good enough to verify bug 1643911 - it seems with openstack out it just works :-/13:31
ubottubug 1643911 in OpenStack Compute (nova) "libvirt randomly crashes on xenial nodes with "*** Error in `/usr/sbin/libvirtd': malloc(): memory corruption:"" [Medium,Confirmed] https://launchpad.net/bugs/164391113:31
yossarianukhi - how can I use EFI using mdraid (software raid)15:10
yossarianuki.e I cannot use swraid for /boot/efi can i ?15:10
naccyossarianuk: swraid for /boot/efi makes no sense, afaict15:13
compdocyou would hope mdadm would also clone the the boot sections15:13
yossarianuknacc: so how do I use mdraid with EFI ?15:14
yossarianukor is it best to go back to legacy  and use biosboot partition to still use GPT ?15:14
yossarianuki.e the EFI partition would need to be on every disk (in case the primary disk fails)15:15
yossarianuki.e how should I deal with mirroring the EFI partition on other disks if not using RAID?15:19
naccyossarianuk: i'm not sure15:22
naccyossarianuk: i would be amazed if your bios can understand a raid'd efi partition15:22
naccyossarianuk: unless youmean you are just mirroring all your disks15:22
naccyossarianuk: efi requires efi system partition is fat32 as recongized by bios15:23
naccyossarianuk: i think you'd basically need to partition the disks similarly15:24
naccyossarianuk: and then dd sda1 to sdb1 etc15:24
naccyossarianuk: and raid the non-/boot/efi dirs15:24
naccyossarianuk: *partitions15:24
naccyossarianuk: and then you'd need multiple efi menus15:24
naccyossarianuk: e.g., https://www.centos.org/forums/viewtopic.php?t=4695215:25
yossarianuknacc: by multiple efi menus - do you mean i.e 1. ubuntu - sda 2. ubuntu -sdb , etc15:25
yossarianukok cheers15:25
yossarianuki guess its just a extra step when changing disks, etc15:26
naccyossarianuk: i think there is, e.g. efibootmgr15:26
yossarianukI may just go back to legacy and use biosboot (to use GPT with legacy)..15:26
naccyossarianuk: so you basically have to tell efi, there is another efi boot menu on this partition15:26
naccyossarianuk: and yeah, it'd be a distinct step on adding/replacing each disk in the RAID15:26
yossarianukthanks for your help15:28
naccyossarianuk: np15:30
tomreyninteresting discussion, i don't see how using BIOS + biosboot is an improvement over UEFI + ESP when it comes to data security though?15:46
tomreyni'd say you depend on a single disk / partition / file system and have no RIAD option in either configuration15:47
tomreynyossarianuk: am i wrong?15:47
tomreyn* RAID15:48
yossarianuktomreyn: you are right I believe16:01
yossarianukhowever you can install a bios boot  partiton on every drive, and gruib-install ... should pick it up I think..16:02
yossarianukI've chosen to try and use UEFI..16:02
yossarianukas soon enough therer will be no legacy option16:02
tomreyni guess what we'd need would be a patch to the shim package to add a script which allows for cloning the ESP to a list of given devices upon updates.16:03
yossarianukI used to use mdraid all the time, however when I did no one was really using UEFI..16:03
yossarianuktomreyn: that would be really useful.16:03
tomreynjust, i odnt feel qualified to develop it ;)16:04
tomreyn+ time + money yaddayaddayadda16:04
tomreynwith the bios boot partition i think you'd have the same issue - update grub would only update one of them by default, unless you run it manually and specify the secondary target16:05
yossarianuki thought you did (with bios boot)  -  grub-install /dev/sda /dev/sdb , etc16:07
tomreynthis said, i did a uefi firmware upgrade over the network from within the uefi shell the other day for the first time, and i find a proprietary firmware having this capability very scary.16:07
tomreynyes, you instruct grub to be installed to the given device this way. but when grub packages update, how does the updated boot block get written to all biosboot disks?16:09
tomreyn(IIRC it does not get written there automatically at all, you'll need to re-run the comand manually)16:10
yossarianukits the first time not using HWRAID in a while for me...16:12
yossarianukjust can't face using legacy - seems like a defeat..16:12
tewardGreetings to you all.16:45
drabhi, I'm trying to figure out how I'm supposed to do remote backups/snapshosts with zfs without creating a huge sec hole16:56
drabwhen I used to use things like backupninja the destination would be a directory owned by a backup user so even if they got in through that ssh key they wouldn't get access to the whole system (altho they'd have access to the backups, but that's unavoidable)16:58
drabwith zfs you need sudo to run it, so even if I created another user and allowed it to take snapts etc, being able to run zfs on the system would mean access to the whole system (assuming root on zfs)16:59
