Re: openssh, protocol 2, and agent forwarding
This is a known limitation of the version of OpenSSH version which is in our tree. OpenSSH 2.5.1 (released February 19, 2001) corrects the problem. I saw on one of the other FreeBSD lists that OpenSSH 2.5.1 might cause us other problems, so don't hold your breath waiting for integration. I just switched to DSA keys and believe me, I know how much of a PITA this situation is :( -Chris On Fri, 2 Mar 2001, Ted Faber wrote: When running openssh from 4.2-STABLE, I can't seem to get agent forwarding to work with protocol 2 (-o 'Protocol 2'). If this is intentional, can we get that added to the manual page? (The same config forweards agent information under protocol 1, so I think my configuration is good.) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: KERNCONF instead of KERNEL?
Date: Fri, 02 Mar 2001 23:34:19 +0900 From: "Daniel C. Sobral" [EMAIL PROTECTED] Subject: Re: KERNCONF instead of KERNEL? [EMAIL PROTECTED] wrote: What is the prefered way to update a remote machine now? For years, I've run a make buildworld, installworld, cd /sys/i386/conf config, build and install a kernel, then reboot. All through telnet or ssh. I've never had problems in the past, and all goes well. Is there a better way to do this on a machine that you can't get to the console? Here is the order suggested and the why: 1) make buildworld -- because the new kernel may depend on new tools (config(8) is a common example, but no the only one). 2) make buildkernel -- some programs may depend on new syscalls, so build the kernel before installing the world. 3) make installkernel -- install a new kernel (the copy of the old one is preserved) 4) reboot single user -- make sure the new kernel works You can't reboot to single user mode when you are doing a remote update. He is specifically asking about the best way to do a remote update. You have to do everything multiuser and accept the risk, but there is still the question of what order minimizes the risk. 5) mount filesystems, make installworld -- install the rest of the world 6) mergemaster -- update /etc -- the new userland tools may require new /etc scripts and configuration files. - -- Daniel C. Sobral(8-DCS) [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] I think you are delusional, but that is OK. Its part of your natural charm! - Bob To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: KERNCONF instead of KERNEL?
On Fri, Mar 02, 2001 at 01:52:33PM -0500, Bob Johnson wrote: You can't reboot to single user mode when you are doing a remote update. He is specifically asking about the best way to do a remote update. You have to do everything multiuser and accept the risk, but there is still the question of what order minimizes the risk. The give one is it. It's going to be pretty easy to talk a NOC monkey through booting the system on the old kernel, but damn near impossiable to get them through recovering a system with a busted kernel and a userland that won't work with the old one. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 PGP signature
Re: Error formating a second hd
Jonathan, I did this with several versions of FreeBSD, now Im trying with FreeBSD 4.1-RELEASE and the HD is IDE and I removed all partitions existing. Now, I tryed to create 2 partitions (swap and /hd2), and all works perfectly. Do I need create a swap partition also in the second hd? Ronan Lucio [moved to -questions list] Ronan, What FreeBSD version are you using? What type of hard drive are you trying to format? Has FreeBSD/Linux ever been installed on that hard drive before? What is the exact error message? Please give us more details so we can help you more effectively. -- Jonathan M. Slivko -- Original Message -- From: "Ronan Lucio" [EMAIL PROTECTED] Date: Fri, 2 Mar 2001 15:29:33 -0300 Hi all, I usually have a problem formating a second HD with FreeBSD. I execute /stand/sysinstall Configure - Fdisk - Create slice - w (write) Configure - Label - Create partition /hd2 - w (write) so, appears the follow error: Error mounting /dev/wd2s1e on /hd2 : Invalid argument Did somebody ever had this problem? I had this problem with different versions of FreeBSD in different HDs. Thanks [ ]s Ronan Lucio To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message -- ~~~ Jonathan M. Slivko [EMAIL PROTECTED] Global IRC Operator, AsylumNet IRC Network Pager: (917) 388-5304 (24/7) Phone: (212) 663-1109 (6PM-12PM EST) "Microsoft, is that some kind of toilet paper?" ~~~ -- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re[2]: KERNCONF instead of KERNEL?
