February 28, 2013 
< | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | >
February 28, 2013 [00:03:30] *** nefilim has quit IRC[00:04:39] *** wolfeida_ has joined #smartos[00:05:20] *** nefilim has joined #smartos[00:05:48] *** bluezenix has quit IRC[00:07:41] *** wolfeidau has quit IRC[00:08:00] *** Guest39669 has quit IRC[00:09:58] *** szaydel has quit IRC[00:16:09] *** artimus has joined #smartos[00:16:32] *** artimus is now known as Guest95339[00:19:55] *** ipalreadytaken has joined #smartos[00:21:07] *** Guest95339 has quit IRC[00:25:26] *** wolstena has left #smartos[00:52:07] <wesolows> nahamu: We don't ever plan to support building SmartOS in a sngl zone. We do plan to support building in the new multilib joyent zone instead of requiring 1.6.3.[00:52:18] <wesolows> if it works, now or ever, it will be by accident.[00:53:21] <wesolows> I was being a bit politic this morning; the reality is that I absolutely don't want, and won't do development in, a zone where the contents of /usr are unprefixed GNU tools.[00:53:44] <wesolows> But I know that other people do, and that actually gives us a chance to make it easier to build in a joyent zone.[00:55:37] <ira> wesolows: (applause) As long as the gnu tools have g's before them.. I'm happy ;)[00:55:50] <trentster> yofuh: you still around?[00:57:54] <yofuh> trentster: a little[01:01:53] *** nefilim2 has joined #smartos[01:02:12] <nahamu> wesolows: makes sense. I guess I was mostly curious if having a writable /usr would make setting up a build zone easier[01:02:32] <wesolows> not really. The fake subset is almost gone, and should be completely gone soon.[01:02:49] * nahamu nods[01:03:13] <wesolows> The only things left are like yacc and lex and make that are hardcoding paths in /usr; it would make that easier, but that more than offsets the fact that then we have to find a place to shove the real make(1).[01:03:52] *** nefilim has quit IRC[01:04:22] <ira> wesolows: I'll be very happy the day you kill fake-subset. Alawys feel a bit hokey with it ;)[01:08:12] *** szaydel has joined #smartos[01:08:17] <wesolows> we all will[01:13:14] <richlowe> wesolows: may as well ship lex and yacc as not, surely?[01:18:20] *** ira has quit IRC[01:20:27] *** nefilim2 has quit IRC[01:28:13] *** darjeeling has quit IRC[01:34:27] *** leecallen has quit IRC[01:35:03] *** leecallen has joined #smartos[01:40:39] *** wolfeida_ has quit IRC[01:40:57] *** wolfeidau has joined #smartos[01:44:21] *** tonyarkles has joined #smartos[01:44:44] *** enmand has joined #smartos[01:47:41] *** wolfeidau has quit IRC[01:47:56] *** wolfeidau has joined #smartos[01:50:03] <nshalman> richlowe: you mean ship them in the platform?[01:51:17] *** Webhostbudd has joined #smartos[01:52:29] *** szaydel has quit IRC[01:54:24] *** nefilim1 is now known as nefilim[01:55:23] *** nikolam has joined #smartos[02:02:59] *** szaydel has joined #smartos[02:14:03] *** tallship has quit IRC[02:22:17] <jperkin> ok I fixed vnc, it should show up in the trunk dataset in a day or two[02:26:42] <nahamu> jperkin: which VNC codebase does it use?[02:31:35] *** darjeeling has joined #smartos[02:32:28] *** potatosalad has quit IRC[02:32:58] *** iyp has quit IRC[02:33:22] *** potatosalad has joined #smartos[02:34:18] <jperkin> the at&t one[02:37:45] *** nefilim has quit IRC[02:38:35] *** iyp has joined #smartos[02:48:48] *** potatosalad has quit IRC[02:49:30] *** shizer_ has joined #smartos[02:52:11] *** iyp has quit IRC[02:55:22] *** ryancnelson has joined #smartos[02:59:12] *** potatosalad has joined #smartos[03:02:25] *** iyp has joined #smartos[03:04:44] *** andywocky has joined #smartos[03:06:50] <andywocky> is there a quick guide to setting up my smartos server for root login using ssh keys?[03:11:53] <ryancnelson> do you mean a zone? or setting ssh keys for the global zone?[03:11:59] <andywocky> global zone[03:12:20] <ryancnelson> k… one sec, finding the link[03:14:50] <ryancnelson> ah:[03:14:50] <ryancnelson> http://wiki.smartos.org/display/DOC/extra+configuration+options#extraconfigurationoptions-Console%2FLogin%2FSSHkeys[03:15:28] <ryancnelson> so, if i'm reading it right, putting:[03:15:39] <ryancnelson> root_authorized_keys_file=authorized_keys[03:15:44] <ryancnelson> … in your config file[03:16:27] <ryancnelson> … and then putting a file of your keys in the /usbkey/config.inc/ directory[03:16:34] <ryancnelson> (named authorized_keys)[03:16:38] <ryancnelson> … it should work[03:16:54] <andywocky> thx[03:17:01] <ryancnelson> other method:[03:17:04] <ryancnelson> http://www.psychicfriends.net/blog/archives/2012/03/21/smartosorg_run_things_at_boot.html[03:17:14] <arekdreyer> psychic friends? wow.[03:17:26] <ryancnelson> … which is a general case "run things at boot" script… but my example was "copy in some ssh keys"[03:17:40] <arekdreyer> nice domain name :)[03:17:47] *** dap1 has quit IRC[03:17:54] <ryancnelson> i've been defending it for years[03:18:07] <andywocky> what do I do about password login?[03:18:19] <ryancnelson> to the global zone?[03:18:20] <ryancnelson> just log in[03:18:22] <andywocky> yes[03:18:26] <andywocky> can /should I disable it?[03:19:16] <ryancnelson> well, your ssh_config change isn't really persistent, unless you use the above technique to modify that, too, every boot[03:20:08] <ryancnelson> … or, use that to set up ipf rules, etc, etc...[03:21:07] <ryancnelson> not having a password isn't any more cryptographically secure… it's just less prone to "whoops, i left the post-it note lying around" stuff[03:21:51] <andywocky> oh, I was under the impression that key logins were more secure[03:22:56] *** shizer_ has quit IRC[03:23:30] <ryancnelson> … against brute-force attacks, technically yes. but practically, if you've got a good password, then brute-force isn't reasonable, anyway, and then you're back to "someone could overhear the password"[03:24:07] <ryancnelson> … but you can check your private key into github (like 1000 people did last month), and you're in the same boat[03:24:13] *** iyp has quit IRC[03:24:17] <jesse_> don't forget someone pwning your workstation and installing a keylogger[03:24:58] <jesse_> those private keys probably have a somewhat good passphrase attached?[03:25:10] <ryancnelson> do what you feel… but just know that smartos really wants you to not muck around in the global zone, so it's not terribly simple to change things there persistently[03:25:33] <ryancnelson> oh, the github ones? i cannot imagine most did, given that they got checked into github[03:26:05] <jesse_> so, get all keys, ssh through the ipv4 space with them... there must be profit here somewhere[03:26:53] <ryancnelson> last month, github launched search, and you could just cruise around and find them. also ssl certs, wordpress configs, etc[03:27:17] <jesse_> pastebin etc. have had plenty of those before[03:27:19] <ryancnelson> … dont' need to even search ipv4, you can use the also-checked-into-git known_hosts file[03:27:28] <jesse_> haha[03:27:37] <jesse_> and the uid in the .ssh_config?=)[03:28:18] <ryancnelson> eh, if they're using .ssh_config, that implies they know at least *something* about it[03:30:15] <jesse_> true, now that I think of it[03:30:34] <jesse_> ok, use the github account name as user[03:30:36] <jesse_> or root[03:30:40] <jesse_> that should do it[03:32:17] <richlowe> is there anything shipping by default on smartos akin to acpidump?[03:32:46] <richlowe> want to see a madt on a machine that isn't mine.[03:33:56] *** tonyarkles has quit IRC[03:56:55] *** ryancnelson has quit IRC[04:00:26] *** des2 has quit IRC[04:04:41] *** darjeeling has quit IRC[04:10:30] *** des2 has joined #smartos[04:14:57] <nahamu> richlowe: I can get you a listing of the contents of /usr if that's helpful...[04:15:34] *** _lb_ has joined #smartos[04:15:51] <nahamu> errr /usr/bin[04:16:01] <nahamu> and sbin... whatever you want. :)[04:16:29] <wesolows> well I don't think we ship iasl[04:16:40] <wesolows> so the answer is probably not[04:17:17] *** iyp has joined #smartos[04:21:32] *** nefilim has joined #smartos[04:22:10] *** arekdreyer has quit IRC[04:28:17] *** szaydel has quit IRC[04:30:04] *** amuldowney has joined #smartos[04:32:59] <amuldowney> I have a bge interface that is coming up 10/half. I'm trying to force it to 10/full, which is what the switch port is supposedly set to. I've tried both ndd and dladm with no success. Any ideas?[04:34:36] *** trentster has quit IRC[04:34:52] *** andywocky has quit IRC[04:40:32] *** trentster has joined #smartos[04:45:05] *** dap has joined #smartos[04:50:41] *** andywocky has joined #smartos[04:59:32] *** dap has quit IRC[05:04:08] *** artimus has joined #smartos[05:04:32] *** artimus is now known as Guest47535[05:04:33] *** badboy_ has quit IRC[05:06:21] *** andywocky has quit IRC[05:14:06] <jefferai> I have a smartos box that completely seemed to freeze up -- lost all network connectivity to it, and a ctrl-alt-del sent through a management interface did nothing -- had to soft power reset it[05:14:09] *** szaydel has joined #smartos[05:14:11] <jefferai> how can I figure out what happened?[05:14:17] <jefferai> the logs in /var/log are not illuminating in the slightest[05:15:21] *** Guest47535 has quit IRC[05:18:23] *** badboy_ has joined #smartos[05:22:18] <richlowe> you probably can't, what you wanted to do was try to force it to panic[05:22:24] <richlowe> (does smartos panic on NMI by default yet?)