/srv/irclogs.ubuntu.com/2017/09/04/#ubuntu-server.txt

ideopathici'm trying to get a PXEServer going on 16.04.  I've seen various instructions out there,01:07
ideopathicbut i have not been able to get the machines to boot.  Getting the error "A bootable device has not been detected"01:08
drabideopathic: what steps have you followed?01:27
draba bootable device has not been detected just means that the network boot has failed01:27
drabdo you see the client getting an ip and a config or something? what happens on the client?01:27
drabthere's quite a few pieces to make this whole thing working: dhcp/tftp offer with the right file, config file for tftp, netbook on the client side01:28
ideopathicI see the client getting an ip from the server.  I I get the Checking Media Presence, Media Present message and then Start PXE over IPv401:29
ideopathicit then switches to IPv601:29
draband then of course luck and magic with the optional sacrifice of a nice bear to Stallman01:29
ideopathicfrom another client I can access the pxelinux.0 via tftp without issue01:30
drabideopathic: checking media presence? from the bios you mean?01:30
drabif it already has got an ipv4 I don't get why it'd be checking for media presence01:30
ideopathicThat's the message I get on the screen of the client attempting to boot via PXE01:31
drabmmmh, that doesn't sound like it's booting yet, if it says checking media file and fails that's still with the pxe boot manager01:31
drabnothing to do with tftp or your server setup01:31
drabwhen you say "start PXE over ipv4" , do you mean start looking for a kerbnel to download?01:32
ideopathicWhen the client machine starts up.. it returns the 3 lines Checking Media Presence...\nMedia Present...\nStart PXE over IPv401:34
ideopathicthe Start PXE over IPv4 turns into Start PXE over IPv6.  After a period of time, the screen clears and returns the message "A bootable device has not been detected"01:34
drabok, so the machine never receives a pxe offer01:38
drabit probably starts on ipv6 after having failed on v401:38
drabso your probably is most likely dhcp config01:39
drabif you run tcpdump on the dhcp server or the dhcp server in debug mode, do you see the client requestin an ip and getting back all info including the tftp ones?01:39
drab"A bootable device has not been detected" is normal since the disk has no Os installed and the PXE failed to receive a network boot offer01:40
drabideopathic: what's your dhcp server? what's your network layout? please paste your dhcp config01:40
drabdpaste.org01:40
drabor whatever youi prefer, just not in channel01:40
ideopathicdrab: https://dpaste.de/MF5B01:44
ideopathicthank you01:44
ideopathicI am testing node1 at the moment01:44
drabok, first obvious answer, does the mac address match?01:46
drabeer, question, not answer01:46
drablike are you 100% sure such as that you went into the bios, show system info and found the mac there and compared it?01:46
drabif not, where did you get the mac from?01:47
ideopathici scanned the mac from the machine.. but you're right.. let me double check01:47
drabideopathic: I mean, aside from pxe, you should still be seeing entries in syslog from dhcpd01:48
drabsuch as dhcpd: DHCPDISCOVER from ....01:48
drabif you don't see those your client isn't even trying to get an ip01:48
drabso your problem is far earlier than even pxe01:49
ideopathicyes: DHCPREQUEST for 10.10.10.101 (10.10.10.10) from f4:4d:30:6f:19:1a via eno101:49
ideopathicDHCPACK on 10.10.10.101 to f4:4d:30:6f:19:1a via eno101:49
drabok good, so that part is working fine01:50
drabideopathic: so then if you grep tftp /var/log/syslog, does it show anything?01:50
drabon 10.10.10.1001:51
ideopathicyes.. I'm seeing bind: Address already in use01:52
drab:)01:52
drabhow have you set up your tftp server?01:53
ideopathici've posted tcpdump: https://dpaste.de/XHAU01:53
ideopathicI pretty much followed this for the config: https://www.ostechnix.com/how-to-install-pxe-server-on-ubuntu-16-04/01:54
ideopathictftpd-hpa using inetd01:54
drabso you get what it shows in the link if you run systemctl status tftpd-hpa ?01:56
drabmeaning, it shows it as running?01:56
ideopathicshows running01:57
drabuhm, that links seems contradictory to me01:57
drabif you set the daemon to yes, then you don't want to run it through inetd01:57
drabwhich is probably where the "address already in use" error comes from01:57
drabit's one or the other01:58
ideopathicgot it.... i thought it odd too.01:58
drabbut then it shouldn't be your problem01:58
drabbecause tftp is already running and the tcpdump shows it's downloading a file01:58
drabso that also seems to be working01:59
drabwhat else do you get if you grep tftp /var/log/syslog ? can you dpaste that please?01:59
ideopathichttps://dpaste.de/Wsu402:01
ideopathici stripped out the inet conf02:03
drabok, can you try again without inet just in case for some reason that was causing trouble?02:05
ideopathicjust did.. no love02:06
drabok, that's fine, wasn't expecting it to, just worth checking02:06
drabso that looks odd to me because I see no request from the client02:06
