IRC channel logs

2019-07-04.log

back to list of logs

***Server sets mode: +cnt
<roptat>what servers are going to host the website?
<rekado_>hmm, one week does seem correct. How quickly time flies!
<rekado_> http://logs.guix.gnu.org/ is back up
<rekado_>AFAIU one would normally have just one virtual IP in DNS and flip the actual IP when needed.
<rvgn>civodul roptat Check out: https://community.letsencrypt.org/t/will-lets-encrypt-work-for-me-multiple-servers-serving-one-domain/6830/22 :)
<jlicht>rekado_: the irc logs look super nice!
<roptat>rvgn, the idea was to use the DNS challenge
<roptat>now that we can manage the dns ourselves, it shouldn't be too hard
<ilikeheaps>I ran guix system init [...] during installation and it displays no progress. Is that normal?
<roptat>I think I implemented everything we need in guix about the time we created guix.gnu.org
<rvgn>roptat I was also thinking about using CNAME instead of A record? In that way, certbot will only verify CNAME record. The A record for that CNAME can be changed on-the-go.
<rekado_>ilikeheaps: for how long?
<rekado_>ilikeheaps: it’s computing something but it should tell you pretty soon what it’s working on.
<ilikeheaps>Oh, actually just a couple minutes. It just printed "building /gnu/store/..." line
<roptat>rvgn, I'd prefer to make sure the renewal is automated
<roptat>changing the CNAME doesn't seem like a good idea since it impacts users
<rekado_>ilikeheaps: building things can take a long time; depends on what it is building.
<rvgn>roptat Yeah, renewal is still automated because we are not chaning the CNAME.
<roptat>mh... but then you have the same issue, no?
<roptat>also we can't have a CNAME for guix.gnu.org since we have other records (NS)
<rvgn>roptat guix.gnu.org --> CNAME and CNAME --> IP. The CNAME will be kept unchanged and used by certbot for renewal verification. The IP of that CNAME though, can be changed which doesn't affect the renewal process I believe. If IP1 fails, the vaule can be change to IP2.
<ilikeheaps>rekado_: Alright, it just output the first line so I'm happy with it
<rvgn>roptat Ah I see. Yeah, we can't have CNAME,
<civodul>rekado_: we could also do that (have just one IP and switch to bayfront when berlin is down)
<civodul>let's just hope we'll notice more quickly than one week ;-)
<roptat>rvgn, the idea was to use the DNS challenge, where you set a TXT record, so it's completely invisible to users, and works if the server that wants to renew its certificate can talk to bayfront
<roptat>and we have everything we need in the certbot-service-type
<rvgn>Hmm.
<rekado_>ilikeheaps: we hide build output by default because comments from users in the past have indicated that the walls of text are more confusing.
<rekado_>ilikeheaps: you can make it more verbose if you want to.
<roptat>rvgn, so we would have two A records for visitors, and one TXT record we can change to please letsencrypt
<roptat>but my question was actually: should we really have two A records?
<roptat>if we do that and one server is down, what happens?
<roptat>does the browser try the other IP?
<rvgn>we can have two A records. The DNS server randomly resolves one of the either IPs.
<roptat>yes, it can even return both
<rvgn>If one is down, in the consecutive attempt, it may to choose to resolve the other working IP.
<roptat>and it seems browsers will try other IPs if one fails, so all is fine
<roptat>well, according to someone on the internet :)
<rvgn>What? DNS server will not resolve two IPs at the same time ???
<roptat>why not?
<rvgn>Oh wait. Never mind,
*rvgn got confused for a bit and now is clear
<roptat>so guix.gnu.org website is hosted on berlin, but where is the other copy going to be hosted? bayfront?
<ilikeheaps>rekado_: Okay, thanks
<roptat>civodul, ^
<rvgn>roptat How about guix.gnu.org --> load balancer --> berlin or bayfront ???
<quiliro>saluton samideanoj
<rekado_>roptat: is it only browsers’ behaviour that we need to take into account? Do we offer
<roptat>rvgn, that might work too
<rekado_>…other services for which DNS lookups with 2 resulting IPs would cause problems?
<roptat>rekado_, I think the other possible behavior is that it will try only one IP and fail if the server is down
<roptat>directly on guix.gnu.org? I don't think so
<rekado_>roptat: yes, that’s the behaviour I’m aware of.
