00:25:19 just to check... when you put a bridge (or any other virtual interface) on the physical device, you should move IP configurations to that... aka you put a bridge ontop of the physical interface, the network config should be on the bridge right? 00:44:48 polarian: I am unable to answer your question 00:44:48 but 00:44:58 are you the same Polarian on the ArchLinux mailing lists? 00:45:22 levitating: yes... why are you asking? 00:45:38 no way, it is! I can see you're domain you're connecting through 00:45:49 the internet is a small place I guess 00:45:57 hmmm 00:46:12 I am not around Arch Linux much anymore 00:46:13 I've seen less of you on the mailing lists recently, I guess you've been busy with freebsd? 00:46:24 I have seen you on this channel before but I forgot to ask 00:46:59 btw your website is serving the wrong cert 00:47:27 Its complicated... I became disillusioned with Linux completely but was too lazy to ever make the switch until a few months ago when I decided to pick up a E6430, libreboot it and FreeBSD it 00:47:35 I haven't used my Arch Linux laptop in months 00:48:03 Arch remains my choice when I need Linux, but when I don't Open/FreeBSD is my choicre 00:48:13 How come you've become become disullusioned with Linux 00:48:30 my website is down lol... its nginx trying to redirect it to a different site as it has no entry for it 00:49:45 levitating: Too busy fighting over licencing, and the distro sprawling... Arch for me has turned into a warzone where everyone is trying to prove they are superior 00:49:56 (it was always a little like that, but it feels like its got worse) 00:50:08 I honestly cannot share those concerns 00:50:19 I have never been happier since I moved os 00:50:37 The REAL ArchLinux community is honestly rather small. 00:50:55 Most work is done by a handful of very active and respectful package maintainers 00:51:11 I still stick around the mailing list to help when I can, and I have a friend which uses arch... but considering I was into BSD and their way of thinking for a long time now... I don't plan to hop back 00:51:27 Linux fight over everything, init system, coreutils etc 00:51:38 I also enjoy FreeBSD but it's not something I want to rely on for desktop use. 00:51:51 its actually worked really well on desktop surprisingly 00:51:59 For desktop use I see FreeBSD as my retirement plan, when I can buy hardware that I know suits it, and I have time to write my own drivers. 00:52:25 ah right... yeah freebsd is a little like old-linux... where you buy hardware which is supported, Linux literally can run on almost anything these days 00:52:36 but any old laptop should run FreeBSD easily 00:52:44 To be brutally honest I haven't been that amazed by the freebsd community 00:53:11 (casually insulting the community in the community) 00:53:39 On the forums there's these discussions where vscode is talked about like it's the spawn of the devil 00:53:57 * polarian doesn't disagree 00:54:06 I am not sure what the word for it is 00:54:46 At the end of the day its peoples personal opinion, you got to bare in mind BSDs have a lot of long term Unix fans who are likely obsessed with vim... 00:56:42 I mean it was just an example. What I notice is a lot of judgement towards others based on their software preferences. 00:56:50 I don't dare to bring up systemd on the forums. 00:57:23 And honestly the lack of proper service managements is one thing that really bothers me on FreeBSD. 00:57:40 Though enjoy the more "authentic" unix experience sometimes 00:57:49 I believe people get fustrated at linuxism 00:58:13 But in any case in the forums I see a lot of hate-talk towards other people just for their software preference and that's just not cool 00:58:23 You got to bare in mind Linux and BSD are totally different yet people see them as the same thing 00:58:41 polarian: I have even seen people get mad because "the deskop users" were forcing some ideoligy unto them 00:59:04 what I am saying is that the nature of FreeBSD attracts a certain type of person 00:59:09 I haven't participated within the FreeBSD forums 00:59:21 It's a fun place most of the times 00:59:27 and the nature of Arch Linux attracts a certain type of person 00:59:29 so does gentoo 00:59:48 It definitely does, but in particular ArchLinux attrachts a younger generation 00:59:59 levitating what type of people? 