[00:00:10] <rmustacc> bradleymeck: That work for you? [00:00:17] <bradleymeck> kind of [00:00:24] <antimatterian> are "admin" and "external" the only valid nic_tags? i'm trying to add a nic to use within a vm... figured i should be able to pick my own tag... shows with my set tag in sysinfo. vm isn't seeing it [00:00:54] <rmustacc> antimatterian: No, you can add your own. [00:01:15] <antimatterian> rmustacc: thanks for the confirmation. i'll keep at it then [00:01:34] <bradleymeck> using LD_PRELOAD im seeing ld.so.1: a.out: fatal: relocation error: file ~/interposed/fixtures/nix.so: symbol dprintf: referenced symbol not found [00:01:34] <rmustacc> http://wiki.smartos.org/display/DOC/Managing+NICs [00:01:58] <rmustacc> The only line you need to add to create the nic tag is something like 'storage_nic' in the example. [00:02:07] <rmustacc> bradleymeck: Why are you using LD_PRELOAD? [00:03:07] <bradleymeck> to try and log what port an executable listens on, dtrace wont give port and address since listen only takes a fd and you cant invoke getsockname [00:03:33] <rmustacc> You need it during a link? [00:03:45] <bradleymeck> no, at runtime [00:04:03] <bradleymeck> trying to follow http://dsc.sun.com/solaris/articles/linker.html [00:04:29] <rmustacc> You're looking to log it as it happens or just inspect? [00:04:34] <rmustacc> Because you can just pfiles for the latter. [00:04:46] <rmustacc> And if you're on SmartOS just use DTrace from the global zone to get the former. [00:05:14] <bradleymeck> log as it happens [00:05:43] <bradleymeck> want to pipe it to a fd if you want to get complete about my wants/desires [00:06:24] <richlowe> bradleymeck: what do you expect dprintf to resolve to, there? [00:07:04] <richlowe> the dprintf in the node executable is local. [00:07:04] <bradleymeck> http://linux.die.net/man/3/dprintf , posix 2008 compliant thing [00:07:42] <bradleymeck> i want it to defer to the non-interposed dprintf [00:07:48] <bradleymeck> since i don't override it [00:08:27] <richlowe> pretty sure that doesn't exist on smartos [00:08:28] *** antimatterian has quit IRC [00:08:39] *** bluezenix1 has joined #smartos [00:08:54] <richlowe> can't easily check currently, presumably rmustacc can(?) [00:09:40] <rmustacc> Yeah, it's not in our libc. [00:09:52] <rmustacc> Or in illumos. [00:09:52] *** bluezenix has quit IRC [00:10:07] <rmustacc> You can verify it with a simple test program. [00:10:36] <rmustacc> If you want the linker to pick it up for a shared object you need some extra flags. [00:10:56] <bradleymeck> i can try moving it to sprintf and write i guess [00:12:01] *** bluezenix has joined #smartos [00:12:42] *** khushildep has quit IRC [00:13:20] *** bluezenix1 has quit IRC [00:14:43] <bradleymeck> rmustacc++ moving to sprintf and write worked [00:15:54] <rmustacc> Sorry, our POSIX 2008 support isn't complete. [00:16:20] <bradleymeck> rmustacc: no worries :) [00:16:32] <bradleymeck> most of posix2008 is just to make some stuff streamlined [00:16:37] *** ipalreadytaken has quit IRC [00:18:51] *** alpharender has joined #smartos [00:19:41] *** bradleymeck has quit IRC [00:22:29] *** dumfries has quit IRC [00:22:36] *** szaydel has quit IRC [00:23:29] *** khushildep has joined #smartos [00:23:49] *** dumfries has joined #smartos [00:27:40] *** denizr has joined #smartos [00:35:33] <khushildep> can I ask a quick pkg_create question? if I'm trying to set a POST-INSTALL script, should I use -P or -I to pass in it's path? [00:35:50] <khushildep> the pkg_create for bsd seems different in switch terms from the one in smartos? [00:37:49] *** szaydel has joined #smartos [00:43:00] *** jelmd has quit IRC [00:49:56] *** antimatterian has joined #smartos [00:52:01] *** bluezenix has quit IRC [00:52:46] <antimatterian> any suggestions on what to do with: "dladm: vnic creation over rge0 failed: MAC address reserved for use by underlying data-link" [00:53:11] *** CarlosC has quit IRC [00:54:53] <antimatterian> i added a new phys nic and gave it a tag; then used "add_nics" to add it to a kvm. the vm won't start and that's the message in the zone log [00:59:45] *** deirdres has quit IRC [01:01:15] *** ipalreadytaken has joined #smartos [01:05:50] *** ivan\ has quit IRC [01:05:57] *** antimatt1rian has joined #smartos [01:06:09] *** alpharender has quit IRC [01:06:09] <jesse_> guess: you gave the real mac of the interface as mac in the add_nics [01:06:16] <antimatt1rian> for prosterity: it was a configuration error [01:06:54] <antimatt1rian> i didn't let the vnic creation pick a mac before using it in updateing the config [01:07:01] *** jelmd has joined #smartos [01:07:02] <antimatt1rian> so it was using the real mac [01:07:11] <jesse_> ...like I guesssed=) [01:07:21] <antimatt1rian> ahh yes, just saw that ;-) [01:07:42] <antimatt1rian> the vm is my router... so messing with it is making irc difficult [01:07:54] *** psanford has quit IRC [01:08:00] *** ivan\ has joined #smartos [01:08:28] *** antimatterian has quit IRC [01:09:19] *** denizr has quit IRC [01:11:12] *** denizr has joined #smartos [01:12:33] *** tonyarkles has quit IRC [01:13:43] *** bixu has joined #smartos [01:14:57] <bixu> vmadm is core dumping for me: https://gist.github.com/bixu/5201329 [01:15:03] <bixu> How can I best trace it? [01:15:36] <antimatt1rian> bixu: most of the time it coredumps because of my malformed json. not sure how to trace it though [01:15:47] <bixu> Okay - maybe that's my issue. [01:16:01] <antimatt1rian> sometimes it's the commas [01:16:30] <bixu> And you are correct. [01:16:37] <bixu> I had a stray comma. [01:16:44] <antimatt1rian> :-) [01:20:43] *** ipalreadytaken has quit IRC [01:22:38] *** antimatt1rian has quit IRC [01:37:54] *** d[^_^]b_ has joined #smartos [01:37:54] *** d[^_^]b has quit IRC [01:40:26] *** denizr has quit IRC [01:40:44] *** antimatterian has joined #smartos [01:46:38] *** denizr has joined #smartos [01:55:39] *** szaydel has quit IRC [01:56:08] <bixu> Problem #2...I'm trying to get twemproxy to build on SmartOS. [01:57:28] <bixu> I get this error: configure: error: required sys/epoll.h header file is missing [01:57:49] <bixu> I think that perhaps the source for twemproxy doesn't know about eventports? [01:58:15] <antimatterian> i think epoll is linux specific. sounds like twemproxy doesn't know how to detect solaris to change build conditions [01:58:50] <bixu> That's what I'm thinking. Looking for configure flags that might help. [01:58:57] <antimatterian> since you're running a virtualization os, i'd recommend installing twemproxy in a vm of the os it's designed to work with [01:59:21] <antimatterian> i know there are nice debian packages available with imgadm [01:59:44] <antimatterian> imgadm avail | grep debian [01:59:57] <bixu> Well, I actually want to