-BEGIN PGP SIGNED MESSAGE- Hello Bob, Friday, March 02, 2001, 7:52:33 PM, you wrote: You can't reboot to single user mode when you are doing a remote update. He is specifically asking about the best way to do a remote update. You have to do everything multiuser and accept the risk, but there is still the question of what order minimizes the risk. While I'm fully aware that it isn't officially allowed to do multiuser make installworld / installkernel runs, I've been doing it for more than half a year now without (at least 30 times on different machines) any problems except for one time where the box didn't come up anymore because of a screwed kernel. I've done it on servers 20cm away from me as well as on those in our colocation 15min by car from here as well as with them in another colocation which is essentially on the other side of the earth. Other administrative mistakes (mistyped rootshell, accidentally misconfigured firewalls etc) have caused far more downtime for us than any make world stuff. My conclusion: I'm not member of the project but according to my experiences, this risk is acceptable (and for the second colo, I simply haven't got any chance, to do it any other way at the moment). But there IS a possibility to go to single user from remote (although I never actually tested it): use serial console and crossconnect two servers so one can access the other (or use some Portmaster or similar gear). This way, you should be able to go to single user via the other box and then using serial console. Serial console has saved my life several times when there went something wrong (one time, sshd didn't want to come up anymore, for example). Best regards, Gabriel -BEGIN PGP SIGNATURE- Version: PGP 6.0.2i iQEVAwUBOp/qLMZa2WpymlDxAQH5Xgf/aHdFCzX+vaeM78+9JNnTdFiW67jnTaae eNaeRs6m9nFH1nWDv44SqDhaOWyiraaPAJV8rECZFFNGOeuewT6lHjPYZKQY7Tl8 7cxRbyhwzrB6uHYfndQaurll3482xefQFExiJtMI1cSgtyAUcW8J3OaFipEdasYh +2LM5DxY43kPq4xxAUCs6dtJnNgdEYDn4TCfHFcHfKtUMfxzXcA1RTAFxoysA/Am y44TL6HVI5SAaFZotlP0Um1OfX7FbCf0F3QCGDjsuXJH38so+GZhe2zGSlGzKKIJ CpFEcA1JvxIEE7fUNE28Q65XdtLQwN5JIu9S+6K7jhiSHy5ZMMFkTw== =LEjw -END PGP SIGNATURE- To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: KERNCONF instead of KERNEL?
Brooks Davis [EMAIL PROTECTED] types: On Fri, Mar 02, 2001 at 01:52:33PM -0500, Bob Johnson wrote: You can't reboot to single user mode when you are doing a remote update. He is specifically asking about the best way to do a remote update. You have to do everything multiuser and accept the risk, but there is still the question of what order minimizes the risk. The give one is it. It's going to be pretty easy to talk a NOC monkey through booting the system on the old kernel, but damn near impossiable to get them through recovering a system with a busted kernel and a userland that won't work with the old one. How well does setting the serial console help in this case? I've not used it, as my remote admin experience is with hardware that lets you talk to the mobo rom via a serial line. If the appropriate serial flags will let you work in single user mode over a serial line, then you can do the installworld in single user mode. If they let you boot an alternate kernel over a serial line, then you're set, aren't you? mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: KERNCONF instead of KERNEL?
On Fri, Mar 02, 2001 at 01:59:48PM -0600, Mike Meyer wrote: How well does setting the serial console help in this case? I've not used it, as my remote admin experience is with hardware that lets you talk to the mobo rom via a serial line. If the appropriate serial flags will let you work in single user mode over a serial line, then you can do the installworld in single user mode. If they let you boot an alternate kernel over a serial line, then you're set, aren't you? If you have a serial console then you should follow procedure described in /usr/src/UPDATING since you can boot your system into single user mode. There is really no difference between doing a remote upgrade via serial console and doing a local upgrade. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 PGP signature
Installing the world on remote machines (was Re: Re[2]: KERNCONF instead of KERNEL?)
