Re: named does not start?
On Thu, Aug 21, 2014 at 11:19 PM, Francisco Valladolid fic...@gmail.com wrote: named_flags= A bug perhaps? I seem to have forgotten to tell you that I've upgraded from the second last snapshot to the latest, and named worked fine with named_flags= before I upgraded. -- chs
Re: named does not start?
On Thu, Aug 21, 2014 at 7:41 PM, Henning Brauer hb-open...@ml.bsws.de wrote: named is even still in base in -current (atm at least), let alone 5.5. Okay? Are you sure about current? I've just upgraded the day before yesterday, and while all other files in /usr/sbin is dated 20th aug, I see this: -r-xr-xr-x 1 root bin 1921944 Aug 8 08:07 named -r-xr-xr-x 1 root bin 1437624 Aug 8 08:07 nsupdate -r-xr-xr-x 1 root bin 376984 Aug 8 08:07 rndc -r-xr-xr-x 1 root bin 496120 Aug 8 08:07 rndc-confgen -r-xr-xr-x 1 root bin 526360 Aug 8 08:07 dnssec-keygen -r-xr-xr-x 1 root bin 1428824 Aug 8 08:07 dnssec-signzone -r-xr-xr-x 1 root bin 1521464 Aug 8 08:07 named-checkconf -r-xr-xr-x 1 root bin 1402296 Aug 8 08:07 named-checkzone IIRC the second last snapshot was from 8th of August. -- chs
Re: named does not start?
On Fri, Aug 22, 2014 at 8:17 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: For this task, you really should become familiar with nsd and unbound. Already on it. Thanks! -- chs
Re: New queueing system and HZ value limits
* Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces. In other words, limiting traffic to 50Mbps on a 1Gb link will work fine, limiting it to 50kbps on the same link will not. Yes/no? pretty much. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: named does not start?
* Christer Solskogen christer.solsko...@gmail.com [2014-08-22 08:20]: On Thu, Aug 21, 2014 at 7:41 PM, Henning Brauer hb-open...@ml.bsws.de wrote: named is even still in base in -current (atm at least), let alone 5.5. Okay? Are you sure about current? kidding? I've just upgraded the day before yesterday IIRC the second last snapshot was from 8th of August. there are often (usually small) differences between -current and snapshots. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: named does not start?
On Fri, Aug 22, 2014 at 8:29 AM, Henning Brauer hb-open...@ml.bsws.de wrote: * Christer Solskogen christer.solsko...@gmail.com [2014-08-22 08:20]: On Thu, Aug 21, 2014 at 7:41 PM, Henning Brauer hb-open...@ml.bsws.de wrote: named is even still in base in -current (atm at least), let alone 5.5. Okay? Are you sure about current? kidding? Ah, sorry. Confusion is at hand. When I said current I really meant snapshots :-) But the mail from Theo cleared it up. -- chs
Re: New queueing system and HZ value limits
On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces. In other words, limiting traffic to 50Mbps on a 1Gb link will work fine, limiting it to 50kbps on the same link will not. Yes/no? pretty much. I can imagine that it could be rather complicated to give the exact numbers, but can you give me an idea where the problem comes from, and maybe where I can find more info about it? Thanks.
Re: New queueing system and HZ value limits
* Federico Giannici giann...@neomedia.it [2014-08-22 09:51]: On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces. In other words, limiting traffic to 50Mbps on a 1Gb link will work fine, limiting it to 50kbps on the same link will not. Yes/no? pretty much. I can imagine that it could be rather complicated to give the exact numbers, but can you give me an idea where the problem comes from, and maybe where I can find more info about it? kinda obvious: BW measurement and go/holdoff decision is (at most) once per tick. ticks @ HZ, aka 100 ticks per second with HZ=100. If the NIC can transfer too much data within one tick, the bw shaping becomes inaccurate. Obviously worse the bigger the difference between interface speed and desired queue speed is. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: sound over hdmi?
On Thu, 21 Aug 2014 20:50:52 -0300 Giancarlo Razzolini grazzol...@gmail.com wrote: I've never tried on OpenBSD. But from someone that had experience from both type of graphic cards, the ones that have their own internal mixer and the ones that only have a S/PDIF input, both of them can be tricky to get sound over HDMI. Without knowing the specific card model, it's hard to even begin to answer your question. Laptop model is: http://www.bhphotovideo.com/c/product/1014784-REG/lenovo_20b6005rus_t440_i5_4300u_4gb_500gb_windows_7_windows_8.html Graphics card is Intel HD Graphics 4400. Here's relevant pcidump output: 0:2:0: Intel HD Graphics 0x: Vendor ID: 8086 Product ID: 0a16 0x0004: Command: 0007 Status: 0090 0x0008: Class: 03 Subclass: 00 Interface: 00 Revision: 0b 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00 0x0010: BAR mem 64bit addr: 0xf000/0x0040 0x0018: BAR mem prefetchable 64bit addr: 0xe000/0x1000 0x0020: BAR io addr: 0x3000/0x0040 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 17aa Product ID: 220c 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 0x0090: Capability 0x05: Message Signaled Interrupts (MSI) 0x00d0: Capability 0x01: Power Management 0x00a4: Capability 0x13: PCI Advanced Features 0:3:0: Intel Core 4G HD Audio 0x: Vendor ID: 8086 Product ID: 0a0c 0x0004: Command: 0006 Status: 0010 0x0008: Class: 04 Subclass: 03 Interface: 00 Revision: 0b 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10 0x0010: BAR mem 64bit addr: 0xf053/0x4000 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 17aa Product ID: 220c 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 0x0050: Capability 0x01: Power Management 0x0060: Capability 0x05: Message Signaled Interrupts (MSI) 0x0070: Capability 0x10: PCI Express dmesg says no codecs on azalia0, which I think correspond to HDMI audio: azalia0 at pci0 dev 3 function 0 Intel Core 4G HD Audio rev 0x0b: msi azalia0: No codecs found Intel 8 Series xHCI rev 0x04 at pci0 dev 20 function 0 not configured Intel 8 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured em0 at pci0 dev 25 function 0 Intel I218-LM rev 0x04: msi, address 28:d2:44:3f:e8:63 azalia1 at pci0 dev 27 function 0 Intel 8 Series HD Audio rev 0x04: msi azalia1: codecs: Realtek ALC292 audio0 at azalia1 I believe that a card with S/PDIF should work. There is no configuration/driver relation, it's just a hardware connection from your motherboard/soundcard S/PDIF output, to the graphic card S/PDIF input. But with a card with the internal mixer, things gets complicated. Although I am using OpenBSD for firewalls for more than a decade, I have just installed it onto my laptop for the first time. I've been using FreeBSD on laptops for years, and I have switched because FreeBSD does not support this video adapter (haswell) at all. So please excuse me if I sound a bit noobish, as I don't have experience with _using_ audio and video peripherals on OpenBSD, much less writing code for them. On FreeBSD I had multiple /dev/dspX devices. /dev/dsp4 was playing to internal speakers, and /dev/dsp1 to HDMI. I needed to change device manually in applications (VLC for video and clementine for audio). On OpenBSD, i have multiple /dev/audioX devices: pacija@efreet:/dev $ ls | grep audio audio audio0 audio1 audio2 audioctl audioctl0 audioctl1 audioctl2 I thought I would be able to output sound to HDMI (actually it is micro display port here) by setting different device in application, but it did not work. A little off topic, but on a related issue, I've always wanted to migrated my HTPC solution to OpenBSD. But there are lots of hiccups, and honestly, I don't even know if I have the knowledge to code what needs to be coded. Sorry, but I did not understand which is the final verdict. Does OpenBSD 5.5 has general ability to play sound over HDMI? If so, how can I check if my video adapter has the ability? And finaly, if it does, how do I instruct applications to play sound over HDMI instead to speakers? Thank you in advance, -- Marko Cupać
Re: New queueing system and HZ value limits
On Fri, Aug 22, 2014 at 10:05 AM, Henning Brauer hb-open...@ml.bsws.de wrote: * Federico Giannici giann...@neomedia.it [2014-08-22 09:51]: On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces. In other words, limiting traffic to 50Mbps on a 1Gb link will work fine, limiting it to 50kbps on the same link will not. Yes/no? pretty much. I can imagine that it could be rather complicated to give the exact numbers, but can you give me an idea where the problem comes from, and maybe where I can find more info about it? kinda obvious: BW measurement and go/holdoff decision is (at most) once per tick. ticks @ HZ, aka 100 ticks per second with HZ=100. If the NIC can transfer too much data within one tick, the bw shaping becomes inaccurate. Obviously worse the bigger the difference between interface speed and desired queue speed is. FWIW, HZ in Linux defaults to 1000.
