Switch to DuckDuckGo Search
   October 30, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >

NOTICE: This channel is no longer actively logged.

Toggle Join/Part | bottom
[00:00:47] <gitomat> [illumos-gate] 11858 crontab could support /step -- Andy Fiddaman <omnios at citrus-it dot co.uk>
[00:38:24] <gitomat> [illumos-gate] 11885 man3m: missing symlinks -- Marcel Telka <marcel at telka dot sk>
[01:38:13] *** despair86_ <despair86_!~despair86@75-60-137-0.lightspeed.rcsntx.sbcglobal.net> has joined #illumos
[01:40:09] *** gh34 <gh34!~textual@cpe-184-58-181-106.wi.res.rr.com> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)
[01:41:38] *** despair86 <despair86!~despair86@75-60-137-0.lightspeed.rcsntx.sbcglobal.net> has quit IRC (Ping timeout: 276 seconds)
[01:41:48] *** despair86_ is now known as despair86
[01:56:46] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has quit IRC (Remote host closed the connection)
[01:58:01] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has joined #illumos
[02:02:16] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has quit IRC (Ping timeout: 240 seconds)
[02:20:00] *** ed209 <ed209!~ed209@> has quit IRC (Remote host closed the connection)
[02:20:06] *** ed209 <ed209!~ed209@> has joined #illumos
[02:34:51] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has quit IRC (Ping timeout: 264 seconds)
[02:39:17] *** sjorge <sjorge!~sjorge@unaffiliated/sjorge> has joined #illumos
[03:50:32] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has quit IRC (Quit: jcea)
[04:34:34] *** andyf <andyf!~andyf@omniosce.ee.ethz.ch> has quit IRC (Ping timeout: 265 seconds)
[04:34:59] *** andyf <andyf!~andyf@omniosce.ee.ethz.ch> has joined #illumos
[04:38:40] *** andyf <andyf!~andyf@omniosce.ee.ethz.ch> has quit IRC (Remote host closed the connection)
[04:39:15] <gitomat> [illumos-gate] 11862 cleanup smatch/cstyle/wscheck issues in usr/src/lib/sun_sas/ -- Rob Johnston <rob.johnston at joyent dot com>
[04:39:16] <gitomat> [illumos-gate] 11867 PCIe expansion slots mis-labelled in topo -- Rob Johnston <rob.johnston at joyent dot com>
[04:41:00] *** andyf <andyf!~andyf@omniosce.ee.ethz.ch> has joined #illumos
[04:49:37] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[04:50:58] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[05:03:29] *** magiktoo <magiktoo!~Magik@2607:fa10:110:0:84af:6f5a:519e:9c21> has quit IRC (Ping timeout: 246 seconds)
[05:15:59] *** magiktoo <magiktoo!~Magik@2607:fa10:110:0:98ca:8467:7ea2:7f83> has joined #illumos
[06:23:11] *** Blkt <Blkt!~Blkt@2a01:4f8:200:2425::adda> has quit IRC (Read error: Connection reset by peer)
[06:23:26] *** Blkt <Blkt!~Blkt@2a01:4f8:200:2425::adda> has joined #illumos
[06:44:34] <despair86> 'Action removal failed for 'etc/certs/CA/NetLock_Arany_(Class_Gold)_F\u0151tan\xfas\xedtv\xe1ny.pem' (pkg://openindiana.org/crypto/ca-certificates)'
[06:45:09] <Reinhilde> that sounds like work
[06:46:09] <despair86> yeah i have no idea why either
[06:46:26] <despair86> i'm just running a normal `pkg update`
[06:47:28] <LeftWing> despair86: That sounds like a locale-related thing
[06:48:25] * despair86 facepalms
[06:48:32] <despair86> right. i normally set mine to C
[06:50:12] <despair86> thx
[06:50:16] * Reinhilde facepalms with despair
[06:50:26] <Reinhilde> LeftWing: it should not be influenced by locale
[06:50:56] <LeftWing> Sure, but there are always bugs in software
[06:51:32] <LeftWing> despair86: If you set LANG=en_US.UTF-8 in your environment, does it work better?
[06:52:07] <LeftWing> perhaps LC_ALL also
[06:53:23] <despair86> yeah that's what it used to be set to. does illumos come with the old pre-Unicode locales by any chance?
[06:53:42] <LeftWing> I'm not sure, but I think we have some pre-Unicode locales for compatibility reasons
[06:54:23] <despair86> > rust
[06:54:28] <despair86> > ksh93isms
[06:54:29] <despair86> wat
[06:55:08] <LeftWing> Is that a question? :D
[06:55:09] * despair86 looks at scrollback from earlier
[06:55:11] <LeftWing> ah
[06:56:23] <despair86> wondering now how anyone outside of UNIX 5.4 uses KornShell anyway...linux doesn't ship it, the BSDs forked PDKSH, etc
[06:56:42] <LeftWing> As with so many things, it's a bit of an accident of history
[06:56:53] <despair86> and now rust somehow has non-bash specific language constructs
[06:57:16] <despair86> also still miffed that nokia refuses to let korn re-issue ksh88 :^p
[06:57:42] <LeftWing> There was a pretty fervent, fundamentalist set of people pushing ksh93 into OpenSolaris, and Sun was I suppose keen to embrace contirbutions from outside
[06:58:18] <LeftWing> The integration was done in a way that requires a lot of cleanup, even if we just wanted to _upgrade_ it
[06:58:52] <LeftWing> In practice I think people use bash for logins and probably even scripts now, and every distribution ships bash (and other shells) as well as the base ksh93, so, I guess it hasn't been a high priority
[07:00:50] <LeftWing> rmustacc has spent some time lately putting together native replacements for the utilities we currently get from ksh93, so, piece by piece! :D
[07:37:50] <tsoome> LeftWing: perhaps strip argument names too from 11870?
