***: Erick- has left "."
novae has quit IRC (Ping timeout: 252 seconds)
novae has joined #arpnetworks
novae has quit IRC (Changing host)
novae has joined #arpnetworks
novae has quit IRC (Ping timeout: 264 seconds)
novae has joined #arpnetworks
novae has quit IRC (Ping timeout: 252 seconds)
Erick- has joined #arpnetworks
novae has joined #arpnetworks Erick-: admin on? RandalSchwartz: does it have to be an admin? Erick-: maybe not RandalSchwartz: many of us are longtime arp customers. Erick-: to enable my ipv6 ip's RandalSchwartz: I think you already have the allocation and routing by default.
at least I did when I started. Erick-: I can only ping one of those ip's
the ::2
but ::3 is nothere to be found
much less ::f000 RandalSchwartz: do you have a /64 or a /48?
and what platform Erick-: prefixlen 64
freebsd
91 or 9.2
9.1 * RandalSchwartz: ... http://support.arpnetworks.com/kb/main/how-to-configure-ipv6-on-freebsd Erick-: did that RandalSchwartz: then why are you talking about ::3? did you add an additional interface?
does netstat -rn show a default route for ipv6? Erick-: good idea
will try that
brb -: RandalSchwartz still wonders why Erick- mentioned :3 and ::f000, which aren't on that wiki page
brycec wonders too
Erick- gives up for now ***: Erick- has left "." RandalSchwartz: even curiouser brycec: Oookay
It's something that Just Works
Perhaps he had some restrictive firewall rules? RandalSchwartz: it just works, when you work it. :) -: brycec works it RandalSchwartz: ... https://www.youtube.com/watch?v=FFnG3jVWDaM BryceBot: YouTube Music: "Aaliyah ~ Work It (Baby)" by RicoCoracao2011 (3m 26s), 3,770 views, 17 likes and 0 dislikes. Uploaded 2012-01-08T17:49:58.000Z. brycec: My "working it" doesn't look anything like that, guess I'm a failure. ant: well, he is gone now anyway, but i guess adding an additional ip address to his primary interface was what he wanted to do brycec: Maybe he assumed that the entire /64 was routed to him, therefore his host should see/respond to ::3 and ::f000 RandalSchwartz: yeah - was wondering that
like even though I have a ipv4 /28.. my host wouldn't respond to anything until I aliased it. brycec: You have an entire /28? :P
oh wait you said v4 nvm me
True - perhaps he A) Doesn't get it, and/or B) Was expecting to see the traffic anyways, on tcpdump or the like RandalSchwartz: I do have about 6 /48's of ipv6 though
we had this conversation before, as I recall.
about enumerating the stars in the sky or something m0unds: hahaha RandalSchwartz: according to wolfram alpha, I'd need 78 bits. Darn... not enough yet.
... http://www.wolframalpha.com/input/?i=2+to+the+78+power+divided+by+number+of+stars+in+the+sky
my mere 60 bits * 6 isn't enough
wait... isn't that a /50 ?
78 bits out of 128... would be /50 prefix
yeah - so I can ennumerate all the stars in the observable univers 4 * 6 = 24 times! brycec: lol yeah RandalSchwartz I recall that convo. But a whole ipv6/28... plett: My work is an ISP, so we have a /32 of IPv6. But we also have the next 7 /32s after ours reserved for us at the RIR. So we can get a contiguous /29 of IPv6 should we have a need for it. ***: dne has quit IRC (Ping timeout: 252 seconds)
dne has joined #arpnetworks RandalSchwartz: ugh. how do I reboot a dedicated box?
what the heck is IPMI?
$client is dead in water until I get help staticsafe: IPMI is out-of-band access RandalSchwartz: Looks like I never got my openvpn credentials.
Well, this sucks.
