Re: sending mail from wordpress
https://wordpress.org/plugins/post-smtp/ j. On Thu, Jan 2, 2020 at 1:44 PM Stuart Henderson wrote: > On 2020-01-02, Edgar Pettijohn wrote: > > I'm having trouble getting mail to go through wordpress. > > Confogure it to send by SMTP instead. (I don't use wordpress and can't > help tell you exactly how, but it's definitely possible - search for > e.g. "wordpress smtp authentication"). > > > The mail() function is not disabled. If my reading of > > class-phpmailer.php is correct it should see that sendmail_path is > > defined and use sendmail instead of mail(). > > Using mail() needs a /bin/sh binary inside the chroot jail. You are > better off avoiding mail() where possible. > > >
openrsync and rrsync - strange error on symlinks
Hi, I use rrsync[1] wrapper in SSH key via `command=` option to restrict mode and path of called rsync program. I discovered some strange difference related to symlinks between rsync and openrsync when called via rrsync wrapper. openrsync errors with: /usr/src/usr.bin/rsync/symlinks.c:48: error: ./pub/www/xx.info/themes/minimal/archetypes/test.md: readlink: No such file or directory even symlink is OK, see below. Any idea what's going on? Jiri [1] https://www.samba.org/ftp/unpacked/rsync/support/rrsync # sysctl kern.version kern.version=OpenBSD 6.5-beta (GENERIC.MP) #192: Fri Aug 9 23:41:57 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP GOAL I'm trying to synchronize following test tree from remote OpenBSD machine to a Linux client. # uname -s ; find /data/share/testovic/ -ls OpenBSD 153538568 drwxr-xr-x3 root wheel 512 Aug 15 23:26 /data/share/testovic/ 153538570 -rw-r--r--1 root wheel 0 Aug 15 23:10 /data/share/testovic/test1 153538580 lrwxr-xr-x1 root wheel 12 Aug 15 23:10 /data/share/testovic/test2 -> /nonexistent 153538590 lrwxr-xr-x1 root wheel 5 Aug 15 23:20 /data/share/testovic/test3 -> test1 153538608 drwxr-xr-x3 root wheel 512 Aug 15 23:25 /data/share/testovic/pub 153538618 drwxr-xr-x3 root wheel 512 Aug 15 23:25 /data/share/testovic/pub/www 153538628 drwxr-xr-x3 root wheel 512 Aug 15 23:25 /data/share/testovic/pub/www/xx.info 153538638 drwxr-xr-x3 root wheel 512 Aug 15 23:25 /data/share/testovic/pub/www/xx.info/themes 153538648 drwxr-xr-x3 root wheel 512 Aug 15 23:25 /data/share/testovic/pub/www/xx.info/themes/minimal 153538658 drwxr-xr-x2 root wheel 512 Aug 15 23:26 /data/share/testovic/pub/www/xx.info/themes/minimal/archetypes 153538668 -rw-r--r--1 root wheel 865 Aug 15 23:26 /data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/post.md 153538670 lrwxr-xr-x1 root wheel 7 Aug 15 23:26 /data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/test.md -> post.md 1 - /usr/local/bin/rsync via rrsync wrapper = rrsync should restrict to reads only and only from /data/share/testovic path from="192.168.1.7",command="${HOME}/bin/rrsync -ro /data/share/testovic/",restrict ssh-ed25519 C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC from client, reading from remote machine: # rsync -vva gw-share: ./ opening connection using: ssh gw-share rsync --server --sender -vvlogDtpre.iLsfxC . . (8 args) receiving incremental file list delta-transmission enabled ./ test1 test2 -> /nonexistent test3 -> test1 pub/ pub/www/ pub/www/xx.info/ pub/www/xx.info/themes/ pub/www/xx.info/themes/minimal/ pub/www/xx.info/themes/minimal/archetypes/ pub/www/xx.info/themes/minimal/archetypes/post.md pub/www/xx.info/themes/minimal/archetypes/test.md -> post.md total: matches=0 hash_hits=0 false_alarms=0 data=865 sent 106 bytes received 1,402 bytes 3,016.00 bytes/sec total size is 889 speedup is 0.59 2 - openrsync via rrsync wrapper # grep openrsync ${HOME}/bin/rrsync use constant RSYNC => '/usr/bin/openrsync'; from="192.168.1.7",command="${HOME}/bin/rrsync -ro /data/share/testovic/",restrict ssh-ed25519 C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC # rsync -vva gw-share: ./ opening connection using: ssh gw-share rsync --server --sender -vvlogDtpre.iLsfxC . . (8 args) receiving file list ... /usr/src/usr.bin/rsync/server.c:99: server detected client version 31, server version 27, seed 334847798 /usr/src/usr.bin/rsync/server.c:102: server starting sender /usr/src/usr.bin/rsync/symlinks.c:48: error: ./pub/www/xx.info/themes/minimal/archetypes/test.md: readlink: No such file or directory /usr/src/usr.bin/rsync/flist.c:985: error: symlink_read /usr/src/usr.bin/rsync/flist.c:1032: error: flist_gen_dirent /usr/src/usr.bin/rsync/sender.c:391: error: flist_gen /usr/src/usr.bin/rsync/server.c:124: error: rsync_sender rsync: connection unexpectedly closed (0 bytes received so far) [Receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(226) [Receiver=3.1.3]
sysupgrade script diff for people with small /home
Hi, see $subj, some people have so small /home and currently sysupgrade doesn't like symlink to bigger partition. (I know that bad symlink can make it explode.) --- /usr/sbin/sysupgrade.orig Mon Aug 12 19:07:11 2019 +++ /usr/sbin/sysupgradeMon Aug 12 18:51:28 2019 @@ -119,6 +119,7 @@ else fi if [[ -e ${SETSDIR} ]]; then + [[ -h ${SETSDIR} ]] && SETSDIR=$(readlink -f $SETSDIR) eval $(stat -s ${SETSDIR}) [[ $st_uid -eq 0 ]] || ug_err "${SETSDIR} needs to be owned by root:wheel" j.
httpd not logging tls handshake failed if 'tls client ca ' used
Hi, I was playing with CloudFlare Authenticated Origin Pulls, ie. httpd configured with 'client ca "/etc/ssl/cloudflare_origin_pull.crt"' (ie. to allow only tls request from specific tls client) and I see httpd is not logging anything by default into either access.log or error.log. (But the feature itself works ok.) But it's logging if run in debug mode 'httpd -d -': ---%>--- server_tls_handshake: tls handshake failed - handshake failed: error:140360C7:SSL routines:ACCEPT_SR_CERT:peer did not return a certificate server tls_default, client 1 (1 active), 199.195.251.62:18922 -> 176.74.139.218:443, tls handshake failed ---%<--- Is this expected behavior? # sysctl kern.version kern.version=OpenBSD 6.5-current (GENERIC) #176: Thu Aug 8 21:28:09 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
Re: Postscript printer recommendations
> On 2019-07-13, "Jonathan Drews" wrote: > > > Hi Folks: I need some recommendations on what brand of printers will > > work > > with Ghostscript (Postscript). The cartridges for my 15 year old HP > > Deskjet have gotten too expensive. I know Xerox makes some > > Postscript printers. Are there any other manufactureres of Postscript > > printers? Ghostscript is a filter app which converts various inputs to a PDL (page definition language) which a printer supports. I would recommend reading 'Printers' chapter in older edition of 'UNIX and Linux system administration handbook', it describes all things in human language :) Anyway, to learn more about printing, just write a filter which would `cat' input file to a 'output' file, you will see that top of the file data contains additional info like user invoking the printing etc... Very interesting for curious people. j.
Re: Qemu Agent assistance needed
QGA depends on specific device name in /dev. Ideally the best would be kernel-based support like vmt. Dne po 29. 4. 2019 10:03 uživatel Solene Rapenne napsal: > On Sun, Apr 28, 2019 at 11:10:14AM +, Strahil Nikolov wrote: > > Hi All, > > I am new to openBSD and I really like the idea. Sadly I do not have > > suitable hardware to run on , thus I use KVM and I would be happy if > > anyone hint me of a working solution for Qemu Guest Agent. > > Anything I dig up (via google searches) show up only suggestions , but > > nothing more.In openBSD 6.4 I successfully installed qemu (and thus > > the agent), but I can't understand how to get the device needed for > > communication with the host up and running. > > As I mainly know linux - I know that we need a kernel module that to > > be loaded and with combination of udev rules - the devices is created > > on the necessary location and with the correct rights.According to > > many google findings - openBSD doesn't support any more loadable > > kernel module support. > > I have tried to figure it out by myself, but I cannot find the > > necessary module needed, nor how to load it in a proper manner. > > Any hint is well appreciated. > > Best Regards,Strahil Nikolov > > > > qemu on openbsd doesn't support any hardware acceleration, and the > available version is quite old. > > I'm not sure it is compatible with libvirt. > >
Re: dell universal d6000 dock
Maybe you just face old diplayport issue like here https://marc.info/?t=15169561314=1=2 and it is not related to docking station at all? I gave up and I used to use DP->HDMI->DVI and USB-c>HDMI->DVI reductions :) j. On Tue, Feb 12, 2019 at 12:11 AM myml...@gmx.com wrote: > > anybody > > On 2/5/19 5:17 PM, myml...@gmx.com wrote: > > Hi, > > > > I am running current from Jan 21st on a dell latitude 7490 (dmesg > > below) and was hoping to get a usb-c dock connected so that I could > > use 2 display ports, the hdmi, eth and extra usb ports in one easy to > > disconnect usb-c connection. > > > > The hdmi seems to work ok but I get the following errors in > > /var/log/messages when I plug/unplug a display port. > > > > Feb 5 16:48:56 curry /bsd: uhub1 at uhub0 port 1 configuration 1 > > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.16 addr 5 > > Feb 5 16:48:56 curry apmd: battery status: high. external power > > status: connected. estimated battery life 95% > > Feb 5 16:48:57 curry /bsd: uhub2 at uhub1 port 2 configuration 1 > > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.17 addr 6 > > Feb 5 16:48:58 curry /bsd: uhub3 at uhub1 port 3 configuration 1 > > interface 0 "Genesys Logic USB2.0 Hub" rev 2.00/88.32 addr 7 > > Feb 5 16:48:59 curry /bsd: uhidev2 at uhub3 port 1 configuration 1 > > interface 0 "Bizlink D6000 Controller" rev 2.00/0.18 addr 8 > > Feb 5 16:48:59 curry /bsd: uhidev2: iclass 3/0, 1 report id > > Feb 5 16:48:59 curry /bsd: uhid4 at uhidev2 reportid 1: input=0, > > output=0, feature=1 > > Feb 5 16:48:59 curry /bsd: uhub4 at uhub0 port 13 configuration 1 > > interface 0 "GenesysLogic USB3.1 Hub" rev 3.10/88.16 addr 9 > > Feb 5 16:49:00 curry /bsd: uaudio0 at uhub4 port 1 configuration 1 > > interface 2 "DisplayLink Dell Universal Dock D6000" rev 3.10/31.27 > > addr 10 > > Feb 5 16:49:00 curry /bsd: uaudio0: audio descriptors make no sense, > > error=4 > > Feb 5 16:49:00 curry /bsd: ugen1 at uhub4 port 1 configuration 1 > > "DisplayLink Dell Universal Dock D6000" rev 3.10/31.27 addr 10 > > Feb 5 16:49:01 curry /bsd: uhub5 at uhub4 port 2 configuration 1 > > interface 0 "GenesysLogic USB3.1 Hub" rev 3.10/88.17 addr 11 > > Feb 5 16:49:01 curry /bsd: uhub2 detached > > Feb 5 16:49:01 curry /bsd: uhid4 detached > > Feb 5 16:49:01 curry /bsd: uhidev2 detached > > Feb 5 16:49:01 curry /bsd: uhub3 detached > > Feb 5 16:49:01 curry /bsd: uhub1 detached > > Feb 5 16:49:02 curry /bsd: uhub1 at uhub0 port 1 configuration 1 > > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.16 addr 5 > > Feb 5 16:49:03 curry /bsd: uhub2 at uhub1 port 2 configuration 1 > > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.17 addr 6 > > Feb 5 16:49:04 curry /bsd: uhub3 at uhub1 port 3 configuration 1 > > interface 0 "Genesys Logic USB2.0 Hub" rev 2.00/88.32 addr 7 > > Feb 5 16:49:05 curry /bsd: uhidev2 at uhub3 port 1 configuration 1 > > interface 0 "Bizlink D6000 Controller" rev 2.00/0.18 addr 8 > > Feb 5 16:49:05 curry /bsd: uhidev2: iclass 3/0, 1 report id > > Feb 5 16:49:05 curry /bsd: uhid4 at uhidev2 reportid 1: input=0, > > output=0, feature=1 > > Feb 5 16:49:53 curry /bsd: umass0 at uhub5 port 2 configuration 1 > > interface 0 "SanDisk Ultra" rev 3.00/1.00 addr 12 > > Feb 5 16:49:53 curry /bsd: umass0: using SCSI over Bulk-Only > > Feb 5 16:49:53 curry /bsd: scsibus4 at umass0: 2 targets, initiator 0 > > Feb 5 16:49:53 curry /bsd: sd2 at scsibus4 targ 1 lun 0: > Ultra, 1.00> SCSI4 0/direct removable serial.07815581200212119554 > > Feb 5 16:49:53 curry /bsd: sd2: 29328MB, 512 bytes/sector, 60063744 > > sectors > > Feb 5 16:51:59 curry /bsd: error: > > [drm:pid69604:intel_dp_aux_wait_done] *ERROR* dp aux hw did not signal > > timeout (has irq: 1)! > > Feb 5 16:54:57 curry /bsd: error: > > [drm:pid69604:intel_pipe_update_start] *ERROR* Potential atomic update > > failure on pipe B > > Feb 5 16:55:56 curry /bsd: WARNING !wm_changed failed at > > /usr/src/sys/dev/pci/drm/i915/intel_pm.c:3609 > > Feb 5 16:56:39 curry /bsd: uhub2 detached > > Feb 5 16:56:39 curry /bsd: uhid4 detached > > Feb 5 16:56:39 curry /bsd: uhidev2 detached > > Feb 5 16:56:39 curry /bsd: uhub3 detached > > Feb 5 16:56:39 curry /bsd: uhub1 detached > > Feb 5 16:56:39 curry /bsd: uaudio0 detached > > Feb 5 16:56:39 curry /bsd: ugen1 detached > > Feb 5 16:56:39 curry /bsd: sd2 detached > > Feb 5 16:56:39 curry /bsd: scsibus4 detached > > Feb 5 16:56:39 curry /bsd: umass0 detached > > Feb 5 16:56:39 curry /bsd: uhub5 detached > > Feb 5 16:56:39 curry /bsd: uhub4 detached > > Feb 5 16:56:40 curry apmd: battery status: high. external power > > status: not connected. estimated battery life 95% > > Feb 5 17:06:45 curry /bsd: error: > > [drm:pid69604:intel_pipe_update_start] *ERROR* Potential atomic update > > failure on pipe A > > > > Any thoughts? > > > > I have to return the dock in a couple of days but if there is any > > procedures or output that someone would like to see in the
ssh-keygen returns 0 if there is at least one valid key passed via stdin
Hi, what I was trying is to validate ssh public keys passed via stdin to ssh-keygen. It seems one has to split each line before passing to ssh-keygen as ssh-keygen would return 0 if there is at least one valid key in the input. Is this behaviour correct? Jiri $ cat /etc/fstab .ssh/id_rsa.pub | ssh-keygen -l -f - -v debug1: (stdin):1: not a public key debug1: (stdin):2: not a public key debug1: (stdin):3: not a public key debug1: (stdin):4: not a public key debug1: (stdin):5: not a public key debug1: (stdin):6: not a public key debug1: (stdin):7: not a public key debug1: (stdin):8: not a public key debug1: (stdin):9: not a public key debug1: (stdin):12: not a public key debug1: (stdin):13: not a public key debug1: (stdin):14: not a public key 2048 SHA256:3ig2wrDgHa2iNH/89HGFRx+YuP7X6febAZR+kxu3Drg (RSA) +---[RSA 2048]+ | | |. + | | . * . | |. * . o| |. .. . S o = *.| |...+o . o. + o *| | =.o+ +.o..+ . +o| |o + =.o. o o oo=| |. .. .. . E .o==| +[SHA256]-+ $ sysctl kern.version kern.version=OpenBSD 6.4 (GENERIC) #3: Thu Dec 20 18:31:57 CET 2018 r...@syspatch-64-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
