00:30:13 <ivy> neat, found a kernel panic in mac_do :-)
00:36:50 <ndut7> brb
00:38:58 <kevans> ivy: quick fix it before anyone notices
00:39:22 <ivy> kevans: this code looks surprisingly in depth so i am just going to make a pr :-p
00:39:55 <ivy> trigged by this fwiw: sysctl security.max.do.rules='gid=5>uid=*'
00:39:59 <ivy> triggered
01:05:37 <Macer> so i made a fbsd jail to use as a "shell box" and it seems like sssd can't run because root is not root in the jail
01:06:11 <ivy> Macer: that is not normal, sshd works fine in jails unless you've configured something oddly
01:06:43 <Macer> sssd
01:06:53 <Macer> i'm trying to join it to AD
01:06:53 <ivy> oh, sssd.  but still, that should also work in a jail
01:07:00 <Macer> SSSD couldn't load the configuration database [1432158324]: File ownership and permissions check failed
01:07:05 <ivy> although i have found sssd on freebsd rather... unreliable in the past
01:07:23 <Macer> yeah i typically use samba and winbind
01:07:27 <Macer> (for freebsd)
01:07:45 <Macer> but i figured i'd give sssd a go.. but it seems to not agree with a jail. i wonder if there is an option for sssd.conf to turn that check off
01:08:09 <ivy> i assume you checked the file permissions on sssd.conf etc.?  does anything look strange there?  root is still uid 0 in a jail, so it shouldn't be able to tell the difference
01:10:31 <Macer> oh ok. that's my fault
01:10:39 <Macer> i forgot to change nsswitch.conf
01:10:51 <Macer> i guess that's kind of important lol
01:44:04 <Macer> hm. ok.
01:44:19 <Macer> so auth is telling me that the authorization was successful... but it's not letting me login still heh
01:51:01 <Macer> authentication success... then pam error. wth
02:14:26 <Macer> that didn't seem to work. let me try with samba/winbind
02:14:39 <Macer> if i can unearth a blog on how to do that
03:15:40 <Macer> worked
03:15:46 <Macer> i think i know where i went wrong with sssd too
03:15:57 <Macer> but i already have samba+winbindd working for it
03:26:26 <fonks> belated: my sssd experience is entirely with Linux but over there it's kind of a pain if sssd isn't packaged right, you have to explicitly import sssd's pam modules or else absolutely no authentication will work no matter how many times the AD controller gives you the green
03:26:47 <fonks> Looking at the issues you had here, Macer, it looks like that might have been the case
03:26:52 <ivy> i've never actually got sssd working on freebsd, last time i tried it either wouldn't load a valid configuration or would randomly SEGV
03:27:01 <ivy> but that was a while ago, maybe it's improved since then
03:47:57 <Macer> yeah. i typically take the krb5/samba/winbind approach with fbsd.
03:48:35 <Macer> now to find out why bastille won't bootstrap bookworm
03:48:39 <Macer> i wanted to try out a linux jail
04:20:38 <kevans> do people actually like sssd?
04:20:59 <kevans> i still have nightmares from having to administer it in a past life
04:27:28 <skered> Last time we tested it at work it was two commands to setup.
04:28:44 <ivy> kevans: on RHEL it works great, i have nothing against it
04:39:40 <rwp> I heard people talking about sssd and I didn't think twice but ran away immediately.  Not screaming but whimpering quietly.
04:44:54 <ivy> rwp: you prefer winbind?
05:17:39 <Macer> skered: yeah it's usually fairly simple in linux .. not so sure about fbsd.
05:17:52 <Macer> although i think my last attempt i was just messing up the pam files
05:18:05 <Macer> i think the sss.so should have been placed above unix.so
05:18:17 <Macer> which i noticed when doing winbind
05:29:09 <rwp> ivy, I prefer not dealing with ActiveDirectory.  (shudder)
06:42:33 <unwrapped_monad> yo
06:42:54 <unwrapped_monad> wut is this traditional distribution sets vs packages in freebsd 15?
06:44:15 <unwrapped_monad> ('^' )?
07:15:22 <remiliascarlet> unwrapped_monad: Sets are part of the FreeBSD system, some of which are mandatory, others are optional. And packages are 3rd party (as in not maintained directly by the FreeBSD core dev team) software.
07:16:00 <remiliascarlet> Different from Linux, where every piece of software is essencially a package.
07:17:00 <unwrapped_monad> ooh i see
07:19:00 <remiliascarlet> Actually, in the case of FreeBSD, only "base" is mandatory, the rest is optional.
07:20:44 <remiliascarlet> You can enable "ports" to also have a Gentoo-like experience in addition to a package manager, enable "kernel" and "src" if you want to have the full FreeBSD source code locally (for customization and tweaking if you really have to), "lib32" if you need 32-bit libraries, and "tests" for...I don't know.
