=== tds3 is now known as tds
=== Napsterbater_ is now known as Napsterbater
[15:11] <itsjg> Hello there! Does anyone have some performance baselines of NVME drives in software RAID 10 on Ubuntu?
[15:14] <compdoc> I dont, but how many drives do you want to use for the raid?
[15:33] <itsjg> compdoc: 4 total, in RAID10, using a Samsung PM983. Seeing pretty bad performance from FIO, wondering what I'm doing wrong (seeing about 505MB/s read, 169MB/s write) when the drive is rated for well over 2800 MB/s read and 1900 MB/s write
[15:42] <itsjg> I stand corrected, removing a drive from mdadm and testing directly shows the same results. Must be a issue with the NVMEs directly
[16:03] <compdoc> itsjg, the specs say the drive should be much faster
[16:04] <compdoc> you using an adaptor with m.2 slots?
[16:06] <itsjg> Ah nope, this supermicro box has a direct NVM express ports (Supermicro 1124US-TNRP)
[16:06] <compdoc> Thats an internal ssd. not nvme
[16:11] <compdoc> wow, thats a serious server
[16:11] <itsjg> Haha
[16:12] <itsjg> Yea the terminology is quite confusing, the drives are "U.2 NVME Format" but it is technically an SSD
[16:19] <compdoc> writes are slow compared to consumer nvme drives
[16:21] <itsjg> Yep, very. I can't say I've seen this type of issue before. I'm on the latest kernel for Ubuntu 18.04 LTS, all BIOS and firmwares have been updated
[16:24] <compdoc> I imagine it has plenty of pci-e lanes. do they share lanes with sata ports?
[16:26] <quadrathoch2> probably not compdoc as rome zen has enough pcie lanes
[16:26] <compdoc> ah, the SAMSUNG 983 DCT Series is NVMe
[16:26] <itsjg> Confirming now, but I believe they're dedicated
[16:28] <quadrathoch2> itsjg if it's rome, the least amount is 120 lanes if I remember correctly :) so should be enough
[16:29] <trippeh> could have been still syncronizing the array?
[16:29] <quadrathoch2> yup :) plus as we don't know the software stack, that's still an option
[16:30] <trippeh> md is supposed to back off during IO but in my experience it doesnt always work very well.
[16:30] <itsjg> Ah yea confirmed, 128 lanes (Its a EPYC 7452).
[16:30] <itsjg> Ahh yep thanks, we thought that too. Unfortunately the results are the same when I removed a drive from the array and ran tests directly on a drive not in an array
[16:30] <trippeh> ah right
[16:32] <trippeh> doing a mixed r/w test or read and write separately?
[16:34] <itsjg> Using FIO currently, with --readwrite=randrw (random mixed read/write), and a block size of 4k
[16:34] <itsjg> Doing write only tests with DD produce similar results, it seems
[16:35] <trippeh> yeah I think PM983 should be okayish at mixed
[16:35] <itsjg> Ah, cool
[16:35] <trippeh> my memory could be bad of course :)
[16:36] <trippeh> (we mostly use intel for nvme at work)
[16:36] <itsjg> Ahh Intel, nice :)
=== denningsrogue9 is now known as denningsrogue
[17:16] <Nikolaj_basher> Hi there :-) I have tried to find more info on the EXPOSED status do-agent.service when running systemd-analyze security. How can I solve this?
[17:17] <Nikolaj_basher> and is there a way to get more info why systemd find the service exposed?
[17:22] <tomreyn> Nikolaj_basher: did you read the man page, yet?
[17:24] <Nikolaj_basher> tomaw, which man page the service or the systemd-analyse? but no
[17:28] <Nikolaj_basher> tomreyn, now I have and I didn't know why i did not though on doing so.
[17:31] <sdeziel> Nikolaj_basher: could you paste the output of `systemd-analyze security do-agent.service` ?
