IRC chat logs for #ltsp on irc.libera.chat (webchat)
Channel log from 24 July 2020 (all times are UTC)
| 00:39 | shored has left IRC (shored!~shored@87-100-202-16.bb.dnainternet.fi, Quit: ZNC 1.7.2+deb3 - https://znc.in) | |
| 00:39 | shored has joined IRC (shored!~shored@87-100-202-16.bb.dnainternet.fi) | |
| 05:08 | <alkisg> Vercas: what's the output of `file path-to-your-vm` and what is the exact command when you get "image not found"?
| |
| 05:08 | Raw images are supported. Raw is the same everywhere, it doesn't matter if you name it vmdk or raw or img
| |
| 07:35 | ||cw has left IRC (||cw!~chrisw@69.229.198.232, Quit: Do not follow the null pointer, for therein lies ma&^%#___) | |
| 07:40 | ||cw has joined IRC (||cw!~chrisw@69.229.198.232) | |
| 07:49 | exebat has joined IRC (exebat!4f8c9651@79.140.150.81) | |
| 08:36 | <Vercas> alkisg: Nevermind that, I'm a dummy.
| |
| 08:36 | Now I've got another problem.
| |
| 08:36 | Client times out when it tries to retrieve iPXE via TFTP.
| |
| 08:36 | Using proxy DHCP on the server.
| |
| 08:36 | exebat has left IRC (exebat!4f8c9651@79.140.150.81, Remote host closed the connection) | |
| 08:37 | <Vercas> Actually what it says is:
| |
| 08:37 | tftp://192.168.1.123/ltsp/ltsp.ipxe.............. Connection timed out (http://ipxe.org/4c126035)
| |
| 08:38 | I see the URL is just a description page for the error.
| |
| 08:41 | Tried with a local TFTP client and it also times out.
| |
| 08:43 | dnsmasq is listening on the wrong IPs on port 69.
| |
| 08:43 | It picked every IP except the right one, wow.
| |
| 08:45 | It's listening on the IPv6 of my NIC but not the IPv4.
| |
| 08:50 | <alkisg> Vercas: what's the output of this command? ls -lR /etc/dnsmasq*
| |
| 08:50 | It's possible that you installed bridged-utils or something similar, that put a network-manager configuration with "bind-interfaces", which isn't really stable
| |
| 08:51 | If so, try to remove bind-interfaces, so that it listens on 0.0.0.0, instead of specific interfaces
| |
| 08:51 | <Vercas> The server is Ubuntu Server 18.04, no NetworkManager running there.
| |
| 08:51 | Output: https://gist.github.com/vercas/24bad60a6c8a002373308d16c5bf209d
| |
| 08:52 | Added one more file with the contents of the `lxd` file.
| |
| 08:53 | So I've fixed it.
| |
| 08:54 | In the ltsp-dnsmasq.conf file I changed `enable-tftp` to `enable-tftp=eno2`.
| |
| 08:54 | It seems to have primarily been listening on a VLAN interface before.
| |
| 08:55 | And no idea why it listened on all IPv6 addresses but only the IPv4 of my VLAN interface.
| |
| 08:56 | <alkisg> "that put a network-manager configuration" ==> sorry I meant dnsmasq configuration there
| |
| 08:57 | It's best to have dnsmasq listen on 0.0.0.0 if possible, i.e. to remove bind-interfaces, as it's more stable in general, not just for tftp
| |
| 08:58 | <Vercas> Well, dnsmasq seems to be doing its job. Now NFS fails to mount with permission denied.
| |
| 08:59 | Which, from personal experience, means something different:
| |
| 08:59 | Server doesn't want to give the client NFSv3.
| |
| 09:06 | <alkisg> showmount -e localhost
| |
| 09:07 | <Vercas> /srv/storage/ltsp/tftp/ltsp *
| |
| 09:07 | /srv/storage/ltsp *
| |
| 09:07 | And there's others as well (my own).
| |
| 09:07 | But this is where I put the ltsp stuff.
| |
| 09:08 | I couldn't leave the default location in there because it's on a microSD card. :D
| |
| 09:08 | /srv/storage is where I mount the spinning rust.
| |
| 09:09 | I ran all the LTSP commands in a root shell with BASE_DIR=/srv/storage/ltsp in my environment.
| |
| 09:11 | https://github.com/ltsp/ltsp/blob/046af079fc85a0c6e0bd90c2bf1222265f0f9505/ltsp/server/ipxe/ltsp.ipxe#L46
| |
| 09:11 | It seems that the path is hardcoded.
| |
| 09:14 | I changed it manually and it works now. :)
| |
| 09:26 | <alkisg> The path isn't hardcoded, as `ltsp ipxe` sed's it
| |
| 09:27 | But you need to set BASE appropriately either in the cmdline or in ltsp.conf
| |
| 09:27 | It's usually best to just symlink /srv/ltsp though to wherever you want it
| |
| 09:28 | https://ltsp.org/man/ltsp/#options ==> -b, --base-dir=/srv/ltsp This is where the chroots, squashfs images and virtual machine symlinks are;
| |
| 09:34 | <Vercas> I see.
| |
| 09:34 | So setting BASE_DIR in the environment is not the same thing as using -b?
| |
| 09:35 | Also does symlinking /srv/ltsp even work with nfs-kernel-server?
| |
| 09:42 | Also what do I need to do in order to set up Epoptes when the LTSP server isn't the machine I'd be using to control the clients?
| |
| 10:41 | adrianorg has joined IRC (adrianorg!~adrianorg@177.156.58.12) | |
| 10:44 | adrianor1 has left IRC (adrianor1!~adrianorg@186.215.17.86, Ping timeout: 240 seconds) | |
| 11:44 | shored has left IRC (shored!~shored@87-100-202-16.bb.dnainternet.fi, Read error: Connection reset by peer) | |
| 11:45 | shored has joined IRC (shored!~shored@87-100-202-16.bb.dnainternet.fi) | |
| 12:14 | <alkisg> (12:34:35 PM) Vercas: So setting BASE_DIR in the environment is not the same thing as using -b? ==> it is the same
| |
| 12:14 | (12:35:04 PM) Vercas: Also does symlinking /srv/ltsp even work with nfs-kernel-server? => it works if the symlink IS the export and not inside the export
| |
| 12:15 | (12:42:24 PM) Vercas: Also what do I need to do in order to set up Epoptes when the LTSP server isn't the machine I'd be using to control the clients? ==> passwordless ssh -X
| |
| 12:18 | shored has left IRC (shored!~shored@87-100-202-16.bb.dnainternet.fi, Ping timeout: 240 seconds) | |
| 12:23 | shored has joined IRC (shored!~shored@87-100-202-16.bb.dnainternet.fi) | |
| 12:29 | <alkisg> (or you can just set SERVER=the-other-pc-ip in /etc/default/epoptes-client
| |
| 12:49 | <Vercas> alkisg: In the client image?
| |
| 12:49 | Do I need to transfer any crypto keys or passwords?
| |
| 13:22 | <alkisg> Vercas: sync /etc/epoptes between the image and your server, so that both work
| |
| 13:23 | <Vercas> Server as in LTSP server or epoptes admin machine?
| |
| 13:24 | <alkisg> `ltsp initrd` automatically picks up /etc/epoptes from the server
| |
| 13:24 | <Vercas> Ah.
| |
| 13:25 | <alkisg> So it's easier if you copy it from your admin machine to your server
| |
| 13:25 | <Vercas> Oh.
| |
| 13:25 | Ooooo, I see.
| |
| 13:25 | <alkisg> Then the one in the image won't matter
| |
| 13:26 | (while unrelated to ltsp, you'd run `epoptes-client -c` inside the image/vm, to fetch /etc/epoptes from the admin machine to the image)
| |
| 13:26 | Anyways make all 3 /etc/epoptes the same so that it's not confusing :D
| |
| 13:28 | <Vercas> All 3? :o
| |
| 13:28 | Okay, doing that.
| |
| 13:31 | Do I need the key or just the certificate on the LTSP server?
| |
| 13:33 | fiesh has left IRC (fiesh!~fiesh@hq.wsoptics.de, Quit: Lost terminal) | |
| 13:34 | fiesh has joined IRC (fiesh!~fiesh@hq.wsoptics.de) | |
| 13:42 | danboid has joined IRC (danboid!~ISDADS\sg@146.87.136.65) | |
| 13:42 | <danboid> alkisg: I want to test epoptes today but I'm unsure how it handles certs
| |
| 13:43 | Does anyone here use epoptes?
| |
| 13:43 | <alkisg> What's the exact question?
| |
| 13:43 | The certificates are in /etc/epoptes, and the installation instructions are enough to use it
| |
| 13:45 | <danboid> Whats confusing me is we're using the LTSP mode where there is only one image which is based upon whats installed on the server
| |
| 13:46 | So obvs I don't the private key to be served out in this image
| |
| 13:46 | but I'd like to use that same server as th epoptes server. Can I?
