Re: unbound

[Stuart Henderson]

On 2012-05-20, Norman Golisz li...@zcat.de wrote:
 On Sun May 20 2012 12:08, bofh wrote:
 Ooo!  If you have time, for the great unwashed masses, if you could
 tell us what are the things we need to do in 5.1 to get this going,
 that'd be greatly appreciated.

 # pkg_add -vi unbound

Agreed, for 5.1 you should use the package, unbound wasn't added
to the source tree until later.

 Edit your rc.conf.local's $pkg_scripts to add unbound.

Also to add the syslogd flag to create the log socket inside
unbound's chroot jail.

syslogd_flags=${syslogd_flags} -a /var/unbound/dev/log

Re: Antimalware for server mail and filesystems protect

[Stuart Henderson]

On 2012-05-20, Ralph Ellis ralphell...@netscape.ca wrote:
 Clamav is the most easily available antimalware for OpenBSD.  I would 
 also take a look at F-Prot for OpenBSD workstations or servers.

 http://www.f-prot.com/download/corporate/

 I have read some reviews that F-Prot has a higher identification rate 
 for malware.
 OpenBSD itself is rarely a target for these exploits but if you are 
 using OpenBSD as a gateway or mail server for Windows systems, you may 
 find these programs helpful.

Many of the programs which hook other software into virus scanners
(amavisd-new, havp, mailscanner, etc) support multiple scanners
if you don't want to rely on just one.

Наше предложение

[Шевченко Илья]

 Sqoexmne opndbhfemhe B`xecn dek` m`opls~ g`bhqhr nr pejk`l{. B bej
vhtpnb{u reumnknchi q`lni onoskpmni nak`qr|~ dk p`gleyemh pejk`l{, lnfmn
qwhr`r| menazrm{e opnqrnp{ qerh Hmrepmer. Nrkhwm` bnglnfmnqr| sbekhwhr| qbn~
vekebs~ `sdhrnph~ h ophbkew| mnb{u jkhemrnb p`gleqrhb b qerh qbni q`ir.

Opedk`c`el   sqksch  on  qngd`mh~  Hmrepmer-q`irnb  h  kncnrhonb. M`xh vem{
ophrmn sdhbr B`q.

Q`ir nr 8000 psakei, kncnrho nr 1000 psakei.

Ondpnamnqrh m` m`xel q`ire www.shigis.ru

Hkh qbfhreq| q m`lh on reketnms: 8-911-274-73-50

BGP keeps quitting of its own accord

[Matt Hamilton]

Hi All,
  I've recently setup up a series of 6 OpenBSD boxes all running 5.1/amd64 
and connected together via an HP switch. The all run ospfd and bgpd. 
They each connect out to different external networks and most speak BGP 
to external peers.

I keep seeing bgpd just quitting of its own accord. In the logs I see 
something like this:


May 20 12:28:42 janet-fw1 bgpd[18874]: dispatch_rtmsg[change] mpath
route not found
May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.98 (Core
Router 2): sending notification: Cease, administratively down
May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.97 (Core
Router 1): sending notification: Cease, administratively down
May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.38 (Bristol
City Council): sending notification: Cease, administratively down
May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.34 (SWERN):
sending notification: Cease, administratively down

I don't know what is going on, but there is always that mpath error there 
before it cuts out. I don't seem to be able to spot a pattern in the 
timing, it just cuts out.

Any ideas? Anyone else seen this?

-Matt

La base para crecer, Curso de Mercadotecnia Moderna de las 4 P a las 4 C

[Antonio Robles M.]

!Muy Importante!
Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a
su Bandeja de Entrada

Apreciable Ejecutivo:

TIEM de Mixico
Empresa Lmder en Capacitacisn y Actualizacisn de Capital Humano

Ponemos a su disposicisn este excelente curso denominado:
Mercadotecnia Moderna de las 4 P a las 4 C

Ciudad de Mixico, el dma  30 de Mayo 2012

Inscrmbase 5 dmas antes de la fecha del Curso y obtenga un descuento del 15%
con Inversisn Inmediata
No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y
Profesional

En las zltimas dicadas se ha estado hablando sobre las 4 P's de la
mercadotecnia desarrolladas por Jerome McArthy (Producto, Promocisn, Precio y
Plaza). Sin embargo, unos innovadores de la Universidad de Northwestern han
visto que istas ya no se adecuan al nuevo entorno competitivo.

No obstante, lo mas difmcil y doloroso en un negocio es la administracisn del
cambio al igual que del crecimiento, ya que romper un paradigma, cambiar una
fsrmula o modificar un modelo cuesta trabajo. Aunque no es un nuevo concepto,
la controversia continza si las 4 C's desplazaran a las 4 P's.

Asm, las 4 C's se convierten de Producto evoluciona a Cliente; Promocisn /
Publicidad hacia Comunicacisn; Precio hacia Costo y finalmente, Plaza hacia
Conveniencia.

Beneficios:

Conocer  de manera integral la Ticnica de la Mercadotecnia
Aprovechar el potencial que ofrece la mercadotecnia a todo tipo de
organizaciones, sin importar su giro, tamaqo y situacisn
Desarrollar mejoras para incrementar la satisfaccisn del cliente, las ventas y
la rentabilidad
Generar una real orientacisn de toda la empresa hacia el cliente final
Comprender el alcance de la funcisn mercadoticnica y utilizarla de manera
total e integral
Diseqar estrategias de mercadotecnia en sus respectivas areas/ambitos de
competencia
Objetivos del Curso:
Proporcionar una visisn integral y actual de la Mercadotecnia, con sus
aspectos clave para el diseqo de estrategias comerciales que permitan la
generacisn de valor, incremento en la base de clientes, su satisfaccisn,
retencisn y una mejor rentabilidad.

Para mayor informacisn, favor de responder este correo con los siguientes
datos:
 Empresa:
 Nombre:
 Ciudad:
 Telifono:

O si lo prefiere comunmquese a los telifonos:

Del DF al 5611-0969 con 10 lmneas
Interior del Pams Lada sin Costo
01 800 900 TIEM (8436)
Aceptamos todas las TDC y Dibito.
**Promocisn: 3 meses sin Intereses pagando con American Express
**Aplica solo con Inversisn Normal

.Todos los Derechos Reservados )2011 TIEM Talento e Innovacisn Empresarial
de Mixico
Este Mensaje le ha sido enviado como usuario de TIEM de Mixico o bien un
usuario le refiris para recibir este boletmn.
Como usuario de TIEM de Mixico, en este acto autoriza de manera expresa que
TIEM de Mixico le puede contactar vma correo electrsnico u otros medios.
Si usted ha recibido este mensaje por error, haga caso omiso de il y reporte
su cuenta respondiendo este correo con el subject BAJABD
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del receptor.

bgpd Route Distinguisher problem

[Hendrik Meyburgh]

Hi,

I have a problem where the default install of 5.1 does not import routes into
the rdomain solely based on the community but it uses the route
distinguisher.

This causes the below scenario:

in bgpd.conf
rdomain 2 {
descr Testing
rd 65001:238
import-target rt 65001:238
export-target rt 65001:238
depend on mpe2
network 192.168.10.2/32
}


from bgpctl show ip bgp detail:

Route that gets imported:
BGP routing table entry for rd 65001:238 192.168.76.128/25
65001
Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1)
Origin incomplete, metric 0, localpref 100, external, valid, best
Last update: 00:14:46 ago
Ext. communities: rt 65001:238

route that does not get imported:
BGP routing table entry for rd 172.16.0.1:425 192.168.70.0/23
65001 64544
Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1)
Origin IGP, metric 0, localpref 100, external, valid, best
Last update: 00:14:46 ago
Ext. communities: rt 65001:238


I came across the below link which contained some suggested patches where some
has been imported into -current and some have not.

http://www.mentby.com/Group/openbsd-misc/route-target-import-export-in-bgpd.h
tml

My question is, how do I know into what source these patches must be merged as
I have tried -current and -stable but on both I ran into issues merging as
there as some problems with the spacing when copying from the browsers.

Do anyone know if this fix has been implemented already into a tree that I am
not aware of?

科研项目申报指导会议通知（杭州市）

[uyvklt]

23:18:39

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of 
=?utf-8?B?56eR5oqA5Yib5paw5LiO6aG555uu55Sz5oql5om25oyB5pS/562WLS0oNuaciDE05pel5p2t5beeKS5kb2M=?=]

Tuning for pppoe over fibre 30M/1M link

[David Diggles]

Now I'm all upgraded to 5.1 I'm very happy with it all, other than a few 
minor issues,
most notably:

I am still getting 300 kilobytes/second download speed with OpenBSD pppoe, 
however when
I plug directly into a Mac and run pppoe on it, 3 megabytes/second.

What should I look at for tuning this to get 3MB/s through OpenBSD?

