February 27, 2014 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | >
February 27, 2014 [00:14:22] -msg- [sniffle] Licenser pushed 1 new commit to dev: http://git.io/a68ykw[00:14:22] -msg- sniffle/dev 688930c Heinz N. Gies: Merge branch 'test' into dev[00:31:54] -msg- [sniffle] Licenser pushed 1 new commit to dev: http://git.io/koVRjg[00:31:54] -msg- sniffle/dev a5699c7 Heinz N. Gies: Merge branch 'test' into dev[00:45:45] -msg- [sniffle] Licenser pushed 2 new commits to dev: http://git.io/RHk22g[00:45:45] -msg- sniffle/dev 522e74f Heinz N. Gies: Fixed repooling of old messages.[00:45:45] -msg- sniffle/dev 8afc121 Heinz N. Gies: Merge branch 'test' into dev[00:53:49] *** MacSpengo has joined #project-FiFo[01:04:12] <killfill> Licenser: seems to be better... now 'only' chunter seems to be disconnected to snarl when its doing the muli creation[01:04:43] <killfill> sniffle[01:06:43] <Licenser> killfill yea I'm fighting to put in the right tunables[01:06:57] <Licenser> the settings that are sensible are very different between small and big systems[01:07:39] <killfill> the memory of sniffle was 'big' (like 1.5G) when it had the problem.. (dont know if that help..)[01:09:08] <Licenser> RSS or SIZE?[01:09:49] <killfill> rss[01:10:14] <killfill> size is like 15G always in my case.. (dont know if thats bad or good...)[01:10:30] -msg- [sniffle] Licenser pushed 1 new commit to dev: http://git.io/0nGnKg[01:10:30] -msg- sniffle/dev d6eb21b Heinz N. Gies: Merge branch 'test' into dev[01:10:38] <Licenser> killfill propably bad ;)[01:11:00] <Licenser> 15G is a lot for a single node[01:11:06] <Licenser> propably you've too many vnodes[01:11:13] <killfill> i got a lot of datasets downloaded[01:11:15] <Licenser> and AAE enabled[01:12:18] <killfill> i got all by default, and aar is enabled, yes.[01:12:28] <killfill> aae...[01:12:48] <Licenser> killfill ooold config ;)[01:12:51] <Licenser> new configs save a lot more space[01:12:57] <Licenser> turn off AAE[01:13:02] <Licenser> that wills ave ~10G there[01:14:00] <killfill> im so oooold..:P[01:14:52] <Licenser> heh[01:15:26] <Licenser> 35 people in the room :) nice[01:15:35] <killfill> well about the vnodes.. ring_size, n, r, w has to do with that right? that default seems to be the same.[01:15:49] <killfill> (same as i have..)[01:21:51] *** hugo has quit IRC[01:23:38] *** barhom has joined #project-FiFo[01:30:49] <Licenser> killfill vnodes efault to 8 now, n/r/w stays the same[01:34:01] <killfill> doesnt seem to be a knob for they in the config[01:35:10] -msg- [sniffle] Licenser pushed 1 new commit to dev: http://git.io/SKPwkg[01:35:11] -msg- sniffle/dev 1269b57 Heinz N. Gies: Merge branch 'test' into dev[01:41:06] *** trentster_ has joined #project-FiFo[01:41:48] *** trentster_ is now known as trentster[01:42:07] <killfill> wow trentster is back! :P[01:43:45] <trentster> killfill: :-P Didnt you hear me last week say "ill be back" in my Terminator voice[01:44:52] <killfill> :)[01:46:02] -msg- [sniffle] Licenser pushed 1 new commit to dev: http://git.io/5Ncv1A[01:46:02] -msg- sniffle/dev fb8c263 Heinz N. Gies: Removed some verbose debugging from create_fsm and fixed bug in pool.[01:51:22] <trentster> ok just got servers reconencted….[01:51:36] <trentster> here comes a ton of fifo updates, all digits crossed and hoping for the best[01:52:56] <killfill> maybe you should delete/opt/local/fifo-*/etc/*.conf just did that :P[01:53:23] <killfill> (to reset to the new defaults[01:53:46] <trentster> killfill: really? or you kidding?[01:54:22] <trentster> hmmm, first issue, dod I need to make any package source changes, doing a "pkgin -fy up" just hangs there.[01:54:22] <killfill> no really.. maybe cou coult back that up before.. that way when you install the new version, they will re-generate the config files from the .example ones.