01:00:42 s2r: the type of people who judge others without the ability to self-reflect or accept change 01:01:03 I don't mean to generalize a whole community, but I've seen more bad apples of that particular type in the freebsd community than most others I've visited 01:01:09 levitating: why do you think I left? filled with paranoid corporate-hating kids which don't care about anything other than "fuck microsoft"... people who use BSD are here because they are passionate about what they believe in... 01:01:25 polarian: You were also much to close to the more iffy parts of the community 01:01:36 iffy? 01:02:04 I don't know a better word it's 3am and I smoked a bit 01:02:28 ArchLinux isn't run or developed by the edgy kids you find on the forums or reddit, I must admit that ArchLinux also has a problem with its community 01:02:46 But the IRC channels are generally really nice 01:02:49 I have bad experience with Arch... including abuse from staff members themself 01:02:54 So is the gitlab 01:03:01 I apposed the move to gitlab 01:03:09 and was slammed by a staff member for having an opinion 01:03:42 People can be insensitive but maybe you also took it too harsh, it's hard to see intent over messages over the internet 01:03:56 I have tried the modern git workflow of pull requests and issues... its horrible 01:03:58 The change to gitlab was a massive endeavour of which I think most PMs voted positively for 01:04:04 levitating I've been using FreeBSD since 99 and I haven't dealt with that type of people. Maybe I was lucky. 01:04:05 indeed 01:04:13 but what I was worried about was the aur being brought into gitlab 01:04:14 And the PMs are who primarily have to make actual use of it 01:04:27 which it likely will in the coming year 01:04:38 levitating but you can always find that kind of people anywhere. 01:04:41 s2r: I am sure you simply know you're way around the community better 01:05:11 I then realised life is too short to complain about things I disagree with... especially when BSD aligned better... 01:05:15 polarian: I also oppose the aur moving to gitlab, but I definitely see a chance of it happening 01:05:17 all I had to do was put the effort in to change 01:05:33 But there's some wisdom in the unix community to just settle for something that works for you 01:05:55 I know an individual who spent years and years endleslly dristrohopping, from debian-testing to arch to freebsd to gentoo 01:06:11 Eventually landed on macos and basically gave up 01:06:17 I wonder why 01:06:44 the distros fight with one another constantly... one piece of software packaged one place, another in another place... and flatpak is a horrific idea... so is snap appimages etc 01:07:03 I have been with ArchLinux for 6 or 7 years or so, I don't see myself switch to anything else anyutime soon. Except for my freebsd installation which I love to develop on. 01:07:45 Theres two things Linux can never compete with, 1. ports for additional software, and then a base system... I can update my software without updating the system, they are separate like they should be. 2. A unified port tree which everyone works on... 01:07:57 also BSDs don't sprawl... each one has its own market share 01:08:33 FreeBSD for performance and ease of use... OpenBSD for security and more rigid Unixisms, NetBSD for compatibility and... lets just ignore DragonflyBSD :P 01:09:13 it's not like ports are an actual solution to the compatibility problem though 01:09:29 ports are the best of all worlds 01:09:32 flatpaks and snaps are solutions to a real problem 01:09:55 ports are nothing different from Arch's archive of PKGBUILDs 01:10:21 binary support, source support, different release levels depending on the reliability needed... 01:10:29 on Linux you got to distrohop to get what you want 01:10:35 FreeBSD you can do anything you wantr 01:11:01 Well I'd argue that FreeBSD is essentially more limiting than a Linux due to inferior support, if that is a concern 01:11:19 levitating: flatpak is a huge runtime... not only is it slow but the codebase must be huge... not to mention it breaks the traditional way of doing things 01:11:20 FreeBSD has a linux compatibility layer, not the other way around 01:11:33 snaps have a proprietary backend which Canonical devices how to moderate and run 01:11:49 polarian: Yes but it's an honest solution to a problem that really does exist. 01:12:04 what problem? 01:12:07 I can run anything I want to 01:12:18 try to run systemd 01:12:19 and if there was no port... I could read the porters guide and port it myself 01:12:28 you cannot port it, FreeBSD has no cgroups 01:12:30 why would I run systemd on FreeBSD? 01:12:43 because you said you could do anything you wanted to 01:12:48 the init system is within the src tree 01:12:59 you are thinking of BSD and Linux like they are alike 01:13:03 BSD's are complete systems 01:13:07 the kernel, and the userspace 01:13:14 ports are just additional software 01:13:26 Linux is just a kernel, the userspace (including the init system) are all provided by the distro 01:13:39 I am aware that BSDs have an in-tree userland 01:13:58 so why would you replace it with systemd... systemd FreeBSD would not be FreeBSD 01:14:18 plus systemd is a mess 01:15:04 I will be honest and say I prefer OpenBSDs init system and hostname.if(5) for network configuration, its simpler... having ifconfig arguments in rc.conf is annoying imo 01:15:07 In any case we both enjoy FreeBSD but I am just unsure what you problem you think Linux has that FreeBSD does not have 01:15:24 I already listed them 01:15:56 I prefer the structure of FreeBSD, I agree with their licencing more... I can't cut GPL out of my life (along with proprietary) if I use a GPL kernel can I? 01:15:59 and a GPL userspace 01:16:10 and a GPL filesystem (btrfs) 01:16:36 plus FreeBSD is far more stable 01:16:55 I too prefer the structure of a BSD, I am