Re: Default partitions allocate only 1GB to /
On Sat, Feb 27, 2021 at 03:27:41PM -0600, Edgar Pettijohn wrote: Its more likely that you accidentaly used dd to write to a usb stick and instead wrote to a file in /dev. Thats the only way I've ever had this problem. You're right -- I had written a file to /dev. After deleting it, the problem still comes up, unfortunately.
Re: Default partitions allocate only 1GB to /
On Sat, Feb 27, 2021 at 08:27:07PM +, James Cook wrote: Something's strange about your setup. The installer normally creates a separate partition for /usr and maybe /usr/local. If you're using pkg_add, then packages go in /usr/local, so they shouldn't end up on your root partition. If your disk is really tiny the installer won't create a separate /usr partition, but in that case it won't make a separate /home either. As far as I know everything was installed using defaults. Doing `pkg_add libreoffice` the installer is definitely looking at both / and /usr/local/ ... and it gives an odd bytecount for /: ``` Error: /dev/sda1 on / is not large enough (/etc/mke2fs.conf) /dev/sda1 on /: 956 bytes (missing 86470 blocks) /dev/sd1h on /usr/local: 4513435 bytes ``` Later it gives different byte counts for both values.
Re: OpenBSD 6.8 - softraid issue: "uvm_fault(0xffffffff821f5490, 0x40, 0, 1) -> e"
Hi again,
I have repeated softraid tests using six pcs of 1TB Samsung HDD 3G SATA
drives as RAID5 and I do not face the crash issue of the OS when using
SSDs in the RAID5.
Details of the RAID5 setting are in the attached file.
It looks like using SSD drives as RAID5 leads for some reason to the
OpenBSD 6.8 crash. Samsung 512MB PRO 860 SSDs have 6G SATA interface
(what is different compared to tested HDDs)
NB: Using those SSDs as RAID6 on debian Linux (buster - mdadm /
cryptoLUKS) does not face any issues
There are also no issues using those SSDs as RAID on FreeBSD
(TrueNAS).
Kind regards
Mark
On 27.02.21 04:30, Mark Schneider wrote:
Hi,
I face system crash on OpenBSD 6.8 when trying to use softraid RAID5
drive trying to write big files (like 10GBytes) to it.
I can reproduce the error (tested on two different systems with
OpenBSD 6.8 installed on an SSD drive or an USB stick). The RAID5
drive itself consist of six Samsung PRO 860 512GB SSDs.
In short:
bioctl -c 5 -l sd0a,sd1a,sd2a,sd3a,sd4a,sd5a softraid0
obsdssdarc# disklabel sd7
# /dev/rsd7c:
type: SCSI
disk: SCSI disk
label: SR RAID 5
duid: a50fb9a25bf07243
flags:
bytes/sector: 512
sectors/track: 255
tracks/cylinder: 511
sectors/cylinder: 130305
cylinders: 38379
total sectors: 5001073280
boundstart: 0
boundend: 5001073280
drivedata: 0
16 partitions:
# size offset fstype [fsize bsize cpg]
a: 5001073280 0 4.2BSD 8192 65536 52270
c: 5001073280 0 unused
#
obsdssdarc# time dd if=/dev/urandom of=/arc-ssd/1GB-urandom.bin bs=1M
count=1024
1024+0 records in
1024+0 records out
1073741824 bytes transferred in 8.120 secs (132218264 bytes/sec)
0m08.13s real 0m00.00s user 0m08.14s system
# Working as expected
^^
obsdssdarc# time dd if=/dev/urandom of=/arc-ssd/10GB-urandom.bin
bs=10M count=1024
# Error messages
uvm_fault(0x821f5490, 0x40, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at sr_validate_io+0x44: cmpl $0,0x40(%r9)
ddb{2}>
# Crashing OpenBSD 6.8
^^^
# After reboot:
obsdssdarc# mount /dev/sd7a /arc-ssd/
mount_ffs: /dev/sd7a on /arc-ssd: Device not configure
obsdssdarc# grep sd7 /var/run/dmesg.boot
softraid0: trying to bring up sd7 degraded
softraid0: sd7 was not shutdown properly
softraid0: sd7 is offline, will not be brought online
More details in attached files. Thanks a lot in advance for short
feedback.