[07:40:24] <Reinhilde> LeftWing: what would those utils be?
[07:44:12] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[07:44:41] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[07:49:12] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[07:49:50] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[08:21:33] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has quit IRC (Quit: tsoome)
[08:23:35] *** denk <denk!~denis@devel.tambov.ru> has quit IRC (Remote host closed the connection)
[08:23:47] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has joined #illumos
[08:24:08] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has quit IRC (Client Quit)
[08:25:27] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[08:25:38] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[08:33:22] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[08:34:05] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[08:36:33] *** ptribble <ptribble!~ptribble@cpc92716-cmbg20-2-0-cust138.5-4.cable.virginm.net> has joined #illumos
[08:40:39] *** denk <denk!~denis@devel.tambov.ru> has joined #illumos
[08:43:03] *** btibble <btibble!~brantibbl@c-69-94-200-89.hs.gigamonster.net> has quit IRC (Ping timeout: 250 seconds)
[08:52:57] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[08:54:38] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[08:56:54] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has joined #illumos
[09:03:57] *** lambdanerd <lambdanerd!~lambdaner@2600:1700:86d0:930:20aa:1c8c:9e96:f3cd> has joined #illumos
[09:17:02] *** lambdanerd <lambdanerd!~lambdaner@2600:1700:86d0:930:20aa:1c8c:9e96:f3cd> has quit IRC ()
[09:28:19] *** andy_js <andy_js!~andy@97e29e78.skybroadband.com> has joined #illumos
[09:43:55] <Reinhilde> "zone data that needs to be shared across boot environments should be allocated to a dedicated dataset." are worked examples available?
[09:54:37] *** fanta1 <fanta1!~fanta1@p200300F76BC5850071AAF776B3FB1258.dip0.t-ipconnect.de> has joined #illumos
[09:56:00] *** andy_js <andy_js!~andy@97e29e78.skybroadband.com> has quit IRC (Quit: andy_js)
[10:00:16] *** ramcneal1 <ramcneal1!~ramcneal@> has joined #illumos
[10:00:52] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[10:06:11] *** ramcneal <ramcneal!~ramcneal@> has joined #illumos
[10:07:57] *** ramcneal1 <ramcneal1!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[10:23:13] *** arnoldoree <arnoldoree!~arnoldore@ranoldoree.plus.com> has joined #illumos
[10:23:39] *** man_u <man_u!~manu@manu2.gandi.net> has joined #illumos
[10:32:56] *** ramcneal1 <ramcneal1!~ramcneal@> has joined #illumos
[10:33:08] *** arnoldoree <arnoldoree!~arnoldore@ranoldoree.plus.com> has quit IRC (Quit: Leaving)
[10:33:28] *** arnoldoree <arnoldoree!~arnoldore@ranoldoree.plus.com> has joined #illumos
[10:34:37] *** ramcneal <ramcneal!~ramcneal@> has quit IRC (Ping timeout: 245 seconds)
[10:36:17] *** BrownBear <BrownBear!~BrownBear@> has quit IRC (Ping timeout: 240 seconds)
[10:38:13] *** andy_js <andy_js!~andy@97e29e78.skybroadband.com> has joined #illumos
[10:39:43] *** arnoldoree <arnoldoree!~arnoldore@ranoldoree.plus.com> has quit IRC (Quit: Leaving)
[10:40:00] *** arnoldoree <arnoldoree!~arnoldore@ranoldoree.plus.com> has joined #illumos
[10:53:42] *** BrownBear <BrownBear!~BrownBear@> has joined #illumos
[10:57:56] *** despair86_ <despair86_!~despair86@> has joined #illumos
[11:01:56] *** despair86 <despair86!~despair86@75-60-137-0.lightspeed.rcsntx.sbcglobal.net> has quit IRC (Ping timeout: 276 seconds)
[11:02:01] *** despair86_ is now known as despair86
[11:12:45] <tsoome> Reinhilde: this is true for both global and local zones; the example is /var/mail or NFS state/lock information and things like that. We do snapshot and clone entire /var as one, but it really should be split. see oracle solaris for example…
[11:13:27] <Reinhilde> tsoome: that's not what I am asking. I'm asking for an example of how to do that
[11:14:43] <tsoome> basically what they did was create rpool/VARSHARE dataset, store non-clonable bits there and set symlinks to preserve original names.
[11:15:26] <tsoome> but to make it happen, the packaging needs to be updated accordingly.
