/srv/irclogs.ubuntu.com/2018/11/21/#ubuntu-server.txt

Greyztarive removed ufw only using iptables interface00:00
mwhudsontomreyn: thanks for all the subiquity bug reports btw01:19
mwhudsontomreyn: have you seen this? https://www.systutorials.com/docs/linux/man/8-lvm/#lbAG (rules for valid VG and LV names)01:20
tomreynmwhudson: welcome :) and no, i had not. but i'm not surprised there are restrictions.01:21
tomreyni mean ... on lvm's end.01:22
TheHonorableKittjust ran a restore on my box, apparently all the fixes I did didn't work, ufw still blocked everything01:26
TheHonorableKittrestore done, all good now01:26
mwhudsontomreyn: i'm not surprised there are restrictions, i'm a bit surprised they are so fiddly01:28
mwhudsontomreyn: the only restriction on md appears to be "non-empty" and "does not contain /"01:28
mwhudsonalthough whether the kernel will actually allow "md/my shiny drive's raid" i'm about to find out...01:29
tomreynhehe, good luck01:31
tomreynthose lvm restrictions are a fiddly, yes. but i guess if you just limit it to ^[a-zA-Z0-9][a-zA-Z0-9+_.-]*$ this will cover pretty much every use case.01:34
TheHonorableKittanyone have a good answer as to how I can just create a new eth, like eth1, eth2? I'm using linode, which uses netplan01:35
sarnoldTheHonorableKitt: that's not the path you want to take01:37
mwhudsonyeah01:38
TheHonorableKittwhat path exactly should I take then?01:38
TheHonorableKittany and all tutorials for putting snort in inline IPS mode is that you have to have more than one eth, but when I took your advice for the other option, it shut down my entire machine's network and resulted in requiring a backup restore to fix01:39
sarnoldfeeding snort or suricata with nfq01:39
TheHonorableKittyeah, I did that, it broke everyhting01:39
sarnoldthe "inline" option that you found in the first guide was about protecting an entire network01:39
sarnoldsadly the nfq docs also assumed the same thing, because almost no one uses snort or suricata on single hosts01:40
TheHonorableKittunfortunately I can't afford a second VPS to do it without a single host01:41
openfireTheHonorableKitt: Linode does not use netplan. Ubuntu uses netplan. Netplan can be disabled easily. So what are you trying to do?01:45
TheHonorableKittI'm trying to get snort in inline IPS mode01:45
openfireOn a Linode?01:46
TheHonorableKittyes01:46
mwhudsoni probably shouldn't use ctypes to call functions from liblvm2cmd.so.2.02 should i01:47
sarnoldmwhudson: depends.. doing it from C would probably be easier and more reliable in the long run but probably harder project to start :/01:47
openfireTheHonorableKitt: And what else is this Linode doing?01:47
mwhudsonwell i could write a python extension to do it too01:48
mwhudsonbut this is being silly01:48
mwhudsonbetter to just copy the validation into subiquity, as tedious as that will be01:48
TheHonorableKittlinode is hosting five websites, sip server, and znc bouncer01:48
sarnoldI think I'd rather see ctypes than python extension :)01:48
mwhudsonsarnold: how do you think subiquity talks to netlink...01:49
openfireTheHonorableKitt: Then you're using the wrong tool for the wrong job.01:49
TheHonorableKittplease be more elaborate01:49
sarnoldmwhudson: I'm almost afraid to find out :)01:49
mwhudsonsarnold: i wrote a c extension binding to libnl3-route ...01:49
sarnoldmwhudson: my condolances01:49
sarnoldmwhudson: netlink is just ... sadness01:49
openfireTheHonorableKitt: snort is a NETWORK IPS. You want something to protect a single host. snort does not do that.01:50
mwhudsonsarnold: i don't know, it beats sysfs i think01:50
mwhudsonsarnold: stracing lsblk, now THAT is sadness01:50
sarnoldmwhudson: ouch -- you've clearly seen some dark things :)01:50
TheHonorableKittis there something else that would do what I need to do then?01:50
openfireTheHonorableKitt: What is your experience with IDS/IPS systems in general?01:51
TheHonorableKittbasic, but I know what they are01:52
TheHonorableKittsecurity + certified <----01:52
openfireSo is my cat.01:52
openfireIn other words, zero practical experience.01:52
TheHonorableKittyour cat's fucking awesome01:52
openfireShort version: You DO NOT want to try to deploy HIDS/HIPS on something you care about without spending quite a bit of time figuring out how they work on a test system, first.01:53
openfireIf you do... You're gonna have a bad time.01:53
openfireEither because you flood yourself with (not kidding) millions of alerts, or you shut down your everything.01:53
sarnoldthis was also why sdeziel suggested rolling it out for tjust tcp/80 first and adding protocols as you gained confidence01:54