[01:54:48] <trentster> I am still on dev here[01:55:06] <Licenser> killfill trentster you can merge them manually too[01:55:36] <trentster> just deleted them, no biggie.[01:55:47] <trentster> more concerning is why pkgin -fy up is not working[01:56:27] <Licenser> dun dun dun :([01:56:32] <Licenser> it should[01:56:55] <trentster> this is still correct repo for dev right? http://release.project-fifo.net/pkg/dev/[01:57:31] <trentster> this is what I have in my repositories.conf[01:57:32] <trentster> http://pkgsrc.joyent.com/packages/SmartOS/2013Q2/x86_64/All[01:57:32] <trentster> http://release.project-fifo.net/pkg/dev/[01:58:31] <Licenser> should be eys[01:58:42] *** _lb_ has joined #project-FiFo[01:59:37] *** _lb_ has quit IRC[01:59:56] <trentster> I dunno, all else is working got intenet access and dns is working.[02:00:34] <Licenser> I just run that 1m ago[02:01:22] <trentster> maybe its a cdn issue[02:01:26] <Licenser> http://release.project-fifo.net/pkg/dev/[02:02:32] <trentster> i think its a joyent issue, if I comment out their repo it works.[02:02:34] <trentster> grrrr[02:03:39] <trentster> Licenser: what joyent repo you got in your repos list?[02:03:44] <trentster> I have http://pkgsrc.joyent.com/packages/SmartOS/2013Q2/x86_64/All[02:05:32] <Licenser> yes: http://pkgsrc.joyent.com/packages/SmartOS/2013Q2/x86_64/All[02:07:05] <Licenser> upgrade never worked[02:07:09] <Licenser> it's a pkgin issue[02:10:17] *** ipalreadytaken has quit IRC[02:10:43] *** ipalreadytaken has joined #project-FiFo[02:15:34] *** ipalreadytaken has quit IRC[02:17:08] <trentster> ok fixed, it its working now, safe for me to update, Licenser?[02:17:34] <Licenser> trentster yup creating 20VM's on one system concurrently still freaks out some things but I think it's not bad :P[02:18:03] <trentster> heh, sounds good to me.[02:19:35] <Licenser> only killfill would do that anyway :P[02:22:39] <Licenser> yea smartos does not like that :([02:23:23] <trentster> I may have to roll back the snapshot, just remembered all the custom conf stuff we have set for leofs zones..[02:23:29] <trentster> and I blew away conf files.[02:23:36] <trentster> :-O[02:23:42] <Licenser> leos config is inside of the ring :)[02:25:41] <Licenser> killfill 20 VM's successfully created[02:25:55] <trentster> [ Feb 27 01:24:41 Executing start method ("/opt/local/fifo-howl/bin/howl start"). ][02:25:55] <trentster> vm.args needs to have a -name parameter.[02:25:55] <trentster> -sname is not supported.[02:26:25] <Licenser> trentster you can't JUST delete the config it will not generate it at a random point it will only generate it during package installation[02:26:50] <killfill> yay![02:26:51] <trentster> so wtf did killfill tell me to delete them when I said I was about to update my dev[02:26:58] <killfill> heh[02:27:09] <Licenser> trentster he told you to delete them BEFORe you update your dev ;)[02:27:26] <trentster> Licenser: yup and that what I did[02:27:35] <killfill> < killfill> no really.. maybe cou coult back that up before.. that way when you install the new version, they will re-generate the config files from the .example ones.[02:27:39] <killfill> before yah[02:27:49] <trentster> ok snapshot revert time[02:28:06] <killfill> it should work.. i just did that.[02:28:55] <Licenser> perhaps there was no new howl package[02:29:31] <killfill> pkg_add -F install :P[02:30:14] <Licenser> yay 20 vm's deleted![02:30:42] <Licenser> okay guys I'm out I did my magic for today :)[02:30:43] <Licenser> take care![02:30:52] <killfill> bye![02:31:40] <trentster> ciao[02:34:11] <trentster> killfill: ok rolled-back all working again[02:34:22] <trentster> how do you recommend I proceed?