Mr. Crow posted:I'm fuzzy on the details of exactly how it works since it's still very much alpha/beta quality (the rootless side, anyway); but afaik it's not actually "dropping privileges", it's completely in the scope of the user process and namespaces. It's still using cgroups and namespaces because, well, that's what the linux kernel has; but the crux of it come from https://github.com/rootless-containers/slirp4netns which piggy backs off the kernel to handle user networking. Last time I tried to use it (a year or ago or so) it was still pretty limited and by necessity will never have a lot of networking related features you might expect but still a pretty cool idea if it will fit within the scope of what you need it to do. As for build status, the FreeBSD project runs a build cluster of about 20 machines that build exp runs (ie. testing what happens when, for example, llvm switches default from 10 to 11), package builds (what you're looking for) and qat builds (which I think is quality-assurance-testing, but I've never really looked into that side of it). Do note, however, that like half the package building servers are IPv6-only, so you might need to setup some sort of tunnel. This is in addition to the CI cluster, test cluster one, and reference machines (machines provided to FreeBSD developers to work on) as well as the network testing cluster and probably a few others including but not limited to all the infrastructure used to run the FreeBSD project website and authentication infrastructure. An easier way to figure out what you want to know, though, is via the ports fallout site, which essentially just lets you search the pkg-fallout mailing list archives. BlankSystemDaemon fucked around with this message at 12:01 on Mar 30, 2021 |
|
# ? Mar 30, 2021 11:26 |
|
|
# ? Apr 23, 2024 19:08 |
|
Anyone know of some kind of product or project that manages connecting to remote console and managing power in a server room in a modern way? We've got a home brewed package that we've been using for 10+ years and it technically does the job, but it's super hard to modify and I've been getting more frequent requests to add features. If I could throw the whole thing out with something fancy that would be loving swell. Basically we got a few thousand systems with a mix of ipmi and traditional serial port accessible over a private network, and over the years folks in house developed a collection of scripts to connect to a serial console by hostname or cycle the system's power. Now people want to build rack maps and asset tracking in to it (or at least, be able to export that information) and I realllly don't want to be the poor schmuck that has to write that. There's got to be something out there, right? How do the cloud providers do OOB management "centralization" these days?
|
# ? Mar 30, 2021 20:52 |
|
xzzy posted:Anyone know of some kind of product or project that manages connecting to remote console and managing power in a server room in a modern way? We've got a home brewed package that we've been using for 10+ years and it technically does the job, but it's super hard to modify and I've been getting more frequent requests to add features. If I could throw the whole thing out with something fancy that would be loving swell. for the hardware? usually hope, combined with dc techs and either a phone camera or, if you are lucky, a kvm spider at least based on the last 3 cloud providers I have worked for
|
# ? Mar 30, 2021 21:44 |
|
Then maybe I should package up our code, clean it up, and start selling it because that sounds like agony.
|
# ? Mar 30, 2021 22:05 |
|
RFC2324 posted:dc techs and either a phone camera triggered. I spent so much time looking through bad skype video calls trying to figure out messed up network connections and failed pxe boots from things without remote console. Nobody tells you that part about being 'on-prem' that's actually 3000km away.
|
# ? Mar 30, 2021 22:07 |
|
You guys want me to see if I can find the plans for the homemade remote PDU’s I posted
|
# ? Mar 30, 2021 22:34 |
|
xzzy posted:Anyone know of some kind of product or project that manages connecting to remote console and managing power in a server room in a modern way? We've got a home brewed package that we've been using for 10+ years and it technically does the job, but it's super hard to modify and I've been getting more frequent requests to add features. If I could throw the whole thing out with something fancy that would be loving swell. I believe Redfish is the standard you would want to use for at least the IPMI portion of your needs.
|
# ? Mar 30, 2021 23:14 |
|
xzzy posted:Then maybe I should package up our code, clean it up, and start selling it because that sounds like agony. I think the problem is that cloud providers won't pay for anything that customers aren't going to see. everything else is either FOSS(cool), developed in house(mixed), or a collection of scripts that someone found on a github somewhere I work for a company that does white glove service for high profile clients, and we don't actually have a deployment process, just someone in supports roommate building out servers based on specs sales gives him never work in hosting, kids
|
# ? Mar 30, 2021 23:40 |
|
Saukkis posted:I believe Redfish is the standard you would want to use for at least the IPMI portion of your needs. That's a pretty cool standard that I hadn't run across and certainly looks more fun than ipmitool. Supermicro's implementation seems pretty thorough too. So next time I'm told to reinvent this stuff that's where I'll start. But my hunt is more for some kind of access portal that makes it easy to connect to a system's console. Like it keeps a database of all BMC's, console servers and PDU's, associating the correct addresses/ports to a given hostname so an admin can Do Stuff with a couple simple commands. RFC2324 posted:never work in hosting, kids I work in hosting. But my only customer is my employer so it's slightly less agonizing, there's no sales team to promise stuff that doesn't exist. I feel like we've done pretty good using existing tools for managing hardware lifecycle when such tools exist, but there's a couple sore points left to deal with.