Re: Question about ~/.ssh/rc and internal-sftp
Yes, you can but then you cannot use `internal-sftp` because it is "internal" sshd process. You must populate chroot in your ChrootDirectory, on Linux you also need to have /dev/log there. I use this solution to rsync uploaded files to other host. Jiri On Wed, Feb 6, 2019 at 10:49 AM Aleksandar Lazic wrote: > > Hi. > > I hope this list is the right one to ask openssh questions, in case I'm wrong > here please point me to the right list/channel, thanks. > > We use sftp for uploads and iWatch to post process the uploaded files. > > We have several Match blocks in our /etc/ssh/sshd_config > > ``` > Match User user001 > ForceCommand internal-sftp > AllowAgentForwarding no > AllowTcpForwarding no > X11Forwarding no > ChrootDirectory /home/user001 > ``` > > Can I replace the ForceCommand with a script which triggers a post process > tool and use Subsystem for internal-sftp ? > > Version: OpenSSH_7.2p2 > OS: Ubuntu 16.04 LTS > > The Idea is that after a successful upload a post process script is running > so the we can remove the iWatch. > > Thank you for any help. > > Regards > Aleks >
Re: Getting traffic from rdomain X to talk to a daemon in default rdomain 0
Thank you, that works fine. Jiri On Thu, Jan 31, 2019 at 11:26 PM Sebastian Benoit wrote: > > Jiri B(jiri...@gmail.com) on 2019.01.31 22:23:34 +0100: > > Hello, > > > > I'm trying to isolate an app running on OpenBSD on network level and thus I > > have started > > the app in a specific rdomain. > > > > I can successfully make traffic from the rdomain to reach Internet: > > > > pass out quick on rdomain 1 to any nat-to (egress) rtable 0 > > that rule is only evaluated when the packes pass through a network > interface. > > > But I cannot figure out how to make the app in this rdomain 1 to communicate > > which daemons in default rdomain (0). > > > > With above rule I would see something like this on lo0 (rdomain0): > > > > Jan 31 16:04:22.285915 199.195.x.x.60666 > 199.195.x.x.53: 14874+ NS? .(17) > > > > Tested with route -T 1 exec dig @199.195.x.x www.openbsd.org. > > It seems it does not know how to send back replies ? > > yes, because rdomain 0 does not have a route to what network you have in > rdomain 1. > > Btw. its hard to talk about this without you giving the actual networks and > IPs used. > > > Without 'nat-to (egress)' the replies would be just send via default gw in > > rdomain 0: > > > > mx1# tcpdump -i vio0 -n -e -ttt icmp > > tcpdump: listening on vio0, link-type EN10MB > > Jan 31 16:08:27.053592 00:16:a1:5d:50:b6 00:12:f2:f2:1a:00 0800 98: > > 199.195.x.x > 172.16.1.2: icmp: echo reply > > > > (172.16.1.2 was the IP in rdomain 1) > > > > Any idea what would be PF rule to make this working - ie. make an app in > > rdomain X talk to daemons in rdomain 0. > > > > I also tried to use pair interfaces but I failed too. > > Try this: > > # set up two connected pair interfaces: > ifconfig pair8 inet 192.168.2.8/24 rdomain 8 > ifconfig pair1 inet 192.168.2.1/24 rdomain 0 > ifconfig pair1 patch pair8 > > # they now can ping each other: > ping 192.168.2.8 > route -T 8 exec ping 192.168.2.1 > > # my em0 interface in rdomain 0 has the IP 192.168.1.52: > em0: flags=208847 mtu > 1500 > lladdr 44:c6:86:5a:c2:f7 > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect > status: active > inet 192.168.1.52 netmask 0xff00 broadcast 192.168.1.255 > > # add a route to 192.168.1.52 to rdomain 8: > route -T 8 add 192.168.1.52 192.168.2.1 > route -T 8 exec ping 192.168.1.52 > > # the traffic back from rdomain 0 to rdomain 8 works now, because packets > # are send with source ip 192.168.2.8, and rdomain 0 has a route to that IP > # through pair1. > > Now run your service on 192.168.1.52. > > /Benno
Getting traffic from rdomain X to talk to a daemon in default rdomain 0
Hello, I'm trying to isolate an app running on OpenBSD on network level and thus I have started the app in a specific rdomain. I can successfully make traffic from the rdomain to reach Internet: pass out quick on rdomain 1 to any nat-to (egress) rtable 0 But I cannot figure out how to make the app in this rdomain 1 to communicate which daemons in default rdomain (0). With above rule I would see something like this on lo0 (rdomain0): Jan 31 16:04:22.285915 199.195.x.x.60666 > 199.195.x.x.53: 14874+ NS? .(17) Tested with route -T 1 exec dig @199.195.x.x www.openbsd.org. It seems it does not know how to send back replies ? Without 'nat-to (egress)' the replies would be just send via default gw in rdomain 0: mx1# tcpdump -i vio0 -n -e -ttt icmp tcpdump: listening on vio0, link-type EN10MB Jan 31 16:08:27.053592 00:16:a1:5d:50:b6 00:12:f2:f2:1a:00 0800 98: 199.195.x.x > 172.16.1.2: icmp: echo reply (172.16.1.2 was the IP in rdomain 1) Any idea what would be PF rule to make this working - ie. make an app in rdomain X talk to daemons in rdomain 0. I also tried to use pair interfaces but I failed too. Jiri
serial for softraid devices
Hi, I have couple of softraid devices available in a box and when I do upgrade I always have to check and not to make mistake which softraid device I want to use as root disk. If OpenBSD would have serial for softraid device I would just need to remember the serial for my root disk. This is similar output what install.sub's diskinfo() returns in installer: # bioctl softraid0 | awk '$NF == "RAID1" { cmd=sprintf("bioctl -q %s",$(NF-1)); system(cmd); }' sd5: , serial (unknown) sd6: , serial (unknown) sd7: , serial (unknown) sd8: , serial (unknown) sd9: , serial (unknown) Is it because bd_serial is not implemented for softraid devices? $ ag bd_serial /usr/src/sys/ /usr/src/sys/dev/ic/ami.c 2037: strlcpy(bd->bd_serial, ser, sizeof(bd->bd_serial)); 2268: bzero(>bd_serial, sizeof(bd->bd_serial)); 2287: strlcpy(bd->bd_serial, ser, 2288: sizeof(bd->bd_serial)); /usr/src/sys/dev/ic/ciss.c 1068: bd->bd_serial[0] = '\0'; 1090: strlcpy(bd->bd_serial, pdid->serial, 1091: sizeof(bd->bd_serial)); /usr/src/sys/dev/ic/mpi.c 3386: /* bd_serial[32]; */ /usr/src/sys/dev/pci/arc.c 2256: strlcpy(bd->bd_serial, serial, sizeof(bd->bd_serial)); /usr/src/sys/dev/pci/mpii.c 3596: scsi_strvis(bd->bd_serial, ppg->serial, sizeof(ppg->serial)); /usr/src/sys/dev/biovar.h 111:charbd_serial[32]; /* serial number */ Jiri
Re: Wake-on-LAN from suspended state
On Tue, Apr 24, 2018 at 10:11:44PM +0200, Paul de Weerd wrote: > [...] > em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address > b8:ca:3a:93:03:e8 IIUC em does not support WOL. Am I right? Jiri
Re: OpenBSD Xenocara supports "dummy" driver for headless X? (wd support FB resizing, Xvfb does not)
See https://marc.info/?l=openbsd-misc=151877018030790=2 Is it relevant? Jiri
kernel panicing - linux sysrq capability
Hi, IIUC we can panic kernel via writting to 'ddb.trigger' and if we have 'ddb.panic=0' it would reboot. But IIUC we are not not able to control what would happen during this kernel panic in non-interactive mode, am I right? I am asking because I'm working on porting corosync/pacemaker[1] - HA stuff - and they make kernel panic[2] on Linux with 'b'[3] (immediate reboot the system without syncing or unmounting them) or 'c' (performing a kexec reboot in order to take a crashdump) under some conditions. [1] http://bit.ly/2IvFD9A [2] https://fedoraproject.org/wiki/QA/Sysrq [3] https://github.com/ClusterLabs/pacemaker/blob/edd67444e967a0c58a96aab1748b378eec3b40f9/lib/common/watchdog.c#L132 Jiri
Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'
On Tue, Mar 06, 2018 at 01:51:04PM +0100, Jeremie Courreges-Anglas wrote: > On Mon, Mar 05 2018, Stuart Hendersonwrote: > My guess is that ld.so throws away the library cache if it finds that > it's stale, and thus can't know where liblzo2/liblz4 are to be found. > The easy fix would be to make ld.so search in /usr/local by default, but > I'm not sure this would be accepted. So I just documented the > LD_LIBRARY_PATH hack in the README instead. There's no ld.so.hints as we rm -rf /var/run content: # cat -n /etc/rc | egrep "(ldconfig|netstart|/var/run)" 439 sh /etc/netstart 450 sh /etc/netstart pfsync0 463 (cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null utmp; }) 467 dmesg >/var/run/dmesg.boot 483 rm -f /var/run/ypbind.lock 564 if [[ -x /sbin/ldconfig ]]; then 568 ldconfig $shlib_dirs Anyway, thanks for ports doc update. Jiri
linking libqb on openbsd fails
Hi, I try to build libqb library and it fails with following output, any idea what could be wrong there? Originally reported at https://github.com/ClusterLabs/libqb/issues/299 (libqb is prerequisite for corosync/pacemaker stuff) Jiri =2E.. libtool: compile: cc -DHAVE_CONFIG_H -I. -I../include -I../include/qb -I..= /include -I../include -O2 -pipe -Wall -Wextra -Wunused -Wshadow -Wmissing-p= rototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wwrit= e-strings -Wcast-align -Wbad-function-cast -Wmissing-format-attribute -Wflo= at-equal -Wformat=3D2 -Woverlength-strings -Winit-self -Wuninitialized -Wun= known-pragmas -Wno-unused-parameter -Wno-format-nonliteral -Wno-sign-compar= e -MT strchrnul.lo -MD -MP -MF .deps/strchrnul.Tpo -c strchrnul.c -fPIC -D= PIC -o .libs/strchrnul.o libtool: compile: cc -DHAVE_CONFIG_H -I. -I../include -I../include/qb -I..= /include -I../include -O2 -pipe -Wall -Wextra -Wunused -Wshadow -Wmissing-p= rototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wwrit= e-strings -Wcast-align -Wbad-function-cast -Wmissing-format-attribute -Wflo= at-equal -Wformat=3D2 -Woverlength-strings -Winit-self -Wuninitialized -Wun= known-pragmas -Wno-unused-parameter -Wno-format-nonliteral -Wno-sign-compar= e -MT strchrnul.lo -MD -MP -MF .deps/strchrnul.Tpo -c strchrnul.c -o strchr= nul.o >/dev/null 2>&1 cc -E -xc -I../include -D_GNU_SOURCE -C -P qblog_script.ld.in \ | sed -n "/$(sed -n '/^[^#]/{s/[*\/]/\\&/g;p;q;}' qblog_script.ld.in)/,$ = p" \ > qblog_script.ld /usr/local/bin/libtool --tag=3DCC --mode=3Dlink cc -pthread -O2 -pipe = -Wall -Wextra -Wunused -Wshadow -Wmissing-prototypes -Wmissing-declarati= ons -Wstrict-prototypes -Wpointer-arith -Wwrite-strings -Wcast-align -Wbad-= function-cast -Wmissing-format-attribute -Wfloat-equal -Wformat=3D2 -Woverl= ength-strings -Winit-self -Wuninitialized -Wunknown-pragmas -Wno-unused-par= ameter -Wno-format-nonliteral -Wno-sign-compare -version-info 19:0:19 -o = libqb.la -rpath /usr/local/lib libqb_la-util.lo libqb_la-hdb.lo libqb_la-ri= ngbuffer.lo libqb_la-ringbuffer_helper.lo libqb_la-array.lo libqb_la-loop.l= o libqb_la-loop_poll.lo libqb_la-loop_job.lo libqb_la-loop_timerlist.lo lib= qb_la-ipcc.lo libqb_la-ipcs.lo libqb_la-ipc_shm.lo libqb_la-ipc_setup.lo li= bqb_la-ipc_socket.lo libqb_la-log.lo libqb_la-log_thread.lo libqb_la-log_bl= ackbox.lo libqb_la-log_file.lo libqb_la-log_syslog.lo libqb_la-log_dcs.lo l= ibqb_la-log_format.lo libqb_la-map.lo libqb_la-skiplist.lo libqb_la-hashtab= le.lo libqb_la-trie.lo libqb_la-unix.lo libqb_la-loop_poll_kqueue.lo str= chrnul.loqblog_script.la=20 *** Warning: This system can not link to static lib archive qblog_script.la. *** I have the capability to make that library automatically link in when *** you link to this library. But I can only do this if you have a *** shared version of the library, which you do not appear to have. libtool: link: cc -shared -fPIC -DPIC -o .libs/libqb.so.19.0 .libs/libqb_= la-util.o .libs/libqb_la-hdb.o .libs/libqb_la-ringbuffer.o .libs/libqb_la-r= ingbuffer_helper.o .libs/libqb_la-array.o .libs/libqb_la-loop.o .libs/libqb= _la-loop_poll.o .libs/libqb_la-loop_job.o .libs/libqb_la-loop_timerlist.o .= libs/libqb_la-ipcc.o .libs/libqb_la-ipcs.o .libs/libqb_la-ipc_shm.o .libs/l= ibqb_la-ipc_setup.o .libs/libqb_la-ipc_socket.o .libs/libqb_la-log.o .libs/= libqb_la-log_thread.o .libs/libqb_la-log_blackbox.o .libs/libqb_la-log_file= =2Eo .libs/libqb_la-log_syslog.o .libs/libqb_la-log_dcs.o .libs/libqb_la-lo= g_format.o .libs/libqb_la-map.o .libs/libqb_la-skiplist.o .libs/libqb_la-ha= shtable.o .libs/libqb_la-trie.o .libs/libqb_la-unix.o .libs/libqb_la-loop_p= oll_kqueue.o .libs/strchrnul.o-pthread -O2 -pthread -pthread -Wl,/usr= /ports/pobj/libqb-1.0.3/libqb-1.0.3/lib/qblog_script.ld /usr/bin/ld: section __verbose [002351f8 -> 00236a7f] overl= aps section .bss [00225060 -> 00235f87] cc: error: linker command failed with exit code 1 (use -v to see invocation) gmake[2]: *** [Makefile:740: libqb.la] Error 1 gmake[2]: Leaving directory '/usr/ports/pobj/libqb-1.0.3/libqb-1.0.3/lib' gmake[1]: *** [Makefile:513: all-recursive] Error 1 gmake[1]: Leaving directory '/usr/ports/pobj/libqb-1.0.3/libqb-1.0.3' gmake: *** [Makefile:438: all] Error 2 *** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2742 '/usr/ports= /pobj/libqb-1.0.3/.build_done') *** Error 1 in /usr/ports/devel/libqb (/usr/ports/infrastructure/mk/bsd.por= t.mk:2419 'all') $ sysctl kern.version = = =20 kern.version=3DOpenBSD 6.3-beta (GENERIC) #25: Fri Mar 2 22:51:43 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC $ /usr/ports/pobj/libqb-1.0.3/bin/cc -v=20 OpenBSD clang version 5.0.1 (tags/RELEASE_501/final) (based on
Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'
On Mon, Mar 05, 2018 at 01:14:05PM +0200, Atanas Vladimirov wrote: > Hi, > > Bringing up an old thread to let you know that the problem is still present > in -current snapshot. > Shall I send a proper bug report to bugs@? > Thanks. No, why? Works as expected, you start OpenVPN too early, thus you need that workaround. > starting network > em0: bound to 95.87.227.232 from 95.87.227.225 (64:87:88:58:b2:b8) > ld.so loading: 'openvpn' > [...] > loading: liblz4.so.2.0 required by /usr/local/sbin/openvpn > ld.so: openvpn: can't load library 'liblz4.so.2.0' > Killed > reordering libraries: done. See...: # egrep -n '(sh /etc/netstart$|/sbin/ldconfig)' /etc/rc 439:sh /etc/netstart 564:if [[ -x /sbin/ldconfig ]]; then Thus, /var/run/ld.so.hints does not exist in time when you start OpenVPN. Jiri
booting fedora 27 under vmm is somehow possible
