00:46:10 <sommerfeld> megaTherion: defrouter is only effective on shared-IP zones, and allowed-address is only effective on exclusive-IP zones.   Pick one!
00:49:30 <sommerfeld> On an exclusive-IP zone, you set the route from inside the zone (route -p add so it persists across zone reboot)
00:53:57 <megaTherion> sommerfeld: I see, thanks for the clarification
00:55:02 <megaTherion> I think what I want to have is a kind of bridge-like configuration for an internal net 
01:10:12 <sommerfeld> there are many ways to plumb something like that up - which one makes sense depends on addressing plans & how much control you have over the local network.
01:11:55 <sommerfeld> Simplest is probably vnics over your physical nic.   
01:12:24 <sommerfeld> vnics over an isolated etherstub or simnet if you want it completely internal.
01:17:57 <megaTherion> I see, well I've basically one internal net 192.168.171.0/24 and the omnios box would be 192.168.171.7 and I need some net block for a couple of zones which could be anything like 10.0.10.0/24
01:45:44 <sommerfeld> can sometimes be simpler to put the zones directly on the 192.168.171.0/24 net but that may not be what you want for other reasons.
03:42:30 <megaTherion> sommerfeld: got it running, confused myself quite a bit on the way... but its basically easy
03:42:33 <megaTherion> igc0:2: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2 zone postgres inet 10.10.10.2 netmask ffffff00 broadcast 10.10.10.255
03:42:36 <megaTherion> igc0:1: flags=1100843<UP,BROADCAST,RUNNING,MULTICAST,ROUTER,IPv4> mtu 1500 index 2 inet 10.10.10.1 netmask ffffff00 broadcast 10.10.10.255
03:42:55 <megaTherion> and then just a NAT on 10.10.0.0/24 (but I was confused by ipf, Im a pf guy)
08:40:19 <sjorge> doubling back to eu-mirrors, primary was in swiss I think. Been a while since I checked.
08:41:08 <sjorge> Yep, AS559 is swiss
08:43:51 <andyf> sommerfeld / megaTherion - the defrouter property alongside allowed-address should definitely work. I use it on all of my zones
08:52:27 <andyf> https://gist.github.com/citrus-it/8e95cb49504fe8e83a4fbd3c67922ac4
12:22:41 <megaTherion> andyf: I see, its getting a while to get into how things are handled - there are a couple of howtos on the net, but nothing really comprehensive.
12:27:20 <megaTherion> as I know understand it ip-type exclusive gives you a seperate network stack for the zone, shared is the opposite and then you cant manipulate routes from within the zone as the routing table is the same as the host
13:13:54 <megaTherion> someone knows how to correctly configure bridges?
14:03:51 <megaTherion> whats also a bit strange is that if I add another lipkg branded zone, all packages are downloaded again - there is no caching?
14:10:58 <tsoome_> see pkg property  (flush-content-cache-on-success)
14:13:19 <megaTherion> oh I see
14:23:36 <megaTherion> tsoome_: it's true that if I want to keep data in lipkg branded zones seperate from BE changes that I need to manually create a 'data' dataset for each zone?
14:24:55 <tsoome_> thats the separation usually means, yes:)
14:37:10 <megaTherion> tsoome_: ok just wanted to clarify, is it basically the rule for all zones or are pkgsrc zones excluded from this?
14:39:07 <tsoome_> its just like with physical host - you have space for your OS and you have space for your data. If you want to keep data separate from the os (in terms of storage device separation), then you need to add device for data.
14:39:51 <tsoome_> in that sense, it really does not matter which type of zone or physical system it is.
14:47:55 <megaTherion> well I try to understand how this works, basically BEs are snapshot for rpool/ROOT, but then why would rpool/zones/zone1/ROOT be affected?
14:52:18 <megaTherion> ok for LX zones this is not the case, at least according to the documentation on omnios.org
14:52:25 <megaTherion> "LX Zones, unlike ipkg or lipkg zones, do not have individual boot environments. If you update and create a new BE, any LX zones are not explicitly updated. "
16:15:00 <megaTherion> seems that it's not a good idea to craete zone names with numbers in it, that breaks some things
17:51:30 <warden> megaTherion: what things are breached? All my production zones names end with a couple of numbers, and I noticed no drawback so far...
17:52:55 <megaTherion> warden: I've tried to create an lx branded zone like in the example on omnios.org, if it contains a number like for exmaple 'influxdb2' I get an error tha the route cannot be added
17:53:00 <megaTherion> I can try again and check
18:00:55 <warden> megaTherion: well, I'm not very experienced in OmniOS, but I'm pretty sure that zone's network stack is unrelated from its name! :)
18:01:43 <megaTherion> probably, but I noticed that zadm always proposes zonename0 as physcial device ... maybe it was conflicting or so. But I'll check again if it happens
19:52:10 <megaTherion> warden: you are right, it works - no clue what I did wrong
20:09:26 <megaTherion> is there a reason that I cannot add a zoned dataset to an lx-branded zone?
20:09:43 <megaTherion> I basically did it the same way as with another pkgsrc zone I have... but the dataset won't get mounted upon zone starting
20:12:38 <m1ari> for a "bridged" interface the easiest is probably a vnic, This is a stuff I fed to zonecfg for a test lipkg zone. https://gist.github.com/m1ari/da615a75ce803ab3b1e93567e35a2b8a
20:13:18 <megaTherion> m1ari: ya figured that out, I couldnt get a bridge to run - Im using now vnics
20:13:21 <m1ari> rge0 is the physical interface, test00_0 is the interface inside the zone
20:15:51 <m1ari> I think part of the reason that pkg and lipkg zones have linked BEs is that part of the filesystem is shared between GZ and zone, so you need to keep packages in sync between the two. That doesn't apply in the same way for pkgsrc and lx zones.