<rekado_>I’d rather not leave the host selection up to the client
<roptat>rvgn, although now if the load-balancer is down, we have no more website :)
<rvgn>roptat Yeah. In that case, we have to provide only the one IP (load balancer) to the certbot. So easy automated renewal. But we have to make sure that load balancer is hosted somewhere with good uptime reputation.
<rvgn>roptat Wow, I was just typing that xD
<roptat>well, we could have more than one load-balancer too
<rvgn>roptat That's over doing :P
<roptat>but we're already talking about four different servers...
<rvgn>yeah
<rvgn>roptat I think the best way is to use third-party load-balancer (like cloudflare etc.) then have our own hosts (berlin and bayfront). In this way, the load-balancer is less likely to be down because the third-party will be using reddancy for their service.
<roptat> people will not like this solution
<roptat>"cloudflare" is scary :)
<roptat>also, we won't have direct control over the tls certificate
<rvgn>roptat I know ;) But we are not hosting there, but just using as a proxy.
<mbakke>Maybe GNU or FSF have a load balancer we could borrow?
<roptat>that would be a lot better solution
<rvgn>How about a free software, free speech and privacy friendly reverse-proxy provider?
<roptat>much*
<rvgn>mbakke That's an excellent idea.
<rekado_>we only want redundancy, i.e. failover. Load balancing seems like an unnecessary complication. What’s the easiest failover we can implement?
<rvgn>but wait. borrowing means, we are gonna maintain it. We again going into the issue of load-balancer going down.
<rvgn>rekado_ You are right.
<rvgn>Seems like initial two IPs are easiest fail-over iplementations.
<mbakke>rekado: Another server on the same network as berlin or bayfront with a virtual IP.
<roptat>well, I'm pretty sure the solution without load-balancing is possible
<nckx>mbakke: It should be on keys.openpgp.org. It is my key.
<rvgn>nckx o/
<mbakke>But I expect the GNU/FSF load balancer already have redundancy in place.
<mbakke>nckx: Can you update Savannah and/or keybase too? That's where I initially looked.
<roptat>what we suggested without load-balancing is basically dns round-robin: https://en.wikipedia.org/wiki/Round-robin_DNS
*rvgn gotta go
<rekado_>roptat: this just makes outages more visible because clients have a higher likelihood of getting the IP of an unreachable server.
<rekado_>does knot support a way to remove the failing server from the response set automatically?
<roptat>not automatically, but we could add a cron to check availability I suppose
<roptat>but browsers will not fail, it's just going to be longer to load a page 50% of the time
<roptat>(or for 50% of our visitors actually)
<baconicsynergy>hi guix!
<pkill9>hi
<nckx>mbakke: I don't have my Savannnah creds on me but sure.
<nckx>First I have to figure out why git/gpg suddenly decided I wanted to sign my commits with that key, which I don't, thanks.
<mbakke>nckx: no worries, keys.openpgp.net of course had it too :)
*nckx plonks the subkey ID instead of the main key into .gitconfig but still weird.
<rekado_>people say “guix search” is slow but “dnf search” is much worse on my workstation
<rekado_>it first downloads a bunch of files (> 100MB)
<rekado_>then sits there for more than 20 secs seemingly doing nothing
<rekado_>took me more than a minute.
<rekado_>on a rerun it’s still slower than “guix search”
<rekado_>4secs vs 1sec
<rekado_>(and it prints fewer things in those 4 seconds)
<nckx>For the sake of argument: are those huge files it downloads the latest state of the repo? That would make it somewhat equivalent to guix pull && guix search …, and that is dog slow.
<nckx>Still no excuse for subsequent rust of course.
<erudition>hi guix gurus! This time I'm running guix on a foreign distro... but when I try "guix pull" as normal user, I get:
<erudition>Migrating profile generations to '/var/guix/profiles/per-user/adroit'...
<erudition>guix pull: error: while creating symlink '/home/adroit/.config/guix/current': Permission denied
<nckx>rvgn: Yo, by the way.
<erudition>shouldn't I be able to use that without root?
<erudition>just reinstalled guix using the shell script... though I'm not sure I uninstalled it completely first, since I don't think that's available
<nckx>erudition: …/current should be a link to /var/guix/profiles/per-user/adroit/current-guix, and owned by adroit. What does ‘ls -l /home/adroit/.config/guix/current’ say?