Hi, there are maybe some collegues at my work who maybe would be interested to try running Fedora under vmm. So I made following notes about how to boot Fedora 27 under VMM. Although it does still take ages for Fedora to boot with networking enabled, wtf! VMM output and Fedora 27 dmesg below. IMO next steps - after Fedora is up - should be to disable cloud-init (as it would timeout because it needs to get data via network), disable ipv6 and probably NTP client/server as it takes ages to complete boot, probably modify grub2 with 'tsc=unstable'. Jiri - messages Feb 20 23:27:20 t470s vmd[76516]: vcpu_process_com_data: guest reading com1 when not ready Feb 20 23:27:21 t470s last message repeated 2 times Feb 20 23:27:22 t470s vmd[76516]: vioblk_notifyq: unsupported command 0x8 Feb 20 23:27:25 t470s last message repeated 4 times - trying to mount_ext2fs partition from raw image via vnd0i. Feb 20 23:26:58 t470s /bsd: ext2fs: unsupported incompat features 0x2c2 - steps # cd /home # ftp http://mirror.vutbr.cz/fedora/releases/27/CloudImages/x86_64/images/Fedora-Cloud-Base-27-1.6.x86_64.raw.xz # xz -d -c /home/Fedora-Cloud-Base-27-1.6.x86_64.raw.xz > /home/fedora.raw # mkdir cloud-init # cat meta-data < user-data < /etc/sysctl.d/disableipv6.conf * systemctl disable cloud-init * poweroff # vmctl start "fedora" -d /home/fedora.raw -m 2G -c -L -i 1 - vmm boot & dmesg/systemd stuff # vmctl start "fedora" -d /home/fedora.raw -m 2G -c -r /home/fedora-cidata.iso vmctl: starting without network interfaces Connected to /dev/ttyp2 (speed 115200) Changing serial settings was 0/0 now 3/0 SeaBIOS (version 1.10.2p5-OpenBSD-vmm) BUILD: gcc: (GCC) 4.2.1 20070719 binutils: 2.17 enabling shadow ram Unable to unlock ram - bridge not found RamSize: 0x8000 [cmos] malloc preinit malloc init RamSizeOver4G: 0x [cmos] init ivt init bda init bios32 init keyboard init pic math cp init pci setup === PCI bus & bridge init === PCI: pci_bios_init_bus_rec bus = 0x0 === PCI device probing === PCI probe Found 5 PCI devices (max PCI bus is 00) === PCI new allocation pass #1 === PCI: check devices === PCI new allocation pass #2 === PCI: IO: 1000 - 4fff PCI: 32: 8000 - fec0 PCI: map device bdf=00:01.0 bar 0, addr 1000, size 1000 [io] PCI: map device bdf=00:02.0 bar 0, addr 2000, size 1000 [io] PCI: map device bdf=00:03.0 bar 0, addr 3000, size 1000 [io] PCI: map device bdf=00:04.0 bar 0, addr 4000, size 1000 [io] PCI: init bdf=00:00.0 id=0b5d:0666 PCI: init bdf=00:01.0 id=1af4:1005 PCI: init bdf=00:02.0 id=1af4:1001 PCI: init bdf=00:03.0 id=1af4:1004 PCI: init bdf=00:04.0 id=0b5d:0777 PCI: No VGA devices found No apic - only the main cpu is present. init timer Scan for VGA option rom init virtio-blk found virtio-blk at 00:02.0 pci dev 00:02.0 using legacy (0.9.5) virtio mode virtio-blk 00:02.0 blksize=512 sectors=8388608 Registering bootable: Virtio disk PCI:00:02.0 (type:2 prio: data:f0a60) init virtio-scsi found virtio-scsi at 00:03.0 pci dev 00:03.0 using legacy (0.9.5) virtio mode virtio-scsi vendor='OpenBSD' product='VMM CD-ROM' rev='001' type=5 removable=1 Registering bootable: DVD/CD [virtio-scsi Drive OpenBSD VMM CD-ROM 001] (type:3 prio: data:f0a20) init serial Found 1 serial ports Scan for option roms Registering bootable: Legacy option rom (type:129 prio: data:bf03) Searching bootorder for: HALT Mapping hd drive 0x000f0a60 to 0 drive 0x000f0a60: PCHS=0/0/0 translation=lba LCHS=522/255/63 s=8388608 Mapping cd drive 0x000f0a20 Running option rom at bf00:0003 Google, Inc. Serial Graphics Adapter 11/27/17 SGABIOS 20100422 (_) Mon Nov 27 22:20:55 UTC 2017 Term: 0x87 4 0 malloc finalize Space available for UMB: c-ee800, f-f09f0 Returned 245760 bytes of ZoneHigh e820 map has 6 items: 0: - 0009f800 = 1 RAM 1: 0009f800 - 000a = 2 RESERVED 2: 000f - 0010 = 2 RESERVED 3: 0010 - 7fffc000 = 1 RAM 4: 7fffc000 - 8000 = 2 RESERVED 5: fffc - 0001 = 2 RESERVED locking shadow ram Unable to lock ram - bridge not found Jump to int19 enter handle_19: NULL BBttiinngg ffrroomm HHaarrdd DDiisskk.. Booting from :7c00 . Use the ^ and v keys to change the selection. ... Fedora (4.13.9-300.fc27.x86_64) 27 (Cloud Edition) The selected entry will be started automatically in 1s. The selected entry will be started automatically in 0s. ... unimplemented handle_15XX:330: a=ec00 b=0002 c= d= ds=9000 es=9000 ss=9000 si= di= bp= sp=8f70 cs=9000 ip=02fc f=0003 unimplemented handle_16XX:224: a=0305 b= c= d= ds=9000 es=9000 ss=9000 si= di= bp= sp=8f70 cs=9000 ip=02fc f=0003 unimplemented handle_15XX:330: a=e980 b=
make release-sets - question
Hello, I try to understand why 'release-sets' does copy kernel.tgz from DESTDIR into OS /usr? Could anybody explain the logic behind? Thank you. build1$ sed -n '/^release-sets:$/,/^$/p' /usr/src/etc/Makefile release-sets: su ${BUILDUSER} -c 'exec ${MAKE} distribution' su ${BUILDUSER} -c 'exec ${MAKE} kernels' cp -p ${DESTDIR}/usr/share/relink/kernel.tgz /usr/share/relink/kernel.tgz ${MAKE} bootblocks cd ${RELEASEDIR} && rm -f SHA256 cd ../distrib/sets && exec su ${BUILDUSER} -c 'exec sh maketars ${OSrev}' Jiri
vmctl status - output order
I can't read C but how do you sort vmctl status output? host1# vmctl status ID PID VCPUS MAXMEM CURMEM TTYOWNER NAME 6 99046 12.0G698M ttyp4jirib build1 1 93692 12.0G917M ttyp7jirib jirib1 7 - 1512M - -jirib archive1 Not by ID, not by PID, names order with preference of alive VMs? Wouldn't be ID best for order? It would be great if there would be systat vmm (?) with similar output and refreshing data. Jiri
Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?
On Fri, Feb 16, 2018 at 09:42:25PM +0200, Dumitru Mi?u Moldovan wrote: > On 02/16/18 10:14, Jiri B wrote: > > […] > > > I'll try to clarify my use case further. I'd like to attach of a persistent > > remote display session in screen/tmux-like manner. > > > > IIUC a 'persistent' disqualifies X11 forwarding over SSH, and it > > disqualifies usage of "remote" DISPLAY=$ip:$display too. > > > > Thus, IIUC, X11 server needs to run on remote OS as well, and because the VM > > does not have real graphical card, it does need a kind of fake X11 server. > > > > Xvfb or X11 native 'dummy'-driver based solution should work, the graphics > > itself can be later attached in screen/tmux-like manner via VNC for example. > > > > Solutions I'm aware: > > > > - X11 forwarding (not persistent) > > - X11 with remote DISPLAY (not persistent) > > - X11 'dummy' driver (not working in VMM VM) > > - Xvfb (works but seems slower/obsoleted by X11 native 'dummy' driver) > > > > Might want to add this to your list: https://www.xpra.org/ (have never > tried it, but advertises itself as "screen for X11"). IIUC xpra uses 'dummy' X11 driver but I haven't checked too deeply as there's no port for it right now. Jiri
Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?
On Fri, Feb 16, 2018 at 12:19:44AM -0800, Mike Larkin wrote: > Xvfb + x11vnc worked fine in the test I just did. Yes, it does, thanks for confirmation. I was curious why X11 'dummy' mode does not if it should be used in environments without graphical card for headless X11 server. Maybe it does not work as our xf86-video-dummy is old, https://github.com/freedesktop/xorg-xf86-video-dummy/commit/87249af5faf85c8d093e910c069faa4db0aee843#diff-67e997bcfdac55191033d57a16d1408a I'll stick to Xvfb for now and I'll give a try to build newer xf86-video-dummy. Jiri
Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?
On Thu, Feb 15, 2018 at 06:48:53PM -0800, Mike Larkin wrote: > > > what are you trying to accomplish? > > > > A persistent remote display session, ie. xenodm->wm or users one accessible > > via VNC with x11vnc. > > > I found a solution to do this with about 1 minute of google searching. What > are you finding difficult? I'm not sure I can follow. I would be happy to listen for your proposal for my use case. I'll try to clarify my use case further. I'd like to attach of a persistent remote display session in screen/tmux-like manner. IIUC a 'persistent' disqualifies X11 forwarding over SSH, and it disqualifies usage of "remote" DISPLAY=$ip:$display too. Thus, IIUC, X11 server needs to run on remote OS as well, and because the VM does not have real graphical card, it does need a kind of fake X11 server. Xvfb or X11 native 'dummy'-driver based solution should work, the graphics itself can be later attached in screen/tmux-like manner via VNC for example. Solutions I'm aware: - X11 forwarding (not persistent) - X11 with remote DISPLAY (not persistent) - X11 'dummy' driver (not working in VMM VM) - Xvfb (works but seems slower/obsoleted by X11 native 'dummy' driver) Thank you for help. Jiri
Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?
On Thu, Feb 15, 2018 at 04:18:33PM -0800, Mike Larkin wrote: > On Thu, Feb 15, 2018 at 07:10:26PM -0500, Jiri B wrote: > > Is it possible to run 'dummy' based X11 (should be better that Xvfb)[1] > > inside > > VMM VM? > > > > what are you trying to accomplish? A persistent remote display session, ie. xenodm->wm or users one accessible via VNC with x11vnc. Jiri
VMM VM - 'dummy' based driver-based X11 server inside, not possible?
Is it possible to run 'dummy' based X11 (should be better that Xvfb)[1] inside VMM VM? $ Xorg -noreset +extension GLX +extension RANDR +extension RENDER -logfile ./10.log -config ./xorg.conf :10 (EE) Fatal server error: (EE) xf86OpenConsole: No console driver found Supported drivers: wscons Check your kernel's console driver configuration and /dev entries(EE) (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. (EE) Please also check the log file at "./10.log" for additional information. (EE) (EE) Server terminated with error (1). Closing log file. $ cat 10.log [62.900] (--) checkDevMem: using aperture driver /dev/xf86 [62.969] (EE) Fatal server error: [62.970] (EE) xf86OpenConsole: No console driver found Supported drivers: wscons Check your kernel's console driver configuration and /dev entries(EE) [62.973] (EE) Please consult the The X.Org Foundation support at http://wiki.x.org for help. [62.974] (EE) Please also check the log file at "./10.log" for additional information. [62.976] (EE) [62.992] (EE) Server terminated with error (1). Closing log file. xorg.conf is from https://xpra.org/xorg.conf (attached in the end of the mail). But same xorg.conf and same command work OK on headless baremetal. [1] http://xpra.org/trac/wiki/Xdummy [2] https://xpra.org/xorg.conf Jiri - from host OpenBSD 6.2-current (GENERIC.MP) #6: Tue Feb 13 20:16:11 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8564375552 (8167MB) avail mem = 8297807872 (7913MB) enter_shared_special_pages: entered idt page va 0x8001 pa 0x1d5a000 enter_shared_special_pages: entered kutext page va 0x81831000 pa 0x1831000 enter_shared_special_pages: entered kutext page va 0x81832000 pa 0x1832000 enter_shared_special_pages: entered kutext page va 0x81833000 pa 0x1833000 enter_shared_special_pages: entered kudata page va 0x81ac9000 pa 0x1ac9000 cpu_enter_pages: entered tss+gdt page at va 0x81abd000 pa 0x1abd000 cpu_enter_pages: entered t.stack page at va 0x81abe000 pa 0x1abe000 cpu_enter_pages: cif_tss.tss_rsp0 = 0x81abe3e0 mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version "1.1" date 05/27/2010 bios0: Supermicro X8SIL acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI DMAR SSDT acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) GBE_(S4) BR20(S4) BR21(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat lapic_map: entered lapic page va 0x81ab2000 pa 0xfee0 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.93 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache acpitimer0: recalibrated TSC frequency 189986 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x800021fff000 pa 0x10f7ab000 cpu_enter_pages: entered t.stack page at va 0x80002200 pa 0x10f7ac000 cpu_enter_pages: cif_tss.tss_rsp0 = 0x8000220003e0 : apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x80002201 pa 0x10f7b6000 cpu_enter_pages: entered t.stack page at va 0x800022011000 pa 0x10f7b7000 cpu_enter_pages: cif_tss.tss_rsp0 = 0x8000220113e0 : apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x800022019000 pa 0x10f7b9000 cpu_enter_pages: entered t.stack page at va 0x80002201a000 pa 0x10f7ba000
getting data from qcow2 images on OpenBSD
Hi, qemu-nbd[1] is a way to "attach" qcow2 image to a nbd[2] device, but we don't have nbd yet. Though Patrick made it working for Bitrig[3]. Would it be usable in OpenBSD? If qemu-nbd is not an option, what are other ways to get data from various qemu-supported images (if not running qemu itself and getting data over tcp/ip)? I found vdfuse[4] but it would need VirtualBox libs working on OpenBSD... Jiri [1] http://ask.xmodulo.com/mount-qcow2-disk-image-linux.html [2] https://en.wikipedia.org/wiki/Network_block_device An example mounting OpenBSD partitions inside qcow2 on Linux: # qemu-nbd --connect=/dev/nbd0 /var/lib/libvirt/images/instsrv2.qcow2 # fdisk -l /dev/nbd0 Disk /dev/nbd0: 20 GiB, 21474836480 bytes, 41943040 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x Device Boot Start End Sectors Size Id Type /dev/nbd0p4 * 64 41929649 41929586 20G a6 OpenBSD # dmesg | grep -A1 nbd0: [670102.643817] nbd0: p4 p4: # mount -t ufs -o ufstype=44bsd /dev/nbd0p5 /mnt [3] https://github.com/bitrig/bitrig/wiki/Roadmap [4] https://github.com/SophosLabs/vdfuse
feature - native softraid-crypto for VMM virtio disk
Hi, one cannot boot vmm-bios if not having newer hw than Westmere CPU. And booting host kernel for a VM which has FDE does not work, that's clear. What about a feature to support somehow softraid-crypto (or similar) for vmctl create? A variation for native LUKS support in QEMU: qemu ... -object secret,id=sec0,data='secretpass' \ -drive driver=luks,key-secret=sec0,file=diskfile The use case here is not to have plain VMM disk file on host (I'm using softraid-crypto for underlying device now). Jiri
cannot destroy loXX belonging to rdomain XX ?
How to "remove" loXX belong to rdomain XX ? # ifconfig vether55 rdomain 55 # ifconfig vether55 vether55: flags=8802rdomain 55 mtu 1500 lladdr fe:e1:ba:d6:a0:59 index 23 priority 0 llprio 3 groups: vether media: Ethernet autoselect status: active # ifconfig vether55 destroy # ifconfig lo55 lo55: flags=8049 rdomain 55 mtu 32768 index 24 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff00 inet6 fe80::1%lo55 prefixlen 64 scopeid 0x18 # ifconfig lo55 destroy ifconfig: SIOCIFDESTROY: Operation not permitted >From lo(4): ... A loop interface can be created at runtime using the ifconfig loN create command or by setting up a hostname.if(5) configuration file for netstart(8). The lo0 interface will always exist and cannot be destroyed using ifconfig(8). ... So it will exists forever till next reboot? kern.version=OpenBSD 6.2-current (GENERIC.MP) #0: Sat Feb 10 00:05:49 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Jiri
Re: tor inside vmm, horribly slow?!