I mean, I sent the request... staticsafe: :o RandalSchwartz: so crap... I have a primary box down (hard metal), and I can't bring it back up
it makes the rest of $clients machine useless brycec: That's weird, because I know up_the_irons makes it a point to test OpenVPN access before even setting up a dedi box
At least, up_the_irons has stated that he does in the past acf_: I seem to remember having to install the OS myself on my dedicated box
using IPMI m0unds: hm RandalSchwartz: well - crisis resolved... but it revealed a hole in the process. :)
good that we found that now, instead of those rare hours when up_the_irons is asleep :)
pager duty says "all incidents resolved" Yeay brycec: acf_ makes a good point... RandalSchwartz: I installed the OS myself using the virtual console
I've never touched an IMPI before
oh... I see what you're saying
well, we had a contractor bring up the initial box
(not me) brycec: http://support.arpnetworks.com/kb/dedicated-servers/how-do-i-access-my-arp-metal-dedicated-server-console :P RandalSchwartz: Yes - I see that. brycec: Guess that explains why you don't have OpenVPN credentials RandalSchwartz: but it just says "IPMI", but I have no idea what I will see once I go there
right... wasn't until the first time I tried to find it on the ssh console thing that I noticed. brycec: IPMI is a protocol too, it's not "one thing" that "you'll see" RandalSchwartz: so what do you see here? :) brycec: RandalSchwartz: start by installing openvpn and ipmitools on your workstation RandalSchwartz: I have tunnelblick brycec: oh you're on a mac
I have no idea how to ipmi from a mac.... RandalSchwartz: I wonder if macports has ipmitools -: brycec hits up Google RandalSchwartz: No match for ipmitools found brycec: RandalSchwartz: looks like Mac already has ipmitool installed ?
https://developer.apple.com/library/mac/documentation/Darwin/Reference/Manpages/man1/ipmitool.1.html
Suggests that it's already there RandalSchwartz: % man ipmitool
No manual entry for ipmitool brycec: My macbookpro 10.9 has it
% which ipmitool
/usr/bin/ipmitool
(and the man page) RandalSchwartz: running 10.8, not 10.9 brycec: I have no idea when it was introduced... I suspect earlier than 10.9 though RandalSchwartz: risky to upgrade unless I've got a day to fix everything
haven't had that day
well... not on 10.8, so somewhere between 10.9.0 and yours :) brycec: Or it was part of xcode RandalSchwartz: I have xcode installed
otherwise, I wouldn't be using macports :)
or building emacs daily brycec: heh RandalSchwartz: without this tool, will I not be able to do anything? brycec: (10.9.3 is current btw)
Short answer: yes RandalSchwartz: I suspect I'll "migrate" to my next box, which will already have mavericks brycec: I suspect there may be other tools out there that speak IPMI RandalSchwartz: that way if something is broken, I can still use the old box for thatuntil fixed.
Oh - it's in macports brycec: There might even been some built-in web server on the ARP Metal box's IPMI controller RandalSchwartz: I just typed it wrong up_the_irons: RandalSchwartz: i re-sent your cert just now brycec: RandalSchwartz: FYI ipmitool is installed as part of Apple's "Server Admin Tools"
(that's why I have it) RandalSchwartz: thank you up_the_irons
and ipmitool built successfully
and yes, not running server brycec: (You don't have to be running "server" just administering one, and even then it's still a free download)
(but no reason to install all that just for one tool) RandalSchwartz: staring at manpage now
maybe there's some tutorials brycec: up_the_irons: reading the KB article, looks like there's no need to use ipmitool?
"Visit the link labeled IPMI URL"
suggests there's a web "viewer" up_the_irons: RandalSchwartz: brycec : yeah i dunno why you guys are using ipmitool. if you can run ipmitool, then you ALREADY have access to the server. You want IPMI for things like out-of-band console, power control, etc... -: RandalSchwartz is relocating, but will scroll back at new location up_the_irons: so just visit the "IPMI URL" which is listed in the Portal for your particular ARP Metal(tm) machine. you have to be on the VPN for that link to work. brycec: lol sorry up_the_irons I was trying to help where I could. I've only dealt with ipmitool a little, to reboot boxes and monitor sensors.