not sure if I would state that I prefer the license though 01:17:05 personal preference 01:17:09 For my own projects I almost exclusively use BSD or MIT 01:17:12 unless forced to use GPL 01:17:15 but you won't find many GNU/FSF/GPL supporters here 01:17:37 (notice the "forced" part of using the GPL, and that is why you shouldn't use GPL software :P) 01:18:07 polarian: yes on your brdige having the IP rather than the physical interface 01:18:18 s/brdige/bridge 01:18:20 vortexx: thanks, thought so... 01:18:29 just double checking every doubt for my new server :P 01:18:38 But it is easy to underestimate what GPL gave us. Thanks to GPL if you buy an android phone the vendor is legally obligated to give you its open source kernel which could allow you to create your own ROM. Just a modern example 01:18:42 easier to change it now when I am installing it, than when its got live data 01:18:57 Thanks to BSD, MacOS is now proprietary instead of staying open source. 01:18:57 levitating: legally obligated? xDF 01:19:08 you realise that Android has tons of proprietary firmware right/ 01:19:15 when a android device goes EOL, its unmaintainable 01:19:40 the firmware, bootloader and some core functions are all proprietary 01:19:41 https://github.com/MiCode/Xiaomi_Kernel_OpenSource 01:19:50 thats the kernel 01:20:04 Yes 01:20:09 phones are still block boxes 01:20:20 The GPL way of doing things does not work 01:20:26 and I have nothing against MacOS 01:20:41 I personally wouldn't use it... 01:20:47 The android world would be much worse off if the linux wasn't GPL 01:20:57 I doubt it 01:21:11 Go tell that to PostmarketOS which have the hell of mainlining the android devices 01:21:17 they will tell you just how much GPL has helped them 01:21:35 I honestly believe the only reason that we have a strong open suorce community today is because Richard Stallman personally barged into peoples offices at MIT to demand they used GPL. 01:22:09 Before Linux and the GPL every operating systems, compiler, versioning system was proprietary 01:22:18 great... he also barges into the OpenBSD mailing list to complain about OpenBSD distrubting non-free software 01:22:55 He thrives in his fame for doing... lemme think... nothing in the past 2-3 decades 01:23:07 well he hasn't exactly been _thriving_ 01:23:42 The fsf is extreme... and the board, including stallman, is too 01:24:00 you don't win by the "all or nothing" way of thinking 01:24:29 While the fsf and stallman alienate every company, BSDs work with them... 01:25:13 FreeBSD is sustainable due to corporate investment... Linux is too... However FreeBSD doesn't tend to mind... while Linux community are always up in arms about it 01:26:01 the only reason Linux isn't being dropped like a dead corpse is its adoption and usage 01:26:11 You talk about the "Linux community" like its a singular entity and I think that made be part of the cause of your satisfaction 01:26:26 Theres a reason Netflix invests in FreeBSD 01:26:31 s/satisfaction/dissatisfaction/ 01:26:55 polarian: they do so because it's a simple stable operating system with a strong networking stack and a BSD license 01:27:05 exactly 01:27:10 the last point though 01:27:23 GPL derrivative clause is non-free in my eyes 01:27:35 I can sum up very quickly why 01:28:33 Due to the license Netflix could also have an internal proprietary fork of FreeBSD, develop it internally with much more resources and then sell it along with enterprise media streaming boxes 01:28:35 you take a GPL codebase, you write some code using it... that code is yours... but unless you licence it under a GPL compatible licence, you have broken copyright law... that is YOUR code... you should have the right to do anything with it... even keep it to yourself (please don't do this though) 01:28:46 FSF only cares about freedom to the end user, never to all the other parties involved 01:29:14 its why google and apple proactive battle GPL, not due to their hate of open source (well maybe for apple) but because it is a danger to their markets 01:29:25 Google has done a lot of good for the open source communities 01:29:37 coreboot for example... would never be where it is today without google funding and development 01:30:44 I do know coreboot and linux which both were massively funded for the development of chromeos 01:30:49 are GPL 01:31:09 but the point is companies do not need to be forced to adopt, they will do it naturally 01:31:21 levitating: and so what if they do 01:31:26 FreeBSD will always remain free 01:31:33 and modifications to it might not 01:31:42 and thats ok 01:31:48 Yet without ample support it will die like the thousands of operating systems before it 01:32:07 lol... I don't think Netflix plans to abandon FreeBSD 01:32:19 They abandoned whatever they used before it 01:32:19 GPL is basically theft due to it being a manfestation of the communist ideals 01:32:21 and even if they do they aren't the only company funding it 01:32:28 junyx: that's weird take 01:32:57 junyx: to be honest the parallels are there... abolishment of private property could be seen as the ban on making your patches proprietary... you do not have the right to hold code privately 01:33:20 I think before Linux open source software was primarily only found with universities (BSD being a good example) 01:33:30 Open source circles all tend to be left wing... mainly due to imo is lack of funding 01:33:39 Thank to the GPL and primarily Linux, companies were forced to follow open source ideals. 