IRC chat logs for #ltsp on irc.libera.chat (webchat)


Channel log from 5 January 2022   (all times are UTC)

02:38lcurl has left IRC (lcurl!~UserNick@222.254.154.163, Remote host closed the connection)
04:02vagrantc has left IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100e, Quit: leaving)
05:12lcurl has joined IRC (lcurl!~UserNick@222.254.154.163)
05:31quinox has left IRC (quinox!~quinox@ghost.qtea.nl, Quit: WeeChat 3.3)
05:34quinox has joined IRC (quinox!~quinox@ghost.qtea.nl)
07:09ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
08:42ircs has joined IRC (ircs!~ircs@2-111-85-72-cable.dk.customer.tdc.net)
08:42parlos has joined IRC (parlos!~pal@146.247.147.166)
08:45alkisg has joined IRC (alkisg!~alkisg@2001:470:69fc:105::2d3)
08:45
<alkisg>
vagrantc: I'll prepare ltsp 22.01 and epoptes 22.01 in the following days, do you have any spare time to upload them to debian? (no rush, we have till the end of february for ubuntu freeze)
09:52
<parlos>
alkisg; got a question wrt. the install. Got some time?
09:52
<alkisg>
parlos: sure, shoot
09:54
<parlos>
I've arrived at 'ltsp dnsmasq' and I've got (test case ) two nics, one external (private IP), and another that will be used for PXE stuff.
09:55
<alkisg>
That use case is automatic if you use server IP=192.168.67.1 for the internal subnet
09:55
<parlos>
In my future environment, I'll have multiple NICs that will need to serve PXE.
09:55
<alkisg>
We special case that subnet to mean "internal PXE/LTSP subnet where LTSP is supposed to be a DHCP server"
09:55
<parlos>
That 's fine, expected.
09:56
But it needs to server multiple NICs, and I need to control the IP ranges.
09:56
<alkisg>
Unfortunately we don't special case "multiple PXE subnets", so you'll need to add a couple of lines yourself to /etc/dnsmasq.d/local.conf
09:56
And you'll also need to do NAT forwarding yourself (one line in ltsp.conf) for those extra subnets
09:57
<parlos>
Ok, is dnsmasq doing the DHCP?
09:57
<alkisg>
LTSP uses this, you can put something similar in local.conf: dhcp-range=192.168.67.20,192.168.67.250,12h
09:57
Yes
09:58
<parlos>
Alright, so --proxy-dhcp=0 that isnt specifying a NIC to server DHCP requests on?
09:58
That I have to change manually later.
09:59
<alkisg>
By default, you'll be able to netboot clients from the non-LTSP NIC, using the proxydhcp protocol
09:59
So by running `ltsp dnsmasq -p=0` you'll avoid that
09:59
There's no need to restrict to interfaces if the IPs are set correctly, dnsmasq can see which interface to use based on the interface IP
10:02
<parlos>
Looking into /etc/dnsmasq.d/ltsp-dnsmasq.conf that the file you referenced before?
10:03
<alkisg>
That's the one that should be managed by ltsp dnsmasq
10:03
While for additional content, use another one at /etc/dnsmasq.d/local.conf
10:05
<parlos>
But I can change the ltsp-dnsmasq.conf to my need? there isnt anything that will overwrite it?
10:06
<alkisg>
If you never run `ltsp dnsmasq` yourself, then nothing will overwrite it
10:06
But if you can use the "separate local.conf" logic, you should, to allow ltsp to create better ltsp-dnsmasq.conf in the future
10:06
<parlos>
ok, and that you only run during install.... Does the install read a config file? Perhaps better to place info in that.
10:07
<alkisg>
For example, when UEFI support was added, or when rpi4 support was added, that separation helped
10:07
`ltsp dnsmasq` is never ran automatically, only the sysadmin runs it
10:08
<parlos>
Ok, with two config files. How is precedence handled? And the local.conf file, is that just a copy of the ltsp file, but with my settings?