sarnoldcourse I suggested to go whole-hog on it because it's a VPS that you can wipe and restore in a few minutes, so an ideal platform for learning ;)01:54
TheHonorableKittI already run snort as an IDS on this machine, and I don't get flooded with alerts.01:55
openfireTheHonorableKitt: How much tuning did you do?01:55
TheHonorableKitta good bit01:56
openfireHow long is your SID suppression list?01:56
mwhudsonhaha now i have /dev/md/this01:56
sarnoldrofl01:57
TheHonorableKittanyway, I'm not on here to have someone chew me out because, again, they dislike how I'm trying to run my systen.01:57
TheHonorableKittsystem*01:57
mwhudsoni wonder if this is curtin failing to quote something somewhere01:57
mwhudsonor mdadm being terrible01:57
mwhudsonthe /sensible/ fix is presumably to not let people put spaces in the bod01:57
mwhudson*box01:57
sarnold[a-zA-Z0-9]01:58
sarnold(sorry kylin)01:58
openfireTheHonorableKitt: You know, with a slight perspective adjustment, you could learn to appreciate the advice being given to you by people with many years of experience, saving you from learning things the hard and aggravating way.01:58
openfireTheHonorableKitt: Snort is the wrong tool for the job. You could look into something like samhain, ossec, aide, or tripwire, and learn how much you still have to learn. Cheers.01:59
mwhudsonhah yes it's mdadm02:13
sarnoldo_O02:13
mwhudsontbf to lvm's man page, clearly mdadm should be validating much harder02:13
mwhudsone.g. a name of .. probably isn't going to work either02:14
mwhudsonmdadm: array /dev/md/.. started02:15
mwhudsonORLY?02:15
sarnoldI wonder what happens if you 'cd /dev/md ; cd ..' on that..02:15
tomreynor try starting the /dev/md/../../etc/passwd array02:16
sarnoldENOTDIR?02:16
mwhudsonthe think in /dev/md/ is just a symlink02:16
mwhudsontomreyn: it does forbit / at least02:16
tomreynaaaw02:16
* mwhudson blinks02:17
mwhudsonmdadm: device /dev/md/../../etc exists but is not an md array02:17
mwhudsonwhy didn't it say that for /dev/md/.. then?02:17
tomreynmaybe it doesn't like that /dev has 0 blocks allocated02:22
mwhudsonoh probably /dev/md didn't exist at all at that point02:25
tomreynthank you for actually working on fixing these bugs i report, mwhudson, that's great. :)02:26
* tomreyn zzz02:26
mwhudsontomreyn: sorry for the radio silence, it's partly me waiting until i had the time to respond sensibly...02:26
tomreynno bad feelings, i'm glad it's moving! :)02:27
TheHonorableKittlol I was wondering why I saw that guy, I ignored the douche openfire ages ago. strange.02:41
TheHonorableKittwhen I run "ip addr del X.X.X.X dev eth0" and then "ip addr add X.X.X.X dev eth0:0" and then I re-check with "ip addr", it still shows as under eth0, and not eth0:0, am I doing something wrong here?02:56
sarnoldthe eth0:0 "aliases" interface was deprecated about twenty years ago in favour of just adding multiple IPs to the interface directly02:58
TheHonorableKittoh hmmm02:59
TheHonorableKittok, that's fine then, that's how it is now02:59
TheHonorableKittI'm just confused on how I can get snort to utilize them because it specifically does eth0:eth1 for it's binding/bridging feature02:59
TheHonorableKittI'll speak to #snort about that02:59
openfireStill chasing snort for this, huh?03:00
sarnoldI'd strongly rcommend asking them for help on how to solve your problem rather than starting with the "inline IPS" discussion03:00
sarnoldmaybe they'd be quicker to catch on than we were that you were following the wrong guide for what you were trying to solve :) but still, no need to start off on the wrong foot03:01
TheHonorableKittyep, thanks much for your help sarnold :) <303:01
sarnoldhave fun, good luck :)03:02
masbergood afternoon all, I have an Ubuntu 16.04.5 LTS server I would like to enable hyperthreading03:24
masberI already setup the BIOS but I can't see the extra cores03:24
masberthis is the cpu model --> Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz03:24
masberany advice?03:24
sarnoldhttps://ark.intel.com/products/91754/Intel-Xeon-Processor-E5-2680-v4-35M-Cache-2-40-GHz-03:26
sarnoldit sure looks like it should HT..03:26
masbersarnold, yes I can see the ht flag in the /proc/cpuinfo03:30
masberhowever lscpu says --> Thread(s) per core:    103:30
masberdo I need to reinstall the OS after enabling ht in the BIOS?03:32
sarnoldmasber: how about grep "core id" /proc/cpuinfo03:32
masbersarnold, no luck it only shows the physical cores for the 2 sockets http://dpaste.com/1H3WADP03:33
sarnoldawwwwww03:33
sarnoldmasber: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/Documentation/admin-guide/kernel-parameters.txt#n204103:34
sarnoldmasber: what's your /proc/cmdline look like?03:34
masberhttp://dpaste.com/2SHSTHA03:35
sarnoldmaxcpus=2803:35
sarnoldtry removing that03:35
masberdamn03:36
masbersarnold, thank you it is now working :)03:48
masberso I understand that grub/kernel flag was limiting the number of cpus but, why Thread(s) per core:    1 if ht was enabled?03:49
sarnoldmasber: excellent! :D03:50
sarnoldmasber: good question. :/03:50
sarnoldI'm not actually sure what would be ideal to report.. or what options the different tools even have03:51
sarnoldbecause it was accurately reporting the state of the system, as it was booted03:51
sarnoldif it were reporting the silicon abilities it might have taken a while longer to figure out that htop should have completely filled your terminal :)03:52
sarnoldanyway, time to run, have fun masber :) that looks like a machine for serious fun :) hehe03:52
lordievaderGood morning07:34
ahasenackgood morning11:20
lordievaderHey ahasenack How are you doing?11:21
ahasenackrbasak: hi, good morning, may I suggest this bug for your sru day? :) https://bugs.launchpad.net/ubuntu/+source/postfix/+bug/179113911:27
ubottuLaunchpad bug 1791139 in postfix (Ubuntu Bionic) "postfix-mysql package upgrade results in server configuration error" [Undecided,Fix committed]11:27
ahasenackhello lordievader, I'm doing well, and you?11:27
ahasenackhttps://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1782806 has also been in a verified state for almost a month now11:28
ubottuLaunchpad bug 1782806 in apache2 (Ubuntu Bionic) "Typo in apache2-maintscript-helper causes MPM check to misfire" [Undecided,Fix committed]11:28
ahasenackand https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1786508 too (!)11:29
ubottuLaunchpad bug 1786508 in exim4 (Ubuntu Bionic) "Use of uninitialized value $ARGV[0] in string eq at /usr/sbin/eximstats line 563" [Low,Fix committed]11:29
lordievaderahasenack: doing good here11:37
ahasenacklordievader: where are you from?11:38
lordievaderHolland. What about you?11:38
ahasenackBrazil11:39
ahasenackit's 9h40 here now11:40
TheHonorableKitto/13:07
ahasenackgotta love such tests: https://pastebin.ubuntu.com/p/zSbj93HqWy/13:54
sdezielahasenack: the " " looks different13:59
ahasenackI don't think so, I zoomed in14:00
sdezielahasenack: I used "od -c"14:00
sdezielthe first line has a regular space while the second one has "342 200"14:01
sdezielas the space char between 1 and 214:01
sdezielputting each line in a separate file after dropping the -/+:14:02
sdeziel$ cmp 1 214:02
sdeziel1 2 differ: byte 3, line 114:02
bipulSo there is no solution for Install Ubuntu via preseed in Virtualbox?14:31
bipulThis is my preseed configuration https://paste.ubuntu.com/p/Xbj8fyRv3G/ , I'm not sure what will be the configuration inside /isolinux/tx.cfg and /boot/grub/grub.cfg ? To automate the Installation.14:34
bipulCould anyone help me out. I'm trying to install Ubuntu server 18.04.14:35
lordcirthbipul, what happens when you try it?15:13
bipulSeems like preseed file is unable to read by initrd15:21
bipuls/initrd/debian-installer15:22
lordcirthbipul, can you provide the exact error message?  Or does it just continue as if you had not provided a preseed?15:22
bipullordcirth, Just give me 15 Minutes, I'm trying once more time.15:23
lordcirthno hurry15:23
geniiYou can switch to console 4 to see the stderror15:23
bipulI'm installing it inside VirtualBox, How could i open console 4 ?15:24
bipulI'm editing the iso file. And i need to ask one thing more, that it required only to edit isolinux/txt.cfg? or boot/grub/grub.cfg ?15:24
bipulBoth?15:25
geniiNormally it would be alt-f415:25
bipulAlter F4 is used to cross the application15:26
geniiI was debugging preseed files like this before, switching from console 1 where it was doing regular stuff to the console 4 to see output of what it was doing or looking for15:26
bipulgenii, Have you install Ubuntu server 18.04 via preseed?15:27
geniiNot 18.04, but all the other LTS versions from 10.04 to 16.0415:28
ahasenackbipul: did you use the live server installer, or the old installer?15:29
ahasenackthe so called live one doesn't have preseed support I think15:29
geniiI was using tftp15:30
bipulI'm using Live-server i.e ubuntu-18.04.1-live-server-amd64.iso15:30
geniinetboot/tftp15:30
bipulWhere i can download netboot?15:30
bipulAnd are you sure?15:31
geniiindex of netboot images http://cdimage.ubuntu.com/netboot/18.04.1/15:33
geniiAt that time I was using full-blown isc dhcp server, etc, but now it's easier to do by dnsmasq for the server15:36
bipulgenii, Which one to download?15:39
bipulmini.iso?15:39
geniiThe important stuff there is the pxelinux and filesystem netboot.tar.gz, you can use any iso file but they do provide the mini.iso as well15:41
geniiIf you already have an iso just use that15:42
geniiwork, afk 5-10 minutes15:42
