Re: Bootable installation partition on a hard drive?
‐‐‐ Original Message ‐‐‐ On Monday, September 7, 2020 4:48 AM, Stuart Henderson wrote: > On 2020-09-07, tom ryan tomry...@gmail.com wrote: > > > On 7/9/20 5:07 pm, Walt wrote: > > > > > I have a new server on order that should arrive in a few days. > > > It's intended purpose is to replace my current firewall. It has no CD > > > and so I'll make and use a bootable flash drive as described in the > > > Installation Guide section of the FAQ. > > > The server will have a second ssd drive and so I got to wondering > > > if it might be useful to create a bootable partition on the drive and > > > install the installation on it. > > > I'm probably not going to do this but I am curious about whether it > > > would work very well. I'll probably install a second copy of the OS on > > > the second drive and mirror all configuration files to it so that if > > > anything happens to the main drive, I can turn around and boot from the > > > second and be up and running almost immediately. > > It's possible, but it's a challenge to keep them in sync. > > > Maybe you want to just run them in a softraid mirror... > > https://www.openbsd.org/faq/faq14.html#softraidDI > > This helps with some types of problem (drive failure), but doesn't help > with fat-fingered commands or bad upgrades that periodic or manual syncs > would protect against. > > My suggestions would be to keep the config files in a management system > of some sort. Whether that's a full-blown config management system like > ansible/salt, one of the simpler tools like rset, judo, rdist, or even > just commiting config files directly to a version control repository, > they will all help get a system back up and running much more quickly. > Keeping config changes to the minimum necessary helps too of course. My primary reason for the second hard drive is to use faubackup to make copies of /etc and /home to the second hard drive. I will have a 1 TB drive on the new machine and so I will have plenty of room for an extra bootable copy of the OS on it. Also, I keep copies of all the configuration files in a user directory and make my changes there instead of /etc and /etc/sshd and then use a makefile to copy the individual configuration files as necessary to /etc and elsewhere. This makes it particularly easy to replace one computer with another with a fresh copy of OpenBSD. Walt
Re: CWM Menu Border
Simon Parrer [2020-09-06 21:41:48 +0200]: >The application menu and the application i want will be highlight. The >border around this highlight is to big on the bottom of the highlight. Hi Simon, I am not sure what you mean exactly, but you can set the border width in your cwmrc—you can find out how if you search for ‘border’ in `man cwmrc` :-) As far as I know, the setting applies to both windows and menus. Best Regards Bertalan -- Bertalan Z. Péter PGP: FB9B 34FE 3500 3977 92AE 4809 935C 3BEB 44C1 0F89 signature.asc Description: PGP signature
Re: CWM Menu Border
On Mon, Sep 07, 2020 at 10:38:37AM +0200, Bertalan Zoltán Péter wrote: > Simon Parrer [2020-09-06 21:41:48 +0200]: > >The application menu and the application i want will be highlight. The > >border around this highlight is to big on the bottom of the highlight. > > Hi Simon, > > I am not sure what you mean exactly, but you can set the border width in > your cwmrc—you can find out how if you search for ‘border’ > in `man cwmrc` :-) > > As far as I know, the setting applies to both windows and menus. > > Best Regards > Bertalan > > > -- > Bertalan Z. Péter > PGP: FB9B 34FE 3500 3977 92AE 4809 935C 3BEB 44C1 0F89 No Problem, is only a cosmetic think. Luxus Problem, it work fine. I can share a screenshot. https://imgur.com/a/MsGjjhr you can see the blackbox and it will match the Z from Zathura.
Re: CWM Menu Border
Not all cwm options are configurable from a file. One needs to change the source code for some settings. What can be configured is shown by typing: $ man cwmrc
Secure storage of config files (was Re: Bootable installation partition on a hard drive?)
On Sep 7, 2020, at 5:48 AM, Stuart Henderson wrote: > > My suggestions would be to keep the config files in a management system > of some sort. Whether that's a full-blown config management system like > ansible/salt, one of the simpler tools like rset, judo, rdist, or even > just commiting config files directly to a version control repository, Folks, Do people have opinions on the best way to securely store sensitive config files in a management system or repo? For instance, the various private keys that live in the various nooks and crannies of /etc. And if they’re stored in encrypted form, what’s the best way to have them decrypted for zero-touch or minimal-touch config restores? —Paul smime.p7s Description: S/MIME cryptographic signature
Re: strange SMTP interaction with mail.openbsd.org ?
On 07-09-2020 09:48, Leen Besselink wrote: On 07-09-2020 09:41, Leen Besselink wrote: On 07-09-2020 06:53, Claus Assmann wrote: On Sun, Sep 06, 2020, Leen Besselink wrote: So I was checking the logs and I saw mail.openbsd.org connected and disconnected but strange enough did not deliver any mail: I noticed something similar and asked on misc at opensmtpd.org Date: Sat, 16 May 2020 12:20:35 +0200 Subject: design or error: no transaction started by opensmtpd Message-ID: <20200516102035.ga45...@kiel.esmtp.org> but nobody replied. Thanks for your reply ! Good to know I'm not the only one. :-) Based on the Postfix logs, it looks to me like it does only does: EHLO, STARTTLS, EHLO and QUIT. I've enabled debug in Postfix for the IP of mail.openbsd.org but very likely just show what I just mentioned. So most likely their is something in the EHLO which scares off the mail.openbsd.org Only difference I see between the 2 mailservers I'm using for this domain for the EHLO is the one that doesn't receive the mail announced it supports CHUNKING Which I've now turned off to be announced in the EHLO Let's see what happens... OK, with CHUNKING not mentioned in the EHLO mail did arrive, so I turned it back on. So I just got confirmation, when CHUNKING is in the EHLO then it will do STARTTLS, but after a second EHLO it will notice the CHUNKING and just QUIT. My guess is this is a bug/misconfiguration. I'll try to contact postmas...@openbsd.org and see what happens.
