johneyz | Is anyone of you guys running devuan servers long term? I was wondering what kind of VPS provider works well with devuan. | 05:07 |
---|---|---|
snork | johneyz, both https://www.racknerd.com/ and https://ulayer.net/ have allowed me to open a support ticket to have a custom ISO mounted. I just gave them a link to the ISO and they grabbed it for me. Ulayer (using Proxmox) is a bit more of a manual process but worked fine for me. | 05:13 |
snork | Having said that, I have also done Debian->Devuan migrations on various lesser-known VPS providers that I would say woked better on KVM rather than OVZ. | 05:14 |
rrq | johneyz: I'm using vultr.com, also custom ISO | 05:14 |
snork | I do believe that newer versions of OVZ may be less problematic with the Deb-Dev migration process. | 05:14 |
snork | I guess should also mention that my ULayer boxes are in Canada and my Racknerd stuff is in the US (in case that matters to you). | 05:16 |
onefang | I'm using YISP.nl for my Devuan package mirror server. | 05:18 |
johneyz | Very cool! @snork is there a reason why you are using multiple vps providers? I heard that vultr is pretty much set and forget but I never heard about the other options. | 05:18 |
fluffywolf | I have devuan on one of my linodes, upgraded from debian. however, now that linode has been bought by akamai, I am very reluctant to advise them to anyone. | 05:20 |
snork | Canadian VPSs are often more expensive than US ones [just because of scale I guess] and ULayer was willing to give me a bit of a bargain on Canadian VPSs because they are a privacy-centric provider and I am running dnscrypt.ca on them. However, Racknerd (I only have one VPS left with them) has small [1GB memory] boxes for like $10 a year. | 05:22 |
snork | ULayer is run by "a few friends" while Racknerd is a larger and more established organization like Vultr... and maybe not quite like Linode. :-) | 05:24 |
snork | If you have not heard of lowendbox.com you should at least check it out. Maybe try "small boxes" at a few providers to get a feel for who you want to go with. As long as they have Debian templates, the switch/migration to Devuan should not be terribly hard. | 05:26 |
snork | fluffywolf, did Linode allow you to mount a custom ISO or did you do the Deb->Dev migration path? | 05:29 |
johneyz | Thank you for all the resources! Are you running just devuan boxes or have you also experimented with other OSs? | 05:32 |
fluffywolf | I upgraded a linode that I'd had since before devuan existed. | 05:33 |
onefang | Mine started off as Ubuntu, then Debian, then Devuan. | 05:34 |
snork | I think a lot of the people around here have been fiddling with various OSs for a long time. Professionally I supported more Win95 through Win2008 than Linux/Unix... at home I have tried whatever I could get my paws on since the late 80's. | 05:36 |
snork | Side note: seriously, don't try TempleOS. :-) | 05:36 |
onefang | I've been a pro programmer and sysadmin since the late '70s, I have a LOT of experience with a lot of stuff. lol | 05:37 |
brocashelm | not me. i'm a youngin' still :) | 05:38 |
snork | beardo: noun, see onefang. :-) | 05:38 |
GoatAvenger | snork ? | 05:39 |
GoatAvenger | is it really you!? | 05:39 |
* snork nods | 05:39 | |
GoatAvenger | hah! | 05:39 |
GoatAvenger | wb man | 05:39 |
brocashelm | started with ubuntu (late 2015), went back to winblow$, went to mint (2017), then switched to devuan since 2020 when beowulf was released and it effectively ended my distrohopping ventures | 05:40 |
snork | Heh, I have been quietly hiding in #devuan-infra. | 05:40 |
brocashelm | the biggest irony is i've been running unstable far longer than stable | 05:40 |
brocashelm | but now i might switch to daedalus this time around | 05:40 |
GoatAvenger | snork, hmmm.. good to see ya mate :) | 05:40 |
snork | Thanks eh... seeing your name reminds me of a web site I should go look at to see what is new. | 05:41 |
* GoatAvenger chuckles | 05:41 | |
GoatAvenger | ok no more off-topic :< sorries mods | 05:41 |
onefang | That's what #devuan-offtopic is for. | 05:42 |
snork | Ultimately johneyz, I think the takeaway is that you'll find a lot of exerience in the room. | 05:43 |
johneyz | Thanks, I think TempleOS is gonna suit my needs. Just kidding, thanks for the input regarding all my questions. :-) | 05:47 |
Necrodiver | hey gnarface, thanks for all the help the other day. I ended up finding a cheap R7 260X, should be here tomorrow or the day after. | 08:38 |
u-amarsh04 | Necrodiver I'm still running an R7 250 in my "newer" machine | 10:59 |
systemdlete | Every so often, I find that rsyslog is still writing to the previous logs rather than the current logs. e.g., rsyslogd is writing to /var/log/something.log.1 rather than /var/log/something.log; I understand this is a consequence of logrotate. | 21:24 |
