| === ShaRose_ is now known as ShaRose | ||
| cpaelzer | good morning | 06:34 |
|---|---|---|
| lordievader | Good morning | 07:01 |
| jamespage | cpaelzer: good morning | 10:03 |
| jamespage | cpaelzer: need some help with https://bugs.launchpad.net/cloud-archive/+bug/1739585 | 10:03 |
| ubottu | Launchpad bug 1739585 in Ubuntu Cloud Archive "L2 guest failed to boot under nested KVM: entry failed, hardware error 0x0" [Undecided,New] | 10:03 |
| cpaelzer | hi jamespage | 10:03 |
| cpaelzer | let me read | 10:03 |
| jamespage | cpaelzer: ta | 10:03 |
| cpaelzer | jamespage: you know the nested story is "it works great most of the time until it doesn't" :-) | 10:04 |
| jamespage | cpaelzer: yup | 10:04 |
| cpaelzer | so this is one :-) | 10:04 |
| jamespage | cpaelzer: unfortunately we kinda rely on this for testing | 10:04 |
| jamespage | cpaelzer: I guess I could switch back to using userspace qemu | 10:04 |
| cpaelzer | sure I know the CI things behind this | 10:04 |
| cpaelzer | which isn't 100% reliable either | 10:05 |
| cpaelzer | jamespage: you could think next time you buy HW to buy AMD which is said to be slightly more stable at nested | 10:05 |
| cpaelzer | like 99.99 vs 99.9 % | 10:05 |
| jamespage | lol | 10:05 |
| cpaelzer | but none in the 5-9s or more | 10:05 |
| cpaelzer | jamespage: to confirm - this is Host "xenial (4.4) + queens stack" running zesty (or X-HWE) 4.10 KVM guests and in said KVM guests running 4.10 again | 10:08 |
| jamespage | cpaelzer: base cloud is 4.4 with ocata | 10:08 |
| cpaelzer | ok | 10:08 |
| jamespage | cpaelzer: test cloud is xenial (4.4 or 4.10) with queens stack | 10:08 |
| jamespage | from bionic basically | 10:08 |
| cpaelzer | yep | 10:08 |
| cpaelzer | ok | 10:08 |
| cpaelzer | thx | 10:08 |
| cpaelzer | jamespage: also I wonder about "specific hosts" in the bug - what makes them "specific" | 10:09 |
| cpaelzer | just a few of your systems but those always failing? | 10:09 |
| jamespage | cpaelzer: I think they are the newer hardware ones | 10:09 |
| jamespage | cpaelzer: yeah confirmed - flemming is ~12 months old, caipora is 6 years old | 10:14 |
| cpaelzer | jamespage: is flemming the failing one and is it >=Haswell thne? | 10:14 |
| jamespage | yes | 10:14 |
| jamespage | its a "Intel(R) Xeon(R) CPU E5-2650 v4" | 10:15 |
| cpaelzer | jamespage: IIRC openstack will make model a host-passthrough or host-model right? | 10:20 |
| cpaelzer | jamespage: I dumped some background, comparison data from my system and a few requests to the bug | 10:36 |
| jamespage | cpaelzer: ta | 10:36 |
| cpaelzer | jamespage: I hope based on this we can spot a difference that is a tunable you might be able to change | 10:36 |
| cpaelzer | but no guarantees | 10:36 |
| cpaelzer | this is just setting up the scanners based on how this issue showed up a few years ago | 10:37 |
| jamespage | cpaelzer: http://paste.ubuntu.com/26226375/ thats in the vm | 10:41 |
| jamespage | http://paste.ubuntu.com/26226377/ is the host | 10:41 |
| jamespage | so infact its a broadwell, not a haswell | 10:41 |
| jamespage | so I think that's host-model rather than host-passthrough | 10:42 |
| cpaelzer | jamespage: (me reading) | 11:07 |
| jamespage | cpaelzer: attached stuff | 11:07 |
| cpaelzer | thx | 11:07 |
| jamespage | cpaelzer: the last two are odd - one is from an OK host the other from a failing one | 11:07 |
| jamespage | the OK host as an AMD cpu definition | 11:08 |
| jamespage | but its not AMD? | 11:08 |
| cpaelzer | G4 AMD ? | 11:08 |
| cpaelzer | wut | 11:08 |
| jamespage | yeah | 11:09 |
