Re: I can’t get veb/vport to work with vmd.

2021-05-06 Thread Mischa
On  6 May at 04:04, Luke Small  wrote:
> There seems to be ZERO examples of using veb/vport vs bridge/vether. I am
> running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied
> the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0
> so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and
> vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart
> veb0 then ran the vm of choice and it gets no internet. I reverted
> everything back and I get internet.
> 
> What am I missing?

Can you share your config?

I have it working with like:

root@server14:~ # ls /etc/hostname.* | xargs -n1 -t head -n5   
head -n5 /etc/hostname.em0
up
head -n5 /etc/hostname.veb911
add vport911
up
head -n5 /etc/hostname.vlan910
vnetid 910 parent em0
inet 46.23.91.24 255.255.255.192
inet6 2a03:6000:910::24 64
up
head -n5 /etc/hostname.vport911
inet 46.23.91.65 255.255.255.192

root@server14:~ # cat /etc/vm.conf 
switch "uplink_veb911" {
interface veb911
}

vm "vm01" {
disable
owner runbsd
memory 1G
disk "/var/vmm/vm01.qcow2" format qcow2
interface tap {
switch "uplink_veb911"
lladdr fe:e1:bb:d4:d4:01
}
}

Mischa



Re: Unable to boot 6.9 bsd.rd on 6.8 vmd host

2021-05-04 Thread Mischa
> On 4 May 2021, at 21:50, Dave Voutila  wrote:
> 
> Mischa writes:
> 
>> Hi All,
>> 
>> I have a couple of machines running on 6.8 still, will upgrade soon. :)
>> For some reason when I am trying to boot a 6.9 bsd.rd nothing is happening.
> 
> 6.9 bsd.rd's for amd64 are gzip'd. For 6.9, vmd was taught how to boot
> compressed kernels/ramdisks.

Ah yes! I remember the discussion and thread about that, now. 

>> It's only showing:
>> Connected to /dev/ttypq (speed 115200)
>> 
>> Nothing else appears.
>> Booting from a 6.8 bsd.rd works normally.
>> 
>> Equally booting from 6.9 bsd.rd on a 6.9 host works as expected as well.
>> 
>> Something I can do to make this work?
> 
> gunzip the ramdisk and a 6.8 vmd instance should be able to boot it.
> 
> Once you have a guest updated and it's using seabios it will be booting
> off the disk image and it shouldn't matter at that point.

Will give that a try. Thanx Dave!

Mischa

> 
> -dv



Unable to boot 6.9 bsd.rd on 6.8 vmd host

2021-05-04 Thread Mischa
Hi All,

I have a couple of machines running on 6.8 still, will upgrade soon. :)
For some reason when I am trying to boot a 6.9 bsd.rd nothing is happening.

It's only showing:
Connected to /dev/ttypq (speed 115200)

Nothing else appears.
Booting from a 6.8 bsd.rd works normally.

Equally booting from 6.9 bsd.rd on a 6.9 host works as expected as well.

Something I can do to make this work?

Mischa



Re: vmm error mesg since upgrade to 6.9

2021-05-04 Thread Mischa
On  4 May at 15:44, Dave Voutila  wrote:
> 
> Dave Voutila writes:
> >
> > I've managed to reproduce it on my end using vmd(8) from 6.9 and a
> > config similar to what you and Holger are using. I have a few hunches
> > and looking into it.
> >
> 
> An errata for 6.9 was released addressing the underlying issue. As this
> is specific to vmd(8), this only affects users on amd64 using vmd(8).
> 
> See https://www.openbsd.org/errata69.html
> 
> Should be available via syspatch(8) now that it's had time to replicate
> out to mirrors.
> 
> Thanks Holger and Mischa for reporting the issue and helping me
> troubleshoot!

Patch applied and works like a charm!

I am only seeing these again with non-OpenBSD VMs. :)

 vmd[66593]: rtc_update_rega: set non-32KHz timebase not supported

Thank you Dave for fixing this so quickly!

Mischa



Re: vmm error mesg since upgrade to 6.9

2021-05-02 Thread Mischa Peters


> On 2 May 2021, at 14:56, Dave Voutila  wrote:
> 
> 
> Mischa Peters writes:
> 
>>>> On 2 May 2021, at 14:25, Dave Voutila  wrote:
>>> 
>>> 
>>> Mischa writes:
>>> 
>>>> 
>>>> Interestingly I am seeing the same on my 6.9 hosts, except the host 
>>>> running -current.
>>> 
>>> Hmm. -current has some small changes to virtio emulation, specifically
>>> fixing some bad casts I found [1]. That might explain the difference
>>> with -current.
>>> 
>>>> The hosts are similar in regards to configuration.
>>>> I have migrated from bridge/vether to veb/vport.
>>>> 
>>>> May  2 13:14:38 r2 vmd[59033]: vionet_enq_rx: descriptor too small for 
>>>> packet data
>>>> May  2 13:15:12 r2 last message repeated 11 times
>>>> May  2 13:17:13 r2 last message repeated 34 times
>>>> 
>>>> # vmctl show | grep 59033
>>>>  6 59033 14.0G1.8G   ttyp5 root  running images
>>>> 
>>>> # vm.conf
>>>> switch "uplink_vlan880" {
>>>>   interface veb880
>>>> }
>>>> vm "images" {
>>>>   memory 4G
>>>>   disk "/var/vmm/images.qcow2"
>>>>   disk "/var/vmm/images_extra.qcow2"
>>>>   interface tap { switch "uplink_vlan880" }
>>>> }
>>>> 
>>>> # cat /etc/hostname.em0
>>>> up
>>>> # cat /etc/hostname.veb880
>>>> add vlan880
>>>> add vport880
>>>> up
>>>> # cat /etc/hostname.vlan880
>>>> vnetid 880 parent em0
>>>> up
>>>> # cat /etc/hostname.vport880
>>>> inet 46.23.xx.xx 255.255.255.0
>>>> inet6 2a03:6000:xxx::xx
>>>> up
>>>> 
>>>> I am using a combination of dhcp and static IP config on both hosts to 
>>>> provision the VMs.
>>> 
>>> Are you running dhcpd(8) on the host? Or using vmd(8)'s built-in dhcp
>>> service?
>> 
>> Only using dhcpd on the host.
>> 
>>>> What else can be relevant?
>>> 
>>> Logging into my obsd.ams host (that I haven't updated yet to 6.9) it's
>>> using "dhcp" in /etc/hostname.vio0. Do you see this same issue with
>>> *guests* running 6.8? Or only 6.9?
>> 
>> The host running -current only has 6.8 VMs. The hosts where I see the 
>> messages are 6.9 VMs on 6.9 hosts.
>> 
>> Let me spin a 6.9 -release host and run a bunch of 6.8 VMs. And or a mix.
>> 
> 
> I've managed to reproduce it on my end using vmd(8) from 6.9 and a
> config similar to what you and Holger are using. I have a few hunches
> and looking into it.

Nice! Let me know if there is something you need or want me to test. 

Mischa



Re: vmm error mesg since upgrade to 6.9

2021-05-02 Thread Mischa Peters


> On 2 May 2021, at 14:25, Dave Voutila  wrote:
> 
> 
> Mischa writes:
> 
>> 
>> Interestingly I am seeing the same on my 6.9 hosts, except the host running 
>> -current.
> 
> Hmm. -current has some small changes to virtio emulation, specifically
> fixing some bad casts I found [1]. That might explain the difference
> with -current.
> 
>> The hosts are similar in regards to configuration.
>> I have migrated from bridge/vether to veb/vport.
>> 
>> May  2 13:14:38 r2 vmd[59033]: vionet_enq_rx: descriptor too small for 
>> packet data
>> May  2 13:15:12 r2 last message repeated 11 times
>> May  2 13:17:13 r2 last message repeated 34 times
>> 
>> # vmctl show | grep 59033
>>   6 59033 14.0G1.8G   ttyp5 root  running images
>> 
>> # vm.conf
>> switch "uplink_vlan880" {
>>interface veb880
>> }
>> vm "images" {
>>memory 4G
>>disk "/var/vmm/images.qcow2"
>>disk "/var/vmm/images_extra.qcow2"
>>interface tap { switch "uplink_vlan880" }
>> }
>> 
>> # cat /etc/hostname.em0
>> up
>> # cat /etc/hostname.veb880
>> add vlan880
>> add vport880
>> up
>> # cat /etc/hostname.vlan880
>> vnetid 880 parent em0
>> up
>> # cat /etc/hostname.vport880
>> inet 46.23.xx.xx 255.255.255.0
>> inet6 2a03:6000:xxx::xx
>> up
>> 
>> I am using a combination of dhcp and static IP config on both hosts to 
>> provision the VMs.
> 
> Are you running dhcpd(8) on the host? Or using vmd(8)'s built-in dhcp
> service?

Only using dhcpd on the host.

>> What else can be relevant?
> 
> Logging into my obsd.ams host (that I haven't updated yet to 6.9) it's
> using "dhcp" in /etc/hostname.vio0. Do you see this same issue with
> *guests* running 6.8? Or only 6.9?

The host running -current only has 6.8 VMs. The hosts where I see the messages 
are 6.9 VMs on 6.9 hosts. 

Let me spin a 6.9 -release host and run a bunch of 6.8 VMs. And or a mix.

Mischa

> -dv
> 
> [1] 
> https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/vmd/virtio.c.diff?r1=1.84=1.85_with_tag=MAIN



Re: vmm error mesg since upgrade to 6.9

2021-05-02 Thread Mischa
On  2 May at 13:04, Dave Voutila  wrote:
> Holger Glaess writes:
> 
> > hi
> >
> >
> > i did the upgrade von 6.8 to 6.9 .
> >
> >
> > after reboot i get in my messages log
> >
> >
> > vmd[56]: vionet_enq_rx: descriptor too small for packet data
> >
> >
> > i run only one vm on my box, this is also upgraded to 6.9.
> >
> >
> > how can i fix this ?
> >
> >
> 
> Can you share some more details? Does networking work? How do you start
> this vm (what are the networking arguments)? Need more info to reproduce
> what you're seeing.
> 
> There were minimal changes in the virtio emulation between 6.8 and
> 6.9. One of the few changes involved dhcp/bootp packet intercept, so I'm
> curious what your guest is doing.

Interestingly I am seeing the same on my 6.9 hosts, except the host running 
-current.
The hosts are similar in regards to configuration.
I have migrated from bridge/vether to veb/vport.

May  2 13:14:38 r2 vmd[59033]: vionet_enq_rx: descriptor too small for packet 
data
May  2 13:15:12 r2 last message repeated 11 times
May  2 13:17:13 r2 last message repeated 34 times

# vmctl show | grep 59033
   6 59033 14.0G1.8G   ttyp5 root  running images

# vm.conf
switch "uplink_vlan880" {
interface veb880
}
vm "images" {
memory 4G
disk "/var/vmm/images.qcow2"
disk "/var/vmm/images_extra.qcow2"
interface tap { switch "uplink_vlan880" }
}

# cat /etc/hostname.em0
up
# cat /etc/hostname.veb880
add vlan880
add vport880
up
# cat /etc/hostname.vlan880
vnetid 880 parent em0
up
# cat /etc/hostname.vport880
inet 46.23.xx.xx 255.255.255.0
inet6 2a03:6000:xxx::xx
up

I am using a combination of dhcp and static IP config on both hosts to 
provision the VMs.

What else can be relevant?

Mischa



Re: OT: Dell EMC switches

2021-04-08 Thread Mischa
Hi Ivo,

I don’t have any experience with the Dell switches but what about the Arista 
DCS-7050QX-32 or DCS-7050QX-32S?
32x40G QSFP+ for the 7050QX-32
32x40G QSFP+ of which one QSFP+ can act as a dual personality to 4xSFP+ for the 
7050QX-32S. (mind the S)

There are converters for the QSFP+ to turn them into a SFP+ port if you need 
more 10G but want to have a way to migrate to 40G.
You can do this with the Mellanox 655902-001 QSA adapter.

Which is pretty much what we have in production. :)
Are you planning to buy new or eBay? There are some pretty good deals on eBay.

Mischa


> On 8 Apr 2021, at 20:58, Ivo Chutkin  wrote:
> 
> Hello everyone,
> 
> Does anyone have experience with Dell EMS switches?
> 
> Namely S4100 series, S4128F-ON or S4188F-ON.
> 
> Are they robust and reliable?
> 
> I need to replace number of Extreme Networks X650. 10G ports are loaded 
> nearly 80% all the time. We are pushing Internet traffic and some multicast.
> 
> Also, Dell EMC support third party OS like FTOS, Cumulus Linux OS or Big 
> Switch Networks Switch Light. It it means any good.
> 
> Thanks,
> Ivo
> 



Re: Large Filesystem

2020-11-16 Thread Mischa
> On 15 Nov 2020, at 20:57, Kenneth Gober  wrote:
> On Sun, Nov 15, 2020 at 8:59 AM Mischa  wrote:
> 
>> On 15 Nov at 14:52, Otto Moerbeek  wrote:
>>> fsck wil get slower once you start filling it, but since your original
>>> fs had about 104k files it expect it not getting too bad. If the speed
>>> for your usecase is good as well I guess you should be fine.
>> 
>> Will see how it behaves and try to document as much as possible.
>> I can always install another BSD on it. ;)
>> 
> 
> To give a very rough idea, here is a sample running fsck on an FFS2
> file system with a fairly large number of files:
> 
> 
> $ df -ik /nfs/archive
> 
> Filesystem  1K-blocks  Used Avail Capacity iused   ifree  %iused
> Mounted on
> 
> /dev/sd1g   12308149120 7477490128 421525153664% 4800726 383546408
> 1%   /nfs/archive
> 
> $ doas time fsck -f /nfs/archive
> 
> ** /dev/sd1g (6d3438729df51b22.g) (NO WRITE)
> 
> ** Last Mounted on /nfs/archive
> 
> ** Phase 1 - Check Blocks and Sizes
> 
> ** Phase 2 - Check Pathnames
> 
> ** Phase 3 - Check Connectivity
> 
> ** Phase 4 - Check Reference Counts
> 
> ** Phase 5 - Check Cyl groups
> 
> 4800726 files, 934686266 used, 603832374 free (35534 frags, 75474605
> blocks, 0.0% fragmentation)
> 3197.25 real35.86 user66.03 sys
> 
> This is on older hardware, and not running the most recent release.
> The server is a Dell PowerEdge 2900 with a PERC H700 controller, and
> 4 WD Red Pro 8TB disks (WD8001FFWX-6) forming a RAID10 volume
> containing 3 small 1TB file systems and 1 large 12TB file system.  The
> OS is OpenBSD 6.1/amd64.  All the file systems on this volume are
> mounted with the softdep option and the big one has noatime as well.
> 
> The time to run fsck is really only an issue when the server reboots
> unexpectedly (i.e. due to a power outage).  Coming up after a proper
> reboot or shutdown is very fast due to the file systems being clean.
> A UPS can help avoid most of these power-related reboots.  Alas, this
> particular server was connected to a UPS with a bad battery so it has
> rebooted due to power outages at least a half-dozen times this year,
> each of them involving a fairly long fsck delay.  I finally took the time
> last week to replace the UPS batteries so going forward this should
> be much less of a problem.  I do recommend the use of a UPS (and
> timely replacement of batteries when needed) if you are going to
> host very large FFS2 volumes.
> 
> I have never lost files due to a problem with FFS2 (or with FFS for that
> matter), but that is no reason not to perform regular backups.  For this
> particular file system I only back it up twice a year, but the data on it
> doesn't change often.  File systems with more 'normal' patterns of usage
> get backed up weekly.  The practice of taking regular backups also helps
> ensure that 'bit rot' is detected early enough that it can be corrected.