Re: sound over hdmi?
On 2014 Aug 22 (Fri) at 00:37:24 +0200 (+0200), Marko Cupa?? wrote: :Hi, : :I saw question about sound over hdmi on @misc from about a year ago, :and the answer was negative. : :Are there any news? Is this being worked on? : :Regards, :-- :Marko Cupa?? : There's been no change in audio over hdmi yet. And I am not aware of anyone working on adding support for it. It'd be great, of course. :) -- It's more than magnificent -- it's mediocre. -- Sam Goldwyn
Re: Authentication with LDAP on OpenBSD
On Wed, May 28, 2014 at 8:49 PM, patrick keshishian pkesh...@gmail.com wrote: Or you can use: echo kernel.domainname=autonlab.org /etc/sysctl.conf kern instead of kernel maybe? Of course, it's kern.domainname=autonlab.org Sorry for the confusion, David
amavisd uses high cpu usage?
Hi, I am running amavisd-new-2.8.1p0 with postfix on OpenBSD 5.5 64 bi . I noticed amavisd uses high cpu usage. This is the OUTPUT of top command 18748 _vscan640 94M 68M onproc/1 -48:11 99.27% perl Could you pls explain why? anyway to solve this? -- cat /etc/motd Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
Re: amavisd uses high cpu usage?
On 2014 Aug 22 (Fri) at 14:53:47 +0530 (+0530), Indunil Jayasooriya wrote: :Hi, : :I am running amavisd-new-2.8.1p0 with postfix on OpenBSD 5.5 64 bi . : :I noticed amavisd uses high cpu usage. : : : :This is the OUTPUT of top command : :18748 _vscan640 94M 68M onproc/1 -48:11 99.27% perl : : :Could you pls explain why? : the program requires a lot of CPU time to process the data. : :anyway to solve this? : : Use less data. Or, ask the amavisd-new group. -- A CONS is an object which cares. -- Bernie Greenberg.
Re: sound over hdmi?
On Fri, Aug 22, 2014 at 10:06:11AM +0200, Marko CupaÄ? wrote: Sorry, but I did not understand which is the final verdict. Does OpenBSD 5.5 has general ability to play sound over HDMI? If so, how can I check if my video adapter has the ability? And finaly, if it does, how do I instruct applications to play sound over HDMI instead to speakers? My understanding of the situation is that the azalia(4) driver would need some more work to support hdmi codecs. At the moment the azalia driver will not attach audio(4) on hdmi as this used to leave the default audio device as a non functional one.
Re: amavisd uses high cpu usage?
: :This is the OUTPUT of top command : :18748 _vscan640 94M 68M onproc/1 -48:11 99.27% perl : : :Could you pls explain why? : the program requires a lot of CPU time to process the data. Thanks for your quick response. : :anyway to solve this? : : Use less data. Or, ask the amavisd-new group. In Linux (CentOS), It DOES NOT use so much CPU as in OpenBSD. Anyway, Amavisd-new group is the right place for it. I will go with them. Thanks once again. -- A CONS is an object which cares. -- Bernie Greenberg. -- cat /etc/motd Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
Re: named does not start?
On August 22, 2014 8:14:37 AM CEST, Christer Solskogen christer.solsko...@gmail.com wrote: On Thu, Aug 21, 2014 at 11:19 PM, Francisco Valladolid fic...@gmail.com wrote: named_flags= A bug perhaps? I seem to have forgotten to tell you that I've upgraded from the second last snapshot to the latest, and named worked fine with named_flags= before I upgraded. If you have any comments on the same line, please try removing those and report back. /Alexander
Re: amavisd uses high cpu usage?
On 2014-08-22, Indunil Jayasooriya induni...@gmail.com wrote: Hi, I am running amavisd-new-2.8.1p0 with postfix on OpenBSD 5.5 64 bi . I noticed amavisd uses high cpu usage. This is the OUTPUT of top command 18748 _vscan640 94M 68M onproc/1 -48:11 99.27% perl Could you pls explain why? anyway to solve this? amavisd-new runs fine for me on OpenBSD without particularly high CPU use. Investigate your logs (maybe turn on debug logging), check your configuration, maybe ktrace or nytprof will give clues as to what's happening.
