/srv/irclogs.ubuntu.com/2021/07/30/#ubuntu-server.txt

=== genii is now known as genii-core
lordievaderGood morning06:14
tuxickanyone know how to create additional users with autoinstall, as in https://cloudinit.readthedocs.io/en/latest/topics/examples.html ?07:28
tuxickor should i ignore cloud-init docs?07:28
tuxicki ended up using late-commands because needed to get stuff done07:29
andypandyI just got my first zfs raidz1 up and running. I have got the "Previous version" (shadow copy) working when doing a manual snapshot. Great! Now I need to automate snapshots to protect from accidental deletion etc since there are no recycle bin when deleting files from network storage in windows. Anyone know of a good tool to use to auomate the rolling snapshots?11:16
tuxickwrap the call with "are you sure? y/N"11:53
=== haggertk- is now known as haggertk
=== masACC is now known as maswan
=== genii-core is now known as genii
TJ-alis list libvirt14:43
patdk-lapdidn't know you could do that in irc14:48
TJ-didn't mean to! - typoed /msg alis as /amsg alis ooops14:48
sdezielandypandy: I use sanoid (`apt install sanoid`) as it does snapshot scheduling and more. There is also `zfs-auto-snapshot` that's simpler14:48
andypandyThanks sdeziel 14:49
fooWalex_away / patdk-lap / Walex - well, WISP called me back a few hours after we figured out mtu issue. They said something was consuming 10bmit down non-stop for the past 7 days on the network (which is pretty much when I arrived here). After process of elimination, turns out it was most likely my phone downloading the 3GB iOS update. I could clearly see ping times 300-900ms when my phone was on the 17:15
foonetwork and sub 50ms when I took my phone off the network. Now that I've solved that, I also just re-tested file transfer of 4K file with mtu 1500 .... and it works fine now. Can you explain this? I'm confused why my phone downloading a file would affect me uploading a 4K file. 17:15
patdk-lapit shouldn't, unless there is a huge buffer somewhere17:28
patdk-lapthat is causing tcp timeout and retries17:29
patdk-lapchanging mtu shouldn't change anything for that17:29
patdk-lapbut your phone shouldn't be downloading 3gb for 7days, unless you have no bandwidth at all17:29
patdk-lapsounds like it was having issues also17:30
foopatdk-lap: so odd. I appreciate you sharing. A part of me wants to understand this, another part of me wants to get on with my work, haha. 17:31
patdk-lapnot sure there is much more to understand17:31
foopatdk-lap: someone else said that pending how the WISP was throttling me, if I was saturating my download it was affecting my upload17:31
patdk-lapwithout knowing how their network works17:31
patdk-lapwhat policies they have configured17:31
patdk-lapya, that goes in the, unless we know exactly how they do things, we won't know17:32
foopatdk-lap: here is how someone else described it: https://bpa.st/6EIQ17:33
foofair enough17:34
foo:)17:34
patdk-lapya, that issue I never hit, as my systems all do that by default17:34
patdk-lapvoip, then acks, then other data, then bulk data (torrents, downloads,,,)17:35
foopatdk-lap: "do that" as in, what, exactly?17:35
foopatdk-lap: oh, QoS?17:35
patdk-lapprioritize acks17:35
patdk-lapyep17:35
foocopy17:35
foopatdk-lap: given what we've discussed, would you say that this WISP could be better configured to priorirtize ACKs? 17:36
patdk-lapI give acks upto 10% of my upstream, dedicated17:36
patdk-lapwell, normally they wouldn't care much about it17:36
patdk-lapit would normally be your connection that it would be the issue17:36
patdk-lapbut if the problem is the wisp cell site is overloaded, not much you can do there17:37
patdk-lapunless they do qos, and unlikely they will do that down to that level, normally they would only do it down to the customer level17:37
patdk-lapso one customer doesn't wipe out another17:37
patdk-lapall these qos things, the more you have, the better they are, takes more router memory and cpu power, larger routers, ...17:38
fooI see, I see17:38
foopatdk-lap: I could also share, that they wanted to solve my issue because customers that were downstream from me were complaining of slow speeds17:38
fooThe WISP described it as a DoS attack...17:38
fooCould that be because my 4K file's ACK never made it back through so it caused a loop of sorts?17:39
patdk-lapwell, it was a DOS, I wouldn't agree it was an attack, it was crap configuration :)17:39
patdk-lapfoo, yes, default is 5 seconds17:39
patdk-lapif pings where >5seconds, yes, that would be an issue17:39
patdk-lapit sounds like they are not doing any qos of customer traffic, so you got to hog it all to yourself17:40
foopatdk-lap: I see17:40