drabyour tcpdump shows pxelinux.0 being downloaded02:07
ideopathicI think I solved it... I had to enable legacy boot on the intel nuc for this to work02:07
draboh, great02:07
ideopathicwow.. do you know any good links that might cover UEFI boot with Ubuntu?02:08
ideopathicdrab: thank you for working through this with me.. I was kind of stuck on my own.02:08
drabideopathic: I collected a couple when I was trying to do this myself, but never finished it because we didn't need it so badly to justify the investment02:13
drablet me look at my bookmarks02:13
drabideopathic: http://dpaste.com/0XGRQN802:15
ideopathicdrab: thank you!02:15
drabalso note that I do things over http, much faster for parallel installs than tftpd02:16
drabso the second links is about http02:16
drabwhich may not apply to you02:16
drabideopathic: if you figure it out I'd love to hear about it :)02:16
ideopathicgot.. will likely try a little later...02:17
ideopathici have apache running but i think something is off in the config as it's pulling from the interwebs.02:17
drabbbl02:20
lordievaderGood morning07:19
cpaelzerhi lordievader07:19
lordievaderHey cpaelzer, how are you doing?07:21
cpaelzeras good as it can be for a Monday I'd think :-)07:22
cpaelzerhow are you today?07:22
lordievaderDoing good here. Having a new keyboard at work :)07:25
lordievader(Played a little with it over the weekend though)07:25
dnegreirawhich keyboard ?07:30
* dnegreira looking into keyboards07:30
lordievaderA Ducky ONE TKL07:39
dnegreiralordievader: neat07:52
lordievaderI wanted a smaller one I could carry around if need be.07:53
dnegreiranumlock is mostly useless07:55
hateballit's impossible to find a proper TKL keyboard with swedish layout and no windows logo on it :<07:55
hateball(preferably backlit also)07:56
dnegreiras/numlock.07:57
dnegreiras/numlock/numpad07:57
lordievaderhateball: On these type of keyboards all keys are replacable. If you find a nice key for the win key, simply replace it.08:06
=== sammyg is now known as hakra
TJ-I've hit a problem with 16.04 server, network-manager and policykit, when remoted in over SSH. On the local console nmtui (the ncurses-based configuration tool) can edit system connections. On the remote session nmtui reports "Insufficient Privileges...". As far as I understand this is due to policykit actions but despite trying several alternate actions, and trying some rules, I've not been able to08:28
TJ-solve it. Any advice or hints on this?08:28
lordievaderSame user I presume? Does 'loginctl' show the same output?08:32
TJ-Yeah, same user. Obviously there's no PK agent as there's no GUI. I tried several variations of custom actions and rules but not found a solution so far when on SSH08:40
TJ-"same output" ? you mean "insufficient privileges"? plain "loginctl" just shows the current sessions (1 local, 1 remote)08:41
TJ-as well as some custom action attempts I've tried this rule:08:46
TJ-  if (action.id == "org.freedesktop.NetworkManager.settings.modify.system" &&08:46
TJ-        (subject.isInGroup ("sudo") || subject.isInGroup ("netdev"))) {08:46
TJ-    return polkit.Result.YES;08:46
TJ-I've got it to work setting ResultAny=yes" Action=org.freedesktop.NetworkManager.settings.modify.system Identity=unix-group:sudo  in /etc/policykit/localauthority/50-local.d/60-network-manager.pkla, but my initial reading of the docs suggested that ResultAny=yes wasn't very secure. I'd best reread that09:00
lordievaderI always got the idea that polkit was very related to logind.09:16
lordievaderDidn't the auth log point to why access was denied?09:16
TJ-There was nothing at all in auth09:26
lordievaderAh, you might need to add log statements in order to have polkit actually log things: https://www.freedesktop.org/software/polkit/docs/latest/polkit.8.html09:29
TJ-Yes, I tried that too, but couldn't find them anywhere in the recorded log files09:31
lordievaderNot in the systemd journal either?09:36
TJ-Nowhere09:39
gunixhow often should i update ubuntu serve?13:03
ogra_every time it tells you to at the login scrreen13:07
gunixogra_: not possible in production situations where downtime has to be agreed with by customers.13:11
ogra_well, then whenever your schedule allows ... what i meant to point out is that the machine tells you if there are updates available13:11
gunixogra_: normally distros have specifications regarding how long you can go without upgrades, without living in the fear that a big upgrade will break the system. for example, archlinux should be upgraded once per day, but debian can go for months without upgrades. debian testing should be upgrade once per week. debian sid should get upgraded daily.13:13
lordievadergunix: Updates do not necesarily mean downtime.13:13
gunixlordievader: ubuntu has weekly kernel upgrades13:14
lordievaderSo? Since when are you forced to reboot when there is a kernel update?13:14
lordievaderIf you have good reason to reboot to a new kernel once  month, you reboot  once a month.13:14
lordievaderAnd the above seems like a good reason to me.13:15
gunixsound like "do w/e you want and reboot when you can" :))13:15
