|
So, I spent the last weekend trying out microos on my new practice machine.It is pretty cool. Switching to the transactional mode worked well and was easy. SE-Linux on the other hand does not work well and is not easy. I suspect I have to give up on using rootless podman, or switch off SELinux. Or spend a stupid amount of time learning that stuff. Considering that microos had defaulted to reserve 400Gb for root containers and 20Gb for home including rootless containers, I can guess what they want. Though that isn't documented anywhere. Speaking of stupid time, I also finally managed to get quadlets to function well enough to start understanding them. After around 2 years of bouncing off their terrible documentation. They are pretty cool, and probably even more fun for those people who actually remember the systemd syntax. I still don't understand why I had to convert my self-built container to a kube instead of a container. And I don't understand how or even if I can use other backends with the volume unit system.
|
# ? May 6, 2024 19:18 |
|
|
# ? May 31, 2024 02:17 |
|
On a related note, I've been playing with podman on FreeBSD. It seems very close to usable - random linux containers will fail at step 4/11 when pulling them, and then the same container works fine if I build it locally. The truly custom things, like the ZFS storage backend, seem to work fine? Of course I did all this in service of booting Fedora CoreOS over PXE because I want to test running a small cluster on our retired servers and workstations - but that doesn't mean I can't use FreeBSD as the DHCP/DNS/PXE server.
|
# ? May 6, 2024 22:02 |
|
The biggest downside to podman is it's still in rapid development and has a lot of quirks and poor documentation. Early on it was pretty clearly a gateway drug into k8s (that redhat hoped they could turn into an openshift sale) but that's tapered recently. With RHEL9 and derivatives it's a pretty painless container service. I like it a lot more than docker (which is still totally fine, it just feels like it's getting crushed under the weight of its age). Quadlets are a really cool idea.
|
# ? May 6, 2024 22:15 |
|
xzzy posted:Quadlets Oh, rad, this will let me get rid of runit and my dozen+ permutations of a "run this container in podman" startup script.
|
# ? May 6, 2024 22:28 |
VictualSquid posted:So, I spent the last weekend trying out microos on my new practice machine.It is pretty cool. Switching to the transactional mode worked well and was easy. I really recommend against turning off SELinux. If you do you can never turn it back on. Just use the code:
|
|
# ? May 6, 2024 22:31 |
|
I even have users using quadlets to run rootless elasticsearch containers. The best of all worlds.. I don't have to keep ES running, and I don't have to give out root so they can maintain it.
|
# ? May 6, 2024 22:33 |
Quadlet has undergone a lot of improvement lately. The most recent version of podman should let you define pods for quadlets without having to use kube files. Which makes it dramatically easier to group a stack of containers that need to work together nicely.
|
|
# ? May 6, 2024 22:45 |
|
I'm excited to see that Linux 6.9 will have support for larger console fonts. Is it possible to see if 6.9 actually includes the larger fonts or is it up to someone else (distros?) to provide them now that the support is there? https://www.phoronix.com/news/Linux-6.9-Larger-FBCON-Fonts
|
# ? May 6, 2024 22:54 |
|
VictualSquid posted:SE-Linux on the other hand does not work well and is not easy. I suspect I have to give up on using rootless podman, or switch off SELinux. Or spend a stupid amount of time learning that stuff. Considering that microos had defaulted to reserve 400Gb for root containers and 20Gb for home including rootless containers, I can guess what they want. Though that isn't documented anywhere. Do you want to learn SElinux in particular? It looks like microos can use either SE or apparmor, and normally uses apparmor (also what suse defaults to for their other distros). The "container host" role is what picks SE. And if you picked container host that also might be why the storage reserve. Mantle posted:I'm excited to see that Linux 6.9 will have support for larger console fonts. Is it possible to see if 6.9 actually includes the larger fonts or is it up to someone else (distros?) to provide them now that the support is there? It'll be up to distros to ship bigger fonts (easy enough, for high-res fonts you can just bitmap a real font). And then it'll be up to you to set one of the new big fonts to be used.