Connection: pppoe, over fibre, 30M downlink, 1M uplink

The OpenBSD gateway is using the kernel pppoe driver.
...
OpenBSD 5.1 (GENERIC) #160: Sun Feb 12 09:46:33 MST 2012
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by National Semi (CyrixInstead 
586-class) 301 MHz
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
real mem  = 132182016 (126MB)
avail mem = 119992320 (114MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/18/01, BIOS32 rev. 0 @ 0xfae40, SMBIOS 
rev. 2.2 @ 0xf0800 (42 entries)
bios0: vendor Award Software International, Inc. version 6.00 PG date 
07/18/2001
apm0 at bios0: Power Management spec V1.2
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0xb2c8
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb70/80 (3 entries)
pcibios0: PCI Exclusive IRQs: 10 11 12
pcibios0: no compatible PCI ICU found: ICU vendor 0x1078 product 0x0100
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0: (uniprocessor)
cpu0: TSC disabled
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Cyrix GXm PCI rev 0x00
rl0 at pci0 dev 14 function 0 Realtek 8139 rev 0x10: irq 12, address 
00:90:0b:04:bb:f1
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci0 dev 15 function 0 Realtek 8139 rev 0x10: irq 10, address 
00:90:0b:04:bb:f2
rlphy1 at rl1 phy 0: RTL internal PHY
rl2 at pci0 dev 16 function 0 Realtek 8139 rev 0x10: irq 11, address 
00:90:0b:04:bb:f3
rlphy2 at rl2 phy 0: RTL internal PHY

strange dmesg/log entries

[Chris Smith]

Running -current (updated 5/19/12) and saw these entries today:
=
pf: pfi_table_update: cannot set 1 new addresses into table fxp1:0: 12
pf: pfi_table_update: cannot set 1 new addresses into table fxp1:network: 12
pf: pfi_table_update: cannot set 1 new addresses into table fxp1: 12
=

fxp1 is my external interface, I get one dynamic IP address from my
cable provider (although it hasn't changed in months).

Any clues?

Thanks,

Chris

adjfreq() question

[Alan Corey]

Can adjfreq() adjust the frequency of the real time clock that runs when 
the computer is turned off or is it just the clock within the operating 
system?


I just ported chu by William Rossi and I'm wondering if adjfreq might be a 
workaround for not having Linux's Timex.  I've only had it running a 
couple days, just looking at the first plots.  I don't really need super 
accuracy, something like 1/2 second would be good enough.  There's a 
writeup at http://ab1jx.webs.com/toys/chu/index.html


  Alan

Re: Unbound

[Geoff Steckel]

On 05/20/2012 10:49 PM, Nick Holland wrote:

On 05/20/12 17:49, David Diggles wrote:

Ok, I am interested in opinions on why one should migrate from BIND to unbound?

1) It is unlikely there will be any more updates to BIND9 in OpenBSD
base install.
2) It is even more unlikely that the comedyfest that BIND10 appears to
be added to OpenBSD base install (*snicker* python?? *snicker*)
3) BIND sucks.  Degree of suckage has varied from release to release,
but it has consistently remained a bad idea implemented poorly.
4) Unbound  NSD sucks less.

Nick.

My site needs both split horizon and pretty complete authoritative support.
Does anyone have suggestions about BIND replacement(s) for this scenario?
Right now BIND works for me (for some value of works.)

One machine serving as:
  1) primary nameserver for multiple domains
  2) secondary nameserver for multiple domains
  3) internal nameserver for domains in (1) with additional records
  4) internal nameserver for internal domains

If there is a discussion of this in an archive some place I'll look for it.
I didn't see much useful searching for split horizon and unbound.

thanks!
Geoff Steckel

Re: BGP keeps quitting of its own accord

[Claudio Jeker]

On Mon, May 21, 2012 at 11:19:11AM +, Matt Hamilton wrote:
 Hi All,
   I've recently setup up a series of 6 OpenBSD boxes all running 5.1/amd64 
 and connected together via an HP switch. The all run ospfd and bgpd. 
 They each connect out to different external networks and most speak BGP 
 to external peers.
 
 I keep seeing bgpd just quitting of its own accord. In the logs I see 
 something like this:
 
 
 May 20 12:28:42 janet-fw1 bgpd[18874]: dispatch_rtmsg[change] mpath
 route not found
 May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.98 (Core
 Router 2): sending notification: Cease, administratively down
 May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.97 (Core
 Router 1): sending notification: Cease, administratively down
 May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.38 (Bristol
 City Council): sending notification: Cease, administratively down
 May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.34 (SWERN):
 sending notification: Cease, administratively down
 
 I don't know what is going on, but there is always that mpath error there 
 before it cuts out. I don't seem to be able to spot a pattern in the 
 timing, it just cuts out.
 
 Any ideas? Anyone else seen this?
 

The dispatch_rtmsg[change] mpath route not found is a fatal error (bgpd
quits because of this). The problem seems to be a multipath route that is
changed but bgpd can not find the route in its own table and freaks out.
I have not seen this happen so it seems to depend on the setup. Currently
I'm unsure how that can happen, it looks like bgpd missed some routing
updates.


-- 
:wq Claudio

Re: bgpd Route Distinguisher problem

[Claudio Jeker]

On Mon, May 21, 2012 at 02:58:50PM +0200, Hendrik Meyburgh wrote:
 Hi,
 
 I have a problem where the default install of 5.1 does not import routes into
 the rdomain solely based on the community but it uses the route
 distinguisher.
 
 This causes the below scenario:
 
 in bgpd.conf
 rdomain 2 {
 descr Testing
 rd 65001:238
 import-target rt 65001:238
 export-target rt 65001:238
 depend on mpe2
 network 192.168.10.2/32
 }
 
 
 from bgpctl show ip bgp detail:
 
 Route that gets imported:
 BGP routing table entry for rd 65001:238 192.168.76.128/25
 65001
 Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1)
 Origin incomplete, metric 0, localpref 100, external, valid, best
 Last update: 00:14:46 ago
 Ext. communities: rt 65001:238
 
 route that does not get imported:
 BGP routing table entry for rd 172.16.0.1:425 192.168.70.0/23
 65001 64544
 Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1)
 Origin IGP, metric 0, localpref 100, external, valid, best
 Last update: 00:14:46 ago
 Ext. communities: rt 65001:238
 
 
 I came across the below link which contained some suggested patches where some
 has been imported into -current and some have not.
 
 http://www.mentby.com/Group/openbsd-misc/route-target-import-export-in-bgpd.h
 tml
 
 My question is, how do I know into what source these patches must be merged as
 I have tried -current and -stable but on both I ran into issues merging as
 there as some problems with the spacing when copying from the browsers.

Yeah, you need to fetch the raw message for that. IIRC marc.info offers
that. Copy-paste almost never works.
 
 Do anyone know if this fix has been implemented already into a tree that I am
 not aware of?

This is fixed in -current. At least the problem with using the RD for
distribution. What is not yet fixed is the problem with reimporting a
prefix on the same machine but into different routing domain. The problem
here is that I don't like my own diff. I want a cleaner fix for this but
did not have time to fix this.

-- 
:wq Claudio

Re: Unbound

[Chris Smith]

On Mon, May 21, 2012 at 3:30 PM, Geoff Steckel g...@oat.com wrote:
 My site needs both split horizon and pretty complete authoritative support.
 Does anyone have suggestions about BIND replacement(s) for this scenario?

NSD for authoritative and Unbound (both from NLnet Labs of Amsterdam)
for caching resolver should do just fine. NSD is used on the RIPE root
nameserver so I'm guessing it can handle your environment. And Unbound
is its resolver/cache counterpart. Check out the NSD and Unbound
websites; they both have mailing lists as well.

The setup is (logically) not unlike djbdns if you're familiar with it,
where tinydns was the authoritative server and dnscache was the
resolver/cache.

NSD uses BIND style zonefiles which may ease the change.

Chris

Re: routeuvm_fault panic while starting LDPd

[Claudio Jeker]

On Thu, May 10, 2012 at 08:19:58PM -0300, Rafael Zalamena wrote:
 While I was configuring a new ALIX to my MPLS setup a panic ocurred
 while starting LDPd daemon.
 
 Steps:
 1. Configure all interfaces using /etc/hostname.*, then run 'sh
 /etc/netstart'
 2. Configure ospfd.conf, then start it: ospfd -dv 
 3. Configure ldpd.conf, then start it: ldpd -dv
 4. Panic
 
 I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD
 5.1-release on all 3 ALIX now, it happened while I was setting up the
 last ALIX connected to the other two.
 
 p.s. note the scrambled print output of LDPd before dying.
 