It's perfectly safe to do an installworld on a multi-user system providing: (1) That you've kicked any other users off and (2) That you've killed any daemons that might exec something on a regular basis. sendmail, cron, webserver, etc... (not sshd, but make sure nobody ssh's in while you are updating the source base). The issue here is that the installworld does not use a 'create file under temporary name and rename it' scheme. It uses a 'remove the old file, create the new file' scheme so an exec() at the wrong time can cause a program to try to load a partially written shared library (e.g. libc). Some daemons really take exception to this and wind up getting into fork/exec/core loops which can make the machine unusable. -- I always update my remote machines by building all necessary kernels, building the world, and installing it all on a build machine first to make sure I've got the upgrade procedure down. Then I NFS-export /usr/src and /usr/obj read-only to the remote machines and do the kernel install and the installworld on each remote machine. (note: /usr/src and /usr/obj should be part of the /usr partition, without using any softlink tricks, or running installworld on the remote machines will not work as expected). I never build the world directly on a remote machine. NOTE DANGER!!! When doing an installworld over NFS, it takes much longer for the installworld to copy any given file (such as files in /usr/lib), which increases the chance of a daemon trying to fork/exec a program and dying a horrible death, possibly making the machine unusable. All remote machines should have some sort of serial console and power cycler setup to allow recovery from these and other potential problems. -Matt To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Installing the world on remote machines (was Re: Re[2]: KERNCONF instead of KERNEL?)
Matt Dillon [EMAIL PROTECTED] types: I always update my remote machines by building all necessary kernels, building the world, and installing it all on a build machine first to make sure I've got the upgrade procedure down. Then I NFS-export /usr/src and /usr/obj read-only to the remote machines and do the kernel install and the installworld on each remote machine. (note: /usr/src and /usr/obj should be part of the /usr partition, without using any softlink tricks, or running installworld on the remote machines will not work as expected). The critical thing here is that src obj have to have the same real directory name on all systems concerned. If you have a shared partition and symlink /usr/src /usr/obj to /shared/src and /shared/obj on the build system, then the client systems must mount the shared space as /shared, and symlink /usr/src and /usr/obj the same way the build system does. Or if you have one of them symlinked that way (to split the build process across spindles), then the client system must mount both /usr/src (or /usr/obj) and /shared, and symlink /usr/obj (or /usr/src) to /shared. mike -- Mike Meyer [EMAIL PROTECTED] http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Files in /usr/src
Today I ran cvsupchk over my source tree to see if there was any old cruft to clean up. I've done this for my ports, but never for src. In any case, it spotted some stuff I had edited, as I would expect, but it also found object and other files in sys/modules/agp, sys/modules/if_tap, and sys/modules/netgraph/ether. all files were created back in July and August of last year. I can't imagine how I could have causes these to be created, but I thought that FreeBSD never touched the src tree during a make world, so I am uncertain if it's save to remove these. Could there have been some weirdness back then in the buildkernel stuff? I seem to recall that the building of modules was moved out of buildworld and into buildkernel at about that time. Thanks, R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 EXTRA: /usr/src/sys/modules/agp/@ EXTRA: /usr/src/sys/modules/agp/machine EXTRA: /usr/src/sys/modules/agp/device_if.h EXTRA: /usr/src/sys/modules/agp/bus_if.h EXTRA: /usr/src/sys/modules/agp/agp_if.h EXTRA: /usr/src/sys/modules/agp/pci_if.h EXTRA: /usr/src/sys/modules/agp/opt_bdg.h EXTRA: /usr/src/sys/modules/agp/opt_bus.h EXTRA: /usr/src/sys/modules/agp/opt_pci.h EXTRA: /usr/src/sys/modules/agp/opt_smp.h EXTRA: /usr/src/sys/modules/agp/agp.o EXTRA: /usr/src/sys/modules/agp/agp_intel.o EXTRA: /usr/src/sys/modules/agp/agp_via.o EXTRA: /usr/src/sys/modules/agp/agp_sis.o EXTRA: /usr/src/sys/modules/agp/agp_ali.o EXTRA: /usr/src/sys/modules/agp/agp_amd.o EXTRA: /usr/src/sys/modules/agp/agp_i810.o EXTRA: /usr/src/sys/modules/agp/agp_if.c EXTRA: /usr/src/sys/modules/agp/agp_if.o EXTRA: /usr/src/sys/modules/agp/agp.kld EXTRA: /usr/src/sys/modules/agp/setdefs.h EXTRA: /usr/src/sys/modules/agp/setdef0.c EXTRA: /usr/src/sys/modules/agp/setdef1.c EXTRA: /usr/src/sys/modules/agp/setdef0.o EXTRA: /usr/src/sys/modules/agp/setdef1.o EXTRA: /usr/src/sys/modules/agp/agp.ko EXTRA: /usr/src/sys/modules/if_tap/@ EXTRA: /usr/src/sys/modules/if_tap/machine EXTRA: /usr/src/sys/modules/if_tap/opt_devfs.h EXTRA: /usr/src/sys/modules/if_tap/opt_inet.h EXTRA: /usr/src/sys/modules/if_tap/vnode_if.h EXTRA: /usr/src/sys/modules/if_tap/if_tap.o EXTRA: /usr/src/sys/modules/if_tap/if_tap.kld EXTRA: /usr/src/sys/modules/if_tap/setdefs.h EXTRA: /usr/src/sys/modules/if_tap/setdef0.c EXTRA: /usr/src/sys/modules/if_tap/setdef1.c EXTRA: /usr/src/sys/modules/if_tap/setdef0.o EXTRA: /usr/src/sys/modules/if_tap/setdef1.o EXTRA: /usr/src/sys/modules/if_tap/if_tap.ko EXTRA: /usr/src/sys/modules/netgraph/ether/@ EXTRA: /usr/src/sys/modules/netgraph/ether/machine EXTRA: /usr/src/sys/modules/netgraph/ether/ng_ether.o EXTRA: /usr/src/sys/modules/netgraph/ether/ng_ether.kld EXTRA: /usr/src/sys/modules/netgraph/ether/__netgraph_hack_dep.c EXTRA: /usr/src/sys/modules/netgraph/ether/netgraph EXTRA: /usr/src/sys/modules/netgraph/ether/setdefs.h EXTRA: /usr/src/sys/modules/netgraph/ether/setdef0.c EXTRA: /usr/src/sys/modules/netgraph/ether/setdef1.c EXTRA: /usr/src/sys/modules/netgraph/ether/setdef0.o EXTRA: /usr/src/sys/modules/netgraph/ether/setdef1.o EXTRA: /usr/src/sys/modules/netgraph/ether/ng_ether.ko To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
RE: Files in /usr/src
On 02-Mar-01 Kevin Oberman wrote: Today I ran cvsupchk over my source tree to see if there was any old cruft to clean up. I've done this for my ports, but never for src. In any case, it spotted some stuff I had edited, as I would expect, but it also found object and other files in sys/modules/agp, sys/modules/if_tap, and sys/modules/netgraph/ether. all files were created back in July and August of last year. I can't imagine how I could have causes these to be created, but I thought that FreeBSD never touched the src tree during a make world, so I am uncertain if it's save to remove these. Could there have been some weirdness back then in the buildkernel stuff? I seem to recall that the building of modules was moved out of buildworld and into buildkernel at about that time. Thanks, These are just from where the modules were built by hand, for example: # cd /sys/modules/agp ; make You can safely remove these files. In fact, you can just do something like this: # cd /sys/modules/agp # make cleandir ; make cleandir # cd ../if_tap # make cleandir ; make cleandir # cd ../netgraph/ether # make cleandir ; make cleandir to clean all of them out. -- John Baldwin [EMAIL PROTECTED] -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.baldwin.cx/~john/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Files in /usr/src
