Jump to content
funtoo forums


  • Content Count

  • Joined

  • Last visited

  • Days Won


erikr last won the day on December 1 2016

erikr had the most liked content!

1 Follower

About erikr

  • Rank
    Advanced Member

Recent Profile Visitors

592 profile views
  1. erikr

    LXD Network Setup

    Hi. I need some help setting up networking for my LXD containers. I have followed drobins guides on the wiki and they cover most everything except for networking. When I search and try the thing I find it goes wrong. The setup: On my server I have a physical interface eth0 with ip I like to create a LXD container that uses an own static IP on eth0 (.3) so that I can use it for SSH and web server accessible from inside the LAN. Naturally I want the container to be able to network out. I do NOT want NAT (I think). I do not intend to have a rproxy - I will map a unique hostname to the IP. I have tried to many ways I no longer can describe them but mostly I like the concept for this one as it seems simple enough: https://stgraber.org/2016/10/27/network-management-with-lxd-2-3/ Problem is that even though there seems to be an IP it does not pass through. Also, do I have to configure the static IP using normal networking inside the container? I have tried and it still does not fall through. Anyone that knows a guide for the LXD beginner? There need to be a setup for the Funtoo Computing that does this or similar, it's jut missing in the guide. Cheers, Erik
  2. bcowan, I was hoping for a reply like that ? Synced and all the Gnome/X11-stuff is gone. Worked like a charm. Thanks!
  3. Hi, Upgrading to latest kit 1.3 brings in a pam upgrade that in turn brings in a lot of X11 and some GNOME dependencies. This in on my server and I would prefer to not have X11 or gnome stuff installed. # epro show === Enabled Profiles: === arch: x86-64bit build: current subarch: intel64-sandybridge flavor: core mix-ins: (not set) === Python kit: === branch: 3.7-release === All inherited flavor from core flavor: === minimal (from core flavor) and: # emerge -vatDuU --with-bdeps y @world These are the packages that would be merged, in reverse order: Calculating dependencies... done! [nomerge ] sys-libs/pam- [1.3.0-r3::core-kit] USE="berkdb cracklib filecaps nls nullok%* pie sha512%* -audit -debug -minimal% -mktemp% -nis -pam_krb5% -pam_ssh% -passwdqc% -securetty% (-selinux) -static-libs% (-test%) (-vim-syntax%)" [nomerge ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [ebuild N ] sys-auth/consolekit-0.4.6::nokit USE="acl pam policykit -debug -doc (-selinux) -systemd-units -test" 370 KiB [ebuild N ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" 2,288 KiB [ebuild N ] x11-libs/libxcb-1.13:0/1.12::xorg-kit USE="-doc (-selinux) -static-libs -test -xkb" 499 KiB [ebuild N ] x11-libs/libXau-1.0.8-r1::xorg-kit USE="-static-libs" 289 KiB [ebuild N ] x11-libs/libXdmcp-1.1.2-r2::xorg-kit USE="-doc -static-libs" 324 KiB [nomerge ] x11-libs/libXdmcp-1.1.2-r2::xorg-kit USE="-doc -static-libs" [nomerge ] x11-base/xorg-proto-2018.4_p20180627-r2::core-gl-kit [ebuild N ] x11-proto/fontsproto-2.1.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/applewmproto-1.4.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/fixesproto-5.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/evieproto-1.1.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/lg3dproto-5.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xproxymngproto-1.0.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xineramaproto-1.2.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/compositeproto-0.4.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/trapproto-3.4.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/presentproto-1.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/printproto-1.0.5:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xcalibrateproto-0.1.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86vidmodeproto-2.3.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/randrproto-1.6.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86driproto-2.1.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xproto-7.0.32:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/scrnsaverproto-1.2.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xextproto-7.3.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86dgaproto-2.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/fontcacheproto-0.1.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/renderproto-0.11.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/resourceproto-1.2.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/kbproto-1.0.7:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/dri2proto-2.8:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86bigfontproto-1.2.0:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/bigreqsproto-1.1.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/damageproto-1.2.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86rushproto-1.2.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/recordproto-1.14.