A pair of our 5.7 Firewalls kernel panic after 40 Days
A carped pair of our obsd firewalls (5.7) both failed yesterday morning within a few hours of each other. The message on the screen read as follows panic: mtx_enter: locking against myself Stopped at Debugger+0x9: Leave run I rebooted both machines to bring services back on line so the above is all I took note off. Both servers are Dell R310 running stock OBSD 5.7 amd64 with a patched / updated relayd from cvs. Does anyone know what might have caused this ? I was wondering if when the machines crash would they have dumped anything to disk that might help identify the cause ? Cheers Keith
Re: relayd relay stability
Hi, I am having some trouble building relayd. I've got down to the make
part where it fails as you can see below. Do you know what I'm doing wrong ?
I downloaded the src.tar.gz file
tar xzf ../src.tar.gz
export CVSROOT=anon...@anoncvs.spacehopper.org:/cvs
cvs up -AC
cvs server: Updating .
P agentx.c
P ca.c
P config.c
P control.c
P http.h
P parse.y
P pfe.c
P relay.c
P relay_http.c
P relayd.c
P relayd.conf.5
P relayd.h
P ssl.c
# make obj
/usr/src/usr.sbin/relayd/obj - /usr/obj/usr.sbin/relayd
# make
make: don't know how to make /usr/lib/crt0.o (prerequisite of: relayd)
Stop in /usr/src/usr.sbin/relayd
Thanks
Keith.
On Tue, Jul 21, 2015 at 5:08 AM, Sebastian Benoit benoit-li...@fb12.de
wrote:
Hi,
here is how to update relayd to current:
(your user account has to be in group wsrc)
$ cd /usr
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_7 -P src
$ cd src/usr.sbin/relayd
$ cvs up -AC
$ make obj
$ make
$ sudo cp /usr/sbin/relayd /usr/sbin/relayd.orig
$ sudo make install
restart relayd and see if its better.
/Benno
Keith(ke...@scott-land.net) on 2015.07.20 23:55:43 +0100:
Hi,
Since upgrading one of our OpenBSD firewalls on Monday last
week we have been having serious stability issues with relayd as its
been randomly exiting after only a few hours of being started. We were
in the same situation a few years ago when we did a previous upgrade of
OBSD and at that time I think we reverted some of the servers to a
previous build of OBSD, I think we also committed out some parts of our
relayd.conf file until things became stable and we left it like that
till we upgraded last week.
I've got a feeling that the crashes are related to the only relay that
we have called http_forwarder and to the protocol we've called http
where we add the X-Forwarded header. Previous to the recent upgrade the
match header append X-Forwarded-For... line had been commented out
and I am assuming that that was the reason that it had been stable.
After the first or second crash last week I think we removed the http
protocol from our relayd.conf and that made things stable again but we
need to get the X-Forwarded-For header working so I re enabled it again
today along with some minor other edits but relayd has died again...
After searching around I found this but am not sure if it's related to
our issue http://permalink.gmane.org/gmane.os.openbsd.misc/220963
If anyone can help it would be appreciated as I am unsure how or what to
do next.
Thanks,
Keith
I left relayd running in the foreground with verbose enabled and below
are the last few log lines.
relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 - :0,
no method (406 Not Acceptable), POST
ca exiting, pid 26811
ca exiting, pid 17254
pfe exiting, pid 26999
ca exiting, pid 29382
ca exiting, pid 7976
ca exiting, pid 24659
hce exiting, pid 16102
relay exiting, pid 9783
relay exiting, pid 19514
relay exiting, pid 12042
relay exiting, pid 13716
parent terminating, pid 29733
Our relayd.conf file
Interval 60
timeout 8000
prefork 5
log updates
table web_hosts{ 192.168.XX.aa, 192.168.XX.bb }
http protocol http {
match header append X-Forwarded-For value $REMOTE_ADDR
return error
}
redirect http_Main {
listen on 192.168.xx.2 port 80 interface vlanXX
listen on 192.168.xx.3 port 80 interface vlanXX
match pftag http_Main
forward to web_hosts port 82 check http / code 200
}
redirect https_Main {
listen on 192.168.xx.2 port 443 interface vlanXX
match pftag https_Main
forward to web_hosts port 443 check tcp
}
redirect https_Other {
listen on 192.168.xx.3 port 443 interface vlanXX
match pftag https_NN_Only
forward to web_hosts port 445 check tcp
}
relay http_forwarder {
listen on 127.0.0.1 port 8080
protocol http
forward to web_hosts port 82 mode loadbalance check http / code 200
}
relay SSL_Generic {
listen on 127.0.0.1 port 9441
forward to web_hosts port 443 mode loadbalance check tcp
}
relay SSL_Other {
listen on 127.0.0.1 port 9444
forward to web_hosts port 445 mode loadbalance check tcp
}
--
relayd relay stability
Hi,
Since upgrading one of our OpenBSD firewalls on Monday last
week we have been having serious stability issues with relayd as its
been randomly exiting after only a few hours of being started. We were
in the same situation a few years ago when we did a previous upgrade of
OBSD and at that time I think we reverted some of the servers to a
previous build of OBSD, I think we also committed out some parts of our
relayd.conf file until things became stable and we left it like that
till we upgraded last week.
I've got a feeling that the crashes are related to the only relay that
we have called http_forwarder and to the protocol we've called http
where we add the X-Forwarded header. Previous to the recent upgrade the
match header append X-Forwarded-For... line had been commented out
and I am assuming that that was the reason that it had been stable.
After the first or second crash last week I think we removed the http
protocol from our relayd.conf and that made things stable again but we
need to get the X-Forwarded-For header working so I re enabled it again
today along with some minor other edits but relayd has died again...
After searching around I found this but am not sure if it's related to
our issue http://permalink.gmane.org/gmane.os.openbsd.misc/220963
If anyone can help it would be appreciated as I am unsure how or what to
do next.
Thanks,
Keith
I left relayd running in the foreground with verbose enabled and below
are the last few log lines.
relay http_forwarder, session 8734 (440 active), 0, XX.XX.XX.174 - :0,
no method (406 Not Acceptable), POST
ca exiting, pid 26811
ca exiting, pid 17254
pfe exiting, pid 26999
ca exiting, pid 29382
ca exiting, pid 7976
ca exiting, pid 24659
hce exiting, pid 16102
relay exiting, pid 9783
relay exiting, pid 19514
relay exiting, pid 12042
relay exiting, pid 13716
parent terminating, pid 29733
Our relayd.conf file
Interval 60
timeout 8000
prefork 5
log updates
table web_hosts{ 192.168.XX.aa, 192.168.XX.bb }
http protocol http {
match header append X-Forwarded-For value $REMOTE_ADDR
return error
}
redirect http_Main {
listen on 192.168.xx.2 port 80 interface vlanXX
listen on 192.168.xx.3 port 80 interface vlanXX
match pftag http_Main
forward to web_hosts port 82 check http / code 200
}
redirect https_Main {
listen on 192.168.xx.2 port 443 interface vlanXX
match pftag https_Main
forward to web_hosts port 443 check tcp
}
redirect https_Other {
listen on 192.168.xx.3 port 443 interface vlanXX
match pftag https_NN_Only
forward to web_hosts port 445 check tcp
}
relay http_forwarder {
listen on 127.0.0.1 port 8080
protocol http
forward to web_hosts port 82 mode loadbalance check http / code 200
}
relay SSL_Generic {
listen on 127.0.0.1 port 9441
forward to web_hosts port 443 mode loadbalance check tcp
}
relay SSL_Other {
listen on 127.0.0.1 port 9444
forward to web_hosts port 445 mode loadbalance check tcp
}
Network TAP advice
Hi, I am about to upgrade an OBSD Firewall to OBSD-5.7 and am thinking about implementing a network tap into the rebuild for an ids. The current firewall doesn't contain a network bridge so I am slightly unsure about how to achive this as the tutorials I have found expect me to have a filtering bridge. I am just using pf with rdr-to and relayd. Could I just create a 'single' interface bridge on each leg of my firewall and add a spanport ? || |ifconfig bridge0 create| |ifconfig bridge0 add em0| #Internet line |ifconfig bridge0 addspan em2 #My 1st Spanport| nic |ifconfig bridge0 up| The firewall actually has a trunk with the multiple vlans, I don't think this will make a difference but thought it would be worth mentioning just in case. Any advice / pointers to tutorials would be appreciated. Thanks Keith
relayd crashing after header append added
Hi, I recently added a header append $REMOTE_ADDR to
X-Forwarded-For to my relayd.conf file and since adding that line the
relayd service has died a number of times.
I tried adding the no splice option and I think relayd stayed up for
longer but it died again last night. Relayd seesm to stay up for a
random about of time before stopping, from a few hours to a few days.
Does anyone know what might be causing this to happen and if there's a
workaround ?
Mar 19 19:14:15 NodeC relayd[23062]: hce exiting, pid 23062
Mar 19 19:14:15 NodeC relayd[12415]: pfe exiting, pid 12415
Mar 19 19:14:15 NodeC relayd[30965]: relay exiting, pid 30965
Mar 19 19:14:15 NodeC relayd[30994]: relay exiting, pid 30994
Mar 19 19:14:15 NodeC relayd[19179]: relay exiting, pid 19179
Mar 19 19:14:15 NodeC relayd[19774]: relay exiting, pid 19774
Mar 19 19:14:15 NodeC relayd[26432]: parent terminating, pid 26432
table web_hosts{ xxx.xxx.xxx.35, xxx.xxx.xxx.36 }
interval 60
timeout 8000
prefork 5
#log updates
protocol tcp_service { tcp { nodelay, socket buffer 65536 backlog 100 } }
http protocol http_service { tcp { nodelay, sack, socket buffer 65536,
no splice, backlog 1000 }
# header append $REMOTE_ADDR to X-Forwarded-For
return error
}
redirect http_Main {
listen on yyy.yyy.yyy.62 port 80 interface vlanXX
listen on yyy.yyy.yyy.63 port 80 interface vlanXX
match tag http_Main
forward to web_hosts port 82 check http / code 200
}
redirect https_Main {
listen on yyy.yyy.yyy.62 port 443 interface vlanXX
match tag https_Main
forward to web_hosts port 443 check tcp
}
redirect https_Only {
listen on yyy.yyy.yyy.63 port 443 interface vlanXX
match tag https_Only
forward to web_hosts port 445 check tcp
}
relay http_forwarder {
listen on 127.0.0.1 port 8080
protocol http_service
forward to web_hosts port 82 mode loadbalance check http / code 200
}
relay SSL_Generic {
listen on 127.0.0.1 port 8441
protocol tcp_service
forward to web_hosts port 443 mode loadbalance check tcp
}
relay SSL_Only {
listen on 127.0.0.1 port 8444
protocol tcp_service
forward to web_hosts port 445 mode loadbalance check tcp
}
# Out Bound Services #
relay some_mssql_forwarder {
listen on 127.0.0.1 port 8143
protocol tcp_service
forward to 10.240.8.185 port 1433
Thanks
Keith
Re: relayd crashing after header append added
drive 0: WDC WD2502ABYS-18B7A0 wd0: 16-sector PIO, LBA48, 238418MB, 488281250 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 pciide1 at pci0 dev 31 function 5 Intel 3400 SATA rev 0x05: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using apic 0 int 21 for native-PCI interrupt atapiscsi0 at pciide1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, DVD-ROM DV-28SW, R.2A ATAPI 5/cdrom removable cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 kbc: cmd word write error pcppi0 at isa0 port 0x61 spkr0 at pcppi0 mtrr: Pentium Pro MTRR support uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 uhub3 at uhub2 port 1 Standard Microsystems product 0x2514 rev 2.00/0.00 addr 3 uhub4 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on wd0a (0f67dd1db00a9bce.a) swap on wd0b dump on wd0b bnx0: address 00:0a:f7:3a:44:c4 brgphy0 at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 bnx1: address 00:0a:f7:3a:44:c6 brgphy1 at bnx1 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 bnx2: address 78:2b:cb:00:ec:ed brgphy2 at bnx2 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 bnx3: address 78:2b:cb:00:ec:ee brgphy3 at bnx3 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 carp1: state transition: BACKUP - MASTER carp2: state transition: BACKUP - MASTER On 20/03/14 16:12, Sebastian Benoit wrote: Keith(ke...@scott-land.net) on 2014.03.20 15:45:47 +: Does anyone know what might be causing this to happen and if there's a workaround ? possibly, but your report is lacking a dmesg.