[17:36] <Nikolaj_basher> sdeziel, http://pastie.org/p/2t5GV6V7TUqbpGpcJbWvlI
[17:38] <Nikolaj_basher> sdeziel, I can see privateNetwork punish a lot
[17:42] <sdeziel> Nikolaj_basher: EXPOSED is when the score is above a certain threshold (which I don't know) but it's rather easy to bring in more restrictions and lower that score below 4-5
[17:43] <Nikolaj_basher> sdeziel, do you now where I can read more about service. Else I do the google on every score indicator
[17:44] <sdeziel> Nikolaj_basher: man systemd.exec then search for those keywords like NoNewPrivileges (that you already have enabled which is a very good start)
[17:50] <Nikolaj_basher> sdeziel, thanks for your input I will definitely do so THANKS
[17:54] <Nikolaj_basher> sdeziel, I can see what you mean but where do I set the configuration of a specific service
[17:59] <sdeziel> Nikolaj_basher: you can create a "delta" file to apply your custom changes with "sudo systemctl edit do-agent.service". It will launch your $EDITOR on an empty file that would apply after the base systemd unit of the do-agent.service
[18:01] <Nikolaj_basher> sdeziel, nice is there away to get more info about what the service do ex. do-agent i could find any man page
[18:02] <sdeziel> Nikolaj_basher: is this a Digital Ocean VM or something like that?
[18:02] <tomreyn> "how do you know?!" :)
[18:03] <Nikolaj_basher> sdeziel, yes and it came out of the box, and I really want to exam the defaults services is used, because then I would like to disable all the services which not needed
[18:05] <sdeziel> Nikolaj_basher: before tuning those hardening knobs beware that you risk breaking the service (at least when experimenting). I don't know what that do-agent is used for as I don't use DO myself
[18:06] <Nikolaj_basher> sdeziel, I will
[18:06] <Nikolaj_basher> sdeziel, thank for you guidens now I have some info for more research
[18:07] <sdeziel> yw
[18:14] <Nikolaj_basher> exit
[19:24] <MIF> dose anyone here know anything about dovecot?
[19:24] <MIF> what dose this error mean? BYE Disconnected: Auth process broken
=== jelly-home is now known as jelly
[19:26] <sdeziel> MIF: what's your auth config like?
[19:26] <MIF> witch one do you need to see?
[19:28] <MIF> http://ix.io/2IB7
[19:28] <sdeziel> MIF: `dovecot -n`
[19:28] <MIF> ok
[19:29] <MIF> http://ix.io/2IB8
[19:31] <sdeziel> MIF: I don't have the time to fully analyze it but could it be that dovecot cannot reach your SQL server for user authentication?
[19:37] <teward> what do your error logs show?
[19:37] <sveinse> Under 18.04, how can I add post operations when a interface is taken up? (netplan) I need to run a series of additional "ip" commands...
[19:37] <teward> MIF: check /var/log/mail.log and see what the error details are
[19:38] <MIF> Dec 18 13:23:05 sturtz dovecot: auth: Fatal: sql: Unknown database driver 'mysql'
[19:38] <teward> sveinse: to do what?  Add IPs?  Add routes?
[19:38] <teward> MIF: you need to install that extension.  install `dovecot-mysql` on system
[19:38] <MIF> ok
[19:39] <sveinse> teward: ip link add, ip addr add and ip route. To allow routing to (docker) macvlan IP
[19:40] <MIF> is * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=ANONYMOUS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN] Dovecot ready.
[19:40] <MIF> good?
[19:41] <sveinse> unless there exists a net kernel option that allows ip traffic back to a macvlan ip
[20:04] <teward> sveinse: well you can still netplan custom routing rules but not sure how macvlan works there.
[20:04] <teward> MIF: it should work fine, but you should test it ;)
[20:07] <MIF> I did
[20:07] <MIF> it workedt
[20:07] <MIF> hank you
[20:24] <sveinse> teward: I know too little about netplan for how to do that. I installed a new script into /etc/network/if-up.d/, hoping that it will do the job
[20:30] <teward> well if you're using netplan to configure your interfaces currently then it won't since ifupdown isn't being used by netplan.
[20:30] <teward> last I checked anyways
[20:34] <sveinse> teward: one reboot later: jup, learned the same the hard way
[20:44] <sveinse> next attempt: /etc/networkd-dispatcher/routable.d/50-macvlan went much better!
=== StathisA_ is now known as StathisA
[23:33] <tgp1994> Hey everyone. When I updated my 18 LTS distro to 20.04.1, it seems I've lost my backscroll buffer. I only use terminal, no DTE is installed. Shift+PageUp no longer allows me to scroll back. Does anyone know why I lost this ability, what the default is for ubuntu and how I can restore it?
[23:34] <tgp1994> *I should mention - this is running in a Hyper-V VM. I'm using the VM Connection window to access my terminal directly.