Re: wifi
On Thu, May 23, 2024 at 01:44:57AM -0300, Gustavo Rios wrote: > Hi folks! > > I would like to setup my openbsd wifi but up to now, no success. > Here is my lspci output. May some one help me ? > > Thanks a lot. > > 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE > 802.11ac PCIe Wireless Network Adapter > > -- > The lion and the tiger may be more powerful, but the wolves do not perform > in the circus It helps more to send a dmesg, to see what the kernel thinks about the device, -Otto
wifi
Hi folks! I would like to setup my openbsd wifi but up to now, no success. Here is my lspci output. May some one help me ? Thanks a lot. 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE 802.11ac PCIe Wireless Network Adapter -- The lion and the tiger may be more powerful, but the wolves do not perform in the circus
advice debugging lockups with swap-thrashing symptoms?
Hi, One of my OpenBSD boxes sometimes gets in a weird locked-up or almost-locked-up state. I'm wondering what I can do to debug it further next time it happens. It feels like swap thrashing, but top reports plenty of memory free. Symptoms: 1. top reports lots of free memory, small act/tot and cache amounts, and some swap space used. See example output of "top -ud1" below. Note I ran pkill -9 firefox before running that command, so apparently it's taking a while even for kill -9 to have an effect. It's weird the act/tot amounts are so small when free is so high. I would also expect the cache number to be much higher. E.g. on this occasion, I was running "git annex fsck", which reads plenty of data from disk. With my vague understanding of the vm system I would expect this to result in lots being cached. 3. Hard disk light is constantly active. (Swapping?) 2. System is completely or almost completely unresponsive. Usually when this happens the X11 display appears completely frozen and I can't ssh to the machine, switch to another virtual terminal, or otherwise interact. (I think pinging the box still works in this case.) I will sometimes notice the system slowing down for a minute or so, and hard disk activity increasing, before it completely grinds to a halt. The most recent time I got lucky, and I could still use ssh and run simple commands like top and dmesg. After several minutes, I even saw the X11 display update. My tmux-in-xterm windows were still trying to redraw themselves for several minutes after being resized: a few lines were displayed but many were still missing. Just now, about 40 minutes after the lock-up, my system started responding quickly again, as if nothing was ever wrong. Maybe it hepled that I killed some processes including firefox, but I did that probably more than 10 minutes ago. below dmesg is from when it was in the almost-locked-up state. I think the filesystem full messages at the end can be ignored; that was an issue I resolved earlier. I'm pretty sure I've observed this on 7.4 and/or 7.5 before I switched to current. -- James angel ~ $ top -ud1 load averages: 8.17, 10.86, 10.03angel.falsifian.org 18:44:22 200 processes: 1 starting, 6 running, 171 idle, 1 stopped, 18 dead, 3 on processor up 0 days 04:10:10 CPU0 states: 7.6% user, 0.0% nice, 8.4% sys, 6.6% spin, 2.6% intr, 74.8% idle CPU1 states: 10.1% user, 0.0% nice, 10.6% sys, 4.8% spin, 0.0% intr, 74.5% idle CPU2 states: 9.8% user, 0.0% nice, 10.3% sys, 4.9% spin, 0.0% intr, 75.0% idle Memory: Real: 88K/1197M act/tot Free: 14G Cache: 165M Swap: 1046M/32G PIDUID PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND 77712 1000620 39M 20K run/1 - 3:21 30.52% tmux 79301 1000600 1752K 20K run/1 - 0:42 29.59% sshd-session 96911 48620 10M 20K run/2 - 1:30 26.56% unwind 9794 35610 133M 3156K onproc/2 - 8:12 25.20% Xorg 59778 1000100 610M 20M run/1 thrdeat 19:05 10.84% firefox 27864 1000180 1308K4K sleep/0 sigsusp 0:31 4.98% sh 48161 1000-60 1308K4K sleep/2 piperd0:31 4.59% sh dmesg: OpenBSD 7.5-current (GENERIC.MP) #77: Sun May 19 16:08:08 MDT 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17160474624 (16365MB) avail mem = 16619134976 (15849MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0100 (59 entries) bios0: vendor Award Software International, Inc. version "F7" date 11/20/2009 bios0: Gigabyte Technology Co., Ltd. GA-MA790XT-UD4P acpi0 at bios0: ACPI 1.