Re: Feeding DHCP leases into unbound
On 06/22/17 05:47, Andreas Kusalananda Kähäri wrote: > Is there an existing solution for feeding the IP-addresses of the leases > that dhcpd hands out into the unbound configuration and reload it, or > would I have to write a script that parses the lease declarations in > /var/db/dhcpd.leases? I recently created a script to do this. It works for me but has not been tested anywhere else. Here's a link to a .tgz containing the code, config file, and rc.d script: http://practical.systems/dynbound/dynbound.tgz There's probably lots of room for improvement. Feedback is welcome. One of these days I will finish it up, write a man page, and submit a port.
Re: authpf error: failed to create table (Device busy)
It looks like I've just hit the same bug. It looks like it is not related
with authpf but rather with anchors generaly. I'm loading anchor from
pf.conf, then this anchor loads another one with some rules. I have two
similar rules in there and disabling one of them will stop returning an
error from this anchor.
pass in quick log proto tcp to { 10.58.16.10 10.58.16.20 10.58.16.30 } port
1522
pass in quick log proto tcp to { 10.58.16.11 10.58.16.21 10.58.16.31 } port
1522
I have quite a bit ancors so I'm failing to load rules few anchors ahead
anyway.
Revelant parts of config are as follows:
/etc/pf.conf:
anchor "vpn1" in on $if_vpn1
load anchor vpn1 from "/etc/anchors/vpn1.conf"
/etc/anchors/vpn1.conf:
anchor "user4" in from 172.31.224.217
load anchor user4 from "/etc/anchors/vpn1/user4"
/etc/anchors/vpn1/user4:
pass in quick log proto tcp to { 10.58.16.10 10.58.16.20 10.58.16.30 } port
1522
pass in quick log proto tcp to { 10.58.16.11 10.58.16.21 10.58.16.31 } port
1522
--
View this message in context:
http://openbsd-archive.7691.n7.nabble.com/authpf-error-failed-to-create-table-Device-busy-tp321195p322214.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
possible xbacklight regression
Hello all I've noticed a possible regression on a thinkpad t420 regarding xbacklight on -current. $ xbacklight -set 40 No outputs have backlight property $ xbacklight -get No outputs have backlight property I saw a post on cvs@ (https://marc.info/?l=openbsd-cvs&m=149928661821928&w=2) that could be related. My -current build was approximately 2017-07-06 11:00, which I would have expected that commit to have been included in (or maybe I'm just impatient?). I forget exactly when the regression occured, but I think xbacklight was working in the past few months. OpenBSD 6.1-current (GENERIC.MP) #92: Thu Jul 6 11:11:54 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4156157952 (3963MB) avail mem = 4024406016 (3837MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (63 entries) bios0: vendor LENOVO version "83ET78WW (1.48 )" date 01/21/2016 bios0: LENOVO 4180CD2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT DMAR UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2691676800 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.27 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 98 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "PNP0303" at acpi0 not configured "LEN0015" at acpi0 not configured acpibat0 at acpi0: BAT0 model "42T4853" serial 4484 type LION oem "LGC 11" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured acpivideo1 at acpi0: VID_ cpu0: Enhanced SpeedStep 2691 MHz: speeds: 2701, 2700, 2400, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09 drm0 at inteldrm0 inteldrm0: msi inteldrm0: 1600x900, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address 00:21:cc:67:24:85 ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi azalia0: codecs: Conexant CX20590 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi pci2 at ppb1 bus 3 iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address a0:88:b4:d0:b0:1c ppb2 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi pci3 at ppb2 bus 13 sdhc0 at pci3 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x08: apic 2 int 16 sdhc0: SDHC 3.0, 50 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma ehci1 at pci0 dev 29 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 23 usb1 at ehci1: USB revision 2
Re: Limit internet connection by time of day and number of hours