Re: New queueing system and HZ value limits
On 2014-08-22, Henning Brauer hb-open...@ml.bsws.de wrote: * Federico Giannici giann...@neomedia.it [2014-08-22 09:51]: On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces. In other words, limiting traffic to 50Mbps on a 1Gb link will work fine, limiting it to 50kbps on the same link will not. Yes/no? pretty much. I can imagine that it could be rather complicated to give the exact numbers, but can you give me an idea where the problem comes from, and maybe where I can find more info about it? kinda obvious: BW measurement and go/holdoff decision is (at most) once per tick. ticks @ HZ, aka 100 ticks per second with HZ=100. If the NIC can transfer too much data within one tick, the bw shaping becomes inaccurate. Obviously worse the bigger the difference between interface speed and desired queue speed is. Any idea why this was so much less of a problem with altq?
Re: New queueing system and HZ value limits
* Stuart Henderson s...@spacehopper.org [2014-08-22 13:51]: On 2014-08-22, Henning Brauer hb-open...@ml.bsws.de wrote: * Federico Giannici giann...@neomedia.it [2014-08-22 09:51]: On 08/22/14 08:22, Henning Brauer wrote: * Adam Thompson athom...@athompso.net [2014-08-21 19:13]: Unless I've mis-understood all the emails and reports about this, it affects low-bandwidth queues, not low-bandwidth interfaces. In other words, limiting traffic to 50Mbps on a 1Gb link will work fine, limiting it to 50kbps on the same link will not. Yes/no? pretty much. I can imagine that it could be rather complicated to give the exact numbers, but can you give me an idea where the problem comes from, and maybe where I can find more info about it? kinda obvious: BW measurement and go/holdoff decision is (at most) once per tick. ticks @ HZ, aka 100 ticks per second with HZ=100. If the NIC can transfer too much data within one tick, the bw shaping becomes inaccurate. Obviously worse the bigger the difference between interface speed and desired queue speed is. Any idea why this was so much less of a problem with altq? it wasn't... the hfsc core was the same, and cbq worked exactly the same way too. People might not have paid as much attention? I dunno. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services GmbH, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS. Virtual Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: sshvnc error
On Thu, Aug 21, 2014 at 05:06:07PM + or thereabouts, Stuart Henderson wrote: On 2014-08-21, Maurice McCarthy m...@mythic-beasts.com wrote: Hi I've got a small problem with vnc over an ssh tunnel. (sshvnc is a simplied form of ssvnc given in the ssvnc port.) I'm going to try to cure it myself, so I'm just reporting here. I have a virtual server with mythic-beasts, an openbsd-5.5-stable qemu image running on a physical debian host. I can ssh into the physical host for the admin console of the vs. I can vnc into the vs unencrypted and I can ssh directly into the vs. My aim is to put the vnc through an ssh tunnel using sshvnc, especially as Mythic-Beasts does not offer ssl. Sshvnc should do this automatically but it is failing. There is a fleeting error message which I managed to capture with scrot. This yielded the commands behind the gui: sshvnc is a bit of a special case for when you need to start up the server as well - for this simpler case, can you just use vncviewer -via ssh.host vnc.host:screen instead? Thank you Stuart, that worked a treat! Moss
Cloning an OpenBSD system (and potential FAQ (4.15) error?)
