29 Mar 2023 |
delphus | * while nfs seems like a good way of sharing terraform's states, a local S3 bucket that is fully supported by terraform could give you piece of mind in the future. | 14:30:14 |
delphus | In reply to @fluffeh:matrix.org hi, I am havig trouble executing terraform command on an NFS share. e.g. terraform validate returns a 'Failed to read provisioner configuration schema.... permission denied'. On the NFS server the share is owned by used with uid and gid 1000. on the client the terrafom command is run under a user with the same name uid and gid as on the server. I am able to create read execute and destroy any file on mounted share, yet when I run the terraform command it always fails to execuute the provider files located under .terraform. I've tried deleting the .terraform folder and the lock file and reinstalled the providers with init but still doesn't work. Any ideas what to do? (if I copy the TF configs folder locally it works without issues) * I'm sure you want to share terraform states across network, what's probably why the nfs solution, but if you have enough time, you should check minio server installation, then create a bucket in there and consider using it as a S3 backend for your local terraform | 14:34:13 |
| zzs joined the room. | 21:41:25 |
30 Mar 2023 |
| PenguinTech1 changed their profile picture. | 09:04:39 |
f1{_}ff3}{ | it's not for sharing tf state, I have my home mounted as NFS, both server and client have the user that owns/accesses the share with same name, uid and gid | 09:48:44 |
f1{_}ff3}{ | the NFS server is on Truenas and did the setup entirely from GUI | 09:49:20 |
f1{_}ff3}{ | NFSv4 | 09:49:44 |
| Megaf changed their display name from Megaf to MegafTest. | 13:41:31 |
| Megaf changed their display name from MegafTest to Megaf. | 13:42:10 |
🍔 | how do you get a windows machine to accept the .lan psuedo-tld? it turns out my router used that by default, and the linux (and android) machines i have respect it | 14:19:43 |
effendy | .lan is dedicated to mDNS, so it's problematic. | 15:09:51 |
natrius | Thats why you should buy a regular TLD and use that internally as well :) | 15:40:41 |
🍄 HB 🌿 | Does the router have a DNS server? Or does router associate IP to machine hostname itself, so when you query by hostname, you get the right IP via the router? | 15:48:06 |
🍄 HB 🌿 | I mean if you run a split DNS internally, you can use whatever fake domains you want. Who is doing the DNS resolution in your LAN? | 15:49:31 |
𝚓𝚘 | sounds like a terrible idea. sure, it's possible, but remembers me of a former boss who was always panicking the chinese could steal his technology but used a public chinese net range in the companies LAN 🤣 | 15:58:15 |
🍄 HB 🌿 | Split DNS is a fairly normal thing in the industry. | 15:59:09 |
🍄 HB 🌿 | In reply to @jomat:asra.gr sounds like a terrible idea. sure, it's possible, but remembers me of a former boss who was always panicking the chinese could steal his technology but used a public chinese net range in the companies LAN 🤣 What is a terrible idea? | 15:59:27 |
effendy | In reply to @jomat:asra.gr sounds like a terrible idea. sure, it's possible, but remembers me of a former boss who was always panicking the chinese could steal his technology but used a public chinese net range in the companies LAN 🤣 That meant that the company would probably never be able to access the actual public IPs. Good trick! | 19:19:30 |
effendy | In reply to @natrius:matrix.org Thats why you should buy a regular TLD and use that internally as well :) That, or actually use a dedicated domain for internal use like .internal | 19:20:31 |
🍄 HB 🌿 | * I mean if you run a split DNS internally, you can use whatever custom tld you want. Who is doing the DNS resolution in your LAN? | 19:23:14 |
peter | It's fine as long as the TLD has numbers or dashes (but is not all numbers or starts with a number) such as example.area51 | 19:54:09 |
peter | Due to ICANN restrictions on new gtlds | 19:54:29 |
effendy | I wouldn't risk it. Some software might be more restrictive than others. For instance apache doesn't allow underscores in domains, but nginx does. So you might never know where you're going to need it. | 20:05:47 |
𝚓𝚘 | In reply to @effendy:matrix.org That meant that the company would probably never be able to access the actual public IPs. Good trick! Yeah… but… no. Another part of his "security concept" was that we physically had two ethernet cables, we had to plug in internet or intranet … maybe that was the missing link for facepalm time… | 20:08:03 |
effendy | In reply to @jomat:asra.gr Yeah… but… no. Another part of his "security concept" was that we physically had two ethernet cables, we had to plug in internet or intranet … maybe that was the missing link for facepalm time… Yeah, it was obviously a joke. | 20:08:39 |
𝚓𝚘 | In reply to @effendy:matrix.org That, or actually use a dedicated domain for internal use like .internal lulz, yes, currently working in a company that used .int as internal "fake" domain… just that it's also an icann domain | 20:09:34 |
effendy | But that trick with two ethernet cables is great :D | 20:10:10 |
𝚓𝚘 | yeah… and ppl got tired of unplugging them all the time, so they found some cheap nic in some box and put it in their pc… | 20:11:17 |
𝚓𝚘 | gradual chaos… heading for a nightmare. | 20:12:29 |
𝚓𝚘 | and imho split horizon dns is similar bungle | 20:13:13 |