[02:35:12] <killfill> will, you will kick me.. but you could delete the .config file, when pkgin -fy, pkgin -F install fifo-{jingles,sniffle,snarl,howl,wiggle} :P[02:35:49] *** jim80net has quit IRC[02:35:54] <killfill> /opt/local/fifo-*/etc/*.conf[02:36:54] <trentster> so you want me to run: pkgin -F install fifo-{jingles,sniffle,snarl,howl,wiggle}[02:38:21] <killfill> when you delete the .conf files, when pkgin will regenerate them. -F is to force the upgrade, even if you have the latest package.. in case there is a component you already have updated, so it writes the config again anyway.[02:38:35] <killfill> 'when pkgin' -> 'then pkgin'[02:39:27] <trentster> killfill: you do understand I am going from dev to dev[02:40:54] <killfill> yup, Licencer changed the default's for the AAE stuff. you can see the difference diffing the .conf and .conf.example[02:42:00] <trentster> was this to try and fix the memory ballonong stuff?[02:42:08] <trentster> *ballooning[02:42:59] <killfill> yup[02:43:59] *** conan_the_destro has quit IRC[02:44:27] *** conan_the_destro has joined #project-FiFo[03:16:18] *** conan_the_destro has quit IRC[03:17:37] <killfill> Licenser, hm.. dont know why, but the name of the VM's are all the same here..[03:29:28] *** bixu has joined #project-FiFo[03:32:32] *** bixu_ has quit IRC[03:32:33] *** barhom has quit IRC[04:05:25] <Licenser> killfill it's the magics fault![04:06:21] <killfill> heh[04:06:33] <killfill> (werent you sleeping?...)[04:07:32] <Licenser> no I was going home to take a long and happy bath![04:27:08] <trentster> Licenser: killfill I just did an update have not changed any config files and all seems to be working fine.[04:27:21] <Licenser> :D[04:27:48] <trentster> not sure if I still need to go through example config files and see if there are any changes that need to be made?[04:30:09] <Licenser> trentster the current dev example configs are mostly optimized for single node deplopyments[04:35:25] <trentster> Licenser: killfill are your dataset installs from datasets.at still working?[04:37:58] <trentster> I think its an issue with MerlinDMC new dsapi local hosted server. seems to work fine with datasets.at[04:38:04] <trentster> so never mind.[04:48:33] <trentster> Licenser: can we setup a dsapi instance at lucera that mirrors datasets.at ?[04:49:17] <Licenser> Question would be why? datasets.at is working quite well[04:50:07] <trentster> well is a US mirror[04:50:13] <trentster> and offers redundency[04:50:39] <trentster> would encourage more people to use it as their official repo source\[04:50:54] <trentster> is my logic not sound?[04:52:57] <Licenser> given that MerlinDMC propably uses a CDN it doesn't make much of a difference I think[04:53:06] <trentster> ok, cool[05:05:15] <trentster> Licenser: where can I look to trouble shoot this? which log file do you suggest?[05:05:25] <trentster> http://monosnap.com/image/Yg5eS4JnLNVAhjmACs2GO2vAGdXdDJ[05:05:33] <trentster> http://monosnap.com/image/5D7ursT9WGpGr0m06hBryrX8w2BkZa[05:29:37] <Licenser> sniffles console log[05:34:58] <trentster> Licenser: 2014-02-27 04:34:42.753 [error] emulator Error in process <0.10296.0> on node 'sniffle at 10 dot 1.1.240' with exit value: {{badmatch,{error,{http_error,500,"Internal Server Error",[]}}},[{sniffle_img,create,4,[{file,"src/sniffle_img.erl"},{line,36}]},{sniffle_dataset,read_image,6,[{file,"src/sniffle_dataset.erl"},{line,159}]}]}[05:35:08] <trentster> —[05:35:15] <trentster> I get that error as I click import[05:36:14] <Licenser> 500 internal server error <-[05:44:53] <trentster> yup[05:56:09] <Licenser> that means it's a error on the dsapi server[06:03:25] <trentster> yup, I figured as much… waiting for MerlinDMC to wake so I can get his input, thanks Licenser[06:03:45] <Licenser> yea he'll porpably be a sleep a bit longer[06:04:35] <trentster> If he is at work today, he is probably about to wake up, he has a horrendously long commute to the office[06:05:06] <Licenser> it's about 6 I think[07:32:58] <MerlinDMC> "he