IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 30 July 2014   (all times are UTC)

00:00
<bennabiy>
I gotta go, but please leave your thoughts in here tagged to me, and I will read them when I get in tomorrow
00:01
<vagrantc>
just tidy up the merge request witout the opt out feature, and i'll handle that part.
00:01
<bennabiy>
ok
00:01
<vagrantc>
i need a good excuse to fire up my ltsp test environment anyways :)
00:01
<bennabiy>
I can probably help you tomorrow
00:01
good nightQ!
00:02* vagrantc waves
00:03vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
00:47telex has left IRC (telex!~telex@freeshell.de, Remote host closed the connection)
00:48telex has joined IRC (telex!~telex@freeshell.de)
00:50matt___ has left IRC (matt___!411abcf6@gateway/web/freenode/ip.65.26.188.246)
00:57Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Ping timeout: 240 seconds)
00:59Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)
01:01sbalneav has left IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca, Ping timeout: 260 seconds)
01:56Andymeows has left IRC (Andymeows!~Andymeows@unaffiliated/andymeows, Ping timeout: 245 seconds)
02:16Ark74 has left IRC (Ark74!~Ark74@189.220.254.152.cable.dyn.cableonline.com.mx, Remote host closed the connection)
02:46Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Ping timeout: 255 seconds)
02:49Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)
02:59sbalneav has joined IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca)
02:59Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Read error: Connection timed out)
03:00Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)
03:18FrozenZia has left IRC (FrozenZia!pbrown@evo.paivola.fi, Ping timeout: 250 seconds)
04:03alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
04:14
<alkisg>
bennabiy: ldminfo.c:
04:14
int ldm_getenv_int(const char *name,int default_value) {
04:14
Put a default value to ldm_getenv_bool too:
04:14
int ldm_getenv_bool(const char *name, int default_value) {
04:15
Push that part first, in a separate commit
04:15
Then you can specify what the default is, when the variable is missing
04:17
Alternatively, implement a new function, called ldm_getenv_bool_default, so that you don't have to change the existing calls to ldm_getenv_bool in other source files
04:21
(ansi c doesn't support default arguments, does it?)
04:45Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Quit: Leaving.)
04:49Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)
05:00Ark74 has joined IRC (Ark74!~Ark74@187.252.185.23)
05:31alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 264 seconds)
06:36mealstrom1 has left IRC (mealstrom1!~Thunderbi@46.63.63.163, Ping timeout: 260 seconds)
06:49alexxtasi has joined IRC (alexxtasi!~alex@unaffiliated/alexxtasi)
07:02mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.71.254)
07:16alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
07:33alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Ping timeout: 264 seconds)
07:48adrianorg has left IRC (adrianorg!~adrianorg@179.187.24.30.dynamic.adsl.gvt.net.br, Ping timeout: 240 seconds)
07:50adrianorg has joined IRC (adrianorg!~adrianorg@177.204.148.251.dynamic.adsl.gvt.net.br)
08:01bennabiy has left IRC (bennabiy!~bennabiy@unaffiliated/bennabiy, Read error: Connection reset by peer)
08:02bennabiy has joined IRC (bennabiy!~bennabiy@unaffiliated/bennabiy)
08:27adrianorg has left IRC (adrianorg!~adrianorg@177.204.148.251.dynamic.adsl.gvt.net.br, Ping timeout: 250 seconds)
08:29alkisg has joined IRC (alkisg!~alkisg@ppp005054186106.access.hol.gr)
08:29alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
08:33adrianorg has joined IRC (adrianorg!~adrianorg@177.132.219.90)
08:39khildin has joined IRC (khildin!~khildin@ip-80-236-219-253.dsl.scarlet.be)
08:40alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
08:50FrozenZia has joined IRC (FrozenZia!pbrown@evo.paivola.fi)
09:30adrianorg has left IRC (adrianorg!~adrianorg@177.132.219.90, Read error: Connection reset by peer)
09:33adrianorg has joined IRC (adrianorg!~adrianorg@177.156.231.172)
09:43lee__ has joined IRC (lee__!~lee@loathe.ms)
09:44mmetzger_ has joined IRC (mmetzger_!~mmetzger@99-71-214-107.lightspeed.mdldtx.sbcglobal.net)
09:44Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, *.net *.split)
09:44sbalneav has left IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca, *.net *.split)
09:44mmetzger has left IRC (mmetzger!~mmetzger@99-71-214-107.lightspeed.mdldtx.sbcglobal.net, *.net *.split)
09:44lee has left IRC (lee!~lee@loathe.ms, *.net *.split)
09:44sbalneav has joined IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca)
09:45adrianorg has left IRC (adrianorg!~adrianorg@177.156.231.172, Read error: Connection reset by peer)
09:46Phantomas has joined IRC (Phantomas!~phantomas@ubuntu/member/phantomas)
09:48Ark74 has left IRC (Ark74!~Ark74@187.252.185.23, Quit: Saliendo)
09:49adrianorg has joined IRC (adrianorg!~adrianorg@179.179.76.193)
09:57adrianorg has left IRC (adrianorg!~adrianorg@179.179.76.193, Ping timeout: 245 seconds)
10:05adrianorg has joined IRC (adrianorg!~adrianorg@179.180.163.181)
10:11||cw has left IRC (||cw!~chris@phpgroupware/cw, Ping timeout: 260 seconds)