bipuljust a minute15:42
bipulmd5sum, it required to updated? when we create preseed file?15:42
TheHonorableKitthey guys, back again today. It appears my linode Ubuntu 18.04LTS server is utilizing 'netplan'. I'm unsure if it supports the creation of 'dummy network interfaces' or otherwise known as 'virtual network interfaces' or not, but can someone help me figure out how to do this properly?15:48
sdezielTheHonorableKitt: is this still for the IDS/IPS scenario?15:49
TheHonorableKittyeppers :)15:49
TheHonorableKitti'm just trying to take one step at a time15:49
ahasenackTheHonorableKitt: https://netplan.io/examples has some examples, and there is also a #netplan channel on freenode15:49
TheHonorableKittI need to get more interfaces before I can do anything15:49
ahasenack(generic examples, not exactly about your case, but they might help)15:49
TheHonorableKittohhhhh nice, I'll speak to them :)15:49
sdezielTheHonorableKitt: I don't understand how dummy NICs will help you get there but good luck anyways15:50
TheHonorableKittwell, according to all of the tuts I've seen, it absolutely requires two or more ethernet interfaces, virtual or 'non-virtual' will work. In fact, one even states to give it no ip address. But I'm unsure how my system will respond, so I'd prefer to get answers before screwing around with things. It takes almost 45 minutes to do a full restore on my15:52
TheHonorableKitt system, which I'm not afraid of, but it's annoying15:52
sdezielTheHonorableKitt: creating dummy devices is trivial: ip link add dummy0 type dummy15:54
sdezielTheHonorableKitt: ^ if you want to experiment quickly without making things permanent with netplan/other15:55
sdezielbut then again, I fail to see how dummy devices will help you15:55
TheHonorableKittlet me give that a test :)15:55
sdeziela dummy device gets no traffic so it will be pointless to direct snort to it15:55
TheHonorableKitthmm15:56
TheHonorableKittI think virtual network interfaces still work though, but then again, someone said that this function was depreciated a long time ago. i.e. eth0:0, eth0:1, eth0:2, etc.15:57
sdezielthose are IFACE labels15:58
sdezieland yes, they are deprecated15:59
sdezielthose are not dummy devices15:59
TheHonorableKittI see16:00
TheHonorableKittgeeze, in the past two days I've opened four tickets with linode to try and get this resolved. It seems neither I or they fully understood what needed to happen. But hey, I was able to swing getting two additional IP addresses for my linode :D16:01
sdezielTheHonorableKitt: for those additional IPs, you definitely don't need those deprecated IFACE labels, netplan supports adding multiple IPs to a single NIC16:03
TheHonorableKittyes, that's already set, but snort relies on network interfaces, not ip's16:03
sdezielI'm pretty sure that those label interfaces are in fact the same NIC so pointless16:04
sdezieltry tcpdump on one of those, I'm pretty sure you'll see the traffic for the base/original NIC16:04
bipullordcirth, It says Boot loader /casper/initrd.1z: file not foun16:05
TheHonorableKittoh oh, wait...I think I figured it out, don't know why I never tried this16:06
TheHonorableKittifconfig eth0:0 x.x.x.x16:06
bipulMay be i have misconfigured.16:06
lordcirthbipul, /casper/initrd.lz is for the desktop iso.  For the server iso you need /install/initrd.gz16:07
sdezielTheHonorableKitt: ifconfig is also deprecated, replaced by ip16:09
TheHonorableKittseems to have worked though16:09
sdezielTheHonorableKitt: it still works for simple stuff but not everything, just a heads up16:11
bipullordcirth, Yes, i changed but Still i  need to interact with installation process.  It's seems like preseed configuration is not working.16:12
* bipul Think to move on debian16:12
cyphermoxTheHonorableKitt: that's why I was asking about network config16:17
cyphermoxnetplan does not and won't support labels (what eth0:0 is) unless there's a very good reason to do it16:17
cyphermoxthat weird setup for snort is iffy16:17
cyphermox(not your fault, just an odd requirement from it)16:17
TheHonorableKittyeah, I've been running in circles, trying this and that to get this to work, it's been a total PITA16:18
cyphermoxhence, one option to do this in netplan is to have eth0 and vlan1 (on eth0), which both will be the same network interface on the same network (unless network config says otherwise); and then Snort should be happy to bridge eth0 and vlan116:18
TheHonorableKittI hadn't thought about vlans, but that makes sense16:19
cyphermoxit's a little hackish, but that does work in some scenarios. I haven't tried it with Snort16:19
TheHonorableKittI'm assuming I can make vlans the same way? ifconfig vlan1 x.x.x.x?16:19
sdezielinstead of a full fledged vlan, a dummy dev would be more appropriate IMHO16:19
cyphermoxno16:19
cyphermoxsdeziel: not if you want to bridge the traffic across the same interface.16:20
cyphermoxand it doesn't help if you can't create a dummy from netplan either ;)16:20
TheHonorableKittwas that no to me or sdeziel?16:20
cyphermoxto you16:20
sdezielcyphermox: the desired goal is have snort do the bridging (in user space)16:21
cyphermoxif you want to use netplan, write the vlan in the netplan yaml16:21
sdezielthat goal is wrong IMHO though ;)16:21
cyphermoxsdeziel: I agree, but bridging from eth0 to dummy0 won't achieve anything but blackholing the traffic?16:21
cyphermoxsdeziel: it's a requirement from that setup16:21
sdezielcyphermox: well, if dummy0 has the destination IP, it could work16:21
cyphermoxSnort wants to take traffic from one interface and throw it out the other after sniffing at it for a bit and wagging its tail16:22
sdezielyup16:22
TheHonorableKittok, let me take a look at this netplan config then, see if I can figure out how to create a vlan16:22
cyphermoxI'm not familiar enough with the dummy driver to say it would work16:22
sdezielso it could work with a dummy dev where snort filtered out the undesired stuff, I think16:22
cyphermoxTheHonorableKitt: if you want a config that will persist ;)16:23
TheHonorableKitthm?16:23
sdezielbut this whole bridging idea is wrong to begin with16:23
TheHonorableKittsnort bridges on its own, I don't16:23
cyphermoxTheHonorableKitt: otherwise you can use 'ip link add link eth0 name eth0.1 type vlan id 1'16:23
cyphermox(to test that it works with a vlan before going further)16:24
TheHonorableKittlet me run that16:24
sdezielTheHonorableKitt: snort doing bridging is when you want snort to inspect traffic for _other_ machines, not self16:24
sdezielbut I'll stop repeating this16:24
cyphermoxI'm going to get back to my autopkg tests now, just ping me if there's a netplan question, I don't always look at this channel16:25
TheHonorableKittthanks cyphermox16:25
TheHonorableKittsdeziel I know, but I can't believe that snort isn't capable of inspecting traffic on its own system. I already have snort in IDS running on this same machine, it already sees traffic and alerts me when things happen, but it's not in IPS mode so it can't do anything with the traffic. So I don't see why IPS won't work, if IDS is16:31
sdezielTheHonorableKitt: snort is capable of operating in IPS mode on a host but bridging isn't how you do it. NFQUEUE is the way to go16:32
TheHonorableKittRight, I understand that. I don't know why, but running it that way shut down my entire network. I was forced to run a restore just to get it back up again.16:33
sdezielTheHonorableKitt: have you been to #snort (if there is such channel) to expose your scenario?16:33
TheHonorableKittI have been, but snort is generally really quiet, only about 50 people in there16:33
sdezielTheHonorableKitt: with NFQUEUE, you divert packets to snort itself so yeah, you need to be careful what you send it cause you risk cutting your own access16:33
TheHonorableKittyeah, it just killed everything. nothing at all worked. The problem was that I was unable to remove it after I set it, even with LISH access on Linode16:36
sdezielthe devil is in the details. How are you managing your ip{,6}tables rules?16:37
TheHonorableKittI use iptables-save and iptables-restore, but the restore didn't fix things, so I had to run a restore16:37
sdezielTheHonorableKitt: I highly recommend iptables-persistent16:38
TheHonorableKittI think that's part of iptables-save and iptables-restore16:38
sdezielalso, you should be working from LISH and iptables-restore from a temp/experimental file when you do something risky16:39
sdezieliptables-persistent is a package that takes care of loading your rulesets on boot16:39
sdezielamong other things16:39
TheHonorableKittright16:40
sdezielanyway, so the idea is to use a temp file to avoid introducing bogus rules in your main rulesets16:40
sdezielthis way, you preserve your known good set for an eventual restore if you screwed up16:40
TheHonorableKittyep, lesson learned XD  lol16:40
sdezielthe alternative would be to insert rules live with "iptables -I" directly16:41
sdezielbut I find it easier to simply edit a file and feed it to iptables-restore16:41
TheHonorableKittagreed. lol I just couldn't find the rule to remove when I set the NFQEUE setting16:41
sdezielTheHonorableKitt: gotta run for now but I'll be happy to walk you through it later, as long as you know how to tell snort to feed from a NFQUEUE as I only did this on suricata16:42
TheHonorableKitthope it works, but we might need an alternative way of communication16:43
TheHonorableKittif I set NFQUEUE it'll undoubedly kill znc16:43
