IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 15 May 2019   (all times are UTC)

00:19vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
01:02josefig has left IRC (josefig!~josefig@unaffiliated/josefig, Quit: Ping timeout (120 seconds))
01:02josefig has joined IRC (josefig!~josefig@unaffiliated/josefig)
03:42book` has left IRC (book`!~book`@68.ip-149-56-14.net, Quit: Leaving)
03:42ogra has left IRC (ogra!~ogra_@ubuntu/member/ogra, Remote host closed the connection)
03:42ogra_ has joined IRC (ogra_!~ogra_@p5098ed03.dip0.t-ipconnect.de)
03:44book` has joined IRC (book`!~book`@68.ip-149-56-14.net)
03:45GodFather has left IRC (GodFather!~rcc@143.59.184.72, Ping timeout: 255 seconds)
03:45GodFather_ has left IRC (GodFather_!~rcc@143.59.184.72, Ping timeout: 258 seconds)
03:49GodFather_ has joined IRC (GodFather_!~rcc@143.59.184.72)
03:50GodFather has joined IRC (GodFather!~rcc@143.59.184.72)
04:20quinox has left IRC (quinox!~quinox@ghost.qtea.nl, Quit: WeeChat 2.4)
04:22quinox has joined IRC (quinox!~quinox@ghost.qtea.nl)
04:58book` has left IRC (book`!~book`@68.ip-149-56-14.net, Quit: Leaving)
05:01book` has joined IRC (book`!~book`@68.ip-149-56-14.net)
05:19gdi2k has joined IRC (gdi2k!~gdi2k@180.190.193.224)
05:40kjackal has joined IRC (kjackal!~quassel@2a02:587:311c:9d00:70ee:5f34:4c95:b67b)
05:41gdi2k has left IRC (gdi2k!~gdi2k@180.190.193.224, Ping timeout: 245 seconds)
05:55gdi2k has joined IRC (gdi2k!~gdi2k@180.190.169.77)
06:01vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
06:24SYS64738 has joined IRC (SYS64738!~jhonny5@159.213.93.166)
07:03SYS64738 has left IRC (SYS64738!~jhonny5@159.213.93.166, Ping timeout: 255 seconds)
07:11vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
07:22gdi2k has left IRC (gdi2k!~gdi2k@180.190.169.77, Ping timeout: 258 seconds)
07:35gdi2k has joined IRC (gdi2k!~gdi2k@180.190.196.215)
07:36ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
07:41gdi2k has left IRC (gdi2k!~gdi2k@180.190.196.215, Ping timeout: 244 seconds)
07:51statler has joined IRC (statler!~Georg@gwrz.lohn24.de)
08:23SYS64738 has joined IRC (SYS64738!~jhonny5@159.213.93.166)
11:17jeblesh has joined IRC (jeblesh!5dac146f@gateway/web/freenode/ip.93.172.20.111)
11:18
<jeblesh>
need help setting up LTSP server with encrypted instolation of ubuntu desktop 18.0.4
11:19
clients show "worning: failed to connect to lvmetad"
11:20
<alkisg>
jeblesh: why would it be encrypted,when you'll publish it unencrypted over the network over nbd?
11:20
Or are you expecting to type a password when each client boots?
11:20
<jeblesh>
tipe pasword etch time ...
11:21
<alkisg>
Are you using chrootless ltsp, or with chroot?
11:22
<jeblesh>
any documeantation on how to properly configure that ?
11:22
chrootless
11:22
<alkisg>
So when your server boots, you type a password to continue?
11:22
<jeblesh>
yes
11:22
<alkisg>
What's the output of this, on the server? cat /proc/cmdline
11:22
And this: sudo lsblk --fs
11:22
Put them to pastebin
11:23
Btw no, there's no documentation for uncommon use cases
11:23
<jeblesh>
BOOT_IMAGE=/vmlinuz-4.18.0-20-generic root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=1
11:24
<alkisg>
in pxelinux.cfg/default, you might need to change root to nbdroot, so that you can put root=/dev/mapper etc
11:24
I haven't tried it
11:24
<jeblesh>
https://pastebin.com/z5nB8a1m
11:31
im abit of a linux newbi from what i understand i need to hav a difrent image then the server on the clients and edit it so it will access the lvm difrntly ?
