Back to Home / #linode / 2020 / 02 / Prev Day | Next Day
#linode IRC Logs for 2020-02-24

---Logopened Mon Feb 24 00:00:09 2020
01:12-!-CompWizrd [compwiz@dhcp-108-170-188-212.cable.user.start.ca] has quit [Ping timeout: 480 seconds]
01:16<zifnab>Peng_: what's the new "not srv record" standard from browsers this time? (i can't wait to see it fail)
01:22-!-CompWizrd [compwiz@dhcp-108-170-188-212.cable.user.start.ca] has joined #linode
01:22-!-CompWizrd is "compwiz" on #linode #debian-tech #debian
01:27<nate>zifnab: ?
01:28<dwfreed>zifnab: HTTPSSVC
01:28<zifnab>haha thanks dwfreed
01:29<zifnab>glad to see they're reimplemented _https._tcp
01:29<dwfreed>zifnab: current draft is https://tools.ietf.org/html/draft-ietf-dnsop-svcb-httpssvc-01
01:29<dwfreed>and yeah, it's basically a reimplementation of SRV
01:29<zifnab>oh it has google listed
01:30<zifnab>of course
01:30<zifnab>have i shared my disdain for them in recent history
01:30<zifnab>how i think the internet would be a better place if they didn't exist
01:30<nate>oh all that junk
01:30<zifnab>we wouldn't have idiotic protocols like http/2, or even wrose, http/3 over udp
01:30<nate>At least we don't have to deal with QUIC/HTTP3 yet (and probably won't thankfully at the rate it looks)
01:30<nate>Eh HTTP/2 I don't mind
01:30<nate>HTTP3/QUIC is kinda mind boggling and makes no sense
01:30<dwfreed>http/1.1 is mostly fine
01:31<zifnab>its a binary protocol for no discernable reason and you still can't proxy an http/2 connection easily
01:31<zifnab>if you end up in a shit situation where you need to drop something in front of grpc, "good luck"
01:31<zifnab>at least, this was the case a year ago, i'm unsure if nginx ever added grpc backend support, i stopped caring
01:31<nate>You can't? You're not doing non-secure proxy are you?
01:31<nate>cause HTTP/2 is supposed to be https only and what not
01:31<zifnab>nginx can do http/1.1 backends but not http/2 backends
01:31<zifnab>or, at least as of last year when i had to deal with this, that was the case
01:32<zifnab>haproxy was the same situation
01:32<dwfreed>zifnab: https://www.nginx.com/blog/nginx-1-13-10-grpc/
01:32<dwfreed>nate: http/2 has a plaintext mode as well
01:32<zifnab>interesting
01:33<zifnab>>march 2018
01:33<zifnab>only took them 3 years to implement it :P
01:35<zifnab>interestingly i might have the dates wrong and that seems like it probably lines up ith about the time i had to deal with this
01:36<zifnab>(grpc is, also, a giant heaping pile of shit)
01:37<zifnab>in other news, i should probably hurry the hell up and get rid of my last linode
01:38<zifnab>backups have failed now for the i don't even know what time (it's going on 2 years of them failing on a regular basis on a linode that has zero traffic)
01:41<zifnab>i present to you a saga: part 1 https://usercontent.irccloud-cdn.com/file/gUHHKqF0/image.png
01:41<nate>dwfreed: Does it? because I thought google's entire design to it would be that it could only support https?
01:41<zifnab>and part 2, the continuation fo said saga https://usercontent.irccloud-cdn.com/file/vAb65OBc/image.png
01:42<nate>Ah, the standard "doesn't require it" but all the browsers will only support it in TLS mode
01:42<zifnab>nate: i seem to remember dealing with 'grpc' and 'grpcs' recently, which make sme think it has a plaintext option
01:42<zifnab>there's a connect and a connect_insecure in most of the codegenhell libraries
02:19-!-dsapikas [~dsapikas@ip-89-103-120-110.net.upcbroadband.cz] has joined #linode
02:19-!-dsapikas is "purple" on #linode
02:52-!-ia [ia@ia.user.oftc.net] has left #linode []
02:58-!-shakraw [~shakraw@93-46-53-187.ip106.fastwebnet.it] has joined #linode
02:58-!-shakraw is "shakraw" on #linode
03:00<shakraw>hello guys, a question about permission settings on linode: once I create the main (contact) account and added a second (technical) account is it possible to set permissions to main account only for billing stuff and full access on the second account?