| |
| 13:46 | <alkisg> Sure, it works by default, as ltsp initrd gets the certificate from /etc/epoptes on the server
| |
| 13:46 | No need for any action
| |
| 13:47 | <danboid> I'm not sure I'm clear on what the epoptes server is/does
| |
| 13:47 | It needs to be installed on every teachers/admins machine?
| |
| 13:47 | <alkisg> danboid: I think you should follow the default instructions, which make it run out of the box, and THEN you can ask questions :)
| |
| 13:47 | No, it just needs to be installed on the ltsp server
| |
| 13:48 | <danboid> OK, instructions first. I've read them already but I wanted to ask..
| |
| 13:48 | <alkisg> I mean, actually execute them, and if they fail, then sure you can ask
| |
| 13:49 | <danboid> So I'm installing both the client and the server apps on my LTSP server, then just the client on the machine used to control right?
| |
| 13:50 | <alkisg> !intsall
| |
| 13:50 | <ltspbot> I do not know about 'intsall', but I do know about these similar topics: 'install'
| |
| 13:50 | <alkisg> !install
| |
| 13:50 | <ltspbot> install: To install LTSP: https://ltsp.org/docs/installation/
| |
| 13:50 | <alkisg> It's just a command, it's there
| |
| 13:51 | <danboid> So LTSP knows to filter out the epoptes server package from the LTSP image is my question, I think
| |
| 13:53 | <alkisg> No, epoptes goes inside the image. Only the private key is excluded by `ltsp image`.
| |
| 13:56 | Same with sshd
| |
| 14:00 | <danboid> OK, so am I still to run
| |
| 14:00 | epoptes-client -c
| |
| 14:00 | On my LTSP server?
| |
| 14:00 | <alkisg> On the ltsp server, run:
| |
| 14:00 | <danboid> before creating a new LTSP image
| |
| 14:00 | <alkisg> apt install epoptes
| |
| 14:00 | <danboid> done
| |
| 14:00 | <alkisg> gpasswd -a administrator epoptes
| |
| 14:01 | That's all. It's what I wrote in https://ltsp.org/docs/installation/ too...
| |
| 14:01 | You do not need any other actions.
| |
| 14:02 | <Vercas> Has anyone ever used LTSP specifically for Vivado parallel synthesis?
| |
| 14:03 | <danboid> I don't see why I would need to add a user to the epoptes group on the LTSP server because I don't want to control any machines from that server if you get me. I want to use a non-LTSP Ubuntu laptop to view and control LTSP machines, thats on the same network. Is that not possible?
| |
| 14:04 | Can I only view and control machines via epoptes from a LTSP booted machine?
| |
| 14:05 | <alkisg> danboid: you can have only one epoptes server, not many
| |
| 14:05 | If it's the ltsp server, you'd `ssh -X epoptes`
| |
| 14:05 | So you'd need an administrator on the server to be part of the epoptes group
| |
| 14:06 | If it's an unrelated laptop, then you'd install epoptes on that laptop, not on the ltsp server
| |
| 14:06 | bbl
| |
| 14:07 | <danboid> OK, sounds like I might want to remove epoptes server
| |
| 14:07 | from my LTSP server
| |
| 14:08 | Looks like alkisg has gone
| |
| 14:09 | Does anyone else use epoptes here who might be able to explain it to me?
| |
| 14:09 | <Vercas> danboid: Luckily for you, I'm trying to make it work right now as well.
| |
| 14:10 | <danboid> Vercas, Haha! Great
| |
| 14:10 | Have you got it working?
| |
| 14:10 | At al
| |
| 14:10 | l
| |
| 14:10 | <Vercas> Dunno yet, I'm creating the new disk image now.
| |
| 14:10 | It's... big.
| |
| 14:10 | <danboid> Do you understand how it should work?
| |
| 14:11 | <Vercas> As far as I understand, the clients automatically connect to a host named `server`.
| |
| 14:11 | Which is added to /etc/hosts or whatever in the client image by the server.
| |
| 14:11 | <danboid> Yep,I got that bit
| |
| 14:11 | <Vercas> But you can edit /etc/default/epoptes-client to set the hostname/IP to something else.
| |
| 14:12 | Besides that, in the client image/VM, run `epoptes-client -c` and it will retrieve the server certificate.
| |
| 14:12 | <danboid> but what about the keys? Surely I need to copy the private key off my LTSP server onto the machine(s) that I want to view/control from
| |
| 14:12 | <Vercas> Yeah, just copy `/etc/epoptes` to the admin machine.
| |
| 14:13 | Okay, image was created.
| |
| 14:13 | Gonna go reboot the client.
| |
| 14:14 | <danboid> Good luck!
| |
| 14:17 | <Vercas> Client's up. Gonna re-login on my admin machine so epoptes works.
| |
| 14:19 | Oh wow, it works.
| |
| 14:20 | danboid: Yep, seems to work just fine with just those steps.
| |
| 14:20 | <danboid> Vercas, Great! Going to try myself now
| |
| 14:21 | <Vercas> I need to look into doing this with NoMachine as well.
| |
| 14:21 | I'd really rather use NoMachine, it performs far better than VNC.
| |
| 14:21 | <danboid> x2go
| |
| 14:21 | x2go is the open source NX
| |
| 14:21 | Its in the ubuntu repos etc
| |
| 14:22 | <Vercas> Wasn't that FreeNX or something?
| |
| 14:22 | Or are they both the same thing?
| |
| 14:22 | <danboid> Yeah, but it used to be shit
| |
| 14:23 | x2go works great
| |
| 14:23 | Install - works!
| |
| 14:23 | If port 22 is open
| |
| 14:24 | <Vercas> I wonder if there's a way to make it work like epoptes's client-server model.
| |
| 14:24 | I know I can discover machines on the network...
| |
| 14:24 | But I don't want to have to log in...
| |
| 14:25 | <danboid> Never looked into that
| |
| 14:26 | OK so I should be able to view and control LTSP clients from epoptes client after installing it and copying the private key into /etc/epoptes - thats it?
| |
| 14:27 | <Vercas> Private key?
| |
| 14:27 | Oh, you mean to the admin machine?
| |
| 14:28 | <danboid> Yep
| |
| 14:28 | <Vercas> You need both private key and cert on the admin machine.
| |
| 14:28 | <danboid> OK
| |
| 14:28 | <Vercas> And don't forget to update the client image.
| |
| 14:28 | <danboid> but I'm installing the client on the admin machine right?
| |
| 14:28 | <Vercas> Vivado starts just fine, wow.
| |
| 14:29 | danboid: No, install the `epoptes` package.
| |
| 14:29 | `epoptes-client` is for the client image.
| |
| 14:29 | <danboid> OK
| |
| 14:32 | Hmm
| |
| 14:32 | I'm not sure epoptes will work for us
| |
| 14:33 | So the only machine that can admin the epoptes clients is the machine that is referenced as server in DNS
| |
| 14:34 | If I understand things correctly
| |
| 14:36 | Yes that must be how it works
| |
| 14:37 | <Vercas> No.
| |
| 14:37 | I told you the file you need to edit.
| |
| 14:37 | The admin machine can be anything.
| |
| 14:37 | <danboid> OK
| |
| 14:37 | <Vercas> [15:11:38] <Vercas> But you can edit /etc/default/epoptes-client to set the hostname/IP to something else.
| |
| 14:38 | That file's in the client image.
| |
| 14:38 | Just edit it. Comments explain what needs to be changed.
| |
| 14:38 | <danboid> Same problem
| |
| 14:38 | <Vercas> ?
| |
| 14:39 | <danboid> I would like multiple machines/users (who have the private key) to be able to admin epoptes without having to x2go/VNC into our LTSP/epoptes server
| |
| 14:39 | Should that be possible?
| |
| 14:40 | Not necessarily at the same time
| |
| 14:40 | <Vercas> Not without connecting to a single admin machine.
| |
| 14:41 | Well, if you feel particularily insane, you can probably set up some TCP/UDP proxy.
| |
| 14:41 | I think NoMachine might actually be the tool you need.
| |
| 14:41 | If you manage to make it work well with the clients.
| |
| 14:41 | <danboid> Yes, so only one IP can be admin of epoptes
| |
| 14:43 | <Vercas> Yeah.
| |
| 14:43 | I'd personally like to use NX because it performs far better than VNC.
| |
| 14:43 | <danboid> Urgh!
| |
| 14:43 | Yep
| |
| 14:43 | Having to use anything via x2go/NX and esp. VNC is always a last resort
| |
| 14:45 | I think we'll have to just do that then
| |
| 14:46 | <Vercas> Lemme know how it works.
| |
| 14:46 | It's rather hard for me to test it because my client image is 100 GB.
| |
| 14:47 | <danboid> Wow! That's super hefty
| |
| 14:47 | <Vercas> Myeah, I mainly need LTSP for Vivado.
| |
| 14:47 | I need a ton of computing power to synthesize my designs.