Hi folks, I've done this a (n exaggerated) million times on Linux but I'm new at OpenBSD. Google found me a few options and I just want to see whether there are any more that I missed. FAQ 4.15 addresses this matter and says : Unfortunately, there are no known disk imaging packages which are FFS-aware However my googling turned up http://clonezilla.org/, and their FAQ claims that they understand UFS. More googling tells me that UFS and FFS are the same thing. However I have not yet tried Clonezilla. I have also found this : http://www.ualberta.ca/~antoine/clone/openbsd.html Also looks promising. I like the looks of the latter since it seems to allow me to run the first part on a live system, to make a copy of that system (can anyone confirm that?). I'd much rather not have to take it down to make the image since I don't have to do that when I clone Linux. And my production systems will be happier that way :-) Clonezilla looks to be all-singing-all-dancing, but seems to require me to boot from their CD or USB in order to make a copy of my original system (can anyone confirm or refute?). Not a massive issue in my DEV rack but not ideal in production. In Linux the way I do systems is to boot the target system in Live Linux (Ubuntu), and then partition the HD(s) the way I want, and mount them up under /mnt/target/ with that being my root. Then run rsync locally to copy the master live system into /mnt/target. Use a couple of options to tell it what not to copy. Works awesome. The above perl scripts from U Alberta seem to be at least a bit similar to this procedure. Are there any options I am missing that I should look at? Has anyone used the above methods and can comment on how well they work or whether or not I should just avoid one or the other? thanks, -Alan -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, Aug 22, 2014 at 10:04:28AM -0400, Alan McKay wrote: Hi folks, I've done this a (n exaggerated) million times on Linux but I'm new at OpenBSD. Google found me a few options and I just want to see whether there are any more that I missed. FAQ 4.15 addresses this matter and says : Unfortunately, there are no known disk imaging packages which are FFS-aware However my googling turned up http://clonezilla.org/, and their FAQ claims that they understand UFS. More googling tells me that UFS and FFS are the same thing. However I have not yet tried Clonezilla. I have also found this : http://www.ualberta.ca/~antoine/clone/openbsd.html Also looks promising. I like the looks of the latter since it seems to allow me to run the first part on a live system, to make a copy of that system (can anyone confirm that?). I'd much rather not have to take it down to make the image since I don't have to do that when I clone Linux. And my production systems will be happier that way :-) Clonezilla looks to be all-singing-all-dancing, but seems to require me to boot from their CD or USB in order to make a copy of my original system (can anyone confirm or refute?). Not a massive issue in my DEV rack but not ideal in production. In Linux the way I do systems is to boot the target system in Live Linux (Ubuntu), and then partition the HD(s) the way I want, and mount them up under /mnt/target/ with that being my root. Then run rsync locally to copy the master live system into /mnt/target. Use a couple of options to tell it what not to copy. Works awesome. The above perl scripts from U Alberta seem to be at least a bit similar to this procedure. Are there any options I am missing that I should look at? Has anyone used the above methods and can comment on how well they work or whether or not I should just avoid one or the other? thanks, -Alan What about automated installation and configuration management to do the rest? j.
Postfix and SASL authentication.
Hello everyone. I recently created a mail server based on Postfix with MySQL and SASL authentication and TLS. I have problems to use authentication SASL. The errors are: telnet 192.168.1.242 25 Trying 192.168.1.242... Connected to 192.168.1.242. Escape character is '^]'. 220 mail2.domain.com ESMTP Postfix ehlo tin.it 250-mail2.domain.com 250-PIPELINING 250-SIZE 1024 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN AUTH PLAIN AGQubGlzYWlhQGdydXBwb2lzaWwuY29tAGxpc2FpYQ== 535 5.7.8 Error: authentication failed: generic failure /var/maillog Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: could not verify password Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: SASL authentication failure: Password verification failed Jul 5 23:11:19 mail2 postfix/smtpd[3717]: warning: unknown[192.168.1.248]: SASL PLAIN authentication failed: generic failure System OpenBSD v. 5.5 Packages: courier-authlib-0.65.0p2 courier-authlib-mysql-0.65.0p5 courier-imap-4.13p0 courier-pop3-4.13p0 cyrus-sasl-2.1.26p10-mysql mysql-client-5.1.73v0 mysql-server-5.1.73v0 Port: postfix-2.12.20140109-sasl2-mysql (compilated to enable SASL e MySQL) In the old version of OpenBSD it seam to work. Any suggestions? Thanks. -- Isaia Luciano -- Le informazioni contenute nella presente e-mail e nei documenti/files eventualmente allegati sono confidenziali. Essi sono riservati esclusivamente al destinatario della stessa. La loro eventuale comunicazione, diffusione o, comunque, rivelazione a terzi, nonche' la copiatura e/o conservazione e' vietata. Se avete ricevuto questa e-mail per errore, Vi preghiamo cortesemente di informare immediatamente il mittente della stessa e di distruggerla o, comunque, cancellarla dal Vostro sistema. This e-mail contains confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error), please notify the sender immediately and destroy this e-mail. Any unauthorised communication, diffusion, disclosure and copy of the material in this e-mail is strictly forbidden. --