07:39:40 <rwp> unwrapped_monad, You are asking and so I will say that most likely you will install the FreeBSD base system in the /usr tree and then will use pkg to install precompiled binary pkgs to the /usr/local tree.  Packages aka pkgs are precompiled "ports" and ports are source code for self compiled packages.
07:41:18 <rwp> The base system (at this time) is upgraded with freebsd-update to upgrade the base system.  Packages aka pkgs are upgraded using pkg upgrade.  These are managed separately.  This is good because the base system is a consistent thing and your system is almost always reliably able to boot.  And then everything not in base is a port and installed on top of the reliable base system.
07:48:36 <Macer> does anybody know how i create a helper for rclone for fbsd?
07:48:45 <Macer> in linux you just ln clone to mount.rclone
07:49:00 <Macer> linking it to mount_rclone doesn't seem to work in fbsd
07:50:06 <remiliascarlet> Never heard of rclone before.
07:50:29 <Macer> https://github.com/rclone/rclone/issues/7432
07:50:31 <Macer> well then
08:01:45 <Macer> got it. the md at the bottom of that did the trick
08:01:53 <Macer> it has to be rclonefs linked in /usr/local/bin
08:10:49 <Macer> i can mount it on the host just not in a jail. fuse still can't be used inside jails?
08:12:09 <Macer> oh i guess you can.. not sure where to put this though
10:05:38 <TommyC> 2/ws 11
14:16:03 <Macer> so i managed to get mostly everything going. the only thing i'm hung up on is getting a jail to mount a smb share with rclone because it doesn't seem to want to listen to its own fstab
14:16:32 <Macer> so when the jail starts it doesn't seem to want to auto mount it. even though i can just mount /mnt/dir as root for it
14:17:14 <Macer> and i can't pass the user flag to rclone mounts because the jail requires that root mount fuse
14:18:18 <sbr> native jails or using a helper? I've a love/hate relationship with bastille.  have a rclone jail that does my backups via mounted dirs.  works nicely
14:19:55 <sbr> use  a crypt ontop of b2
14:29:40 <Macer> native jails
14:29:42 <Macer> *jail
14:30:36 <Macer> oh wait. i think i just realized why it's not working
14:30:38 * Macer facepalms
14:33:03 <Macer> ok. i guess not. i thought i didn't have auto as an option
14:55:03 <Macer> i'm about to get filthy with this and use a root at boot cronjob for it
14:55:05 <Macer> :/
14:55:51 <jmnbtslsQE> what happens when you mount -a ? still doesn't mount this fstab entry?
14:56:10 <Macer> it does mount it when i use mount after boot
14:56:17 <Macer> it just wont auto mount it when the jail starts from fstab
14:56:35 <jmnbtslsQE> any error in your jail console log?
14:56:59 <Macer> i'm trying to find something
14:58:23 <jmnbtslsQE> possibly related to network config not yet present if it's a remote filesystem?
14:58:55 <jmnbtslsQE> if so you might see no route to host or similar in your console log
15:20:09 <Macer> got it!
15:20:23 <Macer> there are some things there that aren't really intuitive with rclone mounting
15:44:44 <Macer> i had to put that on my soon to be abandoned for years blog https://crazy.macer.life/freebsd-jails-rclone-mounting/
15:44:58 <Macer> i know 5 years from now i'll be doing it all over again. talk about frustrating :)
16:08:30 <sbr> hah, know the feeling all too well.  even 6 months later and i have almost no idea how i did a thing
16:31:46 <Macer> well i finally got it and that was one of those dealbreaker ones
16:32:10 <Macer> i needed to be able to automount smb into a jail with a particular gid/uid
16:33:18 <Macer> quite the learning curve coming form proxmox to jails on fbsd.. i still need to figure out a lot of things but i think by this point i'm going to wind up editing jail.conf files more than anything. i guess you have to do the same to lxc conatainer configs too even on proxmox
16:45:34 <ek> Macer: Are you not using anything like iocage or ezjail?
16:52:23 <antranigv> Macer actually jails are easier than proxmox, coming from someone who's been using jails for 10 years
16:52:57 <antranigv> Macer have a look at jailer.dev, it's a small tool I built, which generates the jail.conf for you
16:55:27 <ek> Yep. Jails with a little management help are super easy.
16:56:00 <antranigv> I just hate that most jail managers run as a service, which I just needed helper scripts, so I've been super happy with jailer
16:56:29 <antranigv> doing something like `jailer init bridge` will setup a bridge, or `jailer init dhcp` will setup OpenBSD's dhcpd in a second, etc.
16:57:20 <ek> I agree. I like the simplest solutions.
16:57:57 <ek> Sounds a little like the vm-bhyve helper (which I also like.) I'll have to check it out. Thanks!
16:58:34 <antranigv> very much inspired by it!
