Re: Finish upgrading remote server without physically being there?
On Wed, Mar 2, 2011 at 7:10 PM, Nerius Landys wrote: >> I just got a new Supermicro Atom board a few days ago (X7SPA-HF-D525). >> It has a Nuvoton BMC chip that is attached to LAN1 and provides IPMI >> and KVM-over-IP functionality. The chip gets its own IP address >> (separate from em0 in FreeBSD) and is powered whenever the power cord >> is plugged-in. >> >> As a result, you have some really useful functionality such as power >> control (turn the server on/off remotely), access to sensors (MB & CPU >> temperatures, voltages, chassis intrusion), text console, and KVM >> console. >> >> KVM console is accessed using a Java application that has to be >> installed on the client. It's pretty much identical to having a >> physical monitor and keyboard attached, in that you can control the >> system from the moment that it turns on, including going into BIOS. >> The only glitch I found so far is that the connection freezes for a >> few seconds while FreeBSD initializes em0 during boot. After that >> everything is fine. > > That's really neat. How do you configure the LAN on that chip? For > example, how do you specify the IP address, gateway, netmask, etc? Is > this done in the BIOS? So you would normally have at least 2 IPs for > the server - one for em0 and one for the special chip? Is this a > separate ethernet jack? Also, what about being more vulnerable - I > mean, it's an added way of compromising your system, right? Getting > in through the KVM-over-IP? The initial IP configuration is done through the BIOS. After that, you can using the IPMI View application to change the network settings remotely. The physical Ethernet jack is the same as em0, so yes, it has two separate IPs assigned to it, though the OS is only aware of one. There are some other implementations (e.g. Dell's iDRAC 6 enterprise) where the management interface is physically separate. On this Supermicro board, the interface supports VLAN tagging, so you can use that to achieve some separation. Otherwise, you're right about vulnerability. You have username/password authentication and the session is encrypted using aes-cbc-128 cipher. Even with this, I wouldn't feel comfortable exposing this port to the outside world. As it happens, this system will be my new firewall, so em0 will be my lan and em1 is wan. - Max ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
> I just got a new Supermicro Atom board a few days ago (X7SPA-HF-D525). > It has a Nuvoton BMC chip that is attached to LAN1 and provides IPMI > and KVM-over-IP functionality. The chip gets its own IP address > (separate from em0 in FreeBSD) and is powered whenever the power cord > is plugged-in. > > As a result, you have some really useful functionality such as power > control (turn the server on/off remotely), access to sensors (MB & CPU > temperatures, voltages, chassis intrusion), text console, and KVM > console. > > KVM console is accessed using a Java application that has to be > installed on the client. It's pretty much identical to having a > physical monitor and keyboard attached, in that you can control the > system from the moment that it turns on, including going into BIOS. > The only glitch I found so far is that the connection freezes for a > few seconds while FreeBSD initializes em0 during boot. After that > everything is fine. That's really neat. How do you configure the LAN on that chip? For example, how do you specify the IP address, gateway, netmask, etc? Is this done in the BIOS? So you would normally have at least 2 IPs for the server - one for em0 and one for the special chip? Is this a separate ethernet jack? Also, what about being more vulnerable - I mean, it's an added way of compromising your system, right? Getting in through the KVM-over-IP? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On Wed, Mar 2, 2011 at 5:18 PM, Nerius Landys wrote: >> On Wed, Mar 2, 2011 at 8:24 AM, Nerius Landys wrote: >>> Another way to do this, but is quite rare, is to log in via serial >>> console. This requires you to configure serial logins to your server >>> (quite easy, but you should test it first) and it requires the data >>> center to somehow make it possible to log in via serial console. That >>> is that part that is quite rare. >> >> It's become less rare as more and more servers are coming with IPMI >> devices. Serial-over-LAN can be tough to set up properly, but once >> set up it works quite well. > > Actually the guy who hosts my servers at m5hosting.com was showing and > telling be about some BIOS-over-lan or something like that. I can't > remember exactly what the feature was, but certain motherboards (some > Supermicro models in particular) let you access "something" over LAN. > Maybe that something was BIOS or serial console, or video console, I > can't remember. IIRC when you access that stuff over lan it is like a > mini HTTP server and sends you some Java applet or something. Pretty > neat. I just got a new Supermicro Atom board a few days ago (X7SPA-HF-D525). It has a Nuvoton BMC chip that is attached to LAN1 and provides IPMI and KVM-over-IP functionality. The chip gets its own IP address (separate from em0 in FreeBSD) and is powered whenever the power cord is plugged-in. As a result, you have some really useful functionality such as power control (turn the server on/off remotely), access to sensors (MB & CPU temperatures, voltages, chassis intrusion), text console, and KVM console. KVM console is accessed using a Java application that has to be installed on the client. It's pretty much identical to having a physical monitor and keyboard attached, in that you can control the system from the moment that it turns on, including going into BIOS. The only glitch I found so far is that the connection freezes for a few seconds while FreeBSD initializes em0 during boot. After that everything is fine. - Max ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On Wed, Mar 02, 2011 at 05:20:33PM +0100, Damien Fleuriot wrote: > > > 2.) How do I rebuild the ports? > > > > Either you rebuild them by hand, one after another... It kind of depends what kind of upgrade you are doing. When upgrading to another minor version (say from 8.1 to 8.2) no port rebuilds are necessary. When upgrading to another major version (e.g. from 7.x to 8.x) rebuilding all ports is usually necessary since there can be incompatible changes in e.g. system calls or libraries. The best way to to this is to make a list of all installed ports (e.g. with 'portmaster -L' or 'ls /var/db/pkg/'), delete all ports and re-install them. This is the only way to be _sure_ that all ports are rebuilt correctly. Using e.g. portmaster, portmanager or portupgrade for this can lead to problems later (upgrades failing for obscure reasons). Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgpoU90PTB3pr.pgp Description: PGP signature
Re: Finish upgrading remote server without physically being there?
> On Wed, Mar 2, 2011 at 8:24 AM, Nerius Landys wrote: >> Another way to do this, but is quite rare, is to log in via serial >> console. This requires you to configure serial logins to your server >> (quite easy, but you should test it first) and it requires the data >> center to somehow make it possible to log in via serial console. That >> is that part that is quite rare. > > It's become less rare as more and more servers are coming with IPMI > devices. Serial-over-LAN can be tough to set up properly, but once > set up it works quite well. Actually the guy who hosts my servers at m5hosting.com was showing and telling be about some BIOS-over-lan or something like that. I can't remember exactly what the feature was, but certain motherboards (some Supermicro models in particular) let you access "something" over LAN. Maybe that something was BIOS or serial console, or video console, I can't remember. IIRC when you access that stuff over lan it is like a mini HTTP server and sends you some Java applet or something. Pretty neat. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
Damien Fleuriot writes: > On 3/2/11 7:07 PM, Lowell Gilbert wrote: >> I do this all the time too, but if the new kernel doesn't boot, you >> end up in more trouble than needing an extra reboot. The reboot part is >> definitely important -- you can reboot into multiuser mode and do the >> installworld that way, but if you have the new utilities and have to >> drop back to an old kernel, you may have to reinstall the base system. >> > > No you don't. > > > after you make installkernel > > cd /boot > mv kernel test > mv kernel.old kernel > nextboot -k test > reboot > > ... > > all goes well > > ... > > cd /boot > mv kernel kernel.old > mv test kernel > reboot > > > Bless nextboot :) My point was not to do installworld until after the new kernel had been shown to boot. Unless the "make installworld" was supposed to happen before the first "reboot" in that procedure, I think we're in full agreement. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On Wed, Mar 2, 2011 at 8:24 AM, Nerius Landys wrote: > Another way to do this, but is quite rare, is to log in via serial > console. This requires you to configure serial logins to your server > (quite easy, but you should test it first) and it requires the data > center to somehow make it possible to log in via serial console. That > is that part that is quite rare. It's become less rare as more and more servers are coming with IPMI devices. Serial-over-LAN can be tough to set up properly, but once set up it works quite well. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On 3/2/11 7:07 PM, Lowell Gilbert wrote: > Damien Fleuriot writes: > >> On 3/2/11 5:15 PM, Ed Flecko wrote: >>> Thanks Damien. >>> >>> :-) >>> >>> Two questions - >>> >>> 1.) If rebooting into single user mode isn't obviously a >>> requirement...I wonder why so many tutorials, books, etc. tell you to >>> do this? >>> >> >> Rebooting single user ensures that most daemons aren't launched, as well >> as stuff related to networking and so on. >> >> It's safer but not mandatory per se. >> >> I've done 7.4-PRE to 8.0-REL upgrades just fine without the single user >> step, AND the machine came back alive ;) > > I do this all the time too, but if the new kernel doesn't boot, you > end up in more trouble than needing an extra reboot. The reboot part is > definitely important -- you can reboot into multiuser mode and do the > installworld that way, but if you have the new utilities and have to > drop back to an old kernel, you may have to reinstall the base system. > No you don't. after you make installkernel cd /boot mv kernel test mv kernel.old kernel nextboot -k test reboot ... all goes well ... cd /boot mv kernel kernel.old mv test kernel reboot Bless nextboot :) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On Wed, 2 Mar 2011, Damien Fleuriot wrote: Dropping to single user is not strictly necessary, in fact I never do. buildworld buildkernel installkernel reboot mergemaster -p installworld mergemaster -F rebuild your ports reboot Some of these steps are best practices. If you're lucky and don't have a major change in sources, some can be eliminated or simplified. 'mergemaster -p' I never use, nor the boot to single-user and manually mount filesystems. buildkernel and installkernel can be combined with the "kernel" target. The reboot after an installkernel is optional but needed to test the new kernel before doing an installworld. 'mergemaster -Ui' is what I use after installworld. Rebuilding ports is only necessary when you're changing major versions (FreeBSD 7->8). Summing all that up, it's possible to update in one session, with only one reboot. Whether that's a good idea at any given time depends on a bunch of things. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On 3/2/11 6:56 PM, Patrick Gibson wrote: > If you're using a fairly recent version of FreeBSD, why not just use > the built-in freebsd-update? > > freebsd-update upgrade -r 8.2-RELEASE > freebsd-update install > reboot > freebsd-update install > > Patrick > freebsd-update works only with GENERIC kernels, so if you're using say for example carp interfaces for redundancy, you're stuffed ;) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
Damien Fleuriot writes: > On 3/2/11 5:15 PM, Ed Flecko wrote: >> Thanks Damien. >> >> :-) >> >> Two questions - >> >> 1.) If rebooting into single user mode isn't obviously a >> requirement...I wonder why so many tutorials, books, etc. tell you to >> do this? >> > > Rebooting single user ensures that most daemons aren't launched, as well > as stuff related to networking and so on. > > It's safer but not mandatory per se. > > I've done 7.4-PRE to 8.0-REL upgrades just fine without the single user > step, AND the machine came back alive ;) I do this all the time too, but if the new kernel doesn't boot, you end up in more trouble than needing an extra reboot. The reboot part is definitely important -- you can reboot into multiuser mode and do the installworld that way, but if you have the new utilities and have to drop back to an old kernel, you may have to reinstall the base system. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
Patrick, It's my understanding that if you have a custom kernel, you can't use the "binary update" method. Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
If you're using a fairly recent version of FreeBSD, why not just use the built-in freebsd-update? freebsd-update upgrade -r 8.2-RELEASE freebsd-update install reboot freebsd-update install Patrick On Wed, Mar 2, 2011 at 8:03 AM, Ed Flecko wrote: > Hi folks, > If I understand the process of upgrading FreeeBSD correctly, after running: > > make buildworld > > make buildkernel > > make installkernel > > I then need to reboot into single user mode (which can only be done if > I'm physically standing at the machine, right?), and then finally: > > adjkerntz -i > > mount -a -t ufs > > mergemaster -p > > cd /usr/src > > make installworld > > mergemaster > > and then one final reboot. > > Is there a way to finish the upgrade process without actually being in > front of the server??? > > Thank you, > Ed > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
> Two questions -
>
> 1.) If rebooting into single user mode isn't obviously a
> requirement...I wonder why so many tutorials, books, etc. tell you to
> do this?