my PF ICMP Issues
I have two Firewalls running OBSD 5.4 x64 that are both live and working fine except that they are unable to ping each others IP address or the gateway address while PF is enabled. If I quickly disable PF on the FW-D=Backup then I am able to ping everything from that machine. I've gone over everything I can think of but haven’t been able to figure this out so thought I'd ask here. FW-C = 192.168.xx.67 255.255.252.0 = Carp Master FW-D = 192.168.xx.65 255.255.252.0 = Carp Backup carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:03 description: Carp 1 - Outside Iface priority: 0 carp: BACKUP carpdev vlanxx vhid 3 advbase 1 advskew 10 groups: carp status: backup inet6 fe80::200:5eff:fe00:103%carp1 prefixlen 64 scopeid 0xa inet 192.168.xx.62 netmask 0xfc00 broadcast 192.168.23.255 inet 192.168.xx.63 netmask 0xfc00 broadcast 192.168.23.255 = alias inet 192.168.xx.64 netmask 0xfc00 broadcast 192.168.23.255 = alias inet 192.168.xx.66 netmask 0xfc00 broadcast 192.168.23.255 = alias inet 192.168.xx.70 netmask 0xfc00 broadcast 192.168.23.255 = alias inet 192.168.xx.52 netmask 0xfc00 broadcast 192.168.23.255 = alias Gateway = 192.168.xx.1 FW-C is active I can't disable PF on this server. Neither FW-C or FW-D can ping the gateway when PF is enabled... If I disable PF on FW-D then I can ping the gateway from FW-D. Neither FW-C or FW-D can ping each others main IP (.67 or .65), If I disable PF on FW-D then I can ping .65 .67 from FW-D !!! Neither firewall can ping main carp IP .62 but can ping all the aliases, unless PF is disabled then it is ping able. There are other machines on the 192.168.xx.x network and they can ping all the IP's that FW-C D have all the time... Both firewalls have three nic's, one is dedicated for pfsync, the other two are trunked and then there are two vlans on top of the trunk. I stripped the PF.conf file on the down to as little as possible on the backup firewall this afternoon figuring that it must be the PF file that was wrong but I couldn't get it so that ping was replying. I've run tcpdump on all the interfaces and have checked pflog0 for blocked packets to no-avail :( If I am on FW-C and run ping 192.168.xx.65 then all I see on FW-D is the echo request over and over again tcpdump -n -e -ttt -i vlan40 Jan 22 00:31:49.334032 00:0a:f7:3a:44:c4 00:0a:f7:3a:45:0c 0800 98: 192.168.xx.67 192.168.xx.65: icmp: echo request If anyone can help then it would really be appreciated. Thanks Keith.
Re: OBSD Router FW's and Centos TCP DUP ACK issues
After changing the following line on our edge Firewalls PC.conf the Centos server that was unusable is now usable. I've done another tcp dump and there are still lot's of TCP ACT DUP's but not as many as there were before, match on $ExtIf scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472) label Scrubbing to... match in on $ExtIf scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472) label Scrubbing I will have to do some reading so see exactly why the above rule is causing issue with Centos VM's but for now everything seems back to normal :) Keith On Tue, Apr 23, 2013 at 12:11 AM, Keith ke...@scott-land.net wrote: Hi, we recently switched our squid server from a OBSD server on VMware a Centos server on XEN but there appears to be an issue somewhere between the centos server and our OBSD Routers (DMZ) or our external OBSD firewalls. If I log into the Centos server and run either wget or curl to an exnternal http server I get a kind of random 1 in 3 chance or it working or taking upto 30 seconds to complete. I've run tcpdump on the Centos box and on the router and have imported the results into wireshare and they both show lots of TCP Dup ACK's as shown below. We don't have any issues with any of our other servers that are also on the same lan as this squid server so I think it's either a Centos, Centos/Xen, or a OBSD issue. does anyone have any ideas what might be going on here ? This dump was captured on our OBSD router. No. TimeSourceDestination Protocol Length Info 3917 2.79731010.0.0.X 20.0.0.X TCP 74 35247 http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=2936085 TSecr=0 WS=64 3922 2.79941110.0.0.X 20.0.0.X TCP 66 35247 http [ACK] Seq=1 Ack=1 Win=14656 Len=0 TSval=2936087 TSecr=0 3923 2.79954310.0.0.X 20.0.0.X HTTP 175GET / HTTP/1.0 3926 2.80133110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936089 TSecr=0 3927 2.80133310.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936089 TSecr=0 3930 2.80242310.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936090 TSecr=0 3931 2.80242510.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#4] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936090 TSecr=0 4140 3.00258510.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 4142 3.00339110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 4140#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936291 TSecr=0 4663 3.41063210.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 4665 3.41145110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 4663#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936699 TSecr=0 5538 4.22661110.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 5541 4.22744510.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2937515 TSecr=0 9846 5.84396110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939132 TSecr=0 9851 5.84481110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939133 TSecr=0 9861 5.85863310.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 9863 5.85943210.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 9861#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939147 TSecr=0 14821 9.12271810.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 14823 9.12352610.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2942411 TSecr=0 17858 11.859699 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2945148 TSecr=0 17863 11.860531 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2945148 TSecr=0 25393 15.650790 10.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 25395 15.651626 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 25393#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2948939 TSecr=0 45327 23.890899 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK
OBSD Router FW's and Centos TCP DUP ACK issues
TSval=2988241 TSecr=0 103256 54.968334 10.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 103260 54.969125 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 103256#1] 35249 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2988256 TSecr=0 109179 58.232391 10.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 109181 58.233424 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 109179#1] 35249 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2991521 TSecr=0 114534 60.968474 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 109179#2] 35249 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2994256 TSecr=0 114536 60.969325 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 109179#3] 35249 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2994256 TSecr=0 122863 64.760491 10.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 122865 64.761316 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 122863#1] 35249 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2998048 TSecr=0 140956 72.999821 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 122863#2] 35249 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=3006287 TSecr=0 149188 77.906440 10.0.0.X 20.0.0.X TCP 74 35250 http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=3011193 TSecr=0 WS=64 149190 77.908726 10.0.0.X 20.0.0.X TCP 66 35250 http [ACK] Seq=1 Ack=1 Win=14656 Len=0 TSval=3011196 TSecr=0 149191 77.908820 10.0.0.X 20.0.0.X HTTP 175 GET / HTTP/1.0 149194 77.910921 10.0.0.X 20.0.0.X TCP 66 35250 http [ACK] Seq=110 Ack=1449 Win=17536 Len=0 TSval=3011198 TSecr=1465368908 149195 77.910923 10.0.0.X 20.0.0.X TCP 66 35250 http [ACK] Seq=110 Ack=1794 Win=20416 Len=0 TSval=3011198 TSecr=1465368908 149196 77.912997 10.0.0.X 20.0.0.X TCP 66 35250 http [FIN, ACK] Seq=110 Ack=1794 Win=20416 Len=0 TSval=3011200 TSecr=1465368908 149199 77.914014 10.0.0.X 20.0.0.X TCP 66 35250 http [ACK] Seq=111 Ack=1795 Win=20416 Len=0 TSval=3011201 TSecr=1465368908 Cheers Keith
Re: Absolute OpenBSD 2nd Edition pre-orders are up.
On 16/03/2013 05:59, Austin Hook wrote: Pre-orders for the 2nd Edition of Michael Lucas' Absolute OpenBSD are now up on the main order website. Expected to arrive about the same time we start shipping pre-orders for OpenBSD 5.3. Pre-orders for the latter will show up pretty soon as well. No special early discount, but the difference does go to support the project. Or, if you need to pinch those pennies (before they are discontinued), take the early order path suggested by Michael's website, rather than through the big online monopoly. He gets a bit more that way. You thought you knew all there is to learn in an introductory book to OpenBSD? You might be surprised. A reference when you need it, and worth a skim even just to see how OpenBSD has evolved over the last 10 years, if you have the original volume. http://www.openbsd.org/books.html#B10 And follow the links. I see that amazon in the UK are offering it for £39 delivered http://www.amazon.co.uk/Absolute-OpenBSD-Practical-Paranoid-Edition/dp/1593274769
relayd redirect not working..
Hi, I am trying to get pf relayd to redirect port 80 to a some backed
www servers but I can't get relayd to start. If I have the following in
my relayd.conf file.
redirect www {
listen on 127.0.0.1 80
tag REDIRECTED
forward to 10.0.0.10 port 80
}
and try to start relayd then it just fails with the following in
/var/log/daemon...
Mar 4 23:32:44 NodeB relayd[31756]: startup
Mar 4 23:32:44 NodeB relayd[12344]: hce exiting, pid 12344
Mar 4 23:32:44 NodeB relayd[4920]: pfe exiting, pid 4920
Mar 4 23:32:44 NodeB relayd[27847]: relay exiting, pid 27847
Mar 4 23:32:44 NodeB relayd[32752]: relay exiting, pid 32752
Mar 4 23:32:44 NodeB relayd[31463]: relay exiting, pid 31463
If I comment out the above redirect then relayd starts ok.
I am also not sure about exactly what rules I need to put into my
pf.conf for a redirect, I know I need an anchor and assume that just
anchor relayd/*
would be ok and that I need to put in either a pass or match rule
also... eg.
pass in on $ExtIf inet proto tcp from Admin to myip/32 port 80
$TcpState tagged REDIRECTED
If anyone can help then that would be great.
Thanks for reading.
Keith
Re: Millions of files in /var/www inode / out of space issue.
On 20/02/2013 07:36, Jan Stary wrote: On Tue, Feb 19, 2013 at 00:35, Keith wrote: Q. How do I make the default web folder /var/www/ capable of holding millions of files (say 50GB worth of small 2kb-12kb files) so that I won't get inode issues ? newfs defaults to -f 2k and -b 16k which is fine if you know in advance you will hold 2k-12k files. As for inodes, the default of -i is to create an inode for every 4 frags, that is 8192 bytes. So on a 50G filesystem this should give you over 6.1 millon inodes. What does df -hi say? But first of all, fix your crappy app to not do that. Hi, thanks for the info. Yesterday I did a backup, format, restore of the /var/www partition although to be honest I wasn't really sure what i was doing with regards to the newfs command. I tried running newfs -iwith different values and settled on newfs -i 1 /var/www as it seemed at the time to makes the make the most inodes and that was just based on how much output was generated while newfs was running. # df -hi Filesystem SizeUsed Avail Capacity iused ifree %iused Mounted on /dev/sd0a 1005M135M819M14%3272 152630 2% / /dev/sd0k 1005M2.0K955M 0% 1 155901 0% /home /dev/sd0n 21.0G2.0K 20.0G 0% 1 2832253 0% /scratch /dev/sd0d 3.9G 14.0K3.7G 0% 21 545641 0% /tmp /dev/sd0f 2.0G461M1.4G24% 13537 272285 5% /usr /dev/sd0g 1005M193M762M20%9547 146355 6% /usr/X11R6 /dev/sd0h 6.8G2.0G4.5G31% 41346 868092 5% /usr/local /dev/sd0j 2.0G2.0K1.9G 0% 1 285821 0% /usr/obj /dev/sd0i 1.9G2.0K1.8G 0% 1 285821 0% /usr/src /dev/sd0e 6.3G 37.2M6.0G 1% 740 856730 0% /var /dev/sd0m 1001M6.5M944M 1% 53 155849 0% /var/log /dev/sd0l 4.7G1.2G3.3G26% 449170 220631617% /var/www /dev/sd1a 1.8T1.6T147G92% 720111 60427023 1% /mnt/Media2TB /dev/sd2a 55.0G 11.3G 41.0G22% 208 7353262 0% /var/mysql The above df -hi output was done today after the wiped the app and started it again from scratch. It had been running for about 12 hours and there was about 450,000 files. How many files do you think I'll be able to store with this number of inodes ? I'd never used dump or restore before and was supprised as how easy it was to backup, format and restore the files so that will come in handy if I need to move this partition later to a larger disk. I'll think I will just have to keep an eye on my inodes until I get a feel for how many I need. I don't know how to fix the app or why the developers decided to make so many files on disk so I asked in their chat room Keef: I don't know how many files I had at the time that I was getting issues probably about 1/2 million but I have since wiped the partition and reformatted with more inodes but I ended up asking for help in with my inode problem on a OpenBSD mailing lists and they were asking why the newznab app wrote the files to disk in the first place. So I thought I'd should ask here... ll: do you want 20GB of files in your db? forkless: i know i dont ll: nor i ll: and thats the reason realy Safra: lol Safra: Then you will get why is my nzbfiles table corrupt? Safra: =p Safra: I cant download anything? Safra: lol Safra: fix it for me NOW Safra: =p forkless: then the next step will be why arent the cover in the db either forkless: and before you know it your db is 100GB Keef: So how many files do the typical newnab users end up having and how much space should I partition up for ? forkless: i've only got a 120k releases or so but i dont nearly index all forkless: i guess depends on your needs I guess they have a good point as they have to support the app. Cheers Keith
Re: Millions of files in /var/www inode / out of space issue.