On Mon, Feb 12, 2018 at 12:38:00AM -0800, Mike Larkin wrote: > > > > it's horrible slow, just doing 'tor-resolve $dnsname' takes > > > > sometimes ages. > > > > [...] > [...] > > What did the guest pick for timecounter? (sysctl kern.timecounter.hardware) > > Your hardware is nearly a decade old. I wouldn't be surprised if vmm > picked some ancient timecounter hardware. For the example below, my guest > chose 'tsc' (I have a 2013-era Ivy Bridge CPU). All my hosts/VMs are > -current. And we know if your hardware is shit, we do the best we can but > no promises as to how precise time is going to be. With tsc timecounter, > my VMs that have been up for weeks have drifted maybe a second or two from > the host. > > [...] > > In other words, I don't see anything odd here. The vm appears to actually > be running faster than the host. I'm not concerned about the 2-3 second > difference on the first resolve. I bet if I ran it a hundred times I'd see > things pretty much the same. Mike, thank you for your time. The VM picked 'tsc' as timecounter. Putting CC Pascal, Tor port maintainer, as I am suspicious that this slowness is related to what tor itself is doing in that time. Pascal, any idea what could cause slowness of tor when using onion service inside VMM? Info below (plus history https://marc.info/?l=openbsd-misc=151839235419514=2): Feb 12 10:30:25 onion Tor[96278]: connection_connect_sockaddr: Connection to socket established (sock 4). Feb 12 10:32:55 onion Tor[96278]: connection_edge_reached_eof: conn (fd 4) reached eof. Closing. Feb 12 10:32:55 onion Tor[96278]: Your system clock just jumped 151 seconds forward; assuming established circuits no longer work. ^^^ 2 mins gap? Tor tests, if this is general issue or not. - scenario 1 * loop date + tor-resolve $dnsname + sleep 1 * torsocks curl -s -I http://www.openbsd.org ^^ this works ok - scenario 2 make tor to have local onion service with httpd enabled * install -d -o _tor -g _tor -m 700 /var/tor/onion * modify /etc/tor/torrc: Log debug syslog HiddenServiceDir /var/tor/onion/ HiddenServicePort 80 127.0.0.1:80 * enable httpd & tor * loop date + tor-resolve $dnsname + sleep 1 * get your .onion service address cat /var/tor/onion/hostname * access your .onion service from other (tor)browser ... Feb 12 10:30:24.519 [warn] Got SOCKS5 status response '4': host is unreachable Mon Feb 12 10:30:26 CET 2018 129.128.5.194 Mon Feb 12 10:32:58 CET 2018 129.128.5.194 Mon Feb 12 10:33:00 CET 2018 ... ^^ tor-resolve $dnsnanme gets slow downed in a while, 2 mins gap Feb 12 10:30:24 onion Tor[96278]: rend_service_rendezvous_has_opened: Done building circuit 2327426966 to rendezvous with cookie D92E6387 for service Feb 12 10:30:24 onion Tor[96278]: internal circ (length 4): $0FBE018DADAB416DE17A10C5D4AD3EBF0E243561(open) $BF50E09EED25B82861CF95E1AAA42DCFEF53E5D1(open) $F80FDE27EFCB3F6A7B4E2CC517133DBFFA78BA2D(open) $CCF0E904BAD135F6B2180BD89D19E487F83786A5(open) Feb 12 10:30:24 onion Tor[96278]: connection_handle_listener_read: New SOCKS connection opened from 127.0.0.1. Feb 12 10:30:24 onion Tor[96278]: rep_hist_note_used_port: New port prediction added. Will continue predictive circ building for 1967 more seconds. Feb 12 10:30:24 onion Tor[96278]: connection_edge_process_inbuf: data from edge while in 'waiting for circuit' state. Leaving it on buffer. Feb 12 10:30:24 onion Tor[96278]: exit circ (length 3): $0FBE018DADAB416DE17A10C5D4AD3EBF0E243561(open) $594252BFEE13625AC120F50F3015CB3C1DA55690(open) $1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA(open) Feb 12 10:30:24 onion Tor[96278]: pathbias_count_use_attempt: Used circuit 2 is already in path state use succeeded. Circuit is a General-purpose client currently open. Feb 12 10:30:24 onion Tor[96278]: link_apconn_to_circ: Looks like completed circuit to [scrubbed] does allow optimistic data for connection to [scrubbed] Feb 12 10:30:24 onion Tor[96278]: connection_ap_handshake_send_resolve: Address sent for resolve, ap socket 4, n_circ_id 2260876578 Feb 12 10:30:25 onion Tor[96278]: connection_connect_sockaddr: Connection to socket established (sock 4). Feb 12 10:32:55 onion Tor[96278]: connection_edge_reached_eof: conn (fd 4) reached eof. Closing. Feb 12 10:32:55 onion Tor[96278]: Your system clock just jumped 151 seconds forward; assuming established circuits no longer work. ^^ 2 mins gap So just slow HW issue? Jiri
Re: tor inside vmm, horribly slow?!
On Sun, Feb 11, 2018 at 04:47:02PM -0800, Mike Larkin wrote: > > has anybody tried to run tor inside vmm guest? > > > > it's horrible slow, just doing 'tor-resolve $dnsname' takes > > sometimes ages. > > [...] > > is it related to vmm ssl issue reported in the past? > > no > > > [...] > This report sucks. no dmesg, no information about what the VM config is, what > version the guest is, what version the host is, etc. Big apologize, I thought it could be something known. Info below. Thank you for help. Jiri Another try inside vmm guest: ~ # time tor-resolve www.openbsd.org 129.128.5.194 0m00.14s real 0m00.00s user 0m00.00s system # time tor-resolve www.openbsd.org 129.128.5.194 0m52.96s real 0m00.00s user 0m00.00s system # tail /var/log/daemon Feb 12 08:19:59 onion Tor[21861]: Bootstrapped 100%: Done Feb 12 08:20:04 onion ntpd[51629]: adjusting local clock by 0.384653s Feb 12 08:23:01 onion ntpd[51629]: adjusting local clock by -0.063873s Feb 12 08:42:58 onion Tor[21861]: Your system clock just jumped 150 seconds forward; assuming established circuits no longer work. Feb 12 08:42:59 onion Tor[21861]: Tor has successfully opened a circuit. Looks like client functionality is working. Feb 12 08:42:59 onion Tor[21861]: Tor has successfully opened a circuit. Looks like client functionality is working. Feb 12 08:45:55 onion Tor[21861]: Your system clock just jumped 150 seconds forward; assuming established circuits no longer work. Feb 12 08:45:57 onion Tor[21861]: Tor has successfully opened a circuit. Looks like client functionality is working. Feb 12 08:45:57 onion Tor[21861]: Tor has successfully opened a circuit. Looks like client functionality is working. Feb 12 08:47:05 onion ntpd[51629]: adjusting clock frequency by -7.934969 to -23.542969ppm VMM: (Originally I forgot 'group internal' in vm.conf, so I put tap1 into group 'internal' manually via ifconfig.) vm "onion" { disable owner jirib memory 512M boot $kernel local interface tap disk $onion_osdisk disk $onion_datadisk } Networking on host: ~~~ # route -nv show -inet | grep ^default default176.74.xxx.xxx UGS538658 - 8 em0 "internet4" # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 em0: flags=8843mtu 1500 lladdr 90:e2:ba:xx:xx:xx index 1 priority 0 llprio 3 groups: public egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 176.74.xxx netmask 0xffe0 broadcast 176.74.xxx tap1: flags=8843 mtu 1500 lladdr fe:e1:ba:d2:f7:28 description: vm2-if0-onion index 17 priority 0 llprio 3 groups: tap internal status: active inet 100.64.2.2 netmask 0xfffe PF on host (uses 'group internal'): ~~~ # pfctl -sr | egrep '(on egress.*nat-to|on internal.*all)' pass out quick on egress from any to route "internet4" flags S/SA nat-to (egress) round-robin pass in quick on internal all flags S/SA Storage on host: 'disk's are located on softraid RAID1 array: 1# bioctl sd8 Volume Status Size Device softraid0 2 Online 536871947776 sd8 RAID1 0 Online 536871947776 2:0.0 noencl 1 Online 536871947776 2:1.0 noencl # dmesg | grep ^sd[23] sd2 at scsibus1 targ 2 lun 0: SCSI3 0/direct fixed naa.5000c5009387182f sd2: 953869MB, 512 bytes/sector, 1953525168 sectors sd3 at scsibus1 targ 3 lun 0: SCSI3 0/direct fixed naa.5000c500939203ed sd3: 953869MB, 512 bytes/sector, 1953525168 sectors dmesg on host: ~~ with disabled lm driver because of issue with bad fan RPM. OpenBSD 6.2-current (GENERIC.MP) #0: Sat Feb 10 00:05:49 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8564375552 (8167MB) avail mem = 8297807872 (7913MB) enter_shared_special_pages: entered idt page va 0x8001 pa 0x1d5a000 enter_shared_special_pages: entered kutext page va 0x81831000 pa 0x1831000 enter_shared_special_pages: entered kutext page va 0x81832000 pa 0x1832000 enter_shared_special_pages: entered kutext page va 0x81833000 pa 0x1833000 enter_shared_special_pages: entered kudata page va 0x81ac8000 pa 0x1ac8000 cpu_enter_pages:
tor inside vmm, horribly slow?!
Hi, has anybody tried to run tor inside vmm guest? it's horrible slow, just doing 'tor-resolve $dnsname' takes sometimes ages. # dmesg | head -n 4 OpenBSD 6.2-current (GENERIC.MP) #0: Sat Feb 10 00:05:49 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 520093696 (496MB) avail mem = 497381376 (474MB) is it related to vmm ssl issue reported in the past? # vmstat ; time tor-resolve www.openbsd.org procsmemory pagediskstraps cpu r s avm fre flt re pi po fr sr sd0 sd1 int sys cs us sy id 1 35 42M302M 176 0 0 0 0 0 17 0 124 544 29 0 88 12 129.128.5.194 0m46.07s real 0m00.00s user 0m00.00s system # vmstat ; time tor-resolve www.openbsd.org procsmemory pagediskstraps cpu r s avm fre flt re pi po fr sr sd0 sd1 int sys cs us sy id 1 35 42M302M 166 0 0 0 0 0 15 0 122 514 28 0 88 12 129.128.5.194 0m00.13s real 0m00.00s user 0m00.00s system Jiri
Re: supermicro x8sil-f - only one fan detected after replug on the board
On Sat, Feb 10, 2018 at 04:23:41AM +0200, li...@wrant.com wrote: > > I have supermicro x8sil-f (latest bios/ipmi fw) with 2 fans and it has > > started > > to beep after a while when OS is up while it detected non-existing fans > > either > > run at 0 RPM or in -2560 RPM. > > Does a manual restart of the BMC card (via IPMI) make a difference, how? Nope, it's related to https://marc.info/?l=openbsd-misc=144473090118095=2 Jiri
Re: supermicro x8sil-f - only one fan detected after replug on the board
On Fri, Feb 09, 2018 at 05:12:11PM +0200, Atanas Vladimirov wrote: > On 2018-02-09 14:45, Jiri B wrote: > >Hi, > > > >I have supermicro x8sil-f (latest bios/ipmi fw) with 2 fans and it has > >started > >to beep after a while when OS is up while it detected non-existing fans > >either > >run at 0 RPM or in -2560 RPM. > > > >OpenBSD itself used to detect both fans (though lm1.fanX numbers were > >different > >to numbering from motherboard vendor). > > > >I replugged both fans on the board and OpenBSD has detected only one fan > >now. > >Why only one now, if it used to previously detected both? > > Hi, > This is a known issue [0] with this particular motherboard > and you have to disable lm driver. > > [0] https://marc.info/?l=openbsd-misc=144473090118095=2 Thank you. I should have to search archives, it would solve my crazy headaches :) Anyway, it's surprise that after fans replug to different connectors on the board - which has caused OpenBSD not detecting one fan - the board doesn't beep anymore. So yes, it must be related to the issue you pointed to. Jiri
supermicro x8sil-f - only one fan detected after replug on the board
Hi, I have supermicro x8sil-f (latest bios/ipmi fw) with 2 fans and it has started to beep after a while when OS is up while it detected non-existing fans either run at 0 RPM or in -2560 RPM. OpenBSD itself used to detect both fans (though lm1.fanX numbers were different to numbering from motherboard vendor). I replugged both fans on the board and OpenBSD has detected only one fan now. Why only one now, if it used to previously detected both? # sysctl hw.sensors.lm1 | grep fan ; ipmitool -I lanplus -H 192.168.1.250 -U ADMIN -P sensor list | grep '^FAN [1-2]' hw.sensors.lm1.fan1=1028 RPM FAN 1| 955.000| RPM| ok| 215.000 | 400.000 | 585.000 | 29260.000 | 29815.000 | 30370.000 FAN 2| 1325.000 | RPM| ok| 215.000 | 400.000 | 585.000 | 29260.000 | 29815.000 | 30370.000 Could it be possible that openbsd lm driver messes something on the board and makes the board think a non-existing fan runs -2560 RPM or 0 RPM? After fans replug and OpenBSD detected only one fan, the board hasn't started to beep yet. I don't get it... OpenBSD 6.2-current (GENERIC.MP) #399: Fri Feb 2 18:28:58 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8564375552 (8167MB) avail mem = 8297881600 (7913MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version "1.1" date 05/27/2010 bios0: Supermicro X8SIL ... wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x25 lm1 at wbsio0 port 0xa10/8: W83627DHG Thank you for a tip or workaround. Jiri
syslogd loghost only - without unix socket & /dev/klog
Hi, I was speculating about another instance of syslogd, just as a log host services while having base syslogd running on same box. 1. -p /dev/null deletes /dev/null and replaces it with socket file with same name crw-rw-rw- 1 root wheel2, 2 Feb 8 13:25 /dev/null # syslogd -d -F -f /etc/syslog_test.conf -p /dev/null -T 127.0.0.1:5140 -U 127.0.0.1:5140 -Z -n -u -r syslogd[54737]: open /dev/klog: Device busy CAfile /etc/ssl/cert.pem off & running init syslogd[54737]: fatal in syslogd: open /dev/null: Operation not supported syslogd[54737]: dropped 1 message during initialization syslogd: exited srw-rw-rw- 1 root wheel 0 Feb 8 13:26 /dev/null 2. -p '' returns: syslogd[50469]: bind unix "": No such file or directory syslogd[50469]: log socket failed ... 3. another syslogd instance tries to open still /dev/klog syslogd[50469]: open /dev/klog: Device busy Could we make syslogd not to open /dev/klog and disable any unix socket listening? Thank you for consideration. Tested on: kern.version=OpenBSD 6.2-current (GENERIC.MP) #399: Fri Feb 2 18:28:58 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Repro steps: * -p /dev/null * -p '' * echo '*.* /tmp/messages' > /tmp/syslog.conf touch /tmp/messages syslogd -d -F -f /tmp/syslog.conf -T 127.0.0.1:5140 -U 127.0.0.1:5140 -Z -n -u -r Jiri
Re: USB Firewall
On Tue, Jan 16, 2018 at 07:03:58PM +0100, Stephane HUC "PengouinBSD" wrote: > Perhaps, using hotplugd and file /etc/hotplug/attach? > > Le 01/16/18 à 18:39, Charlie Eddy a écrit : > > Hello, > > > > Is there a method to detect and halt additional USB devices being added > > after initializing connections? Concerned about widespread vulnerability of > > keystroke injection. There's no such way. Maybe something like this https://usbguard.github.io/ but that's for Linux only. There can be hw attacks over DisplayPort too. Some Linux people were discussing a possibility to disallow adding new DisplayPort based devices after boot to prevent physical attack on fully booted (physically unprotected) computer. Jiri
Re: Need an advice about DHCP IPv6 server software
On Wed, Dec 06, 2017 at 09:28:40PM +0900, Claus Lensbl wrote: > If you need a DHCP server, you need rtadvd to hand off the requests to > the DHCP server in any case. Last time, which is some time ago, the > DHCP server distributed with OpenBSD wasn't capable of working with > IPv6, so you'll need the ISC version or perhaps the WIDE server that I > have not worked with. > > http://wide-dhcpv6.sourceforge.net/ Or kea from ports. j.
Re: sftp-server
On Thu, Nov 30, 2017 at 05:36:57PM -0600, Edgar Pettijohn wrote: > I was looking into how best to secure a sftp-server. The manual > mentions a -Q option to query protocol features supported. I added the > following line to sshd_config. > > Subsystem sftp/usr/libexec/sftp-server sftp -Q requests > > So far I'm not sure how to get at the information provided by this > command line option. Or am I doing it wrong? > > Any insight is greatly appreciated. > > Edgar IMO you got confused, it is "query", it does not set anything. Output of "-Q requests" as "requests"/actions which sftp client can do on remote server. An example: you want to mimic anon ftp upload server, then you would - IIRC - open, write, lstat,... but not readdir, remote, symlink etc... j.
Re: Odd problem with interfaces
On Wed, Nov 29, 2017 at 09:56:38AM -0500, Rupert Gallagher wrote: > I ran out of ideas on the following problem. > > An obsd server has tree ethernet interfaces, each with its own IP address: > > cat /etc/hostname.* > inet 192.168.1.2 255.255.255.0 192.168.1.255 mtu 9014 description "em0: > MODEM/ROUTER" > inet 192.168.1.3 255.255.255.0 192.168.1.255 mtu 9014 description "em1: CISCO > SG110D-08" > inet 192.168.1.4 255.255.255.0 192.168.1.255 mtu 9014 description "em2: NAS" ^^ using same IP network on 3 ifaces? This is no-go by default. (If you need that, check rdomains.) > When all three interfaces are connected, the clients loose NFS > services, and scp fails from server to any client (but ssh keeps > working). Functionality is recovered by unplugging em0 and em2. j.
Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD
On Wed, Oct 18, 2017 at 06:55:32PM +0530, Ajitabh Pandey wrote: > On Wed, Oct 18, 2017 at 1:43 PM, Jiri B <ji...@devio.us> wrote: > > > On Wed, Oct 18, 2017 at 01:40:06PM +0530, Ajitabh Pandey wrote: > > > > Can httpd access the socket? What are permissions? > > > > j. > > > > Here are the perms - > > srwxr-xr-x 1 root daemon 0 Oct 18 13:35 hello.sock And voila, they are wrong. How would httpd daemon be able to write there? See what slowcgi, a fastcgi->cgi daemon says about socket: slowcgi opens a socket at /var/www/run/slowcgi.sock, owned by www:www, with permissions 0660. It will then chroot(8) to /var/www and drop privileges to user "www". See? j.
Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD
On Wed, Oct 18, 2017 at 01:40:06PM +0530, Ajitabh Pandey wrote: > Thanks for the quick response. I tried that, still getting 500 the same > problem - > > $ doas uwsgi --socket /var/www/run/hello.sock --wsgi-file myproject.py > --master --callable app > > In /etc/httpd.conf - > > location "/hello/*" { > fastcgi socket "/run/hello.sock" > } Can httpd access the socket? What are permissions? j.
Re: Is there git-flow-completion for ksh?
> If you love bash and its features, then it is better to use bash than to > try that ksh will be like bash :-/ I hate when BASH completion hides files for me based on context, eg. tar -tvf /dir/dir/file_without_good_suffix won't work. j.
Re: can't use external monitor after plugging to docking station
Just to clarify, I talked about X11. Restarting X11 makes my external monitor connected to the docking station be available. But I'm surprised, IIRC I could use the external monitor without restarting X11 just after plugging laptop to the docking station. j. On Wed, Oct 04, 2017 at 02:37:29AM -0400, Jiri B wrote: > Hi, > > I have Lenovo T440s and Lenovo docking station with an external monitor. > > If I have running OpenBSD without docking station and then I plug it to > it, I can't see the external monitor. > > I see only these in dmesg after plugging laptop into it: > > uhub2 at uhub0 port 12 configuration 1 interface 0 "LENOVO Lenovo ThinkPad > Dock" rev 3.00/50.41 addr 3 > uhub3 at uhub0 port 3 configuration 1 interface 0 "LENOVO Lenovo ThinkPad > Dock" rev 2.10/50.40 addr 4 > uhub4 at uhub3 port 4 configuration 1 interface 0 "Lenovo Lenovo ThinkPad > Dock" rev 2.00/0.01 addr 8 > > Any idea what's wrong? IIRC it used to work in the past. > > Jiri > > $ xrandr > Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192 > eDP-1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) > 309mm x 175mm >1920x1080 60.01*+ >1400x1050 59.98 >1280x1024 60.02 >1280x960 60.00 >1024x768 60.0460.00 >960x720 60.00 >928x696 60.05 >896x672 60.01 >800x600 60.0060.3256.25 >700x525 59.98 >640x512 60.02 >640x480 60.0059.94 >512x384 60.00 >400x300 60.3256.34 >320x240 60.05 > DP-1 disconnected (normal left inverted right x axis y axis) > HDMI-1 disconnected (normal left inverted right x axis y axis) > DP-2 disconnected (normal left inverted right x axis y axis) > HDMI-2 disconnected (normal left inverted right x axis y axis) > > OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 12540866560 (11959MB) > avail mem = 12153778176 (11590MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries) > bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014 > bios0: LENOVO 20ARS19C0B > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT > SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR > acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.15 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: TSC frequency 2694154130 Hz > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu1: 256KB 64b/line 8-way L2 cache > cpu1: smt 1, core 0, package 0 > cpu2 at mainbus0: apid 2 (application processor) > cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT > cpu2: 256KB 64b/line 8-way L2 cache > cpu2: smt 0, core 1, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Core(TM) i7-46
can't use external monitor after plugging to docking station
Hi, I have Lenovo T440s and Lenovo docking station with an external monitor. If I have running OpenBSD without docking station and then I plug it to it, I can't see the external monitor. I see only these in dmesg after plugging laptop into it: uhub2 at uhub0 port 12 configuration 1 interface 0 "LENOVO Lenovo ThinkPad Dock" rev 3.00/50.41 addr 3 uhub3 at uhub0 port 3 configuration 1 interface 0 "LENOVO Lenovo ThinkPad Dock" rev 2.10/50.40 addr 4 uhub4 at uhub3 port 4 configuration 1 interface 0 "Lenovo Lenovo ThinkPad Dock" rev 2.00/0.01 addr 8 Any idea what's wrong? IIRC it used to work in the past. Jiri $ xrandr Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192 eDP-1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 309mm x 175mm 1920x1080 60.01*+ 1400x1050 59.98 1280x1024 60.02 1280x960 60.00 1024x768 60.0460.00 960x720 60.00 928x696 60.05 896x672 60.01 800x600 60.0060.3256.25 700x525 59.98 640x512 60.02 640x480 60.0059.94 512x384 60.00 400x300 60.3256.34 320x240 60.05 DP-1 disconnected (normal left inverted right x axis y axis) HDMI-1 disconnected (normal left inverted right x axis y axis) DP-2 disconnected (normal left inverted right x axis y axis) HDMI-2 disconnected (normal left inverted right x axis y axis) OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 12540866560 (11959MB) avail mem = 12153778176 (11590MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries) bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014 bios0: LENOVO 20ARS19C0B acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.15 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2694154130 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60),
Re: vmm issues - vioblk_notifyq: unsupported command 0x8
> > I was able to boot opensuse from that dvd, although later on I got an > > error in the installer :/ > > This was because the installer couldn't locate the "dvd", correct? It so seems so. ~~~ Unable to create repository from URL 'hd:/?device=/dev/disk/by-id/virtio-_U_2_-part2'. Details: Invalid query string component 'device=/dev/disk/by-id/virtio-_U_2_-p Try again? ~~~ It would be nice to have IDE cdrom emulation. j.
Re: vmm issues - vioblk_notifyq: unsupported command 0x8
On Mon, Oct 02, 2017 at 02:56:18PM -0400, Josh Grosse wrote: > Hey Jiri. > > >I started this vm with: > > > >vmctl start suse01 -c -d $iso -d $disk -L > > > >where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1]. > > > >Any idea what's going on? > > I'll bet it's because you are attempting to boot a DVD image, > which doesn't have an MBR. Bootable DVDs use the El Torito > standard for booting.[1] > > Tho the best of my recollection, vmm(4) guests must boot from disk images > with the seabios or from BSD kernels with -b. -b path Boot the VM with the specified kernel or BIOS image. If not specified, the default is to boot using the BIOS image in /etc/firmware/vmm-bios. IIUC you do not need to define anything, if not specified it is using seabios. I was able to boot opensuse from that dvd, although later on I got an error in the installer :/ j. > [1] https://en.wikipedia.org/wiki/El_Torito_(CD-ROM_standard)
vmm issues - vioblk_notifyq: unsupported command 0x8
Hello, I'm playing with vmm and I got these in daemon log: Oct 2 20:12:14 t440s vmd[13344]: startup Oct 2 20:12:14 t440s vmd[53680]: SIOCBRDGADD: No such file or directory Oct 2 20:12:24 t440s vmd[13344]: suse01: started vm 1 successfully, tty /dev/ttyp3 Oct 2 20:13:12 t440s vmd[98531]: vcpu_process_com_data: guest reading com1 when not ready Oct 2 20:13:18 t440s last message repeated 5 times Oct 2 20:13:19 t440s vmd[98531]: vioblk_notifyq: unsupported command 0x8 Oct 2 20:13:19 t440s last message repeated 3 times I started this vm with: vmctl start suse01 -c -d $iso -d $disk -L where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1]. Any idea what's going on? dmesg and suse boot log below. [1] https://download.opensuse.org/distribution/leap/42.3/iso/openSUSE-Leap-42.3-DVD-x86_64.iso Jiri OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 12540866560 (11959MB) avail mem = 12153765888 (11590MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries) bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014 bios0: LENOVO 20ARS19C0B acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.10 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2694099150 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 200 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN0036" at acpi0 not configured
Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied
On Mon, Sep 25, 2017 at 07:31:15PM -0700, Philip Guenther wrote: > If you're mounting /tmp with the noexec flag, then stop doing that. What? IIUC this is long existing recommendation. If /etc/rc needs exec /tmp that it should change it by itself for libs reordering and then switch back to what an user has defined in /etc/fstab. j.
Re: Filtering other network layer protocols with PF
On Mon, Sep 11, 2017 at 10:26:22AM -0500, Christopher Snell wrote: > Hi, > > I have an AT fiber connection at home that relies on a crappy, > proprietary, and insecure [1] router that does proprietary authentication > with upstream equipment via EAP over 802.1x. Some folks have figured out > how to bypass it by putting the AT router behind their actual firewalls > and proxying the 802.1x packets to/from the AT device, thus faking out > the upstream gateway. > > Unfortunately, the common solution [2] for this is Linux-specific and > relies on their PF_RING stuff. I was hoping to proxy this protocol in > OpenBSD without having to use something slow like pcap. As far as I can > tell from reading man pages, PF does not support this network layer > protocol (0x888E). Does anybody have any ideas on how I might efficiently > capture these packets and copy them to another interface? > > Chris > > [1] https://www.nomotion.net/blog/sharknatto/ > [2] https://github.com/jaysoffian/eap_proxy Wouldn't be possible to put egress port and port for this device into bridge and use bridge filtering rules and then filter everything in pf? j.
Re: Feeding DHCP leases into unbound
On Thu, Jun 22, 2017 at 11:47:03AM +0200, Andreas Kusalananda Khri wrote: > > I have unbound(8) and dhcpd(8) running on a router (OpenBSD 6.1-stable). > dhcpd currently hands out fixed addresses to my clients, but I'd like > these to be allocated dynamically from the common pool, while at the > same time being resolvable. > > Is there an existing solution for feeding the IP-addresses of the leases > that dhcpd hands out into the unbound configuration and reload it, or > would I have to write a script that parses the lease declarations in > /var/db/dhcpd.leases? OpenBSD dhcpd cannot do this by itself but ISC dhcpd from ports can execute whatever on commiting a lease, see http://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/ Though you could parse logs of OpenBSD dhcpd log, maybe good opportunity to play with various logs "parsers". j.
Re: sftp chroot
On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote: > Je 2017-06-14 13:02, Bryan Harris skribis: > >On Linux I have mounted another fs inside the user's home folder (it is > >mounted twice). I don't know if OpenBSD has that feature. > > > > This is not possible on OpenBSD, mount will tell "device is busy". > > On linux you should use mount --bind to bind a folder on another instead > of mounting twice the mountpoint. FreeBSD has mount_nullfs to do exactly > the same thing as --bind, but OpenBSD doesn't have any of this. Do you build a shell server or you just want to give SFTP access to users' web data? If the latter, why don't you just chroot them directly into their user dir inside web root? Or, just define their home to be inside web chroot... j.
Re: Qubes-OS is "fake" security
On Fri, May 12, 2017 at 03:41:05AM +0200, Kim Blackwood wrote: > [...] > Qubes-OS seems to me as a solution of "patching". IMO this is real point in this thread - virtualization as a security meansure against buggy software doesn't make any change to that software. Virtualization or containers are not any security solution, real solution is to analyze design of existing applications and really abandon ones which are crap in security point of view, even if they have fancy features. This is hard work to be done, OpenBSD devs are great guys because they devote their personal energy to this "invisible" effort. Just look at privsep changes implemented after Heartbleed issue. Virtualization and containers make sense but what we all need is to support people - if we cannot send diffs - who are brave enough to make radical cuts in existing open-source eco system, either while publicly denouncing existing buggy applications and telling people loudly to stop using them, or sending radical diffs to make those apps start moving to more secure design. (If this would reveal as being impossible, then moving to the former stand.) Let's thank all OpenBSD devs and ports' maintainers for their great work. j.
Re: Why would I need a container like Docker?!
On Wed, May 10, 2017 at 05:53:07AM +0200, Martin Hanson wrote: > [... pathetic screaming ...] Pathetic screaming doesn't help to anything. And... there already has been an interest in zones/containers in OpenBSD, see https://marc.info/?l=openbsd-tech=144617514431852=2 j.
Re: DHCP in vmm guest
On Thu, May 04, 2017 at 03:49:27PM +0200, Reyk Floeter wrote: > So you have the VM interface and the host interface on a bridge: > dhclient on the host "steals" all DHCP packets via BPF. > > Try to pkill dhclient on the host and the VM should be able to get DHCP. > > There is currently no solution for that, it is the way our dhclient works, > you can try to run the VM on a NAT'ed bridge or use "-L" local interfaces. > > Reyk What about using vether with bridge and having host's dhclient using vether? What about having dhcrelay and relaying VM's dhcp to upstream dhcp server? j.
Re: DHCP in vmm guest
> I'm new to OpenBSD and I'm trying a simple setup where a VMM guest has > access to the network via tap and bridge. The host uses a wired connection > and gets its network address with DHCP. where is dhcpd running? on the host? have you tried tcpdump to see if dhcp discover traffic is visible there? j.
Intel Corporation 82576 Virtual Function not recognized
Hi, I'm playing a little bit with KVM and SR-IOV and OpenBSD doesn't recognize 'Intel Corporation 82576 Virtual Function'[1], ie. VF on my Intel 82756 dual-port network card activated on a Linux box. ... vendor "Intel", unknown product 0x10ca (class network subclass ethernet, rev 0x01) at pci0 dev 8 function 0 not configured ^^ sr-iov vfio ... # pcidump - 0:8:0 0:8:0: Intel unknown 0x: Vendor ID: 8086 Product ID: 10ca 0x0004: Command: 0002 Status: 0010 0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 01 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00 0x0010: BAR mem 64bit addr: 0xfebe4000/0x4000 0x0018: BAR empty () 0x001c: BAR mem 64bit addr: 0xfebe8000/0x4000 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 8086 Product ID: a04c 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00 0x0070: Capability 0x11: Extended Message Signalled Interrupts (MSI-X) 0x00a0: Capability 0x10: PCI Express Link Speed: unknown (0) / 2.5 GT/s Link Width: x0 / x4 Steps to reproduce: - boot a Linux box with supported HW with kernel param intel_iommu=on - echo 1 > /sys/module/vfio_iommu_type1/parameters/allow_unsafe_interrupts - Linux kernel module vfio_pci should be loaded - Linux kernel module igb should be loaded - find SR-IOV device via lspci - enable 1 VF, eg.: echo 1 > /sys/bus/pci/devices/:02:00.1/sriov_numvfs - check what's pci address of new VF, eg: virsh nodedev-dumpxml pci__02_00_1 | grep -A1 'virt_function' - attached VF as 'hostdev' device into OpenBSD KVM VM[2] j. [1] http://cateee.net/lkddb/web-lkddb/IGBVF.html [2] https://www.suse.com/documentation/sles-12/book_virt/data/sec_libvirt_config_io.html or https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-Guest_virtual_machine_device_configuration.html#sect-PCI_devices-PCI_passthrough OpenBSD 6.1-current (GENERIC) #10: Fri Apr 21 18:39:14 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 519933952 (495MB) avail mem = 499625984 (476MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf6a00 (9 entries) bios0: vendor SeaBIOS version "rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org" date 04/01/2014 bios0: QEMU Standard PC (i440FX + PIIX, 1996) acpi0 at bios0: rev 0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Core i7 9xx (Nehalem Class Core i7), 1866.88 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,HV,NXE,LONG,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 999MHz ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "PNP0A06" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 em0 at pci0 dev 2 function 0 "Intel 82574L" rev 0x00: apic 0 int 10, address 00:25:90:3c:66:01 virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio0 scsibus1 at vioblk0: 2 targets sd0 at scsibus1 targ 0 lun 0:SCSI3 0/direct fixed sd0: 5120MB, 512 bytes/sector, 10485760 sectors virtio0: msix shared uhci0 at pci0 dev 4 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11 uhci1 at pci0 dev 4 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci2 at pci0 dev 4 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10 ehci0 at pci0 dev 4 function
Re: softraid mirror & large drives (3T)
On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote: > Ian Wattswrites: > > > With this much disk space, should I be looking at another way of > > achieving data redundancy? > > Buy a hardware RAID controller. I suppose you wanted to write - 'buy two equal hardware RAID controllers', or how would you be solving problem in broken hw raid controller in cca 10 yrs from now? :-) j.
Re: What does it mean this error when I try install a package?