[05:23:23] *** darjeeling has joined #smartos[05:33:30] <jefferai> what do you mean by try to force it to panic?[05:33:54] <jefferai> didn't it already if it locked up?[05:34:48] <richlowe> No, it locked up.[05:35:05] <jefferai> ah, so a panic wouldn't do that[05:39:26] *** sachinsharma has joined #smartos[05:44:46] *** darjeeli_ has joined #smartos[05:47:53] *** darjeeling has quit IRC[05:50:53] *** darjeeli_ has quit IRC[05:51:51] *** darjeeling has joined #smartos[05:57:27] *** axonpoet has joined #smartos[06:00:59] *** potatosalad has quit IRC[06:08:56] *** darjeeling has quit IRC[06:10:55] *** dap has joined #smartos[06:11:17] *** darjeeling has joined #smartos[06:11:18] *** amuldowney has quit IRC[06:15:51] *** iyp has quit IRC[06:17:07] *** darjeeli_ has joined #smartos[06:18:34] *** darjeeling has quit IRC[06:24:03] *** abhishekvasisht has joined #smartos[06:36:48] <rmustacc> richlowe: We've always defaulted to panic on nmi.[06:37:33] <rmustacc> richlowe: If you have an acpidump like binary I can use it to get you whatever it is you're looking for.[06:38:27] <rmustacc> scarcry: I had to disappear for a wihle, but there aren't any other platforms. Someone with hardware needs to just take it to root cause and I don't think I own that hardware, but I'll see if I can get something to happen with some testing.[06:40:08] *** dap has quit IRC[06:46:58] <ipalreadytaken> Howdy! Does anybody know of a preferred puppet provider for pkgin? I found one from mudge but it seems a bit dated.[06:59:07] *** nefilim has quit IRC[07:08:31] <richlowe> rmustacc: ah, I wanted a look at the acpi interrupt crud on trentster's system.[07:09:17] *** wolfeidau has quit IRC[07:10:11] <richlowe> not that I think it's necessarily important even, I just want a more complete view of things while I think[07:12:04] *** darjeeli_ has quit IRC[07:21:27] *** szaydel has quit IRC[07:34:12] *** axonpoet has quit IRC[08:20:09] *** mamash has joined #smartos[08:33:28] *** kamilr has joined #smartos[08:50:46] *** darjeeling has joined #smartos[08:51:48] *** alucardX has joined #smartos[08:52:00] *** darjeeli_ has joined #smartos[08:55:13] *** darjeeling has quit IRC[09:07:00] *** rodgort has quit IRC[09:08:30] *** rodgort has joined #smartos[09:09:48] *** alcir has joined #smartos[09:12:39] *** robinsmidsrod has quit IRC[09:13:41] *** robinsmidsrod has joined #smartos[09:14:56] *** ipalreadytaken has quit IRC[09:17:30] *** bens1 has joined #smartos[09:20:14] *** texarcana has quit IRC[09:21:30] *** texarcana has joined #smartos[09:26:37] *** chh has joined #smartos[09:29:52] *** marsell has quit IRC[09:33:32] *** bluezenix has joined #smartos[09:45:55] *** ipalreadytaken has joined #smartos[09:52:53] <alcir> ah![09:53:01] <alcir> I can boot the solaris 10 iso[09:53:25] <alcir> if my kvm vm has 2 vcpu the boot hangs[09:53:36] <alcir> with only 1 vcpu it works[09:53:37] <alcir> :-/[09:54:09] <alcir> at least for now, I don't know if I will be able to install[09:54:55] *** ipalreadytaken has quit IRC[10:01:20] *** darjeeli_ has quit IRC[10:31:58] *** Azbruh has quit IRC[10:33:21] *** Azbruh has joined #smartos[10:36:49] *** KermitTheFragger has joined #smartos[11:06:28] *** Webhostbudd has quit IRC[11:06:45] *** Webhostbudd has joined #smartos[11:11:13] *** nikolam has quit IRC[11:12:03] *** nikolam has joined #smartos[11:28:56] *** Vod has joined #smartos[11:38:30] *** dimitarivanov has joined #smartos[11:46:03] *** wolfeidau has joined #smartos[12:28:47] *** joshie has quit IRC[12:29:13] *** joshie has joined #smartos[13:06:16] *** robinsmidsrod has quit IRC[13:07:41] *** robinsmidsrod has joined #smartos[13:08:25] *** Vod has quit IRC[13:10:41] *** robinsmidsrod has quit IRC[13:12:11] *** robinsmidsrod has joined #smartos[13:20:04] *** sachinsharma has quit IRC[13:20:50] *** Andy has joined #smartos[13:21:15] *** arekdreyer has joined #smartos[13:26:03] *** ira has joined #smartos[13:26:30] *** Webhostbudd_ has joined #smartos[13:26:38] *** leecallen35 has joined #smartos[13:28:20] *** chh_ has joined #smartos[13:30:56] *** EMH_Mark4 has joined #smartos[13:31:23] *** jeffpc_ has joined #smartos[13:31:25] *** estibi_ has joined #smartos[13:34:58] *** szaydel has joined #smartos[13:34:59] *** leecallen35 has quit IRC[13:35:13] *** leecallen35 has joined #smartos[13:35:46] *** Webhostbudd has quit IRC[13:35:47] *** chh has quit IRC[13:35:50] *** leecallen has quit IRC[13:35:53] *** EMH_Mark3 has quit IRC[13:36:01] *** estibi has quit IRC[13:36:01] *** jeffpc has quit IRC[13:38:45] *** Vod has joined #smartos[13:46:11] <bluezenix> just found out that dbus uses getgrouplist if available, or just the primary group .. when checking group policies. I found this: https://github.com/joyent/illumos-joyent/blob/master/usr/src/cmd/ssh/libopenbsd-compat/common/getgrouplist.c[13:46:18] <bluezenix> is this library included into smartos somewhere?[13:47:10] <jperkin> no[13:47:51] <bluezenix> what should I do :)[13:48:10] <jperkin> patch dbus?[13:52:35] <bluezenix> should I report it somewhere?[13:53:30] <jperkin> what's the actual problem? dbus builds ok for us, but I don't know that we actually have people who use it[13:54:57] <bluezenix> yes it builds, just with an unexpected 'feature' like this[13:55:57] <bluezenix> it just took me about a day to figure out :P[13:56:07] <bluezenix> so i'd like others not to have this problem[13:56:44] <jperkin> ideally submit a bug report upstream and get dbus authors to include the compat version if they can't find a native one[13:57:04] <jperkin> second best, patch it yourself and submit that to us and we'll integrate it[13:57:17] <jperkin> finally, just wait for me to do it myself ;)[13:57:29] <bluezenix> but what about other software?[13:57:46] <jperkin> I would hope other software isn't as broken as dbus[13:57:48] <bluezenix> googling getgrouplist, seems to be a pretty universally available func[13:58:00] <bluezenix> on bsds and linux[14:06:50] *** abhishekvasisht has quit IRC[14:15:55] *** nikolam has quit IRC[14:31:09] <bluezenix> quick n dirty https://github.com/vizanto/nixpkgs/commit/14a74deb7bcd0d472e328b9bb3fd52d45bb555e5[14:33:29] *** axonpoet has joined #smartos[14:47:45] *** mamash has left #smartos[14:53:25] <alcir> [ Feb 28 13:52:41 Executing start method ("/opt/local/sbin/nginx -c /opt/local/etc/nginx/nginx.conf"). ][14:53:26] <alcir> nginx: [emerg] BIO_new_file("/var/db/fifo/fifo.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/var/db/fifo/fifo.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)[14:53:27] <alcir> op[14:53:31] <alcir> sorry[14:58:29] *** vsomes__ has joined #smartos[15:02:57] *** vsomes__ has quit IRC[15:02:57] *** enmand has quit IRC[15:04:40] *** axonpoet has quit IRC[15:05:13] <alcir> cannot unmount '/zones/fifo': Device busy[15:05:24] <alcir> how to see who is using this mountpoint?[15:05:31] <alcir> like lsof?[15:05:42] *** vsomes__ has joined #smartos[15:06:24] *** enmand has joined #smartos[15:14:10] *** scsbcn has joined #smartos[15:14:19] *** darjeeling has joined #smartos[15:14:40] *** Cpt-Oblivious has joined #smartos[15:16:25] <scsbcn> hi dears[15:16:56] <scsbcn> any spice guru ? :)[15:17:56] *** enmand has quit IRC[15:21:04] *** scsbcn has quit IRC[15:21:16] <JT-EC> Anyone know the syntax for removing tags from a nic in vmadm update? Have two primary nics![15:21:21] *** matticulous has joined #smartos[15:21:35] <Alasdairrr> JT-EC: yeah, vim /etc/zones/uuid.xml[15:23:51] *** iyp has joined #smartos[15:29:21] <ira> Way cool, my stupid first try at a user space provider is crashing dtrace![15:33:41] <nahamu> ira: we humans only learn from failures... sounds like you're busy learning. :-)[15:34:01] <ira> I'm not sure what's failing… ;)[15:34:40] <nahamu> I'd tell you to use dtrace to figure it out, but... yeah... :)[15:35:11] <ira> Well, I did truss dtrace to figure out that it is at least pulling in my probe definitions.[15:35:25] <ira> Now, the question is, why am I failing the assert ;)[15:35:42] <MerlinDMC> JT-EC, man vmadm ... Example 10 ... but just don't reset the ip but use primary: false or primary: true[15:36:39] <JT-EC> MerlinDMC: Already tried that, gives "invalid value for NIC's primary flag: false (must be true)"[15:37:32] <JT-EC> MerlinDMC: Hence then assuming primary is a tag I can remove with remove_tags which doesn't have an example! Probably a false assumption anyway, not sure.[15:42:04] *** vsomes has quit IRC[15:43:56] *** tonyarkles has joined #smartos[15:46:58] <MerlinDMC> JT-EC, set the correct one to true will turn others to false[15:48:51] <JT-EC> MerlinDMC: Ah, that worked. Thanks.