01:33:54 An author of some software risks their capital in hopes of getting a return on their investment so they sell the software for X amount. Anyone can come and give their software away for free or sell it for half the price. That's theft. The original author loses their initial investment and doesn't get compensated 01:34:40 most open source projects are idealists... they have an idea and think everyone will donate and fund it... and when they don't they turn to a governmental agency to fund it... the further left said agency is... the more money they tend to have to give away... but this money isn't free... this is taken from companies and other working class people. 01:34:46 junyx: So the original author is trying to sell his GPL licensed software in this scenario? 01:34:52 levitating yes 01:34:52 However someone else sells it for less? 01:34:56 right 01:35:22 in order for open source to be sustainable, it needs to abandon the fsf way of doing things, such as grooming kids into paying for membership (I know someone who has paid their membership fee since the age of 12!!!!!), and make it economically viable and maintainable 01:35:34 why would he sell open source software? 01:35:39 under GPL? 01:35:40 GPL makes this difficult... as no company wants to touch GPL... 01:35:54 as any modifications must be GPL, or a compatible licence 01:35:57 levitating because FSF said its the only moral things to do 01:36:29 You both need to stop personifying the FSF 01:36:39 Ok. Stallman said* 01:36:44 why is that? their morals are pretty well known 01:36:57 and their hatred for BSD is clear 01:37:16 BSDs are the one being hostile, the fsf is. 01:37:36 BSDs don't stop Linux from taking code... Linux stops BSD from taking its code. 01:37:37 I am so extremely confused why you take all of this so personally 01:37:50 Welcome to BSD circles... 01:38:09 theres one thing most BSD users won't disagree on, and its that GPL is evil 01:38:34 The GPL is a software license, it has no morals 01:38:41 It is up to you to use it or not 01:38:44 theres a reason FreeBSD is trying to purge it from the codebase 01:38:46 so is OpenBSD 01:39:00 GPL is seen as only minorly better to proprietary... 01:39:04 its a compromise... 01:39:23 has no morals... that's... extremely subjective 01:39:26 You complain about how the "linux community" is always at war over licenses but here you are spending 30+ minutes hate talking a license 01:39:29 We did it! gnu.org is down! 01:39:38 lol 01:40:01 levitating: because the GPL causes so many issues 01:40:12 while we're at it, cant someone git to https://git.freebsd.org/src ? 01:40:22 and with AGPLv3 being pushed now... especially within the XMPP communities I am in... true freedom is low 01:40:29 rtprio: wdym? cgit loads for me 01:40:38 i mean 01:40:38 developers live in a day and age where libraries need to be rewritten as GPL FORCES you to write your code under a compatible licence 01:40:53 rtprio: clone? 01:40:56 [root@phil /usr/src/RELEASE]# git pull 01:40:56 fatal: the remote end hung up unexpectedly 01:41:38 rtprio: doesn't appear I can clone it.. 01:41:48 polarian: what do you mean "live in a day and age", the GPL is much older than you are and has seen less adoption over time 01:42:07 I really think you need to chill around software and licensing 01:42:11 levitating: Linux recently broke 4% market share 01:42:30 Incredible, so still no-one uses Linux because of capitalism 01:42:32 levitating polarian is 320 years old. You know nothing John Snow 01:42:39 lol 01:42:47 the point is more GPL is at a all time high it seems 01:42:55 he is maybe 18 at this point 01:43:03 maybe 18? 01:43:20 a guess 01:43:23 where you popping numbers out from 01:43:35 polarian its the number of software engineers with 5 years or less of experience. That group doubles every 5 years. They tend to be young socialist minded people 01:43:37 You mentioning your age on the mailing list some time ago 01:44:02 Its easy to be a socialist when you have nothing to your name 01:44:12 indeed 01:44:20 but yet I have nothing to my name and yet I still appose the idea 01:44:28 junyx: That's both off-topic and slightly insulting 01:44:36 Also over-generalizing 01:44:40 levitating are you an op of this channel? 01:44:44 levitating: I am in university... 01:44:47 trust me 01:44:50 99% are socialist 01:44:53 at least! 01:44:54 yeah, you kids are way off topic now, move it somewhere else 01:45:01 apologies. 01:45:05 wait who is op in this channel? 01:45:13 who cares, just be civil 01:46:02 levitating you be civil you disorderly uncivil socialist 01:46:08 levitating: junyx you in -social? 