Re: bgplg failed only from web not from CLI
Stuart Henderson wrote: On 2009-11-30, ~Lst slack...@gmail.com wrote: On Tue, Dec 1, 2009 at 12:10 AM, Alexander Hall alexan...@beard.se wrote: ~Lst wrote: Well gentlemen... Right now, it looks like my bgplg has been running well, because of my mistake that is the running of bgpd_flags in two places. 1. The bgpd_flags that is running via /etc/rc.conf.local (bgpd_flags=-r /var/www/logs/bgpd.rsock - exactly like described in the man pages). 2. Had been running too in /etc/rc.conf (bgpd_flags=). None of the above starts the daemon per se. They only tell the rc scripts that you want to run the daemon, and how. The entry in rc.conf.local overrides the one in rc.conf. If your problem is solved, fine. I just do not think that what you describe above would cause any problems, unless what you wanted was the setting in rc.conf. Yup, you're right. I just don't realized that I'd been already started the socket through the rc.conf. Again, rc.conf did not start anything, and unless you made fatal changes to it, the value for bgpd_flags actually used (by /etc/rc) would be the one from rc.conf.local. It might be a `mistake' for a newbie like me, if you want to running one thing in rc.conf.local it overrides the one in rc.conf. treat rc.conf as a part of the OS, not a user config file - you should leave it alone (except to upgrade it with the rest of the OS). if you want to make any changes, copy the relevant lines to rc.conf.local and edit as required. ...as is stated in the FAQ (http://www.openbsd.org/faq/faq10.html#rc) We strongly suggest you never touch /etc/rc.conf itself. Instead, create the file /etc/rc.conf.local, copy just the lines you need to change from /etc/rc.conf and adjust them as you like. ...and in rc.conf(8): It is advisable to leave the /etc/rc.conf file untouched, and instead create and edit a new /etc/rc.conf.local file. Variables set in this file will override variables previously set in /etc/rc.conf. However, the latter could really use a facelift to better reflect that changes should indeed go into /etc/rc.conf.local instead. Currently it speaks of things like To run NFS, just change this line's value from NO to YES which is a wonderful example of not following the recommendations a few lines up. I have yet to see any reason to ever change /etc/rc.conf per se. I dare to say there is none. /Alexander
Re: bgplg failed only from web not from CLI
On Wed, 02 Dec 2009 01:10:22 +0100, Alexander Hall wrote: ...and in rc.conf(8): It is advisable to leave the /etc/rc.conf file untouched, and instead create and edit a new /etc/rc.conf.local file. Variables set in this file will override variables previously set in /etc/rc.conf. There is an ambiguity in that par that would not necessarily confuse those with a strong background in English grammar. I'd s/this/that/ which would be absolutely unambiguous. You have to consider the context: the quoted par is in rc.conf's man page. Careful readers would see that the action overrides rc.conf. Not all readers with ESL can see the nice distinction. Rod (perpetual pedant and clarity lover)/ -- *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: bgplg failed only from web not from CLI
On Mon, Nov 30, 2009 at 4:07 AM, Robert rob...@openbsd.pap.st wrote: On Mon, 30 Nov 2009 07:44:23 +1100 Rod Whitworth glis...@witworx.com wrote: I don't think that he decided to put it there. That is where a clean install puts it. Oh, i see, my bad. Have a look at your own machine. Not there, my upgrades handle some directories differently, eg. /var/www does not get stuff that i dont need put into it. Your point still stands. You should see: $ ls -l /var/www/bin/bgpctl -- 1 root bin 197324 Mar 1 2009 /var/www/bin/bgpctl Note that there are no permissions by default but I got the OP to ls -l that file to make sure he had enabled them as required. He has. Apart from that, one should invoke the damn command with the correct path, which in this case is just /bin/. :) Well gentlemen... Right now, it looks like my bgplg has been running well, because of my mistake that is the running of bgpd_flags in two places. 1. The bgpd_flags that is running via /etc/rc.conf.local (bgpd_flags=-r /var/www/logs/bgpd.rsock - exactly like described in the man pages). 2. Had been running too in /etc/rc.conf (bgpd_flags=). Thanks for your kindly help, wasting your time and lot of patience spare around here. Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