10:09
<alkisg>
Not a copy; you'd only put the extra content there, e.g. only this line for 3 NICs:
10:09
dhcp-range=192.168.68.20,192.168.68.250,12h
10:09
That would add a new 68 subnet in addition to the stock 67 one that ltsp uses
10:10
dnsmasq reads all the files in the dnsmasq.d and combines them to create the resulting configuration; there shouldn't be any conflicting content
10:11
<parlos>
Ok, so its default config + EXTRA, but no replace/remove.
10:11
<alkisg>
If at some point you see that ltsp-dnsmasq.conf conflicts with what you want, then you'll need to manage it yourself from that point on
10:11
Right
10:11
(in a few cases, later content overrides previous content; that's documented in the dnsmasq man page)
10:14
<parlos>
might be good if the 'ltsp dnsmasq <--proxy-dhcp=0>' either read a config file, or accepted some additional input, for example to get the IP range. Thanks for your answer and clarification.
10:15
<alkisg>
You can add PROXY_DHCP=0 under [server] in /etc/ltsp/ltsp.conf
10:15
So that you don't forget to add -p=0 in the future, and it's added automatically instead
10:15
proxy_dhcp=0 means "disable" so it doesn't make sense to add a range for that
10:15
<parlos>
Is that file /etc/ltsp/ltsp.conf created automatically?
10:16
I got a folder /etc/ltsp but no files in side.
10:16
<alkisg>
No, see https://ltsp.org/man/ltsp.conf/ for instructions on how to initially create it
10:16
By default no configuration is needed
10:16
So that's an "administrative" action
10:16
<parlos>
ok, thanks, working my way through the installation doc.
10:17
<alkisg>
👍️
10:28
<parlos>
Im back, now a question wrt. images. For example, I need to launch the network installer for Ubuntu X.Y. Previously, I just served a installer kernel and its ramdisk. Isnt that possible?
10:52
<alkisg>
parlos: sure, you just need to add an ipxe entry for your non-ltsp tasks
10:52
See an example at https://github.com/ltsp/ltsp/wiki/Non-LTSP-iPXE-entries
10:58
<parlos>
:thumbsup:
11:19lucas_ is now known as lucascastro
11:20woernie has left IRC (woernie!~werner@p5b296789.dip0.t-ipconnect.de, Ping timeout: 256 seconds)
11:20woernie has joined IRC (woernie!~werner@p5b296789.dip0.t-ipconnect.de)
11:24
<parlos>
I've added one of those; did the ltsp ipxe, nfs and initrd. Fixed a error in the dnsmasq.d/local.conf, restarted dnsmasq.
11:25
the host is served a PXE image, but it complains 'TXE: 1 x "Nework unreachable ..."'
11:26
<alkisg>
Can you upload a photo?
11:26
(from the client screen)
11:27
Btw, did you boot a client with ltsp before that try, or that's the first try, a custom one?
11:28
<parlos>
At this time I was just hoping for the PXE menu, I've not added any ltsp clients.
11:28
so a custom
11:28
<alkisg>
OK upload a photo so that we see at which point it stopped
11:28
You didn't see the blue ipxe menu at all?
11:28
<parlos>
where would you recommend that I upload the photo, used to pastebin for text.. no
11:28
where would you recommend that I upload the photo, used to pastebin for text..
11:29
<alkisg>
!photo
11:29
<ltspbot>
I do not know about 'photo', but I do know about these similar topics: 'paste'
11:29
<alkisg>
Hmmm, anyway, imgur.com can be used, but it's best if you just join matrix instead of irc
11:29
There you can just drag and drop the photo...
11:30
https://ltsp.org/advanced/chat-room/
11:31PatrikArlos[m] has joined IRC (PatrikArlos[m]!~parlosmat@2001:470:69fc:105::1:613e)
11:32* PatrikArlos[m] uploaded an image: (147KiB) < https://libera.ems.host/_matrix/media/r0/download/matrix.org/LPggdFFIrIgbDgYGiUpvZKzU/Screenshot_20220105_122645.png >
11:32
<parlos>
Image uploaded.
11:32
No blue ipxe menu was showed.