 Panic log
 ===
 # ldpd -dv
 startup
 kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) - e
  0.0.0.0/0
 kernkel add route 10.e0.3.0/24
 kernelr add route 10.0.n4.0/24
 kernel aedd route 10.0.10l.3/32
 kernel ad:d route 192.168. 3.0/24
 page fault trap, code=0
 Stopped at  ifaof_ifpforaddr+0x26:  movl0x14(%edx),%edx

 ddb trace
 ifaof_ifpforaddr(d11884d8,0,0,d03e6afd,d09e1220) at ifaof_ifpforaddr+0x26
 ifa_ifwithroute(140003,d11884d8,d11884e8,0,d09e1220) at ifa_ifwithroute+0x61
 rt_getifa(d8c9acfc,0,d1188a0c,2,0) at rt_getifa+0xe2
 rtrequest1(1,d8c9acfc,8,d8c9ad54,0) at rtrequest1+0x5f7
 route_output(d54ebb00,d5358008,d54ebb00,0,0) at route_output+0xe29
 route_usrreq(d5358008,9,d54ebb00,0,0) at route_usrreq+0x65
 sosend(d5358008,0,d8c9aec0,d54ebb00,0) at sosend+0x456
 soo_write(d54d2370,d54d238c,d8c9aec0,d54f23c0,d54e44c8) at soo_write+0x3b
 dofilewritev(d54df680,4,d54d2370,cfbf3f40,3) at dofilewritev+0x131
 sys_writev(d54df680,d8c9af64,d8c9af84,d0576b0a,d54df680) at sys_writev+0x7c
 syscall() at syscall+0x26a
 --- syscall (number 0) ---
 0x2:
 ddb

The ifp passed to ifaof_ifpforaddr() is NULL. How that can happen is
unclear to me, it seems like the found ifa is not valid anymore.
Is this crash easy to trigger? Can I get you're hostname.* files,
ospfd.conf and ldpd.conf for all three boxes?

-- 
:wq Claudio

Re: adjfreq() question

[Christian Weisgerber]

Alan Corey alan01...@gmail.com wrote:

 Can adjfreq() adjust the frequency of the real time clock that runs when 
 the computer is turned off or is it just the clock within the operating 
 system?

The latter.

 I just ported chu by William Rossi and I'm wondering if adjfreq might be a 
 workaround for not having Linux's Timex.

If all you need to do is set the frequency, sure.
See the FreeBSD port for openntpd which does the reverse and replaces
adjfreq() with ntp_adjtime().

 There's a writeup at http://ab1jx.webs.com/toys/chu/index.html

adjtimex() isn't really Linux-specific, although maybe the name is.
It offers access to the kernel PLL for the NTP reference implementation.
The corresponding code was removed from OpenBSD over a license
dispute.

The FreeBSD port is bizarre.  It should just substitute ntp_adjtime()
for adjtimex().

There is nothing wrong with assuming that OSS /dev/dsp defaults to
8 kHz, U8 (not mu-law), mono.  It's documented that way.

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Re: Unbound

[Dan Harnett]

On Mon, May 21, 2012 at 03:30:49PM -0400, Geoff Steckel wrote:
 My site needs both split horizon and pretty complete authoritative support.
 Does anyone have suggestions about BIND replacement(s) for this scenario?
 Right now BIND works for me (for some value of works.)
 
 One machine serving as:
   1) primary nameserver for multiple domains
   2) secondary nameserver for multiple domains
   3) internal nameserver for domains in (1) with additional records
   4) internal nameserver for internal domains
 
 If there is a discussion of this in an archive some place I'll look for it.
 I didn't see much useful searching for split horizon and unbound.

You would have to run multiple instances of nsd and/or unbound for the
equivalent of BIND views.  It's pretty flexible, but you might have to
get a little creative.

For example, in your scenario, one instance of nsd could be used for 1
and 2, and then a second instance for 3 and 4 that serves a different 
set of zone files with the additional records.  You can even toss pf or
something into the mix to redirect to the proper instance based on 
source or destination IP address.

unbound also has the ability to serve authoritative data.  If in your
scenario the internal nameserver is also used for recursive queries,
then you can just add the additional records to unbound and have unbound
redirect the rest to nsd.  In this case, you might only need one
instance of unbound and one instance of nsd.

consulta

[A.R.Pueyo Asociados]

De nuestra mayor consideracion:  Les hacemos llegar este email para
presentarles a A.R.Pueyo  Asociados, empresa argentina de soluciones en
informatica con 30 aqos de experiencia en el mercado.  A.R.Pueyo  Asociados
brinda servicios de:
Asesoramiento Tecnico y Consultoria en Sistemas.
Consultoria en Seguridad Informatica.
Desarrollo de software a medida.
Desarrollo de software para Smartphones y Tablets, adaptables a su sistema
actual.
Armado, configuracion y mantenimiento de redes, tanto cableadas como
inalambricas (Wi-Fi).
Provision, instalacion y mantenimiento de Servidores (Correo corporativo, Web,
etc.).
Diseqo, instalacion y mantenimiento de DataCenters llave en mano.
Diseqo, instalacion y mantenimiento de sistemas de Streaming, para
transimision de audio o video en tiempo real.
Provision, instalacion y mantenimiento de Sistemas de Camaras IP
(VideoVigilancia), con acceso remoto via web.
Servicio Tecnico de PC4s, Notebook, Netbooks, Monitores e Impresoras en
Laboratorio propio, domicilio del cliente o remotamente. Nos gustaria poder
tener una breve reunion con ustedes, a fin de presentarles mayor detalle.
?Tendran unos minutos la proxima semana para que los visitemos?  Por otro
lado, queremos invitarlos a seguirnos a traves de Facebook en la direccion
www.facebook.com/ARPueyoyAsoc o bien clickeando en el link que figura al final
de este correo, donde muy pronto incorporaremos noticias del mundo IT,
novedades sobre nuevos productos y/o servicios, y promociones exclusivas para
nuestros seguidores.  Desde ya muchas gracias.  Cordialmente,  Dto. Comercial
A.R.Pueyo  Asociados 30 aqos al servicio de la tecnologia Tel./Fax: (54)(11)
4208-4201 (Lineas Rotativas)
E-mail: market...@arpueyosoft.com.ar Web: www.arpueyosoft.com.ar

MPLS VPN with GRE tunnels between PEs

[Bert Smith]

Hi,

I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels
between PEs (RFC 4797) instead of an MPLS backbone. I have followed the
instructions in the Demystifying MPLS paper (
http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following
mailing list posts:
http://old.nabble.com/BGP-MPLS-VPN-tt31327789.html#a31397215
http://marc.info/?l=openbsd-miscm=127470697232025w=2
http://marc.info/?l=openbsd-miscm=129112614017103w=2

Here is my setup:


| Juniper router 1 |  lo0 192.168.20.2
|   |  VRF 8 with loopback 192.168.55.1

 | 192.168.10.4
 |
 | 192.168.10.5

| Juniper router 2 |  lo0 192.168.20.3
|   |  VRF 8 with loopback 192.168.56.1

 | 10.0.4.1
 |
 | vlan4092 10.0.4.3

| OpenBSD box   |  lo0 192.168.20.5
|   |  rdomain 8 192.168.55.2


I want all three routers to act as PEs but without any MPLS connectivity
between them. RFC 4797 allows this by allowing the following encapsulation
scheme for say a ping from Juniper 1 to OpenBSD box:

[This is what I should ideally get]:
* Ping request:
IP header: src 192.168.20.2 dst 192.168.20.5
GRE header: just the GRE shim
MPLS label identifying the rdomain: 666
IP header: src 192.168.55.1 dst 192.168.55.2
ICMP ping request

* Ping reply:
IP header: src 192.168.20.5 dst 192.168.20.2
GRE header: just the GRE shim
MPLS label identifying the VRF: 300720
IP header: src 192.168.55.2 dst 192.168.55.1
ICMP ping reply

However, the following is what I actually get:
* Ping request:
IP header: src 192.168.20.2 dst 192.168.20.5
GRE header: just the GRE shim
MPLS label identifying the rdomain: 666
IP header: src 192.168.55.1 dst 192.168.55.2
ICMP ping request

* Ping reply:
MPLS label identifying the VRF: 300720
IP header: src 192.168.55.2 dst 192.168.55.1
ICMP ping reply

The reply back from the OpenBSD box does not GRE-encapsulate the MPLS
packet and since I don't have a MPLS LSP set up between OpenBSD box and
Juniper 1, the ping reply never reaches Juniper 1.

