Re: NFS zfs serveur (hardware question)

[David Brodbeck]

On Sat, Jun 25, 2011 at 5:07 AM, Peter Toth free...@snap.net.nz wrote:
 There is still a way to increase NFS performance in 9.0 (without a ZIL
 SSD) by setting zfs property sync=disabled, which will disable
 synchronous writes - comes with some risks, research it before switching
 it off. Also, this will only disable sync for the ZFS filesystem not for
 the whole pool.

Thanks, I'll look into that.

I do appreciate that ZFS tries to be more careful about sync writes
than most filesystems.  But I also have users who expect tar xvf to
complete in a reasonable amount of time, and having the ZIL enabled
reduces file creation performance by a factor of ten. ;)
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Performance of a USB ZIL for ZFS

[Dan Nelson]

In the last episode (Jun 26), Joshua Isom said:
 On 6/25/2011 9:32 PM, Damien Fleuriot wrote:
  On 25 Jun 2011, at 19:17, Joshua Isomjri...@gmail.com  wrote:
  I was wondering if anyone had tried using a decent USB flash drive for
  the ZIL.  I know it'd be hard finding one fast enough, but some from
  patriot seem like they might be suitable for home use.  Part of the
  idea is to just minimize hard drive thrashing and the wear and tear
  associated with it.  If it helps prevent the drives from going bad, and
  doesn't hurt performance too bad all the better.  But if it's going to
  hurt performance too much or not help prevent thrashing there isn't a
  point.
 
  I stopped reading at the title.
  The answer is no.
 
  Grab a SSD for $80-120ish.
 
 Perhaps it would have helped to read the email.  Part of the concern is
 making sure the drives don't fail and not just throughput.
 
 Given that Kingston sells an SATA SSD for $40 that only gets writes at
 30mb/s write, and some USB drives might get up to 20mb/s.  If I get two
 drives and put them on different controllers, mirrored, I might get
 acceptable performance.  I may still loose performance, but if my drives
 last a year longer, I can probably accept it.  I'm ok with loosing some
 performance, but I just don't want it dragging down the system.  And if it
 won't help the drives last longer there's no point.

A seaparate ZIL isn't meant to extend the lifetime of the hard drives; it's
meant to accelerate the speed of sync writes.  Those are pretty infrequent
themselves, unless you're an NFS server.  You'll see a couple syncs per
commit on a database server, but compared to the amount of regular reads and
writes on your average system, you'll save under 1% of the writes by adding
a fast ZIL.  And remember, the ZIL is just a write log.  Everything that
gets written to it will get flushed to disk when zfs writes the next
transaction group.

-- 
Dan Nelson
dnel...@allantgroup.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Performance of a USB ZIL for ZFS

[Robert Simmons]

On 25 Jun 2011, at 19:17, Joshua Isomjri...@gmail.com  wrote:
 I was wondering if anyone had tried using a decent USB flash drive for
 the ZIL.  I know it'd be hard finding one fast enough, but some from
 patriot seem like they might be suitable for home use.  Part of the
 idea is to just minimize hard drive thrashing and the wear and tear
 associated with it.  If it helps prevent the drives from going bad,
 and doesn't hurt performance too bad all the better.  But if it's
 going to hurt performance too much or not help prevent thrashing
 there isn't a point.

You question is a good one, but I think the reason for your question may be 
off.  If you want the ZIL in a separate location it is to cut down on latency 
rather than thrashing.  See:
http://www.solarisinternals.com/wiki/index.php/ZFS_Evil_Tuning_Guide#Disabling_the_ZIL_.28Don.27t.29

If your concern really really is thrashing please consider the cost of flash 
memory vs a hard drive.  Replacing a bad hard drive is cheaper.  After a 
cursory glance at newegg, you can see the price per MB for:
HDD $0.09
USB flash $0.64
SSD $1.875
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

negative sbsize

[Jimmie James]

After the last firefox update and flash, I've been getting thousands and 
thousands of kernel: negative sbsize for uid = 1001 in my logs, and 
google appears to show a bug from 2001, 
http://www.freebsd.org/cgi/query-pr.cgi?pr=27275 with no solution. Flash 
sites now crawl, hang firefox, midori and opera . I even updated sources 
and rebuilt world and kernel, and still getting the error/issues.


firefox-5.0,1
linux-f10-flashplugin-10.3r181.26
nspluginwrapper-1.4.2
midori-0.3.6
opera-11.11
opera-linuxplugins-11.11
FreeBSD jimmiejaz.org 8.2-STABLE FreeBSD 8.2-STABLE #0: Sun Jun 26 
08:42:45 EDT 2011 jim...@jimmiejaz.org:/usr/obj/usr/src/sys/FORTYTWO 
 i386



Anyone have an idea what's going on or seeing this as well, and how to 
fix it?

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

I have a error in freebsd 8.2, an internal system error has ocurred

[Edgar Rodolfo]

Hi guys!, i am new on freebsd, but i had installed freebsd 8.2 with
graphical interface (gnome), i was very happy, but suddendly i saw a
message, exactly the message said:
we were not expecting has ocurred ..., look the photo, i don't
understand exactly, 30 min the message appears, is dangerous the
message?

http://subefotos.com/ver/?46893c74c902254a3d7789bb38a6b457o.png
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

cvs vs. DVD

[wayne mitchell]

hey,
be warned, you are dealing with a  'newbie'
i have one machine that has internet access and another that does not
both machines were installed with FreeBSD_RELEASE_8_1 with a DVD
i am now using cvsup to upgrade the RELENG_8_1_RELEASE tree

my second machine does not have working ethernet

how do i transfer the updated ports tree to the other machine using
only storage media (DVD, USB)

my guess (hack) is to find all relavent files/data trees and simply
copy over, then run necessary updates (portsdb, make world...)

if that is correct then can you tell where those files are ?

if not then how should i do this ?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: Dual Boot 8.2 and Windows 7

[Gyrd Thane Lange]

On Fri, 24 Jun 2011 16:47:26 -0700
per...@pluto.rain.com wrote:

 d...@safeport.com wrote:
 
  If FreeBSD can be installed in an extended partition,
  that would be a very useful howto.
 
 _Installing_ it in an extended partition is easy enough.
 geom(8) understands extended partitions (although sysinstall
 does not, so you need to install using Fixit# as for other
 non-sysinstall cases such as ZFS).
 
 The problem is _booting_ it.  The code in i386/boot2 and
 lib/libstand is written to find the / (or /boot) FS on a
 BSD partition of an fdisk primary partition (aka slice),
 or in a GPT partition, and would need additions to handle
 fdisk extended partitions.

Some years ago I ran into a similar problem. I ran out of primary
partitions (using MBR-speak) and had to move FreeBSD into an extended
partition.

Here the simple patch I wrote for the FreeBSD boot loader:
http://parvati.thanelange.no/freebsd/boot_loader/boot_loader.diff
http://parvati.thanelange.no/freebsd/boot_loader/

To update your source use:

patch -d /usr/src/sys/boot/i386/libi386/  boot_loader.diff

The FreeBSD loader has since a very long time ago attempted to work
with MBR extended partitions but a simple logical error has prevented
it from succeeding:

How it normally works.

-
| 1 |
-
| 2 | --
-   |
|
|
|
- -
| 5 |
-
|   | --
-   |
|
|
|
- -
| 6 |
-
|   |
-


How /boot/loader (incorrectly) works.

-
| 1 |
-
| 2 | --
-   |
|
|
|
- -
| 5 |
-
| 6 | --
-   |
|
|
|
- -
| 7 |
-
| 8 |
-


It has been a long time since I installed my system but I seem to
remember that all that is required is to copy the /boot/loader binary
from a patched system onto the newly installed one. (I have included a
copy of my /boot/loader at the URL above.)

The next challenge is to find a boot manager that will pick up FreeBSD
in an extended partition. For myself I use a self patched GRUB. (GRUB
also nearly worked out of the box, but had a different problem.) You're
welcome to have those patches as well if you need them.

Lastly I have the following in my kernel configuration file:

include GENERIC
...
nooptions GEOM_PART_BSD
nooptions GEOM_PART_MBR
options   GEOM_BSD
options   GEOM_MBR

That is because I am not fond of the new mangled device names, but
prefer the old ones.

Hope any of this helps.
Best regards,

Gyrd ^_^
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Re: cvs vs. DVD

[Matthias Apitz]

El día Sunday, June 26, 2011 a las 07:02:57PM +0100, wayne mitchell escribió:

 hey,
 be warned, you are dealing with a  'newbie'
 i have one machine that has internet access and another that does not
 both machines were installed with FreeBSD_RELEASE_8_1 with a DVD
 i am now using cvsup to upgrade the RELENG_8_1_RELEASE tree
 
 my second machine does not have working ethernet
 
 how do i transfer the updated ports tree to the other machine using
 only storage media (DVD, USB)
 
 my guess (hack) is to find all relavent files/data trees and simply
 copy over, then run necessary updates (portsdb, make world...)
 
 if that is correct then can you tell where those files are ?
 
 if not then how should i do this ?

Hey, this is easy (because it is FreeBSD).

# cd /var/db/pkg
# ls  /tmp/pkgs
# cd  (you need some Gbyte of space there)
# mkdir PKGDIR
# cd PKGDIR
# sh
# while read pkgname; do pkg_create -Rnb $pkgname; done  /tmp/pkgs

this will create a binary packages ready for installation of all your
ports and other packages you have installed;

move the result over with DVD/USB and install them with pkg_add(1M);

HIH

matthias
-- 
Matthias Apitz
t +49-89-61308 351 - f +49-89-61308 399 - m +49-170-4527211
e g...@unixarea.de - w http://www.unixarea.de/
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Traffic ignore security policies for SA in IPSec site-to-site connection

[NutipA]

First af all, I apologize if I chose the wrong mailing list. I need to 
establish IPSec site-to-site connection between two offices as it shown 
below:


LAN1 (192.168.1.0/24)
|
FreeBSD 8.2 (192.168.1.2) + ipfw NAT over PPTP(X.X.X.X)
|
|
internet
|
|
FreeBSD 8.2 (192.168.1.2) + ipfw NAT over PPPoE(X.X.X.X)
|
LAN2 (192.168.10.0/24)

The connection between two gatways has been successfully established. 
All traffic between two VPN-gateways with global addresses X.X.X.X and 
Y.Y.Y.Y has been sucessfully encapsulated and encrypted. I see this 
traffic as packets with ESP headers in my sniffer. Then I added static 
routes to each LAN. But when I ping any private address in LAN2 from my 
computer (192.168.1.102) I see the next output in tcpdump on LAN1 gateway:


19:33:42.506971 IP X.X.X.X  Y.Y.Y.Y : IP 192.168.1.102  192.168.10.1: 
ICMP echo request, id 13941, seq 4, length 64 (ipip-proto-4)


Traffic hasn't been encrypted and processed by ipsec! It has rather been 
placed only in gif-interface and of course remote site is not 
responding. So IP-packets ignore security policies for SA:


192.168.10.0/24[any] 192.168.1.0/24[any] any
in ipsec
esp/tunnel/Y.Y.Y.Y-X.X.X.X/use
spid=6 seq=1 pid=23533
refcnt=1
192.168.1.0/24[any] 192.168.10.0/24[any] any
out ipsec
esp/tunnel/X.X.X.X-Y.Y.Y.Y/use
spid=5 seq=0 pid=23533
refcnt=1

As I understand, the traffic from client machines in any direction 
should look like this:


21:34:16.486698 IP Y.Y.Y.Y  X.X.X.X: ESP(spi=0x043488c2,seq=0x66), 
length 116


Please help me to solve this strange problem.  I have created a test 
environment (5 virtual machines) and everything was ok! The only 
difference was that the tests were run in a several private local 
networks, without ISP and pptp/pppoe-interfaces. Also, on the advice of 
other people I need to try it without gif-interface, but all my tests 
was made according by handbook article.


P.S. I have attached my configs and output of any commands, because my 
message is too big.
[19:00]root@beta:/home/NutipA# cat /usr/local/etc/racoon/setkey.conf
flush;
spdflush;
# To the second office network
spdadd 192.168.1.0/24 192.168.10.0/24 any -P out ipsec 
esp/tunnel/X.X.X.X-Y.Y.Y.Y/require;
spdadd 192.168.10.0/24 192.168.1.0/24 any -P in ipsec 
esp/tunnel/Y.Y.Y.Y-X.X.X.X/require;

---

[19:02]root@beta:/home/NutipA# cat /usr/local/etc/racoon/racoon.conf
pathpre_shared_key  /usr/local/etc/racoon/psk.txt; #location of 
pre-shared key file
log debug;  #log verbosity setting: set to 'notify' when testing and 
debugging is complete

padding # options are not to be changed
{
maximum_length  20;
randomize   off;
strict_checkoff;
exclusive_tail  off;
}

timer   # timing options. change as needed
{
counter 5;
interval20 sec;
persend 1;
#   natt_keepalive  15 sec;
phase1  30 sec;
phase2  15 sec;
}

listen  # address [port] that racoon will listening on
{
isakmp  X.X.X.X [500];
isakmp_natt X.X.X.X [4500];
}

remote  Y.Y.Y.Y [500]
{
exchange_mode   main,aggressive;
doi ipsec_doi;
situation   identity_only;
my_identifier   address X.X.X.X;
peers_identifieraddress Y.Y.Y.Y;
lifetimetime 8 hour;
passive off;
proposal_check  obey;
#   nat_traversal   off;
generate_policy off;

proposal {
encryption_algorithm3des;
hash_algorithm  md5;
authentication_method   pre_shared_key;
lifetime time   30 sec;
dh_group1;
}
}

sainfo  (address 192.168.1.0/24 any address 192.168.10.0/24 any)# address 
$network/$netmask $type address $network/$netmas
{   # $network must be the two internal networks 
you are joining.
pfs_group   1;
lifetimetime36000 sec;
encryption_algorithm3des,des;
authentication_algorithmhmac_md5,hmac_sha1;
compression_algorithm   deflate;
}

---

[18:53]root@beta:/home/NutipA# ifconfig
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500
options=2098VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC
ether 00:17:31:55:a6:07
inet 192.168.1.2 netmask 0xff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT full-duplex)
status: active
output ommitted
tun0: flags=8151UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST metric 0 mtu 1400
options=8LINKSTATE
inet 

Re: [UPDATE] host-setup(1): a dialog(1)-based utility for configuring FreeBSD

[Devin Teske]

On Apr 23, 2011, at 4:42 AM, Thomas Dickey wrote:

 On Sat, Apr 23, 2011 at 08:54:51AM +0100, Bruce Cran wrote:
 On Fri, 22 Apr 2011 09:52:44 -0700
 Devin Teske dte...@vicor.com wrote:
 
 Looks like `--hline' is not supported anymore. Thinking this should
 either be patched or documented in ERRATA/UPGRADING.
 
 I think you mean UPDATING :)
 
 perhaps.  But reporting bugs is nicer than long discussion threads.

I've released a new version of my host-setup utility.

Available here:
http://druidbsd.sourceforge.net/download/host-setup.txt
or here:
http://druidbsd.sourceforge.net/

Now at version 3.2, here's the delta:

- Added support for FreeBSD-9.x's new dialog(1) (which lacks `--hline' support).
- Added support for /usr/ports/x11/Xdialog

You can now execute this on the console or in X windows.

Default is console, to execute in X windows, execute:

host-setup -X
-- 
Cheers,
Devin Teske


- LEGAL DISCLAIMER -
This message  contains confidential  and proprietary  information
of the sender,  and is intended only for the person(s) to whom it
is addressed. Any use, distribution, copying or disclosure by any
other person  is strictly prohibited.  If you have  received this
message in error,  please notify  the e-mail sender  immediately,
and delete the original message without making a copy.

- FUN STUFF -
-BEGIN GEEK CODE BLOCK-
Version 3.12
GAT/CS/B/CC/E/IT/MC/M/MU/P/S/TW d+(++) s: a- C+++@$ UB$ P@$ L$ E-
W+++ N? o? K? w@ O M++$ V- PS+++ PE@ Y+ PGP- t(+) 5? X(+) R(-) tv+ b+++ DI+
D+(++) G++ e h r+++ z+++
--END GEEK CODE BLOCK--
http://www.geekcode.com/

- END TRANSMISSION -

_

The information contained in this message is proprietary and/or confidential. 
If you are not the intended recipient, please: (i) delete the message and all 
copies; (ii) do not disclose, distribute or use the message in any manner; and 
(iii) notify the sender immediately. In addition, please be aware that any 
message addressed to our domain is subject to archiving and review by persons 
other than the intended recipient. Thank you.
_
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

Using a special proxy for ports

[Dennis Glatting]

I have a requirement where I need to archive ports used across twenty 
hosts for a year or more. I've decided to do this using Squid and to take 
advantage of Squid's cache when updating common ports across those hosts.


(BTW, at another site I used rsync to sync /usr/ports/distfiles across the 
hosts to a local master site then specified _MASTER_SITES_DEFAULT in 
make.conf to a FTP server on the local site. That method works when the 
port is previously cached however if the file isn't in the cache and I 
simultaneously install the port across ten hosts, the port is fetched ten 
times. Sigh.)


I have a Squid proxy installed that isn't meant for every-day/every-user 
use and requires authentication. (Users either go through another Squid 
proxy or direct.) The special Squid proxy works. No surprise there. 
Authentication works. No surprise there.


What I need is a method to embed into make.conf a proxy specification for 
fetch. Setting the environment variable HTTP_PROXY from the login shell 
/is not/ preferred because the account is used by different 
administrators, I don't what the special proxy accidentally polluted with 
non-port stuff, and it would only create confusion.


Setting http_proxy in make.conf does not work. .netrc doesn't appear to be 
a viable method (if it did, I could specify FETCH_ARGS in make.conf).


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org