Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 7:53 PM, Alejandro Imass wrote: > On Thu, Aug 29, 2013 at 5:07 PM, Patrick wrote: >> On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass >> wrote: >>> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: >>>> On 29/08/2013 09:52, Frank Leonhardt wrote: >>>>> >>> > > [...] > >> Aliases should have a netmask of 255.255.255.255. What you seeing is >> not typical behaviour on FreeBSD. [...] > One of you asked about NAT. We are using natd to nat some public ports > to other ports on the private IPs that are aliases of lo0. This is for > the jails that don't have public IPs we just forward some ports to the > jail's ports like this: > > For example: > > redirect_port tcp 192.168.101.123:22 12322 > redirect_port tcp 192.168.101.123:80 12380 > > Could this have an effect on OUTBOUND connections?? Seems unlikely to > me but I think one of you asked about NAT I suspect for a good reason. > > I'll turn off the natting temporarily and test. > I can confirm that the culprit was natd. Now the question becomes why does natd affect the source IP for an outbound connection?? Is there a way to fix it and keep natd? Seems that Patrick's NAT hunch on hist first reply was right on the money. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 5:07 PM, Patrick wrote: > On Thu, Aug 29, 2013 at 12:07 PM, Alejandro Imass wrote: >> On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: >>> On 29/08/2013 09:52, Frank Leonhardt wrote: >>>> >> [...] > Aliases should have a netmask of 255.255.255.255. What you seeing is > not typical behaviour on FreeBSD. > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-virtual-hosts.html > > Patrick Thanks for pointing this out, the manual is effectively very clear on this. So, I changed the masks for ALL the aliases on that server to /32. It alone has more than 30 aliases on lo0 and 4 public IPs. I tested and still has the same problem. So I rebooted just in case and the problem still persists: $ ifconfig em0 em0: flags=8843 metric 0 mtu 1500 options=209b ether 00:30:48:bd:b9:1a inet xxx.yyy.52.74 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.70 netmask 0x broadcast xxx.yyy.52.70 inet xxx.yyy.52.71 netmask 0x broadcast xxx.yyy.52.71 inet xxx.yyy.52.73 netmask 0x broadcast xxx.yyy.52.73 media: Ethernet autoselect (1000baseT ) status: active $ ssh -b xxx.yyy.52.70 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n $ ssh -b xxx.yyy.52.71 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n $ ssh -b xxx.yyy.52.73 foo@bar Password: 7:58PM up 131 days, 3:14, 1 user, load averages: 0.02, 0.01, 0.00 USER TTY FROM LOGIN@ IDLE WHAT foo pts/14 xxx.yyy.52.74 7:58PM - w -n I don't understand why I get different results than yours and Frank's. We run a pretty standard set-up so why is this not working for us. Could it be because we turned off TCO on the NIC ? One of you asked about NAT. We are using natd to nat some public ports to other ports on the private IPs that are aliases of lo0. This is for the jails that don't have public IPs we just forward some ports to the jail's ports like this: For example: redirect_port tcp 192.168.101.123:22 12322 redirect_port tcp 192.168.101.123:80 12380 Could this have an effect on OUTBOUND connections?? Seems unlikely to me but I think one of you asked about NAT I suspect for a good reason. I'll turn off the natting temporarily and test. Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Thu, Aug 29, 2013 at 5:03 AM, Frank Leonhardt wrote: > On 29/08/2013 09:52, Frank Leonhardt wrote: >> Hi Frank thanks for taking the time to try to replicate this. Here is all the detailed info 8.1-RELEASE em0: flags=8843 metric 0 mtu 1500 options=209b ether 00:31:88:bd:b9:3a inet xxx.yyy.52.74 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.70 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.71 netmask 0xff80 broadcast xxx.yyy.52.127 inet xxx.yyy.52.73 netmask 0xff80 broadcast xxx.yyy.52.127 media: Ethernet autoselect (1000baseT ) status: active I use rc.conf standard practice for aliases: ifconfig_em0="inet xxx.yyy.52.74 netmask 255.255.255.128 -tso" ifconfig_em0_alias0="inet xxx.yyy.52.70 netmask 255.255.255.128 -tso" ifconfig_em0_alias1="inet xxx.yyy.52.71 netmask 255.255.255.128 -tso" ifconfig_em0_alias2="inet xxx.yyy.52.73 netmask 255.255.255.128 -tso" nune# netstat -rn Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire defaultxxx.yyy.52.1 UGS 168 182183463em0 127.0.0.1 link#4 UH 00lo0 [... internal aliases to lo0 here...] xxx.yyy.52.0/25link#1 U 068581em0 xxx.yyy.52.70 link#1 UHS 014363lo0 xxx.yyy.52.71 link#1 UHS 064765lo0 xxx.yyy.52.73 link#1 UHS 00lo0 xxx.yyy.52.74 link#1 UHS 029170lo0 Note the Netif Expire on 71,73,74 are showing lo0 could this be the problem? nune# ssh -b xxx.yyy.52.71 foo@bar Password: > w -n 3:15PM up 130 days, 22:30, 3 users, load averages: 0.00, 0.02, 0.00 USER TTY FROM LOGIN@ IDLE WHAT [...] foo pts/24 xxx.yyy.52.74 3:14PM - w -n I don't know why mine is showing 74 and from your example it should be showing 71. Did you see the article below? http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour This seems to be a pretty common issue or it's just a miss-configuration problem? Thanks! Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Wed, Aug 28, 2013 at 4:11 PM, Frank Leonhardt wrote: > On 28/08/2013 19:42, Patrick wrote: >> >> On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass >> wrote: >>> >>> On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt >>> wrote: >>>> [...] > Sorry guys - I had not intention of upsetting the EzJail fan club! > No worries there I just think it's an awesome tool. We used plain old jails before, and we even went through the "service jail" path once, but EzJail is a lot more than just lightweight easy-to-use jailing. > The fact remains that I've tried to recreate this problem on what comes to a > similar set-up, but without EzJail, and I can't. I've only tested it on > FreeBSD 8.2 so far, and I've only tested it from INSIDE a jail. I completely > understood what you were saying about it doing weird stuff outside a jail, > but my point is that this may or may not be related. > Actually you can replicate it easily. Assign a number of IPs to any interface but that the interface has a default route. It will always use the "primary" or default IP on the other end. You can probably see this effect even on a private network provided all the aliases route through the same gateway. You will not be able to see this effect using aliases on the loopback AFAIK. > You don't say what version you're running. I can try and recreate it on > another version. > It doesn't matter, it's a very basic network issue with aliases in FreeBSD, Linux and other OSs. Look here: http://serverfault.com/questions/12285/when-ip-aliasing-how-does-the-os-determine-which-ip-address-will-be-used-as-sour I would like to know how people deal with this on FBSD Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Wed, Aug 28, 2013 at 2:42 PM, Patrick wrote: > On Wed, Aug 28, 2013 at 7:25 AM, Alejandro Imass wrote: >> On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: >>> On28/08/2013 00:19, Patrick wrote: [...] > I don't think that's true though in the case of jails. On the host > system, yes, but when a jail is bound to a particular IP, outbound > connections originate from that bound IP. At least they do for me in > all of my experience. Still wondering if you're using NAT with your > jails, as that could change things. > Nope, no NAT. I verified what you said using the aliases in lo0 and it does in fact use the correct private IP, and that is well, no surprise because we rarely have jails actually public IPs so I didn't notice this strange behaviour before. Actually, not so strange once you understand what's going on: It doesn't work the same using the public IP because, the public IP goes through a gateway so it's a different case. In that case it will use the "primary" IP assigned to the device in that subnet that goes through that routing rule. You can test this if you want but you will need to re-create a scenario where you have multiples IPs assigned to a physical network card and that routes through a common gateway. In this case, it will use only the primary IP assigned to network card. If you actually test it you will see it's not a jail issue, it simply works that way,and it will be consistent on a jail or the base system. The only ways to fix this are either through the routing table or source address re-writing with IPFW or similar. > (FWIW, we use ezjail as well. It doesn't do anything special except > make having lots of jails easy and lightweight.) > It does a lot more than that! We use flavours and have pre-loaded environments for easy deployment, much like people use VMWare. For example we do a lot of development in Catalyst and it takes forever to install a working Catalyst env which we only have to do once and then create Cat flavoured jails in minutes. We also, archive and re-instatiate jails in other servers or add more capacity in an existing env just by archiving and creating a clone jail on another server. So basically with EzJail we have our own cloud-type environment but running on the real hardware and with much more granular control. We also use Amazon AWS but not for anything that's core ot the company. We do a ton of other stuff that relies on EzJails tools, for example update one jail to test and the simply re-create that one to replace all the others. Plain old jails will do the same thing for sure, but if you manage hundreds you'll probably wind up re-inventing EzJail in the first place. Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Wed, Aug 28, 2013 at 5:42 AM, Frank Leonhardt wrote: > On28/08/2013 00:19, Patrick wrote: >> >> On Tue, Aug 27, 2013 at 3:42 PM, Alejandro Imass >> wrote: >>> [...] > > (Tidied up so all now bottom posted) > > I can confirm that you shouldn't be seeing this behaviour because I don't. I > don't use EzJail - i prefer "vi". Seriously, setting up a jail is very > straightforward anyway, and when I tried ezjail I found it was doing stuff I > didn't like, so dropped it early on. It was a long time ago and I've > forgotten the specifics. > > I guess if you're using it your new to this particular game, so please > excuse me pointing out a few basics here. > We use Ezjail not because it's easy or because we're new to jails, I think you might be confused on what EzJail actually is and why people use it. We use it because we manage a private cloud exclusively based on FBSD with about a dozen servers with a couple dozen jails each. I use EzJail because it allows us to manage just shy of 300 separate environments with only a couple of sysadmins, and with optimized system resources. We use it because IT ROCKS. > Although I can't exactly see how this would cause a problem, remember that > many service will bind to ALL IP addresses when they start up, and if they [...] > I can't see a mechanism that would get the results you're seeing, but I > don't know what ezjail might be doing. I suspect your problem is with ezjail > or something bizzare on your network config; can you try it manually? After my OP I immediately sent out second mail stating that the problem is not with Jails or EzJail and it's related to the way that aliases behave on a network interface card. When you have aliases that are on the same subnet, the source IP is the primary IP , that is the first IP set on that network device. You can test this with out jails with a simple ssh connection to another server and then typing who. Even if you force ssh to bind to a particular IP using -b it will still show the primary IP. If you have aliases on different subnets this will not happen. Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Tue, Aug 27, 2013 at 6:28 PM, Patrick wrote: > That's not the behaviour I see. My jail has a private and public IP. > Hi Patrick, thanks for your reply. The issue is actually more basic and it's because the same network card has multiple IPs on the same subnet so the routing table always chooses the primary IP assigned to that interface. I'm trying to figure out if I can fix it in the routing table or will need IPFW to re-write the source address. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Jail with public IP alias
On Tue, Aug 27, 2013 at 4:59 PM, Alejandro Imass wrote: > Hi, > > I have a machine with several public IPs on the same NIC and I bound > one of those IPs to a jail created with EzJail. Suppose the scenario > is something like this: > > em0 > 190.100.100.1 > 190.100.100.2 > 190.100.100.3 > 190.100.100.4 > > In the jail we are bound only to 190.100.100.4 > > The default router is correctly set on the jail, etc. > > But when we ssh out of that jail, or send an email, the receiving end > always sees 190.100.100.1 not 190.100.100.4 which is the IP the jail > is bound to. I think my problem is actually more basic than this. The problem actually occurs on the base system as well and I think it's because all the IPs are on the same subnet, then the kernel assumes to use the primary IP as the source address. For the sake and usefulness of the mail archives I will end this thread here and start another one with a more appropriate title, not before researching to see if this can be done with the routing table or if I need to use ipfw to re-write the source address. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Jail with public IP alias
Hi, I have a machine with several public IPs on the same NIC and I bound one of those IPs to a jail created with EzJail. Suppose the scenario is something like this: em0 190.100.100.1 190.100.100.2 190.100.100.3 190.100.100.4 In the jail we are bound only to 190.100.100.4 The default router is correctly set on the jail, etc. But when we ssh out of that jail, or send an email, the receiving end always sees 190.100.100.1 not 190.100.100.4 which is the IP the jail is bound to. Since I can't use traceroute or netstat I can only guess that it's using the base systems routing table for link#1 and that's why it's always going out of the first IP of that NIC. Is there any way to fix this? Besides adding another NIC which we currently can't do. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: sysvipc only for one jail
On Tue, Aug 13, 2013 at 12:14 AM, Shane Ambler wrote: > On 12/08/2013 21:39, Trond Endrestøl wrote: >> >> On Mon, 12 Aug 2013 13:57+0200, David Demelier wrote: > > >>> And thus, it's not enabled as postgresql tells: >>> >>> creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: >>> could not create shared memory segment: Function not implemented >> >> >> I'll look into this by creating a new jail for PostgreSQL 9.2 when I >> get home. >> > > While it is currently in beta maybe you could also try 9.3 and verify that > the shared memory update works or eliminates this configuration? > No need for any complication. Pg will work just fine by following this simple recipe. I compute a UID unique to the overall system by concatenating 70 (the natural UID for the pgsql user user in FBSD) and the last 3 digits of the Jails'IP, but you can come up with any numbering scheme as long as it's consistent and easily associated to a specific jail. For example for the Pg running on jail 192.168.101.124, install PostgreSQL and before doing anything else: pw usermod pgsql -u 70124 pw groupmod pgsql -g 70124 pw usermod pgsql -g 70124 chown -R pgsql /usr/local/pgsql/ chgrp -R pgsql /usr/local/pgsql/ Any other application that uses SYSV IPC should follow a similar recipe, and it's compatible with al versions of Jails. And that's it. I have dozens of jails with Pg running this way. Likewise also make sure all of your network daemons listen _specifically_ to that jail's IP, in Pg that would be postgresql.conf: listen_addresses = 'xx' although the default 'localhost' should work most of the time. Always double check all daemons with sockstat (e.g. sockstat -4l) to make sure they only listen on that jail's IP(s). Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Technological Collabration
On Wed, Jul 31, 2013 at 10:19 PM, tronic solutions wrote: > Hi, > > After carefully reviewing your services, we feel utterly confident that we > can help just as we’ve helped similar companies improve their >profitability: > by providing you the same (or better!) quality IT services at significantly > lower cost. I tried calling you but haven’t managed to >connect yet. I would > probably wish to have a discussion with you for exploring this opportunity & > contributing to your needs. Goes to show how careful you reviewed "our services". This is a public mailing list and what you have done is just shown a lot of people that your "IT" company is not trustworthy. Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Hello
On Tue, Jun 25, 2013 at 6:56 PM, julius wrote: > Which BSD for a user desktop ??!. PCBSD 9 > I all ready have Linux mint but I like to try again, in the past I have use > it but no luck in dual booting system with windows and I have try to follow > youtube BSD users that gave instructions on the BSD and no luck. Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: MySQL hangs server completely
On Wed, May 22, 2013 at 2:04 PM, Michael Ross wrote: > On Wed, 22 May 2013 15:52:45 +0200, Alejandro Imass > wrote: > >> Hi, >> >> We've been having this problem with a customer for a while and it >> seems that some funky query makes MySQL use 100% of CPU. Nevertheless, >> even though you can see in top that it's only 1 CPU in 100% (out of 8) >> the server eventually becomes useless and stops responding completely. >> >> So my question is, how does a user process hang the whole server? What >> system resources could MySQL be draining to make the server stop >> responding completely? >> > > In laymans terms - can't do better - MySQL racing itself to obtain a ( table > | memory | file ) lock? > > I know I can death-stall the MySQL server at a customer's site if I give it > a big enough query ( like, DROPping a table, recreating it and pushing > backup data inside ) while cron's hourly backup-dump is running on the > database. Just the MySQL server, the machine itself hasn't stalled yet - but > I'm sitting at the console while doing this, so I don't know what would > eventually happen if I'd let it sit for a while. > Right on the money. It doesn't immediately hang the server but in time it drains it to the point the shell stops responding and no more ssh access and even snmp stops responding! It doesn't happen immediately, but only after a while that MySQL has one of the CPUs at 100%. What I don't understand is how it manages to crash the whole server. Thanks, -- Alejandro Imass > > Regards, > > Michael ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
MySQL hangs server completely
Hi, We've been having this problem with a customer for a while and it seems that some funky query makes MySQL use 100% of CPU. Nevertheless, even though you can see in top that it's only 1 CPU in 100% (out of 8) the server eventually becomes useless and stops responding completely. So my question is, how does a user process hang the whole server? What system resources could MySQL be draining to make the server stop responding completely? The MySQL database is running inside a Jail and perhaps that could help limit the damage it can cause. Has anyone else run into this problem? Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Home WiFi Router with pfSense or m0n0wall?
