January 22, 2019 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >
January 22, 2019 [00:06:52] *** ingenthr <ingenthr!~ingenthr@rrcs-98-152-51-170.west.biz.rr.com> has quit IRC (Quit: Leaving.)[00:16:51] <npx> Why not make life a little easier and just do vmadm update <uuid> fs_allowed="ufs,pcfs,tmpfs" on your build zone?[00:17:24] <npx> Like, provision it normally first.[00:18:48] <npx> I'm sure there is some compelling reason to not do this because you guys are reassuringly paranoid.[00:23:27] <LeftWing> I think you'd have to reboot it after you apply that update[00:23:49] <npx> Yeah, I did, it worked as intended[00:24:09] <richlowe> LeftWing: sure![00:24:57] <TyrfingMjolnir> npx: What does provisioning it normally first mean?[00:25:07] <TyrfingMjolnir> I have used kvm before[00:25:14] <TyrfingMjolnir> I usually mount the installer first[00:25:22] <TyrfingMjolnir> Then do the install[00:25:24] <LeftWing> TyrfingMjolnir: npx's question is separate to your thing[00:25:33] <TyrfingMjolnir> Then make a dsimage[00:25:36] <TyrfingMjolnir> LeftWing: Ok[00:40:21] *** Gathis <Gathis!~TheBlack@unaffiliated/gathis> has quit IRC (Remote host closed the connection)[00:40:42] *** waz0wski <waz0wski!waz0wski@hrothgar.distortion.io> has joined #smartos[00:41:24] *** npx <npx!~alex@136.41.160.10> has quit IRC (Ping timeout: 250 seconds)[01:02:30] *** iphy <iphy!uid67735@gateway/web/irccloud.com/x-cipwkqyawouirfsr> has quit IRC (Quit: Connection closed for inactivity)[01:31:48] *** iphy <iphy!uid67735@gateway/web/irccloud.com/x-iddkpvsgdsjuqyvw> has joined #smartos[01:34:16] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has quit IRC (Ping timeout: 250 seconds)[01:50:33] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has joined #smartos[01:51:55] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[01:56:58] *** waz0wski <waz0wski!waz0wski@hrothgar.distortion.io> has quit IRC (Quit: quit)[02:05:08] *** waz0wski <waz0wski!~waz0wski@hrothgar.distortion.io> has joined #smartos[02:15:39] *** v_a_b <v_a_b!~volker@p57A27C6C.dip0.t-ipconnect.de> has quit IRC (Ping timeout: 246 seconds)[02:19:34] *** tozhu <tozhu!~tozhu@171.221.44.58> has quit IRC (Quit: tozhu)[02:41:09] *** jrick <jrick!~jrick@unaffiliated/jrick> has quit IRC (Ping timeout: 268 seconds)[02:47:43] *** jrick <jrick!~jrick@unaffiliated/jrick> has joined #smartos[03:35:57] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has quit IRC (Remote host closed the connection)[03:42:30] *** iphy <iphy!uid67735@gateway/web/irccloud.com/x-iddkpvsgdsjuqyvw> has quit IRC (Quit: Connection closed for inactivity)[03:42:50] <Smithx10> is there a setting to have LX branded zones take sdc:hostname as the instance name?[03:56:44] *** tozhu <tozhu!~tozhu@101.207.125.86> has joined #smartos[04:00:43] <tozhu> does Triton Object Storage support “ftp”? is there any “ftp” API available?[04:47:38] <jrg> uhm[04:47:43] <jrg> the mount for smartos[04:47:48] <jrg> does it not support smb2+?[04:47:56] <jrg> is it like fbsd where it only supports smb1?[04:48:06] <jrg> i can't seem to mount smb shares[04:50:39] *** neirac <neirac!~cneir@pc-153-101-46-190.cm.vtr.net> has joined #smartos[04:55:10] <LeftWing> tozhu: Not as far as I know. You'd have to build a proxy of sorts that speaks FTP on the front and makes Manta HTTPS requests on the backend.[04:56:33] <tozhu> LeftWing: Thanks for the answer, BTW, do you know the status about the X722 driver? Thanks again[04:57:14] <tozhu> x722 NIC still not stable, it hungs, and still not be fixed,[04:57:32] <LeftWing> tozhu: I'm not familiar, but rzezeski or rmustacc might be.[04:57:33] <tozhu> not sure if Joyent had the Server with X722 NIC[04:58:06] <tozhu> okay, thank you, I’ll ping them when they are online, thanks again.