Dropping into single user mode is highly recommended especially if
you're upgrading from, say, 8.1 to 8.2 (a minor version upgrade). If
you're upgrading for example from 8.1-p3 to 8.1-p4 ("patch" upgrade),
then what i normally do is, instead of the single user mode, I shut
down all processes that are safe to shut down and still allow me to
log in remotely. For example, I'd leave sshd running, but shut down
all processes controlled by scripts in /usr/local/etc/rc.d/, and I'd
shut down things like ntpd, maybe even syslog and cron.
For you to get console access to a server where you want to go into
single user mode, a data center normally gives you KVM access, which
allows you to use a browser plugin to access your server's console. A
KVM switch is an apparatus that connects to the VGA port and the PS/2
keyboard port, and one accesses its functionality over the internet.
Another way to do this, but is quite rare, is to log in via serial
console. This requires you to configure serial logins to your server
(quite easy, but you should test it first) and it requires the data
center to somehow make it possible to log in via serial console. That
is that part that is quite rare.
- Nerius
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On 3/2/11 5:15 PM, Ed Flecko wrote: > Thanks Damien. > > :-) > > Two questions - > > 1.) If rebooting into single user mode isn't obviously a > requirement...I wonder why so many tutorials, books, etc. tell you to > do this? > Rebooting single user ensures that most daemons aren't launched, as well as stuff related to networking and so on. It's safer but not mandatory per se. I've done 7.4-PRE to 8.0-REL upgrades just fine without the single user step, AND the machine came back alive ;) > 2.) How do I rebuild the ports? > Either you rebuild them by hand, one after another... Or you install a port that will do this for you, like /usr/ports/ports-mgt/portmanager/ portmanager -u -l et voila ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
Thanks Damien. :-) Two questions - 1.) If rebooting into single user mode isn't obviously a requirement...I wonder why so many tutorials, books, etc. tell you to do this? 2.) How do I rebuild the ports? Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Finish upgrading remote server without physically being there?
On 3/2/11 5:03 PM, Ed Flecko wrote: > Hi folks, > If I understand the process of upgrading FreeeBSD correctly, after running: > > make buildworld > > make buildkernel > > make installkernel > > I then need to reboot into single user mode (which can only be done if > I'm physically standing at the machine, right?), and then finally: > > adjkerntz -i > > mount -a -t ufs > > mergemaster -p > > cd /usr/src > > make installworld > > mergemaster > > and then one final reboot. > > Is there a way to finish the upgrade process without actually being in > front of the server??? > > Thank you, > Ed Dropping to single user is not strictly necessary, in fact I never do. buildworld buildkernel installkernel reboot mergemaster -p installworld mergemaster -F rebuild your ports reboot ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Finish upgrading remote server without physically being there?
Hi folks, If I understand the process of upgrading FreeeBSD correctly, after running: make buildworld make buildkernel make installkernel I then need to reboot into single user mode (which can only be done if I'm physically standing at the machine, right?), and then finally: adjkerntz -i mount -a -t ufs mergemaster -p cd /usr/src make installworld mergemaster and then one final reboot. Is there a way to finish the upgrade process without actually being in front of the server??? Thank you, Ed ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