has a horrendously long commute to the office" ... and I was in the office for over 14 hours yesterday but ... i'm always back here in time[07:33:59] <MerlinDMC> Licenser, there is no cdn anymore ... that drove some problems on the json endpoints ... and as the rest is pretty much just 5 html files + js/css I disabled that[09:13:57] *** alcir has joined #project-FiFo[11:55:33] *** barhom has joined #project-FiFo[12:07:48] *** mattronix has quit IRC[12:08:30] *** mattronix has joined #project-FiFo[12:27:41] *** bixu has quit IRC[12:28:07] *** bixu has joined #project-FiFo[12:33:04] *** bixu has quit IRC[13:21:19] <killfill> hi[13:21:32] <killfill> well not as quick as usain bolt..[13:21:43] <killfill> it takes 4 minutes to create 20 vm's[13:21:56] <killfill> but it kind of works now :)[13:22:15] <killfill> Licenser: there is only 1 problem i think.. the first vm get stucked in 'creating' state.[13:22:49] <trentster> killfill: howdy..[13:23:07] <killfill> hey[13:23:14] <trentster> looks like there is some issue with downloading datasets from datasets.at ince upgrading to latest version.[13:23:25] <trentster> I confirmed with MerlinDMC earlier[13:23:50] <killfill> oh really?[13:24:33] <MerlinDMC> and someone needs to be responsible for that ... morning killfill :)[13:24:55] <killfill> http://monosnap.com/file/Hh4mdoH2j6MUcuPc55TuyzLqmQimxd[13:25:14] <trentster> killfill: which one of these logos do you think is best: http://monosnap.com/image/84vLyxYb5okOsafdRNjdjUydTKG7Fh[13:25:15] <killfill> heh[13:25:52] <killfill> whats tribeflare?[13:26:10] <trentster> new website I am building[13:26:25] <trentster> you can see dev environment on onyxit.net[13:27:00] <killfill> ah[13:28:05] <killfill> i would vote for option 3[13:28:24] <trentster> cool, we have 3 votes for option 3… ;-)[13:29:55] <killfill> trentster: your working with seo people?[13:30:24] <trentster> killfill: yeah, kinda…[13:32:04] -msg- [jingles] killfill fast-forwarded test from a4bc5a5 to a70f26f: http://git.io/ZIYtuw[13:34:40] <MerlinDMC> killfill, I do too ;) ... but it's germany so a total different culture[13:35:36] <killfill> heh[13:37:21] <killfill> Licenser: i think we broked vm creation.. :P[14:19:01] <bayoda> good afternoon[14:19:26] *** bixu has joined #project-FiFo[14:20:14] <bayoda> is it safe to update - or should i take a snapshot - a backup - and a new server - as i have read the last 12 hours :D[14:20:20] <bayoda> of irc[14:22:30] <killfill> bayoda: i think vm creation is broked right now[14:22:51] <bayoda> okay - thx - will wait ;-)[14:23:26] <bayoda> and it seems that in the version I'm working with the snapshot feature is "getting stuck" in pending[14:24:26] <bayoda> is it a good idea to snapshot fifo from within inside fifo[14:26:19] <bayoda> okay completed[14:26:47] <bayoda> killfill - another question / idea on details of a vm[14:27:33] <bayoda> the VNC Ports for working and display would be a great information ...[14:32:27] *** bixu_ has joined #project-FiFo[14:33:26] *** bixu has quit IRC[14:35:56] *** bixu_ has quit IRC[14:36:03] *** bixu has joined #project-FiFo[14:39:27] *** bixu_ has joined #project-FiFo[14:42:41] *** bixu__ has joined #project-FiFo[14:42:49] *** bixu has quit IRC[14:46:12] *** bixu_ has quit IRC[14:52:12] *** bixu has joined #project-FiFo[14:53:59] *** bixu__ has quit IRC[15:06:42] <bayoda> also datasets.at funktionierte - bis gestern[15:14:25] <Licenser> killfill the most time consumed is on the hypervisor not fifo's fault when your system is so slow ;)[15:15:43] <Licenser> bayoda I don't think it should be displayed, usually people do not directly connect to the network[15:17:40] <bayoda> depends - if you are in an VPN - you do connect directly ;-)[15:20:36] *** jim80net has joined #project-FiFo[15:38:50] *** mattroni1 has joined #project-FiFo[15:41:12] *** mattroni1 