Re: Q: Problems forwarding traffic using pf ...

[Why 42? The lists account.]

Hi Guys,

Thanks for the feedback, to address your points:

1> Possibly stupid question, but did you set the sysctl(s) to enable forwarding?

Yes I tried this pf rule change with version 4 forwarding
(net.inet.ip.forwarding) both enabled and disabled.

Either way the pf "pass out tagged" rule is never matched.

I didn't reboot after changing this setting. It's not clear to me if that
is necessary. For the version 6 variable (net.inet6.ip6.forwarding) "man
2 sysctl" states: 

"... changing this variable during operation may cause serious trouble.
 Hence, this variable should only be set at bootstrap time."

Whatever that might mean. Anyway, for the version 4 variable there no
similar remark.


2> And there is also mforwarding
3> And multicast=YES rc.conf.local

In this first simple proof/test I just tried to forward some UDP. So this
is not yet relevant. But I think you are both right, if I get as far as
doing multicasting, I'll probably need those.

Out of interest I grepped in /etc and it seems that setting multicast=YES
influences the netstart script. When multicast is not "YES" then the
route for 224.0.0.0/4 is deleted and re-added to the IP loopback address
with an option "reject".

Cheers,
Robb.

Re: Q: Problems forwarding traffic using pf ...

[Zé Loff]

On Thu, May 23, 2024 at 08:24:03PM +0300, Kapetanakis Giannis wrote:
> On 23/05/2024 20:18, Peter N. M. Hansteen wrote:
> > On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:
> > > I need to quickly create a solution for forwarding multicast traffic
> > > between two systems, so I though perhaps I could use pf to do just that
> > > by writing some rules along the lines of:
> > > 
> > >  1. pass in on iface A proto UDP ... tag mcast
> > >  2. pass out on iface B tagged mcast
> > > 
> > >  And another pair of rules for the reverse direction B -> A.
> > > 
> > > (Obviously I'd add more options to filter specific addresses, etc.)
> > Possibly stupid question, but did you set the sysctl(s) to enable 
> > forwarding?
> > 
> > $ sysctl net.inet.ip.forwarding
> > 
> > and
> > 
> > $ sysctl net.inet6.ip6.forwarding
> > 
> > will provide the answer (as in, if those values are not 1, forwarding
> > between interfaces is not enabled)
> > 
> > 
> And there is also mforwarding
> 
> net.inet.ip.forwarding
> net.inet.ip.mforwarding
> net.inet6.ip6.forwarding
> net.inet6.ip6.mforwarding
> 
> G
> 

And multicast=YES rc.conf.local
-- 
 

Re: Q: Problems forwarding traffic using pf ...

[Kapetanakis Giannis]

On 23/05/2024 20:18, Peter N. M. Hansteen wrote:

On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:

I need to quickly create a solution for forwarding multicast traffic
between two systems, so I though perhaps I could use pf to do just that
by writing some rules along the lines of:

 1. pass in on iface A proto UDP ... tag mcast
 2. pass out on iface B tagged mcast

 And another pair of rules for the reverse direction B -> A.

(Obviously I'd add more options to filter specific addresses, etc.)

Possibly stupid question, but did you set the sysctl(s) to enable forwarding?

$ sysctl net.inet.ip.forwarding

and

$ sysctl net.inet6.ip6.forwarding

will provide the answer (as in, if those values are not 1, forwarding
between interfaces is not enabled)



And there is also mforwarding

net.inet.ip.forwarding
net.inet.ip.mforwarding
net.inet6.ip6.forwarding
net.inet6.ip6.mforwarding

G

Re: Q: Problems forwarding traffic using pf ...

[Peter N. M. Hansteen]

On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:
> I need to quickly create a solution for forwarding multicast traffic
> between two systems, so I though perhaps I could use pf to do just that
> by writing some rules along the lines of:
> 
> 1. pass in on iface A proto UDP ... tag mcast
> 2. pass out on iface B tagged mcast
> 
> And another pair of rules for the reverse direction B -> A.
> 
> (Obviously I'd add more options to filter specific addresses, etc.)

Possibly stupid question, but did you set the sysctl(s) to enable forwarding?

$ sysctl net.inet.ip.forwarding

and

$ sysctl net.inet6.ip6.forwarding

will provide the answer (as in, if those values are not 1, forwarding
between interfaces is not enabled)


-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Q: Problems forwarding traffic using pf ...

[Why 42? The lists account.]

Hi All,

I need to quickly create a solution for forwarding multicast traffic
between two systems, so I though perhaps I could use pf to do just that
by writing some rules along the lines of:

1. pass in on iface A proto UDP ... tag mcast
2. pass out on iface B tagged mcast

And another pair of rules for the reverse direction B -> A.

(Obviously I'd add more options to filter specific addresses, etc.)

So I tried to do a quick test / proof of concept. Here is the pf.conf:
# cat pf.conf
set skip on lo0
set block-policy return
set debug warning

# Begin by blocking everything
block log all   # Begin by blocking everything
pass  in  log on em0proto udp from 192.168.178.166 tag UDP
pass  out log on ure0   tagged UDP
###match route dup-to ure0 tagged TAG_UP

# Allow all outbound
#pass out log modulate state

The two "pass" lines are the basis of the idea. This seems to be pretty
much identical to the tagging example "INTNET" in the pf.conf man page.

pfctl reports:
# pfctl -vvs rules | grep @
@0 block return log all
@1 pass in log on em0 inet proto udp from 192.168.178.166 to any tag UDP
@2 pass out log on ure0 all flags S/SA tagged UDP

I see that rule 1 is matched, but never rule 2. E.g.
...
May 23 10:32:06.602759 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
224.0.0.251.5353: 46[|domain] (DF)
May 23 10:32:06.603963 rule 0/(match) block in on em0: 
fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 46[|domain] [flowlabel 0xbaff9]
May 23 10:32:09.700212 rule 0/(match) block in on em0: 192.168.178.254 > 
224.0.0.1: igmp query [len 12] (DF) [tos 0xc0] [ttl 1]
May 23 10:32:13.267374 rule 1/(match) pass in on em0: 192.168.178.166.56334 > 
192.168.178.11.54321: udp 7
May 23 10:32:20.592971 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
224.0.0.251.5353: 16 [3q][|domain] (DF)
May 23 10:32:21.136275 rule 0/(match) block in on em0: 192.168.178.252.5353 > 
224.0.0.251.5353: 48084+[|domain]
May 23 10:32:21.137074 rule 0/(match) block in on em0: 192.168.178.252.5353 > 
224.0.0.251.5353: 0* [0q] 3/0/3[|domain]
...
May 23 10:32:48.588466 rule 1/(match) pass in on em0: 192.168.178.166.56335 > 
192.168.178.11.54321: udp 42
May 23 10:32:49.705282 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
224.0.0.251.5353: 0[|domain] (DF)
May 23 10:32:49.705839 rule 0/(match) block in on em0: 
fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 0[|domain] [flowlabel 0xbaff9]
...

I must be missing something, but what?

Both interfaces are up and configured with IP addresses.
I'm running the current snapshot i.e. 7.5 GENERIC.MP#77 amd64.

Thanks in advance!

Cheers,
Robb.

Re: pkg_info -Q confusion

[Mike Fischer]

> Am 15.04.2023 um 23:44 schrieb Antun Matanović :
> 
>> I'm generally interested in what is available for the exact machine I am 
>> running on.
> 
> You could use `pkg_info -a -Q` which searches all the repositories.
>> From the pkg_info man page:
> -Q substring
> Show the names of all packages in the first repository of the
> package search path containing the substring in the stems of
> their package names.  A stem is a package name with all version
> and flavor suffixes removed; see pkg_add(1) for more details on
> stems.  If -a is also specified, show the names of all matching
> packages in all repositories instead.

So simple and so perfect! Thanks for that hint.

I’ll still keep pkglocate around for more complicated partial name searches but 
for most of my use cases pkg_info -aQ name is exactly what I need.

Mike

Re: pkg_info -Q confusion

[Antun Matanović]

> I'm generally interested in what is available for the exact machine I am 
> running on.

You could use `pkg_info -a -Q` which searches all the repositories.
>From the pkg_info man page:
 -Q substring
 Show the names of all packages in the first repository of the
 package search path containing the substring in the stems of
 their package names.  A stem is a package name with all version
 and flavor suffixes removed; see pkg_add(1) for more details on
 stems.  If -a is also specified, show the names of all matching
 packages in all repositories instead.

Re: pkg_info -Q confusion

[Mike Fischer]

> Am 14.04.2023 um 18:24 schrieb Allan Streib :
> 
> On Fri, Apr 14, 2023, at 05:50, Stuart Henderson wrote:
>> I never found pkg_info -Q to be a useful tool.
>> 
>> Try pkglocate instead ("pkg_add pkglocatedb" first) which allows
>> searching on an index that is built from : - as a
>> result it lets you do a substring match on package names, not just
>> on filenames.
> 
> Also, as mentioned in packages(7) man page, there is a site at
> https://openports.pl/ that can be used, though obviously that requires
> internet access so may not be appropriate for all cases. I tend to
> use it a lot, personally.

It does not seem to differentiate between different OpenBSD versions or 
architectures though?

I’m generally interested in what is available for the exact machine I am 
running on. But I guess at least knowing that there is a port for some version 
on some platform might be helpful — at least the inverse means I can stop 
looking now ;-)


But still thanks for reminding me of this site. I had forgotten about that.

Mike

Re: pkg_info -Q confusion

[Allan Streib]

On Fri, Apr 14, 2023, at 05:50, Stuart Henderson wrote:
> I never found pkg_info -Q to be a useful tool.
>
> Try pkglocate instead ("pkg_add pkglocatedb" first) which allows
> searching on an index that is built from : - as a
> result it lets you do a substring match on package names, not just
> on filenames.

Also, as mentioned in packages(7) man page, there is a site at
https://openports.pl/ that can be used, though obviously that requires
internet access so may not be appropriate for all cases. I tend to
use it a lot, personally.

Re: pkg_info -Q confusion

[Mike Fischer]

Inline…

> Am 14.04.2023 um 12:50 schrieb Stuart Henderson :
> 
> On 2023-04-14, Mike Fischer  wrote:
>> Usually when looking for a port to install I  use `pkg_info -Q name` to 
>> search for the the port.
>> 
>> Strangely this does not completely work for PHP on OpenBSD 7.3:
>> 
>> `pkg_info -Q php` does not list PHP 7.4.33 and related ports which are 
>> clearly available.
>> 
>> It seems that -Q only finds ports in packages-stable/, not packages/?
>> 
>> pkg_info(1) does not seem to mention this limitation (or I have missed it).
> 
> That's what is meant by "in the first repository of the package search
> path" but it's not very obvious.

Ah, I see. Indeed I didn’t realise that was meant by the statement.


> If PKG_PATH is not set and you're on a release version, the
> pkg_add-based tools (including pkg_info) construct one starting with
> the packages-stable directory, in order that -stable updates are
> preferred over release packages. This is (mostly) described in
> pkg_add(1).
> 
> You can search just the release packages with
> 
> PKG_PATH=http://cdn.openbsd.org/pub/OpenBSD/%v/packages/%a/ pkg_info -Q php

Ok, thanks. Not very comfortable but at least a possibility.


> 
>> Is this working as intended?
> 
> Yes though it's a little unfriendly.

Yep!


> 
>> Is there a better way to look for available packages?
> 
> I never found pkg_info -Q to be a useful tool.

Up to now I never had an issue. But I never noticed this limitation before. (I 
did notice the lack of being able to search for partial package names but I 
have gotten used to that.)


> Try pkglocate instead ("pkg_add pkglocatedb" first) which allows
> searching on an index that is built from : - as a
> result it lets you do a substring match on package names, not just
> on filenames.
> 
> For a package which includes many files you'll get a lot of output
> lines, so something like "pkglocate moo | cut -d: -f1 | uniq" maybe
> useful, or "pkglocate moo | grep ^moo".
> 
> And if you're looking for the package containing a particular
> binary, "pkglocate bin/moo" cuts out a lot of the useless stuff.

Very helpful!

Thanks Stuart!

Mike

Re: pkg_info -Q confusion

[Stuart Henderson]

On 2023-04-14, Mike Fischer  wrote:
> Usually when looking for a port to install I  use `pkg_info -Q name` to 
> search for the the port.
>
> Strangely this does not completely work for PHP on OpenBSD 7.3:
>
> `pkg_info -Q php` does not list PHP 7.4.33 and related ports which are 
> clearly available.
>
> It seems that -Q only finds ports in packages-stable/, not packages/?
> 
> pkg_info(1) does not seem to mention this limitation (or I have missed it).

That's what is meant by "in the first repository of the package search
path" but it's not very obvious.

If PKG_PATH is not set and you're on a release version, the
pkg_add-based tools (including pkg_info) construct one starting with
the packages-stable directory, in order that -stable updates are
preferred over release packages. This is (mostly) described in
pkg_add(1).

You can search just the release packages with

PKG_PATH=http://cdn.openbsd.org/pub/OpenBSD/%v/packages/%a/ pkg_info -Q php

> Is this working as intended?

Yes though it's a little unfriendly.

> Is there a better way to look for available packages?

I never found pkg_info -Q to be a useful tool.

Try pkglocate instead ("pkg_add pkglocatedb" first) which allows
searching on an index that is built from : - as a
result it lets you do a substring match on package names, not just
on filenames.

For a package which includes many files you'll get a lot of output
lines, so something like "pkglocate moo | cut -d: -f1 | uniq" maybe
useful, or "pkglocate moo | grep ^moo".

And if you're looking for the package containing a particular
binary, "pkglocate bin/moo" cuts out a lot of the useless stuff.

pkg_info -Q confusion

[Mike Fischer]

Usually when looking for a port to install I  use `pkg_info -Q name` to search 
for the the port.

Strangely this does not completely work for PHP on OpenBSD 7.3:

`pkg_info -Q php` does not list PHP 7.4.33 and related ports which are clearly 
available.

It seems that -Q only finds ports in packages-stable/, not packages/?

pkg_info(1) does not seem to mention this limitation (or I have missed it).


Is this working as intended?

Is there a better way to look for available packages?


Thanks!
Mike

Re: Q: Error: mount_mfs: mmap: Cannot allocate memory

[Crystal Kolipe]

On Wed, Feb 15, 2023 at 03:10:08PM +0100, Why 42? The lists account. wrote:
> However, I also tried testing the same two filesystems using the
> "Flexible IO Tester" or fio (it's available as a package). When I used it
> to do random 4K reads and writes, I appear to have the opposite result:

...

> I wonder why that would be?

For a start, I would test using something other than /dev/zero as the data
source.

It's entirely possible that the firmware on an SSD would special case writing
a block that contains only 0x00 bytes.

In that case, and assuming that the filesystem block boundaries align with
the SSD's own internal flash block layout, the SSD would only need to update
it's metadata to point those LBA blocks to an internal 'zero' block.

This would virtually eliminate the overhead of actually writing to the flash,
and allow it to accept data from the host at a much faster speed.

As soon as you write a single non-0x00 byte, the drive would have to do a
propper write to the main flash memory and not just the area which contains
it's internal LBA to flash block mapping, (which may also be write-cached).

Depending on the state of the SSD, (recently secerased, used with another
OS which supports TRIM, alignment of the filesystem blocks with the raw
flash blocks, etc, etc), this could mean either a write, or a
read-erase-write cycle.

Using /dev/zero as the source definitely makes it a synthetic benchmark.

Re: Q: Error: mount_mfs: mmap: Cannot allocate memory

[Why 42? The lists account.]

On Mon, Feb 13, 2023 at 01:50:13PM -, Stuart Henderson wrote:
> ...
> It maybe worth checking whether mfs is actually helping -
> it's easy to assume that because it's in RAM it must be fast,
> but I've had machines where mfs was slower than SSD
> (https://marc.info/?l=openbsd-misc=164942119618029=2),
> also it's taking memory that could otherwise be used by
> buffer cache.

Hi All,

Since you mentioned it, I thought I would retry your dd test ...

# mount | grep /tmp
mfs:15266 on /tmp type mfs (asynchronous, local, nodev, nosuid, size=16777216 
512-blocks)

% cd !$ ; for i in `jot 5`; do dd if=/dev/zero of=mfs bs=1m count=990 2>&1 | 
grep bytes; done
cd /tmp/dd_test ; for i in `jot 5`; do dd if=/dev/zero of=mfs bs=1m count=990 
2>&1 | grep bytes; done
1038090240 bytes transferred in 1.376 secs (754215208 bytes/sec)
1038090240 bytes transferred in 1.189 secs (872536649 bytes/sec)
1038090240 bytes transferred in 1.227 secs (845718432 bytes/sec)
1038090240 bytes transferred in 1.186 secs (874866632 bytes/sec)
1038090240 bytes transferred in 1.254 secs (827186370 bytes/sec)

# mount | grep /fast
/dev/sd1l on /fast type ffs (local, nodev, nosuid, softdep)
# dmesg | grep sd1
sd1 at scsibus2 targ 1 lun 0: 
...

% cd /fast/dd_test ; for i in `jot 5`; do dd if=/dev/zero of=fast bs=1m 
count=990 2>&1 | grep bytes; done 
1038090240 bytes transferred in 0.871 secs (1191076597 bytes/sec)
1038090240 bytes transferred in 0.635 secs (1633246669 bytes/sec)
1038090240 bytes transferred in 0.615 secs (1685529408 bytes/sec)
1038090240 bytes transferred in 0.605 secs (1714639562 bytes/sec)
1038090240 bytes transferred in 0.612 secs (1694489764 bytes/sec)


So it seems that the Samsung NVMe device is much faster ...

However, I also tried testing the same two filesystems using the
"Flexible IO Tester" or fio (it's available as a package). When I used it
to do random 4K reads and writes, I appear to have the opposite result:

fio --name=rand_mmap_r+w --directory=/tmp/fio_test --rw=randrw --blocksize=4k 
--size=6g --io_size=60g --runtime=600 --ioengine=psync --fsync=1 --thread 
--numjobs=1 --group_reporting
...
Run status group 0 (all jobs):
   READ: bw=130MiB/s (136MB/s), 130MiB/s-130MiB/s (136MB/s-136MB/s), io=30.0GiB 
(32.2GB), run=236394-236394msec
  WRITE: bw=130MiB/s (136MB/s), 130MiB/s-130MiB/s (136MB/s-136MB/s), io=30.0GiB 
(32.2GB), run=236394-236394msec

% fio --name=rand_mmap_r+w --directory=/fast/fio_test --rw=randrw 
--blocksize=4k --size=6g --io_size=60g --runtime=600 --ioengine=psync --fsync=1 
--thread --numjobs=1 --group_reporting
...
Run status group 0 (all jobs):
   READ: bw=34.8MiB/s (36.5MB/s), 34.8MiB/s-34.8MiB/s (36.5MB/s-36.5MB/s), 
io=20.4GiB (21.9GB), run=60-60msec
  WRITE: bw=34.8MiB/s (36.4MB/s), 34.8MiB/s-34.8MiB/s (36.4MB/s-36.4MB/s), 
io=20.4GiB (21.9GB), run=60-60msec

I wonder why that would be?

Disclaimer: I know almost nothing about fio, I've never used it before.
In particular, it isn't clear to me what the correct/best choice is for
the "ioengine" option. (I played around with a few different settings,
that's why you can see that "mmap" in the (test)name argument.)

This is on a 8th generation i5 Intel NUC running a recent snapshot: 7.2
GENERIC.MP#1049

The CPU has 4 cores, hyperthreading is off. The underlying device for
"/fast" is a Samsung M.2 NVMe "stick":
nvme0: Samsung SSD 970 EVO Plus 500GB, firmware 1B2QEXM7 ...

The full output from fio is included below for anyone who might be
interested ...

Cheers,
Robb.


fio --name=rand_mmap_r+w --directory=/tmp/fio_test --rw=randrw --blocksize=4k 
--size=6g --io_size=60g --runtime=600 --ioengine=psync --fsync=1 --thread 
--numjobs=1 --group_reporting
rand_mmap_r+w: (g=0): rw=randrw, bs=(R) 4096B-4096B, (W) 4096B-4096B, (T) 
4096B-4096B, ioengine=psync, iodepth=1
fio-3.33
Starting 1 thread
rand_mmap_r+w: Laying out IO file (1 file / 6144MiB)
Jobs: 1 (f=1): [m(1)][100.0%][r=134MiB/s,w=134MiB/s][r=34.3k,w=34.2k IOPS][eta 
00m:00s]
rand_mmap_r+w: (groupid=0, jobs=1): err= 0: pid=669956672: Wed Feb 15 13:52:03 
2023
  read: IOPS=33.3k, BW=130MiB/s (136MB/s)(30.0GiB/236394msec)
clat (nsec): min=1523, max=1504.6k, avg=5387.11, stdev=1201.82
 lat (nsec): min=1580, max=1504.7k, avg=5450.15, stdev=1203.46
clat percentiles (nsec):
 |  1.00th=[ 3632],  5.00th=[ 4576], 10.00th=[ 4832], 20.00th=[ 5024],
 | 30.00th=[ 5152], 40.00th=[ 5280], 50.00th=[ 5344], 60.00th=[ 5472],
 | 70.00th=[ 5600], 80.00th=[ 5792], 90.00th=[ 5984], 95.00th=[ 6176],
 | 99.00th=[ 6496], 99.50th=[ 6688], 99.90th=[13376], 99.95th=[18048],
 | 99.99th=[26240]
   bw (  KiB/s): min=126573, max=144312, per=100.00%, avg=133298.71, 
stdev=2476.36, samples=472
   iops: min=31643, max=36078, avg=33324.48, stdev=619.06, samples=472
  write: IOPS=33.2k, BW=130MiB/s (136MB/s)(30.0GiB/236394msec); 0 zone resets
clat (usec): min=3, max=1549, avg=13.84, stdev= 2.06
 lat (usec): min=3, max=1549, avg=13.92, stdev= 2.07
clat 

Re: Q: Error: mount_mfs: mmap: Cannot allocate memory

[Stuart Henderson]

On 2023-02-12, Why 42? The lists account.  wrote:
>
> You're exactly right. With this entry in fstab:
>> swap /tmp mfs rw,nodev,nosuid,-s=4194304 0 0 
>
> I now have this /tmp space:
>> mjoelnir:~ 12.02 13:15:07 % df -h
>> Filesystem SizeUsed   Avail Capacity  Mounted on
>> /dev/sd1a 1005M537M418M57%/
>> mfs:67535  1.9G   29.0K1.8G 1%/tmp
>> ...
>
> That's right after a reboot. I'll start Chrome now and it can really chow
> down on some /tmp space :-)

It maybe worth checking whether mfs is actually helping -
it's easy to assume that because it's in RAM it must be fast,
but I've had machines where mfs was slower than SSD
(https://marc.info/?l=openbsd-misc=164942119618029=2),
also it's taking memory that could otherwise be used by
buffer cache.

