Re: [arch-general] Server Management Tools
I like SaltStack. Chris Tonkinson https://chris.tonkinson.com/ 610.425.7807 "A good plan, violently executed now, is better than a perfect plan next week." -General George S. Patton, Jr. On 10/12/2017 12:00, David Rosenstrauch wrote: > On 2017-10-12 11:48 am, siefke_lis...@web.de wrote: >> Hello, >> >> Is there a way to automatically administer multiple arch Linux servers? >> It's annoying to provide 20 servers daily with the same commands. >> Are there possibilities to manage the daily tasks centrally and to >> set them off automatically? I know there are tools like puppets but >> they're too cluttered. >> >> Thank you for help. >> >> Silvio > > cron + pssh? signature.asc Description: OpenPGP digital signature
Re: [arch-general] HD Videos
Has your bandwidth changed (downward) recently? If I'm not mistaken, I believe Google represents available quality at least partially based on what they see as feasible for your connection [to them]. Chris Tonkinson 610.425.7807 GPG Key Fingerprint: 9120 D63D BB2E 8370 7023 C002 7145 1F95 18B3 E7A2 Lead, follow, or get out of the way. -Thomas Paine On 10/09/2014 11:05 AM, Heiko Becker wrote: i7 Processor, 16GB RAM, nVidia GTX 850M On 10/09/2014 04:54 PM, Mark Lee wrote: To Heiko, What are your laptop specs? Regards, Mark On 10/09/2014 10:47 AM, Heiko Becker wrote: Helo everyone, since some weeks I have a new laptop. Until now everything seemed to work fine. But I can't get youtube to play videos better than 360p, which s quite ugly. Does anyone have a hint on this? I installed flasplayer from adobe and gst-plugins-base/bad/ugly. Best, Heiko signature.asc Description: OpenPGP digital signature
[arch-general] ZFS, dm-crypt, and systemd
Can anyone provide a reference to documentation on how to configure systemd to mount all dm-crypt devices in /etc/crypttab prior to importing ZFS pools on boot? (zfs-git, not zfs-fuse) Thanks! -Chris -- Chris Tonkinson 610.425.7807 Lead, follow, or get out of the way. -Thomas Paine signature.asc Description: OpenPGP digital signature
Re: [arch-general] ZFS, dm-crypt, and systemd
On 07/10/2014 08:49 AM, Chris Tonkinson wrote: configure systemd to mount all dm-crypt devices For what it's worth, I should note I'm using LUKS. signature.asc Description: OpenPGP digital signature
[arch-general] misconfigured systemd dependencies
Hello, I have a LUKS drive (called locker-1), which is necessary to be properly mounted before ZFS can import my pool on boot. I believe systemd needs to be explicitly configured to mount dm-crypt devices before doing anything ZFS-related, but I'm relatively new to working with systemd so I'm stuck on the implementation. I believe the following is revelant configuration information: ~ $ systemctl list-units | grep crypt\|zfs systemd-cryptsetup@locker\x2d1.service loaded active exited ... zfs-import-cache.serviceloaded active exited ... zfs-mount.service loaded active exited ... zfs-share.service loaded active exited ... system-systemd\x2dcryptsetup.slice loaded active active ... cryptsetup.target loaded active active ... zfs.target loaded active active ... ~ $ find /usr/lib/systemd/ -name *crypt* /usr/lib/systemd/system-generators/systemd-cryptsetup-generator /usr/lib/systemd/systemd-cryptsetup /usr/lib/systemd/system/cryptsetup.target /usr/lib/systemd/system/sysinit.target.wants/cryptsetup.target ~ $ find /usr/lib/systemd/ -name *zfs* /usr/lib/systemd/system-preset/50-zfs.preset /usr/lib/systemd/system/zfs.target /usr/lib/systemd/system/zfs-share.service /usr/lib/systemd/system/zfs-import-cache.service /usr/lib/systemd/system/zfs-import-scan.service /usr/lib/systemd/system/zfs-mount.service Based on my limited understanding of systemd dependency resolution from [1], I created a custom file to force ZFS to depend on my LUKS device: ~ $ cat /etc/systemd/system/zfs-import-cache.service.d/luks.conf [Unit] Requires=systemd-cryptsetup@locker\x2d1.service After=systemd-cryptsetup@locker\x2d1.service I rebooted and no joy, though `systemd-delta` does see the override: ~ $ systemd-delta [EXTENDED] /run/systemd/system/session-c2.scope → /run/systemd/system/session-c2.scope.d/90-SendSIGHUP.conf [EXTENDED] /run/systemd/system/session-c2.scope → /run/systemd/system/session-c2.scope.d/90-After-systemd-user-sessions\x2eservic [EXTENDED] /run/systemd/system/session-c2.scope → /run/systemd/system/session-c2.scope.d/90-After-systemd-logind\x2eservice.conf [EXTENDED] /run/systemd/system/session-c2.scope → /run/systemd/system/session-c2.scope.d/90-Description.conf [EXTENDED] /run/systemd/system/session-c2.scope → /run/systemd/system/session-c2.scope.d/90-Slice.conf [EXTENDED] /usr/lib/systemd/system/zfs-import-cache.service → /etc/systemd/system/zfs-import-cache.service.d/luks.conf Looking back, I notice that ZFS has definitions for both importing via cache or scan, so I duplicated this override for `zfs-import-scan.service` and get the same result. Oddly (to me), the boot log shows ZFS inner workings, but nothing about dm-crypt: ~ $ journalctl -b | grep 'zed\[' Jul 09 05:20:03 vigilance.thetonk.net zed[720]: ZFS Event Daemon 0.6.3-1 Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Processing events since eid=0 Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Invoking all-syslog.sh eid=1 pid=726 Jul 09 05:20:03 vigilance.thetonk.net zed[727]: eid=1 class=statechange Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Finished all-syslog.sh eid=1 pid=726 exit=0 Jul 09 05:20:03 vigilance.thetonk.net zed[720]: Invoking all-syslog.sh eid=2 pid=729 ... ~ $ journalctl -b | grep 'crypt' ~ $ Any advice would be greatly appreciated. For what it's worth, this is just the first drive of six (I'm in the process of encrypting my RAID-Z2 pool in-place) so the DRYest-configuration solution is optimal but at this point I'll take what I can get. [1]: https://wiki.archlinux.org/index.php/Systemd#Editing_provided_unit_files Cheers, -Chris PS: The only thing that sticks out at me visually at this point is that \x2d in places; is the inclusion of a hyphen in my LUKS device name causing problems? It seems like systemd sometimes? does magic with hyphens and paths, which is why I assume it's being encoded but I figure I would ask. -- Chris Tonkinson 610.425.7807 Lead, follow, or get out of the way. -Thomas Paine signature.asc Description: OpenPGP digital signature
Re: [arch-general] misconfigured systemd dependencies
On 07/09/2014 05:59 AM, Chris Tonkinson wrote: Hello, I have a LUKS drive (called locker-1), which is necessary to be properly mounted before ZFS can import my pool on boot. I believe systemd needs to be explicitly configured to mount dm-crypt devices before doing anything ZFS-related, but I'm relatively new to working with systemd so I'm stuck on the implementation. I believe the following is revelant configuration information: Based on some additional reading[1] about `/etc/crypttab` I tried adding `encrypt` as a mkinitcpio HOOK (just before `filesystem`) but it didn't seem to make any difference. The mentioned reading was fairly specific to encrypted root partitions, but I thought it might also apply to other volumes. Not so. [1]: https://wiki.archlinux.org/index.php/Dm-crypt/System_configuration#crypttab Cheers, -Chris signature.asc Description: OpenPGP digital signature
Re: [arch-general] python2-lockfile signature failure
I had to modify the default signature verification in `/etc/pacman.conf` to SigLevel = Required DatabaseOptional TrustAll and now it's looking good. FYI, turns out this wasn't enough for all cases. No combination of signature levels, updating mirrors/databases, clearing /etc/pacman.d/gnupg/, or running `pacman-key --init` made a difference. On both installs of new packages, and updates of existing software, I would continually be plagued with: :: Import PGP key 2048R/, A B a...@archlinux.org, created: -MM-DD? [Y/n] And answering Y resulted in: error: required key missing from keyring error: failed to commit transaction (unexpected error) Finally, `pacman-key --populate` causes everything to resume working as before (that is to say, without any key prompting - official repos or otherwise). This is slightly surprising to me because I've never needed to run this in the past (but have been managing this particular new installation with Puppet, so I'm willing to blame that). Cheers! -Chris Chris Tonkinson 610.425.7807 Work as if you were to live a hundred years. Pray as if you were to die tomorrow. -Benjamin Franklin signature.asc Description: OpenPGP digital signature