has joined #project-FiFo[15:41:17] *** mattronix has quit IRC[15:41:35] *** mattronix has joined #project-FiFo[15:48:46] <killfill> Licenser: i think vm creation is broken now :S[15:49:45] <killfill> bayoda: probably on a more sofisticated environment, hypervisor connectivity will not be accesible on a 'common' vpn neither[15:52:39] <bayoda> okay your idea counts ;-)[15:57:42] <Licenser> killfill whyyyyyyyyyyy[15:58:54] <Licenser> killfill I see chunter going into maintainance :( not sure why and very little info on the reasons[15:59:23] <bayoda> okay hand off upgrade ;-)[15:59:57] <killfill> just create a vm now work.. not sure if its a real problem or not..[16:00:01] <killfill> ah[16:00:13] <Licenser> killfill I think it's chunter acting up, not exactly sure why so[16:03:50] *** barhom has quit IRC[16:07:34] <killfill> Licenser: (this is another thing..) when creating a VM[16:07:41] <killfill> howl sends 2 'update' events.[16:09:00] <killfill> the first one is {config: theconfig, hypervisor: uuid}[16:09:11] <killfill> and the second is just {config: theconfig}[16:10:34] <killfill> hm.. well i actually could save the hypervisor from the first event.. :P[16:10:59] <killfill> anyway.. it wouldbe nice to include the owner there too, so jingles can show the owner righouth reloading the machines list.. :)[16:36:42] *** echelog has joined #project-FiFo[16:39:48] <that0n3guy> is the dev chunter-latest.gz (link in wiki) get updated via github?[16:41:14] <Licenser> that0n3guy the chunter-latest.gz is build by Bamboo every time a push to dev happens, then chunter-<veriosn>.gz is build and chunter-latest.gz lunked to that[16:42:01] <that0n3guy> gotcha.... thank! I can not get release to connect via private admin and dev was having the issue you just fixed :)[16:47:20] <bayoda> hey is the problem i issued - with user / group / org - not seeing their vms already in the pipeline?[16:52:03] <bayoda> it doesn't really work that the owner of a vm is set and the user below see his vm .. or maybe just something missing?[16:56:38] <Licenser> yay chunter is core dumping :([16:57:22] <Licenser> bayoda it's a configuration thing nothing[16:57:23] *** conan_the_destro has joined #project-FiFo[16:57:27] <Licenser> you need to give them permissions to see it[17:01:05] <killfill> tried to describe the event thing on the ticket.. :P[17:03:56] -msg- [jingles] killfill fast-forwarded test from a70f26f to 1705615: http://git.io/fj1b-w[17:04:37] <bayoda> which permission[17:05:04] <Licenser> killfill yay[17:06:58] <Licenser> <3 vmadm![17:07:43] <Licenser> bayoda what is the ticket ID[17:16:40] <bayoda> let me look[17:19:30] *** barhom has joined #project-FiFo[17:20:30] <bayoda> JIN-130[17:20:44] <bayoda> https://jira.project-fifo.net/browse/JIN-130[17:20:53] <bayoda> it seems to be fixed but it isn't :-)[17:21:40] <bayoda> the access is fixed but it's not really clear what i need to set permissions the see the vm[17:22:52] <Licenser> not being able to see VM's is a very different issue, it is vms->UUID->get[17:23:35] <killfill> maybe the organization triggers would help out with this?[17:23:40] <killfill> (ive never used them tho)[17:23:58] <Licenser> they would[17:24:17] <Licenser> okay vmadm craps out when creating too many VM's at once :([17:25:11] <killfill> i guess if we present this as a performance issue, joyent would fix it[17:26:05] <bayoda> hmmm vms -> uuid -> get?[17:26:12] <bayoda> for the user / group / org?[17:26:15] <killfill> actually ive seen people doing vm creation benchmarking.. belive it or not.. :P[17:26:52] <Licenser> bayoda in orgs you can set a trigger on vm creation to give permissions to a group[17:28:04] <bayoda> if the vm already exists?