| faekjarz | I'm upgrading my server from 16.04 LTS to 17.10, and i'm used to bring network interfaces up and down via ifup / ifdown. Now netplan seems to be the way to go - How do i bring IFs up and down with netplan? | 02:06 |
|---|---|---|
| sarnold | faekjarz: this kind of looks like you're supposed to use ip link set IFNAME up style commands https://wiki.archlinux.org/index.php/Network_configuration | 02:15 |
| faekjarz | sarnold: oh, i see, thank you | 02:19 |
| sarnold | faekjarz: heh, thanks for asking the question, I'd never found out how systemd-networkd is supposed to work before this :) | 02:20 |
| CryptoManiac | I have openvpn server running on Ubuntu 14. The server has its main IP address on eth0 and an additional IP from the host provider which I have assigned as an alias to eth 0:0. I've tried a lot of things so far to get my vpn traffic to see originate from the alias IP instead of the main server IP but it doesn't work. I edited the ufw before rules with these lines but still nothing... | 03:25 |
| CryptoManiac | https://pastebin.com/u5Z1XgPA | 03:25 |
| sarnold | CryptoManiac: a few wild guesses: try telling openvpn to bind to the specific IP address you want; or try assigning the IP directly to the interface without using the old "ip aliases" from oldentimes | 03:27 |
| drab | sarnold: after some conversations with zfs ppl, seems like the sync=always would have achieved the same as bcache | 03:33 |
| sarnold | drab: _really_? | 03:34 |
| drab | basically making the slog devices a cache in front of the platters | 03:34 |
| sarnold | drab: that's fasincating. DHE half the time suggests to people to use sync=disable :) | 03:34 |
| drab | that seems the agreement, yes, because then all writes go to the slog/ssd like we were discussing | 03:34 |
| drab | sarnold: well I ddin't say they recommended that :P | 03:34 |
| sarnold | damned freenode | 03:35 |
| drab | just that there was agreement the result would have been what I was wanting to achieve | 03:35 |
| sarnold | seems I'm not in ##Zfsonlinux and missed the whole thing | 03:35 |
| CryptoManiac | didn't anyone perhaps reply to my query? I was DC. | 03:35 |
| sarnold | CryptoManiac: oh sorry, I missed the disconnect, I gave some wild-ass guess.. | 03:35 |
| sarnold | CryptoManiac: a few wild guesses: try telling openvpn to bind to the specific IP address you want; or try assigning the IP directly to the interface without using the old "ip aliases" from oldentimes | 03:36 |
| CryptoManiac | ok | 03:36 |
| CryptoManiac | oh | 03:36 |
| drab | sarnold: after the convo I'm rethinking that indeed I wanna do that... to their point, if the writes are sync then it's already happening | 03:36 |
| drab | if they are async, then the app isn't waiting anyway, so latency is low | 03:36 |
| drab | basically it goes back to being a matter of losing data sort of, whihc wasn't what I was concerned with to begin with (at least for that <1sec sort of thing) | 03:37 |
| CryptoManiac | sarnold: Isn't the correct way still to assign an extra ip address to eth0:0 ? (That's what i meant by alias) | 03:37 |
| sarnold | CryptoManiac: just ip addr add ADDRESS dev eth0 | 03:38 |
| CryptoManiac | ok | 03:38 |
| drab | my 2c go to that ip addrs + ovpn bound to it | 03:38 |
| drab | that should do it | 03:38 |
| CryptoManiac | thanks guys :-) | 03:38 |
| drab | basically what sarnold said as usual ;) | 03:39 |
| CryptoManiac | will give it a shot | 03:39 |
| sarnold | drab: nice to know my WAG matches your 2c :) | 03:39 |
| drab | trust in sarnold, listen to no one else | 03:39 |
| drab | :P | 03:39 |
| sarnold | that's pretty good odds, hehe | 03:39 |
| sarnold | lol | 03:39 |
| sarnold | there's so many things I've never done before. | 03:39 |
| drab | it's ok, it's important to give ppl confidence :P | 03:39 |
| drab | so anyway, I think I'm convinced enough to stop thinking about this bcache thing with zfs, at least for the standard servers | 03:40 |
| drab | I think it still makes sense for some much older machines with little memory | 03:40 |
| sarnold | drab: yeah, that sounds about right | 03:40 |
| sarnold | drab: hrm, really? the flushes to disk are all tuned to happen when memory pressure or five seconds or when the application requests a sync write.. | 03:41 |
| sarnold | drab: fwiw I've heard arguments that it's worth restricting the size of l2arc on low-memory machines, since the kernel might have to keep a huge amount of l2arc metadata in RAM instead of the ARC .. | 03:42 |
| CryptoManiac | lol | 03:43 |
| drab | sarnold: will keep that in mind, thanks, right now I'm actually not even using l2arc as I'm doing mostly writes | 03:53 |