Hey, I have somewhat similar situation at home. However, I never found a straight forward setup. I can do a manual BLOCK OUT with a script, and probably, if I’d link this script to a cron, I’d get some how setup you are after. I do depend on dhcpd giving out static IP to a give MAC and thus I don’t expect kids to take over MACs on the LAN. They are not there yet :) Following I have in pf.conf. Script is up to you (or I can share prvtly what I have). table persist ### block machines out block out quick on egress tagged BLOCK pass out quick on egress from to any nat-to (egress:0) keep state \ (max-src-conn 1, max-src-conn-rate 1/1, overload flush global) tag BLOCK Script adds adresses to . - really, as name implies, not defined at all, anywhere in pf.conf. Br Mxb > 6 juli 2017 kl. 00:19 skrev Stefan Wollny : > > Hi there! > > "Security" means to constantly re-evaluate your options and processes - > right? So the other day I checked the settings in the Fritz!Box router > and remembered that they had implemented a time quota for a defined > group of users (=IPs). > > Example: My young son has a tablet and a mobile phone (both Android) and > has access to the internet with any device within a defined time frame > and an overall maximum of x hours, individually set for each day of the > week. In the rare cases that he needs more time he uses the joker named > "Mama" ... ;-) (Side note: Just like pocket money the allowed time is > regularly revised for age and experience - not behaviour!) > > Consider other situations where you'd like to meet your responsibilities: > - There may be usual office times from 06:30 am to 21:00 pm (some people > like to work early, other late): Outside of this time frame access to > the internet may not be acceptable (with rare exections) - or might mean > that a machine is hijacked to be a part of a bot or to do some bitcoin > calculations... whatever. > - Within this time frame noone is legally permitted to work longer than > 8 hours based on his login credentials to the office net (not device). > - Just some specified servers do backups to the cloud and e.g. are > granted access the internet exclusively at night time (thus being > exceptions to the general rule above). > - The web and mail servers are seperate to the office net and always-on. > > The technical quest is in principal the same as the one I described > above. Simply spoken: If noone of the 'guys and gals' responsible for > safe and smooth operations is around the internet is turned off (or s/he > gets paid overtime hours :-)). > > Can s.th. like this set up with OpenBSD being the central router? I > searched the FAQ and several man-pages but didn't get an idea of how to > proceed. My very first idea (=dream) was "e.g. set the general time > frame with PF" and "the individual quotas or access times within > anchors". Unfortunately nothing appropriate was found by the "leading" > internet search engine. > > If someone has found a solution to such a task it would be great to get > to know how this was achieved, of course with OpenBSD. > > Please: I am just curious and interested to learn about my (realistic) > options. > > TIA. > > Best, > STEFAN >
Re: httpd and URL rewriting
* Scott Vanderbilt [2017-07-06 09:25]:
> I am investigating the feasibility of migrating aRESTful webapp currently
> hosted on nginx and6.1-currentto use httpd. Naturally, such an application
> requires a URL-rewriting facility.
Does it really *require* URL rewriting?
> Perusing the httpd.conf(5) and httpd(8) man pages, this list's archive, and
> Google, I see nothing that indicates this is possible. Of course, I know you
> can redirect from within httpd, but that's obviously not thesort of behavior
> an app like this requires.
>
> I am encouraged by reyk@'s post to tech on 20 June 2015 wherein he says
> "Here is a diff that adds pattern matching to httpd, allowing rewrites with
> redirects." But that last bit is kind of ambiguous about whether rewrites
> independent of redirects can be achieved.
>
> Might anyone knowwhether this can be accomplished and how?
Below is working config for https://uptime.is/. You can put uptime
percentage after the slash, it it will work without redirect. In
addition, I made some redirects from common names to percents.
Config:
[...]
location "/" {
fastcgi
root "/htdocs/uptime/simple.cgi"
}
location match "^/%d+[,%.]?%d*$" {
fastcgi
root "/htdocs/uptime/simple.cgi"
}
location "/three-nines" {
block return 302 "/99.9"
}
[...]
The CGI script inspects the environment variable PATH_INFO.
> Many thanks.
--
-- Kirill Miazine
Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?
