02:43:00 <BaloneyGeek> So mason, I'm happy to report back that my jails are working just fine with neither the prestop ifconfig -vnet hack nor having a sacrifical epair (although the second one might be down to just using a realtek card)
02:43:27 <BaloneyGeek> mason: In fact, my jail is even IPv6 only and it Just Worked (TM)
02:43:28 <mason> BaloneyGeek: nice nice - I haven't had a chance to amend the docs but that's good to hear. I'm hoping maybe tomorrow.
02:43:31 <mason> nice
02:43:52 <BaloneyGeek> So how do I send you my new config in a private-ish way?
02:45:36 <BaloneyGeek> mason: Also, (a) it's static IP, since my hoster doesn't do DHCP, and (b) I was wondering if I could get rid of the $ep var entirely and use jid, but jail complains ${jid} variable not found
02:45:42 <mason> BaloneyGeek: mason⊙bo if you want to email it
02:46:11 <BaloneyGeek> Yes, that would be the sanest option I think
02:46:12 <mason> BaloneyGeek: looking, half a sec
02:47:29 <mason> Hrm, yeah, I don't see the jail ID available right off the bat. Looking.
02:48:18 <mason> BaloneyGeek: How about using the name?
02:48:36 <mason> Unless you wanted to use the jail ID as part of the address.
02:49:00 <mason> BaloneyGeek: Something you can do (and I used to) is have the jails all use DHCP, also.
02:49:30 <BaloneyGeek> mason: Actually the name would be fine, but I'll email you my old (ep) based config as a base
02:49:31 <mason> Ideally I want to get the config to do its set-up using the in-jail system start-up scripting.
02:49:35 <mason> kk
02:49:54 <mason> I forget what wall I hit on the way there but I'll be tackling it again before long.
02:52:07 <mason> I'd ideally like to simply drop out the start and prestop sections here, aside from launching /etc/rc: https://bpa.st/CNGWM
02:52:08 <VimDiesel> Title: View paste CNGWM
02:52:48 <mason> Another thing that interests me is the notion of more modular config, and I believe someone's been working on /etc/jail.conf.d or similar.
02:54:20 <BaloneyGeek> mason: I sent you the email, but probably check your spam as well. I do my own email server but even though SPF, DKIM and DMARC are all correct email still ends up in spam from time to time
02:54:55 <mason> I bet it goes right through. I don't think it'll make my bayesian filter blink.
02:55:12 <BaloneyGeek> I mean I got rid of the net config in jail.conf and used rc.conf
02:55:30 <BaloneyGeek> The exec.{pre,post}stop just creates, renames and tears down the epairs
02:56:09 <BaloneyGeek> I even tested tearing down the jail with a netcat connection open, worked just fine
02:57:50 <BaloneyGeek> (the point of this server and jail is to host my very public mastodon instance so I want to do it properly)
03:01:13 <BaloneyGeek> Well - "properly" would involve using netgraph and not epairs but oh well
03:01:39 <mason> Ah, so, rc.conf used to be the way you'd do it, but that's deprecated now.
03:01:55 <BaloneyGeek> Oh, tell me more
03:02:46 <BaloneyGeek> I'm still struggling with a modular network configuration on freeebsd. Here I actually miss systemd-networkd somewhat
03:03:24 * mason twitches.
03:03:42 <BaloneyGeek> hehe
03:03:56 <mason> BaloneyGeek: I don't know if configuring the jails via rc.conf will ever actually go away, but the notion is that it's not the desired method for configuring jails now.
03:04:22 <BaloneyGeek> Oh so on a host I'd still configure the network using rc.conf this way?
03:04:27 <mason> (I spent the last several years on the team at Red Hat that fielded major problems customers had with systemd.)
03:11:17 <BaloneyGeek> mason: So how would I configure the network inside a jail?
03:11:43 <mason> BaloneyGeek: Ideally, you'd make the interface available, and then have a config in rc.conf inside the jail.
03:12:12 <mason> This should just work but my last run at it saw rc finish up with no network, and I didn't see anything sufficient logged to get a handle on why.
03:12:29 <mason> More effort debugging it will crack it, but I moved on. This week I'll poke at it agian.
03:12:32 <mason> again*
03:12:54 <gman999> i dont really use jails much for a while..
03:13:04 <gman999> but i was from the 'school' of those who manually started jails
03:13:27 <gman999> since if it was broke, you dont want it doing the same thing after a reboot
03:13:35 <gman999> but it's been a whle... like 8.x days maybe
03:13:59 <mason> gman999: This cropped up even with manual starts. I need to just get some debugging output saved to see what's happening.
03:14:07 <mason> set -x a few places, say
03:14:17 <gman999> easier to trouble shoot when it's manual..
03:14:21 <gman999> yes.. in shell
03:14:22 <mason> Yeah.