|
# ? Mar 31, 2021 14:55 |
|
Are there any distros that work with WSL2 that aren’t on the Microsoft Store? I’d never heard of it before and it’s much easier than setting up a VM, as well as tons of setups on YouTube and tutorials (I haven’t set up a VM since around Ubuntu 12? 13? Long ago). I’m sure the process is seamless and faster these days, but I was bringing up a bash terminal in WSL2 Debian within like 10 minutes. It’s more fun to play around and crash doing poo poo and learning not to do things than dual booting, too 🤓.
|
# ? Apr 1, 2021 15:43 |
|
DerekSmartymans posted:Are there any distros that work with WSL2 that aren’t on the Microsoft Store? I’d never heard of it before and it’s much easier than setting up a VM, as well as tons of setups on YouTube and tutorials (I haven’t set up a VM since around Ubuntu 12? 13? Long ago). I’m sure the process is seamless and faster these days, but I was bringing up a bash terminal in WSL2 Debian within like 10 minutes. It’s more fun to play around and crash doing poo poo and learning not to do things than dual booting, too 🤓. Gentoo runs on WSL2 and it's pretty much the ultimate "play around and crash doing poo poo and learning not to do things" distro.
|
# ? Apr 1, 2021 17:45 |
|
Thread title still relevant: https://arstechnica.com/gadgets/2021/04/xinuos-finishes-picking-up-scos-mantle-by-suing-red-hat-and-ibm/ Except now they're mad that IBM+RedHat are trying to destroy freebsd.
|
# ? Apr 1, 2021 23:43 |
|
xzzy posted:Thread title still relevant: I saw that earlier today and was hoping it was an April fools thing.
|
# ? Apr 2, 2021 00:08 |
|
Good lord, just last week I was explaining to someone what the thread title meant and went down a little rabbit hole into the utter failure of SCO's patent trolling attempts. Can't believe it's been necroed in some way.
|
# ? Apr 2, 2021 01:59 |
|
NihilCredo posted:Gentoo runs on WSL2 and it's pretty much the ultimate "play around and crash doing poo poo and learning not to do things" distro. Excellent! I should be able to find downloads and tutorials on my own, now that I have a search term!
|
# ? Apr 2, 2021 04:58 |
xzzy posted:Thread title still relevant: They're simply a downstream consumer, not a single line of code has gone into FreeBSD as having been tagged by them at any point, not even sponsored code. I'm not a lawyer, but I'm pretty sure the basis they're using to sue IBM+RedHat is that they somehow own what others have owned in the past which at some point might've been something UNIXy, although it's not entirely clear which company owns what, as some companies that seem to own some of it don't even lay claim to it or have released it to academic research (see the pdf of the Alcatel-Lucent V8, V9 and V10 UNIX releases). BlankSystemDaemon fucked around with this message at 13:23 on Apr 2, 2021 |
|
# ? Apr 2, 2021 13:17 |
Kind of a weird issue going on here. I have an Ubuntu server 20.04.2 VM running using VMWare Player, started with an NSSM service when my Windows computer boots. All of this works perfectly and I can ssh into the VM after the computer boots. But after a restart, I can't access any of my docker containers over the network. They're all listed as running if I do a systemctl status docker, and I have docker added to my user group and all that stuff. If I do systemctl restart docker, then it restarts and I can access everything perfectly. The only thing that changes in the systemctl status output is the PIDs of the processes. Any ideas what's going on here? Should I just set up a script that runs systemctl restart docker like 90 seconds after boot or what?