Kind regards
Mark
obsdarc# history -0
1 sysctl hw.disknames
3 dd if=/dev/zero of=/dev/rsd1c bs=1m count=1024
4 dd if=/dev/zero of=/dev/rsd2c bs=1m count=1024
5 dd if=/dev/zero of=/dev/rsd3c bs=1m count=1024
6 dd if=/dev/zero of=/dev/rsd4c bs=1m count=1024
7 dd if=/dev/zero of=/dev/rsd5c bs=1m count=1024
8 dd if=/dev/zero of=/dev/rsd6c bs=1m count=1024
9 fdisk -iy sd1
10 fdisk -iy sd2
11 fdisk -iy sd3
12 fdisk -iy sd4
13 fdisk -iy sd5
14 fdisk -iy sd6
15 disklabel -E sd1
16 disklabel -E sd2
17 disklabel -E sd3
18 disklabel -E sd4
19 disklabel -E sd5
20 disklabel -E sd6
21 bioctl -c 5 -l sd1a,sd2a,sd3a,sd4a,sd5a,sd6a softraid0
22 disklabel -E sd7
23 fdisk sd7
24 disklabel sd7
25 newfs sd7a
26 mkdir /arc-hdd
27 mount /dev/sd7a /arc-hdd/
30 dd if=/dev/urandom of=/arc-hdd/1GB-urandom.bin bs=1M count=1024
31 dd if=/dev/urandom of=/arc-hdd/512MB-urandom.bin bs=1M count=512
32 dd if=/dev/urandom of=/arc-hdd/2GB-urandom.bin bs=2M count=1024
33 dd if=/dev/urandom of=/arc-hdd/10GB-urandom.bin bs=10M count=1024
# ---
obsdarc# dd if=/dev/urandom of=/arc-hdd/10GB-urandom.bin bs=10M count=1024
1024+0 records in
1024+0 records out
10737418240 bytes transferred in 229.232 secs (46840774 bytes/sec)
/dev/sd7a 4.5T 13.5G4.3T 0%/arc-hdd
# ---
obsdarc# disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: SAMSUNG HN-M101M
duid: 5107567be1a8f7aa
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168
boundstart: 64
boundend: 1953520065
drivedata: 0
16 partitions:
#size offset fstype [fsize bsize cpg]
a: 1953520001 64RAID
c: 19535251680 unused
Re: Default partitions allocate only 1GB to /
On Sat, Feb 27, 2021 at 11:21:45PM +, tetrahe...@danwin1210.me wrote: > On Sat, Feb 27, 2021 at 08:27:07PM +, James Cook wrote: > > Something's strange about your setup. The installer normally creates a > > separate partition for /usr and maybe /usr/local. If you're using > > pkg_add, then packages go in /usr/local, so they shouldn't end up on > > your root partition. > > > > If your disk is really tiny the installer won't create a separate /usr > > partition, but in that case it won't make a separate /home either. > > As far as I know everything was installed using defaults. > > Doing `pkg_add libreoffice` the installer is definitely looking at both / > and /usr/local/ ... and it gives an odd bytecount for /: > > ``` > Error: /dev/sda1 on / is not large enough (/etc/mke2fs.conf) > /dev/sda1 on /: 956 bytes (missing 86470 blocks) > /dev/sd1h on /usr/local: 4513435 bytes > ``` > > Later it gives different byte counts for both values. > doas du -xh / should help you locate whats going on. Edgar
Default partitions allocate only 1GB to /
When installing OpenBSD, the default partition layout only allocates 1GB to / ... most of the disk space is allocated to /home. Once you start installing packages, / quickly grows beyond 1GB, and it looks like even some large packages exceed the available space on their own: Error: /dev/sda1 on / is not large enough Is there an easy fix for this that I'm missing somewhere, or is this a poorly chosen default?