run twemproxy on all my app servers in production, which are all smartos. [02:00:13] <bixu> I'd agree if I was doing a dedicated machine. [02:00:33] *** szaydel has joined #smartos [02:02:14] <jesse_> kvm machine will be a lot slower than a zone [02:02:31] <LeftWing> bixu: https://github.com/joyent/smartos-live/commit/cd845b7 # that one ought to be fixed in the 21-MAR build. [02:02:36] <bixu> jesse_: I'm also concerned about that. [02:02:56] <jesse_> especially with IO [02:03:23] <bixu> LeftWing: I'm just doing lab work right now, but that's good info. [02:03:28] <jesse_> LeftWing to the rescue [02:14:49] *** khushildep has quit IRC [02:19:35] *** dap has quit IRC [02:23:20] *** xmerlin has quit IRC [02:34:08] *** psanford has joined #smartos [02:35:56] *** antimatterian has quit IRC [02:36:01] *** sheppard_ is now known as sheppard [02:36:39] *** xmerlin has joined #smartos [02:39:39] *** ira has quit IRC [02:50:48] *** alpharender has joined #smartos [02:53:15] *** wolstena has quit IRC [03:01:43] *** bixu has quit IRC [03:02:12] *** szaydel has quit IRC [03:03:47] *** szaydel has joined #smartos [03:06:57] *** szaydel has quit IRC [03:08:43] *** ira has joined #smartos [03:35:17] *** ira has quit IRC [03:37:31] *** axonpoet has quit IRC [03:40:53] *** miine has quit IRC [03:46:09] *** miine has joined #smartos [03:47:01] *** danielwu has joined #smartos [03:47:32] *** danielwu has joined #smartos [03:52:23] *** psanford has quit IRC [03:56:13] *** Kireji has joined #smartos [03:57:05] <Kireji> our server is getting a super annoying attack from one IP address in the phillipines for weeks now. where can we read more about firewalling or blocking individual ip addresses? [04:00:12] <jelmd> check ipfilter [04:10:59] *** rbrown__ has joined #smartos [04:11:17] <rbrown__> how can I tell my processor type on sparc os? ala linux /proc/cpuinfo ? [04:11:34] <rmustacc> SmartOS doesn't run on sparc. [04:11:47] <rmustacc> But assuming you mean on an illumos system, the easiest way would be to use psrinfo -vp [04:13:27] *** ikwildrp1pper has joined #smartos [04:13:36] *** tonyarkles has joined #smartos [04:13:48] *** ikwildrpepper has quit IRC [04:16:09] *** haydock_ has quit IRC [04:19:07] <rmustacc> rbrown__: That answer your question? [04:19:12] <rmustacc> Or did you want to know something else? [04:19:19] <rbrown__> yes thanks rmustacc [04:21:05] *** papertigers has quit IRC [04:58:51] <jesse_> psrinfo -v on sol9 [04:58:55] <jesse_> doesn't know of -p [05:02:24] <jelmd> an sol1.4 doesn't know psrinfo ... [05:03:10] <jesse_> 1.4? [05:06:53] <jelmd> sunos 4.1.4 (was something like sol1.x - not sure about x) ;-) [05:08:47] *** dysinger has quit IRC [05:12:54] <wesolows> there was no solaris 1. that's just what they retroactively named sunos 4 after solaris shipped [05:13:07] <LeftWing> Indeed. [05:13:17] <LeftWing> History is written by the victors, and all that. [05:13:28] <sheppard> lol [05:13:35] <wesolows> but utsname is written by the engineers [05:13:47] <LeftWing> So true. [05:14:31] <jelmd> I'm not 100% sure, but I think there were some CD bags labeled Solaris 1.x ... [05:15:44] <wesolows> CD? you mean QIC-150? [05:16:57] <jelmd> In early days DAT tapes, yes. Later I think CDs (but that's a long time ago :)) [05:20:51] <jelmd> Hmm, thought I've some in my archive, but the oldest stuff there is Sol2.4 and Sol7 src CDs ;-) [05:24:32] <jesse_> ...I have a sol7 client box, unopened, still somewhere... [05:24:44] <jesse_> uh. make that workstation [05:26:59] <jelmd> hah: http://www.memoryxsun.com/ssos1121.html [05:27:57] <jesse_> hmmm [05:28:05] <jesse_> I've seen that box somewhere, too... [05:28:35] <jesse_> but I thought that place ever ran only 2.4 [05:41:13] *** dysinger has joined #smartos [05:48:08] *** sachinsharma has joined #smartos [06:01:20] *** danielwu has quit IRC [06:06:49] *** tonyarkles has quit IRC [06:09:23] *** leecallen has quit IRC [06:09:39] *** leecallen has joined #smartos [06:42:34] *** nefilim has quit IRC [06:43:04] *** alpharender has quit IRC [06:46:30] *** wolfeidau has quit IRC [07:05:08] *** wolfeidau has joined #smartos [07:09:06] *** Daemonik has joined #smartos [07:09:27] <Daemonik> What is the SmartOS way to set an interface's MTU to 9000? [07:15:44] *** wramthun has quit IRC [07:27:59] *** Daemonik has quit IRC [07:28:49] <MerlinDMC> morning / hello [07:37:37] *** ipalreadytaken has joined #smartos [07:49:05] *** denizr has quit IRC [07:49:31] *** porkbelt_ has joined #smartos [07:50:26] *** porkbelt has quit IRC [07:50:27] *** porkbelt_ is now known as porkbelt [08:00:34] *** Daemonik has joined #smartos [08:10:30] *** miine has quit IRC [08:10:45] *** miine has joined #smartos [08:21:01] *** texarcana has quit IRC [08:22:21] *** texarcana has joined #smartos [08:31:19] *** bens1 has joined #smartos [08:45:16] *** ipalreadytaken has quit IRC [09:04:33] *** dysinger has quit IRC [09:06:08] *** mamash has joined #smartos [09:09:05] *** alucardX has joined #smartos [09:10:28] *** dysinger has joined #smartos [09:13:56] *** bluezenix has joined #smartos [09:22:21] *** ikwildrp1pper is now known as ikwildrpepper [09:25:34] *** alcir has joined #smartos [09:27:02] *** alcir has quit IRC [09:28:20] *** alcir has joined #smartos [09:43:33] *** darjeeling has quit IRC [09:45:12] *** cwo has joined #smartos [09:53:03] *** bluezenix has quit IRC [09:55:48] *** cwo has quit IRC [10:00:27] *** xmerlin has quit IRC [10:13:20] *** dysinger has quit IRC [10:17:39] *** sachinsharma has quit IRC [10:22:02] *** sachinsharma has joined #smartos [10:49:58] *** ktkNA is now known as ktk [10:52:30] *** khushildep has joined #smartos [11:28:33] *** darjeeling has joined #smartos [11:34:02] *** andoriyu has joined #smartos [11:34:41] <andoriyu> hey, is it possible to change disk mode on machine that already created? [11:38:11] <MerlinDMC> what is a "disk mode"? [11:38:45] *** Daemonik has quit IRC [11:39:38] <andoriyu> I created kvm guest with "ide" disk, now, after I want to switch it to "virtio" [11:56:15] <scarcry> andoriyu: look for disks.