Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


erikr last won the day on December 1 2016

erikr had the most liked content!

1 Follower

About erikr

  • Rank
    Advanced Member

Recent Profile Visitors

1,030 profile views
  1. Funny thing, I had the opposite problem. My upgrade failed because lack of support for python 3.6 so I had to remove it ahead of the instructions :) Cheers, Erik
  2. acct-group/* and acct-user/* is a gentoo effort to secure that system users and groups such as man, sshd, sddm etc have a predictable value. sshd shall allways be 22 for example. The problem is called GLEP 81. Those are introduces quite recently as action to a security report where the old way to create system users and groups was possible to abuse in harmful purposes. Read more at the gentoo forums: https://forums.gentoo.org/viewtopic-t-1099864-highlight-acct.html I have no clue how funtoo will react on those but I imagine one either have to start patching ebuilds or include them in one of the most basic core kits as they seems to be part of gentoo nowadays.
  3. I realize this will have impact on core-ui-kit while I expect the xorg-kit will be fairly up to date as it is also used by Gnome.
  4. Hi, I am not a Gnone-user and Gnome have never appealed to me. I have been using KDE since like forever (at least since KDE3) and I'd like to continue using KDE. I also like to continue with Funtoo. Problem is that, as it seems, Funtoo seems to foucs on Gnome with less focus on KDE. Question is; can configure ego so that I use the very latest (well, at least a quite recent, right now KDE Plasma 5.17 ) version of the KDE-kit blended with the general stable Funtoo 1.4? Is there a way to say "hey, use whatever latest in this kit"? Or will I have to make an overlay based on the KDE kit git repo or even Gentoo to make it work? Cheers, Erik
  5. erikr