Re: Default partitions allocate only 1GB to /
On Sat, Feb 27, 2021 at 11:21:45PM +, tetrahe...@danwin1210.me wrote: > On Sat, Feb 27, 2021 at 08:27:07PM +, James Cook wrote: > > Something's strange about your setup. The installer normally creates a > > separate partition for /usr and maybe /usr/local. If you're using > > pkg_add, then packages go in /usr/local, so they shouldn't end up on > > your root partition. > > > > If your disk is really tiny the installer won't create a separate /usr > > partition, but in that case it won't make a separate /home either. > > As far as I know everything was installed using defaults. > > Doing `pkg_add libreoffice` the installer is definitely looking at both / > and /usr/local/ ... and it gives an odd bytecount for /: > > ``` > Error: /dev/sda1 on / is not large enough (/etc/mke2fs.conf) Sorry, you're right, pkg_add can add files to /. But generally those will be quite small (/etc/make2fs.conf sounds like a configuration file). How big is your root partition, and how much space is used? For example mine is like this after several months of use and many packages installed, indicating the installer's default behaviour has worked well for me: falsifian angel ~ $ df -h / Filesystem SizeUsed Avail Capacity Mounted on /dev/sd2a 989M199M741M21%/ If you have a lot more space used, you could try to figure out what's using it. My go-to command is "du -xah /|sort -h|less" > /dev/sda1 on /: 956 bytes (missing 86470 blocks) > /dev/sd1h on /usr/local: 4513435 bytes > ``` > > Later it gives different byte counts for both values. -- James
Re: Default partitions allocate only 1GB to /
On Sat, Feb 27, 2021 at 03:32:44PM +, tetrahe...@danwin1210.me wrote: > When installing OpenBSD, the default partition layout only allocates 1GB to > / ... most of the disk space is allocated to /home. > > Once you start installing packages, / quickly grows beyond 1GB, and it looks > like even some large packages exceed the available space on their own: > Error: /dev/sda1 on / is not large enough > > Is there an easy fix for this that I'm missing somewhere, or is this a > poorly chosen default? > Its more likely that you accidentaly used dd to write to a usb stick and instead wrote to a file in /dev. Thats the only way I've ever had this problem. Edgar
Re: Default partitions allocate only 1GB to /
On Sat, Feb 27, 2021 at 03:32:44PM +, tetrahe...@danwin1210.me wrote: > When installing OpenBSD, the default partition layout only allocates 1GB to > / ... most of the disk space is allocated to /home. > > Once you start installing packages, / quickly grows beyond 1GB, and it looks > like even some large packages exceed the available space on their own: > Error: /dev/sda1 on / is not large enough > > Is there an easy fix for this that I'm missing somewhere, or is this a > poorly chosen default? Something's strange about your setup. The installer normally creates a separate partition for /usr and maybe /usr/local. If you're using pkg_add, then packages go in /usr/local, so they shouldn't end up on your root partition. If your disk is really tiny the installer won't create a separate /usr partition, but in that case it won't make a separate /home either. -- James
Re: 6.8 Install Issue
I'm confused as to how you're capable of sending emails when you haven't installed your system.
Re: can texlive package be installed ?
Are you using Fastly? Try PlanetUnix, it should work… Jan > On 27. 2. 2021, at 15:18, Shadrock Uhuru wrote: > > system information. > OpenBSD 6.9 GENERIC.MP#343 amd64 > flavor: current > > when i try to install texlive, > all i get is :- > > doas pkg_add -v texlive_texmf-full > Update candidates: quirks-3.588 -> quirks-3.588 > quirks-3.588 signed on 2021-02-26T23:14:00Z > Ustar > [https://ftp.OpenBSD.org/pub/OpenBSD/snapshots/packages/amd64/texlive_texmf-full-2020p1.tgz][share/texmf-dist/bibtex/bib/beebe/printing-history.bib]: > Premature end of archive in header: > pkg_add: Installation of texlive_texmf-full-2020p1 failed, partial > installation recorded as partial-texlive_texmf-full-2020p1.6 > > > any suggestions ? > > shadrock >
Re: can texlive package be installed ?
