Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Activity
  • Oct 25 16:05
    marcheschi opened #565
  • Oct 18 12:14

    YanChii on master

    [FIX] Security - use Safeloader… (compare)

  • Oct 18 12:14
    YanChii closed #560
  • Oct 18 12:14
    YanChii commented #560
  • Oct 17 06:30
    b1nslashsh commented #560
  • Oct 12 08:16
    marcheschi opened #564
  • Oct 11 08:44
    marcheschi commented #533
  • Oct 11 07:51
    marcheschi commented #561
  • Oct 09 15:47
    YanChii synchronize #563
  • Oct 09 15:47

    YanChii on issue-561

    print to stderr (compare)

  • Oct 09 14:44
    YanChii milestoned #563
  • Oct 09 14:44
    YanChii assigned #563
  • Oct 09 14:44
    YanChii opened #563
  • Oct 09 14:43

    YanChii on issue-561

    check real disk space before cr… (compare)

  • Oct 09 12:37
    YanChii commented #561
  • Oct 09 12:37
    YanChii commented #561
  • Oct 09 11:18
    YanChii commented #561
  • Oct 07 13:07
    marcheschi commented #561
  • Oct 07 11:43
    marcheschi commented #561
  • Oct 07 10:46
    marcheschi commented #561
I won't say Danube cloud / SmartOS is more secure, but the above news surely gives us back some credits for not using the manstream VM providers 🤭
Jan Poctavek
@YanChii
nice zero day :)
Solaris had very good security… AFAIK no break out of the zone was ever discovered
Jan Poctavek
@YanChii
but there certainly are some possible attack vectors (e.g. metadata daemon running in GZ connectable from every VM, vxlans open kernel port, no ipsec2… and DC GUI on top of it)
infinity202
@infinity202

grrrr ;-( It's me again) I rebooted headnode and compute node which both boot from iPXE.
headnode should be booting from https://pxe.danubecloud.org/pxe/esdc-hn-latest.ipxe but it doesn't do that (or at least the OS SmartOS version is still 2020xxxx)
Compute node has rebooted and is running latest version.

Headnode esdc_20200715T230801Z
Compute node esdc_20210711T112647Z

Both servers are at ESD version 4.5
yanchii
@yanchii:matrix.org
[m]
let me check
the platform on pxe server is correct
infinity202
@infinity202
yes, i think the system isn't booting from ipxe although everything looks correctly at the OVH API sections
yanchii
@yanchii:matrix.org
[m]
I remember we've pushed some pxe config to OVH robot… maybe check that one
or see on console what's the machine really doing
infinity202
@infinity202
yes, i'm already on ipmi console. But during boot it seems to boot directly from HD although al seetings point to iPXE
hmmmm we had set it to "install to hdd=1"
infinity202
@infinity202
basicely my "problem"was that i wanted to use/ install latest packages in a SmartOS zone. Last time I tested this on a system where the host had older packages than the zone I ran into strange error
yanchii
@yanchii:matrix.org
[m]
I remember now. Running HN from pxe is not best idea. So we've installed it on disk.
run esdc-platform-upgrade v4.5
infinity202
@infinity202
ESDC version given, translating to platform version
Downloading platform version list
The platform version is 20210711T112647Z
Creating temporary dirs in /opt/upgrade
Downloading the new platform
Extracting the new platform
Accessing the new platform files
Creating new boot environment: dcos-2
yes!
Created successfully
Mounted successfully on: '/opt/upgrade/mnt/dcos'
Updating the new boot environment in the background
infinity202
@infinity202
thanks @yanchii:matrix.org !! SunOS node01.local 5.11 esdc_20210711T112647Z i86pc i386 i86pc
yanchii
@yanchii:matrix.org
[m]
it's very difficult to make proper zone transfers based on IP. The AXFR request goes through FW, dnsdist, possibly pdns-recurse until it reaches pdns master.
1 reply
There is some implementation of "x-forwarded-for" in pdns protocol… but I couldn't make it work
Paolo Marcheschi
@marcheschi
Hi , how is possible with Bhyve to assign a resizable Disk ? I'm reading about Flexible disk space, is it usable? At the moment when I add a disk I have to mount and format inside the Bhyve vm, the resize is possible but tricky.
yanchii
@yanchii:matrix.org
[m]
flexible disk space won't solve your problem… you would still need to resize disk inside VM
yanchii
@yanchii:matrix.org
[m]
you might try to unset volume reservation manually but I didn't explore all consequences it might bring… My preferred approach is to resize disk when you need it (unlike upstream SmartOS, DC supports live resize). The new ubuntu-bhyve image resizes disks at every boot if possible. Otherwise (with other image or without reboot) it's just 1-2 commands to do it.
Paolo Marcheschi
@marcheschi
@yanchii:matrix.org thank you, so maybe the best solution is to mount a nfs disk that I can resize .
Paolo Marcheschi
@marcheschi
Hi everybody, Do you know if it is possible to destroy the zones zpool (that is empty) in order to reconfigure it and attach again to the node? We'd like to reconfigure the zpool in order to gain space. or It is simpler to reinstall it ?
1 reply
klebed
@klebed:matrix.org
[m]
in our situation we have USB drives for starting the system and there are preconfiguration files on them (everything besides disk layout). That way reinstallation would be easy task any time.
Paolo Marcheschi
@marcheschi
I have it as well , you mean /usbkey/config ?
yanchii
@yanchii:matrix.org
[m]
I recommend copying /usbkey/answers.json to /mnt/usbkey/private/answers.json + modify the passwords (they are not stored) and reboot with Destroy zpools bootloader option
that way you enable unattended install
Paolo Marcheschi
@marcheschi
Good, and after that will it ask for the new zpool configuration?
yanchii
@yanchii:matrix.org
[m]
you either update it in answers.json (single/mirror/raidz/raidz2/manual) or delete the option from the file and installer will ask you what to do
Paolo Marcheschi
@marcheschi
Great ! this is awesome thank you @yanchii:matrix.org .
yanchii
@yanchii:matrix.org
[m]
if you intend to use the same node name, don't forget to delete the node from GUI… so it gets re-added
Paolo Marcheschi
@marcheschi
Thank you I'll try it tomorrow!!
Paolo Marcheschi
@marcheschi
Ok I successfully installed 4 servers in this way it was awesome !! thank you @yanchii:matrix.org & @klebed:matrix.org !!
It did not transfer in this way the nic tags
yanchii
@yanchii:matrix.org
[m]

cool

nic tags were probably not configured in the install that has generated answers.json

Paolo Marcheschi
@marcheschi
yes
yanchii
@yanchii:matrix.org
[m]
here you can see how to add also nic tags (second example)
https://docs.danube.cloud/user-guide/install/unattended.html?highlight=nictag
Paolo Marcheschi
@marcheschi
Thank you @yanchii:matrix.org
FilipFrancis
@FilipFrancis
@Jan I think there is a certificate expired images.danubecloud.org
yanchii
@yanchii:matrix.org
[m]
omg… it's not expired certificate… it's letsencrypt's expired verification chain
FilipFrancis
@FilipFrancis
ah ok
yanchii
@yanchii:matrix.org
[m]
I didn't expect it coming from this way…
there's probably old CA chain somewhere in SunOS
FilipFrancis
@FilipFrancis
i know there are several updates of acme.sh regarding some pptotential issues with l'ets encry