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT HPET MCFG TAMG APIC acpi0: wakeup devices PCI0(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3) SBAZ(S4) P2P_(S5) PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X3 710 Processor, 2611.93 MHz, 10-04-02, patch 01db cpu0: cpuid 1 edx=178bfbff ecx=802009 cpu0: cpuid 8001 edx=efd3fbff ecx=37ff cpu0: cpuid 8007 edx=1f9 cpu0: 64KB 64b/line 2-way D-cache, 64KB 64b/line 2-way I-cache cpu0: 512KB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: AMD erratum 721 detected and fixed mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Phenom(tm) II X3 710 Processor, 2611.94 MHz, 10-04-02, patch 01db cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Phenom(tm) II X3 710 Processor, 2612.02 MHz,
Re: how to fsck automatically at boot
On 2024-05-22, Kirill A Korinsky wrote: > On Wed, 22 May 2024 12:53:11 +0100, > Nick Holland wrote: >> > Do you need atime on that FS? Disable it dramatically reduces chances of > manual interraction with fsck. btw: you probably _do_ want atime on /tmp (see /etc/daily). But that's a fairly good candidate for MFS anyway.
Re: httpd & nextcloud
On Wed May 22, 2024 at 4:46 PM BST, Am Jam wrote: Your tip led me in the right direction and I now have what I need. Thank you! Glad I could help. One thing to note. I had to add the following line to get everything to work: - location "/" { block return 301 "$https://$SERVER_NAME/index.php; } I added this line because, for some reason, without this line, navigating to "www.domain.com" would fail. But I noticed that navigating specifically to "www.domain.com/index.php" worked. You might be able to resolve this, by putting the directory index configuration directory index "index.php" in this location context: location "/*.php*" { root "/nextcloud" fastcgi socket "/run/php-fpm.sock" pass } I'm not sure if you can specify the directory index for an entire server context or if you need to define it inside a location context.
Re: httpd & nextcloud
Hi Souji, Your tip led me in the right direction and I now have what I need. Thank you! One thing to note. I had to add the following line to get everything to work: - location "/" { block return 301 "$https://$SERVER_NAME/index.php; } I added this line because, for some reason, without this line, navigating to "www.domain.com" would fail. But I noticed that navigating specifically to "www.domain.com/index.php" worked. For posterity's sake, here is my "working" /etc/httpd.conf: server "www.domain.com" { listen on * tls port 443 # acme-challenge TLS location location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } # enable HTTP Strict Transport Security hsts { preload subdomains max-age 15768000 } tls { certificate "/etc/ssl/domain.io.fullchain.pem" key "/etc/ssl/private/domain.io.key" } # set max upload size to 1G (in bytes) connection max request body 1048576000 connection max requests 1000 connection request timeout 3600 connection timeout 3600 # set root directory root "/nextcloud" directory index "index.php" block drop # ensure that no "*.php*" files can be fetched from these directories location "/config/*" { block drop } location "/data/*" { block drop } location "/*.php*" { root "/nextcloud" fastcgi socket "/run/php-fpm.sock" pass } location "/dist/*" { root "/nextcloud" pass } location "/apps/*" { root "/nextcloud" pass } location "/core/*" { root "/nextcloud" pass } location "/updater/*" { root "/nextcloud" pass } location "/" { block return 301 "https://$SERVER_NAME/index.php; } location "/nextcloud" { block return 301 "$DOCUMENT_URI/index.php" } location "/nextcloud/" { block return 301 "$DOCUMENT_URI/index.php" } location "/.well-known/carddav" { block return 301 "https://$SERVER_NAME/remote.php/dav; } location "/.well-known/caldav" { block return 301 "https://$SERVER_NAME/remote.php/dav; } location "/.well-known/webfinger" { block return 301 "/index.php/.well-known/webfinger" } location "/.well-known/nodeinfo" { block return 301 "/index.php/.well-known/nodeinfo" } location "/ocs-provider/*" { block return 301 "$DOCUMENT_URI/index.php" } location "/ocm-provider/*" { block return 301 "$DOCUMENT_URI/index.php" } } On Wed, May 22, 2024 at 9:58 AM Souji Thenria wrote: > On Wed May 22, 2024 at 2:38 PM BST, Am Jam wrote: > > Hi Everyone, > > Hi Am, > > > Before anyone asks, removing "/nextcloud" from each of the location > strings > > does not work. > > When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser > (Chrome). > > My httpd.conf below was inspired by the one outlined in the nextcloud > > pkg-readme. > > Did you also remove the line: 'request strip 1'? > > So that instead of > > location "/nextcloud/*.php*" { > > root "/nextcloud" > > request strip 1 > > fastcgi socket "/run/php-fpm.sock" > > pass > > } > > you should have: > location "/*.php*" { > root "/nextcloud" > fastcgi socket "/run/php-fpm.sock" > pass > } > > > Regards, > Souji >
Re: httpd & nextcloud
On Wed May 22, 2024 at 2:38 PM BST, Am Jam wrote: Hi Everyone, Hi Am, Before anyone asks, removing "/nextcloud" from each of the location strings does not work. When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser (Chrome). My httpd.conf below was inspired by the one outlined in the nextcloud pkg-readme. Did you also remove the line: 'request strip 1'? So that instead of location "/nextcloud/*.php*" { root "/nextcloud" request strip 1 fastcgi socket "/run/php-fpm.sock" pass } you should have: location "/*.php*" { root "/nextcloud" fastcgi socket "/run/php-fpm.sock" pass } Regards, Souji
httpd & nextcloud
Hi Everyone, I am trying to run a small nextcloud website and I'm having a problem with the URLs. I installed nextcloud via pkg_add, and all of its files were installed under /var/www/nextcloud. The pkg-readmes were helpful in getting nextcloud working with httpd. However, though everything "works", my URLs look like this: - www.domain.com/nextcloud/index.php/foo/bar/... And I can't for the life of me seem to edit /etc/httpd.conf to make it so my URLs look like this: - www.domain.com/index.php/foo/bar/... Furthermore, I can only access nextcloud if I navigate to - www.domain.com/nextcloud I would prefer to access nextcloud by navigating to - www.domain.com Even if I add the following line to /etc/httpd.conf, it works only in the web browser and nextcloud-specific iOS apps don't fully work properly: - location "/" { block return 301 "nextcloud/index.php" } My /etc/httpd.conf is below. Am I missing something obvious? Before anyone asks, removing "/nextcloud" from each of the location strings does not work. When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser (Chrome). My httpd.conf below was inspired by the one outlined in the nextcloud pkg-readme. Thanks in advance. server "www.domain.com" { listen on * tls port 443 # acme-challenge TLS location location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } # enable HTTP Strict Transport Security hsts { preload subdomains max-age 15768000 } tls { certificate "/etc/ssl/domain.com.fullchain.pem" key "/etc/ssl/private/domain.com.key" } # set root directory root "/nextcloud" directory index "index.php" # set max upload size to 1G (in bytes) connection max request body 1048576000 connection max requests 1000 connection request timeout 3600 connection timeout 3600 block drop # ensure that no "*.php*" files can be fetched from these directories location "/nextcloud/config/*" { block drop } location "/nextcloud/data/*" { block drop } location "/nextcloud/*.php*" { root "/nextcloud" request strip 1 fastcgi socket "/run/php-fpm.sock" pass } location "/nextcloud/dist/*" { root "/nextcloud" request strip 1 pass } location "/nextcloud/apps/*" { root "/nextcloud" request strip 1 pass } location "/nextcloud/core/*" { root "/nextcloud" request strip 1 pass } location "/nextcloud/updater/*" { root "/nextcloud" request strip 1 pass } location "/nextcloud" { block return 301 "$DOCUMENT_URI/index.php" } location "/nexctloud/" { block return 301 "$DOCUMENT_URI/index.php" } location "/.well-known/carddav" { block return 301 "https://$SERVER_NAME/nextcloud/remote.php/dav; } location "/.well-known/caldav" { block return 301 "https://$SERVER_NAME/nextcloud/remote.php/dav; } location "/.well-known/webfinger" { block return 301 "/nextcloud/index.php/.well-known/webfinger" } location "/.well-known/nodeinfo" { block return 301 "/nextcloud/index.php/.well-known/nodeinfo" } location "/nextcloud/ocs-provider/*" { block return 301 "$DOCUMENT_URI/index.php" } location "/nextcloud/ocm-provider/*" { block return 301 "$DOCUMENT_URI/index.php" } }