16:58:48 <antranigv> (even the ZFS code is a copy-paste from their code)
17:02:59 <ek> Perfect!
17:07:05 <Macer> ek: i'm using bastille
17:07:16 <ek> antranigv: No interest in getting this added to the ports tree?
17:07:22 <ek> Macer: Ah, okay.
17:07:39 <Macer> iocage doesn't get developed anymore does it? it also uses zfs settings?
17:07:53 <antranigv> ek not yet. there are some bugs that affect me personally (I run a very large jails fleet), polish and then submit to ports
17:08:11 <ek> iocage is still being developed, as far as I know. At least, there have been recent changes.
17:08:24 <Macer> bastille is pretty decent as far as making using jails a little easier. i tried cbsd but that porridge was too hot
17:08:25 <ek> antranigv: Sounds good.
17:08:37 <Macer> and clonos is not far along
17:08:56 <antranigv> Macer yeah if I have to recommend, I can only see jailer and bastille staying around for long, everything else seems to complex :(
17:09:01 <antranigv> or too... investing?
17:09:09 <Macer> bastille isn't bad at all
17:09:40 <Macer> i was just hoping to find something for fbsd that is like promxmox with the weeb ui. i think there are a couple but i haven't looked at them too hard. i decided to stick with bastille just as a test bed to make sure jails can do what i need.
17:09:49 <Macer> mounting smb is a big one
17:09:51 <antranigv> yeah, when I first started developing jailer, bastille wasn't around, but the design is very similar. I think a major difference is that Jailer forces you to use ZFS.
17:09:59 <antranigv> oh the web UI thing...
17:10:00 <Macer> i don't think that fbsd mount_smbfs even does > smb1 still
17:10:06 <antranigv> I developed one couple of years ago
17:10:12 <Macer> so you HAVE to use rclone
17:10:32 <Macer> well.. either that or allow the older smb protocol
17:10:33 <antranigv> for jailer + vm-bhyve + zfs + DTrace, all in a nice GUI. but I haven't open sourced it yet.
17:10:55 <Macer> ah. that would be nice to have
17:11:14 <Macer> cbsd has a lot of stuff that i don't need like the xen and virtualbox stuff. and i didn't try hard enough to get rid of it from the help menu
17:11:36 <Macer> the help menu winds up being too long and you wind up scrolling up and down nonstop to find what you're looking for
17:12:16 <Macer> i'm about to test what happens when i try to backup this jail live with the smb mount in it
17:13:20 <Macer> in proxmox i use fusefs for a couple unprivileged containers and found that snapshot backups while they're live  freeze the host .. i haven't checked to see if that's been fixed
17:14:25 <Macer> i'm feeling pretty ballsy doing a live export of the jail while in the jail.
17:14:53 <ek> Just snapshot the jail and do whatever you want.
17:15:11 <Macer> that's what it does with bastille export
17:15:26 <Macer> snapshot to tgz
17:15:43 <Macer> in $bastille/backups
17:16:35 <ek> Yeah. Completely normal to do live snaps to .tgz with a jail. Shouldn't be a problem at all.
17:16:37 <Macer> i doubt i'll be coming off of proxmox any time soon but i really wanted to see what i can do with fbsd with jails and vms so i dusted off my old supermicro dual xeon x5660 and spun it up
17:17:10 <Macer> yeah i was just curious how well it handles the  fuse mount inside the jail .. i'm sure it just ignores it. proxmox on the other hand... freezes the host. lol. they probably fixed that by now. that was over a year ago.
17:17:30 <Macer> same method. using rclone... i may try to do a live backup to see what happens.
17:19:21 <ek> I can't speak for the fuse mounts since I don't use them. But, I haven't seen or heard of anything like that happening with FBSD.
17:23:35 <Macer> i'm about to test it out in a minute just to see what happens with proxmox
17:24:26 <mzar> fuse requires loading fusefs kld module, you can do it from the host, not from the jail
17:24:57 <mzar> allowing jail mounts should be sufficient for jail, if the device is exposed to jail
19:06:39 <Macer> kernel: pid 49921 (smbd), jid 0, uid 0, was killed: failed to reclaim memory
19:06:43 <Macer> hm
19:06:56 <Macer> i didn't have any swap turned on so maybe that. but that caused the proxmox backup to fail
19:07:17 <Macer> i'll wait for it to finish and try it again. i'm only doing it to test the backups. guess i'll probably go back to using nfs for it
19:08:07 <Macer> kind of weird too because most of the memory was being used by arc so that should have let off the pedal and freed something up so that wouldn't happen?
19:08:19 <Macer> i wound up setting an arc max in sysctl.conf
22:35:14 <Macer> I: Checking component main on http://deb.debian.org/debian...
22:35:16 <Macer> E: Couldn't find these debs: usr-is-merged
22:35:18 <Macer> hm