drabwith just a data partition and no root on zfs I guess I could add a backup user to sudoers to only use zfs and that's the best I've managed to get so far17:00
drabany other idea?17:00
drabanother option I guess would be to stream to files into a spool dir on the remote machine and then have another cron to zfs receive and delete the snaps17:04
blizzowI have a wad of servers running 16.04.2 with intel x504-t2 10GBe network cards plugged into netgear 10GBe switches.  I am going to set the MTU to 9000 on the NIC interfaces and on the switches. Anyone here know what other tunables I should be setting and what they should be set to?17:09
cncr04sall devices on the 10g switches should be set to 9000 then17:11
cncr04sif you talk to internets from there, it will have to fragment the packets then, which is not ideal.17:13
blizzowI have a pfSense firewall cluster talking to the internets.17:14
blizzowNo other kernel tunables I should be setting?17:14
blizzowWhat about VMs running on those ubuntu based servers?  They're running bridged interfaces.17:15
cncr04sset the mtu to 9000 on those too17:15
cncr04smtu is just the mtu, comms are done by ip protocols and work with the mtu size17:16
=== JanC is now known as Guest52042
=== JanC_ is now known as JanC
meenaHello happy people o/~18:53
meenaI'm debugging an issue where a freshly provisioned VM doesn't show any signs of PV / VG / LV18:54
ikoniaok ?18:54
meenaThis is Ubuntu 16.04.2, we setup pv on our second disk, create vg01, and two lvs18:55
ikoniaso what have you done to debug this ?18:56
meenanow, the funny part is, i can18:56
meenao_O i honestly don't know what's going on any more.18:57
ikoniaso what have you done to debug this ?18:57
meenaikonia: usually, before i join an irc channel to ask a question i have collected all the facts, command outputs, links to bugs, etc…18:58
ikoniaso what have you done to debug this ?18:58
meenahowever, in this particular case, nothing matches up, i think i'll have to restart gathering facts.18:59
meena(is ikonia a bot?)18:59
ikoniano18:59
ikoniaI'm asking what you have actually done to debug this18:59
C-Ottoikonia: enjoy life19:00
meenaaah, cool. i'm destroying my work in a loop.19:58
meena*that* does dfinitely explain why it's non-deterministic.20:05
rflemingGreetings.  Can anyone recommend a fast, lightweight, secure DNS server?20:12
blizzowdjbdns?20:16
blizzowbind?20:16
meenarfleming: for which purpose?20:17
drabrfleming: authoritative or recursive?20:19
mybalzitchimperial or metric20:20
drabwait, there's something else besides the metric system?20:21
meenain two countries, yes.20:21
rflemingAuthoritative20:22
rflemingInternet20:22
rflemingSorry... got distracted in #ubuntu-offtopic20:22
rflemingI've been toying with djbdns, but it's not real 'friendly'20:23
rfleming:)20:23
drabrfleming: for prod/heavy loads or local stuff?20:23
rfleminginternet facing for a domain20:24
rflemingI don't think it'll get hit too hard20:24
drabprvoided that if you ask 10 ppl you'll probably get 10 different answers and maybe even some good reasons, for me it boils down to:20:25
drabmaradns for simple things, bind for simple-to-grow-or-large20:25
draband if you need any fancier backends, pdns20:25
drab(powerdns)20:25
rflemingthere will be several domain names served, but most of them will have a CNAME pointing to the primary domain20:26
drabdjb ime is just a pita, I don't see the value added to justify the headaches20:26
rflemingand the primary domain only has <10 A records and <5 CNAME records...20:26
rflemingthrow in MX, TXT for _dmarc, _domainkey and spf... and the odd-man-out SRV record.20:27
rflemingdo any support replication?20:28
drabrfleming: pdns and bind do, I don't think maradns does20:29
rflemingOK.  Thanks for you input.20:30
rflemingI'll poke around some of those.20:30
drabrfleming: in case you haven't seen it, it's reasonably good comparison chart: https://en.wikipedia.org/wiki/Comparison_of_DNS_server_software#Feature_matrix20:31
rflemingnow THAT is something I haven't seen.20:32
rflemingThanks for that20:32
blizzowBIND has everything.20:33
rflemingblizzow: including the kitchen sink20:35
rflemingCorrect me if I'm wrong... Split-horizon is the ability for the DNS server to offer up different data depending upon where the call originates?20:35
blizzowcorrect20:36
rflemingok, cool.  That's handy20:36
rflemingI guess I'm going to use BIND :)20:37
blizzowI found learning and managing it to be painful, but I've never used the webmin module. Once learned and set up, it was pretty damn reliable. Especially after using source code management to store the BIND configs. We did end up using djbdns to do some reverse lookup caching and blacklist lookup because that was just really, really fast.20:42
blizzowand small.20:43
=== arooni_team_b is now known as arooni
=== akaWolf1 is now known as akaWolf
=== dork_ is now known as dork

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!