Re: new kind of info organizer, on OpenBSD: OneModel
On 01/28/16 02:41, Craig Skinner wrote: > Have a dig about /usr/ports/productivity/ > > I use taskwarrior, which has tasksh. Thanks for the tip. Maybe I'm presenting OneModel in the wrong way. Its vision is much bigger than task management, but I'm not sure how to best make that clear to the right audience. *The vision is this: mankind's knowledge is not well-organized as a whole. I want to see us to fix that, so I have created a plan* which has seemed worth trying, that goes something like this: 1) Create a simple tool for a knowledge base, that uses the necessary principles of organizing atomic *knowledge as an object model* (not mere todos, or predefined anything, or even very-efficient piles of text), and use it as my own organizer [DONE FOR NOW] 2) Pitch it as a GTD thing, since it can also do that, to the kind of people who use org-mode (or taskwarrior), to get some traction and build a community [JUST INITIATING THIS, THOUGH OTHER PRODUCTS ARE MORE MATURE FOR THIS NARROW PART OF THE WHOLE PURPOSE.] 3) Take it to the next levels of broad computable knowledge-related collaboration which include: 3a) cloud support 3b) allow easily attaching code to classes of these structured entities (or nodes in the graph) for computation and custom extensions of the base product: adds very powerful capabilities. I can largely see the code & implementation for this, just need time/bandwidth (money). 3c) sharing OM data (or knowledge) including custom code across instances: letting one OM instance subscribe to changes, link to, or copy things from another model. Making it so easy that people start sharing data between their instances (sort of like gopher + evernote + wikipedia, only computable & more powerful & flexible, and Free, under individual or group control). This requires some work that also seems very exciting to do. Remember these are models of knowledge, like wiki content in a *computable* graph database, but without the limitations of using human language as the primary structure for data on which to do computation. This will take work and time. So to fund dev time on it there's the possibility of selling binaries, or re-sell amazon db storage facilities, or other Free-software business models as discussed elsewhere. But this works most easily if it can be compelling enough in its current form, to build a community of devs and/or users around the Free code and compete with existing tools that have many devs and time in them already. I think OM could be great for some users, but... H. 4) Other work like user friendliness for non-nerds, mobile, make it known to a much wider audience, etc. So a current hurdle seems to be to build a community or validation base, for the vision, who can use the current feature set, while the hopefully more broadly impactful stuff gets developed. Thanks again for your earlier comment! The invitation for feedback, suggestions, or to read more about OM & its vision (like what I mean by "computable"), try it out, & participate on http://onemodel.org site mailing lists also remains. :) Best regards, Luke
implementing circular queue for tcpdump logging
Hi folks, Something I've done on other platforms e.g on a firewall is have tcpdump running and logging to disk. You know ahead of time how much disk space to allocate to this task, and there are command line options on tcpdump that you can adjust to accomplish this. So it will always occupy that known amount of space, and you know that you have the last X hours of traffic logged. Basically use the option to change to a new log file as soon as it hits size X, combined with the option to limit the number of log files to Y. Has anyone done something like this with OpenBSD? I don't see anything obvious and was wondering what others might have done to accomplish this. Perhaps some kind of wrapper script ... thanks, -Alan -- "You should sit in nature for 20 minutes a day. Unless you are busy, then you should sit for an hour" - Zen Proverb
Re: ipsec between three networks
for us, ospf works fine. and in our testing, bgp was much slower to respond to network events. each of our sites has a pair of openbsd boxes clustered via carp. each site has two different isps. this adds up to quite a few different paths to/from each site. on multiple occasions, we've received calls from our providers regarding outages on isp links that we use by default (weighted via ospf) that we weren't yet aware of because ospf just worked as it should have and nobody had noticed. of course, we now monitor such things, but the point is that ospf has been great for us in this configuration. On Thu, Jan 28, 2016 at 2:30 AM, mxbwrote: > OSPF is not right protocol if you scale to more than 3 sites and want > influence routing. > BGP will do a better job in this situation. > > On 27 jan. 2016, at 03:39, Dewey Hylton wrote: > > my current working configuration has 3 sites; each site is connected to the > others, and routing is handled via ospfd.