@Reyk Yes on ESXi ahci(4) hangs as you described, the procedure is to remove, since "sata" is a default to cdrom device. A great feedback you provided! Long life to magic puffer fish Cheers, 2017-07-04 9:21 GMT-03:00 Reyk Floeter : > On Mon, Jul 03, 2017 at 02:36:20PM -0400, J Doe wrote: > > > > >> On 27 Jun 2017 10:45 am, "Stuart Henderson" > wrote: > > >> > > >>> On 2017-06-26, Josh Stephens wrote: > > >>> I could be wrong when I say this but the only gotcha that you will > run > > >> into > > >>> with virtual box will be the guest additions. > > >> > > >> Does virtualbox still do that thing where it patches the running > > >> kernel when it detects OpenBSD? > > > > Hi, > > > > > > Just thought I'd chime in that I've had success with OpenBSD 5.x to > > 6.0 running under VMware Fusion (Mac OS X version of VMware). There > > isn't support for guest additions with the most recent version of > > Fusion (8.x), but I haven't had any issues. > > > > I don't know what you mean with "there isn't support for guest > additions". We don't support VMware's 3rd party tools but we use our > own drivers. > > VMware Fusion Pro 8.5.8 with version 12 VMs works fine, vmt(4) > attaches, provides guest services such as shutdown/reboot, timedelta > sensor, and access to VMware's guestinfo key/value via hostctl(8) (eg. > hostctl guestinfo.ip). X11-related features are provide by vmwh in > ports, but I've never tested it. We also have vmx(4) for vmxnet3 > networking but you manually have to edit the .vmx file and change > ethernetX.virtualDev = "vmxnet3" (VMware has ignored all of our > requests to add a device profile for OpenBSD). > > The only issue that I just saw with -current is that ahci(4) > initialization hangs on boot - I had to disable ahci and use SCSI or > IDE. I haven't noticed this on ESXi. > > I mostly used Fusion for testing and development for ESXi/vSphere but > I switched to OpenBSD VMM for most of the testing. > > > I saw in the thread that someone was mentioning full screen support. > > There's no problem with that under Fusion, but you are limited to > > legacy style video output (ie: not a high res display). The easiest > > way around that is I run OpenBSD minimized and SSH in from Terminal on > > Mac OS X, then use the full-screen mode on OS X Terminal. > > > > If you're interested in OpenBSD in virtual machines in the cloud, I > > have nothing but praise for the people at RootBSD [1], which have > > supported OpenBSD for a while. IIRC they run OpenBSD on top of Xen, > > so the previous comments about security not being the same as running > > it natively do apply, but it's definitely an option. > > > > I believe Undeadly recently posted about partial support for Hyper-V > > has been committed, which also opens up the future possibly of running > > OpenBSD on Azure. Seems like the only holdout is AWS, but there is > > now official support for FreeBSD on it, so here's hoping its' more > > secure cousin will make it's way to Amazon. > > You cannot really compare FreeBSD in Azure or AWS to OpenBSD. We have > totally different drivers for Hyper-V and Xen. But Hyper-V is "fully" > supported on OpenBSD, the latest hvs(4) driver adds support for > StorVSC paravirtual SCSI. mikeb@ has done some great work to > implement all the missing drivers and I helped where I could and > focussed on the part to get it from Hyper-V/Xen to the "cloud". > > The situation in Azure is about the same as in AWS: we don't provide > OpenBSD images in the marketplaces or community images yet, but there > are scripts and howtos to create your OpenBSD VMs in Azure. This > might change as soon as we feel confident enough with the VM "layout" > and the (mandatory) agent. But, for now, use the tools from > unofficial external github projects: > > For AWS: > https://github.com/ajacoutot/aws-openbsd > > For Azure (also works in AWS and under VMM): > https://github.com/reyk/cloud-openbsd (create images with cloud-agent) > https://github.com/reyk/cloud-agent (an alternative to waagent in > ports) > https://github.com/reyk/meta-data (test + boot cloud images under > VMM) > > We also have VirtIO drivers for OpenBSD VMM and KVM, as used by most > other clouds, and I'm planning to add support for OpenStack (JSON) and > OpenNebula (contexts) to my cloud-agent. > > But please note that we're currently trying to find ways to create VM > images that still provide the benefits of OpenBSD-style things like > KARL. The problem with pre-provisioned VM images is that they all > have the "same random values" in the filesystem, kernel, and libraries > where the installer usually makes each installation unique. A > pre-provisioned image is always the same, at least on first boot, > unless we create something that prepares or installs everything before > getting a new VM instance online. The first real* OpenBSD image on > Azure will probably be fully pre-provisioned, but maybe we switch to a > totally different model later.