[17:28:41] <Licenser> bayoda you need to give it manually to whomever you want it to see[17:29:51] <bayoda> actually if i can find out how it works "in a repeatable" mode - I'll write a how to on it ;-) but it isn't working till now[17:30:39] <Licenser> bayoda basically if you do it ahead of time orgs take very nice care of it, just gove the org a on vmcreation trigger[17:32:50] <bayoda> okay but it is an vm that already exists ;-)[17:34:37] <Licenser> bayoda do you give out permissions via groups or per user?[17:34:51] <bayoda> on users[17:35:02] <bayoda> depends - what is needed - users or groups[17:35:11] <bayoda> but i need a user to login[17:35:32] <bayoda> so i have a permission set on - ORG / one on GROUP / and on USER[17:35:48] <Licenser> there are no permissions on orgs[17:36:01] <bayoda> sorry group / users[17:36:10] <Licenser> if it's a user just give the user the vms/<whatevervm you want>/get permission and they can see it[17:36:49] *** bixu_ is now known as bixu[17:37:12] <bayoda> virtual machines - UUID - Everything[17:40:34] <bayoda> as soon as i assign - a group and an org to an user - there's a problem..[17:41:02] <bayoda> active org - assigned to the user - you see only config menu (empty) and fifo home[17:43:16] <Licenser> bayoda you need basic permissions let me give you an example:[17:44:23] <bayoda> would be nice :-) as it isn't clear if a group reduces the "permissions" - or adds permissions[17:44:41] *** Licenser has quit IRC[17:46:20] <bayoda> okay licencer set a permission on IRC :D[17:49:44] *** barhom has quit IRC[17:56:44] *** Licenser has joined #project-FiFo[18:00:55] <Licenser> bayoda did that help?[18:01:13] <Licenser> group adds permissions there are no negative permissions[18:12:17] <bayoda> I'm actually trying[18:13:29] <bayoda> channels are what for?[18:14:45] -msg- [wiggle] Licenser pushed 2 new commits to dev: http://git.io/Yhd4zw[18:14:45] -msg- wiggle/dev 91e28d2 Heinz N. Gies: Tagged ensq_rpc.[18:14:45] -msg- wiggle/dev 60d70be Heinz N. Gies: Merge branch 'test' into dev[18:14:46] *** alcir has quit IRC[18:27:44] *** ipalreadytaken has joined #project-FiFo[18:41:22] *** conan_the_destro has quit IRC[18:42:49] *** conan_the_destro has joined #project-FiFo[19:03:35] *** ipalreadytaken has quit IRC[19:04:02] *** ipalreadytaken has joined #project-FiFo[19:08:53] *** ipalreadytaken has quit IRC[19:19:24] *** ipalreadytaken has joined #project-FiFo[19:29:27] <bayoda> anyone else outside tries to work with user / group permissions and assignment to ORG?[19:30:35] <bayoda> maybe endless possibilities but no real result ...[19:30:52] <bayoda> to give one user - just his machine...[20:19:22] *** hugo has joined #project-FiFo[20:26:12] -msg- [chunter] Licenser pushed 2 new commits to dev: http://git.io/WdGBlg[20:26:12] -msg- chunter/dev 188b631 Heinz N. Gies: Fixed SMF to not kill on coredump of vmadm.[20:26:12] -msg- chunter/dev 31f61cc Heinz N. Gies: Merge branch 'test' into dev[20:28:22] *** conan_the_destro has quit IRC[20:28:51] *** conan_the_destro has joined #project-FiFo[20:56:39] *** hugo has quit IRC[21:02:14] *** jim80net has quit IRC[21:27:57] <that0n3guy> snarl, howl, wiggle and sniffle are in maintenance mode... how do I get them out of that? restart/disable/enable didn't work[21:28:10] <killfill> clear[21:28:54] <that0n3guy> awesome[21:29:02] <that0n3guy> whats clear do?[21:29:47] <killfill> clear the mantenance mode.. :P[21:30:03] <that0n3guy> ha... Ok.[21:30:44] <that0n3guy> they sit at online* for a little bit then go back into maintenance mode[21:48:04] *** ipalreadytaken has quit IRC[21:48:35] *** ipalreadytaken has joined #project-FiFo[21:51:05] <MerlinDMC> *cough* /var/svc/log/ *cough*[21:52:49] *** ipalreadytaken has quit IRC[21:59:35] <that0n3guy> I rebooted... now they stay online...[22:01:05] <that0n3guy> but they won't stink'n see my hypervisor throught admin net... only through my external...