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, 22 Aug 2014 10:04:28 -0400 Alan McKay alan.mc...@gmail.com wrote: Hi folks, Hi! I have also found this : http://www.ualberta.ca/~antoine/clone/openbsd.html Also looks promising. this seems to be helper/wrapper scripts around dump. dump(8) is the way to go. I usually do dump -0auf 140822var.dump0 /var for dumping /var in a file or dump -0auf - /var |nc -l 1 on source and restore -rf - |nc source 1 for cloning a partition over the network. I like the looks of the latter since it seems to allow me to run the first part on a live system, to make a copy of that system (can anyone confirm that?). I'd much rather not have to take it down to make the image since I don't have to do that when I clone Linux. And my production systems will be happier that way :-) This will work. I can confirm that. dump can dump from mounted as well as unmounted filesystems. Clonezilla looks to be all-singing-all-dancing, but seems to require me to boot from their CD or USB in order to make a copy of my original system (can anyone confirm or refute?). Not a massive issue in my DEV rack but not ideal in production. In Linux the way I do systems is to boot the target system in Live Linux (Ubuntu), and then partition the HD(s) the way I want, and mount them up under /mnt/target/ with that being my root. Then run rsync locally to copy the master live system into /mnt/target. Use a couple of options to tell it what not to copy. Works awesome. The above perl scripts from U Alberta seem to be at least a bit similar to this procedure. Are there any options I am missing that I should look at? Has anyone used the above methods and can comment on how well they work or whether or not I should just avoid one or the other? after restoring / copying the filesystems using dump/restore and fixing up /etc/fstab on the target system, you'll need to install boot. see installboot(8). Christopher -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
Hi, /boot is found by block number and offset of its inode so I think the root partition should be copied using dd. See http://www.openbsd.org/faq/faq14.html sections 14.7 and 14.20 in particular. Can't help otherwise. Good Luck Moss
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
Wow, thanks for the responses so far! An ancilliary question : am I going to have any issues bringing it up in a VM? I know that for example NIC names will change so I'll have to rename hostname.bnx0 to hostname.em0 Any other gotchas?
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, Aug 22, 2014 at 10:22 AM, Jiri B ji...@devio.us wrote: What about automated installation and configuration management to do the rest? What is this? -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, Aug 22, 2014 at 10:37 AM, sven falempin sven.falem...@gmail.com wrote: Openbsd is simple, you may easily script an install or use the automated install feature.IE a file containing the answer to the install process. And finally siteXX.tgz to push your own file. Oh OK I missed that. Yes, we do this actually. But I need to clone/move a system that was created outside of that infrastructure. I'm actually working towards pulling it into the automated installs and cloning/moving it is part of that. We've got a pretty slick system with svn and maven for doing this. Just one outlier that needs to be brought in. -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, Aug 22, 2014 at 10:33 AM, Alan McKay alan.mc...@gmail.com wrote: no toher gotchas depends the vm and the machines but nothing more. vnconfig is cool, mount virtual disk, if your vm system allow raw format On Fri, Aug 22, 2014 at 10:22 AM, Jiri B ji...@devio.us wrote: What about automated installation and configuration management to do the rest? What is this? Openbsd is simple, you may easily script an install or use the automated install feature.IE a file containing the answer to the install process. And finally siteXX.tgz to push your own file. -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food -- - () ascii ribbon campaign - against html e-mail /\
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, Aug 22, 2014 at 10:28 AM, Christopher Zimmermann chr...@openbsd.org wrote: I usually do dump -0auf 140822var.dump0 /var for dumping /var in a file or dump -0auf - /var |nc -l 1 on source and restore -rf - |nc source 1 OK I want to try this so that I have better control of things and understand it all better On the restore side I guess I have to have the new /var mounted in the cwd where I run this command? e.g. mkdir /mnt/var chmod 0777 /mnt/var mount /dev/foo /mnt/var cd /mnt/var and shouldn't the restore/nc be the other way around? So now : nc source 1 | restore -rf - Also, I have the OpenBSD install CD booted and I exited to shell, but there does not seem to be an nc there. What are you booting on the restore side? And do you have the -l option on the correct end up there? I'm relatively new to nc as well but man page says that is listen for incoming connection -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, Aug 22, 2014 at 11:07 AM, Alan McKay alan.mc...@gmail.com wrote: Also, I have the OpenBSD install CD booted and I exited to shell, but there does not seem to be an nc there. What are you booting on the restore side? Looks like this problem is easily solved thus : http://livecd-openbsd.sourceforge.net/ Is that a trustworthy product? And the intricacies of dump/restore/nc I can work out on my own ... -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
dual separator?