The main benefit to me from mfs is for things which I explicitly
don't want to hit permanent storage.

Re: Q: Error: mount_mfs: mmap: Cannot allocate memory

[Crystal Kolipe]

On Sun, Feb 12, 2023 at 01:28:04PM +0100, Why 42? The lists account. wrote:
> 
> On Sun, Feb 05, 2023 at 02:50:44PM -0300, Crystal Kolipe wrote:
> > On Sun, Feb 05, 2023 at 06:05:22PM +0100, Why 42? The lists account. wrote:
> > ...
> > > The fstab file contains this mount entry for tmp:
> > > swap /tmp mfs rw,nodev,nosuid,-s=16777216 0 0
> > 
> > This is 8 Gb, which exceeds the default value for datasize for the daemon
> > class in /etc/login.conf.
> > 
> > Have you changed /etc/login.conf from the default?
> > 
> > > Did MFS filesystems go away, or have I screwed something up?
> > 
> > You've screwed something up :).
> 
> You're exactly right. With this entry in fstab:
> > swap /tmp mfs rw,nodev,nosuid,-s=4194304 0 0 
> 
> I now have this /tmp space:
> > mjoelnir:~ 12.02 13:15:07 % df -h
> > Filesystem SizeUsed   Avail Capacity  Mounted on
> > /dev/sd1a 1005M537M418M57%/
> > mfs:67535  1.9G   29.0K1.8G 1%/tmp
> > ...

If you've got plenty of physical RAM, you can always increase the datasize in
login.conf and keep your original 8 Gb mfs ramdisk rather than reducing it.

Not sure if that was clear from my original reply :).

Re: Q: Error: mount_mfs: mmap: Cannot allocate memory

[Why 42? The lists account.]

On Sun, Feb 05, 2023 at 02:50:44PM -0300, Crystal Kolipe wrote:
> On Sun, Feb 05, 2023 at 06:05:22PM +0100, Why 42? The lists account. wrote:
> ...
> > The fstab file contains this mount entry for tmp:
> > swap /tmp mfs rw,nodev,nosuid,-s=16777216 0 0
> 
> This is 8 Gb, which exceeds the default value for datasize for the daemon
> class in /etc/login.conf.
> 
> Have you changed /etc/login.conf from the default?
> 
> > Did MFS filesystems go away, or have I screwed something up?
> 
> You've screwed something up :).

You're exactly right. With this entry in fstab:
> swap /tmp mfs rw,nodev,nosuid,-s=4194304 0 0 

I now have this /tmp space:
> mjoelnir:~ 12.02 13:15:07 % df -h
> Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/sd1a 1005M537M418M57%/
> mfs:67535  1.9G   29.0K1.8G 1%/tmp
> ...

That's right after a reboot. I'll start Chrome now and it can really chow
down on some /tmp space :-)

Thanks!

Cheers,
Robb.

Re: Q: Error: mount_mfs: mmap: Cannot allocate memory

[Crystal Kolipe]

On Sun, Feb 05, 2023 at 06:05:22PM +0100, Why 42? The lists account. wrote:
> mount_mfs: mmap: Cannot allocate memory

...

> The fstab file contains this mount entry for tmp:
> swap /tmp mfs rw,nodev,nosuid,-s=16777216 0 0

This is 8 Gb, which exceeds the default value for datasize for the daemon
class in /etc/login.conf.

Have you changed /etc/login.conf from the default?

> Did MFS filesystems go away, or have I screwed something up?

You've screwed something up :).

Q: Error: mount_mfs: mmap: Cannot allocate memory

[Why 42? The lists account.]

Hi All,

After an update to a recent snapshot on my desktop system, I noticed
these mount_mfs messages at boot time:

/dev/sd0h (7a1775fef773535e.h): file system is clean; not checking /dev/sd1j
(281ef747da03afe7.j): file system is clean; not checking
/dev/sd1k (281ef747da03afe7.k): file system is clean; not checking
/dev/sd1l (281ef747da03afe7.l): file system is clean; not checking
/dev/sd2c (67c92dad63883338.c): file system is clean; not checking
mount_mfs: mmap: Cannot allocate memory
kbd: keyboard mapping set to de.nodead
keyboard.encoding -> de.nodead
pf enabled
kern.maxproc: 1310 -> 4000
kern.maxthread: 2620 -> 8000
kern.maxfiles: 7030 -> 16000
ddb.panic: 1 -> 0
kern.allowdt: 0 -> 1
starting network
reordering: ld.so libc libcrypto sshd.
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons: portmap mountd nfsd lockd statd.
mount_mfs: mmap: Cannot allocate memory
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
running rc.sysmerge
starting network daemons: sshd sndiod.
running rc.firsttime
fw_update: added none; updated none; kept intel,inteldrm,vmm
starting package daemons: messagebus postfix smartd pcscd avahi_daemon.
starting local daemons: sensorsd cron xenodm.

The fstab file contains this mount entry for tmp:
swap /tmp mfs rw,nodev,nosuid,-s=16777216 0 0

I don't know when this first occurred. I first noticed it when I was
investigating why chrome had started to log "filesystem full" messages:
e.g. "/: write failed, file system is full.".

Since the mfs mount of /tmp failed, it's now using the root fs as /tmp
space, which doesn't have much free space.

I'm currently running: OpenBSD mjoelnir.fritz.box 7.2 GENERIC.MP#1012 amd64

Did MFS filesystems go away, or have I screwed something up?

Cheers,
Robb.

Re: pkg_info -Q not finding all entries?

[David Demelier]

On Mon, 2023-01-30 at 11:26 +, Stuart Henderson wrote:
> On 2023-01-30, David Demelier  wrote:
> > While searching for sqlite3 I've realized that pkg_info -Q sqlite3
> > finds some php packages but not everything available in the remote
> > repository:
> 
> This is a consequence of the "first repository of the package search
> path" limitation of -Q and how -stable packages are handled.
> It only displays packages for which a -stable update is available.
> 
> Workaround:
> 
> PKG_PATH=http://cdn.openbsd.org/pub/OpenBSD/%v/packages/%a/ pkg_info
> -Q sqlite
> 

Hi,

Thank you for your both answers, I'll keep that around :)

-- 
David

Re: pkg_info -Q not finding all entries?

[Stuart Henderson]

On 2023-01-30, David Demelier  wrote:
> While searching for sqlite3 I've realized that pkg_info -Q sqlite3
> finds some php packages but not everything available in the remote
> repository:

This is a consequence of the "first repository of the package search
path" limitation of -Q and how -stable packages are handled.
It only displays packages for which a -stable update is available.

Workaround:

PKG_PATH=http://cdn.openbsd.org/pub/OpenBSD/%v/packages/%a/ pkg_info -Q sqlite

though this won't show updates from the packages-stable directory.
(Or run -current :-)

Another sort-of alternative is to use pkglocate (install the pkglocatedb
package, and for some things postprocessing with | cut -d: -f1 | sort -u
helps).

Re: pkg_info -Q not finding all entries?

[Matthias Schmidt]

Hi,

* David Demelier wrote:
> Hello,
> 
> While searching for sqlite3 I've realized that pkg_info -Q sqlite3
> finds some php packages but not everything available in the remote
> repository:
> 
> # cat /etc/installurl 
> https://ftp.fr.openbsd.org/pub/OpenBSD/
> # pkg_info -Q sqlite3
> debug-php-sqlite3-7.4.32p0
> debug-php-sqlite3-7.4.33
> debug-php-sqlite3-8.0.24p0
> debug-php-sqlite3-8.0.25
> debug-php-sqlite3-8.0.26
> debug-php-sqlite3-8.0.27
> debug-php-sqlite3-8.1.11p0
> debug-php-sqlite3-8.1.12
> debug-php-sqlite3-8.1.13
> debug-php-sqlite3-8.1.14
> php-sqlite3-7.4.32p0
> php-sqlite3-7.4.33
> php-sqlite3-8.0.24p0
> php-sqlite3-8.0.25
> php-sqlite3-8.0.26
> php-sqlite3-8.0.27
> php-sqlite3-8.1.11p0
> php-sqlite3-8.1.12
> php-sqlite3-8.1.13
> php-sqlite3-8.1.14

What you see above are the sqlite3 packages from the 7.2
packages-stable/ directory.  When you do the same on a -current you get
much more results and presumably what you expected.

$ pkg_info -Q sqlite3 | wc -l
 20

I assume pkg_info looks only in the stable directory and not in both to
builds a set between updated and not updates packages...

Cheers

Matthias

pkg_info -Q not finding all entries?

[David Demelier]

Hello,

While searching for sqlite3 I've realized that pkg_info -Q sqlite3
finds some php packages but not everything available in the remote
repository:

# cat /etc/installurl 
https://ftp.fr.openbsd.org/pub/OpenBSD/
# pkg_info -Q sqlite3
debug-php-sqlite3-7.4.32p0
debug-php-sqlite3-7.4.33
debug-php-sqlite3-8.0.24p0
debug-php-sqlite3-8.0.25
debug-php-sqlite3-8.0.26
debug-php-sqlite3-8.0.27
debug-php-sqlite3-8.1.11p0
debug-php-sqlite3-8.1.12
debug-php-sqlite3-8.1.13
debug-php-sqlite3-8.1.14
php-sqlite3-7.4.32p0
php-sqlite3-7.4.33
php-sqlite3-8.0.24p0
php-sqlite3-8.0.25
php-sqlite3-8.0.26
php-sqlite3-8.0.27
php-sqlite3-8.1.11p0
php-sqlite3-8.1.12
php-sqlite3-8.1.13
php-sqlite3-8.1.14
#

It also does not list the installed package of the exact name 'sqlite3'
(which is installed).

# pkg_info sqlite3
Information for inst:sqlite3-3.39.3

Comment:
embedded SQL implementation

Required by:
python-3.9.16

Description:
SQLite is a C library that implements an embeddable SQL database
engine.
Programs that link with the SQLite library can have SQL database access
without running a separate RDBMS process. The distribution comes with a
standalone command-line access program (sqlite3) that can be used to
administer an SQLite database and which serves as an example of how to
use the SQLite library.

Maintainer: The OpenBSD ports mailing-list 

WWW: https://www.sqlite.org/


Do I miss something (or misunderstood the -Q option)? This is 7.2 on
amd64.

Regards,

-- 
David

Re: Q: dmesg: dt: 443 probes

[Patrick Wildt]

Am Tue, May 04, 2021 at 03:38:14PM - schrieb Stuart Henderson:
> On 2021-05-04, Why 42? The lists account.  wrote:
> >
> > On Mon, May 03, 2021 at 12:59:27AM +0200, Patrick Wildt wrote:
> >> > ...
> >> > But when I do (as root): "sysctl kern.allowdt=1" it returns this error:
> >> > sysctl: kern.allowdt: Operation not permitted
> >> 
> >> Similarly to kern.allowkmem, you can only set it when the securelevel is
> >> still 'low'.  That's for security.  You need to add kern.allowdt=1 to
> >> sysctl.conf, and then reboot.  Then it'll be enabled after reboot.
> >
> > Thanks Patrick! After the reboot I was able to experiment with btrace.
> >
> > Do you use it, do you have any examples that might help to get started?
> 
> Here's one example:
> https://marc.info/?l=openbsd-bugs=158583371404603=2

That's exactly the one I use.  Though with varying hz (1-60)

Re: Q: dmesg: dt: 443 probes

[Stuart Henderson]

On 2021-05-04, Why 42? The lists account.  wrote:
>
> On Mon, May 03, 2021 at 12:59:27AM +0200, Patrick Wildt wrote:
>> > ...
>> > But when I do (as root): "sysctl kern.allowdt=1" it returns this error:
>> > sysctl: kern.allowdt: Operation not permitted
>> 
>> Similarly to kern.allowkmem, you can only set it when the securelevel is
>> still 'low'.  That's for security.  You need to add kern.allowdt=1 to
>> sysctl.conf, and then reboot.  Then it'll be enabled after reboot.
>
> Thanks Patrick! After the reboot I was able to experiment with btrace.
>
> Do you use it, do you have any examples that might help to get started?

Here's one example:
https://marc.info/?l=openbsd-bugs=158583371404603=2

Re: Q: dmesg: dt: 443 probes

[Why 42? The lists account.]

On Mon, May 03, 2021 at 12:59:27AM +0200, Patrick Wildt wrote:
> > ...
> > But when I do (as root): "sysctl kern.allowdt=1" it returns this error:
> > sysctl: kern.allowdt: Operation not permitted
> 
> Similarly to kern.allowkmem, you can only set it when the securelevel is
> still 'low'.  That's for security.  You need to add kern.allowdt=1 to
> sysctl.conf, and then reboot.  Then it'll be enabled after reboot.

Thanks Patrick! After the reboot I was able to experiment with btrace.

Do you use it, do you have any examples that might help to get started?

Using the bfptrace reference guide:
https://github.com/iovisor/bpftrace/blob/master/docs/reference_guide.md
I was able to get a simple "Hello World" to run, but more than that
seemed to cause me some problems e.g.
> # btrace -e 'BEGIN{ @enq = 0 } tracepoint:sched:enqueue { @enq = @enq + 1; } 
> interval:s:10 { printf("sched_enqueue: %d\n", @enq) ; @enq = 0; }'
> btrace:1:77: syntax error:
> BEGIN{ @enq = 0 } tracepoint:sched:enqueue { @enq = @enq + 1; } interval:s:10 
> { printf("sched_enqueue: %d\n", @enq) ; @enq = 0; }
> ^
Doesn't seem to like the interval syntax?

Or this one which does run but then takes an assertion failure:
> # btrace -e 'BEGIN{ @enq = 0 } tracepoint:sched:enqueue { @enq = 
> lhist(retval, 0, 1000, 100); }'
> assertion "hist->hstep == step" failed: file 
> "/usr/src/usr.sbin/btrace/map.c", line 246, function "hist_increment"
> zsh: abort (core dumped)  btrace -e 

Thanks again in any case!

Cheers,
Robb.

Re: Q: dmesg: dt: 443 probes

[Patrick Wildt]

Am Sun, May 02, 2021 at 11:49:10PM +0200 schrieb Why 42? The lists account.:
> 
> Actually I do notice one thing, having just upgraded to:
> kern.version=OpenBSD 6.9-current (GENERIC.MP) #492: Sat May  1 17:37:28 MDT 
> 2021
> 
> I checked the output from dmesg and I have a new boot time message:
> dt: 443 probes
> 
> man dt tells me that dt is dynamic tracing and that I can enable it by
> setting kern.allowdt.
> 
> But when I do (as root): "sysctl kern.allowdt=1" it returns this error:
> sysctl: kern.allowdt: Operation not permitted

Similarly to kern.allowkmem, you can only set it when the securelevel is
still 'low'.  That's for security.  You need to add kern.allowdt=1 to
sysctl.conf, and then reboot.  Then it'll be enabled after reboot.

> What am I missing?
> 
> Cheers,
> Robb.
> 
> FYI: This is on an Intel NUC:
> bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x7a9a4000 (77 entries)
> bios0: vendor Intel Corp. version "BECFL357.86A.0087.2020.1209.1115" date 
> 12/09/2020
> bios0: Intel(R) Client Systems NUC8i5BEH
> 

Q: dmesg: dt: 443 probes

[Why 42? The lists account.]

Actually I do notice one thing, having just upgraded to:
kern.version=OpenBSD 6.9-current (GENERIC.MP) #492: Sat May  1 17:37:28 MDT 2021

I checked the output from dmesg and I have a new boot time message:
dt: 443 probes

man dt tells me that dt is dynamic tracing and that I can enable it by
setting kern.allowdt.

But when I do (as root): "sysctl kern.allowdt=1" it returns this error:
sysctl: kern.allowdt: Operation not permitted

What am I missing?

Cheers,
Robb.

FYI: This is on an Intel NUC:
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x7a9a4000 (77 entries)
bios0: vendor Intel Corp. version "BECFL357.86A.0087.2020.1209.1115" date 
12/09/2020
bios0: Intel(R) Client Systems NUC8i5BEH

Re: Q: pkg_add fails with: TLS handshake failure: ocsp verify failed: Undefined error ...

[Theo Buehler]

On Fri, Mar 19, 2021 at 04:56:11PM +, Stuart Henderson wrote:
> In gmane.os.openbsd.misc, li...@y42.org wrote:
> >
> > Hi All,
> >
> > What would cause pkg_add -u to report this error?
> >> https://ftp.fau.de/pub/OpenBSD/snapshots/packages/amd64/: TLS handshake 
> >> failure: ocsp verify failed: Undefined error: 0
> >> https://ftp.fau.de/pub/OpenBSD/snapshots/packages/amd64/: empty
> >> Couldn't find updates for ... a long list of (all?) installed packages ...
> >
> > Error 0?
> 
> There is some problem doing OCSP validation. It validates OK with openssl
> 1.0.2u and 1.1.1j but not with libressl. DFN run their own PKI and OCSP
> responder so it might hit some edge case that isn't seen with other
> responders.

I missed a typo in tobhe's diff. This fixes it for me.

Index: x509/x509_purp.c
===
RCS file: /cvs/src/lib/libcrypto/x509/x509_purp.c,v
retrieving revision 1.3
diff -u -p -r1.3 x509_purp.c
--- x509/x509_purp.c13 Mar 2021 23:01:49 -  1.3
+++ x509/x509_purp.c19 Mar 2021 17:21:29 -
@@ -571,7 +571,7 @@ x509v3_cache_extensions(X509 *x)
if (x->skid == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, , NULL);
-   if (x->skid == NULL && i != -1)
+   if (x->akid == NULL && i != -1)
x->ex_flags |= EXFLAG_INVALID;
 
/* Does subject name match issuer? */

Re: Q: pkg_add fails with: TLS handshake failure: ocsp verify failed: Undefined error ...

[Stuart Henderson]

-BEGIN CERTIFICATE-
MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx
KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd
BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl
YyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgxMDAxMTA0MDE0WhcNMzMxMDAxMjM1
OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy
aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50
ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUd
AqSzm1nzHoqvNK38DcLZSBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiC
FoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/FvudocP05l03Sx5iRUKrERLMjfTlH6VJi
1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx9702cu+fjOlbpSD8DT6Iavq
jnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGVWOHAD3bZ
wI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGj
QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/
WSA2AHmgoCJrjNXyYdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhy
NsZt+U2e+iKo4YFWz827n+qrkRk4r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPAC
uvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNfvNoBYimipidx5joifsFvHZVw
IEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR3p1m0IvVVGb6
g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlP
BSeOE6Fuwg==
-END CERTIFICATE-
EOF

Q: pkg_add fails with: TLS handshake failure: ocsp verify failed: Undefined error ...

[Why 42? The lists account.]

Hi All,

What would cause pkg_add -u to report this error?
> https://ftp.fau.de/pub/OpenBSD/snapshots/packages/amd64/: TLS handshake 
> failure: ocsp verify failed: Undefined error: 0
> https://ftp.fau.de/pub/OpenBSD/snapshots/packages/amd64/: empty
> Couldn't find updates for ... a long list of (all?) installed packages ...

Error 0?

That directory, on fau.de, is not empty.

I have just rebooted after running sysupgrade to arrive at:
> OpenBSD mjoelnir.fritz.box 6.9 GENERIC.MP#416 amd64

And as my next step I wanted to then upgrade my installed packages.

Did I miss something?

Cheers,
Robb.

Re: FFS sync/async/softdep mount opts clarifications gap q stable is softdep now?

[Joseph Mayer]

On Sunday, 14 March 2021 16:31, Joseph Mayer  
wrote:
> Hi misc@! (Copying posters to the previous threads on this topic)

Pondering further:


5) "mount -o sync" is practically never useful, isn't it so?:

mount's default synchronicity setting is that data is written
asynchronously.

But, fsync(int fd) "causes all modified data and attributes of fd to be
moved to a permanent storage device" (http://man.openbsd.org/fsync.2),
thereby serving as synchronous checkpoint for a file's writes to disk
up to that moment, isn't it so.

(And if like this doing fsync() at sync points, there is no relevance
in calling sync() (http://man.openbsd.org/sync.2) on top of that,
right.)

Normal Unix software will not expect fwrite():s to hit disk in
sequential order, but instead transactional mechanisms will use
fsync() to ensure pending writes have been flushed to disk.

(The underlying disk's actual propensity to actually flush itself,
would be a separate question altogether and vary between SSD
manufacturers.)


Relative to mount's default setting, "mount -o sync" just enforces some
form of stricter order of writes to disk than the default, and in
practice software will not expect and thus not have value of such an
order.

Therefore, "mount -o sync" is normally not practically relevant neither
on development nor on production machines?


(Note http://man.openbsd.org/sync.2 says the in-kernel process runs
sync() every 30 seconds, good to know.

I presume this means sync() will write any not yet written *data* to
disk where data is in asynchronous mode, while not yet written
metadata will always? sometimes? *NOT* be written where metadata is
in asynchronous mode.)

FFS sync/async/softdep mount opts clarifications gap q stable is softdep now?

[Joseph Mayer]

Hi misc@! (Copying posters to the previous threads on this topic)

I just took the time to go through the ML archive's writeups between
now and 2015, about FFS mount options in respect of synchronicity and
especially softdep.

Here I like to bring up four points to conversation:

 1) OpenBSD's synchronicity for FFS actually consist of two separate
sub-settings: one for metadata and one for data
 2) The -o sync/async/softdep options are a bit unintiutive
 3) Generally don't use "async"
 4) How stable is softdep now?


Here we go:

1) A clarification: OpenBSD's synchronicity for FFS actually consist
of two separate sub-settings:

 (a) Synchronicity of access to metadata (as in directory and file
 structures).

 The options here are synchronous, asynchronous, and soft
 dependencies.

 Synchronous is the default.

 (b) Synchronicity of access to data (as in file contents).

 The options here are synchronous and asynchronous.

 Asynchronous is the default.

This is not at all obvious from the mount(8) man page, however
pondering the question and reading the ML archives carefully, this
is what I see. Maybe this could be added in very brief form to
the man page.


2) The mount options in respect of synchronicity are a bit unintuitive.
Especially what is easy to miss is that the default setting is
NOT reached by any of the three major options which are called "sync",
"async" and "softdep".

What these three actually do is the following:

sync   : Make both metadata and data access synchronous.

 (That means to switch off the asynchronicity of access to
 data.)

async  : Make both metadata and data access asynchronous.

 (That means to switch off the synchronicity of access to
 metadata.)

softdep: Operate metadata according to the logics of the special
 "softdep" mode, and keep data access asynchronous.

So again for clarity, note that neither of these three are the default.

Is there even any "-o" option that causes an immitation of the default?