On 19/02/2013 10:47, MJ wrote: Which app are you running that is generating millions of tiny files in a single directory? Regardless, in this case OpenBSD is not the right tool for the job. You need either FreeBSD or a Solaris variant to handle this problem because you need ZFS. What limits does ZFS have? --- The limitations of ZFS are designed to be so large that they will never be encountered in any practical operation. ZFS can store 16 Exabytes in each storage pool, file system, file, or file attribute. ZFS can store billions of names: files or directories in a directory, file systems in a file system, or snapshots of a file system. ZFS can store trillions of items: files in a file system, file systems, volumes, or snapshots in a pool. I'm not sure why ZFS hasn't yet been ported to OpenBSD, but if it were then that would pretty much eliminate the need for my one and only FreeBSD box ;-) On Feb 19, 2013, at 2:35 AM, Keith ke...@scott-land.net wrote: Q. How do I make the default web folder /var/www/ capable of holding millions of files (say 50GB worth of small 2kb-12kb files) so that I won't get inode issues ? The problem is that my server has the default disk layout as I didn't expect to have millions of files (I though they would be stored in the DB). When I started the app it generated all the files and I got out of space warnings. I tried moving the folder containing the files and making a symlink back but that didn't work because nginx is in a chroot. The two option I think I have are. 1. Reinstall the OS and make a dedicated /var/www partition but how I increase the inode limit I have no idea. 2. Make a new partition, format it, copy the files from the original partition and swap them around and restart nginx. ( Do i run newfs with some option to make more inodes ?) Thanks Keith. It's a usenet indexing application called Newznab. It consists of two parts, some php scripts that do the indexing that are generating the pesky nbz.gz files and then there's the web front end. This running on my home server / firewall and I think it's almost working I just need to get the partitions sorted out and it should be fine. I don't want to switch to FreeBSD for ZFS or introduce another machine for a NFS Volume. To be honest I didn't think indexing usenet would be such a big deal, but it's a turning out to be quite a resource hog. Keith
Millions of files in /var/www inode / out of space issue.
Q. How do I make the default web folder /var/www/ capable of holding millions of files (say 50GB worth of small 2kb-12kb files) so that I won't get inode issues ? The problem is that my server has the default disk layout as I didn't expect to have millions of files (I though they would be stored in the DB). When I started the app it generated all the files and I got out of space warnings. I tried moving the folder containing the files and making a symlink back but that didn't work because nginx is in a chroot. The two option I think I have are. 1. Reinstall the OS and make a dedicated /var/www partition but how I increase the inode limit I have no idea. 2. Make a new partition, format it, copy the files from the original partition and swap them around and restart nginx. ( Do i run newfs with some option to make more inodes ?) Thanks Keith.
OBSD PF / Carp and pfsync issue
I setup a pair of OBSD box's with carp pfsync last week, They appeared to working when I left them although the number of states on each was out by about 20%. I had the leave them like they were, but when I checked on them this morning I noticed that the backup box only has about 15 states and the active box has about 8000! I compared the hostname.vlan .carp files on each box and realised that I has an extra character in one of the carp password fields in one of the files. I fixed this but haven't done a sh /etc/netstart yet as don't want to do that remotely. The wrong password in the files makes sense and will account for the missing 20% states but could the wrong password have been seen as a denial of service against pfsync and have caused it to stop syncing ? I've had a look at the /var/log/messages daemon files but there's nothing there. PF doesn't seem to be blocking anything and if I run tcpdump on the vlan's I can see carp broadcasts (I don't understand them, but they are there). Does anyone have any suggestions. Thanks Keith.
Relayd as Transparent HTTP Proxy problem
I have been trying to get relayd to work as a Transparent http proxy on
a old OBSD 4.7 server today but I am having some trouble getting it to
do what I want. The transparent proxy works perfectly but I want to
block access to all websites unless their on a whitelist in the
relayd.conf file. We have squid proxy that all our web traffic should
go through but we also have some apps that just refuse to use a proxy
that we think we could let through the transparent proxy.
http protocol httpfilter {
tcp { nodelay, sack, socket buffer 65536, backlog 1000 }
return error
header change Keep-Alive to $TIMEOUT
header change Connection to close
request header log Host
label Unauthorised Host please contact support@
request header expect undeadly.org from Host
request header expect *undeadly.org* from Host
# label BAD user agent
# request header filter Mozilla/4.0* from User-Agent
# request header filter SomeBrokeBrowser/1.0* from User-Agent
# label BAD Host request
#request header filter *youtube.com* from Host
#request header filter *myspace.com* from Host
#request header filter *facebook.com* from Host
#request header filter *bfriends.com* from Host
request header change Accept to
text/html,text/plain;q=0.9,*/*;q=0.8
request header change Accept-Charset to ISO-8859-1,utf-8;q=0.9
request header change Accept-Encoding to gzip
request header change Accept-Language to en-us,en;q=0.9
request header change User-Agent to InVis
}
relay httpproxy {
listen on 127.0.0.1 port 8080
protocol httpfilter
forward to nat lookup
}
When the above config is loaded and I visit the undeadly website I just
get the following error.
Forbidden
incomplete request
OpenBSD relayd at 127.0.0.1 port 8080
Can someone help ?
Thanks
Keith
Need help with missing libraries libintl.so.60 libiconv.so.6.0'
Hi, I decided to try and setup a cups usb printer with cups / ghostscript / gutenprint. I used pkg_add to do the installs and now I am unable to use pico or nano. I keep getting the following. nano: can't load library 'libintl.so.6.0' or pico: can't load library 'libintl.so.6.0' I have uninstalled the packages that I installed and have tried uninstalling/installing pico nano and have tried installing some libraries using pkg_add but with no luck. Can again help ? Thanks Keith
Re: Need help with missing libraries libintl.so.60 libiconv.so.6.0'
Got it working again. Just ran the following. #ldconfig /usr/local/lib On 27/01/2013 11:44, Keith wrote: Hi, I decided to try and setup a cups usb printer with cups / ghostscript / gutenprint. I used pkg_add to do the installs and now I am unable to use pico or nano. I keep getting the following. nano: can't load library 'libintl.so.6.0' or pico: can't load library 'libintl.so.6.0' I have uninstalled the packages that I installed and have tried uninstalling/installing pico nano and have tried installing some libraries using pkg_add but with no luck. Can again help ? Thanks Keith
USB Printing help / how to request.
Hi, I've tried a few times to get my Home FW / Download box to be a print server with my Epson Stylux Photo R285 but each time I've tried I've given up as i just couldn't figure how to get it all to work. It seems really complicated and using Google to find tutorials hasn't helped. I have been able to get cups installed and can see the web interface before but I don't realy get any further than that. 1. For some reason cups couldn't find my usb printer. know matter what I try. I though it might be permissions on the /dev/ file but am not sure. I have managed in the past to spool text to the /dev/ulpt0/1 port and make the printer print junk. 2. I think I need a driver to make it work but don't know where to get the driver or where I should put it once I have it. 3. I don't know if I need a driver ? I just want machines on my network (PC's and Kindle Tablet) to be able to print through it. I won't want the OpenBSD box itself to print. Hope what I am asking makes sense as I am properly confused now :( and Thanks for reading. Thanks Keith
Re: Running OpenBSD on Raspberry Pi
On 31/12/2012 13:20, mxb wrote: USB2ETH will be Achilles' heel with this hw, as soon as you start pushing pkts. On 31 dec 2012, at 13:45, Loïc BLOT loic.b...@unix-experience.fr wrote: That's the cheapest solution for homing firewall I also heard that usb and interupts are a real issue with the Pii although that was with video streaming.
ATI HD Card @ 2650 x 1400 on OBSD Possible ?
I am thinking about getting a cheap 27 IPS Korean screen of ebay and a ATI HD radeon card. I was wondering what ATI graphics card would be the best / most supported on OBSD 5.0 or 5.1 ? and if I would be able to get a usable X desktop running at 2650 x 1400 ? The screens are on ebay, just search for 27 IPS if your interested. Only some ATI cards are supported by the screens so I just need to figure out what card works best on OBSD and is also compatible with the specific screen that I get. I need to get a dual link card so am thinking about something like the ATI HD 5450 but the following ATI cards are listed as supported. x 1950 GT HD 2900 XT HD 3870 X2 HD 4670, 4850, 5450, 5550, 5650, 5670, 5840. Thanks Keith
Dell Fan Speeds / Power management (OS CONTROL) Crapy data center.
