Those of you who wrangle multiple operating systems are no doubt aware of
CVE-2018-5390 which was un-embargoed in the last couple of days.
Its main emphasis is on the vulnerability of certain Linux kernels in the 4.9
release to DoS attack via a computationally expensive TCP reassembly
Way out of date in the case of the IPv6 (I used to do it that way too!).
"nics": [
{
"nic_tag": "vlan",
"ips": [ "192.148.252.18/26", "2610:178:1:1:0:252:18:1/64" ],
"gateways": [ "192.148.252.1" ],
"vlan_id": 100
}
],
cheers,
-r
> On Jun
l disk is specified as the
> boot device.
>
> --
> Brian Bennett
> Systems Engineer, Cloud Operations
> Joyent, Inc. | www.joyent.com
>
>> On Jun 11, 2018, at 1:19 PM, Rob Seastrom wrote:
>>
>>
>> In a recent thread, Brian mentioned the
In a recent thread, Brian mentioned the "mini DHCP server" in the KVM brand
zone.
I had a couple of questions about that that have been rattling around in the
back of my head for a while...
First off, is there a way to turn this off and allow the guest in the KVM zone
to DHCP from another
> On Apr 21, 2018, at 3:52 PM, marco wrote:
>
> On Fri, Apr 20, 2018 at 08:50:37PM -0400, you (H. William Welliver III) sent
> the following to [smartos-discuss] :
>> Hi all,
>>
>> I’m having some trouble trying to set up some firewall rules on a IPv6
>> router
> On Apr 18, 2018, at 9:23 AM, Jussi Sallinen wrote:
>
> The actual email data resides in a delegated dataset mounted on /data.
Delegated or loopback-mounted? I loopback-mount my (persistent) email stuff on
/home.
-r
---
+1. I’ve tripped over this as well (not with docker but my letsencrypt certs
appear invalid from the global zone.
-r
> On Apr 18, 2018, at 07:01, Eugene Lee wrote:
>
> Hi,
>
> Is it possible to update the root CA certificate files installed in SmartOS?
> I am
Good, so long as it was intentional. :)
-r
> On Mar 9, 2018, at 6:25 PM, Marsell K wrote:
>
> That's partly it -- the OS group is currently focussed on KPTI, bhyve, and
> some surrounding technologies.
>
> The last releases were held off because of an odd shell script
It appears that the latest SmartOS versions linked from
https://download.joyent.com/pub/iso/ are 20180203T031130Z - have there been any
normal biweekly code drops in the almost five weeks since? Wondering if this
is something broken, intentional/spectre/meltdown-related, or what.
Cheers,
-r
My bad, shoulda read the entire thread to see Jonathan’s comment about 2014. :)
Sent from my iPad
> On Jan 20, 2018, at 15:12, Rob Seastrom <r...@rs.hmail.seastrom.com> wrote:
>
>
> Since this seems to be requests week, +1 on the request for S.M.A.R.T. tools.
> ;)
&
There's no svn or git in the global zone either... Those would be nice, but I
never thought to ask, just created an IPv6-only zone which holds the checked
out repos...
-r
> On Jan 19, 2018, at 7:10 AM, Jonathan Perkin wrote:
>
>> Background to this: before it got
> On Jan 8, 2018, at 3:43 PM, Brian Bennett wrote:
>
> While I am always a proponent of using IPv6 everywhere, you can use IPv6 in
> non-global zones without having IPv6 enabled in the global zone. Each zone
> has an exclusive IP stack.
Right. Shamefully enough
Just a shot in the dark here, but is it possible it's DHCPing to get its
netmask (don't know default behavior if you don't supply one)?
This is the admin_nic stanza from the SmartOS machine in the basement.
admin_nic=f4:ce:46:b0:39:7a
admin_ip=172.30.250.100
admin_netmask=255.255.254.0
Hi folks,
I suspect that most people who run host firewalls on LX zones are doing it from
Triton, but for those of us running LX zones under non-SDC SmartOS, it can be
appealing to get native ipfilter running from inside the zone, out of systemd
, so it can be managed by one's automation
Hi folks,
Quick look through the archives doesn't find anything so I figured I'd ask here
before trying to read the code...