I have a large number of email tags, but use both + and - as a separator. So far, I'm entering all the - ones into aliases; is there a better way to do this? In postfix, I was able to use a regex to manipulate incoming addresses to transform them all into +, but I don't see a way to do that here. Am I missing anything that could help me? -- -Adam Thompson athom...@athompso.net
Re: dual separator?
On Fri, Aug 22, 2014, Adam Thompson wrote: I have a large number of email tags, but use both + and - as a separator. So far, I'm entering all the - ones into aliases; is there a better way to do this? In postfix, I was able to use a regex to manipulate incoming addresses to Hmm, it might be help to answer your question if you tell us which MTA you are using... (or you could switch to postfix...)
Re: dual separator?
On 14-08-22 12:09 PM, Claus Assmann wrote: On Fri, Aug 22, 2014, Adam Thompson wrote: I have a large number of email tags, but use both + and - as a separator. So far, I'm entering all the - ones into aliases; is there a better way to do this? In postfix, I was able to use a regex to manipulate incoming addresses to Hmm, it might be help to answer your question if you tell us which MTA you are using... (or you could switch to postfix...) Oops... that was meant to go to m...@opensmtpd.org, not misc@openbsd.org. That should have made it blindingly obvious, but I'm now using smtpd(8). And I've also discovered that the RHS in aliases(5) must be a bare userid, and putting a + in there causes newaliases(8) to fail. Not sure why that would be intended behaviour, but not sure it's a bug either. -- -Adam Thompson athom...@athompso.net
Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards
Thank you very much. So there is really really no way for the system to retrieve the key stored on the smart card (using GnuPG) at boot in order to decrypt the volumes? I haven't bought the smartcard yet because I wanted to see first if it was usefull. The one I was planning to buy was en OpenPGP v2 SC: http://shop.kernelconcepts.de/product_info.php?products_id=42 However, I don't know how it is seen by the system and if it would show up as a drive. Anyone in here is using a smart card to decrypt volumes at boot? âThanks!â On Wed, Aug 20, 2014 at 8:13 PM, Ted Unangst t...@tedunangst.com wrote: On Wed, Aug 20, 2014 at 18:11, Julien Meister wrote: Hello everbody, I'm from FreeBSD and I wanted to give OpenBSD a (new) try. I would like to have a full disk encryption (as I've seen it's possible now with OpenBSD 5.5) and use a smart card to decrypt the volumes at boot, instead of having to type a password, which seems less secure. I read a lot of articles to see how it works using bioctl but none are talking about using a smart card as a keydisk, only USB drive. If I understood correctly, when using bioctl -k /path/of/RAID/keydisk, the key is created automatically and the encrypted RAID volume is associated to that USB RAID partition keydisk. So the system can now boot only if the BIOS/UEFI finds that particular USB RAID partition. My questions are: 1) How to do the same thing using a Smart Card instead of a USB drive? 2) Is it possible to copy the image of the USB key disk to a Smart Card (or inversely) to be able to boot using either the USB or the Smart Card? 3) If the Smart card is used as a key disk to boot the system. Is it possible to configure that same smart card to access my home computer using SSH? (As if it was ONLY possible to SSH to my computer using that smartcard). This would depend a lot on your smart card. Does it show up as a disk, like sd1 or sd2, like USB drives do? If so, then you do exactly what you'd do with a USB drive. If not, then it's not supported.
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
Clone worked great with the LiveCD booted in the destination, and dump/restore/nc I will be happy to document it for the FAQ if anyone wants it there. Not sure what the process is for that. And I will also be happy to update the FAQ regarding the aforementioned error. Now, I do have one problem with the cloned system, but I'll start a new thread for it.