|
# ? May 6, 2024 23:23 |
|
Nitrousoxide posted:Quadlet has undergone a lot of improvement lately. The most recent version of podman should let you define pods for quadlets without having to use kube files. Which makes it dramatically easier to group a stack of containers that need to work together nicely. I've been migrating over from compose files to quadlet pods lately and it's amazing how painless it is.
|
# ? May 7, 2024 01:23 |
|
The systemd dependencies you can set up are super slick too. Tired of nginx barfing because a reverse proxy backend isn't running? Systemd will start that for you. By far my biggest complaint is that rhel9 has deprecated iptables and podman doesn't speak nftables yet. Everything works but it makes managing rules a stupid(er) chore because we converted all our configuration management to use nftables.
|
# ? May 7, 2024 01:59 |
Inceltown posted:I've been migrating over from compose files to quadlet pods lately and it's amazing how painless it is. I like how it handles auto-updates too. Brings down the current container, pulls the new one, spins it up then, and most importantly, if the healthcheck for the container fails, rolls back to the previous image for the container. Obviously things could still be wrong in a way that don't completely bork the container after an update, but that check is already significantly superior to updates that docker does.
|
|
# ? May 7, 2024 02:05 |
|
You guys are really starting to sell me on podman over docker for my fast-approaching server build
|
# ? May 7, 2024 02:07 |
|
FAT32 SHAMER posted:You guys are really starting to sell me on podman over docker for my fast-approaching server build
|
# ? May 7, 2024 02:32 |
|
Computer viking posted:For which combination of OSes? BlankSystemDaemon posted:As computer viking was hinting, it's gonna depend on the OS. Sorry for abandoning this, I figured it out. And, for the record, Rocky Linux 8.9 on both server and client. I eventually figured it out. It was easy, actually, I think I got fooled by a combination of inexperience, firewall rules and services not being started. Full solution here: https://serverfault.com/a/1158965/600891
|
# ? May 7, 2024 07:08 |
|
Klyith posted:Do you want to learn SElinux in particular? It looks like microos can use either SE or apparmor, and normally uses apparmor (also what suse defaults to for their other distros). The "container host" role is what picks SE. Yes I picked container host. Though like I said I was mostly surprised that it ships with podman in a configuration that makes rootless hard. When I moved the rootless container storage to /var I needed to copy some selinux rules. So I assumed it was selinux. Unless those commands are identical.
|
# ? May 7, 2024 09:47 |
|
FAT32 SHAMER posted:You guys are really starting to sell me on podman over docker for my fast-approaching server build Do it. I was using an app called podlet to convert my commands to quadlets and it worked great. Use it before it becomes outdated. Just remember to set the install option. Which doesn't do what you think, it enables the quadlets. E: add Android's spellcheck to people who hate podman and quadlets. VictualSquid fucked around with this message at 09:55 on May 7, 2024 |
# ? May 7, 2024 09:52 |
|
VictualSquid posted:SE-Linux on the other hand does not work well and is not easy. I suspect I have to give up on using rootless podman, or switch off SELinux. Nitrousoxide posted:Just use the The only thing I ever had to do was add ":z" at the end of bind mounts, and that took care of SELinux.
|
# ? May 7, 2024 13:27 |
That usually works yeah. Though if you want to do certain things like mount all of /home/$USER SELinux will refuse and you have to tell it to gently caress off for this container. Edit: variables for the mount path can also demand that too like pwd if you want a container to manipulate some file in the current directory since you don't know what SELinux flags would be set for an arbitrary directory on your system. Nitrousoxide fucked around with this message at 13:45 on May 7, 2024 |
|
# ? May 7, 2024 13:42 |
|
NihilCredo posted:The only thing I ever had to do was add ":z" at the end of bind mounts, and that took care of SELinux. LET ME TELL YOU A STORY So we had this 3.2PB cephfs with user home directories in it, and we were trying to spin up a sort of "Shell As A Service" that users could provision to do science or whatever they want, with their home directory mounted. Turns out Docker, even with :z, will do a recursive directory listing to "fix" SELinux contexts (or whatever they're called) on files. There is no option to disable this behavior, it's hard-coded. And that is why it took 16 hours to spin up a shell until we disabled SELinux.