Re: how to fsck automatically at boot
On Wed, 22 May 2024 12:53:11 +0100, Nick Holland wrote: > > For reasons of multi-hour fsck's on a few systems, I'm looking at > remounting the problem file systems as "rw" when writing is actually > needed and "ro" after the writing is complete (IN THIS APPLICATION, this > is known) to reduce my "at risk of power outage" window a lot, but I > suspect this will fall deeply within the category of "when I break > things, I get to keep all the pieces". :) > Do you need atime on that FS? Disable it dramatically reduces chances of manual interraction with fsck. If you move forward and add sync which slow down write but allows to get almost zero porbability of fsck interraction. -- wbr, Kirill
Re: Bgpd multipath conf
In the end I found out a way to manage mutipath. Outside the bgpd daemon. Basically I evaluate the bgp peer status from ifstated rules and I install/remove static multipath route on variation. The first test seem promising. In the end I can even manage carp based on peer availabilty with this approach. If someone is interested in conf I can post as well as soon as I finish my test base. Cheers M. Caterpillar: Confidential Green -Original Message- From: Benjamin Raskin Sent: Thursday, May 16, 2024 3:47 PM To: Stuart Henderson ; Marco Agostani Cc: misc@openbsd.org Subject: Re: Bgpd multipath conf CAUTION: EXTERNAL EMAIL This is a message from raskinbenjam...@gmail.com. Use caution when opening unexpected emails and do not click on links or attachments from unknown senders. For more resources, visit security.cat.com/phishing. __ I'm working on something similar right now for bgpd, where any connected /128 ipv6 address will be announced over bgp. For example if the router is connected to an adjacent host that has assigned itself an address through slaac such that the router has an entry for that particular host in the routing table, then the router will announce the host's /128 address. On Thu, May 16, 2024 at 6:24 AM Stuart Henderson wrote: > > On 2024-05-16, Marco Agostani wrote: > > Ok so in the end is there a way to install more then one route in the > > kernel table through bgpd or not ? > > No. That is what "bgpd ... does not handle adding multiple paths for > the same prefix to the FIB" means. (FIB = "forwarding information > base" = kernel route table) > > > And if it's something that could be done in the future ? > > could? sure, if someone were to write the code to support it. > > I don't think it will be a particularly easy thing to do though. > > > -- > Please keep replies on the mailing list. >
Re: how to fsck automatically at boot
On 5/21/24 08:28, Stuart Henderson wrote: On 2024-05-21, Nick Holland wrote: ... When I remove that disk the boot sequence stops and asks for a fsck I would like that this disk is mounted when it's present, but when it's not installed I don't want the boot sequence to stop Make it also "noauto" in fstab and mount it in rc.local. Last I tried this, it didn't do what I wanted -- "noauto" still expects to have the disk there and will fsck it on boot. Failure to be able to do this stops the boot. It's been a while since I last tried this, so perhaps something has changed (including my recollection?) See fstab(5) about fs_passno. ah, so "0" or blank. cool. learned something. That will simplify a few things! And this might be a solution for the OP's problem: make /usr and /usr/* "ro" during normal operation reorder_kernel is run in the background from /etc/rc; for RO /usr you need to wait for that to finish. And I forgot that. d'oh. So yes, file my tidbit under "REALLY BAD ADVICE" and ignore it. For reasons of multi-hour fsck's on a few systems, I'm looking at remounting the problem file systems as "rw" when writing is actually needed and "ro" after the writing is complete (IN THIS APPLICATION, this is known) to reduce my "at risk of power outage" window a lot, but I suspect this will fall deeply within the category of "when I break things, I get to keep all the pieces". :) Nick.