11:44* parlos getting some food
11:44
<alkisg>
Use bridged networking not nat
11:44
Me too (food) ;)
12:02
<parlos>
Dont think bridge/nat would impact. I looked with wireshark, and saw the messages being exchanged....
12:04
<alkisg>
In nat, vbox does the pxe itself
12:04
Ltsp wont work there
12:07ircs has left IRC (ircs!~ircs@2-111-85-72-cable.dk.customer.tdc.net, Ping timeout: 240 seconds)
12:39
<alkisg>
For VirtualBox clients, I'm booting them with http://boot.ipxe.org/ipxe.iso, because I saw that the internal ipxe that vbox includes in its ROM is a stripped down unstable version
12:40
To get PXE clients booted under NAT in VirtualBox, you need to provide a custom TFTP dir. LTSP can work that way, but it'll miss a few things as it's behind NAT.
12:40
It's much saner to use bridged networking
13:01
<parlos>
Bummer, standard isc-dhcp-server + tftp works fine for both physical and virtual boxed.
13:01
Bummer, standard isc-dhcp-server + tftp works fine for both physical and virtual machines.
13:10
I've ran my 'std' and it works, with the same VM (from experience it operates on physical machines too).
13:11
When the ltsp PXE was used, the client(host) ask for an IP, and the server replies with an OFFER, but the client never accepts, just keeps on asking.
13:28
<alkisg>
If you have isc dhcp +tftp working, then dnsmasq + ipxe will also work
13:29
The problem then may be in the borked intenal ipxe; try with ipxe.iso
13:29
Back in a couple of hours
13:29
Btw ltsp also supports isc dhcp, although you don't need it, dnsmasq is fine
13:34
<MUHWALT>
Hey alkisg, happy new year. Asked this yesterday, but think you weren't here:
13:35
Is the addition of temporary users "ltsp_temporary_user_####" normal in ltsp5? I installed a HIDS agent on my LTSP servers and just got an alert because of, what I assume, is someone mistyping their password a few times, succeeding, and there being the temporary user added soon after
14:41Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, Remote host closed the connection)
14:41Vercas has joined IRC (Vercas!~Vercas@gateway/tor-sasl/vercas)
14:56
<alkisg>
MUHWALT: happy new year; ltsp5 isn't supported anymore. That said, ltsp never automatically added any users on the servers, and I've never seen any ltsp_temporary_user_### references at all
14:56
<MUHWALT>
understood; well that's fun, then!
14:57
Thanks, I guess I need to dig into what that was then
14:57
<alkisg>
These are probably not originating from ltsp (unless it was something from the proprietary cluster stuff ages ago, I've never saw that code...)
14:57
<MUHWALT>
lol
14:58
<alkisg>
parlos: did you try with boot.ipxe.org/ipxe.iso? Did it solve the boot issues?
14:59
<MUHWALT>
oh, it originated on one of the fat clients; reported from server because the clients log back there
14:59
(with rsyslog)
15:00
<alkisg>
MUHWALT: hmm, btw your message from yesterday does appear on https://irclogs.ltsp.org/?d=2022-01-04 but not on matrix; I guess matrix lagged at some point... it's best to use Matrix rather than the old IRC channel when possible
15:00
https://ltsp.org/advanced/chat-room/
15:00
<MUHWALT>
aw, but I *finally* have weechat *just* the way I want it!!! ;)
15:01
<alkisg>
Hehe
15:01
MUHWALT: indeed that message is from ltsp then
15:02
<MUHWALT>
yeah, shows useradd with the ltsp_temporary_user_####, with home of the user that logged in
15:02
<alkisg>
From client/localapps/ldm-rc.d/X01-localapps
15:02
<MUHWALT>
only alerted because she failed to log in a bunch of times
15:02
thanks for confirming :D
15:03
<alkisg>
👍️
15:03
<MUHWALT>
We had our freepbx instance hacked just after xmas, so we're in hyper alert mode 🤣
15:03
<parlos>
alkisg: just downloaded it, mounted and ran ltsp kernel ipxe.. Complains "Could not locate vmlinuz and initrd.img in ipxe"...