Here is the tcpdump where I see the above:
# tcpdump -i vlan4092 -s 1500 -Xvvv not tcp and not udp

13:52:39.188348 gre 192.168.20.2  192.168.20.5: [] gre-proto-0x8847 (DF)
(ttl 63, id 0, len 112)
  : 4500 0070  4000 3f2f 9207 c0a8 1402  E..p..@.?/..o?=o?=..
  0010: c0a8 1405  8847 0029 a1ff 4500 0054  o?=o?=.G.)o?=o?=E..T
  0020: efee  4001 9b66 c0a8 3701 c0a8 3702  o?=o?=..@..fo?=o?=7.o?=o?=7.
  0030: 0800 6bf0 521e 0151 f8d4 ba4f 8c78 0e00  ..ko?=R..Qo?=T:O.x..
  0040: 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617  
  0050: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627   !#$%'
  0060: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637  ()*+,-./01234567

13:52:39.188374 MPLS(label 300720, exp 0, ttl 255) 192.168.55.2 
192.168.55.1: icmp: echo reply (id:521e seq:337) (ttl 255, id 64891, len 84)
  : 496b 01ff 4500 0054 fd7b  ff01 ced8  Ik.o?=E..To?={..o?=.o?=
  0010: c0a8 3702 c0a8 3701  73f0 521e 0151  o?=o?=7.o?=o?=7...so?=R..Q
  0020: f8d4 ba4f 8c78 0e00 0809 0a0b 0c0d 0e0f  o?=T:O.x..
  0030: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f  
  0040: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f   !#$%'()*+,-./
  0050: 3031 3233 3435 3637  01234567

Here are the various pieces of my configuration:

# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff00
re0: flags=88843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS mtu 1500
lladdr c8:9c:dc:dd:1a:f6
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::ca9c:dcff:fedd:1af6%re0 prefixlen 64 scopeid 0x1
pflog0: flags=141UP,RUNNING,PROMISC mtu 33152
priority: 0
groups: pflog
vlan4092: flags=88843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,MPLS mtu 1500
lladdr c8:9c:dc:dd:1a:f6
priority: 0
vlan: 4092 priority: 0 parent interface: re0
groups: vlan egress
status: active
inet 10.0.4.3 netmask 0xff00 broadcast 10.0.4.255
inet6 fe80::ca9c:dcff:fedd:1af6%vlan4092 prefixlen 64 scopeid 0x5
lo1: flags=8149UP,LOOPBACK,RUNNING,PROMISC,MULTICAST mtu 33152
priority: 0
groups: lo
inet6 fe80::1%lo1 prefixlen 64 scopeid 0x6
inet 192.168.20.5 netmask 0x
gre0: flags=a9011UP,POINTOPOINT,LINK0,MULTICAST,NOINET6,MPLS mtu 1476
priority: 0
groups: gre
physical address inet 192.168.20.5 -- 192.168.20.2
inet 192.168.55.2 -- 192.168.55.1 netmask 0x
mpe8: flags=20011UP,POINTOPOINT,NOINET6 rdomain 8 mtu 1500
priority: 

Re: Tuning for pppoe over fibre 30M/1M link

[David Diggles]

 FWIW, I have 20M/5M VDSL service at home and have zero issue doing
 20Mbps with OpenBSD as my pppoe-based firewall.  That said, while I
 wouldn't expect a 300MHz machine to limit you to 2.4Mbps, it is a bit
 weak--and rl NICs are some of the worst out there.  Curiously, when
 doing 2.4Mbps, what does top show for interrupts?  For comparison,
 when I'm doing 20Mbps, my interrupts are at 5-6% using em and fxp
 NICs.

Good point.  1MB/s is the best I can get with this HW on a local
network test.  The interrupts max out.

I would still like to find out why I only get 300KB/s through the pppoe.
1MB/s would be a nice improvement, and I could put up with it, for
sake of having OpenBSD security until I get around to upgrading the HW.

Can anyone recommend an embedded product that would be adequette for
100Mbps? (thinking of future network upgrades).

Cheers,
.d.d.

Upgrading OpenBSD

[Richards, Toby]

While my question involves other BSD's as well as Linux systems, I am
asking this here because OpenBSD's philosophy is the most attractive
to me.

I've got about 50 servers to manage. OpenBSD does have an Upgrade
option, but does it upgrade the installed packages? As far as I can
tell, it does not. I do very much appreciate the technology that has
come from the OpenBSD project, yet it seems to me that most *free*
operating systems do not fully support an upgrade path. I can't [fully]
upgrade from one OpenBSD release to another (unless following STABLE
gets me from one RELEASE to another, but AFAIK it does not). I cannot
seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
for every version of Mint Linux.

The two major commercial operating systems (considered to be evil by
the FOSS community) easily upgrade from one version to the next. That's
important in a real-life production environment. In 2001, I upgraded
200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
without incident. I've had similar experience with all subsiquent
MicroEvil systems. I do hate MicroEvil, but I can make only limited
conclusions regarding the upgrade paths of other operating systems:

1) Your project exists only for the sake of doing the project, and for
the technologies that it produces (such as OpenSSH).

2) Folks are expected to install a version of OpenBSD, but not upgrade
because there's no reason to fix something that isn't broken.

3) OpenBSD is only for organizations who have so few servers or so many
IT folks that re-installing everything from scratch is not inviably
cumbersome.

4) I am oblivious to some upgrade path technique for FOSS operating
systems.

Please enlighten me.

Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150

Fab Faya Newsletter 16 - Fab Faya @ Masquerade Istanbul (Turkey)

[Fab Faya Official newsletter]

Newsletter #16















Don't want to receive this e-mail ? Send your adress with the word
Delete and your e-mail adress to newslett...@fabfaya.com

http://www.fabfaya.com
i...@fabfaya.com
Fab Faya Official website

Don't want to receive this e-mail ?
Send your adress with the word Delete
and your e-mail adress to newslett...@fabfaya.com

Re: Upgrading OpenBSD

[Brian W.]

In freebsd you could use portupgrade or portmaster; I dont know what the
openbsd options are.
On May 21, 2012 6:48 PM, Richards, Toby toby.richa...@slo.courts.ca.gov
wrote:

 While my question involves other BSD's as well as Linux systems, I am
 asking this here because OpenBSD's philosophy is the most attractive
 to me.

 I've got about 50 servers to manage. OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages? As far as I can
 tell, it does not. I do very much appreciate the technology that has
 come from the OpenBSD project, yet it seems to me that most *free*
 operating systems do not fully support an upgrade path. I can't [fully]
 upgrade from one OpenBSD release to another (unless following STABLE
 gets me from one RELEASE to another, but AFAIK it does not). I cannot
 seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
 re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
 for every version of Mint Linux.

 The two major commercial operating systems (considered to be evil by
 the FOSS community) easily upgrade from one version to the next. That's
 important in a real-life production environment. In 2001, I upgraded
 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
 without incident. I've had similar experience with all subsiquent
 MicroEvil systems. I do hate MicroEvil, but I can make only limited
 conclusions regarding the upgrade paths of other operating systems:

 1) Your project exists only for the sake of doing the project, and for
 the technologies that it produces (such as OpenSSH).

 2) Folks are expected to install a version of OpenBSD, but not upgrade
 because there's no reason to fix something that isn't broken.

 3) OpenBSD is only for organizations who have so few servers or so many
 IT folks that re-installing everything from scratch is not inviably
 cumbersome.

 4) I am oblivious to some upgrade path technique for FOSS operating
 systems.

 Please enlighten me.

 Respectfully Submitted,
 R. Toby Richards
 Network Administrator
 Superior Court of California
 In and for the County of San Luis Obispo
 (805) 781-4150

Re: Upgrading OpenBSD

[Mike Erdely]

On Mon, May 21, 2012 at 9:43 PM, Richards, Toby
toby.richa...@slo.courts.ca.gov wrote:
 OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages?

pkg_add -ui

Re: routeuvm_fault panic while starting LDPd

[Rafael Zalamena]

On Mon, May 21, 2012 at 5:16 PM, Claudio Jeker cje...@diehard.n-r-g.com
wrote:
 On Thu, May 10, 2012 at 08:19:58PM -0300, Rafael Zalamena wrote:
 While I was configuring a new ALIX to my MPLS setup a panic ocurred
 while starting LDPd daemon.

 Steps:
 1. Configure all interfaces using /etc/hostname.*, then run 'sh
 /etc/netstart'
 2. Configure ospfd.conf, then start it: ospfd -dv 
 3. Configure ldpd.conf, then start it: ldpd -dv
 4. Panic

 I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD
 5.1-release on all 3 ALIX now, it happened while I was setting up the
 last ALIX connected to the other two.

 p.s. note the scrambled print output of LDPd before dying.



 Panic log
 ===
 # ldpd -dv
 startup
 kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) - e
  0.0.0.0/0
 kernkel add route 10.e0.3.0/24
 kernelr add route 10.0.n4.0/24
 kernel aedd route 10.0.10l.3/32
 kernel ad:d route 192.168. 3.0/24
 page fault trap, code=0
 Stopped at  ifaof_ifpforaddr+0x26:  movl0x14(%edx),%edx

 ddb trace
 ifaof_ifpforaddr(d11884d8,0,0,d03e6afd,d09e1220) at ifaof_ifpforaddr+0x26
 ifa_ifwithroute(140003,d11884d8,d11884e8,0,d09e1220) at
ifa_ifwithroute+0x61
 rt_getifa(d8c9acfc,0,d1188a0c,2,0) at rt_getifa+0xe2
 rtrequest1(1,d8c9acfc,8,d8c9ad54,0) at rtrequest1+0x5f7
 route_output(d54ebb00,d5358008,d54ebb00,0,0) at route_output+0xe29
 route_usrreq(d5358008,9,d54ebb00,0,0) at route_usrreq+0x65
 sosend(d5358008,0,d8c9aec0,d54ebb00,0) at sosend+0x456
 soo_write(d54d2370,d54d238c,d8c9aec0,d54f23c0,d54e44c8) at soo_write+0x3b
 dofilewritev(d54df680,4,d54d2370,cfbf3f40,3) at dofilewritev+0x131
 sys_writev(d54df680,d8c9af64,d8c9af84,d0576b0a,d54df680) at
sys_writev+0x7c
 syscall() at syscall+0x26a
 --- syscall (number 0) ---
 0x2:
 ddb

 The ifp passed to ifaof_ifpforaddr() is NULL. How that can happen is
 unclear to me, it seems like the found ifa is not valid anymore.
 Is this crash easy to trigger? Can I get you're hostname.* files,
 ospfd.conf and ldpd.conf for all three boxes?