[05:04:02] <rzezeski> tozhu: I'm actively working on OS-7492, which _should_ be the last freeze[05:04:04] <jinni> https://smartos.org/bugview/OS-7492[05:04:10] <rzezeski> it's a bit of a tricky one[05:04:54] <tozhu> rzezeski: thank you very much for the information[05:05:03] <jrg> hm. so i can't seem to get smb to mount into zones :/[05:05:37] <rzezeski> I probably also have to do a follow up to OS-7456 as there's one other bit of behavior I learned out (but that will only strike SOME of the controllers depending on some variable that I have yet to determine...and Intel was no help here)[05:05:41] <jinni> https://smartos.org/bugview/OS-7456[05:06:00] <Smithx10> rzezeski: at least you're not having to be mr MongoDB[05:06:17] <rzezeski> The 710/722 are very fickle parts[05:06:19] <Smithx10> <------ has developers who decided to deploy this pile of awesome.[05:06:33] <Smithx10> ./ops life.[05:07:23] <jbk> rzezeski: that's being kind :)[05:07:48] <rzezeski> the i40e demerit count has risen sharply (though really it should have been directed at Intel for making such a complicate part)[05:07:56] <rzezeski> CAN'T WAIT FOR 100G[05:08:04] <Smithx10> LOL[05:08:15] <Smithx10> is that right after HW ring support is added to i40?[05:08:21] <rzezeski> probably not[05:08:31] <Smithx10> What do you see yourself doing after i40e?[05:08:39] <Smithx10> maybe its upstack break time?[05:09:02] <rzezeski> the part itself isn't even out yet, and it will require us (hahahahah, I mean rm and maybe me) to write a new driver from the ground up (minus the core code in the FreeBSD drop)[05:09:05] <Smithx10> Little vacation from the packetzzezzza nd frameszezezezssezes[05:09:15] <jrg> i guess i'll try nfs[05:09:35] <jrg> is there some document about mounting nfs into a smartos zone?[05:09:53] <Smithx10> Or ..... maybe..... optimize the ShizzZzzzzzzzz out of some NetWorkAgeZzSSs[05:10:09] <Smithx10> ./is in early 2000s playing starcraft[05:10:27] <rzezeski> Smithx10: it's hard to say, I have some IP code I need to fix, and then I'd like to get Chelsio up to speed, but there's really no way to say at the moment[05:11:20] <Smithx10> Anyone ever play this game? https://store.steampowered.com/app/7760/XCOM_UFO_Defense/[05:11:44] <Smithx10> I'm pretty sure it is the best game ever made.[05:14:39] <_Tenchi_> i disagree... it's a very good game, but I think donkey kong is the best game ever[05:15:25] <jrg> well.. seems like the issue is that you cannot mount directly into zones[05:15:28] <jrg> strange[05:15:37] <jrg> maybe i should try again with smb[05:15:45] <Smithx10> lolol[05:15:54] <Smithx10> jrg: Ive mounted nfs and smb :P[05:16:05] <Smithx10> it was prettty straight forward last i remembered[05:16:12] <jrg> Smithx10: i tried smb but kept getting errors[05:16:16] <jrg> but i tried mounting directly into the zone[05:16:25] <Smithx10> like... you arent in a zone?[05:16:30] <jrg> seems like i have to go local -> lofs -> zone[05:16:32] <Smithx10> you are in the GZ trying to smash it inside of it?[05:16:49] <jrg> no. i'm outside the zone doing it from teh smartos side[05:16:57] <jrg> i just managed to mount it via nfs[05:16:59] <Smithx10> why not do it in the zone?[05:17:12] <jrg> you can mount directly into the zone from the zone?[05:17:21] <Smithx10> mount nfs.[05:17:23] <jrg> i didn't think that was possible[05:17:35] <Smithx10> ?[05:17:36] <jrg> Smithx10: i'd rather use smb[05:17:42] <Smithx10> Unless im insnae.....[05:17:43] <jrg> but i did manage to mount nfs[05:17:56] <jrg> Smithx10: i thought mounting directly into a zone from a zone was ... not a thing?[05:17:58] <jrg> similar to jails?[05:18:00] <Smithx10> but im pretty certain you can mount nfs and smb from within your zone[05:18:08] <jrg> seriously?![05:18:08] <Smithx10> huh[05:18:10] <Smithx10> wait[05:18:15] <Smithx10> what?!?$![05:18:21] <Smithx10> Are you mounting NFS "_"[05:18:28] <jrg> i tried smb first[05:18:30] <jrg> i did just mount nfs tho[05:18:40] <jrg> from the smartos box to the zone[05:18:48] <Smithx10> this was confusing "Smithx10: i thought mounting directly into a zone from a zone was ... not a thing?[05:18:48] <Smithx10> "[05:18:48] <jrg> i didn't know you could do it directly from the lx zone[05:19:05] <jrg> Smithx10: well i'm used to fbsd jails[05:19:13] <jrg> where it is impossible to mount directly from the jail[05:19:23] <jrg> i can try it tho[05:19:36] <Smithx10> https://github.com/joyent/illumos-joyent/issues/144[05:19:44] <Smithx10> you are trying to do that right?[05:20:12] <jrg> oh. no...