11:32
sso i shold start reinstalling ltsp with chroot and go from their ?
11:34
<alkisg>
No, chroot will be much harder
11:35
I'll be back in a few hours though, later...
11:41
jeblesh: the cmdline on the clients is different, because we need a "network root"
11:41
You want a "network root AND lvm root", so you need like 2 root= commands
11:42
You can't pass 2 root commands, so you should use something like this:
11:42
<jeblesh>
aoky
11:42
<alkisg>
nbdroot=server-ip:/opt/ltsp/amd64 nbddev=/dev/nbd0 root=/dev/mapper/ubuntu--vg-root
11:42
But you won't easily find the exact cmdline there; it's pretty close to what I wrote above, but I haven't tested it so I'm not sure if it's exactly this one
11:43
I.e. don't search for documentation too much; you'd need to look at the code a bit, in /usr/share/initramfs-tools
11:43
Why do you need it to be encrypted? Usually the nbd image is public with no sensitive data
11:44
<jeblesh>
that file is empty ....
11:44
its reqaermant's of the helth services hear ...
11:45
dono whay honestly seem exxessive
11:46
that file dont exist on the server /usr/share/initramfs-tools
11:47
do i miss sumthing ?
11:47
<alkisg>
It's a directory, full of scripts, that handle nbd, lvm etc
11:47
It's the code that handles booting
11:47
<jeblesh>
oh lol's
11:47
oky thenx
11:47
<alkisg>
Are you typing from a phone?
11:47
<jeblesh>
nop im dislectic sorry about the miss spells
11:48
<alkisg>
no worries
11:48
<jeblesh>
so it starts with init ...
12:04Faith has joined IRC (Faith!~Paty_@2001:12d0:2080::231:49)
12:04Faith has joined IRC (Faith!~Paty_@unaffiliated/faith)
12:04SYS64738 has left IRC (SYS64738!~jhonny5@159.213.93.166, Ping timeout: 245 seconds)
12:11
<mwalters>
hi jeblesh: I can only speak for US law, but I deal with a LOT of health info in what we do here. Only the personally identifiable health information is considered for encryption
12:12
e.g., health information which could be reasonably connected to a single person
12:12
we have our health information encrypted, but we don't do any encryption on our LTSP setups
12:13
even if our users stored health information, it would really only need to be their home folders that get encrypted
12:13
but yeah, not sure where you're at, or your specific use case even... but this is how I'm using LTSP when considering protected health information
12:37SYS64738 has joined IRC (SYS64738!~jhonny5@159.213.93.166)
13:03nikoh77 has joined IRC (nikoh77!~nikoh77@host190-131-dynamic.59-82-r.retail.telecomitalia.it)
13:05nikoh77 has left IRC (nikoh77!~nikoh77@host190-131-dynamic.59-82-r.retail.telecomitalia.it, Read error: Connection reset by peer)
13:48woernie has joined IRC (woernie!~werner@p5B09D775.dip0.t-ipconnect.de)
15:05nikoh77 has joined IRC (nikoh77!~nikoh77@host190-131-dynamic.59-82-r.retail.telecomitalia.it)
15:31vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc)
15:55woernie has left IRC (woernie!~werner@p5B09D775.dip0.t-ipconnect.de, Remote host closed the connection)
16:10SYS64738 has left IRC (SYS64738!~jhonny5@159.213.93.166, Ping timeout: 245 seconds)
16:21
<alkisg>
Well, if one creates e.g. a VM in virtualbox with a fully encrypted disk, and has to type the password to unencrypt/boot it,
