IRC Logs for #crux-devel Sunday, 2016-11-13

*** onodera has quit IRC01:03
*** mavrick61 has quit IRC03:35
*** mavrick61 has joined #crux-devel03:37
teK__jue: sure, right at it10:25
teK__frinnst: I toyed around with gitolite on the new server and like the results pretty much10:25
teK__we should definitely check to also offer git repos to the community, this is really easy now10:26
teK__only limiting factor could be disk space (yes, I know ...) which could be worked around with quotas, just to be safe10:26
teK__oh and frinnst: there seems to be no connectivity for this machin except SSH, correct?10:29
teK__installing stuff is a little annoying atm10:29
teK__jue: I created a port in 3.3. Usually we merge from old (3.2) to new (3.3), right?10:31
frinnstcurrently just tcp/22,80,44310:37
teK__53/{udp,tcp}, please?10:37
frinnstteK__: yeah, we pull 3.2 to 3.310:37
frinnstsure10:37
teK__thanks10:38
frinnstI wonder if rush might be an appropriate shell to use?10:39
frinnsthttps://www.gnu.org/software/rush/10:39
frinnstfound it just before zoidberg went offline so I havent had time to test it10:39
frinnstport 53 should be open now10:44
teK__great10:45
teK__looking.10:45
teK__ok frinnst. But for whom? :)10:47
teK__gitolite authenticates based on your pub/private key and runs as a single user10:47
teK__i.e. only admin/dev folks need real shell access10:47
frinnstyeah if we use something like gitolite it would probably be redundant10:48
teK__gitolite also is a git repo itself, so you get a paper trail for configuration changes10:48
teK__and it has implicit groups, i.e. if you link my key in keydir to keydir/opt, I am in that group from then on10:49
teK__permissions for that group look like this: repo opt\n   RW+ = @opt10:49
teK__done10:49
teK__it would work the same for our 3rd party developers access (but with a different user), you create a "wild repo" config simply link a new pubkey into that particular group's directory10:50
frinnstah, outbound lookups are broken?10:52
teK__they wer, last time I checked10:55
frinnstdoh. IP is reused. seems some old rules are still in place10:56
frinnstthere we go11:02
teK__yay11:02
teK__oh and <3 for using lilo11:02
frinnsthehe11:02
frinnsteasy to get started with11:03
teK__does this thing have a decent raid controller or do we have to mdraid the disks?11:03
frinnstmd11:03
teK__yeah, it's totally fine, although the config needs a make over :P11:03
teK__ok I dont fully get the DYLIB switch or why this fixes external apps11:14
teK__rebuilding llvm..11:20
teK__uhm how is menuconfig broken?11:29
*** nwe has quit IRC11:31
teK__ok, the check is b0rked, menuconfig works11:48
frinnstwould grsec patches be a good idea perhaps?13:00
teK__I thought about it and think they may be a little over the top, I have experience configuring it, though13:00
teK__dont wonder, I rebooted twice :)13:01
teK__btw.. what's the reason for that exact version? (it's outdated ;)))13:03
frinnstwhat version?13:05
frinnstkernel?13:05
teK__yes13:05
teK__i am JOKING13:05
frinnst...13:05
frinnstthat whitty german humor!13:05
teK__YOU SEE13:05
teK__also grsec has changed mode of providing patches, we may have to switch to table13:07
frinnstwhaat?13:09
teK__yeah13:09
teK__you get patches for stable, though13:09
teK__we would have need it more for the old server imho, shell access for people should be kept to a minimum13:11
teK__I want to look into using minijail for rsync and the likes13:13
teK__jue: there is quota 4.03 on https://sourceforge.net/projects/linuxquota/13:28
jueah, missed that, thx13:33
teK__welcome :)13:33
teK__btw, I need to spend 50EUR. To you or to frinnst?13:34
juefrinnst13:34
*** onodera has joined #crux-devel13:40
teK__btw I have run into issues with quotacheck as / is put as /dev/root into /etc/mtab, but the file does not exist, so I had to symlink sda1 to root for things to work14:04
jueteK__: I don't use quota any more, so you can do me favour and adopt/fix it ;)14:08
juebtw, just tried to build 4.03, is broken without additional patches14:10
teK__I can try to fix it, yes.14:11
jueguess we need at least patch '[39fd30] Fix build with disabled ldap'14:13