10:16Phantomas has left IRC (Phantomas!~phantomas@ubuntu/member/phantomas, Remote host closed the connection)
10:16adrianorg has left IRC (adrianorg!~adrianorg@179.180.163.181, Read error: Connection reset by peer)
10:20adrianorg has joined IRC (adrianorg!~adrianorg@177.156.58.126)
10:24||cw has joined IRC (||cw!~chris@gateway.wilsonmfg.com)
10:24||cw has joined IRC (||cw!~chris@phpgroupware/cw)
10:30andygraybeal has left IRC (andygraybeal!~andy@h16.226.22.98.dynamic.ip.windstream.net, Ping timeout: 250 seconds)
10:38adrianorg has left IRC (adrianorg!~adrianorg@177.156.58.126, Ping timeout: 255 seconds)
10:39adrianorg has joined IRC (adrianorg!~adrianorg@179.180.167.37)
10:43andygraybeal has joined IRC (andygraybeal!~andy@h255.228.22.98.dynamic.ip.windstream.net)
10:54khildin has left IRC (khildin!~khildin@ip-80-236-219-253.dsl.scarlet.be, Quit: I'm gone, bye bye)
10:54pppingme has left IRC (pppingme!~pppingme@unaffiliated/pppingme, Quit: Leaving)
11:04pppingme has joined IRC (pppingme!~pppingme@unaffiliated/pppingme)
11:27alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
11:36adrianorg has left IRC (adrianorg!~adrianorg@179.180.167.37, Ping timeout: 250 seconds)
11:38lee__ has left IRC (lee__!~lee@loathe.ms, Ping timeout: 255 seconds)
11:38adrianorg has joined IRC (adrianorg!~adrianorg@179.183.65.106)
12:15alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
12:17adrianorg has left IRC (adrianorg!~adrianorg@179.183.65.106, Ping timeout: 245 seconds)
12:19adrianorg has joined IRC (adrianorg!~adrianorg@177.132.219.72)
12:20lee has joined IRC (lee!~lee@loathe.ms)
12:24
<bennabiy>
alkisg: putting a new function in with a default seems the best to me. I will work on it in a couple hours
13:04adrianorg has left IRC (adrianorg!~adrianorg@177.132.219.72, Ping timeout: 260 seconds)
13:05adrianorg has joined IRC (adrianorg!~adrianorg@179.180.165.34)
13:36matt___ has joined IRC (matt___!32c3bb3e@gateway/web/freenode/ip.50.195.187.62)
13:39
<matt___>
what is be best way to optimize for fat clients, any way to make a smaller image?
13:49
<Hyperbyte>
matt___, I'm not sure if smaller image makes much of a difference.
13:49
You can look through lts.conf manpage
13:49
!lts.conf
13:49
<ltsp>
lts.conf: http://manpages.ubuntu.com/lts.conf
13:50
<Hyperbyte>
See if you can make display 16 bit, that kinda stuff... that helps generally. Else, better network switches also solve a lot of problems...
13:50alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
14:00Parker955 is now known as Parker955_Away
14:00adrianorg has left IRC (adrianorg!~adrianorg@179.180.165.34, Ping timeout: 264 seconds)
14:01adrianorg has joined IRC (adrianorg!~adrianorg@179.180.165.34)
14:05
<bennabiy>
alkisg: Ok, I am here now. Hello!
14:06
<alkisg>
Hi bennabiy
14:06
<bennabiy>
alkisg: So I think I will add a new function like you suggested, unless you have had more thoughts since then
14:07
launchpad should be fixed now, as far as doing builds to base testing off of.
14:07
<alkisg>
Nah, those were my last thoughts on the subject...
14:08
bennabiy: note that shadow.sed needs a complete sed line, not just the hash, ok?
14:08
I don't know if you update ssh.c to generate that...
14:08
<bennabiy>
alkisg: it contains a full sed line and a comment
14:09
<alkisg>
http://bazaar.launchpad.net/~bennabiy/ltsp/ldm-hashing/view/head:/src/plugins/ssh/ssh.c
14:09
I don't see that there...
14:09
fprintf(shad_fp, "# Generated by LTSP, to be used by X01-localapps-ldm\n$s:!:%s:", shadowentry);
14:09
Where shadowentry is:
14:09
shadowentry = crypt(sshinfo->password, salt);
14:09
<bennabiy>
that is
14:09
<alkisg>
Ah, and where is the username?
14:09
<bennabiy>
not needed
14:10
<alkisg>
minidlna:!:16091:0:99999:7:::
14:10
Won't that create a password for e.g. my minidlna user?
14:10
<bennabiy>
because this happens after the useradd
14:10
which puts the user at the last line in /etc/shadow
14:11
<alkisg>
Could you explain that to me more?
14:11
$s
14:11
<bennabiy>
because rc scripts put a fresh copy of shadow and passwd in place, the users get stripped out, unless someone has manually added a user
14:11
yes
14:11
<alkisg>
What is "$" doing there?
14:11
<bennabiy>
$ in sed stands for last line
14:11
same in vi etc
14:11
<alkisg>
Ah, as an address, ok
14:12
<bennabiy>
yes
14:12
<alkisg>
What if the user already existed in the chroot?
14:12
<bennabiy>
then the add user would fail, and the last line would not have a ! entry to replace
14:13
<alkisg>
So the password hash wouldn't be written...
14:14
<bennabiy>
not to /etc/shadow, and then would promptly be removed
14:14
<alkisg>
Just brainstorming here, but why not specify the username and check all of shadow, instead of only the last line?
14:14
<bennabiy>
because the user is added on a per use basis
14:15
if someone adds manually their own user, they would already have their password set
14:15
you would not want to overwrite someones password
14:15
they would not have ! in the 2nd field
14:15
or shouldn't
14:16
<alkisg>
OK, good enough for me. If someone has indeed created a user in the chroot, he could use the "old" password specified there instead of some "new" one specified for the same username on the server.