[15:53:18] *** ipalreadytaken has joined #smartos[15:54:34] *** tonyarkles has quit IRC[15:57:35] *** ipalreadytaken has quit IRC[15:58:01] *** tonyarkles has joined #smartos[16:00:34] *** matticulous has quit IRC[16:04:19] *** matticulous has joined #smartos[16:05:31] *** CarlosC has joined #smartos[16:12:34] *** chh_ has quit IRC[16:13:56] *** enmand has joined #smartos[16:16:22] *** scarcry has quit IRC[16:16:45] *** artimus has joined #smartos[16:17:08] *** artimus is now known as Guest60017[16:19:22] *** matticulous has quit IRC[16:20:35] *** neophenix has joined #smartos[16:20:55] *** matticulous has joined #smartos[16:21:40] <jefferai> I'm trying to figure out how I want to set up networking in SmartOS, and could use some advice[16:21:48] <jefferai> I have four static IPv4s that I can use[16:21:54] <jefferai> and I will have many more VMs than that[16:22:18] <jefferai> one possibility is to put all the static IPs on vnics, and then port forward those to the various VMs[16:22:24] <jefferai> one is to make bridges[16:22:47] <jefferai> connect various VMs to the bridges[16:23:02] <jefferai> put the static IP on one VM in each bridge, and have that do proxying or port forwarding[16:23:21] <jefferai> I guess I'm not sure at this point how things are architected when you simply create a VM and give it an IP[16:23:26] *** nefilim has joined #smartos[16:23:30] <jefferai> does it bridge all the VMs together?[16:24:13] <jefferai> if I give both zones and KVM machines addresses in 192.168.1.X will they all be able to talk, or do I need to create my own bridge to do that?[16:25:42] <yofuh> i just gave the zones private ips and forward ports via ipnat[16:26:27] <kamilr> anyone is running HDFS on smartos ?[16:26:41] <jefferai> yofuh: for at least one of my VMs I will need to use a second static IP[16:27:07] *** blindcoder has joined #smartos[16:27:11] <blindcoder> hello again.[16:27:25] <yofuh> jefferai: no ussye, you can guve it just an other interface[16:27:56] <jefferai> so just set that IP on the VM?[16:28:18] <jefferai> or, create a virtual NIC on top of the physical nic and map that virtual NIC to the VM, and set the IP in there?[16:29:18] <blindcoder> I have a smartos GZ with IPv4 set up and a KVM with IPv6 set up (using a /96 network). Inside that KVM I use openvpn to connect my laptop to IPv6.[16:29:19] <yofuh> vmadm will always create virtual nics for you, just devine where it goes by setting nic_tag[16:30:03] <blindcoder> When I ping an IPv6 address external to my server from the laptop, the ping works just fine, arrives at the server, but the reply get dropped by the GZ, it's never picked up by the KVM instance.[16:30:30] <blindcoder> anyone had something like this before?[16:33:21] <jefferai> yofuh: ok, so you're saying: create a virtual NIC, get that nic's nic_tag, and use that nic_tag in the VM definition?[16:33:53] <yofuh> no[16:34:34] *** iyp has quit IRC[16:35:09] <yofuh> i'm saying, create a vm definition, set whatever interfaces you like to have there and set the nic-tag to choose if you like the etherstub or physical nic for each interface and let vmadm create the nics[16:35:34] <yofuh> there is no point in creating virtual interfaces manually[16:35:56] * jefferai googles etherstub[16:35:57] *** iyp has joined #smartos[16:36:27] <yofuh> it is some kind of virtual switch[16:37:45] <jefferai> okay, I see[16:37:53] <jefferai> so, it's a private ethernet switch[16:38:00] <CarlosC> jefferai: have you checked out the wiki?[16:38:02] <jefferai> which you could then map vnics to[16:38:09] <jefferai> CarlosC: yes, extensively[16:38:24] <nahamu> jefferai: did this page not give some ideas? http://wiki.smartos.org/display/DOC/NAT+using+Etherstubs[16:39:24] <CarlosC> jefferai: I think you'll be ok with the standard setup (no etherstub, etc...)[16:39:39] <nahamu> CarlosC: even if there are to be more than 4 zones?[16:39:41] <jefferai> nahamu: not really, I didn't see that one because I wasn't looking for etherstub[16:39:44] <jefferai> since I didn't know what it was[16:40:02] <nahamu> jefferai: you said you have 4 IPs. how many zones are you planning on running?[16:40:08] <CarlosC> nahamu: why not? I have plenty (15ish) on one[16:40:10] <jefferai> it'd be nice if there was an exhaustive listing of what you can put in /usbkey/config[16:40:17] *** axonpoet has joined #smartos[16:40:28] <jefferai> nahamu: I have four static, publically routable IPs. I will probably have two dozen VMs, a mix of zones and KVM[16:40:38] <jefferai> but[16:40:45] <CarlosC> jefferai: the config is for me to give you an example json def to get your zones up and running[16:41:02] <nahamu> CarlosC: how did you IP the zones?[16:41:23] <CarlosC> we have a sep. nic_tag that handles external traffic[16:41:25] <jefferai> I'm fine with a few of the zones/KVM boxes getting static IPs and the rest getting private IPs[16:41:28] <nahamu> (or are you just saying that it can all be done without the extra etherstub?)[16:41:35] <jefferai> but I'm just trying to figure out how to go about doing that[16:41:48] <nahamu> yeah, technically you don't need an etherstub.[16:41:49] <jefferai> e.g. should I have NAT on the global zone or create a zone just for that, a la the wiki page you pointed me to[16:41:49] <CarlosC> nahamu: no need for an etherstub...[16:42:04] <jefferai> that's one question[16:42:14] <nahamu> but something will have to do NAT from a private IP range to a public IP.[16:42:22] <CarlosC> jefferai: what do you want to do that requires a NAT?[16:42:23] <nahamu> could be the GZ or could be a dedicated zone.[16:42:26] <jefferai> sure -- but, global zone or dedicated?[16:42:50] <jefferai> well[16:42:50] <nahamu> I would do it in a dedicated zone since it's less complicated to persist.[16:42:56] <yofuh> nahamu: you could use a separated physical nic which has no uplinc as replacement for the etherstub but it's pointless is think[16:42:56] <jefferai> nahamu: good point[16:43:04] <jefferai> I don't have a separate physical nic[16:43:08] <nahamu> yofuh: you could even use the exact same NIC[16:43:16] <jefferai> right[16:43:23] <CarlosC> jefferai: what are you trying to achieve in your setup?[16:43:29] <jefferai> but if I do that, do I need to create an etherstub, or a bridge, or nothing at all[16:43:34] <nahamu> no reason you can't have two different IP subnets on the same ether fabric[16:43:39] <nahamu> jefferai: nothing at all[16:43:40] <jefferai> actually[16:43:46] <jefferai> all the IPs are on the same subnet[16:43:50] <jefferai> (not under my control)[16:43:54] <jefferai> so I'll be making them point to point links[16:43:57] <jefferai> to the gateway[16:44:47] <yofuh> nahamu: there are good reasons for separating external from internal traffic, and it is really not any kind of complicated or expensive to create an etherstub so why should on not do it?[16:45:13] <nahamu> yofuh: I'm the one who wrote the wiki page showing how to do it with etherstubs. Personally I'm all about the separation.[16:45:46] <jefferai> nahamu: the separation makes sense[16:45:57] <nahamu> But for simplicity to make things as simple as possible for jefferai and as CarlosC points out, it can easily all be done by putting ALL vnics on the same physical NIC[16:47:14] <nahamu> the nice thing about the etherstub is it forces you to be explicit about which way the packets have to flow.[16:47:25] <CarlosC> exactly...[16:47:36] <jefferai> nahamu: on your wiki page , the "admin" nic_tag[16:47:38] <nahamu> to go from the private IP-range subnet living on the etherstub, you have to go through the zone doing the NAT.[16:47:40] <jefferai> is that a default name for the nic_tag?[16:47:57] <CarlosC> or you can just have multiple physical NICs and have VNICs that do the same...this requires more infrastructure though[16:47:58] <nahamu> jefferai: I was doing the test on a machine with only one network link[16:48:09] <jefferai> I also have only one network lnk[16:48:10] <jefferai> link[16:48:14] <nahamu> you can easily replace "admin" with "external" or "<your favoritte NIC tag>"[16:48:20] <jefferai> ok[16:48:22] <jefferai> I don't think I have one right now[16:48:26] <yofuh> jefferai: see the /usbkey/config, the admin nic is just what you did configured there[16:48:28] <jefferai> or rather, it's 0:<something>[16:48:28] <jperkin> CarlosC: re bash bug, no, it's real, and across at least smartos and openindiana - access()/faccessat() return true for X_OK as root irregardless of +x or not.[16:48:38] <jefferai> yofuh: I didn't configure anything there, so...[16:48:47] <CarlosC> jperkin: wicked[16:48:56] <jperkin> CarlosC: but yeh, it had me staring at the screen thinking I was going crazy for a little while[16:48:58] <yofuh> jefferai: are you sure? if you have network access you surely have[16:49:07] *** alucardX has quit IRC[16:49:13] <jefferai> nahamu: so I notice on your wiki page you use etherstub in /usbkey/config[16:49:20] <jefferai> is there any actual list of what's valid in that file?[16:49:29] <nahamu> jefferai: I'm not sure.[16:49:42] <jefferai> ok[16:49:50] <jefferai> for instance, that isn't valid according to http://wiki.smartos.org/display/DOC/extra+configuration+options[16:49:56] <jefferai> which they admit isn't exhaustive[16:50:05] <jefferai> but makes it really hard to figure out what I have to make SMF for and what I don't[16:50:06] <CarlosC> jperkin: I bet, like being in bizarro world or something[16:51:16] *** iyp has quit IRC[16:51:28] *** marsell has joined #smartos[16:52:20] *** axonpoet has quit IRC[16:52:34] *** axonpoet has joined #smartos[16:55:29] *** iyp has joined #smartos[16:55:46] <jefferai> nahamu: ok, so I guess I will plan on using your wiki page as an example -- putting all NATed VMs behind a single firewall zone[16:56:03] <jefferai> and simply assign publicly routable VMs their own IP[16:56:29] <jefferai> will I have to mess with the global zone firewall at all, in order to allow the VMs with the publicly routable IP to do their own firewalling?