On 2021-02-27, Shadrock Uhuru wrote: > system information. > OpenBSD 6.9 GENERIC.MP#343 amd64 > flavor: current > > when i try to install texlive, > all i get is :- > > doas pkg_add -v texlive_texmf-full > Update candidates: quirks-3.588 -> quirks-3.588 > quirks-3.588 signed on 2021-02-26T23:14:00Z > Ustar > > [https://ftp.OpenBSD.org/pub/OpenBSD/snapshots/packages/amd64/texlive_texmf-full-2020p1.tgz][share/texmf-dist/bibtex/bib/beebe/printing-history.bib]: > Premature end of archive in header: > pkg_add: Installation of texlive_texmf-full-2020p1 failed, partial > installation recorded as partial-texlive_texmf-full-2020p1.6 > > > any suggestions ? > > shadrock > > Unless you're in Alberta then you're better off using a local mirror.
Re: relayd, ipv6, and tls keypair names
Adding two relay blocks does seem to fix the problem, thank you.
jrmu
On Sat, Feb 27, 2021 at 02:50:11AM -0700, Anthony J. Bentley wrote:
> Hi,
>
> j...@ircnow.org writes:
> > Then it seems relayd also works. So I suspect relayd is ignoring
> > the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
> > en
> > abled,
> > relayd appears to ignore:
> >
> > tls { keypair example.com }
> >
> > Can someone verify if this is correct behavior, if I misconfigured, or
> > if this is a bug?
>
> You're making things a bit harder for yourself with your choice of
> certificate filenames. For starters, on webservers I've never had
> any use for a certificate without full chain. So I just create a
> full chain certificate under the usual certificate filename in my
> acme-client config.
>
> domain example.com {
> domain key "/etc/ssl/private/example.com.key"
> domain full chain certificate "/etc/ssl/example.com.crt"
> sign with letsencrypt
> }
>
> No symlinks necessary.
>
> Then in relayd I create two relays, listening to the same protocol
> block.
>
> table { 127.0.0.1 }
>
> log connection
>
> http protocol myremote {
> tls keypair "example.com"
>
> return error
> pass
> }
>
> relay mysite4 {
> listen on 127.0.0.1 port 443 tls
> protocol myremote
> forward to check tcp port 80
> }
>
> relay mysite6 {
> listen on ::1 port 443 tls
> protocol myremote
> forward to check tcp port 80
> }
>
> The problem really is that you can't listen on IPv4 and IPv6 in the
> same relay block. This might be a bug although I suppose it could be
> intentional (I've never found relayd's configuration very intuitive).
>
> --
> Anthony J. Bentley
signature.asc
Description: PGP signature
Re: audio stops frequently with current
... > azalia1 at pci11 dev 0 function 4 "AMD 17h/3xh HD Audio" rev 0x00: msi > azalia1: codecs: Realtek ALC892 > audio0 at azalia1 There is still an issue with MSI interrupts for HD Audio devices on AMD systems, in the past we've been able to workaround it in the driver. You can certainly try that. But from previous testing by other users this trick no longer works for newer AMD chipsets. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/azalia.c.diff?r1=1.246=1.245 Your device would be "PCI_PRODUCT_AMD_17_3X_HDA". -Bryan.
can texlive package be installed ?
system information. OpenBSD 6.9 GENERIC.MP#343 amd64 flavor: current when i try to install texlive, all i get is :- doas pkg_add -v texlive_texmf-full Update candidates: quirks-3.588 -> quirks-3.588 quirks-3.588 signed on 2021-02-26T23:14:00Z Ustar [https://ftp.OpenBSD.org/pub/OpenBSD/snapshots/packages/amd64/texlive_texmf-full-2020p1.tgz][share/texmf-dist/bibtex/bib/beebe/printing-history.bib]: Premature end of archive in header: pkg_add: Installation of texlive_texmf-full-2020p1 failed, partial installation recorded as partial-texlive_texmf-full-2020p1.6 any suggestions ? shadrock
Re: audio stops frequently with current
Gregory Edigarov wrote: > Hello, > > symptoms like this: > chromium plays video with audio (youtube) > mostly after pause, it loses audio. > while this happen it could show spinner, > but sometimes it can play video no problem, but no audio. It shouldn't be related to -current. Can you check out this email: https://marc.info/?l=openbsd-bugs=161400514831108=2 Sincerely, srfsh
Re: [OpenBSD -current] Change event timer in main loop with kqueue
Moving to tech@.
