IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 29 April 2021   (all times are UTC)

00:15vagrantc has left IRC (vagrantc!~vagrant@unaffiliated/vagrantc, Quit: leaving)
05:40ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
05:42RaphGro has joined IRC (RaphGro!~raphgro@fedora/raphgro)
07:17woernie has left IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de, Ping timeout: 260 seconds)
07:18woernie has joined IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de)
07:48alkisg has left IRC (alkisg!~alkisg@ubuntu/member/alkisg, Remote host closed the connection)
07:51alkisg has joined IRC (alkisg!~alkisg@ubuntu/member/alkisg)
07:57woernie has left IRC (woernie!~werner@p578bb7b6.dip0.t-ipconnect.de, Ping timeout: 246 seconds)
07:58woernie has joined IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de)
08:37alkis[m] has left IRC (alkis[m]!alkismatri@gateway/shell/matrix.org/x-nncvbvjkcuawegzu, Quit: authenticating)
08:37alkis[m] has joined IRC (alkis[m]!alkismatri@gateway/shell/matrix.org/x-nmzjmeultgjbufgd)
11:36adrianorg has left IRC (adrianorg!~adrianorg@179.187.31.189, Ping timeout: 252 seconds)
11:37adrianorg has joined IRC (adrianorg!~adrianorg@179.187.28.136)
12:00woernie has left IRC (woernie!~werner@p5ddec80a.dip0.t-ipconnect.de, Remote host closed the connection)
12:30RaphGro has left IRC (RaphGro!~raphgro@fedora/raphgro, Quit: Please remember your own message. It'll be read as soon as possible.)
13:12woernie has joined IRC (woernie!~werner@p200300c18f2d717755b4128a3073d70a.dip0.t-ipconnect.de)
13:59Monkberry has joined IRC (Monkberry!6c221083@static-108-34-16-131.bflony.fios.verizon.net)
14:01
<Monkberry>
hey all
14:02
<alkisg>
Hi Monkberry
14:03
<Monkberry>
NFSD: client 172.16.11.184 testing state ID with incorrect client ID
14:04
Has anyone experienced this?
14:04
It seems to cause all sorts of issues on the network
14:04
<alkisg>
Monkberry: I think I've seen it when a client was forcibly shut down, without notifying nfs, then another one booted with that same IP
14:05
So the server was thinking "hey, wasn't there another one using ip=.184?"
14:05
<Monkberry>
hmm, that wouldn't surprise me there
14:05
<alkisg>
Make sure that your DHCP server is respecting IP leases etc
14:06
<Monkberry>
hmmm, might this have something to do with what we did to work around the vlans?
14:06* alkisg tries to remember the workaround...
14:06
<Monkberry>
Most seem to come from that side of the fence
14:06adrianor1 has joined IRC (adrianor1!~adrianorg@187.113.216.137)
14:07adrianorg has left IRC (adrianorg!~adrianorg@179.187.28.136, Ping timeout: 240 seconds)
14:07
<Monkberry>
One side (the side seemingly with less troubles has dhcp from a pfsense box
14:07
The other side of the vlan has dhcp handed out from a server running isc-dhcp-server
14:08
<alkisg>
And the ranges are different of course, right?
14:09
I think we only changed the reported server; we didn't touch anything about ip leases
14:09
<Monkberry>
yes. I have the changes we made
14:09
<alkisg>
Monkberry: can we vnc? It'll be faster...
14:09
x11vnc -connect alkisg.ltsp.org
14:12
<Monkberry>
That box is not the ltsp server
14:12
that one is on the other vlan where dhcp is from isc-dhcp-server
14:14
<alkisg>
Monkberry: this is where the most failures happen?
14:14
<Monkberry>
no, the other server on the other vlan
14:14
I can get you connected to that
14:14
<alkisg>
Sure, let's
14:17
Monkberry: and there, pfsense assigns the IPs? Are they hardcoded, why doesn't it answer now?
14:17
<Monkberry>
Yes, pfsense hands out on that side of the vlan
14:17
I'm not sure what you mean, hardcoded and not answering
14:18
<alkisg>
I tell the ltsp server to do a fake dhcp request
14:18
And pfsense doesn't send an IP
14:18
<Monkberry>
idk
14:18
<alkisg>
ok
14:18
<Monkberry>
I can get you logged into pfsense so you could see that
14:19
<alkisg>
Can I reach a client on the problematic vlan via epoptes?
14:19
<Monkberry>
yes
14:19
one sec
14:19
<alkisg>
ok
14:21
valid_lft 4277sec preferred_lft 4277sec
14:23
Monkberry: I think you have a very very small lease time
14:23
And then the server doesn't even hand out the same IP
14:23
Let's connect to pfsense
14:23
<Monkberry>
ok
14:24
<alkisg>
Maybe you have e.g. 2 hours; it would be best to be at least a day; better yet, a week, so that clients that boot once per week get the same IP
14:24
<Monkberry>
It's a very busy school and with everyone's phones, watches, pcs, I tweaked the lease time
14:24
<alkisg>
Hmmm
14:25
Monkberry: let's go to pfsense
14:25
<Monkberry>
I seem to have lost control of my mouse
14:25
<alkisg>
Yeah me too I think we were both trying to use it at the same time
14:25
OK, watching...
14:26
Go to lease time, I don't recall where that is
14:28
Monkberry: so, ltsp clients can't really renew their leases as if they change their IP all the nfs etc connections will expire and they won't have access to /, so they won't be able to load programs etc, they'll just hang,
14:28
<Monkberry>
I tweaked the lease time because I was running out of ip addresses and this was the easy fix for the class c that was in place
14:28
suggestion?
14:29
<alkisg>
The current lease time is 1 hour. The initial was 7200, 2 hours?
