Hi,
After a recent update of the cloud-init package on Ubuntu 22.04
something appears to be going wrong and cloud-init is being run at
every boot - WHICH WILL LEAD TO YOUR NETWORKING CONFIG BEING
DELETED.
In addition, the password of the "ubuntu" user is locked and the SSH
host keys are regenerated.
I do not yet know whether this is the result of some misuse of
cloud-init on our part, or some bug in cloud-init. The outcome is so
bad that I have to warn you about this as soon as possible, before
I've fully understood the issue.
It is safe — and at this stage recommended — to simply remove the
cloud-init package which serves no purpose at BitFolk after first
boot.
$ sudo apt remove cloud-init
If it is too late for you and you already did reboot and are now
wondering why your VM has no network and is trying to DHCP for one,
here's how to fix things.
1. Connect to your Xen Shell with
ssh accountname(a)accountname.console.bitfolk.com
More info: https://tools.bitfolk.com/wiki/Xen_Shell
1. Work out how you're going to get root access from a console log
in prompt. If you have a user other than the initial "ubuntu" one,
you'll use that. If you don't, you'll need to reset the password for
"ubuntu" as it has now been locked.
If you have a login already, use "console" command and log in to
your VM at its console.
If you need to reset the "ubuntu" password:
a) Make sure VM is shut down
xen shell> shutdown
b) Follow these instructions substituting "ubuntu" for "root":
https://tools.bitfolk.com/wiki/Resetting_root_password
then "boot" your VM again and log in as "ubuntu".
2. At this point you're logged in as "ubuntu" on a VM with no
network.
Put /etc/netplan/50-cloud-init.yaml back to how it was. Here is
an example file:
https://tools.bitfolk.com/wiki/Ubuntu#Migrate_to_netplan
The "gateway" statements are deprecated but will still work.
Make sure to "chmod go= /etc/netplan/50-cloud-init.yaml" so it
has correct permissions
$ sudo netplan generate
$ sudo netplan apply
Your networking should now work again
3. sudo apt remove cloud-init
It will now be safe to reboot in future.
As I say I am still looking into where the problem lies here and the
best way to fix it.
The example netplan config linked above has some deprecated
statements in it which I will also fix (if it doesn't have
"gateway4" etc in it any more then I did already by the time you
read this), but it does (still) work.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello,
I'm thinking about running a small web & email server at home. We have a fixed IP address (only IPv4, we don't have an IPv6 address).
I'm wondering if anyone knows of any issues we might come across. For instance, will people like spamhaus recognise it as a residential IP and blacklist it because of that?
Robin
Hi,
This email only of interest to users of Ubuntu 22.04 and beyond.
I'm just dealing with a support ticket where an Ubuntu 22.04 VM was
rebooted and lost its networking configuration.
For Ubuntu 22.04, initial networking (and other) configuration is
baked into a "seed image" which is mounted as /dev/xvdz at first
boot. cloud-init then uses that information to create a netplan
config file in /etc/netplan/. This VM was found to no longer have
that config, but instead only have some sort of default config that
tried to use DHCP.
I don't yet know how this happened. I would like to.
If this happens to you, you will need to log in by the Xen Shell
console and configure your networking again. Here is an example of a
netplan config for BitFolk:
https://tools.bitfolk.com/wiki/Ubuntu#Migrate_to_netplan
After generating and applying that (with your correct details) I
would expect things to be fine.
If this does happen to you I would very much like to know and also
if you have any insight into how your working configuration got
deleted.
I've only sent this to the users list (not announce@) at this stage
because I have no idea what caused it or if it's likely to happen
again to anyone else.
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hi,
Apologies for exposing my ignorance in public like this, but can somebody tell me how I'd know if my Debian Bookworm system has been patched to ensure it's no longer vulnerable to the "Looney Tunables" privilege escalation (https://www.debian.org/security/2023/dsa-5514)?
The fix is apparently in the most recent glibc source package. I don't seem to have that glibc package installed (and it's a source package, not a binary?), but I read that stock installs of Debian (and most linuxes) are vulnerable. Which actual binary packages need to be updated to fix the vulnerability in the dynamic loader, and how does this relate to the source package?