On Fri, Feb 26, 2021 at 09:42:07PM +0100, martin mag wrote:
> I've been trying to use kqueue for the last couple of day but I keep
> having an issue with EVFILT_TIMER filter. (I'm running Openbsd
> -current)
>
> Right now, I'm trying to do the following:
> 1) Initilialize a timer event @ 200ms, periodically.
> 2) Inside the main event loop => If this event is retrieved, print
> elapsed time since last one
> 3) After 2 iterations, MODIFY the timer event to 1000ms and continue the loop
> 4) Code stops after 4 iterations as pb arise after the first timer
> change @ iteration 2.
>
> Reading the manpages kqueue(2), one sees that:
> ** ) An event is uniquely defined by the pair (ident, filter) ==>
> in the example below (TIMER1, EVFILT_TIMER)
> **) "" Re-adding an existing event will modify the parameters of
> the original event, and not result in a duplicate entry. "" => So
> re-adding the event (TIMER1, EVFILT_TIMER) with a modified field
> 'data' should update the timer from 200ms to 1000ms.
>
> => Apparently, timer is updated, but not in the way I expected.
The kernel does not reschedule the timer when the user changes the
timeout period. The new period will take effect only after the current
period has expired. This is not explained in the manual page, though.
With the recent kqueue changes, it is straightforward to make the kernel
modify an existing timer. I think the clearest behaviour is to reset the
timer completely when it is modified. If there are pending events, they
should be cancelled because they do not necessarily correspond to the
new settings.
When f_modify and f_process are present in kqread_filtops, filt_timer
is not used. filt_timerexpire() activates timer knotes directly using
knote_activate() instead of KNOTE().
However, the current behaviour has been around so long that one can
argue that it is an actual feature. BSDs are not consistent with this,
though. FreeBSD resets the timer immediately, whereas NetBSD and
DragonFly BSD apply the new period after expiry.
I guess the resetting is harmless in most cases but might wreak havoc
at least with software that keeps poking its timers before expiry.
Index: lib/libc/sys/kqueue.2
===
RCS file: src/lib/libc/sys/kqueue.2,v
retrieving revision 1.43
diff -u -p -r1.43 kqueue.2
--- lib/libc/sys/kqueue.2 14 Nov 2020 10:16:15 - 1.43
+++ lib/libc/sys/kqueue.2 27 Feb 2021 12:54:27 -
@@ -468,6 +468,11 @@ contains the number of times the timeout
This filter automatically sets the
.Dv EV_CLEAR
flag internally.
+.Pp
+If an existing timer is re-added, the existing timer and related pending events
+will be cancelled.
+The timer will be re-started using the timeout period
+.Fa data .
.It Dv EVFILT_DEVICE
Takes a descriptor as the identifier and the events to watch for in
.Fa fflags ,
Index: sys/kern/kern_event.c
===
RCS file: src/sys/kern/kern_event.c,v
retrieving revision 1.161
diff -u -p -r1.161 kern_event.c
--- sys/kern/kern_event.c 24 Feb 2021 14:59:52 - 1.161
+++ sys/kern/kern_event.c 27 Feb 2021 12:54:27 -
@@ -135,7 +135,8 @@ int filt_fileattach(struct knote *kn);
void filt_timerexpire(void *knx);
intfilt_timerattach(struct knote *kn);
void filt_timerdetach(struct knote *kn);
-intfilt_timer(struct knote *kn, long hint);
+intfilt_timermodify(struct kevent *kev, struct knote *kn);
+intfilt_timerprocess(struct knote *kn, struct kevent *kev);
void filt_seltruedetach(struct knote *kn);
const struct filterops kqread_filtops = {
@@ -163,7 +164,9 @@ const struct filterops timer_filtops = {
.f_flags= 0,
.f_attach = filt_timerattach,
.f_detach = filt_timerdetach,
- .f_event= filt_timer,
+ .f_event= NULL,
+ .f_modify = filt_timermodify,
+ .f_process = filt_timerprocess,
};
struct pool knote_pool;
@@ -444,15 +447,48 @@ filt_timerdetach(struct knote *kn)
struct timeout *to;
to = (struct timeout *)kn->kn_hook;
- timeout_del(to);
+ timeout_del_barrier(to);
free(to, M_KEVENT, sizeof(*to));
kq_ntimeouts--;
}
int
-filt_timer(struct knote *kn, long hint)
+filt_timermodify(struct kevent *kev, struct knote *kn)