patdk-lapor else other customers wouldn't have been complaining17:41
patdk-lapjust you17:41
footrue17:41
patdk-lapya, I do qos at several levels, once at the customer level, then by type (voip connections, acks, then normal web, then common torrent, ftp,...)17:42
patdk-lapthen at each of those levels, it shares the bandwidth between connections (per tcp connection)17:42
patdk-lapso one single connection (like your ios update) wouldn't knock everything else off17:43
patdk-laptorrents though, make hundreds of connections, so that sharing doesn't work so well, why it goes on it's own qos level below all others17:44
patdk-lapthough instead of sharing per  ocnnnection, you could do it per ip17:44
patdk-lapworks better inside the house, than at the wisp, but the wisp could do per ip, as a per customer thing17:45
patdk-lapreally, if their equipment can do it, have someone that knows this enough to setup the templates, and then they could generate and push it out each time they onboard a customer automatically17:45
foothanks patdk-lap , just called them back again to explain what might have caused this issue17:51
foopatdk-lap: hm, and I may be overthinking it at this point - but is it possible that redudcing the MTU worked so that a smaller ACK packet could make it back downstream to me 17:52
patdk-lapthe ack packets are all the same size, 64bytes, smallest possible17:54
patdk-lapit *might* have made the packet go out faster, so therefor the ack came back sooner17:54
foopatdk-lap: aha, ok, well scratch that. What I don't understand is why changing the MTU fixed this17:54
fooaha!17:54
patdk-laptechnically acks aren't all 64k, but they are unless the server is also sending data back also17:55
patdk-lapso generally it's good to assume they are 6417:55
patdk-lapnot 64k heh, just 6417:55
fooha17:55
foopatdk-lap: super grateful for all the back-and-forth, I was following my curiosity on this one and learned a ton. Grateful for your time.17:56
patdk-lapcould just be their qos is not configured correctly, who knows17:56
patdk-lapbut something on their side is the source of the problem, you just exposed it17:57
patdk-lapI wouldn't take it personally you did anything wrong at all, but ya, unlikely the wisp feels that way17:57
patdk-lapcause their point of view, you are the issue17:57
patdk-lapcause their network allowed it17:57
fooI have shared nearly everything you've shared with me and what I've inferred from all of this and explained my intent is is to share what might improve their network should we conclude something. I think they appreciate it but who knows, if nothing more I learned a lot more. :) I think they likely only have like 6 customers downstream from me anyway17:59
patdk-lapya, some people tend to not take criticism well, like network engineers17:59
patdk-laplike me :)17:59
patdk-lapI got hit hard back in the 90's18:00
patdk-lapwhen shell accounts for the internet was a normal way to use the internet18:00
patdk-lapdialup into a shell account18:00
patdk-lapnew isp, I noticed I had a shell account, if I didn't use ppp, so I used it18:00
patdk-lapI then got banned from the isp for *hacking* their server18:01
patdk-lapsorry, you misconfigured my user account on your server, and instead of giving me only ppp access, yo ugave me a full shell18:01
patdk-laphow was I suppose to know I shouldn't use it18:01
foooh man.18:02
foohaha18:02
=== StarHeart is now known as Edgan
Guest47Hi. What's the minimum RAM needed to run a Ubuntu docker image? I need it to run sshd, and clone git repos (for backup purposes). It doesn't do anything else. I'll be running this on a very limited NAS.19:52
=== genii is now known as genii-core
sdezielGuest47: FYI, my gitolite LXD container consumes 27MB of RAM19:59
Guest47sdeziel: based on Ubuntu?! nice!19:59
sdezielGuest47: yes, 20.04 on amd64. systemd-journald is the biggest RAM consumer20:00
Guest47good to know20:01
=== genii-core is now known as genii
Guest47I installed openssh-server but since the Docker image doesn't use systemd, the service doesn't start. I can do it manually with "service ssh start". How can I get this container to run this whenever it's restarted? I'm treating this as a VM, I know it's not common Docker usage. I don't want to write Dockerfiles/Compose files and constantly20:17
Guest47destroy/create containers. This is a one-time thing.20:17
sarnoldGuest47: are you sure you wouldn't rather have lxd instead? I always thought of docker as "I want this specific application to run in a container" and lxd as "I want a very lightweight vm-ish container"20:21
Guest47sarnold: this is on my weird NAS with a custom Linux, I have no choice. I'm only doing all this because their Python 3 doesn'20:22
