libre #smartos

31 Oct 2023

SmartOS -- A Modern, Open Source, Datacenter Operating System | smartos.org | github.com/TritonDataCenter/smartos-live | github.com/TritonDataCenter/triton | Security -- TritonDataCenter.com/security-issues | Channel logs - log.omnios.org/smartos

• 07:00
  tozhu
  anyone could help take a look for my question ? is the problem with smartos only, or the problem is generic problem with all illumos based os? log.omnios.org/smartos/2023-10-30
• 09:22
  jperkin
  nahamu: could you rebase wireguard-go at some point? gvisor doesn't build with go 1.21 (the new pkgsrc default), and they've bumped it upstream to a working one a while back
• 12:47
  nahamu
  jperkin: I can certainly take a look.
• 12:48
  nahamu
  jperkin: can you give me a repo URL to try against?
• 12:50
  nahamu
  jperkin: I've enabled issues on my fork. If you file something there with some extra details that would be helpful. github.com/nshalman/wireguard-go/issues
• 13:12
  jperkin
  nahamu: not sure what you mean by "repo URL" but I've raised #1, thanks!
• 13:54
  nahamu
  Thanks!
• 18:29
  Smithx10
  What are the options for using ZFS encryption within triton? Is there a doc for this?
• 18:31
  jbk
  it's per compute node
• 18:31
  jbk
  and it requires a compute node to have a yubikey plugged in
• 18:31
  jbk
  and is something that's set when you provision the CN
• 18:32
  jbk
  i can't remember the option any more, but basically you add an option when you setup a CN to indicate it should be encrypted
• 18:32
  jbk
  and it creates the encrypted zpool
• 18:33
  jbk
  (basically anymore more granular than the zpool gets complicated because of tritons use of cloning to provision instances... those all have to sit under the same encryption root)
• 18:34
  jbk
  a nice improvement would be to also support TPM2 modules (unlike TPM1.x modules, TPM2 modules mandate more modern mechanisms including ECC)
• 18:34
  jbk
  but never got that far