03:14:36 <gman999> imagine it was remote and kept breaking on reboots without console?
03:16:49 <mason> Well. So, set -x and some sort of capture to a file. I'll figure out something reasonable.
03:17:49 <mason> ah, exec.consolelog
03:28:16 <mason> BaloneyGeek: Your config is nice and clean. Good stuff.
03:29:03 <BaloneyGeek> Thanks, I tend to err on the side of over organizing :-P
03:34:13 <mason> Alright, heading off for the night, but thanks for the inspiration. I'll get some time in massaging the config this week. o/
03:41:21 <BaloneyGeek> o/
04:04:09 <Setesh> mason: I ran into a lot of issues with jail networking due to issues with trying to use rc confs with NOJAILS options, like dhclient. Kept having to use the jail.conf to execute that stuff instead of getting it to just work via rc. Is that going to be changing in the future?
04:05:08 <Setesh> Ah nevermind, I misread the convo a bit. My bad.
05:42:27 <richz> help
05:42:54 <richz> exit
05:42:56 <richz> quit
06:18:57 <rtprio> lol
09:04:36 <meena> Setesh: I can use dhclient in jails. why can't you?
09:07:30 <MrA> I've been searching for some unix/linux scripts for my dedicated server, i need get-psybnc get-eggdrop get-znc command which when the user types it into ssh it will prompt him to install the psybnc porcess on his shell account, same thing would need for eggdrop and bnc, also a command to start all bouncers would also be usefull.
09:57:47 <mictty> what's the different between hooking a commercial console and hooking a plain monitor on a server?
10:20:42 <meena> mictty: what's a commercial console?
10:26:49 <msiism> The ~/.shrc file coming with a FreeBSD installation has two lines in it that I cannot make sense of: http://paste.debian.net/plainh/2f8849b4
10:29:03 <msiism> I mean, I know /home is a symlink to /usr/home.
10:32:42 <msiism> But I can't make sense of the condition in that code.
10:34:08 <msiism> What I find particularly confusing is `[ "$PWD" -ef "$HOME" ]`.
10:36:42 <Helper> omg I finally got Waimea window manager working.
10:37:25 * msiism finds out about the -ef primary.
11:16:11 <idwer> meena: IPMI/iLO, probably
11:16:37 <otis> or lantronix
11:33:28 <mictty> meena: terminal device
15:31:01 <mason> Setesh: No worries. I'll document what I find, probably alongside the existing config. I want to include some innovations BaloneyGeek is using.
16:48:16 <meena> mason: oh? what innovations?
16:50:14 <mason> meena: The one that jumped out was setting a consistent name for the in-jail-side epair, so I can address it without having to do anything funny to find the interface name.
16:51:14 <mason> I had some ugly machinery to poke the right name into rc.conf, but this is cleaner/better.
16:54:31 <meena> ah, yeah. so how are epairs named then like the jail itself?
16:54:48 <mason> Well, just "net0" internally, for instance.
16:55:27 <mason> So the jail's internal rc.conf can just reference that, no hocus-pocus required.
16:55:54 <meena> ah, yeah
16:56:00 <meena> but outside?
16:56:54 <mason> Outside doesn't matter as much, because I can specify the right thing in jail.conf.
16:57:16 <meena> (i used to call them vnetX, but calling them all vnet0, unless you have more than one, makes vastly more sense)
16:57:32 <meka> cbsd does that, too, and on the host the epair has jail name in interface description
16:57:47 <mason> Yeah, that'd be fairly reasonable.
16:58:25 <mason> I've been encoding part of the network address locally, but if I can cleanly go back to DHCP, which I suspect I can in the next iteration, I'll use name-based ... names.
16:58:50 <meena> libioc did that too
16:59:40 <meena> mason: main reason i'd love to get away from DHCP is so i can have slimmer jails and hosts
17:00:13 <mason> Hm, do you trim out dhclient and/or other things?
17:00:55 <meena> I don't install it, unless it's needed, but i mean the CPU and memory footprint more so than storage
17:01:03 <mason> kk, fair enough
17:02:01 <meena> I run my stuff on tiny cloud instances, and I'm poor / broke
17:02:27 <mason> Eh, fewer cycles is a better carbon footprint, so that's reason all by itself.
17:02:39 <meena> yupp, that too
17:03:11 <mason> Even without DHCP I can have the network config entirely self-contained if I rename the inside NIC anyway.
17:03:40 <mason> Then as the jail moves between hosts, it doesn't need to accomodate anything different in terms of NIC naming.
17:03:42 <meena> another reason for SQLite, other than not wanting to become a DBA https://thedailywtf.com/articles/Behavioral-Deficiencies-
17:03:43 <VimDiesel> Title: Behavioral Deficiencies - The Daily WTF
17:05:09 <mason> Heh: their development strategy had gone from “cutting edge” to “barely holding an edge,”
17:07:38 <mason> meena: Thanks. We enjoyed that.