The Intel 10ge NIC family has a rep for being picky about third party pluggable
optics that don't have the right vendor ID burned into them. In the Linux
ecosystem
> On Aug 22, 2017, at 10:43 PM, Micky wrote:
>
> Would be worthwhile CCing it to ha-proxy mailing list.
>
Yeah, I'll do that in the morning.
> I found this <1min:
> https://www.mail-archive.com/haproxy@formilux.org/msg27079.html
>
> :-)
Might or might not be the
On Aug 18, 2017, at 11:29 AM, Robert Mustacchi <r...@joyent.com> wrote:On 8/17/17 18:31 , Rob Seastrom wrote:Hi folks,I'm scratching my head over SmartOS on a DL360g6 which I've been trying to piece together for deployment in a remote datacenter (DR and DNS service), so it's smaller / less c
> On Aug 18, 2017, at 7:13 AM, Paul Sture <smar...@chingola.ch> wrote:
>
> On 18 Aug 2017, at 3:31, Rob Seastrom wrote:
>
>> OK, must be the disk subsystem right? Picked up some HP H220s (SAS2308 aka
>> 9207s) and reflashed to IT mode. System boots but throws
Hi folks,
I'm scratching my head over SmartOS on a DL360g6 which I've been trying to
piece together for deployment in a remote datacenter (DR and DNS service), so
it's smaller / less capable than the machines that I usually run.
Some time ago I tried running SmartOS on these machines with an
Haven't seen anyone here ask about Asterisk in a couple of years.
Our situation is that we're running a very long in the tooth release of
Astlinux on even more long in the tooth (PC Engines ALIX) hardware... oddly
enough that platform is still supported.
Needs are modest. Only a handful of
> On Feb 21, 2017, at 7:51 AM, Jonathan Perkin <jper...@joyent.com> wrote:
>
> * On 2017-02-21 at 12:29 GMT, Rob Seastrom wrote:
>
>> This morning I decided I'd try upgrading to whatever version of
>> Ansible pip gave me, which in this case was ansible 2.2
> On Feb 21, 2017, at 7:51 AM, Jonathan Perkin <jper...@joyent.com> wrote:
>
> * On 2017-02-21 at 12:29 GMT, Rob Seastrom wrote:
>
>> This morning I decided I'd try upgrading to whatever version of
>> Ansible pip gave me, which in this case was ansible 2.2
I've been "stuck" on Ansible 1.9.6 for several months now, due to some issues I
ran into with Ansible 2.0.0-alpha-something-or-other, which I figured would get
sorted out eventually.
This morning I decided I'd try upgrading to whatever version of Ansible pip
gave me, which in this case was
> On Dec 28, 2016, at 2:51 PM, Tiraen wrote:
>
> Demonstrating this to friends who are used to dealing with lesser hypervisors
> will shock and amaze them.
>
> Thank you, I appreciated the humor, but he was not out of place. If you did
> not work out, read the email
. I'll take care of pulling that in. Once that's done,
> your /etc/ipf/ipf6.conf file should get detected and loaded.
>
> - Cody
>
>
> On Tue, Nov 15, 2016 at 2:21 PM, Rob Seastrom <rs-li...@seastrom.com> wrote:
>>
>> Hi all,
>>
>> Apologies in
Hi all,
Apologies in advance for not actually getting my skills to a point where I can
just fix this myself and send a pr after all the help rm gave me a couple of
months ago. The autumn has been full of distractions.
IPv6 firewall isn't working for me, and I hope I've got enough information
On Nov 7, 2016, at 11:54 AM, Jesus Cea wrote:The problem is NFS4_DOMAIN. If not defined, it is generated from the DNS(reverse DNS mapping of the IP). The IP in the global zone is a publicIP with reverse mapping. The IP of the internal zone (in the etherstub)is in the private range
+1 - I've found lofs to be just the ticket for stuff like persistent /home.
Just works, no surprises.