|
# ? May 7, 2024 15:51 |
|
I worked at a place that similar program, developers could click a button on a website and in a few minutes they'd get an ip address to vnc/ssh to with a pre-prepared checkout of all the source code, tools, etc. It used lxc I think
|
# ? May 7, 2024 18:08 |
|
So it seems one of my external hard drives has given up the ghost. I have backups so no worries. What i'm trying to learn here, instead, is how I would be supposed to diagnose it. The drive appears in lsusb but doesn't make it to lsblk, which is why I figure it for a hardware issue. Dmesg gives pretty clear logs, except for one thing - how am I supposed to find out what error code -71 stands for? All I found while googling was this ancient thread where the guy only got anywhere by finding the source code for the drivers and finding a luckily commented enum. Is that still the way to go in 2024? It would be really nice if I could, for example, judge whether it could be a problem with the SATA drive or with the SATA-USB connector. quote:[21625.541276] usb 2-2: new SuperSpeed USB device number 18 using xhci_hcd
|
# ? May 7, 2024 19:02 |
|
NihilCredo posted:So it seems one of my external hard drives has given up the ghost. I have backups so no worries. What i'm trying to learn here, instead, is how I would be supposed to diagnose it. The drive appears in lsusb but doesn't make it to lsblk, which is why I figure it for a hardware issue. It doesn't really matter, the interesting stuff is the text of the message and all the surrounding messages. The USB stack is complaining that it can't talk to the device. (You look for 71 in /usr/include/errno.h and follow the includes to /usr/include/asm-generic/errno.h and /usr/include/asm-generic/errno.h and see that is EPROTO.)
|
# ? May 7, 2024 19:13 |
|
NihilCredo posted:So it seems one of my external hard drives has given up the ghost. I have backups so no worries. What i'm trying to learn here, instead, is how I would be supposed to diagnose it. The drive appears in lsusb but doesn't make it to lsblk, which is why I figure it for a hardware issue. I'm able to see a lot more results on google, but being selective about quotes with search terms. linux usb "error -71" gives a bunch of miscellaneous plausible stuff like: https://daniel-lange.com/archives/183-Linux-kernel-USB-errors-71-and-110.html https://askubuntu.com/questions/262141/usb-error-71-eproto-with-a-gamepad and "device not accepting address" has: https://paulphilippov.com/articles/how-to-fix-device-not-accepting-address-error From which I'd say that not all hope is lost. Plausibly you just need to try a different USB port, if you used one that doesn't have enough juice to spin up a full-size HDD -- that model doesn't have an external power brick right? Does the drive actually spin up? Also plausible that the controller is bad but the drive inside the box is ok. I think I'd expect a dead HDD in an external box to not fail like that. Like, if the controller is ok it should be able to negotiate a connection, but then mounting the drive would fail. Unless maybe the drive failed so badly that the motor is hosed and trying to spin it makes the controller brown out or something.
|
# ? May 7, 2024 19:24 |
|
pseudorandom name posted:It doesn't really matter, the interesting stuff is the text of the message and all the surrounding messages. The USB stack is complaining that it can't talk to the device. Thanks! So is it safe to assume that those error codes are standardized and anything from the kernel (i.e. all drivers) will use them? I thought every driver would have their own set, or at least specific to the device class they support. Klyith posted:From which I'd say that not all hope is lost. Plausibly you just need to try a different USB port, if you used one that doesn't have enough juice to spin up a full-size HDD -- that model doesn't have an external power brick right? Does the drive actually spin up? I happen to own a separate USB-SATA adapter (a powered one as well, to support 3.5" drives, even though the presumed-dead drive is 2.5"), so a few minutes ago I shucked the drive out and connected it using the other adapter. Still no go, although the dmesg log was a little different: quote:[23530.538228] usb 1-3: new high-speed USB device number 9 using xhci_hcd The drive also now appears in lsblk, but with 0MB capacity and fails to unlock with cryptsetup, so no good. I admit I'm a little surprised that the behaviour would change with a different adapter, but it still sounds like it has given up the ghost. It's not impossible (though unlikely) I might have damaged it further while shucking it out, too. The next step in a proper investigation ought to be trying the shucked adapter with a known-good drive, but I'm not gonna put more drives in harm's way until I've acquired a new backup.