[05:20:29] <jrg> i'm mounting something from another server into the zone[05:20:36] <Smithx10> "_"[05:20:37] <jrg> similar i suppose[05:20:47] <Smithx10> are you doing mount -t nfs ?[05:21:06] <jrg> not in the zone no. i figured i had to do it on the smartos side. then lofs it into the zone[05:21:14] <jrg> so i can actually mount from within zones?[05:21:19] <jrg> smb and nfs?[05:21:19] <Smithx10> that uses the interface in the zone to talk IPs and stuffz to interfaces that are talking those IPs[05:21:47] <jrg> hm. maybe i should try it within the zone then?[05:22:06] <Smithx10> and if rzezeski did his job well (like he does) you'll have some NFS dance party happening[05:22:19] <jrg> well. i want to use smb[05:22:29] <jrg> if i can[05:22:37] <Smithx10> you can sir.[05:22:38] <Smithx10> you can.[05:22:44] <jrg> from within the zone?[05:22:55] <jrg> so i was just wasting my time all this time? heh[05:23:04] <Smithx10> I believe so[05:23:13] <Smithx10> its quite sad if freebsd can't mount nfs / smb[05:23:29] <jrg> you have to do it from the fbsd side[05:23:34] <jrg> then nullfs it into the jail[05:23:36] <Smithx10> ./tisk tisk[05:23:46] <jrg> which fbsd sucks for smb anyways[05:23:51] <jrg> because it only supports smb1[05:24:14] <jrg> i'll try it from the zone tho[05:26:45] <jrg> mount error: cifs filesystem not supported by the system[05:26:46] <jrg> mount error(19): No such device[05:29:07] <jrg> yeah so.. that doesn't seem to work lol[05:32:14] <Smithx10> did you follow the instructions?[05:32:30] <jrg> instructions? for smb?[05:32:43] <jrg> i'm just treating it like an ubuntu box[05:32:52] <jrg> and trying to mount from within the zone like i would normally[05:33:38] <jrg> there are no instructions for this sort of thing for smartos :/[05:37:24] <jrg> it seems the easiest way to do it is with a ro nfs coming off the freenas box onto the smartos box then to lofs it to the zone[05:37:43] <jrg> i'm just setting up a lx zone to see performance differences between kvm and the lx zone[05:37:47] <jrg> using plex[05:42:31] <Smithx10> https://smartos.org/bugview/OS-4205[05:42:34] <Smithx10> guess only nfs works[05:42:41] <Smithx10> smb works in a regular smartos zone tho[05:54:53] <jrg> go figure. maybe they’ll fix it some day. I’ll try nfs tomorrow.[05:54:58] <jrg> from the zone[05:55:23] <jrg> nfs is probably a bit more efficient than smb anyways[06:01:42] <Smithx10> yea, thats lame that lx doesnt do smb[06:02:10] <Smithx10> but if this is just for streaming your movies....[06:02:17] <Smithx10> bhyve should work alright[06:24:21] *** NginUS <NginUS!~NginUS@cpe-69-201-42-20.twcny.res.rr.com> has quit IRC (Ping timeout: 252 seconds)[06:24:48] *** NginUS <NginUS!~NginUS@cpe-69-201-42-20.twcny.res.rr.com> has joined #smartos[06:35:37] *** black_pete <black_pete!~black_pet@gateway.peterguy.com> has quit IRC (Quit: black_pete)[06:50:47] *** black_pete <black_pete!~black_pet@gateway.peterguy.com> has joined #smartos[06:53:28] *** black_pete <black_pete!~black_pet@gateway.peterguy.com> has quit IRC (Client Quit)[07:20:22] *** black_pete <black_pete!~black_pet@gateway.peterguy.com> has joined #smartos[08:03:16] *** black_pete <black_pete!~black_pet@gateway.peterguy.com> has quit IRC (Quit: black_pete)[08:10:55] <TyrfingMjolnir> How do I boot a bhyve zone? This line does not work: vmadm boot ZONE_UUID order=cd,once=d cdrom=/FreeBSD-12.0-RC3-amd64-bootonly.iso,ide[09:29:11] *** tozhu <tozhu!~tozhu@101.207.125.86> has quit IRC (Quit: tozhu)[09:41:35] *** mno-hime <mno-hime!~mno-hime@94.142.238.232> has quit IRC (Quit: Leaving)[09:42:08] *** v_a_b <v_a_b!~volker@p57A27DB6.dip0.t-ipconnect.de> has joined #smartos[10:27:25] *** man_u <man_u!~manu@manu2.gandi.net> has joined #smartos[10:57:01] <mattronix> bahamat: saw my PM?[11:31:09] *** neuroserve <neuroserve!~toens@195.71.113.124> has joined #smartos[11:47:43] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[11:58:26] *** Teknix <Teknix!~pds@2601:801:101:f429:ec26:9c56:7d3e:8f05> has quit IRC (Read error: Connection reset by peer)[11:59:19] <jrg> Smithx10: it does for the most part.[12:02:45] *** Teknix <Teknix!