jueand maybe '[1d9542] Don't link all binaries with ldap library'14:14
jue.oO it's a mess, I don't get it why people are not able to release a new version with such important fixes14:16
teK__agreed14:16
pedjaeverybody is using ZFS, so why bother?14:22
pedjaACTION runs14:22
teK__WinFS14:22
jueteK__: HEAD builds fine14:25
teK__of course, so everything is fine ;)14:26
jueand the dist-xz make-target as well, so probably best to use our own tarball14:27
teK__I can write an email14:28
jueteK__: committed a new new version, please test and adopt if you like15:29
teK__btw.. pkgadd.conf contains this: UPGRADE^etc/.*$NO15:51
teK__I upgraded glibc on crux.new... rejmerge asked if I wanted to replace shadow, passwd etc.15:52
teK__frinnst/jaeger: any feelings on moving ssh to e.g. 62222/tcp?15:54
teK__This would 'complicate' git clones ..15:55
jaegeralready using 2222 on crux.nu for git, I don't have any objection16:01
teK__as we will have ipmi, I dont see any use in a dual ssh-daemon setup anymore16:01
jaegerdidn't we have the secondary one because of some weird throttling or connection limiting on the default port in kalmar ndc?16:02
jaegerI may be misremembering16:02
teK__charly said there was no throttling16:03
jaegerI don't think there was any throttling as far as speed goes but there were definitely connection limits16:07
jaegerconnecting twice in a short amount of time would fail, for example16:07
jaegermaybe that's no longer the case, I haven't tested recently16:07
teK__ok. So port !22 ftw16:07
teK__I wont do it now anyways, as frinnst seems to be a firewall nazi ;>16:08
jaegerI also think moving to gitolite would be a good plan. gitolite and gitosis both were suggested in the past but I don't remember why they were rejected16:16
teK__time constraints?16:17
teK__dunno, I setup a test with gitolite and like it very much16:17
teK__irony: I cannot connect to crux.nu:22 currently16:27
*** darfo has joined #crux-devel16:44
jueyes, we had/have? performance problems on crux.nu and ssh on std port, that was the reason for dropbear on 222217:16
jaegerok. I thought I hadn't made that up, heh18:07
frinnstthere were an issue with duplex/autoneg with crux.old. its fixed now though19:17
frinnstbtw my crux.nu backup hasnt completed in a while. jaeger, do you still do backups?19:18
jaegeryes19:21
jaegerat least for /home /var /etc and /root19:21
frinnstcgnat is evil :(19:22
frinnstteK__: can you get some iptables rules up? then i can open up for everything19:24
frinnstand i think I need help in sorting out the appropriate ipmi hardware. I find it very confusing :-)19:25
jaegerhttp://sprunge.us/FMCF <-- here's an example of what I use and think is a pretty decent config19:27
jaeger(iptables)19:27
frinnstipmi for "SYS-6015P-TRB-TR008"19:28
frinnsthttps://www.supermicro.com/products/motherboard/Xeon1333/5000P/X7DBP-i.cfm19:29
frinnstAOC-SIM1U-3B(+) and AOC-SIM1U-3D seems to be what we need19:30
jaegeryep, those are the ones I mentioned before19:30
frinnsthttps://www.amazon.com/Supermicro-AOC-SIM1U-3B-Add-PCIEX8-SIM1U3D/dp/B000QRPTUS19:31
frinnst$8219:31
frinnsthttps://www.amazon.com/Supermicro-AOC-SIM1U-3D-Add-on-Card/dp/B000KBI2RC19:32
frinnstso $82+$39 ?19:32
jaegerhttp://www.ebay.com/itm/SUPERMICRO-AOC-SIM1U-3B-REV-1-0-ADD-ON-CARD-/331877532853?hash=item4d457144b5:g:6u8AAOSwrklU-fDK19:32
frinnstI dont have an ebay account19:34
frinnstnow I do19:35
frinnstWe're not sure if the seller ships to your location. Here are your options:19:37
frinnstmeh19:37
frinnstWhat countries do you ship to?19:37
frinnstThis seller ships to the following countries: Canada, United States19:37
jaegerIf there's an ebay equivalent around you that might be better19:38
frinnstyeah but cant find what we need19:38
frinnstsupermicro isnt that big in sweden unfortunately19:39
jaegerok19:57
frinnstthink you could buy and ship?21:08
jaegerprobably. Would that one I linked work or do we need something else/additional?21:11
frinnstyeah that works. but we still need the daughterboard21:15
jaegerAh, so it's two pieces?21:17
jaegerI was thinking they were both options but guess it's all or nothing21:20