Re: implementing circular queue for tcpdump logging
syslog has memory buffer that rotates. (:name:size) pflogd can log, tcpump | logger is you want something else problem solved. On Thu, Jan 28, 2016 at 10:03 AM, Alan McKaywrote: > Hi folks, > > Something I've done on other platforms e.g on a firewall is have > tcpdump running and logging to disk. You know ahead of time how much > disk space to allocate to this task, and there are command line > options on tcpdump that you can adjust to accomplish this. So it will > always occupy that known amount of space, and you know that you have > the last X hours of traffic logged. Basically use the option to > change to a new log file as soon as it hits size X, combined with the > option to limit the number of log files to Y. > > Has anyone done something like this with OpenBSD? I don't see > anything obvious and was wondering what others might have done to > accomplish this. Perhaps some kind of wrapper script ... > > thanks, > -Alan > > -- > "You should sit in nature for 20 minutes a day. > Unless you are busy, then you should sit for an hour" > - Zen Proverb > > -- - () ascii ribbon campaign - against html e-mail /\
Re: bandwidth usage limits with pf, etc.
I was using trafshow from ports, it is not so geeky but it works. Maybe there are better tools.
Re: can't run multiple instances of httpd, flags not visible in processes
Hi, Antoine Jacoutot wrote on Thu, Jan 28, 2016 at 10:41:52AM +0100: > As mentioned in another thread already: > # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2 > Then use mydaemon2_flags ... in rc.conf.local. This seems to be a recurring user question. Do you consider this addition useful? I think rcctl(8) is the best place to document it because that's the highest level user interface and "How do i run multiple copies of a daemon?" is a very high-level user question, while rc.d(8) and rc.conf(8) document lower, more technical levels. I'd love to make the example more specific and document an actual use case that frequently occurs in practice, but even though many have said that such cases do occur, i can't think of any. For example, for httpd(8), it looks like all use cases can be solved by running one copy and using "server ... { ... }" well in httpd.conf(5). So, if anybody can describe a specific use case to make the example better, that's quite welcome. I certainly don't want an example in the style of # ln -s httpd httpd2 That's a terrible name. The next admin coming along will have no clue what this second httpd is needed for. Yours, Ingo Index: rcctl.8 === RCS file: /cvs/src/usr.sbin/rcctl/rcctl.8,v retrieving revision 1.26 diff -u -p -r1.26 rcctl.8 --- rcctl.8 24 Oct 2015 17:08:36 - 1.26 +++ rcctl.8 28 Jan 2016 17:39:13 - @@ -193,6 +193,18 @@ ntpd_user=root # echo $? 0 .Ed +.Pp +The recommended way to run a second copy of a given daemon for a +different purpose is to create a symbolic link to its +.Xr rc.d 8 +control script: +.Bd -literal -offset indent +# cd /etc/rc.d/ +# ln -s httpd httpd_purpose +# rcctl set httpd_purpose flags -some options ... +# rcctl set httpd_purpose status on +# rcctl start httpd_purpose +.Ed .Sh SEE ALSO .Xr rc.conf.local 8 , .Xr rc.d 8
Re: can't run multiple instances of httpd, flags not visible in processes
On 2016-01-28, Ingo Schwarzewrote: > I'd love to make the example more specific and document an actual > use case that frequently occurs in practice, but even though many > have said that such cases do occur, i can't think of any. For > example, for httpd(8), it looks like all use cases can be solved > by running one copy and using "server ... { ... }" well in > httpd.conf(5). So, if anybody can describe a specific use case to > make the example better, that's quite welcome. Here's one use case - it might not be super-common, but it can't be solved another way by the system administrator. snmpd can only bind to one address, so to use it for both v4 and v6 need to run it twice with different configurations; so you can use this in the config file: addr="192.0.2.1" listen on $addr And for the second copy, snmpd_v6_flags="-D addr=2001:db8::1234". > I certainly don't want an example in the style of > > # ln -s httpd httpd2 > > That's a terrible name. The next admin coming along will have no > clue what this second httpd is needed for. Indeed, and the particular example of httpd2 would give us even more confusion between base httpd and Apache httpd than we already have.
Re: Computer hangup : scsi_xfer pool exhausted!