01:46:23 polarian what is that? 01:46:45 junyx: it is like this chat, but for socialist ;) 01:46:53 the offtopic chat channel 01:46:55 Oh no I'll pass thanks 01:47:06 SponiX: scaring them away from joining I see 01:47:11 Back on topic. How to install freebsd? 01:47:17 lol 01:47:32 bsdinstall does most of the work for you 01:47:49 also: https://docs.freebsd.org/en/books/handbook/bsdinstall/ 01:47:54 Thanks 01:49:22 np 03:58:33 hrm, maybe it's a bad idea to run `pkg update` on five systems at once 04:05:40 How much bandwidth do you have? 04:06:16 50Mbps 04:08:18 That seems like it should be sufficient but it would be more efficient if you copied /var/cache/pkg/ among them. 04:21:06 or nfs server, six systems 04:24:25 https://docs.freebsd.org/en/books/handbook/network-servers/ 04:24:40 5 boxes or 500 boxes..got to think big 04:29:12 500 machines with a cronjob, to check nfs drive periodically for updates..they periodically phone home for instructions. 04:55:55 nis/yp nis+ ldap..you dont have to go crazy, you could keep /etc/hosts passwd shadow services nsswitch.conf resolv.conf and such in sync without going that route just with nfs/cron 04:59:09 https://docs.oracle.com/cd/E19455-01/806-2904/6jc3d07gd/index.html nis+ was 17 tables by default 04:59:23 all /etc/foobar.. putting /etc on the network 05:00:24 login into any box on network and get the same desktop/env. 05:00:38 SSO ldap/ad 05:07:36 https://docs.oracle.com/cd/E19455-01/806-2904/6jc3d07gf/index.html 1,000,000 passwd users needs 526.2MB... haha 05:07:55 and that way way old' 05:26:42 https://www.rabbit.tech/rabbit-r1 looks cool 05:53:12 Ansible, Chef, Puppet etc. could be what you are looking for to keep configuration files "compliant" over time. 05:55:57 modern day stupid, like google uses..ansible is what just ssh. 05:56:14 python bloat..pypi rooted for pip 05:57:05 i wouldnt look to google for anything, ad company stupid and bunch of failed products.. 05:58:03 but hey all the cool kids ..chef and puppet im sure they suck in different ways... why not LDAP/SSO? 05:58:47 https://betterstack.com/community/comparisons/chef-vs-puppet-vs-ansible/ 05:59:17 cause CI/CD is just rocking..backdoors failures across the board..how many companies just keep getting hacked? 05:59:32 Devops failure 06:01:06 DevOps is a methodology widely used by the software industry to help development and operations teams work together to speed up the software development cycle, reduce unnecessary costs, and lessen deployment failures. Nowadays, many companies have adopted this methodology, and many DevOps tools and platforms have been created. Chef, Puppet, and Ansible are three popular DevOps tools on the market. 06:01:06 Chef 06:01:06 Chef, or Progress Chef, is a configuration management tool that effectively manages your infrastructure. The Chef allows you to use Ruby to create system configurations, which are called recipes, describing the optimal state of your infrastructure, such as which server should be running what service, what software should be installed, what files should be written, and so on. With these configurations, Chef will ensure your 06:01:08 infrastructure is configured correctly and automatically fix any resources not running at the optimal state. 06:01:11 Puppet 06:01:13 Puppet is another popular server configuration management tool allowing you to configure and monitor many servers at the same time. It uses its own declarative language for describing system configurations, and it only requires the user to have a limited amount of programming knowledge to use. 06:01:17 Ansible 06:01:19 Ansible is a relatively newer product, but it has gained significant popularity since Red Hat acquired it in 2015. It allows you to automate software provisioning, configuration management, and application deployment. Ansible uses YAML to create system configurations, describing the optimal state of your infrastructure. 06:01:23 In this article, we will compare all three platforms in detail to help you find the best option for your DevOps team. The comparison will be based on the following criteria: 06:01:28 Architecture 06:01:30 Set up and configuration 06:01:32 Ease of use 06:01:34 User interface 06:01:36 Scalability 06:01:38 why are you copying that here? 06:01:38 Cross-platform support 06:01:40 Configuration management 06:01:42 Compliance and security policy management 06:01:44 Documentation and support 06:01:46 Pricing 06:01:48 Overview 06:01:50 Feature Chef Puppet Ansible 06:01:52 Architecture master-agent master-agent agentless 06:01:56 Easy set up and configuration ✕ ✕ ✓✓ 06:01:58 Ease of use ✕ ✓ ✓✓ 06:02:00 User interface ✓ ✓ ✓ 06:02:02 Scalability ✓✓ ✓✓ ✓✓ 06:02:04 Cross-platform support ✓✓ ✓✓ ✓✓ 06:02:06 Configuration management ✓✓ (advanced features) ✓✓ (advanced features) ✓ (easier to use) 06:02:08 Compliance and security policy management ✓ ✓✓ ✓ 06:02:10 Documentation and support ✓✓ ✓✓ ✓✓ 06:02:12 Pricing require custom quote require custom quote require custom quote 06:02:14 ✕ - does not support 06:02:16 ✓ - partial support 06:02:18 ✓✓ - full support 06:02:20 1. Architecture: tie 06:02:22 When it comes to architecture, the three platforms go in a similar direction. They all have a main server, several nodes, as well as backup/secondary servers. The main server is a central repository that stores configuration data and manages the state of the entire system. The nodes are the servers and virtual machines managed by the main server. And the backup servers are copies of the main server, which step up if the main server 06:02:29 runs into problems. 