systemdlete | There is an issue open on this: https://github.com/rsyslog/rsyslog/issues/3952 | 21:24 |
systemdlete | However, their solution is for systemd; it is not generic. | 21:25 |
bgstack15 | logrotate is one of the biggest technical pains I've had to deal with in my career. | 21:26 |
systemdlete | I am very sorry for that bgstack15 | 21:26 |
systemdlete | It seems to work most of the time (I think; I've never looked very closely at this) | 21:26 |
bgstack15 | systemdlete: may I say then, it sounds like you did not have to use it extensively. | 21:27 |
bgstack15 | Half of it's difficulty is selinux, and the other half is correctly rotating arbitrary logs and triggering the offending apps in the manner each app tolerates. | 21:28 |
systemdlete | I've added some custom scripts to my rsyslog config for stuff I want to grab from the logs. But I have tried to follow the rules closely and I'm not doing anything silly like writing back to the logs themselvs | 21:28 |
bgstack15 | *its | 21:28 |
systemdlete | :) | 21:28 |
* systemdlete sees that bgstack15 is one of those people who actually knows the difference between its and it's | 21:29 | |
systemdlete | Is selinux really necessary? It seems like we have half a dozen different systems for securing files and processes on Linux | 21:29 |
systemdlete | I found selinux to be very confusing and difficult to clarify exactly what the results will be. | 21:30 |
bgstack15 | It simplifies matters to know that there's actually all sorts of rules that include commands to not even log the failure. | 21:30 |
systemdlete | ??? | 21:31 |
systemdlete | (sorry, not following this) | 21:31 |
bgstack15 | semodule --disable_dontaudit --build | 21:31 |
bgstack15 | and then you "setenforce 0" and let the app run and you collect the REAL logs | 21:31 |
systemdlete | that disables selinux entirely, right? | 21:32 |
bgstack15 | and collate the output of audit2allow -M foo into a single master .pp and then you can go build the selinux rules. And then turn back on dont_audit rules | 21:32 |
bgstack15 | sorry, I am getting off topic for #devuan, aren't I? I'll stop rambling. | 21:32 |
systemdlete | Are you telling me how to fix the logrotate bug, or something else? | 21:32 |
bgstack15 | I was not. I had gotten sidetracked on selinux. | 21:33 |
systemdlete | I'm not an expert in security matters. | 21:33 |
systemdlete | oh | 21:33 |
systemdlete | np | 21:33 |
systemdlete | you are venting one more Linux implementation calamity | 21:33 |
bgstack15 | You probably won't get a lot of help in a Debian-like environment if you run with selinux enabled. | 21:33 |
bgstack15 | But, did you find that a strategic "killall -HUP rsyslogd" in your relevant logrotate .d conf file helped? | 21:34 |
bgstack15 | That sounded legit to me. | 21:34 |
bgstack15 | iirc, there's also a first-run logrotate command you must use before logrotate is willing to operate on a logfile. | 21:35 |
systemdlete | selinux, pam, packet filtering, file perms.. what else. There's at least 2 more I think | 21:35 |
bgstack15 | probably -f but it's been a while | 21:35 |
systemdlete | bgstack15, I only have a rsyslog file under logrotate. | 21:35 |
systemdlete | logrotate.d I mean | 21:36 |
systemdlete | I haven't modified it | 21:36 |
systemdlete | well, there are others, but every one of them is stock | 21:36 |
bgstack15 | You wanted help troubleshooting this, right? | 21:37 |
systemdlete | yes | 21:37 |
bgstack15 | You want to get your /var/log/syslog file to get rotated and then rsyslogd to start using the new /var/log/syslog file? | 21:37 |
systemdlete | it's not the rsyslog file needing rotation | 21:37 |
bgstack15 | Whichever. | 21:38 |
systemdlete | and, as I said, it seems to be working most of the time. | 21:38 |
systemdlete | wait | 21:38 |
systemdlete | I did add one file for some logs | 21:38 |
systemdlete | Let me upload it to pastebin | 21:38 |
bgstack15 | I recall struggling with some distro-default statefile not aligning with what was actually being used. | 21:39 |
systemdlete | pastebinit always worked years ago, but they fixed it. Now it doesn't work. | 21:39 |
bgstack15 | That was amusing in hindsight but very frustrating at the time. | 21:39 |
bgstack15 | Probably an assumption that it /var/run/logrotate.statefile ~= /run/logrotate.statefile | 21:40 |
bgstack15 | Also, despite what the man pages say, it's wiser to do a delaycompress and not just "compress" setting. Logrotate can try to compress the active log file and a Jack Benny Yakety Sax action begins.... | 21:42 |
bgstack15 | *Benny Hill, wrong "Benny" guy | 21:43 |
systemdlete | https://pastebin.com/QrrzZ9xn | 21:45 |
systemdlete | I don't get why it works most of the time, but not always | 21:46 |
bgstack15 | do you intend to add the "postrotate" section? | 21:46 |