    LXD Network Setup

    Hi. I need some help setting up networking for my LXD containers. I have followed drobins guides on the wiki and they cover most everything except for networking. When I search and try the thing I find it goes wrong. The setup: On my server I have a physical interface eth0 with ip I like to create a LXD container that uses an own static IP on eth0 (.3) so that I can use it for SSH and web server accessible from inside the LAN. Naturally I want the container to be able to network out. I do NOT want NAT (I think). I do not intend to have a rproxy - I will map a unique hostname to the IP. I have tried to many ways I no longer can describe them but mostly I like the concept for this one as it seems simple enough: https://stgraber.org/2016/10/27/network-management-with-lxd-2-3/ Problem is that even though there seems to be an IP it does not pass through. Also, do I have to configure the static IP using normal networking inside the container? I have tried and it still does not fall through. Anyone that knows a guide for the LXD beginner? There need to be a setup for the Funtoo Computing that does this or similar, it's jut missing in the guide. Cheers, Erik
  6. bcowan, I was hoping for a reply like that ? Synced and all the Gnome/X11-stuff is gone. Worked like a charm. Thanks!
  7. Hi, Upgrading to latest kit 1.3 brings in a pam upgrade that in turn brings in a lot of X11 and some GNOME dependencies. This in on my server and I would prefer to not have X11 or gnome stuff installed. # epro show === Enabled Profiles: === arch: x86-64bit build: current subarch: intel64-sandybridge flavor: core mix-ins: (not set) === Python kit: === branch: 3.7-release === All inherited flavor from core flavor: === minimal (from core flavor) and: # emerge -vatDuU --with-bdeps y @world These are the packages that would be merged, in reverse order: Calculating dependencies... done! [nomerge ] sys-libs/pam- [1.3.0-r3::core-kit] USE="berkdb cracklib filecaps nls nullok%* pie sha512%* -audit -debug -minimal% -mktemp% -nis -pam_krb5% -pam_ssh% -passwdqc% -securetty% (-selinux) -static-libs% (-test%) (-vim-syntax%)" [nomerge ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [ebuild N ] sys-auth/consolekit-0.4.6::nokit USE="acl pam policykit -debug -doc (-selinux) -systemd-units -test" 370 KiB [ebuild N ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" 2,288 KiB [ebuild N ] x11-libs/libxcb-1.13:0/1.12::xorg-kit USE="-doc (-selinux) -static-libs -test -xkb" 499 KiB [ebuild N ] x11-libs/libXau-1.0.8-r1::xorg-kit USE="-static-libs" 289 KiB [ebuild N ] x11-libs/libXdmcp-1.1.2-r2::xorg-kit USE="-doc -static-libs" 324 KiB [nomerge ] x11-libs/libXdmcp-1.1.2-r2::xorg-kit USE="-doc -static-libs" [nomerge ] x11-base/xorg-proto-2018.4_p20180627-r2::core-gl-kit [ebuild N ] x11-proto/fontsproto-2.1.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/applewmproto-1.4.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/fixesproto-5.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/evieproto-1.1.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/lg3dproto-5.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xproxymngproto-1.0.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xineramaproto-1.2.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/compositeproto-0.4.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/trapproto-3.4.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/presentproto-1.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/printproto-1.0.5:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xcalibrateproto-0.1.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86vidmodeproto-2.3.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/randrproto-1.6.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86driproto-2.1.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xproto-7.0.32:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/scrnsaverproto-1.2.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xextproto-7.3.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86dgaproto-2.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/fontcacheproto-0.1.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/renderproto-0.11.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/resourceproto-1.2.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/kbproto-1.0.7:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/dri2proto-2.8:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86bigfontproto-1.2.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/bigreqsproto-1.1.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/damageproto-1.2.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86rushproto-1.2.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/recordproto-1.14.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/inputproto-2.3.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86miscproto-0.9.