On Wed, Apr 24, 2013 at 4:16 PM, Michael Powell wrote: > Alejandro Imass wrote: > > [snip] >>>> Most consider the answer to use WPA2, which I do use too. Many think >>>> it is 'virtually' unbreakable, but this really is not true; it just >>>> takes longer. I've done WPA2 keys in as little as 2-3 hours before. >>> >>> Are you saying that any WPA2 key can be cracked or or you simply >>> referring to weak keys? >> >> I would also like to specifically if it's for weak keys or are all >> WPA2 personal keys crackable by brute force. Also is WPA2 Enterprise >> as weak also. Could anyone expand on how weak is WPA2 and WPA2 >> Enterprise or is this related to weak PSKs only?? >> > > I'm just a lowly sysadmin and not any kind of crypto expert. The problem is > time and horsepower. While a ridiculously easy key of say 4 characters that > is not salted may be doable on a PC, once you start to get to 8-9 characters > or more the time it takes begins to get huge fast. It's a matter of can you > tie up the resource long enough to wait it out. Throw salting into the mix > and it gets longer again. > > What I do at home is concatenate 2 ham radio call signs of friends that I > can remember. Then I sha256 that and select from the end backwards 15 [...] > The pre-shared key is the weakest as compared to Enterprise. Enterprise WPA > is stronger because it is a user account based system which authenticates > using 802.1x via a Radius server. You can even assign certificates to user OK. So we are talking about weak PSKs, of course with enough computing power virtually anything is crackable by brute force. What I don't get is that I thought that mac address filtering at the wireless level meant that the router would not negotiate with a mac no listed in it's table. I haven't used Kismet but you are saying that with Kismet I can infer authorized macs that are connecting to a specific access point so I can spoof one and perform my brute force attack?? Honestly I don't know much about 802.11 but if that is so it's pretty retarded and mac address filtering really a joke then. Thanks again for such detailed responses. I know all this seems all OT but it's a security issue that I don't think that many people are aware of so I haven't changed the subject to OT because of this. Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Home WiFi Router with pfSense or m0n0wall?
On Mon, Apr 22, 2013 at 8:04 PM, RW wrote: > On Mon, 22 Apr 2013 14:25:30 -0400 > Michael Powell wrote: > > >> Most consider the answer to use WPA2, which I do use too. Many think >> it is 'virtually' unbreakable, but this really is not true; it just >> takes longer. I've done WPA2 keys in as little as 2-3 hours before. > > Are you saying that any WPA2 key can be cracked or or you simply > referring to weak keys? I would also like to specifically if it's for weak keys or are all WPA2 personal keys crackable by brute force. Also is WPA2 Enterprise as weak also. Could anyone expand on how weak is WPA2 and WPA2 Enterprise or is this related to weak PSKs only?? Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Home WiFi Router with pfSense or m0n0wall?
On Mon, Apr 22, 2013 at 3:45 PM, Michael Powell wrote: > Alejandro Imass wrote: > >> [...] >> >>> Really these WEP/WPA2 protocols are not providing the level of protection >>> that is truly necessary in this modern day. You can keep out script >>> kiddies and people who don't have skill, but people who know what they >>> are doing are only slowed down. >>> >> >> Thanks for the detailed explanation! So, are there ways to run a >> secure WiFi network? It would seem that in my case I have neighbours >> that know what they're doing so should I just forget about WiFi go >> back to UTP? >> > > We use 802.1x auth on our switch (and other hardwares) ports at work and > this utilizes a Radius server. At work we are mostly a $MS WinderZ shop, but > with Enterprise grade access points (we have Aruba's), EAP, and Radius we [...] > > This email is already getting a trifle long, so suffice to say if you really > need the best security on a home ISP router the best you can do is turn off > the radio and use Ethernet and UTP. This returns to the original focus of > your question in that the firewall would be the point of contention and not > the cracking of WEP/WPA2 auth keys. What I was wanting to point out to you > originally is that changing the firewall is a separate issue from the > cracking of Wifi auth keys. > I absolutely got that but I was assuming that a pre-packaged WiFi router with pfSense or m0n0wall would have a more secure wireless hardware and software as well. Now I see the problem is more complex and that the wireless part is vulnerable regardless. So if by cracking the wireless part they can spoof the mac addresses of authorized equipment, what other methods could a BSD-based firewall use to prevent the cracker from penetrating or using the network beyond the WiFi layer? From your response it seems very little or nothing really... Thanks again for your detailed answers! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Home WiFi Router with pfSense or m0n0wall?
On Mon, Apr 22, 2013 at 2:25 PM, Michael Powell wrote: > Alejandro Imass wrote: > >> On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell >> wrote: >>> Alejandro Imass wrote: >>> >>>> Hi, >>>> [...] > Really these WEP/WPA2 protocols are not providing the level of protection > that is truly necessary in this modern day. You can keep out script kiddies > and people who don't have skill, but people who know what they are doing are > only slowed down. > Thanks for the detailed explanation! So, are there ways to run a secure WiFi network? It would seem that in my case I have neighbours that know what they're doing so should I just forget about WiFi go back to UTP? Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Home WiFi Router with pfSense or m0n0wall?
On Sun, Apr 21, 2013 at 9:52 AM, Michael Powell wrote: > Alejandro Imass wrote: > >> Hi, >> >> I'm looking to replace the piece of crap 2wire WiFi router that gets >> crakced every other day for something with pfSense or m0n0wall > > Not sure what you mean by 'cracked' here. If you are meaning that someone is > using aircrack-ng to break your Wifi authentication key a firewall won't do > much to stop this. > I use mac address authentication plus wpa2 psk and yet they are still able to connect so it seems that 2Wire's routers are an insecure piece of crap and they are full of holes and back-doors. Just google 2wire vulnerabilities or take a look at this video http://www.youtube.com/watch?v=yTtQGPdSIfM Look at how many ISPs world-wide use 2wire. Makes you wonder if ISPs use these crappy routers on purpose to get some more revenue from cap overruns. Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Home WiFi Router with pfSense or m0n0wall?
Hi, I'm looking to replace the piece of crap 2wire WiFi router that gets crakced every other day for something with pfSense or m0n0wall I would like something that is plug and play and easy to use in the $300 rage tops that has the WiFi router integrated. It seems only Hacom offers this. Can anyone recommend something different or has anyone here tried Hacom WiFi routers? Any additional comments or recommendations? Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: OT: The future of USENET?
On Wed, Mar 27, 2013 at 6:55 AM, Quartz wrote: >> Younger generations > > > In my experience, few people under the age of 30 have used usenet, and no > one under the age of 20 has even heard of it. > It's interesting to see all the re-inventions that occur all the time. It's basically the same stuff, just re-invented for a wider audience, lowering the barrier of entry in some cases and in others just plain stupidity and ignorance. Many times these re-inventions happen without even prior knowledge of what exists and other times are "simplified" forks, or robbed ideas that wind up being the same or worse than their original counterparts. Examples are in all areas of technology, and in society in general. For example, chat and instant messaging have always been avail for IRC users since the late eighties but have been re-invented in the late nineties with a bunch of incompatible and overlapping IM protocols. Blogs and forums are also re-inventions of older and in many cases more robust and versatile technologies like USENET and mailing lists. In many cases what I find that is a shame is that these re-inventions don't build on top of mature technologies but rather start out as simple things and then evolve to overly complex things without any elegance and that (as stated above) wind up being even more complex and generally much less elegant than their older counterparts. A good example is Windows and perhaps most of MS technology in general, with a few counted exceptions. In some cases the prior art in known quite well, take for example PHP which was originally written in Perl, then forked to a new language for whatever reasons, and the evolves to be as complex or worse than Perl itself, and after all these years it's still not a full-fledged and decent programming language. In some cases, the evolutionary line is actually positive, take for example Ruby. Yet in this case, Perl has continued to evolve quite well, as Larry Wall well put it: "The camel has evolved to be relatively self-sufficient. (On the other hand, the camel has not evolved to smell good. Neither has Perl.)". One could go on forever with thousands of example, but it's all about evolution and you can only evaluate these things with time. Who knows, maybe USENET, IRC. etc. will continue to evolve and survive in niches, or someday make a great comeback when other options have run their course and have gone extinct. Best, -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Handbook Jail Chapter rewrite available for critique
On Fri, Mar 22, 2013 at 9:03 AM, Ian Smith wrote: > On Thu, 21 Mar 2013 11:21:29 -0400, Alejandro Imass wrote: > > On Thu, Mar 21, 2013 at 3:35 AM, Ian Smith wrote: > > > On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote: > [...] >> mentioned anywhere in this new proposal and why it isn't mentioned in >> the current handbook either under in section "16.5.2 High-Level >> Administrative Tools in the FreeBSD Ports Collection". If there is >> __any__ tool that should be mentioned in the jails chapter it is [..] > Actually, ezjail has been explicitly mentioned in '16.6 Application of > Jails' http://www.freebsd.org/doc/handbook/jails-application.html since > revision 30226 by danger, Mon May 28 20:02:46 2007 UTC, which section > was just 6 weeks ago updated with a (preceding) similar port reference > to qjail: http://svnweb.freebsd.org/doc?view=revision&revision=40900 > Never seen it before. First time I read about service jails it wasn't there. Further to my point doesn't it make more sense to mention them under "16.5.2 High-Level Administrative Tools in the FreeBSD Ports Collection" or in both places? [...] > > There have been about 20 messages in freebsd-jail@ referring to ezjail > this year so far before this thread, as in previous years; try browsing > the archives from http://lists.freebsd.org/pipermail/freebsd-jail/ > I posted on the wrong list then ;-) Subscribing today, thanks! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Handbook Jail Chapter rewrite available for critique
On Thu, Mar 21, 2013 at 3:35 AM, Ian Smith wrote: > On Tue, 19 Mar 2013 17:53:30 +0100, Dirk Engling wrote: > > On 18.03.13 20:16, s...@tormail.org wrote: > > > > > to configure things themselves. In my experience, ezjail is a much better > > > solution. I also see that you are the maintainer/author of qjail and like > > > to shovel your opinion as the only solution, both in this "rewrite" and > > > all over the FreeBSD forums. [...] > > > > # Copyright 2010, Qjail project. All rights reserved. > > > > offensive. I am usually quite open with the license of my software, > > beerware is as permissive as it gets. I just can not take some script > > kiddie right out copying my code verbatim and selling it as his, not > > even acknowledging me as the original author. > > > > Anyone here with suggestions how to properly react to this kind of "fork"? > > Yes. Publicity. Making sure the FreeBSD community gets to finds out. > [...] > To that end I'm cross-posting this to -questions, where Mr Barbish has > also posted about his proposed "rewrite" of Chapter 16 of the Handbook, > which is nothing but a huge and poorly written manual for 'the qjail > way', with its peculiar assumptions and unique "jailcell" terminology. > "Fourth Generation", no less! > +1 Thank you Ian for cross-posting here. The first thing I did when I got the new chapter for review was search for the work EzJail and I was curious as to why EzJail is not mentioned anywhere in this new proposal and why it isn't mentioned in the current handbook either under in section "16.5.2 High-Level Administrative Tools in the FreeBSD Ports Collection". If there is __any__ tool that should be mentioned in the jails chapter it is EzJail because it's really easy to use and does a damn good job. We've been using it in production __extensively__ since about 2010 and the one and only issue we've had was probably related to some sort of border-line bug with nullfs which has never happened since. We currently run half a dozen servers with anywhere from 12 to 24 jails each and we've only had a single isolated incident and it wasn't even related directly to EzJail. We use flavours extensively and constantly derive jails from others and move jails between servers, much like if we were using VMWare; it's that easy, or easier, and works every time. NOW some things start to make sense to me, when I posted a problem with EzJail here last year that very few people, if any, knew what I was talking about. An how could they? if it's not mentioned anywhere in the handbook or that jail man page(s). In fact, looking back at this thread[1] I can see that great deal of misunderstanding an unnecessary confusion could have been that the term "EzJail" meant nothing to most people commenting on the thread. When I commented the problem to Dirk he immediately recognized that it could have been a problem with nullfs and so did "jb"[2], who not only immediately thought of nulls, but actually found some bugs that were very similar to my situation[3], and which is BTW still open AFAICT. Anyway, the point I'm trying to make is that it seems quite odd that EzJail is not very publicized and I would like to see it prominently mentioned in the handbook and man pages as a great tool for Jail administration. Thanks, -- Alejandro Imass [1] http://lists.freebsd.org/pipermail/freebsd-questions/2012-April/240468.html http://lists.freebsd.org/pipermail/freebsd-questions/2012-April/240501.html http://lists.freebsd.org/pipermail/freebsd-questions/2012-April/240551.html [2] http://lists.freebsd.org/pipermail/freebsd-questions/2012-April/240566.html http://lists.freebsd.org/pipermail/freebsd-questions/2012-April/240569.html [3] PR#147420 http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/147420 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 9 and Windows XP
On Sat, Mar 9, 2013 at 3:07 PM, wrote: > Good afternoon, FreeBSD enthusiasts. Can FreeBSD 9.1 be installed on a > computer on which Windows XP currently resides? As others have already answered, yes. The risks are minimal if you are careful but you will always have the risk of breaking something so make a backup of your XP before doing _anything_. Also, even before doing that, run a de-fragmenter. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Anyone got an EPSON Perfection V33 scanner working?