*.model in vmadm(1m) IIRC [11:59:35] *** andoriyu has quit IRC [12:01:14] *** alpharender has joined #smartos [12:15:21] *** alpharender has quit IRC [12:25:20] *** mgt576 has joined #smartos [12:33:45] *** ira has joined #smartos [12:36:44] *** mgt576 has quit IRC [12:37:07] *** szaydel has joined #smartos [12:39:14] *** bens1 has quit IRC [12:44:01] *** avrntsv has joined #smartos [13:01:26] *** darjeeling has quit IRC [13:05:54] *** KermitTheFragger has joined #smartos [13:11:04] *** sachinsharma has quit IRC [13:18:40] *** theup has joined #smartos [13:28:02] *** texarcana has quit IRC [13:34:41] *** alpharender has joined #smartos [13:39:11] *** ira has quit IRC [13:41:38] *** alpharender has quit IRC [13:42:22] *** olafm has quit IRC [13:45:53] <theup> Hi everyone. I was wondering if there's anyone here who could help me out with configuring a smartos zone to authenticate against apache DS. Can't seem to get it to work myself [13:48:10] *** olafm has joined #smartos [13:55:01] *** calmh has quit IRC [13:58:13] *** olafm has quit IRC [14:00:45] *** olafm has joined #smartos [14:02:43] *** olafm has joined #smartos [14:03:15] *** olafm has quit IRC [14:03:24] *** olafm has joined #smartos [14:06:42] <olafm> blist [14:08:18] *** calmh has joined #smartos [14:16:34] *** denizr has joined #smartos [14:19:20] *** jim80net has joined #smartos [14:24:37] *** kamilr has joined #smartos [14:24:39] <kamilr> hi there [14:25:08] <kamilr> how can i check if smartos has vlan configured ? except the usbkey/config [14:43:52] *** Peitolm has joined #smartos [14:48:08] *** denizr has quit IRC [14:48:26] *** denizr has joined #smartos [14:49:54] <wesolows> see the man page for dladm [14:50:06] <wesolows> it can tell you about configured vnics etc [14:50:33] <kamilr> vnic, but i'm interested in igb0 [14:50:38] <kamilr> the main admin interface [14:50:53] <kamilr> hm.. [14:50:58] <kamilr> can you tell me [14:51:04] <kamilr> admin_vlan_id [14:51:13] <wesolows> I didn't think it was possible to put the admin nic on a vlan. [14:51:19] <kamilr> it defines the vlan for igb0 [14:51:20] <wesolows> perhaps I'm mistaken though. [14:51:35] <kamilr> or it defines vlan only for vm on that interface ? [14:52:01] <kamilr> http://wiki.smartos.org/display/DOC/Managing+NICs [14:52:40] <kamilr> here is configured like storage0_vlan_id=128 [14:53:28] <wesolows> this creates "nic tags" for vnics constructed around a physical nic and vlan pair. that can then be used to create vnics for each zone. [14:53:43] <wesolows> I'm not really sure what you're trying to do, sorry. [14:54:48] <kamilr> i'm trying to configure the main nic igb0 which is admin nic in VLAN 100 [14:55:13] *** neophenix has joined #smartos [14:55:16] <kamilr> and i'm almost sure that admin_vlan_id doesn't work [14:55:42] *** denizr has left #smartos [14:56:12] <wesolows> I would expect that it does not. As I said, I don't believe it's possible to create the 'admin' nic tag on a vlan. [14:56:22] <wesolows> certainly with SDC it is not. [14:57:04] <kamilr> and others nic's except admin and external can be configured in vlan ? [14:57:15] <wesolows> external can as well [14:57:20] <wesolows> any except admin should work [14:57:33] <kamilr> i see :-) [14:57:38] <kamilr> Thanks mate:-) [14:58:09] <wesolows> np [15:05:03] <aszeszo> hi all, is there a way to configure vnic in a way that is has access to all vlans available on the real physical interface? [15:06:34] <aszeszo> i would basically like to have access to all tagged vlans from inside KVM VM [15:06:45] <aszeszo> only using single vnic [15:08:24] <wesolows> what do you mean by access? it's generally possible to use dlpi to read raw packets off the wire regardless of tag on an untagged interface [15:12:11] *** theup has left #smartos [15:13:00] <aszeszo> let's say I have 100 vlans, each has got its own /24 subnet assigned [15:13:51] <aszeszo> i would like to be able to be able to assign an ip in each subnet inside a linux VM [15:14:00] *** olafm has quit IRC [15:14:24] <aszeszo> single linux VM [15:14:32] <wesolows> I don't know of a way to do that, sorry. doesn't mean there isn't one. [15:15:02] *** olafm has joined #smartos [15:16:09] *** alcir has quit IRC [15:16:24] <aszeszo> creating one vnic per vlan would work but there is qemu virtual NIC limit which is less than 100 [15:19:46] *** alcir has joined #smartos [15:21:35] *** bens1 has joined #smartos [15:27:28] *** ira has joined #smartos [15:30:43] <olafm> otr [15:31:03] <olafm> Grr, ignore my mistyping [15:31:07] <wesolows> olafm: are you the IRC equivalent of a numbers station? [15:31:13] <wesolows> oh ok [15:31:15] <jesse_> 5 6 8 5 [15:31:19] <olafm> wesolows: I wish :) [15:31:33] *** nefilim has joined #smartos [15:32:01] *** nefilim has quit IRC [15:45:32] *** siezer has joined #smartos [15:46:30] <rmustacc> aszeszo: You're going to have to do that kind of thing at the switch. [15:47:01] *** nefilim has joined #smartos [15:49:51] <rmustacc> qemu has a limit, iirc, of 10 vnics. [15:51:59] <ira> Is 1.6.3 (01b2c898-945f-11e1-a523-af1afbe22822) still the base zone for build zones? [15:52:14] <ira> pardon, dataset ;) [15:53:16] <rmustacc> Yes [15:53:25] <nahamu> there have been neither changes to the wiki page, nor email to the mailing list indicating otherwise. are you having a build failure? [15:54:04] <ira> No, I was asking before I start merging up etc… (I freezed my build setup ~4-5 months ago.) [15:54:30] <ira> And because there's no announcments doesn't mean when I pull, I won't pull something I didn't expect :) [15:54:59] <nahamu> rmustacc has been pretty diligent about announcing flag days for the build process. [15:55:00] <wesolows> when we move to multilib, it'll be a big deal [15:55:04] *** nefilim has quit IRC [15:56:20] *** while1eq1 has quit IRC [15:56:21] *** while1eq1 has joined #smartos [15:56:35] <ira> nahamu: Agreed. [15:57:03] <ira> There can be a 1-2 day lag I've noted… (Which I am FAR from complaining about… but..) [15:57:11] *** tonyarkles has joined #smartos [16:03:15] <jesse_> rmustacc is just giving you two-day chance to discover the changes on your own! [16:03:57] *** nefilim has joined #smartos [16:06:00] *** nefilim has quit IRC [16:06:39] <ira> jesse_: And while I enjoy a good challenge as much as the next guy. I have enough of them when I do merges ;) [16:06:48] <nahamu> The only problem I've had was tripping over an actual bug in code that had been pushed but wasn't part of an actual release. [16:07:06] <jesse_> ira, =) [16:07:15] <nahamu> And after I reported it, it was fixed within a day, I think. [16:07:39] <nahamu> So if you want to be cautious, you could merge a release branch [16:08:33] <ira> I'll end up merging now, and then re-merging a few times quickly usuallly. We'll see. [16:09:02] <rmustacc> Any flag day about the build I send out to the smartos list directly. [16:09:15] <ira> Thanks. :) [16:09:16] <rmustacc> That's the only way anyone at Joyent can find out. ;) [16:10:23] <rmustacc> That said, expect a flag day in a couple days. ;) [16:10:36] <ira> I'll hold my merge ;) [16:10:47] <rmustacc> I wouldn't do that. [16:10:52] <rmustacc> This shouldn't effect anything you have. [16:11:11] <rmustacc> Just designed to take care of a few things to finish off the fake subset. [16:11:17] <rmustacc> There have been a few things like that in the past couple days. [16:11:17] <ira> Huzzah. [16:11:33] <MerlinDMC> Flag day what? [16:11:44] <rmustacc> MerlinDMC: Nothing's happened