09:31:03 <kayront> do you guys know about graalvm ? would be so cool to have it working in illumos
13:39:14 <xmerlin_> does anyone have already seen an error like this one "smartos scsi transport failed reason 'timeout' giving up" ? ...it's a full nvme epyc machine with the last release ...sometimes at boot there is this error
13:39:57 <xmerlin_> all the disks are on and the low level util cannot find any problem
14:11:22 <jbk> is there a IPMI interface?
14:15:23 <jbk> or are the NVMe devices behind scsi interfaces?
15:11:40 <xmerlin_> jdk I've an IPMI to manage the server
15:11:53 <xmerlin_> jdk the nvme disks are directly attached to the pcie bus
15:12:09 <xmerlin_> using the dummy cards provided by supermicro
15:13:43 <xmerlin_> jdk using the ipmi interface all the disks are up
15:21:08 <xmerlin_> if I reboot the server the disks are detected and all start as expected
15:34:25 <jesse_> hmmm, how would one run NAT in lx zone?
16:24:46 <nahamu> you might be able to run the commands to configure it from under /native ???
16:25:06 <nahamu> I wouldn't think it depends on an actual running process.
16:27:35 <nahamu> https://wiki.smartos.org/nat-using-etherstubs/#configure-nat
16:28:49 <nahamu> you could look at the helper scripts that the smf services call and perhaps figure out how to invoke the right commands manually.
16:29:26 <nahamu> but why does the NAT need to be in the lx zone?
16:29:51 <nahamu> why not split the functionality into a native NAT zone, and the lx zone doing whatever else it needs to do?
16:49:11 <bahamat> jesse_: you might as well do it in a native zone because it needs to be ipf anyway. There's no iptables compatibility
17:11:53 <nahamu> yeah, learning to do it under lx (if it is possible) would teach you a bunch of stuff about how ipf works, but just because it's possible that you could does not really imply that you should.
18:01:35 <jesse_> bahamat, the problem being; trying to run envoy and nat in the same zone, and envoy is not there for a native zone
18:02:16 <jesse_> (I currently have a native zone to do only nat)
18:21:57 <nahamu> Would that be a use care where it makes sense to run that bit under bhyve? Does envoy need to control the NAT config?
18:22:07 <nahamu> s/care/case/
18:27:18 <jesse_> afaik envoy can acts just as a reverse proxy
18:28:05 <jesse_> the nat and envoy are not connected in any other way than saving public ips
18:29:58 <jesse_> (envoy will proxy requests to zones using private ips, and it would be nice for those zones to be able to connect to the internet for pkgsrc updates etc.))
18:48:05 <nahamu> jesse_: I would examine which commands would get run by the SMF service helper to see if you can coax the native tools to turn on ipf/ipnat inside the lx zone.
18:49:07 <jesse_> it's not many services if I remember correctly (1 or 2)
18:49:18 <nahamu> yeah
18:49:23 <jesse_> though, do lx zones run many of the native services?
18:49:33 <jesse_> dependencies may make it a pain
18:49:38 <nahamu> no. SMF isn't running.
18:50:16 <nahamu> you're going to nerd-snipe me into figuring this out, aren't you...
18:51:10 <jesse_> no, I'm contemplating the meaning of life and if I can hack up nginx to do what I need for a while (until native envoy gets to pkgsrc)
18:52:35 <jesse_> nahamu, if your friday evening is so boring you are thinking of figuring that one out, read: https://github.com/joyent/pkgsrc-joyent/issues/34
18:53:28 <jesse_> bazel would get pretty good wtfs per minute rate, I think=)
18:54:12 <nahamu> I've used bazel. I definitely got a sinking feeling when I saw that. I don't hate bazel, it's just very heavy.
18:55:17 <jesse_> not on smartos, I imagine
18:55:41 <nahamu> correct, only Linux and Mac.
18:59:37 <jesse_> "Let's say that for some reason we need to configure our C++ toolchain in Bazel. This is currently quite a frustrating task. To quote one of many: "This is a fabulously difficult project that causes hardened engineers to stare blankly at screens in defeat."" :D
19:00:18 <nahamu> Heh.
19:01:17 <nahamu> looks like you probably only need a few commands to turn on nat when all is said and done.