Cheers,
jmi
--
Jamie MacIsaac
jamie(a)macisa.ac
Hi,
is something up with b.authns.bitfolk.com. ?
Currently, for me, of all failed queries to x.authns.bitfolk.com., 98%
of those fail on b.authns
Started around 9pm BST on 13/9/2023.
Thank,
Conrad
My own stupid fault for blindly following tutorials in the dim and distant
past (2019) I guess and not then "backing that up" with learning exactly
what it was you just did...
I had a very small "ZFS infrastructure" set up. Small VM on a XenServer
install; worked beautifully.
USB disk that housed the XenServer install died, no more metadata/config,
but all the VHDs were safely stored on external NFS disks. "Burned" a new
USB on newer XCP-ng, started building new VMs. Nothing lost but time...
But...
When it comes to the ZFS volumes I find myself with 6 VHDs for one
"mirrored pair", and I don't entirely know how to "attach" them to see the
content/figure out which two are the current pair.
I have the VM these ZFS VHDs belong to reinstated (bless Linux and
/etc/hostname), but my novice ZFS skills ran out long ago. Is there a
"simple" way to RO mount an individual zpool member (from a pair) and see
what's on it? I'm happy enough going one VHD at a time if it's possible...
Kind regards
Murray Crane
This is directly a "work query", but I'm hoping there are some folk out
there with way more Exchange knowledge than me.
When we set up Exchange 2010 for work, we somewhat followed MS "best
practice guidance" and made a DAG between the two VMs, and it's been way
more trouble than it's worth on more than one occasion.
Since we really do need to be upgrading to a newer Exchange now, is it
possible to go from a DAG setup back to a single server on a newer Exchange?
Kind regards
Murray Crane
Hi All,
I am trying, and failing, to set up postfix and google is not playing nice.
The domain name of my server is ianhobson.com
The message I sent is
echo "This is the message body" | mail -s "Hello world 7"
hobson42(a)google.com
The txt record for ianhobson.com contains the entry:
v=spf1 ip4:85.119.83.63 ip6:2001:ba8:1f1:f159::2 include:_spf.google.com
-all
My message bounced ...
--000000000000779e540603f583f0
Content-Type: message/rfc822
X-Google-Smtp-Source:
AGHT+IEp9prm+RYt9RU4zCwTQ3RtchA2FcY6YsplVKwCVE6xm4NDC8r9xgRVISiZKbp+XA0ARsLc
X-Received: by 2002:a05:600c:b42:b0:3fe:1fd9:bedf with SMTP id
k2-20020a05600c0b4200b003fe1fd9bedfmr19347254wmr.11.1693202867117;
Sun, 27 Aug 2023 23:07:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1693202867; cv=none;
d=google.com; s=arc-20160816;
b=B1rJ+GcvNSZSWuXvkd0eJmcKuTh3u5xYoevSMwGo9AYZiBFw7zxRTp1TyUDCytUxPj
X88FC/M2i02OY3hbpWZovRTvfTt7qDr9foar4MejQ2AUaoNPSCzGhw4mh3N8L6jpYOAZ
Bwp2+1Uu0cOJEAxkcolV5vpepJNLyviWo+tugpPQ1VoOVkbnnYkc1e3W62jJZkUyQmW4
dyKhs261pJxj3t+mRaXCuu0KCpubpUFut3MTCCrc+YDqWoe1l3Iqmdq3vUctAF5zCyZx
q9Hm5KaLnL8ByBD06KGMExVYrrl1KSPkduHP4eO5b3Wf5onH6BoqcA9RVG1NDCvj572J
X1BA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=google.com; s=arc-20160816;
h=from:date:message-id:to:subject;
bh=xAjO0M9TPUb7cMQCtftlB6qyGZ///K1cOTl9KtbIS7o=;
fh=GAhnp/c7C3JdQ2Hhj44GY0EPYm7p/BemqzOophPSH38=;