Guest47doesn't have pip20:22
sarnoldGuest47: oh20:22
Guest47but since it supports Docker I can use Ubuntu to run commands I need to run20:22
Guest47The plan is to execute tasks by SSHing to the Ubuntu container, then running the command, which saves the data to a volume mapped on the NAS20:23
Guest47How can I run sshd at startup? The entry point of the Ubuntu image is "bash". I still want it to be bash, but I also want it to run sshd at startup (the container is set to auto-restart on error, powerup, etc)20:34
Walex_awayGuest47: that is not an Ubuntu container, it is your own distribution at this point...20:37
Walex_awayGuest47: in effect your container always boots in single user mode.20:38
Walex_awayGuest47: the question is: what makes it run the initial shell, if you have not installed an 'init' daemon?20:39
Walex_awayGuest47: or rather, which executable is the 'init' for that container?20:39
Guest47bash20:39
Walex_awayGuest47: and how do you start it?20:40
Guest47oh sorry20:40
Guest47PID #1 is bash. I start it using the Docker UI that's available on my NAS. I have buttons like "Start/Restart/Stop"20:41
Guest47It lets me customize some things but I don't see an option to change the starting command20:41
Walex_awayGuest47: OK! there two options then20:41
Walex_awayGuest47: that 'bash' will belong to some user and therefore will execute some '.bash_profile' in the user's home directory.20:42
Walex_awayGuest47: so you can treat the container as a single.user login and just start 'sshd' in it.20:43
Walex_awayGuest47: if 'service sshd start' works that means that there is an 'sshd' start script somewhere, probably in '/etc/init.d/'.20:43
Guest47that's the case, yeah20:44
Walex_awayThe other option is to run a process supervision daemon like 'sv' from 'runit' or 'daemontools' etc.20:44
TJ-anyone managed to deploy dnsmasq as an IPv6 DHCPv6/TFTP server and have example configs? Having a problem with it not responding to the client TFTP RRQ packets20:45
Walex_awaythe second option has the advantage that the process supervisor will restart the 'sshd' daemon if it crashes etc.20:45
patdk-lapGuest47, must you use ubuntu docker image?20:46
Guest47I put in "service ssh start" in root's ~/.profile, restarted the container, but nothing20:46
patdk-lapif you just need ssh and docker, why not just use alpine?20:46
* Walex_away had not changed nick20:46
=== Walex_away is now known as Walex
Guest47patdk: I just didn't want to have to use a separate PC to create a Docker image, create a Docker registry account, upload there, download here, etc. For a container that I might tweak at any time.20:46
WalexGuest47: I would not be sure that /root/ is the home directory20:46
WalexGuest47: there is also another detail that matters quite a bit:20:47
patdk-lapoh, you are just looking for a preconfigured image, ya any full os image is going be kindof large20:47
Guest47patdk-lap: cause I'm familiar with Ubuntu as a desktop user, I'm comfortable with that. RAM usage is negligible, it's great.20:47
WalexGuest47: the '.profile' is only executed if the 'bash' is a login shell20:47
Guest47oh20:48
WalexGuest47: that can be achieved by running it as 'bash --login'20:48
Guest47I can't edit the start command though...20:48
WalexGuest47: I don't know if your Docker tools allow you to do that.20:48
Guest47whatever I put in init.d will execute at startup? 20:48
WalexGuest47: AFAIk nothing that you put in 'init.d' will be executed at startup.20:48
WalexGuest47: traditionally only what you put in '7etc/rc.local' is exectued at estartup, if you have an 'init' system.20:49
WalexGuest47: I'll do a web search on how to configure Docket appositely. I will also at some Dockerfiles I got as I vaguely remember doing that.20:50
Guest47OK, how do I control what "bash" runs then? If I can shove "service ssh start" somewhere, that's that20:50
Guest47even on non-login sessions20:51
WalexGuest47: don't Dockerfiles have a "RUN" directive?20:51
Guest47they do, but that would mean building my own image. I'll do that if push comes to shove, it's just way more troublesome than tinkering with a local distro.20:52
Walexoops that's build-time, I was thinking 'CMD'. Will check20:52
Guest47oh snap, just thought of something...I've been going through the Ubuntu official image, but I20:52
Guest47I'm sure tons of people have made an sshd variant20:52
WalexGuest47: ahhh sorry I had forgotten: you want to run an existing image even if does not do what you want.20:53
WalexGuest47: Do you know where the Dockerfile for that image is? Maybe looking at it there is some hook.20:53