[16:56:39] <CarlosC> nope[16:57:36] <jefferai> cool[16:57:54] *** d[^_^]b has quit IRC[16:57:55] <nahamu> that's what I like about doing it with a zone. except for the etherstub in /usbkey/config, it leaves the GZ alone.[16:57:55] <jefferai> so the global zone firewall by default will only deal with its own stuff[16:57:59] <jefferai> gotcha[16:58:01] <jefferai> nice[16:58:24] <jefferai> so I can assign one of my static IPs to the firewall zone, and only deal with routing inside that zone, without having to mess with the GZ routing[16:59:01] <nahamu> If you had 2 NICs, you could have the GZ only have an IP address on the "admin" NIC, and have all the guest zones have VNICs over the "external" NIC and thus further insulate the GZ from the internet.[16:59:12] <jefferai> yeah[16:59:39] <jefferai> One thing I often find useful is to move the SSH port[16:59:58] <jefferai> prevents 99% of SSH attacks just by switching it off port 22[17:01:02] <Alasdairrr> Move SSH to another port, IP restrict SSH, remove password auth, enable ipfilter (its so easy to configure) to only allow through specific ports you're using, etc[17:01:44] <jefferai> Alasdairrr: ah, I thought ipfilter was on by default[17:01:54] <jefferai> for the gz[17:02:21] <mgdm> Is there a way to configure the port range the KVM VNC servers get set up?[17:02:40] <Alasdairrr> gz? i wasn't paying attention, like normal I just ploughed in with some general advice :-)[17:02:54] <jefferai> global zone[17:02:59] <jefferai> maybe it isn't[17:03:13] <jefferai> at the moment, I did something in /usbkey/config that it doesn't like[17:03:25] <jefferai> and I'm trying to figure out how to get to that file with the key mounted on a linux system :-)[17:03:45] <rmustacc> Boot no import and then run zfs import.[17:04:01] <jefferai> boot no import?[17:04:21] <rmustacc> I think the smartos boot menu might call it noinstall.[17:04:26] <jefferai> that implies I need to be able to get to a grub menu[17:04:36] <jefferai> I don't have a console on the bo[17:04:37] <jefferai> box[17:04:52] <jefferai> is /usbkey/config stored on zfs somewhere, or is it actually stored on the usb key?[17:04:56] <rmustacc> It's stored in zfs.[17:05:00] <jefferai> oh, drat[17:05:12] *** jeffpc_ is now known as jeffpc[17:05:40] <jefferai> well, I guess it's time to try out the OpenSolaris rescue system, for as long as that's supported...[17:05:56] <rmustacc> If you're going to mess around with the config you'll really want a console on the box.[17:06:09] <jefferai> I can get one for two hours at a time[17:06:12] <jefferai> but not at the drop of a hat[17:06:19] <jefferai> generally I'd like to not mess around with the config[17:06:26] <jefferai> however I was trying to set a destination address for the admin nic[17:06:29] <rmustacc> But what's the failure mode of normally booting?[17:06:32] <jefferai> rather than create a SMF to set it[17:06:46] <jefferai> (or roll it into the service I already made)[17:07:08] <yofuh> jefferai: a linux rescue system might be more helpful, since opensolaris will possible be unable to import the zpool while a linux rescue can still boot smartos in kvm[17:07:52] <yofuh> jefferai: i did try that, in my case i had to map the sata to ide disk to see them under kvm in smartos, but at least it did work[17:08:13] <jefferai> I'll keep that in mind[17:10:12] *** sachinsharma has joined #smartos[17:15:46] *** Vod has quit IRC[17:21:41] *** alcir has quit IRC[17:23:08] *** kamilr has quit IRC[17:24:50] *** sachinsharma has quit IRC[17:26:35] *** potatosalad has joined #smartos[17:26:44] *** ryancnelson has joined #smartos[17:31:17] *** d[^_^]b has joined #smartos[17:31:53] *** denizr has joined #smartos[17:32:02] *** scarcry has joined #smartos[17:32:05] *** iyp has quit IRC[17:32:17] <jefferai> yofuh: managed to get a linux rescue system booting smartos under qemu with -curses -- thanks for the tip[17:33:47] <yofuh> np[17:34:02] <ryancnelson> why couldn't you just boot the usb stick in no-import mode?[17:34:07] <ryancnelson> remote box or something?[17:34:36] <yofuh> ryancnelson: remotebox withut console access[17:34:48] <jefferai> ryancnelson: remote box where console access is possible but annoying[17:41:46] *** ryancnelson has quit IRC[17:43:09] *** iyp has joined #smartos[17:48:28] *** Vod has joined #smartos[17:50:00] *** dap has joined #smartos[18:01:34] *** dimitarivanov has quit IRC[18:12:41] *** iyp has quit IRC[18:15:44] *** porkbelt has quit IRC[18:16:21] *** porkbelt has joined #smartos[18:16:21] *** kfr- has joined #smartos[18:35:05] <jefferai> nahamu: I could use some help with your wiki page, if you are able[18:35:15] <jefferai> and in return I'll update it to be current, if we get things working :-)[18:39:23] *** KermitTheFragger has quit IRC[18:41:20] *** darjeeling has quit IRC[18:43:30] *** denizr has left #smartos[18:49:43] <nahamu> jefferai: sure[18:49:47] *** szaydel has quit IRC[18:50:37] *** szaydel has joined #smartos[18:54:31] *** ipalreadytaken has joined #smartos[18:55:58] *** ira has quit IRC[18:57:04] *** denizr has joined #smartos[18:57:20] <jefferai> nahamu: cool[18:57:31] <jefferai> so the image in your code is for a much older image[18:57:39] <jefferai> so I got the newer version, which is base64[18:57:52] <jefferai> it's fdea06b0-3f24-11e2-ac50-0b645575ce9d[18:57:54] <jefferai> (it got renamed)[18:58:04] <jefferai> problem: it doesn't seem to have any of the network services[18:58:13] <jefferai> and the non-base image is much older[18:58:29] <jefferai> which doesn't make it automatically bad, but the whole situation makes me feel weird[18:58:36] <nahamu> which services does it lack?[18:58:37] *** szaydel has quit IRC[18:58:55] *** ipalreadytaken has quit IRC[19:00:15] <jefferai> seems like all of them[19:00:16] <jefferai> :-)[19:00:17] <jefferai> ipfilter[19:00:20] <jefferai> route[19:00:23] <nahamu> hmmm, let me take a look[19:00:29] *** matticulous has quit IRC[19:00:30] <nahamu> you're using fdea06b0-3f24-11e2-ac50-0b645575ce9d ?[19:00:34] <jefferai> yeah[19:00:43] <jefferai> it is the newer version of the image you have in your guide[19:00:45] <nahamu> let me poke at this for a couple minutes.[19:00:50] <jefferai> # routeadm -u -e ipv4-forwarding[19:00:50] <jefferai> Pattern 'svc:/network/ipv4-forwarding:default' doesn't match any instances[19:01:01] <jefferai> # svcadm enable ipfilter[19:01:01] <jefferai> svcadm: Pattern 'ipfilter' doesn't match any instances[19:01:16] <jefferai> nahamu: thanks[19:02:39] <deedubs> have been googling but can't find an answer, can you boot smartOS using qemu?[19:02:47] <jefferai> deedubs:[19:02:48] <jefferai> yes[19:03:00] <jefferai> try a command similar to:[19:03:01] <jefferai> qemu-system-x86_64 -cpu kvm64 -m 8192 -enable-kvm -curses -hda /dev/sdc -hdb /dev/sda -hdc /dev/sdb -boot order=c[19:03:18] <jefferai> where /dev/sdc is the USB key[19:03:19] <rmustacc> deedubs: You just can't at this time use the -kernel and -initrd[19:03:25] <jefferai> and /dev/sda and /dev/sdb are the hard drives[19:03:32] <deedubs> and virtio?[19:03:40] <jefferai> deedubs: unsure[19:03:52] <jefferai> that command will boot it (just used it earlier today) but I leave it up to you to try out variations[19:03:57] <deedubs> that would make my dreams come true :)[19:04:06] <rmustacc> IIRC we have a virtio driver for stroage, but not networking.[19:04:10] <nahamu> jefferai: what version of the platform are you running?[19:04:26] <jefferai> um, latest[19:04:31] <jefferai> I installed it yesterday[19:04:31] <deedubs> well at least my dreams of being able to efficently dev using smartOS on OSX[19:04:34] <nahamu> my test box at work is running something older...[19:04:37] *** ipalreadytaken has joined #smartos[19:04:48] <jefferai> nahamu: I'm wondering if they simply removed those services in their base image[19:04:52] <nahamu> my home machine is acting a bit odd, but maybe I can coax it into helping.[19:04:55] <rmustacc> deedubs: If you're on OS X, we find vmware fusion relatively easy.[19:05:07] <nahamu> jefferai: that's what I'm afraid of.[19:05:24] <deedubs> rmustacc: yeah I've tried out fusion works really well[19:05:40] <jefferai> nahamu: know anyone joyent-side that might know?[19:05:48] <deedubs> whereas virtualbox falls on its face[19:05:55] <nahamu> jefferai: rmustacc might know, but let me try to fire up a zone on my home machine[19:06:09] <jefferai> ok[19:06:13] <nahamu> there might also be a simple svccfg import that will fix it.[19:06:18] <jefferai> nahamu: also had a question about the map line in the wiki[19:06:23] <jefferai> is that to map *outbound* traffic?[19:06:25] <rmustacc> It comes from the platform.[19:06:31] <jefferai> and for inbound I'd need rdr lines?[19:06:34] <rmustacc> Do you have a /lib/svc/manifest/network/ipfilter.xml?[19:06:35] <nahamu> jefferai: yes, that maps outbound[19:06:38] <jefferai> ok[19:06:42] <rmustacc> jefferai: ^[19:06:53] <jefferai> rmustacc: no, I don't[19:07:09] <rmustacc> What brand?[19:07:16] <jefferai> base64[19:07:20] <jefferai> 1.8.4[19:07:22] <jefferai> fdea06b0-3f24-11e2-ac50-0b645575ce9d[19:07:36] <rmustacc> Sure, but that file doesn't come from there, it comes from the global zone.[19:07:45] <jefferai> hm[19:07:51] <rmustacc> find /lib | grep ipf[19:07:51] <jefferai> maybe I did something wrong in setup[19:07:54] <nahamu> rmustacc: joyent brand[19:07:57] <rmustacc> Sorry, /lib/svc | grep ipf[19:08:10] *** matticulous has joined #smartos[19:08:13] <nahamu> (at least that's what I put in the wiki page)[19:08:24] <jefferai> ah[19:08:25] <jefferai> wait[19:08:28] <jefferai> I used joyent-minimal[19:08:35] <jefferai> since the base64 wiki page indicated that that's the minimal version[19:08:35] <nahamu> jefferai: bingo[19:08:52] <rmustacc> It's not in that brands list of available services.[19:08:56] <nahamu> if you use joyent-minimal you have to import the service config manually.[19:08:57] <rmustacc> You don't even have ssh running.[19:09:03] <jefferai> 1.8.4 says "Minimal image based on the 2012Q2 repository."[19:09:09] <jefferai> hm, ok[19:09:16] <nahamu> (if it's even available...)[19:09:22] <jefferai> it's okay, I don't have much in here[19:09:23] <jefferai> I can recreate it[19:09:26] <nahamu> use the joyent brand[19:09:41] <nahamu> you can always disable extraneous services[19:09:52] <rmustacc> So, 1.8.4 isn't the issue.[19:09:58] <nahamu> joyent-minimal is really intended for some SDC stuff.[19:10:01] *** ipalreadytaken has quit IRC[19:10:13] <nahamu> (or for someone who really knows what they are doing)[19:11:05] *** abnormal has joined #smartos[19:11:10] <MerlinDMC> is the github joshwilsdon available here ... maybe? :)[19:11:23] <rmustacc> No, he's not MerlinDMC.[19:11:38] <MerlinDMC> hmm ... too bad :/[19:11:44] <jefferai> rmustacc: sorry for the noise then[19:11:51] <rmustacc> jefferai: No worries, it's a bit confusing, so let me explain.[19:12:29] <rmustacc> Basically what you described the 1.8.4 is just a raw disk image.[19:12:38] <rmustacc> To make that into a zone, we combine that with what we call a brand.[19:12:51] <rmustacc> There are basically three brands that exist on the system, most images only work with a subset of them.[19:13:00] <rmustacc> One of the brands is 'kvm' which as you might guess is for running kvm bms.[19:13:01] <rmustacc> *vms[19:13:44] <rmustacc> Then we have two brands for more traditional zones. They are 'joyent' and 'joyent-minimal'. The big differences are basically the services that are imported by default.[19:14:16] <rmustacc> With joyent we use the images smf repository which can have any number of generally useful services (like say ssh) enabled and imported.[19:14:25] <MerlinDMC> had a possible patch for issue #135 ... but my approach feels wrong - maybe he gets a notice for the comment on the issue ^^[19:14:54] <rmustacc> The idea behind 'joyent-minimal' is basically a miniscule app zone. It has the smallest number of services necessary to boot and let you use zlogin to access the zone, but things like ssh are not there.[19:15:25] <jefferai> rmustacc: I see[19:15:27] <rmustacc> MerlinDMC: I'll ask him if he saw it for you. I think he may have also started looking at that on his own recently.[19:15:42] <jefferai> rmustacc: how about sngl?[19:15:44] <rmustacc> Because of how I initially worte joyent-minimal, only a subset of the services are avaialble for import in the joyent-minimal brand.[19:16:40] <rmustacc> For 'sngl', the best thing is basically seeing jperkin's most recent blog post. It basically hides all of the illumos tools for the most part and puts things in /usr as a result of being able to do that. Personally I'd rather have the illumos tools there, so it's not something I intend to use.[19:16:45] <MerlinDMC> rmustacc, thx :)[19:16:53] <jefferai> I see[19:17:01] <rmustacc> wesolows described sngl the best in an e-mail to smartos-discuss.[19:17:09] <rmustacc> If you're not on that, I'll pull up a link to it.[19:17:21] <jefferai> rmustacc: for now, dont' worry[19:17:29] <jefferai> I'm so new to all this that it will probably not mean anything to me yet[19:17:35] <nahamu> jefferai: you can see that I opened a ticket for improving joyent-minimal for almost exactly this purpose: https://github.com/joyent/smartos-live/issues/118[19:17:37] <rmustacc> sngl is still experimental, so probably wait a little bit for it.[19:18:08] <jefferai> nahamu: so I'm probably most of the way there, but I'm still unable to make it work[19:18:12] <jefferai> I followed your guide[19:18:18] <jefferai> but if I try to ping out to anywhere, I can't reach anything[19:18:18] *** tallship has joined #smartos[19:18:34] <nahamu> can the firewall zone ping out?[19:18:44] <jefferai> that's what can't ping out :-)[19:19:14] <rmustacc> jefferai: Does that at least help explain what's going on there?[19:19:28] <jefferai> rmustacc: it sure does[19:19:30] <jefferai> thanks for that[19:19:49] <nahamu> wesolows' explanation of sngl: http://www.listbox.com/member/archive/184463/2013/02/sort/time_rev/page/1/entry/7:252/20130227120759:3AF58A3A-8100-11E2-BC97-8CC62C4D4FF0/[19:20:15] <nahamu> jefferai: I'd need to see the network configuration of the GZ and of the firewall zone to be able to help you further.[19:20:30] <nahamu> can you put that in a pastebin somewhere?[19:20:44] <jefferai> sure[19:21:00] <jefferai> nahamu: um, might need some help figuring out what you need printed :-)[19:21:04] <jefferai> and, how to print it[19:21:13] <jefferai> I did say I'm brand new to this...very much more used to Linux[19:21:30] <nahamu> I'd like to see the contents of /usbkey/config from the GZ, and the json you used to create the firewall zone.[19:21:49] <jefferai> ok[19:22:04] <nahamu> presumably the GZ's networking is working correctly so I want to use that as a basis for comparison.[19:23:22] <jefferai> nahamu: ok, usbkey: http://paste.kde.org/684344/[19:23:28] <jefferai> however, there's a slight change from what you see on there[19:23:54] <jefferai> in that I have a command that runs on startup to change it to a host-only connection[19:24:10] <nahamu> what command does it run?[19:24:32] <jefferai> so I end up with http://paste.kde.org/684350/[19:24:36] <jefferai> just a simple ifconfig[19:24:50] <jefferai> nahamu: TBH actually my guess is that even though routing is turned on in the firewall zone[19:25:01] <jefferai> solaris is ignoring those packets because it needs routing turned on in the GZ?[19:25:07] <nahamu> no[19:25:24] <nahamu> can you show me the json for the zone?[19:25:50] <jefferai> firwall json: http://paste.kde.org/684356/[19:26:03] <jefferai> and, I have no ipf running in the gz[19:26:38] <jefferai> but, yes -- in the GZ things are working just fine[19:27:27] <nahamu> destroy and recreate the firewall zone, then zlogin into it and check if ping works.[19:28:28] <jefferai> okay[19:29:26] <nahamu> you said you were given 4 IPs. just as a sanity check, the one you're using for the firewall zone is one that was assigned to you, right?[19:29:34] <jefferai> nahamu: done, and it does not[19:29:43] <jefferai> and yes, the one I'm using is one that was assigned to me[19:29:58] <jefferai> (and note that it's not exactly the one in the configs above, I've changed the IPs around a bit)[19:30:02] <nahamu> I would have expected consecutive addresses and 148 and 154 are a bit far apart.[19:30:10] <jefferai> ah[19:30:14] <jefferai> they were requested at different times[19:30:17] <jefferai> three of them are consecutive[19:30:24] <jefferai> the three that I requested after the initial setup[19:30:39] <jefferai> but[19:30:40] <jefferai> that being said[19:30:54] <jefferai> it's a good point -- I should probably verify that there isn't a problem on the other end of the box[19:31:03] <nahamu> are they expecting to route all of your traffic through a particular IP address?[19:31:08] <jefferai> it's not impossible that even though they are theoretically set up for me..[19:31:16] <jefferai> nahamu: yes, which is why I have the point-to-point connection[19:31:18] <jefferai> in ifconfig[19:31:23] <jefferai> it will work if I don't do that[19:31:23] <jefferai> but[19:31:29] <jefferai> I won't be able to get from one static IP to the other[19:31:33] <jefferai> because they block it at the switch level[19:31:42] <nahamu> hrm.[19:32:10] <jefferai> I could try creating a vnic on the GZ[19:32:12] <jefferai> adding the IP there[19:32:15] <jefferai> and ensuring that it works there[19:32:22] <nahamu> yeah, give that a shot.[19:32:53] <nahamu> once you can get the firewall zone capable of talking to the internet, the rest should work just fine.[19:33:06] <jefferai> right[19:33:43] <nahamu> but I don't think I fully grok the details of how you're supposed to be talking to the next hop.[19:35:53] <jefferai> ok, the good news[19:35:55] <jefferai> theoretically[19:36:03] <jefferai> is that if I create a vnic and put the address there, all is well[19:36:07] <jefferai> output from ifconfig:[19:36:56] <jefferai> http://paste.kde.org/684386/[19:36:57] <jefferai> this is pingable[19:37:01] <jefferai> on both addrs[19:37:14] <jefferai> where storage0 is a vnic I created on e1000g0[19:37:34] <nahamu> I don't know how that point-to-point stuff works...[19:37:43] <jefferai> I can turn it off[19:37:46] <jefferai> see if that helps[19:38:02] <nahamu> but if you need it, I have no idea how you should be configuring the firewall zone.[19:38:06] <jefferai> I don't need it[19:38:12] <jefferai> I only need it to talk between IPs on the same subnet[19:38:29] <jefferai> the point to point is really just a specific route[19:38:36] <jefferai> that says, all traffic from X, the next hop is Y[19:38:53] <jefferai> rather than attempting to reach something on your subnet directly[19:39:07] <nahamu> are you filtering traffic in the GZ?[19:39:32] <nahamu> I tried to ping that IP to see if the internet can see you and didn't get a response.[19:40:37] <jefferai> no, I'm not[19:40:51] <jefferai> as I said before, it's not the real IP[19:40:53] <jefferai> I'll msg that to you[19:41:09] <nahamu> okay[19:42:37] <jefferai> so that is with one phys nic and one virt nic, both with point-to-point links to their gateway[19:42:47] <jefferai> but if I move that IP from the virt nic to the zone, nothing works[19:42:58] <jefferai> it also doesn't work if I don't use point-to-point[19:43:11] <jefferai> although I haven't tried having *both* of them not use point-to-point[19:43:27] <jefferai> but, I don't see the point of the container having its own default gateway if it doesn't use it[19:43:39] <jefferai> if the traffic gets mangled later[19:43:47] <yofuh> jefferai: depending on how the routing in the setup works, it might not be possible to run that setup with exclusive ip-stack zones[19:44:15] <jefferai> what do you mean exclusive ip-stack zones?[19:45:12] <yofuh> zolaris zones can have either have an own ip-stack instance or share it with the global zone[19:45:20] <rmustacc> We only do exclusive-stack.[19:45:57] <nahamu> rmustacc: I think yofuh's point is that when bringing up the IP in the GZ, it's sharing the GZ stack.[19:46:16] <nahamu> (if I even understand how it all works)[19:47:22] <rmustacc> Well, yes. It is.[19:48:01] <jefferai> but if it's all exclusive-stack, then that implies (I think?) that the zone's networking should be fully independent of the global zone[19:48:14] <nahamu> jefferai: right.[19:48:20] <jefferai> so the firewall config on the global zone shouldn't affect the other zone, even if it's set to deny all traffic[19:48:35] <nahamu> so if you had to do any black magic on the GZ to get networking to work, you'll have to do it again inside the zone.[19:48:38] <jefferai> not that I have a firewall running, but, making sure I understand[19:48:40] <jefferai> right, so[19:48:45] <jefferai> I didn't have to do any black magic on the GZ[19:48:49] <jefferai> it works regardless of point-to-point or not[19:49:04] <jefferai> and on the firewall zone, it doesn't work regardless of point-to-point or not[19:49:42] <nahamu> here's where I'm confused.[19:50:13] <nahamu> on the stuff you pasted (which you say is also not exactly the IPs you're actually using) you have admin_gateway=168.100.59.148 AND headnode_default_gateway=168.100.59.129[19:50:29] *** amuldowney has joined #smartos[19:50:32] <yofuh> jefferai: the point is, if your ip is routed by next-hop primary-ip, it will not be visible to the ip-stack of the ngz, since the packages will end up in the gz which just doesn't care because the gz ip-sack have no target for the packages[19:51:10] <jefferai> nahamu: the admin_gateway/headnode_default_gateway were set up by the installer[19:51:12] <jefferai> I didn't touch them[19:51:32] <nahamu> well, it chose them based on stuff you typed. but let's ignore them for now.[19:51:41] <jefferai> yes[19:51:51] <jefferai> I didn't type anything wrong[19:51:55] <jefferai> there was one question about the gateway router[19:51:57] <yofuh> it the setup works that way, you'll need either configure a custom brand which uses shared-ip-stack, or just use the gz as router/firewall zone (that's whar i do for the very same reason)[19:52:00] <jefferai> I put in 168.100.59.129[19:52:14] <nahamu> sanity check: when you said that the firewall can't ping out, did you use and IP address, or a DNS name to test[19:52:21] <jefferai> nahamu: IP address[19:52:25] <nahamu> good.[19:52:29] <jefferai> :-)[19:53:07] <jefferai> yofuh: I don't really understand what you mean, "if your IP is routed by next-hop primary-ip"[19:53:22] <jefferai> there is a default gateway configured on the GZ[19:53:29] <yofuh> jefferai: well, you got the ips from your isp[19:53:31] <jefferai> there is a default gateway configured on the non-GZ[19:53:33] <jefferai> they happen to be the same[19:53:57] <yofuh> jefferai: the routing of the second ip on the isp site is important[19:54:00] <jefferai> yeah, there isn't much that's odd about an ISP giving you a default gateway[19:55:22] <yofuh> jefferai: if they have a route on their routers that say $secondary-ip is reachable via $primary-ip, your setup will not work, since all packages will go via the primary ip and thus ending up in the global zone which does have the primary ip[19:55:31] <nahamu> jefferai: sanity check 2: when you configure the 2nd IP in the GZ, can you ping it correctly from your home or work machine?[19:55:51] <jefferai> yes[19:55:59] *** denizr has quit IRC[19:56:14] <nahamu> well I'm confused as hell.[19:56:28] <jefferai> I'm rebooting now, going to try without any point-to-point links[19:56:29] <nahamu> oh![19:56:31] <jefferai> just to check[19:56:42] <jefferai> oh? :-)[19:56:53] <nahamu> also, if you can do a traceroute from home/work to the 2nd IP, I want to know if the IP of GZ shows up as one of the hops.[19:56:57] <CarlosC> rmustacc: is the manpage for ld.so.1 missing?[19:57:03] <nahamu> if it does, that might be the problem.[19:57:06] <jefferai> nahamu: second IP on the GZ[19:57:08] <jefferai> or on the NGZ?[19:57:14] <jefferai> after the reboot I can put it on either[19:57:18] <nahamu> in the GZ where you can actually ping it.[19:57:31] <_lb_> Hi! I am running SDC. Is there any issue if I replace system-log with rsyslog? We need to use rsyslog to push logs to a remote location.[19:57:35] <jefferai> ok, so make a vnic[19:57:47] *** iyp has joined #smartos[19:57:52] <nahamu> my point is that if the GZ is one of the hops when you ping that VNIC, then the firewall zone would have to route packets through the GZ.[19:58:08] <nahamu> This shouldn't be the case, but there's something going on that I'm not understanding.[19:58:12] <jefferai> sure[20:00:53] *** wolstena has joined #smartos[20:01:14] <jefferai> nahamu: nope, it's not one of the hops[20:01:49] <jefferai> so right now, without being point-to-point, one address on a vnic and one on the physical nic, both are pingable[20:02:01] <jefferai> and traceroute does not identify the vnic one as first going through the pnic[20:02:07] *** bradleymeck has joined #smartos[20:02:24] <nahamu> cool. get rid of the vnic and try creating the firewall zone again.[20:02:29] <jefferai> ok[20:03:15] <jefferai> nahamu: so, you're happy with the firewall.json I pasted?[20:03:23] <jefferai> (just checking, before I hit create)[20:03:31] *** szaydel has joined #smartos[20:03:35] <nahamu> I think so.[20:03:37] *** iyp has quit IRC[20:03:53] <bradleymeck> anyone have an example of mounting hdfs (hadoop file system) / steps requires[20:04:14] <jefferai> huh, good thing I had that paste, I forgot /root goes away :-)[20:04:45] <nahamu> yeah, make a directory in /opt or /zones if you want stuff to survive a reboot. :)[20:05:10] <rmustacc> CalosC: Not for me.[20:05:38] <rmustacc> bradleymeck: Not sure how you would expect to mount it.[20:05:39] <CarlosC> rmustacc: ok...I found it...I have a very old image I'm using[20:05:50] <rmustacc> Old platform?[20:05:59] <CarlosC> from 20120113[20:06:03] <bradleymeck> rmustacc: looks like fuse works on open solaris, would expect it to be able to work on smartos but may be wrong[20:06:06] <rmustacc> Well, there's always: http://illumos.org/man/1/ld.so.1[20:06:19] <CarlosC> damn...that's nice[20:06:29] <jefferai> nahamu: ok, I've created the zone[20:06:32] <rmustacc> bradleymeck: I don't think that version of fuse works, but ymmv.[20:06:41] <nahamu> jefferai: can it ping out or be pinged?[20:06:43] <jefferai> the address is not pingable, but that may be expected if I haven't enabled services[20:07:01] <rmustacc> That said, if you care about writing to it, I'd caution you against using fuse.[20:07:02] <nahamu> no, it should work.[20:07:03] <jefferai> and no, I can't ping out from it[20:07:08] <nahamu> :-/[20:07:20] <rmustacc> That's for any platform.[20:07:23] <jefferai> nahamu: are you sure you don't have something configured or some service enabled on the GZ?[20:07:47] <nahamu> jefferai: yup.[20:07:51] <nahamu> no other services[20:08:29] <nahamu> so here's the thing. I have no idea why you're having trouble getting a zone to have a working IP address.[20:08:49] <yofuh> i have, but that[20:09:03] <yofuh> i already wrote[20:10:01] <yofuh> you might not like it, but can varify it, run snoop in the gz, filter port 22 the get rid of the noise and ping your ip from extern[20:10:52] *** CarlosC has quit IRC[20:11:50] *** kfr-_ has joined #smartos[20:13:23] *** kfr- has quit IRC[20:15:46] <jefferai> yofuh: perhaps I didn't understand what you were suggesting before[20:16:01] <jefferai> but, can you help me do that?[20:16:32] <yofuh> jefferai: you might start with: snoop -rd e1000g0 ! 168.100.59.148[20:16:37] <yofuh> try you real ip[20:16:39] <yofuh> in the gz[20:16:52] <yofuh> and ping 168.100.59.154 from extern[20:16:56] <jefferai> ok[20:17:23] <jefferai> ok, cool[20:17:25] <jefferai> I see the reqest[20:17:27] <jefferai> no reply[20:17:37] <jefferai> sorry, let me clarify[20:17:42] <jefferai> I ran snoop -rd e1000g0 ! port 22[20:18:48] <jefferai> but, when I do that, if I try pinging the gz it's all good, if I try pinging the ngz I see the request arrive, but no reply[20:19:37] <jefferai> if I do snoop in the NGZ, I don't see the packets but my understanding is that that's expected (because you have to enable promiscuous listening on the zone?)