Re: [smartos-discuss] named in CentOS 7.2 LX zone - won't start normally

2016-09-02 Thread Coy Hile 

> On Sep 2, 2016, at 4:00 PM, Chad M Stewart  wrote:
> 
> Thank you Jorge, that was exactly what I needed.  I learned more about 
> systemd as a result, though I still prefer SMF.  :)
> 

Who being considered compos mentis does not?

--
Coy Hile
coy.h...@coyhile.com



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] named in CentOS 7.2 LX zone - won't start normally

2016-09-02 Thread Chad M Stewart 
Thank you Jorge, that was exactly what I needed.  I learned more about systemd 
as a result, though I still prefer SMF.  :)


-Chad


> On Sep 2, 2016, at 2:18 PM, Jorge Schrauwen  wrote:
> 
> Setting 'PrivateTmp' to False might fix your problem, it causes problems for 
> other services too.
> E.g. the systemd-locald service.
> 
> You can look at /etc/systemd/system/systemd-localed.service.d/override.conf 
> for an example.
> 
> Regards
> 
> Jorge
> 



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] named in CentOS 7.2 LX zone - won't start normally

2016-09-02 Thread Jorge Schrauwen 
Setting 'PrivateTmp' to False might fix your problem, it causes problems 
for other services too.

E.g. the systemd-locald service.

You can look at 
/etc/systemd/system/systemd-localed.service.d/override.conf for an 
example.


Regards

Jorge



On 2016-09-02 21:15, Chad M Stewart wrote:

I’m trying to get Bind setup as a DNS server in an LX zone.  named
refuses to start using systemctl

SunOS confabulate 5.11 joyent_20160818T234814Z i86pc i386 i86pc

 "image_uuid": "07b33b7a-27a3-11e6-816f-df7d94eea009”,



Here is the start script (I have not changed it)


# cat /usr/lib/systemd/system/named.service
[Unit]
Description=Berkeley Internet Name Domain (DNS)
Wants=nss-lookup.target
Wants=named-setup-rndc.service
Before=nss-lookup.target
After=network.target
After=named-setup-rndc.service

[Service]
Type=forking
EnvironmentFile=-/etc/sysconfig/named
Environment=KRB5_KTNAME=/etc/named.keytab
PIDFile=/run/named/named.pid

ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; 
then /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking 
of zone files is disabled"; fi'

ExecStart=/usr/sbin/named -u named $OPTIONS

ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || 
/bin/kill -HUP $MAINPID'


ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill 
-TERM $MAINPID'


PrivateTmp=true

[Install]
WantedBy=multi-user.target




If I execute the ExecStartPre manually it works

# /bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then 
/usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of 
zone files is disabled"; fi'

zone localhost.localdomain/IN: loaded serial 0
zone localhost/IN: loaded serial 0
zone 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: 
loaded serial 0

zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
zone 0.in-addr.arpa/IN: loaded serial 0
zone family.lan/IN: loaded serial 2016083123
zone 0.0.10.in-addr.arpa/IN: loaded serial 2016083120



When I try to start it normally


# systemctl start named
Job for named.service failed because the control process exited with 
error code. See "systemctl status named.service" and "journalctl -xe" 
for details.

[root@boot01 /]# systemctl status named
● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; 
vendor preset: disabled)
   Active: failed (Result: exit-code) since Fri 2016-09-02 19:11:59 
UTC; 5s ago
  Process: 98235 ExecStartPre=/bin/bash -c if [ ! 
"$DISABLE_ZONE_CHECKING" == "yes" ]; then /usr/sbin/named-checkconf -z 
/etc/named.conf; else echo "Checking of zone files is disabled"; fi 
(code=exited, status=226/NAMESPACE)



I can execute ExecStart and it works.  I suspect this is very specific
to LX as this same setup works fine on either bare metal or a
hypervisor environment.

Any ideas?

Thank you,
Chad




---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

[smartos-discuss] named in CentOS 7.2 LX zone - won't start normally

2016-09-02 Thread Chad M Stewart 
I’m trying to get Bind setup as a DNS server in an LX zone.  named refuses to 
start using systemctl

SunOS confabulate 5.11 joyent_20160818T234814Z i86pc i386 i86pc

 "image_uuid": "07b33b7a-27a3-11e6-816f-df7d94eea009”,



Here is the start script (I have not changed it)

> # cat /usr/lib/systemd/system/named.service
> [Unit]
> Description=Berkeley Internet Name Domain (DNS)
> Wants=nss-lookup.target
> Wants=named-setup-rndc.service
> Before=nss-lookup.target
> After=network.target
> After=named-setup-rndc.service
> 
> [Service]
> Type=forking
> EnvironmentFile=-/etc/sysconfig/named
> Environment=KRB5_KTNAME=/etc/named.keytab
> PIDFile=/run/named/named.pid
> 
> ExecStartPre=/bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then 
> /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone 
> files is disabled"; fi'
> ExecStart=/usr/sbin/named -u named $OPTIONS
> 
> ExecReload=/bin/sh -c '/usr/sbin/rndc reload > /dev/null 2>&1 || /bin/kill 
> -HUP $MAINPID'
> 
> ExecStop=/bin/sh -c '/usr/sbin/rndc stop > /dev/null 2>&1 || /bin/kill -TERM 
> $MAINPID'
> 
> PrivateTmp=true
> 
> [Install]
> WantedBy=multi-user.target
> 


If I execute the ExecStartPre manually it works

> # /bin/bash -c 'if [ ! "$DISABLE_ZONE_CHECKING" == "yes" ]; then 
> /usr/sbin/named-checkconf -z /etc/named.conf; else echo "Checking of zone 
> files is disabled"; fi'
> zone localhost.localdomain/IN: loaded serial 0
> zone localhost/IN: loaded serial 0
> zone 
> 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: 
> loaded serial 0
> zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
> zone 0.in-addr.arpa/IN: loaded serial 0
> zone family.lan/IN: loaded serial 2016083123
> zone 0.0.10.in-addr.arpa/IN: loaded serial 2016083120


When I try to start it normally

> # systemctl start named
> Job for named.service failed because the control process exited with error 
> code. See "systemctl status named.service" and "journalctl -xe" for details.
> [root@boot01 /]# systemctl status named
> ● named.service - Berkeley Internet Name Domain (DNS)
>Loaded: loaded (/usr/lib/systemd/system/named.service; disabled; vendor 
> preset: disabled)
>Active: failed (Result: exit-code) since Fri 2016-09-02 19:11:59 UTC; 5s 
> ago
>   Process: 98235 ExecStartPre=/bin/bash -c if [ ! "$DISABLE_ZONE_CHECKING" == 
> "yes" ]; then /usr/sbin/named-checkconf -z /etc/named.conf; else echo 
> "Checking of zone files is disabled"; fi (code=exited, status=226/NAMESPACE)


I can execute ExecStart and it works.  I suspect this is very specific to LX as 
this same setup works fine on either bare metal or a hypervisor environment.


Any ideas?

Thank you,
Chad





---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] SmartOS release-20160901

2016-09-02 Thread Robert Mustacchi 
On 9/2/16 5:19 , Fred Liu wrote:
> 
> 
>> -Original Message-
>> From: Trent Mick [mailto:trent.m...@joyent.com]
>> Sent: 星期五, 九月 02, 2016 6:11
>> To: smartos-discuss@lists.smartos.org
>> Subject: [smartos-discuss] SmartOS release-20160901
>>
>> Hello All,
>>
>> The latest bi-weekly "release" branch build of SmartOS is up:
>>
>> curl -C - -O
>> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest
>> .iso
>> curl -C - -O
>> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest
>> -USB.img.bz2
>> curl -C - -O
>> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.
>> vmwarevm.tar.bz2
>>
>> A generated changelog is here:
>>
>>
>> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#
>> 20160901T054050Z
>>
>> The full build bits directory, for those interested, is here in Manta:
>>
>> /Joyent_Dev/public/SmartOS/20160901T054050Z
>>
>>
>> # Highlights
>>
>> - platform: Substantial improvements for NVMe devices.
>> - platform: You can now use system() when using dtrace in lx-branded zones.
>>
>>
> 
> These improvements have got rid of the concerned checksum errors in my 
> verification. 
> That gives us more confidence on putting all-nvme-ssd from illumos on 
> tier-one storage.
> 
> Thanks for your fabulous job!

The credit for this should go to Hans Rosenfeld and Youzhong Yang.

Robert


---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Unable to restore VM with LOFSs configured

2016-09-02 Thread Jon Dison 
I just tried the operation again with the latest PI released yesterday and
am still having the same troubles.  Any ideas?