On Wed, Jan 27, 2016 at 10:31:28AM +, Sébastien Morand wrote: Hello Sébastien, > I have a computer hanging up every 4/5 days. It's no more accessible by > network and keyboard is not responding. The only message displayed in > console log is "scsi_xfer pool exhausted!" which is documented by : I see this too, though less frequently, perhaps every couple of weeks or so. There appears to be no clear pattern about when the machine suddenly locks like this (X shuts down, I'm dumped in the console, and see the above message; though the keyboard sort-of works, in the sense that key presses are echoed back, no commands can be executed nor can I login; I can't power the machine off in any nice way; instead I have to hard power the machine off), which makes filing a bug report hard. Laurie -- Personal http://tratt.net/laurie/ Software Development Teamhttp://soft-dev.org/ https://github.com/ltratt http://twitter.com/laurencetratt OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8476475392 (8083MB) avail mem = 8215384064 (7834MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb170 (52 entries) bios0: vendor Intel Corp. version "BLH6710H.86A.0160.2012.1204.1156" date 12/04/2012 bios0: TranquilPC IXL acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC SSDT MCFG HPET acpi0: wakeup devices PS2K(S3) PS2M(S3) UAR1(S3) P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) GBE_(S4) BR20(S3) EUSB(S3) USBE(S3) PEX0(S4) BR21(S4) PEX1(S4) PEX2(S4) PEX3(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2794.12 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2793.65 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2793.65 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2793.65 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus -1 (P0P2) acpiprt3 at acpi0: bus -1 (P0P3) acpiprt4 at acpi0: bus -1 (P0P4) acpiprt5 at acpi0: bus 1 (PEX0) acpiprt6 at acpi0: bus -1 (BR21) acpiprt7 at acpi0: bus 2 (PEX1) acpiprt8 at acpi0: bus -1 (PEX2) acpiprt9 at acpi0: bus -1 (PEX3) acpiprt10 at acpi0: bus -1 (PEX4) acpiprt11 at acpi0: bus -1 (PEX5) acpiprt12 at acpi0: bus -1 (PEX6) acpiprt13 at acpi0: bus -1 (PEX7) acpicpu0 at acpi0 0x800a4008 cnt:01 stk:00 package: 06 0x800a3a88 cnt:01 stk:00 integer: 6 0x8009fc08 cnt:01 stk:00 integer: 0 0x800a4d88 cnt:01 stk:00 integer: 0 0x800a4d08 cnt:01 stk:00 integer: fe 0x800a1508 cnt:01 stk:00 integer: 2 0x800a1308 cnt:01 stk:00 integer: 2 CSD r=0 d=0 c=fe n=2 i=2 : C3(350@104 mwait.3@0x20), C2(500@80 mwait.3@0x10), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0 0x8009f188 cnt:01 stk:00 package: 06 0x8009f308 cnt:01 stk:00 integer: 6 0x800a1a08
Re: can't run multiple instances of httpd, flags not visible in processes
> # ln -s httpd httpd2 > > That's a terrible name. The next admin coming along will have no Duh, I was just making a point. > clue what this second httpd is needed for. As I said, I thing it'd be a worthful addition to the doc indeed. However I don't think this should go into rcctl. "I should document that" is what I wrote iirc; and I will. httpd is not a good example anyway. Something like snmpd might. Please give me a couple of days and I'll send a diff. Thanks. -- Antoine
Re: [SOLVED] with pain / was: APU2 WLE200NX ATHN0: Device timeout
On 2016-01-27, Kapfhammer, Stefanwrote: > thanks for all the hints with the WiFi problem on an > (beta testing) APU2b4 with a Compex WLE200NX > wireless mini PCIE card. [..] > > At the time I bought the board, the mSATA SSD, WiFi card, pigtails and > dual antennas, PCengines had the information that I want to > run OpenBSD on it. But no word, that at this time, the combination won't > work. If it was expected to work fully, it wouldn't be called "beta testing"..
Re: Squid slow in connecting to SSL
On 2016-01-28, Kim Zeitlerwrote: > currently I try to solve the phenomenon, that certain SSL sites are slow > when accessed via squid on OpenBSD. Mostly ownCloud in my case as well > as several web shops. The login screen alone taking minutes to load. I'm not seeing that here (squid 3.5.13 and squidclamav from packages on recent -current, in front of a handful of Windows boxes and 30-odd OpenBSD/GNOME/Chromium/LibreOffice workstations). Need more information. If it's consistent for certain sites, which sites? Have you looked in logs etc? > The current configuration is squid-ldap(3.5.13) from packages on > -current running on a KVM host as VM (4 cores, 2GB RAM, virtio HDD and NIC) That seems a bit low RAM for Squid, but I doubt that's the problem for TLS sites which will just be CONNECT tunnels unless you've made a lot more config changes than you mentioned.