On Mon, Apr 17, 2017 at 09:37:56PM +1000, Steven McDonald wrote: > On Mon, 17 Apr 2017 11:02:37 + > "C. L. Martinez"wrote: > > > pkg_add -v python-2.7 > > There is no package called python-2.7. The package you want is called > python-2.7.13p0. You have a few options: > > 1. pkg_add python, then select the version you want. > 2. pkg_add python-2.7.13p0 > 3. pkg_add -z python-2.7 (fuzzy matching, see pkg_add(1)) ^ or use 'python%2.7' j.
Re: upgrading on vultr.com: make sure to select the bsd.mp set
On Thu, Apr 13, 2017 at 04:32:25PM +0200, Peter N. M. Hansteen wrote: > Upgrading a couple of virtual machines hosted at vultr.com from 6.0 to > 6.1 just now, we were a bit suprprised that after the upgrade the system > booted the 6.0 bsd kernel, and of course during startup pfctl gave an > error message that I correctly assumed came from kernel/userland mismatch. > > The fix was actually quite simple: the installer does not select the > bsd.mp kernel automatically, but do select it. Then it will get > installed and the system will boot the correct mp kernel. > > I'm sure we can supply more detail if needed. > > - Peter Linux KVM host? IIRC I have seen the same and it depends how you define CPU for a VM, ie. sockets/cores. j.
Converting the memory content of a VM to raw physical memory file
I recently had an issue with frozen VM on qemu-kvm and we were discussing how to get memory of that VM for investigation. How would this be handle with VMM? This could be especially useful for troubleshooting VMM VMs running with SeaBIOS. We have found this https://github.com/juergh/lqs2mem.py project, it's a python script which converts libvirt-QEMU-save (LQS) files to raw memory files. So maybe it could be considered for inspiration. j.
Re: Installer disk info improvement (was - Re: querying scsi id/wwn for scsi disk)
On Sun, Apr 02, 2017 at 06:14:50PM -0400, Ted Unangst wrote: > Robert Peichaer wrote: > > Parsing dmesg output always tends to be fragile, but what about this? > > Use whatever is enclosed in <> in the dmesg output for a disk and get > > the size from disklabel. > > This looks insane. If somebody can tell us what output they want, we can > provide it in a more useful interface (sysctl, etc.) Then it might be useful > in other scenarios too. Hi, yes IMO parsing /var/run/dmesg.boot is silly. It would be better way to have better interface to list disks, although I'm not able to provide diffs. My use case was running OpenBSD under qemu-kvm with direct-lun iscsi disks, all having same lun size, passed via qemu natively or via local block device on a Linux host. And my concern was how to distinguish these equaly big luns inside installer. j.
Installer disk info improvement (was - Re: querying scsi id/wwn for scsi disk)
> > > diff -u -p -r1.988 install.sub > > > --- distrib/miniroot/install.sub 13 Mar 2017 17:08:31 - 1.988 > > > +++ distrib/miniroot/install.sub 30 Mar 2017 10:44:01 - > > > @@ -264,13 +264,7 @@ diskinfo() { > > > local _d > > > > > > for _d; do > > > - make_dev $_d > > > - echo -n "$_d: " > > > - disklabel -dpg $_d 2>/dev/null | > > > - sed -e '/^label: /{s,,,;s/ *$//;s/^$//;h;d;}' \ > > > - -e '/.*# total bytes: \(.*\)/{s//(\1)/;H;}' \ > > > - -e '$!d;x;s/\n/ /' > > > - rm -f /dev/{r,}$_d? > > > + sed -n "/^$_d/p" /var/run/dmesg.boot > > > done > > > } > > > > > > > Your proposition is good for the installer? I doubt it. > > > > j. > > AFAICT the function diskinfo() is only called once in the installer: if > you press ? a the prompt for the root disk. So my diff just changes the > output in this case, no other functionality is affected. > > What causes your doubt? Robert, could we use something like this? From dmesg we can get current vendor, model, size plus serial if it does exist, 'sd0' could be grepped before sed or we could put variable inside sed itself: sed -e '/^sd0 at.*: <[A-Z]*, \([^,]*\).*fixed *\(.*\)/{s//\1 <\2>/;s/< *>$//;h;d;}' -e '/sd0: \([^,]*\).*/{s//(\1)/;H;}' -e '$!d;x;s/\n/ /' /var/run/dmesg.boot SAMSUNG MZ7TE256 (244198MB) If there's no serial it maybe could print this? cat /var/run/dmesg.boot | sed 's/fixed.*/fixed/;' | sed -e '/^sd0 at.*: <[A-Z]*, \([^,]*\).*fixed *\(.*\)/{s//\1 <\2>/;s/< *>$//;h;d;}' -e '/sd0: \([^,]*\).*/{s//(\1)/;H;}' -e '$!d;x;s/\n/ /' SAMSUNG MZ7TE256 (244198MB) What do you think? PS: sed is really hardcore :) j.
Re: querying scsi id/wwn for scsi disk
On Thu, Mar 30, 2017 at 12:59:00PM +0200, Bruno Flueckiger wrote: > I see your point with the installer. Default labels make the disks > indistinguishable. The following diff prints the raw infos from dmesg > rather than the current list of disks: > > Index: distrib/miniroot/install.sub > === > RCS file: /cvs/src/distrib/miniroot/install.sub,v > retrieving revision 1.988 > diff -u -p -r1.988 install.sub > --- distrib/miniroot/install.sub 13 Mar 2017 17:08:31 - 1.988 > +++ distrib/miniroot/install.sub 30 Mar 2017 10:44:01 - > @@ -264,13 +264,7 @@ diskinfo() { > local _d > > for _d; do > - make_dev $_d > - echo -n "$_d: " > - disklabel -dpg $_d 2>/dev/null | > - sed -e '/^label: /{s,,,;s/ *$//;s/^$//;h;d;}' \ > - -e '/.*# total bytes: \(.*\)/{s//(\1)/;H;}' \ > - -e '$!d;x;s/\n/ /' > - rm -f /dev/{r,}$_d? > + sed -n "/^$_d/p" /var/run/dmesg.boot > done > } > Your proposition is good for the installer? I doubt it. j.
Re: querying scsi id/wwn for scsi disk
On Thu, Mar 30, 2017 at 10:25:18AM +0200, Bruno Flueckiger wrote: > > how to query scsi id or wwn for a scsi disk in OpenBSD? I'd like to get this > > info and extend installer to provide more info about disks (because > > currently > > it's imposible to distinguish between scsi disks if they are same size and > > originate from same iscsi target and passed to OpenBSD via qemu-kvm). > > > > So what's OpenBSD equivalent scsi query for Linux commands? > > > > # lsscsi -iws | tail -n1 > > [6:0:0:10] disk0x6006048c8f0ff1a5c7ef85c8d1c95 /dev/sdd > > 36006048c8f0ff1a5c7ef85c8d1c95481 16.1GB > > > > # /usr/lib/udev/scsi_id -xg /dev/sdd > > ID_SCSI=1 > > ID_VENDOR=EMC > > ID_VENDOR_ENC=EMC\x20\x20\x20\x20\x20 > > ID_MODEL=Celerra > > ID_MODEL_ENC=Celerra\x20\x20\x20\x20\x20\x20\x20\x20\x20 > > ID_REVISION=0002 > > ID_TYPE=disk > > ID_SERIAL=36006048c8f0ff1a5c7ef85c8d1c95481 > > ID_SERIAL_SHORT=6006048c8f0ff1a5c7ef85c8d1c95481 > > ID_WWN=0x6006048c8f0ff1a5 > > ID_WWN_VENDOR_EXTENSION=0xc7ef85c8d1c95481 > > ID_WWN_WITH_EXTENSION=0x6006048c8f0ff1a5c7ef85c8d1c95481 > > ID_SCSI_SERIAL=EMC-Celerra-iSCSI-VLU-fs179_T5_LUN10_CKM00120100230 > > $ dmesg | grep scsi > > sd1 at scsibus2 targ 0 lun 0:SCSI3 > 0/direct fixed naa.6001405635870b3d9e95d40c9d9221d1 > sd2 at scsibus2 targ 0 lun 1: SCSI3 > 0/direct fixed naa.6001405dcc70b1dd909ed44f8db0d6d6 disklabel sd1 | grep label For sd1 and sd2 please. This is what is printed in installer. See diskinfo() in src/distrib/miniroot/install.sub If it does print just 'iSCSI Storage 3.1' then this is not very useful info in the installer (although one can break and investigate dmesg) So maybe disklabel should have better 'label' or we could print more info directly in the installer. I'm also not sure sysctl hw.disknames output is best one, it does show duid which is OpenBSD specific (compare disklabel with and without '-d'). It seems there's no good solution fitting all cases (softraid, usb disks, both are scsi-like devices). j.
querying scsi id/wwn for scsi disk
Hi, how to query scsi id or wwn for a scsi disk in OpenBSD? I'd like to get this info and extend installer to provide more info about disks (because currently it's imposible to distinguish between scsi disks if they are same size and originate from same iscsi target and passed to OpenBSD via qemu-kvm). Currently OpenBSD does show for such SCSI disk something like (taken from disklabel): ... Which disk is the root disk? ('?' for details) [sd0] ? sd0: Celerra (20.0G) ^^^ ^ # scsi -f /dev/rsd0c -c "12 0 0 0 64 0" -i 0x64 "s8 z8 z16 z4" EMC Celerra 0002 So what's OpenBSD equivalent scsi query for Linux commands? # lsscsi -iws | tail -n1 [6:0:0:10] disk0x6006048c8f0ff1a5c7ef85c8d1c95 /dev/sdd 36006048c8f0ff1a5c7ef85c8d1c95481 16.1GB # /usr/lib/udev/scsi_id -xg /dev/sdd ID_SCSI=1 ID_VENDOR=EMC ID_VENDOR_ENC=EMC\x20\x20\x20\x20\x20 ID_MODEL=Celerra ID_MODEL_ENC=Celerra\x20\x20\x20\x20\x20\x20\x20\x20\x20 ID_REVISION=0002 ID_TYPE=disk ID_SERIAL=36006048c8f0ff1a5c7ef85c8d1c95481 ID_SERIAL_SHORT=6006048c8f0ff1a5c7ef85c8d1c95481 ID_WWN=0x6006048c8f0ff1a5 ID_WWN_VENDOR_EXTENSION=0xc7ef85c8d1c95481 ID_WWN_WITH_EXTENSION=0x6006048c8f0ff1a5c7ef85c8d1c95481 ID_SCSI_SERIAL=EMC-Celerra-iSCSI-VLU-fs179_T5_LUN10_CKM00120100230 Thank you for help, it would help me playing with iscsi luns on OpenBSD. j.
specifying rom file for vio(4) in VMM
Is it possible to somehow make VMM to boot from vio with specified ROM file (eg. ipxe)? j.
Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?
Hi, in the mail I was confirming that vioscsi works now I sent only dmesg, and thus some info got stripped. I tried vioscsi today with directly attach iscsi lun (but passed via iscsi initiator on EL7 via block device) and I see following lines, are they OK? ... Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] Rounding size to bsize (32 sectors): 1526304 Rounding size to bsize (32 sectors): 2425696 Rounding size to bsize (32 sectors): 3706272 Rounding size to bsize (32 sectors): 3205664 Rounding size to bsize (32 sectors): 1866048 Rounding size to bsize (32 sectors): 6919232 Rounding size to bsize (32 sectors): 2642112 Rounding size to bsize (32 sectors): 3752352 Rounding size to bsize (32 sectors): 13297376 newfs: reduced number of fragments per cylinder group from 95392 to 95016 to enlarge last cylinder group /dev/rsd0a: 745.3MB in 1526304 sectors of 512 bytes ... Next comments are related to the installer but anyway. It is not really distinguishable what disk I see (what would happen if I would add multiple same size luns?). ... Available disks are: sd0. Which disk is the root disk? ('?' for details) [sd0] ? sd0: Celerra (20.0G) Available disks are: sd0. ... We have visible 'Celerra' - ID_MODEL and size only here. Here is SCSI info about the lun obtained from EL7 for understanding more details about the disk. # iscsi-inq -e 1 -c 0x80 -i iqn.1994-05.com.redhat:xx iscsi://10.34.63.200/iqn.1992-05.com.emc:ckm00120100230-5-vnxe/5 Unit Serial Number:[EMC-Celerra-iSCSI-VLU-fs176_T5_LUN5_CKM00120100230] [root@slot-5c ~]# /usr/lib/udev/scsi_id -x -g /dev/sde ID_SCSI=1 ID_VENDOR=EMC ID_VENDOR_ENC=EMC\x20\x20\x20\x20\x20 ID_MODEL=Celerra ID_MODEL_ENC=Celerra\x20\x20\x20\x20\x20\x20\x20\x20\x20 ID_REVISION=0002 ID_TYPE=disk ID_SERIAL=36006048c92fcbc2b82ce603f2373d2c5 ID_SERIAL_SHORT=6006048c92fcbc2b82ce603f2373d2c5 ID_WWN=0x6006048c92fcbc2b ID_WWN_VENDOR_EXTENSION=0x82ce603f2373d2c5 ID_WWN_WITH_EXTENSION=0x6006048c92fcbc2b82ce603f2373d2c5 ID_SCSI_SERIAL=EMC-Celerra-iSCSI-VLU-fs176_T5_LUN5_CKM00120100230 Thus maybe it would be fine to have also serial there... # sysctl hw.disknames hw.disknames=cd0:,sd0:4af32eaf54527909,fd0: # scsi -f /dev/rsd0c -c "12 0 0 0 64 0" -i 0x64 "s8 z8 z16 z4" EMC Celerra 0002 sd0 at scsibus1 targ 0 lun 0:SCSI3 0/direct fixed naa.6006048c92fcbc2b82ce603f2373d2c5 revision, is this useful? Thank you for your help! Full dmesg and important part of the installation below. j. OpenBSD 6.1-beta (RAMDISK_CD) #32: Fri Mar 17 02:55:20 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 1056817152 (1007MB) avail mem = 1021091840 (973MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7040 (10 entries) bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014 bios0: Red Hat RHEV Hypervisor acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SRAT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2200.35 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: apic clock running at 999MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu at acpi0 not configured "ACPI0006" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "ACPI0010" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 "Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 "Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured vga1 at pci0 dev 2 function 0 "Red Hat QXL Video" rev 0x04 vga1: aperture needed wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet
Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?
On Thu, Mar 16, 2017 at 10:15:21PM +0100, Stefan Fritsch wrote: > On Tuesday, 14 March 2017 20:16:17 CET Jiri B wrote: > > Recent dmesg, and VM exits because of virtio-scsi issue when it is > > installing 'bsd.mp'. > > I think I have fixed all the bugs, at least I could not get any corruption > any > more. The changes are in -current, in r1.5 of sys/dev/pv/vioscsi.c . Please > try if that fixes your problems. > > Cheers, > Stefan Hi, it seems to pass installation and boots later on OK with OpenBSD 6.1-beta (RAMDISK_CD) #32: Fri Mar 17 02:55:20 MDT 2017 I suppose your diffs are in. Thank you, I'll try directly attach iSCSI lun as vioscsi now... j. ~~~ OpenBSD 6.1-beta (RAMDISK_CD) #32: Fri Mar 17 02:55:20 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 250470400 (238MB) avail mem = 239251456 (228MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7170 (10 entries) bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014 bios0: Red Hat KVM acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: QEMU Virtual CPU version 2.5+, 2394.45 MHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: apic clock running at 1000MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu at acpi0 not configured "ACPI0006" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "ACPI0010" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 "Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) "Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured virtio0 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 52:54:00:15:b0:a3 virtio0: msix shared virtio1 at pci0 dev 3 function 0 "Qumranet Virtio SCSI" rev 0x00 vioscsi0 at virtio1: qsize 128 scsibus0 at vioscsi0: 255 targets sd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU HARDDISK, 2.5+> SCSI3 0/direct fixed sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin virtio1: msix shared uhci0 at pci0 dev 4 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11 uhci1 at pci0 dev 4 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci2 at pci0 dev 4 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10 ehci0 at pci0 dev 4 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00 virtio2: no matching child driver; not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0 mux 1 softraid0 at root scsibus1 at softraid0: 256 targets PXE boot MAC address 52:54:00:15:b0:a3, interface vio0 root on rd0a swap on rd0b dump on rd0b syncing disks... done rebooting... OpenBSD 6.1-beta (GENERIC.MP) #33: Fri Mar 17 02:51:54 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 250470400 (238MB) avail mem = 238321664 (227MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7170 (10 entries) bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014 bios0: Red Hat KVM acpi0 at bios0: rev 0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC ac
Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?