[root@x10slm /opt/backups]# cat lofstest | vmadm receive
Unable to complete install for 847ed527-c551-4a41-91bd-c9994d960fb4 zone is
still missing: 1 filesystems


On Fri, Aug 19, 2016 at 11:21 PM, Jon Dison  wrote:

> Yes it does show them.  If I could just get the VM state past "receiving"
> it would probably boot.
>
> On Fri, Aug 19, 2016 at 11:15 PM, Ian Collins 
> wrote:
>
>> On 08/20/16 03:00 PM, Jon Dison wrote:
>>
>> I "sent" a vm to a file with vmadm and got a resultant file that was the
>> size I expected, but when attempting to restore that file I get an error
>> that I assume points to the LOFS that was configured for that VM.
>>
>> [root@x10slm /opt/backups]# cat lofstest | vmadm receive
>>
>> Unable to complete install for 847ed527-c551-4a41-91bd-c9994d960fb4 zone
>> is still missing: 1 filesystems
>>
>>
>> And the VM was originally created with:
>>
>> "filesystems": [
>>
>> {
>>
>> "type": "lofs",
>>
>> "source": "/zones/lofs",
>>
>> "target": "/mnt/lofs"
>>
>> }
>>
>>
>> Which results in a VM that is forever receiving with seemingly no option
>> but to delete.
>>
>> [root@x10slm /opt]# vmadm list -cv
>>
>> UUID  TYPE  RAM  STATE
>> ALIAS
>>
>> ...
>>
>> 847ed527-c551-4a41-91bd-c9994d960fb4  LX2048 receiving
>> lofstest
>>
>>
>> Does
>>
>> vmadm get 847ed527-c551-4a41-91bd-c9994d960fb4 | json filesystems
>>
>> show the filesystems?
>>
>> If not you could try re-adding it win zoneadm.
>>
>> --
>> Ian.
>>
>> *smartos-discuss* | Archives
>> 
>>  |
>> Modify
>> 
>> Your Subscription 
>>
>
>



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

RE: [smartos-discuss] SmartOS release-20160901

2016-09-02 Thread Fred Liu 


> -Original Message-
> From: Trent Mick [mailto:trent.m...@joyent.com]
> Sent: 星期五, 九月 02, 2016 6:11
> To: smartos-discuss@lists.smartos.org
> Subject: [smartos-discuss] SmartOS release-20160901
> 
> Hello All,
> 
> The latest bi-weekly "release" branch build of SmartOS is up:
> 
> curl -C - -O
> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest
> .iso
> curl -C - -O
> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest
> -USB.img.bz2
> curl -C - -O
> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.
> vmwarevm.tar.bz2
> 
> A generated changelog is here:
> 
> 
> https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#
> 20160901T054050Z
> 
> The full build bits directory, for those interested, is here in Manta:
> 
> /Joyent_Dev/public/SmartOS/20160901T054050Z
> 
> 
> # Highlights
> 
> - platform: Substantial improvements for NVMe devices.
> - platform: You can now use system() when using dtrace in lx-branded zones.
> 
> 

These improvements have got rid of the concerned checksum errors in my 
verification. 
That gives us more confidence on putting all-nvme-ssd from illumos on tier-one 
storage.

Thanks for your fabulous job!


Fred 
> # General Info
> 
> Every second Thursday we roll a "release-MMDD" release branch and
> builds for SmartOS (and Triton DataCenter and Manta, as well).
> 
> Cheers,
> Trent, on behalf of the SmartOS developers https://smartos.org
> 
> 
> smartos-discuss | Archives
> 
> 
> | Modify
>  222-4dea25e5>  Your Subscription   


---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

RE: [smartos-discuss] Samsung 950 Pro on SmartOS?