|
|
# ? Apr 7, 2021 21:54 |
|
tuyop posted:Any ideas what's going on here? Should I just set up a script that runs systemctl restart docker like 90 seconds after boot or what? Docker is probably trying to bring up interfaces too fast, and either a timer or a dependency should do the trick. Depends how mich effort you want to invest and how immediately you need the containers available
|
# ? Apr 7, 2021 22:59 |
|
alright fellas im doing completely legal things with my pi and i want my plex media server to start outside of my vpn so i can do some poo poo with it i have a script that would run it outside the vpn if passed as an argument, but the thing about that is of course the plex systemd unit is complicated as gently caress so i cant figure out what i need to override or how the script that runs its argument outside the vpn is just called 'novpn.sh', i've stuck it in /usr/bin, so if i wanted to run 'foo' outside the VPN, i'd just do novpn.sh foo get a loada this poo poo pre:[Unit] Description=Plex Media Server After=network.target network-online.target [Service] Environment="PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR=/var/lib/plexmediaserver/Library/Application Support" Environment=PLEX_MEDIA_SERVER_HOME=/usr/lib/plexmediaserver Environment=PLEX_MEDIA_SERVER_MAX_PLUGIN_PROCS=6 ExecStartPre=/bin/sh -c '/usr/bin/test -d "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}" || /bin/mkdir -p "${PLEX_MEDIA_SERVER_APPLICATION_SUPPORT_DIR}"' ExecStart=/bin/sh -c '\ export PLEX_MEDIA_SERVER_INFO_VENDOR="$(grep ^NAME= /etc/os-release | awk -F= "{print \\$2}" | tr -d \\" )"; \ export PLEX_MEDIA_SERVER_INFO_DEVICE="PC"; \ export PLEX_MEDIA_SERVER_INFO_MODEL="$(uname -m)"; \ export PLEX_MEDIA_SERVER_INFO_PLATFORM_VERSION="$(grep ^VERSION= /etc/os-release | awk -F= "{print \\$2}" | tr -d \\" )"; \ export LD_LIBRARY_PATH=/usr/lib/plexmediaserver/lib; \ exec "/usr/lib/plexmediaserver/Plex Media Server"' Type=simple User=plex Group=plex Restart=on-failure RestartSec=5 StartLimitInterval=60s StartLimitBurst=3 SyslogIdentifier=Plex Media Server StandardOutput=journal StandardError=journal [Install] WantedBy=multi-user.target
|
# ? Apr 8, 2021 01:21 |
|
You need to change the `ExecStart` line which unfortunately is a big mess in this case. I don't think there's a way to just wrap the value with your script, you need to write a new `ExecStart` that has the same value as that, except changing the `exec /usr/lib/...` line at the end to be `exec novpn.sh /usr/lib/...` Source: https://unix.stackexchange.com/questions/567296/can-one-wrap-a-systemd-execstart-in-a-shim-without-reiterating-or-changing-the-c Using an override will mean you can make a separate file that only has your `ExecStart` line and not the rest, so the original file can keep being updated and your changes will continue to apply. So you want an override that says this: (the source linked above says to clear the value first, not sure if that's necessary) code:
I realize this is a huge pain in the rear end so, if you explain a bit about how the no-VPN script works, there might be a less convoluted way to accomplish it. xtal fucked around with this message at 01:39 on Apr 8, 2021 |
# ? Apr 8, 2021 01:36 |
|
hbag posted:alright fellas im doing completely legal things with my pi and i want my plex media server to start outside of my vpn so i can do some poo poo with it Post the script you use. Create an override for your unit like this where you set the exec to be however you instantiate your novpn.sh /etc/systemd/system/plex.service.d/novpn.conf But make sure plex.service is what the real one is actually named pre:#/etc/systemd/system/plex.service.d/novpn.conf [Service] ExecStart=/usr/local/bin/novpn.sh foo Methanar fucked around with this message at 01:42 on Apr 8, 2021 |
# ? Apr 8, 2021 01:39 |
|
xtal posted:You need to change the `ExecStart` line which unfortunately is a big mess in this case. I don't think there's a way to just wrap the value with your script, you need to write a new `ExecStart` that has the same value as that, except changing the `exec /usr/lib/...` line at the end to be `exec novpn.sh /usr/lib/...` Methanar posted:Post the script you use. Yeah, I know I need to override the ExecStart, but my issue was, like the first quote said, that the ExecStart is a huge mess in this case. And, sure, I'll stick the novpn script in a pastebin. I didn't write it, so... https://pastebin.com/Hi5AEWY9
|
# ? Apr 8, 2021 01:50 |
After playing in Gnome 40 in Fedora 34 for a few days now, I'm really liking the experience. A much snappier response than KDE Plasma was. I really didn't need the billion options to customize Plasma to be honest, and the virtual desktop analogy works better for me than KDE's version. Only real weirdness on Fedora 34 so far is some sound issues with a WINE application I use (it doesn't see any devices) I assume this is probably due to Pipewire being implemented in Fedora 34.