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/windowswmproto-1.0.4:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/dri3proto-1.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xcmiscproto-1.2.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/glproto-1.4.17:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/videoproto-2.3.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/dmxproto-2.3.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-base/xorg-proto-2018.4_p20180627-r2::core-gl-kit 0 KiB [nomerge ] sys-libs/pam- [1.3.0-r3::core-kit] USE="berkdb cracklib filecaps nls nullok%* pie sha512%* -audit -debug -minimal% -mktemp% -nis -pam_krb5% -pam_ssh% -passwdqc% -securetty% (-selinux) -static-libs% (-test%) (-vim-syntax%)" [blocks b ] <sys-auth/pambase-20190426 ("<sys-auth/pambase-20190426" is blocking sys-libs/pam- [ebuild U ] sys-auth/pambase-20190426::core-kit [20150213-r3::core-kit] USE="cracklib -debug -minimal -mktemp -nullok* -pam_krb5 -pam_ssh -passwdqc -securetty (-selinux) -sha512* (-consolekit%) (-elogind%) (-gnome-keyring%) (-systemd%)" 0 KiB [ebuild U ] sys-libs/pam- [1.3.0-r3::core-kit] USE="berkdb cracklib filecaps nls nullok%* pie sha512%* -audit -debug -minimal% -mktemp% -nis -pam_krb5% -pam_ssh% -passwdqc% -securetty% (-selinux) -static-libs% (-test%) (-vim-syntax%)" 742 KiB [nomerge ] sys-auth/consolekit-0.4.6::nokit USE="acl pam policykit -debug -doc (-selinux) -systemd-units -test" [ebuild N ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" 1,515 KiB [ebuild N ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" 1,144 KiB [nomerge ] app-emulation/docker-18.09.0::nokit USE="btrfs container-init overlay -apparmor -aufs -device-mapper -hardened -pkcs11 -seccomp" [nomerge ] dev-go/go-md2man-1.0.6::lang-kit [ebuild U ] dev-lang/go-1.12.4:0/1.12.4::lang-kit [1.11.4:0/1.11.4::lang-kit] USE="-gccgo" 549,005 KiB [ebuild FUD ] sys-apps/ipmicfg- [] 1,683 KiB [ebuild NS ] sys-kernel/debian-sources-lts-4.9.168_p1:debian-sources-lts-4.9.168_p1::core-kit [4.9.144_p3-r1:debian-sources-lts-4.9.144_p3-r1::core-kit] USE="-binary -ec2 -sign-modules" 95,162 KiB [ebuild U ] net-misc/wget-1.20.3::core-kit [1.19.5::core-kit] USE="ipv6 nls pcre ssl zlib -debug -gnutls -idn -libressl -ntlm -static -test -uuid" 4,385 KiB [ebuild U ] app-editors/vim-8.1.1248::editors-kit [8.1.1092::editors-kit] USE="acl nls python -X -cscope -debug -gpm -lua -luajit -minimal -perl -racket -ruby (-selinux) -tcl -vim-pager" PYTHON_TARGETS="python2_7 python3_6 -python3_4 -python3_5" 13,835 KiB [ebuild U ] app-editors/vim-core-8.1.1248::editors-kit [8.1.1092::editors-kit] USE="acl nls -minimal" 0 KiB [nomerge ] x11-libs/libxcb-1.13:0/1.12::xorg-kit USE="-doc (-selinux) -static-libs -test -xkb" [ebuild N ] x11-base/xcb-proto-1.13::xorg-kit PYTHON_TARGETS="python2_7 python3_6 -python3_4 -python3_5" 149 KiB [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [nomerge ] dev-util/gtk-doc-am-1.29-r2::gnome-kit [nomerge ] dev-util/gtk-doc-1.29-r2::gnome-kit USE="-debug -doc -emacs -highlight -vim" PYTHON_SINGLE_TARGET="python3_6 -python3_7" PYTHON_TARGETS="python3_6 -python3_7" [nomerge ] app-text/yelp-tools-3.28.0::gnome-kit [nomerge ] gnome-extra/yelp-xsl-3.30.1::gnome-kit [ebuild U ] dev-util/itstool-2.0.6-r1::core-kit [2.0.2::core-kit] PYTHON_SINGLE_TARGET="python3_6%* -python2_7% -python3_4% -python3_5% -python3_7%" PYTHON_TARGETS="python2_7 python3_6%* -python3_4% -python3_5% -python3_7%" 101 KiB [ebuild U ] dev-libs/libxml2-2.9.9-r1:2::core-kit [2.9.8-r1:2::core-kit] USE="icu ipv6 python readline -debug -examples -lzma -static-libs -test" PYTHON_TARGETS="python2_7 python3_6 -python3_5 -python3_7 (-python3_4%)" 5,365 KiB [nomerge ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" [ebuild N ] dev-util/meson-0.48.2::core-kit PYTHON_TARGETS="python3_6 -python3_5 -python3_7" 1,281 KiB [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [ebuild N ] dev-lang/spidermonkey-52.9.1_pre1:52::net-kit USE="system-icu -custom-cflags -custom-optimization -debug -minimal -test" 29,477 KiB [nomerge ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" [ebuild N ] dev-util/ninja-1.8.2-r2::core-kit USE="-doc -emacs -test -vim-syntax -zsh-completion" 200 KiB [nomerge ] dev-lang/spidermonkey-52.9.1_pre1:52::net-kit USE="system-icu -custom-cflags -custom-optimization -debug -minimal -test" [ebuild NS ] sys-devel/autoconf-2.13:2.1::core-kit [2.69-r4:2.69::core-kit] 434 KiB [nomerge ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" [ebuild N ] media-fonts/font-util-1.3.1::xorg-kit 150 KiB [nomerge ] dev-lang/spidermonkey-52.9.1_pre1:52::net-kit USE="system-icu -custom-cflags -custom-optimization -debug -minimal -test" [ebuild N ] dev-libs/nspr-4.20::dev-kit USE="-debug" 1,115 KiB [nomerge ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" [ebuild N ] x11-libs/xtrans-1.3.5::xorg-kit USE="-doc" 183 KiB [nomerge ] x11-libs/libXdmcp-1.1.2-r2::xorg-kit USE="-doc -static-libs" [ebuild N ] dev-libs/libbsd-0.9.1::core-kit