Discussion in 'Business & Enterprise Computing' started by elvis, Jul 1, 2008.
Optus business actually send single page proposals using powerpoint
Stop it, I'm being indoctrinated at the moment and you're invading my safe space.
Need to do something in linux? The Red Hat answer is <something>ctl. Nice and simple. Screw learning the interfaces file, because networkmanager. And soforth
cli interface is not the issue, journald has always been an issue.
Also, windows world is just as fragmented at the cli.
EDIT - logging has been done nicely for 30+ years by syslog and logger, journald adds complexity and incompatibility when run in binary mode.
If I wanted to see the world and get fucked by my manager as well I'd join the navy, which is a funny coincidence because my last boss was a US Navy vet and he did a whole lot of fucking, thankfully only over con calls for me.
Seriously though, grass is greener - I'd prefer to do what you're doing right now.
Only when idjits don't follow the rules
Rant; When spoken, Australian mobile numbers should always be given in 4-3-3
Oh, Four, One, Nine, <slight pause>, Nine, Six, Six, <slight pause>, Six, Seven, Eight
shits all over
Oh, Four, One, Double Nine, Triple Six, Seven, Eight
you'd hate my number then, a double and two triples.
Right people! The boss has left for the day, now I'm eating a nectarine in shorts and a t-shirt at my desk.
Looking up for the weekend!
I never liked that way of saying double and triple in repeating numbers.
This is the one thing Americans do better, no confusion, and using phonetic alphabets.
A double and two tripples could work, as long as its
ABXX-YYY-ZZZ and not AXXY-YYC-CCB
And I won't hate the number, I'll hate the person giving it to me.
I'm also, not sure who to hate... the person the put slashes in group names, or the people that whose tools, don't correctly deal with slashes in group names
Por que no los dos!?
Neckbeards are looking for any excuse to blast systemd, but very few even comprehend the issue.
This is an ASLR brute force attack, which means that for the 70 minute exploit to work you need to be continually crashing journald for 70 minutes. Here's a bit of a primer on ASLR brute force: https://hacked0x90.wordpress.com/2016/10/30/bypassing-aslr-protection-using-brute-force/
And if you're interested in some of the more modern attacks: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
The issue isn't unique to journald either, as per the link above:
Of course, if compiled with a modern GCC with the right flags, there's complete mitigation against the stack clashes, which is why all browsers are safe and packages handled by Fedora / OpenSUSE weren't affected.
But again, it's a really shit reason to hate systemd, especially if you don't comprehend how complex the trigger is.
And you'll be thankful for that with the increase in complexity of networks these days. Again, neckbreards get all upset how Linux "used to be", but they never dealt with bonding, vlans and vxlans. Once you've implemented both the old way and trivially via nm-cli etc, you'll love how much easier the new tools are.
"I can't log into my google"
I can't help you with your personal gmail account.
I did both old and new methods. Neither interest me as I configure everything with Puppet anyway. It is a little annoying that sometimes I have to build a dummy box, nmcli things and copy a config file template because the man pages are so shit they don't give you the exact things needed to make stuff work. But doing it once in the life of a distro release isn't the worst thing in the world.
Less so than systemd annoying me, what really shits me is RHEL7 allows both old and new network config methods to live side by side and in conflict. I have no problems with either (in terms of just pick one and get on with life), but it does shit me that you can trivially end up with a system in a non-reboot-safe state because some tool wants to install some other tool as a dependency and you don't realise it.
If systemd/network-manager is the new world, great, install that in the base and make it default. Don't start installing old world tools silently that break my shit.
At least none of that is as bad as Netplan, which can't do multiple domain search fed by dhclient (and/or network manager) by default. *That's* proper fucked.
Have you confirmed how Puppet creates the configs? I haven't had any networking conflicts at all with RHEL7 and haven't had issues after a reboot. Just thinking you may have a corner case introduced by external tools.
My config looks like this:
# Let NetworkManager manage all devices on this system
Works for me
# Let NetworkManager manage all devices on this system
Oh yeah, I turn to get my lab box into a router with the actual IP on a BVI and doing NAT for the virtual networks only via iptables, was 200% harder than doing it on a 'real' router, despite many 'real' routers just putting a wrapper around a 'nix backend.
Not sure why network configs in particular are so shit in linux (as in the readability / 'making sense' / ease-to-template factors). I'm guessing that the horror was part of going systemd over sys-v init as well.
Even Cumulus ran up the white flag and introduced a CLI syntax to convert it to the debian backend transparently.
Depending upon what exactly it is even using Puppet/Ansible/Chef may be affected by configuratio complexity esp. if the configuration method is say jinja2 templating the config file (I am very Ansible-fied so maybe puppet is totally different).
Do you have multiple search domains fed by DHCP? We do, and it didn't work for us.
The only fix we could get working was (copy/paste from our Wiki test/rnd notes)
apt-get install -y resolvconf
systemctl stop systemd-resolved
systemctl disable systemd-resolved
systemctl enable resolvconf
Then edit /etc/NetworkManager/NetworkManager.conf and add in the line under section [main]
No, we have one local device so there's no requirement for search domains (and our staff can type full names in). All other systems use full DNS names or systems like etcd for DNS discovery.
What you've described is disabling the resolver within systemd, not netplan anyway. Also shows the myth that systemd is monolithic, ie you can disable parts and replace trivially.
We use DNS search domains for a lot of discovery stuff, and a lot of puppet stuff. Plus, it's normal, and should work. So there's no excuse for it not working.
Sure, but it only seems to be an issue in 18.04 with netplan. Although maybe 16.04 doesn't have systemd-resolved?
Either way, one of systemd-resolved or netplan is fuckey, and it makes me shitty. So by all means criticise folk for hating new things, but fuck me this used to work just fine before all this new and "improved" shit.
I can't remember the last time a UNIX variant couldn't handle multiple domain search. And I've been using this shit a long time. Why is it broken suddenly?
The fact that you didn't look and blamed the wrong thing isn't saying much about your current skills elvis, if you're going to rant about something then it's probably a good idea to be correct (hint: you're not).
It's OK to be too busy to investigate the underlying cause, but trying to go on a tangent about change when you don't even comprehend it is just lazy. Sorry to be so blunt, but for the same reason that you rant about people not learning IT, I have the same feelings about those in the industry who don't change.
It's broken because you've used Ubuntu, who love to push change. Some good, some bad and some which certainly breaks the "because it's always been done this way" mantra. RHEL doesn't use systemd-resolved by default and everything works the old way without issue.
Because Linux gives you the choice, you had a 10 second workaround to revert back to the older system and ensure compatibility, something you won't get in a closed environment. The fact that it doesn't support it and the fact that the sky hasn't fallen probably suggests your use case is so small nobody has bothered to patch it.
I'm not defending the systemd-resolved as a 100% perfect solution, but the fact that it can trivially be replaced either with an alternative or with the existing system suggests there's a healthy ecosystem out there. If you choose to use distros who push bleeding edge changes then rant about the changes.... what have you really achieved?
Do you mean multiple domain suffixes? If so that's not that edge... plenty of orgs dish out multiple domain suffixes via DHCP
BlameD, new SystemD module coming soon.