[11:19:02] <tsoome> Reinhilde: https://docs.oracle.com/cd/E37838_01/html/E61051/glyzj.html#scrolltoc
[11:20:00] *** ed209 <ed209!~ed209@> has quit IRC (Remote host closed the connection)
[11:20:06] *** ed209 <ed209!~ed209@> has joined #illumos
[11:21:20] <Reinhilde> if i want to have completely separate /var, is there an easy way to do that, tsoome ?
[11:21:35] <tsoome> separate from what?
[11:22:10] <tsoome> var is part of the base OS (package state etc), it can not be separated from BE config.
[11:23:08] <tsoome> it can be separate dataset (from root), but it will still handled as bundle (/, /usr, /var, /opt are BE components).
[11:24:22] <wilbury> ips is overengineered, i guess
[11:24:23] <wilbury> ;-)
[11:24:32] <Reinhilde> IPS is so massively overengineered that I just like
[11:24:54] <Reinhilde> want to roll my own illumos distribution that doesn't have IPS at all, if that's even a thing that is even theoretically possible
[11:24:59] <Reinhilde> i mean someone has probably done it
[11:25:16] <wilbury> nexenta gnu/opensolaris back then
[11:25:29] <Reinhilde> wow
[11:25:34] <Reinhilde> gnu/kopensolaris you mean?
[11:25:42] <Reinhilde> (analogy to gnu/kfbsd)
[11:26:00] <tsoome> you need to start with basic terms - what filesystem parts do constitute your OS, how you make your updates consistent etc.
[11:26:19] <igork> we have dpkg/apt on dilos - no IPS
[11:26:36] <tsoome> gnu is just an collection of bad attempts to reinvent the wheel.
[11:26:42] <Reinhilde> tsoome: semi true
[11:27:04] <tsoome> and to lock you into their closed world.
[11:27:06] <wilbury> igork: yeah, nexenta used to be that way
[11:27:15] <wilbury> opensolaris + dpkg
[11:27:27] <igork> it was in different things
[11:27:40] <jperkin> SmartOS has no IPS, nor Tribblix
[11:27:46] <Reinhilde> jperkin: fun
[11:29:32] <tsoome> the freebsd does have beadm, but the default install does not really support BE’s and you need to go through the pain and mud to get usable setup, and even then the whole concept of updating just does not work for you.
[11:30:12] <tsoome> it is not as simple as “hey, lets snapshot /usr and roll it back when we like to"
[11:31:08] <Reinhilde> it's absurd
[11:31:13] <Reinhilde> why do any of them even have bootenvs
[11:31:24] <Reinhilde> I just use a single bootenv on my freebsd system and don't really separate them
[11:31:31] <tsoome> because it can save you to have BE's
[11:31:38] <wilbury> tsoome: we use bectl on freebsd quite routinely
[11:31:58] <Reinhilde> I take a checkpoint snapshot when I'm about to do an upgrade (which I can roll back to through my Linux system that I still have as a cover my rear) but other than that
[11:32:08] <tsoome> wilbury: yes, so do I:)
[11:32:11] <wilbury> # bectl list
[11:32:11] <wilbury> BE Active Mountpoint Space Created
[11:32:11] <wilbury> default NR / 105G 2019-09-26 23:22
[11:32:11] <wilbury> head - - 906M 2019-09-26 23:33
[11:32:12] <wilbury> zof - - 59.7M 2019-10-01 21:42
[11:32:38] <Reinhilde> zof is what, zolof?
[11:32:41] <wilbury> since some zfs development is being done here
[11:33:01] <Reinhilde> i still think it's a mistake to merge zol to fbsd
[11:33:14] <wilbury> Reinhilde: zfs-on-freebsd (in fact, it is a BE where alek pintchuk tests his code)
[11:33:34] <andyf> Reinhilde, on OmniOS? Any dataset created directly under the rpool will be BE-independant.. I usually have rpool/home for example as I don't like my home directory rolling back and forth as I switch BEs
[11:33:43] <Reinhilde> aye
[11:33:46] <andyf> (and I think the installer does that by default for /home)
[11:34:07] <Reinhilde> kayak seems to, anyway
[11:36:21] <Reinhilde> tsoome: how twisted can an illumos system be and still boot correctly?
[11:36:46] <tsoome> doesnt that question have also the answer?
[11:36:47] <tsoome> :)
[11:36:52] <Reinhilde> lol
[11:37:05] <tsoome> if it boots, then it is not twisted enough:)
[11:37:11] <Reinhilde> ahaha
[11:37:27] <tsoome> how usable it is, is totally different matter
[11:37:52] <Reinhilde> tsoome: "the binaries aren't even in /usr/ like they normally are"
[11:38:02] <tsoome> ?
[11:38:13] <Reinhilde> that's layer 1 of how twisted this hypothetical system is
[11:38:32] <Reinhilde> will an illumos system, correctly configured, still boot with binaries not in the normal location, provided that it can still find everything
[11:38:32] <tsoome> most of binaries are in /usr
[11:38:35] *** lystra <lystra!~lystra@d53-64-11-169.nap.wideopenwest.com> has quit IRC (Quit: Leaving)
[11:39:51] <tsoome> anyhow, in userland, the availability of binaries is about how you mount your file systems and how you set up the startup mechanisms.
[11:39:56] <Reinhilde> yes
[11:41:29] <Reinhilde> tsoome: what's the strangest thing you've seen that is still 'killumos'?