lordievaderPretty much. Linux/Ubuntu won't force you to do anything. If a certain practice is wise is something different ;)13:16
* ogra_ highly doubts debian can go for months without upgrades 13:16
ogra_(unless you dont care about security at alll)13:16
lordievaderI'd do updates as often as possible. And reboot when necesary and possible.13:17
gunixogra_: it has kernel upgrades once every 2-3 months, and upgrades usually come as a huge pack, except security upgrades13:17
ogra_ubuntu LTS is in the same boat as debian stable though13:17
gunixogra_: isn't ubuntu LTS based on debian testing?13:17
ogra_no on unstable ... with 6months of stabilization13:17
gunixlordievader: i am not asking about what ubuntu forces me. i am asking how it is wise to do.13:17
ogra_wise is to do it every time there is a security update :)13:18
gunixogra_: do you have a link with that information?13:18
ogra_not really13:18
gunixogra_: wait a sec13:18
ogra_there are mailing lists where that was discussed ... i guess the ubuntu-devel ML13:18
ogra_there were a few LTSes in the beginjning where using testing was tried ...13:19
ogra_typically only if the release schedules have some bad overlap or so, so that unstable would be to risky13:19
gunixogra_: lts is based on debian testing and other versions are based on debian unstable13:20
ogra_gunix, https://wiki.ubuntu.com/LTS13:22
gunixwell, anyway, i am going to ask again, but rephrase: does ubuntu provide any official advice on how often the ubuntu server should be upgraded?13:22
ogra_"Starting with the 14.04 LTS development cycle, automatic full package import is performed from Debian unstable"13:22
ogra_every time you have a security upgrade :)13:22
gunixogra_: thank you, i didn't know that.13:22
gunixogra_: do you have a link?13:22
ogra_for what ?13:23
gunix ogra_ | every time you have a security upgrade :)13:23
maswanYeah, I'd recommend automatic updates13:23
ogra_well, thats common sense ...13:23
gunixi want to see the official page from ubuntu on this13:23
maswanPossibly with blacklisting of things that won't handle a restart well, like postrges for some applications using it, etc13:23
ogra_you dont want your production systems to run with open security holes13:23
gunixwell, equally if it makes sense or not, i need the recommandation from the website. that's what i am searching for :)13:23
ogra_i doubt thats anywhere written as recommendation simply because its a logical conclusion13:23
ogra_if theer is a known security hole you want it closed ASAP13:24
ogra_https://help.ubuntu.com/community/AutomaticSecurityUpdates btw13:25
gunixogra_: yes, that is clear.13:25
ogra_https://help.ubuntu.com/community/AutomaticSecurityUpdates#Using_the_.22unattended-upgrades.22_package13:25
ogra_that bit specifically13:26
gunixhmm. this should do. looks official enough. i will suggest automatic upgrades, with these articles as backup, and monthly reboots during security windows. thank you!13:27
tomreyngunix: it would be better to have two business processes - one which ensures monthly reboots, another which ensures reboots upon critical kernel vulnerabilities.15:19
tomreynyou dot want to sit around 30 days with a vulnerable kernel in case of critical security issues.15:21
gunixtomreyn: that sounds like a good plan15:25
tomreynyou could also just do the critical ones but this would only work if you can ensure it happening reliably and fast. or look into live kernel patching.15:28
gunixtomreyn: live kernel patching is not really that safe yet.15:52
tomreynHA is and always will be the bette roption15:53
* drab wishes ldirectord was simpler to manage15:55
madLyfelordievader: you around? i need your master on the server installer16:19
madLyfemastery*16:20
UssatTBH I will never trust live patching....on any of my systems....AIX/RHEL or Ubuntu16:21
jbichaAny suggested things people would like to see in 18.04 on the server side: LP: #161818816:33
ubottuLaunchpad bug 1618188 in ubuntu-meta (Ubuntu) "systemd journal should be persistent by default: /var/log/journal should be created; remove rsyslog from default installs" [Wishlist,Triaged] https://launchpad.net/bugs/161818816:33
jbichaprobably more of a Foundations thing, right? but it's nice when everybody agrees on taking the step16:34
madLyfemaybe you guys can help. i need to get the server installer to recognize my usb ethernet adapter. it has the module because if i complete the install w/o setting up the adapter i am able to manually set it up after boot by going into the network interfaces file.16:52
madLyfethe desktop live usb doesnt have a problem recognizing the adapter either.16:53
madLyfeso i just want to get it to recognize during install on server.16:54
=== JanC_ is now known as JanC
=== Bilge- is now known as Bilge
=== genpaku_ is now known as genpaku
=== X-Rob_ is now known as X-Rob
=== ulkesh_ is now known as ulkesh
=== Kamilion|ZNC is now known as Kamilion
=== beardfac1 is now known as beardface
=== Pici` is now known as Pici
=== drab_ is now known as drab

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!