|
# ? May 7, 2024 19:48 |
|
NihilCredo posted:I happen to own a separate USB-SATA adapter (a powered one as well, to support 3.5" drives, even though the presumed-dead drive is 2.5"), so a few minutes ago I shucked the drive out and connected it using the other adapter. Still no go, although the dmesg log was a little different: That might be responsive enough to get smartctl to read from it, if you were interested in a post-mortem. (Though it's also pretty much a coin-flip whether a drive-killing problem shows up in smart. Spinning rust, what a medium.) NihilCredo posted:The next step in a proper investigation ought to be trying the shucked adapter with a known-good drive, but I'm not gonna put more drives in harm's way until I've acquired a new backup. Eh probably not worth it, trash both.
|
# ? May 7, 2024 20:05 |
|
NihilCredo posted:Thanks! So is it safe to assume that those error codes are standardized and anything from the kernel (i.e. all drivers) will use them? I thought every driver would have their own set, or at least specific to the device class they support. Nope, the numbers have an assigned name and sort of have a meaning, but what individual drivers or subsystems actually use them to signify (or whether they use them at all) is entirely up to them.
|
# ? May 7, 2024 21:51 |
|
not every error code is meant to be mapped to errno.h. that’s really just for the kernel and libc
|
# ? May 7, 2024 23:10 |
|
I'm new to Linux and installed Mint on my new laptop as a means of getting to know it better. I dabbled with it before on our media box but I'm hoping to get a little more into it with the laptop, especially since the laptop is gaming-capable. How do I see what has woken the laptop from suspend? I got a Framework 16 laptop and I am not sure if this is a Framework issue or a Linux issue, but I figured I would start with the software side of things. I put Mint v21.3 edge on it (edge was recommended because the hardware in the laptop might be too new) and everything seems to be working fine (there are a few error messages that seem to be related to drivers that will be fixed as soon as Mint moves to the next kernel, but otherwise no issues), but the laptop is really warm when in suspend, which means my cat goes out of her way to hunt it down and sit upon it, and I've noticed it makes the 'connected to wifi' beep when she sits on the lid, so I think it's being woken out of suspend when it's jiggled by her fat furry butt. I'm trying to figure out if that's a Linux thing with suspend being too sensitive to being woken, or if it's a hardware thing with the lid sensor maybe. I installed TLP and it does seem to be cooler on suspend now. I turned it on and it was 19 degrees which was room temp (warmed to 40 after a bit of browsing) so I think it had a proper suspend cycle that time. I considered just switching to hibernate, but then I looked at how to enable that in Mint and it kinda scared me
|
# ? May 8, 2024 14:39 |
|
Tagra posted:I'm trying to figure out if that's a Linux thing with suspend being too sensitive to being woken, or if it's a hardware thing with the lid sensor maybe. The problem is that the normal version of suspend we're used to (S3, memory left active and CPU and peripherals shut down) is being eliminated and replaced by "Modern Standby" which leaves the CPU and everything else (including wifi) tuned on, but is supposed to put all hardware in the lowest power state. This doesn't always work great on Windows, and is much worse on Linux. (sorry for linking LTT blech) But even when Modern Standby is working properly it consumes more power than S3, so it's very much supposed to be used with hibernate as the "real" sleep. Tagra posted:I considered just switching to hibernate, but then I looked at how to enable that in Mint and it kinda scared me The main guide for a default install is very copy and paste, you don't need to make any decisions other than what size to make the swap. Should be foolproof. Also as a general thing Mint is not great for brand-new hardware like a new laptop. Mint is a "stable" distro which means it's normally using older versions of the kernel and other system software, which may not have great support for newer hardware. I'd probably recommend Fedora on a new laptop, it's not quite as noob-friendly as Mint but isn't crazy. And even Mint can't make troubleshooting hardware problems on linux noob-friendly. You're into command line poo poo no matter what.