14:16
<bennabiy>
yes, since the password only applies to the local machine
14:17
/etc/shadow on local != /etc/shadow on remote
14:17
you could simply passwd the user to set a new password and it has no relation to the server
14:17
<gbaman>
alkisg: where does LOCAL_APPS_EXTRAMOUNTS mount the mount?
14:18
<alkisg>
bennabiy: some ltsp sysadmins mistakenly run: `sudo chroot /opt/ltsp/i386 useradd alkisg`
14:19
<bennabiy>
some also mistakenly run sudo rm -rf /
14:19
<alkisg>
They create a chroot user and specify a password there because they think that's what they need to do for fat clients
14:19
<bennabiy>
should I stop them? ;)
14:19
<alkisg>
Then, after a couple of weeks, suppose that they change their password on the server
14:19
At that point, they'll hit on the "bug" that this code will introduce:
14:19
<bennabiy>
Documentation is what most users look for, and then after a few weeks of not finding anything current, they default to doing what seems right
14:19
<alkisg>
that now the old password will be needed
14:20
But ok I don't mind about that scenario much, the implementation you propose is good enough for me
14:21
gbaman: in the same dir, e.g. /path/to/dir both on the server and locally
14:21
<gbaman>
ahh
14:21
<bennabiy>
why not make the script that is copying the /etc/passwd and /etc/shadow to check if username exists before blindly running the swap in swap out?
14:21
alkisg: most users who are not already established in their thinking about how to kludge it together are not even going to know it didn't work before
14:22
and they will just take it for granted that the password is the same, and already done for them, and especially if we right away document the feature
14:23
so that at least they will have up to date reference on the basics they need to do, and what they do NOT need to do to make it work
14:24
<alkisg>
bennabiy: in http://bazaar.launchpad.net/~bennabiy/ltsp/ldm-hashing/view/head:/src/plugins/ssh/ssh.c the indentation is broken by launchpad?
14:24
if (ldm_getenv_bool("LDM_PASSWORD_HASH"))
14:25
==> everything after that should be indented...
14:25
<bennabiy>
as is, with the static creation of shadow.sed and with a blind truncate and write operation, there is not a worry of an existing password remaining, to munge things up, so that works
14:25
alkisg: I ran indent command on it,
14:25
I will look again
14:25
I have it open now
14:25
I just need a clear list of what needs to be put in place.
14:26
So far, I have 1) add new boolean environment check which can take a default, 2) check indenting.
14:27
!bennabiy_todo
14:27
<ltsp>
bennabiy_todo: (#1) Finish patching LinuxMint code to detect NON mint chroot build requests on mint, and to build a mint chroot on non mint server., or (#2) Temp file for hash, or (#3) use mkstemp to generate a /tmp/ldm-XXXXXX or some such, and then set the path to the tempfile in a variable..., or (#4) to be opt-out or opt-in,, or (#5) <vagrantc> LDM_HASHPASS boolean?
14:27
<bennabiy>
!forget bennabiy_todo 3
14:27
<ltsp>
The operation succeeded.
14:28
<bennabiy>
!forget bennabiy_todo 2
14:28
<ltsp>
The operation succeeded.
14:29
<bennabiy>
!bennabiy-todo
14:29
<ltsp>
I do not know about 'bennabiy-todo', but I do know about these similar topics: 'bennabiy_todo'
14:29
<bennabiy>
!alkisg_todo
14:29
<ltsp>
alkisg_todo: (#1) LDM password hash, or (#2) Hooks for running scripts on these phases: INITRD/INIT/RC/DM/AUTH/LOGIN/SESSION/PERIODIC/LOGOUT/SHUTDOWN, or (#3) implement ltsp-config aoe, or (#4) teach launchpad to only use the debian dir when vagrantc makes his branch correspond with upstream source
14:30
<bennabiy>
alkisg ^
14:30
#4
14:30
<alkisg>
bennabiy: https://help.launchpad.net/Packaging/SourceBuilds/Recipes#nest-part
14:31
<bennabiy>
great! Thank you :)
14:42mealstrom has left IRC (mealstrom!~Thunderbi@46.63.71.254, Ping timeout: 255 seconds)
14:58
<alkisg>
bennabiy: why not use time() instead of directly accessing /dev/urandom?
14:59
<bennabiy>
because of your security concerns
14:59
<alkisg>
Mine?
14:59
<bennabiy>
since it is a hash of the password
14:59
<alkisg>
I thought I was the one supporting NOT using /dev/urandom... :)
14:59
<bennabiy>
time is predictable
14:59
<alkisg>
It's just salt
14:59
Not some cryptographic function
14:59
One of 4096 combinations...
15:00
If one can go to such length as to forge time(), he can very easily forge /dev/urandom for you...
15:01* alkisg prefers the simpler way to solve things, unless there's a good and documented reason to choose otherwise...
15:01* bennabiy sighs
15:02
<bennabiy>
even the authors of the crypt() function do not recommend using time for salt generation
15:03
<alkisg>
If that's documented, sure, by all means, use it
15:03
But some quick googling suggests time()...