A web interface on the BMC is just magic and voodo
*voodoo
(And don't even get me started on AMT or ASF, fucking Intel...) up_the_irons: brycec: no worries :) dne: up_the_irons: ipmitool works over the network too up_the_irons: hmm.. i suppose that's true dangel: ARP Metal tm/ >_< tm/ up_the_irons: hhahahahhaahah
i should srsly use that
there might even be a unicode version dangel: lol RandalSchwartz: unicode sucks, but it sucks less than everything before it.
except, of course, just normal ascii. :)
I mean... if ascii is good enough for Jesus, it's good enough for me. I never saw any latin-1 or kanji in the bible! ant: i did dne: yeah I bet ascii works great for hebrew, aramaic and greek ant: "Im Anfang erschuf Gott Himmel und Erde; die Erde aber war wüst und wirr, Finsternis lag über der Urflut und Gottes Geist schwebte über dem Wasser." <-- see, latin-1/unicode in the very first sentence ;) RandalSchwartz: A passphrase is required to access the network
what would that be?
Oh ugh. It's probably the one I didn't write down or put into 1Password
Might have to start this all over
ahh... guessed it in three
heh.. the IPMI cert expired April 11, 2014
oops
Java... Ugh.
except... it appears not to be updating
so maybe this was all for naught. :(
yeah... every time I want to do something interesting, it asks to update java
and then does nothing
ahh... need new java
no auto install :(
Oracle still messing things up
THIS USED TO WORK.. :) m0unds: ugh, really would love if qwest would fix this link flapping bullshit
we have links at work from twt and qwest - twt is down because of a hardware failure and qwest is flapping every 3 minutes for 45-60 seconds RandalSchwartz: well.. with java installed, now permits me to have reboot. still don't know how to see virtual console.
but I may be able to work that out later. mercutio: randal: i've had issues with the new java and old applications
you may actually find using an older version of java works better
it was whatever the major version jump was? 6 to 7 or something RandalSchwartz: osx apparently doesn't allow 6 anymore
security issues mercutio: use virtualbox
well thats' what i did
easier than trying to maintain multiple versions of java
i also used xp, ... living on the edge.. RandalSchwartz: the trailing edge!
there was an aviation wing design company that was very good at certain parts... and advertisted themselves as "the leading edge in trailing edge design" m0unds: haha, nice up_the_irons: using Docker with Chef / Kitchen. This is actually pretty cool... m0unds: http://i.imgur.com/PKOpseS.jpg staticsafe: well crap
looks like HE's DNS service is down m0unds: uh oh, their authoritative svc? mnathani: staticsafe: wow, no kidding staticsafe: testing atm, and yes their auth NSes m0unds: ouch mnathani: so much for anycast and free primary and secondary dns service
I got responses from ns3 and ns4, but really long response time;; Query time: 1523 msec m0unds: outages happen, anycast isn't magic
yea, no answer at all for me from any of them staticsafe: http://pastie.org/pastes/9348773/text?key=pgbgn6cqpdt9kmyrpznoa from my testing ***: thestereobus has joined #arpnetworks mnathani: dig dns.he.net @ns1.he.net << that works though RandalSchwartz: mnathani - you updated to allow their new slave to slave from you?
oops... m0unds I mean
they changed the machines they slave from mnathani: RandalSchwartz: I was wondering RandalSchwartz: if you have strict "no AXFR except for slaves", it'll break now
I got email, but I don't care, because I allow AXFR from anyone m0unds: RandalSchwartz: i don't use their svc, just know someone who does
so i tested dig theirdomain.tld @ whateverns.he.net brycec: I'm able to dig my domains currently... but it's been awhile since you mentioned the issue, so perhaps resolved staticsafe: yeah m0unds: can you dig it? brycec: yes he can ***: thestereobus has quit IRC (Quit: thestereobus)
SpeedBus has quit IRC (Quit: SpeedBus@CrownCloud.net) mnathani: staticsafe: Doesnt look like you have an A record defined for that domain. http://pastebin.com/bTRF07hY ***: Guest68160 has joined #arpnetworks