06:02:31 Master agent architecture 06:02:34 For Chef, there is a main Chef server, and if there is a failure, a backup Chef server will take its place. 06:02:36 For Puppet, it follows a multi-master architecture. If the active Puppet Master goes down, another one will replace it. 06:02:39 Ansible has a slightly different architecture but has the same idea. Instead of a primary server, Ansible is installed on nodes. Only one instance will be running when it is working, called the active instance. In case of failure, a secondary instance will take its place. 06:02:43 This architecture is designed to provide a simple and robust solution for managing infrastructure, ensuring that your infrastructure can withstand occasional server failures. There is no way to say which architecture is better than the other, as they all work similarly. 06:02:47 2. Set up and configuration: Ansible wins 06:02:49 To set up Chef, you need first to configure a main server, which runs the Chef software, as well as a backup server. Then you have to install an agent on every server that Chef manages. The agent allows Chef to manage the node server directly. This process could take a lot of effort, especially when you have many servers to manage. And there is an extra layer in Chef called workstation, which stores the configurations, allowing them 06:02:51 FFS 06:02:56 to be tested before they are pushed to the main Chef server. Overall, Progress Chef is not easy to set up. 06:02:58 As for Puppet, the setup process is also not easy, as it follows a similar architecture. You must create a main server and install agents on the node servers. And you also have to configure certificate signing between the main server and the agents to ensure the security of communications. As a result, Puppet is challenging to set up too. 06:03:03 Lastly, Ansible uses SSH to connect to the node servers, making it a lot easier to configure. You only need to set up the primary instance and create an SSH connection between the primary instance and the nodes. 06:03:06 Overall, Ansible is the easiest option to set up and configure. 06:03:08 3. Ease of use: Ansible wins 06:03:10 Compared to the other two platforms, Chef has a steeper learning curve, as it requires the user to have programming skills as well as a deep understanding of Ruby. However, if you already fit this requirement, you will find Chef to be a very robust and flexible tool for managing complex infrastructure. 06:03:14 Puppet is relatively easier to learn, as it utilizes a declarative language called Puppet DSL, which is easy to read and write. 06:03:17 Ansible is considered the easiest to use among the three tools, thanks to its agentless architecture and the use of simple, human-readable YAML syntax. In addition, it doesn't require strong programming skills, making it accessible to users of all skill levels. 06:03:21 4. User interface: tie 06:03:23 Chef user interface 06:03:27 Image from chef.io 06:03:29 Chef Automate is a web-based UI that allows you to visualize infrastructures, create dashboards, and manage the nodes and their roles. You may also analyze and remediate compliance problems and troubleshoot issues through the user interface. 06:03:33 Puppet user interface 06:03:35 Image from puppet.com 06:03:37 Puppet also comes with Puppet Console, allowing the users to manage nodes, classes, and environments through a graphical interface. The console also provides a dashboard that displays the status of nodes, errors, and warnings. 06:03:40 Ansible user interface 06:03:41 ... 06:03:42 Image from ansible.com 06:03:44 Lastly, Ansible also comes with a well-designed UI, allowing you to manage how automation is deployed, initiated, delegated, and audited. For example, you can view the status of jobs, manage credentials, and access audit trails through the user interface. 06:03:48 However, it's worth noting that even though these user interfaces are handy and very well-designed. They do not replace the command line tools, which are still the primary way to interact with the platforms, especially for advanced usage and automation. 06:03:52 5. Scalability: tie 06:03:54 All three platforms are highly scalable due to how their architectures are designed. 06:03:58 With Chef, you can scale horizontally by adding more main servers in order to handle more node servers. Or you can split your infrastructure into multiple Chef organizations, each with its own set of users, policies, and cookbooks. 06:04:02 Puppet is also highly scalable and can handle large-scale infrastructures. It works similarly to Chef by allowing you to add more primary servers or splitting the infrastructure into multiple groups. 