15:04
<alkisg>
Was it as ancient version as ltsp5? :D
15:06
<MUHWALT>
lol, no! Just FreePBX/Sangoma's *wonderful* development practices that regressed on an RCE exploit
15:06
<alkisg>
parlos: you put ipxe.iso in the virtualbox settings; you don't use it as an ltsp image
15:06
E.g. click on vmclient01, properties, boot from => ipxe.iso
15:06
Instead of boot from => LAN
15:07
<parlos>
If I can boot a VM from that iso, what will that show?
15:07* alkisg is using virtualbox for testing ltsp and netbooting as well, it works fine except for the "internal broken ipxe rom" part
15:09
<alkisg>
parlos: it will show "loading ipxe... booting from lan... blue ipxe menu... loading kernel / initrd ... installing ubuntu etc"
15:10
What were you using before, pxelinux?
15:10
<parlos>
yup, some old ubuntu 14 it seems.
15:11
<alkisg>
pxelinux was about 5% more compatible with silly ROMs than ipxe, but it doesn't support uefi, so we moved away from it
15:11
<parlos>
Ok, so I got the blue boot menu now..
15:11
<alkisg>
OK
15:12
<parlos>
So, the pxe boot image thats on the ipxe.iso how its that different from the one that ltsp comes with?
15:12
<alkisg>
Not ltsp. virtualbox.
15:13
Virtualbox itself has a broken ipxe version for netbooting.
15:13
The ipxe developers warn against using it
15:13
If you use a real client, it'll work
15:14
<parlos>
Bummer to test then.
15:14
<alkisg>
Why? You just use "boot from iso" instead of "boot from lan"
15:14
I've been doing that for ...10 years? now
15:15
An alternative is to install the vbox extensions and use the intel netbooting code, instead of the broken old ipxe code
15:16
I think it's also been reported to the vbox developers, but they have space issues or something and can't use a proper ipxe, and they keep using the broken one
15:16
<parlos>
OK, sad though as the old workded for both physical, virtual (KVM/Vbox).
15:17
<alkisg>
KVM also works fine
15:17
This is a bug in virtualbox, not in ltsp
15:17
<parlos>
But I added a 'iso' without LTSP mode. SHould that now show up in the menu?
15:17
<alkisg>
Yes, if you added it to the menu, it should show up in the menu
15:17
<parlos>
Followed https://github.com/ltsp/ltsp/wiki/Non-LTSP-iPXE-entries
15:18
<alkisg>
Open /srv/tftp/ltsp/ltsp.ipxe and see if it's there
15:19
<parlos>
Its there Added it att the bottom..
15:29woernie has left IRC (woernie!~werner@p5b296789.dip0.t-ipconnect.de, *.net *.split)
15:29bcg_ has left IRC (bcg_!~b@dg4ybwyyyyyyyyyyyyyyt-3.rev.dnainternet.fi, *.net *.split)
15:29adrianorg has left IRC (adrianorg!~adrianorg@debian/adrianorg, *.net *.split)
15:29ogra_ has left IRC (ogra_!~ogra_@2a01:4f8:c0c:2271::1, *.net *.split)
15:29fiesh has left IRC (fiesh!~fiesh@2003:fb:1018::21, *.net *.split)
15:29lcurl has left IRC (lcurl!~UserNick@222.254.154.163, *.net *.split)
15:29PatrikArlos[m] has left IRC (PatrikArlos[m]!~parlosmat@2001:470:69fc:105::1:613e, *.net *.split)
15:29ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, *.net *.split)
