Re: Upgrade: Unbound constraint let fw_update always fail
Endeover: In 7.3, I end up starting also unbound service by rcctl instead of unbound-control (losing maybe something about security) hoping to give me a better general standard to control my services, including my approach to sysupgrade. Thanks to everyone who reply in the thread. -- Daniele Bonini
Re: Upgrade: Unbound constraint let fw_update always fail
Thanks Steve. Jul 30, 2023 00:07:35 Steve Litt : > I use runit (on Void Linux) every day, and love it to death. Runit is > extremely simple. S6 is a little more capable and a little more complex. Thank you for all the hints, expecially about runit, I didn't know it. I'm going trying to fix things related to my script and my approach to sysupgrade. if conditions will change and push me to that I will certainly do not miss to try your solution that appears a little more sophisticated. -- Daniele Bonini
Re: Upgrade: Unbound constraint let fw_update always fail
Daniele B. said on Tue, 25 Jul 2023 16:33:50 +0200 (GMT+02:00) >My unattended upgrade happend like that: > >- I took up unbound >- sysupgrade >- 1st fw_update (this probbly is okay) >- reboot >- installation of the sets >- 2nd fw_update (this fails because unattended, local Unbound is down) >- reboot >- 3rd fw_update (this fails because unattended, local Unbound is down) >- syspatch (this fails as well) > >I finally took up my dev environment and run fw_update & syspatch. > >If the first fw_update is enough to be sure about a sucessfull >installation then case solved, just keeping the good stuff from the >thread.. Hi Daniele, OK, I'm hearing that you want ongoing control of which daemons are up and which are down, and that precludes just putting them in your /etc/rc.conf and/or /etc/rc.conf.local. There are two alternative process supervisors, runit and s6, that can give you much finer control over your daemons. Both have been designed from the ground up to be portable between Linux and every BSD distribution. You can use either runit or s6 to augment your rc.conf. You needn't *replace* rc.conf or rc.conf.local, you can *augment* them. I use runit (on Void Linux) every day, and love it to death. Runit is extremely simple. S6 is a little more capable and a little more complex. You can get lots of extremely authoritative information about runit and s6 on the Supervision mailing list. To subscribe, send an empty message to supervision-subscr...@list.skarnet.org. HTH, SteveT Steve Litt Autumn 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Re: Upgrade: Unbound constraint let fw_update always fail
On Jul 28, 2023 20:00:24 I was still sleeping when suddenly Paul said: > If you really want to go without DNS resolution, I invite you to > travel back a few decades and learn about /etc/hosts. did you hear my "True, the hosts.. Oh Jesus!"... ? Many thx! :D -- Daniele Bonini
Re: Upgrade: Unbound constraint let fw_update always fail
I don't understand - if you configure your system to not have working DNS resolution, then you will not have working DNS resolution. fw_update needs working DNS resolution, so yeah .. if you break the latter, you break the former. Don't break DNS resolution. You really get what you pay for. Having said all that... If you really want to go without DNS resolution, I invite you to travel back a few decades and learn about /etc/hosts. Maybe you can FTP a hosts file from somewhere, for that true historic experience .. but alternatively you can also echo 2a02:898:28:500::3 firmware.openbsd.org | doas tee -a /etc/hosts Good luck with that. Paul 'WEiRD' de Weerd NB: full disclosure, the IP address I gave is the firmware mirror hosted by me; I didn't want to point people to someone else's .. but I also kinda hope noone (else) is foolish enough to break their DNS resolution in such a way to need this kind of tomfoolery. On Tue, Jul 25, 2023 at 09:58:35AM +0200, Daniele B. wrote: | | Hello, | | Just coming from my fresh upgrade to OpenBSD 7.3 and thanks again for | it.. ;) | | No particular problem except my realization that with my settings | (unbound started manually) fw_update goes to fail (all the three | attempts) on each (unattended) upgrade. If fw_update happens to be a | constraint for a successful upgrade, and luckily was not the case this | time, bad times for sure.. | | Any suggestion about it? Thanks! | | | | -- | Daniele Bonini | | -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: Upgrade: Unbound constraint let fw_update always fail
My unattended upgrade happend like that: - I took up unbound - sysupgrade - 1st fw_update (this probbly is okay) - reboot - installation of the sets - 2nd fw_update (this fails because unattended, local Unbound is down) - reboot - 3rd fw_update (this fails because unattended, local Unbound is down) - syspatch (this fails as well) I finally took up my dev environment and run fw_update & syspatch. If the first fw_update is enough to be sure about a sucessfull installation then case solved, just keeping the good stuff from the thread.. -- Daniele Bonini Jul 25, 2023 15:28:57 Daniele B. : > Thanks Steve, > > Jul 25, 2023 14:41:53 Steve Litt : > >> chattr -i resolv.conf && echo nameserver 8.8.8.8 >> resolv.conf && chattr +i >> resolv.conf >> >> I also don't understand why you start unbound manually instead of from >> computer initialization. It sounds like if unbound started before >> fw_update, there would be no problem > > I also would like the possibility to rewind my mindset to two years ago to > have the proper > technical answer when I need it.. However I try to answer you.. > > Basically I think while experimenting I found interesting the possibility to > have full > control over my dev environment and decide when to take up/down all my needs, > including the network.. > Indeed I was so happy about my findings that I decided to give to it also a > graphical interface > to make it more amousing. :D > > If you want to help, in my script to switch the dev environment down I miss > the possibility to take down Unbound > that one time launched is very hard to switch off, still my script doesn't do > that.. > > I think the suggestion to implement an ad-hoc network settings for the > unattended installation could > be interesting also to cover that few cases of disparate accesses to > Internet, indeed. But here you should > have a some more case studies than me. > > -- Daniele Bonini > > Jul 25, 2023 14:41:53 Steve Litt : > >> chattr -i resolv.conf && echo nameserver 8.8.8.8 >> resolv.conf && chattr +i >> resolv.conf >> >> I also don't understand why you start unbound manually instead of from >> computer initialization. It sounds like if unbound started before >> fw_update, there would be no problem.