[20:19:58] <yofuh> so, why are you seeing the reqests?[20:20:07] <jefferai> on the global zone?[20:20:16] <jefferai> I'm snooping on the physical nick[20:20:17] <jefferai> nic[20:20:20] <jefferai> I would expect to see them[20:20:26] <jefferai> if I didn't, something else would be very wrong[20:20:34] <yofuh> yes, that's the question which is more important to understand, how do the router know where to reach the ip[20:21:12] <jefferai> you mean, the router external to my box?[20:21:19] <yofuh> yes, try to think about what configuration makes that possible[20:21:31] <jefferai> a very basic, simple configuration[20:21:34] <yofuh> are you connected to a hub? unlikely[20:21:38] <jefferai> they have their Cisco or Junos router[20:21:43] <jefferai> they configure a subnet on an interface[20:21:46] <jefferai> that's connected to a switch[20:21:49] <jefferai> which is connected to my box[20:22:02] <jefferai> there's no magic there[20:22:09] *** amuldowney has quit IRC[20:22:20] <jefferai> and it is working, because pings to both IPs make it to the physical interface on my box[20:22:42] <yofuh> how do the router know it is on your box?[20:22:57] <jefferai> the router doesn't, the switch does[20:23:11] <yofuh> why?[20:24:06] <jefferai> I don't understand what you're getting at[20:24:30] <jefferai> I don't particularly care why, because the ISP is free to set it up however they want[20:24:37] <jefferai> all I care about is that traffic sent to my IPs goes to my box[20:24:38] <jefferai> and, it does[20:24:42] *** porkbelt has quit IRC[20:24:59] *** porkbelt has joined #smartos[20:25:27] <jefferai> nahamu: hah![20:25:36] <jefferai> I think the problem is that arp is getting dropped on the floor[20:25:56] <jefferai> I would think that ARP would be set up properly to traverse the box[20:26:01] <jefferai> but it seems that maybe it isn't[20:26:06] <yofuh> i don't think so[20:26:33] <jefferai> yofuh: well -- the zone is consistently sending ARP requests[20:26:36] <jefferai> and consistently not getting replies[20:27:12] <yofuh> the thing is, how the routing works. how do the switch know that the secoond ip is on you're box, does it have the mac adress or just a route that is set to your primary ip[20:27:41] <jefferai> yofuh: I don't know, because I dont't work for the ISP, so I can't examine their equipment[20:27:49] <jefferai> I don't know how they set it up[20:27:58] <jefferai> I do know that sending traffic to the IP causes it to show up on the physical nic[20:29:03] <jefferai> rmustacc: do you have any idea? I see endless arp requests if I run snoop inside my non-global-zone, but I don't see them on the physical nic[20:29:03] <yofuh> think about what will happen if the router have a route 168.100.59.154 --> 168.100.59.148[20:29:20] <jefferai> this would explain everything[20:29:21] <yofuh> where will you see the packages?[20:29:30] <jefferai> because if it can't resolve ARP it can't get to its default gateway[20:29:37] <jefferai> so nothing else will pass either[20:29:44] <yofuh> in the gz of course and that's what you do see[20:35:52] *** tonyarkles has quit IRC[20:36:25] <jefferai> nahamu: http://paste.kde.org/684422/[20:36:32] <jefferai> so that's in the non-global-zone[20:36:37] <jefferai> you can see the echo requests coming in[20:36:48] <EMH_Mark4> hm how does one change the resolvers for a vm? I've tried this command, but it doesn't seem to be working: vmadm update uuid {"set_tags": {"resolvers": [ "8.8.8.8", "8.8.4.4" ]}}[20:36:49] <jefferai> the zone tries to ARP for the mac address of the default gateway[20:37:03] <jefferai> snooping on the physical nic of the global zone, I don't see that arp[20:37:07] <jefferai> it gets lost between the zones[20:37:19] <jefferai> but that would explain all the symptoms[20:37:33] *** enmand_ has joined #smartos[20:39:06] *** enmand has quit IRC[20:39:46] *** denizr has joined #smartos[20:45:01] *** EMH_Mark4 is now known as EMH_Mark3[20:47:00] <jefferai> rmustacc: So I can verify that GZ knows the mac address of both the gateway and the NGZ, and the NGZ knows the mac of the GZ but is unable to get an arp reply for the gateway[20:47:13] <jefferai> I think what's happening is that the GZ sees that the NGZ's IP address is on the same subnet[20:47:19] <jefferai> and figures that it should drop the arp on the floor[20:47:28] <jefferai> which if they were truly separate machines would be a reasonable thing to do[20:47:45] <jefferai> but it seems like solaris doesn't support proxy arp[20:48:00] <jefferai> so perhaps setting a persistent static arp entry would solve it (just have to figure out how to do that)[20:49:51] <yofuh> jefferai: you should rather look at the gz, does anyone byt the gz asks for the mac of the second ip?[20:50:13] <jefferai> sigh[20:52:05] <jefferai> yep, it was arp[21:03:52] *** arekdreyer_ has joined #smartos[21:05:33] *** arekdreyer has quit IRC[21:05:33] *** arekdreyer_ is now known as arekdreyer[21:08:29] <nahamu> jefferai: so did you get it to work in the NGZ?[21:08:35] <jefferai> nahamu: yep[21:08:43] <nahamu> did the NAT part work?[21:08:44] <jefferai> I added a static arp entry (and a smf entry to make it permanent)[21:08:47] <jefferai> haven't tried that yet[21:09:40] *** bens1 has quit IRC[21:09:58] <EMH_Mark3> re: resolvers: turns out I had to use vmadm update uuid < updatefile.json[21:20:10] *** wolstena has quit IRC[21:22:50] <ahaydock> I admit, this is a dumb question…but here it goes: After creating a new VM with smartos why can't I ssh into it - even if I had my rsa key in "root_authorized_keys" in "customer_metadata" in the .json file?[21:23:00] <scarcry> EMH_Mark3: from the latest vmadm(1m): resolvers: update: yes (but unused after create for OS VMs)[21:23:19] <scarcry> EMH_Mark3: you updating a KVM ?[21:28:18] <EMH_Mark3> yeah.[21:46:30] *** wolstena has joined #smartos[21:51:04] *** Vod has quit IRC[21:58:27] *** ipalreadytaken has joined #smartos[22:03:23] *** arekdreyer_ has joined #smartos[22:04:20] *** arekdreyer has quit IRC[22:04:21] *** arekdreyer_ is now known as arekdreyer[22:06:20] *** Guest60017 has quit IRC[22:08:07] *** arekdreyer_ has joined #smartos[22:09:24] *** arekdreyer has quit IRC[22:09:26] *** arekdreyer_ is now known as arekdreyer[22:10:34] *** chorrell has joined #smartos[22:13:44] *** arekdreyer has quit IRC[22:22:45] *** enmand_ has quit IRC[22:24:21] *** abnormal has quit IRC[22:25:11] *** enmand has joined #smartos[22:25:57] <jefferai> wtf[22:26:01] <jefferai> this server was just set up yesterday[22:26:10] <jefferai> and already zfs tells me there are two permanent errors[22:26:48] <jefferai> huh[22:26:49] <jefferai> zoneadmd[5543]: [ID 702911 daemon.error] [zone 'aa9d8199-6a07-4585-95a9-887e1900a5a3'] WARNING: console /devices//pseudo/zconsnex@1/zcons@1 found, but it could not be removed.: I/O error[22:26:59] <jefferai> it seems like the zfs error is from a pseduo terminal?[22:27:15] <rmustacc> I wouldn't generally think so.[22:27:26] <rmustacc> iostat -E or iostat -e is what you'd want to look at.[22:28:39] <jefferai> and now a third one popped up[22:28:49] <jefferai> http://paste.kde.org/684500/[22:28:53] <jefferai> that last one wasn't there a moment ago[22:29:02] <jefferai> I did try doing a ls /zones/var for fun[22:29:06] <jefferai> which probably caused that, whatever it is[22:29:16] <jefferai> I was trying to figure out what it meant by a mountpoint of "legacy"[22:29:27] <jefferai> but, it'd be nice for the zpool not to be degraded[22:29:45] <rmustacc> Running ls wouldn't cause that.[22:29:53] <rmustacc> You want to look at your actual hard drives and the error counters.[22:29:54] <jefferai> I agree, it shouldn't[22:30:06] <jefferai> but the only things that I did between the first time I ran zpool adn the second time was "ls /zpool/var"[22:30:15] <rmustacc> Well, you accesssed your drives.[22:30:17] <jefferai> iostat -E shows 74 illegal request errors on each drive[22:30:26] <jefferai> but that's it[22:30:28] <jefferai> no other errors[22:30:48] *** bradleymeck has quit IRC[22:31:30] <jefferai> here's all the output: http://paste.kde.org/684506/[22:31:33] *** Azbruh has quit IRC[22:32:26] *** enmand_ has joined #smartos[22:33:18] *** Azbruh has joined #smartos[22:33:22] <rmustacc> I'm not really proficient in translating the iostat errors, maybe someone else can.[22:33:50] *** enmand has quit IRC[22:34:49] <jefferai> rmustacc: a separate question you might know: I solved the zone issue from before by adding a static ARP entry[22:34:56] <jefferai> however, it keeps dropping that entry[22:35:12] <jefferai> from the man page for arp, I don't see anything more permanent than using arp -s and the permanent flag[22:35:19] <jefferai> any idea how to stop it from dropping the entry?[22:35:36] <rmustacc> I didn't follow the entire issue, so I'm not sure what arp stuff you would need or not need.[22:35:48] <rmustacc> I've never had to add any arp stuff with smartos.