| |
| 14:48 | And it's hard to make Vivado do stuff in parallel with separate installations.
| |
| 14:48 | Also my machines don't have any disks. I've pulled them out and stuck them in a server so I have redundant storage. :^)
| |
| 14:49 | <danboid> How big is Vivado?
| |
| 14:49 | <Vercas> ~30 GB with the features I need but it needs almost 70 GB of free space to do the installation.
| |
| 14:49 | So I've made my raw image 100 GB just to be safe.
| |
| 14:50 | I can require up to 100 GB if you want all the features of the Web Pack.
| |
| 14:50 | No idea how big it gets with even more features.
| |
| 14:50 | <danboid> WTF uses all that space?
| |
| 14:50 | <Vercas> Honestly I'm not even sure.
| |
| 14:50 | <danboid> I can kinda understand with game engines that include loads of assets - chip design
| |
| 14:51 | ?
| |
| 14:51 | <Vercas> I've seriously got no idea.
| |
| 14:51 | <danboid> :)
| |
| 14:51 | <Vercas> It probably bundles a lot of extra info like documentation for IP blocks.
| |
| 14:51 | <danboid> That's A LOT of docs!
| |
| 14:51 | <Vercas> Heck - I'm a Xilinx employee and I don't even know *who* to ask.
| |
| 14:51 | <danboid> :D
| |
| 14:53 | I'm surprised Intel haven't bought Xilinx out
| |
| 14:53 | They should before they sink
| |
| 14:54 | <Vercas> Why would the shareholders sell Xilinx to Intel?
| |
| 14:54 | Xilinx has the biggest slice of the FPGA market.
| |
| 14:55 | My employer (Solarflare) was acquired by Xilinx last year.
| |
| 14:56 | Solarflare's colors are the same as Intel's so they were really keen on changing our office.
| |
| 14:56 | They've renovated it in Xilinx colors.
| |
| 14:56 | If Intel acquires us, they're gonna have to renovate it again and change the colors back. :D
| |
| 15:00 | <danboid> Haha!
| |
| 15:00 | Corporate branding warfare at its best!
| |
| 15:03 | <Vercas> Hey, I don't mind.
| |
| 15:03 | The new carpets look genuinely good.
| |
| 15:08 | <alkisg> Here for a minute only; x2go/nx uses vnc to share a user's screen, so it's not "faster than VNC" for screen sharing. It's faster over WAN only for new sessions.
| |
| 15:09 | In epoptes, the clients connect to the server, not the server to the clients; this resolves trust issues that italc etc had with ltsp, and makes it easier to discover clients, but then you can only have one epoptes server
| |
| 15:10 | There are plans to introduce the ability to connect to the epoptes server machine from elsewhere, and run the gui elsewhere, and they're not hard, but they're not implemented yet
| |
| 15:10 | Vercas: it's possible to have the clients boot directly from the 100 gb image, so that you don't need to run ltsp image at all, while testing
| |
| 15:11 | I.e. just put it in /srv/ltsp/images/x86_64.img and run `ltsp kernel x86_64`; do not run ltsp image
| |
| 15:11 | <Vercas> ltsp image isn't my problem.
| |
| 15:11 | <alkisg> This will make the clients boot a bit slower as then there's no squashfs compression
| |
| 15:11 | <Vercas> It's the 1 Gbps link between the machine where I run the VM for the client image, and the LTSP server.
| |
| 15:12 | In a few days I'll upgrade that link to 10 Gbps. :)
| |
| 15:12 | <alkisg> It's also possible to mount some things like /opt via NFS, to avoid having many GB in the image
| |
| 15:13 | <Vercas> I should just use iSCSI to mount the image directly from my LTSP server.
| |
| 15:26 | <danboid> alkisg: Well I never expected it but indeed epoptes 'just works' - wow! :)
| |
| 16:10 | danboid has left IRC (danboid!~ISDADS\sg@146.87.136.65, Quit: Leaving) | |
| 16:34 | danboid has joined IRC (danboid!~ISDADS\sg@146.87.136.65) | |
| 16:40 | danboid has left IRC (danboid!~ISDADS\sg@146.87.136.65, Quit: Leaving) | |
| 17:31 | vagrantc has joined IRC (vagrantc!~vagrant@unaffiliated/vagrantc) | |
| 20:40 | adrianor1 has joined IRC (adrianor1!~adrianorg@177.156.58.12) | |
| 20:42 | adrianorg has left IRC (adrianorg!~adrianorg@177.156.58.12, Ping timeout: 240 seconds) | |
| 21:11 | vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving) | |