On Wed, Mar 6, 2013 at 4:25 PM, Jens Schweikhardt wrote: > hello, world\n > > so I got an EPSON Perfection V33 scanner, needless to say it works > under Win7 with the provided SW on the CD. > > Needless to say, it's one of those scanners unsupported by SANE > according to their list, http://www.sane-project.org/sane-mfgs.html#Z-EPSON > On Sane Linux yes. Haven't tried on FBSD. It needs some binaries provided with the scan and iscan plugins. I got the RPMs and alienated to deb and it gets the Epson Perfection working on a Debian system. Maybe you can do something with Sane on Linuxator on FBSD and the binaries I have. I have the RPMs and I can send them to you or post them somewhere for download. Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
JBoss on FBSD
Hi, Does anyone have good or bad experiences running JBoss on Diablo and FBSD ?? The JBoss version we are looking to run on FBSD (on jails) is: JBoss EAP 5.1 Many thanks! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: zoneedit.com
On Sun, Feb 3, 2013 at 3:04 PM, Fbsd8 wrote: > Nick K wrote: >> >> There doesn't seem to be a way to create a new account at the "new" >> interface - as far as I can tell there is no "sign up" method at >> zoneedit.com. >> [...] > After reviewing zoneedit new website looks like they are no longer free and > there now in the domain register business. Time to return to the register > where your domain name is hosted and change the dns servers your using from > zoneedit back to your register's dns servers. If your register does not > provide the dns services you were using at zoneedit then time to look at > other registers. > I use http://www.enom.com and godaddy.com will have ads during the super > bowl game on tonight. > Just a thought, but why not just switch to another friendly DNS solution like freedns.afraid.org which is BTW powered by FreeBSD! Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Detail in section 25.2.3.3 of the Handbook
On Tue, Jan 29, 2013 at 6:25 PM, Warren Block wrote: > On Tue, 29 Jan 2013, Alejandro Imass wrote: > >> Maybe it's intentional but in section >> >> 25.2.3.3 Rebuilding Ports After a Major Version Upgrade >> >> The step that says: >> >> portupgrade -f ruby18-bdb >> >> Shouldn't it be ruby-bdb without the 18? >> >> Is there a reason why it has to be ruby18-bdb > > > That's a good point. It should probably be the origin, databases/ruby-bdb. > I don't have a way to test that right now. > > But really, it ought to be rewritten to use ports-mgmt/portmaster to remove > the dependency issue entirely. In fact, that could just refer to the > upgrade process at the end of the portmaster(8) man page. I had *a lot* of issues with this procedure using portupgrade. I assumed it was because the system was very old and I was upgrading from 7.0 to 9.1, although I tried in every step to upgrade the ports and failed (i.e. 7.1, 8.1, 8.2, 9.1). I wound up pkg_delete -a -f . I was going to re-install everything in Jails anyway so I was happy to delete all ports from the base sys. I can say however that the upgrade from 7.0-RELEASE to 9.1-RELEASE went very smoothly with freebsd-update, but as I mentioned above, I did it in steps. Thanks for your prompt reply! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Detail in section 25.2.3.3 of the Handbook
Maybe it's intentional but in section 25.2.3.3 Rebuilding Ports After a Major Version Upgrade The step that says: portupgrade -f ruby18-bdb Shouldn't it be ruby-bdb without the 18? Is there a reason why it has to be ruby18-bdb Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: HI
NO NO NO On Sat, Dec 29, 2012 at 6:19 AM, J chhayani wrote: > Hi, > > > > I was just reviewing your website > and found it very interesting. I really like your website and services you are > providing. I was wondering if we can work with you and help you with your > business. > [...] > > Note: - Though this is not an automated email, we keep on > sending out these emails to all those people whom we find eligible of using > our > services. To unsubscribe from future mails (i.e., to ensure that we do not > contact you again for this matter), please reply NO. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: help about free bsp version netcat to work it on ubuntu
On Mon, Jul 23, 2012 at 11:29 AM, lei yang wrote: > On Mon, Jul 23, 2012 at 10:36 PM, Polytropon wrote: >> On Mon, 23 Jul 2012 12:59:55 +0800, lei yang wrote: >>> On Mon, Jul 23, 2012 at 12:25 AM, Polytropon wrote: >>> > On Sun, 22 Jul 2012 22:41:57 +0800, lei yang wrote: >>> >> Hi, [...] > > I don't know where to find the source code in Red Hat. > Why don't you just toss RedHat and use FreeBSD ? Most everything you run on Linux will run on FreeBSD and there are also Desktop-friendly distros of FreeBSD such as PC-BSD which, in Linux terms, is to FreeBSD somewhat akin to what Ubuntu is to Debian. Anyway, give PC-BSD a try and you won't regret it: http://www.pcbsd.org/ Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: for the impatient: Linux LibreOffice works on FreeBSD
On Thu, Jul 19, 2012 at 8:02 AM, Wojciech Puchar wrote: >>> >>> >>> what's wrong in /usr/ports/editors/openoffice-3 >>> >> >> Oracle > > > oracle donated everything to apache foundation. > Yes, but not before creating a big mess, stagnating development and forcing the core team out of Oracle to create LO and I guess [pure speculation] that in the end it backfired and Larry (aka "we'll simply take it") was left with no resources to maintain it and had no choice but to let it go, maybe in an attempt to save face, who knows. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: for the impatient: Linux LibreOffice works on FreeBSD
On Thu, Jul 19, 2012 at 2:41 AM, Vaclav Kadlcik wrote: > Hi, > > since there has been various issues building LibreOffice from > ports lately and not everyone can or wants follow all the patches > flying around, I'd like to share that the Linux binary build runs > fine for me. > > I downloaded Linux' x86 tar package, did tar xf to get RPMs > and finally: > for i in *rpm; do rpm2cpio $i | cpio -ivd; done > That created opt/libreoffice3.5. You can move where you like > and start it using libreoffice3.5/program/soffice. > > (I'm tracking 9-STABLE with Linux compatibility enabled it this > matters.) > > May this help someone lazy or impatient like me... > Oli Thanks for sharing this! OO should have been replaced by LO a long time ago on FBSD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: for the impatient: Linux LibreOffice works on FreeBSD
On Thu, Jul 19, 2012 at 7:11 AM, Wojciech Puchar wrote: >> ports lately and not everyone can or wants follow all the patches >> flying around, I'd like to share that the Linux binary build runs [...] >> >> May this help someone lazy or impatient like me... > > > what's wrong in /usr/ports/editors/openoffice-3 > Oracle ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Sendmail and Postfix
On Fri, Jun 22, 2012 at 8:15 PM, Robert Bonomi wrote: >> From owner-freebsd-questi...@freebsd.org Fri Jun 22 13:47:20 2012 >> To: freebsd-questions@freebsd.org >> Date: Fri, 22 Jun 2012 13:41:46 -0500 >> From: Mark Felder >> Subject: Re: Sendmail and Postfix >> >> When you installed Postfix did you allow it to update the entries in >> /etc/mail/mailer.conf ? If so, I wouldn't worry about the mailq binary >> that came with the system; it's ignored. > > For SendMail, mailq is just a symlink to the SendMail executable. > > the "mail.conf" stuff (to use a polite word) installs it's own executable(s) > under all the 'common' names that SendMail is invoked as. These > executables look at /etc/mailer.conf, and invoke the appropiate executable > for the mailer that you have seleccted in mailer.conf. > mailer.conf is usually modified my the Postfix port and I am not sure but I think the option is checked by default. The lines to add to rc.conf to de-activate Sendmail and usu Postfix on the base system are: sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" postfix_enable="YES" -- Alejandro Imass > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: text format
On Mon, Jun 11, 2012 at 5:57 PM, i pwn wrote: > hi, sometime ago i asked a question about how to format a text, some people > told me to use groff, but i would like to know how was file > http://ipwn.altervista.org/files/Stoll,%20Clifford%20-%20The%20Cuckoo%27s%20Egg.txt > fomatted. > thanks in advance. Most probably nroff / groff Take a look at the info from the authoring tools at rfceditor: http://www.rfc-editor.org/formatting.html ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Is this something we (as consumers of FreeBSD) need to be aware of?
On Wed, Jun 6, 2012 at 3:52 PM, Dave U. Random wrote: > Polytropon wrote: > >> On Wed, 06 Jun 2012 11:47:11 +0100, Matthew Seaman wrote: >> > Having to pay Verisign instead of Microsoft makes no difference: the >> > point is why should I have to pay anything to a third party in order to >> > run whatever OS I want on a piece of hardware I own? > > It's time to dump the Intel/Microshaft mafia forever. FreeBSD, OpenBSD, > NetBSD, and even Linux have ports to many platforms. Why stay on Intel? It's > an overgrown ugly mess. > > We need to stop buying Intel mafiaware with preinstalled Microshaft mafiware > and run a free (or in the case of Linux "apparently free") OS on free > hardware. > But this is more to do with the BIOS than with Intel as such. Wasn't there a FreeBIOS, later LinuxBIOS, now coreboot I believe..? So replacing the BIOS entirely wouldn't suffice to override all this nonsense? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Wed, May 9, 2012 at 9:48 AM, Polytropon wrote:
> On Wed, 9 May 2012 09:30:37 -0400, Alejandro Imass wrote:
>> On Wed, May 9, 2012 at 8:53 AM, Erich Dollansky
>> wrote:
>> >> For your recommendation above, what are the advantages or differences
>> >> of slicing the disk versus partitioning on a single slice?
>> >>
>> > it could be a misunderstanding. What is a partition? What is a slice. I
>> > have to look always into the handbook. Anyway, as long the OS see
>> > different units which have to be mounted independent of each other, it all
>> > does not matter what is what.
>> >
>>
>> I meant in Unix terms of course. Slice is slice (partition in other
>> OS) and partition a thru h
>>
>> The question is if it has any advantage of using a slice to mount the
>> basejail in RO as opposed to doing the same thing on a partition.
>
> The answer is: It it not possible. :-)
>
> You cannot mount a slice.
>
> Given the BSD terminology: A slice _has_ to contain partitions.
> You cannot format a slice, you can only format partitions. A
> formatted partition carries a UFS file system. (However, it's
> possible to omit the slice, and partition the whole disk instead,
> this is called "dedicated mode"). A third method is formatting
> the whole disk ("the 'c' device"), in that case the 'c' is omitted.
>
> The _only_ time you can mount a slice is when it is used in its
> common meaning, being a "DOS primary partition"; in this case,
> a FAT or NTFS file system will be placed directly into a slice,
> as those do not support any (BSD-style) partitioning.
>
> /dev/ad0 -> the disk
> /dev/ad0s1 -> 1st slice
> /dev/ad0s1a -> 1st partition on 1st slice
> THIS is something you can mount.
> -or-
> /dev/ad0a -> 1st partition on disk ("dedicated")
> THIS can also be mounted.
> -or-
> /dev/ad0 -> the whole disk (equals /dev/ad0c)
> Even THIS can be mounted.
>
> In case I'm misunderstanding your question, could you alter the
> expression?
>
Thanks. The question was more advantages of a single slice + single
partition versus a slice and multiple partitions, for mounting the
EzJail basejail in RO mode.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Thu, May 10, 2012 at 9:29 PM, Edward M wrote: > On 05/10/2012 03:45 PM, Alejandro Imass wrote: >> >> Regarding Nemeth's I am undecided between the 4th (Unix& Linux) or >> the 3rd. Please advise. > > > i purchased the third edition because I took a look in the 4th the table > of contents > and it appears anything FreeBSD related was remove and it only > focuses on: Solaris > Linux( red hat ubuntu) and AIX. However third edition mentions BSDs > Yep, agreed. 3rd edition it is. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Tue, May 1, 2012 at 1:58 AM, Robert Bonomi wrote: > [...] > Reading _both_ of McKusick's "Design of .." books, and the 'Unix System > Admininstration Handbook', by Nemeth, et al. is a good _start_. > I just bought the FreeBSD one only unless there is a reason I should read the older 4.4BSD ? Regarding Nemeth's I am undecided between the 4th (Unix & Linux) or the 3rd. Please advise. Thanks, -- Alejandro Imass > Having a bunch of the books from O'Reilley & Assoc. (<http://www.ora.com>), > especially for 'standard' tools that you need to get the most out of, is > also highly recommended. > > Disclaimer: I know a lot of the authors of those books, persoally. > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Wed, May 9, 2012 at 8:53 AM, Erich Dollansky wrote: > Hi, > > On Wednesday 09 May 2012 18:57:06 Alejandro Imass wrote: >> On Thu, May 3, 2012 at 1:14 PM, Alejandro Imass wrote: >> > On Thu, May 3, 2012 at 9:35 AM, Robert Bonomi >> > wrote: >> >> >> >> [...] >> >> >> One comment: for 'defensive' purposes it would be useful to break ad6 up >> >> into two slices, putting 'basejail' in it's own slice. Then, for >> >> production >> >> use, that slice can be mounted RO, and with the 'system immutable' flag >> >> set on everything in that filesystem. >> >> >> > >> > Yes. From one of your posts that became somewhat clear to me: Having >> > all the jails on a single 150GB slice seems like a bad idea. >> > >> >> For your recommendation above, what are the advantages or differences >> of slicing the disk versus partitioning on a single slice? >> > it could be a misunderstanding. What is a partition? What is a slice. I have > to look always into the handbook. Anyway, as long the OS see different units > which have to be mounted independent of each other, it all does not matter > what is what. > I meant in Unix terms of course. Slice is slice (partition in other OS) and partition a thru h The question is if it has any advantage of using a slice to mount the basejail in RO as opposed to doing the same thing on a partition. Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Thu, May 3, 2012 at 1:14 PM, Alejandro Imass wrote: > On Thu, May 3, 2012 at 9:35 AM, Robert Bonomi > wrote: >> [...] >> One comment: for 'defensive' purposes it would be useful to break ad6 up >> into two slices, putting 'basejail' in it's own slice. Then, for production >> use, that slice can be mounted RO, and with the 'system immutable' flag >> set on everything in that filesystem. >> > > Yes. From one of your posts that became somewhat clear to me: Having > all the jails on a single 150GB slice seems like a bad idea. > For your recommendation above, what are the advantages or differences of slicing the disk versus partitioning on a single slice? Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Thu, May 3, 2012 at 1:40 PM, jb wrote: > Alejandro Imass p2ee.org> writes: > >> ... >> I have no idea, but cmm-php52-1 is in fact the problematic jail with >> the MySQL problem. > > Could you please include displays of > 1. your troubled machine's > $ cat /etc/fstab > Note: you already showed us 'mount' output. > 2. your other trouble-free server's > $ cat /etc/fstab > $ mount > The fstab was in a previous mail but here it is again... >From the troubled server: # DeviceMountpoint FStype Options DumpPass# /dev/ad4s1b noneswapsw 0 0 /dev/ad4s1a / ufs rw 1 1 /dev/ad4s1d /tmpufs rw 2 2 /dev/ad4s1f /usrufs rw 2 2 /dev/ad4s1e /varufs rw 2 2 /dev/ad6s1.journal /usr/jails ufs rw,async2 2 /dev/cd0/cdrom cd9660 ro,noauto 0 0 >From a good server (single disk machine): /dev/ad4s1b noneswapsw 0 0 /dev/ad4s1a / ufs rw 1 1 /dev/ad4s1d /tmpufs rw 2 2 /dev/ad4s1f.journal /usrufs rw,async 2 2 /dev/ad4s1e /varufs rw 2 2 /dev/ad4s1a on / (ufs, local) devfs on /dev (devfs, local, multilabel) /dev/ad4s1d on /tmp (ufs, local, soft-updates) /dev/ad4s1f.journal on /usr (ufs, asynchronous, local, gjournal) /dev/ad4s1e on /var (ufs, local, soft-updates) /usr/jails/basejail on /usr/jails/httpProxy/basejail (nullfs, local, read-only) devfs on /usr/jails/httpProxy/dev (devfs, local, multilabel) fdescfs on /usr/jails/httpProxy/dev/fd (fdescfs) procfs on /usr/jails/httpProxy/proc (procfs, local) /usr/jails/basejail on /usr/jails/cat58base/basejail (nullfs, local, read-only) devfs on /usr/jails/cat58base/dev (devfs, local, multilabel) fdescfs on /usr/jails/cat58base/dev/fd (fdescfs) procfs on /usr/jails/cat58base/proc (procfs, local) /usr/jails/basejail on /usr/jails/watwkyTesting/basejail (nullfs, local, read-only) devfs on /usr/jails/watwkyTesting/dev (devfs, local, multilabel) fdescfs on /usr/jails/watwkyTesting/dev/fd (fdescfs) procfs on /usr/jails/watwkyTesting/proc (procfs, local) /usr/jails/basejail on /usr/jails/mta1/basejail (nullfs, local, read-only) devfs on /usr/jails/mta1/dev (devfs, local, multilabel) fdescfs on /usr/jails/mta1/dev/fd (fdescfs) procfs on /usr/jails/mta1/proc (procfs, local) /usr/jails/basejail on /usr/jails/migdev/basejail (nullfs, local, read-only) devfs on /usr/jails/migdev/dev (devfs, local, multilabel) fdescfs on /usr/jails/migdev/dev/fd (fdescfs) procfs on /usr/jails/migdev/proc (procfs, local) > jb > > > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Thu, May 3, 2012 at 12:05 PM, jb wrote: > Alejandro Imass p2ee.org> writes: > >> ... >> devfs on /usr/jails/cmm-php52-1/dev (devfs, local, multilabel) >> ... >> /usr/jails/basejail on /usr/jails/cmm-php52-1/basejail (nullfs, local, >> read-only) >> fdescfs on /usr/jails/cmm-php52-1/dev/fd (fdescfs) >> procfs on /usr/jails/cmm-php52-1/proc (procfs, local) > > There is one thing that looks like an anomaly. > For each jail, should the master template basejail be mounted into it first, > followed by /dev and anything else in there ? > > /usr/jails/basejail on /usr/jails/cmm-php52-1/basejail (nullfs, local, > read-only) > devfs on /usr/jails/cmm-php52-1/dev (devfs, local, multilabel) > fdescfs on /usr/jails/cmm-php52-1/dev/fd (fdescfs) > procfs on /usr/jails/cmm-php52-1/proc (procfs, local) > > Does it matter ? I have no idea, but cmm-php52-1 is in fact the problematic jail with the MySQL problem. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Thu, May 3, 2012 at 9:35 AM, Robert Bonomi wrote: > > Alejandro Imass wrote: > > [ megasnip ] > >> > Things to investigate : >> > - When was the last time this box was rebooted normally ? Did it went fine >> > ? >> >> After I moved the jails to the right place I archived the jails with >> ezjail-admin and rebooted the server several times, and everything >> worked as expected. > > Rephrasing -- when was the last time _before_the_problem_was_discovered_ > that the machine was re-booted? > The jails moved Friday 27th so the last reboot before that was Apr 4 and before Feb 29 Feb 29 10:18:46 nune reboot: rebooted by aimass Apr 4 19:45:03 nune reboot: rebooted by aimass Apr 27 19:47:06 nune reboot: rebooted by aimass Apr 28 02:03:57 nune reboot: rebooted by aimass >> > Were the jails created at this time ? >> >> No. Most of these jails have been operational for over a year on this >> server without any incidents. > > Clarifying the question -- were the jails created at the time of the last > _prior_ reboot? i.e., had the machine been re-booted successfully _after_ > the jails were installed, or was this the _first_ such reboot? > No not at all. Most of these jails were created last year, but here is the detail. cmm_php52_1 is the problematic jail with the MySQL, you will see a recent date in the config file because I recently added some cpuset as a band-aid to limit the jail's ability to bring down the whole system, leaving at least a couple of CPUs free to be able to ssh and shut it down. There is however a new jail corcaribe_php53 and was the reason we rebboted the server on Apr 4th, just to make sure that eveything would boot OK after reboot. -rw-r--r-- 1 root wheel 917 Feb 16 2011 cat58base -rw-r--r-- 1 root wheel 917 Apr 29 2011 cm_idvida -rw-r--r-- 1 root wheel 937 Apr 3 2011 cm_website -rw-r--r-- 1 root wheel 960 May 2 09:48 cmm_php52_1 -rw-r--r-- 1 root wheel 1037 Apr 4 20:00 corcaribe_php53 -rw-r--r-- 1 root wheel 950 Feb 16 2011 http_proxy -rw-r--r-- 1 root wheel 917 Aug 3 2011 mcs_cat58 -rw-r--r-- 1 root wheel 917 Feb 10 2011 php52base -rw-r--r-- 1 root wheel 917 Feb 12 2011 php53base -rw-r--r-- 1 root wheel 877 Dec 27 20:33 pyugmao -rw-r--r-- 1 root wheel 877 Mar 21 22:03 testbed -rw-r--r-- 1 root wheel 1017 May 13 2011 yabarana_cat58 -rw-r--r-- 1 root wheel 1017 Feb 13 2011 yabarana_php52 -rw-r--r-- 1 root wheel 1017 Feb 13 2011 yabarana_php53 > It appears you misunderstood the 'at this time' reference -- it did ot > mean 'at the time of the incident', but 'at the time of the last prior > reboot'. If English is not your primary language, it is an understandable > misread. > >> As I told you earlier, this server has been running for over a year >> and we have rebooted many times. > > I don't believe you ever mentioed that particular point (multiple > successful reboots after istallation) before. Repeating a prior > question, _how_long_ before the problem showed up was the most recent > re-boot? (Doesn't have to be exact -- an 'order of magnitude' estimate > [a day, a week, a month, several months] is sufficient.) > Apr 4th >> If there are such problems they exist >> by using the EzJail commands and I find this unlikely. > > What you 'find unlikely' is irrelevant. The entire situation is 'unlikely', > yet it happened. So one -has- to look at unlikely things. > funny >> here is the mount output is that's of any help: > > [ first disk, and 'fdescfs', and 'procfs' references removed, for clarity ] > >> /dev/ad6s1.journal on /usr/jails (ufs, asynchronous, local, gjournal) >> /usr/jails/basejail on /usr/jails/yabarana-php53/basejail (nullfs, [...] > > Yes, that is a good start at useful detail. It is, presumably, _after_ > the problem, and _after_ you had restored things to their proper places. > Yes. > Is it safe to assume that you do -not- have such a 'mount' output from > some time 'before' the problem? ( There's no rational reason why you > -would- have such, but _if_ it existed, and there were any differences > between 'then' and 'now', it could be very informative.) > No, but from what I remember it's mostly very similar. I can pull off similar mount statement from other server(s) where we run similar set-ups and that have never failed if needed. > Aother critical piece of information is what diretories -- by full path > name -- disappeared from 'where they were', and where -- by full path name, > again -- did you find them, and _with_what_names_? If every
Re: UFS Crash and directories now missing
On Mon, Apr 30, 2012 at 6:42 PM, Jerome Herman wrote: [...] > I must admit that Robert Bonomi tone was highly insulting for this list, and > though I completely condemn the form of his post, I cannot say I disagree > with the content. > I disagree with both the form and the content and I will tell you why later... I do appreciate however the time you and everyone else (including Robert Bonomi's), have taken to answer and post such lengthy insights. I believe everyone's opinion is important and should be respected. > There are quite a lot of things that are wrong with Alejandro Imass' post > and analysis. > The fist thing is that he did not give is setup in one go. It took quite a > while to figure what happened, what system he was using and how he was using > it. > At first he had to hard reboot an unresponsive system, then at reboot he > would have lost all of his jail. > Then it appeared that all the jails where inside another jail and that the > unresponsiveness came from MySQL. > Then we learn that all his daemons are inside jails. > Then we learn that ftp-proxy is not. > Then we learned that jail are not handled manually but through EZJail. > Then we are told that the problem with MySQL is known and comes from a > client using TigerCRM with a too much data. > There are litterally dozens of little pieces of important knowledge all over > the thread. And you have to read it all to make sure you have the global > view. Not really a good start. > It is OK to forget to mention a thing or two, discarding what you think is > irrelevant to the problem at hand, but it is not OK to force people who are > trying to help you to read 50+ posts to learn about the basics of your > installation. > Granted. Nevertheless, the EzJail part (which I admit was a very important piece of information) was left out my first and second post was in fact established in the third post, so it was quite early in the thread. I think that it is not hard to put yourself in my shoes, and understand that in a moment of crisis, your first priority is NOT articulating the most complete and technical bug report you can. On the contrary, it's a cry for help from your peer users to see if you can gain some insight on solving the problem as quickly as possible. > What is even more irritating is the fact that Alejandro Imass ignores pretty > much anything that would leads toward a human mistake. Most posts implying a > possible bad use of jails/nullfs/ezjail are ignored or answered by a simple > "I have done everything by the book". Now from my experience someone with 6 > servers, each containing multiple jails will not do everything by the book > every time. It might be that Alejandro is exceptional, but it is more likely Well, we do run everything by the book, precisely to avoid problems. We find one recipe that works and stick to it like religion. I have only used EzJail commands and **normal** use of EzJail. I am not expected to know _extactly_ how it works, I trust that to the experts in each field. As a user I am only expected to RTFM, and use it accordingly. Again let me remind everyone here, this list is precisely for that: FreeBSD ***GENERAL QUESTIONS***. It is NOT a technical list. When you and Robert Bonobi and everyone elese here subscribed to this particular list, it should have been pretty clear: - General lists: The following are general lists which anyone is free (and encouraged) to join: - freebsd-questions: User questions and technical support - About freebsd-questions English (USA) :This is the mailing list for questions about FreeBSD. You should not send "how to" questions to the technical lists unless you consider the question to be pretty technical. So I am entitled to post general questions and provide information as I see it fit, or if an expert on the list may ask for more. When I posted the first few posts, that's all the information I had, if you thought you needed more information, then you should have said so, but instead your personal guess is a priori judgment call, which I found almost as insulting as all of Bonobi's posts and I simply ignored you. In retrospective, and after re-reading you first post and this one, I can understand that having left EzJail out in the first post was a key piece of information that would have probably caused you to answer very differently, so I can somewhat justify your initial post, but to me at that moment, you should have already known I was using EzJail. > that at least one if not more of these jails were not made "by the book". > Nothing to blame anyone in here, we all get tired/bored/overconfident > sometime - but refusing to admit the very possibility of a human mistake > won't help at all in finding a solution. Reading the thread I realized that > my suggestion that he might have over
Re: laptop very hot and noisy
On Tue, May 1, 2012 at 8:41 AM, Anton Shterenlikht wrote: > On Tue, May 01, 2012 at 08:25:11AM -0400, Alejandro Imass wrote: >> On Tue, May 1, 2012 at 8:06 AM, Anton Shterenlikht >> wrote: >> > I run 10-current on Compaq 6715s. >> > It's very hot and noisy. If I boot [..] > I didn't even know they put fluid heatsinks in laptop. > I thought this was something from IBM cutting edge power6 > chips. > Yeah I didn't know either until it fried my CPU. Many laptop heatsinks use "heat pipes": http://en.wikipedia.org/wiki/Heat_pipe The hole will probably be too little to notice but in my case I noticed some oxidation/stain around the hole which gave it away. -- Alejandro > So I might need to pull the laptop apart.. > I'm just not sure I could put it back > together... > > Thanks anyway > > -- > Anton Shterenlikht > Room 2.6, Queen's Building > Mech Eng Dept > Bristol University > University Walk, Bristol BS8 1TR, UK > Tel: +44 (0)117 331 5944 > Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: laptop very hot and noisy
On Tue, May 1, 2012 at 8:06 AM, Anton Shterenlikht wrote: > I run 10-current on Compaq 6715s. > It's very hot and noisy. If I boot > in verbose mode, I get lots of: > > acpi_tz0: _AC2: temperature 92.0 >= setpoint 50.0 > acpi_tz0: _AC1: temperature 92.0 >= setpoint 60.0 > acpi_tz0: _AC3: temperature 92.0 >= setpoint 40.0 > acpi_tz0: _AC2: temperature 92.0 >= setpoint 50.0 > acpi_tz0: _AC1: temperature 92.0 >= setpoint 60.0 > > at the console. > > I guess it's telling me that the CPU is too hot? > > Is that normal, e.g. under "make -j4 buildworld"? > Probably not. I had a laptop with similar symptom when I was compiling stuff. I took it apart, cleaned it and thought that maybe these log messages were normal under stress. The CPU eventually fried and only then I took a real close look and the heatsink had a very tiny little hole where the fluid escaped, but it was not at all apparent at first sight. These liquid (or gel?) filled heatsinks are basically useless if the liquid escapes or evaporates so it will usually only show when you are using the CPU a lot. -- Alejandro Imass > Thanks > > -- > Anton Shterenlikht > Room 2.6, Queen's Building > Mech Eng Dept > Bristol University > University Walk, Bristol BS8 1TR, UK > Tel: +44 (0)117 331 5944 > Fax: +44 (0)117 929 4423 > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Mon, Apr 30, 2012 at 1:57 PM, jb wrote: > Alejandro Imass p2ee.org> writes: > >>... >> If you have really followed the thread, all I have done is try to find >> some explanation for a strange behavior of the system under normal >> use. It hung, and some directories were moved, period. I have posted >> some ideas to share with other people expecting some insight and maybe >> similar experience from other users, which there probably are many, >> but many times afraid to speak up and avoid getting insulted. >> ... > > > I looked at problem reports for nullfs and there are quite few. > Hierarchical Jails > NOTES > > You said you have your jail env on a separate disk. > Yes. > I looked at problem reports for nullfs and there are quite few. > http://www.freebsd.org/cgi/query-pr-summary.cgi?category=&severity=&priority=&cl > ass=&state=&sort=none&text=nullfs&responsible=&multitext=&originator=&release= > > As a matter of fact I just mounted a nullfs but was not able to unmount it > (device busy) - a Google search shows it as a problem reported for many many > years. > Nullfs does not seem to be stable. > Dirk Engling guessed that somehow nullfs was involved. > Anyway, I found one PR > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/147420 > > that is about troubles with jails, nullfs, UFS, and NFS. > Synopsis: [ufs] [panic] ufs_dirbad, nullfs, jail panic (corrupt inode) > > Take a look at this paragraphs: > "... > After two more failures, I now found the offending inode ..." > "... > As one point, I found the inode in a directory which usually is mounted for > an (ez-) jail via nullfs." > > This proves that problems with jails, nullfs, and fs corruption are possible. > So, they can not be excluded up front in your case too because nullfs is just > a simple "path translation". > Up until yesterday (and Dirk's answer) I didn't look for specific references to nullfs, and today I was busy getting vicious myself ;) Thanks for pointing a plausible cause. What I have done so far is limit the offending jail to a specific cpuset and I wanted to add another disk to avoid contention with other jails. MySQL not only consumes the whole CPUs but also limits the whole drive, while it's doing some crazy full scan query on a very large database. I don't have any control of the code or the MySQL myself and the client said it's known problem with VTiger CRM and the way it implements some reports that I guess were not designed for the amount of data they are handling. I have already recommended they move to a dedicated server altogether because their system simply outgrew what we sold them. I really appreciate the time you dedicated to search for a possible explanation and at the very least it helps in taking some immediate steps to avoid it from happening again. Hopefully, someone with deep knowledge will find the root cause and a long-term fix. What is true, that if it happened to me, it can happen to anyone, so maybe your findings will help someone pin-point the problem and fix it. Thanks, -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Mon, Apr 30, 2012 at 1:23 PM, Eitan Adler wrote: > On 30 April 2012 07:36, Robert Bonomi wrote: >> A competennt, "not stupid", sysadmin would know these things. And not >> 'remove all doubt' (in the words of Abraham Lincoln), by raising such >> nonsense questions. > > A competent sysadmin would ask questions when they don't know the > answer bringing up possibilities they thought about. > A stupid sysadmin would yell at someone asking a question claiming > they should have known the answer. > Thank you Eitan! I am admittedly limited in the use of the English language and many times frustrated not to be able to redact such beautifully and to the point. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Mon, Apr 30, 2012 at 1:03 PM, Edward M wrote: > On 04/30/2012 08:38 AM, Alejandro Imass wrote: >> >> just not very helpful or fun. This attitude will get > > > He is helping,you need to learn how UFS, jails, nullfs, journaling, disk > I/O and other stuff work. > I have been following this thread and i must admit I also need to learn > more on those subjects.:-) > Oh, please! He's not helping anyone. He's just being an obnoxious prick that thinks that by pointing out a lot of technical blabber and some cheap philosophical posé, he's going to gain some sort of place amongst his peers, and you are just trying to do the same by sucking-up, siding with him and seconding an simply unacceptable attitude in a community of real peers. If you truly know your stuff you don't have to go putting people down and patronizing them to show off. It is only when you go over the top, trying to prove something that your are actually just showing your insecurities and just plain ignorance. Why don't you google and read my posts over the years when I help other people in things they don't know, and tell me if it's remotely close, or if I patronize people. I might go tell someone to RTFM but I would never go and try to put someone down just to show off that I know a lot. Furthermore, this is a user's list, not a deeply technical one. I don't have to read the fsck source code to use FreeBSD or participate on this list. If you are indeed an expert you try to help other people, or at least give the other person the benefit of the doubt. If you have really followed the thread, all I have done is try to find some explanation for a strange behavior of the system under normal use. It hung, and some directories were moved, period. I have posted some ideas to share with other people expecting some insight and maybe similar experience from other users, which there probably are many, but many times afraid to speak up and avoid getting insulted. I don't take that crap from anyone and much less in a community that I have come to love and respect. And it's all about that: RESPECT and you can either learn it the easy way or the hard way, but I will tech respect one way or another. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Mon, Apr 30, 2012 at 8:22 AM, Erich Dollansky wrote: > Hi, > > On Monday 30 April 2012 18:36:08 Robert Bonomi wrote: >> >> Alejandro Imass wrote: >> That simply *ISN'T* going to happen -- not without a -lot- more evidence >> than any individual can provide from a single =unrepeadable= incident. >> > ok, I am not the original poster but let me tell me of an experience here I > have had. I reported also something extremely strange. Of course, the > comments I have gotten have been the same as here. But what happened then? > > I do not know why but somebody found a race condition in the affected system. > There is no fix available yet. > > With other words, no matter how strange things are, I encourage people to > report it. Not with the real hope to get a solution at the spot. But with the > chance that somebody who knows the code well and has some strange feelings > takes a look. > > I also encourage my clients to do the same for our products and services. > Thanks Erich for pionting this out. This is the FreeBSD USERS LIST, not the elite exchange. I I was posting this on some expert list like the kernel list or some other more technical list I could understand the attitude, but this is the user's list. We are NOT required to know the details, just share experiences and try to help one another, not put other people down for trying to solve our issues as users. What is really frustrating is that it actually happened and I try to do everything by the book. I don't do any fancy or strange things, so something caused these directories to be moved through NORMAL use of the system, regardless if some people believe it or not, I could care less. It happened, period, and if someone wants to help fine, if not they should just shut up. Thanks again for pointing this out. We are the users, we are the people that keep this project alive and share the good. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Mon, Apr 30, 2012 at 7:36 AM, Robert Bonomi wrote: > > Alejandro Imass wrote: >> On Sun, Apr 29, 2012 at 11:49 PM, Erich Dollansky wrote: >> > On Monday 30 April 2012 02:02:41 jb wrote: >> >> Alejandro Imass p2ee.org> writes: >> >> > ... >> [...] > A competennt, "not stupid", sysadmin would know these things. And not > 'remove all doubt' (in the words of Abraham Lincoln), by raising such > nonsense questions. > >> Whatever the cause, it actually happened and I have already ruled out >> just about anything. It doesn't seem to have been an attack, it surely >> wasn't me, and EzJail author agrees it was not the EzJail scripts. So >> maybe nullfs and journaling, or crash + nullfs + journaling, could >> cause something like this to happen? > > Postulating the "right" combination of _unrelated_ failures, virtually > *anything* can happen. cf. "Nasal Monnkeys". > OK, I tried to be patient with you and tried to keep my composure and nettiquete against your insistence to insult me and by doing so, damaging the good spirited nature of this mailing list, FreeBSD and Open Source in general. And sorry beforehand to my fellow co-listers, and other nice people here, that I have to do this publicly but there is a limit and I am sure many of you have been just waiting for this to happen. I mean, I have had a couple of altercations here and there with a few smart asses, but I have *NEVER* seen such an obnoxious little shit in the more than 14 years I have been participating in ANY mailing list. This used to be one of the most enjoyable and helpful lists and it is people like you who draw people away from sharing and trying to help one another. What is your problem man? Who do you think you are? Who gives you the right to go patronizing and insulting people, and by the way using these ridiculous quotes, like some stupid little jerk, relying on other people's wisdom quotes instead of your own words. Instead of being frontal, you are probably frustrated with your own little techy life that you have to take out your frustration on other people. I find you intoxicating to this list and to this community, no matter how smart you are, if half the stuff you say is even accurate or true. You don't contribute anything except to the degradation of the FreeBSD ambiance and to drive people away, and from sharing. You don't have the right to do that. I honestly love FreeBSD and this community and I am not going to let you ruin that for me or anyone else here. Why don't you take the time to read your posts and see that you propose nothing, so why even bother to participate? What are you trying to prove? If you were so smart as *you believe* you are, you would be helping instead of trying to prove something by your condescending attitude. The very fact that you need to use this attitude is proof of your insecurities, and your need to bully other people, but not me, Sir. I have been in this too long. I am surely not going to take this shit from you man so if you don't have anything positive to say, just shut up and let other people help each other, without being scared of being insulted or patronized. I am surely not afraid of you and I am sick and tired of your attitude, so if no one else here has the balls to tell you off, I will. This is the kind of shit that drives people away and refrains people from participating and sharing experiences and knowledge, and I'm not going to let you do that, to me or any one else here. This is not *your list* nor do you have any special right here, you are just like everybody else, just not very helpful or fun. This attitude will get you nowhere but deeper into your creepy little world. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 11:49 PM, Erich Dollansky wrote: > Hi, > > On Monday 30 April 2012 02:02:41 jb wrote: >> Alejandro Imass p2ee.org> writes: >> >> > ... >> > > What you should do right now is to get some recent general or security >> > > cd/dvd >> > > with chkrootkit and rkhunter and run them from that external read-only >> > > media. >> > > I would also suggest that you look over config files of all packages >> > > involved. >> > > jb >> > > >> > >> > Thanks! Will do, but I don't know of any FreeBSD and/or derived >> > distros for security. Or can I use any Linux security distro? I >> > remember reading about some trouble of Linux chkrootkit on FBSD >> >> It looks like you have only one choice with prebuilt rkhunter package only: >> http://www.freebsd.org/releases/9.0R/announce.html >> >> dvd1 >> This contains everything necessary to install the base FreeBSD operating >> system, >> a collection of pre-built packages aimed at getting a graphical workstation >> up >> and running. It also supports booting into a "livefs" based rescue mode. This >> should be all you need if you can burn and use DVD-sized media. >> >> ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/security/ >> rkhunter-1.3.8_1.tbz 04/18/12 18:56:00 >> >> With regard to verification of config files - you said you got backups >> (those >> pre-incident would be best) and you have the incident-time files, so do a >> diff >> on dirs (in particular /etc and /usr/local/etc) >> > I would burn the backup of these files to an optical disk, start the system > and do a diff as the first step. The system can be started from an USB drive > (take the 9.0 installation image) or DVD. > > Of course, rkhunter can be started in the second step. ran both, found nothing Back to theory on how the http-proxy jail 'swallowed' all the other jails including the basejail. I noticed that jail had a not so old bug in 2010 FBSD 8.0 which The jail(8) utility does not change the current working directory while imprisoning. The current working directory can be accessed by its descendants. Reference: http://security.freebsd.org/advisories/FreeBSD-SA-10:04.jail.asc Given that EzJail uses a single basejail and links/mounts stuff in the child jails it would seem plausible (regression?) that somehow any jail could access other jails' files, or that _maybe_ in an event of crash the nullsfs mounts confuse the system somehow when fsck restores or the journal is recovered. Whatever the cause, it actually happened and I have already ruled out just about anything. It doesn't seem to have been an attack, it surely wasn't me, and EzJail author agrees it was not the EzJail scripts. So maybe nullfs and journaling, or crash + nullfs + journaling, could cause something like this to happen? Maybe journal has some confusion on restoring the nullfs view of the directories or something after bad crash like this one?? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 1:15 PM, jb wrote: > Alejandro Imass p2ee.org> writes: > >> ... >> And there was a log of a couple of ftp connections the same day this >> happened, the ONLY 3 messages before the reboot at about 6 pm and they >> were NOT from any of our customers. Here are the log entries: >> >> Apr 27 05:54:37 nune ftp.proxy[2726]: connected to client: >> host-46-50-183-5.bbcustomer.zsttk.net, interface= 207.158.52.74:21 >> Apr 27 05:54:37 nune ftp.proxy[2726]: info: monitor mode: off, ccp: >> Apr 27 05:54:38 nune ftp.proxy[2726]: -ERR: missing hostname >> Apr 27 18:55:42 nune syslogd: kernel boot file is /boot/kernel/kernel >> ... > > What you should do right now is to get some recent general or security cd/dvd > with chkrootkit and rkhunter and run them from that external read-only media. > I would also suggest that you look over config files of all packages involved. > jb > Thanks! Will do, but I don't know of any FreeBSD and/or derived distros for security. Or can I use any Linux security distro? I remember reading about some trouble of Linux chkrootkit on FBSD Thanks, -- Alejandro > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 4:37 AM, Polytropon wrote: > On Sun, 29 Apr 2012 00:26:50 -0700, per...@pluto.rain.com wrote: >> Alejandro Imass wrote: >> >> > 3) the directories were moved at reboot by journal recovery, >> > fsck or something else >> >> I think it's *extremely* unlikely that fsck was involved, because >> it just doesn't do things like that. > > The point is: fsck moving directories "looks different". In > case inodes get "de-connected" (their reference entries on > level n-1 are gone, their data on level n is still present), > fsck will access the lost+found/ directory in the corresponding > partition's root directory (or create it, if not present) and > write _new_ directory entries with the inode as their name, > because that's the only naming information possible (as the > original names on n-1 aren't accessible anymore). So those > directories will have names like #177628676/ and they _can_ > contain subtrees full of data, _including_ names from levels > n+1 and onward. Files also are named #4767667892 and their > names can _maybe_ identified from their content (the "file" > command is helpful, and if they are textfiles containing > a CVS or other revision control system data tag, it's possible > to find out what they've been in their previous life). > > However, as it has been explained, fsck will _not_ do so > unless being _allowed explicitely_ to do that kind of > MODIFICATION to the file system. Flags like -yf can do > that, but they are _not_ the default. This is due to the > fact that _any_ critical modification of file systems > requires the _responsible administrator_ to give permission. > OK, so fsck couldn't have done this. Besides fsck reported the fs as clean so I have to conclude as others have commented that it must have been a mv I've been looking at the logs very carefully and trying to make sense of this. There is a possibility that it could have been an attack because we enabled ftp.proxy so that some clients could upload stuff to their jails using ftp. So I was initially wrong in my assessment because on this particular server we are running a service outside of jails and it's this ftp.proxy that was suppose to be a temporary solution but I guess we never got around to fixing this. The ftp.proxy is started via inetd like so: ftpstream tcp nowait nobody /usr/local/sbin/ftp.proxy ftp.proxy -e And there was a log of a couple of ftp connections the same day this happened, the ONLY 3 messages before the reboot at about 6 pm and they were NOT from any of our customers. Here are the log entries: Apr 27 05:54:37 nune ftp.proxy[2726]: connected to client: host-46-50-183-5.bbcustomer.zsttk.net, interface= 207.158.52.74:21 Apr 27 05:54:37 nune ftp.proxy[2726]: info: monitor mode: off, ccp: Apr 27 05:54:38 nune ftp.proxy[2726]: -ERR: missing hostname Apr 27 18:55:42 nune syslogd: kernel boot file is /boot/kernel/kernel OK. So let's suppose ftp.proxy is the culprit is there any way the could have done the mv by cracking ftp and ftp.proxy ?? I have of course disabled the ftp and I am now thinking that another possibility or combination by also using the ftp proxy on the http-proxy jail, that is, the jail that swallowed the other jails. The http-proxy jails was also running apache ftp proxy. So the question now becomes: could a break in ftp.proxy coupled with Apache ftp proxy have caused the http-proxy jails to have swallowed all the other jails into it's configuration directory?? -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 10:20 PM, Erich Dollansky wrote: > Hi, > > On Sunday 29 April 2012 08:58:17 Alejandro Imass wrote: >> On Sat, Apr 28, 2012 at 5:03 PM, Erich Dollansky >> wrote: [...] >> >> Hi Erich, thanks for your reply. >> >> I don't know what links you are referring to, but please point me in > > man link > > They are practical in jails when things are read only. Mark everything > read-only and nothing should go wrong. > I though you were referring to something else entirely. No, I don't use soft or hard links with jails, unless EzJail uses them but I doubt it, I think everything like that in EzJail is done by mounting via nullfs. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sun, Apr 29, 2012 at 3:26 AM, wrote: > Alejandro Imass wrote: > [...] > > Any chance that your base system -- rather than one of the jails -- > has somehow been cracked; maybe even that the cracker precipitated > the crash? It might be wise to restore the whole system from backup, > the base from a moderately old one since it doesn't change anyway, > rather than trying to recover. There is always that possibility but I strive to keep these servers updated, I block most ap, nigeria and russia ip blocks using updated Wizcrafts' lists, run fail2ban and other security measures. We have a policy of only one password and there are no users or services in the base system other than mine. As I said in another mail I run 6 servers and been runing FBSD for almost 7 years and this is the first time I've seen this happen. -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 5:03 PM, Erich Dollansky wrote: > Hi, > > On Saturday 28 April 2012 20:15:25 Alejandro Imass wrote: >> On Sat, Apr 28, 2012 at 3:22 AM, Wojciech Puchar >> wrote: >> >> I somewhat agree, but it wasn't a person. I am the only administrator, >> >> the only one with root access. The jails were effectively moved to the >> >> /usr/local/etc/apache22 of the single that survived at the top level. >> >> I'm thinking something between mount, EzJail, the journal and the way >> >> MySQL created a great deal of head contention, so something must have >> >> gotten corrupted at the directory level like you state, but the >> >> strange part is no _data_ corruption as such, because I was able to >> >> physically archive the jails, move them to the correct directory and >> > >> > >> > no matter what you do FreeBSD DOES NOT ramdomly move directories. if you >> > are >> > sure you didn't move it yourself then it must be machine hardware problem >> > but still unlikely. >> >> After a little more research, ___it it NOT unlikely at all___ that >> under high distress and a hard boot, UFS could have somehow corrupted >> the directory structure, whilst maintaining the data intact. From what >> I've learned so far, UFS is actually divided into 2 layers: one that >> controls the directory structure and metadata and a lower layer >> containing the data, so the directories being screwed up and the data >> intact it is actually quite possible. >> >> What I'm trying to do is figure out is how it happened, and try >> prevent it from happening again, so instead of dismissing it as >> impossibility, I think we all should spend a little time figuring out >> how these things can happen and determine how it can be prevented or >> reduced. > > somebody mentioned the links. Did you use links in the jails to access the > data? If then the directories of the jails got screwed, the links are gone > but the original data is still there. The damaged directory might got fixed > during the first reboot after the crash and you never noticed the fix. > Hi Erich, thanks for your reply. I don't know what links you are referring to, but please point me in that direction. I initially suspected that it could have been the journal recovery and/or fsck but as you can see, a couple of people have said this is impossible, but have to admit my ignorance on some specifics of the UFS filesystem, yet out of logic seems like the most plausible explanation. I've been running FBSD since 6.2 and jails since then as well. Today I run 6 public servers in 8.2 with between 15 to 20 jails each and we switched to ezjail last year and use strictly by the book. I do use flavours though, and I may archive and re-create jails with a specific archive but always using ezjail-admin. Since all our servers are 8.2 and all updated the same, I may port jails from one server to the other using the ezjail archive method, but nothing as stupid as someone was suggesting that I was using cp or soft links. I've never had any problems except in _this particular server_ where I have client that has a problem with MySQL and under some conditions it drains the whole server. I suspected corruption of the fs because of all the contention generated by MySQL to the point where it simply hung and had to hard-reboot. I doubt it's hardware because these are relatively new servers Xeon X3370, 8GB RAM, 2 x 150GB 10,000rpm Velociraptor disks. We have the pristine OS in one disk and jails in the other. Nothing runs outside of jails, not even the MTA which runs postfix inside one of the jails. This is the first crash when anything like this has happened in over 6 years running FBSD, and I am surprised as anyone here because of the weirdness of the jail directories moving like that. We had backups of the previous night, but I didn't even use them. The data was all there, intact, just moved inside the only surviving jail, which happens to be the http reverse proxy of all the other jails. If you have any leads as to how this can happen other than cosmic rays I would greatly appreciate it. Thanks! -- Alejandro > Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 2:01 PM, Polytropon wrote: > On Sat, 28 Apr 2012 13:52:02 -0400, Alejandro Imass wrote: >> On Sat, Apr 28, 2012 at 1:31 PM, Robert Bonomi >> wrote: >> > >> > Alejandro Imass wrote: >> >> On Sat, Apr 28, 2012 at 11:39 AM, Robert Bonomi >> >> wrote: >> >> > Alejandro Imass wrote: >> >> >> After a little more research, ___it it NOT unlikely at all___ that >> >> >> under high distress and a hard boot, UFS could have somehow corrupted >> >> >> the directory structure, whilst maintaining the data intact. >> >> > >> >> > This is techically accurate, *BUT* the specifics of the quote >> >> > "corruption" >> >> > unquote in the case under discussion make it *EXTREMELY* unlikely that >> >> > this >> >> > is what happened. >> >> > >> >> > 99.99+++% of all UFS filesystem "corruption' issues are the result of a >> >> > system crash _between_ the time cached 'meta-data' is updated in memory >> >> > and that data is flushed to disk (a deferred write). >> >> > >> >> > The second most common (and vanishingly rare) failure mode is a >> >> > powerfail >> >> > _as_ a sector of disk is being written -- resulting in 'garbage data' >> >> > being written to disk. >> >> > >> >> > The next possibility is 'cosmic rays'. If running on 'cheap' hardware >> >> > (i.e., without 'ECC' memory), this can cause a *SINGLE-BIT* error in >> >> > data being output. >> >> > >> >> > The fact that the 'corrupted' filesystem passed fsck -without- any >> >> > reported >> >> > errors shows that everything in the filesystem meta-data was consistent >> >> > >> >> [...] >> >> >> >> > I think it is safe to conclude that the probabilities -greatly- favor >> >> > alternative #1. >> >> > >> >> >> >> OK. So after your comments and further research I concur with you on >> >> the mv but if it wasn't a human, then this might be exposing a serious >> >> security flaw in the jail system or the way EzJail implements it. >> > >> > BOGON ALERT!!! >> > >> >> I admit my ignorance on how the filesystem works but I don't think >> your condescending remarks add a lot of value. The issue here is this >> actually happened and there is a flaw somewhere other than "the stupid >> administrator did it". > > If you search the archives of this list, you'll find my _first_ > post to that list: I've had a similar problem, df shows data > must be there after crash (panic -> reboot -> fsck trouble), but > files aren't there (even _not_ in lost+found). It's quite possible > that in _exceptional_ moments this can happen. The fsck program > is intended to repair the most typical file system faults, but > nothing "complicated" will be done without interaction: Altering > data on disk will _always_ involve the responsible (!) admin to > check if it is really intended "to do so". > > There can be many reasons. I've never found out what was the [...] > that might help locate "lost" data (quotes intended as long as > the data is still on the disk). The more complex your setting > is (e. g. striped disks, or ZFS), this can be nearly impossible. > "Plain old UFS" can sometimes be your saviour (but BACKUP should > be your real friend). > Thanks for your reply. I can't figure out how there was no data loss and yet the directories moved just like that. We have nightly backups and it's one of the features we love about EzJail and it's archive feature. The base system sits on another disk entirely and it's pristine, we don't install anything except the basic system on the system disk and the other disk is exclusively divided in jails, so the possibility of an outside process doing the mv is unlikely. Everything point to that something or someone executed a mv but how was this done? or if there is a potential problem and could happen again. And contrary to other comments here, and my admitted ignorance, I believe there are actually 3 possibilities: 1) something inside a jail was able to move the other jails into itself 2) something outside the jails moved the jails 3) the directories were moved at reboot by journal recovery, fsck or something else That is what worries me, is that it wasn't just some random bit or cosmic ray, but the potential of happening again. I am not so sure that it is *impossible* that a jail could affect other jails with EzJail. -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 1:31 PM, Robert Bonomi wrote: > > Alejandro Imass wrote: >> On Sat, Apr 28, 2012 at 11:39 AM, Robert Bonomi >> wrote: >> > Alejandro Imass wrote: >> >> After a little more research, ___it it NOT unlikely at all___ that >> >> under high distress and a hard boot, UFS could have somehow corrupted >> >> the directory structure, whilst maintaining the data intact. >> > >> > This is techically accurate, *BUT* the specifics of the quote "corruption" >> > unquote in the case under discussion make it *EXTREMELY* unlikely that this >> > is what happened. >> > >> > 99.99+++% of all UFS filesystem "corruption' issues are the result of a >> > system crash _between_ the time cached 'meta-data' is updated in memory >> > and that data is flushed to disk (a deferred write). >> > >> > The second most common (and vanishingly rare) failure mode is a powerfail >> > _as_ a sector of disk is being written -- resulting in 'garbage data' >> > being written to disk. >> > >> > The next possibility is 'cosmic rays'. If running on 'cheap' hardware >> > (i.e., without 'ECC' memory), this can cause a *SINGLE-BIT* error in >> > data being output. >> > >> > The fact that the 'corrupted' filesystem passed fsck -without- any reported >> > errors shows that everything in the filesystem meta-data was consistent >> > >> [...] >> >> > I think it is safe to conclude that the probabilities -greatly- favor >> > alternative #1. >> > >> >> OK. So after your comments and further research I concur with you on >> the mv but if it wasn't a human, then this might be exposing a serious >> security flaw in the jail system or the way EzJail implements it. > > BOGON ALERT!!! > I admit my ignorance on how the filesystem works but I don't think your condescending remarks add a lot of value. The issue here is this actually happened and there is a flaw somewhere other than "the stupid administrator did it". ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 12:36 PM, Alejandro Imass wrote: > On Sat, Apr 28, 2012 at 11:39 AM, Robert Bonomi > wrote: >> >> Alejandro Imass wrote: >>> On Sat, Apr 28, 2012 at 3:22 AM, Wojciech Puchar >>> wrote: >>> >> I somewhat agree, but it wasn't a person. I am the only administrator, >>> >> the only one with root access. The jails were effectively moved to the >>> >> /usr/local/etc/apache22 of the single that survived at the top level. >>> >> I'm thinking something between mount, EzJail, the journal and the way >>> >> MySQL created a great deal of head contention, so something must have >>> >> gotten corrupted at the directory level like you state, but the >>> >> strange part is no _data_ corruption as such, because I was able to >>> >> physically archive the jails, move them to the correct directory and >>> > >>> > >>> > no matter what you do FreeBSD DOES NOT ramdomly move directories. if you >>> > are >>> > sure you didn't move it yourself then it must be machine hardware problem >>> > but still unlikely. >>> >>> After a little more research, ___it it NOT unlikely at all___ that >>> under high distress and a hard boot, UFS could have somehow corrupted >>> the directory structure, whilst maintaining the data intact. >> >> This is techically accurate, *BUT* the specifics of the quote "corruption" >> unquote in the case under discussion make it *EXTREMELY* unlikely that this >> is what happened. >> >> 99.99+++% of all UFS filesystem "corruption' issues are the result of a >> system crash _between_ the time cached 'meta-data' is updated in memory >> and that data is flushed to disk (a deferred write). >> >> The second most common (and vanishingly rare) failure mode is a powerfail >> _as_ a sector of disk is being written -- resulting in 'garbage data' >> being written to disk. >> >> The next possibility is 'cosmic rays'. If running on 'cheap' hardware (i.e., >> without 'ECC' memory), this can cause a *SINGLE-BIT* error in data being >> output. >> >> The fact that the 'corrupted' filesystem passed fsck -without- any reported >> errors shows that everything in the filesystem meta-data was consistent >> >> Given *that*, there are precisely *TWO* ways that the 'results' that have >> been reported could have happened. >> >> 1) "Something" did a mv(2) of the various jail directories 'from' their >> original location to the 'apache' diretory. This involves simply >> *copying* the diretory entry from the jail's 'parent directory' to >> the apache directory, and then marking the entry in the original >> parent as 'unused'. Nothing other than the directory whre the jail >> 'used to live', and the directory 'where it was found' are touched. >> This occured _through_ the system 'mv' function, so all the normal >> 'housekeeping' was done properly. >> >> 2) it was -not- done though mv(2) -- but that requires that a whole >> *series* of "corruptions" of the filesystem, _ALL_ of which had to >> occur in 'exactly' the right way. They are: > > [...] > >> I think it is safe to conclude that the probabilities -greatly- favor >> alternative #1. >> > > OK. So after your comments and further research I concur with you on > the mv but if it wasn't a human, then this might be exposing a serious > security flaw in the jail system or the way EzJail implements it. The > whole point of using jails is to protect things like this from > happening. Given that the only jail that survived was the front-end > Apache Web server/reverse proxy, then it is also safe to suspect the > apache (or other) process running on it was able to perform a mv of > the rest of the jails to it's own /usr/local/etc/apache22 directory. > > Is there no possibility is that after the system crash, the journal > recocery process and/or fsck could have moved this directories ? > Also note that even the EzJail basejail was moved also, so it could be a security hole in the way nullfs is used or in nullfs itself. but the curious thing is that the basejail is supposed to be mounted read-only so how did that get moved to the http-proxy jail?? That is why I suspect it could have been something in the boot process like the journal recovery, fsck or something else with that kind of privilege and when the EzJail filesystems were unmounted. -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 11:39 AM, Robert Bonomi wrote: > > Alejandro Imass wrote: >> On Sat, Apr 28, 2012 at 3:22 AM, Wojciech Puchar >> wrote: >> >> I somewhat agree, but it wasn't a person. I am the only administrator, >> >> the only one with root access. The jails were effectively moved to the >> >> /usr/local/etc/apache22 of the single that survived at the top level. >> >> I'm thinking something between mount, EzJail, the journal and the way >> >> MySQL created a great deal of head contention, so something must have >> >> gotten corrupted at the directory level like you state, but the >> >> strange part is no _data_ corruption as such, because I was able to >> >> physically archive the jails, move them to the correct directory and >> > >> > >> > no matter what you do FreeBSD DOES NOT ramdomly move directories. if you >> > are >> > sure you didn't move it yourself then it must be machine hardware problem >> > but still unlikely. >> >> After a little more research, ___it it NOT unlikely at all___ that >> under high distress and a hard boot, UFS could have somehow corrupted >> the directory structure, whilst maintaining the data intact. > > This is techically accurate, *BUT* the specifics of the quote "corruption" > unquote in the case under discussion make it *EXTREMELY* unlikely that this > is what happened. > > 99.99+++% of all UFS filesystem "corruption' issues are the result of a > system crash _between_ the time cached 'meta-data' is updated in memory > and that data is flushed to disk (a deferred write). > > The second most common (and vanishingly rare) failure mode is a powerfail > _as_ a sector of disk is being written -- resulting in 'garbage data' > being written to disk. > > The next possibility is 'cosmic rays'. If running on 'cheap' hardware (i.e., > without 'ECC' memory), this can cause a *SINGLE-BIT* error in data being > output. > > The fact that the 'corrupted' filesystem passed fsck -without- any reported > errors shows that everything in the filesystem meta-data was consistent > > Given *that*, there are precisely *TWO* ways that the 'results' that have > been reported could have happened. > > 1) "Something" did a mv(2) of the various jail directories 'from' their > original location to the 'apache' diretory. This involves simply > *copying* the diretory entry from the jail's 'parent directory' to > the apache directory, and then marking the entry in the original > parent as 'unused'. Nothing other than the directory whre the jail > 'used to live', and the directory 'where it was found' are touched. > This occured _through_ the system 'mv' function, so all the normal > 'housekeeping' was done properly. > > 2) it was -not- done though mv(2) -- but that requires that a whole > *series* of "corruptions" of the filesystem, _ALL_ of which had to > occur in 'exactly' the right way. They are: [...] > I think it is safe to conclude that the probabilities -greatly- favor > alternative #1. > OK. So after your comments and further research I concur with you on the mv but if it wasn't a human, then this might be exposing a serious security flaw in the jail system or the way EzJail implements it. The whole point of using jails is to protect things like this from happening. Given that the only jail that survived was the front-end Apache Web server/reverse proxy, then it is also safe to suspect the apache (or other) process running on it was able to perform a mv of the rest of the jails to it's own /usr/local/etc/apache22 directory. Is there no possibility is that after the system crash, the journal recocery process and/or fsck could have moved this directories ? Thanks, -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 3:22 AM, Wojciech Puchar wrote: >> I somewhat agree, but it wasn't a person. I am the only administrator, >> the only one with root access. The jails were effectively moved to the >> /usr/local/etc/apache22 of the single that survived at the top level. >> I'm thinking something between mount, EzJail, the journal and the way >> MySQL created a great deal of head contention, so something must have >> gotten corrupted at the directory level like you state, but the >> strange part is no _data_ corruption as such, because I was able to >> physically archive the jails, move them to the correct directory and > > > no matter what you do FreeBSD DOES NOT ramdomly move directories. if you are > sure you didn't move it yourself then it must be machine hardware problem > but still unlikely. After a little more research, ___it it NOT unlikely at all___ that under high distress and a hard boot, UFS could have somehow corrupted the directory structure, whilst maintaining the data intact. From what I've learned so far, UFS is actually divided into 2 layers: one that controls the directory structure and metadata and a lower layer containing the data, so the directories being screwed up and the data intact it is actually quite possible. What I'm trying to do is figure out is how it happened, and try prevent it from happening again, so instead of dismissing it as impossibility, I think we all should spend a little time figuring out how these things can happen and determine how it can be prevented or reduced. "Should you find your neighbor's beard catch fire, it's wise to soak one's own" -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Sat, Apr 28, 2012 at 1:43 AM, Wojciech Puchar wrote: >> >> All the jails wound up in the /usr/local/etc/apache22 of the only >> surviving jail which is the http proxy to all the other jails. >> >> Right before the server crashed I noticed MySQL at 100% o several CPUs >> and the server was on it's knees, so I'm wondering was this an >> attack? is it possible that Apache or MySQL moved the files?? >> >> I mean the jails are there, I'm even backing them up right now but >> how did these directories move here? >> >> Anybody has ANY logical explanation??? >> > 99% - someone did moved them. > 1% - hardware problem possibly memory. without this there is no way for > directory to be "accidentally" moved I somewhat agree, but it wasn't a person. I am the only administrator, the only one with root access. The jails were effectively moved to the /usr/local/etc/apache22 of the single that survived at the top level. I'm thinking something between mount, EzJail, the journal and the way MySQL created a great deal of head contention, so something must have gotten corrupted at the directory level like you state, but the strange part is no _data_ corruption as such, because I was able to physically archive the jails, move them to the correct directory and archived them all with ezjail-admin to a different disk. I was thinking of formatting the jails drive, but after all this disk activity and no errors, and everything booted up correctly, I am not so sure now that it's needed it. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Fri, Apr 27, 2012 at 11:00 PM, Erich Dollansky wrote: > Hi, > > On Saturday 28 April 2012 09:33:47 Alejandro Imass wrote: >> On Fri, Apr 27, 2012 at 7:52 PM, Alejandro Imass wrote: >> > >> > We had a server crash and required a hard reboot. The system is on one >> > disk and another disc mounts /usr/jails and everything runs in jails, >> > pristine base system, and the base system is working perfectly. >> > >> > The second volume, the one with the jails mounted but every jail >> > directory disappeared except one. df still shows the data being used >> > so I'm guessing it's a logical error in the directory structure or >> > something. I unmounted the drive and ran fsck and reported no >> > problems. df shows the data being use so where is the data?? >> > > > what is du saying? >> >> OK, so here is an update, maybe someone has some clue here >> >> All the jails wound up in the /usr/local/etc/apache22 of the only >> surviving jail which is the http proxy to all the other jails. > > You want to say that all the data you were looking for have been moved to > this directory? >> EXACTLY THAT. In fact the data is intact and I have already backed-up everything to another disk. >> Right before the server crashed I noticed MySQL at 100% o several CPUs >> and the server was on it's knees, so I'm wondering was this an >> attack? is it possible that Apache or MySQL moved the files?? >> >> I mean the jails are there, I'm even backing them up right now but >> how did these directories move here? >> >> Anybody has ANY logical explanation??? > > Journaling is new to me. Could this be the cause? > Maybe so, I have no idea. Maybe it's because EzJail mount volumes with each jail or some other wild explanation. I honestly have never seen this before. I am just glad that UFS was nice enough to keep my data somewhere at least, and after my bad experiences with ZFS I can now say with a lot more certainty that UFS rocks. I mean something got screwed up but the data was not lost. Hope someone can shed some light here.. -- Alejandro > Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: UFS Crash and directories now missing
On Fri, Apr 27, 2012 at 7:52 PM, Alejandro Imass wrote: > Hi folks, > > We had a server crash and required a hard reboot. The system is on one > disk and another disc mounts /usr/jails and everything runs in jails, > pristine base system, and the base system is working perfectly. > > The second volume, the one with the jails mounted but every jail > directory disappeared except one. df still shows the data being used > so I'm guessing it's a logical error in the directory structure or > something. I unmounted the drive and ran fsck and reported no > problems. df shows the data being use so where is the data?? > OK, so here is an update, maybe someone has some clue here All the jails wound up in the /usr/local/etc/apache22 of the only surviving jail which is the http proxy to all the other jails. Right before the server crashed I noticed MySQL at 100% o several CPUs and the server was on it's knees, so I'm wondering was this an attack? is it possible that Apache or MySQL moved the files?? I mean the jails are there, I'm even backing them up right now but how did these directories move here? Anybody has ANY logical explanation??? Thanks, -- Alejandro Imass > This is FreeBSD 8.2 updated, patched etc. The volume was UFS + Journal > > Any help is GREATLY appreciated! > > Thanks! > > -- > Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
UFS Crash and directories now missing
Hi folks, We had a server crash and required a hard reboot. The system is on one disk and another disc mounts /usr/jails and everything runs in jails, pristine base system, and the base system is working perfectly. The second volume, the one with the jails mounted but every jail directory disappeared except one. df still shows the data being used so I'm guessing it's a logical error in the directory structure or something. I unmounted the drive and ran fsck and reported no problems. df shows the data being use so where is the data?? This is FreeBSD 8.2 updated, patched etc. The volume was UFS + Journal Any help is GREATLY appreciated! Thanks! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Virtual Hosts & Subdomains
On Sat, Mar 17, 2012 at 12:38 PM, David Hughes wrote: > Hi all, > > thanks very much for your advice. > To answer your questions: > > It's a FreeBSD jail that I rent from Exonetric, which I've been using for > experimental / developmental purposes. I haven't registered a personal > domain name for it - as it's mainly for me to mess about with than for the > world to see - but it is bound to a public IP and generic domain name > (http://jail0152.vps.exonetric.net/). I don't have access to the domain name > that came with the jail - and I think that is probably where the problem > lies. > > Here's the current text of my httpd.conf: > http://pastebin.com/NSaj8YfS > > Output of ifconfig: > > http://pastebin.com/Gke651xt > > > I tried adding additional entries for subdomains, but it > didn't work - although I think I understand why that is now. > > Me having this jail is mostly an exercise in learning the whys and > wherefores of remote Unix[-like] server administration - something tells me > I need to learn more about the workings of DNS, as I'd never heard of CNAMEs > before. > OK. First of all you should do it correctly and go by the file distribution of the Apache 2 port. Stick to pre-defined httpd.conf and just uncomment the virtual host file towards the end of the file. Then in extras/httpd-vhosts.conf is where you should configure you vhosts. Once you go for virtual hosts the everything should be vhosts, you should not mix-match single httpd settings with vhost settings. From the on you should use the extra/ httpd and ssl vhosts in separate files like it's pre-defined in the port. >From your example I am assuming you want name-based vhost. Leave the first vhost pointing to something default and safe. Apache will default to the very first vhost defined if it cannot match a domain name. Realize that vhost is an http 1.1 feature, meaning that the vhost mapping is resolved by the domain name in the http request. So even though several domains may map to the same IP, when the request reaches Apache it will look in it's vhost table and try to match a domain name defined in one of the vhosts. If it cannot find one it will default to the first one. This is very confusing and it's always safe to leave the first one pointing something default, maybe even a 404 response. You don't need to use the hoster's provided domain name, in fact you shouldn't. I suspect you have your own domains so just make them point to the IP of jail0152.vps.exonetric.net which seems to resolve to 178.250.76.43 So make __your__ domains point to that IP in your DNS (A records). I can't seem to find your NameVirtualHost which is CRUCIAL for vhosts to work. Another reson to use extra/httpd-vhosts.conf Each vhost should match the exact definition of the NameVirtualHost line so for a line NameVirtualHost *:80 your vhost tags must be Then just match the domain name with the lines for example: ServerName www.yourdomain.com ServerAlias yourdomain.com you can put as many aliases as you want to match. The above will match even if the user forgot the www That's about it. If you use the files provided in FBSD it's easy peasy but if step out the suggested file distribution then you will surely get into trouble unless you really know what you're doing. The port maintainer(s) usually get it right so follow the suggested config structure ;-) post back if you get it working or if you need further help! -- Alejandro > > Thanks again for all your help, much appreciated. > > Best regards, > > David > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Virtual Hosts & Subdomains
On Sat, Mar 17, 2012 at 3:00 AM, Robert Bonomi wrote:
>
> David Hughes wrote
>> Hi all,
>>
[...]
>
> This takes several things to make it work.
> 1) You must have DNS entries for all the various {foo}.domian.tld
[...]
Yeah, for one, the OP should provide details of his implementation
since as you very well point out there are many places where this can
go wrong... We use a jail that reverse proxies to all other jails.
This allows a 2 layer set-up that is not only more secure, but more
flexible as well.
We still don't know if the OP's jail is bound to a public IP or not...
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Subscribe request result (debian-www ML)
On Sat, Mar 17, 2012 at 6:51 AM, wrote: > Hi, I am the fml ML manager for the ML . > > Hmmm, and I thought all Debianites were FBSD-hating zealots. Guess the Japanese tribe is more lax. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Virtual Hosts & Subdomains
On Fri, Mar 16, 2012 at 2:19 PM, David Hughes wrote: > Hi all, > > Forgive me if this is slightly off-topic, but I wonder if I could trouble > you for some advice about setting up website subdomains with Apache. I > currently have a website up and running on a jailed VPS; I've been trying to > set up subdomains so that one might navigate to a certain area of the site > by using a URL of the form blog.mywebsite.net rather than > mywebsite.net/blog. > > I've tried reading the official Apache documentation and a number of > tutorials that I've found online, but nothing I've tried has worked so far. > Do Virtual Hosts behave differently if they're within a jail? Or do I need > some sort of DNS registration for subdomains? I've been trying to figure it > out by myself, with little success so far - I'm quite new to this. Please specify some more info: Are you in a FreeBSD Jail and you have a public or private IP bound to the Jail? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Suggestion
On Mon, Mar 12, 2012 at 2:29 PM, Chad Perrin wrote: > On Mon, Mar 12, 2012 at 12:14:39PM -0400, Allen wrote: >> >> I'd like BeOS to come back, but I'm quite happy with BSD and Linux. > > Give the Haiku project a look. It's meant to be some kind of inheritor > of the BeOS legacy. > May I suggest MenuetOS if you are really looking for something cool -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Terminal (TERM=xterm) on FreeBSD doesn not accept DEL or ALT key on/in a Linux YAST2 session
On Mon, Mar 12, 2012 at 10:30 AM, O. Hartmann wrote: > On 03/12/12 15:21, kpn...@pobox.com wrote: >> On Mon, Mar 12, 2012 at 02:51:55PM +0100, O. Hartmann wrote: >>> Administering Linux Suse boxes makes it opf need to login onto those >>> boxes and use the well designed kiddy-cloaking scripting environment, >>> called YAST/YAST2. [...] > Of course, it is either setenv TERM xterm in csh or TERM=xterm in > bourne-alike shells. Hi Oliver, DEL and BS (Backspace) are one of those things where terminals have failed to standardize. Remember there are *many* layers of translations from the time you hit the key until it echoes on the terminal. First you have local keymaps which might be sending the wrong control sequence (e.g. Mac keyboard vs. regular PC). Then you have the character encoding of the terminal's OS, the you may have further translation in the protocol agents (ssh, telnet, etc.) then you have the remote shell's settings and encodings, etc. and many other things in between Take a look at this article and you will probably fix the problem, and it's probably not even on the FBSD side: www.ibb.net/~anne/keyboard.html Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Modbus RTU with GSM communication
On Mon, Mar 12, 2012 at 10:11 AM, Matthias Apitz wrote: > El día Saturday, March 10, 2012 a las 02:43:10AM -0300, Exemys escribió: > >> This is a message in multipart MIME format. Your mail client should not be >> displaying this. Consider upgrading your mail client to view this message >> correctly. >> Hi Matthias, Please re-send your mail in plain text. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Suggestion
On Sun, Mar 11, 2012 at 11:04 AM, Alejandro Imass wrote: > On Sun, Mar 11, 2012 at 10:55 AM, Chris wrote: >> ... Ah yes, trying to feed the world where hunger is rampant is an evil >> thing when done by corporate "insert name here". >> > > Ah yes, the ignorance > > http://en.wikipedia.org/wiki/Nestl%C3%A9_boycott And you say there is no relationship: http://www.geek.com/articles/mobile/microsoft-versus-open-source-in-the-third-world-20021115/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Suggestion
On Sun, Mar 11, 2012 at 10:55 AM, Chris wrote: > ... Ah yes, trying to feed the world where hunger is rampant is an evil > thing when done by corporate "insert name here". > Ah yes, the ignorance http://en.wikipedia.org/wiki/Nestl%C3%A9_boycott ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Suggestion
On Sun, Mar 11, 2012 at 7:12 AM, Jerry wrote: > On Sun, 11 Mar 2012 11:23:54 +0700 > Erich Dollansky articulated: > >> > > FAT rules! >> > >> > Uh . . . what? >> >> It is on every phone, every camera, every toaster ... > > And for a very good reason; it is virtually universally usable by any > operating system. However, the "exFAT" system is becoming more > prevalent due to its more versatile design. > The only reason it's so popular is not precisely for good design. It's only because of Microsoft's dominance of the market. They achieved this dominance not by providing good software, but rather by user the drug dealer's / gangster model in which they are very lax about people copying their crappy software, and then pressuring them into paying out with the BSA. Meanwhile, people became dependent (addicted) to their file formats such as xls and doc, in a vicious cycle making Microsoft ever more powerful over people's will. They didn't kill off the competition by providing better products and services, they just bullied their way through by threatening distributors and hardware manufacturers, and later consumers. Today, Microsoft is still doing this by providing "free software" to third world schools and governments, much like Nestle does by providing "free powdered milks and baby formula" in Africa, or like Monsanto does when providing super seeds to struggling farmers. As I heard someone say recently "if Al Capone were alive today he'd run a tech company". -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Suggestion
On Sat, Mar 10, 2012 at 2:36 AM, Erich Dollansky
wrote:
> Hi,
>
> On Saturday 10 March 2012 14:28:05 Joshua Isom wrote:
[...]
>
> wine was able to fix the problem. Do not forget that most of the problems
> Windows has are not linked to design.
I am guessing this is a sarcastic comment!!
ALL of Windows' problems are precisely based on poor design... just to
name a few:
- no clean separation of system and apps
- apps re-write system libs at will
- no lib versioning
- there is not out of the box user / admin separation
- no filesystem-based security
- default network protocols are insecure
...and this is only scratching the surface
Windows is a well-marketed (gangster-style) piece of crap. Same with
SAP, Oracle and many other widely-used "enterprise grade" IT. These
folks are marketing machines, not technology companies:
q{
There is no inherent value in a technology per se. The value is
determined instead by the business model used to bring it to market.
The same technology taken to the market through two different business
models will yield different amounts of value. An inferior technology
with a better business model will often trump a better technology
commercialized through an inferior business model.
}
"Open Innovation", (Chesbrough 2003)
--
Alejandro Imass
>
> Erich
> ___
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: CPAN hanging on ExtUtils::MakeMaker even if installed
On Wed, Feb 22, 2012 at 11:40 AM, Matthew Seaman wrote: > On 22/02/2012 16:35, Alejandro Imass wrote: >> On Wed, Feb 22, 2012 at 10:54 AM, Alejandro Imass wrote: >>> Your post makes me very happy to know I wasn't crazy: >>> >>> http://www.perlmonks.org/?node_id=918414 >>> [...] > > It's already been fixed in 3 of the 4 perl ports: > > http://www.freebsd.org/cgi/query-pr.cgi?pr=162151 > > The remaining port (lang/perl5.8) hasn't been modified in 7 months, and > I believe it may well be deprecated and removed fairly soon. > > Cheers, > > Matthew > Thanks for the detailed info Matthew - I guess it's time for me to stop whining about it ;-) It's just that I got excited to see someone else complaining about this problem and after almost being burned at the stake on PM ! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: CPAN hanging on ExtUtils::MakeMaker even if installed
On Wed, Feb 22, 2012 at 11:36 AM, Matthew Seaman wrote: > On 22/02/2012 15:54, Alejandro Imass wrote: >> On Tue, Feb 21, 2012 at 7:34 PM, Jaime Kikpole >> wrote: [...] > Actually, the problem as highlighted in that Perlmonks article was with > BSDPAN::ExtUtils::Packlist. A fix has been applied to the perl5.10, > perl5.12 and perl5.14 ports. > I'm pretty sure I've seen this in 5.10 but I can't say for sure since I upgraded all my systems to 5.12. I'm pretty sure I haven't seen it in 5.12 though. The problem is that I got so used to it that I stopped paying attention to it and just fixed in on the spot, so I can't really say for sure the last time I encountered the problem. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: CPAN hanging on ExtUtils::MakeMaker even if installed
On Wed, Feb 22, 2012 at 10:54 AM, Alejandro Imass wrote: > Your post makes me very happy to know I wasn't crazy: > > http://www.perlmonks.org/?node_id=918414 > > This is a pain in the ass and I don't know if it's a FBSD CPAN problem > or a CPAN dependency problem but it does happen, and it's really > annoying. I don't have a fix but a workaround. It will always hang on > the same test, so just ^C and "look" into the module. remove the test > and go back to the cpan shell. It won't bother you again for the whole > CPAN session. > > -- > Alejandro This person says the problem is in BSDPAN::ExtUtils::Packlist - maybe someone could help the maintainer solve this problem! It is _really_, _really_ annoying. I sadly don't have the time right now and only deal with problem from time to time, but if someone has the time it would be really great to fix!!! http://www.perlmonks.org/?node_id=922671 -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: CPAN hanging on ExtUtils::MakeMaker even if installed
On Tue, Feb 21, 2012 at 7:34 PM, Jaime Kikpole wrote: > I'm attempting to upgrade Request Tracker manually. (I know that > there is a port, but I'd like to preserve my data, thus I'm doing this > "the old fashioned way." :) ) > > When I run the "make fixdeps" step described in the directions, it > attempts to load ExtUtil::MakeMaker from CPAN -- even though its > already installed. This wouldn't be so bad, but it actually hangs and > uses 100% of CPU time (according to "top") like its in an infinite > loop. This is the output just before it hangs: > Your post makes me very happy to know I wasn't crazy: http://www.perlmonks.org/?node_id=918414 This is a pain in the ass and I don't know if it's a FBSD CPAN problem or a CPAN dependency problem but it does happen, and it's really annoying. I don't have a fix but a workaround. It will always hang on the same test, so just ^C and "look" into the module. remove the test and go back to the cpan shell. It won't bother you again for the whole CPAN session. -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 9 and 3G Modems
On Wed, Jan 25, 2012 at 5:50 AM, Odhiambo Washington wrote: > [...] > You know, sometimes all this process is what makes people shy off of *BSD. I > am a diehard lover of FreeBSD, but the few times I have installed Linux on my > laptop, this whole process was a breeze... well, not quite, but not as > difficult as it is in FreeBSD. Luckily, I use WiFi more than I use 3G, so > it's never quite bothered me. Even now, I just want to see how easy it can be > on PC-BSD/FreeBSD, with a GUI to boot, if there is, but I do not feel it is > such a big necessity for me, because I have D-Link DIR-825 which can use this > modem on it's USB port and allow me to use 3G. > It used to be like that in Linux as well. It's only until recently that the netowrk manager app supports 3g modems. The problem is when these graphical apps fail you have virtually no way to see what's going on, just plug and pray. If you get the tty, using Wvdial is actuall much easier than any other dialing/ppp tool I've ever used. So even on Linuxes with NM applet and 3g modem support I would use Wvdial, and on FBSD especially! wvdial is much more robust than the nm apps, IMHO. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD 9 and 3G Modems
On Tue, Jan 24, 2012 at 10:56 AM, Odhiambo Washington wrote: > I am Google-ing for a recent definitive HOWTO use my 3G modem with > FreeBSD/PC-BSD and what I get seem rather old. > Which one? You need to specifiy modem brand/model and network provider to see if other have got that particular one working. Also check the Linux crowd (Ubuntu in particular) and then extrapolate to FBSD. > Someone can point me to a recent document detailing the steps. I have > PC-BSD 9 on my laptop. > Usually it's just a question of making the kernel mount the tty and the dial using something like wvdial. If it's popular and supported it's pretty easy, if not is still possible. Supporting the modem is usually a two layer problem first solving the multi-device problem on the USB bus, that is, selecting the correct device available (i.e. selecting the modem instead of the flash that contains the windows software), and then the actual kernel or userspace driver for that specific device (ZTE, Enfora, etc.). Ultimately, you get a serial modem and you just have to use AT command to dial, etc. and wvdial does a great job and it's quite easy to set-up and run. Good luck, -- Alejandro > > -- > Best regards, > Odhiambo WASHINGTON, > Nairobi,KE > +254733744121/+254722743223 > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ > I can't hear you -- I'm using the scrambler. > Please consider the environment before printing this email. > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Using Gnome ...
On Tue, Jan 17, 2012 at 10:17 AM, David Walker wrote: > A colleague and I were talking about operating systems and I said, hey [...] > If I reboot I get a message to the console that gdm is starting but it > goes to a console login. > Sounds like a video problem. It usually works right away but it seems that the video mode and or video driver are not being able to start the X server and then GDM which will eventually load Gnome when you pass the credentials screen. The GDM start script is in /usr/local/etc/rc.d/gdm You can try: /usr/local/etc/rc.d/gdm restart and see. > Is there anything else I need to do? > Absolutely. Get an idea of your hardware by using pciconf -l or -lv to get the details on your hw Also make sure you have HAL, etc, Take a look at: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/x-config.html And make sure you have followed all steps. Look at the logs (/var/log ) and see if you can spot the specific error message so we can be of more help here... Best, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: apache
On Mon, Jan 16, 2012 at 7:03 AM, Daniel Lewis wrote: > Hey I install apache on free bsd 8.2 but accidentially didnt include > the perl threads. Now when I try to re-install it says perl file > required for apache..How do i fix this problem? > I am assuming you want to run mod_perl on mod_worker so here are my 0.02: To answer your question you must build, and/or re-build Perl first and then Apache and then mod_perl in that order. You can do this as many times as you like because I've done it personally _many_ times. You must of course make desinstall before you can make install again. I've used mod_worker/mod_perl and it's probably _awesome_ for _some_ situations but it's not as straight forward as you may think, and it's not worth the hassle unless you really, really need it to take advantage of idle CPU with the same amount of RAM. You can definitively increase your Apache processes by ten fold _easily_ (and perhaps a lot more) using marginally more RAM, but you must have the CPU power to back it up or you will choke real quickly. You must have very clear, your average response per request to be able to project the actual concurrency, and you must leave _at least_ 1-2GB of RAM free for the OS and calculate at least 20% free time for CPUs. For one, not all Perl code is thread-safe and you must really understand how mod_perl shares the non-mutable segments and all that. This doesn't necessarily mean you can't use _all_ non thread-safe code, but you have to know which parts are fragile, and exactly how fragile they are. Remember mod_perl already loads your PMs globally so you are already saving a lot of memory there (not like mod_php which is basically a fancy SSI-type lang). The only reason to use mult-threaded LWP is to spawn many more Apache threads with mod_worker assuming that your RAM is actually big enough and you a lot of idling CPU power you want to take advantage of. The growth of the memory usage will becoem a trial and error thing and you must reset your main processes with maxrequestsperchild directive once in a while because most thread implementations including FBSD's will leak over time. Anyway, it's MHO but if you really don't understand exactly why and how you're going to use mod_worker/mod_perl just stick to mod_prefork and you'll still get *a very decent* performance and use of your HW. When I started using mod_perl/mod_worker it was quite experimental but if you sit down and do your homework it will really work wonders to squeeze the last drop on your HW. Also, be grateful you're using FBSD for such things, 'cause it can take the beating. This is one area where FBSD leaves Linux in the dust ;-) Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD9 + PHP
On Tue, Jan 10, 2012 at 9:32 AM, Damien Fleuriot wrote: > > [...] > > Mine is, as I pointed out in my earlier reply to Dick, that people who > don't even *use* apache shouldn't get stuck with a *useless apache > module* just because they installed PHP. > > > A possible alternative that would keep everyone happy would be *another* > package that actually includes the module, like for example a package > called "mod_php5", it would install the stuff from php5 + the apache module. Could be, something like mod_perl, but contrary from Perl, PHP is not very useful without Apache anyway. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD9 + PHP
On Tue, Jan 10, 2012 at 5:09 AM, Dick Hoogendijk wrote: > Op 9-1-2012 21:02, alexus schreef: >> >> there is no way to make it like that? so it has to be build via ports? >> >> On Mon, Jan 9, 2012 at 3:02 PM, Peter wrote: >>>> >>>> I created a jail and within a jail I did >>>> >>>> pkg_add -r apache22 >>>> pkg_add -r php5 >>>> >>>> now I have apache and php, but whenever I'm trying to hit phpinfo.php, >>>> I see source code... I dont think php5 added inside of apache22 >>>> >>>> -- >>>> http://alexus.org/ >>> >>> I don't think the package has the apache module by default: >>> pkbsd:#pwd >>> /usr/ports/lang/php5 >>> pkbsd:#make config >>> [ ] APACHE Build Apache module >>> >>> That is unchecked. You'll have to select that and build the port. >>> ...Or you can use the CGI version which is included in the package: >>> [*] CGI Build CGI version >>> > Yes there is no other way. Personally I find this unchecking rather weird. > To me apache/PHP are a happily married couple. It makes building a webserver > on packages only *not* possible and that's stupid imo. > +1 I second you again here! I've read in some PHP forums to stay away from Apache and mod_php and to use FCGI instead. Maybe this is a trend in the PHP community, but I couldn't care less because IMO it hurts FBSD in the long run, not to have the module built by default. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ports vs packages
On Tue, Jan 10, 2012 at 7:12 AM, Dick Hoogendijk wrote: > Op 10-1-2012 12:36, Eric Masson schreef: > >> Dick Hoogendijk writes: >> >> Hi, >> >>> As I write in another reply: that's true and totally stupid imo. >> >> *You* think it's stupid. > > Yes, as I wrote: "stupid imo" > But thanks again for your reply. You may be right but I still feel it's > better to *have* the pache module and disable it than to *have to* use ports > just to get it. > IMO it's stupid as well and I second Dick's opinion. The module doesn't hurt anyone, and reduces confusion. I think that PHP is still more heavily deployed on mod_php than on anything else. The Apache module should be built by default unless there is a really strong argument as to why it shouldn't. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ports vs packages
On Mon, Jan 9, 2012 at 5:00 PM, alexus wrote: > Thank you so much for this wonderful feedback! > > One of the things I'm seeing is that unfortunately packages are > somewhat limited vs ports... > > For example: > > I'm trying to get Apache httpd + PHP to work, after pkg_add -r php5, > php5 doesn't have libphp5.so that links Apache and PHP together... so > unless I'm doing something entirely wrong I basically must use ports > and nothing else to get the functionality i need... > The port in lang/php52 has a build apache module option. Seems weird to me that the module is not built with the binary distro of the php52 package. It also seems weird that in the port, the apache module option is not selected by default. Maybe it's because the PHP crowd seems to have a grudge against the apache module and the maintainer follows that sentiment? What good is php52 if not to run with Apache :-) Yeah I don't like php that much, but IMHO the apache module should be selected by default if it's detected that Apache is installed on the system. Maybe you should write the port maintainer and get his take on the matter. -- Alejandro Imass > http://alexus.org/ > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD Kernel Internals Documentation
On Mon, Jan 9, 2012 at 3:37 PM, David Jackson wrote: > > > On Tue, Jan 3, 2012 at 9:46 AM, Alejandro Imass wrote: >> >> On Tue, Jan 3, 2012 at 1:41 AM, Da Rock >> wrote: >> > On 01/03/12 12:06, Walter Alejandro Iglesias wrote: >> >> >> >> On Mon, Jan 02, 2012 at 12:33:20PM -0700, Chad Perrin wrote: >> >>> >> >>> Ubuntu, actually, has thrown out the baby with the bathwater. In its >> >>> zeal to make things "just work" in a particular manner, it seems >> >> I would just like to add that is FreeBSD was so crappy open sour >> software, why does it run half the Internet? >> >> >> http://freebsdfoundation.blogspot.com/2011/12/apache-software-foundation-testimonial.html >> >> -- >> Alejandro Imass [...] > I Never said that FreeBSD was not a good OS to use on a server, if you just > want to install it and use it, its a really great OS on a server. Sorry, my post wasn't an answer to you directly but to the direction the thread was taking and to the open sore comments etc. I just happen to pick the last mail on the thread and it was yours. But I should have checked first and answer to the specific place on the thread, My apologies! -- Alejandro ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ports vs packages
On Mon, Jan 9, 2012 at 1:19 PM, Devin Teske wrote: >> -Original Message- >> From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd- [...] > Of course, this is explicit to rather serious production environments. > Desktop and casual usage ... ports may serve you better if you like to stay > up-to-date rather than only upgrading once every 1-2 years. We think the opposite. Serious production environments should use specifically compiled ports for your needs and create packages from those. In fact we combine this approach with the use of EzJail and flavours. So I guess it all depends on the needs and what a serious production environment means for each company or individual. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: ports vs packages
On Mon, Jan 9, 2012 at 12:17 PM, alexus wrote: > Ports vs Packages? > > /usr/ports vs pkg_* > > pros/cons The beauty of FBSD: they ultimately update the same DB, heck even Perl modules installed via the FBSD CPAN shell get updated to that same db. My rule of thumb: use ports for everything, compile with your own options, etc. Use pre-built binary packages to install very large stuff like Gnome, Open Office, etc. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Shared Memory allocation in jail
On Thu, Jan 5, 2012 at 8:56 AM, bsd wrote: > Hi, > > I am trying to run both postgres and zabbix in the same jail and I am only > able to start postgres or zabbix not both of them. > Yeah bro, it bit me in the ass as well ;-) the SysV IPC is common for the whole system. So anything that uses IPC in jails will have to go through this process You have to change the Pg user's id and the chown the Pg files. I use a nomeclature for this and is the last 3 digits of the jail's IP and the original uid. Example The jail on 192.168.101.124 has a Pg user of 70124 for port NATing I use the contrary nomenclature like 12480 is the network port 80 of the same jail in th public IP as 12480. Anyway here is my recipe: pw usermod pgsql -u 70124 pw groupmod pgsql -g 70124 chown -R pgsql /usr/local/pgsql/ chgrp -R pgsql /usr/local/pgsql/ When you run ipcs from the jail You should the see something like the example below, where there is still one Pg on uid 70 but from the jail's perspective it's the pgsql user who now has uid of 70124 Message Queues: T ID KEY MODEOWNERGROUP Shared Memory: T ID KEY MODEOWNERGROUP m 1179648 5432001 --rw--- 70 70 m 1310730 --rw--- 70 70 m 1572866 5432002 --rw--- pgsqlpgsql Semaphores: T ID KEY MODEOWNERGROUP s 1703936 5432001 --rw--- 70 70 s 1703937 5432002 --rw--- 70 70 s 1703938 5432003 --rw--- 70 70 s 1572867 5432004 --rw--- 70 70 s 1572868 5432005 --rw--- 70 70 s 1572869 5432006 --rw--- 70 70 s 1572870 5432007 --rw--- 70 70 s 1179655 5432008 --rw--- pgsqlpgsql s 1179656 5432009 --rw--- pgsqlpgsql s 1179657 5432010 --rw--- pgsqlpgsql s 1179658 5432011 --rw--- pgsqlpgsql s 1179659 5432012 --rw--- pgsqlpgsql s 1179660 5432013 --rw--- pgsqlpgsql s 1179661 5432014 --rw--- pgsqlpgsql Cheers, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD Kernel Internals Documentation
On Wed, Jan 4, 2012 at 12:02 PM, Walter Alejandro Iglesias wrote: > On Wed, Jan 04, 2012 at 08:50:45AM -0700, Chad Perrin wrote: >> On Wed, Jan 04, 2012 at 12:33:28PM +0100, Walter Alejandro Iglesias wrote: >> > On Tue, Jan 03, 2012 at 09:55:04PM -0700, Chad Perrin wrote: >> > > On Tue, Jan 03, 2012 at 02:07:36PM -0800, Chip Camden wrote: >> > > > Quoth Chad Perrin on Tuesday, 03 January 2012: >> > > > > Come on people, it may be entertaining, but this thread is ridiculously OT. Take it up privately or edit subject to OT please. And before anyone flips out and flames this I am referring to all the OT stuff, not just the last few posts. Keep the topic on FBSD and anything else please place OT or privately to keep the archives useful and also to respect everyone's choice to follow-up, or not, on the soap opera! Thanks, -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD Kernel Internals Documentation
On Tue, Jan 3, 2012 at 10:14 AM, Polytropon wrote: > On Tue, 3 Jan 2012 09:01:47 -0600, Mark Felder wrote: >> On Tue, 03 Jan 2012 08:46:54 -0600, Alejandro Imass wrote: >> >> > I would just like to add that is FreeBSD was so crappy open sour >> > software, why does it run half the Internet? >> >> This must be a mistake. I was just assured this weekend that FreeBSD is a >> niche OS. > > Maybe consider the chance that a FreeBSD OS can be > turned into closed source (which the license explicitely > allows) and put into some embedded device, a router, > a DSL modem, a managed switch... In parts like this, > you won't recognize FreeBSD anymore. If you consider > such devices "niche devices", think again: You'll > find them near any Internet-connected computer and > among the bowels of the whole Internet. :-) > Apple's OS X and iOS for starters. It was heavily based on *BSD, including parts of FBSD ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: FreeBSD Kernel Internals Documentation
On Tue, Jan 3, 2012 at 1:41 AM, Da Rock wrote: > On 01/03/12 12:06, Walter Alejandro Iglesias wrote: >> >> On Mon, Jan 02, 2012 at 12:33:20PM -0700, Chad Perrin wrote: >>> >>> Ubuntu, actually, has thrown out the baby with the bathwater. In its >>> zeal to make things "just work" in a particular manner, it seems I would just like to add that is FreeBSD was so crappy open sour software, why does it run half the Internet? http://freebsdfoundation.blogspot.com/2011/12/apache-software-foundation-testimonial.html -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: * Re: IPSec in Jail
On Sun, Dec 4, 2011 at 11:54 AM, Devin Teske wrote: > > We're using 8.1 + VIMAGE and using openvpn, ipfw, and IPSec within jail > successfully. > > No stability issues with other jails (so far), but then again only been > running that setup (with IPSec/openvpn in a vimage) for a few weeks now. But, > so far so good! > -- > Devin Thanks for your comments! I guess we' ll go ahead then. -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
IPSec in Jail
Hello, I was following a thread in FBSD Spanish talking about the use of IPSec in Jails and there was no conclusion to the matter. I have a client that wants to run a VPN which requires IPSec and he is running on some jails we provide them. We can provide them with a public IP for the jail but I'm not sure if this will work. I understand from the thread that recompiling the kernel with VIMAGE enabled should allow the use of IPSec in the jails but apparently until 8.0 this was experimental. This particular server uses 8.2 so I would like to know if anyone here has done this and how stable it is? Would enabling VIMAGE for the base kernel compromise the system and other clients running on other jails in the same server? Thanks beforehand for any valuable comments! -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