CARP interfaces stay in BACKUP on cloned system
Hey folks, I got my system cloned and it runs fine in a VM. I had to make a few obvious changes like changing bnx to em in all the places where I definite things with interfaces. So /etc/hostname.* /etc/pf.conf, /etc/relayd.conf. And I greped for bnx in /etc/* and /etc/*/* to make sure I did not miss anything. But darnit those CARP interfaces do not want to leave BACKUP state. Even when I used ifconfig and state master to force it to master - nope. And there is currently no firewall partner for the pair. There was not for the original and it was working fine. It is configured as one of a pair with pfsync and so on, but its partner has been missing for some time. But - if I copy a hostname.carpX to a new file, give it a new vhid, and then sh /etc/netstart carpY the new interface comes up in MASTER. Just all of the existing ones before the clone want to stay in BACKUP I've destroyed them and brought them back up. I've put state master into the hostname.carpX. I'm really stumped here - any thoughts on the matter? Any thoughts? Do MAC addresses get cached somewhere maybe? Something like that? thanks, -Alan -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: sound over hdmi?
On 22-08-2014 05:06, Marko CupaÄ wrote: Sorry, but I did not understand which is the final verdict. Does OpenBSD 5.5 has general ability to play sound over HDMI? If so, how can I check if my video adapter has the ability? And finaly, if it does, how do I instruct applications to play sound over HDMI instead to speakers? Your card is one that will probably not work without driver support. And I don't even know if there is any laptop graphic card that can use the S/PDIF in/out method. For instance, I have a nVidia 9800 GT which uses the S/PDIF method. Since it's a hardware connection between my motherboard and the graphic card, it would probably work on OpenBSD as well. I didn't tried. But I also have a spare nVidia 8400 which has the internal audio mixer, as yours. It was a PITA to get sound to play over HDMI. S/PDIF has it's limitations, if I'm not mistaken you can't get anything above 5.1, and even that, is compressed. You won't have 7.1. But none of this was on OpenBSD. Just to illustrate how painful is this kind of setup. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: New queueing system and HZ value limits
On 22-08-2014 08:58, Henning Brauer wrote: it wasn't... the hfsc core was the same, and cbq worked exactly the same way too. People might not have paid as much attention? I dunno. I believe it also has something to do with the network cards getting better and also the internet links speeds getting bigger over the years. I had problems with ALTQ using very small queues. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards
On Fri, Aug 22, 2014 at 08:01:27PM +0200, Julien Meister wrote: So there is really really no way for the system to retrieve the key stored on the smart card (using GnuPG) at boot in order to decrypt the volumes? The boot loaders and the kernel only support softraid(4) keydisks created as part of crypto volumes with bioctl(8).
Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards
However, I don't know how it is seen by the system and if it would show up as a drive. Anyone in here is using a smart card to decrypt volumes at boot? You could use a YubiKey with a static long password to unlock the boot volume. -- Zach [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards
On Fri, Aug 22, 2014 at 04:03:59PM -0700, Zach Leslie wrote: However, I don't know how it is seen by the system and if it would show up as a drive. Anyone in here is using a smart card to decrypt volumes at boot? You could use a YubiKey with a static long password to unlock the boot volume. [offtop] Are there any YubiKey-like devices that can contain many static password, not one like YubiKey?
Re: amavisd uses high cpu usage?
Hi Stuart, amavisd-new runs fine for me on OpenBSD without particularly high CPU use. I am very glad to hear that it is running fine on my favourite Operating system OpenBSD. is Amavisd-new running on OpenBSD 5.5 ? I did a debug with the command /usr/local/sbin/amavisd debug(I set $log_level = 5 in /etc/amavisd.conf file) it says Segmentation fault Then, I uncommented @bypass_spam_checks_maps = (1); in /etc/amavisd.conf file. Pls see below # @bypass_virus_checks_maps = (1); # controls running of anti-virus code @bypass_spam_checks_maps = (1); # controls running of anti-spam code # $bypass_decode_parts = 1; # controls running of decodersdearchivers Then. restarted amavisd ( /etc/rc.d/amavisd restart ) . Then, It started working.. I did a debug with the command /usr/local/sbin/amavisd debug again then, it gave this. The amavisd daemon is already running, PID: [4909] I think may be something is wrong with perl modules. U guys are experts. any comments? -- cat /etc/motd Thank you Indunil Jayasooriya http://www.theravadanet.net/ http://www.siyabas.lk/sinhala_how_to_install.html - Download Sinhala Fonts