|
|
# ? Apr 8, 2021 02:11 |
|
...maaaaaybe i could just put THIS in the override file?pre:ExecStart=novpn.sh $(/bin/sh -c '\)
|
# ? Apr 8, 2021 06:21 |
|
Nitrousoxide posted:After playing in Gnome 40 in Fedora 34 for a few days now, I'm really liking the experience. A much snappier response than KDE Plasma was. I really didn't need the billion options to customize Plasma to be honest, and the virtual desktop analogy works better for me than KDE's version. Did you try changing the animation speed in KDE? Every complaint I've heard about snappiness has been resolved by doing that. What's the difference in how the virtual desktops work?
|
# ? Apr 8, 2021 07:26 |
|
I don't know off the top of my head if that ExecStart syntax is valid but you must put it under a [Service] header. I use plex but i really loving hate it. imho it is nicer to run it as a container. set up one container network that is routed through the vpn and another that isn't. put the plex container on the network without vpn.
|
# ? Apr 8, 2021 07:28 |
|
other people posted:I don't know off the top of my head if that ExecStart syntax is valid but you must put it under a [Service] header. man i really cba to figure out containers i dont think especially since im guessing the movie files would also need to be in the container
|
# ? Apr 8, 2021 07:42 |
|
hbag posted:man i really cba to figure out containers i dont think pre:docker run \ -v /mnt/legal_movies/:/home/plex \ linuxserver/plex
|
# ? Apr 8, 2021 08:04 |
|
Methanar posted:
im very sleep deprived so that might be it but i have no idea what im looking at here also lol at the fact my vpn used to offer UPnP port forwarding so this wouldnt have been an issue but they stopped doing that for now so i cant use that loving mullvad
|
# ? Apr 8, 2021 08:11 |
|
Also check out jellyfin instead of plex. The LinuxServer guys have made a good image with good documentation in case you need stuff like 4K hardware acceleration: https://docs.linuxserver.io/images/docker-jellyfin
|
# ? Apr 8, 2021 09:40 |
|
hbag posted:im very sleep deprived so that might be it but i have no idea what im looking at here mounting a volume (-v) from host onto the container. this way the container can interact with files on the host
|
# ? Apr 8, 2021 13:46 |
|
Please don't use anything by LinuxServer if you plan on exposing it to the world at all, at least a couple years ago it was a complete poo poo show.
|
# ? Apr 8, 2021 16:00 |
RFC2324 posted:Docker is probably trying to bring up interfaces too fast, and either a timer or a dependency should do the trick. Depends how mich effort you want to invest and how immediately you need the containers available Thanks. Would I just use systemctl to delay the start of docker.service? Kind of like this article here? https://wiki.archlinux.org/index.php/Systemd/Timers
|
|
# ? Apr 8, 2021 17:41 |
|
tuyop posted:Thanks. Would I just use systemctl to delay the start of docker.service? Kind of like this article here? https://wiki.archlinux.org/index.php/Systemd/Timers I would either make the docker file dependent on the network service being fully up, or create a unit file that completes when it can successfully ping, and put that between the two. I'm sorry about the lack of reference, I do most of my posting from the bathtub 😅 If you want a timer, i would just add 'sleep 90' to the launch script, its a quick easy fix from every angle
|
# ? Apr 8, 2021 17:45 |
|
Mr. Crow posted:Please don't use anything by LinuxServer if you plan on exposing it to the world at all, at least a couple years ago it was a complete poo poo show. Can you expand on the poo poo show? I normally stick to the official images whenever possible, but for Jellyfin in particular I have in fact been using the linuxserver image because the official one had trouble on the Pi (don't remember exactly what).
|
# ? Apr 8, 2021 22:47 |
|
calusari posted:mounting a volume (-v) from host onto the container. this way the container can interact with files on the host right, but is that a command, or a script? the indentation's throwing me off
|
# ? Apr 9, 2021 01:10 |
|
It's an argument to the docker command. The backslash causes the shell to ignore the newline and treat the next line as a continuation of the current command. Handy for making shell commands legible!
|
# ? Apr 9, 2021 01:15 |
|
ah if it isnt obvious i have never touched docker in my life and barely understand what it even is besides "sort of a virtual machine except it isn't"
|
# ? Apr 9, 2021 01:16 |
hbag posted:ah Also, now I wanna watch SEL. drat you.
|
|
# ? Apr 9, 2021 01:38 |
|
|
# ? Apr 23, 2024 19:08 |
|
BlankSystemDaemon posted:Also, now I wanna watch SEL. drat you. good
|
# ? Apr 9, 2021 01:40 |