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/inputproto-2.3.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xf86miscproto-0.9.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/windowswmproto-1.0.4:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/dri3proto-1.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/xcmiscproto-1.2.2:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/glproto-1.4.17:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/videoproto-2.3.3:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-proto/dmxproto-2.3.1:0/stub::core-gl-kit 0 KiB [ebuild N ] x11-base/xorg-proto-2018.4_p20180627-r2::core-gl-kit 0 KiB [nomerge ] sys-libs/pam- [1.3.0-r3::core-kit] USE="berkdb cracklib filecaps nls nullok%* pie sha512%* -audit -debug -minimal% -mktemp% -nis -pam_krb5% -pam_ssh% -passwdqc% -securetty% (-selinux) -static-libs% (-test%) (-vim-syntax%)" [blocks b ] <sys-auth/pambase-20190426 ("<sys-auth/pambase-20190426" is blocking sys-libs/pam- [ebuild U ] sys-auth/pambase-20190426::core-kit [20150213-r3::core-kit] USE="cracklib -debug -minimal -mktemp -nullok* -pam_krb5 -pam_ssh -passwdqc -securetty (-selinux) -sha512* (-consolekit%) (-elogind%) (-gnome-keyring%) (-systemd%)" 0 KiB [ebuild U ] sys-libs/pam- [1.3.0-r3::core-kit] USE="berkdb cracklib filecaps nls nullok%* pie sha512%* -audit -debug -minimal% -mktemp% -nis -pam_krb5% -pam_ssh% -passwdqc% -securetty% (-selinux) -static-libs% (-test%) (-vim-syntax%)" 742 KiB [nomerge ] sys-auth/consolekit-0.4.6::nokit USE="acl pam policykit -debug -doc (-selinux) -systemd-units -test" [ebuild N ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" 1,515 KiB [ebuild N ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" 1,144 KiB [nomerge ] app-emulation/docker-18.09.0::nokit USE="btrfs container-init overlay -apparmor -aufs -device-mapper -hardened -pkcs11 -seccomp" [nomerge ] dev-go/go-md2man-1.0.6::lang-kit [ebuild U ] dev-lang/go-1.12.4:0/1.12.4::lang-kit [1.11.4:0/1.11.4::lang-kit] USE="-gccgo" 549,005 KiB [ebuild FUD ] sys-apps/ipmicfg- [] 1,683 KiB [ebuild NS ] sys-kernel/debian-sources-lts-4.9.168_p1:debian-sources-lts-4.9.168_p1::core-kit [4.9.144_p3-r1:debian-sources-lts-4.9.144_p3-r1::core-kit] USE="-binary -ec2 -sign-modules" 95,162 KiB [ebuild U ] net-misc/wget-1.20.3::core-kit [1.19.5::core-kit] USE="ipv6 nls pcre ssl zlib -debug -gnutls -idn -libressl -ntlm -static -test -uuid" 4,385 KiB [ebuild U ] app-editors/vim-8.1.1248::editors-kit [8.1.1092::editors-kit] USE="acl nls python -X -cscope -debug -gpm -lua -luajit -minimal -perl -racket -ruby (-selinux) -tcl -vim-pager" PYTHON_TARGETS="python2_7 python3_6 -python3_4 -python3_5" 13,835 KiB [ebuild U ] app-editors/vim-core-8.1.1248::editors-kit [8.1.1092::editors-kit] USE="acl nls -minimal" 0 KiB [nomerge ] x11-libs/libxcb-1.13:0/1.12::xorg-kit USE="-doc (-selinux) -static-libs -test -xkb" [ebuild N ] x11-base/xcb-proto-1.13::xorg-kit PYTHON_TARGETS="python2_7 python3_6 -python3_4 -python3_5" 149 KiB [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [nomerge ] dev-util/gtk-doc-am-1.29-r2::gnome-kit [nomerge ] dev-util/gtk-doc-1.29-r2::gnome-kit USE="-debug -doc -emacs -highlight -vim" PYTHON_SINGLE_TARGET="python3_6 -python3_7" PYTHON_TARGETS="python3_6 -python3_7" [nomerge ] app-text/yelp-tools-3.28.0::gnome-kit [nomerge ] gnome-extra/yelp-xsl-3.30.1::gnome-kit [ebuild U ] dev-util/itstool-2.0.6-r1::core-kit [2.0.2::core-kit] PYTHON_SINGLE_TARGET="python3_6%* -python2_7% -python3_4% -python3_5% -python3_7%" PYTHON_TARGETS="python2_7 python3_6%* -python3_4% -python3_5% -python3_7%" 101 KiB [ebuild U ] dev-libs/libxml2-2.9.9-r1:2::core-kit [2.9.8-r1:2::core-kit] USE="icu ipv6 python readline -debug -examples -lzma -static-libs -test" PYTHON_TARGETS="python2_7 python3_6 -python3_5 -python3_7 (-python3_4%)" 5,365 KiB [nomerge ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" [ebuild N ] dev-util/meson-0.48.2::core-kit PYTHON_TARGETS="python3_6 -python3_5 -python3_7" 1,281 KiB [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [ebuild N ] dev-lang/spidermonkey-52.9.1_pre1:52::net-kit USE="system-icu -custom-cflags -custom-optimization -debug -minimal -test" 29,477 KiB [nomerge ] sys-auth/elogind-239.3::gnome-kit USE="acl pam policykit -debug -doc (-selinux)" [ebuild N ] dev-util/ninja-1.8.2-r2::core-kit USE="-doc -emacs -test -vim-syntax -zsh-completion" 200 KiB [nomerge ] dev-lang/spidermonkey-52.9.1_pre1:52::net-kit USE="system-icu -custom-cflags -custom-optimization -debug -minimal -test" [ebuild NS ] sys-devel/autoconf-2.13:2.1::core-kit [2.69-r4:2.69::core-kit] 434 KiB [nomerge ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" [ebuild N ] media-fonts/font-util-1.3.1::xorg-kit 150 KiB [nomerge ] dev-lang/spidermonkey-52.9.1_pre1:52::net-kit USE="system-icu -custom-cflags -custom-optimization -debug -minimal -test" [ebuild N ] dev-libs/nspr-4.20::dev-kit USE="-debug" 1,115 KiB [nomerge ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" [ebuild N ] x11-libs/xtrans-1.3.5::xorg-kit USE="-doc" 183 KiB [nomerge ] x11-libs/libXdmcp-1.1.2-r2::xorg-kit USE="-doc -static-libs" [ebuild N ] dev-libs/libbsd-0.9.1::core-kit USE="-static-libs" 379 KiB [nomerge ] sys-auth/polkit-0.115-r1::gnome-kit USE="nls pam -elogind -examples -gtk -introspection -jit -kde (-selinux) -test" [ebuild N ] dev-libs/gobject-introspection-common-1.58.1::gnome-kit 1,346 KiB [nomerge ] x11-libs/libX11-1.6.6::xorg-kit USE="ipv6 -doc -static-libs -test" [ebuild N ] x11-misc/util-macros-1.19.2-r1::xorg-kit 83 KiB [nomerge ] x11-libs/libXau-1.0.8-r1::xorg-kit USE="-static-libs" [nomerge ] x11-base/xorg-proto-2018.4_p20180627-r2::core-gl-kit [nomerge ] dev-util/ninja-1.8.2-r2::core-kit USE="-doc -emacs -test -vim-syntax -zsh-completion" [ebuild N ] dev-util/re2c-1.1.1::core-kit 5,769 KiB [nomerge ] x11-libs/libxcb-1.13:0/1.12::xorg-kit USE="-doc (-selinux) -static-libs -test -xkb" [ebuild N ] dev-libs/libpthread-stubs-0.4-r1::xorg-kit 57 KiB I have tried working the use-flags in vain, makes minor differences but still brings in gnome and X11 stuff. Any suggestions? Cheers, Erik
  4. Thanks for some good hands on tips lazlo.vii and the area is both as full of different advices as it is lacking good resources. When it comes to files systems I do BTRFS mostly but on the server I do ZFS. I once had problems with ZFS where I removal of a zfs from the pool messed things up. I solved it with a FreeBSD live-cd where I imported the pool, removed the zfs and exported the pool. It worked like a charm and since long the bug is fixed. I still have a "thing" for ZFS though and decided to go for it some time ago (I participated in another forum post here about ZFS some time ago). I already have the pools setup on my current installation and will reuse them in the new server. The current network setup plan is as follows: AppServer on DMZ FileServer on HomeNetwork An intermediate physical network between AppServer and FileServer with fixed IPs and just a switch. This way I can make a really narrow IP-filter on the FileServer side for this particular network and I will rely on ZFS export mechanism to export the right stuff. I will try to block unexpected IPs from on the FileServer preventing the AppServer acquire access the nfs-exports meant for the home-network ( nfs will use the IP to determine export rules - faked IP meaning wrong nfs access). Most likely I will look into SELinux, a new area for me. Containers are new for me (from hosting point of view) as well but I will learn eventually ? Cheers, Erik
  5. Hi, I have just purchased two second hand servers building my own Funtoo server cluster here at home. This was actually easier and not particular more expensive than locating motherboards and CPUs with working support for ECC for my ZFS file server. But I also found a second hand server suitable for application server and as the optical fibre is on its way pretty soon, I moved the servers to the basement, and Funtoo is now more suitable for server usage than before, there was just no reason why not to purchase ? I will come back to the specs in other posts. Right now it is about planning the network. Both servers have several (4+) network interfaces. What I think I am trying to do (well I am open for proposals) is this: Fileserver will be the ZFS file server. I will need this for the home network. Eth0 is connected to the home network. Appserver will be the applications server. I will create a post for this as well, but plan is to run docker images for stuff. I see no reason to start with LXD containers but we save this for another thread. I imagine that the Appserver shall to be on the DMZ-netowork and with a properly and stringent configured firewall. The thing is that I suppose that the Appserver will need to access the Fileserver. How do I set this up in a secure manner and how do other do? My plan that needs to be scrutinised: Appserver:eth1 will be connected to the DMZ and accessible to the internet. I will most likely purchase a Firewall with DMZ from Zyxell dealing with the routing. Applications will run in containers. I would like to restrict eth0 for container usage (i.e. only open for the ports used by the containers and rout stuff directly there using nginx or Docker Registry (more study need to be done), no other access to the device but perhaps ssh, not decided yet. Ssh into a docker first? Fileserver:eth0 will be connected to the home network. Appserver:eth0 will be connected to the home network allowing me to access the server from home network and allow Appserver to access Fileserver. I imagine this setup can be vastly improved. Please help me out here! Also, if the recommendation is to not use the Fileserver but instead add some disks locally please met me know. Appserver does not have that many diskslots, while Fileserver have suffucient (12 or so). Also I prefere letting ZFS Arc on the Fileserver (with 32GB ram) consume most of the memory (this is the only task) while the Appserver (with 128GB ram) can use this for the containers instead. I will most likely have some containers on the Appserver that need to interact with storage that is available on the local network. Regards, Erik
  6. erikr