+{
+ struct timeout *to = kn->kn_hook;
+ int s;
+
+ /* Reset the timer. Any pending events are discarded. */
+
+ timeout_del_barrier(to);
+
+ s = splhigh();
+ if (kn->kn_status & KN_QUEUED)
+ knote_dequeue(kn);
+ kn->kn_status &= ~KN_ACTIVE;
+ splx(s);
+
+ kn->kn_data = 0;
+ knote_modify(kev, kn);
+ /* Reinit timeout to invoke tick adjustment again. */
+ timeout_set(to, filt_timerexpire, kn);
+ filt_timer_timeout_add(kn);
+
+ return (0);
+}
+
+int
+filt_timerprocess(struct knote *kn,
Re: OpenBSD NTFS experience
I am still having issues with NTFS-3G and an external Samsung M3 USB HDD. I am able to mount and access the filesystem fine for several hours, then without doing anything or having any crashes or errors the mount becomes inaccessible. The disk still responds to the disklabel -E command and smartctl commands so I assume it is working properly and not asleep. There is no debug output from ntfs-3g when this happens apart from the initial messages in my previous e-mail. However there are some entries after I disconnect the drive. There are no errors in syslog, dmesg or anywhere else that I can see. Thunar stops working but leaves a process behind. I cannot remount the filesystem read-only. Any processes that try to access the mount are in state 'idle' and waiting for 'fuseino'. I cannot kill any of these processes. If I disconnect the drive without rebooting and leave the system alone again overnight the commands that hang (ls, mount, Thunar) respond again and complete and I can finally kill the ntfs-3g process. My dmesg is: OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8304394240 (7919MB) avail mem = 8037666816 (7665MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f800 (49 entries) bios0: vendor American Megatrends Inc. version "080015" date 04/13/2011 bios0: ZOTAC RS880P acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB SRAT HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE7(S4) PCE9(S4) PCEA(S4) SBAZ(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4) UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X2 555 Processor, 3200.36 MHz, 10-04-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: AMD erratum 721 detected and fixed cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Phenom(tm) II X2 555 Processor, 3200.01 MHz, 10-04-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu1: AMD erratum 721 detected and fixed cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus -1 (PCE2) acpiprt3 at acpi0: bus -1 (PCE3) acpiprt4 at acpi0: bus 2 (PCE4) acpiprt5 at acpi0: bus -1 (PCE5) acpiprt6 at acpi0: bus 4 (PCE7) acpiprt7 at acpi0: bus -1 (PCE9) acpiprt8 at acpi0: bus -1 (PCEA) acpiprt9 at acpi0: bus -1 (PE20) acpiprt10 at acpi0: bus -1 (PE21) acpiprt11 at acpi0: bus -1 (PE22) acpiprt12 at acpi0: bus -1 (PE23) acpiprt13 at acpi0: bus 3 (PCE6) acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 acpibtn0 at acpi0: PWRB acpicpu0 at acpi0: C1(@1 halt!), PSS acpicpu1 at acpi0: C1(@1 halt!), PSS cpu0: 3200 MHz: speeds: 3200 2500 2100 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD RS880 Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "AMD RS780 PCIE" rev 0x00 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 5 function 0 "ATI Radeon HD 4250" rev 0x00 drm0 at radeondrm0 radeondrm0: apic 2 int 18 azalia0 at pci1 dev 5 function 1 "ATI Radeon HD 4200 HD Audio" rev 0x00: msi azalia0: no supported codecs ppb1 at pci0 dev 4 function 0 "AMD RS780 PCIE" rev 0x00: msi pci2 at ppb1 bus 2 athn0 at pci2 dev 0 function 0 "Atheros AR9285" rev 0x01: apic 2 int 16 athn0: AR9285 rev 2 (1T1R), ROM rev 14, address e0:b9:a5:60:58:7e ppb2 at pci0 dev 6 function 0 "AMD RS780 PCIE" rev 0x00: msi pci3 at ppb2 bus 3 re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06:
Re: 6.8 Install Issue
--- On Saturday, February 27, 2021, 12:09:45 AM EST, wrote: > I'm confused as to how you're capable of sending emails when you haven't > installed your system. I have more than one computer.