On Wed, Mar 15, 2017 at 02:54:03PM +0100, Alexander Bochmann wrote: > > > bios0: vendor SeaBIOS version > "debian/1.7.5-1-0-g506b58d-dirty-20140812_231322-gandalf" date 04/01/2014 > > bios0: QEMU Standard PC (i440FX + PIIX, 1996) it doesn't say anything about qemu-kvm version :/ > [..] > > virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00 > > vioscsi0 at virtio1: qsize 128 > > scsibus2 at vioscsi0: 255 targets > > probe(vioscsi0:0:0): Check Condition (error 0) on opcode 0x0 > > sd0 at scsibus2 targ 0 lun 0:SCSI3 0/direct > fixed > > sd0: 61440MB, 512 bytes/sector, 125829120 sectors, thin > > virtio1: msix shared > > Maybe it is actually a Linux bug that has been fixed by everyone > except Red Hat in their undead backports kernel? I could install Fedora or recent OpenSUSE and see :) It would be maybe better to see how virtio-scsi involved in recent qemu since virtio-scsi was imported into OpenBSD. IIRC there were some header changes... (I'm not a programmer but see comparisor below:) https://github.com/qemu/qemu/blob/019adbd3715e98b5a09fab1370cc2c6904f79b6d/include/standard-headers/linux/virtio_scsi.h#L32 #define VIRTIO_SCSI_CDB_SIZE 32 #define VIRTIO_SCSI_SENSE_SIZE 96 vs $ egrep 'VIRTIO.*(CDB|SENSE)_SIZE' cvs/openbsd-src/sys/dev/pv/vioscsireg.h #define VIRTIO_SCSI_CONFIG_SENSE_SIZE 20 /* 32bit */ #define VIRTIO_SCSI_CONFIG_CDB_SIZE 24 /* 32bit */ And here https://github.com/qemu/qemu/commit/03325525c3a607825ab67bf36bffaa5cf8447df2 +/* Override CDB/sense data size: they are dynamic (guest controlled) in QEMU */ +#define VIRTIO_SCSI_CDB_SIZE 0 +#define VIRTIO_SCSI_SENSE_SIZE 0 j.
Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?
On Tue, Mar 14, 2017 at 05:58:29PM -0700, Mike Larkin wrote: > On Tue, Mar 14, 2017 at 08:16:17PM -0400, Jiri B wrote: > > Recent dmesg, and VM exits because of virtio-scsi issue when it is > > installing > > 'bsd.mp'. > > > > j. > > > > What are you trying to achieve here? Why not just use a device that doesn't > cause errors. You could choose virtio-blk or even a non-PV storage device. > > -ml Originally I had to use virtio-scsi as it was default when using > 2 disks in our OpenStack env. virtio-scsi also became default disk type in RHV/oVirt we use. virtio-scsi does pass SCSI commands through so I'd like to see if I could have direct lun attached to OpenBSD VM and if I could do SCSI reservation etc... I'm also interested to see if I could have virtio-scsi in mpath, although reading mpath man page, mpath is not supported over vscsi now. j.
Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?
Recent dmesg, and VM exits because of virtio-scsi issue when it is installing 'bsd.mp'. j. Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2017 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.0-current (RAMDISK_CD) #163: Sat Feb 11 19:41:57 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 250470400 (238MB) avail mem = 239251456 (228MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7170 (10 entries) bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014 bios0: Red Hat KVM acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: QEMU Virtual CPU version 2.5+, 2394.37 MHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MM X,FXSR,SSE,SSE2,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: apic clock running at 999MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu at acpi0 not configured "ACPI0006" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0700" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "ACPI0010" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 "Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) "Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured virtio0 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 52:54:00:15:b0:a3 virtio0: msix shared virtio1 at pci0 dev 3 function 0 "Qumranet Virtio SCSI" rev 0x00 vioscsi0 at virtio1: qsize 128 scsibus0 at vioscsi0: 255 targets sd0 at scsibus0 targ 0 lun 0:SCSI3 0/direct fixed sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin virtio1: msix shared uhci0 at pci0 dev 4 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11 uhci1 at pci0 dev 4 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci2 at pci0 dev 4 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10 ehci0 at pci0 dev 4 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00 virtio2: no matching child driver; not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0 mux 1 softraid0 at root scsibus1 at softraid0: 256 targets PXE boot MAC address 52:54:00:15:b0:a3, interface vio0 root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T Welcome to the OpenBSD/amd64 6.0 installation program. Starting non-interactive mode in 5 seconds... (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? DHCPDISCOVER on vio0 - interval 1 DHCPDISCOVER on vio0 - interval 1 DHCPOFFER from 192.168.1.1 (00:25:90:60:8f:1e) DHCPREQUEST on vio0 to 255.255.255.255 DHCPACK from 192.168.1.1 (00:25:90:60:8f:1e) bound to 192.168.1.118 -- renewal in 1800 seconds. Fetching http://192.168.1.2/52:54:00:15:b0:a3-install.conf?path=snapshots/amd64 Performing non-interactive install... Terminal type? [vt220] vt220 System hostname? (short form, e.g. 'foo') test1 Available network interfaces are: vio0 vlan0. Which network interface do you wish to configure? (or 'done') [vio0] vio0 IPv4 address for vio0? (or 'dhcp' or 'none') [dhcp] dhcp DHCPREQUEST on vio0 to 255.255.255.255 DHCPACK from 192.168.1.1 (00:25:90:60:8f:1e) bound to 192.168.1.118 -- renewal in 1800 seconds. IPv6 address for vio0? (or 'rtsol' or 'none') [none] none Available network interfaces are: vio0 vlan0. Which network interface do you wish to configure? (or 'done') [done] done Using DNS domainname internal Using DNS nameservers at 192.168.1.1
Re: watchdog - "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured
On Tue, Mar 14, 2017 at 03:52:17PM -0700, Mike Larkin wrote: > > [...] > > virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 > > vio0 at virtio0: address 52:54:00:b8:93:d9 > > virtio0: msix shared > > "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured > > ... > > > > # sysctl -a | grep watch > > # > > > > Shouldn't this be detected as ichwdt(4)? > > > > ichwdt(4) - Intel 6300ESB ICH watchdog timer device > > > > Looks like it was only ever "built" for i386, and not extensively tested even > then: > > revision 1.411 > date: 2005/05/02 17:26:00; author: grange; state: Exp; lines: +2 -1; > Add ichwdt(4): Intel 6300ESB ICH watchdog timer driver. Disabled for > now due to lack of testing. If you have a machine that uses this > device please contact me. > > -ml Hi, it seems i6300esb is only watchdog usable on qemu-kvm. There's also some ib700 but it is ISA device and diag288 which is applicable only to IBM s/390 and zSeries. Should I give a try to i386 with rebuilt kernel? i6300esb is also default watchdog in RHV[1]/oVirt but I doubt anybody uses OpenBSD on it except me sporadically :) [1] https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html/virtual_machine_management_guide/sect-configuring_a_watchdog j.
watchdog - "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured
Hi, I added watchdog device for OpenBSD VM on qemu-kvm and it seems it's not detected correctly: OpenBSD 6.0-current (GENERIC.MP) #167: Sat Feb 11 19:35:52 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 518905856 (494MB) avail mem = 498569216 (475MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf7220 (11 entries) bios0: vendor Seabios version "0.5.1" date 01/01/2011 bios0: Red Hat KVM acpi0 at bios0: rev 0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Core i7 9xx (Nehalem Class Core i7), 1866.90 MHz ... virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 52:54:00:b8:93:d9 virtio0: msix shared "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured ... # sysctl -a | grep watch # Shouldn't this be detected as ichwdt(4)? ichwdt(4) - Intel 6300ESB ICH watchdog timer device # pcidump -v 0:4:0 0:4:0: Intel 6300ESB WDT 0x: Vendor ID: 8086 Product ID: 25ab 0x0004: Command: 0103 Status: 0x0008: Class: 08 Subclass: 80 Interface: 00 Revision: 00 0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00 0x0010: BAR mem 32bit addr: 0xfebc1000/0x0010 0x0014: BAR empty () 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 1af4 Product ID: 1100 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00 Libvirt xml part is: Qemu cmd line is: qemu 11657 81.6 5.3 1075552 434084 ? Sl 23:23 17:53 /usr/libexec/qemu-kvm -name guest=www1,debug-threads=on -S -object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-6-www1/mast er-key.aes -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=off -cpu Nehalem -m 512 -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid e26e7c0c-ea90-45bd-981d-23d471f58162 -nographic -no-user-config -nodefaults -device sga -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-6-www1/monitor.sock,s erver,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot menu=on,reboot-timeout=0,splash-time=3000,strict=on -device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5 -device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1 -device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2 -drive file=/dev/data1vg/www1,format=raw,if=none,id=drive-virtio-disk0,cache=none,ai o=native -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio -disk0,bootindex=2 -netdev tap,fd=28,id=hostnet0,vhost=on,vhostfd=30 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b8:93:d9,bus=pci.0,addr=0 x3,bootindex=1 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -device i6300esb,id=watchdog0,bus=pci.0,addr=0x4 -watchdog-action reset -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -object rng-random,id=objrng0,filename=/dev/random -device virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.0,addr=0x8 -msg timestamp=on Am I doing something wrong or it is a bug? j.
how to debug OpenBSD virtio-scsi killing qemu-kvm VM?
Hi, it seems virtio-scsi is not working correctly in OpenBSD, I gave it a try today and OpenBSD VM was killed with: 2017-03-13T15:29:00.814657Z qemu-kvm: wrong size for virtio-scsi headers on EL7 with qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64. I found a bug stating it is OpenBSD's fault https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768517 I'd like to provide more info but could you give me some hints please? I tried to attach debugger to qemu-kvm process but I get only this :/ [Thread 0x7f6035207700 (LWP 10766) exited] [Thread 0x7f5feedff700 (LWP 10769) exited] [Thread 0x7f604a9a8c80 (LWP 10761) exited] [Inferior 1 (process 10761) exited with code 01] j.
Re: pf group and setgid
On Sun, Mar 12, 2017 at 07:13:08PM +0100, Jrme FRGACIC wrote: > Hi @misc, > > I have a question about pf and its possibility to filter packets by process > group: is it a reasonable practice to use setgid for add some rules that > allow only specific programs to use some services? For example, only permit > the ftp command and firefox to use HTTP and HTTPS services? > > If I create a separate group for each program I want to allow, is there any > additional risk induce by the use of the setgid? Also, does this practise > can be helpful by adding a supplementary layer of protection or is it > useless? > > $ ls -l /usr/bin/ftp > -r-xr-sr-x 1 root ftpcmd 151168 Jul 26 2016 /usr/bin/ftp > $ grep ftpcmd /etc/pf.conf > pass out on if proto tcp from (if:0) to any port { 80,443 } group ftpcmd > > Kind regards, > > > Jérôme FRGACIC Your problem is already solved - it is called 'proxy' :) j.
mpath for vioscsi disks
Is mpath doable for vioscsi disks? At least if running OpenBSD on Linux KVM one could use iSCSI with Ceph backend and thus assing two iSCSI luns as vioscsi disks for OpenBSD VM. IIUC vioblk strips SCSI commands so it cannot be used for this. I'm not also sure if we would use iSCSI luns directly inside that OpenBSD VM and having them in mpath. Any thoughts about this? Or about mpath with non-enteprise SAN boxes? j.
Re: Please: Is there ANY chance that Linux binaries might run again???
On Fri, Mar 10, 2017 at 12:23:12AM +0100, Stefan Wollny wrote: > For the very reason I use OpenBSD: Confidentiality. Wouldn't running closed source Linux binaries on OpenBSD conflict with your trust? Those binaries cannot be pledge etc... IMO it's better if we would have a "VMM bootloader" which would support running any OS. At least VMM has better security design than compat_linux had. j.
Re: Running OpenBSD on Hypervisor
On Wed, Mar 08, 2017 at 07:35:15AM -0800, Reyk Floeter wrote: > We have PV drivers for all of them in GENERIC. > > Reyk If nothing has changed stay away from virtio-scsi disks. See https://marc.info/?l=openbsd-misc=142652469207347=2 j.
Re: serial port expansion card
I'm little bit worried about consistent device names of serial port cards or USB->serial converters. Is it predictable or not? j.
Re: Content filtering through pf?
On Thu, Feb 23, 2017 at 10:27:20AM -0500, Alan Corey wrote: > I'm wondering if it's possible to do content filtering in a firewall. > Maybe with something that cooperates with pf. I'm on a very limited > (5 GB/month) metered internet connection through a cell phone and I'm > not the only user when I have it shared over wifi. I'd like to block > video because it's an incredible waste. Problematic clients are > Android/Kindle. User competence in not clicking where they shouldn't > is sometimes an issue. > > I can see this happening if there's a file size available during > transfers, if the size is under a certain threshold value it just > passes without interference, over a certain size the first few bytes > of the file get checked. If it fails the check that exact URL to the > file would get blacklisted for maybe 24 hours. I've noticed watching > random transfers with wget that in some cases it knows the file size > from somewhere and sometimes not. Presumably there's no size > available on streaming video so just block it. > > There seems to be an abundance of video in advertising in apps but > also in news apps there's a mix of video and text stories. Most of > the world assumes bandwidth is free and fast. Some videos are bigger > than entire operating systems, and most are fairly pointless. If the > transfer is happening over an ssl connection maybe not much can be > done since from the firewall's perspective it's just encrypted data, > essentially inside a tunnel. That sounds like work for Squid in intercepting proxy. j.
relayd as simple forward proxy
Hi, can I use relayd as simple forward http proxy, ie. a non-caching variant of tinyproxy or squid? Not transparently - intercepting, but as usual http proxy. j.
Re: rcctl hickups on OpenBSD 6.0?
On Thu, Feb 16, 2017 at 08:46:45AM +0100, Raimo Niskanen wrote: > Hello Misc@ > > I tried to activate ypbind via rcctl: > rcctl enable ypbind > and it did not write "ypbind_flags=" into /etc/rc.conf.local. > > I had run ypbind so it should start according to the documentation since > there is a domain file in /var/yp/binding/ but when booting the machine > ypbind did not start and there was no printout from /etc/rc about starting > it. "rcdctl ls failed" did print ypbind. > > I tried to debug rcctl with little success. Looking at the script it seems > to me that it checks /etc/rc.conf and /etc/rc.conf.local and should write a > line "ypbind_flags=" into /etc/rc.conf.local since the default in > /etc/rc.conf is "ypbind_flags=NO". But ktrace:ing it indicates that it > also checks domainname and /var/yp/binding so it is smarter than it looks. > > Unfortunately /etc/rc starts ypbind like any other daemon so ypbind_flags > has to be != NO and therefore it is not started. > > So there seems to be some misunderstanding between /etc/rc and rcctl about > exactly when ypbind is enabled or not. > > The workaround is easy enough (manually editing /etc/rc.conf.local so no > big issue. > > Also, I tried to set nfsd flags: > rcctl enable nfsd > rcctl set nfsd flags -tun 4 > or > rcctl set nfsd flags "-tun 4" > but it did not work (nfsd_flags=) > rcctl set nfsd flags -tu > did work, though. > > Known problems? It's default value, so maybe it cleaned. It was removed from FAQ just couple of minutes/hours ago. j.
how to generate sha512 password hashes for Linux on OpenBSD?
Hi, how could I generate sha512 password hashes for Linux on OpenBSD? Using 'crypto' from Python is no go, as this is OS dependent. So I tried following via passlib but it does not work, ie. I can't login on EL7. ~~~ #!/usr/bin/python2.7 from passlib.hash import sha512_crypt import getpass hash = sha512_crypt.using(salt_size=16).encrypt(getpass.getpass()) # XXX # print(hash) hl = hash.split("$",3) print("$6$%s" % hl[3]) ~~~ It does add 'rounds=656000$', so removing this is needed. On EL7 with hash from above: echo 'userfoo:$6$1AfrAnSyjs7Xpki7$59aX53IQcu9JRZKdHT311HOurgVftM/5RlgOrz7fFlDcQEqhcoUCvuDeXyMogTQrvwtmWE8Tnr2vhV2Jf2aqq0' \ | chpasswd -e And try ssh as 'userfoo'. What can I do wrong? What is your way to generate it on OpenBSD? j.
Re: -current installer error
On Thu, Feb 02, 2017 at 09:28:14PM +, Pedro Caetano wrote: > Hi misc@ > > Today while upgrading a few vms i noticed an error while auto_upgrade was > running. > Release build from today sources on amd64 arch. > This does not impact upgrade of the system. > > > # more /tmp/ai/ai.log > Choose your keyboard layout ('?' or 'L' for list) [default] default > Available disks are: sd0. > Which disk is the root disk? ('?' for details) [sd0] sr0 'sr0' ? really? > Checking root filesystem (fsck -fp /dev/sd0a /mnt)...OK > Mounting root filesystem (mount -o ro /dev/sd0a /mnt)...OK. > Force checking of clean non-root filesystems? [no] no > dd: /mnt/var/db/host.random: No such file or directory > /dev/sd0a (17f9850d83e601df.a) on /mnt type ffs (rw, local, wxallowed) j.
