Hi,
I am a (delighted!) relatively new BF user and run two dozen websites under Centos and Virtualmin, with no email as I keep email off my webserver.
I am fed up with Cpanel in multiple ways and want to drop the server where I currently have all my email and mail forwarders.
Is another VPS on Centos with Virtualmin a good route to manage my and my clients’ email?
Or is there a better solution for a mail server?
Cheers
Hugh
Hello,
Perhaps of interest to those of you still on 32-bit installs¹,
Debian now has a "crossgrader" package that has just had its first
version uploaded to the "unstable" suite:
https://salsa.debian.org/crossgrading-team/debian-crossgrading/
I have used this manual process:
https://wiki.debian.org/CrossGrading
many times to go from i386 to amd64, but it is unsupported and scary
and depending on the exact packages you have installed can be very
tricky. It will ask you to approve actions that may destroy your
system.
I haven't yet had chance to try "crossgrader" myself yet, but I will
try it next time I have to do this. I would be interested in reading
your experiences of using it.
I gather that it would be wise to fully upgrade to the latest stable
release (buster) on i386 before trying to crossgrade to amd64,
either by this method or manually.
For those keen to switch to 64-bit, much of the benefits can be
obtained without most of the risk by only changing your kernel to
the amd64 architecture. After following the wiki article above to
the end of the "Install a kernel that supports both architectures in
userland" section, you would:
1. Connect to Xen Shell and use the "console" command if not already
in it.
2. Halt your VPS.
3. Use the Xen Shell "arch" command to switch to x86-64 bootloader.
4. Use the Xen Shell "boot" command to boot it.
5. When your own grub menu appears, select the amd64 kernel that is
listed, not the i686 one.
Provided everything seems to work okay you can then remove the i686
kernel packages, and the system will keep the -amd64 kernel packages
up to date. Your VPS is then a 64-bit one running a 64-bit kernel
but with almost entirely 32-bit userland.
Changing over the 32-bit userland by either the crossgrader package
or manually is where most of the complexity lies.
For context as to why you might want to switch away from 32-bit:
- The next major Xen release will remove 32-bit PV support. We'll
switch to PVH mode before then to allow remaining 32-bit guests to
still run.
- At the recent Xen Developer summit it was stated that "anyone
still running 32-bit PV is setting fire to 30% of their CPU".
- All manner of 32-bit-specific fixes, including security, are being
delayed and overlooked in the upstream Linux kernel, so switching
away from running an i686 kernel would be a good idea.
Cheers,
Andy
¹ 41.1% of customer VMs, according to our database.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
Server "elephant" unexpectedly crashed, then crashed twice more
shortly after rebooting but before completely starting all VPSes. It
is now crashing every time while trying to boot VPSes. I suspected
bug in last round of XSA patches so reverted to previous hypervisor,
but problem persists. We had an issue with "elephant" not so long
ago so it might be hardware fault *though no logs to back this up).
Still investigating, sorry.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi all,
I’ve noticed that over the past few reboot cycles for security patches, my VM suspends and restores fine, and all services restore fine except ntp, which never recovers. When checking the status of the service I get:
root@jaguar:~# service ntp status
● ntp.service - Network Time Service
Loaded: loaded (/lib/systemd/system/ntp.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:ntpd(8)
Restarting the service restores everything back to working order. But I can’t always guarantee that I can get to the console quickly, so the icinga email alerts keep rolling in…
If it makes a difference, I’m running Ubuntu 18.04.4, and ntp 1:4.2.8p10+dfsg-5ubuntu7.3.
I presume the issue is the huge jump in time the kernel/ntp service sees when the VM is restored, is there a good way of getting ntpd to handle this? Do other people see this issue, and if so, what solutions/workarounds do you use to prevent it happening?
Thanks,
Paul
Hello,
Unfortunately - and annoyingly only a month since the last lot -
some serious security bugs have been discovered in the Xen
hypervisor and fixes for these have now been pre-disclosed, with an
embargo that ends at 1200Z on 20 October 2020.
As a result we will need to apply these fixes and reboot everything
before that time. We are likely to do this in the early hours of the
morning UK time, on 17, 18 and 19 October.
In the next few days individual emails will be sent out confirming
to you which hour long maintenance window your services are in. The
times will be in UTC; please note that UK is currently observing
daylight savings and as such is currently at UTC+1. We expect the
work to take between 15 and 30 minutes per bare metal host.
If you have opted in to suspend and restore¹ then your VM will be
suspended to storage and restored again after the host it is on is
rebooted. Otherwise your VM will be cleanly shut down and booted
again later.
If you cannot tolerate the downtime then please contact
support(a)bitfolk.com. We may be able to migrate² you to
already-patched hardware before the regular maintenance starts. You
can expect a few tens of seconds of pausing in that case. This
process uses suspend&restore so has the same caveats.
It is disappointing to have another round of security reboots 28
days after the last lot, though before that there was a gap of about
330 days. Still, as there are security implications we have no
choice in the matter.