19:01:32 <jesse_> siepkes has done quite well getting envoy to compile, now we just need the other 200% of work to get it to pkgsrc=)
19:02:09 <jesse_> yeah, I was thinking of running the commands the servicess run as one alternative to playing with svcadm
19:02:36 <nahamu> one of ipadm and I think two of ipnat
19:03:21 <jesse_> actually, I may have all that is required in my notes
19:03:38 <jesse_> I used to run nat in gz (manually)
19:04:12 <nahamu> "/native/usr/sbin/ipadm set-prop -p forwarding=on ipv4" or something close to that to turn on packet forwarding
19:06:32 <nahamu> then "/native/usr/sbin/ipf -E; /native/usr/sbin/ipnat -CF; /native/usr/sbin/ipnat -f <file with NAT rule>"
19:06:35 <nahamu> or something close to that.
19:06:51 <jperkin> if stuff compiles then the pkgsrc parts are definitely not 200%
19:14:25 <jesse_> jperkin, looking at that issue, the work is to clean up the patch etc.
19:16:36 <jesse_> https://github.com/joyent/smartos-live/issues/898 "Envoy Proxy Seg Faults in LX"
19:17:17 <jesse_> running lx isn't a solution...
19:17:24 <jesse_> +possibly
19:20:12 <nahamu> more is needed than the commands I pasted so far.
19:41:41 <jesse_> nahamu, /usr/sbin/routeadm -m route:default quiet_mode=true
19:41:43 <jesse_> nahamu, /usr/sbin/routeadm -u -e ipv4-forwarding
19:41:45 <jesse_> probably?
19:42:21 <nahamu> the latter turns into the ipadm command if I read correctly
19:42:40 <nahamu> I never needed the former in the native firewall zone.
19:43:05 <jesse_> I didn't even remember ever running the commands, but they are in my notes, so...=)
19:43:26 <jesse_> did you add ipf.conf, too?
19:44:10 <nahamu> by default that file is empty, so there should be no need to read it
19:44:20 <nahamu> I mean technically it has comments in it, but that's all.
19:44:31 <jesse_> for some reason I have added stuff to it
19:44:51 <nahamu> if you're doing actual firewalling, that would make sense. :)
19:55:18 <jesse_> I thought it needed some default rules to allow any traffic, but ymmv=)
19:58:56 <nahamu> LOL got it working
19:59:12 <nahamu> I used a debian image so instead of "net0" it was "eth0"
19:59:22 <nahamu> fixing the nat config file got it working.
19:59:39 <nahamu> I'll clean it up and give you the instructions.
20:03:19 <nahamu> jesse_: https://paste.ec/paste/rF7z8pq-#Bd58gZTRK27DSL-CYZWCEVl6+Kkd5T8KWQq5dqQy01p
20:03:46 <nahamu> so yeah, just a small number of commands you'd need the zone to run at boot time.
20:03:57 <nahamu> I'll probably clean it up into a short blog post for posterity later.
20:06:10 <jesse_> ...I was just about to say that might be worth blog about=)
20:07:02 <jesse_> why do autoboot: false and manual start? I used to do that but nowadays I just put autoboot: true
20:07:11 <andyf> I'm pretty sure SmartOS supports cloud firewall, where you put the ipf.conf etc. somewhere and it's auto configured when the zone boots
20:11:03 <nahamu> jesse_: specific to my testing, no real reason.
20:11:17 <nahamu> andyf: does cloud firewall support NAT too?
20:11:44 <jesse_> andyf, and lx zones, too?
20:11:50 <nahamu> jesse_'s use case is turning on ipf NAT in an lx zone.
20:24:11 <jzu_> jperkin: hmm, mysql-server-8.x seems to be missing from 20.4.0 LTS Base-64
20:24:20 <jzu_> jperkin: it's in 19.4.0
20:25:41 <andyf> jesse_ - definitely lx zones, I'm not sure about NAT, but I think so.. just looking at the source
20:27:05 <andyf> Ok, not NAT, sorry for the noise
20:27:05 <andyf> https://github.com/joyent/illumos-joyent/blob/master/usr/src/lib/brand/jcommon/statechange#L573
20:27:47 <jperkin> jzu_: yeh I noticed, needs an update anyway..
20:48:08 <jzu_> jperkin: cool, we we're just going to do 19.4.0 -> 20.4.0 but had ot back off =)
21:27:05 <jesse_> would nshalman
21:27:31 <jesse_> would nshalman/smartos-image-server be best image server for own images?
22:45:56 <jesse_> no, MerlinDMC/dsapid would be the one to go