frinnsti think so, yeah21:21
frinnstthats why im confused :)21:21
frinnsthttps://www.rinnestam.se/IMG_20161101_110903.jpg21:21
frinnstyou can see the ipmi slot in the top right21:21
frinnstthe black socket21:21
jaegerok21:21
frinnst"SIM1U IPMI" ITS CALLED21:22
frinnstoops caps21:22
jaegerhttp://www.supermicro.com/manuals/other/AOC-SIM1U.pdf <--- maybe this will shed some light21:22
frinnstyeah i've checked that. still confused :-)21:23
jaegerlooks like the card and then the usb bracket thing with the RJ45 port21:24
jaegerhttp://www.supermicro.com/manuals/other/AOC-SIM1U-3BD.pdf21:26
jaegerThat gives me the impression that the 3d isn't required but not sure21:27
frinnsthttp://www.ebay.com/itm/SUPERMICRO-AOC-SIM1U-3B-REV-1-0-ADD-ON-CARD-/331877532853?hash=item4d457144b5:g:6u8AAOSwrklU-fD doesnt seem to have any connectors other thatn the pci thingy21:27
frinnstdont see how you can connect a cable to it21:28
jaegerIs one of them just converting pci to pci-e?21:28
frinnstif you look at my image, it seems you could screw the sim1u-3d in place at the top right21:29
frinnstthere are no pure pci connectors on the motherboard. just pci64 (pci-x) and pcie 8x21:30
frinnstcheck page 11 on http://www.supermicro.com/manuals/other/AOC-SIM1U-3BD.pdf21:30
frinnstthat assmebly would fit like a glove in the top right corner21:31
jaegerso it's dedicated LAN... which we may not need21:31
jaegerIf the 3b allows ipmi over the main LAN port (which is how the ipmi in my x9scm-f works)21:31
frinnstah21:32
frinnsti assumed one of the ports of 3d supplied kvm21:32
jaegertrying to find out21:33
jaegerfrom the 3d ports and indicators section:21:34
jaeger"LAN Port 1 (JLAN1) provides the IPMI/KVM connections to the AOC-SIM1U-3B/21:34
jaeger3B+ add-on card. "21:34
jaegerso that would suggest both are needed21:34
frinnstyeah. page 5: "The AOC-SIM1U-3B/AOC-SIM1U-3B+ add-on card is used in conjunction with its AOC-SIM1U-3D daughter card"21:35
frinnst"KVM-over-LAN is only for the AOC-SIM1U-3B+ only."21:36
jaegeryeah, saw that... I assume that means 3b+ vs. 3b21:37
frinnstso the ebay item we found wont do the job?21:37
jaegerThe lowest price I see for the 3b+ is $15021:38
jaegerwhereas the 3b is $20 :P21:38
jaegercrazy21:38
jaeger$30 for the 3d21:38
jaegerSo I think we need 3b+ and 3d21:39
jaegerNOT 3b and 3d21:39
frinnstyeah21:39
frinnsthttp://www.avadirect.com/AOC-SIM1U-3B-IPMI-2-0-Controller-with-Virtual-Media-Over-LAN-KVM-Over-LAN-PCI-E-x8-for-AOC-SIM1U-3D/Product/66135621:39
frinnst3b+ $8021:39
jaegermost places that sell them are out of stock or discontinued, looks like21:39
frinnstmm, "availability unknown"21:40
frinnstfeck21:40
jaegerWell, how much do we really need kvm over ip?21:40
jaegerIf we really want it, the $83+$30 may be the best21:40
frinnstwhats the point of ipmi if we dont have kvm?21:41
jaegeryou can still do other stuff with ipmi like monitoring, power control21:41
frinnstif we kept the server where i work i wouldnt care since i can get physical access easily21:42
frinnstthe biggest worry about not having kvm access is kernel upgrades i think?21:43
jaegerIt would be nice to have, certainly. Not arguing that21:44
frinnsthttps://www.server-hardware.com/shop/supermicro-aoc-sim1u-3b-ipmi-karte,62.html21:44
frinnst80EUR21:44
jaegerBesides, if we use this server as long as the previous one, it amortizes well21:44
frinnstACTION pokes teK__, jue 21:44
frinnstknown retailer for you guys?21:45
frinnst41EUR for the 3D21:46
frinnsthttps://www.server-hardware.com/shop/supermicro-dedicated-lan-fuer-aoc-sim1u-3d,63.html21:46
jaeger80+41 and shipping is probably cheaper than buying it here and shipping overseas21:46
frinnstyeah21:46
frinnstand it would be brand spanking new :)21:47
frinnstshould I order it?21:51
frinnstbah, +19% VAT21:52
frinnsttotal 150EUR21:52
jaegerI think it's probably worth getting21:53
frinnstthey dont sell to invdividuals21:53
frinnsti need to supply a fucking trade license21:53
frinnstasdf21:53
jaegerlame21:53
frinnsti'll check tomorrow if I can buy through work21:54
jaegerok22:05

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!