Thank you for sharing your experience. Gives me some more confidence to just go 
for it. ;)

Mischa



Re: Large Filesystem

2020-11-15 Thread Mischa
On 15 Nov at 14:52, Otto Moerbeek  wrote:
> On Sun, Nov 15, 2020 at 02:43:03PM +0100, Mischa wrote:
> 
> > On 15 Nov at 14:25, Otto Moerbeek  wrote:
> > > On Sun, Nov 15, 2020 at 02:14:47PM +0100, Mischa wrote:
> > > 
> > > > On 15 Nov at 13:04, Otto Moerbeek  wrote:
> > > > > On Sat, Nov 14, 2020 at 05:59:37PM +0100, Otto Moerbeek wrote:
> > > > > 
> > > > > > On Sat, Nov 14, 2020 at 04:59:22PM +0100, Mischa wrote:
> > > > > > 
> > > > > > > On 14 Nov at 15:54, Otto Moerbeek  wrote:
> > > > > > > > On Sat, Nov 14, 2020 at 03:13:57PM +0100, Leo Unglaub wrote:
> > > > > > > > 
> > > > > > > > > Hey,
> > > > > > > > > my largest filesystem with OpenBSD on it is 12TB and for the 
> > > > > > > > > minimal usecase
> > > > > > > > > i have it works fine. I did not loose any data or so. I have 
> > > > > > > > > it mounted with
> > > > > > > > > the following flags:
> > > > > > > > > 
> > > > > > > > > > local, noatime, nodev, noexec, nosuid, softdep
> > > > > > > > > 
> > > > > > > > > The only thing i should mention is that one time the server 
> > > > > > > > > crashed and i
> > > > > > > > > had to do a fsck during the next boot. It took around 10 
> > > > > > > > > hours for the 12TB.
> > > > > > > > > This might be something to keep in mind if you want to use 
> > > > > > > > > this on a server.
> > > > > > > > > But if my memory serves me well otto did some changes to fsck 
> > > > > > > > > on ffs2, so
> > > > > > > > > maybe thats a lot faster now.
> > > > > > > > > 
> > > > > > > > > I hope this helps you a little bit!
> > > > > > > > > Greetings from Vienna
> > > > > > > > > Leo
> > > > > > > > > 
> > > > > > > > > Am 14.11.2020 um 13:50 schrieb Mischa:
> > > > > > > > > > I am currently in the process of building a large 
> > > > > > > > > > filesystem with
> > > > > > > > > > 12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, 
> > > > > > > > > > to serve as a
> > > > > > > > > > central, mostly download, platform with around 100 
> > > > > > > > > > concurrent
> > > > > > > > > > connections.
> > > > > > > > > > 
> > > > > > > > > > The current system is running FreeBSD with ZFS and I would 
> > > > > > > > > > like to
> > > > > > > > > > see if it's possible on OpenBSD, as it's one of the last 
> > > > > > > > > > two systems
> > > > > > > > > > on FreeBSD left.:)
> > > > > > > > > > 
> > > > > > > > > > Has anybody build a large filesystem using FFS2? Is it a 
> > > > > > > > > > good idea?
> > > > > > > > > > How does it perform? What are good tests to run?
> > > > > > > > > > 
> > > > > > > > > > Your help and suggestions are really appriciated!
> > > > > > > > > 
> > > > > > > > 
> > > > > > > > It doesn't always has to be that bad, on current:
> > > > > > > > 
> > > > > > > > [otto@lou:22]$ dmesg | grep sd[123]
> > > > > > > > sd1 at scsibus1 targ 2 lun 0:  
> > > > > > > > naa.5000c500c3ef0896
> > > > > > > > sd1: 15259648MB, 512 bytes/sector, 31251759104 sectors
> > > > > > > > sd2 at scsibus1 targ 3 lun 0:  
> > > > > > > > naa.5000c500c40e8569
> > > > > > > > sd2: 15259648MB, 512 bytes/sector, 31251759104 sectors
> > > > > > > > sd3 at scsibus3 targ 1 lun 0: 
> > > > > > > > sd3: 30519295MB, 512 bytes/sector, 62503516672 sectors
> > > > > > > > 
> > > > >

Re: Large Filesystem

2020-11-15 Thread Mischa
On 15 Nov at 14:25, Otto Moerbeek  wrote:
> On Sun, Nov 15, 2020 at 02:14:47PM +0100, Mischa wrote:
> 
> > On 15 Nov at 13:04, Otto Moerbeek  wrote:
> > > On Sat, Nov 14, 2020 at 05:59:37PM +0100, Otto Moerbeek wrote:
> > > 
> > > > On Sat, Nov 14, 2020 at 04:59:22PM +0100, Mischa wrote:
> > > > 
> > > > > On 14 Nov at 15:54, Otto Moerbeek  wrote:
> > > > > > On Sat, Nov 14, 2020 at 03:13:57PM +0100, Leo Unglaub wrote:
> > > > > > 
> > > > > > > Hey,
> > > > > > > my largest filesystem with OpenBSD on it is 12TB and for the 
> > > > > > > minimal usecase
> > > > > > > i have it works fine. I did not loose any data or so. I have it 
> > > > > > > mounted with
> > > > > > > the following flags:
> > > > > > > 
> > > > > > > > local, noatime, nodev, noexec, nosuid, softdep
> > > > > > > 
> > > > > > > The only thing i should mention is that one time the server 
> > > > > > > crashed and i
> > > > > > > had to do a fsck during the next boot. It took around 10 hours 
> > > > > > > for the 12TB.
> > > > > > > This might be something to keep in mind if you want to use this 
> > > > > > > on a server.
> > > > > > > But if my memory serves me well otto did some changes to fsck on 
> > > > > > > ffs2, so
> > > > > > > maybe thats a lot faster now.
> > > > > > > 
> > > > > > > I hope this helps you a little bit!
> > > > > > > Greetings from Vienna
> > > > > > > Leo
> > > > > > > 
> > > > > > > Am 14.11.2020 um 13:50 schrieb Mischa:
> > > > > > > > I am currently in the process of building a large filesystem 
> > > > > > > > with
> > > > > > > > 12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, to 
> > > > > > > > serve as a
> > > > > > > > central, mostly download, platform with around 100 concurrent
> > > > > > > > connections.
> > > > > > > > 
> > > > > > > > The current system is running FreeBSD with ZFS and I would like 
> > > > > > > > to
> > > > > > > > see if it's possible on OpenBSD, as it's one of the last two 
> > > > > > > > systems
> > > > > > > > on FreeBSD left.:)
> > > > > > > > 
> > > > > > > > Has anybody build a large filesystem using FFS2? Is it a good 
> > > > > > > > idea?
> > > > > > > > How does it perform? What are good tests to run?
> > > > > > > > 
> > > > > > > > Your help and suggestions are really appriciated!
> > > > > > > 
> > > > > > 
> > > > > > It doesn't always has to be that bad, on current:
> > > > > > 
> > > > > > [otto@lou:22]$ dmesg | grep sd[123]
> > > > > > sd1 at scsibus1 targ 2 lun 0:  
> > > > > > naa.5000c500c3ef0896
> > > > > > sd1: 15259648MB, 512 bytes/sector, 31251759104 sectors
> > > > > > sd2 at scsibus1 targ 3 lun 0:  
> > > > > > naa.5000c500c40e8569
> > > > > > sd2: 15259648MB, 512 bytes/sector, 31251759104 sectors
> > > > > > sd3 at scsibus3 targ 1 lun 0: 
> > > > > > sd3: 30519295MB, 512 bytes/sector, 62503516672 sectors
> > > > > > 
> > > > > > [otto@lou:20]$ df -h /mnt 
> > > > > > Filesystem SizeUsed   Avail Capacity  Mounted on
> > > > > > /dev/sd3a 28.9T5.1G   27.4T 0%/mnt
> > > > > > 
> > > > > > [otto@lou:20]$ time doas fsck -f /dev/rsd3a 
> > > > > > ** /dev/rsd3a
> > > > > > ** File system is already clean
> > > > > > ** Last Mounted on /mnt
> > > > > > ** Phase 1 - Check Blocks and Sizes
> > > > > > ** Phase 2 - Check Pathnames
> > > > > > ** Phase 3 - Check Connectivity
> > > > > > ** Phase 4 - Check Reference Counts
> > > > > > ** Phase 5 - Check Cyl groups
> > > > > > 176037 files, 666345 u

Re: Large Filesystem

2020-11-15 Thread Mischa
On 15 Nov at 13:04, Otto Moerbeek  wrote:
> On Sat, Nov 14, 2020 at 05:59:37PM +0100, Otto Moerbeek wrote:
> 
> > On Sat, Nov 14, 2020 at 04:59:22PM +0100, Mischa wrote:
> > 
> > > On 14 Nov at 15:54, Otto Moerbeek  wrote:
> > > > On Sat, Nov 14, 2020 at 03:13:57PM +0100, Leo Unglaub wrote:
> > > > 
> > > > > Hey,
> > > > > my largest filesystem with OpenBSD on it is 12TB and for the minimal 
> > > > > usecase
> > > > > i have it works fine. I did not loose any data or so. I have it 
> > > > > mounted with
> > > > > the following flags:
> > > > > 
> > > > > > local, noatime, nodev, noexec, nosuid, softdep
> > > > > 
> > > > > The only thing i should mention is that one time the server crashed 
> > > > > and i
> > > > > had to do a fsck during the next boot. It took around 10 hours for 
> > > > > the 12TB.
> > > > > This might be something to keep in mind if you want to use this on a 
> > > > > server.
> > > > > But if my memory serves me well otto did some changes to fsck on 
> > > > > ffs2, so
> > > > > maybe thats a lot faster now.
> > > > > 
> > > > > I hope this helps you a little bit!
> > > > > Greetings from Vienna
> > > > > Leo
> > > > > 
> > > > > Am 14.11.2020 um 13:50 schrieb Mischa:
> > > > > > I am currently in the process of building a large filesystem with
> > > > > > 12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, to serve 
> > > > > > as a
> > > > > > central, mostly download, platform with around 100 concurrent
> > > > > > connections.
> > > > > > 
> > > > > > The current system is running FreeBSD with ZFS and I would like to
> > > > > > see if it's possible on OpenBSD, as it's one of the last two systems
> > > > > > on FreeBSD left.:)
> > > > > > 
> > > > > > Has anybody build a large filesystem using FFS2? Is it a good idea?
> > > > > > How does it perform? What are good tests to run?
> > > > > > 
> > > > > > Your help and suggestions are really appriciated!
> > > > > 
> > > > 
> > > > It doesn't always has to be that bad, on current:
> > > > 
> > > > [otto@lou:22]$ dmesg | grep sd[123]
> > > > sd1 at scsibus1 targ 2 lun 0:  
> > > > naa.5000c500c3ef0896
> > > > sd1: 15259648MB, 512 bytes/sector, 31251759104 sectors
> > > > sd2 at scsibus1 targ 3 lun 0:  
> > > > naa.5000c500c40e8569
> > > > sd2: 15259648MB, 512 bytes/sector, 31251759104 sectors
> > > > sd3 at scsibus3 targ 1 lun 0: 
> > > > sd3: 30519295MB, 512 bytes/sector, 62503516672 sectors
> > > > 
> > > > [otto@lou:20]$ df -h /mnt 
> > > > Filesystem SizeUsed   Avail Capacity  Mounted on
> > > > /dev/sd3a 28.9T5.1G   27.4T 0%/mnt
> > > > 
> > > > [otto@lou:20]$ time doas fsck -f /dev/rsd3a 
> > > > ** /dev/rsd3a
> > > > ** File system is already clean
> > > > ** Last Mounted on /mnt
> > > > ** Phase 1 - Check Blocks and Sizes
> > > > ** Phase 2 - Check Pathnames
> > > > ** Phase 3 - Check Connectivity
> > > > ** Phase 4 - Check Reference Counts
> > > > ** Phase 5 - Check Cyl groups
> > > > 176037 files, 666345 used, 3875083616 free (120 frags, 484385437
> > > > blocks, 0.0% fragmentation)
> > > > 1m47.80s real 0m14.09s user 0m06.36s system
> > > > 
> > > > But note that fsck for FFS2 will get slower once more inodes are in
> > > > use or have been in use.
> > > > 
> > > > Also, creating the fs with both blockszie and fragment size of 64k
> > > > will make fsck faster (due to less inodes), but that should only be
> > > > done if the files you are going to store ar relatively big (generally
> > > > much bigger than 64k).
> > > 
> > > Good to know. This will be mostly large files indeed.
> > > That would be "newfs -i 64"?
> > 
> > Nope, newfs -b 65536 -f 65536 
> 
> To clarify: the default block size for large filesystems is already
> 2^16, but this value is taken from the label, so if another fs was on
> that partitio

Re: Large Filesystem

2020-11-14 Thread Mischa
On 14 Nov at 16:49, Johan Huldtgren  wrote:
> hello,
> 
> On 2020-11-14 13:50, Mischa wrote:
> > Hi All,
> > 
> > I am currently in the process of building a large filesystem with
> > 12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, to serve as a
> > central, mostly download, platform with around 100 concurrent
> > connections.
> > 
> > The current system is running FreeBSD with ZFS and I would like to
> > see if it's possible on OpenBSD, as it's one of the last two systems
> > on FreeBSD left. :)
> > 
> > Has anybody build a large filesystem using FFS2? Is it a good idea?
> > How does it perform? What are good tests to run?
> > 
> > Your help and suggestions are really appriciated!
> 
> I have a filesystem about that size on my home file server, (5 x 14TB SAS
> in raid5 plus a hot spare) the drives are connected to a RAID card, but
> then it's just FFS2 on it. It runs reasonably well for home use. Not
> spectacular but not so that anyone has any complaints. fsck does take
> quite some time to run, but this filesystem was created quite a long time
> ago with the then default settings.
> 
> $ dmesg | grep LSI
> mfi0: "LSI MegaRAID SAS 9260-8i", firmware 12.15.0-0239, 512MB cache
> sd0 at scsibus1 targ 0 lun 0:  naa.
> 
> $ df -h /mnt
> Filesystem     SizeUsed   Avail Capacity  Mounted on
> /dev/sd0a 50.5T   14.6T   33.4T30%/mnt

Great to hear! Will give it a go and see how it behaves.

Mischa




Re: Large Filesystem

2020-11-14 Thread Mischa
On 14 Nov at 15:54, Otto Moerbeek  wrote:
> On Sat, Nov 14, 2020 at 03:13:57PM +0100, Leo Unglaub wrote:
> 
> > Hey,
> > my largest filesystem with OpenBSD on it is 12TB and for the minimal usecase
> > i have it works fine. I did not loose any data or so. I have it mounted with
> > the following flags:
> > 
> > > local, noatime, nodev, noexec, nosuid, softdep
> > 
> > The only thing i should mention is that one time the server crashed and i
> > had to do a fsck during the next boot. It took around 10 hours for the 12TB.
> > This might be something to keep in mind if you want to use this on a server.
> > But if my memory serves me well otto did some changes to fsck on ffs2, so
> > maybe thats a lot faster now.
> > 
> > I hope this helps you a little bit!
> > Greetings from Vienna
> > Leo
> > 
> > Am 14.11.2020 um 13:50 schrieb Mischa:
> > > I am currently in the process of building a large filesystem with
> > > 12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, to serve as a
> > > central, mostly download, platform with around 100 concurrent
> > > connections.
> > > 
> > > The current system is running FreeBSD with ZFS and I would like to
> > > see if it's possible on OpenBSD, as it's one of the last two systems
> > > on FreeBSD left.:)
> > > 
> > > Has anybody build a large filesystem using FFS2? Is it a good idea?
> > > How does it perform? What are good tests to run?
> > > 
> > > Your help and suggestions are really appriciated!
> > 
> 
> It doesn't always has to be that bad, on current:
> 
> [otto@lou:22]$ dmesg | grep sd[123]
> sd1 at scsibus1 targ 2 lun 0:  
> naa.5000c500c3ef0896
> sd1: 15259648MB, 512 bytes/sector, 31251759104 sectors
> sd2 at scsibus1 targ 3 lun 0:  
> naa.5000c500c40e8569
> sd2: 15259648MB, 512 bytes/sector, 31251759104 sectors
> sd3 at scsibus3 targ 1 lun 0: 
> sd3: 30519295MB, 512 bytes/sector, 62503516672 sectors
> 
> [otto@lou:20]$ df -h /mnt 
> Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/sd3a 28.9T5.1G   27.4T 0%/mnt
> 
> [otto@lou:20]$ time doas fsck -f /dev/rsd3a 
> ** /dev/rsd3a
> ** File system is already clean
> ** Last Mounted on /mnt
> ** Phase 1 - Check Blocks and Sizes
> ** Phase 2 - Check Pathnames
> ** Phase 3 - Check Connectivity
> ** Phase 4 - Check Reference Counts
> ** Phase 5 - Check Cyl groups
> 176037 files, 666345 used, 3875083616 free (120 frags, 484385437
> blocks, 0.0% fragmentation)
> 1m47.80s real 0m14.09s user 0m06.36s system
> 
> But note that fsck for FFS2 will get slower once more inodes are in
> use or have been in use.
> 
> Also, creating the fs with both blockszie and fragment size of 64k
> will make fsck faster (due to less inodes), but that should only be
> done if the files you are going to store ar relatively big (generally
> much bigger than 64k).

Good to know. This will be mostly large files indeed.
That would be "newfs -i 64"?
Is there a way to see how many inodes that would create?

> As for the speed of general operation, I wouldn't know. I never used
> such large firessytems for anything other than archive storage. The fs
> above I only have been using for filesystem dev work.
> 
>   -Otto



Large Filesystem

2020-11-14 Thread Mischa
Hi All,

I am currently in the process of building a large filesystem with
12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, to serve as a
central, mostly download, platform with around 100 concurrent
connections.

The current system is running FreeBSD with ZFS and I would like to
see if it's possible on OpenBSD, as it's one of the last two systems
on FreeBSD left. :)

Has anybody build a large filesystem using FFS2? Is it a good idea?
How does it perform? What are good tests to run?

Your help and suggestions are really appriciated!

Mischa



Re: relayd doesn't load keypair with two listen statements

2020-10-09 Thread Mischa
Anybody else seeing this?

Mischa

> On 20 Dec 2019, at 15:54, Mischa  wrote:
> 
> Hi All,
> 
> When using the following config for relayd, the keypair is not loaded twice.
> Without 'keypair' and using the default way, .crt and 
> .crt in /etc/ssl and /etc/ssl/private it's working as expected.
> 
> Is this expected behavior?
> 
> ###
> table  { 127.0.0.1 }
> ext_v4 = "46.xx.xx.130"
> ext_v6 = "2a03::xxx::130"
> http protocol httpfilter {
>tcp { nodelay, sack }
>pass request quick path "/.well-known/acme-challenge/*" forward to 
> 
> }
> http protocol httpsfilter {
>tcp { nodelay, sack }
>tls { keypair test.high5.nl, ciphers 
> "kEECDH:!AESGCM:!aNULL:!SHA1:!MD5:@STRENGTH", no client-renegotiation }
> }
> relay default {
>listen on $ext_v4 port 80
>listen on $ext_v6 port 80
>protocol httpfilter
>forward to  port 80
>forward to  port 3129
> }
> relay default_tls {
>listen on $ext_v4 port 443 tls
>listen on $ext_v6 port 443 tls
>protocol httpsfilter
>forward to  port 443
> }
> ###
> 
> test# relayd -d -
> startup
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> socket_rlimit: max open files 1024
> relay_load_certfiles: using certificate /etc/ssl/test.high5.nl.crt
> relay_load_certfiles: using private key /etc/ssl/private/test.high5.nl.key
> /etc/relayd.conf:22: cannot load certificates for relay default_tls4:443
> socket_rlimit: max open files 1024
> pfe: filter init done
> hce exiting, pid 30862
> pfe exiting, pid 39056
> ca exiting, pid 87123
> ca exiting, pid 32013
> ca exiting, pid 78073
> relay exiting, pid 24340
> relay exiting, pid 4410
> relay exiting, pid 14486



support new

2020-09-30 Thread Mischa
0
C Netherlands
P
T Amsterdam
Z 1083 HN
O OpenBSD Amsterdam
I
A Barbara Strozzilaan 251
M service@openbsd.amsterdam
U https://openbsd.amsterdam/
B
X
N Hosting OpenBSD VMs on dedicated vmm(4)/vmd(8) servers.



Re: sysupgrade after upgrade shuts down VM

2020-09-24 Thread Mischa
To close the loop on this, this behaviour isn’t present on -current.

Mischa

> On 24 Sep 2020, at 08:30, Mischa  wrote:
> 
> Hi All,
> 
> With the last couple of -current updates I noticed a VM doesn’t come back 
> after running sysupgrade, which it used to do.
> I don’t know exactly when it started but something in the late #60s.
> 
> Running sysupgrade from within the VM, it reboots and goes through the 
> upgrade as normal. Once it’s done with the upgrade it shuts down.
> Tail-end of the process from the latest sysupgrade.
> 
> Set name(s)? (or 'abort' or 'done') [done] done
> Directory does not contain SHA256.sig. Continue without verification? [no] yes
> Installing bsd  100% |**| 20383 KB00:01   
>  
> Installing bsd.rd   100% |**| 10141 KB00:00   
>  
> Installing base68.tgz   100% |**|   289 MB01:42   
>  
> Installing comp68.tgz   100% |**| 74305 KB00:52   
>  
> Installing man68.tgz100% |**|  7484 KB00:10   
>  
> Installing game68.tgz   100% |**|  2739 KB00:01   
>  
> Installing xbase68.tgz  100% |**| 28866 KB00:17   
>  
> Installing xshare68.tgz 100% |**|  4499 KB00:15   
>  
> Installing xfont68.tgz  100% |**| 39342 KB00:23   
>  
> Installing xserv68.tgz  100% |**| 18333 KB00:07   
>  
> Location of sets? (disk http nfs or 'done') [done] done
> Making all device nodes... done.
> Relinking to create unique kernel... done.
> 
> CONGRATULATIONS! Your OpenBSD upgrade has been successfully completed!
> 
> syncing disks... done
> vmmci0: powerdown
> rebooting...
> 
> [EOT]
> 
> # vmctl show tx
>   ID   PID VCPUS  MAXMEM  CURMEM TTYOWNERSTATE NAME
>    3 - 14.0G   -   - root  stopped tx
> 
> 
> Anything I can change to have the VM reboot and not shutdown?
> 
> Mischa
> 



sysupgrade after upgrade shuts down VM

2020-09-24 Thread Mischa
Hi All,

With the last couple of -current updates I noticed a VM doesn’t come back after 
running sysupgrade, which it used to do.
I don’t know exactly when it started but something in the late #60s.

Running sysupgrade from within the VM, it reboots and goes through the upgrade 
as normal. Once it’s done with the upgrade it shuts down.
Tail-end of the process from the latest sysupgrade.

Set name(s)? (or 'abort' or 'done') [done] done
Directory does not contain SHA256.sig. Continue without verification? [no] yes
Installing bsd  100% |**| 20383 KB00:01
Installing bsd.rd   100% |**| 10141 KB00:00
Installing base68.tgz   100% |**|   289 MB01:42
Installing comp68.tgz   100% |**| 74305 KB00:52
Installing man68.tgz100% |**|  7484 KB00:10
Installing game68.tgz   100% |**|  2739 KB00:01
Installing xbase68.tgz  100% |**| 28866 KB00:17
Installing xshare68.tgz 100% |**|  4499 KB00:15
Installing xfont68.tgz  100% |**| 39342 KB00:23
Installing xserv68.tgz  100% |**| 18333 KB00:07
Location of sets? (disk http nfs or 'done') [done] done
Making all device nodes... done.
Relinking to create unique kernel... done.

CONGRATULATIONS! Your OpenBSD upgrade has been successfully completed!

syncing disks... done
vmmci0: powerdown
rebooting...

[EOT]

# vmctl show tx
   ID   PID VCPUS  MAXMEM  CURMEM TTYOWNERSTATE NAME
3 - 14.0G   -   - root  stopped tx


Anything I can change to have the VM reboot and not shutdown?

Mischa



Re: Running out of pty's

2020-08-27 Thread Mischa Peters



--

> On 27 Aug 2020, at 16:25, Paul de Weerd  wrote:
> 
> On Thu, Aug 27, 2020 at 02:52:04PM +0200, Mischa wrote:
> | Hi All,
> | 
> | I am managing a OpenBSD instance for a customer of mine who uploads camera 
> images via sftp to be used in a single location.
> | It looks like there are quite a number of camera’s uploading at once.
> | I am seeing a lot of message like:
> | 
> | Aug 27 13:53:28 images sshd[68494]: error: do_exec_no_pty: fork: Resource 
> temporarily unavailable
> | Aug 27 13:53:43 images sshd[53989]: error: do_exec_no_pty: fork: Resource 
> temporarily unavailable
> 
> For the archives .. you're not running out of pty's but. 
> 
> you can't fork.  That's another resource that's limited.  There's
> a kernel limit (sysctl kern.maxproc), but there's also ulimits (those
> you are more likely to hit, especially if it's all the same user).

Thanx Paul! That was indeed it.
Increasing the maxproc in /etc/login.conf made it work.

Mischa

> | I have tried adding a bunch of pty’s and increased them,
> | inadvertently from 62 to 620, but I guess I missed something. :/
> 
> You missed the 'fork' part.  Oh, and the "no_pty" part of the function
> that was complaining: sftp can work without a pty (see
> https://man.openbsd.org/ssh#T - sftp doesn't need a pseudo terminal
> IIRC).
> 
> | Any insights someone can share?
> 
> Cheers,
> 
> Paul
> 
> -- 
>> [<++>-]<+++.>+++[<-->-]<.>+++[<+
> +++>-]<.>++[<>-]<+.--.[-]
> http://www.weirdnet.nl/ 



Running out of pty's

2020-08-27 Thread Mischa
Hi All,

I am managing a OpenBSD instance for a customer of mine who uploads camera 
images via sftp to be used in a single location.
It looks like there are quite a number of camera’s uploading at once.
I am seeing a lot of message like:

Aug 27 13:53:28 images sshd[68494]: error: do_exec_no_pty: fork: Resource 
temporarily unavailable
Aug 27 13:53:43 images sshd[53989]: error: do_exec_no_pty: fork: Resource 
temporarily unavailable
...etc…

I have tried adding a bunch of pty’s and increased them, inadvertently from 62 
to 620, but I guess I missed something. :/

Any insights someone can share?

Mischa




tmux border change in 6.7-current

2020-06-06 Thread Mischa

Hi All,

Not sure I am the only one and my config needs to change, but with tmux 
config I am using I seeing a difference in 6.7-stable and 6.7-current in 
the way the border is presented.


The config I am using is:
###
set -g  base-index 1
set -g  history-limit 1
set -g  mouse on
set -g  prefix C-a
set -g  renumber-windows on
set -g  status-interval 1
set -g  status-left ''
set -g  status-left-length 40
set -g  status-position bottom
set -g  status-right ' #(status)'
set -g  status-right-length 100
set -g  status-style fg=default,bg=black
set -g  visual-activity on
set -gs default-terminal xterm-256color
set -gs escape-time 0
set -gw alternate-screen off
set -gw automatic-rename on
set -gw mode-keys vi
set -gw monitor-activity on
set -gw pane-active-border-style fg=brightwhite
set -gw pane-base-index 1
set -gw pane-border-format ' #W '
set -gw pane-border-status bottom
set -gw window-status-activity-style fg=brightwhite
set -gw window-status-bell-style fg=brightcyan
set -gw window-status-current-format '#W'
set -gw window-status-current-style fg=yellow,bg=default,bright
set -gw window-status-format '#W'
set -gw window-status-separator '  '
set -gw window-status-style fg=default,bg=default
unbind C-b
unbind r
unbind l
bind a send-prefix
bind r source-file ~/.tmux.conf \; display ' Reloaded!'
bind C-a last-window
bind -T copy-mode-vi 'v' send -X begin-selection
bind -T copy-mode-vi 'p' send -X copy-pipe-and-cancel 'xclip -selection 
primary -i'
bind -T copy-mode-vi 'y' send -X copy-pipe-and-cancel 'xclip -selection 
clipboard -i'

###

Yes I was a screen user before. :))

The bottom border in simple mode now has ++ at the beginning and the end 
of the line.

In "normal" mode these are presented in utf-8 (?) characters.
See attached screenshots.

For the ones who aren't able to view them in their mail client, I have 
added them to my website. https://high5.nl/tmux/


Is this something that I can fix in my config?

Thanx!

Mischa


Re: Openbsd 6.6 httpd custom 404 page

2020-05-28 Thread Mischa
Hi Flint,

It’s a BGP Looking Glass.
https://man.openbsd.org/bgplg <https://man.openbsd.org/bgplg>

https://nlix.high5.nl/cgi-bin/bgplg <https://nlix.high5.nl/cgi-bin/bgplg>

Mischa


> On 28 May 2020, at 17:51, flint pyrite  wrote:
> 
> What is
> 
> /var/www/htdocs/bgplg
> 
> for?
> 
> On Thu, May 28, 2020 at 5:13 AM Mischa  wrote:
> 
>> Hi Matthias,
>> 
>> Very nice features, would be great to see these in httpd.
>> 
>> Mischa
>> 
>> 
>>> On 28 May 2020, at 11:42, Matthias  wrote:
>>> 
>>> Riccardo,
>>> 
>>> you can try this: https://github.com/mpfr/httpd-plus
>>> 
>>> ... and add something like that into your httpd.conf(5):
>>> 
>>> location not found "/*" {
>>>  request rewrite "/404.html"
>>> }
>>> 
>>> My original motivation for writing these add-ons was to get WordPress
>>> running on httpd(8) which also requires handling of non-existent
>> locations.
>>> 
>>> Best regards,
>>> Matthias
>>> 
>>> 
>>> 
>>> On 2020-05-26 17:34, Riccardo Giuntoli wrote:
>>>> Hello there dear OpenBSD fellows.
>>>> 
>>>> I would like to change default 404 page in httpd(8), and I've seen in
>> this
>>>> list that in past versions is hardcoded into the C sources.
>>>> 
>>>> Now it's possible in httpd.conf(5) ?
>>>> 
>>>> Very nice regards,
>>>> 
>>>> RG.
>>>> 
>>> 
>> 
>> 



Re: Openbsd 6.6 httpd custom 404 page

2020-05-28 Thread Mischa
Hi Matthias,

Very nice features, would be great to see these in httpd.

Mischa


> On 28 May 2020, at 11:42, Matthias  wrote:
> 
> Riccardo,
> 
> you can try this: https://github.com/mpfr/httpd-plus
> 
> ... and add something like that into your httpd.conf(5):
> 
> location not found "/*" {
>   request rewrite "/404.html"
> }
> 
> My original motivation for writing these add-ons was to get WordPress
> running on httpd(8) which also requires handling of non-existent locations.
> 
> Best regards,
> Matthias
> 
> 
> 
> On 2020-05-26 17:34, Riccardo Giuntoli wrote:
>> Hello there dear OpenBSD fellows.
>> 
>> I would like to change default 404 page in httpd(8), and I've seen in this
>> list that in past versions is hardcoded into the C sources.
>> 
>> Now it's possible in httpd.conf(5) ?
>> 
>> Very nice regards,
>> 
>> RG.
>> 
> 



Re: Can't install OpenBSD 6.6 on apu4d4

2020-02-05 Thread Mischa
Before you boot do at boot> do:

stty com0 115200
set tty com0

After that boot as normal.

Mischa

> On 6 Feb 2020, at 08:13, mabi  wrote:
> 
> Hi there,
> 
> I am trying to install OpenBSD 6.6 (install66.fs) from a USB key on a PC 
> Engines apu4d4 box. Unfortunately the installer does not seem to start as it 
> reboots after loading a few seconds of the bsd.rd image as you can see from 
> my output below:
> 
> SeaBIOS (version rel-1.12.1.3-0-g300e8b7)
> 
> Press F10 key now for boot menu
> 
> Booting from Hard Disk...
> Using drive 0, partition 3.
> Loading..
> probing: pc0 com0 com1 com2 com3 mem[639K 3325M 752M a20=on]
> disk: hd0+ hd1+*
>>> OpenBSD/amd64 BOOT 3.45
> boot>
> 
> cannot open hd0a:/etc/random.seed: No such file or directory
> booting hd0a:/6.6/amd64/bsd.rd: 3732171+1537024+3885432+0+598016 
> [376562+128+455
> 544+303577]=0xa648d0
> entry point at 0x8100100
> 
> PC Engines apu4
> coreboot build 20202901
> BIOS version v4.11.0.3
> 
> 
> I upgraded the BIOS from v4.11.0.2 to v4.11.0.3 and tried another USB key but 
> still the same happens.
> 
> Am I missing something here?
> 
> Regards,
> Mabi
> 
> 
> 
> 



Re: APU2 fails to boot on OpenBSD 6.6-current #521

2020-01-04 Thread Mischa
On 20 Dec at 06:16, William Ahern  wrote:
> On Fri, Dec 13, 2019 at 10:52:03PM +0100, Alexander Pluhar wrote:
> > 
> > > Just upgraded my APU2 to the latest -current and it seems to hang on the 
> > > disk.
> > > It was fine running on -current #512.
> > 
> > I encountered this problem on 6.6 stable with the latest syspatches 
> > installed after
> > updating the APU firmware[1] to 4.11.0.1.
> > 
> > It worked again after downgrading to 4.10.0.3.
> > 
> > [1] https://pcengines.github.io
> 
> Here's the github ticket: https://github.com/pcengines/coreboot/issues/356
> Looks like the culprit has been found and a fix submitted upstream.
> 

4.11.0.2 is released: https://pcengines.github.io/#mr-30

Mischa



Re: sending mail from wordpress

2020-01-02 Thread Mischa
Hi Edgar,

Have a look at /usr/local/share/doc/pkg-readmes/femail-chroot
It will tell you everything you need to know and do. :)

Mischa

On  2 Jan at 06:21, Edgar Pettijohn  wrote:
> I'm having trouble getting mail to go through wordpress.
> 
> I have femail installed as /var/www/usr/sbin/sendmail.
> 
> In /etc/php-7.1.ini I have:
> 
> sendmail_path = "/usr/sbin/sendmail -f ed...@pettijohn-web.com"
> 
> 
> I can:
> 
> echo "HI" | chroot /var/www /usr/sbin/sendmail -f ed...@pettijohn-web.com
> testaddress
> 
> and the mail goes through.
> 
> 
> However, I get the following from wordpress.
> 
> The email could not be sent. Possible reason: your host may have disabled
> the mail() function.
> 
> 
> The mail() function is not disabled. If my reading of class-phpmailer.php is
> correct it should see that sendmail_path is defined and use sendmail instead
> of mail().
> 
> Any help is appreciated.
> 
> 
> Thanks,
> 
> 
> Edgar
> 
 



relayd doesn't load keypair with two listen statements

2019-12-20 Thread Mischa

Hi All,

When using the following config for relayd, the keypair is not loaded 
twice.
Without 'keypair' and using the default way, .crt and 
.crt in /etc/ssl and /etc/ssl/private it's working as 
expected.


Is this expected behavior?

###
table  { 127.0.0.1 }
ext_v4 = "46.xx.xx.130"
ext_v6 = "2a03::xxx::130"
http protocol httpfilter {
tcp { nodelay, sack }
pass request quick path "/.well-known/acme-challenge/*" forward 
to 

}
http protocol httpsfilter {
tcp { nodelay, sack }
tls { keypair test.high5.nl, ciphers 
"kEECDH:!AESGCM:!aNULL:!SHA1:!MD5:@STRENGTH", no client-renegotiation }

}
relay default {
listen on $ext_v4 port 80
listen on $ext_v6 port 80
protocol httpfilter
forward to  port 80
forward to  port 3129
}
relay default_tls {
listen on $ext_v4 port 443 tls
listen on $ext_v6 port 443 tls
protocol httpsfilter
forward to  port 443
}
###

test# relayd -d -
startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using certificate /etc/ssl/test.high5.nl.crt
relay_load_certfiles: using private key 
/etc/ssl/private/test.high5.nl.key

/etc/relayd.conf:22: cannot load certificates for relay default_tls4:443
socket_rlimit: max open files 1024
pfe: filter init done
hce exiting, pid 30862
pfe exiting, pid 39056
ca exiting, pid 87123
ca exiting, pid 32013
ca exiting, pid 78073
relay exiting, pid 24340
relay exiting, pid 4410
relay exiting, pid 14486



Re: unbound network optimizations

2019-12-15 Thread Mischa
On 12 Dec at 20:54, Jordan Geoghegan  wrote:
> 
> 
> On 2019-12-12 06:21, Winter Paulson wrote:
> > Hello,
> > 
> > I'm also experiencing the "Host is down" problem:
> > 
> > unbound: [85343:0] error: recvfrom 361 failed: Host is down
> > 
> > Running openbsd 6.6 (GENERIC.MP), current syspatch,
> > native unbound as a full resolver, pf disabled.
> > 
> > OpenBSD is a guest VM on a debian buster host using virtual e1000
> > network card ("Intel 82540EM" driver in openbsd). No firewall
> > in between. The VM is a tor-exit node.
> 
> I've heard others recommend using the vio driver over the em driver numerous
> times on here if running a virtualized instance. You may have a better time
> than you are now by using the VirtIO drivers. The intel nic emulation can
> sometimes have issues. Better to use an interface designed for virtualized
> environments.

I am seeing the same on OpenBSD on vmd/vmm. Similar setup.

Mischa



Re: APU2 fails to boot on OpenBSD 6.6-current #521

2019-12-15 Thread Mischa
On 13 Dec at 22:52, Alexander Pluhar  wrote:
> 
> > Just upgraded my APU2 to the latest -current and it seems to hang on the 
> > disk.
> > It was fine running on -current #512.
> 
> I encountered this problem on 6.6 stable with the latest syspatches installed 
> after
> updating the APU firmware[1] to 4.11.0.1.
> 
> It worked again after downgrading to 4.10.0.3.

Can confirm it's working again after downrading to 4.10.0.3.


Mischa



APU2 fails to boot on OpenBSD 6.6-current #521

2019-12-12 Thread Mischa
Hi All,

FYI
Just upgraded my APU2 to the latest -current and it seems to hang on the disk.
It was fine running on -current #512.

Mischa

###

SeaBIOS (version rel-1.12.1.3-0-g300e8b7)

Press F10 key now for boot menu

Booting from Hard Disk...
Using drive 0, partition 3.
Loading..
probing: pc0 com0 com1 com2 com3 mem[639K 3581M 496M a20=on] 
disk: hd0+
>> OpenBSD/amd64 BOOT 3.46
switching console to com>> OpenBSD/amd64 BOOT 3.46
boot> 0

booting hd0a:/bsd: 12817736+2741256+335904+0+708608 
[794080+128+1015800+742813]=0x12477f8
entry point at 0x81001000
[ using 2553848 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.6-current (GENERIC.MP) #521: Wed Dec 11 21:30:47 MST 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4259885056 (4062MB)
avail mem = 4118376448 (3927MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xdfe8c020 (13 entries)
bios0: vendor coreboot version "v4.11.0.1" date 12/09/2019
bios0: PC Engines apu2
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP SSDT MCFG TPM2 APIC HEST IVRS SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) 
UOH1(S3) UOH2(
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-64
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.26 MHz, 16-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,F
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
16-way L2 cac
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD GX-412TC SOC, 998.14 MHz, 16-30-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,F
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
16-way L2 cac
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD GX-412TC SOC, 998.14 MHz, 16-30-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,F
cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
16-way L2 cac
cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD GX-412TC SOC, 998.38 MHz, 16-30-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,F
cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
16-way L2 cac
cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec2, version 21, 32 pins, remapped
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus -1 (PCI0)
acpiprt1 at acpi0: bus -1 (PBR4)
acpiprt2 at acpi0: bus -1 (PBR5)
acpiprt3 at acpi0: bus -1 (PBR6)
acpiprt4 at acpi0: bus -1 (PBR7)
acpiprt5 at acpi0: bus -1 (PBR8)
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpibtn0 at acpi0: PWRB
acpicmos0 at acpi0
"AMD0030" at acpi0 not configured
"PRP0001" at acpi0 not configured
"PRP0001" at acpi0 not configured
"PRP0001" at acpi0 not configured
"PRP0001" at acpi0 not configured
"PRP0001" at acpi0 not configured
"PRP0001" at acpi0 not configured
"BOOT" at acpi0 not configured
cpu0: 998 MHz: speeds: 1000 800 600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
vendor "AMD", unknown product 0x1567 (class system subclass IOMMU, rev 0x00) at 
pci0 dev 0
pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
iwm

Re: Redraw of terminal change in 6.6?

2019-11-13 Thread Mischa
> On 4 Nov 2019, at 16:51, Mischa  wrote:
>> On 2 Nov 2019, at 15:19, Hiltjo Posthuma  wrote:
>> On Sat, Nov 02, 2019 at 08:32:50AM +0100, Mischa wrote:
>>> Hi All,
>>> 
>>> Not sure if this is on my side, setting, or if something has changed with 
>>> tmux or top redrawing of the terminal.
>>> I am using tmux, over mosh, on one of my jump hosts to connect to other 
>>> hosts. In some of the windows I have a remote top -C running.
>>> When I am attaching the tmux session on a smaller display, for example my 
>>> phone, the output of top is fine.
>>> 
>>> However when I connect back with a larger display the output of top is 
>>> completely garbled. It does recover line by line when processes jump to a 
>>> different “rank”.
>>> 
>>> Below are two screenshots with roughly 5 minutes between them.
>>> Anything I can test? Change? Do?
>>> 
>>> Thanx!!
>>> 
>>> Mischa
>>> 
>> 
>> Hi,
>> 
>> Same issue here since upgrading from 6.5 to 6.6.
>> 
>> I don't use mosh, but connect via SSH to a remote machine and attaching to 
>> tmux
>> running irssi.  It is attached to a shared session. The first attached
>> resolution/window size is bigger.
>> 
>> Maybe it is fixed already:
>> https://cvsweb.openbsd.org/src/usr.bin/tmux/server-client.c
>> rev 1.296
> 
> Thanx! Will check it out.

With -current I am still seeing the issue. Anybody else?

Mischa




Re: Redraw of terminal change in 6.6?

2019-11-04 Thread Mischa



> On 2 Nov 2019, at 15:19, Hiltjo Posthuma  wrote:
> 
> On Sat, Nov 02, 2019 at 08:32:50AM +0100, Mischa wrote:
>> Hi All,
>> 
>> Not sure if this is on my side, setting, or if something has changed with 
>> tmux or top redrawing of the terminal.
>> I am using tmux, over mosh, on one of my jump hosts to connect to other 
>> hosts. In some of the windows I have a remote top -C running.
>> When I am attaching the tmux session on a smaller display, for example my 
>> phone, the output of top is fine.
>> 
>> However when I connect back with a larger display the output of top is 
>> completely garbled. It does recover line by line when processes jump to a 
>> different “rank”.
>> 
>> Below are two screenshots with roughly 5 minutes between them.
>> Anything I can test? Change? Do?
>> 
>> Thanx!!
>> 
>> Mischa
>> 
> 
> Hi,
> 
> Same issue here since upgrading from 6.5 to 6.6.
> 
> I don't use mosh, but connect via SSH to a remote machine and attaching to 
> tmux
> running irssi.  It is attached to a shared session. The first attached
> resolution/window size is bigger.
> 
> Maybe it is fixed already:
> https://cvsweb.openbsd.org/src/usr.bin/tmux/server-client.c
> rev 1.296

Thanx! Will check it out.

Mischa



Re: Is there an easier way to browse ports?

2019-11-01 Thread Mischa
> On 1 Nov 2019, at 12:08, Alfred Morgan  wrote:
> 
> My current workflow looks something like this:
> 
> $ cd /usr/ports
> $ make print-index | less
> I search and scroll through and find something interesting such as
> opensonic.
> I read the Info: game based on the Sonic the Hedgehog universe
> ^Z
> $ cat games/opensonic/pkg/DESCR # I can't get make describe to work
> I read more about it.
> I google opensonic for screenshots.
> $ pkg_add opensonic
> $ opensonic
> $ fg
> 
> Ideally I would like a graphical ports browser with name, screenshots, and
> description that I can scroll and search through. Curation would be nice:
> ports suggestions, popular ports, dev team ports picks, etc.
> 
> -alfred

Have a look at: https://openports.pl <https://openports.pl/>

I think it ticks some of your boxes. :)

Mischa



Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-10 Thread Mischa
> On 10 Sep 2019, at 10:03, Hrvoje Popovski  wrote:
> 
> On 9.9.2019. 11:39, David Gwynne wrote:
>> This should be fixed in -current now. A snapshot should pick it up in a day 
>> or so. Sorry for the inconvenience.
>> 
>> Cheers,
>> dlg
> 
> Hi,
> 
> with new snapshot from 09-Sep-2019 bsd.rd and sysupgrade is working
> normally with mfii..

Also confirmed from my end. Thanx for the quick turn around.

Mischa



Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-09 Thread Mischa
Hi David,

Awesome! Thank you for the quick fix.
Will report back once the snapshot is there.

Mischa


> On 9 Sep 2019, at 11:39, David Gwynne  wrote:
> 
> This should be fixed in -current now. A snapshot should pick it up in a day 
> or so. Sorry for the inconvenience.
> 
> Cheers,
> dlg
> 
>> On 9 Sep 2019, at 11:08 am, Luke Small  wrote:
>> 
>> Yay!
>> -Luke
>> 
>> 
>> On Sun, Sep 8, 2019 at 8:07 PM David Gwynne  wrote:
>> I think I see the problem. We're going to try and test this locally and will 
>> hopefully have something committed in a few hours time.
>> 
>> dlg
>> 
>>> On 9 Sep 2019, at 10:33, Luke Small  wrote:
>>> 
>>> I have mfii too:
>>> dmesg | grep mfii:
>>> 
>>> mfii0 at pci11 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05:
>>> msi
>>> mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache
>>> scsibus1 at mfii0: 64 targets
>>> scsibus2 at mfii0: 256 targets
>>> 
>>>> On 8.9.2019. 18:19, Luke Small wrote:
>>>>> It doesn't work for me on the
>>>>> ftp.hostserver.de/archive/2019-08-29-0105/amd64/
>>>>> bsd.rd!
>>>> 
>>>> 
>>>> Hi,
>>>> 
>>>> do you maybe have mfii on that box ?
>>>> 
>>>> I'm having same problem as Mischa and i have mfii. with bsd.rd fsck
>>>> stops with this command
>>>> 
>>>> Which disk is the root disk? ('?' for details) [sd0] sd0
>>>> Checking root filesystem (fsck -fp /dev/sd0a)...
>>>> 
>>>> On other boxes without mfii bsd.rd and sysupgrade works just fine..
>>>> 
>>>> between 27.08 and 29.8 i saw this commit
>>>> 
>>>> Changes by:  d...@cvs.openbsd.org 2019/08/27 22:55:51
>>>> 
>>>> Modified files:
>>>> sys/dev/pci: mfii.c
>>>> 
>>>> Log message:
>>>> implement a DV_POWERDOWN handler to flush cache and shutdown the controller
>>>> 
>>>> this has been in snaps for the last week without issue, and has
>>>> been running in production on a bunch of my boxes for a week before
>>>> that, also without issue.
>>>> 
>>>> 
>>>> 
>> 
> 



Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Mischa Peters



> On 8 Sep 2019, at 14:22, Otto Moerbeek  wrote:
> 
>> On Sun, Sep 08, 2019 at 02:12:07PM +0200, Mischa wrote:
>> 
>> For completeness here is a successful boot on 6.5 MP#5.
> 
> Can you try bisecting using bsd.rd's from the archive?