Bootable installation partition on a hard drive?
I have a new server on order that should arrive in a few days. It's intended purpose is to replace my current firewall. It has no CD and so I'll make and use a bootable flash drive as described in the Installation Guide section of the FAQ. The server will have a second ssd drive and so I got to wondering if it might be useful to create a bootable partition on the drive and install the installation on it. I'm probably not going to do this but I am curious about whether it would work very well. I'll probably install a second copy of the OS on the second drive and mirror all configuration files to it so that if anything happens to the main drive, I can turn around and boot from the second and be up and running almost immediately. Thanks, Walt Sent with [ProtonMail](https://protonmail.com) Secure Email.
Re: Bootable installation partition on a hard drive?
On 2020-09-07, tom ryan wrote: > > On 7/9/20 5:07 pm, Walt wrote: >> I have a new server on order that should arrive in a few days. >> It's intended purpose is to replace my current firewall. It has no CD >> and so I'll make and use a bootable flash drive as described in the >> Installation Guide section of the FAQ. >> >> The server will have a second ssd drive and so I got to wondering >> if it might be useful to create a bootable partition on the drive and >> install the installation on it. >> >> I'm probably not going to do this but I am curious about whether it >> would work very well. I'll probably install a second copy of the OS on >> the second drive and mirror all configuration files to it so that if >> anything happens to the main drive, I can turn around and boot from the >> second and be up and running almost immediately. It's possible, but it's a challenge to keep them in sync. > Maybe you want to just run them in a softraid mirror... > > https://www.openbsd.org/faq/faq14.html#softraidDI This helps with some types of problem (drive failure), but doesn't help with fat-fingered commands or bad upgrades that periodic or manual syncs would protect against. My suggestions would be to keep the config files in a management system of some sort. Whether that's a full-blown config management system like ansible/salt, one of the simpler tools like rset, judo, rdist, or even just commiting config files directly to a version control repository, they will all help get a system back up and running much more quickly. Keeping config changes to the minimum necessary helps too of course.
Re: strange SMTP interaction with mail.openbsd.org ?
On 07-09-2020 09:41, Leen Besselink wrote: On 07-09-2020 06:53, Claus Assmann wrote: On Sun, Sep 06, 2020, Leen Besselink wrote: So I was checking the logs and I saw mail.openbsd.org connected and disconnected but strange enough did not deliver any mail: I noticed something similar and asked on misc at opensmtpd.org Date: Sat, 16 May 2020 12:20:35 +0200 Subject: design or error: no transaction started by opensmtpd Message-ID: <20200516102035.ga45...@kiel.esmtp.org> but nobody replied. Thanks for your reply ! Good to know I'm not the only one. :-) Based on the Postfix logs, it looks to me like it does only does: EHLO, STARTTLS, EHLO and QUIT. I've enabled debug in Postfix for the IP of mail.openbsd.org but very likely just show what I just mentioned. So most likely their is something in the EHLO which scares off the mail.openbsd.org Only difference I see between the 2 mailservers I'm using for this domain for the EHLO is the one that doesn't receive the mail announced it supports CHUNKING Which I've now turned off to be announced in the EHLO Let's see what happens... OK, with CHUNKING not mentioned in the EHLO mail did arrive, so I turned it back on.
Re: strange SMTP interaction with mail.openbsd.org ?
On 07-09-2020 06:53, Claus Assmann wrote: On Sun, Sep 06, 2020, Leen Besselink wrote: So I was checking the logs and I saw mail.openbsd.org connected and disconnected but strange enough did not deliver any mail: I noticed something similar and asked on misc at opensmtpd.org Date: Sat, 16 May 2020 12:20:35 +0200 Subject: design or error: no transaction started by opensmtpd Message-ID: <20200516102035.ga45...@kiel.esmtp.org> but nobody replied. Thanks for your reply ! Good to know I'm not the only one. :-) Based on the Postfix logs, it looks to me like it does only does: EHLO, STARTTLS, EHLO and QUIT. I've enabled debug in Postfix for the IP of mail.openbsd.org but very likely just show what I just mentioned. So most likely their is something in the EHLO which scares off the mail.openbsd.org Only difference I see between the 2 mailservers I'm using for this domain for the EHLO is the one that doesn't receive the mail announced it supports CHUNKING Which I've now turned off to be announced in the EHLO Let's see what happens...
Re: Bootable installation partition on a hard drive?
On 7/9/20 5:07 pm, Walt wrote: > I have a new server on order that should arrive in a few days. It's intended > purpose is to replace my current firewall. It has no CD and so I'll make and > use a bootable flash drive as described in the Installation Guide section of > the FAQ. > > The server will have a second ssd drive and so I got to wondering if it might > be useful to create a bootable partition on the drive and install the > installation on it. > > I'm probably not going to do this but I am curious about whether it would > work very well. I'll probably install a second copy of the OS on the second > drive and mirror all configuration files to it so that if anything happens to > the main drive, I can turn around and boot from the second and be up and > running almost immediately. Maybe you want to just run them in a softraid mirror... https://www.openbsd.org/faq/faq14.html#softraidDI > > Thanks, > > Walt > > Sent with [ProtonMail](https://protonmail.com) Secure Email. >