hydrian | Ello all | 02:07 |
---|---|---|
hydrian | got an odd issue. | 02:08 |
hydrian | My 16.04.6 server is not applying / keeping my changes to my sysctl parameters I'm setting. | 02:09 |
hydrian | I'm trying to disable the netfilter filtering across bridges becuase it mucking up my KVM VMs. | 02:09 |
tomreyn | hydrian: so how are you configuring them? | 02:11 |
hydrian | tried making a /etc/sysctl.d/60-kvm.conf file | 02:12 |
hydrian | After a reboot they didn't apply. I then added them to /etc/sysctl.conf and reboot. Same issue. | 02:12 |
hydrian | If I set them manually, they seem to work. | 02:13 |
hydrian | My thought is that a service may be changing them. | 02:14 |
hydrian | The odd thing is that this issue came out of no where. My kvm setup had been working find for months. Then I rebooted yesterday and it stared having this issue. | 02:15 |
hydrian | None of my guest VM can get any networking what-so-ever | 02:16 |
hydrian | The ubuntu host is fine. | 02:16 |
hydrian | After some research it seems that the issue is the default behaviour of NetFilter is to block all non-explicitly allowed bridge traffic. | 02:17 |
tomreyn | which configurations do you have on the file then? | 02:18 |
tomreyn | if you're saying a softwares' behaviour changed as part of an in-release update in a way that is not a bugfix, then it should probably be reported as a bug | 02:20 |
tomreyn | (if this has not already been done by someone else) | 02:21 |
hydrian | I can't figure what the RCA of the sysctl changes not being applied / overwritten are so it a bit vague. | 02:22 |
hydrian | I was hoping somebody here may have had a similar issue / story. | 02:22 |
hydrian | So I can get a better diagnostics of this issue. | 02:24 |
tomreyn | it worked for me last time i tried in sysctl.d/ | 02:27 |
tomreyn | check file ownership, permissions | 02:27 |
hydrian | I did. root:root:644 | 02:27 |
tomreyn | maybe rgrep for the settings you applied there in /lib/systemd and /etc to get an idea of where else whey may be changed | 02:28 |
tomreyn | (keep in mind those settings can be formatted in diffferent ways) | 02:28 |
hydrian | I think it may be the ebtables service | 02:28 |
hydrian | nope... | 03:05 |
NotSoFastJames | is it possible that a breacher may of left a cron job on my server to disable all my defenses? | 06:09 |
Gerowen | NotSoFastJames: Anything is possible. You can view cron jobs with crontab -l | 06:11 |
=== mIk3_09 is now known as mIk3_08 | ||
sveinse | Is snapd and lxcfs strictly needed for the health on a 18.04 server? | 12:30 |
sveinse | Not that they are spending lots of resources, but I generally don't like keeping unneeded services running | 12:31 |
foo | Well that's strange. Using screen. Opening new window. The buffer seems jacked on new screen windows... I have to run reset to get it to work properly. Not sure what kind of weird quirk would cause this. | 12:37 |
foo | I wonder if I hit a screen bug or something is borked, must be | 12:37 |
=== mIk3_09 is now known as mIk3_08 | ||
blackflow | sveinse: they're needed only if you intend to use them. If it helps, I'm running a bunch of servers in support of a web based saas, none of which use lxcfs or snaps. | 13:35 |
RoyK | foo: try tmux ;) | 13:53 |
sveinse | blackflow: do you disable them, or do you leave the server as vanilla as possible even thou you don't use it? | 14:26 |
blackflow | sveinse: I install from debootstrap (due to root on ZFS on LUKS) and so I don't even add those packages. In fact, I don't even add ubuntu-server, only ubuntu-minimal and whatever I explicitly need | 14:52 |
blackflow | and I'll continue debootstrapping even if the installer grows the ZFS functionality, there's too much bloat installed by default for the regular server installation. | 14:53 |
sveinse | blackflow: yeah. Its a tradeoff between sticking with standard ubuntu-server vs setting up your own from minimal. | 14:55 |
sveinse | I.e. I'm conflicted about it | 14:55 |
tomreyn | i think snapd is only really required for gnome on a desktop (no more in 19.04) and for livepatch on a server | 14:56 |
tomreyn | if it becomes mandatory on a sevrer, i'll switch to debian | 14:57 |
sveinse | tomreyn: it kinda is (that an lxcfs). You can disable it, but its a manual process from the default out of box ubuntu server | 14:58 |
blackflow | well there are snaps for server roles, like Postgres for example. I don't like that, as they auto-update at times out of my control. | 15:07 |
tomreyn | sveinse: i see. i don't use containers much. | 15:09 |
blackflow | tomreyn: or you think you don't :) that's the thing about "containers" on linux, it's such a broad term. for example I don't use docker, lxc, lxd or any of those tools. I do however use containerization facilities of systemd to confine services. The end result is the same, since the same kernel APIs are used - namespaces. | 15:11 |
lotuspsychje | docker had big breach | 15:17 |
tomreyn | blackflow: right, more precisely i should have said: i don't usually use container frameworks which, to date, rely on snapd. | 15:22 |
sveinse | (For those of you using ubuntu-server) how do you guys disable snapd? | 16:21 |
blackflow | sveinse: stop/disable the snapd.service? you can also just uninstall the `snapd` package | 16:34 |
faekjarz | Where can i find a list of keyboard shortcuts in order to send signals to processes in a terminal? (e.g.: Ctrl+c = SIGINT) …in particular, i want to motivate "ping" to produce a summary BUT without terminating. | 17:05 |
thefatma | Hey guys is there a way to check if my ubuntu is server or desktop ? | 17:06 |
thefatma | but a 100% way | 17:06 |
testpil0t | faekjarz, | 17:07 |
testpil0t | use "stty -a" | 17:07 |
testpil0t | stty -a | grep -oE '(intr|quit|susp) = [^;]+' | 17:08 |
faekjarz | testpil0t: that's it! Thanks! :) | 17:13 |
faekjarz | thefatma: dpkg --status ubuntu-server | 17:23 |
thefatma | faekjarz: but that can be installed on desktop version aswell no? so it's not that valid of a check | 17:25 |
faekjarz | well, it's a package (Section: metapackages) and default behaviour seems to be that it's not automatically installed on desktops | 17:27 |
faekjarz | "lsb_release -a" doesn't include desktop / server | 17:32 |
faekjarz | thefatma: also, you could look for display managers / X servers …but similar situation here; those could be installed on a server as well. | 17:39 |
faekjarz | thefatma: maybe, you could also rephrase your question …or play with "dmidecode -t bios" or "...-t baseboard" | 17:40 |
testpil0t | but most likely, thee is no 100% way | 17:41 |
testpil0t | I dont see how there should be any. | 17:41 |
faekjarz | i agree | 17:44 |
faekjarz | just a funny thought: Supermicro makes RGB GAMING mobos now, so the "Manufacturer:" string from "dmidecode -t baseboard" wouldn't even be a sure-fire method any more ;D | 17:51 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!