systemdlete | hmmm. not sure... | 21:47 |
bgstack15 | with the "killall -HUP my" | 21:47 |
bgstack15 | where my is the process name | 21:47 |
bgstack15 | or if you have a pidfile you could cat that | 21:47 |
bgstack15 | But you did say it was rsyslog. | 21:47 |
systemdlete | the my.log file is created by an rsyslog "script" | 21:48 |
bgstack15 | It sounds to me like you think that the other logfiles that should postrotate "killall -HUP rsyslogd" would also benefit the rotation of these routers.log my.log file | 21:48 |
bgstack15 | I wouldn't count on it. if you want the daemon that generates these files, even if it's already being kicked by other logrotate.d rules, to get restarted, this rule should also restart that application daemon. | 21:48 |
systemdlete | so I need postrotate\n/usr/lib/rsyslog/rsyslog-rotate and maybe endscript? | 21:50 |
systemdlete | It's no trouble to add these if you believe it would help | 21:50 |
bgstack15 | Lol, they have a helper script! Yes, that sounds good. Definitely include the endscript. | 21:52 |
systemdlete | bgstack15, not sure what I was "thinking" when I created this file. I might have gotten this recipe from some solution on a forum | 21:52 |
bgstack15 | I would treat each logrotate.d logfile rule definition as its own separate config. I wouldn't rely on globals, or any other rule to do something for this rule. | 21:52 |
systemdlete | Ok, I'll do those and wait a few days and see what happens. | 21:52 |
systemdlete | (right, I get you. Maybe I'll put a not in the file as a reminder to myself?) | 21:53 |
systemdlete | note* | 21:53 |
bgstack15 | Sure. | 21:53 |
bgstack15 | This might mean that rsyslogd gets reloaded multiple times, but I think it is worth it if it gets your logs entirely, properly rotated. | 21:54 |
systemdlete | what does "service" do that invoke-rc.d does not already do? | 21:54 |
systemdlete | sorry | 21:54 |
systemdlete | I guess I am over my quota on questions for the day in this channel | 21:55 |
bgstack15 | If that fails, it's time to get crazy with a rule whose only contents are a custom "prerotate" rule that does your own actual logic for copying the contents of your logfile to something else, and then "echo > /your/logfile" so it doesn't change inode number... | 21:55 |
systemdlete | omg. | 21:55 |
systemdlete | too much work! | 21:55 |
bgstack15 | Hm, you and I have very different opinions of too much work. | 21:55 |
systemdlete | these utilities are supposed to SIMPLIFY things, not make them onerous | 21:55 |
bgstack15 | Unfortunately for you, logrotate is not simple. | 21:55 |
systemdlete | goody | 21:56 |
systemdlete | thanks for the heads up on that | 21:56 |
systemdlete | btw, I see that several of the other logrotate.d files also call those same 2 lines, but not all of them. | 21:57 |
systemdlete | and mariadb does something else entirely with its postrotate | 21:57 |
bgstack15 | The sysvinit commands are not my strength (compared to systemd, ironically). I don't recall using invoke-rc.d | 21:57 |
bgstack15 | I normally use "service" | 21:57 |
systemdlete | as do I | 21:57 |
systemdlete | I just stumbled over invoke-rc.d and looked at the man page for it. | 21:57 |
systemdlete | seems to me like almost a superset of service command | 21:57 |
bgstack15 | I think the big deal is "obeying runlevel constraints as well as local sysadmin policies" | 21:58 |
systemdlete | then again, I seem to score a lot of "no that's wrong"s when it comes to these things | 21:58 |
systemdlete | well, anyway, thanks for the logrotate tips | 21:58 |
bgstack15 | which sounds to me like, "won't let you start networking in runlevel 1" type stuff, because runlevel 1 is single-user, no-networking mode. | 21:59 |
bgstack15 | So I personally would stick to "service" for command line access to services. | 21:59 |
bgstack15 | yw | 21:59 |
systemdlete | I always appreciate people here in this channel. I can't say as much for many other IRC channels. | 22:00 |
systemdlete | I don't mind being wrong and taking some instruction, but in some channels (and forums), some of the denizens there are viscious. | 22:01 |
systemdlete | rsyslogd is among those | 22:01 |
systemdlete | but I am OT, so I will thank you and let you get back to more important things. | 22:01 |
rapha | hi all! | 22:33 |
rapha | i'm wanting to switch from iptables to nftables and have a question | 22:33 |
rapha | Devuan by default has /etc/nftables.conf ... by what means (if any) does that get applied during boot? | 22:33 |
rapha | cp /usr/share/doc/nftables/examples/sysvinit/nftables.init /etc/init.d/nftables && chmod +x /etc/init.d/nftables && update-rc.d nftables defaults | 23:09 |
bgstack15 | Hm, he didn't stick around for an answer but that sounded good to me. | 23:23 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!