TheHonorableKitthonestly I do have a pfsense box at my home that protects my entire network. I'm just not confident enough to host public websites at home on my home server (which is undoubtedly much better than the linode one I'm paying for), and I know pfsense has snort IPS.16:51
TheHonorableKittit's just that it blocks freaking everything16:51
lotuspsychjeexplain at wich time this occurs stormbard17:22
lotuspsychjethe more info we have, the better volunteers can help17:23
stormbardI'm seeing messages that are displayed right before the grub boot menu. All I can catch before they go away are something about compression and error. I'm using a zfs root pool and installed 18.04. I'm trying to figure out how I might see these messages for longer than the flash so I can debug further.17:25
XenophonFstormbard: did you install ZFS per https://github.com/zfsonlinux/zfs/wiki/Ubuntu-18.04-Root-on-ZFS?17:26
XenophonFor did you use a different install procedure?17:26
stormbardI used that guide17:27
XenophonFare you able to re-mount the pool from the live CD per the rescue instructions in that guide?17:28
XenophonFthere's also this troubleshooting guide, https://help.ubuntu.com/community/Grub2/Troubleshooting17:31
stormbardHaven't tried, but I'll give it a try. The system does boot fine. It's just that I see these messages before grub loads17:32
stormbardXenophonF: I'm able to follow the rescue steps in the guide without issue17:49
stormbardforgot I had IPMI and SoL capabilities. The message I'm seeing is "error: compression algorithm inherit not supported". I'm googling for answers now but if anyone has insight I'm posting here as well18:00
ahasenackis that zfs?18:02
stormbardyup it is a zfs rpool18:02
ahasenackI've seen grub complaining a lot about some zpool features it doesn't understand18:02
ahasenackbut it would still boot18:02
ahasenackif it's not booting, the real issue might be something else18:03
ahasenackI also remember I had a machine where I couldn't get it to boot using mbr with the bios partition, it only worked with uefi18:04
TJ-  if (comp != ZIO_COMPRESS_OFF && decomp_table[comp].decomp_func == NULL)18:10
TJ-    return grub_error (GRUB_ERR_NOT_IMPLEMENTED_YET,18:10
TJ-               "compression algorithm %s not supported\n", decomp_table[comp].name);18:10
TJ-stormbard: ^^^^ "inherit" method is not supported in grub. "  {"inherit", NULL},        /* ZIO_COMPRESS_INHERIT */ "18:11
trippehGnome thinks my 56Gbps network interface is in fact Bluetooth18:15
trippehthats some mighty spiffy Bluetooth18:16
lordcirthlol18:16
lordcirthNice NIC18:16
stormbardTJ-: Thanks, what is that compression mode? when I create the pool I set it up as lz418:17
TJ-stormbard: from reading the ZFS source it seems that means the compression is inherited from the 'parent' - not sure what precisely the parent is though18:23
stormbardAh, I didn't think about checking there. I can make a guess as to what is happening based on what I know about ZFS and how I set it up. The compression can be set on each dataset separately. I set it on the very root dataset and at the pool level and never changed it again. If you don't explicitly set the value on a child item it inherits it from the parent.18:26
TJ-stormbard: that sounds like it18:27
stormbardEverything boots fine and that pool status is healthy so it is likely just a message I can ignore for now. I was just erring on the side of caution until I could figure out more. Thanks all for the help18:28
ahasenackstormbard: that has been my experience. The warnings are there, but it ends up booting just fine18:33
sdezielstormbard: dunno if that's related but grub warns when it cannot write to disk (to save the default boot entry) but otherwise works fine18:36
TJ-It depends on what the device is that contains GRUB's file-system. Things like RAID devices it can only read18:44
sdezielTheHonorableKitt: I'm back19:00
TheHonorableKitthey buuuuuuddy19:00
sdezielTheHonorableKitt: it might be best to move to a priv conversation to avoid spamming everyone in here ;)19:01
TheHonorableKitthehe that works :)19:02
awkwardusernamehelp, what to check when you can DNS resolve things but can't connect to 80/443 - acls do not block any port outbound (ufw off)19:50
sarnoldare you on AWS or similar cloud hosts?19:51
sdezielawkwardusername: do you manage the target of your connection (where you are trying to connect on TCP/80 or TCP/443) ?19:51
awkwardusernamesdeziel, any domain, regardless - won't connect to both. have tried pings to domain, it resolves to ip.19:52
sdezielawkwardusername: what do you get from "nc -zv sdeziel.info 443" ?19:52