17:53:56 <cracauer> Is there a way to go to a port's directory and have all build and run dependencies installed via pkg? I mean without awk acrobatics?
17:54:14 <rtprio> yep
17:54:33 <rtprio> make install-missing-packages
17:54:36 <cracauer> What is it?
17:54:45 <cracauer> Ah.
17:54:48 <rtprio> man 7 ports
17:54:51 <cracauer> Thank you.
17:57:45 <cracauer> Building chromium now. With 4 Haswell cores :-/
18:10:07 <meena> see also: poudriere bulk -b
19:23:43 <cracauer> make install-missing-packages only fetched 2 packages and the build is now going into overdrive building dependencies from scratch. I'm still doing something wrong.
19:26:07 <cracauer> Actually not that bad, just a couple python things.
19:59:13 <meena> cracauer: do you have latest enabled? and why are you building chromium, if i may ask?
19:59:53 <cracauer> Yes, latest pkg. No big deal, it was a quick build of a couple Python ports.
20:00:07 <cracauer> I want/need pulseaudio in Chromium.
20:00:42 <cracauer> Actually I want jackd support, but PA on top of jack is the next best thing.
20:08:35 <meena> why isn't that on by default
20:10:19 <cracauer> Apparently libsnd support, which is default, clashes with pa and alsa support. At least that is what the www/chrromium/Makefile says.
20:28:24 <meena> cracauer: makes sense
20:31:22 <cracauer> Not sure. Myself I would be more admissive to other sound options. And I wouldn't know why a libsnd module would disable the ability to use the others.
20:33:35 <cracauer> Ah, it is because FreeBSD switches to the OpenBSD sound manager when SNDIO is being used. So it is not just another module, it is a different manager.
20:35:12 <mictty> BSD desktop users are rare amongst rare
20:35:37 <mictty> sound is the real factor, hard to notice as a non desktop user
20:37:17 <cracauer> FreeBSD users are spoiled by the in-kernel mixer for OSS audio. So the pressure to use a sound demon is just not nearly as intense as on Linux.
20:38:40 <mictty> spoiled sounds good in this context
20:42:23 <meena> imagine iterating on seven subsystems for sound in twenty years, and this time, i hear, pipewire is going to be really good
20:42:46 <meena> it better be, and if it does, we should port it
20:43:22 <meena> oh, it already is
20:50:07 <mictty> saas
20:58:39 <cracauer> Pipewire looks good.
21:03:11 <cracauer> Let's put it in the kernel!
21:23:24 <meena> cracauer: as module?
21:51:21 <BaloneyGeek> mason: I'm pinging you since you have some context on the jail networking I'm trying to do
21:51:37 <BaloneyGeek> I just realised my jail loses all IPv6 connectivity after about an hour of starting up
21:52:34 <BaloneyGeek> I did some tcpdump-ing, re0 and bridge0 on the host see ICMP packets addressed to the jail, but epair2a does not
21:52:55 <mason> BaloneyGeek: I don't know IPv6 very well, but any chance it's related to auto_linklocal?
21:53:39 <BaloneyGeek> mason: auto_linklocal should just create the fe80:: address and nothing else
21:54:09 <BaloneyGeek> The fe80 address is autocalculated from the interface's MAC address, and is mandatory
21:55:07 <mason> BaloneyGeek: Hrm, I'd recommend opening a bug for this. Anything in dmesg noting activity around the time you lose the addresses?
21:56:17 <BaloneyGeek> I didn't really check, let me try
21:56:46 <mason> BaloneyGeek: Randomly, this kind of thing comes up regularly and is why I'm constantly putting my FreeBSD projects on the back burner.
21:57:17 <BaloneyGeek> What's interesting is that if I ping an external host from the jail, I see stuff flowing from the epair to bridge0 to re0 and out
21:57:31 <BaloneyGeek> The reply gets stuck at bridge0 and never makes it to epair2a
21:57:35 <mason> after the address is "gone"?
21:57:47 <BaloneyGeek> Yes
21:57:49 <mason> Or ... it's connectivity, you're not losing config?
21:57:57 <mason> That'd be something different.
21:58:01 <BaloneyGeek> Well, gone in the sense of connectivity
21:58:04 <BaloneyGeek> Not config
21:58:06 <BaloneyGeek> The config is fine
21:58:09 <mason> I misunderstood.
21:58:11 <BaloneyGeek> The routing tables are fine
21:58:37 <mason> That's interesting. So, you see in pcaps where the reply comes in, and then it's just eaten?