~pds@2601:801:101:f429:bdd8:42fa:c7e0:2a7f> has joined #smartos[13:40:53] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has joined #smartos[14:31:32] <pmooney> TyrfingMjolnir: our bhyve doesn't support the 'order=' or 'cdrom=' arguments to vmadm yet[14:38:15] *** mgerdts <mgerdts!~textual@2600-6c44-0c7f-ec89-e9f0-4d83-1174-c9cb.dhcp6.chtrptr.net> has joined #smartos[14:50:01] <Smithx10> Does a triton inst rm sig term all the services and come down clean[14:50:06] <Smithx10> or does it blow it away asap[15:16:19] <pmooney> andyf: you around?[15:16:26] <andyf> yes[15:16:43] <pmooney> I'm looking at the CR to merge the bhyve manifests from omnios into illumos-joyent[15:16:51] <pmooney> had some questions there[15:17:07] <pmooney> https://cr.joyent.us/#/c/5399/[15:17:32] <andyf> ah, Woodstock's change, yes[15:17:45] <andyf> oh, I'm author? :)[15:17:54] <pmooney> apparently![15:17:57] <jlevon> you're not?[15:17:57] <Woodstock> of course :)[15:18:23] <pmooney> I was curious about shipping the libppt/libvmm headers[15:18:38] <pmooney> (and the compilation symlinks for the various libraries)[15:19:07] <pmooney> if that's exposing more than is prudent[15:19:10] <andyf> It's a fair question, I don't think they are needed.[15:19:37] <pmooney> all of this stuff is meant to be Private for now[15:19:41] <andyf> I have been following the illumos-joyent system/bhyve, but adding things that were missed (rather than adding them to exception_lists/packaging)[15:19:47] <jlevon> they can be useful for dtracing no?[15:20:04] <andyf> and the last change was just to split headers/libraries into system/library/bhyve since mdb has gained a dependency on them[15:20:25] <andyf> and (in OmniOS at least) we don't want to make system/bhyve mandatory[15:20:44] <pmooney> sure[15:22:01] <andyf> if the plain .so, and the .h files go away from the package and into exceptions, that does not cause me any problems[15:22:17] <andyf> and if they are supposed to be private then it seems like the right thing (modulo jlevon's comment)[15:24:13] <pmooney> we definitely don't wany any non-system software building against them[15:25:23] <andyf> The .so links are in your manifest at the moment[15:25:27] <pmooney> yeah[15:25:30] <jlevon> I'd missed that we had the symlinks, that's not good for sure[15:25:40] <pmooney> agreed[15:25:47] <pmooney> we don't ship the headers, though IIRC[15:26:09] <pmooney> and bhyve is unusable in tenant zones anyways[15:26:19] <andyf> no, you don't.[15:26:37] <andyf> I agree that the links and headers should be dropped from the new system/library/bhyve (and placed in exception_lists)[15:36:19] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[15:40:07] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[15:45:58] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[15:47:35] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[16:00:39] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[16:02:42] *** Kurlon <Kurlon!~Kurlon@98.13.72.207> has quit IRC (Ping timeout: 246 seconds)[16:03:18] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[16:10:14] *** vila <vila!~vila@lec67-4-82-230-53-244.fbx.proxad.net> has quit IRC (Remote host closed the connection)[16:16:41] *** polishdub <polishdub!~polishdub@207.86.38.254> has joined #smartos[16:23:20] *** vila <vila!~vila@lec67-4-82-230-53-244.fbx.proxad.net> has joined #smartos[16:36:45] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #smartos[16:42:26] *** tozhu <tozhu!~tozhu@171.221.44.58> has joined #smartos[16:45:00] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[16:49:21] *** ingenthr <ingenthr!~ingenthr@47.150.244.29> has joined #smartos[16:52:11] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[17:01:23] *** lgtaube <lgtaube!~lgt@46.165.251.115> has left #smartos[17:01:36] *** lgtaube <lgtaube!~lgt@46.165.251.115> has joined #smartos[17:02:18] *** black_pete <black_pete!~black_pet@gateway.peterguy.com> has joined #smartos[17:05:58] *** johngrasty <johngrasty!~johngrast@mail.ggimissions.com> has joined #smartos[17:07:15] <johngrasty> Hi all, I have a question. On my home server, I've got plex running in an LX zone, but when I run dpkg -i plex_whatever.deb, Plex installs corrently.