    Server with ECC

    So after some struggle I decided to repurpose the above configuration to something else. Major problems has been instability during load (i.e. mostly emerge) with the AMD-cpu and that although there is ECC-memory installed it will not utilize the ECC-function with this motherboard (verified with Asus support-tech). The answer is that ECC is not supported with this configuration. Instead I have purchased a second hand Supermicro 6027R-E1R12L based on Intel, with working ECC-functionality and hot-swap-slots for all my disks in the front. My first rack-server - a small step for mankind, an huge leap for Erik. There are 32GB RAM and a single Xeon E5-2660 8 Core cpu. It will basically only serve as a ZFS host on the network.
  7. Well, I though of Nike and just did it :) It wasn't even than hard (I think). Then I ran into the EAPI=7 problem instead and verified that it's not related to the python upgrade and it isn't. Now I have the upgrade on hold until portage is upgraded. Words will not express how much I adore the possibility to do upgrades in snapshots along side the live system!
  8. Gentoo have an upgrade guide: https://wiki.gentoo.org/wiki/Python#Version_upgrade. Doesn't seem that hard. Just recall having some trouble with portage failing at some point and then one are on trouble :) I will try that one. The entire upgrade is in a separate snapshot anyway so I am prepared if it fails. I will upgrade python 3 to python 3.6.
  9. dev-lang/python| slot| repo ----------------+---------+--------------------- 2.7.13-r1| 2.7| python-kit/3.4-prime * 2.7.14-r2| | python-kit/3.4-prime ----------------+---------+--------------------- * 3.4.6-r1| 3.4/3.4m| python-kit/3.4-prime ----------------+---------+--------------------- 3.5.3| 3.5/3.5m| python-kit/3.4-prime 3.5.3-r1| | python-kit/3.4-prime ----------------+---------+--------------------- 3.6.1-r2| 3.6/3.6m| python-kit/3.4-prime 3.6.5-r1| | python-kit/3.4-prime I am using 1.2 in general but made no change to the python-kits. Is there an upgrade procedure to be aware of? I am a newbie when it comes to python - besides all kind of hell from gentoo upgrades over the year. Been happy that I didn't need to upgrade for quite a while :) // Erik
  10. Hi, I am using the 1.2 kit but stumbled onto a problem when building www-client/firefox-61.0; 0:03.20 checking for Python 3... : python_wrapper_setup: python3 is not supported by python2.7 (PYTHON_COMPAT) 0:03.20 no 0:03.20 ERROR: Python 3.5 or newer is required to build. Ensure a `python3.x` executable is in your PATH or define PYTHON3 to point to a Python 3.5 executable. 0:03.22 *** Fix above errors and then restart with\ 0:03.22 "/usr/bin/gmake -f client.mk build" 0:03.22 gmake: *** [client.mk:149: configure] Error 1 While Firefox upgrade will have to wait for now I'm curious what to do when it's time to deal with this? Is Python 3.5 "just" a matter of a python upgrade and a kit-change that I should have done or what? I am not using python myself, it is only there for the system so I am open for changes :) // Erik
  11. erikr