Re: relayd, ipv6, and tls keypair names
Hello !
I configured relayd months ago and did not have my config here.
The keypair option works as it should (name.tld) and requires no symlinks
(tested with public IPs) but the paths to the certs are hardcoded as described
in the acme config file in /etc/examples. IIRC the path must be /etc/acme/ or
so.
Regards,
Christoph
> Am 27.02.2021 um 09:25 schrieb jrmu :
>
> PS: I am running OpenBSD 6.8 stable on amd64.
>
>> On Sat, Feb 27, 2021 at 03:48:04PM +0800, j...@ircnow.org wrote:
>> I was trying to configure relayd for TLS acceleration when I noticed an
>> unusual
>> error.
>>
>> Here is my /etc/relayd.conf (with actual IPs and domains replaced):
>>
>> ip4="192.0.2.1"
>> ip6="2001:db8::"
>> table { 127.0.0.1 }
>> table { 127.0.0.1 }
>>
>> log connection
>>
>> http protocol https {
>>match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
>>match request header append "X-Forwarded-By" \
>>value "$SERVER_ADDR:$SERVER_PORT"
>>match request header set "Connection" value "close"
>>
>># Various TCP options
>>tcp { sack, backlog 128 }
>>
>>tls { keypair example.com }
>>match request header "Host" value "www.example.com" forward to
>> }
>>
>> relay wwwtls {
>>listen on $ip4 port 443 tls
>>listen on $ip6 port 443 tls
>>protocol https
>>forward to port 8001 check icmp
>> }
>>
>> I set up symlinks for the SSL certs as follows:
>>
>> $ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com:443.crt
>> $ doas ln -s /etc/ssl/private/example.com.key
>> /etc/ssl/private/example.com:443.key
>>
>> I then start relayd:
>>
>> $ doas relayd -dvv
>>
>> and get the following errors:
>>
>> relay_load_certfiles: using certificate /etc/ssl/example.com:443.crt
>> relay_load_certfiles: using private key /etc/ssl/private/example.com:443.key
>> /etc/relayd.conf:26: cannot load certificates for relay wwwtls2:443
>>
>> I discovered that if I comment out the below line, line 23, relayd works:
>>
>> listen on $ip6 port 443 tls
>>
>> So if I uncomment out the IPv6 listener, relayd works just fine.
>>
>> If I include the IPv6 listener but create symlinks with IPv6 addresses like
>> follows:
>>
>> $ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/2001:db8:::443.crt
>> $ doas ln -s /etc/ssl/private/example.com.key
>> /etc/ssl/private/2001:db8:::443.key
>>
>> Then it seems relayd also works. So I suspect relayd is ignoring
>> the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
>> enabled,
>> relayd appears to ignore:
>>
>> tls { keypair example.com }
>>
>> Can someone verify if this is correct behavior, if I misconfigured, or
>> if this is a bug?
>>
>> jrmu
>
Re: relayd, ipv6, and tls keypair names
Hi,
j...@ircnow.org writes:
> Then it seems relayd also works. So I suspect relayd is ignoring
> the tls keypair directive for IPv6 addresses. In other words, when IPv6 is en
> abled,
> relayd appears to ignore:
>
> tls { keypair example.com }
>
> Can someone verify if this is correct behavior, if I misconfigured, or
> if this is a bug?
You're making things a bit harder for yourself with your choice of
certificate filenames. For starters, on webservers I've never had
any use for a certificate without full chain. So I just create a
full chain certificate under the usual certificate filename in my
acme-client config.
domain example.com {
domain key "/etc/ssl/private/example.com.key"
domain full chain certificate "/etc/ssl/example.com.crt"
sign with letsencrypt
}
No symlinks necessary.
Then in relayd I create two relays, listening to the same protocol
block.
table { 127.0.0.1 }
log connection
http protocol myremote {
tls keypair "example.com"
return error
pass
}
relay mysite4 {
listen on 127.0.0.1 port 443 tls
protocol myremote
forward to check tcp port 80
}
relay mysite6 {
listen on ::1 port 443 tls
protocol myremote
forward to check tcp port 80
}
The problem really is that you can't listen on IPv4 and IPv6 in the
same relay block. This might be a bug although I suppose it could be
intentional (I've never found relayd's configuration very intuitive).