yet, it'sfine. [16:11:45] <rmustacc> *it's fine [16:11:46] <MerlinDMC> completely getting rid of fake-subset? :) [16:12:10] <rmustacc> Not the upcoming one (but it helps) [16:12:44] <jesse_> what is in the fake-subset, anyway? some tools or binary-only object files? [16:13:02] <rmustacc> Just some tools and files that are expected to be in exactly one place by the build by default. [16:13:14] <jesse_> ah, ok. [16:14:00] <MerlinDMC> I'll spin up the first production smartos machine here in the next two weeks ... getting rid of the xen hosts :) [16:14:47] <MerlinDMC> will be so much more fun to work with *g* [16:24:45] *** tonyarkles has quit IRC [16:28:45] *** dap has joined #smartos [16:33:26] *** solong has joined #smartos [16:36:34] <kamilr> Is there difference if i set "dhcp_server" : true AND "dhcp_server": "true" ?? [16:37:20] *** tonyarkles has joined #smartos [16:38:41] *** mamash has left #smartos [16:38:46] *** nefilim has joined #smartos [16:39:07] *** nefilim has quit IRC [16:39:30] *** nefilim has joined #smartos [16:44:34] <kamilr> what should i do to run dhcp server on KVM ? [16:44:53] <kamilr> i set up dhcp_server and allow_dhcp_spoofing [16:45:02] <kamilr> but dhcp want assing any ip [16:45:39] <linuxprof> "allow_restricted_traffic": "1" might be needed [16:45:48] <linuxprof> i have that on the machine that i use as dhcp server [16:47:09] <jesse_> linkprops have "dhcp-nospoof", you probably need to turn that off, too [16:47:22] <jesse_> can't remember what the name of it was in json [16:47:31] <jesse_> (dhcp-nospoof, maybe?) [16:47:42] <linuxprof> allow_dhcp_spoofing [16:48:07] <jesse_> oh, it's that [16:48:20] <linuxprof> must be =) [16:48:41] <linuxprof> i have that, allow_ip_spoofing and allow_restricted_traffic. works like a charm. [16:49:03] <linuxprof> allow restricted traffic is for allowing routing I think, cant remember [16:49:06] <jesse_> allow_restricted_traffic must map to "restricted" [16:49:10] <linuxprof> or maybe NAT [16:49:13] *** szaydel has quit IRC [16:51:02] *** nefilim1 has joined #smartos [16:52:11] <jesse_> http://zerg.erlangonxen.org [16:52:19] <jesse_> I wonder if smartos/zone is faster [16:53:05] <kamilr> WOW [16:53:13] <kamilr> 300 sec to lauch [16:53:27] <kamilr> in smartos it takes for me about 20 sec [16:54:34] <jperkin> if all you care about is one-shot applications then rump can do that even faster ;) [16:54:41] <jperkin> but they aren't generally useful [16:56:16] <kamilr> linuxprof: should i enter "allow_restricted_traffic": "1" OR "allow_restricted_traffic": true ??? Is there difference ? [16:56:26] *** axonpoet has joined #smartos [16:56:39] <linuxprof> it's the same thing, at least as far as i know =) [16:58:59] <kamilr> dhcp is still not working :-( [16:59:04] <kamilr> i don't get it [16:59:05] *** CarlosC has joined #smartos [16:59:11] *** szaydel has joined #smartos [17:00:17] <kamilr> "dhcp_server": "1", [17:00:17] <kamilr> "allow_dhcp_spoofing": "1", [17:00:17] <kamilr> "allow_restricted_traffic": "1" [17:00:22] <kamilr> i have those options [17:00:43] <kamilr> forgot anythink? [17:00:46] *** nefilim1 has quit IRC [17:01:26] <nahamu> kamilr: dhcp server or client? [17:01:35] <kamilr> nahamu: server [17:01:51] <kamilr> client has only "ip":"dhcp" [17:02:18] *** alucardX has quit IRC [17:02:18] <nahamu> "allow_dhcp_spoofing": true [17:02:24] *** nefilim1 has joined #smartos [17:02:41] <nahamu> that's what our dhcp server zones have. [17:02:57] <kamilr> only that ? [17:03:11] <nahamu> looks like it. let me double check what the running zone thinks is set... [17:04:00] <nahamu> yeah, only that. but it's running on a pretty old platform. [17:04:29] <nahamu> (and we're not using vlans) [17:04:41] <kamilr> i am [17:04:49] <kamilr> but it was all working [17:05:01] <kamilr> i had DHCP server on VMware [17:05:10] *** darjeeling has joined #smartos [17:05:10] <kamilr> but i decided to move it to smartos [17:05:19] <kamilr> and since then, it doesnt work [17:07:43] *** andoriyu has joined #smartos [17:08:48] *** avrntsv has quit IRC [17:09:58] <kamilr> in dhcp server logs i see DHCP OFFERS [17:10:13] <kamilr> but i think that those offers are not goiing out [17:10:23] <kamilr> can i somehow debug it from global zone? [17:11:11] *** alcir has quit IRC [17:12:35] <jesse_> dladm show-linkprop -p protection -z <uuid> [17:13:02] <jesse_> shows current values of the zone for ethernets [17:13:45] <kamilr> [root@c8-0a-a9-33-05-94 ~]# dladm show-linkprop -p protection -z 98286a07-be32-46a2-88b5-89b85c5f8794 [17:13:45] <kamilr> LINK PROPERTY PERM VALUE DEFAULT POSSIBLE [17:13:45] <kamilr> net0 protection rw mac-nospoof, -- mac-nospoof, [17:13:45] <kamilr> restricted restricted, [17:13:45] <kamilr> ip-nospoof, [17:13:46] <kamilr> dhcp-nospoof [17:14:07] <jesse_> you still have restricted on [17:14:29] <jesse_> "allow_restricted_traffic": "1" didn't work [17:14:58] <kamilr> it's question? [17:16:01] <jesse_> statement [17:16:18] *** mikl has quit IRC [17:16:44] <linuxprof> doesnt that mean that restricted traffic IS possible? [17:16:51] <linuxprof> mine looks the same =) [17:16:58] <linuxprof> and my dhcp server works [17:17:19] <kamilr> gr8 [17:17:42] <kamilr> allow_restricted i think has nothing to do [17:17:53] <kamilr> because its for non ipv4 ipv6 traffic [17:18:06] <kamilr> dhcp is ipv4 for me [17:18:10] *** mikl has joined #smartos [17:18:21] <linuxprof> ah, right [17:20:09] *** dysinger has joined #smartos [17:21:06] <kamilr> linuxprof: can you give your output from dladm show-linkprop -p protection -z DHCP_SERVER ? [17:21:16] <linuxprof> yeah [17:21:42] <linuxprof> http://pastebin.com/89f0TdHL [17:22:07] <jesse_> linuxprof, you have restricted off? [17:22:12] <linuxprof> nope [17:22:34] <linuxprof> "allow_restricted_traffic": "1" <- from vmadm get [17:22:55] *** calmh has quit IRC [17:23:10] <jesse_> like I said [17:23:25] <jesse_> you allow restricted <-> restricted is off [17:23:30] *** elijah-mbp has joined #smartos [17:23:42] <linuxprof> ehm. yes then? sorry, im a bit tired :) [17:23:43] <jesse_> is you look at kamilr's props, he has mac-nospoof and restricted on [17:23:54] <jesse_> your has only mac-nospoof [17:24:55] <linuxprof> ah, right [17:25:04] <linuxprof> was looking at the wrong table O_o [17:26:16] <kamilr> ok, now i have turned on restricted and have same output like linuxprof [17:27:19] <jesse_> ...does it work? [17:27:44] <kamilr> same, dhcp says only that he is offering ip [17:28:07] <kamilr> but i dont know if the offer gets out [17:28:16] <kamilr> dont know how to debug it [17:28:20] <kamilr> brb [17:28:25] <jesse_> snoop/tcpdump in the host requesting the ip? [17:29:16] <jesse_> and snoop in GZ should show you the packets, too [17:30:46] *** mamash has joined #smartos [17:33:48] *** kamilr has