Walexare you using this: https://registry.hub.docker.com/_/ubuntu/ ?20:54
Guest47it's the official Ubuntu image. I dont think Docker downloads a Docker file and builds it locally, but a binary/filesystem image20:54
Guest47yes20:55
sdezielGuest47: a possible (ugly) hack would be to create a wrapper script "earlier" in $PATH that starts sshd if it is not running and then calls the real bash20:55
WalexGuest47: the Dockerfile is this apparently: https://github.com/tianon/docker-brew-ubuntu-core/blob/a967c2b8734c77f7f89449d0b87c2e1eebf8b26e/focal/Dockerfile20:55
Guest47Found one: https://registry.hub.docker.com/r/rastasheep/ubuntu-sshd/  . Obviously, not official...should I trust this stuff?20:55
Guest47sdeziel: I'll suck it up and get a different image20:56
WalexGuest47: The official Dockerfile does not have "bash --login" too bad20:56
Guest47Walex yeah they use that Dockerfile to compile the image, then that image is uploaded to Docker Hub, then you download. AFAIK you can't tell Docker "here's a 1KB Dockerfile, run this locally"20:57
WalexGuest47: I usually build my docker images and keep them in a local repository20:58
Guest47https://github.com/rastasheep/ubuntu-sshd/blob/master/18.04/Dockerfile20:58
sdezielGuest47: that image is very outdated it seems20:59
Guest47I should be able to just change "FROM ubuntu:18.04" to "FROM ubuntu:20.04"21:00
Guest47if I build my own21:00
Guest47why are people so in love with Alpine? TONS of sshd results for Alpine21:00
Guest47to shave off 10MB off an image?21:01
Guest47allright, I give up. I'll create my own image based on rastasheep's Dockerfile.21:04
Guest47thanks for your advice, guys!21:06
WalexGuest47: that Dockerfile starts 'sshd'  but does not start a console shell I think21:07
WalexGuest47: note that it starts *ssh -D' so it is 'sshd' that becomes process 121:08
Guest47does that matter? My NAS can still ssh in and run arbitrary bash commands, right?21:09
WalexGuest47: it is up to you to decide that, whether you are sure that 'sshd' will never crash and there will never be network issues etc.21:10
Guest47it shouldn't, the container runs on the same NAS that connects to it. It's just a local service.21:11
Guest47also one of the options is "Auto-Restart container on error"21:11
Guest47I will never ssh to it myself, it'll just be "ssh root@local-docker-ip -exec "wget blah blah && tar blah blah && python3 somescript.py " (not the exact syntax, you know what I mean, I'll look it up)21:13
Guest47in an automatic script21:13
Guest47Damn, it just never ends. I can't push the image I created, one of the fragments which is large (125MB), keeps failing around the 90-110MB mark. I started today just wanting to set up backups on my NAS, it turned into this whole adventure. :/21:32
Walexfoo: so after all it was a rate limiting issue.21:39
Walexfoo: my guess that a smaller MTU paced the packets better was perhaps right.21:39
Walexfoo: but as "patdk-lap" pointed out it should not take 7 days at 10mb/s, and anyhow a 3GB update is monstrous.21:40
Walexfoo: but if you really saw much higher pings that meant that the link was saturated and this meant that uploading was throttled too. probably with a shaper script set at limiting the download rate to 9mb/s it would not have been congested.21:42
=== genii is now known as genii-core
=== Walex is now known as Walex_away
fooWalex_away: thanks for circling back :) 21:47
patdk-lapapple tents to push gig updates though, so that is *common*22:00
foopatdk-lap: if an iOS update can "take down the network" on this WISP... I have to imagine they have other problems which I don't even want to think about, haha.22:00
patdk-lapapple has been down to take down many isp's22:00
foooh, interesting22:00
patdk-lapmost of them have onsite caches cause of this22:01
patdk-lapused to be common 10years ago22:01
Guest47couldn't they rate-limit based on destination IP?22:01
patdk-lapwe used to watch the bandwidth on the ios update cache when new apple releases where put out, was always intertaining22:01
patdk-lapGuest47, who knows, but they aren't :) or not enough22:02
Guest47net neutrality is a meme :)22:02
patdk-lapor else it wouldn't take taken down the other customers22:02
patdk-laphttps://www.fastvue.co/sophos/blog/the-bandwidth-impact-of-apples-ios-8-release-on-your-network/22:04
Guest47do they do like Windows and share iOS updates from other phones on the LAN?22:06
patdk-lapno, or atleast they didn't use to22:06
Guest47no wait, stupid question, it would drain batteries and people would complain22:06
patdk-lapyou can do something like that using macos22:06
TJ-finally got GRUB loading over pure IPv6 PXE/TFTP 23:24

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!