[arch-general] python2-lockfile signature failure
Having just refreshed my desktop system with a clean Arch install, I am seeing a signature failure in the python2-lockfile package (dependency for duplicity). Is anyone else seeing this? `pacman --debug` isn't giving me any additional useful information that I can see. Where might I look next? Here's my output: $ sudo pacman -S duplicity resolving dependencies... looking for inter-conflicts... Packages (6): librsync-0.9.7-7 ncftp-3.2.5-4 python2-ecdsa-0.11-2 python2-lockfile-0.9.1-1 python2-paramiko-1.14.0-1 duplicity-0.6.24-1 Total Download Size:0.01 MiB Total Installed Size: 6.13 MiB :: Proceed with installation? [Y/n] :: Retrieving packages ... python2-lockfile-0.9.1-1-any 11.9 KiB 0.00B/s 00:00 [] 100% (6/6) checking keys in keyring [] 100% (6/6) checking package integrity [] 100% error: python2-lockfile: signature from Thorsten Töpper atsut...@freethoughts.de is unknown trust :: File /var/cache/pacman/pkg/python2-lockfile-0.9.1-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package) Errors occurred, no packages were upgraded. 545 chris@vigilance tnet $ Cheers, -Chris -- Chris Tonkinson 610.425.7807 Work as if you were to live a hundred years. Pray as if you were to die tomorrow. -Benjamin Franklin signature.asc Description: OpenPGP digital signature
Re: [arch-general] python2-lockfile signature failure
Thanks Michael. After having cleared local keys and running `pacman-key --init` I began seeing even more of these unknown trust errors. As you recommend, I had to modify the default signature verification in `/etc/pacman.conf` to SigLevel = Required DatabaseOptional TrustAll and now it's looking good. Cheers! -Chris Chris Tonkinson 610.425.7807 Work as if you were to live a hundred years. Pray as if you were to die tomorrow. -Benjamin Franklin On 06/09/2014 10:38 AM, Michael Boyle wrote: I would check your pacman.conf and make sure you put your siglevels back. They aren't there by default any more. — Sent from Mailbox On Mon, Jun 9, 2014 at 7:31 AM, Chris Tonkinson ch...@masterbran.ch wrote: Having just refreshed my desktop system with a clean Arch install, I am seeing a signature failure in the python2-lockfile package (dependency for duplicity). Is anyone else seeing this? `pacman --debug` isn't giving me any additional useful information that I can see. Where might I look next? Here's my output: $ sudo pacman -S duplicity resolving dependencies... looking for inter-conflicts... Packages (6): librsync-0.9.7-7 ncftp-3.2.5-4 python2-ecdsa-0.11-2 python2-lockfile-0.9.1-1 python2-paramiko-1.14.0-1 duplicity-0.6.24-1 Total Download Size:0.01 MiB Total Installed Size: 6.13 MiB :: Proceed with installation? [Y/n] :: Retrieving packages ... python2-lockfile-0.9.1-1-any 11.9 KiB 0.00B/s 00:00 [] 100% (6/6) checking keys in keyring [] 100% (6/6) checking package integrity [] 100% error: python2-lockfile: signature from Thorsten Töpper atsut...@freethoughts.de is unknown trust :: File /var/cache/pacman/pkg/python2-lockfile-0.9.1-1-any.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)). Do you want to delete it? [Y/n] error: failed to commit transaction (invalid or corrupted package) Errors occurred, no packages were upgraded. 545 chris@vigilance tnet $ Cheers, -Chris -- Chris Tonkinson 610.425.7807 Work as if you were to live a hundred years. Pray as if you were to die tomorrow. -Benjamin Franklin signature.asc Description: OpenPGP digital signature
Re: [arch-general] Evolution
provide Evolution 3.10.4 by the Arch repository You can use pbrisbin's downgrade script if it's such a problem. It is available in the AUR (https://aur.archlinux.org/packages/downgrade/). Cheers! Chris Tonkinson 610.425.7807 Work as if you were to live a hundred years. Pray as if you were to die tomorrow. -Benjamin Franklin signature.asc Description: OpenPGP digital signature