awkwardusernamecurl says Immediate connect fail for 2404:6800:4004:808::2004: Network is unreachable for google.com19:52
sdezielhmm19:53
sarnolddoes ipv6 work on your host?19:53
awkwardusernameno - i haven't enabled them. also additional info, vm is behind a NAT (it's actually an EC2 instance) with a network card that has a private and public IP19:55
awkwardusernameroute tables are also properly configured (i haven't actually changed them)19:55
sarnolddo your security groups allow ingress/egress to the IPs in question?19:55
openfireawkwardusername: So, it's obviously trying to reach somewhere via IPv6, which will happen if you have a global-scope v6 address and a v6 default route.19:57
awkwardusernamesarnold, yes - ACLs allow for outbound all traffic for all ips. for inbound , ssh, http/s, and all UDP19:57
awkwardusernameopenfire, how can I check that19:57
openfireawkwardusername: Your error tells you that much.19:57
sarnoldip route get is very handy19:58
openfireawkwardusername: Did you deploy an egress-only internet gateway in your VPC?19:58
awkwardusernameopenfire, yes but it tried ipv4 first then fallback to ipv619:58
openfireawkwardusername: That's oddly backwards.19:58
awkwardusernamethat is, Trying 216.58.197.206... then Trying 2404:6800:4004:818::200e...19:58
openfireawkwardusername: So, did you deploy an IGW (v4) and an EIGW (v6), and configure routes to 0.0.0.0/0 and ::/0 in your routing tables to go to those?19:59
awkwardusernameopenfire, no, i didn't deploy that19:59
openfireThen that's your problem.19:59
awkwardusernamelemme check19:59
openfireYou have no outbound gateway.19:59
=== Serge is now known as hallyn
SircleWhich MTA has good features like slowing mails down in a timmed calculated cap or delaying mails down if multiple emails are sent to same recipient e.g gmail?20:44
TheHonorableKittwell that was fun20:50
geniiSircle: http://www.postfix.org/TUNING_README.html20:50
TheHonorableKittwoops think I messaged the wrong person lol20:53
Sirclegenii,  ok21:00
vltSircle: Exim should handle most of that.21:10
Sirclevlt,  exim?21:11
Sirclevlt,  its an MTA? how do you compare it with postfix? I need most support for whatever MTA I use + featurefull MTA21:11
TheHonorableKittsoooooo I'm looking to try and move my server from linode to my own hosted server, any idea what I need to do to auto-install all the application/packages on the other server?21:25
TheHonorableKittor is there any way for me to just clone from that server to the new one?21:25
sarnoldyou can use dpkg --get-selections on one server and pipe that into dpkg --set-selections on the other; I'd expect an apt-get install to be able to take it from there21:28
sdezielI'm a big fan of 'ssh dd if=/dev/vda | dd of=/dev/vda' :)21:29
TheHonorableKittvda?21:29
TheHonorableKittrather, can you desect that command for me pls? :)21:30
sdezielTheHonorableKitt: you can boot your Linode from a live CD and copy the disk as is. /dev/vda is the virtio disk which should be hooked to your Linode slice21:30
TheHonorableKittO.o errrr how int he world do I haz do that?21:30
TheHonorableKittlol21:30
sarnoldsdeziel: hah yes that works pretty well if everything lines up just fine..21:31
sdezielTheHonorableKitt: that's how I move Linode slices around21:31
vltsdeziel: That might fail horribly whenever /dev/vda holds a mounted file system.21:31
sdezielTheHonorableKitt: it basically copy the whole disk as is to your destination VM. You then just need to tweak the destination21:32
sdezielvlt: hence the live CD21:32
TheHonorableKittI don't have /vda, I think mine is /dev/sda21:32
sdezielTheHonorableKitt: OK same command but different block device ;)21:32
TheHonorableKitthow do I set that live cd up there though?21:33
sdezielTheHonorableKitt: in Linode manager, you should be able to boot off of Finnix or something like that, I don't remember the name of their rescue boot disk21:33
sdezielTheHonorableKitt: are you going to move the Linode to a local VM or a physical machine?21:34
sdezielcause I'd advise this dd trick only if the destination is a VM21:36
TJ-/dev/sda since Linode moved to KVM21:37
sdezielotherwise it gets complicated, real quick21:37
sdezielTJ-: right, didn't realize that, thx21:37
sdeziel'[    2.066417] scsi host0: Virtio SCSI HBA'21:38
TJ-"DMI: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014"21:39
sdezielI guess I should move off of i440fx and give a try to Q3521:40
TheHonorableKittsdeziel: I have a large vmware server at my home that I'm going to use21:45
sdezielTheHonorableKitt:21:46
TheHonorableKittyes?21:46
sdezielTheHonorableKitt: good, VMs are easier to deal with when you need to fix/tweak grub and such21:46
TheHonorableKittyup21:46