Re: "pass all flags S/SA" from default pf.conf is logging, why?
On Mon, Jan 30, 2017 at 11:46:32AM +, Stuart Henderson wrote: > > I'm surprised that I get logging in pflog even I have *no* 'log' > > in my pf.conf. > > > > # pfctl -vvsr -R 14 > > @14 pass all flags S/SA > > [ Evaluations: 30082 Packets: 569255Bytes: 365488723 States: 23 > >] > > [ Inserted: uid 0 pid 71493 State Creations: 29574 ] > > > > According to pf.conf(5) 'all' in above should be, though still > > not having 'log': > > > > " all This is equivalent to `from any to any'." > > > > # tcpdump -r /var/log/pflog -n -e -ttt rulenum 14 | tail -n1 > > tcpdump: WARNING: snaplen raised from 116 to 160 > > Jan 30 11:52:45.295489 rule 14/(ip-option) pass in on vlan0: > > 192.168.254.101 > 224.0.0.22: igmp-2 [v2] [ttl 1] > > > > # sysctl kern.version > > kern.version=OpenBSD 6.0-current (GENERIC.MP) #153: Tue Jan 24 19:06:50 MST > > 2017 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > Is this a bug or feature? Thx. > > afaik, feature. It's a packet with ip-options which is blocked outright > by PF unless you have an "allow-opts" rule. OK, but there's nothing about logging ip-options packets in pf.conf under 'allow-opts'. j.
Re: getting data from degraded RAID 1 boot disk
On Wed, Feb 01, 2017 at 01:33:54PM +0100, Stefan Sperling wrote: > On Wed, Feb 01, 2017 at 04:12:26AM -0500, Jiri B wrote: > > Should have kernel automatically create 'sd4' for degraded RAID 1 > > but it does not? > > I believe it will auto assemble if the disk is present at boot time. ^^ This does work, I tried to plug the disk as boot device into QEMU VM. > But not when you hotplug the disk. Pity. Could it be reconsidered? It would ease data recovery (ie. trying to get a box to boot the disk or using VM.) Thanks. j.
Re: getting data from degraded RAID 1 boot disk
On Tue, Jan 31, 2017 at 11:55:21PM +0100, Stefan Sperling wrote: > On Tue, Jan 31, 2017 at 05:23:10PM -0500, Jiri B wrote: > > I have a disk which used to be boot disk of a degraded RAID 1 (softraid). > > The second disk is totally gone. > > > > I don't want to use this disk as RAID 1 disk anymore, just to get data > > from it. > > > > I'm asking because when I plugged the disk, bioctl said 'not enough disks'. > > > > Do we really have to necessary require two disks when attaching already > > existing > > degraded RAID 1 with only one disk available? > > Can you describe in more detail what you did to "plug the disk"? > It sounds like you ran 'bioctl' in a way that tries to create a > new RAID1 volume. Why? > > If the disk is present during system boot, is it not auto-assembled > as a degraded RAID1 volume? I would expect a degraded softraid RAID1 > disk to show up which you can copy data from. Thank you very much for reply. Here are the steps: 1. original disk which used to be part of degraded RAID 1 (softraid) boot disk attached via USB->SATA adapter: umass1 at uhub0 port 10 configuration 1 interface 0 "JMicron AXAGON USB to SATA Adapter" rev 3.00/81.05 addr 10 umass1: using SCSI over Bulk-Only scsibus5 at umass1: 2 targets, initiator 0 sd3 at scsibus5 targ 1 lun 0: SCSI4 0/direct fixed serial.49718017 sd3: 715404MB, 512 bytes/sector, 1465149168 sectors 2. trying to put degraded RAID 1 online: # fdisk sd3 | grep OpenBSD *3: A6 0 1 2 - 91200 254 63 [ 64: 1465144001 ] OpenBSD # disklabel sd3 | grep RAID a: 1465144001 64RAID # bioctl -c 1 -l /dev/sd3a softraid0 bioctl: not enough disks man bioctl unfortunatelly states: ~~~ The RAID 0, RAID 1 and CONCAT disciplines require a minimum of two devices to be provided via -l... ~~~ Should have kernel automatically create 'sd4' for degraded RAID 1 but it does not? As bioctl requires "a minimin of two devices" for RAID 1... IMO if RAID 1 could be constructed with on disk via bioctl it would be better also for people doing migration to RAID 1. j.
getting data from degraded RAID 1 boot disk
I have a disk which used to be boot disk of a degraded RAID 1 (softraid). The second disk is totally gone. I don't want to use this disk as RAID 1 disk anymore, just to get data from it. I'm asking because when I plugged the disk, bioctl said 'not enough disks'. Do we really have to necessary require two disks when attaching already existing degraded RAID 1 with only one disk available? (I find it generally pretty sad we can't define RAID 1 with only disk. I could imagine constructing RAID 1 with one disk as useful feature, eg. migration from non-mirrored boot disk to RAID 1 boot disks which attaching just new additional disk. At least we used to do this on RHEL.) My current workaround is running a VM under qemu and accessing this disk as raw device. Surprisingly this works fine in comparision with previous attaching with bioctl. kern.version=OpenBSD 6.0-current (GENERIC.MP) #117: Sat Jan 7 09:10:45 MST 2017 j.
Re: init: can't open /dev/console: Device not configured.
On Tue, Jan 31, 2017 at 02:11:37PM +0100, Christophe Jarry wrote: > Dear OpenBSD developers an users, > > I have installed OpenBSD 6.0 on my 14 years-old hp pavilion ze5418EA > (i386). I used an USB key on which I dd'ed install60.fs. > > The installation process went smoothly, I used the default answer to > almost every question. > I made a custom partition table with one partition of 28 GB for > OpenBSD, 26 GB for another OS and 2 GB or so of swap. > I answered "no" to "Change default console to com1?" Try booting bsd.rd from boot loader, then mount your root filesystem at /mnt and inspect /mnt/etc/boot.conf. For desktop you generally don't need this file at all. j.
Re: Redudant gateways
On Mon, Jan 30, 2017 at 10:30:13AM -0200, Dante F. B. Col wrote: > Hello, > > I've added a second ISP link on a firewall , what i need is make both > redudant but without load balancing like equal multipath, i just need that > the second link assume only if the other fails , i already did this with > some rudimentary cron scripts, is there a better way to do this ? > > Regards > > Dante $ whatis ifstated ifstated.conf(5) - Interface State daemon configuration file ifstated(8) - Interface State daemon j.
tftpd rewrite - prepend generated 'id' for data
Hi, I'm playing with tftpd rewrite option and it seems there's no timeout for data sent via rewrite socket. Anyway, wouldn't it be good to send also some generated 'id' in the beginning of data (eg: "XX 192.168.0.1 read /etc/boot.conf")? This way tftpd could serve other clients even if previous rewrite data got stucked somewhere. j.
"pass all flags S/SA" from default pf.conf is logging, why?
Hello, I'm surprised that I get logging in pflog even I have *no* 'log' in my pf.conf. # pfctl -vvsr -R 14 @14 pass all flags S/SA [ Evaluations: 30082 Packets: 569255Bytes: 365488723 States: 23] [ Inserted: uid 0 pid 71493 State Creations: 29574 ] According to pf.conf(5) 'all' in above should be, though still not having 'log': " all This is equivalent to `from any to any'." # tcpdump -r /var/log/pflog -n -e -ttt rulenum 14 | tail -n1 tcpdump: WARNING: snaplen raised from 116 to 160 Jan 30 11:52:45.295489 rule 14/(ip-option) pass in on vlan0: 192.168.254.101 > 224.0.0.22: igmp-2 [v2] [ttl 1] # sysctl kern.version kern.version=OpenBSD 6.0-current (GENERIC.MP) #153: Tue Jan 24 19:06:50 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Is this a bug or feature? Thx. ~~~ # pfctl -sr block drop in quick on isolated from any to route "internet4" block drop in quick on isolated from any to route "internet6" pass out quick on egress from any to route "internet4" flags S/SA nat-to (egress) round-robin pass out quick on tunnel from any to route "internet6" flags S/SA pass in quick on public inet proto tcp from any to any port = 53 flags S/SA rdr-to 176.74.XXX.YYY port 5353 pass in quick on public inet6 proto tcp from any to any port = 53 flags S/SA rdr-to 2001:470:6e:XXy::X port 5353 pass in quick on public inet proto udp from any to any port = 53 rdr-to 176.74.XXX.YYY port 5353 pass in quick on public inet6 proto udp from any to any port = 53 rdr-to 2001:470:6e:XXy::X port 5353 pass in quick on public proto tcp from any port = 22 to any flags S/SA pass in quick on public proto tcp from any port = 25 to any flags S/SA pass in quick on public proto tcp from any port = 80 to any flags S/SA pass in quick on public proto tcp from any port = 443 to any flags S/SA pass in quick on egress inet proto ipv6 from 216.66.86.122 to (egress) block return all pass all flags S/SA block return in on ! lo0 proto tcp from any to any port 6000:6010 ~~~ j.
Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server
> > Isn't better to use rewrite/file remapping instead of hacking pxeboot? > > If an i386 machine would request /etc/boot.conf via tftp you could rewrite > > it to (based on fact you know that that machine is i386 - during > > provisioning) > > /etc/i386/boot.conf. For the client I suppose it would still think it gets > > /etc/boot.conf. A POC... j. ~~~ #!/usr/bin/perl -w use IO::Socket::UNIX; my $socket_path = '/tmp/tftpd_rewrite.sock'; unlink $socket_path if -e $socket_path; my $socket = IO::Socket::UNIX->new( Local => $socket_path, Type => SOCK_STREAM, Listen => SOMAXCONN, ); die "Can't create socket: $!" unless $socket; while (1) { next unless my $connection = $socket->accept; $connection->autoflush(1); while (my $line = <$connection>) { chomp($line); # XXX # conditionals here if ($line =~ /^127.0.0.1 read \/etc\/boot.conf$/) { print $connection "/etc/boot.conf.i386\n"; } elsif ($line =~ /^\S+ read \/etc\/boot.conf$/) { print $connection "/etc/boot.conf\n"; } } } ~~~ $ ./tftpd_rewrite $ doas chgrp _tftpd /tmp/tftpd_rewrite.sock ; doas chmod g+w /tmp/tftpd_rewrite.sock $ doas tftpd -v -r /tmp/tftpd_rewrite.sock /home/vm $ tftp 127.0.0.1 tftp> get /etc/boot.conf Received 38 bytes in 0.0 seconds $ syslogc daemon | tail -n1 Jan 29 01:51:49 t440s tftpd[626]: 127.0.0.1: read request for '/etc/boot.conf' $ cat boot.conf set tty com0 boot tftp:/bsd.rd.i386
Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server
On Sun, Jan 29, 2017 at 01:17:48AM +0200, li...@wrant.com wrote: > Sample excerpts from host specific DHCP server config, for i386 and amd64: > > next-server 10.0.0.32; > filename "auto_upgrade"; > > next-server 10.0.0.64; > filename "auto_upgrade"; > > Quoting autoinstall(8) for netbooting: http://man.openbsd.org/autoinstall > > On architectures where the filename statement is used to provide the > name of the file to netboot it is necessary to create symbolic links > called auto_install and auto_upgrade that point to the expected boot > program and to change the value of the filename statement in the > dhcpd.conf(5) file to be auto_install or auto_upgrade. > > # ln -s /tftpboot/i386/pxeboot /tftpboot/i386/auto_upgrade > # ln -s /tftpboot/amd64/pxeboot /tftpboot/amd64/auto_upgrade > > Needless to say, you need to populate the /tftpboot/{i386,amd64} locations > with the system installation packages from the local mirror / compilation. > > It is also quite easy to combine both the DHCP server and two instances of > tftpd(8), started independently listening on 2 IP address aliases, serving > pxeboot(8) respectively for i386 and amd64 systems stand alone each other. > > See rcctl(8) to run a second copy of a daemon http://man.openbsd.org/rcctl > > The recommended way to run a second copy of a given daemon for a > different purpose is to create a symbolic link to its rc.d(8) control > script: > > # ln -s /etc/rc.d/tftpd /etc/rc.d/tftpd2 > # rcctl set tftpd status on > # rcctl set tftpd2 status on > # rcctl set tftpd flags -4 -l 10.0.0.32 /tftpboot/i386 > # rcctl set tftpd2 flags -4 -l 10.0.0.64 /tftpboot/amd64 > # rcctl start tftpd > # rcctl start tftpd2 Nice trick to define multiple tftp servers for each x86 architecture :) Thanks! j.
Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server
On Sat, Jan 28, 2017 at 06:41:34PM +0100, Sven-Volker Nowarra wrote: > > Isn't better to use rewrite/file remapping instead of hacking pxeboot? > > If an i386 machine would request /etc/boot.conf via tftp you could rewrite > > it to (based on fact you know that that machine is i386 - during > > provisioning) > > /etc/i386/boot.conf. For the client I suppose it would still think it gets > > /etc/boot.conf. > If this works, I could get rid of recompiling pxeboot everytime a > new release comes out. Well, sometimes pxeboot also supports "older" > OpenBSDs, but that is another topic. > > I understand, the tftp server has a "root dir" for the client > specified. In the dhcpd.conf I declare per client a MAC address and > its filename (usually "/pxeboot"). The i386 pxeboot manual says: > "pxeboot boot program will look for an /etc/boot.conf configuration > file on the TFTP server." I didn't find a reference to a different > sub structure... > > Anyway, I tried a structure like you proposed, but pxeboot didn't > find the boot.conf, and didn't even show the echo lines from this > file (so useless to play with bsd location). This was my setup: > > location of boot.conf: > /tftpboot/etc/i386/boot.conf > > $ cat /tftpboot/etc/i386/boot.conf > echo ### > echo ### hello from tftpd@192.168.88.12, with /etc/i386/boot.conf ### > echo ### > boot bsd.rd > > $ cat /etc/dhcpd.conf | grep filename >filename "/pxeboot"; > > I also tried to play with the dhcpd.conf settings, by using a different > subdir for pxeboot, but I didn't get the system to find "his" boot.conf in > the i386 directory. It seems you missed part about tftpd rewrite/file remapping. The client will still request /etc/boot.conf but you fake it via rewrite script. man tftpd -r socket Issue filename rewrite requests to the specified UNIX domain socket. tftpd will write lines in the format "IP OP filename", terminated by a newline, where IP is the client's IP address, and OP is one of "read" or "write". tftpd expects replies in the format "filename" terminated by a newline. All rewrite requests from the daemon must be answered (even if it is with the original filename) before the TFTP request will continue. By default tftpd does not use filename rewriting. j.
tftpd rewrite example
Hi, has anybody written some tftpd rewrite daemon/script which could be shared as example? j.
Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server
On Sat, Jan 28, 2017 at 12:17:40AM +0100, Sven-Volker Nowarra wrote: > I am netbooting many systems, and last recently stepped on the issue, that I > had an amd64 and an i386 client in the same network. I wanted to boot them > into a "full" OpenBSD (not ramdisk kernel). That is not possible with the > default installation, cause pxeboot can not distinguish between these > Intel/AMD systems. DHCP server can distinguish by MAC address, but then when > pxeboot is loaded, the kernel is per default "bsd". This must clash either > with i386 or amd64 architecture, whatever was dropped into tftpboot direcotry. > So I went through some older mailing list entries, adapted them, and updated > my meanwhile extensive netboot document. I updated this into a PDF, covering > many, many details (now ~50 pages). Wanted to give something back to the > community. The PDF is currently located here: > http://nowarra.ch/Volker/netboot_OpenBSD/170127_netbooting_OpenBSD60.pdf > Thanks, interesting document. Isn't better to use rewrite/file remapping instead of hacking pxeboot? If an i386 machine would request /etc/boot.conf via tftp you could rewrite it to (based on fact you know that that machine is i386 - during provisioning) /etc/i386/boot.conf. For the client I suppose it would still think it gets /etc/boot.conf. j.
Re: installXX.fs build
On Fri, Jan 27, 2017 at 08:29:08PM +0100, Thuban wrote: > Hi, > > Just by curiosity, I was wondering how installXX.fs file is build? https://github.com/openbsd/src/blob/master/distrib/amd64/iso/Makefile#L9 j.
Re: clang default: when?
On Mon, Jan 23, 2017 at 11:41:37PM +0800, Tinker wrote: > Ah. So.. support for compiling all the default distro with both gcc and > clang, for all platforms, is in the works? > > Did arm64 spark this because the clang was better suited for arm64 for some > reason, if so which? Maybe you should follow https://marc.info/?l=openbsd-cvs=2=1=llvm=b j.