quit IRC [17:43:00] *** ipalreadytaken has joined #smartos [17:46:25] *** ipalreadytaken has quit IRC [17:47:30] *** ipalreadytaken has joined #smartos [17:47:35] *** AlainODea has joined #smartos [17:49:44] *** mamash has left #smartos [17:51:52] *** ipalreadytaken has quit IRC [17:52:42] *** kamilr has joined #smartos [17:54:19] *** andoriyu_ has joined #smartos [17:58:21] *** andoriyu has quit IRC [18:00:13] <opeth__> oh yeah, I can create version 28 zpools and version 5 datasets in S11.1 that which I can thereafter import and mount on SmartOS [18:00:17] <opeth__> \o/ [18:06:26] *** andoriyu_ has quit IRC [18:06:29] *** danielwu has joined #smartos [18:08:00] *** andoriyu has joined #smartos [18:09:19] *** andoriyu_ has joined #smartos [18:09:44] <kamilr> ok falks, it seems to be VLAN problem [18:09:51] *** leecallen has quit IRC [18:09:58] <kamilr> dhcp works with restricted in the same vlan [18:10:14] <kamilr> so this time i will handle it ;-) [18:10:15] <kamilr> Thank [18:10:22] *** leecallen has joined #smartos [18:12:27] *** ipalreadytaken has joined #smartos [18:13:00] *** andoriyu has quit IRC [18:13:02] <nahamu> kamilr: meaning that the dhcp clients need to be in the same vlan? [18:15:36] <AlainODea> What is the process for keeping pkgsrc.joyent.com up to date? There are packages there that are significantly behind pkgsrc.smartos.org. I have heard there are integration and PATH differences between them. The package I am thinking of particularly is Squid and I am thinking of it because our IT Security Officer pointed out that there are vulnerabilities in 3.1.19. [18:18:26] *** ryancnelson has joined #smartos [18:30:59] <kamilr> naham: for now yes [18:31:30] <kamilr> nahamu: i have to figure out why now it doesnt work in different vlans [18:31:54] *** Cpt-Oblivious has joined #smartos [18:33:06] <rmustacc> AlainODea: pksrc.joyent.com migrated to pksrc.smartos.org, iirc. [18:34:56] *** ryancnelson has quit IRC [18:37:05] *** avrntsv has joined #smartos [18:37:31] <nahamu> kamilr: I thought that was precisely what the vlans are for... isolation... [18:38:22] <kamilr> yes [18:38:44] <kamilr> but on cisco switch i have relay dhcp set up [18:38:59] <kamilr> relay dhcp is in different network and vlan [18:39:13] <kamilr> and it worked until i have moved dhcp server to smartos [18:39:18] <nahamu> ah, Cisco black magic... you're already over my head. :) [18:39:44] <nahamu> (though I'm guessing it's a way to forward a dhcp request from one vlan to a dhcp server on a different vlan) [18:44:15] *** KermitTheFragger has quit IRC [18:44:29] *** nefilim has quit IRC [18:48:14] <AlainODea> rmustacc: good to know. Thank you. I'll read a bit more into jperkin's articles to get a sense of my migration options. [18:48:28] *** ipalreadytaken has quit IRC [18:49:36] <rmustacc> AlainODea: For example the 1.9.x (which may have a bug or two in it) is based on the 2012Q4 datasets which are just now on the *.smartos.org datasets instead. [18:51:13] *** szaydel has quit IRC [18:53:49] <AlainODea> I notice that pkgsrc.smartos.org has SHA512.bz2 in each repo root. That is a very nice touch. Mirroring is now possible. Now I need to find the time to implement verification in pkgsrc... :D [18:57:27] *** szaydel has joined #smartos [19:00:20] *** wolstena has joined #smartos [19:16:33] *** tonyarkles has quit IRC [19:30:52] <sheppard> If I wanted to practice a fault on a zpool [19:30:57] <sheppard> should I detach the device, write some data to it, the add it back to the pool as a spare? [19:31:19] <rmustacc> What failure mode are you trying to mimic? [19:31:31] <rmustacc> disk failure? [19:31:48] <sheppard> yeah that would work [19:31:53] <jperkin> AlainODea: pkgsrc.joyent.com is meant for packages which are part of our published images, whereas pkgsrc.smartos.org is for experimental and non-SDC stuff [19:32:34] <wesolows> the only reliable way to simulate disk failure is with an emulator [19:32:35] <jperkin> the new 2012Q4/base1.9 stuff is on pkgsrc.joyent.com and has the SHA512.bz2 file as it is the first one we've produced using pbulk [19:33:47] <wesolows> basically, disks fail in 3 main ways: (1) I/Os succeed but take hundreds or thousands of milliseconds; (2) some but not necessarily all I/Os fail with various error codes; (3) I/Os never complete (internal firmware reset) [19:34:18] <wesolows> there are other failure modes possible, and some combinations, such as taking a very long time only to return an error [19:35:12] <wesolows> none of these conditions can readily be tested unless you have a programmable disk emulator. You can test some of them by modifying the HBA driver or sd.c. [19:36:48] <wesolows> the nice hypothetical failure mode (a subset of case 2) where you go to do a read or write and that specific I/O immediately fails with EIO is relatively rare. [19:37:13] <wesolows> invariably it will be slow, or time out, or cause task management commands to be issued, disrupting other I/Os in the queue, slowing them down, etc. [19:38:05] *** danielwu has quit IRC [19:38:15] <ira> wesolows: There's no internal framework in illumos for doing such things? [19:39:15] <jesse_> wesolows, don't forget, everything seems to work but there is a bit or two flipped in every block (would that be considered #3?) [19:39:21] <rmustacc> ira: To simulate most of the problematic ones correctly you really want a custom fpga on a sas controller. [19:40:02] <ira> rmustacc: Absolutely, having the real hardware to simulate it is best. [19:40:50] <ira> But I figured someone must have hit this ;) [19:45:35] <wesolows> ira: no, not really. At Sun we talked about making a comstar target that could do it, but I don't know if it ever happened. [19:45:59] <wesolows> It can't really be done in drivers on the host, though some pieces of course can and that would be useful to test higher layers. [19:46:00] *** vsomes_ has left #smartos [19:46:24] <ira> That makes sense. [19:46:37] <wesolows> jesse: Those are relatively rare, and fit into a bucket #4 I'd just call exotics. [19:47:04] <jesse_> wesolows, that's what I mostly encounter [19:47:05] <wesolows> getting the wrong block, getting an offset block, phantom writes, etc. [19:47:09] <wesolows> interesting! [19:48:15] <jesse_> mostly with seagate and wd green disks [19:48:33] <wesolows> perhaps that's less rare than I expected, then. [19:48:36] <jesse_> with opensolaris, sol11 and now with smartos [19:48:59] <jesse_> writes seem to work without error [19:49:01] <wesolows> Of course this could also be something that DIF is intended to solve [19:49:17] <jesse_> but the problems are either read errors or crc errors [19:49:38] <jesse_> smartos is not really good with reporting the errors, though [19:49:48] <rmustacc> I've thought about following up on