b=z29ZintE4XH0/vzj1A2PMoWhUCMlbKIYVh/919smU+pbaTWrxezz+MDno71mRW2pzn
RL/q7mS3GNHVcAp8VadqeAomBQetQ9fexWmClyBhynFNma5JYRnxZFqzNBpDtKnQBO5f
34tk7vXrVRhC7gobov93uvJ0n2A8BaDcL7FMqthLdizMW7UuzcMNV01gnPw1S0e4Ru1b
jBtDeToW5GPdAPBeYM63ndMgxelMIQr5DZhhsf6dMdjN+qefkmXG0FSRCXTkxAeE0ImL
ulduc7GYoL1nCQ1O5Q/0U8+L4mB+oJXiHeWRFY9zyO67WWXImeZJ/kwPF6Esc/3prF+a
hOig==
ARC-Authentication-Results: i=1; mx.google.com;
spf=fail (google.com: domain of ian(a)ianhobson.com does not
designate 2001:ba8:1f1:f159::2 as permitted sender)
smtp.mailfrom=ian(a)ianhobson.com
Return-Path: <ian(a)ianhobson.com>
Received: from ianhobson.com
(2001-ba8-1f1-f159-0-0-0-2.autov6rev.bitfolk.space. [2001:ba8:1f1:f159::2])
by mx.google.com with ESMTPS id
n27-20020a05600c181b00b003fee7bfd47dsi5015614wmp.74.2023.08.27.23.07.47
for <hobson42(a)google.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 27 Aug 2023 23:07:47 -0700 (PDT)
Received-SPF: fail (google.com: domain of ian(a)ianhobson.com does not
designate 2001:ba8:1f1:f159::2 as permitted sender)
client-ip=2001:ba8:1f1:f159::2;
Authentication-Results: mx.google.com;
spf=fail (google.com: domain of ian(a)ianhobson.com does not
designate 2001:ba8:1f1:f159::2 as permitted sender)
smtp.mailfrom=ian(a)ianhobson.com
Received: by ianhobson.com (Postfix, from userid 1000)
id DA2F7C00C5; Mon, 28 Aug 2023 07:07:46 +0100 (BST)
Subject: Hello world 7
To: <hobson42(a)google.com>
X-Mailer: mail (GNU Mailutils 3.7)
Message-Id: <20230828060746.DA2F7C00C5(a)ianhobson.com>
Date: Mon, 28 Aug 2023 07:07:46 +0100 (BST)
From: Ian Hobson <ian(a)ianhobson.com>
This is the message body
--000000000000779e540603f583f0--
The proofpoint check
https://www.proofpoint.com/us/cybersecurity-tools/dmarc-spf-creation-wizard…
confirms the data.
What is going wrong?
Thanks
Ian
--
Ian Hobson
Tel (+66) 626 544 695
Hi All,
My VPS normally has 45% to 50% disk space free. (7GB)
This morning I find that it ran out of disk space on 22nd, and this
stopped email alerts getting to me, stopped all the websites from
working. All my clients were emailing to ask what was wrong, and those
emails were not getting through either. :(
I do have fail2ban set up, and uptime robot is checking the websites are
up.
How can I set up something to alert me of this problem before it becomes
critical? Say disk space used over 75%.
Many thanks
Ian
--
Ian Hobson
Tel (+66) 626 544 695
The latest emails from the list are all falling foul of Fastmail’s spam checking:
X-Spam-score: 11.1
X-Spam-hits: BAYES_00 -1.9, DCC_REPUT_13_19 -0.1, HTML_MESSAGE 0.001,
MAILING_LIST_MULTI -1, ME_HAS_VSSU 0.001, ME_SENDERREP_NEUTRAL 0.001,
RCVD_IN_SBL_CSS 3, RCVD_IN_ZEN_LASTEXTERNAL 8, SH_BODYURI_REVERSE_CSS 3,
SPF_HELO_NONE 0.001, SPF_PASS -0.001, URIBL_CSS_A 0.1, LANGUAGES en,
BAYES_USED user, SA_VERSION 3.4.6
X-Spam-source: IP='85.119.80.246', Host='lists0.bitfolk.com', Country='GB',
FromHeader='com', MailFrom=‘com'
It appears to be because 85.119.80.246 is in the Spamhaus CSS block list:
https://check.spamhaus.org/listed/?searchterm=85.119.80.246
Looks like you can request removal on that page.
Cheers,
Mike