[17:08:50] <johngrasty> But during when dpkg is "Setting up plexmediaserver (1.14.1.5488-cc260c476) ..." it crashes, and the console to the zone (with zlogin) closes, and I'm back at the global zone.[17:09:35] <johngrasty> Any ideas what to do debug? Platform is recentish (November--I'll be upgrading that in an hour) and the Debian 9 lx image is the most recent.[17:11:34] *** neuroserve <neuroserve!~toens@195.71.113.124> has quit IRC (Ping timeout: 250 seconds)[17:12:59] <jbk> johngrasty: ISTR there's some bug w/ jemalloc under LX that plex seems to trigger (compared to other things)[17:13:09] <jbk> I think papertigers has a workaround for it though[17:13:44] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 268 seconds)[17:14:07] <johngrasty> Ok. I can google around then some for the workaround. It seems to work generally fine, but updates are a pain because of that behaviour.[17:14:10] <johngrasty> Thanks![17:14:36] <papertigers> johngrasty: I have not seen it crash on upgrade[17:15:05] <johngrasty> Hmmm. Ok. Well, I will update my platform and try everything again.[17:15:13] <johngrasty> papertigers: What image do you run it on?[17:15:22] <papertigers> what platform are you on?[17:15:50] <papertigers> I am also using Ubuntu 16.04 LTS[17:16:09] <papertigers> I also haven't upgraded via zlogin I don't think. I usually login via ssh[17:16:24] *** iphy <iphy!uid67735@gateway/web/irccloud.com/x-idzgopelyzqzhouf> has joined #smartos[17:16:51] <johngrasty> Reasonably current. I think November. I'm on Debian 9. I'll try Ubuntu.[17:16:55] <johngrasty> Thanks for the help![17:17:06] <papertigers> are there any core files left around?[17:17:13] <papertigers> /zones/uuid/cores[17:18:06] <johngrasty> Nope.[17:18:24] <papertigers> what does it say when it crashes?[17:18:41] <johngrasty> Just a second, I'll do a pastebin.[17:19:12] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #smartos[17:19:50] <jperkin> yeh I've not seen that either on ubuntu 16.04 plex / joyent_20161108T160947Z[17:20:07] <johngrasty> So I am logged into the zone with zlogin uuid, and when I run dpkg -i plex.deb or in this case run dpkg --configure -a, this happens:[17:20:09] <johngrasty> https://hastebin.com/yipaxazisa.pl[17:23:09] <papertigers> johngrasty: interesting, I am not sure it crashes but it kicks you for some odd reason[17:23:15] <papertigers> what if you do it over ssh?[17:23:53] <papertigers> also jperkin is on an old PI and I am on quite a new PI (joyent_20190109T214249Z)[17:24:17] <johngrasty> papertigers: I suspect you are right.[17:24:33] <papertigers> is there anything in dmesg?[17:24:36] <papertigers> from the gz[17:24:37] <johngrasty> I'll try ssh after I eat. I'm here in SLovenia and getting hungry! :-D[17:24:56] <johngrasty> I'll check there as well. I hadn't got to that yet.[17:27:36] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 250 seconds)[17:28:47] <papertigers> cool, let me know if you find anything interesting[17:28:53] <papertigers> enjoy your meal![17:40:34] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #smartos[18:02:55] <kayront> is the Intel I219V Gigabit LAN Controller supported? ASUS PRIME z370-A motherboard? coffee lake (8th gen) cpus?[18:05:34] <kayront> and it is possible these days to have the admin interface on a vlan right? no need to dedicate a nic for it[18:15:24] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[18:17:08] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[18:20:21] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Client Quit)[18:22:38] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[18:33:30] *** man_u <man_u!~manu@manu2.gandi.net> has quit IRC (Quit: man_u)[18:34:58] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[18:38:48] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 245 seconds)[18:39:04] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[18:43:29] <rmustacc> kayront: Yes, should be supported.[18:43:38] <rmustacc> The I219-V variant that is.[19:05:16] <Smithx10> Can I pxe boot VMs on triton?[19:09:10] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #smartos[19:25:14] <TyrfingMjolnir> pmooney: Just skip those params and it should work? Where do I put the installer image?