ipd to do things at the disk and or vfs layer. [19:49:54] <jesse_> I even reported a bug of it [19:49:55] <wesolows> presumably they just generate ereports in FMA and increment ZFS counters [19:50:03] *** codingstream has joined #smartos [19:52:09] *** ira has quit IRC [19:52:15] <jesse_> wesolows, https://github.com/joyent/smartos-live/issues/159 [20:01:33] *** ipalreadytaken has joined #smartos [20:05:50] *** ryancnelson has joined #smartos [20:06:22] *** enmand has quit IRC [20:06:35] *** enmand has joined #smartos [20:29:43] *** bens1 has quit IRC [20:36:17] *** Cpt-Oblivious has quit IRC [20:36:26] *** ira has joined #smartos [20:39:49] *** enmand has quit IRC [20:43:35] *** mamash has joined #smartos [20:45:56] *** enmand has joined #smartos [21:00:19] *** tonyarkles has joined #smartos [21:07:41] *** Kireji has left #smartos [21:07:54] *** siezer has quit IRC [21:13:32] <ryancnelson> interesting note on the mailing list... setting "dhcp" in vmadm really means "get your IP address however you want, we'll disable anti-spoof, and go nuts, buddy!" [21:15:03] *** solong has quit IRC [21:15:11] <ryancnelson> maybe vmadm needs a synonym for "dhcp" there, called "self-managed" or "unmanaged" or "YOLO" [21:15:13] <rmustacc> Yes, because we treat dhcp as you're doing your own thing, not necessairily tracking what you get over a dhcp request. [21:15:39] <rmustacc> Not a terrible idea./ [21:15:41] <ryancnelson> ### comment: put this in the FAQ [21:25:51] *** Webhostbudd has joined #smartos [21:30:10] *** Forced has quit IRC [21:34:20] *** Webhostbudd_ has joined #smartos [21:36:19] <kamilr> So there is no way to tag admin_nic on smartos ? [21:37:06] <ryancnelson> by design, no. [21:37:07] <rmustacc> You want the admin nic on a vlan? [21:37:31] <ryancnelson> that's an artifact of the fact that when we pxe boot, that's on admin network [21:37:45] <ryancnelson> ... and 99.5% of pxe roms are 802.1Q-ignorant [21:37:51] <wesolows> although with ipxe we can eventually support VLAN booting [21:37:59] <wesolows> today, no. not supported. [21:38:08] <ryancnelson> you can just define some other nic-tag, and not use "admin" [21:38:19] *** Webhostbudd has quit IRC [21:38:27] <ryancnelson> anything else should accept a vlan-id tag just fine [21:39:27] <ryancnelson> ... although there was email on the lists about making admin accept a vlan-id as well, i recall. no reason for it to be forced to be an edge-case. [21:39:41] <ryancnelson> although it's rarely what you'd want, i'd bet [21:40:28] *** ipalreadytaken has quit IRC [21:41:09] *** ipalreadytaken has joined #smartos [21:41:21] <EMH_Mark3> what would be a decently fast way to transfer files between two zfs file systems on same machine? both rsync and cp are quite slow (whereas dd with large block size screams) [21:45:14] *** avrntsv has quit IRC [21:48:06] <kamilr> EMH_Mark3: use mbuffer [21:48:17] <kamilr> http://blogs.everycity.co.uk/alasdair/2010/07/using-mbuffer-to-speed-up-slow-zfs-send-zfs-receive/ [21:48:23] <kamilr> its quite fast [21:49:40] <EMH_Mark3> mmm. I'm trying to transfer individual files tho, not whole filesystems. [21:49:49] <kamilr> oh [21:49:49] <EMH_Mark3> good to know tho [21:50:47] <opeth__> wow, precious tip, never head of mbuffer [21:50:48] <opeth__> thanks [21:50:56] <ryancnelson> yeah, neat. [21:51:09] <opeth__> heard even [21:51:29] <ryancnelson> tar -cf /dir | ( cd /newdir ; tar -xvf - ) [21:51:29] <ryancnelson> ... is usually faster than cp, and rsync [21:51:53] <ryancnelson> ... that's one of the dtrace excersises... proving that cp memory-maps the whole file, or something like that [21:51:54] * EMH_Mark3 tries [21:51:59] <jesse_> would be nice if it were in pkgsrc=) [21:52:00] <ryancnelson> oh [21:52:03] <ryancnelson> don'T!!!!!! [21:52:05] <ryancnelson> typo!!!! [21:52:09] <ryancnelson> fuck [21:52:20] <ryancnelson> tar -cf - /dir | ( cd /newdir ; tar -xvf - ) [21:52:24] <EMH_Mark3> TOO LATE LOST / [21:52:33] <ryancnelson> phew. hope you didn't whack your src dir :) [21:54:19] *** andoriyu has joined #smartos [21:54:51] <EMH_Mark3> hm hard to tell if it's any better. [21:55:29] *** Forced has joined #smartos [21:55:34] *** andoriyu_ has quit IRC [21:56:34] <EMH_Mark3> looks like it is much faster, cheers [21:58:13] <kamilr> can i have two nic tags with same mac address on global ? [21:58:22] <ryancnelson> sure [21:58:23] <kamilr> i.e. admin_nic & test_nic ? [21:58:26] <kamilr> gr8 [21:58:41] <ryancnelson> that's why they exist... [21:59:45] <ryancnelson> so you could have tags for stuff like "nfsA" "databaseB" "dmz" ... and then move one to another mac-addr without disturbing the others. they're like movable labels [21:59:55] <rmustacc> A nic tag is just suppposed to represent a collection of nics. [22:00:06] <rmustacc> Nominally shared across multiple machines. [22:00:11] <rmustacc> A physical nic can belong to multiple connections. [22:00:39] <ryancnelson> but yeah, you can put multiple nic-tags on one nic. you can't put a nic-tag on more than one nic, though. (aggregation notwithstanding) [22:01:47] <kamilr> but different ips offcors, im i right ? [22:02:18] <ryancnelson> well, you certainly can't use the same IP in two places [22:02:25] <rmustacc> a nic tag has nothing to do with ips. [22:02:42] <rmustacc> Well, not directly anyway. [22:26:53] *** rbrown_ has quit IRC [22:27:05] *** ipalreadytaken has quit IRC [22:27:18] *** rbrown_ has joined #smartos [22:27:34] <kamilr> i have now admin_nic and private_nic where private_nic is in one of my vlans [22:27:51] <kamilr> and now nither admin and private are unaccesible [22:28:09] <kamilr> is it normal behaviour? [22:29:47] <rmustacc> Depends on your switch configuration. [22:30:14] <rmustacc> But generally, probably not. [22:30:27] <rmustacc> But misconfigurations for vlans + switches aren't uncommon. [22:39:42] <trentster> is there a correct procedure when moving zones zpool physical drives from one server to another? Would it be best to get the mac addresses of the target servers nics first and update /usbkey/config prior to moving the drives across? [22:40:31] *** bens1 has joined #smartos [22:42:11] <ryancnelson> that's not a bad idea [22:42:50] <ryancnelson> it'd save you a reboot cycle of "boot in rescue mode, mount the zpool, edit the file there" [22:46:07] <rmustacc> I would make sure to boot noimport the first time to go and get all the updated information on the physical system. [22:53:23] *** bens1 has quit IRC [22:55:02] *** wolfeidau has quit IRC [22:55:18] <Peitolm> This may be a silly question, but I couldn't see it in the FAQ, i Have an existing SunOS 5.11 snv_134 i86pc i386 i86pc Solaris install, with a number of zones running on a mirrored zpool, is it possible to transition the machine to smartOS? [22:56:20] <e^ipi> unlikely