15:03
But if you do use it, I think it'd be best to put some relevant link in the sources
15:04championofcyrod1 has joined IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
15:04alexxtasi has left IRC (alexxtasi!~alex@unaffiliated/alexxtasi)
15:07
<alkisg>
bennabiy: example code: http://www.gnu.org/software/libc/manual/html_node/crypt.html
15:08
<bennabiy>
yes, and do note that it says in most applications it is not acceptable to let the attacker know what time the password was set
15:09
<alkisg>
You can use time() to seed the random number generator, not directly for salt
15:09
<bennabiy>
yes
15:10
If you want to take the extra step to add it, go ahead
15:11
I do not trust rand() or g_rand()
15:11
as they also say not to use them for password generation
15:11
<championofcyrod1>
^y?
15:11
<alkisg>
Where do they say that?
15:11
That's what I'm asking
15:11
<bennabiy>
one moment
15:12
<alkisg>
For you to put the link that made you distrust rand() for salt generation, to the ssh.c sources
15:12
So that the rest developers know why you choose /dev/urandom over rand()
15:12
<championofcyrod1>
haveged will genereate higher entropy levels if thats the issue.
15:13
http://www.issihosts.com/haveged/
15:14
<bennabiy>
https://developer.gnome.org/glib/stable/glib-Random-Numbers.html
15:14
<championofcyrod1>
yesterday i started building a chroot with ltsp inside a docker container. Had a complaint about /proc mounting. So I ran the container privileged and it seemed to continue. Left work before it finished
15:14
<alkisg>
championofcyrod1: I did the suggestion in order to simplify the code, not to depend on yet another library :)
15:15
<championofcyrod1>
awww... but dependency is what makes computers and the webs so great ;p
15:15
<bennabiy>
Do not use this API for cryptographic purposes such as key generation, nonces, salts or one-time pads.
15:17
<alkisg>
bennabiy: we're using glib and not stdlib, right? OK, good enough for me, mention that URL somewhere in ssh.c
15:17
<bennabiy>
yes.
15:17
Will do
15:18
<alkisg>
Personally I think it's easier to bind-mount /dev/urandom than to forge time(), but if someone already has root locally, he wouldn't need to go there... :)
15:18
OK end of my comments :)
15:18
<bennabiy>
exactly
15:19
on the local machine, it is not like root is very guarded
15:19
<alkisg>
(i.e. I think that using /dev/urandom doesn't give any additional security at all...)
15:19
<bennabiy>
neither does not having the hash floating around in environment
15:20
<alkisg>
If root is unguarded, then one can get all the user data, including passwords etc
15:20
<bennabiy>
exactly
15:20
<alkisg>
We rely on root being properly guarded
15:22
<championofcyrod1>
I had to use haveged once on a new VM instance. Entropy levels were too low for a Kerberos KDC to generate it's database of keys, so it just kept failing on kdb5 util trying to create the db. Which makes me wonder, why does it never fail to generate a unique password hash salt when entropy is low?
15:22
<bennabiy>
because it uses /dev/urandom
15:23
which constantly reseeds the pool
15:23
http://www.2uo.de/myths-about-urandom/
15:25
<championofcyrod1>
oic... one is blocking.
15:26
<bennabiy>
yes
15:29
<championofcyrod1>
I don't agree with fact 'entropy running low is a straw man.' Especially since it can cause some processes to fail if they are not using /dev/urandom. and the bit about 256-bit numbers being secure for a 'long, long time' goes against a lot of my understanding about big data growth and mass computation of complex problems.
15:29
but still an interesting article to read.
15:30
<bennabiy>
true 256 bit numbers are secure, but there are sideline attacks and such which shorten the security
15:31
but those exist irregardless of how many bits it is
15:31
<championofcyrod1>
so it's not the encryption algorithms that are weak, its the implementation of them by some?
15:31
<bennabiy>
yes
15:32
<championofcyrod1>
agreed
15:32
<bennabiy>
for example, you can crack 4096 RSA with a microphone from 10 ft away
15:32
or a smartphone 1 ft away
15:38
<championofcyrod1>
How would I confirm this LTSP image built correctly? i walked away from the terminal while it was building and am now at a remote site.
15:38
the folder is there and looks fine. /opt/ltsp/<arch>
15:44
i hope nbd uses a range of ports I can forward to the server
15:49
<bennabiy>
I thought typicallys 2000 2001 somewhere in there
15:50mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.63.163)
15:51
<alkisg>
NBD is using 10809 nowadays
15:51
IANA-assigned
15:53
<championofcyrod1>
yup, 10809 verified
15:53
and they look ephemeral on the client side... thats good
15:54
so i can specify any client source port to 10809 and 69
15:55
oh yea... sshfs... i guess thats going to be 22?
16:01
<alkisg>
22, 67, 69, 10809, 9571...
16:02
And possibly DNS (53), proxyDHCP (4011)...
16:02
Maybe ntp too...
16:02
It depends on your setup
16:03
<championofcyrod1>
wait... the ltsp client doesnt use the same DNS as the ltsp host?
16:04
<alkisg>
Localapps and fat clients use separate dns servers, they need to be configured in dhcp or lts.conf, and it may be your ltsp server if you choose so
16:04
<championofcyrod1>
sorry, I have a default gateway from a LAN to another vlan. the ltsp container is running on the other vlan, however there is proper DNS, NTP on the vlan.
16:04
gotcha
16:05
the dns is already configured to supply that information...
16:05
shcp*
16:05
s/shcp/dhcp
16:05
i cant type today
16:06
<bennabiy>
alkisg: compiling latest changes to test before I push
16:06
<alkisg>
championofcyrod1: I mean, if you have a DNS *server* installed in your LTSP server and you're using that one, then you need to open that port too
16:06
Or, if you have a proxyDHCP server installed...
