Re: daily.output and ROOTBACKUP
On 02/04/13 22:09, Peter Bisroev wrote:
Hi Guys,
That is what I suspected.
I can obviously patch the scripts up for now, but long term, should we have a
VERBOSESTATUS equivalent flag to complement ROOTBACKUP?
Not sure. As VERBOSESTATUS already has it's special meaning, I'm
thinking along the lines of a more generic QUIET variable,
accompanied with sth like what's below, parts of which might be
considered overkill. Maybe it is all overkill.
- - - - - - -
QUIET=false
do_part() {
local _err;
$@ return
_err=$?
QUIET=false
return $_err;
# Or simpler but less fine-grained:
$@ || ! QUIET=false
}
...
run_script daily.local# override QUIET at will
[ true != $QUIET ] || QUIET=false
...
start_part checking foo
do_part echo doing bar
do_part cat /nonexistant# disables QUIET operation
...
if ! $QUIET [ -s $MAINOUT ]; then
mail -s `hostname` daily insecurity output root $MAINOUT
fi
- - - - - - -
/Alexander
Re: OpenBGP - iBGP peers not announcing after 3 hops
On 2013-02-04, Eduardo Meyer dudu.me...@gmail.com wrote: On 02/04/2013 03:59 PM, Eduardo Meyer wrote: Hello, I am facing a strange behavior, I have the following scenario eBGP1-iBGP1-iBGP2-iBGP3-eBGP2 iBGP must be fully meshed, a session between iBGP1 and iBGP3 is missing. Really? It's difficult for me in this environment, do I have another option? This doesn't mean that they need to be directly connected; iBGP sessions can be run over multiple hops by default. It just means you need neighbour configs for 12, 13, 23. You could use a route reflector as others suggested but it's a bit much for this setup imo; it will be a critical part of the network so you'll probably want a redundant pair. These come into their own when the number of routers goes up.
Re: 5.2 amd64 php and apache problem
On 2013-02-04, Matthias Appel appel.matth...@gmail.com wrote: Activated apache, enabled ssl and changed config, so apache is reachable via IPv4 and v6...no further changes to httpd.conf Installed php-5.3.14p1.tgz and create the syslink as I were told (as far as I can see, there should be no necessity to do further configuration...or am I wrong?) created a php script consisting of: # cd /var/www/cgi-bin/ # cat phpinfo.php ? phpinfo(); ? # Put this in the htdocs dir, not cgi-bin.
openbsd and vmware
Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Are there any known problems one should take into consideration before virtualization? I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? Thank you in advanced, Bogdan
Re: openbsd and vmware
On 02/05/13 06:03, Bogdan Andu wrote: Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Just Do It? I haven't found any problems running OpenBSD in VMware ESXi or whatever they call it this week. I usually just tell the management tool the VM is a FreeBSD system. However, I'll admit my uses are fairly simple and more development/testing/low-need type stuff...i.e., VM appropriate. Are there any known problems one should take into consideration before virtualization? Lots. The exact same as any other OS, though. All eggs in one basket, security farce, complexity leading to increasing downtime, etc. In short, take almost everything VMware calls a benefit, invert, and you are close to reality. But again, nothing to do with OpenBSD. In terms of OpenBSD on VMware benefits...forget vmware tools. Much of the functionality is built into OpenBSD, unlike most other OSs pushed for virtualizing. I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? In almost all cases, you will find OpenBSD much easier than most other OS for this kind of stuff. Take a physical machine, disk image it, drop it on vmware, boot single user, mount root partition, rename hostname.whatever0 to hostname.em0, if you are not using DUIDs (and you switched from wd(4) to sd(4) disks), fix fstab (not necessary if you are using DUIDs), and it will just work (I may be forgetting something, but it's all totally simple). Try that with Windows or Linux -- not gonna happen. Note: P2V by raw disk image is not my recommended way of doing it, but I find the ability to do it shows how darned nifty OpenBSD is about things like this. Nick.
