Re: Sun revokes FreeBSD license for Java
This is Paul Krill of Infoworld magazine. I would like to speak with someone at FreeBSD regarding issues with Sun. I am at 415-978-3228 or email me with a number where I can call you. Thanks. Where did you get this information? http://www.javalobby.com/forums/thread.jspa?threadID=16511 http://www.freebsdfoundation.org/press/20041221-newsletter.shtml It seems pretty clear that Paul is attempting to do some sort of story on this. Why here? Well.. -questions would seem be a general place to .. ask questions? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Run away CPU FreeBSD 4.9 Release #0
[snip] Some processes run away with the CPU. Screen is one of the worst offenders along with python.. The CPU starts out at about 15% and slowly ramps up to 100%. As the % ramps up, the priority increases up to about 60 If more than one screen is launched, then the will share the CPU but the priority still sits about 60. [..] What's the actual problem? Are important programs failing to get cycles? I don't know the reason for the issue, but I too have had many problems with screen. (4.8 or 4.9 box?) It works, it just uses up all the CPU available. (Starting at 0.x percent going up to 100 percent) The fix was to build the screen port, and the problem(s) went away. I don't remember specifically on which releases this issue occurs, I do know that it's been more than just a single one. I've had the same issue on several different systems as well. Just build screen from ports and the issue will go away. I haven't (directly) used python before, but it's always been built from ports as a dependency of another port. That might have something to do with it. -Wolfe ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Virtual Private Servers/Jails
directly into the jail environment. (ie, if /disk2/jail was the jails root, I might have mounted another disk/partition on as /disk2/jail/home for the users. Since the root point of the filesystem was within the jails scope, quotas were accessable jail-side, as well as host-side.) 4) Needed utilities and commands. (Call it my wishlist) 1) A way to list jails. 2) A way to list processes BY jail, and a way to show (host side) which jail a process belongs to. 3) jail halt, jail restart commands to close out the jail, and possibly restart it. 4) The ability to limit resource usage /by jail/. 5) A more polished jail-side quota system. 6) More reliable vfs systems, and/or a way to forcefully dismount a vfs device. I believe the state my vfs filesystems kept getting hung in was the (to me) dreaded biowait state. I doubt this is possible, but it would be nice to have. Making the reboot command force completion would also be nice. I realize this is probably a lot more than you were looking for, but hopefully this will help others that may have questions. I was very happy with how wells the jails worked, but I would have preferred more of a virtual machine for what I was doing. If you need to set limits on a per-jail basis (other than by doing the filesystem limitations above) you'll want to look elswhere. If CPU/memory isn't as big an issue, and/or if you're not giving the jail root out, jails could provide added levels of security for programs and applications you're running. -Michael Wolfe President, Simon1, Ltd. Custom Computing Solutions To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Virtual Private Servers/Jails
I run them for development servers. oak is the physical box and runs
postgresql. I've got 4 jails running apache so each developer can have
his own sandbox and can royally screw things up without affecting the rest
of us. Works awesome.
That's always useful. Like I said, I just never got the jails to speak to
each other. It might have had something to do with the specific setup I
had going. I no longer manage the webhosting I was using the jails in, but
I'll see if I can't get some time with one of my development boxes to play
with. Postgres I've never used, MySQL on the other hand..
I don't use quotas since this isn't for a commercial web hosting
environment
That's what I was using them for. All of the work I did with jails was
targeted towards that environment.
What I've found:
1) Connecting (aka telnet, ftp, ssh) from one jail to another or even to
the physical host is supposed to work, but I was never able to make it
[snip]
Works great for me... I can do all three b/n jails, host, and remote
servers or any combination. Also updating ports with cvsup and/or
installing them with porteasy also works just fine. Never tried using
sysinstall.
I seem to be the only person unable to get it to go. I think it may have
had something to do with the firewall rules, but even allow any from any
didn't seem to have a big effect. Not sure if dummynet may have had
anything to do with it either, though I doubt it.
Not realtime, but you could run a du -hcs * on the top level directory
that holds the jails to get a count, then substract what a bare jail
contains and this would give you a snapshot of how much space is being
used. Granted in a commercial environment your users could use as much as
they want and then remove it before you run the script, but that's life :)
Realtime quotas are a must in web hosting. The stuff I've had users do was
incredible. At one point, there were no quotas except as you described
above. The amount of trouble that caused.. *shakes head*
Anything that has to scan the files works okay in smaller environments.
But when you break 10-20k accounts things really bog down.
with root in a jail can't trash the main system, they can still do a lot
of damage.
They can? How? Other than destroying that jail and thus anything on that
IP, they can't touch the rest of the system.. at least that's my
understanding. Please correct me if I'm wrong.
No, you can't mess with processes or files outside of the jail. However,
you can run processes which bring the system to its knees (think while(1)
{ fork; } --don't laugh, I'm not making this up. People really do
run commands like that just to see what would happen)
Also, if someone doesn't know any better (or doesn't have an option) they
might put the jail on one of their main partitions. FreeBSD may still
function, but it gets unhappy when a drive is totally full. Should you
have anything running that needs to save state (think databases here)
you'll have some problems.