~Lst wrote: Well gentlemen... Right now, it looks like my bgplg has been running well, because of my mistake that is the running of bgpd_flags in two places. 1. The bgpd_flags that is running via /etc/rc.conf.local (bgpd_flags=-r /var/www/logs/bgpd.rsock - exactly like described in the man pages). 2. Had been running too in /etc/rc.conf (bgpd_flags=). None of the above starts the daemon per se. They only tell the rc scripts that you want to run the daemon, and how. The entry in rc.conf.local overrides the one in rc.conf. If your problem is solved, fine. I just do not think that what you describe above would cause any problems, unless what you wanted was the setting in rc.conf. disclaimer: Comments applies only to the part inlined above. I did not read the entire thread very thoroughly. /Alexander Thanks for your kindly help, wasting your time and lot of patience spare around here. Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Tue, Dec 1, 2009 at 12:10 AM, Alexander Hall alexan...@beard.se wrote: ~Lst wrote: Well gentlemen... Right now, it looks like my bgplg has been running well, because of my mistake that is the running of bgpd_flags in two places. 1. The bgpd_flags that is running via /etc/rc.conf.local (bgpd_flags=-r /var/www/logs/bgpd.rsock - exactly like described in the man pages). 2. Had been running too in /etc/rc.conf (bgpd_flags=). None of the above starts the daemon per se. They only tell the rc scripts that you want to run the daemon, and how. The entry in rc.conf.local overrides the one in rc.conf. If your problem is solved, fine. I just do not think that what you describe above would cause any problems, unless what you wanted was the setting in rc.conf. Yup, you're right. I just don't realized that I'd been already started the socket through the rc.conf. It might be a `mistake' for a newbie like me, if you want to running one thing in rc.conf.local it overrides the one in rc.conf. Thanks. Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On 2009-11-30, ~Lst slack...@gmail.com wrote: On Tue, Dec 1, 2009 at 12:10 AM, Alexander Hall alexan...@beard.se wrote: ~Lst wrote: Well gentlemen... Right now, it looks like my bgplg has been running well, because of my mistake that is the running of bgpd_flags in two places. 1. The bgpd_flags that is running via /etc/rc.conf.local (bgpd_flags=-r /var/www/logs/bgpd.rsock - exactly like described in the man pages). 2. Had been running too in /etc/rc.conf (bgpd_flags=). None of the above starts the daemon per se. They only tell the rc scripts that you want to run the daemon, and how. The entry in rc.conf.local overrides the one in rc.conf. If your problem is solved, fine. I just do not think that what you describe above would cause any problems, unless what you wanted was the setting in rc.conf. Yup, you're right. I just don't realized that I'd been already started the socket through the rc.conf. It might be a `mistake' for a newbie like me, if you want to running one thing in rc.conf.local it overrides the one in rc.conf. treat rc.conf as a part of the OS, not a user config file - you should leave it alone (except to upgrade it with the rest of the OS). if you want to make any changes, copy the relevant lines to rc.conf.local and edit as required.
Re: bgplg failed only from web not from CLI
On Sun, 29 Nov 2009 11:50:30 +0700 ~Lst slack...@gmail.com wrote: On Sun, Nov 29, 2009 at 6:57 AM, Robert rob...@openbsd.pap.st wrote: *chuckle* If you were running bgplgsh in a chroot from the cmdline you would have to execute it by invoking /bin/bgplgsh because of the changed root. ;) # man chroot # sudo chroot -u www -g www /var/www /bin/bgplgsh Lots of patience to spare around here, if everyone chims in from time to time. o0o...sorry... -bash-4.0$ sudo chroot -u www -g www /var/www /usr/bin/bgplgsh chroot: /usr/bin/bgplgsh: No such file or directory -bash-4.0$ ls -l /usr/bin/bgplgsh -r-xr-xr-x 1 root bin 28052 Jul 10 10:06 /usr/bin/bgplgsh Rgds -- ~Lst Let me requote from your mail i replied to, the part you removed in your reply: On Sun, 29 Nov 2009 04:42:34 +0700 ~Lst slack...@gmail.com wrote: Could you tell me how is running bgplgsh under chroot ? I tried running bgplgsh under chroot, still works if its via CLI but not via web. -bash-4.0# ps -aux | grep chroot www 4592 0.0 0.3 1356 2120 ?? Ss10:36AM0:01.07 httpd: parent [chroot /var/www] (httpd) -bash-4.0# ls -l /var/www/bin/bgplgsh -r-xr-xr-x 1 root daemon 28052 Nov 29 10:09 /var/www/bin/bgplgsh -bash-4.0# /var/www/bin/bgplgsh You decided to put pgplgsh into /var/www/bin/. Why do you now try to execute a binary that is somewhere else, where you didn't copy it? I wrote the command based on the info you mailed to the list, not on the basis that bgplgsh in base is under /usr/bin/. You can only access stuff inside your chroot directory after you have chroot'ed. That's why ppl asked you to test that to see if you copied everything that is needed into your chroot-dir. I guess this is just some missunderstanding about the whole chroot stuff. Try to have a look again at the manpage for chroot. You could also search the httpd manpage for chroot and read up on how that works with the default apache configuration. - Robert
Re: bgplg failed only from web not from CLI