16:21
...the same can be done after exporting that whole disk over the network; it's still encrypted
16:22GodFather_ has left IRC (GodFather_!~rcc@143.59.184.72, Ping timeout: 244 seconds)
16:23GodFather_ has joined IRC (GodFather_!~rcc@143.59.184.72)
16:28GodFather_ has left IRC (GodFather_!~rcc@143.59.184.72, Ping timeout: 252 seconds)
16:30GodFather has left IRC (GodFather!~rcc@143.59.184.72, Ping timeout: 255 seconds)
17:15pppingme has left IRC (pppingme!~pppingme@unaffiliated/pppingme, Excess Flood)
17:16pppingme has joined IRC (pppingme!~pppingme@unaffiliated/pppingme)
17:28spaced0ut has left IRC (spaced0ut!~spaced0ut@unaffiliated/spaced0ut, Ping timeout: 268 seconds)
17:34GodFather has joined IRC (GodFather!~rcc@143.59.184.72)
17:36GodFather has joined IRC (GodFather!~rcc@143.59.184.72)
17:38
<josefig>
hi ppl
17:38
that's an interesting scenario
17:47nikoh77 has left IRC (nikoh77!~nikoh77@host190-131-dynamic.59-82-r.retail.telecomitalia.it, Remote host closed the connection)
18:00statler has left IRC (statler!~Georg@gwrz.lohn24.de, Remote host closed the connection)
18:42GodFather_ has joined IRC (GodFather_!~rcc@143.59.184.72)
18:57Guest72033 has left IRC (Guest72033!enautmatri@gateway/shell/matrix.org/x-tplxpsnxlsvfkqdt, Quit: Idle kick: User has been idle for 30 days.)
19:09
<alkisg>
vagrantc: if /proc/cmdline is "root=/dev/sda1 init=/sbin/init-ltsp quiet splash", then recent initramfs tools call init-ltsp with a single parameter of "splash"
19:09
So if one puts init=/bin/bash there, it just fails and causes kernel panic, as it can't understand the "splash" parameter
19:09
That'd be a bug of initramfs-tools, right?
19:25jeblesh_ has joined IRC (jeblesh_!2e78d540@gateway/web/freenode/ip.46.120.213.64)
19:31vagrantc_ has joined IRC (vagrantc_!~vagrant@2600:3c01:e000:21:21:21:0:100e)
19:31vagrantc_ has left IRC (vagrantc_!~vagrant@2600:3c01:e000:21:21:21:0:100e, Changing host)
19:31vagrantc_ has joined IRC (vagrantc_!~vagrant@unaffiliated/vagrantc)
19:50ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Remote host closed the connection)
20:19vagrantc_ has left IRC (vagrantc_!~vagrant@unaffiliated/vagrantc, Quit: leaving)
20:22
<vagrantc>
alkisg: i'm not sure, honestly ...
20:22
i vaguely recall the kernel can "eat" certain arguments that don't get passed on
20:22
<alkisg>
vagrantc: never mind I found it, it's a kernel thing: https://elixir.bootlin.com/linux/latest/source/init/main.c#L291
20:23
...which I interpret as, "put init=whatever as the last kernel parameter, otherwise you may experience biiig problems" :)
20:25
<vagrantc>
i wonder how new this behavior is
20:25
and why we've not run into it before
20:26
<alkisg>
Fortunately, in init-ltsp, we ignore command line parameters
20:26
<vagrantc>
ignore unknown ones ... i thought it actually parsed some
20:26
<alkisg>
But if someone had /bin/bash there, and "forcepae" at the end of cmdline, he'd have "bash forcepae", and a nice kernel panic trying to execute that
20:27
I'm not using init= at all in the newer ltsp, but we should document that pitfall somewhere anyway
20:29
<vagrantc>
you're just doing all the stuff from initramfs rather than a custom init?
20:31
<alkisg>
Nah I just symlink ${rootmnt}/sbin/init to our own, to avoid having to specify an init
20:31
And to allow the user to override init if he wants to
20:32
Previously, the image had our init because it had ltsp-client installed; now we need to inject it anyway, so we might put it to its proper place
20:33
vagrantc: ah, and good news about nfs+single image: a stock buster VM can netboot from that, *without* a custom initramfs
20:33
A custom initramfs is only needed for squashfs, not for ext3
20:33
I managed to solve all the loop etc issues with some modprobe options
20:35
<vagrantc>
nice!
20:36
the symlink happens from the initramfs on the overlay fs?
20:36
this sure is sounding more elegant than all the hacks we've been doing :)
20:37
<alkisg>
(11:36:03 PM) vagrantc: the symlink happens from the initramfs on the overlay fs? ==> exactly; then our init puts it back, and execs it
20:38
<vagrantc>
"puts it back" ?
20:38
also, sbin might be a symlink now
20:38
<alkisg>
mv init init.bak; put our own; then pivot_root execs ours; then we mv init.bak init; then exec init
20:39
A symlink is better, as it only wastes an inode in the cow space; older inits waste more (mv costs a lot :))
20:39
<vagrantc>
why can't you just exec it rather than "putting it back"
20:39
<alkisg>
In case they want to check, "oh, is /sbin/init pointing to systemd? no; then we're using upstart" and other silly things
20:40
So, any disk image that is bootable locally (vagrant, docker, even .isos with squashfs) already has the necessary modules, so it should work without modifications at all
20:41
And if we manage to inject squashfs as part of ltsp-update-image... we're back to not needing an ltsp client package :D
20:41
<vagrantc>
ah, /sbin/init is itself a symlink (at least with systemd), so moving it doesn't have to move the binary
20:41
<alkisg>
Yes I'm only moving the symlink,not the binary
20:41
<vagrantc>
i wonder if the other inits also work that way..
20:42
not that there are many left
20:42
<alkisg>
The worst that can happen is that we waste a few kb in the cow space
20:42
For the moves
20:43
<vagrantc>
well, with systemd it's ~1.4mb ... but looks like sysvinit is only ~50kb
20:43
and with systemd it's a symlink, so it's practically free
20:44
<alkisg>
I also tried to bind-mount it temporarily, but I was worried that it leaves open file handles to the initramfs rootfs
20:45kjackal has left IRC (kjackal!~quassel@2a02:587:311c:9d00:70ee:5f34:4c95:b67b, Ping timeout: 257 seconds)
20:45
<alkisg>
Btw, if TFTP=/srv/ltsp, then we won't have another "ltsp" subdir there, right? Now it's /var/lib/tftpboot and then ltsp and then image,
20:46
afterwards it'll be /srv/ltsp and image
20:46
Hopefully people aren't using tftp that much, to need an ltsp subdir...
20:46
(i.e. it won't appear in the default boot.ipxe, in the kernel xxx; initrd yyy; lines)
20:47
<vagrantc>
hmmm.
20:47
in general, i'd rather be flexible than hard-coded ...
20:47
but i'm not sure how much overhead it would take to move it
20:47
<alkisg>
They can manually modify boot.ipxe, that's all
20:48
<vagrantc>
boot.ipxe is a script?
20:48
<alkisg>
If we put too many options, it then gets too complicated
20:48
Yes, an ipxe script
20:48
<vagrantc>
got it
20:48
sounds reasonable
20:49
alkisg: you got any of this new stuff published anywhere yet?
20:49
<alkisg>
My test one is a bit big, but here's a sample: https://termbin.com/q8yp
20:50Faith has left IRC (Faith!~Paty_@unaffiliated/faith, Quit: Leaving)
20:50
<alkisg>
vagrantc: I'm uploading things to https://github.com/eellak/gsoc2019-ltsp, but I'll rewrite history later, my commit messages now are "brainstorming.." etc etc
20:51
<vagrantc>
wow, the ipxe script has mac address matching built-in?
20:51
<alkisg>
Yup
20:51
I'm hoping that simple installations won't even need an lts.conf
20:51
<vagrantc>
and you can chain-load pxelinux?
20:51
<alkisg>
Yes, although in efi it has issues
20:52
It works in bios mode
20:52
And I'm keeping development notes at the https://github.com/ltsp/ltsp/wiki which will be our final wiki; but i'll rewrite history there too once I've finished the rapid development stage
20:53
<vagrantc>
pretty cool
20:53
<alkisg>
Also,I'm planning to set up a project at https://github.com/ltsp/community, where users can maintain unofficial wikis and file/answer issues, replacing the mailing list
20:53
While https://github.com/ltsp/ltsp will be only for bug reports and official wiki
20:54
<vagrantc>
so PXE loads ipxe, ipxe loads boot.ipxe and prompts with a menu (or not) and boots
20:55
<alkisg>
Right. I'm thinking to default to a menu, and anyone that wants to hide it can modify a single line
20:55
<vagrantc>
right
20:55
<alkisg>
And users that use win32-loader or local ipxe, those directly get boot.ipxe
20:56
dnsmasq.conf is a bit trickier now: https://github.com/eellak/gsoc2019-ltsp/blob/master/ltsp/configs/dnsmasq.conf
20:56
So that it can handle uefi as well
20:57
Someone using isc-dhcp should read it and offer the equivalent :D
20:57
<vagrantc>
also really looking forward to the licensing clarity we can get by starting from scratch
20:57
<alkisg>
Ah, are the 3 copyright lines on top ok?
20:57
# This file is part of LTSP, https://ltsp.github.io # Copyright 2019 the LTSP team, see AUTHORS # SPDX-License-Identifier: GPL-3.0-or-later
20:58
..and AUTHORS says just this: Please see https://github.com/ltsp/ltsp/graphs/contributors
20:58
It's 2019, we're using git, no need to manually list names :D
20:58
<vagrantc>
not bad.
21:00
alkisg: so you'll be doing a mad rush on this till august or september?
21:00
that should pretty much be perfect timing to get it into debian :)
21:01
<alkisg>
Till August. Then hopefully I'll test it on some schools on september, and maybe put it to all schools next summer with ubuntu 20.04 or buster
21:02
vagrantc: are we going to keep an ltsp5 package for users that might need it? Or too much overhead for no reason?
21:04
<vagrantc>
alkisg: depends on how far along it is in the next 3-6 months, no? :)
21:04
<alkisg>
True
21:04
OK let's see how it fares
21:05
(12:00:57 AM) vagrantc: that should pretty much be perfect timing to get it into debian :) ==> that's the next debian after buster, right?
21:05
<vagrantc>
i'd rather reduce the amount of legacy code, and this will be coming in right near the beginning of a ~2 year development cycle for debian
21:06
<alkisg>
So we can continue uploading newer versions for a year or so?
21:06
That's fine then, no need for the old one
21:06
<vagrantc>
yeah, definitely not going to happen for buster ... bullseye is the next codename ... which i just realized earlier today has strikingly positive connotations
21:06
<alkisg>
:D
21:07
<vagrantc>
alkisg: we could start uploading to experimental tomorrow if there was something worth uploading :)
21:08
<alkisg>
I'm thinking it might be best to keep it in experimental until ubuntu 20.04 finishes synching from debian,
21:08
so that 20.04 users get the old ltsp, and 20.04 *greek schools ppa* users get the new one
21:08
and bullseye gets the new one
21:10
Pumpkin time! 'night all!
21:21* vagrantc waves
22:16sutula has left IRC (sutula!~sutula@207-118-151-61.dyn.centurytel.net, Read error: Connection reset by peer)
22:16sutula has joined IRC (sutula!~sutula@207-118-151-61.dyn.centurytel.net)
22:47jgee9 has left IRC (jgee9!~jgee@190.159.118.121, Remote host closed the connection)
22:51jgee9 has joined IRC (jgee9!~jgee@190.159.118.121)