| sarnold | drab: aha :) I'm doing mostly reads, so l2arc is insanely good stuff | 03:55 |
| === njbair_ is now known as njbair | ||
| === Foritus_ is now known as Foritus | ||
| lordievader | Good morning | 07:02 |
| === JanC_ is now known as JanC | ||
| Vamp898 | Hi guys, i want to build a java package i can distribute in the company. I used the jdk1.8.0_152.tar.gz from Oracles homepage but make-jpkg keeps telling me "No matching packaging method was found for jdk1.8.0_152.tar.gz. Please make sure you are using a tar.gz or a self-extracting archive" | 09:42 |
| Vamp898 | I tried to unpack it --> works fine, everything is there and java works --> repack it with tar czf --> no difference | 09:42 |
| chron0 | how do I configure macsec with /etc/network means to come up at boot? | 11:14 |
| chron0 | or do I have to disable the config and use some rc.local script to set it up? | 11:14 |
| chron0 | or if no one ever used macsec, how do I put iproute2 commands into this config scheme? | 12:36 |
| chron0 | like "ip link add link eth0 macsec0 type macsec" | 12:36 |
| === lborda is now known as lborda_afk | ||
| daniman | Hey guys, i was installing ubuntu-server and the Ethernet doesn't work, no lights | 13:21 |
| Vamp898 | found it --> the package is not allowed to be named different than the original package | 13:28 |
| Vamp898 | so a simple "mv" fixed it | 13:28 |
| === pleia2_ is now known as pleia2 | ||
| === pitastrudl_ is now known as pitastrudl | ||
| drab | chron0: in what ubuntu version? for 1604 you can use /etc/network/interfaces if-up commands | 18:11 |
| drab | chron0: https://askubuntu.com/questions/168033/how-to-set-static-routes-in-ubuntu-server | 18:12 |
| drab | for example, see how they use the route command to add static routes | 18:12 |
| drab | you can do the same with ip command if that makes sense | 18:12 |
| drab | is there a standard facility one can use to monitor log files and run arbitrary commands on certain string matches? | 19:28 |
| drab | that may be | 19:35 |
| drab | "swatch" | 19:35 |
| * lordievader wouldn't be surprised if logstash offers something along those lines | 19:45 | |
| === JanC_ is now known as JanC | ||
| dpb1 | drab: logwatch is a good swiss-army knife that you should be familiar with. When you move to multiple systems, it can quickly get overgrown, but it's a good sinlge-to-handful of systems tool. | 20:34 |
| blizzow | I mounted a logical volume that I have formatted as ext4 on a server. When I type "mount" at a command prompt, the mount is not listed. | 20:35 |
| blizzow | When I do a df -h, the mount isn't listed there either. | 20:35 |
| blizzow | It's also not listed in /etc/mtab. | 20:35 |
| blizzow | I am apparently senile and never mounted the directory. | 20:38 |
| blizzow | Never mind. | 20:38 |
| sarnold | :) | 20:40 |
| drab | dpb1: yeah, problem is, it doesn't seem to have a daemon mode | 20:42 |
| drab | swatch does | 20:42 |
| drab | I'm not actually looking for something to report on my logs, rather I need to make automatic a couple tasks and it so happens I can find the trigger in a log | 20:42 |
| drab | in fact, just in case someone has a better idea... | 20:42 |
| drab | I need to run some stuff against devices as they come online on the network | 20:43 |
| drab | I don't hvae fancy switches and stuff like that, and I'm not too worried about static ip assignments | 20:43 |
| drab | one way I thought I could do this was by tailing the dhcp server log and run a script when an was issued | 20:44 |
| dnegreira | are those devices linux devices? | 20:54 |
| drab | dnegreira: many, not all | 20:55 |
| drab | but for now even just getting the linux ones, would be good | 20:55 |
| dnegreira | 4why not run a service discovery daemon? or a simple connect to whatever service with the server announcing itself ? | 20:56 |
| drab | I mean at some point they will generate traffic so I supposed I could do something on the gw with iptables, there's patches for userland stuff | 20:56 |
| drab | dnegreira: not sure I get it, I cannot touch the clients, at least not right now | 20:56 |
| drab | that's part of the reason I'm trying to do it somewhere on the network | 20:56 |
| drab | ie, dhcp or gw | 20:56 |
| drab | places I know those nodes will reach out to/go through so that I can find out about them | 20:57 |
| dnegreira | then monitoring the lease files of the dhcp server would be a good start I guess | 20:57 |
| drab | yeah, that's what I was planning on doing witch swatch | 20:57 |
| drab | dnsmasq supports running a script on lease, but it also runs it when you restart it for all leases in the lease file, and that's not what I want | 20:57 |
| drab | so monitoring the log seems the simplest compromise | 20:58 |