to be worthwhile [22:56:45] <e^ipi> the zones at least won't work, data on the pool is going to be a pain to migrate [22:57:19] <Peitolm> :( guess i'll have to look at going to OI then [22:58:07] <trentster> ryancnelson: rmustacc thanks [22:58:48] *** deirdres has joined #smartos [22:59:17] <Peitolm> Has anyone managed to get OS X running under KVM on smartOS? [22:59:49] <Peitolm> (google isn't being my friend tonight), i see references to free OS's and Windows, but not OSX [23:00:35] <rmustacc> I don't think that many people have tried. [23:01:50] <Peitolm> I've seen reference to snow leopard running on linux kvm with patches, but... [23:03:22] *** siezer has joined #smartos [23:04:24] <ryancnelson> right. there's patches to make that hypervisor lie about being real mac hardware (there's a rom or something) [23:04:28] <ryancnelson> ours doesn't do that. [23:04:56] <ryancnelson> (out of the box) [23:05:59] <Peitolm> I'm running on real apple hardware, so I don't need to fake it :) [23:06:21] <ryancnelson> no you're not. you're running in our qemu "virtual motherboard" [23:06:59] <ryancnelson> ... inside of real apple hardware [23:07:06] *** kamilr has quit IRC [23:07:35] <Peitolm> I thought the patch was to permit those calls to pass through to the real chip [23:07:37] <ryancnelson> the thing os x looks for is a device that we don't emulate. [23:07:47] <ryancnelson> it's not the processor. [23:08:37] <Peitolm> ah, the applesmc [23:08:40] <ryancnelson> it's the system management controller [23:08:40] <ryancnelson> yeah [23:10:04] <Peitolm> http://www.contrib.andrew.cmu.edu/~somlo/OSXKVM/ is my source atm, It wouldn't be difficult for me to find the "right" values for my hardware, [23:10:30] <Peitolm> but if i understand you correctly, the SmartOS qemu implementation doesn't emulate that chip anyway [23:12:22] *** wolfeidau has joined #smartos [23:12:30] <ryancnelson> right. it doesn't. [23:12:56] <ryancnelson> it's open source, though [23:14:56] *** neophenix has quit IRC [23:15:53] <jesse_> Peitolm, there is always the possibility of running some hackintosh release (do people still make those?) [23:16:05] <Peitolm> no idea [23:16:10] <jesse_> but I wouldn't run it anywhere than at home [23:16:30] <Peitolm> well, i have real hardware, real license, so,... [23:16:40] <jesse_> the licensing is probably more in the lines of spirit of the law than letter of the law with it [23:16:57] <xinkeT> jesse_: the hackintosh community is very much alive and well [23:17:05] *** wolfeidau has quit IRC [23:17:15] <Peitolm> oddly, the license is fairly clear, you have a license to run it on any apple branded hardware [23:17:46] <Peitolm> and when i questioned this, this includes running in a virtual environment, as long as the underlying hardware is apple [23:18:11] <jesse_> I think it changed with snow leopard [23:18:18] <jesse_> or maybe lion [23:18:21] <Peitolm> i guess the technicalities of how that is accomplished (via working round SMC) [23:18:25] <Peitolm> it changed in Lion [23:18:35] <Peitolm> it changed when you could buy it from the app store [23:18:36] *** wolfeidau has joined #smartos [23:18:59] <jesse_> but there was some need of the osx license to be server [23:19:02] <Peitolm> there;s even a specific extra set of allowances if you're runing osx server [23:19:06] <jesse_> maybe in older osx [23:19:10] <jesse_> trying to remember [23:19:23] <Peitolm> in older osx, you needed server to run under virt. [23:19:36] <Peitolm> if memory serves that was snow leopard [23:20:00] <Peitolm> (which i ahve a node/hardware ver) locked disk for, but it doesn't match my xserve which has a license [23:20:13] <jesse_> anyway, I'd say the easiest way to get started is to run hackintosh distro while you figure out what needs to be patched for the passthrough to work ;) [23:20:40] <Peitolm> or the smc to be supported [23:21:14] <Peitolm> I wonder if i created the image under say vBox or vmware and then transferred it [23:21:44] <ryancnelson> that'd be a good first attempt [23:21:50] <jesse_> all I know is that hackintoshes have patched kernel/kext to allow it to run [23:22:55] <Peitolm> hmm, re-reading that page, it looks like qemu already has the support in it for the smc [23:23:34] <jesse_> but does the smartos qemu have it? [23:24:12] <ryancnelson> *it* *does* *not* [23:24:18] <ryancnelson> not sure how to be more clear than that. [23:25:09] <Peitolm> sorry ryan, I didnt' mean to suggest that the smartOS qemu did [23:25:41] <Peitolm> i'm still finding my way around kvm/qemu and which bit is where [23:25:53] <jesse_> why would anyone run osx server is beyond me, though [23:26:02] <jesse_> that's like... running smartos desktop! [23:26:10] <ryancnelson> joyent ported qemu/kvm to our kernel. there's not just "qemu"... there are several branches [23:26:53] <Peitolm> jesse_: a better support calendar server than calendar server? :) [23:28:35] <e^ipi> jesse_: because you're an "IT guy" at an elementary school that got roped in to setting up a mail & calendar server [23:28:44] <miine> Peitolm: darwin calendar server? [23:28:47] <e^ipi> where "IT guy" means "math teacher" [23:28:53] *** szaydel has quit IRC [23:29:17] <jesse_> e^ipi, ah, well, that's probably more like 'one desktop running services' than a server [23:30:01] <e^ipi> a mac mini w/ osx server is actually a pretty nice pice of hardware for that purpose [23:30:17] <jesse_> yeah, but it'll be operated like a desktop, most likely [23:30:20] <Peitolm> miine: http://trac.calendarserver.org is the one I'm running on linux, but as i have a number of iOS devices and osx machines in the house, having some of the bits osx server gives is quite handy [23:30:24] <e^ipi> law firms or elementary schools or something with a couple dozen users, tops [23:30:38] <Peitolm> my mac mini won't run mountain lion [23:30:48] <miine> Peitolm: yep. runs on illumos too :-) [23:31:06] <miine> Peitolm: mine doesn't too. vb to the rescue :-) [23:31:28] <miine> but I would like to see GNUstep ontop of Illumos... [23:31:42] <Peitolm> and my mac pro is a little over-specc'd for runing a house osx server, so i want to give it some more work to do, like consolidating the ZFS storage, and linux mythtv box [23:31:53] <jperkin> first we need a working clang [23:32:00] <jperkin> then gnustep should mostly just work I think [23:32:01] <andoriyu> forgive me for asking again, but there is no way of updating smartmachine inside smartmachine? only complete "rebuild" ? [23:32:14] <Peitolm> miine: mountain lion in vbox on what? [23:32:15] <jesse_> jperkin, working X11 would be nice, too?