21:58:44 <BaloneyGeek> Precisely
21:58:50 <BaloneyGeek> Well, tcpdump
21:58:51 <mason> Can you crank up logging in your firewalling?
21:59:05 <BaloneyGeek> sudo tcpdump -ni net0 'icmp6 and (ip6[40] == 128)'
21:59:06 <mason> BaloneyGeek: Are you just looking at tcpdump textual output?
21:59:08 <BaloneyGeek> I have no firewall
21:59:33 <mason> BaloneyGeek: If you write tcpdump output to a file you'll actually capture a ton more data, which you can then peruse with wireshark, tshark, whatever.
21:59:38 <BaloneyGeek> Unless there's something turned on by default
21:59:44 <mason> I've noted things in a full capture that weren't summarized in the textual output.
22:00:18 <BaloneyGeek> I'm way out of my depth here though, I have no idea what to look for and I have never used wireshark
22:00:32 <BaloneyGeek> Is there a simpler way, or do I need to go to school now? :-P
22:01:05 <mason> BaloneyGeek: Nah, do what you're doing, but write it out to a file.
22:01:17 <mason> -w somefile
22:01:56 <BaloneyGeek> Alright, let's see what comes up. I'll do this from the host and check re0, bridge0 and epair2a
22:01:57 <mason> Then if you feed that into wireshark, you'll immediately benefit.
22:03:41 <meena> BaloneyGeek: what's your config actually look like?
22:05:19 <BaloneyGeek> meena: It's a standard VNET jail, re0 is the physical, bridge0 is a bridge joining everything and epair2{a,b} is to connect the jail to the bridge. I can share detailed configs in a bit, but I'd have to remove real IP info
22:08:59 <BaloneyGeek> mason: maybe I should leave out the (ip6[40] == 128) and capture all ICMP packets
22:10:40 <mason> BaloneyGeek: Yeah, if you aren't pumping through so much traffic that it's immediately painful, I find that I shoot myself in the foot by imposing too many filters.
22:15:31 <BaloneyGeek> mason: Nope, it's just ICMP request/reply pairs in Wireshark
22:15:46 <BaloneyGeek> Well, re0 and bridge0 have pairs, epair2a just has the request
22:16:32 <BaloneyGeek> I'm thinking this is now actually an issue in FreeBSD itself. Why would IPv4 still work just fine but IPv6 not
22:16:51 <mason> Yeah, definitely open a bug for it.
22:17:21 <mason> I should migrate to IPv6 here but I've not had the free time to tackle it.
22:17:43 <mason> (said most of the world in unison)
22:20:16 <BaloneyGeek> mason: I think I found something
22:20:36 <BaloneyGeek> The echo requests have a source MAC of the epair interface
22:20:54 <BaloneyGeek> The echo replies have a destination MAC of the physical bridge0 interface
22:21:08 <BaloneyGeek> Now I'm confused who's the naughty boy
22:28:39 <uskerine> Hi, if I buy an old SuperMicro MicroBlade server, would it work with the latest FreeBSD if SuperMicro claims that it is compatible with FreeBSD 10.0?
22:28:54 <uskerine> In general which is the level of support of datacenter rack servers?
22:31:13 <mason> uskerine: I've run into bugs in SuperMicro firmware but it tends to be a safe bet.
22:32:32 <cracauer> I use old SM servers with no problems.
22:33:27 <cracauer> Just make sure they do 64 bits.
22:33:29 <uskerine> is it just my impression or SuperMicro refurbished servers tend to be cheaper than HP or others?
22:33:44 <uskerine> (that is a bit offtopic)
22:33:45 <mason> They're fairly cheap.
22:40:46 <uskerine> when I get the server with the caddies but not the HDs, can I use regular 3.5" HDD or do they have to be specific for servers? That is something I never fully understood in servers
22:41:56 <thumbs> server-grade disks usually have more cache than more common non-commercial offerings.
22:42:47 <thumbs> plus, the RPM of the commercial spinning disks is usually higher for commercial options
22:44:01 <thumbs> that being said, if you're using this for a lab or personal use, you can get away with cheaper disks; the RAID controller can work fine with those.
22:45:10 <uskerine> Yes I am looking to have this as my personal lab (professional but still intended to be used as a "workstation")
22:45:17 <cracauer> Any old 3.5" is fine, except SAS when you don't have a SAS controller and backplane.
22:46:36 <mason> uskerine: You can stick SATA in a SAS slot, but not vice versa.
22:47:19 <uskerine> good to know, thanks a lot
22:49:35 <BaloneyGeek> mason: I think it's definitely Hetzner's fault. I just rebooted the jail and tried tcpdump again, and now the ICMP replies have the correct destination MAC address and everything works
22:49:53 <BaloneyGeek> Thanks for pointing me to Wireshark :-)
22:50:00 <mason> Sure, enjoy. It's kind of fun.