| dnegreira | but what do you want to 'know' or 'do' when a device comes online ? | 20:58 |
| drab | for one inventory them, ie run nmap with fingerprinting to find out what they are etc | 20:59 |
| drab | and in some cases run ansible on them (they are desktop boxes built a long time ago before automation), after the run the problem goes away as ansible will install the update itself to be initiated from the host | 21:00 |
| dnegreira | sounds nasty :) | 21:16 |
| dnegreira | dont you have a way to run an inventory on those desktop boxes, for example to figure out their mac address and run the ansible stuff? | 21:18 |
| dnegreira | instead of having to run a script, to fingerprint, to figure out what kind of action you need to do on that box | 21:18 |
| drab | dnegreira: eventually they will all be in an inventory, yes, this is a temp manuver to rein the chaos in | 21:29 |
| drab | agents is unlikely to ever happen, since several are personal computers and many mobile devices I can't put anything on | 21:30 |
| drab | but, once I have an initial database I plan on going directly to ppl, can't just do that yet | 21:30 |
| drab | btw lxc testlab on raid0 ssds with ansible and base snapshot is so damn sweet, it's a whole new chapter in being able to test things | 21:32 |
| dnegreira | lxc/lxd rocks | 21:32 |
| drab | one thing I need to figure out is how to automatically create containers and generate mac addresses and have dnsmasq reserve a range for automatic assignments | 21:34 |
| drab | right now I'm still defining containers in ansible and autogen'ing stuff for them, which is not as fast as just going to the host and running lxc start xyz and having a container with self-assigned mac, ip and name started | 21:35 |
| drab | maybe named after the shorthash from git or something | 21:35 |
| sdeziel | drab: in /etc/default/lxd-bridge, add LXD_CONFILE="/etc/default/lxd-bridge-static-ips" and put the static IPs in that file (i.e: dhcp-host=foo,1.2.3.4) | 21:36 |
| drab | sdeziel: I've ripped out most of the default stuff, including the local dnsmasq if that's what you were referring to | 21:37 |
| sdeziel | drab: yeah, that trick was indeed relying on the dnsmasq as provided by lxd-bridge | 21:37 |
| drab | because on average I don't want automagic, only magic I put in (appreciate that for ppl magical defaults are useful tho) | 21:37 |
| chron0 | drab yeah xenial | 21:37 |
| chron0 | but so far it looks like there are still issues with macsec | 21:38 |
| drab | chron0: so /etc/network/interfaces with up/down statement like in the example should work | 21:38 |
| chron0 | so I'm one step back again getting this to work | 21:38 |
| drab | chron0: I'd expect there to be, it's brand new | 21:38 |
| chron0 | it's 10y old | 21:38 |
| drab | uhm, somehow I thought support from kernel 4.6 | 21:39 |
| drab | but mayube I dreamt that up | 21:39 |
| chron0 | nah, you're right about that | 21:39 |
| chron0 | still 10y old | 21:39 |
| chron0 | and 4.6 id also kinda old | 21:39 |
| chron0 | config wise it seems to work out | 21:40 |
| chron0 | but no traffic is flowing through | 21:40 |
| drab | about a year old, not old enough for bugs to be ironed out, especially in stuff that's not exactly used in most setups | 21:40 |
| chron0 | only see the initial ARP broadcast | 21:40 |
| drab | anyway | 21:40 |
| chron0 | ye, macsec has only very little in the field experience it seems :/ | 21:41 |
| drab | btw anybody here uses icinga or something that | 21:42 |
| chron0 | i personally I have no system with kernel <4.12 running | 21:42 |
| drab | 's not nagios? | 21:42 |
| chron0 | but this is at work | 21:42 |
| chron0 | and I have to stick to ubuntu there | 21:42 |
| drab | or even nagios for what I care tbh, all I can't find and are looking for is a simple lava-lamp like dashboard | 21:42 |
| chron0 | try grafana instead | 21:43 |
| drab | well traffic light, green yellow or red, so that it's obvious if ppl shuold look at stuff or not | 21:43 |
| drab | chron0: I don't see how that helps me, the problem is parsing the failed hosts/services and changing a background of a webpage or something to put on a screen ala kiosk | 21:43 |
| drab | I'm not looking for a full dashboard | 21:43 |
| chron0 | i c | 21:43 |
| drab | basically even the tactical interface is unusable from a distance, too much text/info | 21:44 |
| drab | right now I have a script that fetches the failed hosts/services from the api and makes a web page bg red or white and accept filters so I can avoid reporting on non important tnodes | 21:44 |
| drab | but it's clunky and if stuff fails more substantially or subtly, quite unhelpful | 21:45 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!