[19:26:55] <pmooney> TyrfingMjolnir: In doing that kind of thing, I've manually added the ahci-cdrom device via zonecfg[19:27:01] <pmooney> (copying it into the root of the zone, like before)[19:27:19] <pmooney> there is no external control over boot order right now for bhyve instance[19:34:36] <LeftWing> Smithx10: We don't really have a way to do that at the moment.[19:35:13] <Smithx10> hmMmm what is the issue?[19:35:30] <Smithx10> dhcp spoofing?[19:45:06] <bahamat> Smithx10: Why do you want to pxe boot vms?[19:46:48] <LeftWing> There are a couple of problems: one, non-fabrics networks have historically been shared, so allowing people to pass DHCP on them or to pick their own addresses, would not work out[19:47:04] *** andy_js <andy_js!~andy@94.3.60.133> has quit IRC (Quit: andy_js)[19:47:33] <LeftWing> And fabrics networks don't currently support broadcast traffic, as would be needed for DHCP; they also don't allow the guest to use an IP/MAC address other than the one prearranged[19:50:16] *** andy_js <andy_js!~andy@94.3.60.133> has joined #smartos[19:52:27] <Eimann> is there any timeframe for new ubuntu lx/(kvm/bhyve) images?[20:26:38] *** sjorge_be <sjorge_be!~sjorge@unaffiliated/sjorge> has joined #smartos[20:27:44] *** mgoetzke76 <mgoetzke76!uid344144@gateway/web/irccloud.com/x-qnkfezogygfxzhfn> has joined #smartos[20:27:58] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has quit IRC (Ping timeout: 245 seconds)[20:27:58] *** sjorge_be is now known as sjorge[20:29:41] <mgoetzke76> Anybody know how to add custom docker registries to GZ ? I am having issues with the SSL certificate (thawte) which doesn't seem to be accepted even when I add the registry as insecure[20:31:30] *** jellydonut <jellydonut!~jelly@75.8.34.95.customer.cdi.no> has quit IRC (Ping timeout: 246 seconds)[20:38:44] *** blackwood821 <blackwood821!ae3110b0@gateway/web/freenode/ip.174.49.16.176> has joined #smartos[20:43:08] <kayront> any idea about the motherboard/cpu rmustacc ? i'm getting this hw just for smartos[20:43:31] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has quit IRC (Ping timeout: 246 seconds)[20:44:58] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has joined #smartos[21:06:48] <Smithx10> So in my private DC ToR DHCP would work?[21:15:09] <Smithx10> im getting vmadm.stop errors :([21:19:40] <blackwood821> I'm getting `defunct` `rpc.statd` processes on a lx branded zone, any suggestions on how to debug this?[21:21:52] <Smithx10> vmadm.stop error: vmadm exited with code: 1 signal: null . :([21:33:26] <bahamat> mgoetzke76: How are you adding it?[21:35:49] <mgoetzke76> bahamat: imagm sources -a https://url -t docker ... At first .. then I tried adding with -k .. that did work. It talks with it[21:36:19] <bahamat> What issue are you having with it now? Just the certificate validation?[21:37:03] <mgoetzke76> bahamat: when importing though it says unable_to_get_issuer_cert_locally , no idea how to add the cert and why since the official docker cert works fine. Where are the car certs[21:37:45] <mgoetzke76> In Solaris there is a service for CAs , didn't find it in GZ yet[21:37:46] <bahamat> imgadm uses node 0.10.26, so it may not be in the trust anchors.[21:38:04] <bahamat> Node has its own embedded list of trust anchors.[21:38:11] <mgoetzke76> I thought this message came with node 4[21:39:14] <mgoetzke76> Ok.. where would I add them or why does insecure source not have any effect?[21:41:53] <bahamat> I'm not sure.[21:41:55] <mattronix> hi[21:41:58] <mattronix> :)[21:42:05] <mattronix> i forgot to reply in here XD[21:42:18] <bahamat> mgoetzke76: Are you tell me what the actual URL is?[21:42:51] <mgoetzke76> It's a test server at https://docker.curasystems.com[21:43:21] <mgoetzke76> Under https://docker-hub.curasystems.com is the web interface[21:43:46] <bahamat> mgoetzke76: Do you mind if I scan it for ssl?[21:43:50] <mgoetzke76> Basic auth is currently NOT configured to not make it more complicated yet[21:44:30] <mgoetzke76> Sure[21:45:35] <mgoetzke76> Repo is mgoetzke/test[21:47:04] <Smithx10> bahamat: have you see that power off error?