16:06
!proxydhcp
16:06
<ltsp>
proxydhcp: A proxy DHCP server is defined by the PXE specification as a server which sends auxiliary boot information to clients, like the boot filename, tftp server or rootpath, but leaves the task of IP leasing to the normal DHCP server. More info: https://help.ubuntu.com/community/UbuntuLTSP/ProxyDHCP
16:07
<alkisg>
It's very common in ltsp installations to have those services running in the ltsp server
16:07
But not in the default installation
16:07
Run a netstat on your server and check the ports
16:07
<bennabiy>
but I added to ldminfo.[c,h] the new function to test for existing environmental var and if not existing, return default_value as int
16:08
and adjusted the indentation
16:08mealstrom has left IRC (mealstrom!~Thunderbi@46.63.63.163, Ping timeout: 256 seconds)
16:08
<alkisg>
Cool
16:09
<championofcyrod1>
right... I dont have DNS running on the LTSP server... I already have DHCP, DNS, NTP, VPN, HTTP Proxy and all kinds of other network infrastructure services running. I just want to use 'ltsp-server' for the chroot, nbd, sshfs, tftpd services. My dhcpd is specifying the ltsp-server as next for tftpd
16:10
so i installed 'ltsp-server' package only. not ltsp-server-standalone
16:12
<bennabiy>
alkisg: any idea why dpkg-buildpackage would fail to put the X01-localapps-ldm file in place, when it is in the source?
16:12
packaging?
16:12
It was working before
16:17
looks like packaging needs to be patched as well
16:17
seems the rc.d directory is not properly getting packaged
16:19
<alkisg>
bennabiy: what is X01-localapps-ldm?
16:19
<championofcyrod1>
hmmm... SSH is going to be an issue. Since mapping 22 inside the container to 22 on the host would conflict with the host's SSH port.
16:19
<bennabiy>
alkisg: script which performs the sed function, as well as removal of shadow.sed once done
16:20
<alkisg>
bennabiy: why isn't that in the LTSP sources instead?
16:20
I.e. in X01-localapps?
16:20
<bennabiy>
because it is two different trunks
16:20
but hey, however you want to do it
16:21mmetzger_ is now known as mmetzger
16:21
<alkisg>
I think that code belongs in X01-localapps, yup...
16:21
I.e. not a new script, but a patch to the existing script
16:21
<bennabiy>
great. Want to put it there?
16:21
Or do I actually need to branch it and patch it?
16:21
<alkisg>
Yup :)
16:21
<championofcyrod1>
is it possible to change the default SSH port used by LTSP clients?
16:22
<bennabiy>
and then submit the merge request?
16:22
<alkisg>
Yup
16:22
championofcyrod1: try an RCFILE_01 command that changes /etc/ssh/*
16:22
RCFILE_01='sed s/// -i /etc/ssh/config file...'
16:22* alkisg waves
16:22alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Quit: Leaving.)
16:23
<championofcyrod1>
alrighty then.
16:23
<bennabiy>
I think this room produces culture conflicts.
16:23
<championofcyrod1>
lol
16:23* bennabiy thinks alkisg is too greek for his own good ;)
16:27championofcyrod1 has left IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
17:48vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
17:52Simon__ has joined IRC (Simon__!a8126814@gateway/web/freenode/ip.168.18.104.20)
17:53
<Simon__>
Hi All, I'm running 2 NIC setup on Lubuntu 14.04
17:53
The 1st NIC gets DHCP assignment in the external network
17:53
The 2nd NIC is static
17:53
I installed LTSP from ltsp-server package
17:54
<bennabiy>
vagrantc: can you push this merge request as part of ldm merge? https://code.launchpad.net/~bennabiy/ltsp/ltsp-ldm-localapps/+merge/228913
17:54
<Simon__>
TFTP is targeted to IP of the LTSP server which is bound to eth1
17:55
Thin client boots and shows login window, but I cannot authenticate the user
17:56
From thinclient console (Ctrl+Alt+F1) I can SSH to LTSP server
17:56
with user credentials which didn't work in GUI
17:57
On LTSP server's auth.log it looks like disconnect request comes from thin client
17:57
<bennabiy>
Hi, btw!
18:15Faith has joined IRC (Faith!~paty@unaffiliated/faith)
18:15telex has left IRC (telex!~telex@freeshell.de, Remote host closed the connection)
18:16
<vagrantc>
bennabiy: can't really merge multiple projects at once
18:16
bennabiy: but it looks safe enough
18:16telex has joined IRC (telex!~telex@freeshell.de)
18:16
<bennabiy>
vagrantc That is what alkisg wanted
18:16
he did not want it included with the ldm patch
18:17
<vagrantc>
bennabiy: yes, and that's the correct thing, but the only issue is merging them at the same time
18:17
bennabiy: so one last minor issue
18:17
<bennabiy>
even though one is ldm and one is ltsp?
18:17
<vagrantc>
bennabiy: can't merge them as part of a single merge, but can make sure they're merged at nearly the same time.
18:18
<bennabiy>
yes. that works.
18:18championofcyrod1 has joined IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
18:18
<bennabiy>
I was trying to avoid having to do this, but I guess if it is what is needed, then thats that
18:18
<championofcyrod1>
holy smokes it worked.... sort of.
18:19
<bennabiy>
I am in the process of building a new fat client to test it one more time (just manually doing the ltsp portion of code)
18:19
<championofcyrod1>
I'm looking at a Intel NUC LTSP fat client login screen, with the ltsp-server running inside a docker lxc container.
18:19
<vagrantc>
bennabiy: so, we've been talking about moving stuff to /var/run instead of /var/cache ...