On Sun, 29 Nov 2009 21:11:29 +0100, Robert wrote: On Sun, 29 Nov 2009 11:50:30 +0700 ~Lst slack...@gmail.com wrote: On Sun, Nov 29, 2009 at 6:57 AM, Robert rob...@openbsd.pap.st wrote: *chuckle* If you were running bgplgsh in a chroot from the cmdline you would have to execute it by invoking /bin/bgplgsh because of the changed root. ;) # man chroot # sudo chroot -u www -g www /var/www /bin/bgplgsh Lots of patience to spare around here, if everyone chims in from time to time. o0o...sorry... -bash-4.0$ sudo chroot -u www -g www /var/www /usr/bin/bgplgsh chroot: /usr/bin/bgplgsh: No such file or directory -bash-4.0$ ls -l /usr/bin/bgplgsh -r-xr-xr-x 1 root bin 28052 Jul 10 10:06 /usr/bin/bgplgsh Rgds -- ~Lst Let me requote from your mail i replied to, the part you removed in your reply: On Sun, 29 Nov 2009 04:42:34 +0700 ~Lst slack...@gmail.com wrote: Could you tell me how is running bgplgsh under chroot ? I tried running bgplgsh under chroot, still works if its via CLI but not via web. -bash-4.0# ps -aux | grep chroot www 4592 0.0 0.3 1356 2120 ?? Ss10:36AM0:01.07 httpd: parent [chroot /var/www] (httpd) -bash-4.0# ls -l /var/www/bin/bgplgsh -r-xr-xr-x 1 root daemon 28052 Nov 29 10:09 /var/www/bin/bgplgsh -bash-4.0# /var/www/bin/bgplgsh You decided to put pgplgsh into /var/www/bin/. Why do you now try to execute a binary that is somewhere else, where you didn't copy it? I don't think that he decided to put it there. That is where a clean install puts it. Have a look at your own machine. You should see: $ ls -l /var/www/bin/bgpctl -- 1 root bin 197324 Mar 1 2009 /var/www/bin/bgpctl Note that there are no permissions by default but I got the OP to ls -l that file to make sure he had enabled them as required. He has. I wrote the command based on the info you mailed to the list, not on the basis that bgplgsh in base is under /usr/bin/. You can only access stuff inside your chroot directory after you have chroot'ed. That's why ppl asked you to test that to see if you copied everything that is needed into your chroot-dir. I guess this is just some missunderstanding about the whole chroot stuff. Try to have a look again at the manpage for chroot. You could also search the httpd manpage for chroot and read up on how that works with the default apache configuration. - Robert *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: bgplg failed only from web not from CLI
On Mon, 30 Nov 2009 07:44:23 +1100 Rod Whitworth glis...@witworx.com wrote: I don't think that he decided to put it there. That is where a clean install puts it. Oh, i see, my bad. Have a look at your own machine. Not there, my upgrades handle some directories differently, eg. /var/www does not get stuff that i dont need put into it. Your point still stands. You should see: $ ls -l /var/www/bin/bgpctl -- 1 root bin 197324 Mar 1 2009 /var/www/bin/bgpctl Note that there are no permissions by default but I got the OP to ls -l that file to make sure he had enabled them as required. He has. Apart from that, one should invoke the damn command with the correct path, which in this case is just /bin/. :) - Robert
Re: bgplg failed only from web not from CLI
On Fri, Nov 27, 2009 at 4:27 AM, Rod Whitworth glis...@witworx.com wrote: On Fri, 27 Nov 2009 03:06:59 +0700, ~Lst wrote: Hi, I've already setup bgplg on my test machine, but only show version, ping and traceroute that is work (suggested from http://marc.info/?l=openbsd-miscm=122670411001369w=2). Everything else is not work, such as show ip bgp memory, etc... I followed man pages and checked everything but still its only failed, the strange is everytime I tested from CLI it works fine but not if I tested from the web. Is there anything that I don't know ? -bash-4.0# /var/www/bin/bgpctl show ip bgp memory RDE memory statistics 299625 IPv4 network entries using 6.9M of memory 599250 rib entries using 18.3M of memory 599250 prefix entries using 18.3M of memory 106974 BGP path attribute entries using 7.8M of memory 46163 BGP AS-PATH attribute entries using 2.1M of memory, and holding 106974 references 8164 BGP attributes entries using 191K of memory and holding 126530 references 8163 BGP attributes using 149K of memory RIB using 53.6M of memory Rgds, -- ~Lst Here is the output from the web access on a router I administer: RDE memory statistics 7793 IPv4 network entries using 244K of memory 2279 IPv6 network entries using 97.9K of memory 21902 prefix entries using 684K of memory 7050 BGP path attribute entries using 551K of memory 3963 BGP AS-PATH attribute entries using 140K of memory, and holding 7050 references 564 BGP attributes entries using 13.2K of memory and holding 7160 references 563 BGP attributes using 8.3K of memory RIB using 1.7M of memory success. === Looks OK to me. I don't know what misconfiguration may be possible but I thought you'd at least like to know that bgplg is capable of doing it. That gives you a pointer to look elsewhere than bgplg itself. HTH, Yes, I know. If it's wrong via web, it should be the cmd show version didn't work too. Did I miss the configuration ? Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Fri, Nov 27, 2009 at 4:55 AM, Andre Keller a...@ak.cx wrote: Hi Seems that you cannot connect to bgpd Are you sure bgpd_flags=-r /var/www/logs/bgpd.rsock is present in your rc.conf.local? is the socket working? (bgpctl -s /var/www/logs/bgpd.rsock show rib ) hth andre Yes, pretty sure... -bash-4.0# cat /etc/rc.conf.local bgpd_flags=-r /var/www/logs/bgpd.rsock The socket is working... -bash-4.0# bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory RDE memory statistics 299643 IPv4 network entries using 6.9M of memory 599286 rib entries using 18.3M of memory 599286 prefix entries using 18.3M of memory 107070 BGP path attribute entries using 7.8M of memory 46167 BGP AS-PATH attribute entries using 2.1M of memory, and holding 107070 references 8196 BGP attributes entries using 192K of memory and holding 126660 references 8195 BGP attributes using 151K of memory RIB using 53.6M of memory Am 26.11.2009 21:06, schrieb ~Lst: Hi, I've already setup bgplg on my test machine, but only show version, ping and traceroute that is work (suggested from http://marc.info/?l=openbsd-miscm=122670411001369w=2). Everything else is not work, such as show ip bgp memory, etc... I followed man pages and checked everything but still its only failed, the strange is everytime I tested from CLI it works fine but not if I tested from the web. Is there anything that I don't know ? -bash-4.0# /var/www/bin/bgpctl show ip bgp memory RDE memory statistics 299625 IPv4 network entries using 6.9M of memory 599250 rib entries using 18.3M of memory 599250 prefix entries using 18.3M of memory 106974 BGP path attribute entries using 7.8M of memory 46163 BGP AS-PATH attribute entries using 2.1M of memory, and holding 106974 references 8164 BGP attributes entries using 191K of memory and holding 126530 references 8163 BGP attributes using 149K of memory RIB using 53.6M of memory Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
Am 28.11.2009 09:45, schrieb ~Lst: -bash-4.0# cat /etc/rc.conf.local bgpd_flags=-r /var/www/logs/bgpd.rsock The socket is working... -bash-4.0# bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory RDE memory statistics 299643 IPv4 network entries using 6.9M of memory 599286 rib entries using 18.3M of memory 599286 prefix entries using 18.3M of memory 107070 BGP path attribute entries using 7.8M of memory 46167 BGP AS-PATH attribute entries using 2.1M of memory, and holding 107070 references 8196 BGP attributes entries using 192K of memory and holding 126660 references 8195 BGP attributes using 151K of memory RIB using 53.6M of memory Does it work too when you run it with the apache user (I guess www) from console ? hth andre
Re: bgplg failed only from web not from CLI
On Sat, 28 Nov 2009 15:42:51 +0700, ~Lst wrote: Yes, I know. If it's wrong via web, it should be the cmd show version didn't work too. Did I miss the configuration ? Let us see: 1 output of mount (the command) 2ls -l /var/www/cgi-bin Those two might be enough. Please reply ONLY to the list. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: bgplg failed only from web not from CLI
On Sat, Nov 28, 2009 at 4:06 PM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 09:45, schrieb ~Lst: -bash-4.0# cat /etc/rc.conf.local bgpd_flags=-r /var/www/logs/bgpd.rsock The socket is working... -bash-4.0# bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory RDE memory statistics 299643 IPv4 network entries using 6.9M of memory 599286 rib entries using 18.3M of memory 599286 prefix entries using 18.3M of memory 107070 BGP path attribute entries using 7.8M of memory 46167 BGP AS-PATH attribute entries using 2.1M of memory, and holding 107070 references 8196 BGP attributes entries using 192K of memory and holding 126660 references 8195 BGP attributes using 151K of memory RIB using 53.6M of memory Does it work too when you run it with the apache user (I guess www) from console ? No it doesn't, I don't know exactly what it means with `account is currently not available'. -bash-4.0# su www -c '/var/www/bin/bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory' This account is currently not available. -bash-4.0# id www uid=67(www) gid=67(www) groups=67(www) Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sat, Nov 28, 2009 at 4:31 PM, Rod Whitworth glis...