|
# ? May 8, 2024 15:57 |
|
Another reason to choose Fedora is that it is an officially supported distro for the Framework 16. You'll be able to get support and find more people with the same problems as you in the forums.
|
# ? May 8, 2024 17:27 |
|
I have a very dumb problem with my very weird machine. It's an IBM Power9 in a Raptor Computing motherboard, 32GB RAM, Radeon RX 6600, running Fedora 40. On ppc64le it defaults to GNOME, but I install Xfce immediately after first boot and use it more than 90% of the time. For some reason, when I installed the (currently broken) Chromium available in the default repos, it assumed I wanted to use it to open most of my images. I uninstalled Chromium shortly afterward, and when I went to open an image in the default GNOME Image Viewer, I get this charming little error: This also causes SELinux to catch three errors: 1. Source process systemd-coredump attempted access sys_admin on capability (blank) 2. Source process abrt-dump-journal attempted access connectto on unix_stream_socket io.systemd.Home 3. Source process abrt-dump-journal attempted access connectto on unix_stream_socket io.systemd.Machine I'm just using Ristretto now and it's fine, but I hate having a "welp, that's broken, sucks" problem that's probably fairly easy to fix if you know the right procedure. Any ideas, goons?
|
# ? May 8, 2024 18:18 |
|
Hasturtium posted:I have a very dumb problem with my very weird machine. It's an IBM Power9 in a Raptor Computing motherboard, 32GB RAM, Radeon RX 6600, running Fedora 40. On ppc64le it defaults to GNOME, but I install Xfce immediately after first boot and use it more than 90% of the time. For some reason, when I installed the (currently broken) Chromium available in the default repos, it assumed I wanted to use it to open most of my images. I uninstalled Chromium shortly afterward, and when I went to open an image in the default GNOME Image Viewer, I get this charming little error:
|
# ? May 8, 2024 18:33 |
|
Vulture Culture posted:SELinux troubleshooting is never fun, and you basically have to learn all of it to fix any of it, but you can start by running audit2allow --why to get a half explanation of where your denials are coming from. Thank you. It appears to be staring into space with next to no CPU activity, but I'm going to let it sit and do that for a while, and then check in a bit later. edit: I profoundly hope this does not somehow have something to do with me using the non-free repos so video playback acceleration actually works...
|
# ? May 8, 2024 18:54 |
|
Are there any gotchas or things to look out for when installing Linux (Ubuntu) to a USB storage device (SATA drive in an enclosure, not a thumb drive)? I want to mess around with Linux on bare metal and I’m out of SATA ports on my main machine to put a new drive in and I don’t want to repartition my existing drives.
|
# ? May 8, 2024 19:41 |
|
Last Chance posted:Are there any gotchas or things to look out for when installing Linux (Ubuntu) to a USB storage device (SATA drive in an enclosure, not a thumb drive)?
|
# ? May 8, 2024 19:50 |
|
Vulture Culture posted:SELinux troubleshooting is never fun, and you basically have to learn all of it to fix any of it, but you can start by running audit2allow --why to get a half explanation of where your denials are coming from. Update: it sits and does nothing. After waiting for an hour, I’m inclined to see whether there is another option open to me.
|
# ? May 8, 2024 22:22 |
|
Oh that’s the great thing about Linux: there’s always another option available to you. (See thread title.)
|
# ? May 8, 2024 22:26 |
|
audit2allow reads stdin by default
|
# ? May 8, 2024 22:31 |
|
|
# ? May 31, 2024 02:17 |
|
Yeah, you'll want to add --all or whatever the option is called if you want it to process your historical audit logs
|
# ? May 8, 2024 22:33 |