On Fri, 2 Mar 2001, Kevin Oberman wrote: Today I ran cvsupchk over my source tree to see if there was any old cruft to clean up. I've done this for my ports, but never for src. In any case, it spotted some stuff I had edited, as I would expect, but it also found object and other files in sys/modules/agp, sys/modules/if_tap, and sys/modules/netgraph/ether. all files were created back in July and August of last year. Mistakes happen. Try running 'make cleandir make cleandir' in your /usr/src directory then try the test again. Doug -- "Pain heals. Chicks dig scars. Glory . . . lasts forever." -- Keanu Reeves as Shane Falco in "The Replacements" Do YOU Yahoo!? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: more strange problem with broken pipes and ssh
Mike Tancsa wrote: At 06:32 AM 3/2/01 -0800, Cy Schubert - ITSD Open Systems Group wrote: In message [EMAIL PROTECTED], Mike Tancsa wr ites: OK, here is another strange problem with SSH and pipes. When connecting via some means other than ssh, the commands grep reject /var/log/maillog | less displays data as expected. However, when connected via ssh, hitting q to exit from less, I get a whole mess of grep: writing output: Broken pipe grep: writing output: Broken pipe grep: writing output: Broken pipe grep: writing output: Broken pipe This is with stable as of today and the problem showed up since the last ssh commits. The amount of broken pipes seems to scale with the amount of data less has, and it seems you need at least more than a screen full. I'm using -stable as of Feb 27 04:15 PST. No problems here. Is there something in your ssh config that might either cause this bug to manifest itself? If I recall you never had the problem with the makewhatis script and ssh as well due to some special config of your ssh (Kerberos?) ? This is with 4.2-STABLE FreeBSD 4.2-STABLE #0: Mon Feb 26 Like the problem with the makewhatis broken pipes (and certain ports), the problem does not show itself when connecting to the machine via telnet or rlogin. I had some broken pipe messages when I tried to upgrade to kde-2.1. I backed up and telneted in and finished the install. Kent ---Mike To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message -- Kent Stewart Richland, WA mailto:[EMAIL PROTECTED] http://kstewart.urx.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
Re: Continued panics on a recent STABLE machine
Try to get a core guys ( keep a copy of the kernel.debug). It looks like it should be possible to get a core. My guess is someone broke something associated with mbuf handling. The virtual address is completely and utterly bogus. -Matt : : :OK, I feel like I am cursed. I tried with a plain old RealTek, and the same :type of panic : :Fatal trap 12: page fault while in kernel mode :fault virtual address = 0xdcc03e00 :fault code = supervisor read, page not present :instruction pointer = 0x8:0xc0205980 :stack pointer = 0x10:0xc02a9e20 :frame pointer = 0x10:0xc02a9e2c :code segment= base 0x0, limit 0xf, type 0x1b : = DPL 0, pres 1, def32 1, gran 1 :processor eflags= interrupt enabled, resume, IOPL = 0 :current process = Idle :interrupt mask = net tty :kernel: type 12 trap, code=0 :Stopped at rl_encap+0x78: movl0(%edx),%eax : : : : :Mike Tancsa, tel +1 519 651 3400 :Network Administration, [EMAIL PROTECTED] :Sentex Communicationswww.sentex.net :Cambridge, Ontario Canadawww.sentex.net/mike : : :To Unsubscribe: send mail to [EMAIL PROTECTED] :with "unsubscribe freebsd-stable" in the body of the message : To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message