20:16:18 <megaTherion> I see, but I dont see the technical reason why a zoned dataset wouldn't apply to an lx zone too - or why it would be impossible to mount
20:17:03 <m1ari> for help the man pages are often quite good (as I think they are in freebsd) sometimes the challenge is finding the right one (especially if some of the commands are new to you)
20:17:29 <megaTherion> yeah thats true, manpages are great
20:17:37 <megaTherion> Im coming from freebsd actually, trying to get a similar setup done
20:34:50 <sommerfeld> mlari: the key thing is that Illumos doesn't have a stable system call ABI, so libc.so.1 has to match the kernel.
20:36:31 <sommerfeld> linked images ensure that the zones have certain core userspace packages that match the global zone and kernel.
20:51:11 <megaTherion> how does the bloody release cycle works? Is it a different publisher/mirror for ips?
21:05:07 <jclulow> yes
21:06:30 <jclulow> megaTherion: see also: https://omnios.org/info/ipsrepos
21:06:47 <megaTherion> thanks
21:59:21 <jclulow> FYI: https://github.com/omniosorg/omnios-build/issues/3770 seems like a relatively critical defect in r151046 LTS?
22:09:34 <megaTherion> I seem to have pkg⊙0:20241017T212621Z
22:15:12 <jclulow> megaTherion: Oh, that FYI was not aimed at you, just to the room in general, sorry
22:15:49 <megaTherion> sure, I just thought I check what version I have :D
22:16:25 <megaTherion> but isn't your verison older then?
22:18:53 <jclulow> Yes, r151046 is an older release but with a long term maintenance plan (LTS)
22:18:59 <megaTherion> ah I see
22:19:45 <jclulow> You can see in: https://omnios.org/schedule
22:25:16 <megaTherion> what would I have to enable SLAAC (IPv6 autoconfiguration) in OmniOS?
22:25:46 <jclulow> I believe you can just "ipadm create-addr -T addrconf igb0/v6" or whatever
22:26:30 <megaTherion> I see, nice
22:26:47 <neitzel> yes, but additionianlly add -p options.
22:26:58 <megaTherion> for persistance?
22:27:44 <megaTherion> ah prop
22:27:53 <jclulow> neitzel: Which -p option are you thinking about?
22:28:29 <jclulow> I believe the default mode is stateless
22:29:44 <megaTherion> well I get a link-local... thats it
22:29:57 <neitzel> for "policy".   -p stateless=yes/no  for RTADV on/off,  -p statefull=yes/no for DHCPv6 on/off.
22:31:16 <jclulow> megaTherion: Are you expecting route advertisements or DHCP?
22:31:22 <megaTherion> the former
22:31:29 <jclulow> Is your "ndp" service online
22:31:31 <megaTherion> Im not using DHCPv6
22:31:49 <megaTherion> jclulow: thanks, ndp was it
22:32:33 <neitzel> I specify "-p stateless=yes -p statefull=no" in that case, and yes:  I like to forget activating ndp, too :-)
22:33:37 <megaTherion> it works :)
22:33:37 <sommerfeld> neitzel: specifying more than one -p option to ipadm create-addr doesn't actually work (only one gets used)
22:34:01 <sommerfeld> (I noticed this recently, don't think I've filed the bug yet..)
22:35:10 <sommerfeld> in practice once you are aware of this limitation it doesn't prevent you from doing anything reasonable as there are only two options and they both default on and you never want to turn both of them off...
22:53:07 <m1ari> It might be useful to have something in the docs about IPv6, I was playing with it a couple of days ago and found it took a bit of random googling to find the answers
22:54:40 <m1ari> and it was a case of `ipadm create-addr` and starting the ndp service (seems like its disabled by default)
22:56:32 <m1ari> Ultimately I wonder if it's something that should also be in the installer (I only started looking after realising it was off by default - I'd assumed I'd have IPv6 by default as that's been the case in most other OSes for many years)
23:03:59 <sommerfeld> there are some missing pieces around nameserver autoconfiguration over v6.   
23:04:49 <sommerfeld> if you put a v6 address in resolv.conf, it works but neither DHCPv6 nor SLAAC will put an address there.
23:08:13 <megaTherion> sommerfeld: is it expected that resolv.conf will be automatically changed?
23:10:23 <sommerfeld> The DHCPv4 client will in some cases update the nameserver.
23:10:58 <jclulow> I don't really understand why the ndp service is disabled by default, FWIW
23:11:02 <megaTherion> ok right, with DHCP it might make more sense
23:11:06 <jclulow> So that seems like probably an OS bug
23:11:26 <megaTherion> jclulow: in FreeBSD IPv6 is still optional too.. you have to enable it with ifconfig
23:11:37 <megaTherion> many people dont like IPv6
23:12:06 <jclulow> That's fine, but if you do "ipadm create-addr -T addrconf" it really feels like it should at least get turned on as part of that operation
23:12:15 <jclulow> like, if you've opted in to IPv6 it should work haha
23:12:34 <megaTherion> true
23:12:41 <megaTherion> one command should be enough :)