03:01<dwfreed>shakraw: yes, but you have to give the technical user full access before restricting the billing user
03:02<shakraw>dwarfed, sure this is what I thought to do, I was unsure if there was some sort of permissions lock on the main account
03:02<shakraw>thanks
03:03<rsdehart>!point dwarfed
03:03<linbot>rsdehart: Point given to dwarfed. (1)
03:04<shakraw>ops... :) dwfreed
03:04<rsdehart>:D
03:12<shakraw>another question guys: if i need to upgrade my linode to a bigger plan, do I need to shutdown-upgrade-restart the server or the upgrade is done live while the server is running?
03:13<rsdehart>the former
03:13<rsdehart>but migrations tend to go quickly
03:18<shakraw>ok.. so there is not a way to avoid services down or reboots during an upgrade: I mean even adding a new server clone for the upgrade phase. I'm asking in the hope there is some best practice I still haven't found :)
03:19<rsdehart>fortunately for me, my services aren't downtime-critical, so I've never needed to employ failover or anything
03:19<rsdehart>unfortunately for anyone I'm advising
03:19<rsdehart>others in here will have
03:20<rsdehart>you still there dwfreed ?
03:21<rsdehart>shakraw: generally speaking, cloning to a larger instance then cutting the ip over to it is certainly possible
03:21<rsdehart>I'm not clear on the specifics so much, never having needed to do it
03:22<shakraw>rsdehart: thank you very much, I'll look better on the guides/tutorials about this
03:30<dwfreed>cloning a running Linode generally isn't advised, because the clone is not atomic; you could use the backup service to take a snapshot (which is atomic) and then restore the snapshot to a larger Linode and then cut over to it
03:32<dwfreed>note that if you have a database server on the Linode, prior to taking the snapshot, you'll want to dump the database to disk, to ensure you have a consistent copy on disk
03:32<dwfreed>database servers do much more complex disk writes, and can get really mad if the snapshot happens in the middle of one
03:33<dwfreed>they're supposed to handle it cleanly, but they don't always
04:03-!-dsapikas [~dsapikas@ip-89-103-120-110.net.upcbroadband.cz] has quit [Ping timeout: 480 seconds]
04:17-!-gpd [~gpd@mail.grahamdavies.net] has joined #linode
04:17-!-gpd is "GeePeeDee" on #linode
04:19<gpd>imhfu - I set AuthorizedKeysFile in sshd_config for a specific user - but now I can't login with any other account - including the one with root access? Any way to rescue this other than console access?
04:24<virtual>from your decription, likely not...
04:25<virtual>one thing that's always been a rule of mine if ssh'ing into a machine remotely is to try and keep one ssh session open, while logging in with another one, post config change.
04:26<virtual>gpd: if it's a linode, console access is pretty easy, so it's not the end of the world?
04:39<gpd>virtual: it is a machine where I need someone else to access the console - so annoying. should have read the ssh docs - didn't think it would ignore all ~/.ssh/authorized_keys files but should have checked as you say!
04:43<virtual>heh, I only realised this after being burned too... mistakes are how we learn some of our best lessons ;)
04:53<chesty>shakraw, if it's important for your service to be up 24/7, and 5 minutes of downtime is going to cause problems, you should have no single points of failure.