[21:47:53] <blackwood821> does anyone know what 'Command failed: Failed to talk to init daemon.' means when you try to stop a zone and it won't stop without the `-f` flag[21:48:22] <bahamat> Smithx10: What brand zone?[21:48:30] <Smithx10> centos[21:49:03] <bahamat> mgoetzke76: I'm not sure if this is it, but your server is vulnerable to CVE-2016-2107 (see https://blog.cloudflare.com/yet-another-padding-oracle-in-openssl-cbc-ciphersuites/)[21:50:54] <bahamat> mgoetzke76: The client *may* be aborting?[21:51:44] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 272 seconds)[21:52:58] *** jellydonut <jellydonut!~jelly@75.8.34.95.customer.cdi.no> has joined #smartos[21:54:03] <mgoetzke76> bahamat: the error message is pretty clear that the ca is not known. So I would assume that to be the first problem to solve. How would I add a ca? As for the vulnerability I would have to investigate how we are affected. The certificate is not generated by us and the openssl version should be the one included in smartos. That said ,the client is working quite a lot and is receiving data ( verbose mode shows that) and[21:54:03] <bahamat> mgoetzke76: When I try to import it says auth required.[21:54:03] <mgoetzke76> stops with the aforementioned error[21:54:39] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #smartos[21:55:20] <mgoetzke76> Auth required only appears when import does not include the registry ... E.g imgadm import docker.curasystems.com/mgoetzke/test[21:56:08] <bahamat> mgoetzke76: https://gist.github.com/10c2f0e6eef51336c15084a82bbf1cc0[21:58:21] <mgoetzke76> bahamat: you are missing the docker.curasystems.com/mgoetzke/test part , the repository name must include the fqdn otherwise it will try the official docker.io registry[21:59:36] <bahamat> mgoetzke76: No, it tries all of them.[21:59:54] <bahamat> The reason there are two messages saying auth req'd is because I have the official docker and yours.[22:00:07] <bahamat> When I remove the official docker one and just use yours I get the error only once.[22:01:29] <mgoetzke76> bahamat: good to know, but when I do specify the server is talked to and I still get the ca error. What is the official way to add a CA if that is the error?[22:02:52] <bahamat> Wait...no, I think you're right.[22:02:54] <bahamat> This..is weird.[22:04:46] <mgoetzke76> bahamat: I dont get the error, and there is no auth setup . When I leave the name of I get the error twice too. But when I add it I get cli.js to throw in line 431, coming from tls.js[22:05:13] <mgoetzke76> How would I add authentication to imgadm ?[22:08:37] *** jhot[m] <jhot[m]!jhotmatrix@gateway/shell/matrix.org/x-gumzvpymsdekrpxw> has joined #smartos[22:09:47] <bahamat> I'm not sure we support authentication.[22:10:53] <blackwood821> I'm having issues on a lx zone because systemd is not running but when I try to start it I get "/usr/lib/systemd/systemd Trying to run as user instance, but the system has not been booted with systemd."[22:11:06] <blackwood821> has anyone seen that before? there doesn't seem to be a run level set when the zone is up[22:12:15] <mgoetzke76> bahamat: looking at the verbose output a number of calls work fine so it shouldn't be a CA problem unless the last call doesn't use the same settings. Other than that i would indeed look into authentication, though the error message would be quite confusing.[22:16:58] *** gatekeep <gatekeep!~gatekeep@wls/staff/gatekeep> has joined #smartos[22:17:59] <bahamat> mgoetzke76: What platform image are you using?[22:19:10] <bahamat> When I include the hostname it downloads all the images.[22:19:45] <mgoetzke76> bahamat: 20181220[22:20:26] <bahamat> Hmm, I'm using 20181130T162318Z[22:20:29] <bahamat> jinni: changelog[22:20:29] <jinni> http://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html[22:20:56] <mgoetzke76> As for the vulnerability, interestingly we had updated to openssl 1.0.1u already which should have fixed that[22:26:28] <mgoetzke76> bahamat: so you could download them with fqn but got access denied when not. Also interesting. I could not even add the source without -k or getting the cert error[22:40:32] *** fejfighter <fejfighter!fejfighter@conference/linux.conf.au/x-bhfwlbzojhefitws> has joined #smartos[22:40:53] <bahamat> To add the source you do need to use -k[22:41:37] <bahamat> I'm not sure why it doesn't validate thawte, I would expect thawte to be in the trust anchor list.