18:19
<championofcyrod1>
69/udp & 10809/tcp
18:19
<vagrantc>
(and technically, /run ...)
18:20
<bennabiy>
simple change, tell me where you want it for the merge?
18:20
/var/run/ltsp/shadow.sed?
18:21
<vagrantc>
bennabiy: let me look over the codebase ... i'd hate to implement a new feature with the "old" way ... although i'm not yet sure we've audited the "new" way yet
18:21
<bennabiy>
This is just temporary, anyway, until ltsp 6 right?
18:21
<vagrantc>
bennabiy: i'll hopefully have some time later today to really look at it.
18:21
bennabiy: yes.
18:22
<bennabiy>
ok, I will keep testing it on my end to make sure
18:22
<vagrantc>
but temporary has dragged on for years thus far, not sure how many more
18:22
<bennabiy>
I noticed the milestones have not been updated either
18:22
<vagrantc>
like, if perl6 is any indication, we might be ready by 2030
18:22* bennabiy thinks ltsp needs some love...
18:22* vagrantc agrees empatically
18:22
<vagrantc>
er, emphatically
18:22
<bennabiy>
heh
18:23
<championofcyrod1>
so that works... now figure out how to re-route port 22 from the fat client to the container so that it doesnt conflict with the container's host port 22. alkisg told me to  try an RCFILE_01 command that changes /etc/ssh/*
18:23
but I'm not sure i understand what that means
18:23* vagrantc agrees empathically
18:24
<bennabiy>
vagrantc: can I delete old branches once they have been merged into LTSP?
18:24
like my old ltsp-LM and ltsp-LinuxMint branches?
18:25
!ltsp-pnp
18:25
<ltsp>
ltsp-pnp: ltsp-pnp is an alternative (upstream) method to maintain LTSP installations for thin and fat clients that doesn't involve chroots: https://help.ubuntu.com/community/UbuntuLTSP/ltsp-pnp
18:31
<championofcyrod1>
I think i'm supposed to use an RC01_FILE to change a setting inside the chroot's /etc/ssh/* so that a default client connection uses a destination port of something other than 22, which i can map to my container's port 22...
18:33
<vagrantc>
bennabiy: don't see any reason why not.
18:33
<bennabiy>
ok, great
18:33
<vagrantc>
championofcyrod1: i think there's an lts.conf setting for that
18:33
<bennabiy>
It still showed them having merge requests so I did not want to touch them
18:33
I want to clean up some clutter though
18:34
<vagrantc>
championofcyrod1: SSH_OVERRIDE_PORT
18:37
<championofcyrod1>
vagrantc: I assume this is for the lts.conf located inside the chroot at /opt/ltsp/<arch>/etc/lts.conf ?
18:38
or put one in /var/lib/tftpboot/ltsp/<arch>/. ? currently there is no lts.conf in that path.
18:38
<vagrantc>
championofcyrod1: depends on your install.
18:38
ltsp-config lts.conf
18:38
should generate one at /var/lib/tftpboot ...
18:38
and then edit that.
18:38
<championofcyrod1>
gotcha. thanks
18:39
<vagrantc>
championofcyrod1: basically, if you're using NFS, you can edit /opt/ltsp/.../lts.conf directly, but if you're using NBD, you'll need to edit the one in tftpboot ... and tftpboot works either way.
18:39
unless this is something other than Debian or Ubuntu ... not sure how all the other distros are implemented.
18:40Simon__ has left IRC (Simon__!a8126814@gateway/web/freenode/ip.168.18.104.20, Quit: Page closed)
18:50
<championofcyrod1>
hmm.. i'm not sure how to troubleshoot from here. I'm using NBD and i've update the configuration with the SSH override flag=2222, i've verified my container has 2222/tcp->22/tcp mapping and openssh is running on the ltsp container listening to the default port 22. however all i get on the ltsp fat client is 'login failed'
18:51
of course my users can authenticate using ldap or whatever, but i'm still unsure of how/where the home folder is going to be created/maintained.
18:52
let me see if i can just ssh into the container normally from terminal...
18:52
hmmm interesting...
18:53
i get prompted for the password, it authenticates, but drops me back out to the terminal... something is weird with the ssh config inside the container...
18:53
<vagrantc>
championofcyrod1: by "SSH override flag=2222" do you mean you've set "SSH_OVERRIDE_PORT=2222" in lts.conf ?
18:53
<championofcyrod1>
yea
18:53
<vagrantc>
openssh-server might be fussy about port redirection
18:54
<championofcyrod1>
i can see the login banner, but i'm getting dropped out of the ltsp-server container as soon it logs in
18:54
rightly so...
18:54
possibly because i'm redirecting the port?
18:54
<vagrantc>
does it have access to the right device nodes in /dev ?
18:54
<championofcyrod1>
maybe i should have the ssh server listen on 2222 ?
18:54
<vagrantc>
i know various containers restrict which devices nodes you can access, and leave you without a tty.
18:55
<championofcyrod1>
probably not. i needed to start the container privileged to have access to /proc when i was building the client
18:55
but i've ssh'd into containers before using openssh.
18:56
it may just be the way i created the user... docker convention is to run a single process as root, per container... so this is very unorthodox.
18:57
but seeting the tftpd+nbd work inside a container and get me to the login screen (and fast!) is exciting.
18:58
<vagrantc>
just curious why you're using a container?
19:00
<championofcyrod1>
building an infrastructure in which all of our software is going to run inside containers...
19:00
which we will manage w/ openstacks heat+icehouse
19:00
<vagrantc>
nice
19:01
<championofcyrod1>
VMs have too much latency for our kafka+zookeeper stuff... and we don't want to buy a bunch of different hardware to support different software stacks.
19:02
so we're getting 1U supermicros and trying to scale with them for everything
19:03
apparently openstacks is working on some docker integration as well. So I'll be able to hot deploy LTSP servers for High availability
19:03
right now my biggest fear is that when ltsp goes down, so does everyone's workstation.
19:07mealstrom has joined IRC (mealstrom!~Thunderbi@46.63.63.163)
19:14
<championofcyrod1>
what is interesting, is that this is the ssh package&config that came as a dependency of the package 'ltsp-server'
19:14
running ssh and trying to log in to the container as root shows: http://pastebin.com/JvFCDRCm
19:14
(verbose enabled)
19:15
ah... looks like a problem spawning the shell
19:15
from the setting in /etc/passwd
19:16
maybe..
19:18
no, thats not it...
19:18adrianorg has left IRC (adrianorg!~adrianorg@179.180.165.34, Read error: Connection reset by peer)
19:20
<bennabiy>
vagrantc: back in a bit. Please let me know what needs to change in the code (if anything)
19:21
<vagrantc>
bennabiy: i won't get a chance to look at it till this evening
19:23Mikhail has joined IRC (Mikhail!ad24c40a@gateway/web/freenode/ip.173.36.196.10)
19:23
<Mikhail>
Hello, I'd like some help with FAT clients
19:24
I've set up the system and its working "fine", one issue: clients cant seem to find a program that I installed from server
19:28adrianorg has joined IRC (adrianorg!~adrianorg@179.187.30.176.dynamic.adsl.gvt.net.br)
19:28
<championofcyrodi>
Mikhail: did you install in the chroot?
19:28
$ sudo chroot /opt/ltsp/amd64/
19:28
$ apt-get install ...
19:29
afterwards you have to rebuild the image
19:29
i think its just ltsp-update-image
19:29
yea thats it
19:29
once you do that, restart the thick client and the software will be installed
19:31
<Mikhail>
ok, sounds good! let me try that. From the client I can find it in the /usr/sbin
19:34
<bennabiy>
Mikhail: might be better to use ltsp-chroot -m
19:34
sudo ltsp-chroot -m
19:34
sets up your mounts etc,
19:35
<Mikhail>
sorry, i dont know what mounts are...
19:38Grembler has joined IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net)
19:41
<bennabiy>
vagrantc: good enough
19:41
gives me a chance to do more testing on a generated fat client environment
19:42
vagrantc: any idea why a bind mount would cause ltsp-update-image -c / to fail?
19:42
<vagrantc>
bennabiy: i think you filed a bug report about that, didn't you?
19:42
<bennabiy>
yes
19:42
it is just getting annoying :)
19:42
<vagrantc>
bennabiy: remove the dir from ltsp-update-image.excludes ?
19:43
<bennabiy>
in /etc/ltsp/?
19:44
<vagrantc>
whereve the file exists that affects your server.
19:49championofcyrodi has left IRC (championofcyrodi!~championo@50-205-35-98-static.hfc.comcastbusiness.net, Quit: Leaving.)
19:57Andymeows has joined IRC (Andymeows!~Andymeows@unaffiliated/andymeows)
20:25vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)
20:38championofcyrod1 has left IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
20:42
<Mikhail>
bennabiy, I tried sudo ltps-chroot -m , apt-get install ____ , ltsp-update-image
20:43
<bennabiy>
and ?
20:43
<Mikhail>
that still didnt really work. fat clients dont see that installed program
20:43
<bennabiy>
Do you have only one arch, like amd64 or i386?
20:43
or multiple images?
20:44
<Mikhail>
amd64
20:44
just one
20:44
<bennabiy>
did you get any errors when you installed the program in the chroot?
20:44
and did you do exit after doing the apt-get install command?
20:45sbalneav has left IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca, Ping timeout: 240 seconds)
20:45
<bennabiy>
so that ltsp-update-image was run from outside the chroot?
20:45
<Mikhail>
I believe there was a message about something failing to create log
20:45championofcyrod1 has joined IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
20:45
<Mikhail>
yes, i think thats what i did.
20:45
<outside of chroot
20:46
<bennabiy>
and did you reboot your fat client?
20:46
<Mikhail>
yes
20:46
and the server as well just in case
20:46
<championofcyrod1>
so the docker container for ubuntu:14.04 from docker hub has some custom configurations that cause apt to connect to amsterdam, and also has custom docker configuration, thus is not a true debootstrap of a base ubuntu install... so i'm debootstrapping 14.04 server edition and going w/ that.
20:46
i suspect that is the cause of my ssh woes
20:46
pam config
20:46
<bennabiy>
ah
20:47
<championofcyrod1>
ugh.. so close/frustrating getting to the login screen and having ssh not connect.
20:48sbalneav has joined IRC (sbalneav!~sbalneav@mail.legalaid.mb.ca)
21:02Grembler has left IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net, Ping timeout: 245 seconds)
21:04Faith has left IRC (Faith!~paty@unaffiliated/faith, Quit: Saindo)
21:05Grembler has joined IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net)
21:09
<bennabiy>
vagrantc: just verified on a fresh fat client install that if I manually put the edited ltsp rc.d script in (the merge request) and then use my ppa compiled from the ldm merge request, the result is a working password.