sdezielTheHonorableKitt: If the VM isn't bootable as is after being copied over, I recommend you boot it with a external kernel/initramfs then fix grub from inside the VM21:47
sdezielthat's assuming VMWare allows you to provide a kernel/initramfs to boot the VM with21:48
jayjois there a way to copy only changed files every 10 seconds or so using bash? I tried to use inotify but I am using a mounted s3fs filesystem and I don't think it supports the standard events like created delete modified21:48
TheHonorableKittit might be best for me to just do a clean install, clean some junk up and move my configs all over21:49
sarnoldjayjo: what are you trying to do?21:49
jayjoI have an s3fs mounted filesystem that has content I want to serve from nginx. It's shared because php-fpm is serving dynamic content and nginx is serving non .php files. I can't change the permissions on the mounted directory directly, so I attempted to use inotify to watch the directory for events21:51
vltjayjo: rsync21:51
sdezielTheHonorableKitt: that works too and should be made relatively quick with sarnold's trick21:51
jayjoalthough this is not over a network, will rsync do it from /my/first/data/dir to /my/second/data/dir ?21:51
TheHonorableKitthow exactly should I run what sarnold said? is that on my new server? do I have to ssh into the other server? #confused21:51
jayjoHopefully I can just run every 10 seconds for perpetuity21:52
sarnoldrsync can go from one dir to another fine21:52
sarnoldI suggest using a tool like run-one or something similar to make sure you don't get two going at once21:52
sarnoldif that happens your system's going to be unhappy in a hurry21:52
sarnoldthere might still be a better way to solve the problem though21:53
TheHonorableKittI'm gonna need step by steps, because I'm still technically a novice with linux, I'm a windows sys admin by profession, but linux is still a new beast for me21:53
sarnoldit'd be something like ssh linode dpkg --get-selections > /tmp/package_list ; ssh vmware dpkg --set-selections < /tmp/package_list21:55
sdezieljayjo: with a s3fs mount, you may want to use rsync --whole-file too21:55
openfireWhat's the issue?21:55
openfireTheHonorableKitt: ^21:56
TheHonorableKittsarnold: run that on the linode, or my server?21:56
sarnoldTheHonorableKitt: both those commands from your desktop. it'll onnect first to your linode, grab stuff, adn save the results locally. then it'll connect to your new vmware instance and send the local package listings to the next command21:59
jayjocan I just run rsync every 10 seconds? it will do nothing if nothing has changed, right?22:01
sarnoldjayjo: yueah that's not ideal but it should do fine22:02
sarnoldoff to lunch :)22:02
XenophonFis there a way to get my smartarray p410 to export unconfigured disks?22:04
XenophonFi want to set up a ZFS pool under Ubuntu 18.04 without having to set up lots of single-disk RAIDs22:05
XenophonFhm, according to a StackExchange article, controllers older than the p420i won't let you disable RAID functionality :(22:07
XenophonFmaybe the driver can bypass that?22:08
Greyztaropenfire: just curious what you mean with ^ when talking with someone?22:09
openfireGreyztar: My original message didn't have a nick prefix, so it was ambiguously targeted. The ^ was meant to be a "hey, this line was for X person."22:09
Greyztaropenfire: hmm,i dont get it though,i see many use this on social media still dont get it,i know its used in some regexp to mark beginning of match or so22:10
openfireGreyztar: It's a symbol that literally by its shape points up.22:11
Greyztaropenfire: ohh now i get it though haha22:11
Greyztaropenfire: thanks for clarifying that been annoying me for quite som time,googling it didnt yield any result as with other prefixes and so :)22:12
TheHonorableKittso I ran that command, and all I got was this response: "dpkg: warning: package not in status nor available database at line ***: packagename"22:26
openfireTheHonorableKitt: What are you trying to do?22:28
TheHonorableKittsarnold: ^22:33
TheHonorableKittugh can't get this to work22:41
TheHonorableKittfigured it out, thanks to other people having problems XD22:57
TheHonorableKitthttps://www.linuxquestions.org/questions/linux-software-2/dpkg-set-selections-fails-to-find-hundreds-of-packages-4175617954/22:57
sarnoldXenophonF: sometimes controllers can be flashed with an "IT Mode" driver23:40
sarnoldTheHonorableKitt: hmm. maybe youve got universe enabled on one system but not the other? or maybe linode had something specific to their systems installed, that can happen on some of the cloud providers23:41
TheHonorableKitti figured it out :)23:41
TheHonorableKittand it's stillllllllll installing lol23:42
sarnoldah good good23:45

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!