In Dell PowerEdge R310's and proably other poweredge servers there's a setting in the bios for power saving that I've set to OS Control. On Monday a pdu that powers a number of our R310's and some other kit burnt out at the big plug that plugs into the pdu. The Pdu was replaced by the data center staff and when I wen to the data center to plug our servers back in again an operator was saying that it's the fan's in the servers that consume all the power. That's made me think that maby the temperature in the datacenter might have gone through the roof on the Monday afternoon and have caused all the R310's fans to kick in on full power and possible break the pdu? So my question is really, what should I set the power saving setting to on the Dell server that are running OBSD. (all 4.9 or 5.0 + amd64) The link below is for the R310 and is all about the bios / power saving states. http://www.google.co.uk/url?sa=trct=jq=R310+os+controlsource=webcd=2ved=0CCoQFjABurl=http%3A%2F%2Fwww.dell.com%2Fdownloads%2Fglobal%2Fproducts%2Fpedge%2Fen%2Fpoweredge_r310_techguide_final1.pdfei=7VA-T4myMY7B8gOi67WiCAusg=AFQjCNHE9kqeypH1u6XRcT94GhXS07VPJAcad=rja I've now got a APC Netbots with external probes monitoring / graphing Emailing so if this happens again I've at least got some environmental data to help work out why this is happening. Cheers Keith
Softraid raid 5 throughput problem
I built a storage server to run the Bacula storage daemon on. My plan was to boot of a usb key then to use the four 2TB sata disks that are in the server as a softraid raid 5 volume. The server in question is a dell poweredge R310, i3 CPU 540 @ 3.07GHz with OBSD 5.0 amd64. I put the OS onto the usb key but the softraid 5 volume seemed realy slow. Sftping files over the local network to the servers softraid volume was taking ages. So as I was short of time I just rebuilt the server installing OBSD into one of the sata disks wd0 Later I connect to the server and made a raid5 volume on the remaining three disks but the speed was really slow to I tried a raid1 on two of the disks and that works fine speed wise. I've tried to get some stats to figure out what's going on raid 5 (wd1, wd2,wd3) Time for newfs command to complete = 1 min 14 secs raid 5 (wd1, wd2,wd3) Time to copy 2.3G file from wd0 onto the softraid5 disk = 5 mins ish raid 1 (wd1, wd2) = 1.8TB Time for newfs command to complete = 4 secs raid 1 (wd1, wd2) copy 2.3G Time to copy 2.3G file from wd0 onto softraid disk = 25 secs As this point I though I'd try raid0 but the server went and hung for some reason. #bioctl -d sd0 #bioctl -c 0 -l /dev/wd2a,/dev/wd3a softraid0 It hung on this command Won't know what happed till I get to the datacenter. Idealy I wanted one large disk but if can't get a quick raid5 working I will just use two softraid raid 1 disks and work around it. Does anyone have any suggestions ? Thanks Keith
Re: Softraid raid 5 throughput problem
On 16/01/2012 15:43, Joel Sing wrote: On Monday 16 January 2012, keith wrote: I built a storage server to run the Bacula storage daemon on. My plan was to boot of a usb key then to use the four 2TB sata disks that are in the server as a softraid raid 5 volume. The server in question is a dell poweredge R310, i3 CPU 540 @ 3.07GHz with OBSD 5.0 amd64. I put the OS onto the usb key but the softraid 5 volume seemed realy slow. Sftping files over the local network to the servers softraid volume was taking ages. So as I was short of time I just rebuilt the server installing OBSD into one of the sata disks wd0 Later I connect to the server and made a raid5 volume on the remaining three disks but the speed was really slow to I tried a raid1 on two of the disks and that works fine speed wise. I've tried to get some stats to figure out what's going on raid 5 (wd1, wd2,wd3) Time for newfs command to complete = 1 min 14 secs raid 5 (wd1, wd2,wd3) Time to copy 2.3G file from wd0 onto the softraid5 disk = 5 mins ish raid 1 (wd1, wd2) = 1.8TB Time for newfs command to complete = 4 secs raid 1 (wd1, wd2) copy 2.3G Time to copy 2.3G file from wd0 onto softraid disk = 25 secs RAID 5 with softraid(4) is not ready for primetime - in particular it does not support scrub or rebuild. If you have a single disk failure you will get to keep your data, however you will need to dump/rebuild/restore. I'm not specifically aware of performance issues, but I'm not entirely surprised either - I'll try to take a look at some point. RAID 5 writes will be slower, but not that much slower... As this point I though I'd try raid0 but the server went and hung for some reason. #bioctl -d sd0 #bioctl -c 0 -l /dev/wd2a,/dev/wd3a softraid0 It hung on this command Won't know what happed till I get to the datacenter. I'm guessing that you did not clear the existing RAID 1 metadata first, in which case you'll probably have a divide by zero with a trace that ends in sr_raid1_assemble() - there is a bug there that I hit the other night. Idealy I wanted one large disk but if can't get a quick raid5 working I will just use two softraid raid 1 disks and work around it. Does anyone have any suggestions ? I'd stick with RAID 1 - you can use more than two disks, which will give you increased redundancy and should improve read throughput. Obviously you'll have less capacity though. Thanks for the quick answers, If I just create two raid 1 sets on the server then could I just make a raid 0 volume using both raid1's ? Thanks Keith
Re: Help with rc.local scripts
On 05/01/2012 16:43, keith wrote: Hi, I have build a graylog2 server with obsd 5.0 x64 but can't figure out how to get the some of the programs to auto start, They all start when run as root but only the mogod one starts up at boot time. Can anyone help ? if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi if [ -x /usr/local/elasticsearch/bin/elasticsearch ]; then echo -n ' Elasticsearch'; /usr/local/elasticsearch/bin/elasticsearch fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Server'; java /usr/local/graylog2-server/graylog2-server.jar fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Web'; /usr/local/graylog2-web-interface/script/rails server -e production fi I've edited the /root/.profile and have added the path to java to PATH and also set JAVA_HOME. Thanks Keith Taking advice for Zi and Otto I've moved on a little... The MongoDB and Elastic Search are starting but Java / Graylog2-server and the Ruby / Graylog2-Web-Interface still won't start. The current rc.local file looks like if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi export JAVA_HOME=/usr/local/jre-1.7.0/ echo -n ' Run Elasticsearch:' sh /usr/local/elasticsearch/bin/elasticsearch echo -n ' Run Graylog2-Server:' cd /usr/local/graylog2-server/ /usr/local/jre-1.7.0/bin/java /usr/local/graylog2-server/graylog2- server.jar echo -n ' Run Graylog2-Web:' cd /usr/local/graylog2-web-interface/ /usr/local/graylog2-web-interface/script/rails server -e production And below is the text that appears at boot time. starting network daemons : sshd sendmail inetd. MongoDB mongod Run Elasticsearch: Run Graylog2-Server:Error: Could not find main class .usr.local.graylog2-server.graylog2-server.jar Exception in thread main java.land.NoClassDefFoundError: . usr.local.graylog2-server.graylog2-server.jar Then there's about 10 lines of java errors text then.. Run Graylog2-Web:starting local daemons:env: ruby: No such file or directory cron. When I log into the server as root and run the following as root then both the server and web-interface start fine. echo -n 'Graylog2-Server' cd /usr/local/graylog2-server/ java -jar graylog2-server.jar echo -n 'Graylog2-Web' cd /usr/local/graylog2-web-interface/ script/rails server -e production Any help would be appreciated. Thanks Keith
Re: Help with rc.local scripts
On 06/01/2012 11:46, Zi Loff wrote: On Jan 6, 2012, at 11:34 AM, keith wrote: On 05/01/2012 16:43, keith wrote: Hi, I have build a graylog2 server with obsd 5.0 x64 but can't figure out how to get the some of the programs to auto start, They all start when run as root but only the mogod one starts up at boot time. Can anyone help ? if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi if [ -x /usr/local/elasticsearch/bin/elasticsearch ]; then echo -n ' Elasticsearch'; /usr/local/elasticsearch/bin/elasticsearch fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Server'; java /usr/local/graylog2-server/graylog2-server.jar fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Web'; /usr/local/graylog2-web-interface/script/rails server -e production fi I've edited the /root/.profile and have added the path to java to PATH and also set JAVA_HOME. Thanks Keith Taking advice for Zi and Otto I've moved on a little... The MongoDB and Elastic Search are starting but Java / Graylog2-server and the Ruby / Graylog2-Web-Interface still won't start. The current rc.local file looks like if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi export JAVA_HOME=/usr/local/jre-1.7.0/ echo -n ' Run Elasticsearch:' sh /usr/local/elasticsearch/bin/elasticsearch echo -n ' Run Graylog2-Server:' cd /usr/local/graylog2-server/ /usr/local/jre-1.7.0/bin/java /usr/local/graylog2-server/graylog2- server.jar Isn't the -jar option missing here? ../java -jar /usr/local... echo -n ' Run Graylog2-Web:' cd /usr/local/graylog2-web-interface/ /usr/local/graylog2-web-interface/script/rails server -e production And below is the text that appears at boot time. starting network daemons : sshd sendmail inetd. MongoDB mongod Run Elasticsearch: Run Graylog2-Server:Error: Could not find main class .usr.local.graylog2-server.graylog2-server.jar Exception in thread main java.land.NoClassDefFoundError: . usr.local.graylog2-server.graylog2-server.jar Then there's about 10 lines of java errors text then.. Run Graylog2-Web:starting local daemons:env: ruby: No such file or directory cron. When I log into the server as root and run the following as root then both the server and web-interface start fine. echo -n 'Graylog2-Server' cd /usr/local/graylog2-server/ java -jar graylog2-server.jar echo -n 'Graylog2-Web' cd /usr/local/graylog2-web-interface/ script/rails server -e production Any help would be appreciated. Thanks Keith Thank you, that's made a difference. The Graylog2-Server isn't starting but the error has changed... Unfortunately the console scrolls so quickly I can't see what the error is !!! Earlier today I tried to get a serial console working but it didn't work earlier today when I tried. Probably because this OSDB box is a virtual server running in VMware. I think / hope the errors are to do with the root profile. Thanks Keith
Re: Help with rc.local scripts
On 06/01/2012 14:13, Zi Loff wrote: I haven't tried it myself, so I have no idea if it works, but maybe you can redirect stdout and stderr to a file... Something along the lines of: (please note i added the -jar switch as well) echo -n ' Graylog2-Server'; java -jar /usr/local/graylog2-server/graylog2-server.jar 1 somefile 21 On Jan 6, 2012, at 2:06 PM, keith wrote: On 06/01/2012 11:46, Zi Loff wrote: On Jan 6, 2012, at 11:34 AM, keith wrote: On 05/01/2012 16:43, keith wrote: Hi, I have build a graylog2 server with obsd 5.0 x64 but can't figure out how to get the some of the programs to auto start, They all start when run as root but only the mogod one starts up at boot time. Can anyone help ? if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi if [ -x /usr/local/elasticsearch/bin/elasticsearch ]; then echo -n ' Elasticsearch'; /usr/local/elasticsearch/bin/elasticsearch fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Server'; java /usr/local/graylog2-server/graylog2-server.jar fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Web'; /usr/local/graylog2-web-interface/script/rails server -e production fi I've edited the /root/.profile and have added the path to java to PATH and also set JAVA_HOME. Thanks Keith Taking advice for Zi and Otto I've moved on a little... The MongoDB and Elastic Search are starting but Java / Graylog2-server and the Ruby / Graylog2-Web-Interface still won't start. The current rc.local file looks like if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi export JAVA_HOME=/usr/local/jre-1.7.0/ echo -n ' Run Elasticsearch:' sh /usr/local/elasticsearch/bin/elasticsearch echo -n ' Run Graylog2-Server:' cd /usr/local/graylog2-server/ /usr/local/jre-1.7.0/bin/java /usr/local/graylog2-server/graylog2- server.jar Isn't the -jar option missing here? ../java -jar /usr/local... echo -n ' Run Graylog2-Web:' cd /usr/local/graylog2-web-interface/ /usr/local/graylog2-web-interface/script/rails server -e production And below is the text that appears at boot time. starting network daemons : sshd sendmail inetd. MongoDB mongod Run Elasticsearch: Run Graylog2-Server:Error: Could not find main class .usr.local.graylog2-server.graylog2-server.jar Exception in thread main java.land.NoClassDefFoundError: . usr.local.graylog2-server.graylog2-server.jar Then there's about 10 lines of java errors text then.. Run Graylog2-Web:starting local daemons:env: ruby: No such file or directory cron. When I log into the server as root and run the following as root then both the server and web-interface start fine. echo -n 'Graylog2-Server' cd /usr/local/graylog2-server/ java -jar graylog2-server.jar echo -n 'Graylog2-Web' cd /usr/local/graylog2-web-interface/ script/rails server -e production Any help would be appreciated. Thanks Keith Thank you, that's made a difference. The Graylog2-Server isn't starting but the error has changed... Unfortunately the console scrolls so quickly I can't see what the error is !!! Earlier today I tried to get a serial console working but it didn't work earlier today when I tried. Probably because this OSDB box is a virtual server running in VMware. I think / hope the errors are to do with the root profile. Thanks Keith Thanks, It appears that elasticsearch doesn't have enough time to start. I've tried putting a sleep 20 into the rc.local file and although that did work I don't get a login prompt on the console, tool it out reduced it to 15 seconds and still the same. Removed it completely and the login box has returned. Strange. # cat /usr/local/graylog2-server-0.9.6/somefile 2012-01-06 14:54:07,553 FATAL: org.graylog2.Main - IOException while trying to check Index. Make sure that your ElasticSearch server is running. java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:320) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:181) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:163) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:390) at java.net.Socket.connect(Socket.java:578) at java.net.Socket.connect(Socket.java:527) at sun.net.NetworkClient.doConnect(NetworkClient.java:180) at sun.net.www.http.HttpClient.openServer(HttpClient.java:384) at sun.net.www.http.HttpClient.openServer(HttpClient.java:477) at sun.net.www.http.HttpClient.init(HttpClient.java:213) at sun.net.www.http.HttpClient.New(HttpClient.java:300) at sun.net.www.http.HttpClient.New(HttpClient.java:312
Re: Help with rc.local scripts
On 06/01/2012 14:51, Jiri B wrote: On Fri, Jan 06, 2012 at 02:06:28PM +, keith wrote: Thank you, that's made a difference. The Graylog2-Server isn't starting but the error has changed... Unfortunately the console scrolls so quickly I can't see what the error is !!! Earlier today I tried to get a serial console working but it didn't work earlier today when I tried. Probably because this OSDB box is a virtual server running in VMware. IIRC you can create virtual serial for a VM, then you have to whitelist the location on the host (stupid VMWare). If there's netcat/socat on the host you could tunnel it via ssh. Maybe something like this (untested) ssh esxi netcat -U /path/to/virtual_serial.sock | \ socat STDIO TCP-LISTEN:5500 telnet localhost 5500 jirib Thanks Jirib. I will give this a try later.
Re: Help with rc.local scripts
On 06/01/2012 15:53, Jiri B wrote: On Fri, Jan 06, 2012 at 03:27:25PM +, Zi Loff wrote: If all daemons are *always* meant to be started together, what about creating a script that starts the them in sequence -- with some 'sleep' and/or wait-until-the-previous-daemon-becomes-available in the middle -- and then calling that script from rc.local? Guys, as you have spent so big time with this applications maybe you could create a port for it :) Then you would get rc.d framework benefits and you could use rc_pre function to check if your required daemon is already running. jirib Sorry for all the noise on Misc... I wouldn't know where to start to make a port, but if there was a couple of easy howtos (I couldn't see any) then I would give it a go. BUT When I finally get all this working I'll send my small tutorial on how-to get Graylog2 working on OpenBSD to bsdmag.org Keith
Help with rc.local scripts
Hi, I have build a graylog2 server with obsd 5.0 x64 but can't figure out how to get the some of the programs to auto start, They all start when run as root but only the mogod one starts up at boot time. Can anyone help ? if [ -x /etc/rc.d/mongod ]; then echo -n ' MongoDB'; /etc/rc.d/mongod start fi if [ -x /usr/local/elasticsearch/bin/elasticsearch ]; then echo -n ' Elasticsearch'; /usr/local/elasticsearch/bin/elasticsearch fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Server'; java /usr/local/graylog2-server/graylog2-server.jar fi if [ -x /usr/local/graylog2-server/graylog2-server.jar ]; then echo -n ' Graylog2-Web'; /usr/local/graylog2-web-interface/script/rails server -e production fi I've edited the /root/.profile and have added the path to java to PATH and also set JAVA_HOME. Thanks Keith
Re: Can't create 1.5TB softraid partition.