| jamespage | that's what I said | 11:09 |
| cpaelzer | jamespage: I'm picke dup for lunch, back later | 11:10 |
| cpaelzer | jamespage: how much can you tune the cpu definitions? | 11:10 |
| cpaelzer | for testing would you be fine dropping all these host-* things? | 11:11 |
| cpaelzer | a "normal" defautl cpu might do | 11:11 |
| cpaelzer | back later | 11:11 |
| jamespage | cpaelzer: ack - tbh this is not a priority right now - need to figure it out but its nearly christmas :-) | 11:15 |
| jamespage | cpaelzer: tbh I'm a bit baffled - libvirt and qemu are identitical to pike, where I've not seen this issue | 11:17 |
| jamespage | I guess its possible non of my hypervisors landed on a newer hardware machine | 11:17 |
| jamespage | coreycb: good and bad news | 11:19 |
| jamespage | good news is I have a oct profile that will configure a queens v3 cloud and tempest configuration | 11:20 |
| jamespage | bad news - https://bugs.launchpad.net/cloud-archive/+bug/1739585 | 11:20 |
| ubottu | Launchpad bug 1739585 in Ubuntu Cloud Archive "L2 guest failed to boot under nested KVM: entry failed, hardware error 0x0" [Undecided,Incomplete] | 11:20 |
| jamespage | I found a bug! | 11:20 |
| jamespage | \o/ | 11:20 |
| === nitemare is now known as t_robotham | ||
| cpaelzer | hmm | 12:05 |
| cpaelzer | back with you and reading jamespage | 12:05 |
| cpaelzer | jamespage: I can't reproduce, maybe all my chips are just too old | 12:20 |
| cpaelzer | jamespage: I tried to add all the custom cpu magic, but that isn't (as expected) compatible with the cpus I have | 12:20 |
| cpaelzer | and with a smaller set it doesn't trigger | 12:20 |
| cpaelzer | jamespage: I updated the bug but wanted to ask how much you have control over what cpu definition openstack adds in these cases? | 12:21 |
| === Dmitrii-Sh is now known as Dmitrii-Sh-PTO | ||
| jamespage | cpaelzer: I can tweak what the L2 hypervisors do, but not really the L1's | 13:44 |
| cpaelzer | hmm | 13:45 |
| cpaelzer | for now that is the best I could recommend to try | 13:45 |
| cpaelzer | too bad you can't normalize L1's | 13:45 |
| cpaelzer | as there will be the HW dependent part | 13:46 |
| cpaelzer | likely L2 only carries things forward | 13:46 |
| cpaelzer | but it looks broken enough that even only tweaking L2 might help | 13:46 |
| jamespage | cpaelzer: actually I'm not sure this is not a longstanding issue | 15:12 |
| jamespage | cpaelzer: I just think I tripped ont he same problem with a xenial/pike test | 15:12 |
| jamespage | yes indded i have | 15:13 |
| cpaelzer | ok | 15:14 |
| cpaelzer | so less of a regression than we thougth | 15:14 |
| cpaelzer | but still an issue that stalls/stops your tests | 15:14 |
| cpaelzer | any luck with trying to convince openstack not to try to define the custom cpu? | 15:14 |
| ToAruShiroiNeko | I am trying to follow https://www.ostechnix.com/install-and-configure-dns-server-ubuntu-16-04-lts/ | 17:07 |
| ToAruShiroiNeko | I am a bit confused | 17:08 |
| Ussat | My first question would be, why do you want to run a DNS server ? | 17:11 |
| ToAruShiroiNeko | My hostname provider does not provide dns as well | 17:19 |
| ToAruShiroiNeko | It was quite shocking so I am trying to learn how to do this thing. | 17:19 |
| ToAruShiroiNeko | basically all the DNS server will do is to resolve two websites and its relevant subdomains | 17:20 |
| rbasak | That tutorial doesn't really do what you want. | 17:24 |
| rbasak | All the right pieces are there, but you need to understand which bits you want. It might be easier to find a more suited tutorial. | 17:25 |