Re: openbsd and vmware
On Tue, Feb 05, 2013 at 03:03:34AM -0800, Bogdan Andu wrote: Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Are there any known problems one should take into consideration before virtualization? I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? Thank you in advanced, Bogdan Try to consider oVirt[1], it is open-source, based on top of KVM, aims to be vSphere competitor. Issues till now: * upstream do not provide all-in-one binary tarball, building from source would need to download additional java deps. * spice-xpi firefox plugin is buggy on OpenBSD, you can get spice console via little hacks in ovirt-cli thought. Any help would be appreciated. oVirt is upstream for RHEV-M, so there's big support behind. jirib
Re: openbsd and vmware
Try to consider oVirt[1], it is open-source, based on top of KVM, aims to be vSphere competitor. ...forgotten url - http://www.ovirt.org jirib
Re: 5.2 amd64 php and apache problem
by defeult the /var/www is a directory for chrooted apache and in this directory is dir htdocs try to place Your script in this directory or change this directory on other by changing apache behaviour in conf/httpd.conf On Mon, 04 Feb 2013 19:54:51 +0100, Matthias Appel appel.matth...@gmail.com wrote: Am 04.02.2013 19:10, schrieb James Shupe: Why is that in the cgi-bin directory to begin with? Do you have shorttags enabled in php.ini? As mentioned, it's pretty much vanilla configuration...so i can be sure cgi-bin/ is allowed for script executionbut httpd.conf will be changed, as soon as php is running. Shorttags are enabled, but I also had a phpinfo.php with full tags, which produced the same error.
Re: openbsd and vmware
On Tue, Feb 05, 2013 at 07:19:02AM -0500, Nick Holland wrote: Take a physical machine, disk image it, drop it on vmware, boot single user, mount root partition, rename hostname.whatever0 to hostname.em0, You can also change the ethernet0.virtualDev setting from e1000 to vmxnet in your .vmx configuration file to use vic0 instead of em0. See the vic(4) manual page for more information... reyk
Re: openbsd and vmware
vmnet2 works fine too. On 5 feb 2013, at 16:14, Reyk Floeter r...@openbsd.org wrote: On Tue, Feb 05, 2013 at 07:19:02AM -0500, Nick Holland wrote: Take a physical machine, disk image it, drop it on vmware, boot single user, mount root partition, rename hostname.whatever0 to hostname.em0, You can also change the ethernet0.virtualDev setting from e1000 to vmxnet in your .vmx configuration file to use vic0 instead of em0. See the vic(4) manual page for more information... reyk
Re: openbsd and vmware
Am 05.02.2013 16:44, schrieb Dan Shechter: My product, which is a networking virtual appliance, is running on ESXi without any problems. I ran it as 32 bit since I also run the product on an HW appliance which do not run 64bit. Best regards, Dan On Tue, Feb 5, 2013 at 1:03 PM, Bogdan Andu bo...@yahoo.com wrote: Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Are there any known problems one should take into consideration before virtualization? I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? Thank you in advanced, Bogdan I am running a bridged firewall since OpenBSD 4.something on VMware Server/ESXi without problems. The only thing you will have to consider that snapshots while running the OS might leave you with an inconsisten filesystem because there are no vmware tools which quiesce your vm. In general, I try to take snapshots only when the vm is down, so I dont have to deal with filesystem repairs in any kind. But so far no problems with the only downtimes when the OS has to be updated. Regards, Matthias
Re: openbsd and vmware
I've personally never has issues and performance is good. I've been running a php-fpm/nginx stack with OpenBSD and VMware and performance has been great. Only issue is the tools install. I've had issues with that but it runs fine without it. I've also run it on KVM and found VMWare to be better. I have iSCSI storage with ZFS as a backend and can't complain Sent from my Android phone using TouchDown (www.nitrodesk.com) -Original Message- From: Bogdan Andu [bo...@yahoo.com] Received: Tuesday, 05 Feb 2013, 6:04am To: misc@openbsd.org [misc@openbsd.org] Subject: openbsd and vmware Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Are there any known problems one should take into consideration before virtualization? I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? Thank you in advanced, Bogdan
Re: OpenBSD VAX on SIMH, sloooow networking!
From: John Long codeb...@inbox.lv Sent: Tue Feb 05 18:37:05 CET 2013 To: misc@openbsd.org Subject: OpenBSD VAX on SIMH, slw networking! I installed OpenBSD VAX on SIMH. Host is OpenBSD 5.2 stable amd64. Networking from within SIMH is unbelievably slow. It takes 5 hours to download base52.tgz. I've done ftp and NFS installs from my own local servers, performance to my host box is 7 MB/sec. In SIMH it's about 4kb/sec. Running SIMH on a mipsel64 box running OpenBSD 5.2 stable is exactly as bad. Has anybody experienced and overcome this? Thanks, /jl -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachments / \ Code Blue or Go Home! Encrypted email preferred PGP Key 2048R/DA65BC04 It may be a NIC speed issue... no ? VAX have often AUI nic about 10Mbits/s Half so if you have hard 100Mbits/s Full it can cause a duplex conflict... then a very low speed network... not sure this is the problem but check Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 Toulouse France +33 6 17 230 820 +33 5 34 365 269 fpussa...@contactoffice.fr
Re: Bug (?) - softraid
Le 02/02/2013 16:18, Kenneth R Westerback a écrit : On Sat, Feb 02, 2013 at 03:02:51PM +0100, Maxime Villard wrote: Hi, I have a Thinkpad T61, with an extractible cd drive like this one: http://www.notebookcheck.biz/typo3temp/pics/b7bc6b4b90.jpg If I unplug this drive when the system is fully booted - and logged in -, I get a strange bug. When I unplug: cd0 detached scsibus0 detached atapiscsi0 detached softraid0: i/o error on block 162290672 target 0 b_error 6 -- SOMETIMES IT'S 'b_error 0' here, nothing works. Most of the time, the keyboard goes off and I cannot do anything like switching tty or simply typing 'reboot'. Sometimes it also writes '/home: create/symlink failed, no inodes free'. Is that a bug or a missing feature? I should be able to keep control on the system even if I unplug the drive like a savage, no? Depends what your softraid configuration is. Ken Sorry for the late answer. I don't have a big softraid configuration, I have encrypted /home /root /altroot /var /usr, but I didn't touch cd0.
Re: OpenBSD VAX on SIMH, sloooow networking!
Francois Pussault [fpussa...@contactoffice.fr] wrote: It may be a NIC speed issue... no ? VAX have often AUI nic about 10Mbits/s Half so if you have hard 100Mbits/s Full it can cause a duplex conflict... then a very low speed network... not sure this is the problem but check John is talking about Egg McMuffins, while you are talking about croissants. They are two different things.
Re: openbsd and vmware
The only problem I ever had with running OpenBSD with ESX/i was doing snapshots for backups with BackupExec. With the vmt(4), vCenter and BackupExec *think* that VMware Tools is running and try to quiesce the VM before backing it up. That fails, so the backup fails. Disabling the vmt(4) driver in the kernel allowed vCenter/BackupExec to see OpenBSD as a non-compatible snapshot capable system (even though I could take snapshots in general) and would back it up. On Tue, Feb 5, 2013 at 9:53 AM, Bentley, Dain dbent...@nas.edu wrote: I've personally never has issues and performance is good. I've been running a php-fpm/nginx stack with OpenBSD and VMware and performance has been great. Only issue is the tools install. I've had issues with that but it runs fine without it. I've also run it on KVM and found VMWare to be better. I have iSCSI storage with ZFS as a backend and can't complain Sent from my Android phone using TouchDown (www.nitrodesk.com) -Original Message- From: Bogdan Andu [bo...@yahoo.com] Received: Tuesday, 05 Feb 2013, 6:04am To: misc@openbsd.org [misc@openbsd.org] Subject: openbsd and vmware Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Are there any known problems one should take into consideration before virtualization? I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? Thank you in advanced, Bogdan
NAT over enc(4)
Hello all, I'm trying to build an IPSec VPN between two sites and both sites are using the same addressing plan. I'm using OpenBSD 5.1 on a Soekris board on one site and a closed-source appliance on the other end. I remembered an old article on undeadly.org (http://undeadly.org/cgi?action=articlesid=20090127205841) and tried to adapt but without luck so far. I need a 1:1 NAT mapping as multiple servers must be accessible from either site. Here is my setup (public IP and PSK changed) : * /etc/ipsec.conf : 8--- ike esp from 192.168.7.0/24 (192.168.0.0/24) to 192.168.6.0/24 peer 8.8.8.8 main auth hmac-sha1 enc aes-256 group modp1024 quick auth hmac-sha1 enc aes-256 group modp1024 psk mypsk 8--- * /etc/pf.conf : 8--- match on enc0 from 192.168.0.0/24 to 192.168.6.0/24 binat-to 192.168.7.0/24 source-hash 8--- * pfctl -sr : 8--- match out on enc0 inet from 192.168.0.0/24 to 192.168.6.0/24 nat-to 192.168.7.0/24 source-hash 0xa28e791d2929a414834ebd15872704fa static-port match in on enc0 inet from 192.168.6.0/24 to 192.168.7.0/24 rdr-to 192.168.0.0/24 source-hash 0xa28e791d2929a414834ebd15872704fa 8--- * ifconfig : 8--- em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:b9:34 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::200:24ff:fece:b934%em0 prefixlen 64 scopeid 0x1 inet 8.8.4.4 netmask 0xff00 broadcast 8.8.4.254 em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:24:ce:b9:35 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause) status: active inet6 fe80::200:24ff:fece:b935%em1 prefixlen 64 scopeid 0x2 inet 192.168.0.180 netmask 0xff00 broadcast 192.168.0.255 8--- * route -n show -encap 8--- Routing tables Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 192.168.6/24 0 192.168.0/24 0 0 8.8.8.8/esp/use/in 192.168.0/24 0 192.168.6/24 0 0 8.8.8.8/esp/require/out 8--- My local and remote net is 192.168.0.0/24 and forwarding is enabled. I can see the IPSec tunnel is up and the routes are set. If I ping from the remote site to the site behind the OpenBSD router (ping 192.168.7.1 from 192.168.0.1 for example), I can see from a tcpdump session that icmp echo from 192.168.6.1 to 192.168.7.1 appears on em0 and dies there. Nothing pass on em1. On the other hand, if I ping from the OpenBSD site to the other side (ping 192.168.6.1 from 192.168.0.1 for example), I can see on enc0 a trace of icmp echo from 192.168.0.1 to 192.168.6.1 (and not from 192.168.7.1 to 192.168.6.1 as one might expect). What did I miss ? In undeadly.org's article it is stated that you need both routers to be OpenBSD. I understand that but still want to believe I should see some trafic on em1, don't you think so ? Thank you in advance, Denis
Re: OpenBGP - iBGP peers not announcing after 3 hops
On Tue, Feb 05, 2013 at 10:34:02AM +, Stuart Henderson wrote: On 2013-02-04, Eduardo Meyer dudu.me...@gmail.com wrote: On 02/04/2013 03:59 PM, Eduardo Meyer wrote: Hello, I am facing a strange behavior, I have the following scenario eBGP1-iBGP1-iBGP2-iBGP3-eBGP2 iBGP must be fully meshed, a session between iBGP1 and iBGP3 is missing. Really? It's difficult for me in this environment, do I have another option? This doesn't mean that they need to be directly connected; iBGP sessions can be run over multiple hops by default. It just means you need neighbour configs for 12, 13, 23. You could use a route reflector as others suggested but it's a bit much for this setup imo; it will be a critical part of the network so you'll probably want a redundant pair. These come into their own when the number of routers goes up. It should be possible to make all routers route-reflectors and not do a full mesh but route-reflector setups are not inherently stable. In some setups they can result in a unstable network. Especially when adding redundancies to setups (by additional RRs or additional iBGP links) it is possible to end up with a not converging network which is fun fun fun... In general if you have less than a handfull bgp router us a full mesh. The pain of fiddeling with RR is not worth the few sessions you save. -- :wq Claudio
Re: Laptop freeze on boot because of ACPI
On Tue, Feb 05, 2013 at 10:01:10PM +0100, Charles Rapenne wrote: I used the command acpidump -o a. I didn't understand the use of the prefix so I put a. Thank you for your help (I cut the gibberish out) Please give me an acpidump that is actually usable. What you inlined won't do any good. Use sendbug. -ml
Re: Verizon FIOS, OpenBSD, and DHCP
Solved this. It took Verizon three tries (three calls by me), to actually get the RJ-45 port working on the ONT. Jay Good evening. I am trying to replace the Verizon FIOS Actiontec router with a OpenBSD 5.2 box, and move from COAX to Cat5e at the same time. I've read the documentation for configuring dhcp/dhclient. I've set the external interface to dhcp. I have a solid green link light on the interface (re0). When I attempted to cutover (Verizon reset the ONT, and I rebooted the box). I received the following feedback: DHCPDISCOVER on re0 to 255.255.255.255 port 67 interval 3 DHCPDISCOVER on re0 to 255.255.255.255 port 67 interval 7 DHCPDISCOVER on re0 to 255.255.255.255 port 67 interval 9 DHCPDISCOVER on re0 to 255.255.255.255 port 67 interval 9 DHCPDISCOVER on re0 to 255.255.255.255 port 67 interval 21 DHCPDISCOVER on re0 to 255.255.255.255 port 67 interval 12 No DHCPOFFERS received. No working leases in persistent database - sleeping. I assumed the RJ-45 port was hot when it cutover. I now find that the COAX port is still hot (as the Actiontec router is still online) and therefore assume the cutover to RJ-45 was not done properly on their end. But I also wanted to know if a stock 5.2 distro work with FIOS and Cat5e or do I need to use ISC-dhcp somewhere in the process? Thanks in advance, Jay