Hi Christian, I'll will try as soon as I can. That's going to be early next year now as I accidentally messed with the wrong disk in the server and will now need to make a wee trip to the data center to reinstall obsd oops... Cheers Keith On 22/12/2011 23:05, Christian Weisgerber wrote: Keithke...@scott-land.net wrote: I am having some trouble getting 4 x 2TB sata disks into one big single softraid (raid 5) disk. I can create the softraid0 disk and it's 5.5TB want would like to get a single 5.5TB partition but can only make one single 1.5TB partition! Can someone tell me where I'm going wrong. #fdisk -iy sd1 The MBR format is limited to a 32-bit number of sectors. Given 512-byte sectos, it cannot handle values larger than 2TB. However, this doesn't matter if you don't want to share the disk with other operating systems. In disklabel(8), simply set the OpenBSD disk boundaries 'b' to the real size '*'; see the man page. Here's the partition info I put on a 3TB disk: # fdisk sd1 Disk: sd1 geometry: 364801/255/63 [1565565872 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 267349 89 3 [ 64: 4294967231 ] OpenBSD # disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Hitachi HUA72303 duid: aa3700ccfc518ee8 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 364801 total sectors: 5860533168 boundstart: 64 boundend: 4294967295 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] c: 58605331680 unused d: 5860533056 64 4.2BSD 8192 655361 # /export
Re: Can't create 1.5TB softraid partition.
On 22/12/2011 21:36, Keith wrote: I am having some trouble getting 4 x 2TB sata disks into one big single softraid (raid 5) disk. I can create the softraid0 disk and it's 5.5TB want would like to get a single 5.5TB partition but can only make one single 1.5TB partition! Can someone tell me where I'm going wrong. Thanks Keith === Start from fresh and delete softraid0 disk... #bioctl -d sd0 ## Wipe the first part of the disks. #dd if=/dev/zero of=/dev/rwd0c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd1c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd2c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd3c bs=10m count=1 #fdisk -iy wd0 #fdisk -iy wd1 #fdisk -iy wd2 #fdisk -iy wd3 ## Make a partition of type RAID #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd0 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd1 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd2 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd3 #bioctl -c 5 -l /dev/wd0a,/dev/wd1a,/dev/wd2a,/dev/wd3a softraid0 sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 5, 004 SCSI2 0/direct fixed sd1: 5723178MB, 512 bytes/sector, 11721070080 sectors #dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 #fdisk -iy sd1 This give me # fdisk -e sd1 Enter 'help' for information fdisk: 1 p Disk: sd1 geometry: 729602/255/63 [3131135488 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 194903 76 55 [ 64: 3131121474 ] OpenBSD Then I try and partition the disk. # disklabel -E sd1 Label editor (enter '?' for help at any prompt) a a offset: [64] size: [3131121474] FS type: [4.2BSD] p T OpenBSD area: 64-3131121538; size: 1.5T; free: 0.0T #size offset fstype [fsize bsize cpg] a: 1.5T 64 4.2BSD 8192 655361 c: 5.5T0 unused It seems like an fdisk issue to me. If I just use one 2TB sata disk and create the biggest partition I can using fdisk then I get a 1.8TB partition. If I do the same on a softraid (raid 5) partition using 4 of the 2TB disks the biggest partition I can make is just 1.5TB but the actual softraid disk is apparently 5723178MB (5.4TB) I was trying to get some details from fdisk to put here but i've just run fdisk -i sd0 on the wrong disk and trashed the boot disk I can't run the reboot command either as it just gives Segmentation fault. Keith
I've Just fdisked my remote servers bootdisk Agghhh
I just acidentaly ran fdisk -i sd0 on a newly built but remote OBSD 5.0 x64 server. I thought about just rebooting and hoping it comes back up but the reboot command just gives # reboot /: create/symlink failed, no inodes free Segmentation fault Don't suppose anyone knows if there's anyway of forcing a reboot ? It is a totaly fresh install of OBSD 5.0 with nothing else installed on it. I have been trying to get a softraid built but have been having issues with fdisk and softraid and just accidentally typed fdisk -iy sd0 instead of fdisk -iy sd1.. Cheers Keith
Can't create 1.5TB softraid partition.
I am having some trouble getting 4 x 2TB sata disks into one big single softraid (raid 5) disk. I can create the softraid0 disk and it's 5.5TB want would like to get a single 5.5TB partition but can only make one single 1.5TB partition! Can someone tell me where I'm going wrong. Thanks Keith === Start from fresh and delete softraid0 disk... #bioctl -d sd0 ## Wipe the first part of the disks. #dd if=/dev/zero of=/dev/rwd0c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd1c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd2c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd3c bs=10m count=1 #fdisk -iy wd0 #fdisk -iy wd1 #fdisk -iy wd2 #fdisk -iy wd3 ## Make a partition of type RAID #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd0 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd1 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd2 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd3 #bioctl -c 5 -l /dev/wd0a,/dev/wd1a,/dev/wd2a,/dev/wd3a softraid0 sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 5, 004 SCSI2 0/direct fixed sd1: 5723178MB, 512 bytes/sector, 11721070080 sectors #dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 #fdisk -iy sd1 This give me # fdisk -e sd1 Enter 'help' for information fdisk: 1 p Disk: sd1 geometry: 729602/255/63 [3131135488 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 194903 76 55 [ 64: 3131121474 ] OpenBSD Then I try and partition the disk. # disklabel -E sd1 Label editor (enter '?' for help at any prompt) a a offset: [64] size: [3131121474] FS type: [4.2BSD] p T OpenBSD area: 64-3131121538; size: 1.5T; free: 0.0T #size offset fstype [fsize bsize cpg] a: 1.5T 64 4.2BSD 8192 655361 c: 5.5T0 unused
Re: Can't create 1.5TB softraid partition.
at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 bnx1: address 78:2b:cb:23:36:15 brgphy1 at bnx1 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 sd1 detached sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 5, 004 SCSI2 0/direct fixed sd1: 5723178MB, 512 bytes/sector, 11721070080 sectors sd1 detached sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 5, 004 SCSI2 0/direct fixed sd1: 5723178MB, 512 bytes/sector, 11721070080 sectors wskbd0: disconnecting from wsdisplay0 wskbd0 detached ukbd0 detached uhidev0 detached uhid0 detached uhid1 detached uhidev1 detached sd1 detached sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 5, 004 SCSI2 0/direct fixed sd1: 5723178MB, 512 bytes/sector, 11721070080 sectors umass1 at uhub19 port 1 configuration 1 interface 0 FreeCom Freecom MD Secure rev 2.00/1.01 addr 4 umass1: using SCSI over Bulk-Only scsibus4 at umass1: 2 targets, initiator 0 sd2 at scsibus4 targ 1 lun 0: WDC WD10, TPVT-00U4RT1, SCSI2 0/direct fixed serial.07abfc97D61A4154135F sd2 detached scsibus4 detached umass1 detached umass1 at uhub19 port 1 configuration 1 interface 0 FreeCom Freecom MD Secure rev 2.00/1.01 addr 4 umass1: using SCSI over Bulk-Only scsibus4 at umass1: 2 targets, initiator 0 sd2 at scsibus4 targ 1 lun 0: WDC WD10, TPVT-00U4RT1, SCSI2 0/direct fixed serial.07abfc97D61A4154135F sd2: 953869MB, 512 bytes/sector, 1953525168 sectors On 22/12/2011 21:36, Keith wrote: I am having some trouble getting 4 x 2TB sata disks into one big single softraid (raid 5) disk. I can create the softraid0 disk and it's 5.5TB want would like to get a single 5.5TB partition but can only make one single 1.5TB partition! Can someone tell me where I'm going wrong. Thanks Keith === Start from fresh and delete softraid0 disk... #bioctl -d sd0 ## Wipe the first part of the disks. #dd if=/dev/zero of=/dev/rwd0c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd1c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd2c bs=10m count=1 #dd if=/dev/zero of=/dev/rwd3c bs=10m count=1 #fdisk -iy wd0 #fdisk -iy wd1 #fdisk -iy wd2 #fdisk -iy wd3 ## Make a partition of type RAID #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd0 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd1 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd2 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E wd3 #bioctl -c 5 -l /dev/wd0a,/dev/wd1a,/dev/wd2a,/dev/wd3a softraid0 sd1 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 5, 004 SCSI2 0/direct fixed sd1: 5723178MB, 512 bytes/sector, 11721070080 sectors #dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 #fdisk -iy sd1 This give me # fdisk -e sd1 Enter 'help' for information fdisk: 1 p Disk: sd1 geometry: 729602/255/63 [3131135488 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 194903 76 55 [ 64: 3131121474 ] OpenBSD Then I try and partition the disk. # disklabel -E sd1 Label editor (enter '?' for help at any prompt) a a offset: [64] size: [3131121474] FS type: [4.2BSD] p T OpenBSD area: 64-3131121538; size: 1.5T; free: 0.0T #size offset fstype [fsize bsize cpg] a: 1.5T 64 4.2BSD 8192 655361 c: 5.5T0 unused
Has php-fpm been left out of OBSD 5.0 ?
Was planning on setting php-fpm up today on a new OpenBSD 5.0 box but can't find php-fpm. I though it was built in to php from version 5.3.3 onwards but it doesn't seem to be. I am trying to setup a chrooted nginx and running php scripts as the websites user. Keith
Ifstated monitoring demon with threads help.
Hi,
I am trying to get ifstated to monitor nginx relayd
demons but can't quite figure out how to do it. As both nginx relayd
have a master process and child threads, I am trying to figure out how
to check that all the processes are running and if there's a problem
(maby one thread dies) kill the service and restart it. As I think this
is the correct to thing to do.
This is my ifstated.conf for nginx, It checks for a predefined number of
processes and if there's a problem It trys to kill the process and start
it again. But it doesn't work. Can anyone help ?
init-state auto
# ps -aux and check that there are 6 processes running
nginx_check = '( ps -aux | grep \nginx\ | grep -v grep | wc -l | grep
6 every 5)'
state auto {
if $nginx_check {
set-state nginx_online
}
if ! $nginx_check {
set-state nginx_offline
}
}
# When nginx comed up log it.
state nginx_online {
init {
run echo Nginx Up : $(date) /var/log/ifstated.log
}
if ! $nginx_check {
set-state nginx_offline
}
}
# When nginx is down or there's not 6 process running, kill the remain
processes and restart,
# This is the part that's not working.
state nginx_offline {
init {
run echo Nginx Down : $(date) /var/log/ifstated.log
run pkill nginx | sleep 5
run nginx -c /etc/nginx/nginx.conf
}
if $nginx_check {
set-state nginx_online
}
}
Thanks
Keith
Can't get Nginx to start at boot. Keeps starting terminating
Hi, When I reboot my server I get following.
starting network daemons: sshd snmpd ifstated sendmail initd.
starting local daemons:.
NginxTerminated
starting daemons: cron.
My rc.local file
# Add your local startup actions here.
echo '.'
if [ -x /usr/local/sbin/nginx ]; then
echo -n ' Nginx'; /usr/local/sbin/nginx
fi
If I log into the server as root and just run /usr/local/sbin/nginx then
Nginx starts up fine. I've tried changing the rc.local file around but
each time I reboot the server i see Terminated in the boot text. Below
is my ifstated script that I have been trying to use to get nginx
started. I've disabled ifstated justnow till I get nginx auto starting
as the server boots but interestingly my ifstated script kind of works
if nginx is up and running and If I kill the process it restart it but
ifstated won't start nginx from cold. (if this makes sense)
Finally... my nginx install isn't standard. It's syslog patched and has
an the header-more module compiled in. I'm not very fluent at creating
users / groups so to get the nginx user accounts that are needed I just
installed nginx from a package then compiled and reinstalled nginx from
source on top of the package. Not sure if this is the reason why it
won't start.