USE="-static-libs" 379 KiB [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [ebuild N ] dev-libs/gobject-introspection-common-1.58.1::gnome-kit 1,346 KiB [nomerge ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" [ebuild N ] x11-misc/util-macros-1.19.2-r1::xorg-kit 83 KiB [nomerge ] x11-libs/libXau-1.0.8-r1::xorg-kit USE="-static-libs" [nomerge ] x11-base/xorg-proto-2018.4_p20180627-r2::core-gl-kit [nomerge ] dev-util/ninja-1.8.2-r2::core-kit USE="-doc -emacs -test -vim-syntax -zsh-completion" [ebuild N ] dev-util/re2c-1.1.1::core-kit 5,769 KiB [nomerge ] x11-libs/libxcb-1.13:0/1.12::xorg-kit USE="-doc (-selinux) -static-libs -test -xkb" [ebuild N ] dev-libs/libpthread-stubs-0.4-r1::xorg-kit 57 KiB I have tried working the use-flags in vain, makes minor differences but still brings in gnome and X11 stuff. Any suggestions? Cheers, Erik
  8. Thanks for some good hands on tips lazlo.vii and the area is both as full of different advices as it is lacking good resources. When it comes to files systems I do BTRFS mostly but on the server I do ZFS. I once had problems with ZFS where I removal of a zfs from the pool messed things up. I solved it with a FreeBSD live-cd where I imported the pool, removed the zfs and exported the pool. It worked like a charm and since long the bug is fixed. I still have a "thing" for ZFS though and decided to go for it some time ago (I participated in another forum post here about ZFS some time ago). I already have the pools setup on my current installation and will reuse them in the new server. The current network setup plan is as follows: AppServer on DMZ FileServer on HomeNetwork An intermediate physical network between AppServer and FileServer with fixed IPs and just a switch. This way I can make a really narrow IP-filter on the FileServer side for this particular network and I will rely on ZFS export mechanism to export the right stuff. I will try to block unexpected IPs from on the FileServer preventing the AppServer acquire access the nfs-exports meant for the home-network ( nfs will use the IP to determine export rules - faked IP meaning wrong nfs access). Most likely I will look into SELinux, a new area for me. Containers are new for me (from hosting point of view) as well but I will learn eventually ? Cheers, Erik
  9. Hi, I have just purchased two second hand servers building my own Funtoo server cluster here at home. This was actually easier and not particular more expensive than locating motherboards and CPUs with working support for ECC for my ZFS file server. But I also found a second hand server suitable for application server and as the optical fibre is on its way pretty soon, I moved the servers to the basement, and Funtoo is now more suitable for server usage than before, there was just no reason why not to purchase ? I will come back to the specs in other posts. Right now it is about planning the network. Both servers have several (4+) network interfaces. What I think I am trying to do (well I am open for proposals) is this: Fileserver will be the ZFS file server. I will need this for the home network. Eth0 is connected to the home network. Appserver will be the applications server. I will create a post for this as well, but plan is to run docker images for stuff. I see no reason to start with LXD containers but we save this for another thread. I imagine that the Appserver shall to be on the DMZ-netowork and with a properly and stringent configured firewall. The thing is that I suppose that the Appserver will need to access the Fileserver. How do I set this up in a secure manner and how do other do? My plan that needs to be scrutinised: Appserver:eth1 will be connected to the DMZ and accessible to the internet. I will most likely purchase a Firewall with DMZ from Zyxell dealing with the routing. Applications will run in containers. I would like to restrict eth0 for container usage (i.e. only open for the ports used by the containers and rout stuff directly there using nginx or Docker Registry (more study need to be done), no other access to the device but perhaps ssh, not decided yet. Ssh into a docker first? Fileserver:eth0 will be connected to the home network. Appserver:eth0 will be connected to the home network allowing me to access the server from home network and allow Appserver to access Fileserver. I imagine this setup can be vastly improved. Please help me out here! Also, if the recommendation is to not use the Fileserver but instead add some disks locally please met me know. Appserver does not have that many diskslots, while Fileserver have suffucient (12 or so). Also I prefere letting ZFS Arc on the Fileserver (with 32GB ram) consume most of the memory (this is the only task) while the Appserver (with 128GB ram) can use this for the containers instead. I will most likely have some containers on the Appserver that need to interact with storage that is available on the local network. Regards, Erik
  10. erikr