=) [23:32:30] <jperkin> jesse_: it would indeed, want to start hacking? ;) [23:32:32] <jesse_> (didn't gnustep use X11? I can't remember) [23:32:33] *** ktk is now known as ktkNA [23:32:37] <miine> Peitolm: OpenIndiana 151a [23:33:04] * Peitolm ponders [23:33:07] <jesse_> jperkin, already tracked down that annoying libxcb bug, enough X for me for a while=) [23:34:00] <miine> jperkin: hmm. doesn't gnustep require "only" gcc? I don't need that Objective-C 2.0 stuff. if it's there fine, if not - I can live without... [23:34:42] <jperkin> miine: the version in pkgsrc at least requires clang now [23:34:52] <jesse_> and doesn't gcc support objc? it's not long ago apple used gcc instead of clang... [23:35:30] <jperkin> something to do with incompatabilities when building with gcc vs clang, I don't recall the details (but could dig them up if necessary) [23:35:44] <jperkin> but it's a good reminder to eventually finish the clang stuff [23:35:45] <Peitolm> thanks for the seed miine, [23:36:14] <jesse_> jperkin, yeah, I'd like to try get openjdk compile with clang [23:36:26] <jesse_> to see if there's any difference in speed [23:36:43] <jesse_> (jvm speed, that is) [23:36:50] <miine> hmm. maybe I should just virtualize a linux and install GNUstep in that. I just can't use neither gnome nor qt for extended periods of time (e.g. > 15 min) :D [23:36:58] *** mamash has left #smartos [23:37:26] <rmustacc> jesse_: Does clang acually work on illumos? [23:37:41] <jesse_> rmustacc, it should [23:37:49] <jesse_> there are some older binaries of it about, at least [23:38:19] <rmustacc> Maybe it's just their C++ standard libraries which don't. [23:38:28] *** axonpoet has quit IRC [23:38:33] <jperkin> it works, except it needs a gcc runtime, so introduces some circular dependencies I need to work around [23:38:45] <Peitolm> right, night all, thanks for the pointers [23:39:00] *** beau-_ has joined #smartos [23:40:31] <miine> my dream os would be illumos based with GNUStep frontend where apps run in different zones but are displayed on one desktop... [23:41:06] <miine> hope I will get there someday... [23:41:42] <wesolows> we had that. it was called CDE with Trusted Extensions [23:41:50] <wesolows> it was unusable garbage [23:42:09] <jesse_> that might have been because of the 'CDE' part [23:42:23] <jesse_> as CDE was unusable garbage, alone=) [23:42:41] <e^ipi> nah, they ported it to gnome [23:42:42] <e^ipi> i [23:42:44] <e^ipi> t was still crap [23:43:19] <miine> wesolows: X11 has to be replaced by something more secure of course. Display PS or PDF based can't hurt too... [23:43:25] *** darjeeling has quit IRC [23:44:03] <wesolows> the 'label' stuff was just bonkers. less secure than zones, really, but more annoying [23:44:19] <wesolows> there's nothing insecure about X11 [23:44:23] *** Webhostbudd__ has joined #smartos [23:44:42] <wesolows> just put it on a unix domain socket and turn off everything else and it's fine [23:45:02] <miine> wesolows: can't processes listen on input which may belong to others in X11? [23:45:27] <wesolows> assuredly not, at least in the TX context [23:45:52] <miine> wesolows: is that Trusted Extensions stuff open sourced? [23:46:31] <miine> at least the x11 parts would be usefull to have something to look at... [23:46:52] *** Webhostbudd_ has quit IRC [23:47:54] <rmustacc> What's the threat model? [23:48:27] <wesolows> TX was never open sourced, though the ON substrate was [23:49:06] <wesolows> yeah, as rm points out, the threat model TX was designed to handle was "government purchasing agent says we can't buy Solaris unless we have this". It was not meant to address any real security problem. [23:50:24] <miine> putting stuff in zones depending on the security "level" will solve 99,99% of the problems... [23:50:45] <rmustacc> What's the actual threat you're trying to protect against? [23:50:54] <jesse_> wesolows, wasn't it more about compartmentalising information access? [23:51:02] <wesolows> jesse: yes [23:51:15] <jesse_> wesolows, 'write higher [security level], read lower' [23:51:21] <wesolows> can't paste stuff from the "Top Secret" labeled window to the "Confidential" labeled window etc [23:51:40] <wesolows> of course, you could still *type* the same stuff [23:52:01] <jesse_> obviously, but it would have to go through you [23:52:18] <jesse_> and if you didn't have top secret access, you wouldn't see the data at all [23:52:22] <jesse_> and I think that's the point [23:52:48] <wesolows> I guess. I'm just skeptical. [23:53:12] <rmustacc> Sure, but I don't think that's miine's threat model. [23:53:44] <ira> The main threat that sounds like it is designed against is human error ;) [23:53:58] <e^ipi> but not really [23:54:15] <miine> rmustacc: you can do that too in zones as the sucurity model should be implemented in acls / posix rights too... [23:54:46] <e^ipi> miine: what are you trying to protect against ? [23:55:00] <e^ipi> adding security-sounding crap on top of whatever doesn't make you more secure [23:55:15] <jesse_> miine, did you see that url I posted earlier, where a web server creates a new xen instance and runs code to create your page in it? [23:55:27] <rmustacc> miine: That doesn't answer the question of what is your threat model. [23:55:36] <jesse_> new xen instance for every page load [23:55:37] <rmustacc> People have only offered solutions, not problems. [23:56:16] <jesse_> probably less secure than running the web server as-is, as it gets all xen-bugs, too=) [23:56:35] <miine> running web browsers / apps depending on the needed security. also each zone would see only the data needed. copy/paste across zones could be monitored etc. [23:56:45] <wesolows> in all likelihood the bugs in the web page itself will be fatal [23:56:49] <e^ipi> "depending on the needed security" for what? [23:57:16] <wesolows> that's still not a threat model, but if that's the functionality you want you can buy it from Oracle [23:57:33] <miine> in germany there is a "bankix" linux live-cd for running web-browser to do online-banking... . [23:57:53] <ira> Which protects against certain problems… not others. :) [23:58:13] *** deirdres_ has joined #smartos [23:58:14] <miine> so there is data which can leave the house, and there is data which never should leave... . and something in between... [23:58:18] <wesolows> if I were to make a "bankix" you can bet that it would be transmitting passwords straight to my servers [23:58:27] <jesse_> if I wanted to steal your money, I'd target bankix download site. I'd get everyone else's money, too! [23:58:35] <olafm> miine: How would running things in Zones be different from say MAC? [23:59:17] <miine> because the zone would mount only the directories it needs for the job. files not there can't be accessed... [23:59:43] <ira> miine: Clearly the zone can't decide that... [23:59:50] <olafm> miine: Thats the whole point of Mandatory Access Control. You only get to access what you truely need.