@witworx.com wrote: On Sat, 28 Nov 2009 15:42:51 +0700, ~Lst wrote: Yes, I know. If it's wrong via web, it should be the cmd show version didn't work too. Did I miss the configuration ? Let us see: 1 output of mount (the command) 2ls -l /var/www/cgi-bin 1. -bash-4.0# mount /dev/wd0a on / type ffs (local) /dev/wd0k on /home type ffs (local, nodev, nosuid) /dev/wd0d on /tmp type ffs (local, nodev, nosuid) /dev/wd0f on /usr type ffs (local, nodev) /dev/wd0g on /usr/X11R6 type ffs (local, nodev) /dev/wd0h on /usr/local type ffs (local, nodev) /dev/wd0j on /usr/obj type ffs (local, nodev, nosuid) /dev/wd0i on /usr/src type ffs (local, nodev, nosuid) /dev/wd0e on /var type ffs (local, nodev) 2. -bash-4.0# ls -l /var/www/cgi-bin total 2468 -rw-r--r-- 1 root daemon1435 Nov 26 21:24 aa.html -r-xr-xr-x 1 root bin 107256 Jul 10 10:06 bgplg -rw-r--r-- 1 root daemon 90 Nov 26 21:40 index.html -- 1 root bin268 Jul 10 10:01 printenv -- 1 root bin757 Jul 10 10:01 test-cgi Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sat, Nov 28, 2009 at 04:27:12PM +0700, ~Lst wrote: On Sat, Nov 28, 2009 at 4:06 PM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 09:45, schrieb ~Lst: -bash-4.0# cat /etc/rc.conf.local bgpd_flags=-r /var/www/logs/bgpd.rsock The socket is working... -bash-4.0# bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory RDE memory statistics Does it work too when you run it with the apache user (I guess www) from console ? No it doesn't, I don't know exactly what it means with `account is currently not available'. -bash-4.0# su www -c '/var/www/bin/bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory' This account is currently not available. -bash-4.0# id www uid=67(www) gid=67(www) groups=67(www) Look at the shell of the www account. Then run /sbin/nologin, or /sbin/nologin -c '/var/www/bin/bgpctl -s /var/ww/logs/bgpd.rsock' for that matter. Joachim
Re: bgplg failed only from web not from CLI
On Sat, 28 Nov 2009 10:58:39 +0100, Joachim Schipper wrote: /sbin/nologin -c '/var/www/bin/bgpctl -s /var/ww/logs/bgpd.rsock' That command does not work on my bgpd router which is working perfectly and doesn't have the OP's problem. Executing it gives a result like his This account is currently not available. *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: bgplg failed only from web not from CLI
On Sat, 28 Nov 2009 16:45:55 +0700, ~Lst wrote: On Sat, Nov 28, 2009 at 4:31 PM, Rod Whitworth glis...@witworx.com wrote: On Sat, 28 Nov 2009 15:42:51 +0700, ~Lst wrote: Yes, I know. If it's wrong via web, it should be the cmd show version didn't work too. Did I miss the configuration ? Let us see: 1 output of mount (the command) 2ls -l /var/www/cgi-bin 1. -bash-4.0# mount /dev/wd0a on / type ffs (local) /dev/wd0k on /home type ffs (local, nodev, nosuid) /dev/wd0d on /tmp type ffs (local, nodev, nosuid) /dev/wd0f on /usr type ffs (local, nodev) /dev/wd0g on /usr/X11R6 type ffs (local, nodev) /dev/wd0h on /usr/local type ffs (local, nodev) /dev/wd0j on /usr/obj type ffs (local, nodev, nosuid) /dev/wd0i on /usr/src type ffs (local, nodev, nosuid) /dev/wd0e on /var type ffs (local, nodev) 2. -bash-4.0# ls -l /var/www/cgi-bin total 2468 -rw-r--r-- 1 root daemon1435 Nov 26 21:24 aa.html -r-xr-xr-x 1 root bin 107256 Jul 10 10:06 bgplg -rw-r--r-- 1 root daemon 90 Nov 26 21:40 index.html -- 1 root bin268 Jul 10 10:01 printenv -- 1 root bin757 Jul 10 10:01 test-cgi Rgds, -- ~Lst Hmmm, I just remembered another setting that isn't default: Try ls -l /var/www/bin/bgpctl What does that show? *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: bgplg failed only from web not from CLI
On Sat, Nov 28, 2009 at 09:21:55PM +1100, Rod Whitworth wrote: On Sat, 28 Nov 2009 10:58:39 +0100, Joachim Schipper wrote: /sbin/nologin -c '/var/www/bin/bgpctl -s /var/ww/logs/bgpd.rsock' That command does not work on my bgpd router which is working perfectly and doesn't have the OP's problem. Executing it gives a result like his This account is currently not available. Ok, but it does explain why the OP gets a This account is currently not available message. Joachim
Re: bgplg failed only from web not from CLI
On Sat, Nov 28, 2009 at 5:24 PM, Rod Whitworth glis...@witworx.com wrote: Hmmm, I just remembered another setting that isn't default: Try ls -l /var/www/bin/bgpctl What does that show? -bash-4.0# ls -l /var/wwwbin/bgpctl -r-xr-xr-x 1 root bin 55048 Jul 10 10:07 /var/www/bin/bgpctl Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sat, Nov 28, 2009 at 10:05 PM, Andre Keller a...@ak.cx wrote: Hi well I just did a installation of 4.6 and tried the bgplg thingy. it took me 4 steps: bgpd -r /var/www/logs/bgpd.rsock chmod 0555 /var/www/bin/bgpctl chmod 0555 /var/www/cgi-bin/bgplg httpd Did you do anything else? (Playing with permissions f.e.?) Maybe you broke something while making ping / traceroute work... No, I just install and followed manual. What I don't undertand, why ping, traceroute and show version is ok, and anything else is failed (if it's via web). And if via bgplgsh (CLI) the whole thing is ok. Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
Am 28.11.2009 16:36, schrieb ~Lst: No, I just install and followed manual. You either missed a step or run an very uncommon configuration What I don't undertand, why ping, traceroute and show version is ok, and anything else is failed (if it's via web). Well anything else is anything related to bgpd, so this makes perfect sense... And if via bgplgsh (CLI) the whole thing is ok. Through which user you run bgplgsh?
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 12:19 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 16:36, schrieb ~Lst: No, I just install and followed manual. You either missed a step or run an very uncommon configuration It might be I missed a step, Could you help where is the step that I missed ? And if via bgplgsh (CLI) the whole thing is ok. Through which user you run bgplgsh? -bash-4.0# su - bgplg Orion-OpenBGPD-LG show ip bgp memory RDE memory statistics 0 IPv4 network entries using 0B of memory 0 rib entries using 0B of memory 0 prefix entries using 0B of memory 0 BGP path attribute entries using 0B of memory 0 BGP AS-PATH attribute entries using 0B of memory, and holding 0 references 0 BGP attributes entries using 0B of memory and holding 0 references 0 BGP attributes using 0B of memory RIB using 0B of memory -bash-4.0# id bgplg uid=1001(bgplg) gid=1001(bgplg) groups=1001(bgplg) I tested if www using bgplgsh... -bash-4.0# chsh -s /usr/bin/bgplgsh www -bash-4.0# su - www Orion-OpenBGPD-LG show ip bgp memory RDE memory statistics 0 IPv4 network entries using 0B of memory 0 rib entries using 0B of memory 0 prefix entries using 0B of memory 0 BGP path attribute entries using 0B of memory 0 BGP AS-PATH attribute entries using 0B of memory, and holding 0 references 0 BGP attributes entries using 0B of memory and holding 0 references 0 BGP attributes using 0B of memory RIB using 0B of memory These 2 users is ok using CLI but not if tested via web, If you'd like to see you could test on my web... http://203.84.157.250/cgi-bin/bgplg Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 1:15 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 18:34, schrieb ~Lst: On Sun, Nov 29, 2009 at 12:19 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 16:36, schrieb ~Lst: No, I just install and followed manual You either missed a step or run an very uncommon configuration It might be I missed a step, Could you help where is the step that I missed ? Either permissions or httpd chroot setup or something completely different http://203.84.157.250/cgi-bin/bgpl Restricted shell access might be more useful. I do believe you that it does not work, i just do not believe you that you done it EXACTLY like described in the man pages ;-)) OK, might be I was wrong, let's say I'm not doing exactly what the man pages said but this doesn't mean what I'm asking to. My question is, 1. why ping, traceroute and show version is working OK, but not with the others ? 2. why it's running well if its via CLI but not via web ? Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 01:25:03AM +0700, ~Lst wrote: On Sun, Nov 29, 2009 at 1:15 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 18:34, schrieb ~Lst: On Sun, Nov 29, 2009 at 12:19 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 16:36, schrieb ~Lst: No, I just install and followed manual You either missed a step or run an very uncommon configuration It might be I missed a step, Could you help where is the step that I missed ? Either permissions or httpd chroot setup or something completely different http://203.84.157.250/cgi-bin/bgpl Restricted shell access might be more useful. I do believe you that it does not work, i just do not believe you that you done it EXACTLY like described in the man pages ;-)) OK, might be I was wrong, let's say I'm not doing exactly what the man pages said but this doesn't mean what I'm asking to. My question is, 1. why ping, traceroute and show version is working OK, but not with the others ? 2. why it's running well if its via CLI but not via web ? are you chrooting your webserver? try running bgplgsh under chroot(1) and see if you get the same behavior Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 1:47 AM, Bret S. Lambert bret.lamb...@gmail.com wrote: On Sun, Nov 29, 2009 at 01:25:03AM +0700, ~Lst wrote: On Sun, Nov 29, 2009 at 1:15 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 18:34, schrieb ~Lst: On Sun, Nov 29, 2009 at 12:19 AM, Andre Keller a...@ak.cx wrote: Am 28.11.2009 16:36, schrieb ~Lst: No, I just install and followed manual You either missed a step or run an very uncommon configuration It might be I missed a step, Could you help where is the step that I missed ? Either permissions or httpd chroot setup or something completely different http://203.84.157.250/cgi-bin/bgpl Restricted shell access might be more useful. I do believe you that it does not work, i just do not believe you that you done it EXACTLY like described in the man pages ;-)) OK, might be I was wrong, let's say I'm not doing exactly what the man pages said but this doesn't mean what I'm asking to. My question is, 1. why ping, traceroute and show version is working OK, but not with the others ? 2. why it's running well if its via CLI but not via web ? are you chrooting your webserver? try running bgplgsh under chroot(1) and see if you get the same behavior I think yes, -bash-4.0# ps -aux | grep www _syslogd 12984 0.0 0.1 468 668 ?? S 7:20AM0:02.75 syslogd -a /var/www/dev/log -a /var/empty/dev/log www 23151 0.0 0.3 1312 2132 ?? Ss 7:20AM0:24.85 httpd: parent [chroot /var/www] (httpd) www 31735 0.0 0.2 1376 1784 ?? I 7:39AM0:01.17 httpd: child (httpd) www 21668 0.0 0.2 1376 1788 ?? I 7:39AM0:01.16 httpd: child (httpd) www 24825 0.0 0.2 1360 1780 ?? I 7:39AM0:00.47 httpd: child (httpd) www 1591 0.0 0.2 1376 1740 ?? I 7:39AM0:01.06 httpd: child (httpd) www 5272 0.0 0.2 1312 1688 ?? I 7:39AM0:00.49 httpd: child (httpd) www 28568 0.0 0.2 1312 1736 ?? I 7:39AM0:00.39 httpd: child (httpd) www 6680 0.0 0.2 1376 1740 ?? I 7:46AM0:00.10 httpd: child (httpd) Could you tell me how is running bgplgsh under chroot ? Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 01:56:19AM +0700, ~Lst wrote: [ snippzorz ] Could you tell me how is running bgplgsh under chroot ? man 1 chroot
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 2:04 AM, Bret S. Lambert bret.lamb...@gmail.com wrote: On Sun, Nov 29, 2009 at 01:56:19AM +0700, ~Lst wrote: [ snippzorz ] Could you tell me how is running bgplgsh under chroot ? man 1 chroot -bash-4.0# man 1 chroot man: no entry for chroot in section 1 of the manual. Same result with the page, http://www.openbsd.org/cgi-bin/man.cgi?query=chrootapropos=0sektion=1manpath=OpenBSD+4.6arch=i386format=html Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 02:09:49AM +0700, ~Lst wrote: On Sun, Nov 29, 2009 at 2:04 AM, Bret S. Lambert bret.lamb...@gmail.com wrote: On Sun, Nov 29, 2009 at 01:56:19AM +0700, ~Lst wrote: [ snippzorz ] Could you tell me how is running bgplgsh under chroot ? man 1 chroot -bash-4.0# man 1 chroot man: no entry for chroot in section 1 of the manual. Same result with the page, http://www.openbsd.org/cgi-bin/man.cgi?query=chrootapropos=0sektion=1manpath=OpenBSD+4.6arch=i386format=html man 8 chroot, my mistake Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 2:56 AM, Bret S. Lambert bret.lamb...@gmail.com wrote: On Sun, Nov 29, 2009 at 02:09:49AM +0700, ~Lst wrote: On Sun, Nov 29, 2009 at 2:04 AM, Bret S. Lambert bret.lamb...@gmail.com wrote: On Sun, Nov 29, 2009 at 01:56:19AM +0700, ~Lst wrote: [ snippzorz ] Could you tell me how is running bgplgsh under chroot ? I tried running bgplgsh under chroot, still works if its via CLI but not via web. -bash-4.0# ps -aux | grep chroot www 4592 0.0 0.3 1356 2120 ?? Ss10:36AM0:01.07 httpd: parent [chroot /var/www] (httpd) -bash-4.0# ls -l /var/www/bin/bgplgsh -r-xr-xr-x 1 root daemon 28052 Nov 29 10:09 /var/www/bin/bgplgsh -bash-4.0# /var/www/bin/bgplgsh Orion-OpenBGPD-LG show ip bgp memory RDE memory statistics 299769 IPv4 network entries using 6.9M of memory 599538 rib entries using 18.3M of memory 599538 prefix entries using 18.3M of memory 107114 BGP path attribute entries using 7.8M of memory 46198 BGP AS-PATH attribute entries using 2.1M of memory, and holding 107114 references 8197 BGP attributes entries using 192K of memory and holding 126690 references 8196 BGP attributes using 151K of memory RIB using 53.6M of memory Rgds, -- ~Lst
Re: bgplg failed only from web not from CLI
On Sun, 29 Nov 2009 04:42:34 +0700 ~Lst slack...@gmail.com wrote: Could you tell me how is running bgplgsh under chroot ? I tried running bgplgsh under chroot, still works if its via CLI but not via web. -bash-4.0# ps -aux | grep chroot www 4592 0.0 0.3 1356 2120 ?? Ss10:36AM0:01.07 httpd: parent [chroot /var/www] (httpd) -bash-4.0# ls -l /var/www/bin/bgplgsh -r-xr-xr-x 1 root daemon 28052 Nov 29 10:09 /var/www/bin/bgplgsh -bash-4.0# /var/www/bin/bgplgsh *chuckle* If you were running bgplgsh in a chroot from the cmdline you would have to execute it by invoking /bin/bgplgsh because of the changed root. ;) # man chroot # sudo chroot -u www -g www /var/www /bin/bgplgsh Lots of patience to spare around here, if everyone chims in from time to time. - Robert
Re: bgplg failed only from web not from CLI
On Sun, Nov 29, 2009 at 6:57 AM, Robert rob...@openbsd.pap.st wrote: *chuckle* If you were running bgplgsh in a chroot from the cmdline you would have to execute it by invoking /bin/bgplgsh because of the changed root. ;) # man chroot # sudo chroot -u www -g www /var/www /bin/bgplgsh Lots of patience to spare around here, if everyone chims in from time to time. o0o...sorry... -bash-4.0$ sudo chroot -u www -g www /var/www /usr/bin/bgplgsh chroot: /usr/bin/bgplgsh: No such file or directory -bash-4.0$ ls -l /usr/bin/bgplgsh -r-xr-xr-x 1 root bin 28052 Jul 10 10:06 /usr/bin/bgplgsh Rgds -- ~Lst
Re: bgplg failed only from web not from CLI
On Fri, 27 Nov 2009 03:06:59 +0700, ~Lst wrote: Hi, I've already setup bgplg on my test machine, but only show version, ping and traceroute that is work (suggested from http://marc.info/?l=openbsd-miscm=122670411001369w=2). Everything else is not work, such as show ip bgp memory, etc... I followed man pages and checked everything but still its only failed, the strange is everytime I tested from CLI it works fine but not if I tested from the web. Is there anything that I don't know ? -bash-4.0# /var/www/bin/bgpctl show ip bgp memory RDE memory statistics 299625 IPv4 network entries using 6.9M of memory 599250 rib entries using 18.3M of memory 599250 prefix entries using 18.3M of memory 106974 BGP path attribute entries using 7.8M of memory 46163 BGP AS-PATH attribute entries using 2.1M of memory, and holding 106974 references 8164 BGP attributes entries using 191K of memory and holding 126530 references 8163 BGP attributes using 149K of memory RIB using 53.6M of memory Rgds, -- ~Lst Here is the output from the web access on a router I administer: RDE memory statistics 7793 IPv4 network entries using 244K of memory 2279 IPv6 network entries using 97.9K of memory 21902 prefix entries using 684K of memory 7050 BGP path attribute entries using 551K of memory 3963 BGP AS-PATH attribute entries using 140K of memory, and holding 7050 references 564 BGP attributes entries using 13.2K of memory and holding 7160 references 563 BGP attributes using 8.3K of memory RIB using 1.7M of memory success. === Looks OK to me. I don't know what misconfiguration may be possible but I thought you'd at least like to know that bgplg is capable of doing it. That gives you a pointer to look elsewhere than bgplg itself. HTH, *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: bgplg failed only from web not from CLI
Hi Seems that you cannot connect to bgpd Are you sure bgpd_flags=-r /var/www/logs/bgpd.rsock is present in your rc.conf.local? is the socket working? (bgpctl -s /var/www/logs/bgpd.rsock show rib ) hth andre Am 26.11.2009 21:06, schrieb ~Lst: Hi, I've already setup bgplg on my test machine, but only show version, ping and traceroute that is work (suggested from http://marc.info/?l=openbsd-miscm=122670411001369w=2). Everything else is not work, such as show ip bgp memory, etc... I followed man pages and checked everything but still its only failed, the strange is everytime I tested from CLI it works fine but not if I tested from the web. Is there anything that I don't know ? -bash-4.0# /var/www/bin/bgpctl show ip bgp memory RDE memory statistics 299625 IPv4 network entries using 6.9M of memory 599250 rib entries using 18.3M of memory 599250 prefix entries using 18.3M of memory 106974 BGP path attribute entries using 7.8M of memory 46163 BGP AS-PATH attribute entries using 2.1M of memory, and holding 106974 references 8164 BGP attributes entries using 191K of memory and holding 126530 references 8163 BGP attributes using 149K of memory RIB using 53.6M of memory Rgds, -- ~Lst