[11:41:43] <tsoome> what is killumos?
[11:41:44] <Reinhilde> i know nexenta is gnu/kopensolaris, but that's not really that strange
[11:41:53] <Reinhilde> tsoome: it's "uses the kernel of illumos"
[11:43:10] *** GrahamPerrin[m] <GrahamPerrin[m]!grahamperr@gateway/shell/matrix.org/x-crmpehfubzqsotof> has quit IRC (Read error: Connection reset by peer)
[11:43:10] *** jhot[m] <jhot[m]!jhotmatrix@gateway/shell/matrix.org/x-nxpxzcmjycszzygh> has quit IRC (Write error: Connection reset by peer)
[11:43:10] *** psydroid <psydroid!psydroidma@gateway/shell/matrix.org/x-toxjkeuivofppanb> has quit IRC (Read error: Connection reset by peer)
[11:43:10] *** Ericson2314 <Ericson2314!ericson231@gateway/shell/matrix.org/x-lvhqkcngmpsylumt> has quit IRC (Remote host closed the connection)
[11:43:10] <tsoome> if it is appliance (like nexenta), you really do not care what is inside.
[11:43:10] <igork> illumos it is not just kernel
[11:43:10] <Reinhilde> igork: correct
[11:43:10] <Reinhilde> there's a lot more to illumos than just its kernel
[11:43:10] <igork> i know :)
[11:43:14] <Reinhilde> which is why debian could not call their bsd-kernelled forks "gnu/freebsd" but had to call them "gnu/kfreebsd"
[11:45:25] *** amrfrsh <amrfrsh!~Thunderbi@> has quit IRC (Quit: amrfrsh)
[11:47:16] *** cartwright <cartwright!~chatting@gateway/tor-sasl/cantstanya> has quit IRC (Ping timeout: 260 seconds)
[11:49:26] *** cartwright <cartwright!~chatting@gateway/tor-sasl/cantstanya> has joined #illumos
[11:51:55] <Reinhilde> igork: /= 54
[11:51:58] <Reinhilde> typo :-)
[12:00:55] *** steph <steph!~steph@minos.ber.rdev.info> has quit IRC (Quit: quit)
[12:05:03] *** steph <steph!steph@minos.ber.rdev.info> has joined #illumos
[12:06:10] *** jhot[m] <jhot[m]!jhotmatrix@gateway/shell/matrix.org/x-hynvlucnumedctie> has joined #illumos
[12:13:29] *** steph <steph!steph@minos.ber.rdev.info> has quit IRC (Quit: quit)
[12:17:08] *** steph <steph!steph@minos.ber.rdev.info> has joined #illumos
[12:39:38] *** Ericson2314 <Ericson2314!ericson231@gateway/shell/matrix.org/x-zikrtcvpfdqnvskv> has joined #illumos
[12:39:38] *** psydroid <psydroid!psydroidma@gateway/shell/matrix.org/x-odnfmblxnmbcfzzu> has joined #illumos
[12:39:38] *** GrahamPerrin[m] <GrahamPerrin[m]!grahamperr@gateway/shell/matrix.org/x-uvqdmglzomcfgyht> has joined #illumos
[12:40:29] <Reinhilde> tsoome: can someone have a bootable system with just the incomplete illumos gate?
[12:40:49] <tsoome> depends on what is incomplete.
[12:41:15] <Reinhilde> tsoome: the entire gate is there, but nothing more.
[12:41:24] <Reinhilde> i know that 'illumos' itself is something to build an OS on
[12:42:01] <tsoome> *maybe*.
[12:42:48] <tsoome> thats something you would need to test :D
[12:43:19] *** init2winit <init2winit!~isthis4re@> has joined #illumos
[12:44:00] <Reinhilde> tsoome: i don't need it to do anything, I just want it to boot and give me a login prompt
[12:44:42] <tsoome> well, you need to create its BE somehow:)
[12:45:58] <Reinhilde> aye
[12:46:11] *** yuripv <yuripv!~yuripv@> has quit IRC (Remote host closed the connection)
[12:46:21] <tsoome> but it would be nice thing to do..
[12:47:12] <ptribble> sure, I did that
[12:47:14] <ptribble> http://ptribble.blogspot.com/2015/09/illumos-pureboot.html
[12:48:44] <tsoome> ou, thats neat.