04:57<shakraw>dwfreed, chesty: yes I have a db but I'm thinking about using a load balancer and put 2 debases in replica and 2 web servers in replica also (as suggested by chesty), so when I need to upgrade I stop just one server at time while other is running
05:04-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has joined #linode
05:04-!-AugustusCaesar24 is "Augustus Caesar" on #linode
05:52-!-AugustusCaesar24 [~AugustusC@99-190-112-116.lightspeed.irvnca.sbcglobal.net] has quit [Quit: Going offline, see ya! (www.adiirc.com)]
06:51-!-NomadJim [~Jim@72.168.160.149] has joined #linode
06:51-!-NomadJim is "Nomad" on #linode #debian
07:10-!-Cajs [Cajs@185.198.189.47] has quit [Quit: YourBNC - (https://yourbnc.co.uk)]
07:25-!-chander [~oftc-webi@49.36.132.205] has joined #linode
07:25-!-chander is "OFTC WebIRC Client" on #linode
07:25<chander>Hello
07:25<chander>need help
07:26<chander>i'm unable to login into ssh while in rescue mode
07:26<@pwoods>chander: SSH isn't enabled by default with Rescue Mode
07:26<chander>can anyone help me out how can i login into linode server directory using ssh in rescuse mode
07:26<@pwoods>You'll need to use LISH to connect to your Linode and start the SSH service
07:27<chander>yes i'm already in lish
07:27<@pwoods>chander: this guide walks you through connecting via LISH and starting SSH in Finnix (Rescue Mode) https://www.linode.com/docs/troubleshooting/rescue-and-rebuild/#booting-into-rescue-mode
07:31<chander>i tried this
07:31<chander>but its not working
07:32<@pwoods>Can you share an error message you're seeing?
07:32<@pwoods>Understanding how it's not working, or at least what you're seeing, would be helpful to better assist you
07:36<chander>when i enter the user password for ssh it says permission denied
07:36<chander>each time
07:36<@pwoods>Did you run `passwd`?
07:37<@pwoods>You'll need to run that to set the password while in the Finnix rescue environment
07:51-!-chander [~oftc-webi@49.36.132.205] has quit [Remote host closed the connection]
07:59-!-vibhor [~oftc-webi@2405:201:5e06:9787:ac49:63de:f4c1:15f9] has joined #linode
07:59-!-vibhor is "OFTC WebIRC Client" on #linode
07:59<vibhor>Hello
08:00<@pwoods>vibhor: o/
08:03<vibhor>need help with linode weblish
08:04<vibhor>rescue mode and need to login or access linode directory file
08:04<vibhor>but showing permission denied with correct logins
08:05<grawity>I thought finnix/rescue doesn't even have a login prompt?
08:06<vibhor>See I booted my linode into rescue
08:07<vibhor>then I used SSH username@IP
08:07<vibhor>it ask me Paswd , I enter the correct paswd
08:07<@pwoods>vibhor: You'll need to set a password after booting into Rescue Mode: https://www.linode.com/docs/troubleshooting/rescue-and-rebuild/#starting-ssh
08:07<vibhor>but couldnot login into it ?
08:07<grawity>while Finnix (rescue mode) is running, you're not SSHing into your main server – you're SSHing into the rescue livecd, which has its own accounts and its own passwords
08:13<vibhor>Kindly check if I am correct . > https://imgur.com/a/AXN8UIl
08:14<grawity>are you trying to SSH as "root@IP"?
08:14<vibhor>No - I just set the passwd
08:14<vibhor>for Finnx
08:14<grawity>there's no such thing
08:15<grawity>you're always setting a password for *some* user
08:15<grawity>in the screenshot, you changed the password for 'root'
08:15<grawity>so `ssh root@IP` should work
08:15<vibhor>okay
08:15<grawity>e.g. if you wanted to set the password for the user named 'finnix', you would need `passwd finnix`
08:17<vibhor>https://imgur.com/a/fEXmPM4
08:18<grawity>why are you trying to connect as "cinque_root1"?
08:18<grawity>actually
08:18<vibhor>bcz I have my pvt keys and root is disables as per te tutorial of linode
08:19<grawity>but you're not connecting to your normal linode right now
08:19<grawity>you're connecting to the finnix recovery system, which as I said has completely separate user accounts
08:19<vibhor>so who to connect ?
08:19<vibhor>I have psswd
08:19<grawity>at the moment, your normal linode isn't even running
08:19<vibhor>yes I see
08:19<grawity>so there's no way you could connect to it anyway
08:19<grawity>it's kinda like booting a computer from a USB stick...