<minall>Hello guix!
<erudition>nckx: ls: cannot access '/home/adroit/.config/guix/current': No such file or directory
<nckx>erudition: OK, ls -ld /home/adroit/.config/guix/ then.
<erudition>nckx: drwxr-xr-x 2 root root 4096 Sep 26 2018 /home/adroit/.config/guix//
<nckx>Probably created by root for some reason.
<nckx>Yeah.
<nckx>I'd remove that directory (or move it out of the way if you're unsure), and just try again.
<erudition>yeah again, there's no official way to uninstall, so there's definitely stuff from old old guix install methods
<nckx>$HOME/.config/guix should always belong to $USER, that has never changed, but it can be easy to invoke guix ‘wrongly’, especially in the past.
<erudition>yeah I probably did that at some point, I didn't like reading manuals
<erudition>That worked, Now it's
<erudition>Migrating profile generations to '/var/guix/profiles/per-user/adroit'...
<erudition>guix pull: error: symlink: File exists: "/var/guix/profiles/per-user/adroit/current-guix"
<erudition>delete that too?
<ilikeheaps>Speaking of foreign distro: is there a way to use services from Guix? I suppose they are too tied to the init system
<nckx>erudition: Hm, I've definitely run into that in the past, and it was easily solved by deleting something, I just can't say what off the top of my head. I'd say go for it, move it instead of deleting if you want to be safe.
<nckx>current-guix is only used to provide ‘guix’ itself, it won't break anything you've installed with the guix package manager.
<erudition>It worked! But I've just moved onto a new permission error lol
<erudition>guix pull
<erudition>Migrating profile generations to '/var/guix/profiles/per-user/adroit'...
<erudition>Updating channel 'guix' from Git repository at 'https://git.savannah.gnu.org/git/guix.git'...
<erudition>guix pull: error: Git error: failed to create temporary file '/home/adroit/.cache/guix/pull/pjmkglp4t7znuugeurpurzikxq3tnlaywmisyr27shj7apsnalwq/.git/objects/pack/pack_git2_xPudOh': Permission denied
<nckx>ilikeheaps: No, your suspicion is correct. They are very Guix System-specific.
<erudition>more deleting i guess!
<nckx>Yup. That got created together with .config as root. Nice thing about .cache is you know you can safely delete it.
<erudition>all good now I think
<erudition>(Perhaps the install script could do this stuff automatically)
<nckx>I'm not sure (literally). It still amounts to deleting user data. We'd have to think of any way that it could have unintended consequences, but maybe it's harmless.
*nckx has only used the install script once, reluctantly, and it didn't go exactly well 🙂
<erudition>well I tried the manual steps too, with the same end result
<minall>What does 'guix system init' exactly do? I'm trying to install guix on a machine, and I got an error that says that the disk is full, so it cannot continue? I assume that it downloads everything and then copies it in to the target? so the usb of guix would be a normal guix system? what should I do to 'release' space so I can do a succesful 'guix system init'? Or should I redo the USB again?
<bandali>hello guix, guix-sysadmin
<bandali>i saw ludo’s reply to the ticket today
<civodul>hi!
<bandali>oh hey civodul!
*civodul just had another Xorg/KMS crash, grrrrr
<bandali>i’ll be hanging around #guix today
<civodul>cool, thanks
<bandali>cheers
<nckx>minall: It creates $mountpoint/gnu, $mountpoint/var/guix (and nothing else, I think), and installs a bootloader if one was configured in your system .scm.
<bandali>rekado_, roptat, and possible nckx: let me know how things go and if we can try flipping the redirect switch today
<bandali>*possibly
<nckx>minall: Sure you didn't forget to start cow-store $mountpoint?
*nckx → AFK because it's far too nice outside to IRC. Later, suckers.
<minall>I'm not really sure, maybe I forgot, but in that case, cow-store starts write-on-copy I think? so if I have cow-store started I shouldn't have this issue?
<ilikeheaps>So it appears that I have wrong partition config in my installation. How do I even fix that? I get booted into scheme repl.