[13:07:51] *** amrfrsh <amrfrsh!~Thunderbi@> has joined #illumos
[13:43:13] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has joined #illumos
[13:44:20] *** gh34 <gh34!~textual@cpe-184-58-181-106.wi.res.rr.com> has joined #illumos
[13:46:30] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has quit IRC (Remote host closed the connection)
[13:50:15] *** psarria <psarria!~psarria@101.red-81-44-233.dynamicip.rima-tde.net> has quit IRC (Remote host closed the connection)
[13:50:52] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has quit IRC (Ping timeout: 268 seconds)
[13:53:37] *** neirac <neirac!~cneira@pc-184-104-160-190.cm.vtr.net> has joined #illumos
[14:11:31] *** Kurlon <Kurlon!~Kurlon@cpe-67-253-141-249.rochester.res.rr.com> has quit IRC (Ping timeout: 250 seconds)
[14:24:35] *** MarcelT_ <MarcelT_!~marcel@tortuga.telka.sk> has quit IRC (Ping timeout: 252 seconds)
[14:26:27] *** griffo <griffo!~sh42@fsf/member/zeroSignal> has quit IRC (Ping timeout: 264 seconds)
[14:28:31] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has joined #illumos
[14:38:52] *** tsoome <tsoome!~tsoome@148-52-235-80.sta.estpak.ee> has joined #illumos
[14:51:01] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #illumos
[14:54:20] *** MarcelT_ <MarcelT_!~marcel@tortuga.telka.sk> has joined #illumos
[15:01:04] *** btibble <btibble!~brantibbl@c-69-94-200-89.hs.gigamonster.net> has joined #illumos
[15:21:35] *** kvik <kvik!~kvik@unaffiliated/kvik> has quit IRC (Ping timeout: 246 seconds)
[15:23:30] *** kvik <kvik!~kvik@unaffiliated/kvik> has joined #illumos
[15:29:49] *** amrfrsh <amrfrsh!~Thunderbi@> has quit IRC (Quit: amrfrsh)
[15:31:13] <KungFuJesus> So it seems as though we had an NFS user's kerberos ticket expire with a long running job and the mountpoint basically hung for him and everyone else. Is this typical with kerberized NFS? Is there maybe a way around it?
[15:37:57] <tsoome> sounds like bug...
[15:42:30] *** psarria <psarria!~psarria@243.red-79-146-98.dynamicip.rima-tde.net> has joined #illumos
[15:43:07] <KungFuJesus> tsoome: To be clear, we want the mount to survive, the hanging is just a nasty side effect
[15:43:22] <KungFuJesus> the user attached to their screen session to find that their ticket had expired, and ls would hang
[15:44:09] *** psarria <psarria!~psarria@243.red-79-146-98.dynamicip.rima-tde.net> has quit IRC (Remote host closed the connection)
[15:44:29] <KungFuJesus> we're trying to determine if it expired without a renewal attempt or if AD just said that ticket was complete EOL
[15:45:18] <KungFuJesus> we're allowing proxying, and the user likely logged in via GSS based authentication to the system. With modern Linux configurations, how does it work? Does sssd do this on the user's behalf, or is something like krenew necessary for long running jobs?
[15:45:20] *** neirac <neirac!~cneira@pc-184-104-160-190.cm.vtr.net> has quit IRC (Remote host closed the connection)
[15:45:23] <tsoome> windows may have funny ideas about tickets
[15:45:42] *** neirac <neirac!~cneira@pc-184-104-160-190.cm.vtr.net> has joined #illumos
[15:46:20] <tsoome> for example the ticket delegation is controlled by certain permissions added to server host account
[15:46:27] <KungFuJesus> right now the temptation to do sec=sys is very high, but that's likely to bite us later for potential security audits that our contracts will mandate
[15:46:35] <tsoome> I do not know about renew
[15:47:27] <tsoome> the whole server should not hung in any case.
[15:48:04] <KungFuJesus> I mean the NFS operations hung, I think that might be somewhat expected of the Linux NFS client from what I can tell
[15:48:09] <tsoome> accessing the NFS share may get stuck depending on how the mount was done.
[15:48:44] <tsoome> soft versus hard mount, interrupt enabled or not.
[15:49:09] <KungFuJesus> intr is ignored for autofs it would seem, I didn't pass hard so I think it should assume soft
[15:49:39] <tsoome> autofs is only doing mounts, so it probably is about how you specify the option
[15:50:47] <KungFuJesus> well, maybe not autofs so much, when I use rpcdebug to enable all output from the nfs client module, I see it stripping the intr option
[15:59:06] <KungFuJesus> it's not entirely clear to me how the ticket delegation works, I'm kind of guessing at that. At initial login, without autofs attempting the mount on the user's behalf, klist only shows the krbtgt principle. After mount, it sometimes shows an nfs principle with the NFS server's hostname
[15:59:47] <KungFuJesus> ah yes, so whichever user triggers the autofs mount, it creates the nfs principle for
[16:09:18] *** amrfrsh <amrfrsh!~Thunderbi@> has joined #illumos
[16:23:15] *** atrius <atrius!~atrius@99-160-139-232.lightspeed.nsvltn.sbcglobal.net> has quit IRC (Quit: ZNC - http://znc.in)
[16:23:30] *** psarria <psarria!~psarria@26.red-79-146-96.dynamicip.rima-tde.net> has joined #illumos
[17:04:13] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has quit IRC (Quit: jcea)
[17:09:14] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 240 seconds)
[17:24:55] *** amrmesh <amrmesh!~Thunderbi@> has joined #illumos
[17:26:08] *** amrfrsh <amrfrsh!~Thunderbi@> has quit IRC (Ping timeout: 245 seconds)
[17:26:08] *** amrmesh is now known as amrfrsh
[17:27:53] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #illumos
[17:31:08] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has joined #illumos
[17:35:57] *** amrfrsh <amrfrsh!~Thunderbi@> has quit IRC (Ping timeout: 268 seconds)
[17:36:20] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 246 seconds)
[17:38:56] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has joined #illumos