14:29
And you had issues with lease time=2 hours?
14:29
If so, this means you need to grow your network, it's too stressed
14:29
<Monkberry>
I'm thinking it may be possible to have the clients that get assigned addresses on a longer lease than those just getting from dhcp
14:29
<alkisg>
Bite the bullet and increase the subnet :)
14:30
The ltsp clients may also have static mappings, one for each one of them
14:30
E.g. there's no point in having a pool of 20, when you have 30 clients. You should have 30 IPs for your 30 clients etc
14:30
(excluding the roaming/mobile ones)
14:30
<Monkberry>
I'll look into the lease times in the meantime, I'll figure the summertime to increase the subnet, with this being a school
14:31
<alkisg>
It shouldn't be intrusive though, if you just grow the existing subnet
14:31
<Monkberry>
So, your determination is that error is being caused by dhcp lease times?
14:31
<alkisg>
Yes, I think that pfsense gives the IP to another client
14:31
<Monkberry>
How can I just grow the subnet without changing everything?
14:32
Is that even possible?
14:33
<alkisg>
The 172.16.11.x/24 subnet would become e.g. 172.16.y.x/22
14:34
<Monkberry>
That's what I thought
14:34
<alkisg>
So you'd keep the same IPs everywhere; DHCP clients would get a different netmask; and if you have printers etc, then you'd need to update their netmask, otherwise they wouldn't be able to reply to the clients over the /24
14:35
<Monkberry>
ah
14:36
Thank you very much for the help, I'll send you like I do
14:37
<alkisg>
Monkberry: another idea is to put the ltsp clients with infinite lease time, let me see about that...
14:37woernie has left IRC (woernie!~werner@p200300c18f2d717755b4128a3073d70a.dip0.t-ipconnect.de, Remote host closed the connection)
14:38
<Monkberry>
Some of those are not on the ltsp server, however, they are sharing home directories
14:38
<alkisg>
inet 10.32.4.229/21 brd 10.32.7.255 scope global enp1s0
14:38
valid_lft forever preferred_lft forever
14:39
<Monkberry>
Like the room 104 that you were looking at. They are a stand alone Linux box (Mint 20) with a home directory that is mounted from the server
14:39
<alkisg>
This is what a client lease looks like, in another installation with pfsense that I maintain,
14:39
which means that ltsp clients there never need to renew their leases; i.e. it's possible to configure that in pfsense
14:39
So, do you have enough IPs for all the school PCs to be on at the same time?
14:39
If yes, you can assign them infinite leases
14:40
(essentially, static IPs but managed in pfsense)
14:40
<Monkberry>
That depends on the kids coming in with their watches and tablets now
14:40
<alkisg>
You wouldn't assign THESE an infinite leases
14:40
Only to your known school PCs
14:41
<Monkberry>
Yes I know but on some days I think they just run out of ips
14:41
<fiesh>
just jumping in now, it seems weird to me "official" computers are assigned in the same lease range as random bring-your-own-stuff devices...
14:41
<Monkberry>
I'll most likely need to increase the class
14:41
<alkisg>
fiesh: Monkberry only has 255 IPs there, he'll update that in the summer
14:42
Monkberry: since you already had issues with ip lease time = 2 hours, I'd really look into increasing the subnet immediately. Also, removing the vlans :D
14:42
<Monkberry>
I'd love to remove those vlans
14:42
<alkisg>
You'd need one hour when the school is closed, but it should suffice
14:42
<fiesh>
ok I have no idea what's going on, but if I had trouble with having sufficiently many IP addresses and couldn't increase the subnet for some reason and wanted to give random people access, I'd set up an additional NAT for their wifi
14:43
and give my important devices proper addresses
14:43
<alkisg>
Right ^
14:43
That's a good idea as well
14:43
In some schools, we have a different access point and subnet for roaming clients
14:43
<fiesh>
like this, someone could just come and grab all leases, and your *official* equipment would stop working
14:43
<Monkberry>
Yes that is a good idea flesh, separate the wifi
14:43
<alkisg>
E.g. school is 10.x.y, while roaming= 192.168.1.x
14:44
Many access points support that without even involving pfsense
14:44
<fiesh>
you have an actual /24 network you're using?
14:44
<Monkberry>
They have a bunch of ubiquity unifi devices throughout the school that hand off the wifi
14:44
yes
14:45
<fiesh>
well then you're loaded with IP addresses anyway by my standard ;-)
14:45
<Monkberry>
2 - /24 on 2 - vlans
14:45
<fiesh>
you have two actualy /24 blocks, wow... I'd never give out actual addresses to random wifi users
14:46
but then I only have 8 addresses ;-)
14:46
but I know that back in the US, every printer had its own address since the distribution was so generous amongst educational institutions hehe
14:47
<Monkberry>
They used to have printers throughout the hallways when I came in
14:47
windows pcs that they would never log out of, a complete hodge podge of crap
14:49
It's really quite a place now. A school in the US that is completely running Linux on pcs, voip phones, cameras, etc..
14:49
<fiesh>
well still I'd never give out actual IPv4 addresses to random wifi people -- IPv6 is fine I guess
14:50
<Monkberry>
Anyway, thank you all for the help. I gotta run but this is food for fodder in the right direction.
14:50
<fiesh>
really great though, wish there were laws that required public money to only be spendable on open source software
14:50
:) bye
14:51
<Monkberry>
I could tell you many stories of all the fights I've had over this but they believed me and now they love it
14:51
See you later and thanks again!
14:51Monkberry has left IRC (Monkberry!6c221083@static-108-34-16-131.bflony.fios.verizon.net, Quit: Connection closed)
20:54Helenah has left IRC (Helenah!~irc@unaffiliated/iveeee, Quit: Switching from weechat relay to ZNC)
22:12ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)