That's what I was thinking of when I wrote what I did. I should have
clarified that, sorry.
Check out the following ports which do what you want with maybe the
exception of #2, but maybe even that, I don't remember.
jailer-1.1.1Manage FreeBSD jail startup, shutdown and console
jailutils-0.5.1 Several utilies for managing jails
I also saw a post made right after I composed mine with a JailAdmin tool
that looked very promising. I haven't used any of the tools above, but I'm
glad to see that many of my 'wishes' have already come true. =)
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-questions in the body of the message
Acroread5
I'm having troubles opening PDF files with Acroread5 (acroread-5.06_1, installed from ports). As root, I can open any file and I'll never get an error. As a user, I can't open ANY files with the default settings. I always get an error: Title of the error window: Acrobat Reader 2 (I should note: The 2 ONLY was displayed when I loaded Acrobat Reader, THEN went to file-open, if I just acroread5 test.pdf from the command line, the error was the same, but the 2 was NOT in the error windows title bar.) There was an error opening this document. A temporary file could not be opened. So, I checked permissions on /tmp drwxrwxrwt 13 rootwheel 512 Nov 20 17:22 tmp I am able to create and delete files in /tmp as this user. $ touch /tmp/test $ ls -al /tmp/test -rw-r--r-- 1 simon1 wheel0 Nov 20 17:46 test $ rm /tmp/test $ ls -al /tmp/test ls: /tmp/test: No such file or directory Our of curiosity, $ mkdir /home/simon1/tmp $ chmod 600 /home/simon1/tmp $ TEMP=/home/simon1/tmp ; export TEMP $ acroread5 test.pdf I get the same error as with /tmp. Next I tried: $ chmod 700 /home/simon1/tmp $ acroread5 test.pdf Which worked beautifully. I've done searches on the net (Google, FreeBSD, and I read the man page ports information) and I haven't seen anyone mention what's going on. I see where a insecure /tmp file vulnerability has been fixed. On my past install of FreeBSD + Acroread5 from ports about 3 months ago I didn't have this problem. So I'm wondering if the fix isn't what's causing this. I'm running 4.7-RELEASE. Could anyone tell me what I'm doing wrong or what I need to set to use acroread normally? Also, if the default behavior of acroread has been changed to require people to use their own personal temporary directories could this please be added to the documentation and information displayed when the port is installed? -Wolfe To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Acroread5
does it use /tmp or /var/tmp? I don't know. It's not something I can see from within the program, and strace always coredumps, so I'm not sure what it's trying to use. /var/tmp: drwxrwxrwt 3 rootwheel512 Nov 20 17:34 tmp Could anyone tell me what I'm doing wrong or what I need to set to use acroread normally? Also, if the default behavior of acroread has been changed to require people to use their own personal temporary directories could this please be added to the documentation and information displayed when the port is installed? To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Yes, but how do I upgrade?
Hmmm, if as Kent mentions, there are many changes since 4.3, perhaps a better solution would be to reverse the process. Build an entirely new OS from 4.7 and then move all the personal/client files into that? Thoughts? When given the chance, that's what I prefer to do. It makes sure nothing is left behind from the upgrade. What I'd reccomend you do is install 4.7-RELEASE, and then keep it updated from there (at the very least track RELENG_4_7, which is the security updates/bug fix branch). To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
Make sure your box has permission to connect /to/ these systems. The rules below allow the DNS servers to send things *to* your box, but don't allow your box to send things TO those servers. You need to give your box the ability to send the request /out/ to them in the first place. The hostname hangup is due to it trying to resolve the domain. Once you get the DNS resolving that problem will disappear. I have explicitly added these rules to my /etc/rc.firewall: $fwcmd add allow udp from 66.135.144.2 53 to $oip $fwcmd add allow udp from 66.135.128.68 53 to $oip $fwcmd add allow tcp from 66.135.144.2 53 to $oip $fwcmd add allow tcp from 66.135.128.68 53 to $oip (where $oip is my external IP address). Another possibly related thing is that on bootup, my server hangs indefinitely as the initializing hostname part. I need to hard break it with CTRL+C to continue bootup. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: Can't connect to DNS servers -- Firewall prob?