httpd and URL rewriting
I am investigating the feasibility of migrating aRESTful webapp currently hosted on nginx and6.1-currentto use httpd. Naturally, such an application requires a URL-rewriting facility. Perusing the httpd.conf(5) and httpd(8) man pages, this list's archive, and Google, I see nothing that indicates this is possible. Of course, I know you can redirect from within httpd, but that's obviously not thesort of behavior an app like this requires. I am encouraged by reyk@'s post to tech on 20 June 2015 wherein he says "Here is a diff that adds pattern matching to httpd, allowing rewrites with redirects." But that last bit is kind of ambiguous about whether rewrites independent of redirects can be achieved. Might anyone knowwhether this can be accomplished and how? Many thanks.
Re: Dell R210 II crashing on boot
Hi, up to a couple of years ago I managed such a machine, without idrac. As far as I remember, the first BIOSes/nic firmares had serious issues with bnx. My advice is to first update the machine to latest blobs before further testing. Just download dell iso and run it. Il 06 lug 2017 4:56 PM, "Pierre Emeriaud" ha scritto: 2017-07-06 15:07 GMT+02:00 Dimitris Papastamos : > > I think one of the NICs is shared and when OpenBSD boots up and > enumerates them, it also resets the NIC which upsets idrac. You > can probably figure out which NIC is shared and hack the kernel > to skip enumerating it. > > Someone had the same problem some time ago and there was a hacky > patch for it but I can't find the email in the archive now. Thanks, very interesting, and could be confirmed at least by disabling em. I dug a bit in the archives and found this thread, however about bnx, but I guess the issue remains valid: https://marc.info/?t=14514567054&r=1&w=2 Other than asking for a dedicated BMC port or another nic, is there something I could do?
Re: Dell R210 II crashing on boot
2017-07-06 15:07 GMT+02:00 Dimitris Papastamos : > > I think one of the NICs is shared and when OpenBSD boots up and > enumerates them, it also resets the NIC which upsets idrac. You > can probably figure out which NIC is shared and hack the kernel > to skip enumerating it. > > Someone had the same problem some time ago and there was a hacky > patch for it but I can't find the email in the archive now. Thanks, very interesting, and could be confirmed at least by disabling em. I dug a bit in the archives and found this thread, however about bnx, but I guess the issue remains valid: https://marc.info/?t=14514567054&r=1&w=2 Other than asking for a dedicated BMC port or another nic, is there something I could do?
Re: Dell R210 II crashing on boot
On Wed, Jul 05, 2017 at 10:04:54PM +0200, Pierre Emeriaud wrote: > Hello misc@, > > > I'm trying to use a Dell R210 II server, remotely hosted at online.net > (LT 1701.3 model). Installation was done from a qemu on a live > "rescue" linux with both 6.1 and current as of 20170705. > > When it boots, it crashes at some point, and when it does the idrac > (on a port shared with em0) web goes unresponsive. The IP java kvm > stops with what looks like a connection closed. > > >From what I got in the support ticket the ipmi hangs/crashes, so no > more remote reboot nor idrac access. A physical reboot is needed to > get the box in working order again (on linux only so far). > > Here are the last messages logged on the ip kvm before the java client closes: > http://pix.toile-libre.org/upload/original/1499280007.jpg (6.1) > http://pix.toile-libre.org/upload/original/1499280059.jpg (current) > > Regarding the R210, here are the versions: > bios revision 2.4.3 > Firmware Version 1.95 (Build 05) > Lifecycle Controller Firmware 1.5.5.27 > > >From the list archives I saw that some of you are running similar > hardware, in previous releases though. What are your bios/firmware > version? > > Also, what can I do to troubleshoot this further? I think one of the NICs is shared and when OpenBSD boots up and enumerates them, it also resets the NIC which upsets idrac. You can probably figure out which NIC is shared and hack the kernel to skip enumerating it. Someone had the same problem some time ago and there was a hacky patch for it but I can't find the email in the archive now.
Re: Dell R210 II crashing on boot
Hi Pierre,
On Wed, Jul 05, 2017 at 10:04:54PM +0200, Pierre Emeriaud wrote:
| Regarding the R210, here are the versions:
| bios revision 2.4.3
| Firmware Version 1.95 (Build 05)
| Lifecycle Controller Firmware 1.5.5.27
I've been running an R210 II for several years (and several versions
of OpenBSD; generally snapshots) now. Never had an issue like what
you describe. I'm currently on bios version 1.2.3 (see dmesg below),
I don't have dedicated iDrac hardware (just the BMC/IPMI thing, that I
have not enabled).
Cheers,
Paul 'WEiRD' de Weerd
[weerd@despair] $ sysctl hw.{model,machine,physmem,ncpu,vendor,product}
hw.model=Intel(R) Xeon(R) CPU E31260L @ 2.40GHz
hw.machine=amd64
hw.physmem=34332733440
hw.ncpu=8
hw.vendor=Dell Inc.
hw.product=PowerEdge R210 II
[weerd@despair] $ dmesg
OpenBSD 6.1-current (GENERIC.MP) #82: Wed May 24 06:29:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34332733440 (32742MB)
avail mem = 33286426624 (31744MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe66d0 (57 entries)
bios0: vendor Dell Inc. version "1.2.3" date 07/21/2011
bios0: Dell Inc. PowerEdge R210 II
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPMI ASF! HPET APIC MCFG BOOT SSDT ASPT SSDT SSDT SPCR
DMAR HEST ERST BERT EINJ
acpi0: wakeup devices P0P1(S4) GLAN(S0) EHC1(S4) EHC2(S4) PXSX(S4) RP01(S5)
PXSX(S4) RP02(S5) PXSX(S4) RP03(S5) PXSX(S4) RP04(S5) PXSX(S4) RP05(S5)
PXSX(S4) RP06(S5) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.33 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2400328320 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.02 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.02 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.02 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
cpu4 at mainbus0: apid 4 (application processor)
cpu4: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.02 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 2, package 0
cpu5 at mainbus0: apid 5 (application processor)
cpu5: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.02 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 2, package 0
cpu6 at mainbus0: apid 6 (application processor)
cpu6: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2400.02 MHz
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADL
Re: Dell R210 II crashing on boot
2017-07-06 0:06 GMT+02:00 Mihai Popescu : > http://marc.info/?t=14986422261&r=1&w=2 Thanks Mihai, I've read that thread already. I don't care about ipmi readings from the OS. I just want my server to boot correctly. The thing that rings a bell however is the "hardware ipmi watchdog", which could maybe cause what I'm seeing. I've asked my hoster if they could reboot the server and check if the watchdog is enabled or not. One person suggested that I could disable em in ukc to check if ipmi conflicts with it (as on a shared port), I'll try this and see if the ip kvm crashes. Other suggestions welcomed :)
Re: [OpenBSD 6.1] acme-client + nginx
Le 07/06/17 à 12:03, Stuart Henderson a écrit :
(...)
>
> /usr/local/www seems unlikely on OpenBSD.
>
> I just have
>
> location /.well-known/acme-challenge { root /var/www/letsencrypt/; }
>
> and
>
> challengedir "/var/www/letsencrypt/.well-known/acme-challenge"
>
> but there are several ways you can configure this. (e.g. you might want
> to use a different directory layout if you have anything else that uses
> the RFC5785 .well-known URIs). It doesn't matter what you use as long as
> letsencrypt can fetch the file that acme-client wrote.
>
>
OK, it's run correctly as you wrote.
I changed nginx:
location ^~ /.well-known/acme-challenge {
allow all;
#default_type "text/plain";
root /var/www/acme/test.obsd4a.net/;
}
I changed acme-client.conf:
challengedir "/var/www/acme/test.obsd4a.net/.well-known/acme-challenge"
And, the result is:
$ doas acme-client -vAD test.obsd4a.net
acme-client: /etc/ssl/acme/private/test.obsd4a.net-privkey.pem: domain
key exists (not creating)
acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not
creating)
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 184.87.72.109
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: test.obsd4a.net
acme-client:
/var/www/acme/test.obsd4a.net/.well-known/acme-challenge/cugIljWXyalHSHnsOa51W4BoBEW5n0_JctHP8Y59l8U:
created
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/_8nN0V__nplwfEcqpwa698yd4bKBywHRWrOj8Hl33I8/1489582140:
challenge
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/_8nN0V__nplwfEcqpwa698yd4bKBywHRWrOj8Hl33I8/1489582140:
status
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: certificate
acme-client: http://cert.int-x3.letsencrypt.org/: full chain
acme-client: cert.int-x3.letsencrypt.org: DNS: 88.221.234.34
acme-client: /etc/ssl/acme//test.obsd4a.net-chain.pem: created
acme-client: /etc/ssl/acme/test.obsd4a.net-cert.pem: created
acme-client: /etc/ssl/acme//test.obsd4a.net-fullchain.pem: created
Thank you! :D
--
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<
Stephane HUC as PengouinBSD or CIOTBSD
b...@stephane-huc.net
signature.asc
Description: OpenPGP digital signature
Re: [OpenBSD 6.1] acme-client + nginx
On 2017-07-06, Stephane HUC "PengouinBSD" wrote:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
> --rkBdQXDqolEAWWU60OD3iD4CWuma05dgb
> From: "Stephane HUC \"PengouinBSD\""
> Reply-To: b...@stephane-huc.net
> To: misc@openbsd.org
> Message-ID: <629618fb-cc48-f929-d285-46f9d08e8...@stephane-huc.net>
> Subject: [OpenBSD 6.1] acme-client + nginx
> Content-Language: fr-xx-classique+reforme1990
> Content-Type: text/plain; charset=utf-8
> Content-Transfer-Encoding: quoted-printable
>
> Hi, I attempt to use acme-client on server OpenBSD 6.1, with nginx runing.
>
> But it fail with a bad response.
...
> acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid",
> "error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid
> response from
> http://test.obsd4a.net/.well-known/acme-challenge/L-pjGy6umVejj6q78_P_gW7rb=
> hyJrV0AuLhjfsqI3aU:
> \"\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not
> Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody
...
LE fetches from http://test.obsd4a.net/.well-known/acme-challenge/(filename)
but gets 404 Not Found.
> I try with this nginx config:
>
> location ^~ /.well-known/acme-challenge {
> #alias /var/www/acme;
> #try_files $uri =3D404;
> allow all;
> default_type "text/plain";
> proxy_redirect off;
> root /var/www/acme;
> }
With "root" it will look in /var/www/acme/.well-known/acme-challenge.
Either adjust acme-client config to place the files there, or adjust nginx
config to serve files from the actual location.
Test by writing a file to the directory acme-client uses and make sure you
can fetch it yourself. Only reattempt acme-client when this works, they have a
rate-limit for bad auths and will blacklist you for a while if you exceed it.
> or this:
>
> location ^~ /.well-known/acme-challenge {
>alias /usr/local/www/acme;
> try_files $uri =3D404;
> }
/usr/local/www seems unlikely on OpenBSD.
I just have
location /.well-known/acme-challenge { root /var/www/letsencrypt/; }
and
challengedir "/var/www/letsencrypt/.well-known/acme-challenge"
but there are several ways you can configure this. (e.g. you might want
to use a different directory layout if you have anything else that uses
the RFC5785 .well-known URIs). It doesn't matter what you use as long as
letsencrypt can fetch the file that acme-client wrote.
Re: vesa vs. wsfb?