15:29vsuojanen has left IRC (vsuojanen!~vsuojanen@cable-hml-585682-65.dhcp.inet.fi, *.net *.split)
15:29Hyperbyte has left IRC (Hyperbyte!~jan@middelkoop.cc, *.net *.split)
15:29MUHWALT has left IRC (MUHWALT!~ubox@user/muhwalt, *.net *.split)
15:29alkisg has left IRC (alkisg!~alkisg@2001:470:69fc:105::2d3, *.net *.split)
15:29highvoltage has left IRC (highvoltage!~highvolta@shell.jonathancarter.org, *.net *.split)
15:29spectra has left IRC (spectra!~spectra@63.142.251.150, *.net *.split)
15:29jgee has left IRC (jgee!~jgee@186.80.49.20, *.net *.split)
15:29bluejaypop has left IRC (bluejaypop!~7f000001@user/josefig, *.net *.split)
15:29sunweaver has left IRC (sunweaver!~sunweaver@fylgja.das-netzwerkteam.de, *.net *.split)
15:29book`_ has left IRC (book`_!~book`@static.38.6.217.95.clients.your-server.de, *.net *.split)
15:29eu^adsl-73-161-f has left IRC (eu^adsl-73-161-f!~eu^adsl-7@adsl-73-161-fixip.datacomm.ch, *.net *.split)
15:29Vercas has left IRC (Vercas!~Vercas@gateway/tor-sasl/vercas, *.net *.split)
15:31woernie has joined IRC (woernie!~werner@p5b296789.dip0.t-ipconnect.de)
15:31lcurl has joined IRC (lcurl!~UserNick@222.254.154.163)
15:31bcg_ has joined IRC (bcg_!~b@dg4ybwyyyyyyyyyyyyyyt-3.rev.dnainternet.fi)
15:31adrianorg has joined IRC (adrianorg!~adrianorg@debian/adrianorg)
15:31ogra_ has joined IRC (ogra_!~ogra_@2a01:4f8:c0c:2271::1)
15:31fiesh has joined IRC (fiesh!~fiesh@2003:fb:1018::21)
15:31eu^adsl-73-161-f has joined IRC (eu^adsl-73-161-f!~eu^adsl-7@adsl-73-161-fixip.datacomm.ch)
15:31sunweaver has joined IRC (sunweaver!~sunweaver@fylgja.das-netzwerkteam.de)
15:31bluejaypop has joined IRC (bluejaypop!~7f000001@user/josefig)
15:32spectra has joined IRC (spectra!~spectra@63.142.251.150)
15:32jgee has joined IRC (jgee!~jgee@186.80.49.20)
15:32alkisg has joined IRC (alkisg!~alkisg@2001:470:69fc:105::2d3)
15:32highvoltage has joined IRC (highvoltage!~highvolta@shell.jonathancarter.org)
15:32PatrikArlos[m] has joined IRC (PatrikArlos[m]!~parlosmat@2001:470:69fc:105::1:613e)
15:32Vercas has joined IRC (Vercas!~Vercas@gateway/tor-sasl/vercas)
15:32vsuojanen has joined IRC (vsuojanen!~vsuojanen@cable-hml-585682-65.dhcp.inet.fi)
15:32Hyperbyte has joined IRC (Hyperbyte!~jan@middelkoop.cc)
15:32MUHWALT has joined IRC (MUHWALT!~ubox@user/muhwalt)
15:33book`_ has joined IRC (book`_!~book`@static.38.6.217.95.clients.your-server.de)
15:33ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz)
15:33alkisg has left IRC (alkisg!~alkisg@2001:470:69fc:105::2d3, Ping timeout: 250 seconds)
15:36PatrikArlos[m] has left IRC (PatrikArlos[m]!~parlosmat@2001:470:69fc:105::1:613e, Ping timeout: 252 seconds)
16:00PatrikArlos[m] has joined IRC (PatrikArlos[m]!~parlosmat@2001:470:69fc:105::1:613e)
16:01
<PatrikArlos[m]>
Got Ubuntu18 Installer to boot.. :)
16:02
<parlos>
Alright, time to have a break. Thanks for your patience and help.
16:03
Have a nice day!
16:03parlos has left IRC (parlos!~pal@146.247.147.166, Quit: Konversation terminated!)