06:04:05 Ansible is designed to be lightweight and agentless, which makes it highly scalable and ideal for managing large-scale infrastructures. All you need to do is define a primary control node, and Ansible will be able to manage thousands of servers from there. 06:04:09 All three tools are highly scalable and can handle large-scale infrastructures. Their approaches and capabilities may vary, but it is impossible to say which is better under all scenarios. It depends on your specific requirement. 06:04:13 6. Cross-platform support: tie 06:04:15 Progress Chef's main server can only be installed on Linux/UNIX operating systems, but the agents can also be installed on Windows. With the right plug-in, Chef can also manage cloud services such as AWS, Google Cloud, or Microsoft Azure. 06:04:19 The Puppet primary server can only be installed on Linux systems, but the agents can operate on Linux, Windows, or macOS. And just like Chef, it is also able to manage cloud platforms. 06:04:22 And lastly, Ansible can work with Linux, Windows, macOS, cloud platforms, as well as Docker and Kubernetes. 06:04:27 7. Configuration management: Chef and Puppet wins 06:04:29 Next, let's compare how these platforms manage the configurations. 06:04:31 Chef and Puppet both go with the centralized approach, meaning that the configurations are stored in a centralized place, and then the nodes will pull the configurations from the main server. They also offer more advanced features for managing configuration data, such as version control, dependency management, and rollbacks. 06:04:35 On the other hand, Ansible uses the decentralized approach, where the configurations are distributed across multiple servers. However, it focuses more on task automation and orchestration and does not offer many advanced features. 06:04:39 Overall, Chef and Puppet have many more advanced features for more experienced users, but Ansible is much easier to set up and use, making it more suitable for smaller teams that don't require many advanced features. 06:04:42 8. Compliance and security: Puppet wins 06:04:44 When managing an extensive infrastructure, security, and compliance configurations are crucial to the safety of your infrastructure and organization. 06:04:47 Chef offers InSpec, an auditing and testing framework capable of defining and automating security and compliance policies. In addition, it allows for custom test creation and supports infrastructure testing at various stages of development. 06:04:50 !ops 06:04:51 Puppet also provides an open-source tool called Puppet Remediate, which can help you identify and remediate vulnerabilities in your infrastructure. Puppet Enterprise also comes with the Compliance Automation tool, providing a centralized interface for managing compliance policies and ensuring that nodes are configured correctly. 06:04:57 Lastly, Ansible comes with Ansible Tower, which is also a centralized place for managing security policies. It can also integrate with third-party vulnerability scanners and automate remediation tasks. 06:05:00 Overall, Puppet has a more comprehensive solution for managing compliance policies and enforcing security standards. 06:05:03 9. Documentation and support: tie 06:05:05 All three platforms offer various types of support for their users, such as online documentation, community forum, online courses and training. You may also contact their teams and purchase additional one on one support if you want. 06:05:09 10. Pricing: tie 06:05:10 Lastly, as for the prices, all three platforms require you to contact them and get a custom quote based on the size of your infrastructure and usage. 06:05:13 haha $ ? 06:05:15 nah..dont need to pay money.. 06:05:17 for Enshittification 06:05:19 Understanding Ansible, Terraform, Puppet, Chef, and Salt im sure redhat can sell me that 06:05:21 i tried to cut paste small but the browser stuid grabbed it all 06:05:33 more a chord failure on mouse and firefox 06:06:58 what are you ranting about 06:07:00 everyone just keeps getting hacked at this point..and its Devops failures across the board. and the bloat is just amazing. 07:02:28 can anybody else with firefox tell me if this url crashes a brower tab? or is it just me https://freebsd-ec2-dist.s3.amazonaws.com/ 07:02:41 it's a very boring XML Access Denied message from AWS. 07:04:36 it seems *any* application/xml does this, including https://feeds.fireside.fm/smartlogic/rss 07:08:41 <|cos|> dch: My firefox manages to open https://api.sr.se/api/rss/pod/19424 07:09:08 |cos|: thanks, that dies here for me, so it seems like a local issue 07:09:14 <|cos|> 14.1-RELEASE, firefox-127.0_1,2 07:09:16 what freebsd version / firefox version do you have? 07:09:22 ^ thanks :-) 07:11:45 I'm on 127.0_1,2 as well, but on 15.0-CURRENT I'll try it out with 14.1-RELEASE and see. 07:26:01 127.0_1.2 looks like some sort of glitch ip address 07:35:30 <|cos|> rtprio: i think you're the only one who noticed that ;) 08:51:32 I have 2 jail postgresql and caddy. the problem is that jails cant resolve hostnames. when caddy tries to contact https://acme.zerossl.com/v2/... it timeouts. also ping of IP 1.1.1.1 is slow or dont even starts. My pf.conf file https://pastebin.com/N45TZYH2 any tip what should I do ? 