--
Anthony J. Bentley
relayd, ipv6, and tls keypair names
I was trying to configure relayd for TLS acceleration when I noticed an unusual
error.
Here is my /etc/relayd.conf (with actual IPs and domains replaced):
ip4="192.0.2.1"
ip6="2001:db8::"
table { 127.0.0.1 }
table { 127.0.0.1 }
log connection
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
# Various TCP options
tcp { sack, backlog 128 }
tls { keypair example.com }
match request header "Host" value "www.example.com" forward to
}
relay wwwtls {
listen on $ip4 port 443 tls
listen on $ip6 port 443 tls
protocol https
forward to port 8001 check icmp
}
I set up symlinks for the SSL certs as follows:
$ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com:443.crt
$ doas ln -s /etc/ssl/private/example.com.key
/etc/ssl/private/example.com:443.key
I then start relayd:
$ doas relayd -dvv
and get the following errors:
relay_load_certfiles: using certificate /etc/ssl/example.com:443.crt
relay_load_certfiles: using private key /etc/ssl/private/example.com:443.key
/etc/relayd.conf:26: cannot load certificates for relay wwwtls2:443
I discovered that if I comment out the below line, line 23, relayd works:
listen on $ip6 port 443 tls
So if I uncomment out the IPv6 listener, relayd works just fine.
If I include the IPv6 listener but create symlinks with IPv6 addresses like
follows:
$ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/2001:db8:::443.crt
$ doas ln -s /etc/ssl/private/example.com.key
/etc/ssl/private/2001:db8:::443.key
Then it seems relayd also works. So I suspect relayd is ignoring
the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
enabled,
relayd appears to ignore:
tls { keypair example.com }
Can someone verify if this is correct behavior, if I misconfigured, or
if this is a bug?
jrmu
Re: relayd, ipv6, and tls keypair names
PS: I am running OpenBSD 6.8 stable on amd64.
On Sat, Feb 27, 2021 at 03:48:04PM +0800, j...@ircnow.org wrote:
> I was trying to configure relayd for TLS acceleration when I noticed an
> unusual
> error.
>
> Here is my /etc/relayd.conf (with actual IPs and domains replaced):
>
> ip4="192.0.2.1"
> ip6="2001:db8::"
> table { 127.0.0.1 }
> table { 127.0.0.1 }
>
> log connection
>
> http protocol https {
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" \
> value "$SERVER_ADDR:$SERVER_PORT"
> match request header set "Connection" value "close"
>
> # Various TCP options
> tcp { sack, backlog 128 }
>
> tls { keypair example.com }
> match request header "Host" value "www.example.com" forward to
> }
>
> relay wwwtls {
> listen on $ip4 port 443 tls
> listen on $ip6 port 443 tls
> protocol https
> forward to port 8001 check icmp
> }
>
> I set up symlinks for the SSL certs as follows:
>
> $ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com:443.crt
> $ doas ln -s /etc/ssl/private/example.com.key
> /etc/ssl/private/example.com:443.key
>
> I then start relayd:
>
> $ doas relayd -dvv
>
> and get the following errors:
>
> relay_load_certfiles: using certificate /etc/ssl/example.com:443.crt
> relay_load_certfiles: using private key /etc/ssl/private/example.com:443.key
> /etc/relayd.conf:26: cannot load certificates for relay wwwtls2:443
>
> I discovered that if I comment out the below line, line 23, relayd works:
>
> listen on $ip6 port 443 tls
>
> So if I uncomment out the IPv6 listener, relayd works just fine.
>
> If I include the IPv6 listener but create symlinks with IPv6 addresses like
> follows:
>
> $ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/2001:db8:::443.crt
> $ doas ln -s /etc/ssl/private/example.com.key
> /etc/ssl/private/2001:db8:::443.key
>
> Then it seems relayd also works. So I suspect relayd is ignoring
> the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
> enabled,
> relayd appears to ignore:
>
> tls { keypair example.com }
>
> Can someone verify if this is correct behavior, if I misconfigured, or
> if this is a bug?
>
> jrmu