# cat /etc/ifstated.conf
init-state auto
nginx_check = '( ps -aux | grep \nginx\ | grep -v grep | wc -l | grep
6 every 5)'
state auto {
if $nginx_check {
set-state nginx_online
}
if ! $nginx_check {
set-state nginx_offline
}
}
state nginx_online {
init {
run echo Nginx Up : $(date) /var/log/ifstated.log
}
if ! $nginx_check {
set-state nginx_offline
}
}
state nginx_offline {
init {
run echo Nginx Down : $(date) /var/log/ifstated.log
run pkill nginx | sleep 5
run nginx -c /etc/nginx/nginx.conf
}
if $nginx_check {
set-state nginx_online
}
}
If anyone can help me then it would really be appreciated.
Thanks
Keith
USB disks softraid bioctl auto mounting Q
Hi, I have a 1TB USB disk that I want to auto mount to my OBSD 4.9 server but I needed to encrypted the disk using softraid that works but now I can't figure out how to make the disk auto mount. Can someone help me ? The is where I am just now. Pluig in disk...sd0 appears... umass0 at uhub3 port 2 configuration 1 interface 0 FreeCom Freecom MD Secure rev 2.00/1.01 addr 5 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets, initiator 0 sd0 at scsibus2 targ 1 lun 0: WDC WD10, TPVT-00U4RT1, SCSI2 0/direct fixed sd0: 953869MB, 512 bytes/sec, 1953525168 sec total #fdisk -iy sd0 #printf a\n\n\n\nRAID\nw\nq\n\n | disklabel -E sd0 #bioctl -c C -l /dev/sd0a softraid0 passphrase = sausages New disk appears... ###scsibus4 at softraid0: 1 targets ###sd2 at scsibus4 targ 0 lun 0: OPENBSD, SR CRYPTO, 004 SCSI2 0/direct fixed ###sd2: 953866MB, 512 bytes/sec, 1953519473 sec total # dd if=/dev/zero of=/dev/sd1 bs=1m count=1 # fdisk -iy sd1 # printf a\n\n\n\n4.2BSD\nw\nq\n\n | disklabel -E sd1 # newfs sd1a # mount /dev/rsd1a /mnt or is it # mount /dev/sd1a /mnt Disk works fine. But if I reboot we need to issue the 'bioctl' line again and I am not sure how to do this. Thanks Keith
Relayd and URL Filter problem
Hi, We have the following code in our relayd.conf file and it works
fantasticaly for our http traffic that we have been putting through it.
We now want to start using webdav and have realised that the header
change lines are stopping webdav from working for some reason. Is there
possible to filter by domain so that say for webdav.domain.com we
don't do any header change ? We realise that we could just get another
IP address and get pf to forward to another port but if it's possible to
filter in relayd then that would be our preferred option.
http protocol http_service { tcp { sack, socket buffer 65536, backlog
1000 }
return error
header change X-Forwarded-For to $REMOTE_ADDR
header change Keep-Alive to $TIMEOUT
header change Connection to close
}
relay http_forwarder {
listen on 127.0.0.1 port 8080
protocol http_service
forward to web_hosts port 80 mode loadbalance check http / code 200
}
Thanks
Keith
LDAPD and no Base DN
I am trying to setup LDAPD but keep running into 'Base DN' issues. My coluege managed to get OpenLDAP working on a linux server but as LDAPD is now available for OBSD I am keen to switch to ldap servers before we start to populate our directory. I've managed to get the ldap web gui phpldapadmin to talk to LDAPD but after logging in we get the following. ? dn=example, dn=com This base entry does not exist. Create it ? the 'create it' link is a javascript link that doesn't do anything! This page describes the issue with phpLDAPadmin and baseDN but I haven't been able to get it to work. http://phpldapadmin.sourceforge.net/wiki/index.php/FAQ#How_does_PLA_work_out_the_BASE_DN.3F Our phpLDAPadmin connection is using 'ldapi://%2fvar%2frun%2fldapi/' as to avoid ssl, sasl issues. I was wondering if the issue is related to ldapd acl's and have tried putting some entried into the ldapd.conf file but no joy. Running ldapsearch I can see that the DN and Base appear to be empty, My guess is that this is where the issue is. # ldapsearch -LLL -x -h localhost -b '' -s base + dn: supportedLDAPVersion: 3 namingContexts: dc=nhsscotland,dc=com supportedExtension: 1.3.6.1.4.1.1466.20037 supportedFeatures: 1.3.6.1.4.1.4203.1.5.1 subschemaSubentry: cn=schema supportedSASLMechanisms: PLAIN # ldapsearch -x -H 'ldapi://%2fvar%2frun%2fldapi/' # extended LDIF # LDAPv3 # base with scope subtree # filter: (objectclass=*) # requesting: ALL # search result search: 2 result: 32 No such object # numResponses: 1 Does anyone have any ideas what the problem might be ? Thanks Keith
Re-KeyGen Virtual machine from template
I've managed to get OpenBSD working in a virtual machine and have created a template to use whenever I need a new OBSD virtual server but I was wondering what would need to be done to each machine to make it unique from the other machines also produced from the same template ! Is there a way to re trigger the process that happens the first time a OpenBSD machine boots up where the three keys are generated ? Thanks Keith
OpenBSD Xen Server Watchdog Timeout PCI Passthrough
I'm trying to get a working OBSD virtual machine with networking working as a DomU in a xen server but keep coming up again network Watchdog Timeout errors. So I spent today trying to get PCI pass-though working with Xen and OBSD with the belief that if I could get some network cards into the VM so to speak then the watchdog timeout errors would go and the nic's might actually work but they didn't. I've tested the actual server (PowerEdge R310) work with OpenBSD 4.7 so I know that it works fine. I've tried the stable and the beta versions of Citrix Xen Server. I've tried the latest Xen Cloud Platform. Does anyone have any idea whats causing these issues ? Thanks Keith
4.8 Release and Download and
Seeing that orders are being taken for the 4.8 release got me thinking about purchasing a copy, I don't need a copy on CD so just a download for my architecture would be fine. In the past I've sent a small donated to the project and was wondering if there's way that I could buy the right to download the OS before the official release. Personally I would happily pay the same as the full CD costs and probably some more to just download the OS and the project would save on the production of the CD and the postage. I'd defiantly pay for 802.11G, hope that it's working in this release. Keith
Disable Relayd's error message
I just realized that if I telnet to our web servers on port 80 and press
enter a few times that I get a reply back from relayd that I didn't
expect addressOpenBSD relayd at 127.0.0.1 port 8080/address This
error is correct as we use a PF rdr rule to redirect traffic on our
firewall to localhost port 8080 where we have relayd listening. I was
wondering if it's possible to stop this error from being displayed as I
would prefer not to disclose to the world what software we use.
I've had a look at our relayd.conf to see if there is a return error
line but there isn't and I can't see any other way of stopping this
error from being displayed. Does anyone have any suggestions ?
Thanks
Keith
HTTP/1.x 406 Not Acceptable
Date: Fri Aug 13 15:20:18 2010
Server: OpenBSD relayd
Connection: close
Content-Type: text/html
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
html
head
title406 Not Acceptable/title
style type=text/css!-- body { background-color:#a0; color:
white; }--/style
/head
body
h1Not Acceptable/h1
div id='m'no method/div
div id='l'/div
hraddressOpenBSD relayd at 127.0.0.1 port 8080/address
/body
/html
Carp interface group failover issue
We have setup carp on a pair of firewalls and are a bit confused with how both LAN/WAN interfaces are meant to fail-over simultaneous (group?). We are still in the process of getting the firewall rules setup correctly for our environment and occasionally when we make changes to (fw1) we mess up and carp kicks in and makes the live wan (em2) interface move from fw1 to fw2. This is OK but on the LAN side the (em0) interface is still on fw1? We have net.inet.carp.preempt=1 set and I belive this is ment to do some group interface failover but can't see how. Can someone help ? +| WAN |+ || em2||em2 +-+ +-+ | fw1 |-em1--em1-| fw2 | +-+ +-+ em0||em0 || ---+---LAN ---+--- Thanks Keith
OpenBSD OpenSSL Lib
We are trying to install URLfilterDB on OpenBSD 4.7 but while doing a ./configure we keep getting. ./configure --with-bz2-lib=/usr/local/lib --with-ssl-lib=/usr/lib/ checking for library containing pthread_create... -lpthread checking for BZ2_bzBuffToBuffCompress in -lbz2... yes checking for SSL_load_error_strings in -lssl... no ** The OpenSSL library is required for ufdbGuard to compile. Install the openssl and openssl-devel packages from the installation media, or use the --with-ssl-lib option. Alternatively, get OpenSSL from http://www.openssl.org Use --with-ssl=DIR or --with-ssl-lib=DIR to specify its location. (default is /usr) We have downloaded and installed OpenSSL and have tried various paths to the ssl library but because we don't know what the files actually called we don't know if we are setting it correctly. Does anyone know exactly what the library would be called and where it should be or maby just give us a clue as to how to find out. Thanks Keith
Relayd multiple X-Forwaded-For IP's
There must be two upstream firewalls from our servers that are adding X-Forwarded-For IP addresses. We curently have header change X-Forwarded-For to $REMOTE_ADDR but this is not giving us the IP that we want so we are trying to figure out how to get the other IP from the header. Is there a way to do this in Relayd ? Thanks Keith
Is that Theo showing of his server rack again on the OBSD home page ?
Just spotted a tiny wee picture on the bottom of the home page that I hadn't seen before. It appears to be someones server rack from 2009 ! http://www.openbsd.org/images/rack2009.jpg I see a Mac server (ppc ?) in the photo. We tried to install OBSD onto one a while ago but I couldn't figure out how to get the thing to boot of a CD. I think there's some key combo that you need to push at boot time to get it boot from CD but none of them worked for me (Both PC and Mac Keyboard) does anyone know the exact procedure so that I can bring new life into this server thats just gathering dust justnow. Cheers Keith
Re: Relayd on localhost with multiple SSL Certificates
I've been following the tutorials from https://https://calomel.org I am using a modified version of their pf.conf that can be found at https://calomel.org/pf_config.html and the relayd tutorial that can be found at https://calomel.org/relayd.html The following is an extract from their pf tutorial page As an added layer of security all services will be running on localhost and only those clients negotiating the redirect rules (rdr) will be able to connect. The ideology is if the firewall is off or disabled in some way then the services on the firewall are not available to anyone. Were doing the above and have relayd listening in 127.0.0.1 port 8080 and have pf rdr rules redirecting https traffic to 127.0.0.1:8080 and the certificate that the https relay is using is called 127.0.0.1.crt This works fine but what if we want to host another ssl certificate ? I can add another IP address to the firewall and put a rdr rules in to pf and can put another relay in to relayd.conf but what name does the certificate get now ? This is where I am stuck.. Keith On 12/05/2010 01:05, Keith wrote: Hi. is it possible to get multiple http relayd relays listening on localhost each with a different port # and each with a different ssl certificate ? I've followed a tutorial I found on the net about setting up a firewall up so that no services we bound to any network interfaces and then using pf rdr's to pass say https traffic to localhost where you have relayd listening and let it do the ssl decryption. So if pf failed for some reason then there would be no services available for anyone to connect to ! I've got this setup working for http and a single https certificate just now and it seems to be working fine but I need to be able to host multiple SSL Certificates. If seems that the certificate appears to need to be named after the IP that it's listening on and this is going to cause issues as there's only one 127.0.0.1 I think. Our current setup consists of a pair of firewalls running openbsd, carp, pf and relayd. Currently the carp interface has just one IP but we will assign others to as we free up the other IP addresses in our range. I guess it's not the best idea to do the ssl offloading on the firewall so in the future when another server becomes available I will probably want it to do the SSL decryption. I guess if we do that we could just get the new server a number of IP addresses and let relayd listed on each of them with the SSL certs named after each IP. (If that makes sense) Could anyone give me some advice plz ? Thanks Keith
Re: openfile advice / clarification
Thanks for reply, it was the openfiles-cur that had been causing us problems. I've upped the limit so something like 1 and everything seems fine now . Thanks Keith On 07/05/2010 01:25, Stuart Henderson wrote: On 2010-05-06, Keithke...@scott-land.net wrote: Hi, I am having trouble increasing the openfile limit in a default install of OpenBSD 4.6 x64 from the default setting of 128 to say 5000. I want to run Pound (reverse http proxy) stably without it stopping at random times (Always seems to be the weekend) and to do that I need to crank up the openfile limit. I think Pound runs with the following account settings Type=deamon, user = _pound , group= _pound If you start it from a shell, it uses the class for the account you've logged in as. If you start it from /etc/rc.local, unless you do something with su or sudo, it uses the class daemon. So you need to adjust openfiles-cur for the class of the account you're starting it from. If starting it from a shell, make sure you use a new login shell after adjusting this. I know that if I do a ulimit -n 1 the limit get's set at maximum of 7030. I don't know if doing this change effects other users and I am pretty sure it doesn't survive a reboot. This limit is from kern.maxfiles sysctl. Either adjust it with sysctl(8) or edit sysctl.conf and reboot to change this. I've done sysctl kern.maxfiles=3000 for example but if I do a ulimit This is lowering things from the default (7030), at least on i386 and amd64.
Relayd on localhost with multiple SSL Certificates
Hi. is it possible to get multiple http relayd relays listening on localhost each with a different port # and each with a different ssl certificate ? I've followed a tutorial I found on the net about setting up a firewall up so that no services we bound to any network interfaces and then using pf rdr's to pass say https traffic to localhost where you have relayd listening and let it do the ssl decryption. So if pf failed for some reason then there would be no services available for anyone to connect to ! I've got this setup working for http and a single https certificate just now and it seems to be working fine but I need to be able to host multiple SSL Certificates. If seems that the certificate appears to need to be named after the IP that it's listening on and this is going to cause issues as there's only one 127.0.0.1 I think. Our current setup consists of a pair of firewalls running openbsd, carp, pf and relayd. Currently the carp interface has just one IP but we will assign others to as we free up the other IP addresses in our range. I guess it's not the best idea to do the ssl offloading on the firewall so in the future when another server becomes available I will probably want it to do the SSL decryption. I guess if we do that we could just get the new server a number of IP addresses and let relayd listed on each of them with the SSL certs named after each IP. (If that makes sense) Could anyone give me some advice plz ? Thanks Keith
openfile advice / clarification
Hi, I am having trouble increasing the openfile limit in a default install of OpenBSD 4.6 x64 from the default setting of 128 to say 5000. I want to run Pound (reverse http proxy) stably without it stopping at random times (Always seems to be the weekend) and to do that I need to crank up the openfile limit. I think Pound runs with the following account settings Type=deamon, user = _pound , group= _pound I have tried tweaking a number of settings but haven't managed to get the setting above 1024. Below are some of the settings we have tried changing but without complete sucess. I should say that my testing strategy is just to login as root and do a ulimit and see what is returned, I don't know how to test the openfile limit for a deamon account. On a default install doing a ulimit -n or -a returns an openfile limit of 128 I know that if I do a ulimit -n 1 the limit get's set at maximum of 7030. I don't know if doing this change effects other users and I am pretty sure it doesn't survive a reboot. I've done sysctl kern.maxfiles=3000 for example but if I do a ulimit -n after I get a different result although I can't remember what it was I also tried editing the sysctl.conf file and put the kern.maxfiles entry in there but had similar results ! I've edited the login.conf file and changed the staff, default and the daemon entries eg :openfiles-cur=:\ and then rebooted but the highest I could get the openfile limit to is 1024 Could someone help ? Thanks Keith
Is OpenBSD + PF accredited or certified in any way ?
I've used OpenBSD PF for a number of years without issue and am now in the position that I want to create a dmz between the Internet and my organisations WAN. Our security people are asking if the firewall that we use is accreditated by ITSEC and I am pretty sure it isn't but it turns out that our security people will be happy is the firewall is accredited for use by another government ! I am very happy with my PF firewalls and their reliability and don't want to be forced into purchasing some cisco / forenet comercial firewall that I've never used before so am desperate to find some details of any foreign governments that are using OpenBSD / PF as a firewall or any details of any certification of the PF firewall. Can anyone help me out ? Thanks Keith __ Information from ESET NOD32 Antivirus, version of virus signature database 4825 (20100201) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
Re: sudo wheel group
Chris wrote: I am finding that I need to add joeuser to use pkg_* tools, tcpdump as well. Is this the right way to do this? You might as well give joeuser root password if you give him access to pkg_add and pkg_delete tools. package framework has ability to run scripts as root. All joeuser needs to do is create his own package.tgz and run pkg_add $HOME/package.tgz. I agree with others in this thread: your security design is flawed. * Work towards alternative solutions when possible (i.e. can joeuser run Ethereal from the client machine to get the network traffic instead of tcpdump on the server?) * Give read access if all they need is read-only. * Don't push sysadmin work on the ?web developer (joeuser)? package management is a perfect example. tcp dumps slightly less so. * Mount does not necessarily require root. See mount and sysctl.conf man pages for conditions and sysctl settings. If you still want to go the sudo route after the comments you have received, that is your decision. You can create server, user and command groups in sudoers to help keep your sudoers file sane. See man page for exact syntax. -Keith
Re: PF
Alberich de megres wrote: I tried this you told me, and that not works, i get a syntax error my pf.conf: #supose 10.0.0.254 is external address.. ext_if=sis0 ext_carp_if=carp1 int_if=rl0 int_carp_if=carp0 nat on carp1 from 192.168.1.0/24 to any - 10.0.0.254 rdr on sis0 inet proto tcp from any to 10.0.0.254 port 80 - 192.168.1.69port 80 you are missing a space between '192.168.1.69' and 'port' fixing that makes pfctl -n happy. pass all On 5/14/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, May 14, 2007 at 06:12:12PM +0200, Alberich de megres wrote: On 5/14/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, May 14, 2007 at 12:41:18PM +0200, Alberich de megres wrote: Hi again, And sorry to insist on this I'm really lost. I read in most webs-docs with rdr rule trafic get redirected to internal servers and with this and pass rule is enought. But i find myself in a different scenario, with rdr rule and pass rule packets get redirected to internal server with the same external ip. With a tcpdump on internal server packets arrive to internal server but this one don't ask it back. If i add a nat rule from any to internal server, the server logs show me access only from firewall ip address ( logically ). Is there some way to redirect external traffic to internal server and the internal server to see external address ( for logs control, and access without firewall rule...only on server machine ) and all works fine? I don't really see what you mean: is there a server with public address 1.2.3.4 behind a firewall with public address 1.2.3.1, and rules like rdr pass on $ext_if to $server $port1 - $port2 pass on $ext_if to $server port $port3 In that case, that should just work. No, There's a firewall with public address, and a server with internal address. firewall: 1.2.3.4 server: 192.168.1.1 In that case, server = 192.168.1.1 rdr pass on $ext_if to $ext_if $port1 - $server rdr pass on $ext_if to $ext_if $port2 - $server $port3 should work just fine. What is your /etc/pf.conf? And what doesn't work? (The underlying idea is that 'rdr pass' is very useful for simple cases, and one should be careful with NAT.) Joachim -- TFMotD: vclean (9) - disassociate the underlying file system from a vnode
Re: sysctl kern.maxproc help needed
Daniel Ouellet wrote: Yes, I can use it, but I can't figure out the process ID. I am trying to understand the man page on this to kill the group 67, or www. Obviously, I can't figure out the proper use of that syntax here. Man said The following PIDs have special meanings: -1 If superuser, broadcast the signal to all processes; other- wise, broadcast to all processes belonging to the user. -pgid Send the signal to all processes within the specified pro- cess group. You are confusing user group (i.e. www) with process group (i.e. logical grouping of processes for job contol, etc..). obsdev $ id -g 1000 obsdev $ ps -o pid,gid,pgid,command PID GID PGID COMMAND 31803 1000 31803 -ksh (ksh) 21293 1000 21293 ps -o pid 31754 1000 26374 (netstat) 26374 1000 26374 /bin/sh /usr/local/bin/firefox 7853 1000 26374 /bin/sh /usr/local/mozilla-firefox/run-mozilla.sh /usr/local/mozilla-firefox/run-mozilla.sh 30367 1000 26374 /usr/local/mozilla-firefox/firefox-bin 30089 1000 26374 /usr/local/libexec/gconfd-2 12 1501 1000 1501 /bin/sh /usr/local/bin/thunderbird 14044 1000 1501 /bin/sh /usr/local/mozilla-thunderbird/run-mozilla.sh /usr/local/mozilla-thunderbird/run-mozilla.sh 29898 1000 1501 /usr/local/mozilla-thunderbird/thunderbird-bin 6987 1000 6987 -ksh (ksh) 1708 1000 1708 -ksh (ksh) 12309 1000 12309 -ksh (ksh) See ps(1) and termios(4) note: termios had the most descriptive explanation of process group under Job Control that I could find in a few minutes. There probably is a better man page. I do not know a way to find process group without forking. An alternative (if you could not determine process ID) desperation move would be kill -1 as root (it should not kill system processes according to kill(2)) -Keith
Bellnet.ca PPPOE Problems
I've been having trouble since 3.9 trying to get BELL dsl with a reserved ip to actually work as a second connection on my openbsd machine. I've upgrade to the Aug 31st snapshot of 4 to try and use the new ifconfig pppoe commands. I'm getting sporadic and not always directly reproducible problems. hostname.pppoe0 inet 70.52.123.23 255.255.255.255 64.230.199.12 pppoedev rl1 authproto pap authname [EMAIL PROTECTED] authkey BELL2005 up !/sbin/route add 64.230.199.12 70.52.242.23 1st Tcpdump tcpdump: listening on pppoe0, link-type PPP_ETHER 12:24:32.019294 Configure-Request, Magic-Number=874803770, Vendor-Ext 12:24:32.020965 Configure-Request, Max-Rx-Unit=1492, Auth-Prot PAP, Magic-Number=67343315, Vendor-Ext 12:24:32.020981 Configure-Ack, Max-Rx-Unit=1492, Auth-Prot PAP, Magic-Number=67343315, Vendor-Ext 12:24:32.031198 Configure-Ack, Magic-Number=874803770, Vendor-Ext 12:24:32.031213 Authenticate-Request, [EMAIL PROTECTED], Passwd=BELL2005 12:24:33.067456 Authenticate-Request, [EMAIL PROTECTED], Passwd=BELL2005 12:24:33.335544 Authenticate-Ack *12:24:33.335563 Configure-Request, Unknown IPCP code 0x61 12:24:33.361609 Configure-Ack, Unknown IPCP code 0x0* 12:24:33.543443 Configure-Request, IP-Address=64.230.199.12 12:24:33.543458 Configure-Ack, IP-Address=64.230.199.12 *12:24:33.569420 Terminate-Request, Unknown IPCP code 0x0 12:24:33.569428 Terminate-Ack, Unknown IPCP code 0x0* 2nd Tcpdump # ifconfig pppoe0 up; tcpdump -i pppoe0 tcpdump: listening on pppoe0, link-type PPP_ETHER 12:25:42.012908 Configure-Request, Magic-Number=67551440, Vendor-Ext 12:25:42.015055 Configure-Request, Max-Rx-Unit=1492, Auth-Prot PAP, Magic-Number=1151254039, Vendor-Ext 12:25:42.015070 Configure-Ack, Max-Rx-Unit=1492, Auth-Prot PAP, Magic-Number=1151254039, Vendor-Ext 12:25:42.026045 Configure-Ack, Magic-Number=67551440, Vendor-Ext 12:25:42.026060 Authenticate-Request, [EMAIL PROTECTED], Passwd=BELL2005 12:25:43.062236 Authenticate-Request, [EMAIL PROTECTED], Passwd=BELL2005 12:25:43.330642 Authenticate-Ack 12:25:43.330660 Terminate-Request 12:25:43.356947 Terminate-Ack If i destroy the pppoe0 adapter and use sh netstart pppoe0 to recreate it i'll get the same results over, over. Occasionally it will connect without the IPCP errors listed in the first dump.
Re: Removing a misconfigured list member? [EMAIL PROTECTED]: Undelivered Mail Returned to Sender]
Mailing to [EMAIL PROTECTED] didn't work either (similar loop error message). So could one please remove [EMAIL PROTECTED] from the mailing lists? Sorry for mailing the list itself, but I didn't find a more specific contact for that on http://www.openbsd.org/mail.html. I think you wanted [EMAIL PROTECTED] if I remember majordomo's email correctly.
Re: problem compiling ports, 3.8 stable
Joachim Schipper wrote: On Sat, Mar 18, 2006 at 03:11:14AM -0300, Gustavo Rios wrote: Dear folks, in order to improve my desktop openbsd box, i am trying to get some applications working, but without success. For instance, when i try to install gimp, i get this: Script started on Sat Mar 18 00:01:06 2006 # make build === graphics/gimp/stable === gimp-2.2.8 depends on: p5-XML-Parser-* - not found === Verifying install for p5-XML-Parser-* in textproc/p5-XML-Parser === Checking files for p5-XML-Parser-2.34 `/usr/ports/distfiles/XML-Parser-2.34.tar.gz' is up to date. Checksum OK for XML-Parser-2.34.tar.gz. (sha1) === p5-XML-Parser-2.34 depends on: expat.2 (expat-*) - expat.2 missing... === Verifying install for expat.2 (expat-*) in textproc/expat === Checking files for expat-1.95.6 expat-1.95.6.tar.gz doesn't seem to exist on this system. Attempting to fetch /usr/ports/distfiles/expat-1.95.6.tar.gz from http://ovh.dl.sourceforge.net/sourceforge/expat/. Size does not match for /usr/ports/distfiles/expat-1.95.6.tar.gz /bin/sh: test: 3: unexpected operator/operand *** Error code 2 Stop in /usr/ports/textproc/expat (line 1990 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/textproc/expat (line 1444 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/textproc/expat (line 1633 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/textproc/p5-XML-Parser (line 1334 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/textproc/p5-XML-Parser (line 1633 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/graphics/gimp/stable (line 1334 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/graphics/gimp (line 108 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk). # exit Script done on Sat Mar 18 00:01:13 2006 This problem occurs with others applications like nasm, xfig and the like. I could not figure it out what i am doing wrong. I've seen this behaviour before when a sourceforge mirror was down. The easiest way to get this done is to manually download the required files to /usr/ports/distfiles from whereever they are stored (see the Makefile for that). Joachim Another option is also to simply use packages. Going off your earlier post, I believe you are running 3.8-stable. Even though packages are fom -release, you can still install them on 3.8-stable systems. From http://www.openbsd.org/faq/faq15.html#NoFun Because no intrusive changes are made in -stable, it is possible to use a -stable ports tree on a -release system, and vice versa. There is no need to update all your installed packages after applying a few errata patches to your system.
Re: httpd question - solved
I will have to update ServerName each time I get a new IP address. Dave Feustel i have been running apache on openbsd since 2.9 on a dynamic IP and have never had to do any of this. #grep ServerName /var/www/conf/httpd.conf ServerName neotrance.dyndns.org If you get your IP dynamically from you ISP, your IP can potentially change every max-lease-time This will handle the pesty case of your IP changing. 1. dyndns.org - get a free subdomain to map to your IP. 2. ddclient package - updates your DNS whenever your IP changes. Although the package just copies over the perl script, I add a user/group _ddclient. If you are still running 3.8-release, consider creating a folder /etc/ddclient, chown / chgrp and move the conf , cache and pid file to that folder. -current already does this for you (at least, the folder part. I don't think the @newuser, @newgroup will be added since people not running in daemon mode don't need it) before you ask, -current's dhclient does not support hooks. -Keith Richardson
Re: Prelude under OpenBSD
http://www.openbsd.org/3.8_packages/
On 10/25/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi all,
Will be included prelude ids suite on ports for OpenBSD 3.8?
Somebody has installed prelude 0.9.6 release under obsd 3.7? any hints?
Thank you.
--
CL Martinez
carlopmart {at} gmail {d0t} com
Re: OpenBSD's 10th birthday -- how about a present?
STeve Andre' wrote: On Tuesday 18 October 2005 21:07, Paul Greene wrote: STeve Andre' wrote: Seeing all sorts of good wishes to the project, but I haven't seen any gifts, yet. ;-) I just paypaled $25 to the project, as a birthday present. Given what we all get from this OS, OpenBSD deserves something. Can I get 10 others to make some kind of donation? It doesn't have to be a lot... --STeve Andre' Well, I finally got out the credit card and actually paid for some CD's. Does that count? Paul Sure it does. It helps the project. Thank you. So, four people donating money and one buying a CD set. ...Do I hear more? --STeve Andre' CD + shirt + $100 donation... and I am still getting the better end of the deal. Buono complianno OBSD -Keith
Re: pf and linksys WRT55G not getting along
Read the Networking FAQ and PF Users Guide. http://www.openbsd.org/faq/index.html Going off some comments you made (like trying to ping a wireless client from your firewall), you will also want to read up on Network Address Translation, which is what your wireless router is doing for all your wireless clients. A high-level explanation is given in PF Users Guide but I would suggest reading more in-depth (There are links to the RFC's there) http://www.openbsd.org/faq/pf/nat.html Bob Ababurko wrote: I cannot ping the inside interface(192.168.1.1) of the pf box from the MAC OS X(192.168.69.50) * I can ping the outside interface(192.168.1.2) of the linksys from the MAC OS X(192.168.69.50) ***so basically the two routers are not talking But later Bob Ababurko wrote: One interesting thing. I can connect to the pf box(192.168.1.1) from the MAC OS X(192.168.69.50) via ssh. -and in pf.conf: If you can connect to ssh port from 192.168.69.50 to 192.168.1.1, then communication is working, at least for TCP, port 23.
Re: Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7
Pavel M. Ivanchev wrote: I am using OpenBSD 3.7 and updated the port tree and try to install DB. Just the port tree is cvs version. I have installed one-two monts ago in the same way the same things but with previous version ot db and again ot Openbsd 3.7 . Now the difference is just that there is new patch in the version of db- p3 Lio Goehrs wrote: The port version and OS version must match. If you are runnning OpenBSD 3.7 - release, you should grab the 3.7 release version of ports.tar.gz. Going off another thread from a day or two ago, the @pkgpath is something new that 3.7 pkg_* tools don't know about. -Keith Richardson
Re: Add a PF rule from the command line
Roy Morris wrote: I would like to be able to add/remove a rule from the command line on those systems which may have only a ram drive and or read only pf.conf. Anyone know how to do it, or would you need to create a new pf.conf in memory someplace and then load it? Thanks Roy Try describing your ruleset in memory using insert favorite scripting language constructs. From that meta-data you could create the actual ruleset in a syntax that pf understands. pfctl -s all | your_script -read # add /remove rules # add /remove rules # add /remove rules ... ... your_script -write | pfctl -F all -f - Since order matters, you would need to recreate the entire ruleset from your meta-data every time a rule was added/deleted then reload it using pfctl Not exactly a simple solution but the only one my sleep-deprived brain came up at the moment. Check out man pages for pfctl, etc... They might inspire an easier solution -Keith
Re: Java with mozilla-firefox
Running firefox from the shell gives me this: $ firefox INTERNAL ERROR on Browser End: Exec of java_vm failed: 2 System error?:: No such file or directory Gdk-ERROR **: Fatal IO error 9 (Bad file descriptor) on X server :0.0. INTERNAL ERROR on Browser End: Could not read ack from child process System error?:: Resource temporarily unavailable It doesn't drop a .core file though. Is this information enough? Friendly, Rico. Applets worked for me after installing java 1.4.2 via the ports tree, mozilla-firefox through the packages tree and changing my settings in login.conf. Going off your error message above, I would guess you are missing a file in your java/firefox installation or the permissions are wrong. Here is my file count: $ find /usr/local/jdk* | wc -l 2719 $ find /usr/local/mozilla-firefox/ | wc -l 632 You can find to look for files missing world-read permission. See the man pages for more details. If all else fails, follow up on Josh's advice on using gdb Good luck, Keith Richardson
HOWTO Install MySQL GUI Admin / Query Browser on OpenBSD 3.7
Hello, I have put together a guide on building mysql-administrator and mysql-query-browswer on OpenBSD. Below is a text version (html version is available; I can send it to anyone interested). I have submitted the html version to daniel at openbsdsupport.org. This is a work in progress. Any help testing, commenting, expanding, correcting, etc... is always appreciated. One change I am not sure about; mysql-administrator/source/linux/MAServerLogsPanel.cc (I replaced _XOPEN_SOURCE with _GNU_SOURCE; otherwise the compiler complains about missing math functions) Thanks, Keith Richardson HOWTO Install MySQL ADMIN/QUERY GUI Tools Build Requirements Administrator Query Browser References Source Locations Author BUILD REQUIREMENTS The build requirements are for the administrator gui. 650 MB for source builds. Disk spaced used by package installations is unknown. download source code for gtkmm 2.2, libsigc++-1.2.7, mysql-administrator and/or mysql-query-browser install package mysql-client-4.0.23 (this installs the server as well) install package gtk+2-2.4.14.tgz install package gmake-3.80p0.tgz install package m4-1.4.tgz (required for libsigc++1.2) build from source: libsigc++-1.2.7 (required for gtkmm 2.2) install package pkgconfig-0.15.0.tgz (required for gtkmm 2.2) build from source: gtkmm 2.2 (can be installed with gtkmm 1.2) install package libglade2-2.4.0p0.tgz install package pcre-4.5.tgz MYSQL-ADMINISTRATOR If you plan on connecting to a MySQL database 5.0.3 (which is most of us), you should install 1.0.22a, not 1.1.14. For user administration (and probably other features), mysql-admin 1.1.14 needs to connect to a MySQL 5.0.3 database. This version of mysql-admin is sending the SQL query select * from mysql.procs_priv and, when that fails, mysql-admin will give the Could not retrieve user privilege information. error dialog. You do not need to build against MySQL 5.0.3; building either version of the administrator will work against MySQL 4.0.23p1. build mysql-gui-common found inside unpacked directory. modify ./source/linux/MInstanceInfo.cc modify ./source/linux/MAServerLogsPanel.cc (admin-1.0.22a only) execute the following commands mv ./images/icons/png/maintree/16x16_StartStopService.png644 \ ./images/icons/png/maintree/16x16_StartStopService.png mv ./library/tests/test_get_cnf_value/t/common.test.query644 \ ./library/tests/test_get_cnf_value/t/common.test.query mv ./library/tests/test_update_cnf/test_update_cnf.vcproj644 \ ./library/tests/test_update_cnf/test_update_cnf.vcproj mv ./library/tests/test_get_all_cnf_sections/test_priv.sh644 \ ./library/tests/test_get_all_cnf_sections/test_priv.sh mv ./images/icons/png/sections/startup_variables_gray.png644 \ ./images/icons/png/sections/startup_variables_gray.png mv ./images/icons/png/maintree/24x24_StartStopService.png644 \ ./images/icons/png/maintree/24x24_StartStopService.png mv ./res/mac/English.lproj/ServerConnections.nib/info.nib644 \ ./res/mac/English.lproj/ServerConnections.nib/info.nib mv ./res/mac/English.lproj/ServerInformation.nib/info.nib644 \ ./res/mac/English.lproj/ServerInformation.nib/info.nib mv ./res/mac/English.lproj/DataFileEditor.nib/classes.nib644 \ ./res/mac/English.lproj/DataFileEditor.nib/classes.nib mv ./res/mac/English.lproj/HealthGraphEditor.nib/info.nib644 \ ./res/mac/English.lproj/HealthGraphEditor.nib/info.nib mv ./res/mac/English.lproj/ServiceControl.nib/classes.nib644 \ ./res/mac/English.lproj/ServiceControl.nib/classes.nib mv ./source/mac/MySQL\ Administrator.xcode/akojima.pbxuser644 \ ./source/mac/MySQL\ Administrator.xcode/akojima.pbxuser mv ./source/mac/MySQL\ Administrator.xcode/project.pbxproj644 \ ./source/mac/MySQL\ Administrator.xcode/project.pbxproj ./configure; gmake; gmake install QUERY-BROWSER Coming soon MYSQL GUI COMMON My advice is to build the mysql-gui-common that came with the GUI tool you are installing. If you are installing both query browswer and administator, you should build each mysql-gui-common. Make sure you give configure the same prefix you gave the enclosing gui tool (either query browser or administrator) modify ./library/source/myx library.c (admin-1.0.22a only) mv ./library/tests/read_international/read_international.cpp644 \ ./library/tests/read_international/read_international.cpp ./configure --prefix=/same/prefix/as/parent/admin/or/query; gmake; \ gmake install SOURCE CODE CHANGES mysql-gui-common/library/source/myx_library.c --- mysql-gui-common/library/source/myx_library.c.dist Tue Sep 20 18:54:13 2005 +++ mysql-gui-common/library/source/myx_library.c Tue Sep 20 18:54:45 2005 @@ -581,11 +581,14 @@ //of mysql_real_connect
