IRC chat logs for #ltsp on irc.libera.chat (webchat)
Channel log from 26 March 2026 (all times are UTC)
| 03:35 | krumelmonster has left IRC (krumelmonster!~krumelmon@user/krumelmonster, Ping timeout: 244 seconds) | |
| 03:47 | krumelmonster has joined IRC (krumelmonster!~krumelmon@user/krumelmonster) | |
| 06:23 | <fiesh> is there a way to add groups to users on clients without adding them on the server? I'd really like local users to be in the sudo and systemd-journal groups without doing that on the server
| |
| 07:16 | <alkisg> Sure, google for /etc/security/group.conf
| |
| 07:27 | <fiesh> ah I can edit this on the client's image without it being overwritten automatically through ltsp?
| |
| 07:28 | alkisg: also, I hacked around the image always being called x86_64.img (and the old variant), our images are called like `/srv/ltsp/images/x86_64_260320080613.img` now, and the ltsp.ipxe is created from an ltsp.ipxe.in through sed that replaces the image names there. this finally has made clients not crash when the image is updated
| |
| 07:29 | <alkisg> Yeah the current code can only handle one update; then the workstations need to reboot to the new one before another can be created
| |
| 07:29 | I too am using date-based images using custom code; I might get some time to push it upstream in the future...
| |
| 07:33 | <fiesh> alkisg: thanks for the /etc/security/group.conf hint
| |
| 07:33 | <alkisg> 👍
| |
| 07:34 | You can even play with it via ltsp.conf, so that it's different per workstation
| |
| 07:34 | POST_INIT_xxx="sed ... group.conf"
| |
| 07:35 | <fiesh> ah that's nice, thanks -- I will probably add a group localadmins and then allow all users in there to have sudo and systemd-journal on clients
| |
| 07:37 | localadmin, rather singular
| |
| 07:43 | alkisg: also I just use systemd-tmpfiles to clean up old images, might be a better mechanism than having only a fixed number
| |
| 07:45 | <alkisg> In my custom code, the number of images can be specified by N or $date, it's quite flexible;
| |
| 07:45 | and it takes into account that the "current image" MUST be preserved even if it's 10 years old, as clients might already be booted with it
| |
| 07:46 | But ideally, we'd do what NBD does; just add a lock, so that even if it's deleted, it's not freed
| |
| 07:47 | <fiesh> I'm surprised this doesn't happen automatically, like a local file will always be kept alive as long as there's an open file descriptor for it
| |
| 07:47 | but I gues that's one of NFS's idiosyncracies
| |
| 07:48 | however, I tried to mitigate the issue with symbolic links
| |
| 07:48 | having x86_64.iso point to a file and then only updating the link
| |
| 07:48 | didn't work either, I guess the symlink doesn't get resolved properly
| |
| 07:49 | the problem with locks is the risk of them becoming stale
| |
| 08:26 | <alkisg> The initramfs klibc NFS client doesn't support locks properly. The real one does, but it's too late.
| |
| 08:27 | Ubuntu switched to dracut which includes the real NFS. But on the other hand dracut developers don't respond to bug reports; I'm not even sure LTSP will run there. We'll see.
| |
| 08:28 | The symlink solution should work fine as long as the filesnames are different; that's what my ltsp-image-$date.img custom implementation actually works
| |
| 08:29 | <fiesh> we linked x86_64.img to x86_64_260320....img and so on and just replaced the symlink without removing the old miage
| |
| 08:29 | sometimes it works, sometimes it leads to NFS troubles on running clients, effectively crashing them
| |
| 08:30 | having the client directly boot the correct image name via ltsp.ipxe and updating that file is stable now
| |
| 09:38 | <elias_> alkisg: Καλημέρα, παλιόφιλε!
| |
| 09:39 | <alkisg> Haha, hyvää huomenta elias!
| |
| 09:39 | <elias_> (Don't get angry. This is just a very old joke me saying hello to alkisg in greek. :)
| |
| 09:39 | alkisg: Long time - no see. :D
| |
| 09:40 | <alkisg> Yup yup! This channel is pretty much dead nowadays. Matrix has a bit more people, but not much...
| |
| 09:43 | <elias_> I started to idle on this channel again when I talked with an italian lad who was building a community center woth computers for people to use. I told him that in case the computers tend to be stolen, there is always LTSP. :P
| |
| 09:43 | Computers without HDDs were not worth stealing in South Africa. :)
| |
| 09:45 | <alkisg> Hehe, they might want the RAM, that's also very expensive currently!
| |
| 10:12 | <elias_> alkisg: One can always use hw old enough so that the RAM is not compatible with new computers. :P
| |
| 10:12 | <alkisg> :)
| |
| 10:19 | <fiesh> surely you could just create a service that pings all clients continuously and fires off an alarm if one stops responding
| |
| 11:29 | <elias_> fiesh: In the case of theft you mean?
| |
| 11:29 | elias_ is now known as elias_a | |
| 11:36 | <elias_a> fiesh: If you mean that it does not solve anything. In the daytime the hw is gone long before the alarm has caused any action and during the night there have been alarm systems + security cameras and yet the hw has been stolen.
| |
| 11:45 | ricotz has joined IRC (ricotz!~ricotz@ubuntu/member/ricotz) | |
| 12:46 | <fiesh> elias_a: yes, ok, I think I'm probably not used to that kind of environment and can't judge these situations...
| |
| 18:15 | <elias_a> Oh - flesh has left the channel. I would have recommended trying the first of my blac humour PEN testing stunts: begin by stealing or disabling the correct CCTV cameras. :D
| |
| 18:15 | vagrantc has joined IRC (vagrantc!~vagrant@2600:3c01:e000:21:7:77:0:50) | |
| 18:35 | ricotz has left IRC (ricotz!~ricotz@ubuntu/member/ricotz, Quit: Leaving) | |
| 22:17 | elias_a has left IRC (elias_a!~elias@93.174.197.169, Ping timeout: 264 seconds) | |
| 22:20 | elias_a has joined IRC (elias_a!~elias@93.174.197.169) | |