<roptat>bandali, I'm all for it, even though we don't have redundancy yet for the website
<roptat>(I'll try to work on it this weekend)
<bandali>roptat, cool. are you following along with the ticket? ludo mentioned in his latest reply a few things that y’all may want to take care of before we flip the switch
<roptat>let me check
<bandali>okay
<ilikeheaps>Oh, I found the problem with my configuration. I was missing (dependencies mapped-devices) for a file system. Can I fix the system without reinstalling from scratch?
<minall>What does cow-store exactly do?
<roptat>bandali, ok, so it seems we have more work to do before redirecting users, but I'm not sure how to list the content of gnu.org/s/guix to make sure every old page is redirected to a page on the new website
<bandali>roptat, would looking through guix’s web pages repo help?
<bandali>see https://savannah.gnu.org/cvs/?group=guix
<roptat>thanks!
<bandali>np!
<bandali>you could see, for each of the files/dirs ludo mentioned, whether there’s a corresponding file/dir in your guix.gnu.org sources
<ilikeheaps>Could I perhaps import /gnu/store from a broken installation so I wouldn't have to redownload everything?
<erudition>^ I wonder this too
<ilikeheaps>Oh well, I'll check in later. Or maybe I'll just rebuild everything
<rubic88>Hi guix. I just installed 'cheese' to test my X220 cam, but it says "no device found". Where should I start looking to debug? (Guix System)
<atw>rubic88: I also grabbed cheese to test my librem's camera and got stuck at a similar point. Let me do it again while looking at dmesg and I'll tell you how far I get
<atw>yeah, about the same: dmesg and lsusb don't seem to indicate that anything went wrong but cheese can't find the camera: "** Message: 12:03:57.273: cheese-application.vala:211: Error during camera setup: No device found"
<minall>quiliro: How should we install freedombone?
<rubic88>atw: Thanks for confirmation.
<atw>☺ wish I could fix it
<bavier`>I just reconfigured my system, and now it's stuck in a boot-loop
<bavier`>it gets to the "Grub loading" point, but then reboots
<bavier`>any ideas?
*bavier` sees the USB stick plugged in
<bavier`>woops, unplugging the usb stick fixed it, not what I expected though
<bavier`>sorry for the noise
<rubic88>lsusb output: Bus 001 Device 006: ID 04f2:b217 Chicony Electronics Co., Ltd Lenovo Integrated Camera (0.3MP)
<ilikeheaps>Repeating question from before: can I reuse /gnu/store from a broken installation when reinstalling? I'd like to not redownload all packages (the problem with installation was misconfigured file system)
<bavier`>ilikeheaps: yes
<ilikeheaps>bavier`: oh! How do I do that?
<bavier`>ilikeheaps: just repeat the same procedure. Any existing store items will be reused
<atw>similar for me: "Bus 001 Device 010: ID 058f:d102 Alcor Micro Corp. HD WebCam"
<ilikeheaps>bavier`: wheww, that's great. I was worried it would start redownloading anyway
<erudition>every time I update, kodi needs to be rebuilt. But this eats up all my resources and the system becomes unusable at about 50%. Why is a substitute not being used?
<baconicsynergy>I need a new fully libre laptop. Ever since my Thinkpad X200 died, I've been using computers with non-free components. Bugs me
<pkill9>why not get another X200?
<baconicsynergy>I don't have that much money right now, and I'm trying to build a backpacking kit. Also, I make heavy use of virtualization and libreboot really messes with it
<baconicsynergy>But I eventually want to buy a new libre laptop anyway :p
<baconicsynergy>I think the problem is upstream in coreboot actually
<bricewge>What is the recomended way to test modification to a services from a local guix repo?
<bricewge>At the moment I commit, guix pull and reconfigure system but it doesn't seems right.
<deadman007>Hi Guix, I want to mount a separated partition for `/gnu/store`, for this I added a new file-system entry in system configuration file and set the `need-for-boot?` flag to #t . but after reboot, GRUB theme wont load correctly and I receive `no such device` about store files and kernel won't boot. does anyone has any experience about this?
<deadman007>here is my bootloader and file-system configuration : https://paste.debian.net/1090326/
<bricewge>deadman007: A typo? `needed-for-boot?`
<deadman007>bricewge: oh, you're right!!! thanks
<rvgn>Hello Guix!
<nckx>o/
<rickbutton>question about encrypted filesystems, this is a minor inconvenience, but my install makes me type in the password twice, one at the grub prompt, and once again after grub, any idea how to stop that?