[22:36:00] <jefferai> okay, in brief:[22:36:06] <jefferai> because my two ip addresses are on the same subnet[22:36:17] <jefferai> the global zone drops the arp request on the floor on the way from the non-global zone out the interface[22:36:42] <jefferai> probably because of the segregated ip stacks, it thinks it's just a request that came in from a different machine on the same subnet[22:36:45] *** bens1 has joined #smartos[22:36:47] *** wolfeidau has quit IRC[22:36:48] <jefferai> and so lets something else authoritative answer it[22:37:03] <rmustacc> Sorry, not sure.[22:37:05] <jefferai> so it turns out to be an easy resolution -- I just put a static arp entry in for my default gateway into the zone[22:37:15] <jefferai> the problem is that it keeps wiping my static entry[22:37:17] <jefferai> like, it'll be fine[22:37:22] <jefferai> and then five or ten minutes later, it's gone[22:37:26] *** ivan\ has quit IRC[22:38:04] *** ivan\ has joined #smartos[22:42:33] *** ryancnelson has joined #smartos[22:44:49] <EMH_Mark3> jefferai: just last week I was having checksum errors on a brand new server. turns out mobo was bad -- was also seeing ECC warnings in ipmi log.[22:45:35] *** bluezenix has quit IRC[22:50:30] *** ipalreadytaken has quit IRC[22:51:27] <jefferai> EMH_Mark3: I don't suppose there's a way to view the IPMI log from within smartos?[22:51:35] <rmustacc> Does your host have ipmi?[22:51:38] <rmustacc> There is.[22:51:52] <jefferai> ah, ipmitool[22:52:18] <jefferai> now, to figure out how to use it :-)[22:52:32] <EMH_Mark3> ipmitool sel list[22:52:42] <rmustacc> ipmitool -I open <command>[22:52:44] <jefferai> rmustacc: I tried deleting the files that zfs said had permanent read errors...now they show up as those zfs/var:<0x00> type errors[22:52:59] <jefferai> Get SEL Info command failed[22:53:00] <jefferai> boot[22:53:02] <jefferai> er, boo[22:54:42] <jefferai> so IOW after running rm on the given files it's gone from http://paste.kde.org/684506/ to http://paste.kde.org/684536/[22:56:11] *** wolfeidau has joined #smartos[22:56:26] <trentster> hey all, I have a node that shows a constant 0.30 load average yet I can not determine what is causing the load http://monosnap.com/image/B9AjbCyQ9iocIIPZ08lviG0fR what is a good method if digging into the cause?[22:58:19] *** abnormal has joined #smartos[22:59:21] *** ipalreadytaken has joined #smartos[23:00:28] *** abnormal has quit IRC[23:00:36] *** Licenser has quit IRC[23:02:36] *** enmand_ has quit IRC[23:03:22] *** estibi_ has quit IRC[23:03:30] *** bens1 has quit IRC[23:06:49] <jefferai> well, I did a zpool scrub[23:06:52] <jefferai> now it shows 333 data errors[23:07:05] <jefferai> iostat -e still shows nothing[23:07:34] *** Licenser has joined #smartos[23:09:01] <Licenser> hi people[23:09:21] <Licenser> I think I found a bugish bug[23:09:54] <Licenser> https://gist.github.com/Licenser/5060558 <- this script run with dtrace -n '…' in the GZ crashes the system[23:10:03] <Licenser> given there is some load[23:10:16] *** matticulous has quit IRC[23:11:58] <Licenser> runs wonderfully in a VM with little to no load so[23:15:03] <EMH_Mark3> jefferai: memtest your rams? sounds like data is being read correctly from hds, but is being corrupted somewhere[23:17:34] *** mamash has joined #smartos[23:21:05] *** Licenser has quit IRC[23:21:22] *** Licenser_ has joined #smartos[23:22:01] *** Licenser_ is now known as Licenser[23:22:18] *** estibi has joined #smartos[23:22:37] <Licenser> does smartOS has some dtrace modifications or is it pure illumos ?[23:23:49] <rmustacc> Licenser: What's up?[23:24:21] <jefferai> EMH_Mark3: yeah, it's ECC RAM, but that can still be bad[23:24:29] <jefferai> I've requested the hoster do a full hardware diagnostic[23:24:37] <jefferai> fortunately I haven't done too much setup at this point[23:24:42] <jefferai> so even losing it all would be easy to get back[23:25:31] <jefferai> I'll have to reinstall anyways...[23:25:41] * jefferai still hasn't sorted out what a backup strategy of smartos looks like[23:26:03] <jefferai> other than doing a full dump of all data in the pool, which I don't have the backup space for[23:26:32] <EMH_Mark3> you can zfs send/receive, which only sends/receives the data within a given snapshot.[23:26:36] <EMH_Mark3> s/can/could/[23:27:01] *** estibi_ has joined #smartos[23:27:05] <jefferai> sure[23:27:12] <jefferai> I guess to put it another way -- I probably can't do full disk backup[23:27:32] <jefferai> just for lack of backup space[23:27:40] <Licenser> rmustacc I broke dtrace and crashed my server ^^[23:27:41] <jefferai> so probably will have to only actually backup databases and specific files[23:27:46] <Licenser> with a pretty simple script[23:29:24] <rmustacc> Licenser: The script above?[23:29:32] <rmustacc> Do you have a dump?[23:29:43] *** estibi has quit IRC[23:30:15] <Licenser> hmm where can I see how up to dat it is[23:31:24] <Licenser> hmm /var/crash/volatile/ is empty[23:31:52] <rmustacc> Are you sure that script is actually what caused the panic and not something else?[23:31:57] <rmustacc> If there's no dump, that's a bit surprising.[23:32:22] *** estibi has joined #smartos[23:32:25] <Licenser> problem is it was a remote system it froze entirely up and I had to BNC reboot it[23:32:31] <Licenser> trentster do you have a crashdump?[23:34:14] <rmustacc> Licenser: If you have to do that next time, you want to generate an nmi.[23:34:19] <rmustacc> Without that we don't know for sure what happened.[23:34:33] <Licenser> okay I've no clue what an nmi is but I'd love to![23:35:09] *** mamash has left #smartos[23:35:21] <ryancnelson> Non Maskable Interrupt ... ipmi power diag , usually.[23:35:37] *** ipalreadytaken has quit IRC[23:35:44] *** estibi_ has quit IRC[23:35:46] <rmustacc> chassis power diag via ipmitool.[23:37:48] * Licenser goes and grab ipmitool[23:37:58] <Licenser> lets see if my poor mans server supports that :P[23:38:23] *** enmand has joined #smartos[23:39:06] *** artimus has joined #smartos[23:39:29] *** artimus is now known as Guest71226[23:39:56] <Licenser> okay it does :D[23:40:32] <trentster> Licenser: rmustacc yeah i probably have a crash dump since my system rebooted when I ran the script.[23:40:39] <trentster> * checking[23:40:40] <Licenser> trentster awesome[23:41:16] <trentster> rmustacc: what do I look for?[23:41:20] <Licenser> rmustacc trentster had the issue first but we thought it was a bug in fifo that crashed the system so I ran the exeuted dtrace script on a different node directy with the same (or at leas also a crash)[23:41:25] <Licenser> trentster /var/crash/ I think[23:41:44] *** denizr has quit IRC[23:42:55] <trentster> nope no /var/crash sorry[23:43:09] <Licenser> gets a lot of 'dtrace: 104457 dynamic variable drops with non-empty dirty list' when running the script[23:43:40] *** Licenser_ has joined #smartos[23:43:54] <Licenser_> okay just to be sure that I'm around if it happens again ^^[23:44:07] <rmustacc> Well, your script can be improved a lot.[23:44:10] <trentster> rmustacc: what happened when I ran it, was I heard the fans in the server (Supermicro) getting louder and louder and then after about 10 seconds I heard the 3 beeps, as the server rebooted.[23:44:31] <rmustacc> So the server rebooted itself?[23:44:44] <trentster> judging by the fact there is no /dumps I am not sure how to proceed from here from a diagnostic perspective.[23:45:23] <rmustacc> Then the OS didn't panic.[23:45:24] <trentster> The Node only has 1 vm on it at present, so I can probably reproduce the reboot if necessary by running the script again.[23:45:53] <trentster> rmustacc: its very strange as this server has been up for months prior.[23:46:37] <trentster> and the fact Licenser managed to semi crash his node when running it is alarming.[23:46:51] <Licenser_> yup[23:47:10] *** wolstena has quit IRC[23:47:15] <trentster> Licenser: what smartos image you on on that node?[23:47:31] <Licenser_> joyent_20121203T193049Z[23:47:33] <trentster> I am on joyent_20130125T031721Z[23:47:53] <rmustacc> The OS didn't panic, so it's really hard for me to say what if anything happened.[23:48:47] <Licenser_> dtrace: 212820 dynamic variable drops with non-empty dirty list <- might that be a reason?[23:51:35] <Licenser> hmm recrashing the node doesn't work[23:55:18] <Licenser> trentster any luck with you?[23:55:43] <trentster> rmustacc: whats the best way for me to see what is causing this constant 0.30 load http://monosnap.com/image/B9AjbCyQ9iocIIPZ08lviG0fR[23:55:46] <rmustacc> No, dynamic variable drosp aren't anything special.[23:57:13] <Licenser> okay :) just wanted to be sure[23:57:26] *** axonpoet has quit IRC[23:57:30] *** ipalreadytaken has joined #smartos[23:58:17] <trentster> Licenser: not sure, perhaps there is an underlying system issue that running the script is exposing, just waiting for rmustacc to give me some pointers.[23:58:35] <Licenser> I mean reproducing it ^^[23:58:38] *** ipalreadytaken has quit IRC[23:58:44] <Licenser> crash all your systems :D[23:59:19] <rmustacc> I ran it and it didn't cause me any problems.[23:59:42] <rmustacc> dyanmic variable drops are normal in scripts that aren't properly cleaning up dynamic variables or a few other conditions.[23:59:49] <rmustacc> The DTrace guide http://dtrace.org/guide has more on that.[23:59:57] <trentster> before i run it I want to figure out what to watch to see why the load is going up, at the moment I am not sure what to watch, as prstat is not helping much I just see load avergage going up but non of the processes in the list seem to increase.[23:59:58] <Licenser> kk