Re: Upgrade: Unbound constraint let fw_update always fail
Thanks Steve, Jul 25, 2023 14:41:53 Steve Litt : > chattr -i resolv.conf && echo nameserver 8.8.8.8 >> resolv.conf && chattr +i > resolv.conf > > I also don't understand why you start unbound manually instead of from > computer initialization. It sounds like if unbound started before > fw_update, there would be no problem I also would like the possibility to rewind my mindset to two years ago to have the proper technical answer when I need it.. However I try to answer you.. Basically I think while experimenting I found interesting the possibility to have full control over my dev environment and decide when to take up/down all my needs, including the network.. Indeed I was so happy about my findings that I decided to give to it also a graphical interface to make it more amousing. :D If you want to help, in my script to switch the dev environment down I miss the possibility to take down Unbound that one time launched is very hard to switch off, still my script doesn't do that.. I think the suggestion to implement an ad-hoc network settings for the unattended installation could be interesting also to cover that few cases of disparate accesses to Internet, indeed. But here you should have a some more case studies than me. -- Daniele Bonini Jul 25, 2023 14:41:53 Steve Litt : > chattr -i resolv.conf && echo nameserver 8.8.8.8 >> resolv.conf && chattr +i > resolv.conf > > I also don't understand why you start unbound manually instead of from > computer initialization. It sounds like if unbound started before > fw_update, there would be no problem.
Re: Upgrade: Unbound constraint let fw_update always fail
Daniele B. said on Tue, 25 Jul 2023 11:29:09 +0200 (GMT+02:00) >Hello Stuart, thanks for this one.. > >Yes, I agree that the final solution could be only the replace my >listed nameserver. But do you remember I was using also the unmutable >flag on resolv.conf ? :D chattr -i resolv.conf && echo nameserver 8.8.8.8 >> resolv.conf && chattr +i resolv.conf I also don't understand why you start unbound manually instead of from computer initialization. It sounds like if unbound started before fw_update, there would be no problem. SteveT Steve Litt Autumn 2022 featured book: Thriving in Tough Times http://www.troubleshooters.com/bookstore/thrive.htm
Re: Upgrade: Unbound constraint let fw_update always fail
Hello Stuart, thanks for this one.. Yes, I agree that the final solution could be only the replace my listed nameserver. But do you remember I was using also the unmutable flag on resolv.conf ? :D I do not want to awake the lions and indeed I'm much happy about my *unbound system* but having a free to use failover network setting for the specific case of the unattended installation sounds enough attractive, isn it? Jul 25, 2023 11:00:27 Stuart Henderson : > On 2023-07-25, Daniele B. wrote: >> >> Hello, >> >> Just coming from my fresh upgrade to OpenBSD 7.3 and thanks again for >> it.. ;) >> >> No particular problem except my realization that with my settings >> (unbound started manually) fw_update goes to fail (all the three >> attempts) on each (unattended) upgrade. If fw_update happens to be a >> constraint for a successful upgrade, and luckily was not the case this >> time, bad times for sure.. >> >> Any suggestion about it? Thanks! > > List a nameserver other than just your local machine in resolv.conf.
Re: Upgrade: Unbound constraint let fw_update always fail
On 2023-07-25, Daniele B. wrote: > > Hello, > > Just coming from my fresh upgrade to OpenBSD 7.3 and thanks again for > it.. ;) > > No particular problem except my realization that with my settings > (unbound started manually) fw_update goes to fail (all the three > attempts) on each (unattended) upgrade. If fw_update happens to be a > constraint for a successful upgrade, and luckily was not the case this > time, bad times for sure.. > > Any suggestion about it? Thanks! List a nameserver other than just your local machine in resolv.conf.
Upgrade: Unbound constraint let fw_update always fail
Hello, Just coming from my fresh upgrade to OpenBSD 7.3 and thanks again for it.. ;) No particular problem except my realization that with my settings (unbound started manually) fw_update goes to fail (all the three attempts) on each (unattended) upgrade. If fw_update happens to be a constraint for a successful upgrade, and luckily was not the case this time, bad times for sure.. Any suggestion about it? Thanks! -- Daniele Bonini