| ToAruShiroiNeko | yes, it seems to be creating a local dns server | 17:25 |
| rbasak | Yeah. For a LAN, with reverse DNS, and with the local machine configured to use its own service. | 17:26 |
| rbasak | None of those things are relevant for an Internet DNS server to host a properly delegated name. | 17:26 |
| rbasak | It's usually an error to point anything directly to a master DNS server, too. | 17:26 |
| ToAruShiroiNeko | right so do you have a tutorial or keyword in mind for me? | 17:27 |
| ToAruShiroiNeko | I am uncertain what I should seek :/ | 17:27 |
| metastable | It may be more helpful to find a DNS hosting service than to try to roll your own, as a misconfigured public-facing DNS server can be exploited to leverage attacks on others. | 17:29 |
| rbasak | Depnds on the goal. | 17:31 |
| rbasak | As a learning experience, it's fine :) | 17:31 |
| rbasak | A misconfigured anything on the the Internet can be exploited. | 17:32 |
| metastable | A misconfigured DNS server especially so. Saying that it's as bad as anything else is a false equivalence. | 17:32 |
| rbasak | Installing bind in Ubuntu should be safe on its default. | 17:33 |
| rbasak | And so should simply adding a zone. | 17:33 |
| rbasak | Which I believe is all that is needed here. | 17:33 |
| rbasak | If it is not safe by default, please file a security bug, and I'll be happy to look at it urgently. | 17:34 |
| rbasak | Following unsafe third party instructions (such as enabling forwarding) is not safe. | 17:35 |
| sdeziel | ToAruShiroiNeko: part 2 of the tutorial you referenced touches on how to setup a master server, that's probably a good starting point | 17:35 |
| rbasak | But then that's sort of a tautology. | 17:35 |
| rbasak | sdeziel, ToAruShiroiNeko: it does, but it also conflates that with adding a reverse zone and pointing the server to its own master DNS server. The first is not necessary, and the second would be a misconfiguration in this case. | 17:36 |
| Ussat | Running a public facing DNS server correctly is not trivial, I would find a hosting service that will do it | 17:38 |
| sdeziel | rbasak: ToAruShiroiNeko: yeah, I don't know why they are putting it as dns-nameservers in /etc/network/interfaces. It wouldn't work if only part 2 is followed | 17:39 |
| Ussat | I would seriousely consider finding a service to do this | 17:39 |
| Ussat | a mis-confgured public facing dns server is a huger target | 17:39 |
| Ussat | huge | 17:39 |
| ToAruShiroiNeko | Are there free providers for this where I can simply register a domain? | 17:41 |
| ToAruShiroiNeko | in the past I have only used godaddy | 17:41 |
| Ussat | I dont know about free, but most are inexpensive | 17:41 |
| metastable | CloudFlare will host your DNS for free. You just need to change the nameservers at the domain's current registrar. | 17:41 |
| Ussat | there ya go | 17:41 |
| ToAruShiroiNeko | I can do that, sure | 17:41 |
| metastable | DNS updates are also VERY, VERY quick. Seconds, in most cases. | 17:42 |
| ToAruShiroiNeko | yes but my goal was to run this for two domains only and forward everything else to a known one, if I can out source this for free, I will love to do that | 17:42 |
| metastable | CloudFlare will do what you want. | 17:43 |
| ToAruShiroiNeko | yup, creating and account etc | 17:43 |
| metastable | Note that CloudFlare does a lot more than just DNS, but I don't use any of those features. | 17:45 |
| === _ruben_ is now known as _ruben | ||
| === Neo3 is now known as Neo1 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!