-r
> On Oct 19, 2016, at 12:01 PM, Patrick O'Sullivan via smartos-discuss
> wrote:
>
> It might be helpful if you explain why you are using delegated
> On Sep 30, 2016, at 7:43 PM, Matthew Parsons
> wrote:
>
> FWIW, the main production workload that I will care about is a not-well
> threaded java server app, so single-threaded performance, coupled with a
> large-ish MySQL DB with frequent, random I/O both read
> On Sep 29, 2016, at 8:41 AM, Jonathan Perkin <jper...@joyent.com> wrote:
>
> * On 2016-09-29 at 13:29 BST, Rob Seastrom wrote:
>
>> Of course, now you have a problem: since you put the alias in
>> ~root/.bashrc, it will be gone after you reboot, becau
> On Sep 29, 2016, at 7:02 AM, the outsider wrote:
>
> It would be nice to have shutdown and/or reboot functions on the global zone
> protected with a yes/no option.
>
> It is just something to make the system fool proof, where sender considers
> himself foolish
>
I'm looking to make some trivial tweaks to the installer and offer them back,
but can't seem to figure out what the preferred mechanism is for this.
Being a github novice probably isn't helping. Past experience with vcses going
back as far as RCS and Projector and current use of svn and pf
to add a dual stack proxy to
> your infrastructure.
>
> --
> Brian Bennett
> Systems Engineer, Cloud Operations
> Joyent, Inc. | www.joyent.com
>
>> On Sep 3, 2016, at 5:40 PM, Rob Seastrom <rs-li...@seastrom.com> wrote:
>>
>> The LetsEncrypt folks recently
Has anyone else noticed that ziostat does not seem to be providing correct
rolling updates in current-ish SmartOS?
Behavior observed when running "ziostat -Z 5" on 20160804T173241Z was plausible
rollup stats on first output, and then zeroes for all metrics, even when
deliberately flogging the
> On Aug 10, 2016, at 8:53 PM, Robert Mustacchi <r...@joyent.com> wrote:
>
> On 8/10/16 6:54 , Rob Seastrom wrote:
>>
>> Apologies if a duplicate somehow makes it through; I accidentally sent
>> previously from my non-lists account (which is not subscribed)
Apologies if a duplicate somehow makes it through; I accidentally sent
previously from my non-lists account (which is not subscribed).
Back before you got much of an install-time layout choice on the zpool, I set
up some 1u machines with raidz2 on a 4 x LFF disk array by going behind
SmartOS'
> On Jul 20, 2016, at 11:34 PM, Ian Collins wrote:
>
> I am trying to configure am ARM cross-compiler environment (from
> yoctoproject.org) on an ubuntu 14.04 lx zone.
Last September I tried to do exactly this while at an internal conference at
work (RDK-B is
Actually you don't need to get away from running untagged on the admin
interface in order to get where I think you want to be.
Assuming that SmartOS doesn't barf and refuse "vlan_id": on the admin nic, it's
completely OK from a protocol perspective to simultaneously run native
(untagged) and
4:57 PM, Jason Schmidt <jason.schm...@joyent.com> wrote:
>
> Hi Rob,
>
> Can you please try again? We should be good now, but wanted to verify with
> you.
>
> Jay
>
>
> Rob Seastrom wrote:
>> Is images.joyent.com unhappy? I'm having trouble impor
Is images.joyent.com unhappy? I'm having trouble importing images from
multiple locations, on systems running both 20151015T063628Z and
20160218T022556Z.
Traceroute works, ping works, telnet to port 443 works... but no imgadm import
joy.
-r
[root@78-e3-b5-12-d6-e0 ~]# imgadm import
> On Feb 29, 2016, at 5:27 PM, Robert Mustacchi wrote:
>> I can see all traffic just fine when I run snoop in the global zone.
>>
>> A possible added difficulty is that the mirror port is spitting out 802.1q
>> tagged traffic. I was only getting the LLDP traffic between the
Hi folks,
Maybe my Google-fu is failing me (and searching my archives of this list has
failed me too)... but has anyone got a recipe for passing through a physical
NIC in a mode where it can go promiscuous mode to a SmartMachine? Is that even
possible with Crossbow in the middle?
Use case
42 matches
Mail list logo