[17:53:43] <LeftWing> KungFuJesus: From what I recall in doing kerberised NFS many years ago, the authentication model is not a great match for what people generally expect to happen with NFS
[17:54:14] <KungFuJesus> right, there's a "mount user" and afterward the tickets of the user accessing the files are still checked as well
[17:54:33] <KungFuJesus> it's not perfect, but it's definitely a better option than using smb on our Linux servers
[17:54:48] <LeftWing> If I were doing "secure" NFS within a realm of infrastructure systems I'd look at having a required IPsec policy on the NFS server
[17:55:04] <LeftWing> And then do sec=sys over that IPsecr
[17:55:22] <LeftWing> *over that IPsec policy, so that I could be sure the system in question was really the system I thought it was
[17:55:40] <KungFuJesus> that would be a lot of systems with an IPSec link for us
[17:55:58] <KungFuJesus> it's unclear if the US government would deem that to be acceptable, as well
[17:56:52] <KungFuJesus> They have a standard in the classified realm that enforces kerberos for NFS - it's likely that's going to start applying to CUI data as well
[17:57:02] <LeftWing> That seems pretty unfortunate
[17:57:52] <KungFuJesus> I have a feeling we can make kerberos work if we can solve this ticket expiry issue, perhaps with renewals
[17:58:29] <KungFuJesus> performance, at least on gigabit, doesn't seemed to be hindered by krb5. Haven't measured the cost of krb5i or krb5p yet
[17:59:44] <KungFuJesus> I do notice, at least with file copies over NFS, there are these weird stall periods. I don't know if it's a bug in the NFS client or what, but it'll be full gigabit for like 20 seconds, then it'll do 5 seconds of idle everything, server and client (CPU and disks)
[17:59:59] <KungFuJesus> it would seem, at least at my initial testing, that dd is not affected by this, but rsync and cp are...
[18:02:12] <KungFuJesus> I'll have to look at nfsstat and maybe break out dtrace to figure out what the hell it's doing in these quiet periods. Maybe even a packet capture might say something (network activity goes to near 0 during this)
[18:02:43] <KungFuJesus> I think I read something about stat calls with NFS causing something like this, but I haven't looked enough into it
[18:04:24] <KungFuJesus> I welcome any input into ways to diagnose this separate performance issue :)
[18:17:29] *** ptribble <ptribble!~ptribble@cpc92716-cmbg20-2-0-cust138.5-4.cable.virginm.net> has quit IRC (Quit: Leaving)
[18:29:47] <KungFuJesus> LeftWing: at the very least, sec=krb5 should be a thing if doing NFS. While it doesn't actually protect the traffic like krb5i and krb5p would, the trust model of ensuring the client will do the right thing makes very little sense
[18:31:17] <LeftWing> I think it depends on how you manage the clients. I agree the Kerberos model that exists works for machines you don't control
[18:32:36] <LeftWing> But for a cluster of centrally managed machines where the user population are not privileged, a machine level trust approach would help a lot with things people can otherwise do with sec=sys
[18:33:32] <KungFuJesus> I mean unless auditors go full crazy and force me to turn on 802.1x - then maybe that gets to the point where sec=sys is not a big deal
[18:34:14] <KungFuJesus> also we have privileged users, typically for their own machines but sometimes servers as well
[18:34:38] <KungFuJesus> so yeah for that we'd need the access to still be protected by krb5 tickets
[18:36:55] <LeftWing> If they're privileged on the server they can still hijack the Kerberos credentials from the other users
[18:37:11] <LeftWing> The machine trust model isn't really worse there
[18:37:50] <KungFuJesus> I suppose that's true, they could probably just grab tickets that exist in the ticket cache for our shared servers
[18:37:55] <LeftWing> Yes
[18:38:26] <LeftWing> It's pretty hard to have a root user not be able to see and use private data like that
[18:38:39] <KungFuJesus> heh, guess it may mean me turning off admin bits. Hell most of the time it gives me more trouble than it saves me with them having the separate admin accounts
[18:41:15] *** man_u <man_u!~manu@manu2.gandi.net> has quit IRC (Quit: man_u)
[18:50:11] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has joined #illumos
[18:57:14] *** amrfrsh <amrfrsh!~Thunderbi@> has joined #illumos
[19:00:56] *** fanta1 <fanta1!~fanta1@p200300F76BC5850071AAF776B3FB1258.dip0.t-ipconnect.de> has quit IRC (Quit: fanta1)
[19:35:37] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has quit IRC ()
[19:37:53] <danmcd> For folks interested in nfs-zone, I've tagged unchanged man pages that MIGHT (emphasis on might) need nfs-zone updates
[19:37:53] *** alanc <alanc!~alanc@inet-hqmc06-o.oracle.com> has quit IRC (Remote host closed the connection)
[19:38:02] <danmcd> https://gist.github.com/danmcd/21d39eaa8ede7a18d2a5a3e3809cf04d
[19:38:20] *** alanc <alanc!~alanc@inet-hqmc06-o.oracle.com> has joined #illumos
[19:40:47] *** kahiru <kahiru!~quassel@ip-89-102-207-18.net.upcbroadband.cz> has joined #illumos
[20:21:48] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has joined #illumos
[20:23:19] *** kahiru <kahiru!~quassel@ip-89-102-207-18.net.upcbroadband.cz> has quit IRC (Ping timeout: 250 seconds)
[20:34:51] *** neirac <neirac!~cneira@pc-184-104-160-190.cm.vtr.net> has quit IRC (Quit: Leaving)
[20:38:42] *** kahiru <kahiru!~quassel@ip-89-102-207-18.net.upcbroadband.cz> has joined #illumos
[20:51:33] <KungFuJesus> Can someone explain to me how a copy of a non-sparse 0 filled file on an lz4 compressed zfs dataset could copy to an NFS share over gigabit backed by a non-compressed ZFS dataset, use almost no bandwidth, and complete in 16 seconds for 64GBs of 0s?