08:20<rsdehart>I don't understand why you're not just using lish
08:20<vibhor>my aim is to scan my actual linode disk from calmav
08:20<vibhor>how can I do it
08:30<@pwoods>vibhor: We have a guide for this exact use-case: https://www.linode.com/docs/security/vulnerabilities/scanning-your-linode-for-malware/
08:36-!-Cajs [~Cajs@2a01:4f8:241:986::108] has joined #linode
08:36-!-Cajs is "Cajs" on #linode
08:58-!-shakraw [~shakraw@93-46-53-187.ip106.fastwebnet.it] has quit [Quit: Sto andando via]
09:06-!-eyepulp [~eyepulp@1493428-v101.1303-static.bltnilaa.metronetinc.net] has joined #linode
09:06-!-eyepulp is "eyepulp" on #linode
09:21-!-anomie [~anomie@00018802.user.oftc.net] has joined #linode
09:21-!-anomie is "Anomie" on #linode
09:50<vibhor>ThankYou
09:50-!-vibhor [~oftc-webi@2405:201:5e06:9787:ac49:63de:f4c1:15f9] has quit [Quit: Page closed]
11:10<linbot>New news from community: What is my CSR and Private key for my SSL? <https://www.linode.com/community/questions/19482>
11:18-!-hdb2 [~josh@0001a4b4.user.oftc.net] has left #linode []
12:19<nate>^ I think linode staff should be also linking to articles on using let's encrypt
12:19<nate>Dude literally paid more for an SSL certificate from godaddy probably than his VPS on linode costs
12:20<@bbigger>thanks, nice suggestion—passing it along
12:21<nate>Yeah godaddy is up to $80/yr on SSL certs -minimum- lol, for a basic DV. $64 for the first year
12:22<nate>I had someone I was helping once a bit back that had godaddy trying to strong arm them telling them they HAD to get an EV certificate because they were hosting a small ecommerce site, wanted $250/yr for it lol
12:23<@bbigger>🤑
13:03<nuevu>I know there are some DNS experts lurking. Anyone see anything wrong with silentguard.net? Let's Encrypt is erroring out with: "SERVFAIL looking up A for silentguard.net - the domain's nameservers may be malfunctioning"
13:04<dwfreed>nuevu: checking
13:06<dwfreed>nuevu: weird, seems fine here
13:07<nuevu>Yeah, that was my conclusion as well.
13:07<nuevu>Thanks for checking, though!
13:09<nuevu>I don't see anything on the LE status page, so whatever it is probably isn't widespread. Guess I'll just have to give it a little time and try again.
13:10<linbot>New news from community: I was unable to configure my domain to point to my linode <https://www.linode.com/community/questions/19483>
13:16<LouWestin>I remember when go daddy certs were like $20 a year.
13:17<Peng_>nuevu: Let's Encrypt and Web.com have not been getting along recently. https://community.letsencrypt.org/t/numerous-inexplicable-challenge-failures-across-disparate-domains-with-unreproducable-servfails/113235
13:18<nuevu>Thanks Peng_, just ran across that post as well.
13:19<nuevu>Thankfully I do have ~30 days left before its critical on this cert, but that's worrisome in the meantime. I don't have nearly as many certificates as some of those folks are talking about, but a bunch are NetSol.
13:23<nate>LouWestin Yeah, it's a shame people get suckered into actually paying it
13:23<nate>More so with reseller services out there with like $2-5 DV certificates for ages before LE became a thing even
13:26<dwfreed>I'm surprised nobody's made a system for reselling LE certs yet
13:27<grawity>...I do think I've heard of someone doing that
13:33<nate>Isn't that against LE agreements to do anything of the sort?
13:33<nate>I thought that's why cPanel/WHM ended up getting their own cross-signed root to use because LE wouldn't let them include it in cPanel
13:34<LouWestin>Yeah there’s cheaper alternatives, but I noticed the prices went way up when Google started their seo penalty for in-encrypted sites.
13:37<millisa>nuevu: not sure if it's related, but on Saturday night (about 30 hours ago) I had a domain at the same provider that the name services just stopped working for. lasted about 30 minutes.
13:40-!-fstd_ [~fstd@xdsl-87-79-157-139.nc.de] has joined #linode
13:40-!-fstd_ is "fstd" on #gentoo #oftc #linode #debian #kernelnewbies
13:40<millisa>er. 40 hours; math is hard.