    ZFS Mountpoints

    A bite late but thanx! New server (the one with ECC) installed, just booted into ZFS for the first time using this post. It solves quite a few hesitations I used to have :) Boot args I use is; root=ZFS=rootpool/funtoo/root ro boot=zfs net.ifnames=0 I prefer not to import all pools at boot time, if the pool contains an exported FS it must be imported after networking and nsf is started or it fails to share correctly (or rather; this used to be a problem). As of now this is only the server. Pools is to created tomorrow, 8TB is to moved to backup before it is restored into a new 4*4TB disk that most likely will be a 5 or 6 *4TB disk with raidz2.
  12. erikr

    Server with ECC

    I am planning to upgrade my good old server that has been around for some time now. Mostly it is a NAS with 4*4TB disks in a BTRFS RAID 10 array for now. I have since logn used both ZFS and BTRFS and regardless of choice it seems to be a consensus that one shall use ECC memory to prevent that the calculated check sums are faulty. I have non-ecc today and I have experienced degradation of the content. ECC is new territory for me and I have a few questions; 1. On my desk is a ASUS Prime X370-PRO mother board. The specs say "DDR4 ECC or NON-ECC memory, unbufferd". While check out some other gaming boards it is more clear that "sure, use ECC or non-ECC as you please - we will not use the ECC-function anyway". Are there anyone that can confirm if ECC will be enabled given that I use compatible ECC me memories? 2. Is there anything particular I need to know to get ECC working? Kernel, use-flags, tools that is to be installed? 3. Is there a way to verify that ECC in fact is in use and operative? Cheers, Erik
  13. Perhaps linux-firmware ought to be a runtime dependency to those packages that needs it to work properly. I figure the radeon drivers in this case. // Erik
  14. A while ago, around the upgrade, I also had to replace the cpu water cooler and moved my graphics card to the other PCI slot. I now took down the computer and moved it back and things are back to normal. Don't have a clue why this works but hey, it works. I have a Asus Prime Z370-P motherboard and a fan-less Pallit GTX 1050 Ti graphics card. Anyhow, case closed :)
  15. Hi, After the upgrade to 1.2 I have trouble recovering from sleep. It seems related to the nvidia-drivers but I am not sure. I run KDE and use sleep during nights. It have worked pretty well for quite some time. I have a GeForce GTX 1050 Ti graphics-card and are using nvidia-drivers. I have tried recovering from sleep with and without xdm started and I never seems to be able to recover, the screen is blank and unresponsive. Even without X the terminal is blank. When X is started during sleep-wakeup the X process runs on 100% CPU but nothing happens. I can login via ssh but it fails to restart xdm. I have tried downgrade to nvidia-390.48 with no noticeable difference. At first I didn't rebuild the kernel during upgrade to 1.2 so it was troublesome both before and after kernel was rebuilt with gcc 7.
  • Create New...