On Wed, Jul 05, 2017 at 05:20:14PM -, Christian Weisgerber wrote: Hello Christian, > Between the vesa(4) and wsfb(4) X11 video driver, are there any advantages > one has over the other? > > I have a brand new laptop (Kaby Lake) whose integrated graphics chipset > isn't yet supported by inteldrm(4)/intel(4). On a Skylake machine from last year, I found a couple of odd things happening with vesa. The one I remember is that if my phone was charging from the machine at boot, the BIOS reported incorrect vesa details that meant I couldn't run X (I have no idea why; presumably the BIOS developers no longer test non-UEFI code paths properly). vesa was also, ISTR, too slow to play video sensibly, although I might be wrong about that. wsfb worked flawlessly as soon as I switched. I'm not pretending that my experience is anything other than a single anecdote though. Laurie -- Personal http://tratt.net/laurie/ Software Development Teamhttp://soft-dev.org/ https://github.com/ltratt http://twitter.com/laurencetratt
[OpenBSD 6.1] acme-client + nginx
Hi, I attempt to use acme-client on server OpenBSD 6.1, with nginx runing.
But it fail with a bad response.
doas acme-client -vAD test.obsd4a.net
acme-client: /etc/ssl/acme/private/test.obsd4a.net-privkey.pem: domain
key exists (not creating)
acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not
creating)
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 23.206.21.80
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: test.obsd4a.net
acme-client:
/var/www/htdocs/test.obsd4a.net/www/L-pjGy6umVejj6q78_P_gW7rbhyJrV0AuLhjfsqI3aU:
created
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/hf0gCJFBvVlSBRp877_PVmTYLGNYmZDXC9eH2E_I0GE/1485696367:
challenge
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/hf0gCJFBvVlSBRp877_PVmTYLGNYmZDXC9eH2E_I0GE/1485696367:
status
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/hf0gCJFBvVlSBRp877_PVmTYLGNYmZDXC9eH2E_I0GE/1485696367:
bad response
acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid",
"error": { "type": "urn:acme:error:unauthorized", "detail": "Invalid
response from
http://test.obsd4a.net/.well-known/acme-challenge/L-pjGy6umVejj6q78_P_gW7rbhyJrV0AuLhjfsqI3aU:
\"\u003chtml\u003e\r\n\u003chead\u003e\u003ctitle\u003e404 Not
Found\u003c/title\u003e\u003c/head\u003e\r\n\u003cbody
bgcolor=\"white\"\u003e\r\n\u003ccenter\u003e\u003ch1\u003e404 Not
Found\u003c/h1\u003e\u003c/center\u003e\r\n\u003chr\u003e\u003ccenter\u003e\"",
"status": 403 }, "uri":
"https://acme-v01.api.letsencrypt.org/acme/challenge/hf0gCJFBvVlSBRp877_PVmTYLGNYmZDXC9eH2E_I0GE/1485696367";,
"token": "L-pjGy6umVejj6q78_P_gW7rbhyJrV0AuLhjfsqI3aU",
"keyAuthorization":
"L-pjGy6umVejj6q78_P_gW7rbhyJrV0AuLhjfsqI3aU.btIkQ8owertOE1LvXr1mezl9i5h6KptZrzIehfgwdcg",
"validationRecord": [ { "url":
"http://test.obsd4a.net/.well-known/acme-challenge/L-pjGy6umVejj6q78_P_gW7rbhyJrV0AuLhjfsqI3aU";,
"hostname": "test.obsd4a.net", "port": "80", "addressesResolved": [
"213.246.39.160" ], "addressUsed": "213.246.39.160", "addressesTried":
[] } ] }] (1149 bytes)
acme-client: bad exit: netproc(32816): 1
I try with this nginx config:
location ^~ /.well-known/acme-challenge {
#alias /var/www/acme;
#try_files $uri =404;
allow all;
default_type "text/plain";
proxy_redirect off;
root /var/www/acme;
}
or this:
location ^~ /.well-known/acme-challenge {
alias /usr/local/www/acme;
try_files $uri =404;
}
But, same result, bad status.
FIY, i can obtain certs - in mode test - with cerbot ;)
(and first setting location).
--
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<
Stephane HUC as PengouinBSD or CIOTBSD
b...@stephane-huc.net
signature.asc
Description: OpenPGP digital signature