13:48-!-fstd [~fstd@xdsl-81-173-153-199.nc.de] has quit [Ping timeout: 480 seconds]
14:21-!-dsapikas [~dsapikas@ip-89-103-120-110.net.upcbroadband.cz] has joined #linode
14:21-!-dsapikas is "purple" on #linode
14:28-!-chonk [~chonk@yeah.thats.gonna.be.a.nofromme.dog] has quit [Quit: POOF!]
15:05-!-chonk [~chonk@yeah.thats.gonna.be.a.nofromme.dog] has joined #linode
15:05-!-chonk is "b" on #linode
15:22-!-Jason [~oftc-webi@cpe-70-112-210-159.austin.res.rr.com] has joined #linode
15:22-!-Jason is "OFTC WebIRC Client" on #linode
15:22-!-Jason [~oftc-webi@cpe-70-112-210-159.austin.res.rr.com] has quit []
16:17-!-NomadJim [~Jim@72.168.160.149] has quit [Ping timeout: 480 seconds]
16:48-!-dubidub [~dubidubno@2001:464b:151a:0:4c21:a520:e0e4:9aba] has joined #linode
16:48-!-dubidub is "Dubidubno" on #debian #linode
17:18-!-deadcoffee [~deadcoffe@sun.deadcoffee.tk] has quit [Quit: WeeChat 2.2]
17:34-!-anomie [~anomie@00018802.user.oftc.net] has quit [Quit: Leaving]
18:09-!-Ikaros [ikaros@IPv6.Miku.bdikaros-network.net] has quit [Ping timeout: 480 seconds]
18:13-!-dsapikas [~dsapikas@ip-89-103-120-110.net.upcbroadband.cz] has quit [Ping timeout: 480 seconds]
18:17-!-Ikaros [ikaros@IPv6.Miku.bdikaros-network.net] has joined #linode
18:17-!-Ikaros is "Ikaros" on #linode
18:23-!-dsapikas [~dsapikas@ip-89-103-120-110.net.upcbroadband.cz] has joined #linode
18:23-!-dsapikas is "purple" on #linode
19:07-!-eyepulp [~eyepulp@1493428-v101.1303-static.bltnilaa.metronetinc.net] has quit [Remote host closed the connection]
20:49-!-Chex [~Chex@sleepl.northnook.ca] has joined #linode
20:49-!-Chex is "Chex UpNorth" on #linode #debian-quebec
20:54-!-andyzwieg103 [~Thunderbi@66-190-54-82.dhcp.mdsn.wi.charter.com] has joined #linode
20:54-!-andyzwieg103 is "azwieg103" on #linode
21:23-!-andyzwieg103 [~Thunderbi@66-190-54-82.dhcp.mdsn.wi.charter.com] has quit [Quit: andyzwieg103]
21:50-!-squidly [~squidly@2600:3c03::f03c:91ff:fead:ed05] has quit [Remote host closed the connection]
23:37-!-vibhor [~oftc-webi@2405:201:5e06:9787:a517:4a93:7aa7:ddda] has joined #linode
23:37-!-vibhor is "OFTC WebIRC Client" on #linode
23:37<vibhor>After login ssh
23:37<vibhor>I cant donwload files ?
23:44<millisa>why not?
23:45<vibhor>I go to ssh , logged in with it
23:45<millisa>(If you are looking for a way to transfer files to and from a linode - filezilla can do it and there's a doc on it - https://www.linode.com/docs/tools-reference/file-transfer/filezilla/ . )
23:45<vibhor>select a file and try to download
23:45<vibhor>it shows download faild
23:46<millisa>which client are you using?
23:46<vibhor>bitvise ssh
23:47<millisa>and it has some means of downloading files built into it?
23:48<millisa>their sftp product that looks like this: https://www.bitvise.com/files/screenshots/BvSshClient-Sftp.png ?
23:50<vibhor>yes this
23:50<millisa>and it give no other hit of why the downlod failed?
23:51<vibhor>yes
23:51<vibhor>I have applied Pvt keys and firewall
23:51<vibhor>and also the root is disabled. is this the reason ?
23:53<millisa>if they were a problem it'd be at a point before you get to the file listings
23:53<millisa>when you pick a file a click 'download' does it start downloading, then partway through give the failure message? or do it immediately say it failed?
---Logclosed Tue Feb 25 00:00:11 2020