08:55:22 What does firewall_quiet=YES actually do? 09:35:59 tercaL: runs ipfw -q rather than ipfw 09:36:24 Gurar_: does any networking work in that jail? 09:40:09 when I try ping 8.8.8.8 it works but in 3rd time or so. when I run it for the first time or second time it does not work. very strange 09:40:20 https://gist.github.com/silenius/d074a3bcece0411f2a19663b49694d99 looks like a bug in pkg 12:00:01 maybe just strangely defined, so that pkg unlock --all is a bit useless if not all your packages are locked 12:22:06 rtprio: Thanks, and what it actually does? 12:50:05 I would guess make it quiet, like a -q flag often does, did you look it up in the man page? 14:11:49 hello guys, is it normal that I don't find a packege in pkg repo but the same software is in ports ? 14:14:59 can happen if there is a build issue with the port 14:19:57 ok 14:25:06 which port is this? 14:42:14 mitmproxy 14:51:53 freshports says BROKEN: incorrect depends: depends on package: py38-asgiref>=3.2.10<3.5, py38-wsproto>=1.0.0<1.1 14:53:27 ok 16:09:41 tercaL: /etc/rc.firewall 16:38:00 Notice: I was hosting VimDiesel bot here (and another channels) but bot is broken now. I lost access (can't identify to services/nickserv). 16:38:12 This is a issue I can't fix myself because bot nick is registered alongside @freebsd namespace within Libera chat. 16:38:24 Besides this notice here I sent a email with this subject to irc⊙fo yesterday. 16:38:42 So get in touch with me please, in the case the continuity of this bot services is of interest. 16:38:51 Alternatively I can restart bot with another nick (not tied to @freebsd namespace) 16:39:02 Bot was mainly doing basic tasks here and bug reports at #freebsd-bugs. Thanks! 17:30:42 hi when recording the .img file to a usb drive in MacOS, does it really matter how you erase -or if you erase at all- the usb driver? by how I mean file system type 17:33:40 i don't really see a point in erasing personally for our images specifically, we'll be clobbering stale partition tables and whatnot so you shouldn't see any weird artifacts 17:34:30 something like whole-disk ZFS could maybe be funky if there's a stale label past the image you're writing, but that's not something we do 17:42:48 I am talking about the installation .img 17:43:04 now I am in doubt if I shall have partitions of apply dd to the raw "disk" 17:46:26 ' 17:55:10 uskerine, see the example in https://docs.freebsd.org/en/books/handbook/bsdinstall/#bsdinstall-usb 18:15:41 Is anybody running a selfhosted replacemente for Google Photos? I found many interesting projects but many of them run on docker. Right now manually copy my pictures to a jail that is running syncthing. 18:16:39 s2r: that's more or less what i discovered; too many use docker 18:33:24 well, "depend on" and "run in" are diffrent things 18:39:11 take for example Immich "https://immich.app/docs/overview/quick-start" -> "Install and Launch via Docker Compose" 18:40:38 PhotoPrism: https://docs.photoprism.app/getting-started/ -> "We recommend running PhotoPrism with Docker Compose when hosting it on a private server. It is available for Mac, Linux, and Windows." 18:41:26 I need to try to build Immich in a jail again. 18:42:25 fwiw Pixelfed runs well in a jail. I don't federate. just a private instance 18:43:31 for Immich, I nfs mount a zfs dataset from a FreeBSD box so my photos are stored safely 18:43:58 scoobybejesus And you run immich inside a vm? 18:45:54 uskerine: yes those are the only .img we produce 18:46:14 oh, I guess we have VM or raw .img maybe, but those also don't do anything hinky 18:46:45 yeah, seems like they have pretty brocken install procedures, because they only consider distribution other than via docker, but it doesn't look imposible to reverse-engineer how that stuff get installed inside the docker images 19:05:16 I run Immich in docker on another host. reluctantly. I want to try to manually build again 19:14:14 I prefer https://www.freshports.org/www/piwigo/ 19:15:29 lts has anything to send from devices? 19:15:45 lts it seems it 19:15:51 just a web gallery. 19:18:12 kevans, ping 19:21:27 Does nextcloud work inside a jail? 19:22:04 jbo: yo 19:22:11 kevans, how's pkg ecc going? 19:22:42 well, just finished up one of my larger $work projects so I should be able to finish that up soon (it's in pkg(8), but pkg(7) is WIP and maybe 80% done) 19:22:49 libstdc++ continues to be a little shit 19:22:59 :(((((((( 19:23:22 so you knew exactly why I was asking about pkg ecc then >:D 19:23:47 I have, on occasion, some mind-reading facilities 19:23:57 never when it'd be really useful to have, though 19:24:41 you'd probably have some life threatening things to worry about if that was different 20:28:59 s2r: Regarding Nextcloud, of course! In a jail is perfectly fine. 21:54:52 ek That would be an overkill but would fulfill Google Photos replacement. 21:55:08 ek Will try installing it on a jail right now. Thanks! 22:31:11 s2r: (almost) anything should run inside a jail 22:31:31 AFAIK the only thing which can't is something which needs hardware access