[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: stability level of testing

Greetings Andrew,

> Sent: Monday, December 06, 2021 at 12:13 AM
> From: "Andrew M.A. Cater" <amacater@einval.com>
> To: debian-user@lists.debian.org
> Subject: Re: stability level of testing
>
> On Fri, Dec 03, 2021 at 02:10:44PM +0100, daggs wrote:
> > Greetings David,
> >
> > > Sent: Friday, December 03, 2021 at 7:00 AM
> > > From: "David Christensen" <dpchrist@holgerdanske.com>
> > > To: debian-user@lists.debian.org
> > > Subject: Re: stability level of testing
> > >
> > > On 12/2/21 12:53 AM, daggs wrote:
> > > > Greetings David,
> > > >
> > > >> Sent: Thursday, December 02, 2021 at 4:21 AM
> > > >> From: "David Christensen" <dpchrist@holgerdanske.com>
> > > >> To: debian-user@lists.debian.org
> > > >> Subject: Re: stability level of testing
> > > >>
> > > >> On 11/30/21 11:28 PM, daggs wrote:
> > > >>> Greetings,
> > > >>>
> > > >>> I'm thinking of migrating my main server to Debian, I need stability and recent version of small number of pkgs.
> > > >>> in addition I need to recompile with a out of tree patch.
> > > >>> I had Debian stable before but replaced it because upgrade broke the system and the versions used for the mentioned above set of pkgs were too old for what I need.
> > > >>> I know that Testing has more recent pkgs version but I don't know how stable is it.
> > > >>>
> > > >>> any info will be appreciate.
> > > >>>
> > > >>> Thanks,
> > > >>>
> > > >>> Dagg.
> > > >>
> > > >>
> > > >> On 12/1/21 12:55 PM, daggs wrote:
> > > >>   > there will be 2 main facing the Internet connection, server's upgrade
> > > >> and the router vm.
> > > >>   > the rest is internal
> > > >>
> > > >>
> > > >> What version of Debian are you running?  What Debian packages?  What
> > > >> hypervisor?  Is the service in a VM?  Are all of the other services in
> > > >> VM's?  What service?  What are you recompiling?  What is the patch?
> > > >> What router software?
> > > >>
> > > >>
> > > >> David
> > > >>
> > > >>
> > > >
> > > > I was running debian, I'm not running now. I need kernel. qemu and libvirt mainly, the rest doesn't matters versionwise.
> > > > I have two vms, router and streamer.
> > > > the router has 5 pci devs pt, the streamer has 2 pci and 2 usb pt.
> > > >
> > > > the patch is infamous ACS Override kernel patch, that is the only one I compromise on
> > > > the router's os is openwrt, streamer os is libreelec
> > > >
> > > > Thanks,
> > > >
> > > > Eial
> > >
> > >
> > > Rather than getting fancy with virtualization and kernel patches,
> > > perhaps you should use a hardware firewall/ router device, a dedicated
> > > computer for LibreELEC (in a DMZ), and a general-purpose computer with
> > > Debian Stable for your LAN services (?).
> >
> > I cannot afford such setup nor do I have the place to put it in
> >
> > Thanks,
> >
> > Dagg
> >
>
> Hi Dagg,
>
> So (if I'm reading this correctly):
>
> You're running one computer - with a base from some Linux distribution.
>
> You want that to run libvirt and qemu but Debian's version was too old.
>
> You want to instantiate two VNs.
>
> One runs OpenWRT and "behaves" like a hardware router.
>
> One runs Librelec and "behaves" like a media streaming box
>
> You want to patch the kernel that runs on the main machine with an
> out of kernel patch for ACS override that looks as if it exposes your VMs to a
> security problem -
> https://www.reddit.com/r/VFIO/comments/bvif8d/official_reason_why_acs_override_patch_is_not_in/
>
> A possible way forward:
>
> * Backup your VMs to some sort of media
>
> * Build a basic Debian box with minimal services and no GUI - and no patch.
>
> * Maybe look to Docker to do this:
>
> https://forum.libreelec.tv/thread/23350-how-to-run-docker-containers/
>
> https://github.com/openwrt/docker
>
> To be honest - IMHO 3 x devices would not hurt, _especially_ a hardware
> modem/router.
>
> Doing this all on one machine - what happens when something locks up / one
> piece of hardware breaks - do you lose everything?
>
> All the very best, as ever,
>
> Andy C.

you are correct. that is what I'm currently running.
as for your remarks:
1. I know the about the acso patch, that is my only exception, it is out of necessity.
2. I cannot get 3 devices, it will not pass budget-wise and wife-wise.
3. the system rarely breaks, I had one mb failure and a few os related issue, apart from that, it worked great. I have redundancies, however it requires using insecure/outdated applicants.
4. I'm not sure if it is possible to run ui programs in a docker. I'll look into it, thanks.
5. my openwrt and libreelec are self compiled, I need to how to run them properly inside the docker.
6. I work with dockers on a dally basis, it get stuck/freezes atleast once a day. I cannot have either of my containers getting stuck once a day

thanks for the info, I'll look into it, maybe dockers is the right way for me.

Dagg
Reply to: