Re: httpd howto redirect port 80 to 443 in vm
Why not use a .htaccess redirect? https://www.sslshopper.com/apache-redirect-http-to-https.html On Thu, Mar 1, 2018 at 7:18 AM Bryan Harriswrote: > Alternate?: go back to original config and change > > server "default" > > to > > server "example.com" > > And maybe an alias for "www.example.com." > > Just a thought. > > V/r, > Bryan > -- There's no place like 127.0.0.1
Re: fsck: CANNOT READ: BLK 4235468160
I just saw you mentioned you are using the disk inside of virtualbox. Does this same thing happen if you use the disk natively? On Mon, Jan 8, 2018 at 8:52 AM Matt M <cmorrow...@gmail.com> wrote: > With disks, the blocks can change. There can be any number of reasons for > this, from the actual physical platters going bad to the read heads not > functioning properly, or the memory on the disk going bad. SSD is a > different story, in my experience when it begins to go the behavior becomes > really erratic and inconsistent. You could try replacing cables, but you > are probably looking at replacing the disk. > > > On Sat, Jan 6, 2018 at 9:12 PM STeve Andre' <and...@msu.edu> wrote: > >> When you enter the realm of hardware errors, anything can happen. If >> you are lucky you will see the same hard and soft errors every time you >> cross a bad sector, but I have seen many cases wildly varying block >> numbers on really sick disks. And yes, bad cables and USB interfaces >> can be a problem too. Try wiggling the cable disk the disk stable and >> see if you can produce errors. >> >> Try doing a read with that USB hardware on another disk, too. That will >> tell you something. I'll bet that the disk is bad. If it stops >> producing errors, don't forgive it! Get a new one. >> >> --STeve Andre' >> >> On 01/06/18 21:45, Maximilian Pichler wrote: >> > Hi, >> > >> > I'm running fsck on an external USB hard drive, using OpenBSD 6.2 >> > inside VirtualBox on MacOS. >> > >> > On each run it gives a handful of "CANNOT READ: BLK ..." messages, but >> > the block numbers reported are different (!) each time. >> > >> > If the disk is damaged, shouldn't the problematic blocks be >> > consistent? Does this point to a communication problem with the disk >> > (e.g. faulty USB cable)? Or is this a hopelessly unstable situation >> > given the general screwiness of USB over VirtualBox/Mac OS...? >> > >> > Also, does answering "y" to "CANNOT READ" modify the disk contents? >> > >> > Thanks for any insights! >> > >> > Max >> > >> > >> > xhci0 at pci0 dev 12 function 0 "Intel 7 Series xHCI" rev 0x00: apic 2 >> int 20 >> > usb0 at xhci0: USB revision 3.0 >> > uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev >> > 3.00/1.00 addr 1 >> > umass0 at uhub0 port 9 configuration 1 interface 0 "Seagate Expansion" >> > rev 3.00/0.00 addr 2 >> > umass0: using SCSI over Bulk-Only >> > scsibus4 at umass0: 2 targets, initiator 0 >> > sd0 at scsibus4 targ 1 lun 0: <Seagate, Expansion, 9300> SCSI4 0/direct >> fixed >> > sd0: 3815447MB, 512 bytes/sector, 7814037167 <(781)%20403-7167> sectors >> > >> > $ doas fsck /dev/sd0a >> > ** /dev/rsd0a >> > ** Last Mounted on /home/max/mnt >> > ** Phase 1 - Check Blocks and Sizes >> > >> > CANNOT READ: BLK 4235468160 <(423)%20546-8160> >> > CONTINUE? [Fyn?] y >> > >> > THE FOLLOWING DISK SECTORS COULD NOT BE READ: >> > >> > CANNOT READ: BLK 4128081280 <(412)%20808-1280> >> > CONTINUE? [Fyn?] y >> > >> > THE FOLLOWING DISK SECTORS COULD NOT BE READ: >> > CANNOT READ: BLK 4194986880 <(419)%20498-6880> >> > CONTINUE? [Fyn?] y >> > CONTINUE? [Fyn?] y >> > >> > THE FOLLOWING DISK SECTORS COULD NOT BE READ: >> > ** Phase 2 - Check Pathnames >> > >> > CANNOT READ: BLK 4195146384 <(419)%20514-6384> >> > CONTINUE? [Fyn?] y >> > CONTINUE? [Fyn?] y >> > >> > THE FOLLOWING DISK SECTORS COULD NOT BE READ: >> > ** Phase 3 - Check Connectivity >> > ** Phase 4 - Check Reference Counts >> > ** Phase 5 - Check Cyl groups >> > 614222 files, 408012667 used, 76524122 free (3658 frags, 9565058 >> > blocks, 0.0% fragmentation) >> > >> > MARK FILE SYSTEM CLEAN? [Fyn?] y >> > >> > >> > * FILE SYSTEM WAS MODIFIED * >> > >> > >> > $ doas fsck -f /dev/sd0a >> > ** /dev/rsd0a >> > ** File system is already clean >> > ** Last Mounted on /home/max/mnt >> > ** Phase 1 - Check Blocks and Sizes >> > >> > CANNOT READ: BLK 4236615424 <(423)%20661-5424> >> > CONTINUE? [Fyn?] y >> > >> > THE FOLLOWING DISK SECTORS COULD NOT BE READ: >> > ** Phase 2 - Check Pathnames >&
Re: fsck: CANNOT READ: BLK 4235468160
With disks, the blocks can change. There can be any number of reasons for this, from the actual physical platters going bad to the read heads not functioning properly, or the memory on the disk going bad. SSD is a different story, in my experience when it begins to go the behavior becomes really erratic and inconsistent. You could try replacing cables, but you are probably looking at replacing the disk. On Sat, Jan 6, 2018 at 9:12 PM STeve Andre'wrote: > When you enter the realm of hardware errors, anything can happen. If > you are lucky you will see the same hard and soft errors every time you > cross a bad sector, but I have seen many cases wildly varying block > numbers on really sick disks. And yes, bad cables and USB interfaces > can be a problem too. Try wiggling the cable disk the disk stable and > see if you can produce errors. > > Try doing a read with that USB hardware on another disk, too. That will > tell you something. I'll bet that the disk is bad. If it stops > producing errors, don't forgive it! Get a new one. > > --STeve Andre' > > On 01/06/18 21:45, Maximilian Pichler wrote: > > Hi, > > > > I'm running fsck on an external USB hard drive, using OpenBSD 6.2 > > inside VirtualBox on MacOS. > > > > On each run it gives a handful of "CANNOT READ: BLK ..." messages, but > > the block numbers reported are different (!) each time. > > > > If the disk is damaged, shouldn't the problematic blocks be > > consistent? Does this point to a communication problem with the disk > > (e.g. faulty USB cable)? Or is this a hopelessly unstable situation > > given the general screwiness of USB over VirtualBox/Mac OS...? > > > > Also, does answering "y" to "CANNOT READ" modify the disk contents? > > > > Thanks for any insights! > > > > Max > > > > > > xhci0 at pci0 dev 12 function 0 "Intel 7 Series xHCI" rev 0x00: apic 2 > int 20 > > usb0 at xhci0: USB revision 3.0 > > uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev > > 3.00/1.00 addr 1 > > umass0 at uhub0 port 9 configuration 1 interface 0 "Seagate Expansion" > > rev 3.00/0.00 addr 2 > > umass0: using SCSI over Bulk-Only > > scsibus4 at umass0: 2 targets, initiator 0 > > sd0 at scsibus4 targ 1 lun 0: SCSI4 0/direct > fixed > > sd0: 3815447MB, 512 bytes/sector, 7814037167 <(781)%20403-7167> sectors > > > > $ doas fsck /dev/sd0a > > ** /dev/rsd0a > > ** Last Mounted on /home/max/mnt > > ** Phase 1 - Check Blocks and Sizes > > > > CANNOT READ: BLK 4235468160 <(423)%20546-8160> > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > > > CANNOT READ: BLK 4128081280 <(412)%20808-1280> > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > CANNOT READ: BLK 4194986880 <(419)%20498-6880> > > CONTINUE? [Fyn?] y > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > ** Phase 2 - Check Pathnames > > > > CANNOT READ: BLK 4195146384 <(419)%20514-6384> > > CONTINUE? [Fyn?] y > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > ** Phase 3 - Check Connectivity > > ** Phase 4 - Check Reference Counts > > ** Phase 5 - Check Cyl groups > > 614222 files, 408012667 used, 76524122 free (3658 frags, 9565058 > > blocks, 0.0% fragmentation) > > > > MARK FILE SYSTEM CLEAN? [Fyn?] y > > > > > > * FILE SYSTEM WAS MODIFIED * > > > > > > $ doas fsck -f /dev/sd0a > > ** /dev/rsd0a > > ** File system is already clean > > ** Last Mounted on /home/max/mnt > > ** Phase 1 - Check Blocks and Sizes > > > > CANNOT READ: BLK 4236615424 <(423)%20661-5424> > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > ** Phase 2 - Check Pathnames > > > > CANNOT READ: BLK 3732315520 > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > > > CANNOT READ: BLK 4161885792 > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > > > CANNOT READ: BLK 4201995728 > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > > > CANNOT READ: BLK 4202008160 > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > > > CANNOT READ: BLK 4202013680 > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > ** Phase 3 - Check Connectivity > > ** Phase 4 - Check Reference Counts > > ** Phase 5 - Check Cyl groups > > > > CANNOT READ: BLK 5011229824 > > CONTINUE? [Fyn?] y > > > > THE FOLLOWING DISK SECTORS COULD NOT BE READ: > > 614222 files, 408012667 used, 76524122 free (3658 frags, 9565058 > > blocks, 0.0% fragmentation) > > > > > > -- There's no place like 127.0.0.1
Re: ETE - ETA
ETA is a sort of "universally" recognized and used form. To be technical, ETA and ETE would be synonymous in this case anyway. The time to wait till arrival (eta) would correspond exactly with the time it takes to complete the process (enroute). On Sun, Jan 22, 2017 at 8:30 AM jean-francoiswrote: > Hi, > > I always wondered what was ETA for during the installation process. > > As of today, I noticed this should read ETE as for Estimated Time Enroute. > > ETA stands for Estimated Time of Arrival and is therefore more or less > constant. > > Regards
Re: the balance between OpenBSD and life
On Sat, May 28, 2016 at 7:31 AM Teng Zhangwrote: > I can't adjust the time for OpenBSD and my life appropriately. Could you > please share your experience with me about how you adjust your time between > OpenBSD and your life. > thanks for any reply. > > If OpenBSD is consuming so much of your time that it is interfering with life, then maybe leave OpenBSD alone for a while and come back when life in general isn't needing your full attention, Maybe run OpenBSD for your server or desktop, but don't consume yourself with it - if it works, it works - and it should work without having to constantly babysit or tweak it. I am a musician, and if I could I would easily spend 12+ hours per day playing, composing, recording and mixing music. But I have a job and family, so music takes a second seat to that. There are times where I can't even pick up an instrument for days at a time. That's life. But I always come back to it whenever I get the chance, and sometimes I have the time to focus heavily on music. OpenBSD should be no different for you.
Re: My computer suddenly turned itself off.
Sudden power offs are often indicative of heat issues, especially on laptops. Does it power right back on and stay on for a long time? If not I would suspect heat. If it does stay on, it may be a power management bug, a bad power source or possibly a failing power supply in the machine. If it won't power back on right away, or won't stay on till it sits for a while, try cleaning the cpu fan - they collect a lot of dust. On Wednesday, January 21, 2015, Joel Rees joel.r...@gmail.com wrote: I'm looking under /var/log, but not seeing any logfiles to give me any clues. What information should I post? I have /var/log/messages from the moment of the crash, but it's about 36K. dmesg: --- OpenBSD 5.5-stable (GENERIC) #0: Sat Dec 13 14:38:02 JST 2014 r...@ob.reiisi.homedns.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) 2600+ (AuthenticAMD 686-class, 256KB L2 cache) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MPC,MMXX,3DNOW2,3DNOW real mem = 737636352 (703MB) avail mem = 713281536 (680MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/28/04, BIOS32 rev. 0 @ 0xfbaa0, SMBIOS rev. 2.3 @ 0xf0800 (33 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 07/28/2004 bios0: MICRO-STAR INTERNATIONAL CO., LTD KM266-8237 acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC acpi0: wakeup devices SLPB(S5) USB0(S1) USB1(S1) USB2(S1) USB3(S1) USB4(S1) USB5(S1) USB6(S1) USB7(S1) LAN0(S5) UAR1(S5) LPT1(S5) ECP1(S5) PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 333MHz ioapic0 at mainbus0: apid 2 pa 0xfec0, version 3, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature is 100 degC acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB bios0: ROM list: 0xc/0x7e00 0xc8000/0x1a00! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT8378 PCI rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xe000, size 0x1000 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA VT8378 VGA rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 7 function 0 ITExpress IT8212F rev 0x13: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using apic 2 int 18 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: Maxtor 6B160P0 wd0: 16-sector PIO, LBA48, 156334MB, 320173056 sectors wd1 at pciide0 channel 0 drive 1: WDC WD3200AAJB-00J3A0 wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 wd1(pciide0:0:1): using PIO mode 0 pciide1 at pci0 dev 15 function 0 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd2 at pciide1 channel 0 drive 0: Maxtor 4R080L0 wd2: 16-sector PIO, LBA, 78167MB, 160086528 sectors wd2(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD/DVDW TS-H552A, BA52 ATAPI 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 3 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: apic 2 int 21 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: apic 2 int 21 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: apic 2 int 21 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: apic 2 int 21 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: apic 2 int 21 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00: SMI iic0 at viapm0 iic0: addr 0x2f 00=00 01=07 02=00 03=00 04=07 05=00 06=00 07=00 14=14 15=62 16=03 17=02 words 00=00ff 01=07ff 02=00ff 03=00ff 04=07ff 05=00ff 06=00ff 07=00ff spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC2700CL2.5 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: apic 2 int 22 ac97: codec id 0x56494170 (VIA Technologies VT1617) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x78: apic 2 int 23, address 00:11:09:b4:08:41 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 8: OUI 0x004063, model 0x0032 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0
Re: Upgrade path from 4.1?
Your best option would be to backup data and configs, and reinstall fresh. There are so many releases between 4.1 and 5.4 that you're going to spend a lot of time just to get to -current or -stable 5.4, while you're still gonna have to modify config files that have changes since 4.1 that it probably wouldn't be worth the time and effort. As far as skipping versions, first you're gonna have a lot of issues going straight from 4.1 to 5.4. If you just look at the changelogs between each version, you'll see a lot of things have been removed or considered defunct, and configuration for services may have changed dramatically (pf and softraid, for example). Do yourself the favor and save the headaches by just reloading fresh and porting over any configs. On Thu, Feb 6, 2014 at 4:49 AM, davy davy.van.de.mo...@gmail.com wrote: Hi, I've recently was asked to take over the maintenance of an old OpenBSD machine, which has not been updated in the last 7 years. Currently the machine has been running for close to 1000 days on 4.1. It has been a while since I worked with OpenBSD (shame on me), and I'm really not sure what the best way would be to upgrade this machine, knowning I don't have a serial or local access to the box. Can I do a 4.1 - 5.4 in one shot? thx! Davy
Cisco routers
This may not be the most appropriate place to ask, but I figured a lot of you are using Cisco on your networks. I am beginning to study for the CCNA and I want to purchase at least one Cisco router and a switch for a home lab. I don't want to spend a lot of money unnecessarily, and have been looking at the 2600 routers. Since I don't know anything about Cisco hardware, I don't know if this is too old, if it still applies in the industry, what I might be lacking in the IOS and the hardware capabilities, etc. What would you guys recommend for a starter lab that will give me what I need to apply to real-world networks?
PF port forwarding issue
I am using PF on 5.4-stable to NAT and firewall my network, but I can't get port forwarding to work. All requests end up at the OpenBSD box and go no further. For instance, I opened port 22 in PF to forward to a Centos box, but ssh on the openbsd box still takes the request. Port 80 isn't working at all, as there is no apache on the openbsd box. PF is running on 192.168.2.160 and apache is on 192.168.2.170. I can access apache by directly connecting to 192.168.2.170 Thanks for any help. PF.conf --- ext_if = dc0 int_if = vr0 icmp_types=echoreq #OPTIONS set block-policy return set loginterface egress set skip on lo #default block incoming traffic block in log #PORT FORWARDING pass in on egress proto tcp from any to any port 22 rdr-to 192.168.2.170 port 22 pass in on egress proto tcp from any to any port 80 rdr-to 192.168.2.170 port 80 #NAT the entire network match out on egress inet from !(egress:network) to any nat-to (egress:0) #pass outgoing traffic through firewall with no checking pass out quick #antispoof protection antispoof quick for { lo $int_if } pass in inet proto icmp all icmp-type $icmp_types
Re: Is my 5.4 CD ok?
There isn't any reason all the packages couldn't fit on a cd. Most are just a few bytes to a few kb, and a small number are into a few MB. Browsing the package list (for i386), it looks like the largest one might be 4mb. You should set your pkg path to the cd if you want to install from there, *export PKG_PATH=/mnt/cdrom/5.4/packages/`machine -a`/*(change to the mount point of your cdrom) Personally, I prefer to just set the pkg path to an http mirror as it is just as fast, or often faster, than cdrom and I don't have to have the cd on hand. On Thu, Jan 16, 2014 at 7:28 PM, Mario mario@videotron.ca wrote: Hi list. I know you are all busy discussing electricity issues but maybe one of you can take a moment to answer this. Browsing my new CDs for first time ever, I am a little confused and I am seeking clarification. Is the following normal? Because when I think about it, can really over 14,000 packages (amd64 + hppa) fit on a CD. I am puzzled. marst:349$ pwd /mnt/5.4/packages/amd64 marst:350$ ls -l total 25238 -r--r--r-- 1 root wheel 539 Aug 5 17:25 TRANS.TBL -r--r--r-- 1 root wheel 125468 Jul 29 13:26 bzip2-1.0.6p0.tgz -r--r--r-- 1 root wheel 674979 Jul 29 13:26 curl-7.26.0p3.tgz -r--r--r-- 1 root wheel 7556487 Jul 29 13:26 gettext-0.18.2p3.tgz -r--r--r-- 1 root wheel 2012934 Jul 29 13:26 gnupg-1.4.13p0.tgz -r--r--r-- 1 root wheel 159 Aug 5 17:22 index.txt -r--r--r-- 1 root wheel 1521545 Jul 29 13:26 libiconv-1.14p0.tgz -r--r--r-- 1 root wheel 264257 Jul 29 13:26 libidn-1.27.tgz -r--r--r-- 1 root wheel 280021 Jul 29 13:26 rsync-3.0.9p3.tgz -r--r--r-- 1 root wheel 165840 Jul 29 13:26 unzip-6.0p2.tgz -r--r--r-- 1 root wheel 322276 Jul 29 13:26 xz-5.0.5.tgz marst:351$ I guess the question is are all the binaries supposed to be on CD because if I follow instructions as per booklet: % su Password : root password # mount /dev/cd0a /mnt # /mnt/5.4/packages/amd64 # pkg_add emacs-21.4p23.tgz That's not working. Well it worked when my $PKG_PATH was still set on ftp but I suppose PKG_PATH is supposed to be set to the CD path. Also nowhere on CD2 I can find the soundtrack. I suppose that should be easy. I would really need a song at the moment. -- Mario
Re: Virtualize or bare-metal?
I personally wouldn't advise using a single bare-metal machine just for dhcp, a separate one for dns, a separate one for sendmail etc. Seems like a huge waste of resources to me. My opinion is that you would fare better, as was suggested earlier, to use some of the other bare-metal machines for more intensive tasks like Apache. And, I always like to have a spare box or two to experiment with different things on, so I would keep one just for that if it were me. Virtualizing is great for testing and experimenting, but sometimes you can't beat a real machine for that. On Tue, Jan 14, 2014 at 12:50 AM, Christopher Ahrens n...@leviacomm.netwrote: Matthew Weigel wrote: On 1/13/2014 9:11 PM, Christopher Ahrens wrote: Jack Woehr wrote: Christopher Ahrens wrote: Wish I could split everything off to physical, but all I have for space for is a mini-rack that fits under my desk in my apartment Sounds like you have answered your own question! What I meant by bare-metal was if I should run a bunch of services on the same installation of OpenBSD. Well, hardware failures on a small pool of machines are still hardware failures on a small pool of machines, whether you have virtual servers or not. For security, chroot (especially with privilege separation) accomplishes a lot of what virtualization claims to offer, with a much longer history of auditing and better understood weaknesses. It is usually easier, in my experience, to manage one system running many services in individual chroot environments than to manage many (virtual) systems. Files in chroot environments will sometimes need to be updated when you change the main system, but in my experience this is a much easier task to identify and manage than applying those changes en masse to a collection of virtual hosts. Plus, there will be plenty of system updates to the main system that don't need to trickle down to the chroot environments, but will almost always need to be applied individually to each virtual host. You may still want to physically separate some concerns if you have enough machines (e.g., build machines vs. service machines, spreading out disk-intensive services, etc.), but in general I don't think virtualization will particularly help you. OK, I think I'll try loading multiple services onto single machines, I'm thinking that I could always just attach a bunch of carp interfaces (one for each service) to the machine then if I want to move that service to another machine (Virtual or physical) I just destroy the carp interface and recreate it on the new one. At this point my plan is to use a pair of machines for a specific category (to allow for a machine failure or allow for update cycles with no downtime), each pair would handle one of Public internet services (external-facing DNS, Public Web server, SMTP filtering), internal services (Internal DNS, LDAP, CA), or business applications (Wiki, Mail Store / IMAP access, source code control). The last two boxes used as spare and to test virtualization options. I am just not using a single machine for multiple roles (I cut my teeth on Windows 2000/2003 and picked up some bad habits and obsolete advice)
Re: openbsd host halted with unknown acpi event
On 10/31/2012 11:05 AM, Rares Aioanei wrote: On Wed, Oct 31, 2012 at 10:28:35AM +0400, Sergey Bronnikov wrote: Yesterday I have found an unpleasent bug in OpenBSD. I started two virtual machines in qemu with netbsd and building source inside each virtual machine. After about 10 min laptop become overheated just below the keyboard, Xorg was shutdowned and host halted with following messages on console: /bsd: acpithinkpad0: unknown event 0x6022 /bsd: acpitz1: critical temperature exceeded 100C (3732K), shutting down Is described above load critical for openbsd? What is an event 0x6022? I didn't find such event in dumped acpi tables. You said that you felt heat just below the keyboard. As a tech, I know that overheating can cause all sorts of random errors and will power off your machine. Typically if it is strictly heat related, your pc will not come back on for at least a couple of minutes, after it has had time to cool off, or will power back on immediately and then power right back off. Open your laptop if you can, clean dust off the fans and vents, and it should help. I would also advise to get a laptop cooler - they are only a few dollars and help a lot.
pf and torrenting
I am trying to get torrenting to work but I can't seem to get any packets to go through. Tcpdump shows attempted activity and nothing blocked,but the torrent client itself doesn't seem to be receiving anything from any torrent I have tried. The torrent client is using port 58846 From the pf.conf: --- ext_if=rl0 pass in on $ext_if proto tcp from any to any port 58846 rdr-to 192.168.1.101 port 58846
Upgrade to 5.2?
Yesterday I upgraded from 5.1-release to -current. Is there any need to upgrade to 5.2-release? Could this cause issues since -current is really newer than what's on the 5.2 media?