Actually I neglected to mention I also have this rule: # Allow all traffic from internal lan $fwcmd add allow all from 192.168.0.0/16 to any How is this box configured? If it's setup to act as a gateway: LOCAL_LAN (192.168.x.x) Interface A | Server | Internet ($externam_ip) Interface B The DNS servers are going to be on the Internet, from what you posted, which means that your server isn't connecting to it as 192.168.x.x, but isntead as $external_ip_address. So, allowing the 192.168.x.x network to access anything isn't going to work -- because as far as the server is concerned it's using $external_ip. You need a rule allowing whatever address its using for the *internet* to connect to the nameserver. To use a (made up) example: I setup a gateway machine for NAT etc. Local LAN address is 192.168.0.1, external address is 100.10.10.1 When the system accesses the internal network, it'll make use if the 192.168.0.1 address, but when it goes out on the internet (on the second network card) it'll use the 100.10.10.1 If the DNS servers aren't on the 192.168.x.x LAN, and are on the internet instead, you'll need to add a rule to allow 100.10.10.1 (aka your external IP) to access the DNS servers. -Wolfe To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
ABIT KX7-333R problems: RAID NIC problems
I'm having some problems with a RAID setup and the network on a new system. I haven't found anyone mentioning the problems in the searching I've done (Google, FreeBSD Website, mailing lists). Hopefully someone can get me pointed in the right direction or tell me what I'm missing (or fix a bug if that is the case). Summary of Problems: Intel network cards (identical models -- see below) refuse to work on the network. They will not pull DHCP, and if manually configured, will not talk to anything on the network. All systems are connected via a hub. DHCP is run off of a FreeBSD system. The HUB and the cards do show a link light. When I create a mirrored array (2x 60GB 7200 RPM Seagates), each drive is set as master on its own IDE channel without anything else attached to the controller. When creating files, even very large ones, on the local system I get good throughput -- On the order of 20MB/sec. When I FTP a file from the other FreeBSD server down onto the mirrored array, the transfer will only go at about 100k/sec. (Additional debugging/testing I've performed below). Information: FreeBSD Version: Generic install off of the FreeBSD 4.6 cds for the testing below. Identical problems were noted after cvsup'ing to 4.7 remaking the world. Hardware Setup: Motherboard: ABIT KX7-333 w/RAID (Flashed the board with its latest BIOS update, problems remain) VIA KT333 VT8233A chipsets HighPoint HPT 372 RAID controller (UDMA/133 on board) CPU: Athlon 1600XP+ Drives: 2x 60GB 7200 RPM Seagate IDE drives. (All are running as UDMA 100) Drive Setup: Tried with the following configurations: 1) Directly to the mainboard IDE port, single drive, set as master. 2) Mirrored array, both disks, hooked onto the RAID controller. (Each set as a master on their individual channel) 3) Non RAID setup, using a disk connected to the RAID controller. Network Cards: I've tried a total of 4 cards: 2 x Intel 10BT/100BTX PILA8460B PRO/100+ PCI (fxp) 1 x Phoebe (rl) 1 x CNET (dc) NETWORK PROBLEM: I've tried at least 4 cables, all of which work on other systems. One specific cable was used for all of the below tests. The cards have all been tried in all PCI slots except slot 5, which the boards manual suggests not using because it /may/ have IRQ steering problems with the raid controller. To test the card I attempt to get dhcp configuration (dhclient interface), then I try and FTP a 180MB test file from another server (the DHCP server in this case). The three cards: Intel (fxp): I have two identical models here. Neither cards will pick up DHCP. If I manually set the IP addresses, they will still not talk to anything on the network. The link lights do light up on both the hub and the nic. RealTek (rl): The card gets DHCP info wonderfully, and will transfer files at about 6MB/sec. No errors, warning, etc. CNET (dc): Card also has no problems getting on the network. When I do the transfer, some problems can occur. I get TX underrun -- Increasing TX threshold repeatedly. Then, every 8 or 9 reboots, it will stall and give a broken pipe error. You then have to reboot to make the link work again. While it runs, it pulls at about 7MB/sec. In searching, I've seen a number of people with that error message with the dc driver, but because it normally (9 times out of 10) will continue to work, it doesn't feel like a NIC or NIC driver problem to me. Disabling the onboard RAID controller (in the BIOS) didn't have any effect on the problems whatsoever. RAID Problems: The problems occur with dc0 *and* rl0 network cards when FTPing the 180MB test file. The RAID -and- single drive setups work like a charm for everything local (and will install at the max speed the CDROM can handle -- regardless of configuration). Setup #1) Using the Raid IDE as general (non RAIDed) setup -- I'm able to install FreeBSD onto it and boot without a problem. Installs reads at drives speed (20+ MB/sec). Doing the FTP download the download will go at maximum speed the remote system network cards can handle. Setup #2) Using RAID with Mirroring option -- Each drive set as master of its IDE channel. Nothing else connected to it. I'm able to install FreeBSD onto it and boot without a problem. Installs reads at drives speed (20+ MB/sec). Doing the FTP download the download will only go about 100k/sec (UPLOADING that file to another system will go at full speed, just the download is severely limited). Both network cards go this speed. Identical CABLE NIC setups as the other configurations.. Setup #3) Using the regular IDE channel on the motherboard -- I'm able to install FreeBSD onto it and boot without a problem. Installs reads at drives speed (20+ MB/sec). Doing the FTP download the download will go at maximum speed the remote system network cards can handle. My goals are to get the Intel NICs to work, and get RAID to act properly (ie: full speed). I've