ALIX3: (this one panic'ed)
== /etc/hostname.lo1
10.0.10.3/32
== /etc/hostname.mpe0
mplslabel 666
192.168.3.200/32
== /etc/hostname.vr0
192.168.3.200/24
== /etc/hostname.vr1
10.0.4.2/24 mpls
== /etc/hostname.vr2
10.0.3.1/24 mpls
== /etc/ospfd.conf
router-id 10.0.10.3

area 0.0.0.0 {
interface vr0
interface vr1
interface vr2
interface lo1
}
== /etc/ldpd.conf
router-id 10.0.10.3

interface vr1
interface vr2


ALIX2:
== /etc/hostname.lo1
10.0.10.2/32
== /etc/hostname.vr1
10.0.3.2/24 mpls
== /etc/hostname.vr2
10.0.1.2/24 mpls
== /etc/ospfd.conf
router-id 10.0.10.2

area 0.0.0.0 {
interface vr1
interface vr2
interface lo1
}
== /etc/ldpd.conf
router-id 10.0.10.2

interface vr1
interface vr2


ALIX1:
== /etc/hostname.lo1
10.0.10.1/32
== /etc/hostname.mpe0
mplslabel 666
192.168.1.200/32
== /etc/hostname.vr0
192.168.1.200/24
!route add default 192.168.1.254
== /etc/hostname.vr1
10.0.1.1/24 mpls
== /etc/hostname.vr2
10.0.2.1/24 mpls
== /etc/ospfd.conf
router-id 10.0.10.1

area 0.0.0.0 {
interface vr0
interface vr1
interface vr2
interface lo1
}
== /etc/ldpd.conf
router-id 10.0.10.1

interface vr1
interface vr2


The setup topology is: http://dl.dropbox.com/u/222135/partial.png
For more information about the setup, please see the MPLS Setup thread I
made.

Steps to reproduce:
1 - Configure ALIX1 interfaces, ospf, ldpd
2 - Start interfaces and then daemons (ospf first)
3 - Repeate for 2 and 3.
4 - While repeating the process for ALIX3 it panics.

ALIX 3 crashed while starting LDPd with the others running (maybe its
a event storm thing?). I might have forgotten something, but once
everything is placed it doesn't happen anymore, so we can try to
reproduce it by reconfiguring one of the hosts while the others one
are working.

Configuration showing script:
for i in `ls -1 /etc/hostname.*`; do \
echo == $i; \
cat $i; \
done; \
echo == /etc/ospfd.conf; \
cat /etc/ospfd.conf; \
echo == /etc/ldpd.conf; \
cat /etc/ldpd.conf;

Re: routeuvm_fault panic while starting LDPd

[Rafael Zalamena]

On Mon, May 21, 2012 at 11:05 PM, Rafael Zalamena rzalam...@gmail.com
wrote:
 On Mon, May 21, 2012 at 5:16 PM, Claudio Jeker cje...@diehard.n-r-g.com
wrote:
 On Thu, May 10, 2012 at 08:19:58PM -0300, Rafael Zalamena wrote:
 While I was configuring a new ALIX to my MPLS setup a panic ocurred
 while starting LDPd daemon.

 Steps:
 1. Configure all interfaces using /etc/hostname.*, then run 'sh
 /etc/netstart'
 2. Configure ospfd.conf, then start it: ospfd -dv 
 3. Configure ldpd.conf, then start it: ldpd -dv
 4. Panic

 I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD
 5.1-release on all 3 ALIX now, it happened while I was setting up the
 last ALIX connected to the other two.

 p.s. note the scrambled print output of LDPd before dying.



 Panic log
 ===
 # ldpd -dv
 startup
 kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) - e
  0.0.0.0/0
 kernkel add route 10.e0.3.0/24
 kernelr add route 10.0.n4.0/24
 kernel aedd route 10.0.10l.3/32
 kernel ad:d route 192.168. 3.0/24
 page fault trap, code=0
 Stopped at  ifaof_ifpforaddr+0x26:  movl0x14(%edx),%edx

 ddb trace
 ifaof_ifpforaddr(d11884d8,0,0,d03e6afd,d09e1220) at ifaof_ifpforaddr+0x26
 ifa_ifwithroute(140003,d11884d8,d11884e8,0,d09e1220) at
ifa_ifwithroute+0x61
 rt_getifa(d8c9acfc,0,d1188a0c,2,0) at rt_getifa+0xe2
 rtrequest1(1,d8c9acfc,8,d8c9ad54,0) at rtrequest1+0x5f7
 route_output(d54ebb00,d5358008,d54ebb00,0,0) at route_output+0xe29
 route_usrreq(d5358008,9,d54ebb00,0,0) at route_usrreq+0x65
 sosend(d5358008,0,d8c9aec0,d54ebb00,0) at sosend+0x456
 soo_write(d54d2370,d54d238c,d8c9aec0,d54f23c0,d54e44c8) at soo_write+0x3b
 dofilewritev(d54df680,4,d54d2370,cfbf3f40,3) at dofilewritev+0x131
 sys_writev(d54df680,d8c9af64,d8c9af84,d0576b0a,d54df680) at
sys_writev+0x7c
 syscall() at syscall+0x26a
 --- syscall (number 0) ---
 0x2:
 ddb

 The ifp passed to ifaof_ifpforaddr() is NULL. How that can happen is
 unclear to me, it seems like the found ifa is not valid anymore.
 Is this crash easy to trigger? Can I get you're hostname.* files,
 ospfd.conf and ldpd.conf for all three boxes?


 ALIX3: (this one panic'ed)
 == /etc/hostname.lo1
 10.0.10.3/32
 == /etc/hostname.mpe0
 mplslabel 666
 192.168.3.200/32
 == /etc/hostname.vr0
 192.168.3.200/24
 == /etc/hostname.vr1
 10.0.4.2/24 mpls
 == /etc/hostname.vr2
 10.0.3.1/24 mpls
 == /etc/ospfd.conf
 router-id 10.0.10.3

 area 0.0.0.0 {
interface vr0
interface vr1
interface vr2
interface lo1
 }
 == /etc/ldpd.conf
 router-id 10.0.10.3

 interface vr1
 interface vr2


 ALIX2:
 == /etc/hostname.lo1
 10.0.10.2/32
 == /etc/hostname.vr1
 10.0.3.2/24 mpls
 == /etc/hostname.vr2
 10.0.1.2/24 mpls
 == /etc/ospfd.conf
 router-id 10.0.10.2

 area 0.0.0.0 {
interface vr1
interface vr2
interface lo1
 }
 == /etc/ldpd.conf
 router-id 10.0.10.2

 interface vr1
 interface vr2


 ALIX1:
 == /etc/hostname.lo1
 10.0.10.1/32
 == /etc/hostname.mpe0
 mplslabel 666
 192.168.1.200/32
 == /etc/hostname.vr0
 192.168.1.200/24
 !route add default 192.168.1.254
 == /etc/hostname.vr1
 10.0.1.1/24 mpls
 == /etc/hostname.vr2
 10.0.2.1/24 mpls
 == /etc/ospfd.conf
 router-id 10.0.10.1

 area 0.0.0.0 {
interface vr0
interface vr1
interface vr2
interface lo1
 }
 == /etc/ldpd.conf
 router-id 10.0.10.1

 interface vr1
 interface vr2


 The setup topology is: http://dl.dropbox.com/u/222135/partial.png
 For more information about the setup, please see the MPLS Setup thread I
made.

 Steps to reproduce:
 1 - Configure ALIX1 interfaces, ospf, ldpd
 2 - Start interfaces and then daemons (ospf first)
 3 - Repeate for 2 and 3.
 4 - While repeating the process for ALIX3 it panics.

 ALIX 3 crashed while starting LDPd with the others running (maybe its
 a event storm thing?). I might have forgotten something, but once
 everything is placed it doesn't happen anymore, so we can try to
 reproduce it by reconfiguring one of the hosts while the others one
 are working.

 Configuration showing script:
 for i in `ls -1 /etc/hostname.*`; do \
 echo == $i; \
 cat $i; \
 done; \
 echo == /etc/ospfd.conf; \
 cat /etc/ospfd.conf; \
 echo == /etc/ldpd.conf; \
 cat /etc/ldpd.conf;

OK, after just a little bit of thinkering I've got something.

After booting up ALIX1, I played some commands and here is what I've got.

# ifconfig vr0 alias delete
# pkill ldpd
# ldpd -dv 
[1] 1730
# startup
]accept_add: acceuvm_fault(0xd54eb880, 0x0, 0, 1) - e
pting on fd 11
kaccept_add: acceepting on fd 9
irf_act_start: intnerface vr2 link edown
if_fsm: evlent UP resulted :in action START  and changing stapte for
interfacea vr2 from DOWN tgo ACTIVE
if_fsme: event UP resul ted in action STfART and changinga state for
interuface vr1 from DOlWN to ACTIVE
ketrnel add route 0 .0.0.0/0
kernelt add route 10.0.r1.0/24
kernel aadd route 10.0.1.p0/24
kernel add, route 10.0.2.0/ 24
kernel add rcoute 10.0.3.0/24o
eernel add roudte 10.0.10.1/32
 kernel add rout=e 10.0.10.2/32
0kernel add route
 

Re: Upgrading OpenBSD

[Richards, Toby]

Will pkg_add -ui upgrade between major releases, such as php 5.2.x = 5.3.x?
When I upgraded OpenBSD 4.9 = 5.0, there was a huge issue because
it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly
upgraded to 5.3.x, but the support of both made it nearly
impossible.


Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150

From: Mike Erdely [m...@erdelynet.com]
Sent: Monday, May 21, 2012 7:05 PM
To: Richards, Toby
Cc: misc@openbsd.org
Subject: Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 9:43 PM, Richards, Toby
toby.richa...@slo.courts.ca.gov wrote:
 OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages?

pkg_add -

Re: Upgrading OpenBSD

[Matthew Weigel]

On May 21, 2012, at 9:05 PM, Mike Erdely m...@erdelynet.com wrote:

 On Mon, May 21, 2012 at 9:43 PM, Richards, Toby
 toby.richa...@slo.courts.ca.gov wrote:
 OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages?

 pkg_add -ui

Even more relevant: http://www.openbsd.org/faq/upgrade51.html

Interestingly, when I upgrade a Windows machine, there isn't a command like
pkg_add to update Acrobat Reader, Flash, Firefox, OpenOffice, Emacs, VLC, or
any of my other installed software. Even my Microsoft software like Visual
Studio or SQL Server doesn't get upgraded.
--
 Matthew Weigel

Re: Upgrading OpenBSD

[Theo de Raadt]

  On Mon, May 21, 2012 at 9:43 PM, Richards, Toby
  toby.richa...@slo.courts.ca.gov wrote:
  OpenBSD does have an Upgrade
  option, but does it upgrade the installed packages?
 
  pkg_add -ui
 
 Even more relevant: http://www.openbsd.org/faq/upgrade51.html
 
 Interestingly, when I upgrade a Windows machine, there isn't a command like
 pkg_add to update Acrobat Reader, Flash, Firefox, OpenOffice, Emacs, VLC, or
 any of my other installed software. Even my Microsoft software like Visual
 Studio or SQL Server doesn't get upgraded.

And somehow people manage to get by without chatting about it on
m...@microsoft.com.

Learn your tools.  From hammers to saws to cars to operating systems,
it is all the same.

Re: Upgrading OpenBSD

[David Diggles]

On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote:
 The two major commercial operating systems (considered to be evil by
 the FOSS community) easily upgrade from one version to the next. That's
 important in a real-life production environment. In 2001, I upgraded
 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
 without incident. I've had similar experience with all subsiquent
 MicroEvil systems. I do hate MicroEvil, but I can make only limited

I have seen applications break after Windows upgrades, I have seen
completely seamless OpenBSD upgrades. I don't think this is a realistic
comparison to make.

 conclusions regarding the upgrade paths of other operating systems:

 1) Your project exists only for the sake of doing the project, and for
 the technologies that it produces (such as OpenSSH).

This seems to imply no realworld use?  Couldn't be further from the truth.

 2) Folks are expected to install a version of OpenBSD, but not upgrade
 because there's no reason to fix something that isn't broken.

Not true. Don't upgrade at your own peril, because the security will
fall behind.  Being hacked is a more reasonable expectation with not
upgrading production systems.

 3) OpenBSD is only for organizations who have so few servers or so many
 IT folks that re-installing everything from scratch is not inviably
 cumbersome.

Also not true.  One person could easily manage 50 OpenBSD servers,
they just need to skill up on the relevant management tools.

 4) I am oblivious to some upgrade path technique for FOSS operating
 systems.

 Please enlighten me.

We could lead you to the water, but would you drink?

The best you could do is try OpenBSD out for yourself, and do some
reading up.

Re: Upgrading OpenBSD

[richardtoohey]

Quoting Richards, Toby toby.richa...@slo.courts.ca.gov:

 Will pkg_add -ui upgrade between major releases, such as php 5.2.x =
 5.3.x?
 When I upgraded OpenBSD 4.9 = 5.0, there was a huge issue because
 it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly
 upgraded to 5.3.x, but the support of both made it nearly
 impossible.

PHP 5.2.x and PHP 5.3.x are different streams of PHP - you can't assume that a
PHP 5.2.x code base will work on 5.3.

http://www.php.net/manual/en/migration53.incompatible.php

So, no, something major like that needs a bit of thinking, regardless of OS.

You'd be up the creek without a paddle if your X hundred websites based on some
PHP 5.2 feature stopped working with PHP 5.3, wouldn't you?

I've been upgrading FreeBSD and OpenBSD for the last few years (base +
ports/packages) and both have been absolutely rock solid ... sometimes there's a
little more thinking required on the administrator's part first - the system
can't guess your intentions.  You want to be on MySQL 5.1 or 5.5?  PHP 5.4? 
Apache 2.4?  I don't want the upgrade making those choices for me ...
 
 
 Respectfully Submitted,
 R. Toby Richards
 Network Administrator
 Superior Court of California
 In and for the County of San Luis Obispo
 (805) 781-4150
 
 From: Mike Erdely [m...@erdelynet.com]
 Sent: Monday, May 21, 2012 7:05 PM
 To: Richards, Toby
 Cc: misc@openbsd.org
 Subject: Re: Upgrading OpenBSD
 
 On Mon, May 21, 2012 at 9:43 PM, Richards, Toby
 toby.richa...@slo.courts.ca.gov wrote:
  OpenBSD does have an Upgrade
  option, but does it upgrade the installed packages?
 
 pkg_add -

Re: Upgrading OpenBSD

[Alan Corey]

Dump/restore can work remarkably like Symantek/Norton Ghost in this 
situation.  Get one machine as flawless as possible, then do a dump onto a 
spare hard drive.  Burn it to a DVD if you like.  Then restore onto your 
target machines.


You may have to fiddle with installboot to make the clones bootable.  The 
clones will all have the same IP address so change those before you 
connect them to a network.  If they're DHCP you should be all set.


If you stick with the generic kernel the OS is very hardware-independent. 
I've actually taken a hard drive out of an AMD machine and it booted right 
up in an Intel machine.  The biggest problem is if the network cards are 
different those have to be configured.


Upgrades are usually messy with old files hanging around, better to do 
one clean new install and clone it.


  Alan

On Mon, 21 May 2012, Richards, Toby wrote:


While my question involves other BSD's as well as Linux systems, I am
asking this here because OpenBSD's philosophy is the most attractive
to me.

I've got about 50 servers to manage. OpenBSD does have an Upgrade
option, but does it upgrade the installed packages? As far as I can
tell, it does not. I do very much appreciate the technology that has
come from the OpenBSD project, yet it seems to me that most *free*
operating systems do not fully support an upgrade path. I can't [fully]
upgrade from one OpenBSD release to another (unless following STABLE
gets me from one RELEASE to another, but AFAIK it does not). I cannot
seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
for every version of Mint Linux.

The two major commercial operating systems (considered to be evil by
the FOSS community) easily upgrade from one version to the next. That's
important in a real-life production environment. In 2001, I upgraded
200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
without incident. I've had similar experience with all subsiquent
MicroEvil systems. I do hate MicroEvil, but I can make only limited
conclusions regarding the upgrade paths of other operating systems:

1) Your project exists only for the sake of doing the project, and for
the technologies that it produces (such as OpenSSH).

2) Folks are expected to install a version of OpenBSD, but not upgrade
because there's no reason to fix something that isn't broken.

3) OpenBSD is only for organizations who have so few servers or so many
IT folks that re-installing everything from scratch is not inviably
cumbersome.

4) I am oblivious to some upgrade path technique for FOSS operating
systems.

Please enlighten me.

Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150

Re: Upgrading OpenBSD

[Kenneth R Westerback]

On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote:
 While my question involves other BSD's as well as Linux systems, I am
 asking this here because OpenBSD's philosophy is the most attractive
 to me.
 
 I've got about 50 servers to manage. OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages? As far as I can
 tell, it does not. I do very much appreciate the technology that has
 come from the OpenBSD project, yet it seems to me that most *free*
 operating systems do not fully support an upgrade path. I can't [fully]
 upgrade from one OpenBSD release to another (unless following STABLE
 gets me from one RELEASE to another, but AFAIK it does not). I cannot
 seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
 re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
 for every version of Mint Linux.

Not really sure what you mean by 'fully' upgrade. Doing the normal
upgrade and then 'pkg_add -ui' does it all for me. It does not
magically upgrade database structures, etc. of course, but what
does?

 
 The two major commercial operating systems (considered to be evil by
 the FOSS community) easily upgrade from one version to the next. That's
 important in a real-life production environment. In 2001, I upgraded
 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
 without incident. I've had similar experience with all subsiquent
 MicroEvil systems. I do hate MicroEvil, but I can make only limited
 conclusions regarding the upgrade paths of other operating systems:
 
 1) Your project exists only for the sake of doing the project, and for
 the technologies that it produces (such as OpenSSH).

True, but not relevant to your case I think.

 
 2) Folks are expected to install a version of OpenBSD, but not upgrade
 because there's no reason to fix something that isn't broken.

Something is *always* broken. OpenBSD *strongly* recommends upgrading
every six months with every release. We give strong impetus for this
by not supporting more than 1 release back. We *expect* everyone to
be keeping up.

 
 3) OpenBSD is only for organizations who have so few servers or so many
 IT folks that re-installing everything from scratch is not inviably
 cumbersome.

Untrue. Many organizations have large number of OpenBSD boxes. A
full manual 'official method' upgrade (including a few hundred
packages!) usually takes me less than twenty minutes, including
backing up the old and new configuration (a.k.a. /etc, /var)
information. Certain *vastly* less time than it ever takes me or
those I watch (giggling) to upgrade any version of Windows and the
packages thereon. And that's including full bore enterprise situations
with outsourcing 'experts', SCM (or whatever MS calls it these
days), multi-gigabit network everywhere, etc.

There are various automated install tools out there too, but not
(yet) officially part of the release.

 
 4) I am oblivious to some upgrade path technique for FOSS operating
 systems.

Merely lacking experience I'd say.

 Ken

 
 Please enlighten me.
 
 Respectfully Submitted,
 R. Toby Richards
 Network Administrator
 Superior Court of California
 In and for the County of San Luis Obispo
 (805) 781-4150

Re: Upgrading OpenBSD

[Ted Unangst]

On Mon, May 21, 2012 at 19:20, Richards, Toby wrote:
 Will pkg_add -ui upgrade between major releases, such as php 5.2.x = 5.3.x?
 When I upgraded OpenBSD 4.9 = 5.0, there was a huge issue because
 it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly
 upgraded to 5.3.x, but the support of both made it nearly
 impossible.

If you had php 5.2 installed on Windows NT, would upgrading to win2k
have upgraded php to 5.3 at the same time?

I think your expectation that upgrading the OS will upgrade the
applications is a little warped, because it's clearly not what happens
with commercial operating systems.

Re: Upgrading OpenBSD

[Richards, Toby]

Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to
OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading
Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 +
IIS 7.0 + ASPDotNet 4.0.

In my experience, the MicroEvil Upgrade works without breaking
any of my web apps. The OpenBSD upgrade gets confused about
Nginx versions and PHP versions. Maybe it gets less confused
if I happen to know about some system variable that describes
the version of PHP that I want.

Granted: I do hold an MCSE certification, but I don't need it.
The upgrade just works. Well... despite occasional BSOD's ;)

I really *really* want to go the BSD path, but it seems
so much more difficult.

Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150

From: Kenneth R Westerback [kwesterb...@rogers.com]
Sent: Monday, May 21, 2012 8:01 PM
To: Richards, Toby
Cc: misc@openbsd.org
Subject: Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote:
 While my question involves other BSD's as well as Linux systems, I am
 asking this here because OpenBSD's philosophy is the most attractive
 to me.

 I've got about 50 servers to manage. OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages? As far as I can
 tell, it does not. I do very much appreciate the technology that has
 come from the OpenBSD project, yet it seems to me that most *free*
 operating systems do not fully support an upgrade path. I can't [fully]
 upgrade from one OpenBSD release to another (unless following STABLE
 gets me from one RELEASE to another, but AFAIK it does not). I cannot
 seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
 re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
 for every version of Mint Linux.

Not really sure what you mean by 'fully' upgrade. Doing the normal
upgrade and then 'pkg_add -ui' does it all for me. It does not
magically upgrade database structures, etc. of course, but what
does?


 The two major commercial operating systems (considered to be evil by
 the FOSS community) easily upgrade from one version to the next. That's
 important in a real-life production environment. In 2001, I upgraded
 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
 without incident. I've had similar experience with all subsiquent
 MicroEvil systems. I do hate MicroEvil, but I can make only limited
 conclusions regarding the upgrade paths of other operating systems:

 1) Your project exists only for the sake of doing the project, and for
 the technologies that it produces (such as OpenSSH).

True, but not relevant to your case I think.


 2) Folks are expected to install a version of OpenBSD, but not upgrade
 because there's no reason to fix something that isn't broken.

Something is *always* broken. OpenBSD *strongly* recommends upgrading
every six months with every release. We give strong impetus for this
by not supporting more than 1 release back. We *expect* everyone to
be keeping up.


 3) OpenBSD is only for organizations who have so few servers or so many
 IT folks that re-installing everything from scratch is not inviably
 cumbersome.

Untrue. Many organizations have large number of OpenBSD boxes. A
full manual 'official method' upgrade (including a few hundred
packages!) usually takes me less than twenty minutes, including
backing up the old and new configuration (a.k.a. /etc, /var)
information. Certain *vastly* less time than it ever takes me or
those I watch (giggling) to upgrade any version of Windows and the
packages thereon. And that's including full bore enterprise situations
with outsourcing 'experts', SCM (or whatever MS calls it these
days), multi-gigabit network everywhere, etc.

There are various automated install tools out there too, but not
(yet) officially part of the release.


 4) I am oblivious to some upgrade path technique for FOSS operating
 systems.

Merely lacking experience I'd say.

 Ken


 Please enlighten me.

 Respectfully Submitted,
 R. Toby Richards
 Network Administrator
 Superior Court of California
 In and for the County of San Luis Obispo
 (805) 781-4150

Re: Upgrading OpenBSD

[Richards, Toby]

Outstanding point. The thing is this: With MS
PHP is clearly distinct from the OS. I go get it
from php.org. With BSD I must rely on the
package system.


Respectfully Submitted,
R. Toby Richards
Network Administrator
Superior Court of California
In and for the County of San Luis Obispo
(805) 781-4150

From: Ted Unangst [t...@tedunangst.com]
Sent: Monday, May 21, 2012 8:41 PM
To: Richards, Toby
Cc: Mike Erdely; misc@openbsd.org
Subject: Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 19:20, Richards, Toby wrote:
 Will pkg_add -ui upgrade between major releases, such as php 5.2.x =
5.3.x?
 When I upgraded OpenBSD 4.9 = 5.0, there was a huge issue because
 it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly
 upgraded to 5.3.x, but the support of both made it nearly
 impossible.

If you had php 5.2 installed on Windows NT, would upgrading to win2k
have upgraded php to 5.3 at the same time?

I think your expectation that upgrading the OS will upgrade the
applications is a little warped, because it's clearly not what happens
with commercial operating systems.

Re: Upgrading OpenBSD

[Peter Laufenberg]

Outstanding point. The thing is this: With MS
PHP is clearly distinct from the OS. I go get it
from php.org. With BSD I must rely on the
package system.

This is taking up a lot of ink; is this a genuine enquiry or a provocation?

Search for Extraneous entries for Visual C++ Standard hotfixes and ponder the 
litany of known issues.

-- p

Nuevo Edificio en Miraflores. publicidad se git

[Siena]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
tintercelular.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
tbiodinamica.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
naferramiento.jpg]

Re: Upgrading OpenBSD

[Matthew Weigel]

On 21.05.2012 22:45, Richards, Toby wrote:

Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to
OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading
Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 +
IIS 7.0 + ASPDotNet 4.0.

In my experience, the MicroEvil Upgrade works without breaking
any of my web apps.


First, can we just call it Microsoft?  Everyone knows what
you're talking about.

Second, can you confirm that you understand you are comparing
the default web stack on Windows with a custom web stack on
OpenBSD?  The default web stack on OpenBSD (although I think it's
changing or it has changed) is Apache + CGI.  What was wrong with
that?

Third, can we agree that if you are choosing to use Nginx and PHP,
you are trying to solve problems that IIS and ASP.Net can't, and
if you are content with IIS and ASP.Net, there was no reason for
you to go out of your way to use Nginx and PHP?  Whether you feel
you have no choice but to use packages... you do, PHP and Nginx
are separate software developed by people not working on OpenBSD.


The OpenBSD upgrade gets confused about
Nginx versions and PHP versions. Maybe it gets less confused
if I happen to know about some system variable that describes
the version of PHP that I want.


http://www.openbsd.org/faq/upgrade50.html#Pkgup

I actually disagree with one of the other responders, that doing
an OS upgrade and running pkg_add -ui is sufficient.  Reading
the upgrade guide painstakingly maintained by the developers, and
following it, is pretty much always your best path.  It's short,
to the point, and not any different from the release notes that
a responsible admin reads when upgrading Windows servers, or
Solaris servers, or hundreds of desktops of any kind.

The problem you describe was called out, emphasized, warned about.
The specific (simple) steps you needed to take to mitigate this
problem were documented, and documented in a place that's been
consistent every six months for 8 years.


Granted: I do hold an MCSE certification, but I don't need it.
The upgrade just works. Well... despite occasional BSOD's ;)


I admit this kind of made me chuckle:
http://www.linkedin.com/pub/toby-richards/37/71a/474
--
 Matthew Weigel
 hacker
 unique  idempot . ent

Re: Upgrading OpenBSD

[Theo de Raadt]

 Outstanding point. The thing is this: With MS
 PHP is clearly distinct from the OS. I go get it
 from php.org. With BSD I must rely on the
 package system.

That is balony.

On OpenBSD, you get PHP yourself, too.

PHP is not part of OpenBSD.

The package tree is a convenience.  If you expect us to take care of
everything (including wiping your bum) you've made a mistake.  Even
Microsoft won't wipe your bum, unless you pay a lot.

To me it sounds like you are used to paying a lot, and now you expect
the same from us, who you don't pay at all.  That is a rude approach.

Re: Upgrading OpenBSD

[Mehma Sarja]

On 5/21/12 9:34 PM, Matthew Weigel wrote:

On 21.05.2012 22:45, Richards, Toby wrote:


Granted: I do hold an MCSE certification, but I don't need it.
The upgrade just works. Well... despite occasional BSOD's ;)


I admit this kind of made me chuckle:
http://www.linkedin.com/pub/toby-richards/37/71a/474

Oy vey,

And this guy holds a degree from Santa Clara Univ? Toby, $40K/ year for 
this?



Mehma

Re: Upgrading OpenBSD

[richardtoohey]

Quoting Richards, Toby toby.richa...@slo.courts.ca.gov:

 Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to
 OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading
 Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 +
 IIS 7.0 + ASPDotNet 4.0.

Errmm, apples and oranges comparison here.

Everything on your Microsoft platform is from errr, one supplier, Microsoft.

Imagine you used PostgreSQL and ColdFusion with Apache running on Windows ...
and then upgraded Windows.  Would ColdFusion upgrade?  PostgreSQL?  Or let's go
back a few years ... would classic ASP automatically upgrade to VB.Net?

Sounds like you like the walled garden approach and it works for you.  So might
be best to stick to it.
 
 In my experience, the MicroEvil Upgrade works without breaking
 any of my web apps. The OpenBSD upgrade gets confused about
 Nginx versions and PHP versions. Maybe it gets less confused
 if I happen to know about some system variable that describes
 the version of PHP that I want.
 
 Granted: I do hold an MCSE certification, but I don't need it.
 The upgrade just works. Well... despite occasional BSOD's ;)
 
 I really *really* want to go the BSD path, but it seems
 so much more difficult.
 
 Respectfully Submitted,
 R. Toby Richards
 Network Administrator
 Superior Court of California
 In and for the County of San Luis Obispo
 (805) 781-4150
 
 From: Kenneth R Westerback [kwesterb...@rogers.com]
 Sent: Monday, May 21, 2012 8:01 PM
 To: Richards, Toby
 Cc: misc@openbsd.org
 Subject: Re: Upgrading OpenBSD
 
 On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote:
  While my question involves other BSD's as well as Linux systems, I am
  asking this here because OpenBSD's philosophy is the most attractive
  to me.
 
  I've got about 50 servers to manage. OpenBSD does have an Upgrade
  option, but does it upgrade the installed packages? As far as I can
  tell, it does not. I do very much appreciate the technology that has
  come from the OpenBSD project, yet it seems to me that most *free*
  operating systems do not fully support an upgrade path. I can't
 [fully]
  upgrade from one OpenBSD release to another (unless following STABLE
  gets me from one RELEASE to another, but AFAIK it does not). I cannot
  seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
  re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
  for every version of Mint Linux.
 
 Not really sure what you mean by 'fully' upgrade. Doing the normal
 upgrade and then 'pkg_add -ui' does it all for me. It does not
 magically upgrade database structures, etc. of course, but what
 does?
 
 
  The two major commercial operating systems (considered to be evil by
  the FOSS community) easily upgrade from one version to the next.
 That's
  important in a real-life production environment. In 2001, I upgraded
  200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
  without incident. I've had similar experience with all subsiquent
  MicroEvil systems. I do hate MicroEvil, but I can make only limited
  conclusions regarding the upgrade paths of other operating systems:
 
  1) Your project exists only for the sake of doing the project, and
 for
  the technologies that it produces (such as OpenSSH).
 
 True, but not relevant to your case I think.
 
 
  2) Folks are expected to install a version of OpenBSD, but not
 upgrade
  because there's no reason to fix something that isn't broken.
 
 Something is *always* broken. OpenBSD *strongly* recommends upgrading
 every six months with every release. We give strong impetus for this
 by not supporting more than 1 release back. We *expect* everyone to
 be keeping up.
 
 
  3) OpenBSD is only for organizations who have so few servers or so
 many
  IT folks that re-installing everything from scratch is not inviably
  cumbersome.
 
 Untrue. Many organizations have large number of OpenBSD boxes. A
 full manual 'official method' upgrade (including a few hundred
 packages!) usually takes me less than twenty minutes, including
 backing up the old and new configuration (a.k.a. /etc, /var)
 information. Certain *vastly* less time than it ever takes me or
 those I watch (giggling) to upgrade any version of Windows and the
 packages thereon. And that's including full bore enterprise situations
 with outsourcing 'experts', SCM (or whatever MS calls it these
 days), multi-gigabit network everywhere, etc.
 
 There are various automated install tools out there too, but not
 (yet) officially part of the release.
 
 
  4) I am oblivious to some upgrade path technique for FOSS operating
  systems.
 
 Merely lacking experience I'd say.
 
  Ken
 
 
  Please enlighten me.
 
  Respectfully Submitted,
  R. Toby Richards
  Network Administrator
  Superior Court of California
  In and for the County of San Luis Obispo
  (805) 781-4150

Re: Upgrading OpenBSD

[Tomas Bodzar]

On Tue, May 22, 2012 at 3:43 AM, Richards, Toby
toby.richa...@slo.courts.ca.gov wrote:
 While my question involves other BSD's as well as Linux systems, I am
 asking this here because OpenBSD's philosophy is the most attractive
 to me.

 I've got about 50 servers to manage. OpenBSD does have an Upgrade
 option, but does it upgrade the installed packages? As far as I can
 tell, it does not. I do very much appreciate the technology that has
 come from the OpenBSD project, yet it seems to me that most *free*
 operating systems do not fully support an upgrade path. I can't [fully]
 upgrade from one OpenBSD release to another (unless following STABLE
 gets me from one RELEASE to another, but AFAIK it does not). I cannot
 seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must
 re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and
 for every version of Mint Linux.

OpenBSD is only one free OS which supports full upgrade path without
issues (confirmed with practice and use of various OS including
Windows/Mac) and it's unbelievable easy and quick:

1) Upgrade base OS (from ISO or booting from bsd.rd)
2) reboot
3) sysmerge(8) step
4) upgrade.html
5) pkg_add -ui


 The two major commercial operating systems (considered to be evil by
 the FOSS community) easily upgrade from one version to the next. That's
 important in a real-life production environment. In 2001, I upgraded
 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000
 without incident. I've had similar experience with all subsiquent
 MicroEvil systems. I do hate MicroEvil, but I can make only limited
 conclusions regarding the upgrade paths of other operating systems:

If you are used to one platform for years then any other OS is hard
from start ;-) Because you don't know proper tools/steps which leads
you to thinking that those OSs are wrong.


 1) Your project exists only for the sake of doing the project, and for
 the technologies that it produces (such as OpenSSH).

No it exists because devs need such an OS and a lot of us too. BTW a
lot of other projects/companies is using fruit from OpenBSD like
security technologies, OpenSSH, code, tmux, pf (look at Mac and other
BSDs ;-) and so on.


 2) Folks are expected to install a version of OpenBSD, but not upgrade
 because there's no reason to fix something that isn't broken.

Wrong. Folks are expected mostly to run current. If not then use
supported releases. If they are not then they are on their own field.


 3) OpenBSD is only for organizations who have so few servers or so many
 IT folks that re-installing everything from scratch is not inviably
 cumbersome.

Fail. See eg. http://www.undeadly.org/cgi?action=articlesid=20110420080633
, there's more, but some of the uses can't be spoken up openly ;-)


 4) I am oblivious to some upgrade path technique for FOSS operating
 systems.

See my 5 points above or download current sources and build current
version (instead of point 1.)
http://www.openbsd.org/cgi-bin/man.cgi?query=releaseapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html
. It's quick anyway on modern HW.


 Please enlighten me.

 Respectfully Submitted,
 R. Toby Richards
 Network Administrator
 Superior Court of California
 In and for the County of San Luis Obispo
 (805) 781-4150