[22:41:46] <bahamat> But maybe they've rolled their keys or something.[22:45:10] <mgoetzke76> bahamat: thanks so far. Is there a way to add a CA ?[22:45:59] <bahamat> mgoetzke76: No, node doesn't offer that option.[23:00:02] *** ingenthr <ingenthr!~ingenthr@47.150.244.29> has quit IRC (Quit: Leaving.)[23:00:32] *** npx <npx!~alex@104.222.153.118> has joined #smartos[23:00:36] *** ingenthr <ingenthr!~ingenthr@47.150.244.29> has joined #smartos[23:01:59] <npx> So do you guys typically make the admin network accessible via VPN or is it totally isolated? I am just trepidatious about not being able to ssh into any CNs if the headnode goes down[23:02:22] <npx> which I realize it just won't like 99.9998% of the time[23:04:49] <arekinath> so there's tension here between that aspect of operator convenience and the security risks inherent in any external access to the admin network[23:05:15] <arekinath> we've traditionally recommended to just eat the operator convenience problem and completely isolate the admin vlan (don't even put a router there)[23:05:50] <arekinath> because access to that network is basically equivalent to root on every instance in the deployment[23:06:38] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has quit IRC (Remote host closed the connection)[23:07:10] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has joined #smartos[23:07:42] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 268 seconds)[23:08:01] <arekinath> it's not really realistic for a lot of production deployments though to expect that degree of isolation -- long-term (in rfd77 fantasy future land) I would like to see it considered reasonable to have a router on that network and even to allow traffic other than SSH from outside into it without it being equivalent to root... but right now... idk[23:08:02] <jinni> https://github.com/joyent/rfd/tree/master/rfd/0077[23:08:09] <arekinath> it depends a lot on what's important to you I guess[23:09:33] <jbk> ahh the rfd77 promised land :)[23:10:04] <npx> I've been trying to come up with a procedure to promote a new headnode in the event of failure (in essence, the new manatee master would become the new head node)[23:10:27] <npx> I think I could basically do this manually if I had external access to the admin network but then again it might all be a terrible idea[23:12:13] *** jellydonut <jellydonut!~jelly@75.8.34.95.customer.cdi.no> has quit IRC (Remote host closed the connection)[23:12:32] <arekinath> you should definitely have a go at a practise run of that in a lab before betting on doing it in prod, haha[23:12:36] <arekinath> it's... not easy[23:12:52] <arekinath> to the point where I think most people's strategy on headnode failure is just "get the headnode back up"[23:13:38] *** jellydonut <jellydonut!~jelly@75.8.34.95.customer.cdi.no> has joined #smartos[23:45:30] *** Kurlon <Kurlon!~Kurlon@98.13.72.207> has joined #smartos[23:47:25] <blackwood821> I have a zone that can't start systemd and I see that /run/dbus is missing on this zone but not on another zone, I tried reinstalled the dbus package but it didn't create that directory... any ideas?[23:47:57] <npx> I actually mean this constructively... don't use systemd ;)[23:48:20] <Smithx10> I noticed that smartos zones (base) etc set their hostname to the alias[23:48:27] <Smithx10> lx branded zones seem not to.[23:48:32] <Smithx10> Is that on purpose?[23:50:04] <blackwood821> npx: sure but I'm just trying to figure out why it's broken on this particular zone because it's not on the other zones that were created with the same image and it's causing problems[23:50:13] <blackwood821> the running zone shows no run level with `who -r`[23:55:20] *** polishdub <polishdub!~polishdub@207.86.38.254> has quit IRC (Quit: leaving)[23:59:39] <bahamat> blackwood821: /run is a tmp dir, you probably need to adjust something in /usr/lib/tmpfiles.d/ to make sure it's created properly.