Let me try a couple and see if I get different results. 
Any recommendation on how far back to start?

Mischa 

>-Otto
> 
>> 
>> Mischa
>> 
>>>> OpenBSD/amd64 BOOT 3.43
>> boot>
>> booting hd0a:/bsd: 10683784+2466832+34+0+675840 
>> [679209+128+857256+597608]=0xf8e4c0
>> entry point at 0x1001000
>> [ using 2135232 bytes of bsd ELF symbol table ]
>> Copyright (c) 1982, 1986, 1989, 1991, 1993
>>The Regents of the University of California.  All rights reserved.
>> Copyright (c) 1995-2019 OpenBSD. All rights reserved.  
>> https://www.OpenBSD.org
>> 
>> OpenBSD 6.5 (GENERIC.MP) #5: Thu Aug 29 20:38:30 CEST 2019
>>
>> r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 206094401536 (196546MB)
>> avail mem = 199838711808 (190581MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7f42c000 (99 entries)
>> bios0: vendor Dell Inc. version "2.7.0" date 05/23/2018
>> bios0: Dell Inc. PowerEdge R620
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S4 S5
>> acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT 
>> EINJ TCPA PC__ SRAT SSDT
>> acpi0: wakeup devices PCI0(S5) PCI1(S5)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.40 MHz, 06-2d-07
>> cpu0: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 99MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
>> cpu1 at mainbus0: apid 32 (application processor)
>> cpu1: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 1200.00 MHz, 06-2d-07
>> cpu1: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 0, package 1
>> cpu2 at mainbus0: apid 2 (application processor)
>> cpu2: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
>> cpu2: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>> cpu2: 256KB 64b/line 8-way L2 cache
>> cpu2: smt 0, core 1, package 0
>> cpu3 at mainbus0: apid 34 (application processor)
>> cpu3: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
>> cpu3: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>> cpu3: 256KB 64b/line 8-way L2 cache
>> cpu3: smt 0, core 1, package 1
>> cpu4 at mainbus0: apid 4 (application processor)
>> cpu4: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
>> cpu4: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>> cpu4: 256KB 64b/line 8-way L2 cache
>> cpu4: smt 0, core 2, package 0
>> cpu5 at mainbus0: apid 36 (application processor)
&

Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Mischa
For completeness here is a successful boot on 6.5 MP#5.

Mischa

>> OpenBSD/amd64 BOOT 3.43
boot>
booting hd0a:/bsd: 10683784+2466832+34+0+675840 
[679209+128+857256+597608]=0xf8e4c0
entry point at 0x1001000
[ using 2135232 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.5 (GENERIC.MP) #5: Thu Aug 29 20:38:30 CEST 2019

r...@syspatch-65-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 206094401536 (196546MB)
avail mem = 199838711808 (190581MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7f42c000 (99 entries)
bios0: vendor Dell Inc. version "2.7.0" date 05/23/2018
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ 
TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5) PCI1(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.40 MHz, 06-2d-07
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 32 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 1200.00 MHz, 06-2d-07
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 0, package 1
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 34 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 1, package 1
cpu4 at mainbus0: apid 4 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 2, package 0
cpu5 at mainbus0: apid 36 (application processor)
cpu5: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 0, core 2, package 1
cpu6 at mainbus0: apid 6 (application processor)
cpu6: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.00 MHz, 06-2d-07
cpu6: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARA

6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Mischa
Hi All,

Not sure if this is something I can change but bsd.rd #281 hangs on fsck on my 
machine.
Trying to upgrade my Dell R620 to 6.6 to test with vmm/vmd but I am unable to 
because of the fsck.

When I ctrl-c the fsck and try to restart the installer it hangs and the host 
needs a reboot.

Anything I can try, test, or do to either get more information or force the 
upgrade?
Below is the dmesg of the host.

Thanx!

Mischa

boot> bsd.rd
booting hd0a:bsd.rd: 3707595+1532928+3885304+0+598016 
[374998+128+454704+303083]=0xa5cd78
entry point at 0x1001000
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.6-beta (RAMDISK_CD) #281: Sat Sep  7 13:53:50 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 206094401536 (196546MB)
avail mem = 199844372480 (190586MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7f42c000 (99 entries)
bios0: vendor Dell Inc. version "2.7.0" date 05/23/2018
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ 
TCPA PC__ SRAT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz, 2800.44 MHz, 06-2d-07
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
tsc_timecounter_init: TSC skew=0 observed drift=0
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 1 pa 0xfec3f000, version 20, 24 pins, remapped
ioapic2 at mainbus0: apid 2 pa 0xfec7f000, version 20, 24 pins, remapped
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEX1)
acpiprt2 at acpi0: bus -1 (PE1C)
acpiprt3 at acpi0: bus 3 (PEX2)
acpiprt4 at acpi0: bus 2 (PEX3)
acpiprt5 at acpi0: bus 4 (PEX4)
acpiprt6 at acpi0: bus -1 (PEX5)
acpiprt7 at acpi0: bus 7 (PEX6)
acpiprt8 at acpi0: bus -1 (PEX7)
acpiprt9 at acpi0: bus 64 (PCI1)
acpiprt10 at acpi0: bus 65 (PEXB)
acpiprt11 at acpi0: bus -1 (PEXC)
acpiprt12 at acpi0: bus 66 (PEXD)
acpiprt13 at acpi0: bus -1 (PEXE)
acpicpu at acpi0 not configured
"PNP0A08" at acpi0 not configured
acpicmos0 at acpi0
"PNP0A08" at acpi0 not configured
"PNP0A08" at acpi0 not configured
"PNP0A08" at acpi0 not configured
"PNP0C14" at acpi0 not configured
cpu0: using IvyBridge MDS workaround
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel E5 Host" rev 0x07
ppb0 at pci0 dev 1 function 0 "Intel E5 PCIE" rev 0x07
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I350" rev 0x01: msi, address 
bc:30:5b:f7:50:a4
em1 at pci1 dev 0 function 1 "Intel I350" rev 0x01: msi, address 
bc:30:5b:f7:50:a5
em2 at pci1 dev 0 function 2 "Intel I350" rev 0x01: msi, address 
bc:30:5b:f7:50:a6
em3 at pci1 dev 0 function 3 "Intel I350" rev 0x01: msi, address 
bc:30:5b:f7:50:a7
ppb1 at pci0 dev 2 function 0 "Intel E5 PCIE" rev 0x07
pci2 at ppb1 bus 3
ppb2 at pci0 dev 2 function 2 "Intel E5 PCIE" rev 0x07
pci3 at ppb2 bus 2
mfii0 at pci3 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x01: msi
mfii0: "PERC H710 Mini", firmware 21.3.2-0005, 512MB cache
scsibus0 at mfii0: 64 targets
sd0 at scsibus0 targ 0 lun 0:  
naa.6848f690e6cb3f0024cc665a2468732c
sd0: 139392MB, 512 bytes/sector, 285474816 sectors
sd1 at scsibus0 targ 1 lun 0:  
naa.6848f690e6cb3f0024cc667325df6e29
sd1: 953344MB, 512 bytes/sector, 1952448512 sectors
scsibus1 at mfii0: 256 targets
ppb3 at pci0 dev 3 function 0 "Intel E5 PCIE" rev 0x07: msi
pci4 at ppb3 bus 4
"Intel E5 Address Map" rev 0x07 at pci0 dev 5 fun

Re: Syncing unbound.conf

2019-07-25 Thread Mischa
Hi Flipchan,

I am using rdist(1) for it:
https://chargen.one/obsdams/rdist-1-when-ansible-is-too-much

Mischa


> On 25 Jul 2019, at 13:55, Flipchan  wrote:
> 
> Greetings everyone,
> 
> Does anyone have a good solution for syncing unbound configuration files?
> 
> 
> i have the senario where i have two internal LAN's that in two different 
> offices that need to have the same internal
> dns system for the local systems, and there is a lot of changes being done in 
> the internal zone records so i need
> a good way to sync them(the ideal way where to have a similar solution like 
> mysql's master-master replication).
> 
> Both dns resolvers are running unbound on openbsd 6.5 and right now the 
> configuration file is synced with ansible.
> Does anyone have a good solution on replicating dns records/configs for 
> unbound. In the future it will be scaled
> even more so right now is a good time to implement some replication for the 
> unbound configs.
> 
> Does anyone have a solution for this?
> 
> There is people changing the config files on both instances so the ideal way 
> would be a replication real time sync function.
> 
> Anyone got any ideas?
> 
> 
> Thanks in advance 
> Ciao
> flipchan



Re: httpd acme-client renew multiple domains

2019-03-25 Thread Mischa



> On 25 Mar 2019, at 14:49, Solene Rapenne  wrote:
> 
> On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:
>> 
>> 
>>> On 25 Mar 2019, at 01:40, Stuart Henderson  wrote:
>>> 
>>> On 2019-03-23, Mischa  wrote:
>>>> Hi Geir,
>>>> 
>>>> I have solved this with a little script.
>>>> 
>>>> ###
>>>> #!/bin/sh
>>>> OUT=2
>>>> /usr/sbin/acme-client -v www.example.com
>>>> if test  $? -eq 0
>>>> then EXT=$?
>>>> fi
>>>> /usr/sbin/acme-client -v www.example1.com
>>>> if test $? -eq 0
>>>> then EXT=$?
>>>> fi
>>>> if test $EXT -eq 0
>>>> then
>>>>   echo "New certificates installed."
>>>>   rcctl restart httpd
>>>> else echo "No new certificates installed."
>>>> fi
>>>> ###
>>> 
>>> Simpler:
>>> 
>>> for i in www.example.com www.example1.com; do
>>> acme-client -v $i && reload=y
>>> done
>>> [[ -n $reload ]] && rcctl reload httpd
>> 
>> Nice!! I have a couple of more domains in there, so the 'for' becomes a 
>> little ugly, but I keep forgetting &&.
>> It's indeed not needed to use the actual exit code.
>> 
>> Mischa
>> 
>> 
> 
> One could easily write something like this:
> 
> #!/bin/sh
> 
> UPDATE=0
> for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
> do
>   acme-client $domain
>   if [ $? -eq 0 ]; then UPDATE=1 fi
> done
> 
> if [ $UPDATE -ne 0 ]; then
>   rcctl restart httpd dovecot smtpd
> fi
> 
> you could also handle the exit status per domain if you want more
> informations. I did write the script for this mail, it may contains
> errors.

Hi Solene,

Love it!
Going to combine both suggestions.

Thanx!

Mischa



Re: httpd acme-client renew multiple domains

2019-03-25 Thread Mischa



> On 25 Mar 2019, at 01:40, Stuart Henderson  wrote:
> 
> On 2019-03-23, Mischa  wrote:
>> Hi Geir,
>> 
>> I have solved this with a little script.
>> 
>> ###
>> #!/bin/sh
>> OUT=2
>> /usr/sbin/acme-client -v www.example.com
>> if test  $? -eq 0
>> then EXT=$?
>> fi
>> /usr/sbin/acme-client -v www.example1.com
>> if test $? -eq 0
>> then EXT=$?
>> fi
>> if test $EXT -eq 0
>> then
>>echo "New certificates installed."
>>rcctl restart httpd
>> else echo "No new certificates installed."
>> fi
>> ###
> 
> Simpler:
> 
> for i in www.example.com www.example1.com; do
>  acme-client -v $i && reload=y
> done
> [[ -n $reload ]] && rcctl reload httpd

Nice!! I have a couple of more domains in there, so the 'for' becomes a little 
ugly, but I keep forgetting &&.
It's indeed not needed to use the actual exit code.

Mischa




Re: httpd acme-client renew multiple domains

2019-03-23 Thread Mischa
Hi Geir,

I have solved this with a little script.

###
#!/bin/sh
OUT=2
/usr/sbin/acme-client -v www.example.com
if test  $? -eq 0
then EXT=$?
fi
/usr/sbin/acme-client -v www.example1.com
if test $? -eq 0
then EXT=$?
fi
if test $EXT -eq 0
then
echo "New certificates installed."
rcctl restart httpd
else echo "No new certificates installed."
fi
###

Added the following to cron:
@daily  sleep $((RANDOM \% 2048)) && /home/mischa/bin/lets.sh

Hope this helps.

Mischa


On 23 Mar at 16:39, Geir Svalland  wrote:
> Hello
> mtp$ uname -a
> OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
> 
> I'm hosting and serving multiple domains, 5 of them, using httpd.
> The domains are declared in /etc/acme-client.conf, and in my initial
> setup I used the command "acme-client -vAD example.com" on every domain 
> to create
> the certs. All of this is working great, but my question is regarding 
> updating.
> 
> I intend to use a cron job for this, "acme-client example.com && rcctl 
> reload httpd"
> but I'm not able to get this working for all of the domains in one 
> single command.
> 
> Is that possible to do ?
> Or do I have to use 5 differen lines with one domain name on each?
> 
> All the best
> Geir Svalland
> 



support new

2019-01-01 Thread Mischa
0
C Netherlands
P
T Amsterdam
Z 1083 HN
O OpenBSD Amsterdam
I
A Barbara Strozzilaan 251
M myvm@openbsd.amsterdam
U https://openbsd.amsterdam/
B
X
N Running dedicated OpenBSD vmm(4)/vmd(8) servers to host opinionated
OpenBSD VMs. For every VM 10 euro is donated to the OpenBSD Foundation every
year.



Re: VMs as real hosts on the same network

2018-12-07 Thread Mischa



> On 7 Dec 2018, at 12:32, mabi  wrote:
> 
> ‐‐‐ Original Message ‐‐‐
> On Friday, December 7, 2018 11:43 AM, Mischa  wrote:
> 
>> It might be as easy as adding: up
>> 
>> cat /etc/hostname.bridge6
>> 
>> ==
>> 
>> add vlan6
>> up
>> 
>> By default the bridge interface is not brought up.
>> You can also run: ifconfig bridge6 up
> 
> Good idea and I added "up" to my hostname.bridge6 file but it looks like it 
> was already up (at least by doing an ifconfig bridge6 shows the "UP" flag). 
> Neverthless to be on the safe side I rebooted the server but still not 
> connectivity on the vlan6/bridge6 network for the VMs.
> 
> On the bridge6 interface I can see the DHCP request with tcpdump when the 
> OpenBSD installer in the VM tries to fetch an IP address with DHCP:
> 
> 11:59:35.672258 0.0.0.0.68 > 255.255.255.255.67:  xid:0xbafb375b [|bootp] 
> [tos 0x10]
> 
> Then on the DHCP server I can see the following in loop:
> 
> Dec  7 12:00:27 dhcpsrv dhcpd[18917]: DHCPDISCOVER from fe:e1:bb:01:01:01 via 
> XXX.XXX.XXX.1
> Dec  7 12:00:27 dhcpsrv dhcpd[18917]: DHCPOFFER on XXX.XXX.XXX.101 to 
> fe:e1:bb:01:01:01 via XXX.XXX.XXX.1
> 
> The IP address ending with .1 is the gateway on my public network and the one 
> ending with .101 is the IP which should be assigned to my OpenBSD VM.
> 
> It seems like the traffic is not flowing back to the VM itself.
> 
> I just found a very interesting behaviour by running tcpdump on pretty much 
> all interfaces of my server to analyze the traffic at different levels and 
> BINGO: as soon as I run tcpdump on my trunk0 interface the DHCP request goes 
> through and my VM has network connectivity! But as soon as I stop tcpdump on 
> the trunk interface: no more network connectivity...
> 
> Now as far as I know running tcpdump enables promiscous mode (PROMISC flag on 
> the interface) and this should the reason why it works.
> 
> But now what does it mean for my setup, do I need to enable promiscuous mode 
> on my trunk interface manually? and if yes how can I do that?
> 

The VLAN does require an IP address as far as I am aware.

Mischa





Re: VMs as real hosts on the same network

2018-12-07 Thread Mischa


> On 7 Dec 2018, at 11:35, mabi  wrote:
> 
> Hello,
> 
> I am trying out VMM on an OpenBSD 6.4 server which has the following network 
> interfaces defined:
> 
> [bnx0]+[bnx1]-->[trunk0]-->[vlan2]
> [bnx0]+[bnx1]-->[trunk0]-->[vlan6]-->[bridge6]
> 
> The vlan2 is for the internal (management) network and vlan6 for the public 
> (internet) network. I manage my server from vlan2 and would like to have my 
> virtual machines on vlan6 which uses public IP addresses. For that purpose I 
> have setup my /etc/hostname.* files as such:
> 
> hostname.bnx0 + hostname.bnx1:
> up
> 
> hostname.trunk0:
> trunkproto failover trunkport bnx0 trunkport bnx1 up
> 
> hostname.vlan2:
> inet 192.168.1.5 255.255.255.0 192.168.1.255 vnetid 2 parent trunk0 
> description "private"
> 
> hostname.vlan6:
> vnetid 6 parent trunk0 description "public" up
> 
> hostname.bridge6:
> add vlan6
> 

It might be as easy as adding: up

# cat /etc/hostname.bridge6
add vlan6
up

By default the bridge interface is not brought up.
You can also run: ifconfig bridge6 up

This will most likely be the "problem".

Mischa

> I am actually using Option 4 from the Networking chapter in the  
> virtualization FAQ (https://www.openbsd.org/faq/faq16.html) just that my 
> setup has a redundant link (trunk0) and a VLAN (vlan6). So in theory that 
> should work but unfortunately when I start a VM to install OpenBSD 6.4 from 
> the bsd.rd boot file I do not have any network connectivity. I tried with 
> DHCP first and in that case on the DHCP server I see the DHCPDISCOVER and 
> DHCPOFFER requests/answer but there is never a DHCPACK. Then I tried 
> assigning a static IP directly but still no network connectivity. I can't 
> ping the default gateway of that public network. Checking with tcpdump on the 
> firewall I can see the ARP who-has request and the ARP reply back the the VM 
> but again it seems like the VM does not get it.
> 
> Here is my vm.conf conf file:
> 
> switch "uplink_vlan6" {
>interface bridge6
> }
> 
> vm "example" {
>disable
>memory 2G
>boot "/home/admin/bsd.rd"
>disk "/var/vmm/example.qcow2"
> 
>interface {
>switch "uplink_vlan6"
>lladdr fe:e1:bb:01:01:01
>}
> }
> 
> I have also totally disabled pf on that OpenBSD VMM server but that did not 
> change anything (I am using the default pf.conf from the installation)
> 
> Any ideas what I might be doing wrong or forgetting?
> 
> Regards,
> Mabi
> 



Re: Status of Owncloud?

2018-07-22 Thread Mischa
Besides that, in order to provide it an "internet" connection you need to copy 
your resolv.conf to /var/www/etc/

Mischa


> On 22 Jul 2018, at 19:26, Ax0n  wrote:
> 
> On Jul 22, 2018 10:11, "Nicolas Schmidt"  wrote:
> 
> Hi,
> 
> I just installed and configured owncloud on OpenBSD 6.3, and so far
> everything seems to work (except for owncloud complaining about not having
> an internet connection). However, when visiting http://localhost/owncloud/
> after installation, I was greeted by an unfriendly message telling me that
> owncloud doesn't run properly on OpenBSD. This message didn't go into more
> details, nor could I find anything on owncloud.com or openbsd.org regarding
> this.
> 
> So I'm wondering, what's the status of owncloud on OpenBSD? Is it still
> supported? Are there plans to remove support for it in future releases?
> 
> Best,
> Nicolas
> 
> 
> I know this doesn't directly answer your question, but it seems like many
> users (especially within but not limited to the OpenBSD community) started
> preferring NextCloud ( https://nextcloud.com ) which appears to be
> maintained by several of the original OwnCloud developers.
> 
> --ax0n



Re: HTTPD and php-cgi

2018-05-05 Thread Mischa Peters

> On 5 May 2018, at 03:23, Duncan Patton a Campbell <campb...@neotext.ca> wrote:
> 
> 
> I am looking for documentation on running php-cgi-5.6 under the bsd httpd 
> server.
> 
> From what I can tell, the function of php-fastcgi has been subsumed to 
> php-cgi-5.6, 
> but further than that I can find little or no salient documentation.  Any 
> pointers
> would be appreciated.

Hi Duncan,

Everything you need to know is in a README when you install the pkg. 

$ less /usr/local/share/doc/pkg-readmes/php-7.0.28

Unfortunately the php example has been removed from /etc/examples/httpd.conf

But you need something like the following in your httpd.conf:

server "default" {
listen on $ext_addr port 80
location "/.well-known/acme-challenge/*" {
root { "/acme", strip 2 }
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
root "/htdocs/default"
}

Mischa



Re: httpd - serving index.html & index.php at the same time

2018-04-11 Thread Mischa

> On 11 Apr 2018, at 22:53, Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> 
> Mischa
> Hows it going ?
> have you tried index.* for both html and php index support ?
> 
> I have been bailed out by the * before on php apps with seo friendly urls

Hey Tom!
Doing well man... looking forward to see you again at EuroBSD!

Not sure what you mean.


> 
> On Wed 11 Apr 2018, 21:50 Mischa, <obs...@high5.nl> wrote:
> 
>> 
>>> On 11 Apr 2018, at 22:40, Bryan Harris <bryanlhar...@gmail.com> wrote:
>>> 
>>> I'll ask a dumb question. Why do you need extra root directives? Can't
>> you
>>> do this?
>>> 
>>> location "^/phpapp/*" {
>>> directory index "index.php"
>>> }
>>> location "*.php" {
>>> fastcgi socket "/run/php-fmp.sock
>>> }
>>> 
>>> Bryan
>>> 
>> 
>> Not a dumb question and good suggestion. When location is in the same root
>> as defined you can indeed.
>> When it's not you have to define an alternative root.
>> 
>> Also when you want to "rewrite" certain URLs to index.php for example, you
>> have to define it as well.
>> 
>> Mischa
>> 
>>> On Wed, Apr 11, 2018 at 10:32 AM, Mischa <obs...@high5.nl> wrote:
>>> 
>>>>> On 11 Apr 2018, at 12:14, Gregory Edigarov <ediga...@qarea.com> wrote:
>>>>> 
>>>>> On 11.04.18 11:40, Mischa wrote
>>>>>> Ok, good to know. It doesn't work as written. The only thing I see in
>>>> the error.log is the fact that the PHP script is not found.
>>>>>> 
>>>>>> Access to the script '/htdocs/s/' has been denied (see
>>>> security.limit_extensions)
>>>>>> 
>>>>>> Which tells me index.php is not requested.
>>>>>> 
>>>>>> Browser tells me: File not found
>>>>>> 
>>>>>> Running in debug mode it shows the following
>>>>>> 
>>>>>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/
>> HTTP/1.1"
>>>> 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0)
>>>> Gecko/20100101 Firefox/58.0"
>>>>>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408
>> 0
>>>> "" ""
>>>>>> server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx,
>>>> timeout (408 Request Timeout)
>>>>>> Primary script unknown
>>>>>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/
>> HTTP/1.1"
>>>> 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0)
>>>> Gecko/20100101 Firefox/58.0"
>>>>>> 
>>>>>> Not sure what else to look at. :((
>>>>> Did some tests.
>>>>> here's how it works:
>>>>> 
>>>>>   location "/test" {
>>>>>   block return 301 "/test/"
>>>>>   }
>>>>>   location "/test/" {
>>>>>   root strip 1
>>>>>   root "/htdocs/phpapp"
>>>>>   directory index "test.php"
>>>>>   }
>>>>> 
>>>>> note "root strip 1" directive.
>>>> 
>>>> I had tried with strip 1 as well, it seems problem is with: fastcgi
>> socket
>>>> "/run/php-fpm.sock"
>>>> The working end result is something like:
>>>> 
>>>> server "default" {
>>>>   listen on $ext_addr port 80
>>>>   root "/htdocs/default"
>>>>   location "^/phpapp/*" {
>>>>   root { "/htdocs/phpapp", strip 1 }
>>>>   directory index "index.php"
>>>>   }
>>>>   location match "^/phpapp/[%l%u%d]+$" {
>>>>   root "/htdocs/phpapp/index.php"
>>>>   fastcgi socket "/run/php-fpm.sock"
>>>>   }
>>>>   location "/*.php*" {
>>>>   fastcgi socket "/run/php-fpm.sock"
>>>>   }
>>>> }
>>>> 
>>>> Thank you very much for your response and testing. Really appreciate it.
>>>> 
>>>> Mischa
>>>> 
>>>> 
>>> 
>>> 
>>> --
>>> So the HP guy comes up to me and he says, 'If you say nasty things like
>>> that to vendors you're not going to get anything'. I said 'no, in eight
>>> years of saying nothing, we've got nothing, and I'm going to start saying
>>> nasty things, in the hope that some of these vendors will start giving me
>>> money so I'll shut up'.
>>> 
>>> -Theo De Raadt
>> 
>> 



Re: httpd - serving index.html & index.php at the same time

2018-04-11 Thread Mischa

> On 11 Apr 2018, at 22:40, Bryan Harris <bryanlhar...@gmail.com> wrote:
> 
> I'll ask a dumb question. Why do you need extra root directives? Can't you
> do this?
> 
> location "^/phpapp/*" {
>  directory index "index.php"
> }
> location "*.php" {
>  fastcgi socket "/run/php-fmp.sock
> }
> 
> Bryan
> 

Not a dumb question and good suggestion. When location is in the same root as 
defined you can indeed.
When it's not you have to define an alternative root.

Also when you want to "rewrite" certain URLs to index.php for example, you have 
to define it as well.

Mischa

> On Wed, Apr 11, 2018 at 10:32 AM, Mischa <obs...@high5.nl> wrote:
> 
>>> On 11 Apr 2018, at 12:14, Gregory Edigarov <ediga...@qarea.com> wrote:
>>> 
>>> On 11.04.18 11:40, Mischa wrote
>>>> Ok, good to know. It doesn't work as written. The only thing I see in
>> the error.log is the fact that the PHP script is not found.
>>>> 
>>>> Access to the script '/htdocs/s/' has been denied (see
>> security.limit_extensions)
>>>> 
>>>> Which tells me index.php is not requested.
>>>> 
>>>> Browser tells me: File not found
>>>> 
>>>> Running in debug mode it shows the following
>>>> 
>>>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/ HTTP/1.1"
>> 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0)
>> Gecko/20100101 Firefox/58.0"
>>>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408 0
>> "" ""
>>>> server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx,
>> timeout (408 Request Timeout)
>>>> Primary script unknown
>>>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/ HTTP/1.1"
>> 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0)
>> Gecko/20100101 Firefox/58.0"
>>>> 
>>>> Not sure what else to look at. :((
>>> Did some tests.
>>> here's how it works:
>>> 
>>>location "/test" {
>>>block return 301 "/test/"
>>>}
>>>location "/test/" {
>>>root strip 1
>>>root "/htdocs/phpapp"
>>>directory index "test.php"
>>>}
>>> 
>>> note "root strip 1" directive.
>> 
>> I had tried with strip 1 as well, it seems problem is with: fastcgi socket
>> "/run/php-fpm.sock"
>> The working end result is something like:
>> 
>> server "default" {
>>listen on $ext_addr port 80
>>root "/htdocs/default"
>>location "^/phpapp/*" {
>>root { "/htdocs/phpapp", strip 1 }
>>directory index "index.php"
>>}
>>location match "^/phpapp/[%l%u%d]+$" {
>>root "/htdocs/phpapp/index.php"
>>fastcgi socket "/run/php-fpm.sock"
>>}
>>location "/*.php*" {
>>fastcgi socket "/run/php-fpm.sock"
>>}
>> }
>> 
>> Thank you very much for your response and testing. Really appreciate it.
>> 
>> Mischa
>> 
>> 
> 
> 
> -- 
> So the HP guy comes up to me and he says, 'If you say nasty things like
> that to vendors you're not going to get anything'. I said 'no, in eight
> years of saying nothing, we've got nothing, and I'm going to start saying
> nasty things, in the hope that some of these vendors will start giving me
> money so I'll shut up'.
> 
> -Theo De Raadt



Re: httpd - serving index.html & index.php at the same time

2018-04-11 Thread Mischa
> On 11 Apr 2018, at 12:14, Gregory Edigarov <ediga...@qarea.com> wrote:
> 
> On 11.04.18 11:40, Mischa wrote
>> Ok, good to know. It doesn't work as written. The only thing I see in the 
>> error.log is the fact that the PHP script is not found.
>> 
>> Access to the script '/htdocs/s/' has been denied (see 
>> security.limit_extensions)
>> 
>> Which tells me index.php is not requested.
>> 
>> Browser tells me: File not found
>> 
>> Running in debug mode it shows the following
>> 
>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/ HTTP/1.1" 404 
>> 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 
>> Firefox/58.0"
>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408 0 "" ""
>> server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx, 
>> timeout (408 Request Timeout)
>> Primary script unknown
>> default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/ HTTP/1.1" 404 
>> 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 
>> Firefox/58.0"
>> 
>> Not sure what else to look at. :((
> Did some tests.
> here's how it works:
> 
> location "/test" {
> block return 301 "/test/"
> }
> location "/test/" {
> root strip 1
> root "/htdocs/phpapp"
> directory index "test.php"
> }
> 
> note "root strip 1" directive.

I had tried with strip 1 as well, it seems problem is with: fastcgi socket 
"/run/php-fpm.sock"
The working end result is something like:

server "default" {
listen on $ext_addr port 80
root "/htdocs/default"
location "^/phpapp/*" {
root { "/htdocs/phpapp", strip 1 }
directory index "index.php"
}
location match "^/phpapp/[%l%u%d]+$" {
root "/htdocs/phpapp/index.php"
fastcgi socket "/run/php-fpm.sock"
}
location "/*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
}

Thank you very much for your response and testing. Really appreciate it.

Mischa



Re: httpd - serving index.html & index.php at the same time

2018-04-11 Thread Mischa
> On 11 Apr 2018, at 10:00, Gregory Edigarov <ediga...@qarea.com> wrote:
> 
> On 10.04.18 22:24, Mischa wrote:
>> Hi All,
>> 
>> Is there a way to serve both static and dynamic content, eg. index.html and 
>> index.php within the same server { } definition?
>> I am looking for something like:
>> 
>> server "default" {
>>listen on $ext_addr port 80
>>root "/htdocs"
>>directory index "index.html" # not needed as it's the default
>>location "/files/*" {
>>root "/htdocs/files"
>>directory auto index
>>}
>>location "^/phpapp/*" {
>>root "/htdocs/phpapp"
>>directory index "index.php"
>>fastcgi socket "/run/php-fpm.sock"
>>}
>> }
>> 
>> Is it possible at all or do I need split static and dynamic content based on 
>> server { }?
>> 
> Seems like it should work exactly as you have written.
> if not you should show more then you've shown.

Ok, good to know. It doesn't work as written. The only thing I see in the 
error.log is the fact that the PHP script is not found.

Access to the script '/htdocs/s/' has been denied (see 
security.limit_extensions)

Which tells me index.php is not requested.

Browser tells me: File not found

Running in debug mode it shows the following

default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/ HTTP/1.1" 404 0 
"" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 
Firefox/58.0"
default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408 0 "" ""
server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx, timeout 
(408 Request Timeout)
Primary script unknown
default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/ HTTP/1.1" 404 0 
"" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 
Firefox/58.0"

Not sure what else to look at. :((

Mischa




httpd - serving index.html & index.php at the same time

2018-04-10 Thread Mischa
Hi All,

Is there a way to serve both static and dynamic content, eg. index.html and 
index.php within the same server { } definition?
I am looking for something like:

server "default" {
listen on $ext_addr port 80
root "/htdocs"
directory index "index.html" # not needed as it's the default
location "/files/*" {
root "/htdocs/files"
directory auto index
}
location "^/phpapp/*" {
root "/htdocs/phpapp" 
directory index "index.php"   
fastcgi socket "/run/php-fpm.sock"
}
}

Is this possible at all or do I need split static and dynamic content based on 
server { }?