Cheers,
Andy
¹ https://tools.bitfolk.com/wiki/Suspend_and_restore
² https://tools.bitfolk.com/wiki/Suspend_and_restore#Migration
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce
Hi all,
I run an e-mail server on one of my BitFolk VPSs. It seems fine except
for one oddity which has arisen lately.
Some e-mails from BT Internet customers take of the order of 3 weeks to
arrive. Looking at the headers, they move around between a couple of BT
server to begin with, then sit on the final one for up to 3 weeks before
they are delivered to my server.
I can see no failed earlier attempts to deliver in my logs, and my
server receives e-mails fine from everyone else - just BT seems to be
the problem, and not even all the e-mails coming from BT.
Anyone else seen anything like this or can suggest a likely explanation?
In case it's of relevance, BT's delivery still seems to be IPv4 only.
My server advertises both IPv6 and IPv4 addresses.
Cheers,
John
--
Xronos Scheduler - https://xronos.uk/
All your school's schedule information in one place.
Timetable, activities, homework, public events - the lot
Live demo at https://schedulerdemo.xronos.uk/
My brain hurts.
A domain failed to renew Let’s Encrypt today on Centos 7 running Virtualmin.
No sign of .well-known directory under public_html.
Had a look on all 4 VPS on Centos 7 and Centos 8 (two with Bitfolk, two overseas) and none of the sites I checked have a .well-known directory any more!
Anyone seen this, or can offer a clue?
Kind regards,
Hugh
Hi,
A reminder that maintenance is scheduled for the early hours (UK
time) of 17, 18 and 19 October.
Irritatingly, this may end up having to be postponed. One of the
patches has problems and the vendor is still working on that. If
they come up with something in the next few hours I will still have
time to test it appropriately, but if they don't then I won't and
we'll have to postpone this maintenance for one week.
Please assume it is going ahead unless you are notified otherwise.
You should have all received a direct email telling you the hour
long maintenance window that each of your VMs is in. If you can't
find it please check your spam folders etc; it was sent on 7
October.
If you still can't find it, work out which host machine you're on¹,
and then the maintenance windows are:
elephant 2020-10-17 00:00
hen 2020-10-18 02:00
hobgoblin 2020-10-18 01:00
jack 2020-10-19 00:00
leffe 2020-10-19 01;00
macallan 2020-10-17 02:00
paradox 2020-10-18 00:00
snaps 2020-10-19 02:00
talisker 2020-10-17 03:00
These times are all in UTC so add 1 hour for UK time (BST).
Cheers,
Andy
¹ This is listed on https://panel.bitfolk.com/ and is also evident
from resolving <accountname>.console.bitfolk.com in DNS, e.g.:
$ host ruminant.console.bitfolk.comruminant.console.bitfolk.com is an alias for console.leffe.bitfolk.com.
console.leffe.bitfolk.com is an alias for leffe.bitfolk.com.
leffe.bitfolk.com has address 85.119.80.22
leffe.bitfolk.com has IPv6 address 2001:ba8:0:1f1::d
----- Forwarded message from Andy Smith <andy(a)bitfolk.com> -----
Date: Wed, 7 Oct 2020 09:20:29 +0000
From: Andy Smith <andy(a)bitfolk.com>
To: announce(a)lists.bitfolk.com
Subject: [bitfolk] Reboots will be necessary to address security issues, probably early hours 17/18/19
October
User-Agent: Mutt/1.5.23 (2014-03-12)
Reply-To: users(a)lists.bitfolk.com
Hello,
Unfortunately - and annoyingly only a month since the last lot -
some serious security bugs have been discovered in the Xen
hypervisor and fixes for these have now been pre-disclosed, with an
embargo that ends at 1200Z on 20 October 2020.
As a result we will need to apply these fixes and reboot everything
before that time. We are likely to do this in the early hours of the
morning UK time, on 17, 18 and 19 October.
In the next few days individual emails will be sent out confirming
to you which hour long maintenance window your services are in. The
times will be in UTC; please note that UK is currently observing
daylight savings and as such is currently at UTC+1. We expect the
work to take between 15 and 30 minutes per bare metal host.
If you have opted in to suspend and restore¹ then your VM will be
suspended to storage and restored again after the host it is on is
rebooted. Otherwise your VM will be cleanly shut down and booted
again later.
If you cannot tolerate the downtime then please contact
support(a)bitfolk.com. We may be able to migrate² you to
already-patched hardware before the regular maintenance starts. You
can expect a few tens of seconds of pausing in that case. This
process uses suspend&restore so has the same caveats.
It is disappointing to have another round of security reboots 28
days after the last lot, though before that there was a gap of about
330 days. Still, as there are security implications we have no
choice in the matter.
Cheers,
Andy
¹ https://tools.bitfolk.com/wiki/Suspend_and_restore
² https://tools.bitfolk.com/wiki/Suspend_and_restore#Migration
--
https://bitfolk.com/ -- No-nonsense VPS hosting
----- End forwarded message -----
_______________________________________________
announce mailing list
announce(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/announce