[22:07:04] <that0n3guy> well... I think I give up. I can't get fifo to work unless I open smartos up... (complete disable ipf).[22:12:30] *** jim80net has joined #project-FiFo[22:12:36] *** ipalreadytaken has joined #project-FiFo[22:22:19] <Licenser> that0n3guy have you opened the ports from the networking page?[22:23:07] <that0n3guy> on my internatl network (10.0.0.1-10.0.0.240) all the ports are open[22:23:26] <Licenser> and the fifo zone has one or two networks connected?[22:23:35] <that0n3guy> two[22:23:56] <that0n3guy> net0 is primary and is external (to the world). net1 is internal 10.0.0.1[22:24:19] <that0n3guy> I don't have ipfilter enabled on the fifo zone... only on hypervisor[22:25:13] <that0n3guy> I can get fifo to see my hypervisor when I disable hypervisor's ipfilter... but ipmon shows the traffic going through external.. not internal[22:27:09] <that0n3guy> Licenser: I went through the problem checklist. There must be something wrong w/ my ipf... but I don't see it[22:28:06] <that0n3guy> my previous statement is 2 different ideas.... the problem checklist showed everything fine.[22:28:57] <bayoda> that0n3guy - do you have the complete box open to the world - means the hypervisor is available through ipf[22:31:07] <that0n3guy> bayoda, I'm not sure I understand. My hypervisor has nicstags (admin, this is my internal ip... and outside... this is my external ip).. my fifo zone within that hypervisor has 2 nics as well... one internal one exteral. my ipf on hypervisor should be open to all 10.1.1.0/24 traffic[22:33:42] <bayoda> basically not too good idea IMHO - better create a routing / nating zone - with one nic connected to the outside world - that routes all traffic through that zone - to an internal nic - that sits on top of an etherstub (1) - where behind you have the other zones ...[22:34:39] <bayoda> the ipf thing in GZ is nice - but wouldn't play well - with kvm for example[22:35:52] <bayoda> you can dedicate a hardware nic to a zone (the external one) - and route all traffic with VRRP enabled across this zone[22:38:34] <bayoda> http://sunaytripathi.files.wordpress.com/2010/03/crossbow_workshop_fig1b.gif[22:38:47] <bayoda> this declares perfect what i mean[22:39:04] <that0n3guy> bayoda: perfect... I was just typign all that up to see if I understood[22:39:33] <that0n3guy> what is "client"?[22:39:35] <bayoda> but instead of vnic6 - you just use - the possibility to assign a physical nic to a zone[22:39:40] *** ipalreadytaken has quit IRC[22:40:08] *** ipalreadytaken has joined #project-FiFo[22:40:15] <bayoda> forget about client - let client be the World Wide Wait[22:40:27] <that0n3guy> k[22:41:55] <bayoda> http://docs.oracle.com/cd/E37707_01/html/E29665/figures/S11_EtherStub_NAT.png[22:42:04] <bayoda> this is another mor complicated layout[22:42:40] <that0n3guy> is a vrouter simply a zone w/ a firewall/denyhost on it?[22:42:48] <bayoda> yes[22:43:09] <bayoda> for example i used in a customer setup pfsense[22:43:14] <that0n3guy> is there a nice image for something like that?[22:43:15] <bayoda> kvm[22:44:51] *** ipalreadytaken has quit IRC[22:45:01] <that0n3guy> I like the pictures... they help big time :)[22:45:06] <bayoda> just fire u http://wiki.smartos.org/display/DOC/Managing+NICs[22:45:12] <bayoda> this helps a lot[22:45:25] <bayoda> Exposing Additional NICs in VMs[22:45:51] <bayoda> then you need some magic Adding VRRP nics to VMs[22:46:10] <that0n3guy> Yeah, I read that over serveral times... my issue was trying to separate admin interface from outside if hypervisor had both and zone had both[22:48:01] <bayoda> the hypervisor should have one IP - reachable from admin network ;-)[22:48:14] <that0n3guy> I've never messed w/ VRRP[22:49:00] <bayoda> there's a nice blogpost that may help[22:49:01] <bayoda> http://be.groovie.org/2012/09/17/trying_out_smartos_and_openindiana.html[22:49:41] <bayoda> and[22:49:42] <bayoda> http://be.groovie.org/2012/09/16/build_a_smartos_server.html[22:50:53] <that0n3guy> sweet... thanks[22:52:11] <that0n3guy> so next question is, how do you create a KVM zone via an install like an ISO[22:52:12] <bayoda> it works - but if you have the possibility - use a small box as physical firewall ;-)[22:52:22] <bayoda> pfsense on a box[22:52:29] <bayoda> for example[23:03:24] <that0n3guy> bayoda: quick question, if running pfsense as router... do I need to block the vnc port on hypervisor or something weird like that?