!HLBStaftFvLwcRYYYz:envs.net

#sysadmin | Systems Administrators

634 Members
All things system administration  —  GNU, Linux, UNIX, BSD, awk, grep, sed, etc.115 Servers

Load older messages


SenderMessageTime
29 Mar 2023
@delphus:matrix.orgdelphus * while nfs seems like a good way of sharing terraform's states, a local S3 bucket that is fully supported by terraform could give you piece of mind in the future.14:30:14
@delphus:matrix.orgdelphus
In reply to @fluffeh:matrix.org
hi, I am havig trouble executing terraform command on an NFS share. e.g. terraform validate returns a 'Failed to read provisioner configuration schema.... permission denied'. On the NFS server the share is owned by used with uid and gid 1000. on the client the terrafom command is run under a user with the same name uid and gid as on the server. I am able to create read execute and destroy any file on mounted share, yet when I run the terraform command it always fails to execuute the provider files located under .terraform. I've tried deleting the .terraform folder and the lock file and reinstalled the providers with init but still doesn't work. Any ideas what to do? (if I copy the TF configs folder locally it works without issues)
* I'm sure you want to share terraform states across network, what's probably why the nfs solution, but if you have enough time, you should check minio server installation, then create a bucket in there and consider using it as a S3 backend for your local terraform
14:34:13
@zzs:envs.netzzs joined the room.21:41:25
30 Mar 2023
@penguintech1:matrix.orgPenguinTech1 changed their profile picture.09:04:39
@fluffeh:matrix.orgf1{_}ff3}{it's not for sharing tf state, I have my home mounted as NFS, both server and client have the user that owns/accesses the share with same name, uid and gid09:48:44
@fluffeh:matrix.orgf1{_}ff3}{the NFS server is on Truenas and did the setup entirely from GUI09:49:20
@fluffeh:matrix.orgf1{_}ff3}{NFSv409:49:44
@Megaf:matrix.orgMegaf changed their display name from Megaf to MegafTest.13:41:31
@Megaf:matrix.orgMegaf changed their display name from MegafTest to Megaf.13:42:10
@homeburger:matrix.org🍔how do you get a windows machine to accept the .lan psuedo-tld? it turns out my router used that by default, and the linux (and android) machines i have respect it14:19:43
@effendy:matrix.orgeffendy.lan is dedicated to mDNS, so it's problematic.15:09:51
@natrius:matrix.orgnatriusThats why you should buy a regular TLD and use that internally as well :)15:40:41
@hashborgir:mozilla.org🍄 HB 🌿Does the router have a DNS server? Or does router associate IP to machine hostname itself, so when you query by hostname, you get the right IP via the router?15:48:06
@hashborgir:mozilla.org🍄 HB 🌿I mean if you run a split DNS internally, you can use whatever fake domains you want. Who is doing the DNS resolution in your LAN?15:49:31
@jomat:asra.gr𝚓𝚘sounds like a terrible idea. sure, it's possible, but remembers me of a former boss who was always panicking the chinese could steal his technology but used a public chinese net range in the companies LAN 🤣15:58:15
@hashborgir:mozilla.org🍄 HB 🌿Split DNS is a fairly normal thing in the industry. 15:59:09
@hashborgir:mozilla.org🍄 HB 🌿
In reply to @jomat:asra.gr
sounds like a terrible idea. sure, it's possible, but remembers me of a former boss who was always panicking the chinese could steal his technology but used a public chinese net range in the companies LAN 🤣
What is a terrible idea?
15:59:27
@effendy:matrix.orgeffendy
In reply to @jomat:asra.gr
sounds like a terrible idea. sure, it's possible, but remembers me of a former boss who was always panicking the chinese could steal his technology but used a public chinese net range in the companies LAN 🤣
That meant that the company would probably never be able to access the actual public IPs. Good trick!
19:19:30
@effendy:matrix.orgeffendy
In reply to @natrius:matrix.org
Thats why you should buy a regular TLD and use that internally as well :)
That, or actually use a dedicated domain for internal use like .internal
19:20:31
@hashborgir:mozilla.org🍄 HB 🌿 * I mean if you run a split DNS internally, you can use whatever custom tld you want. Who is doing the DNS resolution in your LAN?19:23:14
@peter:peterjin.orgpeterIt's fine as long as the TLD has numbers or dashes (but is not all numbers or starts with a number) such as example.area5119:54:09
@peter:peterjin.orgpeterDue to ICANN restrictions on new gtlds19:54:29
@effendy:matrix.orgeffendyI wouldn't risk it. Some software might be more restrictive than others. For instance apache doesn't allow underscores in domains, but nginx does. So you might never know where you're going to need it.20:05:47
@jomat:asra.gr𝚓𝚘
In reply to @effendy:matrix.org
That meant that the company would probably never be able to access the actual public IPs. Good trick!
Yeah… but… no. Another part of his "security concept" was that we physically had two ethernet cables, we had to plug in internet or intranet … maybe that was the missing link for facepalm time…
20:08:03
@effendy:matrix.orgeffendy
In reply to @jomat:asra.gr
Yeah… but… no. Another part of his "security concept" was that we physically had two ethernet cables, we had to plug in internet or intranet … maybe that was the missing link for facepalm time…
Yeah, it was obviously a joke.
20:08:39
@jomat:asra.gr𝚓𝚘
In reply to @effendy:matrix.org
That, or actually use a dedicated domain for internal use like .internal
lulz, yes, currently working in a company that used .int as internal "fake" domain… just that it's also an icann domain
20:09:34
@effendy:matrix.orgeffendyBut that trick with two ethernet cables is great :D20:10:10
@jomat:asra.gr𝚓𝚘yeah… and ppl got tired of unplugging them all the time, so they found some cheap nic in some box and put it in their pc…20:11:17
@jomat:asra.gr𝚓𝚘gradual chaos… heading for a nightmare.20:12:29
@jomat:asra.gr𝚓𝚘and imho split horizon dns is similar bungle20:13:13

There are no newer messages yet.


Back to Room ListRoom Version: 6