16:29alkisg has joined IRC (alkisg!~alkisg@2001:470:69fc:105::2d3)
16:55vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:21:21:0:100b)
17:07lucascastro has left IRC (lucascastro!~lucascast@192-140-51-251.static.oncabo.net.br, Ping timeout: 240 seconds)
17:30lucascastro has joined IRC (lucascastro!~lucascast@45-167-143-6.netfacil.inf.br)
17:32ircs has joined IRC (ircs!~ircs@2-111-85-72-cable.dk.customer.tdc.net)
18:16eu^adsl-73-161-f has left IRC (eu^adsl-73-161-f!~eu^adsl-7@adsl-73-161-fixip.datacomm.ch, Quit: Client closed)
18:20ogra_ is now known as ogra
19:34ircs has left IRC (ircs!~ircs@2-111-85-72-cable.dk.customer.tdc.net, Excess Flood)
19:34
<sunweaver>
alkisg: vagrantc: good evning, good morning/day.
19:35
here is one more ltsp.img question for you.
19:35* alkisg waves to sunweaver
19:35
<sunweaver>
You remember my concerns about creating ltsp.img on the host for some use cases.
19:35
<alkisg>
You mean in the image/chroot?
19:35
<sunweaver>
In fact, I now faced the problem that ltsp initrd copies the host's /etc/passwd and /etc/group into the ltsp.img.
19:36
<alkisg>
Yes, that's the desired result, because they're supposed to login to the ltsp server
19:36
<sunweaver>
the system itself is a squashfs image (or nfsroot) created from a chroot.
19:36
<alkisg>
It can be easily avoided by placing custom things in /etc/ltsp/passwd
19:37
<sunweaver>
My problem is that the chroot's /etc/passwd (and the file permissions in the chroot is very different from the LTSP server's passwd and group file.
19:37
the chroot has many more system users... e.g. bluetooth and such.
19:37
the /etc/{passwd,group} of the server host however is rather minimal.
19:37
<alkisg>
The system groups of the CHROOT are used
19:37
They are automatically merged at ltsp init
19:37
<sunweaver>
more portions of the code, I haven't read, yet.
19:38
<alkisg>
(back in half an hour)
19:38
<sunweaver>
so ltsp.img has the host's passwd and group, but only parts of those are used?
19:38
(ok)
20:00
<alkisg>
yes only the parts > 1000 (or whatever's defined in /etc/login.defs)
20:08lucascastro has left IRC (lucascastro!~lucascast@45-167-143-6.netfacil.inf.br, Ping timeout: 256 seconds)
20:11* vagrantc waves
20:11
<vagrantc>
happy new year, fellow LTSP folks!
20:18
<alkisg>
Happy new year vagrantc! Will you have any free time to upload ltsp/epoptes? I'm planning to release new versions next week...
20:46
<vagrantc>
sure, would be good to get the debian/watch files fixed ... i think you had already committed fixes upstream but after the last uploads
20:49
<sunweaver>
alkisg: I figured things out now. Now I really can use my host's ltsp.conf and ltsp initrd command.
20:49
Very awesome.
20:49
btw. our diskless workstations now also use Kerberos and NFSv4+krb5i
20:50
<vagrantc>
despite having been heavily involved with ltsp5 for many years, i really find the new style stuff to be much easier to work with overall ... not that i still am maintaining any actual networks right now :)
20:50
kerberos, fancy!
20:51
sunweaver: for the rootfs and/or home dirs?
20:51
does that mean the traffic between client and server is encrypted?
20:51
<sunweaver>
vagrantc: homedirs.
20:51
<vagrantc>
or just authenticated?
20:51
<sunweaver>
krb5i means authenticated.
20:52* vagrantc vaguely recalls kerberos with nfsv4 allowing for encrypted connections ...
20:52
<vagrantc>
but it's been ages since i even glanced at it
20:52
<sunweaver>
But krb5p (private -> encrypted) is possible, too. But I don't want to risk all that crypto on a school network to break the server CPUs).
20:52
<vagrantc>
heh
21:45ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving)
22:06sfxworks[m] has joined IRC (sfxworks[m]!~sfxworksm@2001:470:69fc:105::e5d4)
22:06
<sfxworks[m]>
Trying to install ltsp on a raspberry pi cm4 on raspbian, it can't find ltsp-binaries
22:07
`E: Package 'ltsp-binaries' has no installation candidate`
22:18lucascastro has joined IRC (lucascastro!~lucascast@192-140-51-251.static.oncabo.net.br)
22:39
<vagrantc>
did you add the ppa?