[23:04:02] <bayoda> do you have 2 physical nics or one?[23:05:00] <bayoda> to work correctly you need two - never tried such a setup just with one[23:07:11] <that0n3guy> I have 2, but one will eventually be hooked into my datacenter for private NFS access for backups.[23:08:07] <bayoda> so one should go to the ISP - and one should go to a phys. switch[23:08:56] <that0n3guy> I think so, I havent' asked them how they are doing it just yet. I know at the moment I only have 1 hooked up[23:09:18] <that0n3guy> by "private" I mean private to the datacenter... not just to me[23:11:07] <bayoda> i did not really catch the goal you try to achieve[23:11:25] <that0n3guy> ha, I'm confused as well.[23:11:48] <bayoda> this box should be firewall / router - and hosting services (fifo / webservers / zabbix etc)[23:12:06] <that0n3guy> yes[23:12:11] <bayoda> and all the trafic should flow to a switch too[23:12:37] <that0n3guy> a physical switch?[23:12:40] <that0n3guy> that I don't know[23:12:42] <bayoda> where other hw is connected[23:12:51] <bayoda> maybe you should clarify before :D[23:12:59] <that0n3guy> ha, yup[23:13:37] <that0n3guy> the networking w/ smartos seems to be more complicated than xenserver (thats what I've used in the past)[23:13:44] <that0n3guy> :)[23:14:44] <bayoda> maybe - but you have all the power of smartos and solaris / zfs etc and can easily build a network / cloud in a box[23:14:53] <that0n3guy> yup[23:15:09] <bayoda> it's not too complicated if you understand the basic concepts[23:15:18] <that0n3guy> Yeah... getting there[23:15:43] <bayoda> need just some training[23:15:52] <bayoda> try and error . ;-)[23:15:56] <that0n3guy> ha[23:16:10] <bayoda> but start simple.[23:16:26] <bayoda> just smartos - with a zone ...[23:16:36] <that0n3guy> I have another wrench to throw in. I have a KVM machine I will be moving over that will not be behind the vrouter since it has its own firewall built in[23:16:41] <bayoda> one physical nic - one vnic inside that zone and an etherstub[23:17:14] <that0n3guy> it will have its own external IP[23:17:35] <that0n3guy> I'll have to mess w/ what your talking about and get back you I think.[23:17:37] <that0n3guy> :)[23:17:49] <that0n3guy> thanks for all your help.... my head feels clearer[23:17:50] <that0n3guy> ha[23:18:22] <bayoda> additional - kvm - with own firewall[23:18:37] <bayoda> possible but not easily to manage such setups[23:19:43] <that0n3guy> I'll have to draw up a diagram and play around and see what you think on a later date[23:20:39] <that0n3guy> I figured if my additional kvm has its own IP and no nictag of "admin" it would be separated from the rest[23:21:21] <bayoda> you have 2 nics - one admin - one external[23:21:39] <bayoda> admin is normally and in an easy to manage setup on a vlan[23:21:46] <bayoda> external too[23:22:06] <bayoda> ah mean external not[23:23:44] <bayoda> external hw-nic - goes to the router zone (what ever firewall tool you use there - zone or pfsense) - the vnic - goes to an "etherstub" (which is a vswitch) - where you can assign as many vnics as you like[23:36:04] -msg- [sniffle] Licenser pushed 1 new commit to dev: http://git.io/Sdwh7Q[23:36:04] -msg- sniffle/dev 56dc9ff Heinz N. Gies: Merge branch 'test' into dev[23:59:14] *** ipalreadytaken has joined #project-FiFo