Thanx!!

Mischa



Re: ipv6 nd

2018-03-20 Thread Mischa
> On 20 Mar 2018, at 08:54, Marc Peters <m...@mpeters.org> wrote:
> On Tue, Mar 20, 2018 at 08:47:26AM +0100, Mischa wrote:
>>> On 20 Mar 2018, at 08:41, Marc Peters <m...@mpeters.org> wrote:
>>> 
>>> I use dhcpcd for on the WAN Interface to receive the prefix delegation. On 
>>> the internal network, i use slaac with rtadvd. The README for dhcpcd 
>>> provides the necessary information.
>> 
>> Is dhcpd able to pickup IPv6? I thought this needed to be done with 
>> wide-dhcpv6?
>> The one thing I don't like about IPv6 at the moment, the trouble you need to 
>> go through to get a IPv6 address on a PPPoE interface. :(
> 
> Yes, it is:
> https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/dhcpcd/pkg/README?rev=1.5=text/plain_with_tag=HEAD
> 
> At the moment, i only have a link-local address on the external interface 
> configured, which gets it router via slaac and router advertisements. The 
> external addresses are only on the internal facing interface and on these 
> hosts.

Interesting. So this would replace the dhcpclient in base?
What is the difference between wide-dhcpv6 and dhcpcd?

Mischa



Re: ipv6 nd

2018-03-20 Thread Mischa
> On 20 Mar 2018, at 08:41, Marc Peters <m...@mpeters.org> wrote:
> On Mon, Mar 19, 2018 at 11:27:12PM +, Peter van Oord van der Vlies wrote:
>> Hello Misc,
>> 
>> 
>> Today i replaced my cisco 881 because it wasn't able to handle the bandwidth 
>> anymore.
>> 
>> 
>> I had a working ipv6 setup for years with the following relevant part from 
>> my cisco wan interface
>> 
>> config part:
>> 
>>  ipv6 address autoconfig
>> 
>>  ipv6 enable
>> 
>>  ipv6 nd ra interval 30
>> 
>>  ipv6 dhcp client pd my_prefix rapid-commit
>> 
>> On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not
>> getting any global address.
>> 
>> Anyone here that can set me into the right direction ?
> 
> I use dhcpcd for on the WAN Interface to receive the prefix delegation. On 
> the internal network, i use slaac with rtadvd. The README for dhcpcd provides 
> the necessary information.

Is dhcpd able to pickup IPv6? I thought this needed to be done with wide-dhcpv6?
The one thing I don't like about IPv6 at the moment, the trouble you need to go 
through to get a IPv6 address on a PPPoE interface. :(

Mischa



Re: relayd clients on same network with servers

2018-03-19 Thread Mischa
Hi Giannis,

>From my experience dealing with a lot of load balancers in my time, and also 
>working for different vendors, the easiest is to use source-nat.
This is just configuration on the relayd itself without making "major" changes 
in the rest of the network or servers. Which you would need to do to when 
choosing different VLANs or DSR.

Your concern about source-net and hiding the client IP is valid, but easily 
fixed with Client-IP header in http, if http is the protocol, otherwise you 
will loose the client IP. ;)
One more thing to remember with source-nat is the maximum amount of concurrent 
connections you can handle in a single IP, if that is below 64k you are fine, 
otherwise you will have to create a pool of IPs to source-nat from.

In my opinion DSR is only relevant for services like FTP and NNTP, where you 
have a lot more traffic going out than coming in, so you don't have to put that 
burden through the single load balancer interface.

If you have the ability to change the VLANs that of course the cleanest of all 
the option and source-nat the dirtiest, but it's also the simplest. :)

Good luck!

Mischa


> On 19 Mar 2018, at 11:20, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> 
> wrote:
> 
> Hi,
> 
> I'm designing a new setup with relayd and multiple pools. I'm using redirects 
> with forward.
> 
> The problem I have is that all the real server as in the same VLAN.
> In advance the servers in one pool need to access the servers in another 
> pool, through the load balancer, thus having a problem with replies not 
> passing through the LB (ie IMAP server accessing LDAP servers)
> 
> I've thought of different solutions for this and I've come up to the 
> following. I need a second opinion:
> 
> 1) Use different VLAN per pool of servers
> 2) 1 VLAN, with 1 bridge and multiple subnets on vether devices
> 3) Source NAT to hide client IP
> 4) Use a relay as a proxy (instead of redirect on the $int_if)
> 5) Use DSR (route-to) with sloppy states
> 
> Solution 1 seems the best to me but it has overhead of adding/managing the 
> vlans everywhere.
> Solution 2 seems to work but I'm not quite sure about it
> 3 and 4 hide the client IP so I want to avoid it
> 5 also want to avoid, has problems with failover, don't like the half states
> 
> So 2 seems ok, I have basic separation of pools and I guess since I control 
> all the servers the jumping from one subnet to another is not a serious 
> security problem.
> 
> appreciate any opinions on this
> 
> Giannis
> ps. whole setup with carp-pfsync
> 



Re: relayd stops processing traffic intermittently

2018-03-14 Thread Mischa
Hi Tom!

Before, relayd would just "crash" and a reload was "solving" the problem.
In this instance it's luckily just extra logging. ;)

Mischa

> On 14 Mar 2018, at 16:47, Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> 
> Hi all
> I have had that issue  in 6.0,6.1 and 6.2 I haven't tried current yet..
> I haven't had enough time to diagnose it to provide an adequate
> bug report myself.
> just restarting relayd seems to resolve it
> Im just confiming that I have seen this issue also ...
> 
> On 14 March 2018 at 15:27, Mischa <obs...@high5.nl> wrote:
>> Hi Claudio,
>> 
>>> On 25 Dec 2017, at 15:54, Mischa <obs...@high5.nl> wrote:
>>> 
>>>> On 24 Dec 2017, at 19:07, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>>>> On Sat, Dec 23, 2017 at 02:04:19PM +0100, Mischa Peters wrote:
>>>>>> On 23 Dec 2017, at 13:08, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>>>>>>> On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
>>>>>>> Hi All,
>>>>>>> 
>>>>>>> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
>>>>>>> (GENERIC.MP#305) as well, for some reason relayd stops processing 
>>>>>>> traffic and starts flooding the log file with the following message:
>>>>>>> 
>>>>>>> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>>>>> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>>>>>>> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>>>>> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>>>>> [snip]
>>>>>>> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>>>>> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>>>>> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>>>>>>> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>>>>> ...etc...
>>>>>>> 
>>>>>>> Restarting the daemon "fixes" the problem.
>>>>>>> Not sure how to trouble shoot this but I am able to reproduce this 
>>>>>>> consistently by pointing SSLLabs towards relayd.
>>>>>>> Would be great to get some pointers.
>>>>>>> 
>>>>>> 
>>>>>> I have seen this as well on our production systems. This is a problem in
>>>>>> the privsep part of the TLS code. I could not do more testing yet but my
>>>>>> assumption is that a new option / feature is freaking this code out.
>>>>> 
>>>>> Anything I can do or collect to give you more information?
>>>> 
>>>> So, I think I found the problem. The ca process did not handle errors from
>>>> RSA_private_encrypt correctly. So once you got a bad signature in the
>>>> system chocked and stopped. This diff seems to work for me (against
>>>> SSLlabs).
>>> 
>>> Awesome! Can confirm that it continues processing traffic when hitting it 
>>> with sslabs.
>>> Will also move it to a more bussier machine to see how that handles.
>>> 
>>> I am seeing the following messages now:
>>> Dec 25 15:51:07 lb2 relayd[7541]: ca_dispatch_relay: error:04FFF06B:rsa 
>>> routines:CRYPTO_internal:block type is not 02
>>> Dec 25 15:51:08 lb2 relayd[27420]: ca_dispatch_relay: error:04FFF071:rsa 
>>> routines:CRYPTO_internal:null before block missing
>>> Dec 25 15:51:17 lb2 relayd[7541]: ca_dispatch_relay: error:04FFF072:rsa 
>>> routines:CRYPTO_internal:padding check failed
>>> Dec 25 15:51:33 lb2 relayd[73631]: ca_dispatch_relay: error:04FFF071:rsa 
>>> routines:CRYPTO_internal:null before block missing
>> 
>> Not sure if this is supposed to be taken care of, but I am still seeing the 
>> following messages in 6.3-beta.
>> $ uname -a
>> OpenBSD lb2l 6.3 GENERIC.MP#58 amd64
>> 
>> Mar 13 23:43:38 lb2 relayd[96581]: ca_dispatch_relay: error:04FFF06B:rsa 
>> routines:CRYPTO_internal:block type is not 02
>> Mar 13 23:43:39 lb2 relayd[96581]: ca_dispatch_relay: error:04FFF072:rsa 
>> routines:CRYPTO_internal:padding check failed
>> Mar 13 23:43:48 lb2 relayd[14775]: ca_dispatch_relay: error:04FFF06B:rsa 
>> routines:CRYPTO_internal:block type is not 02
>> Mar 13 23:44:03 lb2 relayd[96581]: ca_dispatch_relay: error:04FFF071:rsa 
>> routines:CRYPTO_internal:null before block missing
>> 
>> Any knobs that need to be turned?
>> 
>> Mischa
>> 
> 
> 
> 
> -- 
> Kindest regards,
> Tom Smyth
> 
> Mobile: +353 87 6193172
> The information contained in this E-mail is intended only for the
> confidential use of the named recipient. If the reader of this message
> is not the intended recipient or the person responsible for
> delivering it to the recipient, you are hereby notified that you have
> received this communication in error and that any review,
> dissemination or copying of this communication is strictly prohibited.
> If you have received this in error, please notify the sender
> immediately by telephone at the number above and erase the message
> You are requested to carry out your own virus check before
> opening any attachment.



Re: relayd stops processing traffic intermittently

2018-03-14 Thread Mischa
Hi Claudio,

> On 25 Dec 2017, at 15:54, Mischa <obs...@high5.nl> wrote:
> 
>> On 24 Dec 2017, at 19:07, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>> On Sat, Dec 23, 2017 at 02:04:19PM +0100, Mischa Peters wrote:
>>>> On 23 Dec 2017, at 13:08, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>>>>> On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
>>>>> Hi All,
>>>>> 
>>>>> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
>>>>> (GENERIC.MP#305) as well, for some reason relayd stops processing traffic 
>>>>> and starts flooding the log file with the following message:
>>>>> 
>>>>> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>>> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>>>>> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>>> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>>> [snip]
>>>>> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>>> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>>> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>>>>> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>>> ...etc...
>>>>> 
>>>>> Restarting the daemon "fixes" the problem.
>>>>> Not sure how to trouble shoot this but I am able to reproduce this 
>>>>> consistently by pointing SSLLabs towards relayd.
>>>>> Would be great to get some pointers.
>>>>> 
>>>> 
>>>> I have seen this as well on our production systems. This is a problem in
>>>> the privsep part of the TLS code. I could not do more testing yet but my
>>>> assumption is that a new option / feature is freaking this code out.
>>> 
>>> Anything I can do or collect to give you more information? 
>> 
>> So, I think I found the problem. The ca process did not handle errors from
>> RSA_private_encrypt correctly. So once you got a bad signature in the
>> system chocked and stopped. This diff seems to work for me (against
>> SSLlabs).
> 
> Awesome! Can confirm that it continues processing traffic when hitting it 
> with sslabs.
> Will also move it to a more bussier machine to see how that handles.
> 
> I am seeing the following messages now:
> Dec 25 15:51:07 lb2 relayd[7541]: ca_dispatch_relay: error:04FFF06B:rsa 
> routines:CRYPTO_internal:block type is not 02
> Dec 25 15:51:08 lb2 relayd[27420]: ca_dispatch_relay: error:04FFF071:rsa 
> routines:CRYPTO_internal:null before block missing
> Dec 25 15:51:17 lb2 relayd[7541]: ca_dispatch_relay: error:04FFF072:rsa 
> routines:CRYPTO_internal:padding check failed
> Dec 25 15:51:33 lb2 relayd[73631]: ca_dispatch_relay: error:04FFF071:rsa 
> routines:CRYPTO_internal:null before block missing

Not sure if this is supposed to be taken care of, but I am still seeing the 
following messages in 6.3-beta.
$ uname -a
OpenBSD lb2l 6.3 GENERIC.MP#58 amd64

Mar 13 23:43:38 lb2 relayd[96581]: ca_dispatch_relay: error:04FFF06B:rsa 
routines:CRYPTO_internal:block type is not 02
Mar 13 23:43:39 lb2 relayd[96581]: ca_dispatch_relay: error:04FFF072:rsa 
routines:CRYPTO_internal:padding check failed
Mar 13 23:43:48 lb2 relayd[14775]: ca_dispatch_relay: error:04FFF06B:rsa 
routines:CRYPTO_internal:block type is not 02
Mar 13 23:44:03 lb2 relayd[96581]: ca_dispatch_relay: error:04FFF071:rsa 
routines:CRYPTO_internal:null before block missing

Any knobs that need to be turned?

Mischa



Re: httpd howto redirect port 80 to 443 in vm

2018-02-27 Thread Mischa Peters

> On 27 Feb 2018, at 05:04, niya <niyal...@gmail.com> wrote:
> 
> hi
> using vmd in openbsd 6.2
> and following 
> http://thecyberrecce.net/2017/01/15/secure-webservers-with-openbsd-6-0-setting-up-httpd-mariadb-and-php/
> i have setup openbsd running a webserver
> everything installed and the webserver works via port 80 and 443.
> i can access the webserver from a remote client by browsing to the ip of the 
> host machine and redirecting to the vm address and port using pf.
> i tried to setup port 80 redirection to port 443 so that all all access is 
> over HTTPS, when i use http://host ip, i am redirected to https://default/
> how do i get the webserver to redirect to the ip address of the host machine?
> 
> my httpd.conf
> 
> server "default" {
> listen on $ext_addr port 80 block return 301 
> "https://$SERVER_NAME$REQUEST_URI;
> #   listen on $ext_addr port 80
> listen on $ext_addr tls port 443
> tls {
> key "/etc/ssl/private/server.key"
> certificate "/etc/ssl/server.crt"
> }
> directory {
> index "index.php"
> }
> location "*.php" {
> fastcgi socket "/run/php-fpm.sock"
> }
> 
> 
> shadrock

Hi,

$SERVER_NAME uses the name you have specified at ‘server “default”’ which is 
“default” in this case. 

Mischa



Re: relayd stops processing traffic intermittently

2017-12-25 Thread Mischa
> On 24 Dec 2017, at 19:07, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
> On Sat, Dec 23, 2017 at 02:04:19PM +0100, Mischa Peters wrote:
>>> On 23 Dec 2017, at 13:08, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
>>>> On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
>>>> Hi All,
>>>> 
>>>> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
>>>> (GENERIC.MP#305) as well, for some reason relayd stops processing traffic 
>>>> and starts flooding the log file with the following message:
>>>> 
>>>> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>>>> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>> [snip]
>>>> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>>>> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>>>> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>>>> ...etc...
>>>> 
>>>> Restarting the daemon "fixes" the problem.
>>>> Not sure how to trouble shoot this but I am able to reproduce this 
>>>> consistently by pointing SSLLabs towards relayd.
>>>> Would be great to get some pointers.
>>>> 
>>> 
>>> I have seen this as well on our production systems. This is a problem in
>>> the privsep part of the TLS code. I could not do more testing yet but my
>>> assumption is that a new option / feature is freaking this code out.
>> 
>> Anything I can do or collect to give you more information? 
> 
> So, I think I found the problem. The ca process did not handle errors from
> RSA_private_encrypt correctly. So once you got a bad signature in the
> system chocked and stopped. This diff seems to work for me (against
> SSLlabs).

Awesome! Can confirm that it continues processing traffic when hitting it with 
sslabs.
Will also move it to a more bussier machine to see how that handles.

I am seeing the following messages now:
Dec 25 15:51:07 lb2 relayd[7541]: ca_dispatch_relay: error:04FFF06B:rsa 
routines:CRYPTO_internal:block type is not 02
Dec 25 15:51:08 lb2 relayd[27420]: ca_dispatch_relay: error:04FFF071:rsa 
routines:CRYPTO_internal:null before block missing
Dec 25 15:51:17 lb2 relayd[7541]: ca_dispatch_relay: error:04FFF072:rsa 
routines:CRYPTO_internal:padding check failed
Dec 25 15:51:33 lb2 relayd[73631]: ca_dispatch_relay: error:04FFF071:rsa 
routines:CRYPTO_internal:null before block missing

Mischa

> 
> Cheers
> -- 
> :wq Claudio
> 
> Index: ca.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/ca.c,v
> retrieving revision 1.31
> diff -u -p -r1.31 ca.c
> --- ca.c  28 Nov 2017 00:20:23 -  1.31
> +++ ca.c  24 Dec 2017 18:01:20 -
> @@ -266,9 +266,15 @@ ca_dispatch_relay(int fd, struct privsep
>   break;
>   }
> 
> + if (cko.cko_tlen == -1) {
> + char buf[256];
> + log_warnx("%s: %s", __func__,
> + ERR_error_string(ERR_get_error(), buf));
> + }
> +
>   iov[c].iov_base = 
>   iov[c++].iov_len = sizeof(cko);
> - if (cko.cko_tlen) {
> + if (cko.cko_tlen > 0) {
>   iov[c].iov_base = to;
>   iov[c++].iov_len = cko.cko_tlen;
>   }
> @@ -381,12 +387,12 @@ rsae_send_imsg(int flen, const u_char *f
> 
>   IMSG_SIZE_CHECK(, ());
>   memcpy(, imsg.data, sizeof(cko));
> - if (IMSG_DATA_SIZE() !=
> - (sizeof(cko) + cko.cko_tlen))
> - fatalx("data size");
> 
>   ret = cko.cko_tlen;
> - if (ret) {
> + if (ret > 0) {
> + if (IMSG_DATA_SIZE() !=
> + (sizeof(cko) + ret))
> + fatalx("data size");
>   toptr = (u_char *)imsg.data + sizeof(cko);
>   memcpy(to, toptr, ret);
>   }
> 



Re: relayd stops processing traffic intermittently

2017-12-23 Thread Mischa Peters

> On 23 Dec 2017, at 13:08, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
> 
>> On Sat, Dec 23, 2017 at 11:40:57AM +0100, Mischa wrote:
>> Hi All,
>> 
>> Since OpenBSD 6.2, just confirmed this in the latest snapshot 
>> (GENERIC.MP#305) as well, for some reason relayd stops processing traffic 
>> and starts flooding the log file with the following message:
>> 
>> Dec 23 11:19:11 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:12 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:12 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:12 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>> [snip]
>> Dec 23 11:19:17 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:18 lb2 relayd[22515]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:18 lb2 relayd[52110]: rsae_send_imsg: poll timeout
>> Dec 23 11:19:18 lb2 relayd[69641]: rsae_send_imsg: poll timeout
>> ...etc...
>> 
>> Restarting the daemon "fixes" the problem.
>> Not sure how to trouble shoot this but I am able to reproduce this 
>> consistently by pointing SSLLabs towards relayd.
>> Would be great to get some pointers.
>> 
> 
> I have seen this as well on our production systems. This is a problem in
> the privsep part of the TLS code. I could not do more testing yet but my
> assumption is that a new option / feature is freaking this code out.

Anything I can do or collect to give you more information? 

Mischa


relayd stops processing traffic intermittently

2017-12-23 Thread Mischa
 header set "X-Content-Type-Options" value "nosniff"
tcp { no splice }
tls { no client-renegotiation }
}
relay default {
listen on $local_v4 port 80
listen on $local_v6 port 80
protocol httpfilter_default
forward to  port 8080
}
relay default_redirect {
listen on $cust2_addr_v4 port 80
listen on $cust3_addr_v4 port 80
listen on $cust4_addr_v4 port 80
listen on $cust5_addr_v4 port 80
listen on $cust1_addr_v4 port 80
listen on $cust1_addr_v6 port 80
protocol httpfilter_default
forward to  port 8081
}
relay default_redirect_tls {
listen on $cust4_addr_v4 port 443 tls
protocol httpsfilter_default
forward to  port 8081
}
relay www1 {
listen on $www1_addr_v4 port 80
listen on $www1_addr_v6 port 80
protocol httpfilter
forward to  port 8081
forward to  port 80
}
relay www1_tls {
listen on $www1_addr_v4 port 443 tls
listen on $www1_addr_v6 port 443 tls
protocol httpsfilter
forward to  port 80 mode roundrobin check http "/" host www1 
code 200
#forward to  port 80
}
relay www3 {
listen on $www3_addr_v4 port 80
listen on $www3_addr_v6 port 80
    forward to  port 80
}
relay www3_tls {
listen on $www3_addr_v4 port 443 tls
listen on $www3_addr_v6 port 443 tls
forward with tls to  port 443
}
relay cust2_tls {
listen on $cust2_addr_v4 port 443 tls
protocol httpsfilter_default
forward to  port 80 check http "/" host cust2 code 200
forward to  port 80 check http "/" host cust2 
code 200
forward to  port 80
}
relay cust3_tls {
listen on $cust3_addr_v4 port 443 tls
protocol httpsfilter_default
forward to  port 80 check http "/" host cust3 code 200
forward to  port 80 check http "/" host cust3 
code 200
}
relay cust5_tls {
listen on $cust5_addr_v4 port 443 tls
protocol httpsfilter_default
forward to  port 80
}

Mischa



Re: relayd l7 loadbalancing

2017-08-16 Thread Mischa Peters
> On 16 Aug 2017, at 10:41, Claudio Jeker <cje...@diehard.n-r-g.com> wrote:
> On Wed, Aug 16, 2017 at 10:27:58AM +0200, Maxim Bourmistrov wrote:
>> 
>> Once connection is established, state is created in PF. Subsequent requests 
>> will be ???pipelined???.
>> It is possible to influence this behavior by manipulating tcp.established in 
>> pf.conf,
>> but I don???t think this is what you want.
>> 
> 
> This is not correct. The problem is keep-alive and the fact the once a
> backend is selected by relayd it sticks to it until the session is closed.
> This is a bug and something benno@ and I have on our radar to fix.

Great to hear! This will make relayd even more flexible. I guess your todo list 
must to long so I will wait patiently.
My C skills are non existent otherwise I would have tried to help.

> The workaround for now is to disable keep-alive this can be done by
> adding:
>   match header set "Connection" value "close"
> to your config. The solution is not ideal and will make page load times
> slower.

Will check the load times with and without, maybe it's workable for now.

Much appreciated!

Mischa



relayd l7 loadbalancing

2017-08-16 Thread Mischa Peters
Hi All,

I have somewhat the following config for relayd running on 6.1.
And I am trying to forward certain request paths to different hosts.

table  { xx.xx.xx.131 }
table  { xx.xx.xx.31 }
http protocol httpsfilter {
   match request header remove "Proxy"
   match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
   match request header append "X-Forwarded-By" value 
"$SERVER_ADDR:$SERVER_PORT"

   match response header set "Server" value "Sever"
   match response header set "X-Powered-By" value "Power"
   match response header set "X-Frame-Options" value "SAMEORIGIN"
   match response header set "X-Xss-Protection" value "1; mode=block"
   match response header set "X-Content-Type-Options" value "nosniff"

   match request quick path "/crm/" forward to 

   tcp { no splice }
}
relay host_tls {
   listen on $ext_addr_v4 port 443 tls
   listen on $ext_addr_v6 port 443 tls
   protocol httpsfilter
   forward to  port 80 check http "/" host example.com code 200
   forward to  port 80
}

I have tried both "match request quick path" and "match request quick url" but 
what I noticed is that as soon as you have visited one of the URLs that needs 
forwarding to a different host you end up at the  for all subsequent 
requests.
With "match request quick url" this is to be expected as it checks everything 
up to /.

For example:

http://example.com/ -> wwwhost
http://example.com/crm/ -> otherhost
http://exmaple.com/folder/ -> otherhost

Is this expected behaviour for "match request quick path" as well?
Is there any way to do this type of load balancing?

Thanx!!

Mischa



Re: vmd: routing problem

2017-07-20 Thread Mischa Peters
Hi Leo,

Can you ask them how they route the separate subnet to you?

Mischa

> On 20 Jul 2017, at 12:59, Leo Unglaub <l...@unglaub.at> wrote:
> 
> Hey,
> 
>> On 07/20/17 06:25, Mike Larkin wrote:
>> sysctl net.inet.ip.forwarding=1 ?
>> I'm not a networking expert but I think your VM's subnet mask is wrong for
>> the gateway you are trying to use.
> 
> thank you for your response. I tryed it with net.inet.ip.forwarding being 1 
> and 0. Both don't work. About the subnet, thats what confuses me as well, but 
> the data center tells me that it is correct. As far as i understand it they 
> do some crazy stuff there with there IPv4 routing:
> 
> https://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en#Subnets
> 
> Thanks and greetings
> Leo
> 



Re: OpenBSD as Open Networking OS

2017-07-17 Thread Mischa Peters
Hi Thomas,

I used to work for Cumulus and the tricky part with this is that you need to 
get access to the broadcom (and melanox) shipsets, which is not trivial and 
costly. 

I would love to see a BSD running on open networking equipment!

There are more NOS out there but they have their own speciality. Cumulus is the 
most generic to the deploy. There is also BigSwitch and IP Fusion. 

Mischa


> On 17 Jul 2017, at 11:00, miraculli . <miracu...@gmail.com> wrote:
> 
> Hi misc,
> 
> I just read about a trending topic: SDN and Open Networking.
> The principal idea behind Open Networking is to allow the customer
> to install a custom OS to switch-hardware.
> The main software player in this business seems to be a penguin OS
> called: Cumulus
> There is also a overview of devices that are able install a custom OS:
> 
> https://cumulusnetworks.com/products/hardware-compatibility-list/
> 
> Is there any experience using OpenBSD in this domain and with this
> kind of hardware?
> 
> Thanks
> Thomas
> 



Re: [dera...@cvs.openbsd.org: Re: I would like to send this to misc@ and security-announce@, from me.]

2009-05-05 Thread Mischa Diehm
On Mon, May 04, 2009 at 01:38:16PM -0600, Bob Beck wrote:
   Look dude, that ftp site made something available before any of the
 second level mirrors were even opened up to other sites to retreive
 it. Deliberate action was taken to release something early without
 mirroring it from a credible source. Judging by the contents, not all
 of it was exactly 4.5. This is cause for concern to anyone using the
 mirror. 

How many unofficial ftp servers are there on this dangerous
internet which are or might or could be having wrong packages? This is
what ftp.html is all about right? Why is there a list of official
mirrors anyway?

   It's not like the operator of the site could have done this
 *accidentally* - This showed some kind of deliberate intent to release
 something early, and they obviously didn't seem too concerned if it
 was 100% correct. I don't know the reason, and I don't care to. All I know
 is that when we see it, that says danger. 

This is the german coast gard. We are thinking... That's ridiculous.
 
   Mirroring is based upon trust. Whoever's running that site obviously
 decided to go rogue and do something goofy.  I don't care who mirrors
 openbsd, but I expect them to actually mirror it through authorized
 channels, not put something up early that is deceptive to the users
 and potentially harmful.  When we *SEE* evidence of this being done, not
 telling the user community is simply irresponsible. 

great reasoning. Now I get it! The word I was missing is trust.
I almost forgot: In god we trust. Thanks for the reminder.

 * Mike Belopuhov mi...@lucifier.net [2009-05-04 04:55]:
  C'mon, ftp.kd86.com was delisted from the ftp.html page on Mon Apr 6.
  Can you just stop bashing Wim?  It doesn't make anyone happier (except
  Theo probably).  Or maybe we should rush searching the whole fscking
  internet for the incorrect OpenBSD mirrors?  Chill out, dudes.
  
  On Thu, Apr 30, 2009 at 11:21 -0600, Bob Beck wrote:

 Users are cautioned about rogue ftp sites claiming to have OpenBSD.

 The best place to get OpenBSD is from an official CD set, produced in
   a secured location

 It has come to our attention that some ftp sites (ftp.kd85.com) which
   are not official OpenBSD mirrors are purporting to serve OpenBSD 4.5
   at this time. We have noted that what is actually present in the 4.5
   directory is not 4.5, but rather a late development cycle snapshot which
   they have moved into place claiming it is 4.5. 

 While we have no problem with anyone mirroring OpenBSD for the good 
   of the user community, we do believe that people who offer up the wrong
   thing are being deceptive and will hurt the userbase - particularly when
   the packages being offered up are not the release versions. 

 please ensure you look at http://www.openbsd.org/ftp.html when
   choosing to do an ftp install, and don't be fooled by someone phishing
   for your ftp traffic.
  
 
 -- 
 #!/usr/bin/perl
 if ((not 0  not 1) !=  (! 0  ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n; 
 }
 

-- 
Eigentum verpflichtet. Sein Gebrauch soll zugleich dem Wohle der
Allgemeinheit dienen. (Art. 14 II GG)



IPsec Road Warrior question

2008-05-23 Thread Mischa Diehm

Hi,

host A and host B are connected through IPsec. Additionally we have road
warriors that directly connect to Host B. Unfortunately we can not
define an IP-range from where these road warriors connect thus we have
to use the range to any.

/etc/ipsec.conf:

Host A:
ike esp from 192.168.1.1/24 to 10.1.0.0/16 \
local 1.1.1.1 peer  2.2.2.2 \
srcid foo.bar.com

Host B:
ike esp from 10.128.0.0/16 to 192.168.1.1/24 \
local 2.2.2.2 peer 1.1.1.1 \
srcid bar.foo.com

# Road Warrior
ike dynamic esp from 10.1.0.0/16 to any \
   main auth hmac-md5 enc 3des group modp1024 \
   quick auth hmac-md5 enc 3des group modp1024 \
   srcid bar.foo.com

Initial start and setting up of SA's works fine. We are facing problems
when Host A and B have to rekey (default 20Min). I see Invalid Cookie
messages and NEGOTIATION Error messages. We have an outage of a few
minutes after the old SA's are timed out. At some point the systems seem
to recover.

Can this problem occur because Host B has overlapping IP-Ranges within
the configuration? Is there a different way to configure this - e.g.
negated ranges like to !192.168.1.1/24?

Thx,
Mischa



dhclient and numerous addresses on the same interface

2006-08-26 Thread Mischa Diehm
Hi,

we were trying to setup a filter-machine behind a dsl-router (dsl-router
does dhcp only no static mapping) doing dhclient on its external
interface and at the same time have different networks routed over that
interface. When you have static addresses configured on the ext.
interface every time you call dhclient and you receive a new lease one
static address (the first one) gets rotated out of the list of addresse
due to dhclient-script calling ifconfig without alias. Well dhclient
takes care of old leases in terms of deleting those addresses from the
interface-list before setting a new address. For us the following change
fixed the issue:

[EMAIL PROTECTED]:dhclient$ ient/dhclient-script /sbin/dhclient-script
--- /usr/src/sbin/dhclient/dhclient-script  Wed Jul 26 22:28:50 2006
+++ /sbin/dhclient-script   Fri Aug 25 18:37:15 2006
@@ -34,7 +34,7 @@
inet $new_ip_address \
netmask $new_subnet_mask \
broadcast $new_broadcast_address \
-   $medium
+   alias $medium
 
# XXX Original TIMEOUT code did not do this unless $new_routers was set?
route add $new_ip_address 127.0.0.1 /dev/null 21

With this dhclient only cares about addresses it set itself. Not
deleting static ips which we need on the interface. Is this sth. worth
fixing or should there be an option in dhclient preventing it to delete
static addresses and thus not breaking actual (not very consistent)
behaviour?


Mischa