Re: can't run multiple instances of httpd, flags not visible in processes
On Thu, Jan 28, 2016 at 06:52:18PM +0100, Ingo Schwarze wrote: > Hi, > > Antoine Jacoutot wrote on Thu, Jan 28, 2016 at 10:41:52AM +0100: > > > As mentioned in another thread already: > > # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2 > > Then use mydaemon2_flags ... in rc.conf.local. > > This seems to be a recurring user question. > > Do you consider this addition useful? > > I think rcctl(8) is the best place to document it because that's > the highest level user interface and "How do i run multiple copies > of a daemon?" is a very high-level user question, while rc.d(8) > and rc.conf(8) document lower, more technical levels. > > I'd love to make the example more specific and document an actual > use case that frequently occurs in practice, but even though many > have said that such cases do occur, i can't think of any. For > example, for httpd(8), it looks like all use cases can be solved > by running one copy and using "server ... { ... }" well in > httpd.conf(5). So, if anybody can describe a specific use case to > make the example better, that's quite welcome. > > I certainly don't want an example in the style of > > # ln -s httpd httpd2 > > That's a terrible name. The next admin coming along will have no > clue what this second httpd is needed for. > In the httpd case I would consider a split horizon setup with internal and external httpd as a kind of common setup. So ln -s httpd httpd_internal could make sense to me. > Yours, > Ingo > > > Index: rcctl.8 > === > RCS file: /cvs/src/usr.sbin/rcctl/rcctl.8,v > retrieving revision 1.26 > diff -u -p -r1.26 rcctl.8 > --- rcctl.8 24 Oct 2015 17:08:36 - 1.26 > +++ rcctl.8 28 Jan 2016 17:39:13 - > @@ -193,6 +193,18 @@ ntpd_user=root > # echo $? > 0 > .Ed > +.Pp > +The recommended way to run a second copy of a given daemon for a > +different purpose is to create a symbolic link to its > +.Xr rc.d 8 > +control script: > +.Bd -literal -offset indent > +# cd /etc/rc.d/ > +# ln -s httpd httpd_purpose > +# rcctl set httpd_purpose flags -some options ... > +# rcctl set httpd_purpose status on > +# rcctl start httpd_purpose > +.Ed > .Sh SEE ALSO > .Xr rc.conf.local 8 , > .Xr rc.d 8 > -- :wq Claudio
Solved. Daily cron error in 5.7
Hello, I found the trick, it's not a system message, but a message of another server sent erroneously. Because my OpenBSD is a mail server. Sorry and thanks. Il 28/01/2016 10:22, Marcus MERIGHI ha scritto: > luis...@tin.it (giacomo), 2016.01.26 (Tue) 20:17 (CET): >> On 25.01.16, 13:02, Craig Skinner wrote: >>> Hi Luciano, >>> >>> On 2016-01-24 Sun 19:52 PM |, Luciano wrote: run-parts: /etc/cron.daily/logrotate exited with return code 1 >>>^ ^ what are these? >> I don't know. I search in the old configuration of crontab. >> >>> $ man run-parts >>> man: no entry for run-parts in the manual. >> Yes, It's strange for me also. > I think it's not strange: > > $ locate run-parts > (no output) > $ pkg_locate run-parts > (no output) > $ ls /etc/cron.daily > ls: /etc/cron.daily: No such file or directory > > It's not in base and not in ports, how did run-parts get onto your > system? > > Nice catch, Craig, btw. > > Bye, Marcus > >> !DSPAM:56a9278f325018862815584!
Re: implementing circular queue for tcpdump logging
Has anyone done something like this with OpenBSD? I don't see anything obvious and was wondering what others might have done to accomplish this. Perhaps some kind of wrapper script ... We had the same issue a couple of months ago. I just brought over the tcpdump source from FreeBSD and compiled that. It supports capture file rotation based on time or file size.
Re: can't run multiple instances of httpd, flags not visible in processes
On Thu, Jan 28, 2016 at 06:52:18PM +0100, Ingo Schwarze wrote: > Hi, > > Antoine Jacoutot wrote on Thu, Jan 28, 2016 at 10:41:52AM +0100: > > > As mentioned in another thread already: > > # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2 > > Then use mydaemon2_flags ... in rc.conf.local. > > This seems to be a recurring user question. > > Do you consider this addition useful? > > I think rcctl(8) is the best place to document it because that's > the highest level user interface and "How do i run multiple copies > of a daemon?" is a very high-level user question, while rc.d(8) > and rc.conf(8) document lower, more technical levels. > > I'd love to make the example more specific and document an actual > use case that frequently occurs in practice, but even though many > have said that such cases do occur, i can't think of any. For > example, for httpd(8), it looks like all use cases can be solved > by running one copy and using "server ... { ... }" well in > httpd.conf(5). So, if anybody can describe a specific use case to > make the example better, that's quite welcome. I'm running several instances of dhcrelay because I can only specify one "-i if" option. The example could look like this: # ln -s dhcrelay dhcrelay_vlan2 # ln -s dhcrelay dhcrelay_vlan3 # rcctl set dhcrelay_vlan2 flags -i vlan2 10.0.0.2 # rcctl set dhcrelay_vlan3 flags -i vlan3 10.0.0.2 > > I certainly don't want an example in the style of > > # ln -s httpd httpd2 > > That's a terrible name. The next admin coming along will have no > clue what this second httpd is needed for. > > Yours, > Ingo > > > Index: rcctl.8 > === > RCS file: /cvs/src/usr.sbin/rcctl/rcctl.8,v > retrieving revision 1.26 > diff -u -p -r1.26 rcctl.8 > --- rcctl.8 24 Oct 2015 17:08:36 - 1.26 > +++ rcctl.8 28 Jan 2016 17:39:13 - > @@ -193,6 +193,18 @@ ntpd_user=root > # echo $? > 0 > .Ed > +.Pp > +The recommended way to run a second copy of a given daemon for a > +different purpose is to create a symbolic link to its > +.Xr rc.d 8 > +control script: > +.Bd -literal -offset indent > +# cd /etc/rc.d/ > +# ln -s httpd httpd_purpose > +# rcctl set httpd_purpose flags -some options ... > +# rcctl set httpd_purpose status on > +# rcctl start httpd_purpose > +.Ed > .Sh SEE ALSO > .Xr rc.conf.local 8 , > .Xr rc.d 8
Re: rc.d and rtable
27 Ñнв. 2016 г. 21:29 полÑзоваÑÐµÐ»Ñ "Jiri B"напиÑал: > > On Wed, Jan 27, 2016 at 01:40:14PM +0100, Antoine Jacoutot wrote: > > On Wed, Jan 27, 2016 at 06:47:57AM -0500, Jiri B wrote: > > > Would it be worth to extend rc.d for rtable knobs? > > > > > > - daemon_rtable varible > > > - rc_* functions (route exec, pgrep/pkill -T $rtable...) > > > > > > Or are routing tables not much used thus not worth to make > > > rc.d more complicated? > > > > There has been several discussions about this. No decision made though. > > If you can find a nice way to implement it, I can have a look. > > rc.d framework is so nice... not sure if this is nice way but it > works. Maybe check for existing rtable is not great. The code looks like more or less fine (I'll do a more careful review a bit later), but there are documentation bits missing. -- Vadim Zhukov
Re: rc.d and rtable
On Thu, Jan 28, 2016 at 11:27:40AM +0300, Vadim Zhukov wrote: > [...] > The code looks like more or less fine (I'll do a more careful review a bit > later), but there are documentation bits missing. That was a POC, anyway I'm not very familiar with mandoc :/ j.
Re: can't run multiple instances of httpd, flags not visible in processes
On Wed, Jan 27, 2016 at 10:51:50PM +0100, Reyk Floeter wrote: > > Well, we "tradionally" had setproctitle("[priv]") in the parent. I > changed the tradition to setproctitle("parent"). > > I have no objections with changing this in the parent (but keeping the > setproctitles in the children) to either the default (all command line > flags) or to something like setproctitle("parent, %s", conffile). > Command line flags suck and I don't think that -d or -v would be > helpful in the output, so I prefer the latter. > > All rc scripts would have to be adjusted by somebody with better rc-fu. > > Opinions? > another option would be to call setproctitle() only in the child processes (or processes you're not supposed to kill), that's what we do for sndiod to allow multiple instances to run allowing the user to kill the right one: $ ps ax |grep sndiod 14501 ?? Ssp 0:00.00 sndiod: helper (sndiod) 32743 ?? S
Re: can't run multiple instances of httpd, flags not visible in processes
On Thu, Jan 28, 2016 at 09:49:32AM +0100, Alexandre Ratchov wrote: > $ ps ax |grep sndiod > 14501 ?? Ssp 0:00.00 sndiod: helper (sndiod) ^^ excuse my ignorance but what's purpose of repeating daemon name in brackets? j.
Re: can't run multiple instances of httpd, flags not visible in processes
> Fine, this is what I suggested as the first option. > > But let's do it everywhere and not just for httpd - > don't use setproctitle in the parent process. > > It does make sense for many more privsep daemons, especially in combination > with rdomains (ntpd, iked, …). bgpd would probably not need it, but it does > not harm > and I'd prefer to change it for consistency (please don't forget that we try > to keep > the daemons synced somehow - it's an ecosystem). I couldn't agree more. -- Antoine
Re: Daily cron error in 5.7
luis...@tin.it (giacomo), 2016.01.26 (Tue) 20:17 (CET): > On 25.01.16, 13:02, Craig Skinner wrote: > > Hi Luciano, > > > > On 2016-01-24 Sun 19:52 PM |, Luciano wrote: > > > run-parts: /etc/cron.daily/logrotate exited with return code 1 > > ^ ^ what are these? > I don't know. I search in the old configuration of crontab. > > > > > $ man run-parts > > man: no entry for run-parts in the manual. > Yes, It's strange for me also. I think it's not strange: $ locate run-parts (no output) $ pkg_locate run-parts (no output) $ ls /etc/cron.daily ls: /etc/cron.daily: No such file or directory It's not in base and not in ports, how did run-parts get onto your system? Nice catch, Craig, btw. Bye, Marcus > !DSPAM:56a9278f325018862815584!
Re: rc.d and rtable
On Wed, Jan 27, 2016 at 09:47:04PM +0100, Antoine Jacoutot wrote: > > > rc.d framework is so nice... not sure if this is nice way but it > > > works. Maybe check for existing rtable is not great. > > > > If I see this correctly you add a foo_rtable variable to rc.conf.local. > > I think there is some drawback to this solution. > > You can only have one daemon running in one rtable at a time > > I often run things like sshd in multiple rtables / rdomains in which > > case I would have to copy the sshd rc.d script and fiddle a bit here and > > You don't have to copy it, just link it (so you get updates to the original > script) and add ssht2, ssht3... to pkg_scripts. > But yeah, it's not an obvious road and that's why I warned not to hold any > breath ;-) > > > there. I would prefer if we would have a rc.conf file specific for a > > rtable. Also it is not possible to start daemons with different flags. > > Hmm. Can you extend on that? > We should be able to make something like this work: > > # ln -s /etc/rc.d/sshd /etc/rc.d/sshdt2 > # rcctl enable ssht2 > # rcctl set ssht2 flags -f /etc/ssh/wunder_config Aha, that is what I was looking for. So if this works I'm totally happy :) Didn't know that you can just symlink rc scripts and everything will work. > > Non the less I think this is a move in the right direction. > > It is. It's basically the last obvious situation rc.d does not handle besides > what was mentioned today (multiple httpd, relayd, ...). > Good thing we have rc.local ;-) This is what I currently do and I tend to forget about it and restart stuff in the wrong rdomain. > Anyway, I've been pretty busy lately but I think that's something I'd like to > investigate during our upcoming hackathon a couple months from now (it's too > late for this release anyway). > I will for sure give this a try on my rdomain-ed firewall at home. -- :wq Claudio
Re: rc.d and rtable
On Thu, Jan 28, 2016 at 03:50:33AM -0500, Jiri B wrote: > On Thu, Jan 28, 2016 at 11:27:40AM +0300, Vadim Zhukov wrote: > > [...] > > The code looks like more or less fine (I'll do a more careful review a bit > > later), but there are documentation bits missing. > > That was a POC, anyway I'm not very familiar with mandoc :/ Don't worry about it for now. I'll move this to its next step but as I mentioned, this is a bit late to make it into 5.9. rc.d is nice and simple indeed but there are some corner cases here and there and I don't want to introduce any regression at this point. Thanks Jiri. -- Antoine
Re: can't run multiple instances of httpd, flags not visible in processes
When this goes implemented, how will one start/stop/reload/check the single instance or all instances through /etc/rc.d/ ?
Squid slow in connecting to SSL
Hello all currently I try to solve the phenomenon, that certain SSL sites are slow when accessed via squid on OpenBSD. Mostly ownCloud in my case as well as several web shops. The login screen alone taking minutes to load. I tested this also with squid running on a debian vm showing no problems at all. The current configuration is squid-ldap(3.5.13) from packages on -current running on a KVM host as VM (4 cores, 2GB RAM, virtio HDD and NIC) My squid.cfg is basically the default except for setting $localnet bit stricter. Any help is much appreciated Cheers Kim
Re: can't run multiple instances of httpd, flags not visible in processes
On 2016/01/28 08:50, Reyk Floeter wrote: > > On 27.01.2016, at 23:31, Stuart Hendersonwrote: > > > > This does the trick. It probably doesn't make sense to run multiple > > copies of all of the privsep daemons though I see definite use cases > > for httpd, snmpd [v4 and v6 need separate daemons], and possibly some > > others, but it would be better to keep them all in-sync.. > > > > Fine, this is what I suggested as the first option. > > But let's do it everywhere and not just for httpd - > don't use setproctitle in the parent process. > > It does make sense for many more privsep daemons, especially in combination > with rdomains (ntpd, iked, …). bgpd would probably not need it, but it does not harm > and I'd prefer to change it for consistency (please don't forget that we try to keep > the daemons synced somehow - it's an ecosystem). Yes exactly, that's why I said "it would be better to keep them all in-sync", but no point writing a diff for the 13 daemons which do the same thing (and figuring out what to do with the other not-quite-similar ones, if anything) unless we are agreed on the direction.
Re: can't run multiple instances of httpd, flags not visible in processes
On Thu, Jan 28, 2016 at 10:29:56AM +0100, Paolo Aglialoro wrote: > When this goes implemented, how will one start/stop/reload/check the single > instance or all instances through /etc/rc.d/ ? You'll have a different rc.d script and associated rc.conf variables for each of your instances. Actually not really a "different" rc.d script, just a link to the original one which already works for daemons that properly display their args in the process list. As mentioned in another thread already: # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2 Then use mydaemon2_flags ... in rc.conf.local. -- Antoine
Re: new kind of info organizer, on OpenBSD: OneModel
Hi Luke, On 2016-01-27 Wed 18:20 PM |, luke call wrote: > > If you've ever used emacs org-mode, to-do list programs or the like, > this might be of interest. Have a dig about /usr/ports/productivity/ I use taskwarrior, which has tasksh. Cool. -- http://www.taskwarrior.org/
Re: can't run multiple instances of httpd, flags not visible in processes
On Thu, Jan 28, 2016 at 10:45:31AM +0100, Kamil Cholewiński wrote: > On Thu, 28 Jan 2016, Paolo Aglialorowrote: > > When this goes implemented, how will one start/stop/reload/check the single > > instance or all instances through /etc/rc.d/ ? > > I hate to repeat myself, but runit solves all of these problems cleanly, > with no need for ps grepping, with no patches in the daemons necessary, > and with minimal setup. > > sv restart /var/services/httpd1 > sv restart /var/services/httpd2 I don't see why we wouldn't want to properly fix this in rc.d which is in base in the first place. It's alright to use an external service supervisor when there's a very specific need, but in this case I see no reason for it. -- Antoine
Re: can't run multiple instances of httpd, flags not visible in processes
On Thu, 28 Jan 2016, Paolo Aglialorowrote: > When this goes implemented, how will one start/stop/reload/check the single > instance or all instances through /etc/rc.d/ ? I hate to repeat myself, but runit solves all of these problems cleanly, with no need for ps grepping, with no patches in the daemons necessary, and with minimal setup. sv restart /var/services/httpd1 sv restart /var/services/httpd2
Re: rc.d and rtable
> > # ln -s /etc/rc.d/sshd /etc/rc.d/sshdt2 > > # rcctl enable ssht2 > > # rcctl set ssht2 flags -f /etc/ssh/wunder_config > > Aha, that is what I was looking for. So if this works I'm totally happy :) > Didn't know that you can just symlink rc scripts and everything will work. Yeah, this was done at c2k15 :-) http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr?rev=1.99=text/x-cvsweb-markup Maybe I should document that; it's a recurrent question. -- Antoine
Re: can't run multiple instances of httpd, flags not visible in processes
Thu, 28 Jan 2016 18:52:18 +0100 Ingo Schwarze> I'd love to make the example more specific and document an actual > use case that frequently occurs in practice, but even though many > have said that such cases do occur, i can't think of any. I have this use case, and have not found quickly a better solution but to copy manually the script in /etc/rd.d for tftpd to tftpd2 and invoke them separately with different tftpd_flags and tftpd2_flags set in rc.conf.local(8), maybe out of ignorance. Does network boot multiple archs from the same serving multi-homed (different IP addresses same sub-network) system require multiple instances of the tftpd(8) or can it serve multiple directories on different IP addresses with one running instance?
"Available disks are: none" on Sony Vaio SVZ13115GGXI
This laptop has 2 x Samsung 128 GB SSD drives and a RAID controller which reports as "Intel Rapid Storage Technology (Option ROM version 11.0.0.1339)". OpenBSD 5.7, 5.8 and current (20160125) installers each report "Available disks are: None". Available system BIOS settings (XHCI Mode, Execute Bit Capability) and RAID BIOS settings (non-RAID, RAID) have been toggled without success. Windows recovery was used to upgrade the system BIOS to the latest available version, R0092C6. The prior version (R0091C6) behaved the same. Linux and FreeBSD detect the drives and permit partitioning. dmesg output from both OpenBSD and FreeBSD are below. Any suggestions appreciated. Thanks === OpenBSD 5.9-beta (RAMDISK_CD) #1696: Mon Jan 25 19:16:37 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD RTC BIOS diagnostic error 80 real mem = 8465932288 (8073MB) avail mem = 8207634432 (7827MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6960 (18 entries) bios0: vendor Insyde Corp. version "R0091C6" date 05/07/2012 bios0: Sony Corporation SVZ13115GGXI acpi0 at bios0: rev 2 acpi0: tables DSDT FACP TCPA UEFI ASF! HPET APIC MCFG SLIC WDAT SSDT BOOT SSDT ASPT FPDT SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz, 2095.54 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X SAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (RP01) acpiprt2 at acpi0: bus 3 (RP02) acpiprt3 at acpi0: bus 5 (RP04) acpiprt4 at acpi0: bus 8 (RP07) acpiprt5 at acpi0: bus -1 (PEG0) acpiec0 at acpi0 acpisony at acpi0 not configured acpicpu at acpi0 not configured acpitz at acpi0 not configured acpibat at acpi0 not configured acpibat at acpi0 not configured acpiac at acpi0 not configured acpibtn at acpi0 not configured acpibtn at acpi0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09 wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) "Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 0 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi pci1 at ppb0 bus 2 iwn0 at pci1 dev 0 function 0 "Intel Centrino Advanced-N 6235" rev 0x24: msi, MIMO 2T2R, AGN, address c4:85:08:a1:a1:f8 ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi pci2 at ppb1 bus 3 rtsx0 at pci2 dev 0 function 0 "Realtek RTS5209 Card Reader" rev 0x01: msi sdmmc0 at rtsx0 ppb2 at pci0 dev 28 function 3 "Intel 7 Series PCIE" rev 0xc4: msi pci3 at ppb2 bus 5 re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x07: RTL8168E/8111E-VL (0x2c80), msi, address 54:53:ed:1c:10:4d rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 5 ppb3 at pci0 dev 28 function 6 "Intel 7 Series PCIE" rev 0xc4: msi pci4 at ppb3 bus 8 ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 0 int 20 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel HM77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured pciide0 at pci0 dev 31 function 2 "Intel 82081HBM RAID" rev 0x04: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using apic 0 int 22 for native-PCI interrupt "Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured isa0 at mainbus0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay1 uhub2 at uhub0 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2 "vendor 0x08ff Fingerprint Sensor" rev 2.00/25.01 addr 3 at uhub2 port 1 not configured "vendor 0x8087 product 0x07da" rev 2.00/78.69 addr 4 at uhub2 port 2 not configured "1458529110CR48AR USB2.0 Camera" rev 2.00/0.12 addr 5 at uhub2 port 3 not configured uhub3 at uhub1 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2 umass0 at uhub3 port 1 configuration 1 interface 0 "USB Flash Disk" rev 2.00/2.00 addr 3 umass0: using SCSI over Bulk-Only scsibus0 at umass0:
No more proxy on ftp(1)?
Hi, I just did the upgrade to 5.9 -current and found that socks connections don't work for ftp(1) and, of course, the perl scripts using it (pkg_add). Is this a expected behaviour? I'm using the "torsocks" wrapper to force socks to localhost:9050. This have something to do with new pledge privsep?
Re: new kind of info organizer, on OpenBSD: OneModel
On 2016 Jan 28 (Thu) at 08:56:18 -0700 (-0700), luke call wrote: :On 01/28/16 02:41, Craig Skinner wrote: :> Have a dig about /usr/ports/productivity/ :> :> I use taskwarrior, which has tasksh. : :Thanks for the tip. Maybe I'm presenting OneModel in the wrong :way. Its vision is much bigger than task management, but I'm not sure :how to best make that clear to the right audience. : This is very offtopic. If you have a port you would like to submit, please generate one and send it to ports@. Please do not use OpenBSD mailing lists for advertising your product. -- Oh, wow! Look at the moon!
Re: implementing circular queue for tcpdump logging
On Thu, Jan 28, 2016 at 10:31 AM, sven falempinwrote: > syslog has memory buffer that rotates. (:name:size) > pflogd can log, tcpump | logger is you want something else > > problem solved. Thanks. I should have thought of pflogd! Looks like a modification of the standard OpenBSD technique to shoot that into syslog will work. -- "You should sit in nature for 20 minutes a day. Unless you are busy, then you should sit for an hour" - Zen Proverb
Re: No more proxy on ftp(1)?
On 2016-01-29, arrowscr...@mail.comwrote: > Hi, > I just did the upgrade to 5.9 -current and found that socks connections don't > work for ftp(1) and, of course, the perl scripts using it (pkg_add). Is this > a expected behaviour? > I'm using the "torsocks" wrapper to force socks to localhost:9050. > > This have something to do with new pledge privsep? Probably yes. It wouldn't be a big surprise if LD_PRELOAD wrappers like torsocks use system calls beyond what has been pledge()d by the program. In many cases this will result in the program being killed.
Re: No more proxy on ftp(1)?
Thanks. Yes, it does core dump on "Abort trap". Any idea on how I can force ftp(1) to socks5? The man page say nothing about proxy other than http or ftp, and I have not set a transparent proxy yet... Good to know that pledge is doing his job. So far, no other problem with the transition between 5.8 to 5.9.