[20:51:38] <KungFuJesus> because that's what I just saw
[20:51:42] <KungFuJesus> and I'm very confused
[20:52:34] <KungFuJesus> is Linux's cp trying to be "smart" and see the 0 fill, and call ftruncate on the NFS host or something? Is there an ftruncate within the NFS spec?
[21:03:01] <KungFuJesus> ah reading linux's cp man page seems to imply it is a heuristic to determine whether or not to write a sparse file at the destination. I think my suspicion is correct
[21:09:19] <LeftWing> I would imagine it's doing something with sparse files, yes
[21:11:30] *** amrmesh <amrmesh!~Thunderbi@> has joined #illumos
[21:14:15] *** amrfrsh <amrfrsh!~Thunderbi@> has quit IRC (Ping timeout: 268 seconds)
[21:14:15] *** amrmesh is now known as amrfrsh
[21:16:53] <tsoome> yes lthey do ask fs to set the “hole”. which is also bad since it has no proper fallback - our pcfs does not support that api.
[21:16:55] <KungFuJesus> the "crude heuristic" must involve observing apparent size vs actual or something
[21:17:39] <KungFuJesus> I'm both impressed and annoyed at the same time. It looks like --sparse parameter would have at least let me control it, though
[21:19:50] <KungFuJesus> I'm trying to diagnose this weird random 5 second stall issue with NFS IO. Do you guys know if it's typical for NFS activity to periodically stop for coherency between clients for data/metadata?
[21:20:00] *** ed209 <ed209!~ed209@> has quit IRC (Remote host closed the connection)
[21:20:07] <KungFuJesus> I do have some of these file systems mounted over slow remote links, but I'm not sure that I did for the problem one
[21:20:07] *** ed209 <ed209!~ed209@> has joined #illumos
[21:20:54] <KungFuJesus> this is my current theory, as I'm not seeing this stall yet on this 48GB random file being copied to this NFS mount point for which I'm the sole accessor
[21:21:42] <copec> 5 seconds is the write cycle for closing the merkle tree on zedfs
[21:22:11] <copec> <- arbitrarily sometimes fact generator
[21:29:04] <KungFuJesus> copec: would that cause a 5 second stall when sync=disabled?
[21:30:00] <init2winit> hi...I have tried Openindiana and the gui version works suprisingly well but apparently they are no longer binary compatible with opensolaris. Are there people who run illumos with gui/de/displaymanager etc and are there guides for this?
[21:30:28] <init2winit> I am also interested in dilos dpkg/apt tools, and wondering if anyone has tried to make them work/port them to illumos
[21:30:57] <copec> init2winit try searching out pkgsrc modular xorg on illumos or omnios
[21:31:55] <KungFuJesus> copec: I don't think that's what I'm seeing here, as I don't see these random stalls with local IO
[21:32:13] <KungFuJesus> plus the CPUs on both host and clients are basically idle during this period
[21:32:17] <KungFuJesus> as are the NICs
[21:32:27] <KungFuJesus> I think something is going on with the NFS protocol during this time that causes this
[21:32:45] <copec> init2winit One of the stoppers for me is that I need recent firefox releases because I maintain shared webservers, and we get the firefox esr releases
[21:32:57] <copec> which is still nice...
[21:35:02] <copec> KungFuJesus My own personal methodology would be to instrument the overall behavior with various tools first (transfer rate/time over network, to disks, etc.)
[21:35:31] <copec> What does zpool iostat -v 1 look like for instance
[21:36:41] <init2winit> copec im not sure i understand ffx comment: there are only esr firefox releases on illumos? or on OI?
[21:36:42] <copec> There is certainly people here that could probably KungFu intuit some answer, but I like to continue to make observations while I float questions out there
[21:37:02] <KungFuJesus> copec: disks are idle during the idle times
[21:37:26] <KungFuJesus> 0 network activity, 0 cpu activity (mpstat says full idle). I probably should pull out nfsstat for just this piece of it
[21:37:30] <copec> init2winit well, both. We inherit it via alanc getting it packaged for Solaris, according to my understanding.
[21:42:07] <init2winit> https://twitter.com/alanc?lang=en https://community.oracle.com/thread/4061013 this alanc? He seems to work for oracle, so are you saying binaries come strait from him/oracle?
[21:42:12] <init2winit> straight*
[21:42:30] <alanc> is there any other alanc?
[21:43:06] <alanc> but I'm not the one who builds firefox - Petr does that
[21:44:07] <alanc> I don't know where you get Firefox binaries from - but they're probably not built by Oracle unless you're getting them from pkg.oracle.com
[21:44:21] <alanc> OpenIndiana builds their own binaries from source
[21:45:01] <copec> Do you guys work with Mozilla at all to get Firefox ESR to build on Solaris* targets?