21:09
I have to go, but thought I would let you know
21:10Andymeows has left IRC (Andymeows!~Andymeows@unaffiliated/andymeows, Ping timeout: 245 seconds)
21:10championofcyrod1 has left IRC (championofcyrod1!~championo@50-205-35-98-static.hfc.comcastbusiness.net)
21:37matt________ has joined IRC (matt________!411abcf6@gateway/web/freenode/ip.65.26.188.246)
21:37matt________ has left IRC (matt________!411abcf6@gateway/web/freenode/ip.65.26.188.246)
21:38cryptrat has joined IRC (cryptrat!411abcf6@gateway/web/freenode/ip.65.26.188.246)
21:44Andymeows has joined IRC (Andymeows!~Andymeows@unaffiliated/andymeows)
21:49Grembler has left IRC (Grembler!~Ben@cpc29-aztw22-2-0-cust128.18-1.cable.virginm.net, Remote host closed the connection)
21:58mealstrom has left IRC (mealstrom!~Thunderbi@46.63.63.163, Ping timeout: 240 seconds)
22:15
<cryptrat>
any tips on getting local apps working?
22:25
<lns>
cryptrat, read the docs? :)
22:26
<cryptrat>
yeah i've read and tried several
22:30gbaman has left IRC (gbaman!~gbaman@host81-130-17-173.in-addr.btopenworld.com, )
22:31DraZoro has joined IRC (DraZoro!~drazoro@41.50.7.99)
22:33vagrantc has joined IRC (vagrantc!~vagrant@freegeek/vagrantc)
22:34
<DraZoro>
Greetings, I had a power failure during ltsp-build-cleint on ubuntu-14.04. During the failure it was busy with the upgrades I ran "sudo ltsp-chroot -c -p" then followed by "sudo apt-get upgrade".
22:34
Due to limited bandwidth I will like to continue with the build without removing /opt/ltsp/i386 folder.
22:35
<lns>
cryptrat, why not let us know what specific problems you are having with localapps?
22:36
<vagrantc>
DraZoro: if the power failed in the middle of the build, i would recommend rebuilding from scratch
22:36
<DraZoro>
cryptrat: The I looking for a way to continue with the build. I think ltsp-build-client suppose to create pxe file and the image file.
22:37
<vagrantc>
DraZoro: but you can keep the .deb files using a few options
22:37
<DraZoro>
Ok then I can save the deb files from /var/cache
22:38
I tried to build the image manually but now I realise it will not function proper.
22:39
<vagrantc>
ltsp-build-client --mount-package-cache
22:39
DraZoro: and copy the /opt/ltsp/*/var/cache/apt/archives/*.deb /var/cache/apt/archives/
22:39
<DraZoro>
vagrantc: Let me try to build it with the .deb packages. How do I redurect ltsp-build-client to look for .deb files on the system
22:39
Ok thanks
22:40
It will look there by default or must I specify when I build ?
22:40
<vagrantc>
that's what the --mount-package-cache option does
22:41
you'll also want to remove /opt/ltsp/i386
22:41
<DraZoro>
Thanks a lot guys let give it try altleast it will not have to download the packages from start
22:41gbaman has joined IRC (gbaman!~gbaman@host81-130-17-173.in-addr.btopenworld.com)
22:41
<vagrantc>
after you've copied the .deb files out of it
22:41
<DraZoro>
Indeed
22:41
<vagrantc>
good luck!
22:41
<DraZoro>
I will give back the feedback. Thanks you
22:41
<cryptrat>
can you make any application a local app ?
22:45
<DraZoro>
cryptrat: I don't know how to do that.
22:46
I just checked du -csh /opt/ltsp/*/var/cache/apt/archives and it is around 610 Mb :) I was scared it was cleared.
22:47
cryptrat: The local app must it run on the host machine or within ltsp-chroot ?
22:51
<cryptrat>
well for starters i'm just trying to get firefox or chromium to run on the client
22:51
<vagrantc>
local apps are installed with ltsp-chroot, but run on the running thin client
22:51
<cryptrat>
and then maybe expand from there if i need more apps
22:51
ok i added it with the ltsp-chroot and the updated the image
22:51
and reloaded the client
22:52
<vagrantc>
cryptrat: the tricky part will be if they want to use external apps from the localapp ... at which point, you need all the external apps as localapps, too.
22:52
<cryptrat>
how can i tell if its running locally
22:53
<DraZoro>
This is interesting
22:53
<vagrantc>
a kind of ugly way to check is if browsing to /proc/cpuinfo shows info about the client or server hardware :)
22:58* DraZoro is busy building fat-client
23:15
<lns>
cryptrat, did you edit your lts.conf file with all the necessary things to make localapps work, and specifically for the app you just installed in the chroot?
23:37
<vagrantc>
!lts.conf
23:37
<ltsp>
lts.conf: http://manpages.ubuntu.com/lts.conf
23:38
<vagrantc>
!learn lts.conf lts.conf manpage is available in the ltsp-docs package
23:38
<ltsp>
(learn [<channel>] <key> as <value>) -- Associates <key> with <value>. <channel> is only necessary if the message isn't sent on the channel itself. The word 'as' is necessary to separate the key from the value. It can be changed to another word via the learnSeparator registry value.
23:38
<vagrantc>
!learn lts.conf as lts.conf manpage is available in the ltsp-docs package
23:38
<ltsp>
The operation succeeded.
23:38
<vagrantc>
!lts.conf
23:38
<ltsp>
lts.conf: (#1) http://manpages.ubuntu.com/lts.conf, or (#2) lts.conf manpage is available in the ltsp-docs package
23:43vagrantc has left IRC (vagrantc!~vagrant@freegeek/vagrantc, Quit: leaving)