    Server with ECC

    So after some struggle I decided to repurpose the above configuration to something else. Major problems has been instability during load (i.e. mostly emerge) with the AMD-cpu and that although there is ECC-memory installed it will not utilize the ECC-function with this motherboard (verified with Asus support-tech). The answer is that ECC is not supported with this configuration. Instead I have purchased a second hand Supermicro 6027R-E1R12L based on Intel, with working ECC-functionality and hot-swap-slots for all my disks in the front. My first rack-server - a small step for mankind, an huge leap for Erik. There are 32GB RAM and a single Xeon E5-2660 8 Core cpu. It will basically only serve as a ZFS host on the network.
  11. Well, I though of Nike and just did it :) It wasn't even than hard (I think). Then I ran into the EAPI=7 problem instead and verified that it's not related to the python upgrade and it isn't. Now I have the upgrade on hold until portage is upgraded. Words will not express how much I adore the possibility to do upgrades in snapshots along side the live system!
  12. Gentoo have an upgrade guide: https://wiki.gentoo.org/wiki/Python#Version_upgrade. Doesn't seem that hard. Just recall having some trouble with portage failing at some point and then one are on trouble :) I will try that one. The entire upgrade is in a separate snapshot anyway so I am prepared if it fails. I will upgrade python 3 to python 3.6.
  13. dev-lang/python| slot| repo ----------------+---------+--------------------- 2.7.13-r1| 2.7| python-kit/3.4-prime * 2.7.14-r2| | python-kit/3.4-prime ----------------+---------+--------------------- * 3.4.6-r1| 3.4/3.4m| python-kit/3.4-prime ----------------+---------+--------------------- 3.5.3| 3.5/3.5m| python-kit/3.4-prime 3.5.3-r1| | python-kit/3.4-prime ----------------+---------+--------------------- 3.6.1-r2| 3.6/3.6m| python-kit/3.4-prime 3.6.5-r1| | python-kit/3.4-prime I am using 1.2 in general but made no change to the python-kits. Is there an upgrade procedure to be aware of? I am a newbie when it comes to python - besides all kind of hell from gentoo upgrades over the year. Been happy that I didn't need to upgrade for quite a while :) // Erik
  14. Hi, I am using the 1.2 kit but stumbled onto a problem when building www-client/firefox-61.0; 0:03.20 checking for Python 3... : python_wrapper_setup: python3 is not supported by python2.7 (PYTHON_COMPAT) 0:03.20 no 0:03.20 ERROR: Python 3.5 or newer is required to build. Ensure a `python3.x` executable is in your PATH or define PYTHON3 to point to a Python 3.5 executable. 0:03.22 *** Fix above errors and then restart with\ 0:03.22 "/usr/bin/gmake -f client.mk build" 0:03.22 gmake: *** [client.mk:149: configure] Error 1 While Firefox upgrade will have to wait for now I'm curious what to do when it's time to deal with this? Is Python 3.5 "just" a matter of a python upgrade and a kit-change that I should have done or what? I am not using python myself, it is only there for the system so I am open for changes :) // Erik
  15. erikr

    ZFS Mountpoints

    A bite late but thanx! New server (the one with ECC) installed, just booted into ZFS for the first time using this post. It solves quite a few hesitations I used to have :) Boot args I use is; root=ZFS=rootpool/funtoo/root ro boot=zfs net.ifnames=0 I prefer not to import all pools at boot time, if the pool contains an exported FS it must be imported after networking and nsf is started or it fails to share correctly (or rather; this used to be a problem). As of now this is only the server. Pools is to created tomorrow, 8TB is to moved to backup before it is restored into a new 4*4TB disk that most likely will be a 5 or 6 *4TB disk with raidz2.
  • Create New...