2016-09-02 Thread Fred Liu 


> -Original Message-
> From: Fred Liu
> Sent: 星期三, 三月 09, 2016 13:02
> To: smartos-discuss@lists.smartos.org
> Cc: illumos-developer
> Subject: RE: [smartos-discuss] Samsung 950 Pro on SmartOS?
> 
> 
> 
> From: Dirk Steinberg [mailto:d...@steinbergnet.net]
> Sent: 星期三, 三月 09, 2016 0:06
> To: smartos-discuss@lists.smartos.org
> Subject: Re: [smartos-discuss] Samsung 950 Pro on SmartOS?
> 
> 
> Am 07.03.2016 um 06:48 schrieb Fred Liu :
> 
> 
> 2016-03-05 21:19 GMT+08:00 Dirk Steinberg :
> > Apart from that: is NVMe support in SmartOS considered stable?
> 
> 
> There is driver support for it in the system. I have not heard many
> reports positively or negatively about it.
> 
> [Fred]: I am testing some Intel P3600 NVMe SSD. In normal workload, they just
> work . But in burning mode like continuous scrubbings, I have got lots of
> checksum errors. And I tested the same scrubbings under Linux, no checksum
> errors were found.
> Fred
> 
> Hi Fred,
> 
> do you attribute these errors to the SmartOS NVMe driver?
> Sounds like it since you are saying that the same SSD works under Linux.
> 
> So have you given up on NVMe on SmartOS?
> 
> [Fred]: I personally attribute those errors to the immaturity of the NVMe 
> driver
> in Illumos. But that  is not so severe based on the fact that there are no
> substantial data loss with those checksum errors.
> I used to get some some kernel panics under "too may check sum erros" and
> after disabling "sha512|skeun|edonr" checksum algorithm, the server has
> been running well for more than two weeks.
> It looks like "sha512|skeun|edonr" checksum algorithm still has some glitches.
> 
> Thanks.
>

[Fred]: With the patch 7321 (https://www.illumos.org/issues/7312), I can 
confirm these checksum errors are all gone.


Thanks.

Fred 
> 
> Sorry, I am not quite sure what you are trying to tell me.
> 
> I am running the sha512 hash on a regular disk pool without problems. I have
> also
> run a number of scrubs. I assume the the sha512 hash is working correctly.
> If I had a ton of checksum errors from ZFS I would be VERY concerned.
> Just turning off the checksum may not be the solution…
> I do not think that a bug in sha512 is generating these.
> 
> Also, what do you mean by „no substantial data loss“? Either there is
> data loss or there is no data loss. My policy here is that even a single
> bit of data loss is not acceptable. This is why ZFS goes to all the
> effort of using strong checksums and redundancy and scrubbing and so on…
> 
> If you are willing to accept „some nonsubstantial data loss“ and turn
> of checksums so as not to be bothered by all these checksum errors
> there is not much point in using ZFS in the first place!
> 
> Am I understanding something incorrectly?
> 
> [Fred]: "NVMe support" and "[sha512|skein|edonr] hash algorithm" are the
> major spot-lights
>  of Illumos in 2015. I am running 20160218T022556Z now. Disabling
> "sha512|skein|edonr"
>  doesn't mean setting "checksum=off". In default("checksum=on"),
> zfs automatically
>  selects an appropriate algorithm if these
> features("[sha512|skein|edonr]") are enabled.
>  I met random server reboots(triggered by zfs deadman) and panics.
> But I could not get
>  the nitty-gritty reason from core dump. And we do have very stable
> running of release of
>  2014. To reason by exclusive method, I recreated the zpool and set
> "checksum=sha256". And
>  till now the server has been running well at least for two weeks.
> This operation does
>  not intend to remove the *annoying* checksum errors.
>  As for "no substantial data loss", that means "zpool status" always
> show "errors: No known data errors" even with "too many checksum errors".
> 
> Thanks.
> 
> Fred


---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

Re: [smartos-discuss] Protection against DDoS

2016-09-02 Thread InterNetX - Juergen Gotteswinter 
dunno if it will work on solarish distributions, but i think it whould
be portable

https://github.com/pavel-odintsov/fastnetmon

Am 02.09.2016 um 09:00 schrieb Rohit Singh:
> Hi,
> 
> We've been using SmartOS since quite some while. Wanted to know if there
> are any tweaks/services that can help protect against tcp-syn type DDoS
> attacks ?
> 
> Regards
> *smartos-discuss* | Archives
> 
>  |
> Modify
> 
> Your Subscription [Powered by Listbox] 
> 


---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com

[smartos-discuss] Protection against DDoS

2016-09-02 Thread Rohit Singh 
Hi,

We've been using SmartOS since quite some while. Wanted to know if there
are any tweaks/services that can help protect against tcp-syn type DDoS
attacks ?

Regards



---
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com