[21:45:17] <alanc> Petr submits source patches & files bugs as necessary
[21:46:00] <alanc> building binaries for posting on mozilla.org ended when Oracle closed the Beijing office that had been doing those builds, which is why they don't exist for any release in the past few years
[21:47:49] <copec> Any Oracle customers express a need for a newer Firefox?
[21:49:18] <copec> That's pretty neat that you got gnome3 running on it
[21:49:28] <alanc> they seem to be satisfied with us keeping up with the current ESR releases
[21:49:53] <alanc> I certainly haven't asked every one of them, or heard all their feedback
[21:49:56] *** Kurlon <Kurlon!~Kurlon@bidd-pub-03.gwi.net> has quit IRC (Ping timeout: 240 seconds)
[21:51:11] <copec> well, I noticed netbsd has a recent firefox in pkgsrc, so that's probably what I would look at if I were personally interested in getting it to build on illumos
[21:51:22] <copec> on the netbsd kernel, not illumos
[21:52:10] <copec> I'm actually going to go over there and ask them
[21:54:41] <copec> sorry to bother alanc, and thanks
[21:55:05] <alanc> keeping firefox up to date is much easier if you don't care about SPARC
[21:55:46] <alanc> we're still having fun with the whole "we can do whatever we want with the top 17-bits of pointer addresses and it won't matter" design of the javascript engine
[21:56:13] <alanc> though now that Intel's expanding it's page mappings into those bits, that should blow up on everyone soon
[21:56:41] <copec> yowsers
[21:58:14] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has quit IRC (Remote host closed the connection)
[21:59:41] *** Yogurt <Yogurt!~Yogurt@104-7-67-228.lightspeed.sntcca.sbcglobal.net> has joined #illumos
[22:02:51] <init2winit> pkg.oracle.com alanc you said no more binaries on mozilla bc beijing closed, so what remains at this url?
[22:03:24] <init2winit> who makes them and why arent they still shipped to mozilla download page?
[22:04:07] <alanc> pkg.oracle.com is the Solaris package repo, for customers running Solaris, with binaries built by Oracle
[22:04:29] <alanc> Oracle has no business need to post free binaries on mozilla.org when it's customers can get them as part of the OS package repo
[22:05:01] <alanc> no one else in the world cares enough about Firefox for Solaris to volunteer to build & post binaries to the mozilla.org web page
[22:07:13] <copec> I knew OI built it themselves, but I thought the reason for that was the influence of Oracle at Mozilla to get versions building for Oracle to ship to their customers, and then we inherited the benefits of that
[22:07:32] <copec> Not the other way around, in that particular instance
[22:07:51] <alanc> I do think OI benefits from the source changes Oracle makes & shares
[22:08:02] <alanc> just not the binaries
[22:22:48] <KungFuJesus> LeftWing: so as it turns out, the user with the krb ticket issue apparently backgrounded their process and terminated the shell, letting it reparent to init
[22:23:27] <KungFuJesus> which of course would have renewal issues, as the session management done with systemd/PAM would have terminated and the key would have failed to renew
[22:25:33] <KungFuJesus> alanc: I had similar issues bootstrapping the firefox build for PowerPC - my first hangup being it needs node.js now, which needs v8, which has a PPC port but it really only works for POWER5
[22:26:09] <KungFuJesus> it was all pretty frustrating considering how just a few years ago it was so much more portable
[22:26:21] <KungFuJesus> though, less emphasize may have been placed on the optimization of the javascript engine
[22:26:29] <KungFuJesus> emphasis*
[22:33:11] <alanc> yeah, we end up running the node.js bits on x86, and copying the output over to a SPARC machine, because that's easier than making node.js on SPARC work
[22:33:57] <jellydonut> node.js was a mistake
[22:34:14] <despair86> inb4 someone is insane enough to port chrome to solaris
[22:34:17] * despair86 cringes
[22:35:01] <alanc> chromium was ported years ago, during opensolaris days, google never did the proprietary bits to make chrome though
[22:35:52] <alanc> https://bugs.chromium.org/p/chromium/issues/detail?id=30101 - heh, didn't get closed as wontfix until a few months ago
[22:37:06] *** Kurlon <Kurlon!~Kurlon@cpe-67-253-141-249.rochester.res.rr.com> has joined #illumos
[22:41:01] *** Pocky <Pocky!~Pocky@> has joined #illumos
[22:41:03] *** gh34 <gh34!~textual@cpe-184-58-181-106.wi.res.rr.com> has quit IRC (Quit: Textual IRC Client: www.textualapp.com)
[22:45:16] *** Pocky <Pocky!~Pocky@> has quit IRC (Client Quit)
[23:40:56] <init2winit> ty...how nice that google cant even be bothered to telemetrize/track solaris users
[23:49:36] *** ClaesBas <ClaesBas!~ClaesBas@h-47-80.A498.priv.bahnhof.se> has joined #illumos
[23:51:34] *** jcea <jcea!~Thunderbi@2001:41d0:1:8a82:7670:6e00:7670:6e00> has quit IRC (Quit: jcea)

   October 30, 2019  
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | >