Re: new kind of info organizer, on OpenBSD: OneModel

[luke call]

On 01/28/16 02:41, Craig Skinner wrote:
> Have a dig about /usr/ports/productivity/
>
> I use taskwarrior, which has tasksh.

Thanks for the tip. Maybe I'm presenting OneModel in the wrong
way. Its vision is much bigger than task management, but I'm not sure
how to best make that clear to the right audience.

*The vision is this: mankind's knowledge is not well-organized as a
whole. I want to see us to fix that, so I have created a
plan* which has seemed worth trying, that goes something like this:

1) Create a simple tool for a knowledge base, that uses the necessary
principles of organizing atomic *knowledge as an object model* (not
mere todos, or predefined anything, or even very-efficient piles of
text), and use it as my own organizer [DONE FOR NOW]

2) Pitch it as a GTD thing, since it can also do that, to the kind of
people who use org-mode (or taskwarrior), to get some traction and
build a community [JUST INITIATING THIS, THOUGH OTHER PRODUCTS ARE MORE
MATURE FOR THIS NARROW PART OF THE WHOLE PURPOSE.]

3) Take it to the next levels of broad computable knowledge-related
collaboration which include:
3a) cloud support
3b) allow easily attaching code to classes of these structured
entities (or nodes in the graph) for computation and custom extensions
of the base product: adds very powerful capabilities. I can largely see
the code & implementation for this, just need time/bandwidth (money).
3c) sharing OM data (or knowledge) including custom code across
instances: letting one OM instance subscribe to changes, link to, or
copy things from another model. Making it so easy that people start
sharing data between their instances (sort of like gopher + evernote +
wikipedia, only computable & more powerful & flexible, and Free, under
individual or group control). This requires some work that also seems
very exciting to do.

Remember these are models of knowledge, like wiki content in a
*computable* graph database, but without the limitations of using human
language as the primary structure for data on which to do computation.

This will take work and time. So to fund dev time on it there's the
possibility of selling binaries, or re-sell amazon db storage
facilities, or other Free-software business models as discussed
elsewhere. But this works most easily if it can be compelling enough
in its current form, to build a community of devs and/or users around
the Free code and compete with existing tools that have many devs and
time in them already. I think OM could be great for some users, but...
H.

4) Other work like user friendliness for non-nerds, mobile, make it
known to a much wider audience, etc.

So a current hurdle seems to be to build a community or validation
base, for the vision, who can use the current feature set, while the
hopefully more broadly impactful stuff gets developed.

Thanks again for your earlier comment! The invitation for feedback,
suggestions, or to read more about OM & its vision (like what I mean by
"computable"), try it out, & participate on http://onemodel.org site
mailing lists also remains. :)

Best regards,
Luke

implementing circular queue for tcpdump logging

[Alan McKay]

Hi folks,

Something I've done on other platforms e.g on a firewall is have
tcpdump running and logging to disk.  You know ahead of time how much
disk space to allocate to this task, and there are command line
options on tcpdump that you can adjust to accomplish this.  So it will
always occupy that known amount of space, and you know that you have
the last X hours of traffic logged.  Basically use the option to
change to a new log file as soon as it hits size X, combined with the
option to limit the number of log files to Y.

Has anyone done something like this with OpenBSD?  I don't see
anything obvious and was wondering what others might have done to
accomplish this.   Perhaps some kind of wrapper script ...

thanks,
-Alan

-- 
"You should sit in nature for 20 minutes a day.
 Unless you are busy, then you should sit for an hour"
 - Zen Proverb

Re: ipsec between three networks

[Dewey Hylton]

for us, ospf works fine. and in our testing, bgp was much slower to respond
to
network events. each of our sites has a pair of openbsd boxes clustered via
carp. each site has two different isps. this adds up to quite a few
different paths
to/from each site. on multiple occasions, we've received calls from our
providers
regarding outages on isp links that we use by default (weighted via ospf)
that we
weren't yet aware of because ospf just worked as it should have and nobody
had
noticed. of course, we now monitor such things, but the point is that ospf
has been
great for us in this configuration.

On Thu, Jan 28, 2016 at 2:30 AM, mxb  wrote:

> OSPF is not right protocol if you scale to more than 3 sites and want
> influence routing.
> BGP will do a better job in this situation.
>
> On 27 jan. 2016, at 03:39, Dewey Hylton  wrote:
>
> my current working configuration has 3 sites; each site is connected to the
> others, and routing is handled via ospfd.

Re: implementing circular queue for tcpdump logging

[sven falempin]

syslog has memory buffer that rotates. (:name:size)
pflogd can log, tcpump | logger is you want something else

problem solved.

On Thu, Jan 28, 2016 at 10:03 AM, Alan McKay  wrote:

> Hi folks,
>
> Something I've done on other platforms e.g on a firewall is have
> tcpdump running and logging to disk.  You know ahead of time how much
> disk space to allocate to this task, and there are command line
> options on tcpdump that you can adjust to accomplish this.  So it will
> always occupy that known amount of space, and you know that you have
> the last X hours of traffic logged.  Basically use the option to
> change to a new log file as soon as it hits size X, combined with the
> option to limit the number of log files to Y.
>
> Has anyone done something like this with OpenBSD?  I don't see
> anything obvious and was wondering what others might have done to
> accomplish this.   Perhaps some kind of wrapper script ...
>
> thanks,
> -Alan
>
> --
> "You should sit in nature for 20 minutes a day.
>  Unless you are busy, then you should sit for an hour"
>  - Zen Proverb
>
>


-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: bandwidth usage limits with pf, etc.

[Mihai Popescu]

I was using trafshow from ports, it is not so geeky but it works.
Maybe there are better tools.

Re: can't run multiple instances of httpd, flags not visible in processes

[Ingo Schwarze]

Hi,

Antoine Jacoutot wrote on Thu, Jan 28, 2016 at 10:41:52AM +0100:

> As mentioned in another thread already:
> # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2
> Then use mydaemon2_flags ... in rc.conf.local.

This seems to be a recurring user question.

Do you consider this addition useful?

I think rcctl(8) is the best place to document it because that's
the highest level user interface and "How do i run multiple copies
of a daemon?" is a very high-level user question, while rc.d(8)
and rc.conf(8) document lower, more technical levels.

I'd love to make the example more specific and document an actual
use case that frequently occurs in practice, but even though many
have said that such cases do occur, i can't think of any.  For
example, for httpd(8), it looks like all use cases can be solved
by running one copy and using "server ... { ... }" well in
httpd.conf(5).  So, if anybody can describe a specific use case to
make the example better, that's quite welcome.

I certainly don't want an example in the style of

  # ln -s httpd httpd2

That's a terrible name.  The next admin coming along will have no
clue what this second httpd is needed for.

Yours,
  Ingo


Index: rcctl.8
===
RCS file: /cvs/src/usr.sbin/rcctl/rcctl.8,v
retrieving revision 1.26
diff -u -p -r1.26 rcctl.8
--- rcctl.8 24 Oct 2015 17:08:36 -  1.26
+++ rcctl.8 28 Jan 2016 17:39:13 -
@@ -193,6 +193,18 @@ ntpd_user=root
 # echo $?
 0
 .Ed
+.Pp
+The recommended way to run a second copy of a given daemon for a
+different purpose is to create a symbolic link to its
+.Xr rc.d 8
+control script:
+.Bd -literal -offset indent
+# cd /etc/rc.d/
+# ln -s httpd httpd_purpose
+# rcctl set httpd_purpose flags -some options ...
+# rcctl set httpd_purpose status on
+# rcctl start httpd_purpose
+.Ed
 .Sh SEE ALSO
 .Xr rc.conf.local 8 ,
 .Xr rc.d 8

Re: can't run multiple instances of httpd, flags not visible in processes

[Stuart Henderson]

On 2016-01-28, Ingo Schwarze  wrote:
> I'd love to make the example more specific and document an actual
> use case that frequently occurs in practice, but even though many
> have said that such cases do occur, i can't think of any.  For
> example, for httpd(8), it looks like all use cases can be solved
> by running one copy and using "server ... { ... }" well in
> httpd.conf(5).  So, if anybody can describe a specific use case to
> make the example better, that's quite welcome.

Here's one use case - it might not be super-common, but it can't be
solved another way by the system administrator. snmpd can only bind
to one address, so to use it for both v4 and v6 need to run it twice
with different configurations; so you can use this in the config file:

addr="192.0.2.1"
listen on $addr

And for the second copy, snmpd_v6_flags="-D addr=2001:db8::1234".

> I certainly don't want an example in the style of
>
>   # ln -s httpd httpd2
>
> That's a terrible name.  The next admin coming along will have no
> clue what this second httpd is needed for.

Indeed, and the particular example of httpd2 would give us even
more confusion between base httpd and Apache httpd than we already
have.

Re: Computer hangup : scsi_xfer pool exhausted!

[Laurence Tratt]

On Wed, Jan 27, 2016 at 10:31:28AM +, Sébastien Morand wrote:

Hello Sébastien,

> I have a computer hanging up every 4/5 days. It's no more accessible by
> network and keyboard is not responding. The only message displayed in
> console log is "scsi_xfer pool exhausted!" which is documented by :

I see this too, though less frequently, perhaps every couple of weeks or so.
There appears to be no clear pattern about when the machine suddenly locks
like this (X shuts down, I'm dumped in the console, and see the above
message; though the keyboard sort-of works, in the sense that key presses are
echoed back, no commands can be executed nor can I login; I can't power the
machine off in any nice way; instead I have to hard power the machine off),
which makes filing a bug report hard.


Laurie
--
Personal http://tratt.net/laurie/
Software Development Teamhttp://soft-dev.org/
   https://github.com/ltratt  http://twitter.com/laurencetratt


OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8476475392 (8083MB)
avail mem = 8215384064 (7834MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb170 (52 entries)
bios0: vendor Intel Corp. version "BLH6710H.86A.0160.2012.1204.1156" date
12/04/2012
bios0: TranquilPC IXL
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET
acpi0: wakeup devices PS2K(S3) PS2M(S3) UAR1(S3) P0P1(S4) P0P2(S4) P0P3(S4)
P0P4(S4) GBE_(S4) BR20(S3) EUSB(S3) USBE(S3) PEX0(S4) BR21(S4) PEX1(S4)
PEX2(S4) PEX3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2794.12 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A
ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2793.65 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A
ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2793.65 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A
ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz, 2793.65 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,A
ES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus -1 (P0P2)
acpiprt3 at acpi0: bus -1 (P0P3)
acpiprt4 at acpi0: bus -1 (P0P4)
acpiprt5 at acpi0: bus 1 (PEX0)
acpiprt6 at acpi0: bus -1 (BR21)
acpiprt7 at acpi0: bus 2 (PEX1)
acpiprt8 at acpi0: bus -1 (PEX2)
acpiprt9 at acpi0: bus -1 (PEX3)
acpiprt10 at acpi0: bus -1 (PEX4)
acpiprt11 at acpi0: bus -1 (PEX5)
acpiprt12 at acpi0: bus -1 (PEX6)
acpiprt13 at acpi0: bus -1 (PEX7)
acpicpu0 at acpi0 0x800a4008 cnt:01 stk:00 package: 06
 0x800a3a88 cnt:01 stk:00 integer: 6
 0x8009fc08 cnt:01 stk:00 integer: 0
 0x800a4d88 cnt:01 stk:00 integer: 0
 0x800a4d08 cnt:01 stk:00 integer: fe
 0x800a1508 cnt:01 stk:00 integer: 2
 0x800a1308 cnt:01 stk:00 integer: 2

CSD r=0 d=0 c=fe n=2 i=2
: C3(350@104 mwait.3@0x20), C2(500@80 mwait.3@0x10), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0 0x8009f188 cnt:01 stk:00 package: 06
 0x8009f308 cnt:01 stk:00 integer: 6
 0x800a1a08 

Re: can't run multiple instances of httpd, flags not visible in processes

[Antoine Jacoutot]

>   # ln -s httpd httpd2
> 
> That's a terrible name.  The next admin coming along will have no

Duh, I was just making a point.

> clue what this second httpd is needed for.

As I said, I thing it'd be a worthful addition to the doc indeed.
However I don't think this should go into rcctl.

"I should document that" is what I wrote iirc; and I will.
httpd is not a good example anyway. Something like snmpd might.

Please give me a couple of days and I'll send a diff.
Thanks.

-- 
Antoine

Re: [SOLVED] with pain / was: APU2 WLE200NX ATHN0: Device timeout

[Stuart Henderson]

On 2016-01-27, Kapfhammer, Stefan  wrote:
> thanks for all the hints with the WiFi problem on an
> (beta testing) APU2b4 with a Compex WLE200NX
> wireless mini PCIE card.
[..]
>
> At the time I bought the board, the mSATA SSD, WiFi card, pigtails and
> dual antennas‎, PCengines had the information that I want to
> run OpenBSD on it. But no word, that at this time, the combination won't
> work.

If it was expected to work fully, it wouldn't be called "beta testing"..

Re: Squid slow in connecting to SSL

[Stuart Henderson]

On 2016-01-28, Kim Zeitler  wrote:
> currently I try to solve the phenomenon, that certain SSL sites are slow 
> when accessed via squid on OpenBSD. Mostly ownCloud in my case as well 
> as several web shops. The login screen alone taking minutes to load.

I'm not seeing that here (squid 3.5.13 and squidclamav from packages
on recent -current, in front of a handful of Windows boxes and 30-odd
OpenBSD/GNOME/Chromium/LibreOffice workstations).

Need more information. If it's consistent for certain sites, which
sites? Have you looked in logs etc?

> The current configuration is squid-ldap(3.5.13) from packages  on 
> -current running on a KVM host as VM (4 cores, 2GB RAM, virtio HDD and NIC)

That seems a bit low RAM for Squid, but I doubt that's the problem
for TLS sites which will just be CONNECT tunnels unless you've made
a lot more config changes than you mentioned.

Re: can't run multiple instances of httpd, flags not visible in processes

[Claudio Jeker]

On Thu, Jan 28, 2016 at 06:52:18PM +0100, Ingo Schwarze wrote:
> Hi,
> 
> Antoine Jacoutot wrote on Thu, Jan 28, 2016 at 10:41:52AM +0100:
> 
> > As mentioned in another thread already:
> > # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2
> > Then use mydaemon2_flags ... in rc.conf.local.
> 
> This seems to be a recurring user question.
> 
> Do you consider this addition useful?
> 
> I think rcctl(8) is the best place to document it because that's
> the highest level user interface and "How do i run multiple copies
> of a daemon?" is a very high-level user question, while rc.d(8)
> and rc.conf(8) document lower, more technical levels.
> 
> I'd love to make the example more specific and document an actual
> use case that frequently occurs in practice, but even though many
> have said that such cases do occur, i can't think of any.  For
> example, for httpd(8), it looks like all use cases can be solved
> by running one copy and using "server ... { ... }" well in
> httpd.conf(5).  So, if anybody can describe a specific use case to
> make the example better, that's quite welcome.
> 
> I certainly don't want an example in the style of
> 
>   # ln -s httpd httpd2
> 
> That's a terrible name.  The next admin coming along will have no
> clue what this second httpd is needed for.
> 

In the httpd case I would consider a split horizon setup with internal and
external httpd as a kind of common setup.
So ln -s httpd httpd_internal could make sense to me.
> Yours,
>   Ingo
> 
> 
> Index: rcctl.8
> ===
> RCS file: /cvs/src/usr.sbin/rcctl/rcctl.8,v
> retrieving revision 1.26
> diff -u -p -r1.26 rcctl.8
> --- rcctl.8   24 Oct 2015 17:08:36 -  1.26
> +++ rcctl.8   28 Jan 2016 17:39:13 -
> @@ -193,6 +193,18 @@ ntpd_user=root
>  # echo $?
>  0
>  .Ed
> +.Pp
> +The recommended way to run a second copy of a given daemon for a
> +different purpose is to create a symbolic link to its
> +.Xr rc.d 8
> +control script:
> +.Bd -literal -offset indent
> +# cd /etc/rc.d/
> +# ln -s httpd httpd_purpose
> +# rcctl set httpd_purpose flags -some options ...
> +# rcctl set httpd_purpose status on
> +# rcctl start httpd_purpose
> +.Ed
>  .Sh SEE ALSO
>  .Xr rc.conf.local 8 ,
>  .Xr rc.d 8
> 

-- 
:wq Claudio

Solved. Daily cron error in 5.7

[Luciano]

Hello,

I found the trick, it's not a system message,
but a message of another server sent erroneously.
Because my OpenBSD is a mail server.

Sorry and thanks.


Il 28/01/2016 10:22, Marcus MERIGHI ha scritto:
> luis...@tin.it (giacomo), 2016.01.26 (Tue) 20:17 (CET):
>> On 25.01.16, 13:02, Craig Skinner wrote:
>>> Hi Luciano,
>>>
>>> On 2016-01-24 Sun 19:52 PM |, Luciano wrote:
 run-parts: /etc/cron.daily/logrotate exited with return code 1
>>>^  ^ what are these?
>> I don't know. I search in the old configuration of crontab.
>>
>>> $ man run-parts
>>> man: no entry for run-parts in the manual.
>> Yes, It's strange for me also.
> I think it's not strange:
>
> $ locate run-parts
> (no output)
> $ pkg_locate run-parts
> (no output)
> $ ls /etc/cron.daily
> ls: /etc/cron.daily: No such file or directory
>
> It's not in base and not in ports, how did run-parts get onto your
> system?
>
> Nice catch, Craig, btw.
>
> Bye, Marcus
>
>> !DSPAM:56a9278f325018862815584!

Re: implementing circular queue for tcpdump logging

[Lyndon Nerenberg]

Has anyone done something like this with OpenBSD?  I don't see
anything obvious and was wondering what others might have done to
accomplish this.   Perhaps some kind of wrapper script ...


We had the same issue a couple of months ago.  I just brought over the 
tcpdump source from FreeBSD and compiled that.  It supports capture file 
rotation based on time or file size.

Re: can't run multiple instances of httpd, flags not visible in processes

[Remi Locherer]

On Thu, Jan 28, 2016 at 06:52:18PM +0100, Ingo Schwarze wrote:
> Hi,
> 
> Antoine Jacoutot wrote on Thu, Jan 28, 2016 at 10:41:52AM +0100:
> 
> > As mentioned in another thread already:
> > # ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2
> > Then use mydaemon2_flags ... in rc.conf.local.
> 
> This seems to be a recurring user question.
> 
> Do you consider this addition useful?
> 
> I think rcctl(8) is the best place to document it because that's
> the highest level user interface and "How do i run multiple copies
> of a daemon?" is a very high-level user question, while rc.d(8)
> and rc.conf(8) document lower, more technical levels.
> 
> I'd love to make the example more specific and document an actual
> use case that frequently occurs in practice, but even though many
> have said that such cases do occur, i can't think of any.  For
> example, for httpd(8), it looks like all use cases can be solved
> by running one copy and using "server ... { ... }" well in
> httpd.conf(5).  So, if anybody can describe a specific use case to
> make the example better, that's quite welcome.

I'm running several instances of dhcrelay because I can only specify
one "-i if" option. The example could look like this:

# ln -s dhcrelay dhcrelay_vlan2
# ln -s dhcrelay dhcrelay_vlan3
# rcctl set dhcrelay_vlan2 flags -i vlan2 10.0.0.2
# rcctl set dhcrelay_vlan3 flags -i vlan3 10.0.0.2

> 
> I certainly don't want an example in the style of
> 
>   # ln -s httpd httpd2
> 
> That's a terrible name.  The next admin coming along will have no
> clue what this second httpd is needed for.
> 
> Yours,
>   Ingo
> 
> 
> Index: rcctl.8
> ===
> RCS file: /cvs/src/usr.sbin/rcctl/rcctl.8,v
> retrieving revision 1.26
> diff -u -p -r1.26 rcctl.8
> --- rcctl.8   24 Oct 2015 17:08:36 -  1.26
> +++ rcctl.8   28 Jan 2016 17:39:13 -
> @@ -193,6 +193,18 @@ ntpd_user=root
>  # echo $?
>  0
>  .Ed
> +.Pp
> +The recommended way to run a second copy of a given daemon for a
> +different purpose is to create a symbolic link to its
> +.Xr rc.d 8
> +control script:
> +.Bd -literal -offset indent
> +# cd /etc/rc.d/
> +# ln -s httpd httpd_purpose
> +# rcctl set httpd_purpose flags -some options ...
> +# rcctl set httpd_purpose status on
> +# rcctl start httpd_purpose
> +.Ed
>  .Sh SEE ALSO
>  .Xr rc.conf.local 8 ,
>  .Xr rc.d 8

Re: rc.d and rtable

[Vadim Zhukov]

27 янв. 2016 г. 21:29 пользователь "Jiri B" 
написал:
>
> On Wed, Jan 27, 2016 at 01:40:14PM +0100, Antoine Jacoutot wrote:
> > On Wed, Jan 27, 2016 at 06:47:57AM -0500, Jiri B wrote:
> > > Would it be worth to extend rc.d for rtable knobs?
> > >
> > > - daemon_rtable varible
> > > - rc_* functions (route exec, pgrep/pkill -T $rtable...)
> > >
> > > Or are routing tables not much used thus not worth to make
> > > rc.d more complicated?
> >
> > There has been several discussions about this. No decision made though.
> > If you can find a nice way to implement it, I can have a look.
>
> rc.d framework is so nice... not sure if this is nice way but it
> works. Maybe check for existing rtable is not great.

The code looks like more or less fine (I'll do a more careful review a bit
later), but there are documentation bits missing.

--
Vadim Zhukov

Re: rc.d and rtable

[Jiri B]

On Thu, Jan 28, 2016 at 11:27:40AM +0300, Vadim Zhukov wrote:
> [...]
> The code looks like more or less fine (I'll do a more careful review a bit
> later), but there are documentation bits missing.

That was a POC, anyway I'm not very familiar with mandoc :/

j.

Re: can't run multiple instances of httpd, flags not visible in processes

[Alexandre Ratchov]

On Wed, Jan 27, 2016 at 10:51:50PM +0100, Reyk Floeter wrote:
> 
> Well, we "tradionally" had setproctitle("[priv]") in the parent.  I
> changed the tradition to setproctitle("parent").
> 
> I have no objections with changing this in the parent (but keeping the
> setproctitles in the children) to either the default (all command line
> flags) or to something like setproctitle("parent, %s", conffile).
> Command line flags suck and I don't think that -d or -v would be
> helpful in the output, so I prefer the latter.
> 
> All rc scripts would have to be adjusted by somebody with better rc-fu.
> 
> Opinions?
> 

another option would be to call setproctitle() only in the child
processes (or processes you're not supposed to kill), that's what
we do for sndiod to allow multiple instances to run allowing the
user to kill the right one:

$ ps ax |grep sndiod  
14501 ??  Ssp 0:00.00 sndiod: helper (sndiod)
32743 ??  S

Re: can't run multiple instances of httpd, flags not visible in processes

[Jiri B]

On Thu, Jan 28, 2016 at 09:49:32AM +0100, Alexandre Ratchov wrote:
> $ ps ax |grep sndiod  
> 14501 ??  Ssp 0:00.00 sndiod: helper (sndiod)
^^ excuse my ignorance
but what's purpose of repeating daemon name in brackets?

j.

Re: can't run multiple instances of httpd, flags not visible in processes

[Antoine Jacoutot]

> Fine, this is what I suggested as the first option.
> 
> But let's do it everywhere and not just for httpd -
> don't use setproctitle in the parent process.
> 
> It does make sense for many more privsep daemons, especially in combination
> with rdomains (ntpd, iked, …). bgpd would probably not need it, but it does
> not harm
> and I'd prefer to change it for consistency (please don't forget that we try
> to keep
> the daemons synced somehow - it's an ecosystem).

I couldn't agree more.

-- 
Antoine

Re: Daily cron error in 5.7

[Marcus MERIGHI]

luis...@tin.it (giacomo), 2016.01.26 (Tue) 20:17 (CET):
> On 25.01.16, 13:02, Craig Skinner wrote:
> > Hi Luciano,
> > 
> > On 2016-01-24 Sun 19:52 PM |, Luciano wrote:
> > > run-parts: /etc/cron.daily/logrotate exited with return code 1
> >   ^  ^ what are these?
> I don't know. I search in the old configuration of crontab.
> 
> > 
> > $ man run-parts
> > man: no entry for run-parts in the manual.
> Yes, It's strange for me also.

I think it's not strange:

$ locate run-parts
(no output)
$ pkg_locate run-parts
(no output)
$ ls /etc/cron.daily
ls: /etc/cron.daily: No such file or directory

It's not in base and not in ports, how did run-parts get onto your
system? 

Nice catch, Craig, btw. 

Bye, Marcus

> !DSPAM:56a9278f325018862815584!

Re: rc.d and rtable

[Claudio Jeker]

On Wed, Jan 27, 2016 at 09:47:04PM +0100, Antoine Jacoutot wrote:
> > > rc.d framework is so nice... not sure if this is nice way but it
> > > works. Maybe check for existing rtable is not great.
> > 
> > If I see this correctly you add a foo_rtable variable to rc.conf.local.
> > I think there is some drawback to this solution.
> > You can only have one daemon running in one rtable at a time
> > I often run things like sshd in multiple rtables / rdomains in which
> > case I would have to copy the sshd rc.d script and fiddle a bit here and
> 
> You don't have to copy it, just link it (so you get updates to the original 
> script) and add ssht2, ssht3... to pkg_scripts.
> But yeah, it's not an obvious road and that's why I warned not to hold any 
> breath ;-)
> 
> > there. I would prefer if we would have a rc.conf file specific for a
> > rtable. Also it is not possible to start daemons with different flags.
> 
> Hmm. Can you extend on that?
> We should be able to make something like this work:
> 
> # ln -s /etc/rc.d/sshd /etc/rc.d/sshdt2
> # rcctl enable ssht2
> # rcctl set ssht2 flags -f /etc/ssh/wunder_config

Aha, that is what I was looking for. So if this works I'm totally happy :)
Didn't know that you can just symlink rc scripts and everything will work.
 
> > Non the less I think this is a move in the right direction.
> 
> It is. It's basically the last obvious situation rc.d does not handle besides 
> what was mentioned today (multiple httpd, relayd, ...).
> Good thing we have rc.local ;-)

This is what I currently do and I tend to forget about it and restart
stuff in the wrong rdomain.

> Anyway, I've been pretty busy lately but I think that's something I'd like to 
> investigate during our upcoming hackathon a couple months from now (it's too 
> late for this release anyway).
> 

I will for sure give this a try on my rdomain-ed firewall at home.

-- 
:wq Claudio

Re: rc.d and rtable

[Antoine Jacoutot]

On Thu, Jan 28, 2016 at 03:50:33AM -0500, Jiri B wrote:
> On Thu, Jan 28, 2016 at 11:27:40AM +0300, Vadim Zhukov wrote:
> > [...]
> > The code looks like more or less fine (I'll do a more careful review a bit
> > later), but there are documentation bits missing.
> 
> That was a POC, anyway I'm not very familiar with mandoc :/

Don't worry about it for now.
I'll move this to its next step but as I mentioned, this is a bit late to make 
it into 5.9.
rc.d is nice and simple indeed but there are some corner cases here and there 
and I don't want to introduce any regression at this point.

Thanks Jiri.

-- 
Antoine

Re: can't run multiple instances of httpd, flags not visible in processes

[Paolo Aglialoro]

When this goes implemented, how will one start/stop/reload/check the single
instance or all instances through /etc/rc.d/ ?

Squid slow in connecting to SSL

[Kim Zeitler]

Hello all

currently I try to solve the phenomenon, that certain SSL sites are slow 
when accessed via squid on OpenBSD. Mostly ownCloud in my case as well 
as several web shops. The login screen alone taking minutes to load.


I tested this also with squid running on a debian vm showing no problems 
at all.


The current configuration is squid-ldap(3.5.13) from packages  on 
-current running on a KVM host as VM (4 cores, 2GB RAM, virtio HDD and NIC)


My squid.cfg is basically the default except for setting $localnet bit 
stricter.


Any help is much appreciated

Cheers Kim

Re: can't run multiple instances of httpd, flags not visible in processes

[Stuart Henderson]

On 2016/01/28 08:50, Reyk Floeter wrote:
> > On 27.01.2016, at 23:31, Stuart Henderson  wrote:
> >
> > This does the trick. It probably doesn't make sense to run multiple
> > copies of all of the privsep daemons though I see definite use cases
> > for httpd, snmpd [v4 and v6 need separate daemons], and possibly some
> > others, but it would be better to keep them all in-sync..
> >
>
> Fine, this is what I suggested as the first option.
>
> But let's do it everywhere and not just for httpd -
> don't use setproctitle in the parent process.
>
> It does make sense for many more privsep daemons, especially in combination
> with rdomains (ntpd, iked, …). bgpd would probably not need it, but it
does not harm
> and I'd prefer to change it for consistency (please don't forget that we try
to keep
> the daemons synced somehow - it's an ecosystem).

Yes exactly, that's why I said "it would be better to keep them
all in-sync", but no point writing a diff for the 13 daemons
which do the same thing (and figuring out what to do with the
other not-quite-similar ones, if anything) unless we are agreed
on the direction.

Re: can't run multiple instances of httpd, flags not visible in processes

[Antoine Jacoutot]

On Thu, Jan 28, 2016 at 10:29:56AM +0100, Paolo Aglialoro wrote:
> When this goes implemented, how will one start/stop/reload/check the single
> instance or all instances through /etc/rc.d/ ?

You'll have a different rc.d script and associated rc.conf variables for each 
of your instances.
Actually not really a "different" rc.d script, just a link to the original one 
which already works for daemons that properly display their args in the process 
list.

As mentioned in another thread already:
# ln -s /etc/rc.d/mydaemon /etc/rc.d/mydaemon2
Then use mydaemon2_flags ... in rc.conf.local.

-- 
Antoine

Re: new kind of info organizer, on OpenBSD: OneModel

[Craig Skinner]

Hi Luke,

On 2016-01-27 Wed 18:20 PM |, luke call wrote:
> 
> If you've ever used emacs org-mode, to-do list programs or the like,
> this might be of interest.

Have a dig about /usr/ports/productivity/

I use taskwarrior, which has tasksh.

Cool.
-- 
http://www.taskwarrior.org/

Re: can't run multiple instances of httpd, flags not visible in processes

[Antoine Jacoutot]

On Thu, Jan 28, 2016 at 10:45:31AM +0100, Kamil Cholewiński wrote:
> On Thu, 28 Jan 2016, Paolo Aglialoro  wrote:
> > When this goes implemented, how will one start/stop/reload/check the single
> > instance or all instances through /etc/rc.d/ ?
> 
> I hate to repeat myself, but runit solves all of these problems cleanly,
> with no need for ps grepping, with no patches in the daemons necessary,
> and with minimal setup.
> 
> sv restart /var/services/httpd1
> sv restart /var/services/httpd2

I don't see why we wouldn't want to properly fix this in rc.d which is in base 
in the first place.
It's alright to use an external service supervisor when there's a very specific 
need, but in this case I see no reason for it.

-- 
Antoine

Re: can't run multiple instances of httpd, flags not visible in processes

[Kamil Cholewiński]

On Thu, 28 Jan 2016, Paolo Aglialoro  wrote:
> When this goes implemented, how will one start/stop/reload/check the single
> instance or all instances through /etc/rc.d/ ?

I hate to repeat myself, but runit solves all of these problems cleanly,
with no need for ps grepping, with no patches in the daemons necessary,
and with minimal setup.

sv restart /var/services/httpd1
sv restart /var/services/httpd2

Re: rc.d and rtable

[Antoine Jacoutot]

> > # ln -s /etc/rc.d/sshd /etc/rc.d/sshdt2
> > # rcctl enable ssht2
> > # rcctl set ssht2 flags -f /etc/ssh/wunder_config
> 
> Aha, that is what I was looking for. So if this works I'm totally happy :)
> Didn't know that you can just symlink rc scripts and everything will work.

Yeah, this was done at c2k15 :-)

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr?rev=1.99=text/x-cvsweb-markup

Maybe I should document that; it's a recurrent question.

-- 
Antoine

Re: can't run multiple instances of httpd, flags not visible in processes

[lists]

Thu, 28 Jan 2016 18:52:18 +0100 Ingo Schwarze 
> I'd love to make the example more specific and document an actual
> use case that frequently occurs in practice, but even though many
> have said that such cases do occur, i can't think of any.

I have this use case, and have not found quickly a better solution but
to copy manually the script in /etc/rd.d for tftpd to tftpd2 and invoke
them separately with different tftpd_flags and tftpd2_flags set in
rc.conf.local(8), maybe out of ignorance.

Does network boot multiple archs from the same serving multi-homed
(different IP addresses same sub-network) system require multiple
instances of the tftpd(8) or can it serve multiple directories on
different IP addresses with one running instance?

"Available disks are: none" on Sony Vaio SVZ13115GGXI

[Ben Alex]

This laptop has 2 x Samsung 128 GB SSD drives and a RAID controller
which reports as "Intel Rapid Storage Technology (Option ROM version
11.0.0.1339)".

OpenBSD 5.7, 5.8 and current (20160125) installers each report
"Available disks are: None".

Available system BIOS settings (XHCI Mode, Execute Bit Capability) and
RAID BIOS settings (non-RAID, RAID) have been toggled without success.

Windows recovery was used to upgrade the system BIOS to the latest
available version, R0092C6. The prior version (R0091C6) behaved the
same.

Linux and FreeBSD detect the drives and permit partitioning. dmesg
output from both OpenBSD and FreeBSD are below.

Any suggestions appreciated.

Thanks

===

OpenBSD 5.9-beta (RAMDISK_CD) #1696: Mon Jan 25 19:16:37 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
RTC BIOS diagnostic error 80
real mem = 8465932288 (8073MB)
avail mem = 8207634432 (7827MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6960 (18 entries)
bios0: vendor Insyde Corp. version "R0091C6" date 05/07/2012
bios0: Sony Corporation SVZ13115GGXI
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP TCPA UEFI ASF! HPET APIC MCFG SLIC WDAT SSDT
BOOT SSDT ASPT FPDT SSDT SSDT SSDT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-3612QM CPU @ 2.10GHz, 2095.54 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (RP01)
acpiprt2 at acpi0: bus 3 (RP02)
acpiprt3 at acpi0: bus 5 (RP04)
acpiprt4 at acpi0: bus 8 (RP07)
acpiprt5 at acpi0: bus -1 (PEG0)
acpiec0 at acpi0
acpisony at acpi0 not configured
acpicpu at acpi0 not configured
acpitz at acpi0 not configured
acpibat at acpi0 not configured
acpibat at acpi0 not configured
acpiac at acpi0 not configured
acpibtn at acpi0 not configured
acpibtn at acpi0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 0 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 2
iwn0 at pci1 dev 0 function 0 "Intel Centrino Advanced-N 6235" rev
0x24: msi, MIMO 2T2R, AGN, address c4:85:08:a1:a1:f8
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 3
rtsx0 at pci2 dev 0 function 0 "Realtek RTS5209 Card Reader" rev 0x01: msi
sdmmc0 at rtsx0
ppb2 at pci0 dev 28 function 3 "Intel 7 Series PCIE" rev 0xc4: msi
pci3 at ppb2 bus 5
re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x07:
RTL8168E/8111E-VL (0x2c80), msi, address 54:53:ed:1c:10:4d
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 5
ppb3 at pci0 dev 28 function 6 "Intel 7 Series PCIE" rev 0xc4: msi
pci4 at ppb3 bus 8
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 0 int 20
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel HM77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured
pciide0 at pci0 dev 31 function 2 "Intel 82081HBM RAID" rev 0x04: DMA,
channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide0: using apic 0 int 22 for native-PCI interrupt
"Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay1
uhub2 at uhub0 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2
"vendor 0x08ff Fingerprint Sensor" rev 2.00/25.01 addr 3 at uhub2 port
1 not configured
"vendor 0x8087 product 0x07da" rev 2.00/78.69 addr 4 at uhub2 port 2
not configured
"1458529110CR48AR USB2.0 Camera" rev 2.00/0.12 addr 5 at uhub2 port 3
not configured
uhub3 at uhub1 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2
umass0 at uhub3 port 1 configuration 1 interface 0 "USB Flash Disk"
rev 2.00/2.00 addr 3
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 

No more proxy on ftp(1)?

[arrowscript]

Hi,
I just did the upgrade to 5.9 -current and found that socks connections don't 
work for ftp(1) and, of course, the perl scripts using it (pkg_add). Is this a 
expected behaviour?
I'm using the "torsocks" wrapper to force socks to localhost:9050.

This have something to do with new pledge privsep?

Re: new kind of info organizer, on OpenBSD: OneModel

[Peter Hessler]

On 2016 Jan 28 (Thu) at 08:56:18 -0700 (-0700), luke call wrote:
:On 01/28/16 02:41, Craig Skinner wrote:
:> Have a dig about /usr/ports/productivity/
:>
:> I use taskwarrior, which has tasksh.
:
:Thanks for the tip. Maybe I'm presenting OneModel in the wrong
:way. Its vision is much bigger than task management, but I'm not sure
:how to best make that clear to the right audience.
:

This is very offtopic.  If you have a port you would like to submit,
please generate one and send it to ports@.

Please do not use OpenBSD mailing lists for advertising your product.

-- 
Oh, wow!  Look at the moon!

Re: implementing circular queue for tcpdump logging

[Alan McKay]

On Thu, Jan 28, 2016 at 10:31 AM, sven falempin  wrote:
> syslog has memory buffer that rotates. (:name:size)
> pflogd can log, tcpump | logger is you want something else
>
> problem solved.

Thanks.  I should have thought of pflogd!
Looks like a modification of the standard OpenBSD technique to
shoot that into syslog will work.


-- 
"You should sit in nature for 20 minutes a day.
 Unless you are busy, then you should sit for an hour"
 - Zen Proverb

Re: No more proxy on ftp(1)?

[Stuart Henderson]

On 2016-01-29, arrowscr...@mail.com  wrote:
> Hi,
> I just did the upgrade to 5.9 -current and found that socks connections don't 
> work for ftp(1) and, of course, the perl scripts using it (pkg_add). Is this 
> a expected behaviour?
> I'm using the "torsocks" wrapper to force socks to localhost:9050.
>
> This have something to do with new pledge privsep?

Probably yes.

It wouldn't be a big surprise if LD_PRELOAD wrappers like torsocks
use system calls beyond what has been pledge()d by the program.
In many cases this will result in the program being killed.

Re: No more proxy on ftp(1)?

[arrowscript]

Thanks.
Yes, it does core dump on "Abort trap".
Any idea on how I can force ftp(1) to socks5? The man page  say nothing about 
proxy other than http or ftp, and I have not set a transparent proxy yet...

Good to know that pledge is doing his job. So far, no other problem with the 
transition between 5.8 to 5.9.