3) Normally don't ever use async:

In the past I tried to run OpenBSD with "async" and after an unexpected
system crash (power loss etc.) the file system is in shambles and may
need OS reinstallation, reinstallation of programs, such, so I
generally recommend against it.

Writing lots of files as in "tar xvfz ports.tar.gz" is considerably
sped up in async mode however. I presume what "async" does under the
hood is to postpone flushing filesystem metadata writes to disk as long
as it can.

I presume this is why I saw such a tendency to corruption too, that
there even did not seem to be a built-in timer to flush the metadata
to disk. Did I get this right?

Does even fsync(8) cause an async FFS to write its metadata to disk?


A "/tmp" partition can be "async" I guess, presuming that you would
newfs(8) it on every reboot, thereby protecting your boot process
from having fsck fail.


4) How stable is softdep now?

If I got it right, softdep emerged in the time of HDD:s, as a way to
lessen the amount of disk seek operations when creating/modifying
many files and directories.

I understand on an SSD, softdep is performance-positive compared to
default settings though much less noticeably.

Softdep is supposed to be as reliable as synchronous metadata, but
it bulks the IO operations.. leading to less write operations in total,
and this is why it has a performance benefit on SSD:s too?

(2015 performance benefit on SSD report:
https://marc.info/?l=openbsd-misc=142294090200592=2
1.17 seconds on FFS, 0.76 seconds on softdep = 54% speedup.)


Operationally softdep is supposed to be noncontroversial - it has some
RAM overhead, which should be fine on modern machines.

A system with defaults (=sync+asyc) vs "softdep" (=softdep+async) will
behave the equivalently, essentially -

Nick pointed out in an old ML post that in case of power loss, with
softdep, a not-closed file that was being written to will likely be
truncated.

I saw a mentioning of one person in 2015 complain of having lost data
with softdep: https://marc.info/?l=openbsd-misc=142174547612722=2


In the ML archive are some stability concerns though:

There is some mentioning that if you do too many file creations/
deletions, the softdep logics could "fall behind" and... the kernel
would crash - is this real!?

(2015 someone mentioned that slow disk writes can cause the fall behind
error: https://marc.info/?l=openbsd-misc=142193536805243=2 )


Also, if the underlying block device reports a write error to the
softdep logics, then the kernel could panic too - why not just report
to dmesg or such and fail in a more agreeable fashion?? If this is
the failure mode, then softdep is mostly not appropriate for remote
servers, and instead it should be used for laptops/desktops only -
computers where unexpected reboots are manageable.

Has softdep been updated, or is there any sysctl available, for it to
not cause system reboots?

(An example of such a crash from 

Re: Quick Q: proc: table is full ?

[Why 42? The lists account.]

On Tue, Jan 19, 2021 at 05:56:16PM -, Stuart Henderson wrote:
> > What causes "proc: table is full", or better asked, what limit might I be
> > hitting?
> Perhaps kern.maxthread; check kern.nthreads.

Hi Stuart,

Aha. I think you have nailed it:
> mjoelnir:/etc 19.01 21:13:02 # sysctl kern | egrep 'max(proc|thread)'
> kern.maxproc=8192
> kern.maxthread=1950
> mjoelnir:/etc 19.01 21:13:19 # ^max^n
> sysctl kern | egrep 'n(proc|thread)'
> kern.nthreads=1736
> kern.nprocs=283

I see that, way back when, I increased kern.maxproc to 8192 in
/etc/sysctl.conf. But I didn't realise then that I might also need to
increase the maxthread value. I'll change these and see if that helps.
(Bound to!)

I find the message to be a bit misleading though: "proc: table is full"

Clearer might be something like:
"kernel: thread table full: reached limit: kern.maxthread"

Or similar. I.e. the who, the what and the why.

Thanks for the tip!

Cheers,
Robb.

Re: Quick Q: proc: table is full ?

[Stuart Henderson]

On 2021-01-19, Why 42? The lists account.  wrote:
>
> Hi All,
>
> What causes "proc: table is full", or better asked, what limit might I be
> hitting?

Perhaps kern.maxthread; check kern.nthreads.

Quick Q: proc: table is full ?

[Why 42? The lists account.]

Hi All,

What causes "proc: table is full", or better asked, what limit might I be
hitting?

I wrote a quick loop to check how many processes are running i.e.
> while true   
> do
> DATE=`date +'%Y.%m.%d %H:%M:%S'`
> echo -n "${DATE}: "
> ps -AHk | wc -l
> sleep 90
> done
> 2021.01.19 12:59:21: 1821
> 2021.01.19 13:00:51: 1731
> 2021.01.19 13:02:21: 1698
> 2021.01.19 13:03:52: 1696
> ... 
I have yet to see a high of more than ~2000.

Sysctl shows me these proc values:
> kern.maxproc=8192
> kern.nprocs=283

I am the only user on the machine (Xfce Desktop and too many browser
tabs). I am a member of "staff" so I think these limits apply:
> staff:\
> :datasize-cur=8192M:\
> :datasize-max=infinity:\
> :maxproc-cur=7500:\
> :maxproc-max=1:\
> :openfiles-cur=15000:\
> :openfiles-max=2:\
> :ignorenologin:\
> :requirehome@:\
> :tc=default:

Running "limit" in my shell (zsh) shows:
> cputime unlimited
> filesizeunlimited
> datasize8192MB
> stacksize   4MB
> coredumpsizeunlimited
> memoryuse   31608MB
> memorylocked10537MB
> maxproc 7500
> descriptors 15000

Also, a related question ... that message shows up in the output of dmesg
and also gets logged to the messages file, but it isn't reported in my
Xconsole window. In there I see stuff like this:
> Console log for mjoelnir
> drm:pid64450:intel_pipe_update_start *ERROR* [drm] *ERROR* Potential atomic 
> update failure on pipe A
> uvm_mapent_alloc: out of static map entries

But no corresponding proc table full messages. Is it not considered to be
important enough to also go to this console?

Thanks in advance!

Cheers,
Robb.

hostctl -q print no infomation

[Masato Asou]

A am using OpenBSD-current on VMware ESXi.

The hostinfo command print no information with -q option.  Is this a
expected behavior?

$ hostctl guestinfo.ip
172.19.200.100
$ hostctl -q guestinfo.ip
$ 

The following is an extract from man hostctl.

 -q  Don't ask for confirmation of any default options.

--
ASOU Masato

Re: pkg_info -Q bug?

[Antonio Bibiano]

Thanks Stuart,
I tried that package and it indeed does what i needed :)

But I decided to scratch my itch anyway and dug a bit into the
pkg_info code to figure out
what was going on and I found the culprit: is the match_locations function
in the PackageRepositoryList class that all the matches from the first
repository that has some.

I changed that behaviour but that had some side effects so I modified
the PkgInfo class, the patch
follows. Hope this might help for future work on pkg_info.


Cheers,
Antonio


##
Index: usr.sbin/pkg_add/OpenBSD/PkgInfo.pm
===
RCS file: /cvs/src/usr.sbin/pkg_add/OpenBSD/PkgInfo.pm,v
retrieving revision 1.49
diff -u -p -u -p -r1.49 PkgInfo.pm
--- usr.sbin/pkg_add/OpenBSD/PkgInfo.pm7 Oct 2017 13:23:05 -1.49
+++ usr.sbin/pkg_add/OpenBSD/PkgInfo.pm23 Nov 2019 17:45:52 -
@@ -597,15 +597,18 @@ sub parse_and_run
 $state->say("PKG_PATH=#1", $ENV{PKG_PATH} // "")
 if $state->verbose;
 my $partial = OpenBSD::Search::PartialStem->new($state->opt('Q'));
-my $r = $state->repo->match_locations($partial);

-for my $pkg (sort {$a->name cmp $b->name} @$r) {
-my $p = $pkg->name;
-if ($state->hasanyopt('cdfMqs')) {
-$self->print_info($state, $p, $pkg);
-} else {
-$state->say(
-is_installed($p) ? "#1 (installed)" : "#1", $p);
+for my $repo (@{$state->locator->default_path($state)->{l}}) {
+$state->say("Repo: #1:#2", $repo->urlscheme, $repo->baseurl);
+my $r = $repo->match_locations($partial);
+for my $pkg (sort {$a->name cmp $b->name} @$r) {
+my $p = $pkg->name;
+if ($state->hasanyopt('cdfMqs')) {
+$self->print_info($state, $p, $pkg);
+} else {
+$state->say(
+is_installed($p) ? "#1 (installed)" : "#1", $p);
+}
 }
 }
##

On Tue, Nov 19, 2019 at 22:53 Stuart Henderson  wrote:
>
> On 2019-11-19, Marc Espie  wrote:
> > On Tue, Nov 19, 2019 at 12:13:37PM +0200, Dumitru Moldovan wrote:
> >> On Mon, Nov 18, 2019 at 11:15:05AM +0100, Antonio Bibiano wrote:
> >> > Hello,
> >> > I just wanted to add to this thread that I incurred in the same
> >> > issue on a fresh 6.6 installation.
> >> > I also tried with a different mirror in /etc/installurl and receive
> >> > the same partial response from pkg_info -Q.
> >> > What makes it even more odd is that pkg_add finds the correct package.
> >>
> >> Thanks Antonio for double-checking this!  I have also tested it on a
> >> fresh installation at the time and got the same results.
> >>
> >> Maybe the behaviour is undefined if PKG_PATH is not set, which is fine
> >> by me.  But still, it's quite puzzling and against the principle of
> >> least surprise.
> >
> > It's one of those little things that is well known, but that won't change
> > until I have time to look at it, and it's definitely not a high priority
> > problem right now.
> >
> >
>
> As a workaround (but also something that would be more likely to give
> the results wanted than a properly-working pkg_info -Q which doesn't match
> filenames inside the packages), you might like to "pkg_add pkglocatedb"
> and use the "pkglocate" tool that this provides.
>

Re: pkg_info -Q bug?

[Stuart Henderson]

On 2019-11-19, Marc Espie  wrote:
> On Tue, Nov 19, 2019 at 12:13:37PM +0200, Dumitru Moldovan wrote:
>> On Mon, Nov 18, 2019 at 11:15:05AM +0100, Antonio Bibiano wrote:
>> > Hello,
>> > I just wanted to add to this thread that I incurred in the same
>> > issue on a fresh 6.6 installation.
>> > I also tried with a different mirror in /etc/installurl and receive
>> > the same partial response from pkg_info -Q.
>> > What makes it even more odd is that pkg_add finds the correct package.
>> 
>> Thanks Antonio for double-checking this!  I have also tested it on a
>> fresh installation at the time and got the same results.
>> 
>> Maybe the behaviour is undefined if PKG_PATH is not set, which is fine
>> by me.  But still, it's quite puzzling and against the principle of
>> least surprise.
>
> It's one of those little things that is well known, but that won't change
> until I have time to look at it, and it's definitely not a high priority
> problem right now.
>
>

As a workaround (but also something that would be more likely to give
the results wanted than a properly-working pkg_info -Q which doesn't match
filenames inside the packages), you might like to "pkg_add pkglocatedb"
and use the "pkglocate" tool that this provides.

Re: pkg_info -Q bug?

[Marc Espie]

On Tue, Nov 19, 2019 at 12:13:37PM +0200, Dumitru Moldovan wrote:
> On Mon, Nov 18, 2019 at 11:15:05AM +0100, Antonio Bibiano wrote:
> > Hello,
> > I just wanted to add to this thread that I incurred in the same
> > issue on a fresh 6.6 installation.
> > I also tried with a different mirror in /etc/installurl and receive
> > the same partial response from pkg_info -Q.
> > What makes it even more odd is that pkg_add finds the correct package.
> 
> Thanks Antonio for double-checking this!  I have also tested it on a
> fresh installation at the time and got the same results.
> 
> Maybe the behaviour is undefined if PKG_PATH is not set, which is fine
> by me.  But still, it's quite puzzling and against the principle of
> least surprise.

It's one of those little things that is well known, but that won't change
until I have time to look at it, and it's definitely not a high priority
problem right now.

Re: pkg_info -Q bug?

[Dumitru Moldovan]

On Mon, Nov 18, 2019 at 11:15:05AM +0100, Antonio Bibiano wrote:

Hello,
I just wanted to add to this thread that I incurred in the same
issue on a fresh 6.6 installation.
I also tried with a different mirror in /etc/installurl and receive
the same partial response from pkg_info -Q.
What makes it even more odd is that pkg_add finds the correct package.


Thanks Antonio for double-checking this!  I have also tested it on a
fresh installation at the time and got the same results.

Maybe the behaviour is undefined if PKG_PATH is not set, which is fine
by me.  But still, it's quite puzzling and against the principle of
least surprise.

Re: pkg_info -Q bug?

[Antonio Bibiano]

Hello,
I just wanted to add to this thread that I incurred in the same
issue on a fresh 6.6 installation.
I also tried with a different mirror in /etc/installurl and receive
the same partial response from pkg_info -Q.
What makes it even more odd is that pkg_add finds the correct package.


Cheers,
Antonio Bibiano

On Fri, Nov 08, 2019 at 09:34:06PM GMT, Dumitru Moldovan wrote:
>On Fri, Nov 08, 2019 at 08:04:45PM +, Raf Czlonka wrote:
>>On Fri, Nov 08, 2019 at 05:45:23PM GMT, Dumitru Moldovan wrote:
>>>
>>> Hi misc,
>>>
>>> I see pkg_info's man page says:
>>>
>>>-Q query
>>>Show all packages in $PKG_PATH which match the given query.
>>>
>>> Trying in 6.6 to find the Python module "mysqlclient", I get the
>>> following puzzling results:
>>>
>>> $ pkg_info -Q mysql
>>> php-mysqli-7.2.24
>>> php-mysqli-7.3.11
>>> php-pdo_mysql-7.2.24
>>> php-pdo_mysql-7.3.11
>>>
>>> $ pkg_info -Q py-mysql
>>> py-mysql-1.2.5p6
>>> py-mysqlclient-1.4.2p0
>>>
>>> Am I doing something wrong?  Why is "py-mysqlclient" not matched for
>>> the first query?
>>>
>>
>>Hi Dumitru,
>>
>>Not only isn't "py-mysqlclient" matched, but also over 40 other
>>packages with "mysql" string.
>>
>>How does your $PKG_PATH look like?
>
>Thanks for looking into it!
>
>$PKG_PATH is empty here, should have checked it first.  I get the
>expected results with:
>
>PKG_PATH=`cat /etc/installurl`/`uname -r`/packages/`uname -m`/ pkg_info -Q 
>mysql
>
>But now I don't understand why I got any results at all with an empty
>$PKG_PATH...  Maybe I would have read that one line in the man page
>more carefully if there was no result at all to begin with.  :-]
>

Re: pkg_info -Q bug?

[Dumitru Moldovan]

On Fri, Nov 08, 2019 at 08:04:45PM +, Raf Czlonka wrote:

On Fri, Nov 08, 2019 at 05:45:23PM GMT, Dumitru Moldovan wrote:


Hi misc,

I see pkg_info's man page says:

   -Q query
   Show all packages in $PKG_PATH which match the given query.

Trying in 6.6 to find the Python module "mysqlclient", I get the
following puzzling results:

$ pkg_info -Q mysql
php-mysqli-7.2.24
php-mysqli-7.3.11
php-pdo_mysql-7.2.24
php-pdo_mysql-7.3.11

$ pkg_info -Q py-mysql
py-mysql-1.2.5p6
py-mysqlclient-1.4.2p0

Am I doing something wrong?  Why is "py-mysqlclient" not matched for
the first query?



Hi Dumitru,

Not only isn't "py-mysqlclient" matched, but also over 40 other
packages with "mysql" string.

How does your $PKG_PATH look like?


Thanks for looking into it!

$PKG_PATH is empty here, should have checked it first.  I get the
expected results with:

PKG_PATH=`cat /etc/installurl`/`uname -r`/packages/`uname -m`/ pkg_info -Q mysql

But now I don't understand why I got any results at all with an empty
$PKG_PATH...  Maybe I would have read that one line in the man page
more carefully if there was no result at all to begin with.  :-]

Re: pkg_info -Q bug?

[Raf Czlonka]

On Fri, Nov 08, 2019 at 05:45:23PM GMT, Dumitru Moldovan wrote:
> 
> Hi misc,
> 
> I see pkg_info's man page says:
> 
>-Q query
>Show all packages in $PKG_PATH which match the given query.
> 
> Trying in 6.6 to find the Python module "mysqlclient", I get the
> following puzzling results:
> 
> $ pkg_info -Q mysql
> php-mysqli-7.2.24
> php-mysqli-7.3.11
> php-pdo_mysql-7.2.24
> php-pdo_mysql-7.3.11
> 
> $ pkg_info -Q py-mysql
> py-mysql-1.2.5p6
> py-mysqlclient-1.4.2p0
> 
> Am I doing something wrong?  Why is "py-mysqlclient" not matched for
> the first query?
> 

Hi Dumitru,

Not only isn't "py-mysqlclient" matched, but also over 40 other
packages with "mysql" string.

How does your $PKG_PATH look like?

Regards,

Raf

pkg_info -Q bug?

[Dumitru Moldovan]

Hi misc,

I see pkg_info's man page says:

   -Q query
   Show all packages in $PKG_PATH which match the given query.

Trying in 6.6 to find the Python module "mysqlclient", I get the
following puzzling results:

$ pkg_info -Q mysql
php-mysqli-7.2.24
php-mysqli-7.3.11
php-pdo_mysql-7.2.24
php-pdo_mysql-7.3.11

$ pkg_info -Q py-mysql
py-mysql-1.2.5p6
py-mysqlclient-1.4.2p0

Am I doing something wrong?  Why is "py-mysqlclient" not matched for
the first query?

Thanks!

pkg_info -Q multiple queries?

[meunier]

Hello,

Is there a way to do multiple queries at once using pkg_info?
Something like:

pkg_info -Q query1 query2 ...

The best I've found so far is to do something like:

for q in query1 query2 ...; do pkg_info -Q $q; done

which is slow when the list of queries is long (my network bandwidth is not
what I would like it to be...)


Background: I'm running 6.5-release and would like to upgrade to
6.6-release by doing an offline upgrade, downloading the base system and
packages in advance at work to do the upgrade offline later at home (where
my network bandwidth is even worse than at work).  So for packages I would
like to do something like this, in a script (with the hope that package
dependencies have not changed too much between 6.5 and 6.6):

export PKG_PATH=.../6.6/packages/...
pkg_info -z | xargs pkg_info -q -Q | while read p; do wget $PKG_PATH/$p.tgz; 
done

(or even better: pkg_info -z | pkg_info -q -Q | while ...)


Note: I also tried to combine pkg_info with pkg_add:

export PKG_PATH=.../6.6/packages/...
export PKG_CACHE=...
pkg_info -mz > pkglist
pkg_add -n -l pkglist

but:
1) pkg_add only downloads into $PKG_CACHE the packages listed in the
pkglist file, not the dependencies;
2) pkg_add deletes each package it downloads after the download is
finished.

Is there some magic combination of options that I can use with pkg_add to
make it download and keep all the packages listed in the pkglist file, plus
all the required dependencies?

(being able to do: pkg_info -mz | pkg_add -n -l
would be nice too!)

Thanks,

Philippe

Re: boot -s shutdown q.?

[Ingo Schwarze]

Hi Harold,

harold felton wrote on Sat, Jul 06, 2019 at 12:52:12PM +:

> > boot -s
> (only / mounted ro, other filesystems [/usr,..] not-mounted)
> # shutdown now
> shutdown: unveil: No such file or directory
> (original version, and recompiled-default-version same-msg)
> 
> # shutdown.patch now
> shutdown: unveil: Read-only file system

Yes, Bob Beck@ decided that's a bug in the kernel in the implementation
of the unveil(2) syscall, and he is working on a fix.

> i started to try and look thru the code and was trying to
> figure out how/whether i could help further...  i believe
> the correct-answer, as mentioned before, is to just use
> the correct command 'halt'...  (followed by 4-sec pwr-btn)

Yes, that's a workaround for now.
To reboot instead of halt, you can also use reboot(8).

[...]
> as part of this incarnation of this box - i have some oddities
> in my file-system - so recompiling the kernel has been a bit
> of a challenge...

Sure, compiling a kernel may not be convenient on every machine.

> for now, _I_ am no longer worried about the
> problem of using /sbin/shutdown during a 'boot -s' session...

Eventually, it will be fixed anyway, thanks for reporting.

> i will continue using everything as-is since i believe that
> the system is basically running as normally as ever...

Yes, from what you said, i see no indication either that you hosed
your box.  (Obviously, i can't vouch for it being OK either.)

Yours,
  Ingo

Re: boot -s shutdown q.?

[harold felton]

update: re-patch...

> boot -s
(only / mounted ro, other filesystems [/usr,..] not-mounted)
# shutdown now
shutdown: unveil: No such file or directory
(original version, and recompiled-default-version same-msg)

# shutdown.patch now
shutdown: unveil: Read-only file system

i started to try and look thru the code and was trying to
figure out how/whether i could help further...  i believe
the correct-answer, as mentioned before, is to just use
the correct command 'halt'...  (followed by 4-sec pwr-btn)

afaict, the 'die...()' routine is not actually getting run and
even if it did - the syslog() would fail also...

as part of this incarnation of this box - i have some oddities
in my file-system - so recompiling the kernel has been a bit
of a challenge...  for now, _I_ am no longer worried about the
problem of using /sbin/shutdown during a 'boot -s' session...

i will continue using everything as-is since i believe that
the system is basically running as normally as ever...

thank you, again, for all of your help...  :-)
sincerely, harold felton.

On Sat, Jul 6, 2019 at 12:04 AM harold felton 
wrote:

> thanx ingo,
>
> correct - it did not occur to me to mount /usr since my single-user
> skills are minimal, at best...  "halt" should have been my correct response
> (rather than power-button 4-sec) and i will need to go spend a bit more
> time to be able to try your untested-patch...  (ie - i need to do the
> compile)
>
> i WILL test it in a day or two and report back...  thank you for the
> help and explanations...  apologies for being unclear at-the-start...
>
> sincerely, harold felton.
>
> On Sat, Jul 6, 2019 at 2:44 PM Ingo Schwarze  wrote:
>
>> Hi Harold,
>>
>> harold felton wrote on Fri, Jul 05, 2019 at 11:16:01PM +:
>> > On Fri, Jul 05, 2019 at 10:39:55PM +, harold felton wrote:
>>
>> >> boot -s
>>
>> Did you mount(8) /usr between the above and the below?
>>
>> >> # shutdown now
>>
>> > shutdown: unveil: No such file or directory
>>
>> If the answer to the above question is "no", then i suspect from
>> code inspection that the following patch may help (untested).
>>
>> The point of the patch is tolerating unveil(2) failure if /usr/bin/
>> does not exist.  Later, trying to execle(3) _PATH_WALL will of
>> course fail, too, but that's harmless because it merely results in
>> the child dying with a syslog message.
>>
>> All that said, in single user mode, it may be more reliable to
>> use halt(8) directly rather than trying to fire up a bloated
>> monster application suite like shutdown(8).
>>
>> > ps - i would rather reinstall than try to debug
>>
>> If the patch below helps, reinstalling is most likely not needed.
>>
>> Does it help?
>>   Ingo
>>
>> P.S.
>> If some crazy person deletes /etc or /sbin or runs shutdown(8)
>> from a directory that was deleted after changing into it,
>> similar failures look likely - but while that might want fixing,
>> too, and while printing the unveil argument in case of failure
>> might also make sense, the case of _PATH_WALL is probably the
>> most important one because not having /usr mounted wouldn't
>> seem all that unusual.
>>
>>
>> Index: shutdown.c
>> ===
>> RCS file: /cvs/src/sbin/shutdown/shutdown.c,v
>> retrieving revision 1.52
>> diff -u -p -r1.52 shutdown.c
>> --- shutdown.c  3 Aug 2018 17:09:22 -   1.52
>> +++ shutdown.c  6 Jul 2019 14:32:10 -
>> @@ -169,7 +169,7 @@ main(int argc, char *argv[])
>> err(1, "unveil");
>> if (unveil(_PATH_RC, "r") == -1)
>> err(1, "unveil");
>> -   if (unveil(_PATH_WALL, "x") == -1)
>> +   if (unveil(_PATH_WALL, "x") == -1 && errno != ENOENT)
>> err(1, "unveil");
>> if (unveil(_PATH_FASTBOOT, "wc") == -1)
>> err(1, "unveil");
>>
>
>
> --
> harold at hfelton.com
>


-- 
harold at hfelton.com

Re: boot -s shutdown q.?

[harold felton]

thanx ingo,

correct - it did not occur to me to mount /usr since my single-user
skills are minimal, at best...  "halt" should have been my correct response
(rather than power-button 4-sec) and i will need to go spend a bit more
time to be able to try your untested-patch...  (ie - i need to do the
compile)

i WILL test it in a day or two and report back...  thank you for the
help and explanations...  apologies for being unclear at-the-start...

sincerely, harold felton.

On Sat, Jul 6, 2019 at 2:44 PM Ingo Schwarze  wrote:

> Hi Harold,
>
> harold felton wrote on Fri, Jul 05, 2019 at 11:16:01PM +:
> > On Fri, Jul 05, 2019 at 10:39:55PM +, harold felton wrote:
>
> >> boot -s
>
> Did you mount(8) /usr between the above and the below?
>
> >> # shutdown now
>
> > shutdown: unveil: No such file or directory
>
> If the answer to the above question is "no", then i suspect from
> code inspection that the following patch may help (untested).
>
> The point of the patch is tolerating unveil(2) failure if /usr/bin/
> does not exist.  Later, trying to execle(3) _PATH_WALL will of
> course fail, too, but that's harmless because it merely results in
> the child dying with a syslog message.
>
> All that said, in single user mode, it may be more reliable to
> use halt(8) directly rather than trying to fire up a bloated
> monster application suite like shutdown(8).
>
> > ps - i would rather reinstall than try to debug
>
> If the patch below helps, reinstalling is most likely not needed.
>
> Does it help?
>   Ingo
>
> P.S.
> If some crazy person deletes /etc or /sbin or runs shutdown(8)
> from a directory that was deleted after changing into it,
> similar failures look likely - but while that might want fixing,
> too, and while printing the unveil argument in case of failure
> might also make sense, the case of _PATH_WALL is probably the
> most important one because not having /usr mounted wouldn't
> seem all that unusual.
>
>
> Index: shutdown.c
> ===
> RCS file: /cvs/src/sbin/shutdown/shutdown.c,v
> retrieving revision 1.52
> diff -u -p -r1.52 shutdown.c
> --- shutdown.c  3 Aug 2018 17:09:22 -   1.52
> +++ shutdown.c  6 Jul 2019 14:32:10 -
> @@ -169,7 +169,7 @@ main(int argc, char *argv[])
> err(1, "unveil");
> if (unveil(_PATH_RC, "r") == -1)
> err(1, "unveil");
> -   if (unveil(_PATH_WALL, "x") == -1)
> +   if (unveil(_PATH_WALL, "x") == -1 && errno != ENOENT)
> err(1, "unveil");
> if (unveil(_PATH_FASTBOOT, "wc") == -1)
> err(1, "unveil");
>


-- 
harold at hfelton.com

Re: boot -s shutdown q.?

[Ingo Schwarze]

Hi Harold,

harold felton wrote on Fri, Jul 05, 2019 at 11:16:01PM +:
> On Fri, Jul 05, 2019 at 10:39:55PM +, harold felton wrote:

>> boot -s

Did you mount(8) /usr between the above and the below?

>> # shutdown now

> shutdown: unveil: No such file or directory

If the answer to the above question is "no", then i suspect from
code inspection that the following patch may help (untested).

The point of the patch is tolerating unveil(2) failure if /usr/bin/
does not exist.  Later, trying to execle(3) _PATH_WALL will of
course fail, too, but that's harmless because it merely results in
the child dying with a syslog message.

All that said, in single user mode, it may be more reliable to
use halt(8) directly rather than trying to fire up a bloated
monster application suite like shutdown(8).

> ps - i would rather reinstall than try to debug

If the patch below helps, reinstalling is most likely not needed.

Does it help?
  Ingo

P.S.
If some crazy person deletes /etc or /sbin or runs shutdown(8)
from a directory that was deleted after changing into it,
similar failures look likely - but while that might want fixing,
too, and while printing the unveil argument in case of failure
might also make sense, the case of _PATH_WALL is probably the
most important one because not having /usr mounted wouldn't
seem all that unusual.


Index: shutdown.c
===
RCS file: /cvs/src/sbin/shutdown/shutdown.c,v
retrieving revision 1.52
diff -u -p -r1.52 shutdown.c
--- shutdown.c  3 Aug 2018 17:09:22 -   1.52
+++ shutdown.c  6 Jul 2019 14:32:10 -
@@ -169,7 +169,7 @@ main(int argc, char *argv[])
err(1, "unveil");
if (unveil(_PATH_RC, "r") == -1)
err(1, "unveil");
-   if (unveil(_PATH_WALL, "x") == -1)
+   if (unveil(_PATH_WALL, "x") == -1 && errno != ENOENT)
err(1, "unveil");
if (unveil(_PATH_FASTBOOT, "wc") == -1)
err(1, "unveil");

Re: boot -s shutdown q.?

[harold felton]

adding dmesg/hw-sensors...
hth, h.

On Fri, Jul 5, 2019 at 11:16 PM harold felton 
wrote:

> uh - ok, but i had gone into single-user to run/fix some fsck-stuff
> so i had assumed that somehow i mightve borked something...
>
> shutdown: unveil: No such file or directory
>
> is the exact message...
>
> in-case-it-matters i hit RETURN for default sh ... since i was in
> single-user
> mode i wasnt able to run 'locate' and am basically assuming that i should
> just recreate another sdcard (from cd) to start over...  basically, we had
> an
> earthquake here in socal yesterday and power got wonky...   also, i use a
> kvm-switch between that-machine and this-one to write the email, so i
> needed
> to go rerun the command-sequence just now...
>
> should i reboot into full-multi-user and grab a dmesg as well ?  guess
> so...
>
> brb, h.
>
> On Sat, Jul 6, 2019 at 1:45 PM Otto Moerbeek  wrote:
>
>> On Fri, Jul 05, 2019 at 10:39:55PM +, harold felton wrote:
>>
>> > howdee,
>> >
>> > just need a confirmation that there is something wrong
>> > with my system since i dont have a spare running atm...
>> >
>> > > boot -s
>> > # shutdown now
>> >
>> > i get an error message about "unveil" missing ?
>> >
>> > tia, h.
>> >
>> > ps - i would rather reinstall than try to debug but can
>> > provide dmesg if nec.  (running 6.5-syspatch of amd64
>> > from usb-sdcard on bare-metal zotac-id89 machine)
>>
>> Why make life harder than needed for people who might want help you?
>> Give the exact error message.
>>
>> -Otto
>>
>
>
> --
> harold at hfelton.com
>


-- 
harold at hfelton.com
OpenBSD 6.5 (GENERIC.MP) #1: Mon May 27 18:27:59 CEST 2019

r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 9604997120 (9160MB)
avail mem = 9304276992 (8873MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe96e0 (74 entries)
bios0: vendor American Megatrends Inc. version "4.6.5" date 05/22/2014
bios0: ZOTAC ZBOX-ID88/ID89/ID90
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG MSDM HPET SSDT SSDT SSDT BGRT
acpi0: wakeup devices P0P1(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) 
USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) 
PXSX(S4) RP04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-3220T CPU @ 2.80GHz, 2794.08 MHz, 06-3a-09
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i3-3220T CPU @ 2.80GHz, 2793.65 MHz, 06-3a-09
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus 3 (RP02)
acpiprt4 at acpi0: bus 4 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus 5 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus 1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C3(350@80 mwait.1@0x20), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpicpu1 at acpi0: C3(350@80 mwait.1@0x20), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwrres1 at acpi0: FN01, resource for FAN1
acpipwrres2 at acpi0: FN02, resource for FAN2
acpipwrres3 at acpi0: FN03, resource for FAN3
acpipwrres4 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 92 degC
acpitz1 at acpi0: critical temperature is 92 degC
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
acpibtn0 at acpi0: PWRB
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
"PNP0C0B" at acpi0 not 

Re: boot -s shutdown q.?

[harold felton]

uh - ok, but i had gone into single-user to run/fix some fsck-stuff
so i had assumed that somehow i mightve borked something...

shutdown: unveil: No such file or directory

is the exact message...

in-case-it-matters i hit RETURN for default sh ... since i was in
single-user
mode i wasnt able to run 'locate' and am basically assuming that i should
just recreate another sdcard (from cd) to start over...  basically, we had
an
earthquake here in socal yesterday and power got wonky...   also, i use a
kvm-switch between that-machine and this-one to write the email, so i needed
to go rerun the command-sequence just now...

should i reboot into full-multi-user and grab a dmesg as well ?  guess so...

brb, h.

On Sat, Jul 6, 2019 at 1:45 PM Otto Moerbeek  wrote:

> On Fri, Jul 05, 2019 at 10:39:55PM +, harold felton wrote:
>
> > howdee,
> >
> > just need a confirmation that there is something wrong
> > with my system since i dont have a spare running atm...
> >
> > > boot -s
> > # shutdown now
> >
> > i get an error message about "unveil" missing ?
> >
> > tia, h.
> >
> > ps - i would rather reinstall than try to debug but can
> > provide dmesg if nec.  (running 6.5-syspatch of amd64
> > from usb-sdcard on bare-metal zotac-id89 machine)
>
> Why make life harder than needed for people who might want help you?
> Give the exact error message.
>
> -Otto
>


-- 
harold at hfelton.com

Re: boot -s shutdown q.?

[Otto Moerbeek]

On Fri, Jul 05, 2019 at 10:39:55PM +, harold felton wrote:

> howdee,
> 
> just need a confirmation that there is something wrong
> with my system since i dont have a spare running atm...
> 
> > boot -s
> # shutdown now
> 
> i get an error message about "unveil" missing ?
> 
> tia, h.
> 
> ps - i would rather reinstall than try to debug but can
> provide dmesg if nec.  (running 6.5-syspatch of amd64
> from usb-sdcard on bare-metal zotac-id89 machine)

Why make life harder than needed for people who might want help you?
Give the exact error message.

-Otto

boot -s shutdown q.?

[harold felton]

howdee,

just need a confirmation that there is something wrong
with my system since i dont have a spare running atm...

> boot -s
# shutdown now

i get an error message about "unveil" missing ?

tia, h.

ps - i would rather reinstall than try to debug but can
provide dmesg if nec.  (running 6.5-syspatch of amd64
from usb-sdcard on bare-metal zotac-id89 machine)

Re: Q: Systems with Skylake based XEON silver CPUs supported by OpenBSD 6.3 amd64

[John Long]

Hello Peter,

On Wed, 2018-07-18 at 12:40 +, Steiner Peter wrote:
> Hello folks,
> 
> we are currently looking for new server hardware compatible with
> OpenBSD 6.3 amd64.
> I couldn't find a compatibility list for current systems.
> 
> We'd like to use Skylake based XEONs (e.g. Xeon Silver 4108) in
> current dual (or single) socket systems 
> like "Dell PowerR640", "Fujitsu RX2530M4" (maybe "ProLiant DL360
> Gen10" or "Lenovo ThinkSystem SR550")

I just brought up 6.3 on a new Fujitsu Primergy TX1310 M3 which runs
the Xeon E3-1225 v6 Kaby Lake (low-end Xeon) in the last couple of
weeks.

It works fine, the biggest PITA was figuring out what the BIOS is
calling legacy boot, I didn't want to use UEFI.

I did see a failure to load i915 firmware in the dmesg or log, I didn't
follow up on it because I ASSumed it was for the display adapter- which
btw works fine over VGA enough to install and get it minimally set up.
Since then I'm running it headless.

6.3 has been totally stable (no surprise) and what's interesting is
sometimes a terminal running top over SSH looks like the box is dead. I
don't ever remember seeing an OS that idled so well. Only the clock on
tmux changing lets you know the system is alive. Just outstanding.

/jl
 
> 
> 
> Does anybody have hints for me where to look for information about
> hardware compatibility?
> 
> If someone actually runs OpenBSD 6.3 on a current XEON (or even an
> AMD EPIC) please let me know ;-)
> 
> 
> Thanks in advance!
> 
> 
> greetings from Austria
> -Peter
> 
> 
> PS: btw. our current OpenBSD systems have Broadwell-EP Xeon CPUs (for
> example E5-2620v4 in "Lenovo x3550M5" and "Fujitsu PRIMERGY RX2530
> M2") with several Intel 82599 10Gbit NICs, running perfectly with
> OpenBSD 6.3
> 
> PPS: I already got the information that 6.3 boots into kernel panic
> on a "Fujitsu RX2530M4" with Xeon Silver 4110
> 

Q: Systems with Skylake based XEON silver CPUs supported by OpenBSD 6.3 amd64

[Steiner Peter]

Hello folks,

we are currently looking for new server hardware compatible with OpenBSD 6.3 
amd64.
I couldn't find a compatibility list for current systems.

We'd like to use Skylake based XEONs (e.g. Xeon Silver 4108) in current dual 
(or single) socket systems 
like "Dell PowerR640", "Fujitsu RX2530M4" (maybe "ProLiant DL360 Gen10" or 
"Lenovo ThinkSystem SR550")


Does anybody have hints for me where to look for information about hardware 
compatibility?

If someone actually runs OpenBSD 6.3 on a current XEON (or even an AMD EPIC) 
please let me know ;-)


Thanks in advance!


greetings from Austria
-Peter


PS: btw. our current OpenBSD systems have Broadwell-EP Xeon CPUs (for example 
E5-2620v4 in "Lenovo x3550M5" and "Fujitsu PRIMERGY RX2530 M2") with several 
Intel 82599 10Gbit NICs, running perfectly with OpenBSD 6.3

PPS: I already got the information that 6.3 boots into kernel panic on a 
"Fujitsu RX2530M4" with Xeon Silver 4110

Re: =?UTF-8?Q?Re:_=ef=bf=bccloning_to_smaller_hard_disk?

[Tuyosi T]

my way has a weak point that the kernel of the small HDD may become
different from that of the big HDD by of using ' upgrade ' .
( it is good in case of virsion up  6.2->6.3 )

are there  sophistcated methods not chainging kernel ?

i used  'upgrade' process to load the boot loader to small HDD .

-
regards

Re: pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Edgar Pettijohn]

On 04/15/18 14:37, Jeffrey Joshua Rollin wrote:



On 15 April 2018 at 12:03, Juan Francisco Cantero Hurtado 
<i...@juanfra.info <mailto:i...@juanfra.info>> wrote:


On Sun, Apr 15, 2018 at 11:19:50AM +0100, Jeffrey Joshua Rollin wrote:
> No, it works fine with pkg_add, as I have repeatedly said, and a
few months ago I did have a problem where a trailing slash caused
problems with syspatch, which, without any pressure from me, I was
informed would be fixed. The issue may simply be one of
consistency, but looks more likely to be an error in the pkg_info
script.
>
> So, to sum up:
>
> Pkg_add works;
> Syspatch works;
> Cloudflare was up last time I tried it;
    > Despite the above, pkg_info -Q does *not* work.

Try this:

$ su -l root
# echo 'https://fastly.cdn.openbsd.org/pub/OpenBSD/
<https://fastly.cdn.openbsd.org/pub/OpenBSD/>' > /etc/installurl
# unset PKG_PATH
# pkg_info -Q mate

If fastly works, try with cloudflare again. BTW, we don't have a
metapackage for mate.


Whoops, I forgot about this bit. Yes, fastly works, but trying just 
https://cdn.openbsd.org/pub/OpenBSD/ does not; I tried that because it 
was listed on the OpenBSD website FAQ, having forgotten fthat I'd used 
cloudflare before; the same error came up with the address listed on 
the website, as I mentioned previously.
You are missing the `cloudflare' part. Yesterday you had /org instead of 
.org.


edgar:9$ 
PKG_PATH=https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.3/packages/amd64 
pkg_info -Q mate

checkmate-0.21
libmatekbd-1.20.0
libmatemixer-1.20.0
libmateweather-1.20.0
mate-calc-1.20.0
mate-control-center-1.20.0
mate-desktop-1.20.0
mate-icon-theme-1.20.0
mate-media-1.20.0
mate-menus-1.20.0
mate-notification-daemon-1.20.0
mate-panel-1.20.0
mate-power-manager-1.20.0
mate-screensaver-1.20.0
mate-session-manager-1.20.0
mate-settings-daemon-1.20.0
mate-terminal-1.20.0
mate-themes-3.22.15
mate-utils-1.20.0
sslmate-1.5.1p1
tmate-2.2.1p0



For now, I'll just stick to fastly. Thanks.

-- 
Juan Francisco Cantero Hurtado http://juanfra.info

Re: pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Jeffrey Joshua Rollin]

On 15 April 2018 at 12:03, Juan Francisco Cantero Hurtado <i...@juanfra.info>
wrote:

> On Sun, Apr 15, 2018 at 11:19:50AM +0100, Jeffrey Joshua Rollin wrote:
> > No, it works fine with pkg_add, as I have repeatedly said, and a few
> months ago I did have a problem where a trailing slash caused problems with
> syspatch, which, without any pressure from me, I was informed would be
> fixed. The issue may simply be one of consistency, but looks more likely to
> be an error in the pkg_info script.
> >
> > So, to sum up:
> >
> > Pkg_add works;
> > Syspatch works;
> > Cloudflare was up last time I tried it;
> > Despite the above, pkg_info -Q does *not* work.
>
> Try this:
>
> $ su -l root
> # echo 'https://fastly.cdn.openbsd.org/pub/OpenBSD/' > /etc/installurl
> # unset PKG_PATH
> # pkg_info -Q mate
>
> If fastly works, try with cloudflare again. BTW, we don't have a
> metapackage for mate.
>

Whoops, I forgot about this bit. Yes, fastly works, but trying just
https://cdn.openbsd.org/pub/OpenBSD/ does not; I tried that because it was
listed on the OpenBSD website FAQ, having forgotten fthat I'd used
cloudflare before; the same error came up with the address listed on the
website, as I mentioned previously.

For now, I'll just stick to fastly. Thanks.

> --
> Juan Francisco Cantero Hurtado http://juanfra.info
>

Re: pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Jeffrey Joshua Rollin]

Yes, I'd already remembered that myself.

⁣Sent from Blue ​

On 15 Apr 2018, 12:03, at 12:03, Juan Francisco Cantero Hurtado 
<i...@juanfra.info> wrote:
>On Sun, Apr 15, 2018 at 11:19:50AM +0100, Jeffrey Joshua Rollin wrote:
>> No, it works fine with pkg_add, as I have repeatedly said, and a few
>months ago I did have a problem where a trailing slash caused problems
>with syspatch, which, without any pressure from me, I was informed
>would be fixed. The issue may simply be one of consistency, but looks
>more likely to be an error in the pkg_info script.
>>
>> So, to sum up:
>>
>> Pkg_add works;
>> Syspatch works;
>> Cloudflare was up last time I tried it;
>> Despite the above, pkg_info -Q does *not* work.
>
>Try this:
>
>$ su -l root
># echo 'https://fastly.cdn.openbsd.org/pub/OpenBSD/' > /etc/installurl
># unset PKG_PATH
># pkg_info -Q mate
>
>If fastly works, try with cloudflare again. BTW, we don't have a
>metapackage for mate.
>
>>
>> Jeff
>>
>> ⁣Sent from Blue ​
>>
>> On 15 Apr 2018, 03:26, at 03:26, Edgar Pettijohn
><ed...@pettijohn-web.com> wrote:
>> >
>> >
>> >On 04/14/18 19:34, Jeffrey Joshua Rollin wrote:
>> >>
>> >>
>> >> Sent from Blue <http://www.bluemail.me/r?b=12687>
>> >> On 15 Apr 2018, at 00:31, Edgar Pettijohn <ed...@pettijohn-web.com
>> >> <mailto:ed...@pettijohn-web.com>> wrote:
>> >>
>> >>
>> >>     On 04/14/18 15:08, Jeffrey Joshua Rollin wrote:
>> >>
>> >> Hi, I've installed OpenBSD 6.3-release for amd64 on
>> >> virtualbox, and updated it with syspatch as of 20:40 UTC.
>> >> pkg_info -Q seems to be failing. Specifically, I tried $
>> >> pkg_info -Q mate ...and also as root, to remind myself
>what
>> >> the metapackage is [I have a feeling it's just "mate"
>anyway]
>> >> [EDIT: Metapackages? maybe I'm thinking of FreeBSD]; but:
>> >> pkg_info -Q firefox also fails, despite the fact I just
>> >> successfully installed Firefox. The relevant error is as
>> >> follows: Redirected to
>> >>
>>
>>https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
>> >>
>> >>
>> >^^
>> >Your PKG_PATH appears to have a couple of errors.
>> >
>> >https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.3/packages/amd64
>> >
>> >and I can't remember but it may need to end with a `/'
>> >>
>> >> Can't locate object method "syslog" via package
>> >> "OpenBSD::PkgInfo::State" at
>> >> /usr/libdata/perl5/OpenBSD/PackageRepository.pm
>> >> <http://PackageRepository.pm> line 302, <$fh> line 3.
>Thanks,
>> >> Jeff.
>> >>
>> >> edgar:7$ pkg_info -Q mate
>> >> checkmate-0.21
>> >> libmatekbd-1.20.0
>> >> libmatemixer-1.20.0
>> >> libmateweather-1.20.0
>> >> mate-calc-1.20.0
>> >> mate-control-center-1.20.0
>> >> mate-desktop-1.20.0
>> >> mate-icon-theme-1.20.0
>> >> mate-media-1.20.0
>> >> mate-menus-1.20.0
>> >> mate-notification-daemon-1.20.0
>> >> mate-panel-1.20.0
>> >> mate-power-manager-1.20.0
>> >> mate-screensaver-1.20.0
>> >> mate-session-manager-1.20.0
>> >> mate-settings-daemon-1.20.0
>> >> mate-terminal-1.20.0
>> >> mate-themes-3.22.15
>> >> mate-utils-1.20.0
>> >> sslmate-1.5.1p1
>> >> tmate-2.2.1p0
>> >>
>> >> I suspect its because
>> >>
>> >>
>>
>>https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
>> >>
>> >> doesn't exist or is down.
>> >>
>> >> It exists, and is unlikely to be a transient error,
>> >>
>> >> because I tried it several times, and as I said,  was able
>> >>
>> >> to download software even though I couldn't query it.
>> >>
>> >> (I subsequently found a YouTube tutorial which listed
>> >>
>> >> most of the packages in your message.)
>> >>
>> >> I will try again, and/or with a different mirror in
>> >>
>> >> the morning.
>> >>
>> >> Jeff
>> >>
>
>--
>Juan Francisco Cantero Hurtado http://juanfra.info

Re: pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Juan Francisco Cantero Hurtado]

On Sun, Apr 15, 2018 at 11:19:50AM +0100, Jeffrey Joshua Rollin wrote:
> No, it works fine with pkg_add, as I have repeatedly said, and a few months 
> ago I did have a problem where a trailing slash caused problems with 
> syspatch, which, without any pressure from me, I was informed would be fixed. 
> The issue may simply be one of consistency, but looks more likely to be an 
> error in the pkg_info script.
> 
> So, to sum up:
> 
> Pkg_add works;
> Syspatch works;
> Cloudflare was up last time I tried it;
> Despite the above, pkg_info -Q does *not* work.

Try this:

$ su -l root
# echo 'https://fastly.cdn.openbsd.org/pub/OpenBSD/' > /etc/installurl
# unset PKG_PATH
# pkg_info -Q mate

If fastly works, try with cloudflare again. BTW, we don't have a
metapackage for mate.

> 
> Jeff
> 
> ⁣Sent from Blue ​
> 
> On 15 Apr 2018, 03:26, at 03:26, Edgar Pettijohn <ed...@pettijohn-web.com> 
> wrote:
> >
> >
> >On 04/14/18 19:34, Jeffrey Joshua Rollin wrote:
> >>
> >>
> >> Sent from Blue <http://www.bluemail.me/r?b=12687>
> >> On 15 Apr 2018, at 00:31, Edgar Pettijohn <ed...@pettijohn-web.com
> >> <mailto:ed...@pettijohn-web.com>> wrote:
> >>
> >>
> >> On 04/14/18 15:08, Jeffrey Joshua Rollin wrote:
> >>
> >> Hi, I've installed OpenBSD 6.3-release for amd64 on
> >> virtualbox, and updated it with syspatch as of 20:40 UTC.
> >> pkg_info -Q seems to be failing. Specifically, I tried $
> >> pkg_info -Q mate ...and also as root, to remind myself what
> >> the metapackage is [I have a feeling it's just "mate" anyway]
> >> [EDIT: Metapackages? maybe I'm thinking of FreeBSD]; but:
> >> pkg_info -Q firefox also fails, despite the fact I just
> >> successfully installed Firefox. The relevant error is as
> >> follows: Redirected to
> >>   
> >https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
> >>
> >>
> >^^
> >Your PKG_PATH appears to have a couple of errors.
> >
> >https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.3/packages/amd64
> >
> >and I can't remember but it may need to end with a `/'
> >>
> >> Can't locate object method "syslog" via package
> >> "OpenBSD::PkgInfo::State" at
> >> /usr/libdata/perl5/OpenBSD/PackageRepository.pm
> >> <http://PackageRepository.pm> line 302, <$fh> line 3. Thanks,
> >> Jeff.
> >>
> >> edgar:7$ pkg_info -Q mate
> >> checkmate-0.21
> >> libmatekbd-1.20.0
> >> libmatemixer-1.20.0
> >> libmateweather-1.20.0
> >> mate-calc-1.20.0
> >> mate-control-center-1.20.0
> >> mate-desktop-1.20.0
> >> mate-icon-theme-1.20.0
> >> mate-media-1.20.0
> >> mate-menus-1.20.0
> >> mate-notification-daemon-1.20.0
> >> mate-panel-1.20.0
> >> mate-power-manager-1.20.0
> >> mate-screensaver-1.20.0
> >> mate-session-manager-1.20.0
> >> mate-settings-daemon-1.20.0
> >> mate-terminal-1.20.0
> >> mate-themes-3.22.15
> >> mate-utils-1.20.0
> >> sslmate-1.5.1p1
> >> tmate-2.2.1p0
> >>
> >> I suspect its because
> >>
> >>
> >https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
> >>
> >> doesn't exist or is down.
> >>
> >> It exists, and is unlikely to be a transient error,
> >>
> >> because I tried it several times, and as I said,  was able
> >>
> >> to download software even though I couldn't query it.
> >>
> >> (I subsequently found a YouTube tutorial which listed
> >>
> >> most of the packages in your message.)
> >>
> >> I will try again, and/or with a different mirror in
> >>
> >> the morning.
> >>
> >> Jeff
> >>

-- 
Juan Francisco Cantero Hurtado http://juanfra.info

Re: pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Jeffrey Joshua Rollin]

No, it works fine with pkg_add, as I have repeatedly said, and a few months ago 
I did have a problem where a trailing slash caused problems with syspatch, 
which, without any pressure from me, I was informed would be fixed. The issue 
may simply be one of consistency, but looks more likely to be an error in the 
pkg_info script.

So, to sum up:

Pkg_add works;
Syspatch works;
Cloudflare was up last time I tried it;
Despite the above, pkg_info -Q does *not* work.

Jeff

⁣Sent from Blue ​

On 15 Apr 2018, 03:26, at 03:26, Edgar Pettijohn <ed...@pettijohn-web.com> 
wrote:
>
>
>On 04/14/18 19:34, Jeffrey Joshua Rollin wrote:
>>
>>
>> Sent from Blue <http://www.bluemail.me/r?b=12687>
>> On 15 Apr 2018, at 00:31, Edgar Pettijohn <ed...@pettijohn-web.com
>> <mailto:ed...@pettijohn-web.com>> wrote:
>>
>>
>> On 04/14/18 15:08, Jeffrey Joshua Rollin wrote:
>>
>> Hi, I've installed OpenBSD 6.3-release for amd64 on
>> virtualbox, and updated it with syspatch as of 20:40 UTC.
>> pkg_info -Q seems to be failing. Specifically, I tried $
>> pkg_info -Q mate ...and also as root, to remind myself what
>> the metapackage is [I have a feeling it's just "mate" anyway]
>> [EDIT: Metapackages? maybe I'm thinking of FreeBSD]; but:
>> pkg_info -Q firefox also fails, despite the fact I just
>> successfully installed Firefox. The relevant error is as
>> follows: Redirected to
>>   
>https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
>>
>>
>^^
>Your PKG_PATH appears to have a couple of errors.
>
>https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.3/packages/amd64
>
>and I can't remember but it may need to end with a `/'
>>
>> Can't locate object method "syslog" via package
>> "OpenBSD::PkgInfo::State" at
>> /usr/libdata/perl5/OpenBSD/PackageRepository.pm
>> <http://PackageRepository.pm> line 302, <$fh> line 3. Thanks,
>> Jeff.
>>
>> edgar:7$ pkg_info -Q mate
>> checkmate-0.21
>> libmatekbd-1.20.0
>> libmatemixer-1.20.0
>> libmateweather-1.20.0
>> mate-calc-1.20.0
>> mate-control-center-1.20.0
>> mate-desktop-1.20.0
>> mate-icon-theme-1.20.0
>> mate-media-1.20.0
>> mate-menus-1.20.0
>> mate-notification-daemon-1.20.0
>> mate-panel-1.20.0
>> mate-power-manager-1.20.0
>> mate-screensaver-1.20.0
>> mate-session-manager-1.20.0
>> mate-settings-daemon-1.20.0
>> mate-terminal-1.20.0
>> mate-themes-3.22.15
>> mate-utils-1.20.0
>> sslmate-1.5.1p1
>> tmate-2.2.1p0
>>
>> I suspect its because
>>
>>
>https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
>>
>> doesn't exist or is down.
>>
>> It exists, and is unlikely to be a transient error,
>>
>> because I tried it several times, and as I said,  was able
>>
>> to download software even though I couldn't query it.
>>
>> (I subsequently found a YouTube tutorial which listed
>>
>> most of the packages in your message.)
>>
>> I will try again, and/or with a different mirror in
>>
>> the morning.
>>
>> Jeff
>>

Re: pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Edgar Pettijohn]

On 04/14/18 19:34, Jeffrey Joshua Rollin wrote:



Sent from Blue <http://www.bluemail.me/r?b=12687>
On 15 Apr 2018, at 00:31, Edgar Pettijohn <ed...@pettijohn-web.com 
<mailto:ed...@pettijohn-web.com>> wrote:



On 04/14/18 15:08, Jeffrey Joshua Rollin wrote:

Hi, I've installed OpenBSD 6.3-release for amd64 on
virtualbox, and updated it with syspatch as of 20:40 UTC.
    pkg_info -Q seems to be failing. Specifically, I tried $
    pkg_info -Q mate ...and also as root, to remind myself what
the metapackage is [I have a feeling it's just "mate" anyway]
[EDIT: Metapackages? maybe I'm thinking of FreeBSD]; but:
pkg_info -Q firefox also fails, despite the fact I just
successfully installed Firefox. The relevant error is as
follows: Redirected to
https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64



^^
Your PKG_PATH appears to have a couple of errors.

https://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.3/packages/amd64

and I can't remember but it may need to end with a `/'


Can't locate object method "syslog" via package
"OpenBSD::PkgInfo::State" at
/usr/libdata/perl5/OpenBSD/PackageRepository.pm
<http://PackageRepository.pm> line 302, <$fh> line 3. Thanks,
Jeff. 


edgar:7$ pkg_info -Q mate
checkmate-0.21
libmatekbd-1.20.0
libmatemixer-1.20.0
libmateweather-1.20.0
mate-calc-1.20.0
mate-control-center-1.20.0
mate-desktop-1.20.0
mate-icon-theme-1.20.0
mate-media-1.20.0
mate-menus-1.20.0
mate-notification-daemon-1.20.0
mate-panel-1.20.0
mate-power-manager-1.20.0
mate-screensaver-1.20.0
mate-session-manager-1.20.0
mate-settings-daemon-1.20.0
mate-terminal-1.20.0
mate-themes-3.22.15
mate-utils-1.20.0
sslmate-1.5.1p1
tmate-2.2.1p0

I suspect its because

https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64

doesn't exist or is down.

It exists, and is unlikely to be a transient error,

because I tried it several times, and as I said,  was able

to download software even though I couldn't query it.

(I subsequently found a YouTube tutorial which listed

most of the packages in your message.)

I will try again, and/or with a different mirror in

the morning.

Jeff

pkg_info -Q fails [OpenBSD 6.3 amd64/virtualbox]

[Jeffrey Joshua Rollin]

Hi,

I've installed OpenBSD 6.3-release for amd64 on virtualbox, and updated it
with syspatch as of 20:40 UTC. pkg_info -Q seems to be failing.
Specifically, I tried

$ pkg_info -Q mate

...and also as root, to remind myself what the metapackage is [I have a
feeling it's just "mate" anyway] [EDIT: Metapackages? maybe I'm thinking of
FreeBSD]; but:

pkg_info -Q firefox also fails, despite the fact I just successfully
installed Firefox.

The relevant error is as follows:

Redirected to
https://cloudflare.cdn.openbsd/org/pub/OpenBSD/6.3/packages-stable/amd64
Can't locate object method "syslog" via package "OpenBSD::PkgInfo::State"
at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 302, <$fh> line 3.

Thanks,

Jeff.

Re: [Q] Thinkpad x230, softraid crypto and ZZZ

[Joerg Jung]

> On 03 Jul 2016, at 20:30, Mike Larkin  wrote:
>
> On Sun, Jul 03, 2016 at 01:40:39PM -0400, Bryan Everly wrote:
>> Hi,
>>
>> I have suspend to RAM working just fine on this system but when I try to
>> suspend to disk (ZZZ) it just hangs the system (I thought it might just
>> be slow so I let it run for 2 hours and it never completed).  Some data
>> points:
>>
>> 1.  I encrypt my boot drive (sd0) with softraid
>>
>> 2.  My /etc/fstab points to a swap partition outside of the softraid
>> volume and is 2x my RAM size
>>
>
> from your dmesg below:
>> root on sd2a (71b4bf84dbfc9f74.a) swap on sd2b dump on sd2b
>
> That's where we take the swap location from. And that's your sr crypto
> device according to the dmesg. Is this large enough?
>
> Try putting swap inside the sr crypto volume and it should be fine.
> Don't try to use some strange mix of half-crypto and half-not. (why
> someone would go to the effort of encrypting everything *except* swap
> leaves me scratching my head).

If I remember correctly, swap is encrypted by default anyway.

> Note - you have just about the exact same machine as I do, where
> ZZZ was developed. I also have sr crypto in use and 16GB. As a matter of
> fact, the x230 in configs like yours probably received the most testing
> of any machine out there as that's what most developers had during the
> timeframe ZZZ was being shaken out.
>
> Generally, when ZZZing, an x230 with 16GB writes out about 600-800MB
> when doing general purpose stuff like browsing, compiling, etc. Strictly
for
> ZZZ, you don't need 2X RAM size. Just 1X RAM size is "enough" as if we can't
fit
> the hibernated image into a size 1X the size of your RAM, you're hooped
> anyway. This will still take a few minutes as the I/O routines used by
> ZZZ are not optimal, but you should see the disk activity light (faintly,
> as you are using SSDs).
>
> If you still can't get it working, you'll need to do some surgery to
> see what's failing. You'll need to disable X and inteldrm temporarily,
> and remove the call to wsdisplay_suspend around line 2370 in
> sys/dev/acpi/acpi.c to leave the screen on while ZZZing. Then, initiate
> a ZZZ from the text console and see what's going on. Maybe a panic. If you
do
> this test, remember that the suspending and resuming kernels must match
(eg,
> if you ZZZ after booting "/bsd.test", make sure you boot "/bsd.test" again
> after powering back up or it will discard the hibernated image).
>
> -ml
>
>> 3.  I am running apmd with the -A flag
>>
>> 4.  I have 16gb of RAM on the machine
>>
>> Thanks in advance for any help.  Some relevant information below:
>>
>> $ cat /etc/fstab
>>
>> 71b4bf84dbfc9f74.a / ffs rw,softdep,noatime 1 1
>> 71b4bf84dbfc9f74.g /home ffs rw,softdep,noatime,nodev,nosuid 1 2
>> 71b4bf84dbfc9f74.d /tmp ffs rw,softdep,noatime,nodev,nosuid 1 2
>> 71b4bf84dbfc9f74.f /usr ffs rw,softdep,noatime,nodev,wxallowed 1 2
>> 71b4bf84dbfc9f74.e /var ffs rw,softdep,noatime,nodev,nosuid 1 2
>> /dev/sd0b none swap sw 0 0
>>
>> $ doas disklabel -p g sd0
>> # /dev/rsd0c:
>> type: SCSI
>> disk: SCSI disk
>> label: Samsung SSD 850
>> duid: 25c676a513f5cd3d
>> flags:
>> bytes/sector: 512
>> sectors/track: 63
>> tracks/cylinder: 255
>> sectors/cylinder: 16065
>> cylinders: 121601
>> total sectors: 1953525168 # total bytes: 931.5G
>> boundstart: 64
>> boundend: 1953520065
>> drivedata: 0
>>
>> 16 partitions:
>> #size   offset  fstype [fsize bsize  cpg]
>>   a:   899.5G 67119570RAID
>>   b:32.0G   64swap   # none
>>   c:   931.5G0  unused
>>
>> $ doas disklabel -p g sd2
>> # /dev/rsd2c:
>> type: SCSI
>> disk: SCSI disk
>> label: SR CRYPTO
>> duid: 71b4bf84dbfc9f74
>> flags:
>> bytes/sector: 512
>> sectors/track: 63
>> tracks/cylinder: 255
>> sectors/cylinder: 16065
>> cylinders: 117422
>> total sectors: 1886399967 # total bytes: 899.5G
>> boundstart: 64
>> boundend: 1886384430
>> drivedata: 0
>>
>> 16 partitions:
>> #size   offset  fstype [fsize bsize  cpg]
>>   a: 1.0G   64  4.2BSD   2048 163841 # /
>>   c:   899.5G0  unused
>>   d: 4.0G 35904832  4.2BSD   2048 163841 # /tmp
>>   e:35.7G 44293408  4.2BSD   2048 163841 # /var
>>   f:   400.0G119248640  4.2BSD   4096 327681 # /usr
>>   g:   442.6G958100480  4.2BSD   4096 327681 # /home
>>
>> $ cat /etc/rc.conf.local
>> apmd_flags=-A
>> hotplugd_flags=
>> httpd_flags=
>> pkg_scripts=postgresql nagios php56_fpm slim
>> postgresql_flags=-D /var/postgresql/data
>> slowcgi_flags=""
>>
>> $ swapctl -l
>> Device  512-blocks UsedAvail Capacity  Priority
>> /dev/sd0b 671195060 67119506 0%0
>>
>> dmesg attached as dmesg.txt
>> OpenBSD 6.0-beta (GENERIC.MP) #2: Sun Jul  3 10:17:41 EDT 2016
>>

Re: [Q] Thinkpad x230, softraid crypto and ZZZ

[Mike Larkin]

On Sun, Jul 03, 2016 at 01:40:39PM -0400, Bryan Everly wrote:
> Hi,
> 
> I have suspend to RAM working just fine on this system but when I try to 
> suspend to disk (ZZZ) it just hangs the system (I thought it might just 
> be slow so I let it run for 2 hours and it never completed).  Some data 
> points:
> 
> 1.  I encrypt my boot drive (sd0) with softraid
> 
> 2.  My /etc/fstab points to a swap partition outside of the softraid 
> volume and is 2x my RAM size
> 

from your dmesg below:
> root on sd2a (71b4bf84dbfc9f74.a) swap on sd2b dump on sd2b

That's where we take the swap location from. And that's your sr crypto
device according to the dmesg. Is this large enough?

Try putting swap inside the sr crypto volume and it should be fine.
Don't try to use some strange mix of half-crypto and half-not. (why
someone would go to the effort of encrypting everything *except* swap
leaves me scratching my head).

Note - you have just about the exact same machine as I do, where
ZZZ was developed. I also have sr crypto in use and 16GB. As a matter of
fact, the x230 in configs like yours probably received the most testing
of any machine out there as that's what most developers had during the
timeframe ZZZ was being shaken out.

Generally, when ZZZing, an x230 with 16GB writes out about 600-800MB
when doing general purpose stuff like browsing, compiling, etc. Strictly for
ZZZ, you don't need 2X RAM size. Just 1X RAM size is "enough" as if we can't fit
the hibernated image into a size 1X the size of your RAM, you're hooped
anyway. This will still take a few minutes as the I/O routines used by
ZZZ are not optimal, but you should see the disk activity light (faintly, 
as you are using SSDs).

If you still can't get it working, you'll need to do some surgery to
see what's failing. You'll need to disable X and inteldrm temporarily,
and remove the call to wsdisplay_suspend around line 2370 in
sys/dev/acpi/acpi.c to leave the screen on while ZZZing. Then, initiate
a ZZZ from the text console and see what's going on. Maybe a panic. If you do
this test, remember that the suspending and resuming kernels must match (eg,
if you ZZZ after booting "/bsd.test", make sure you boot "/bsd.test" again
after powering back up or it will discard the hibernated image).

-ml

> 3.  I am running apmd with the -A flag
> 
> 4.  I have 16gb of RAM on the machine
> 
> Thanks in advance for any help.  Some relevant information below:
> 
> $ cat /etc/fstab
> 
> 71b4bf84dbfc9f74.a / ffs rw,softdep,noatime 1 1
> 71b4bf84dbfc9f74.g /home ffs rw,softdep,noatime,nodev,nosuid 1 2
> 71b4bf84dbfc9f74.d /tmp ffs rw,softdep,noatime,nodev,nosuid 1 2
> 71b4bf84dbfc9f74.f /usr ffs rw,softdep,noatime,nodev,wxallowed 1 2
> 71b4bf84dbfc9f74.e /var ffs rw,softdep,noatime,nodev,nosuid 1 2
> /dev/sd0b none swap sw 0 0
> 
> $ doas disklabel -p g sd0
> # /dev/rsd0c:
> type: SCSI
> disk: SCSI disk
> label: Samsung SSD 850
> duid: 25c676a513f5cd3d
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 121601
> total sectors: 1953525168 # total bytes: 931.5G
> boundstart: 64
> boundend: 1953520065
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize  cpg]
>a:   899.5G 67119570RAID
>b:32.0G   64swap   # none
>c:   931.5G0  unused
> 
> $ doas disklabel -p g sd2
> # /dev/rsd2c:
> type: SCSI
> disk: SCSI disk
> label: SR CRYPTO
> duid: 71b4bf84dbfc9f74
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 117422
> total sectors: 1886399967 # total bytes: 899.5G
> boundstart: 64
> boundend: 1886384430
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize  cpg]
>a: 1.0G   64  4.2BSD   2048 163841 # /
>c:   899.5G0  unused
>d: 4.0G 35904832  4.2BSD   2048 163841 # /tmp
>e:35.7G 44293408  4.2BSD   2048 163841 # /var
>f:   400.0G119248640  4.2BSD   4096 327681 # /usr
>g:   442.6G958100480  4.2BSD   4096 327681 # /home
> 
> $ cat /etc/rc.conf.local
> apmd_flags=-A
> hotplugd_flags=
> httpd_flags=
> pkg_scripts=postgresql nagios php56_fpm slim
> postgresql_flags=-D /var/postgresql/data
> slowcgi_flags=""
> 
> $ swapctl -l
> Device  512-blocks UsedAvail Capacity  Priority
> /dev/sd0b 671195060 67119506 0%0
> 
> dmesg attached as dmesg.txt
> OpenBSD 6.0-beta (GENERIC.MP) #2: Sun Jul  3 10:17:41 EDT 2016
> bceve...@bcebsd.theeverlys.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 16844517376 (16064MB)
> avail mem = 16329490432 (15573MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (70 entries)
> bios0: vendor 

[Q] Thinkpad x230, softraid crypto and ZZZ

[Bryan Everly]

Hi,

I have suspend to RAM working just fine on this system but when I try to 
suspend to disk (ZZZ) it just hangs the system (I thought it might just 
be slow so I let it run for 2 hours and it never completed).  Some data 
points:

1.  I encrypt my boot drive (sd0) with softraid

2.  My /etc/fstab points to a swap partition outside of the softraid 
volume and is 2x my RAM size

3.  I am running apmd with the -A flag

4.  I have 16gb of RAM on the machine

Thanks in advance for any help.  Some relevant information below:

$ cat /etc/fstab

71b4bf84dbfc9f74.a / ffs rw,softdep,noatime 1 1
71b4bf84dbfc9f74.g /home ffs rw,softdep,noatime,nodev,nosuid 1 2
71b4bf84dbfc9f74.d /tmp ffs rw,softdep,noatime,nodev,nosuid 1 2
71b4bf84dbfc9f74.f /usr ffs rw,softdep,noatime,nodev,wxallowed 1 2
71b4bf84dbfc9f74.e /var ffs rw,softdep,noatime,nodev,nosuid 1 2
/dev/sd0b none swap sw 0 0

$ doas disklabel -p g sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: Samsung SSD 850
duid: 25c676a513f5cd3d
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168 # total bytes: 931.5G
boundstart: 64
boundend: 1953520065
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
   a:   899.5G 67119570RAID
   b:32.0G   64swap   # none
   c:   931.5G0  unused

$ doas disklabel -p g sd2
# /dev/rsd2c:
type: SCSI
disk: SCSI disk
label: SR CRYPTO
duid: 71b4bf84dbfc9f74
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 117422
total sectors: 1886399967 # total bytes: 899.5G
boundstart: 64
boundend: 1886384430
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
   a: 1.0G   64  4.2BSD   2048 163841 # /
   c:   899.5G0  unused
   d: 4.0G 35904832  4.2BSD   2048 163841 # /tmp
   e:35.7G 44293408  4.2BSD   2048 163841 # /var
   f:   400.0G119248640  4.2BSD   4096 327681 # /usr
   g:   442.6G958100480  4.2BSD   4096 327681 # /home

$ cat /etc/rc.conf.local
apmd_flags=-A
hotplugd_flags=
httpd_flags=
pkg_scripts=postgresql nagios php56_fpm slim
postgresql_flags=-D /var/postgresql/data
slowcgi_flags=""

$ swapctl -l
Device  512-blocks UsedAvail Capacity  Priority
/dev/sd0b 671195060 67119506 0%0

dmesg attached as dmesg.txt
OpenBSD 6.0-beta (GENERIC.MP) #2: Sun Jul  3 10:17:41 EDT 2016
bceve...@bcebsd.theeverlys.com:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16844517376 (16064MB)
avail mem = 16329490432 (15573MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (70 entries)
bios0: vendor LENOVO version "G2ET82WW (2.02 )" date 09/11/2012
bios0: LENOVO 2325HP8
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT UEFI DBG2
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.58 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, 

Re: [Q] Building a release, how do I create install60.fs and install60.iso

[Bryan C. Everly]

With help from Theo Buehler, I was able to create the install60.fs and
install60.iso images.

I would like to propose a patch to /usr/src/share/man/man8/release.8
that includes what I learned.  I have attached a CVS diff of the
proposed manpage change.

Should I submit the patch to this list or to another?

Thanks everyone!
Index: release.8
===
RCS file: /cvs/src/share/man/man8/release.8,v
retrieving revision 1.72
diff -u -p -r1.72 release.8
@@ -34,6 +34,8 @@ Build and install xenocara.
 Make and validate the xenocara release.
 .It
 Make the third party packages.
+.It
+Build the installer images.
 .El
 .Pp
 The following sections describe each of the required steps in detail.
@@ -338,6 +340,26 @@ subsystem of contributed applications is
 for installation, either individually or in bulk.
 This is described in
 .Xr ports 7 .
+.Ss 8. Build the installer images
+.Pp
+At this point,
+.Va RELEASEDIR
+contains the
+.Ox
+.Sq tarballs
+necessary to install the system by hand or upgrade an existing system.
+.Pp
+To create the install${VERSION}.fs (bootable flash drive installer) and the
+install${VERSION}.iso (bootable optical media installer):
+.Bd -literal -offset indent
+# export RELDIR=your-releasedir; export RELXDIR=your-xenocara-releasedir
+# cd /usr/src/distrib/${ARCH}/iso && make
+# cd /usr/src/distrib/${ARCH}/iso && make install
+# unset RELDIR RELXDIR
+.Ed
+.Pp
+At this point, you will have the two installer images in your release
+directory.
 .Sh SEE ALSO
 .Xr cvs 1 ,
 .Xr doas 1 ,

Re: [Q] Building a release, how do I create install60.fs and install60.iso

[Bryan C. Everly]

> They are part of release.
> (man release)
>
> The rules are somewhere arch-dependent under distrib, e.g.,
> distrib/macppc/iso

Marc,

Thanks for the reply.  I was following along with man release -
unfortunately my RELEASEDIR doesn't contain those two files.  I'm
guessing that there is some additional make target that I need to
tickle but I haven't found it yet.  I'll keep digging.

Thanks,
Bryan

Re: [Q] Building a release, how do I create install60.fs and install60.iso

[Bryan C. Everly]

Thanks Scott.  I'm backing up the internal drive via time machine
right now.  I have a hacked kernel that is seeing the NVMe drive just
fine.  I'm going to shrink it, create an empty partition and see what
happens when I try to install OpenBSD 6.0-current on it.

Thanks,
Bryan


On Fri, Jun 17, 2016 at 11:30 AM, Scott Bonds  wrote:
> Just wanted to say good luck and I'm rooting for you! I've got a Macbook8,1
> that would be better with OpenBSD running most days instead of OS X.  :)
>
>
> On 06/16, Bryan C. Everly wrote:
>>
>> Sorry if this is an obvious one but I've been all over the FAQ, read the
>> makefiles, etc. and cannot for the life of me figure out how those files
>> get created.  I have everything else (all of the *.tgz files, etc.) just
>> not these two.
>>
>> I'm probably on a fool's errand but I'm trying to get this MacBook 9,1
>> working.  I have figured out that the PCI identifier for the NVMe
>> controller in this one is actually 0x2003 (seems like the older model was
>> 0x2001 according to the mailing lists).
>>
>> If I can get an installer image, I'm going to try risking my internal
>> drive's sanity and see if I can get it partitioned with the NVMe driver as
>> it is today.  I've been looking at the SPI driver code in the Linux kernel
>> and it seems comprehensible...
>>
>> Thanks for any help folks can provide.
>>
>> --
>>
>> Thanks,
>> Bryan

Re: [Q] Building a release, how do I create install60.fs and install60.iso

[Scott Bonds]

Just wanted to say good luck and I'm rooting for you! I've got a 
Macbook8,1 that would be better with OpenBSD running most days instead 
of OS X.  :)


On 06/16, Bryan C. Everly wrote:

Sorry if this is an obvious one but I've been all over the FAQ, read the
makefiles, etc. and cannot for the life of me figure out how those files
get created.  I have everything else (all of the *.tgz files, etc.) just
not these two.

I'm probably on a fool's errand but I'm trying to get this MacBook 9,1
working.  I have figured out that the PCI identifier for the NVMe
controller in this one is actually 0x2003 (seems like the older model was
0x2001 according to the mailing lists).

If I can get an installer image, I'm going to try risking my internal
drive's sanity and see if I can get it partitioned with the NVMe driver as
it is today.  I've been looking at the SPI driver code in the Linux kernel
and it seems comprehensible...

Thanks for any help folks can provide.

--

Thanks,
Bryan

Re: [Q] Building a release, how do I create install60.fs and install60.iso

[Marc Espie]

On Thu, Jun 16, 2016 at 09:39:50PM -0400, Bryan C. Everly wrote:
> Sorry if this is an obvious one but I've been all over the FAQ, read the
> makefiles, etc. and cannot for the life of me figure out how those files
> get created.  I have everything else (all of the *.tgz files, etc.) just
> not these two.
> 
> I'm probably on a fool's errand but I'm trying to get this MacBook 9,1
> working.  I have figured out that the PCI identifier for the NVMe
> controller in this one is actually 0x2003 (seems like the older model was
> 0x2001 according to the mailing lists).
> 
> If I can get an installer image, I'm going to try risking my internal
> drive's sanity and see if I can get it partitioned with the NVMe driver as
> it is today.  I've been looking at the SPI driver code in the Linux kernel
> and it seems comprehensible...

They are part of release.
(man release)

The rules are somewhere arch-dependent under distrib, e.g.,
distrib/macppc/iso

Re: [Q] Building a release, how do I create install60.fs and install60.iso

[Bodie]

On 17.06.2016 03:39, Bryan C. Everly wrote:
Sorry if this is an obvious one but I've been all over the FAQ, read 
the
makefiles, etc. and cannot for the life of me figure out how those 
files
get created.  I have everything else (all of the *.tgz files, etc.) 
just

not these two.


man release

But I suspect you were already there. You can take a look at ISO 
available
from mirrors and check its contents and create that ISO same way with 
your

files



I'm probably on a fool's errand but I'm trying to get this MacBook 
9,1

working.  I have figured out that the PCI identifier for the NVMe
controller in this one is actually 0x2003 (seems like the older model 
was

0x2001 according to the mailing lists).

If I can get an installer image, I'm going to try risking my internal
drive's sanity and see if I can get it partitioned with the NVMe 
driver as
it is today.  I've been looking at the SPI driver code in the Linux 
kernel

and it seems comprehensible...

Thanks for any help folks can provide.


Most easy way is to use snapshot, but because of BETA phase now last 
one is
15 days old so either you can try it if it works else you can try 
something else.
USB flash is simply as HDD so you can eg. make dd of your current to 
flash.
For EFI you can follow 
https://blog.jasper.la/openbsd-uefi-bootloader-howto/
(only "special" part here is -b option for fdisk which is not so 
understandable

in man, rest is easy)

[Q] Building a release, how do I create install60.fs and install60.iso

[Bryan C. Everly]

Sorry if this is an obvious one but I've been all over the FAQ, read the
makefiles, etc. and cannot for the life of me figure out how those files
get created.  I have everything else (all of the *.tgz files, etc.) just
not these two.

I'm probably on a fool's errand but I'm trying to get this MacBook 9,1
working.  I have figured out that the PCI identifier for the NVMe
controller in this one is actually 0x2003 (seems like the older model was
0x2001 according to the mailing lists).

If I can get an installer image, I'm going to try risking my internal
drive's sanity and see if I can get it partitioned with the NVMe driver as
it is today.  I've been looking at the SPI driver code in the Linux kernel
and it seems comprehensible...

Thanks for any help folks can provide.

-- 

Thanks,
Bryan

Can read-only mmap() and fwrite() be combined.. via msync or something? In OpenBSD now. (repetition of Q sorry)

[Tinker]

Hi!

This question was answered as part of another conversation 1-2 years ago 
however I totally forgot and due to its relative complexity I simply 
wish to ask it again as to have it set in stone:



In OpenBSD's current absence of a Unified Buffer Cache, is there any 
trick that I can apply to use a read-only mmap() for quickly reading 
data, but fwrite() to do the writing, and this way get mmap's speed 
benefits for the reading but still not be under any risk of breaking my 
data by unintended writes?



I guess if it would be possible, then it would be done through that I 
would ensure that the reading (via memory access) and writing (fwrite()) 
activities would be *temporally separated*, and between each such block, 
I would need to put some kind of code that would do some kind of 
flush/reset as to force the mmap to get updated with the latest writes.


Possible, if so how?


Thanks!
Tinker

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Patrick Dohman]

Another feature to look for is spin down of the dedicated hot spare.

Go Vikings :)
Patrick

> On Feb 21, 2016, at 7:23 AM, Marcus MERIGHI  wrote:
>
> ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 21:05 (CET):
>> So glad to understand better what's in the box.
>>
>> Also please note that I'm not trying to suggest to implement lots of
>> crap, am perfectly clear that high security is correlated with low
>> complexity.
>>
>> On 2016-02-21 00:29, Marcus MERIGHI wrote:
>>> ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):
>> ..
>>> You appear to mean bioctl(8). Thats the only place I could find the word
>>> 'patrol'. bioctl(8) can control more than softraid(4) devices.
>>>
>>> bio(4):
>>>The following device drivers register with bio for volume
>>>   management:
>>>
>>>  ami(4) American Megatrends Inc. MegaRAID
>>> PATA/SATA/SCSI RAID controller
>>>  arc(4) Areca Technology Corporation SAS/SATA RAID
>>> controller
>>>  cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller
>>>  ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID
>>>   controller
>>>  ips(4) IBM SATA/SCSI ServeRAID controller
>>>  mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller
>>>  mpi(4) LSI Logic Fusion-MPT Message Passing Interface
>>>  mpii(4)LSI Logic Fusion-MPT Message Passing Interface
>>>   II
>>>  softraid(4)Software RAID
>>>
>>> It is talking about controlling a HW raid controller, in that 'patrol'
>>> paragraph, isn't it?
>>
>> So by this you mean that patrolling is really implemented for
>> softraid??
>
> No, I said the opposite.
>
> I'm sure my english language capabilities are not perfect. But what you
> make of it is really surprising! (And even funny in the cabaret way.)
>
> I'll keep trying. But sooner or later we'll have to take this off list.
> Or to newbies. There you get help from the same people but without
> having your misinterpretations in the 'official' archives for other poor
> souls to find ;-)
>
> http://mailman.theapt.org/listinfo/openbsd-newbies
>
>> (Karel and Constantine don't agree??)
>>
>> So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid
>> device, and it'll do the "scrub" as in reading through all underlying
>
> bioctl(8) is clear, I think:
> -t patrol-function
>  Control the RAID card's patrol functionality, if
>  supported. patrol-function may be one of:
>
> Why do you think it will work for softraid(4) when it says it does for
> hardware-RAID?
>
> I have a theory: you have some experience with other Operating Systems
> and their built in help system that have led you to not fully read but
> just search/skim for keywords. Do yourself (and me) a favour and read
> them fully. Top to bottom. Take every word as put there thoughtfully,
> not in a hurry. You can find manpage content discussions all over the
> archives. manpages are taken seriously.
>
> Please repeat: bio(4)/bioctl(8) controls RAID devices. These can be in
> hardware or software. Some functions (-a, -b, -H, -t, -u) are only
> useable/usefull when controlling a hardware RAID. The manpage even gives
> direct clues on whether hardware- or software RAID is the topic. First
> synopsis, second synopsis. 'The options for RAID controllers are as
> follows:' (=hardware) 'In addition to the relevant options listed above,
> the options for softraid(4) devices are as follows:' (=software).
> Did you note the 'relevant' part? That word is there on purpose, I
> suppose. It is there to tell you that not all, but the relevant parts of
> the hardware RAID parameters also apply to software RAID (that comes
> below). I would consider '-v' relevant, '-a' ('Control the RAID card's
> alarm functionality, if supported') not.
>
> (Example: what '-a' does for hardware RAID can be done with sensorsd(8)
> for software RAID (=softraid(4)). Once a softraid volume is configured,
> you get 'hw.sensors.softraid0.drive0=online (sd1), OK'.
> Try 'sysctl hw.sensors.softraid0'.)
>
>> physical media to check its internal integrity so for RAID1C that will be
>> data readability and that checksums are correct, and "doas bioctl
> softraid0"
>> will show me the % status, and if I don't get any errors before it goes
> back
>> to normal it means the patrol was successful right?
>
> No idea, never had a hardware RAID controller.
>
>> (And as usual patrol is implemented to have the lowest priority, so it
>> should not interfere extreemely much with ordinary SSD softraid
operation.)
>
> I think the patrolling is done by the hardware RAID controller.
> bioctl(8) just commands it to do so.
>
 * Rebuild - I think I saw some console dump of the status of a rebuild
 process on the net, so MAYBE or NO..?
>>>
>>> That's what it looks like:
>>>
>>> $ 

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Marcus MERIGHI]

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 21:05 (CET):
> So glad to understand better what's in the box.
>
> Also please note that I'm not trying to suggest to implement lots of
> crap, am perfectly clear that high security is correlated with low
> complexity.
>
> On 2016-02-21 00:29, Marcus MERIGHI wrote:
> >ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):
> ..
> >You appear to mean bioctl(8). Thats the only place I could find the word
> >'patrol'. bioctl(8) can control more than softraid(4) devices.
> >
> >bio(4):
> > The following device drivers register with bio for volume
> >management:
> >
> >   ami(4) American Megatrends Inc. MegaRAID
> >  PATA/SATA/SCSI RAID controller
> >   arc(4) Areca Technology Corporation SAS/SATA RAID
> >  controller
> >   cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller
> >   ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID
> >controller
> >   ips(4) IBM SATA/SCSI ServeRAID controller
> >   mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller
> >   mpi(4) LSI Logic Fusion-MPT Message Passing Interface
> >   mpii(4)LSI Logic Fusion-MPT Message Passing Interface
> >II
> >   softraid(4)Software RAID
> >
> >It is talking about controlling a HW raid controller, in that 'patrol'
> >paragraph, isn't it?
>
> So by this you mean that patrolling is really implemented for
> softraid??

No, I said the opposite.

I'm sure my english language capabilities are not perfect. But what you
make of it is really surprising! (And even funny in the cabaret way.)

I'll keep trying. But sooner or later we'll have to take this off list.
Or to newbies. There you get help from the same people but without
having your misinterpretations in the 'official' archives for other poor
souls to find ;-)

http://mailman.theapt.org/listinfo/openbsd-newbies

> (Karel and Constantine don't agree??)
>
> So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid
> device, and it'll do the "scrub" as in reading through all underlying

bioctl(8) is clear, I think:
 -t patrol-function
  Control the RAID card's patrol functionality, if
  supported. patrol-function may be one of:

Why do you think it will work for softraid(4) when it says it does for
hardware-RAID?

I have a theory: you have some experience with other Operating Systems
and their built in help system that have led you to not fully read but
just search/skim for keywords. Do yourself (and me) a favour and read
them fully. Top to bottom. Take every word as put there thoughtfully,
not in a hurry. You can find manpage content discussions all over the
archives. manpages are taken seriously.

Please repeat: bio(4)/bioctl(8) controls RAID devices. These can be in
hardware or software. Some functions (-a, -b, -H, -t, -u) are only
useable/usefull when controlling a hardware RAID. The manpage even gives
direct clues on whether hardware- or software RAID is the topic. First
synopsis, second synopsis. 'The options for RAID controllers are as
follows:' (=hardware) 'In addition to the relevant options listed above,
the options for softraid(4) devices are as follows:' (=software).
Did you note the 'relevant' part? That word is there on purpose, I
suppose. It is there to tell you that not all, but the relevant parts of
the hardware RAID parameters also apply to software RAID (that comes
below). I would consider '-v' relevant, '-a' ('Control the RAID card's
alarm functionality, if supported') not.

(Example: what '-a' does for hardware RAID can be done with sensorsd(8)
for software RAID (=softraid(4)). Once a softraid volume is configured,
you get 'hw.sensors.softraid0.drive0=online (sd1), OK'.
Try 'sysctl hw.sensors.softraid0'.)

> physical media to check its internal integrity so for RAID1C that will be
> data readability and that checksums are correct, and "doas bioctl
softraid0"
> will show me the % status, and if I don't get any errors before it goes
back
> to normal it means the patrol was successful right?

No idea, never had a hardware RAID controller.

> (And as usual patrol is implemented to have the lowest priority, so it
> should not interfere extreemely much with ordinary SSD softraid operation.)

I think the patrolling is done by the hardware RAID controller.
bioctl(8) just commands it to do so.

> >> * Rebuild - I think I saw some console dump of the status of a rebuild
> >>process on the net, so MAYBE or NO..?
> >
> >That's what it looks like:
> >
> >$ doas bioctl softraid0
> >Volume  Status   Size Device
> >softraid0 0 Rebuild12002360033280 sd6 RAID5 35% done
> >  0 Rebuild 4000786726912 0:0.0   noencl 
> >  1 Online  4000786726912 0:1.0   noencl 
> >  2 Online  

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Constantine A. Murenin]

On 20 February 2016 at 14:29, Tinker  wrote:
[..]
> On 2016-02-21 04:39, Constantine A. Murenin wrote:
[..]
>> When you do http://mdoc.su/o/newfs.8, it does not write to every
>> sector of the underlying partition; thus you cannot expect all sectors
>> to be the same.
>
>
> Ah right, so at least to prepare for a RAID1C rebuild to work, at raid setup
> time before disklabel/newfs, one should initialize by doing "dd if=/dev/zero
> of=thelogicalraiddevice".

This would make the logical view from within softraid_raid1 appear the
same (e.g., an `sd3` regardless of which chunk it is being read from),
but the underlying `sd{0,1,2}a` chunks that would be backing it up
would still be different, because metadata
(http://bxr.su/o/sys/dev/softraidvar.h#sr_metadata).

C.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Tinker]

On 2016-02-21 05:05, Karel Gardas wrote:
The RAID 1 discipline does not initialize the mirror upon 
creation. This is by design because all sectors that are read are 
written first. There is no point in wasting a lot of time syncing 
random data.


I'm afraid the claim "all sectors that are read are written first" is
not generally right. E.g. disklabel 


On 2016-02-21 04:39, Constantine A. Murenin wrote:
..
Wait, I don't see the philosophical problem that you seem to be 
highlighting
here ("sectors are .. written first" and "on top of the filesystem" 
and

"forcing reads to be done from a certain chunk only"), what am I
missing/what is it that I don't understand?


When you do http://mdoc.su/o/newfs.8, it does not write to every
sector of the underlying partition; thus you cannot expect all sectors
to be the same.


Ah right, so at least to prepare for a RAID1C rebuild to work, at raid 
setup time before disklabel/newfs, one should initialize by doing "dd 
if=/dev/zero of=thelogicalraiddevice".



Also, so you mean that "patrol" even if it's in the manual is not 
supported
for RAID1 nor for RAID1C nor for RAID5 or any other raid discipline. 
Looking

forward to see what Marcus says & test myself & read code.


Heh, I didn't even know about this "patrol"; learn something new every 
day!


A BXR.SU for "patrol" has a few MFI(4) hits across the BSDs, and
ultimately reveals the `bioc_patrol` symbol (well, a struct, really,
http://bxr.su/o/sys/dev/biovar.h#bioc_patrol), a search of which
reveals that http://bxr.su/o/sys/dev/ic/mfi.c#mfi_ioctl_patrol is the
only driver reference for this symbol.

So, I don't think you'll be getting any patrol from softraid(4); it
was added very recently by uebayasi@ on 2015-05-29, based on mfiutil
from FreeBSD (http://mdoc.su/f/mfiutil.8), and only for mfi(4).



Aha, so to sum up the findings:

 * Scrub aka patrol is not supported (on the level of softraid) - 
perfectly fine.


 * Hot spares are supported (plug in with "bioctl -H" and plug out with 
"bioctl -O")


 * Rebuild is supported, and I should just figure out how (what do the 
two "bioctl -R" variants do respectively, and can it be done live, and 
does that mean it works like a hot-plug-in).


 * Hotswap is supported if hot-plug-in is supported via "bioctl -R", so 
should clarify that.



So just some minor piece of clarity left now. And also the separate SATA 
controller post.



All in all I think it looks neat.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Karel Gardas]

On Sat, Feb 20, 2016 at 8:44 PM, Constantine A. Murenin
 wrote:
>
> Scrub cannot possibly be supported due to the design of the softraid:
>
> http://mdoc.su/o/softraid.4
>
> The RAID 1 discipline does not initialize the mirror upon creation. This 
> is by design because all sectors that are read are written first. There 
> is no point in wasting a lot of time syncing random data.

I'm afraid the claim "all sectors that are read are written first" is
not generally right. E.g. disklabel 

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Constantine A. Murenin]

On 20 February 2016 at 12:23, Tinker  wrote:
>
> On 2016-02-21 01:29, Karel Gardas wrote:
>>
>> scrub is IIRC not supported by any softraid yet.
>
>
> But there's "patrol"!
>
> "bioctl -t start mysoftraid"

[...]

> On 2016-02-21 02:44, Constantine A. Murenin wrote:
>>
>> On 20 February 2016 at 10:29, Karel Gardas  wrote:
>>>
>>> scrub is IIRC not supported by any softraid yet. Rebuild by all which
>>> support redundancy. Marcus recommendation to read man pages can just
>>> be highlighted here. Otherwise just read the code for ultimate
>>> reference of what is or is not done.
>>
>>
>> Scrub cannot possibly be supported due to the design of the softraid:
>>
>> http://mdoc.su/o/softraid.4
>>
>> The RAID 1 discipline does not initialize the mirror upon creation.
>> This is by design because all sectors that are read are written first. 
>> There
>> is no point in wasting a lot of time syncing random data.
>>
>>
>> IIRC, other raid disciplines are not that much different, either.
>>
>> E.g., a scrub implementation would have to be implemented on top of
>> the filesystem, and would have to be able to temporarily force the
>> reads to be done from a certain chunk only.
>>
>> Long-term, it'll probably be easier to re-do the logic to actually
>> zero-out all the unused sectors, if scrub support is deemed important.
>> Which is why things like ZFS are superior due to having the awareness
>> of the underlying storage blocks.
>
>
> Wait, I don't see the philosophical problem that you seem to be highlighting
> here ("sectors are .. written first" and "on top of the filesystem" and
> "forcing reads to be done from a certain chunk only"), what am I
> missing/what is it that I don't understand?

When you do http://mdoc.su/o/newfs.8, it does not write to every
sector of the underlying partition; thus you cannot expect all sectors
to be the same.

>
>
> Also, so you mean that "patrol" even if it's in the manual is not supported
> for RAID1 nor for RAID1C nor for RAID5 or any other raid discipline. Looking
> forward to see what Marcus says & test myself & read code.

Heh, I didn't even know about this "patrol"; learn something new every day!

A BXR.SU for "patrol" has a few MFI(4) hits across the BSDs, and
ultimately reveals the `bioc_patrol` symbol (well, a struct, really,
http://bxr.su/o/sys/dev/biovar.h#bioc_patrol), a search of which
reveals that http://bxr.su/o/sys/dev/ic/mfi.c#mfi_ioctl_patrol is the
only driver reference for this symbol.

So, I don't think you'll be getting any patrol from softraid(4); it
was added very recently by uebayasi@ on 2015-05-29, based on mfiutil
from FreeBSD (http://mdoc.su/f/mfiutil.8), and only for mfi(4).

C.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Karel Gardas]

On Sat, Feb 20, 2016 at 9:23 PM, Tinker  wrote:
>
> On 2016-02-21 01:29, Karel Gardas wrote:
>>
>> scrub is IIRC not supported by any softraid yet.
>
>
> But there's "patrol"!
>
> "bioctl -t start mysoftraid"

bioctl also supports hardware raid cards besides softraid, so that's
what you are looking on now IMHO.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Tinker]

On 2016-02-21 01:29, Karel Gardas wrote:

scrub is IIRC not supported by any softraid yet.


But there's "patrol"!

"bioctl -t start mysoftraid"


Rebuild by all which support redundancy.


Yey! Clarified by Marcus & looking forward to his clarification


Marcus recommendation to read man pages can just
be highlighted here. Otherwise just read the code for ultimate
reference of what is or is not done.

Yey!


On 2016-02-21 02:44, Constantine A. Murenin wrote:

On 20 February 2016 at 10:29, Karel Gardas  wrote:

scrub is IIRC not supported by any softraid yet. Rebuild by all which
support redundancy. Marcus recommendation to read man pages can just
be highlighted here. Otherwise just read the code for ultimate
reference of what is or is not done.


Scrub cannot possibly be supported due to the design of the softraid:

http://mdoc.su/o/softraid.4

The RAID 1 discipline does not initialize the mirror upon creation. 
This is by design because all sectors that are read are written 
first. There is no point in wasting a lot of time syncing random 
data.


IIRC, other raid disciplines are not that much different, either.

E.g., a scrub implementation would have to be implemented on top of
the filesystem, and would have to be able to temporarily force the
reads to be done from a certain chunk only.

Long-term, it'll probably be easier to re-do the logic to actually
zero-out all the unused sectors, if scrub support is deemed important.
Which is why things like ZFS are superior due to having the awareness
of the underlying storage blocks.


Wait, I don't see the philosophical problem that you seem to be 
highlighting here ("sectors are .. written first" and "on top of the 
filesystem" and "forcing reads to be done from a certain chunk only"), 
what am I missing/what is it that I don't understand?



Also, so you mean that "patrol" even if it's in the manual is not 
supported for RAID1 nor for RAID1C nor for RAID5 or any other raid 
discipline. Looking forward to see what Marcus says & test myself & read 
code.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Tinker]

Marcus,

Holy moly, that is beautiful.

So glad to understand better what's in the box.

Also please note that I'm not trying to suggest to implement lots of 
crap, am perfectly clear that high security is correlated with low 
complexity.



On 2016-02-21 00:29, Marcus MERIGHI wrote:

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):

..
You appear to mean bioctl(8). Thats the only place I could find the 
word

'patrol'. bioctl(8) can control more than softraid(4) devices.

bio(4):
 The following device drivers register with bio for volume
management:

   ami(4) American Megatrends Inc. MegaRAID
  PATA/SATA/SCSI RAID controller
   arc(4) Areca Technology Corporation SAS/SATA RAID
  controller
   cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller
   ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID
controller
   ips(4) IBM SATA/SCSI ServeRAID controller
   mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller
   mpi(4) LSI Logic Fusion-MPT Message Passing 
Interface
   mpii(4)LSI Logic Fusion-MPT Message Passing 
Interface

II
   softraid(4)Software RAID

It is talking about controlling a HW raid controller, in that 'patrol'
paragraph, isn't it?


So by this you mean that patrolling is really implemented for softraid?? 
 (Karel and Constantine don't agree??)


So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid 
device, and it'll do the "scrub" as in reading through all underlying 
physical media to check its internal integrity so for RAID1C that will 
be data readability and that checksums are correct, and "doas bioctl 
softraid0" will show me the % status, and if I don't get any errors 
before it goes back to normal it means the patrol was successful right?


(And as usual patrol is implemented to have the lowest priority, so it 
should not interfere extreemely much with ordinary SSD softraid 
operation.)


 * Rebuild - I think I saw some console dump of the status of a 
rebuild

process on the net, so MAYBE or NO..?


That's what it looks like:

$ doas bioctl softraid0
Volume  Status   Size Device
softraid0 0 Rebuild12002360033280 sd6 RAID5 35% done
  0 Rebuild 4000786726912 0:0.0   noencl 
  1 Online  4000786726912 0:1.0   noencl 
  2 Online  4000786726912 0:2.0   noencl 
  3 Online  4000786726912 0:3.0   noencl 


Yey!!

Wait, can you explain to me what I would write instead of "device" and 
"channel:target[.lun]" in "bioctl -R device" and "bioctl -R 
channel:target[.lun]", AND what effect those would have?


Say that my sd0 and sd1 SSD:s run a RAID1C already, can I then make 
softraid extend my RAID1C with my sd2 SSD by "rebuilding" it, as a way 
to live-copy in all my data to sd2, so this would work as a kind of live 
attach even if expensive?


Does it work for a softraid that's live already?

 * Hotspare - MAYBE, "man softraid" says "Currently there is no 
automated

mechanism to recover from failed disks.", but that is not so specific
wording, and I think I read a hint somewhere that there is hotspare
functionality.


bioctl(8)
 -H channel:target[.lun]
 If the device at channel:target[.lun] is currently marked
 ``Unused'', promote it to being a ``Hot Spare''.

That's the only mention of 'hot spare'. And again talking about
controlling a hardware RAID controller, isn't it?

What is 'not so specific' about 'no' (as in "Currently there is *no*
automated mechanism to recover from failed disks")?


Awesome.

I guess "bioctl softraid0" will list which hotspares there are 
currently, and that "-d" will drop a hotspare.



The fact that there is hotspare functionality, means that there are 
cases when softraid will take a disk out of use.


That will be when that disk reports itself as COMPLETELY out of use ALL 
BY ITSELF, such as self-detaching itself on the level of the SATA 
controller or reporting failure via some SMART command?


A disk just half-breaking with broken sectors and 99% IO slowdown will 
not cause it to go offline though so I guess I should buy enterprise 
drives with IO access time guarantees then.


 * Hotswap - MAYBE, this would depend on if there's rebuild. Only 
disconnect

("bioctl -O" I think; "bioctl -d" is to.. unmount or self-destruct a
softraid?)


bioctl -O should fail the chunk specified, simulating hardware failure.
After this command you have an 'Offline' chunk in the 'bioctl' output.

bioctl -d 'detach', not 'destroy'; just as sdX appears when you 
assamble

  a softraid volume, this makes it go away. better unmount before...


So "-d" is to take down a whole softraid. "-O" could work to take out a 
single physical disk but it's unclean.



So then, there is a very unrefined 

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Constantine A. Murenin]

On 20 February 2016 at 10:29, Karel Gardas  wrote:
> scrub is IIRC not supported by any softraid yet. Rebuild by all which
> support redundancy. Marcus recommendation to read man pages can just
> be highlighted here. Otherwise just read the code for ultimate
> reference of what is or is not done.

Scrub cannot possibly be supported due to the design of the softraid:

http://mdoc.su/o/softraid.4

 The RAID 1 discipline does not initialize the mirror upon creation. This 
 is by design because all sectors that are read are written first. There is 
 no point in wasting a lot of time syncing random data.

IIRC, other raid disciplines are not that much different, either.

E.g., a scrub implementation would have to be implemented on top of
the filesystem, and would have to be able to temporarily force the
reads to be done from a certain chunk only.

Long-term, it'll probably be easier to re-do the logic to actually
zero-out all the unused sectors, if scrub support is deemed important.
Which is why things like ZFS are superior due to having the awareness
of the underlying storage blocks.

C.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Karel Gardas]

scrub is IIRC not supported by any softraid yet. Rebuild by all which
support redundancy. Marcus recommendation to read man pages can just
be highlighted here. Otherwise just read the code for ultimate
reference of what is or is not done.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Marcus MERIGHI]

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):
> On 2016-02-20 22:23, Marcus MERIGHI wrote:
> >ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET):
> >>This email is an attempt to get some knowledge on how softraid works.
> >
> >So many of your questions are answered if you start with bioctl(8)[1],
> >and continue with softraid(4)[2]. Maybe bio(4)[3] helps, too.
> >
> >What's there is usually documented. What's not documented is usually not
> >there. Or was it the other way around? ;-)
> >
> >[1]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bioctl.8
> >[2]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4
> >[3]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bio.4
> >
> >Happy reading, Marcus
> 
> Marcus, I read the docs carefully, and based on them, my best
> understanding is still unclear on all 4 points -
> 
>  * Scrub - MAYBE??? There's some words about "patrol" in the man page that
> could mean it's there.

You appear to mean bioctl(8). Thats the only place I could find the word
'patrol'. bioctl(8) can control more than softraid(4) devices.

bio(4):
 The following device drivers register with bio for volume
management:

   ami(4) American Megatrends Inc. MegaRAID
  PATA/SATA/SCSI RAID controller
   arc(4) Areca Technology Corporation SAS/SATA RAID
  controller
   cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller
   ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID
controller
   ips(4) IBM SATA/SCSI ServeRAID controller
   mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller
   mpi(4) LSI Logic Fusion-MPT Message Passing Interface
   mpii(4)LSI Logic Fusion-MPT Message Passing Interface
II
   softraid(4)Software RAID

It is talking about controlling a HW raid controller, in that 'patrol'
paragraph, isn't it?

>  * Rebuild - I think I saw some console dump of the status of a rebuild
> process on the net, so MAYBE or NO..?

That's what it looks like:

$ doas bioctl softraid0
Volume  Status   Size Device  
softraid0 0 Rebuild12002360033280 sd6 RAID5 35% done 
  0 Rebuild 4000786726912 0:0.0   noencl 
  1 Online  4000786726912 0:1.0   noencl 
  2 Online  4000786726912 0:2.0   noencl 
  3 Online  4000786726912 0:3.0   noencl 

>  * Hotspare - MAYBE, "man softraid" says "Currently there is no automated
> mechanism to recover from failed disks.", but that is not so specific
> wording, and I think I read a hint somewhere that there is hotspare
> functionality.

bioctl(8)
 -H channel:target[.lun]
 If the device at channel:target[.lun] is currently marked
 ``Unused'', promote it to being a ``Hot Spare''.

That's the only mention of 'hot spare'. And again talking about
controlling a hardware RAID controller, isn't it?

What is 'not so specific' about 'no' (as in "Currently there is *no*
automated mechanism to recover from failed disks")?
 
>  * Hotswap - MAYBE, this would depend on if there's rebuild. Only disconnect
> ("bioctl -O" I think; "bioctl -d" is to.. unmount or self-destruct a
> softraid?)

bioctl -O should fail the chunk specified, simulating hardware failure.
After this command you have an 'Offline' chunk in the 'bioctl' output. 

bioctl -d 'detach', not 'destroy'; just as sdX appears when you assamble
  a softraid volume, this makes it go away. better unmount before...

> The man pages are sometimes over-minimalistic with respect to an individual
> user who's trying to learn, this is why I'm asking for your clarification.

I am quite sure the man pages are kept as condensed as they are on
purpose.

You can always read mplayer(1) if you want something lengthy ;-)

> So your clarifications would still be much appreciated.

Nothing authoritative from me!
I am just trying to flatten your learning curve. 

Bye, Marcus

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Tinker]

On 2016-02-20 22:23, Marcus MERIGHI wrote:

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET):

This email is an attempt to get some knowledge on how softraid works.


So many of your questions are answered if you start with bioctl(8)[1],
and continue with softraid(4)[2]. Maybe bio(4)[3] helps, too.

What's there is usually documented. What's not documented is usually 
not

there. Or was it the other way around? ;-)

[1]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bioctl.8
[2]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4
[3]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bio.4

Happy reading, Marcus


Marcus, I read the docs carefully, and based on them, my best 
understanding is still unclear on all 4 points -


 * Scrub - MAYBE??? There's some words about "patrol" in the man page 
that could mean it's there.


 * Rebuild - I think I saw some console dump of the status of a rebuild 
process on the net, so MAYBE or NO..?


 * Hotspare - MAYBE, "man softraid" says "Currently there is no 
automated mechanism to recover from failed disks.", but that is not so 
specific wording, and I think I read a hint somewhere that there is 
hotspare functionality.


 * Hotswap - MAYBE, this would depend on if there's rebuild. Only 
disconnect ("bioctl -O" I think; "bioctl -d" is to.. unmount or 
self-destruct a softraid?)


The man pages are sometimes over-minimalistic with respect to an 
individual user who's trying to learn, this is why I'm asking for your 
clarification.


So your clarifications would still be much appreciated.

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Marcus MERIGHI]

ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 15:29 (CET):
> This email is an attempt to get some knowledge on how softraid works.

So many of your questions are answered if you start with bioctl(8)[1],
and continue with softraid(4)[2]. Maybe bio(4)[3] helps, too. 

What's there is usually documented. What's not documented is usually not
there. Or was it the other way around? ;-)

[1]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/bioctl.8
[2]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/softraid.4
[3]http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man4/bio.4

Happy reading, Marcus

> There's basically zero docs on these topics out here (all docs are
> about how to set it up first & subsequent times in non-failure cases).
>
> If you would be able to respond in "HOWTO form" would be awesome, then
> at least this will be the Ultimate Softraid Reference :D
>
> Q1:
> Can softraid do
> 
>  a) Scrub (as in read all the underlying media and check they're in check,
> e.g. "raid fsck"),
>
>  b) Hotspare (as in have one or more pre-designated physical disks that the
> softraid would switch into use if one of the physical disks in use already
> breaks),
> 
>  c) Hotswap (as in I could unplug one of the physical disks in a raid live,
> and presuming my HBA allows it, the OpenBSD kernel + softraid will be happy
> to plug in and plug out disks live - and I guess perhaps that needs to play
> together with the rebuild then)?
> 
> 
> Q2:
> And, how do you use the rebuild + these three things? Specifically:
> 
>  a) How do I check the status of a rebuild from the console? (E.g. disk
> blablaX rebuilding 12.3% done, get report if the rebuild failed, etc.)
>  b) How do I plug in a physical disk live into my RAID1 softraid?
> 
>  c) How do I plug out a physical disk live from my RAID1 softraid?
> 
>  d) How do I initiate a rebuild on a RAID1 softraid, such as plugging in the
> brand new disk sdX into my RAID1 softraid or sdX was used previously or
> suffered a power outage or whatever - how do I rebuild it?
> 
>  e) How do I get a listing of all my softraids and of all the physical disks
> plugged into them, from the console?
>
>  f) How do I tell softraid to "scrub" i.e. intregrity-check all the physical
> disks running in the softraid, including every sector so actually all of
> their surfaces are read (presuming that the RAID takes up all the disks)?
> 
>  g) How do I tell my RAID1 softraid that if sdX dies, then sdY should be
> plugged in (i.e. hot spare)?
> 
> Also, how do I get a printout of that configuration from the console,
> and how do I remove a hotspare?
> 
>  h) After I plug out a physical disk from my softraid ( c) above), what
> should I generally need to do before unplugging it also physically - just
> wait 60 seconds or do some magic "SATA power off" command or the like?
> (Given an ultra nice SATA or HW RAID controller such as LSI HBA or LSI
> Megaraid.)
> 
>  i) When I plug in a physical disk on my SAS/SATA HBA (be it an LSI HBA or
> LSI HW RAID), will OpenBSD autodetect it and assign a device name for it
> just like it does for USB devices so it's complete hotswap/plug and play?
> 
>  j) When I plug in a softraid that worked before, what kind of trouble could
> happen - if it won't get going at all, should I just reset from backup, or
> is there some kind of "rescue rebuild" I could attempt?
> 
>  k) Do I need to know anything about DUID vs. device name use within the
> softraid?
> 
> 
> Looking forward to your explanation, thanks!! :DD
> Tinker
> 
> 
> !DSPAM:56c879bd171961725512869!

OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

[Tinker]

Hi,

This email is an attempt to get some knowledge on how softraid works. 
There's basically zero docs on these topics out here (all docs are about 
how to set it up first & subsequent times in non-failure cases).


If you would be able to respond in "HOWTO form" would be awesome, then 
at least this will be the Ultimate Softraid Reference :D



Q1:
Can softraid do

 a) Scrub (as in read all the underlying media and check they're in 
check, e.g. "raid fsck"),


 b) Hotspare (as in have one or more pre-designated physical disks that 
the softraid would switch into use if one of the physical disks in use 
already breaks),


 c) Hotswap (as in I could unplug one of the physical disks in a raid 
live, and presuming my HBA allows it, the OpenBSD kernel + softraid will 
be happy to plug in and plug out disks live - and I guess perhaps that 
needs to play together with the rebuild then)?



Q2:
And, how do you use the rebuild + these three things? Specifically:

 a) How do I check the status of a rebuild from the console? (E.g. disk 
blablaX rebuilding 12.3% done, get report if the rebuild failed, etc.)


 b) How do I plug in a physical disk live into my RAID1 softraid?

 c) How do I plug out a physical disk live from my RAID1 softraid?

 d) How do I initiate a rebuild on a RAID1 softraid, such as plugging in 
the brand new disk sdX into my RAID1 softraid or sdX was used previously 
or suffered a power outage or whatever - how do I rebuild it?


 e) How do I get a listing of all my softraids and of all the physical 
disks plugged into them, from the console?


 f) How do I tell softraid to "scrub" i.e. intregrity-check all the 
physical disks running in the softraid, including every sector so 
actually all of their surfaces are read (presuming that the RAID takes 
up all the disks)?


 g) How do I tell my RAID1 softraid that if sdX dies, then sdY should be 
plugged in (i.e. hot spare)?


Also, how do I get a printout of that configuration from the 
console, and how do I remove a hotspare?


 h) After I plug out a physical disk from my softraid ( c) above), what 
should I generally need to do before unplugging it also physically - 
just wait 60 seconds or do some magic "SATA power off" command or the 
like? (Given an ultra nice SATA or HW RAID controller such as LSI HBA or 
LSI Megaraid.)


 i) When I plug in a physical disk on my SAS/SATA HBA (be it an LSI HBA 
or LSI HW RAID), will OpenBSD autodetect it and assign a device name for 
it just like it does for USB devices so it's complete hotswap/plug and 
play?


 j) When I plug in a softraid that worked before, what kind of trouble 
could happen - if it won't get going at all, should I just reset from 
backup, or is there some kind of "rescue rebuild" I could attempt?


 k) Do I need to know anything about DUID vs. device name use within the 
softraid?



Looking forward to your explanation, thanks!! :DD
Tinker

Re: routing q

[Martin Pieuchot]

On 19/10/15(Mon) 13:37, Gregory Edigarov wrote:
> On 10/19/2015 01:24 PM, Stuart Henderson wrote:
> >On 2015-10-19, Gregory Edigarov  wrote:
> >>In order to conserve address space I am trying to confugure 'ip
> >>unnumbred' in cisco terminology, that is have an interface borrow the ip
> >>of a different interface, I am experimenting with vether0 and vlans the
> >>thing is to have one 'main' address on some 'real' interface and then
> >>just add routes pointing to the right interfaces.
> >>
> >># ifconfig vether0 192.168.100.1/24 up
> >># ifconfig vlan2 vlandev vether0 up
> >># ifconfig vlan3 vlandev vether0 up
> >># route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
> >>route: writing to routing socket: Network is unreachable
> >>add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable
> >>
> >>the same result I have if I am trying to configure this on a real
> >>interface connected  to my network:
> >>
> >># ifconfig vlan2 vlandev re0
> >># ifconfig vlan3 vlandev re0
> >># ifconfig re0 alias 192.168.100.1
> >># route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
> >>route: writing to routing socket: Network is unreachable
> >>add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable
> >>
> >># uname -a
> >>OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64
> >>
> >>I thoght OpenBSD supports such thing.
> >>
> >>am I missing something?
> >I don't *think* this is expected to work at the moment unless possibly
> >you specify a destination MAC address with -link.
> >
> >It does work with point-to-point interfaces, e.g. you can have
> >192.0.2.1/28 on em0 and 192.0.2.1/32 on pppoe0 and things will work
> >as expected, but in that case you don't have a problem of picking a
> >particular link-layer address, just "the pppoe0 interface" is enough
> >information for the system to know where to send the packet.
> >
> >The best I've done so far for address conservation on ethernet-like
> >interfaces is to use /31's (which works well).
> >
> Yes, I know /31 would work correctly, but I wanted further space
> conservation.

Does it?

> Is that a correct explanation that this does not work because  our routing
> table still wants a link layer address, errrmmm,  arp table is  included in
> routing table?

I believe it's simpler than that.  You cannot attach a route to an
interface without address, so I'm quite sure it will work if you add
an address to vlan2.

Re: routing q

[Gregory Edigarov]

On 10/19/2015 02:14 PM, Martin Pieuchot wrote:

On 19/10/15(Mon) 13:37, Gregory Edigarov wrote:

On 10/19/2015 01:24 PM, Stuart Henderson wrote:

On 2015-10-19, Gregory Edigarov  wrote:

In order to conserve address space I am trying to confugure 'ip
unnumbred' in cisco terminology, that is have an interface borrow the ip
of a different interface, I am experimenting with vether0 and vlans the
thing is to have one 'main' address on some 'real' interface and then
just add routes pointing to the right interfaces.

# ifconfig vether0 192.168.100.1/24 up
# ifconfig vlan2 vlandev vether0 up
# ifconfig vlan3 vlandev vether0 up
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

the same result I have if I am trying to configure this on a real
interface connected  to my network:

# ifconfig vlan2 vlandev re0
# ifconfig vlan3 vlandev re0
# ifconfig re0 alias 192.168.100.1
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

# uname -a
OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64

I thoght OpenBSD supports such thing.

am I missing something?

I don't *think* this is expected to work at the moment unless possibly
you specify a destination MAC address with -link.

It does work with point-to-point interfaces, e.g. you can have
192.0.2.1/28 on em0 and 192.0.2.1/32 on pppoe0 and things will work
as expected, but in that case you don't have a problem of picking a
particular link-layer address, just "the pppoe0 interface" is enough
information for the system to know where to send the packet.

The best I've done so far for address conservation on ethernet-like
interfaces is to use /31's (which works well).


Yes, I know /31 would work correctly, but I wanted further space
conservation.

Does it?


Is that a correct explanation that this does not work because  our routing
table still wants a link layer address, errrmmm,  arp table is  included in
routing table?

I believe it's simpler than that.  You cannot attach a route to an
interface without address, so I'm quite sure it will work if you add
an address to vlan2.
yes, adding a route works now.  thanks, Martin. will test some further 
later.

routing q

[Gregory Edigarov]

Hello,

In order to conserve address space I am trying to confugure 'ip 
unnumbred' in cisco terminology, that is have an interface borrow the ip 
of a different interface, I am experimenting with vether0 and vlans the 
thing is to have one 'main' address on some 'real' interface and then 
just add routes pointing to the right interfaces.


# ifconfig vether0 192.168.100.1/24 up
# ifconfig vlan2 vlandev vether0 up
# ifconfig vlan3 vlandev vether0 up
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

the same result I have if I am trying to configure this on a real 
interface connected  to my network:


# ifconfig vlan2 vlandev re0
# ifconfig vlan3 vlandev re0
# ifconfig re0 alias 192.168.100.1
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

# uname -a
OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64

I thoght OpenBSD supports such thing.

am I missing something?

--
With best regards,
Gregory Edigarov

Re: routing q

[Stuart Henderson]

On 2015-10-19, Gregory Edigarov  wrote:
> In order to conserve address space I am trying to confugure 'ip 
> unnumbred' in cisco terminology, that is have an interface borrow the ip 
> of a different interface, I am experimenting with vether0 and vlans the 
> thing is to have one 'main' address on some 'real' interface and then 
> just add routes pointing to the right interfaces.
>
> # ifconfig vether0 192.168.100.1/24 up
> # ifconfig vlan2 vlandev vether0 up
> # ifconfig vlan3 vlandev vether0 up
> # route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
> route: writing to routing socket: Network is unreachable
> add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable
>
> the same result I have if I am trying to configure this on a real 
> interface connected  to my network:
>
> # ifconfig vlan2 vlandev re0
> # ifconfig vlan3 vlandev re0
> # ifconfig re0 alias 192.168.100.1
> # route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
> route: writing to routing socket: Network is unreachable
> add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable
>
> # uname -a
> OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64
>
> I thoght OpenBSD supports such thing.
>
> am I missing something?

I don't *think* this is expected to work at the moment unless possibly
you specify a destination MAC address with -link.

It does work with point-to-point interfaces, e.g. you can have
192.0.2.1/28 on em0 and 192.0.2.1/32 on pppoe0 and things will work
as expected, but in that case you don't have a problem of picking a
particular link-layer address, just "the pppoe0 interface" is enough
information for the system to know where to send the packet.

The best I've done so far for address conservation on ethernet-like
interfaces is to use /31's (which works well).

Re: routing q

[Gregory Edigarov]

On 10/19/2015 01:24 PM, Stuart Henderson wrote:

On 2015-10-19, Gregory Edigarov  wrote:

In order to conserve address space I am trying to confugure 'ip
unnumbred' in cisco terminology, that is have an interface borrow the ip
of a different interface, I am experimenting with vether0 and vlans the
thing is to have one 'main' address on some 'real' interface and then
just add routes pointing to the right interfaces.

# ifconfig vether0 192.168.100.1/24 up
# ifconfig vlan2 vlandev vether0 up
# ifconfig vlan3 vlandev vether0 up
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

the same result I have if I am trying to configure this on a real
interface connected  to my network:

# ifconfig vlan2 vlandev re0
# ifconfig vlan3 vlandev re0
# ifconfig re0 alias 192.168.100.1
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

# uname -a
OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64

I thoght OpenBSD supports such thing.

am I missing something?

I don't *think* this is expected to work at the moment unless possibly
you specify a destination MAC address with -link.

It does work with point-to-point interfaces, e.g. you can have
192.0.2.1/28 on em0 and 192.0.2.1/32 on pppoe0 and things will work
as expected, but in that case you don't have a problem of picking a
particular link-layer address, just "the pppoe0 interface" is enough
information for the system to know where to send the packet.

The best I've done so far for address conservation on ethernet-like
interfaces is to use /31's (which works well).

Yes, I know /31 would work correctly, but I wanted further space 
conservation.
Is that a correct explanation that this does not work because  our 
routing table still wants a link layer address, errrmmm,  arp table is  
included in routing table?

Re: Fwd: Re: Q: Assistance with pf.conf rules

[Stuart Henderson]

On 2015-06-24, John Nyhuis jnyh...@uw.edu wrote:
 bond0 is a virtual interface that consists of two LACP bonded NICs.

This doesn't sound like OpenBSD...

Re: Fwd: Re: Q: Assistance with pf.conf rules

[Edgar Pettijohn]

On 06/24/15 18:41, John Nyhuis wrote:

Thanks for the advice...
I think I have discovered the problem...

bond0 is a virtual interface that consists of two LACP bonded NICs.
All rules targeting the bond0 interface are ignored by pf, (I have no 
idea why), and only rules targeting the physical NICs that are members 
of bond0 get applied...

...so


What does /etc/hostname.bond0 contain?


man_if=bond0 #our Management vNIC is bond0 (bond bnx0, bnx1)
pass quick on $man_if all keep state
...fails without error and is not listed with a pfctl -vf /etc/pf.conf

pass quick on { bnx0, bnx1 } all keep state
...actually loads rules, as seen by pfctl -vf /etc/pf.conf

Any idea why this is the case?  Is this a bug in pf?  I can't think of 
a reason why this strangeness would be by design...
I think I can just work around this by creating a table and changing 
my rule:


table fw { bnx0, bnx1 }
pass quick on fw all keep state

ideas or comments?  Anyone have a better way?

Thanks,
John Nyhuis
IT Manager, Stam Lab
2211 Elliott Avenue
6th Floor, 6S139
Seattle, WA 98121
O: (206)-267-1097 ext 220
F: (206)-441-3033


 Forwarded Message 
Subject: Re: Q: Assistance with pf.conf rules
Date: Mon, 22 Jun 2015 18:42:25 -0500
From: Edgar Pettijohn ed...@pettijohn-web.com
To: John Nyhuis jnyh...@uw.edu

I am by no means an expert, but using

# pfctl -vf /etc/pf.conf

will show you how the rules are loaded and may help you spot the error.
I know it has helped me before.


On 06/18/15 19:33, John Nyhuis wrote:

I am building and OpenBSD 5.7 +pf +pfsync +stp bridging firewall.
It's 90% working great, but I have a mistake in my pf.conf, and I've
been staring at it for days, and have not spotted my error.
Would anyone be willing to review my rules and point out my mistake?

---ix0  -  ix1 --
|  world  |-| pf bridge |--| switch |
--- -  --
   \/
\  /
$man_if
ix0 connects from the WAN and is filtered and bridged to ix1, which is
connected to the LAN switch
bond0 = $man_if (bnx0 + bnx1) is connected from the management
interface on the bridge to the switch


My problem:  ssh connections from the world to the management
interface of the bridge are being blocked.  ssh connections from the
world to the switch are not, implying that my mistake is in my
management interface rule block.

cat /etc/pf.conf

##JN general rules that apply to all interfaces and this specific server
set skip on lo  #ignore local interface
man_if=bond0  #our Management vNIC is bond0 (bond: bnx0, bnx1)
br=ix0# This is a bridge, so only filter on one
bridge interface
int_if=ix1#internal interface of bridge

#set block-policy drop   #drop packets rather then send
rejections.
set block-policy return #means we refuse packets, sending back a
response
match in all scrub (no-df)  #means we reassemble all incoming
packets to fix any overflows, etc.
block in log on $br all #Default deny all in, exceptions must
be listed below
pass out on $br all #We trust ourselves, don't block 
outgoing

pass in quick on $int_if all#don't filter on internal interface,
only external
pass out quick on $int_if all   #don't filter on internal interface,
only external
pass quick on pfsync0 proto pfsync keep state   #Allow pfsync to sync
firewall states

#ICMP: allow ping from any network -JN
pass in on $br inet proto icmp from any icmp-type echoreq

#SSH: ssh ports protected from brute force by fail2ban, allow ssh into
DMZ by default
pass in on any proto tcp from any to any port 22 keep state
pass out on any proto tcp from any to any port 22 keep state

##JN Rules for Firewalls
table fw { 140.142.217.141, 140.142.217.140 }  #JN Lister and Rimmer
pass out quick on $man_if all keep state#We trust ourselves
##SSH: allow in from world, should be redundant, but SSH is being
blocked -JN
pass in on $man_if proto tcp from any to fw port 22 keep state
##Block brute force attacks
table bruteforce persist
block quick log from bruteforce
pass log on $man_if inet proto tcp from any to any port ssh flags S/SA
keep state (max-src-conn 100, \
max-src-conn-rate 15/5, overload bruteforce flush global)


##JN Rules for Switch 140.142.217.135, the DMZ switch
table sw135 { 140.142.217.135 }
#pass out on $br proto { tcp, udp, icmp } from sw135  to any keep 
state

##SSH: allow in from world, already allowed by default -JN
#pass  in  on $br proto tcp from any to sw135 port 22 keep state


##Hacker IP Addresses [LEAVE THIS RULE LAST]
table bad { 202.131.227.252, 220.231.54.232, 200.118.119.48 }
#addresses of known hackers
block drop in log quick on $br from bad to any


If anyone could point out why I can ssh into the LAN, but get blocked
by sshing to the management interface of the firewall, you have my
gratitude.

Fwd: Re: Q: Assistance with pf.conf rules

[John Nyhuis]

Thanks for the advice...
I think I have discovered the problem...

bond0 is a virtual interface that consists of two LACP bonded NICs.
All rules targeting the bond0 interface are ignored by pf, (I have no idea why), and only rules targeting the physical NICs that are members of 
bond0 get applied...

...so

man_if=bond0 #our Management vNIC is bond0 (bond bnx0, bnx1)
pass quick on $man_if all keep state
...fails without error and is not listed with a pfctl -vf /etc/pf.conf

pass quick on { bnx0, bnx1 } all keep state
...actually loads rules, as seen by pfctl -vf /etc/pf.conf

Any idea why this is the case?  Is this a bug in pf?  I can't think of a reason 
why this strangeness would be by design...
I think I can just work around this by creating a table and changing my rule:

table fw { bnx0, bnx1 }
pass quick on fw all keep state

ideas or comments?  Anyone have a better way?

Thanks,
John Nyhuis
IT Manager, Stam Lab
2211 Elliott Avenue
6th Floor, 6S139
Seattle, WA 98121
O: (206)-267-1097 ext 220
F: (206)-441-3033


 Forwarded Message 
Subject: Re: Q: Assistance with pf.conf rules
Date: Mon, 22 Jun 2015 18:42:25 -0500
From: Edgar Pettijohn ed...@pettijohn-web.com
To: John Nyhuis jnyh...@uw.edu

I am by no means an expert, but using

# pfctl -vf /etc/pf.conf

will show you how the rules are loaded and may help you spot the error.
I know it has helped me before.


On 06/18/15 19:33, John Nyhuis wrote:

I am building and OpenBSD 5.7 +pf +pfsync +stp bridging firewall.
It's 90% working great, but I have a mistake in my pf.conf, and I've
been staring at it for days, and have not spotted my error.
Would anyone be willing to review my rules and point out my mistake?

---ix0  -  ix1 --
|  world  |-| pf bridge |--| switch |
--- -  --
   \/
\  /
$man_if
ix0 connects from the WAN and is filtered and bridged to ix1, which is
connected to the LAN switch
bond0 = $man_if (bnx0 + bnx1) is connected from the management
interface on the bridge to the switch


My problem:  ssh connections from the world to the management
interface of the bridge are being blocked.  ssh connections from the
world to the switch are not, implying that my mistake is in my
management interface rule block.

cat /etc/pf.conf

##JN general rules that apply to all interfaces and this specific server
set skip on lo  #ignore local interface
man_if=bond0  #our Management vNIC is bond0 (bond: bnx0, bnx1)
br=ix0# This is a bridge, so only filter on one
bridge interface
int_if=ix1#internal interface of bridge

#set block-policy drop   #drop packets rather then send
rejections.
set block-policy return #means we refuse packets, sending back a
response
match in all scrub (no-df)  #means we reassemble all incoming
packets to fix any overflows, etc.
block in log on $br all #Default deny all in, exceptions must
be listed below
pass out on $br all #We trust ourselves, don't block outgoing
pass in quick on $int_if all#don't filter on internal interface,
only external
pass out quick on $int_if all   #don't filter on internal interface,
only external
pass quick on pfsync0 proto pfsync keep state   #Allow pfsync to sync
firewall states

#ICMP: allow ping from any network -JN
pass in on $br inet proto icmp from any icmp-type echoreq

#SSH: ssh ports protected from brute force by fail2ban, allow ssh into
DMZ by default
pass in on any proto tcp from any to any port 22 keep state
pass out on any proto tcp from any to any port 22 keep state

##JN Rules for Firewalls
table fw { 140.142.217.141, 140.142.217.140 }  #JN Lister and Rimmer
pass out quick on $man_if all keep state#We trust ourselves
##SSH: allow in from world, should be redundant, but SSH is being
blocked -JN
pass in on $man_if proto tcp from any to fw port 22 keep state
##Block brute force attacks
table bruteforce persist
block quick log from bruteforce
pass log on $man_if inet proto tcp from any to any port ssh flags S/SA
keep state (max-src-conn 100, \
max-src-conn-rate 15/5, overload bruteforce flush global)


##JN Rules for Switch 140.142.217.135, the DMZ switch
table sw135 { 140.142.217.135 }
#pass out on $br proto { tcp, udp, icmp } from sw135  to any keep state
##SSH: allow in from world, already allowed by default -JN
#pass  in  on $br proto tcp from any to sw135 port 22 keep state


##Hacker IP Addresses [LEAVE THIS RULE LAST]
table bad { 202.131.227.252, 220.231.54.232, 200.118.119.48 }
#addresses of known hackers
block drop in log quick on $br from bad to any


If anyone could point out why I can ssh into the LAN, but get blocked
by sshing to the management interface of the firewall, you have my
gratitude.

Q: Assistance with pf.conf rules

[John Nyhuis]

I am building and OpenBSD 5.7 +pf +pfsync +stp bridging firewall.  It's 90% working great, but I have a mistake in my pf.conf, and I've been 
staring at it for days, and have not spotted my error.

Would anyone be willing to review my rules and point out my mistake?

---ix0  -  ix1 --
|  world  |-| pf bridge |--| switch |
--- -  --
   \/
\  /
$man_if
ix0 connects from the WAN and is filtered and bridged to ix1, which is 
connected to the LAN switch
bond0 = $man_if (bnx0 + bnx1) is connected from the management interface on the 
bridge to the switch


My problem:  ssh connections from the world to the management interface of the bridge are being blocked.  ssh connections from the world to the 
switch are not, implying that my mistake is in my management interface rule block.


cat /etc/pf.conf

##JN general rules that apply to all interfaces and this specific server
set skip on lo  #ignore local interface
man_if=bond0  #our Management vNIC is bond0 (bond: bnx0, bnx1)
br=ix0# This is a bridge, so only filter on one bridge 
interface
int_if=ix1#internal interface of bridge

#set block-policy drop   #drop packets rather then send rejections.
set block-policy return #means we refuse packets, sending back a 
response
match in all scrub (no-df)  #means we reassemble all incoming packets to 
fix any overflows, etc.
block in log on $br all #Default deny all in, exceptions must be listed 
below
pass out on $br all #We trust ourselves, don't block outgoing
pass in quick on $int_if all#don't filter on internal interface, only 
external
pass out quick on $int_if all   #don't filter on internal interface, only 
external
pass quick on pfsync0 proto pfsync keep state   #Allow pfsync to sync firewall 
states

#ICMP: allow ping from any network -JN
pass in on $br inet proto icmp from any icmp-type echoreq

#SSH: ssh ports protected from brute force by fail2ban, allow ssh into DMZ by 
default
pass in on any proto tcp from any to any port 22 keep state
pass out on any proto tcp from any to any port 22 keep state

##JN Rules for Firewalls
table fw { 140.142.217.141, 140.142.217.140 }  #JN Lister and Rimmer
pass out quick on $man_if all keep state#We trust ourselves
##SSH: allow in from world, should be redundant, but SSH is being blocked -JN
pass in on $man_if proto tcp from any to fw port 22 keep state
##Block brute force attacks
table bruteforce persist
block quick log from bruteforce
pass log on $man_if inet proto tcp from any to any port ssh flags S/SA keep 
state (max-src-conn 100, \
max-src-conn-rate 15/5, overload bruteforce flush global)


##JN Rules for Switch 140.142.217.135, the DMZ switch
table sw135 { 140.142.217.135 }
#pass out on $br proto { tcp, udp, icmp } from sw135  to any keep state
##SSH: allow in from world, already allowed by default -JN
#pass  in  on $br proto tcp from any to sw135 port 22 keep state


##Hacker IP Addresses [LEAVE THIS RULE LAST]
table bad { 202.131.227.252, 220.231.54.232, 200.118.119.48 } #addresses of 
known hackers
block drop in log quick on $br from bad to any


If anyone could point out why I can ssh into the LAN, but get blocked by sshing 
to the management interface of the firewall, you have my gratitude.


--
Thanks,
John Nyhuis
IT Manager, Stam Lab
2211 Elliott Avenue
6th Floor, 6S139
Seattle, WA 98121
O: (206)-267-1097 ext 220
F: (206)-441-3033

Re: foomatic-rip 'f' exited =?US-ASCII?Q?(retcode=3D9)?=

[Predrag Punosevac]

On Tue, Aug 19, 2014 at 11:25 PM, Predrag Punosevac
 simple printcap file for printing using lpd and foomatic-rip for
 about seven years now but since past release it stop working

 predrag@oko$ uname -a
 OpenBSD oko.bagdala2.net 5.6 GENERIC.MP#333 amd64

 lp|HP|HP Photosmart 5250:\
 :lp=/dev/ulpt0:\
 :af=/etc/foomatic/HP-PhotoSmart_C5200.ppd:\
 :if=/usr/local/bin/foomatic-rip:\
l sent to user predrag about job
 by daemon
 with permission 664. Spooling directory has correct permission. This is
 the only thing I see in log files

 Aug 19 23:10:16 oko lpd[15224]: lp: filter 'f' exited (retcode=9)
 Aug 19 23:10:16 oko lpd[15224]: m/etc/foomatic/lpd/lp.ppd:\
 :sd=/var/spo stdin on printer lp ((null))
 Aug 19 23:10:16 oko lpd[15224]: lp: job could not be printed
 (cfA002oko.bagdala2.net)

 However /tmp/foomatic-rip-mF6GXB.log is a bit more punoseva...@gmail.com 
 wrote:
 I 1.0.54 running... :sh:sd=/var/spool/output:\
 :lf=/var/log/lpd-errs:

 I am of course in the daemon group and /etc/ulpt0 is own so long time ago. 

 The above is obviously caused by options passed to foomatic-rip. I also
 dislike the fact that one of the paths involve CUPS.

 Can somebody point to me what am I doing wrong here. I noticed that
 /etc/foomatic is no longer created automatically. Also filter.conf file
 is no longer needed?

 Thanks!
 Predrag

It appears that I can print spool-lessly with

foomatic-rip -P HP-PhotoSmart_C5200 --ppd HP-PhotoSmart_C5200.ppd 
/dev/ulpt0 

so it seems that problem is that somehow I have to pass printer
Id=HP-PhotoSmart_C5200 to cups filter via printcap which coincide with
log outpu.

Predrag