Re: how to fsck automatically at boot
Hello Nick, Stuart, Kirill, Jan, Thank you for all your answers. Le mardi 21 mai 2024 à 14:31:13 UTC+2, Stuart Henderson a écrit : On 2024-05-21, Nick Holland wrote: > On 5/20/24 09:37, Jan Stary wrote: >> On May 20 13:22:26, mikyde...@yahoo.fr wrote: >>> Hello, >>> >>> I have two use cases and problems with fsck. >>> >>> 1) When my openbsd boots after an outage, the system asks me to fsck /, >>> /usr, /var or /home manually. >>> So I do >>> fsck /dev/sd0a >>> And then I'm asked questions and I usually answer F >>> >>> So my question is that I want this process to be done automatically at boot >>> time for each partition that has a problem. >> >> The /etc/rc boot script calls fsck -p; >> if that fails, it means fsck -p was unable to fix a major problem. >> It is the point that it requires an admin's intervention. >> >> You would have to change the fsck call to fsck -y; >> but don't do that. AIUI the rationale for not using -y by default is that fsck may do further damage to a badly damaged disk. But in practice many people wouldn't do anything other than hit 'y' lots or 'F' when fsck complains, in which case patching /etc/rc to run -y by default isn't going to be any worse... And there are certainly some classes of system where you don't really care about losing data (i.e. you can recreate from config management or backups) but you do want to maximise the chances of being able to connect in remotely, and in that case -y can definitely help. > I'd look at why your file systems are always needing these manual > interventions after a hard shutdown. I routinely power down my > personal systems with yanking the power cord if it would take me > longer "properly" connect a console and properly shut down. That really depends on what the system is doing. >>> When I remove that disk the boot sequence stops and asks for a fsck >>> I would like that this disk is mounted when it's present, but when it's not >>> installed I don't want the boot sequence to stop >> >> Make it also "noauto" in fstab and mount it in rc.local. > > Last I tried this, it didn't do what I wanted -- "noauto" still expects > to have the disk there and will fsck it on boot. Failure to be able to > do this stops the boot. It's been a while since I last tried this, so > perhaps something has changed (including my recollection?) See fstab(5) about fs_passno. > And this might be a solution for the OP's problem: > make /usr and /usr/* "ro" during normal operation reorder_kernel is run in the background from /etc/rc; for RO /usr you need to wait for that to finish. -- Please keep replies on the mailing list.
Re: IPv6 routing problems with vether and vmm
On 2024/05/21 20:30, jrmu wrote: > Greetings, > > > > I also don't control the entire /48. > > > > > > Here is the information I was given: > > > > > > My IPv6 Address Subnet: 2602:fccf:400:41::/64 > > > Hypervisor' IPv6 Gateway: 2602:fccf:400::1 > > > > > > I was only given a /64. > > > > So you should use a /64 prefix length not the /48 which you have. > > > > See EXAMPLES in route(8) for how to set the gateway. > > Please excuse my ignorance here, as I am unfamiliar with networking. Can > you explain why /64 is the correct prefix length? Because that is the information they gave you: "Here is the information I was given: My IPv6 Address Subnet: 2602:fccf:400:41::/64" > I am confused because it seems not analogous to IPv4. Your provider has decided to use a different config method for v6 compared to v4. They probably have a route for the whole /64 to your MAC address to avoid having to do neighbour discovery (NDP) for addresses in your subnet. If they did NDP, they have to try to find the MAC address to send packets for that individual address. So if that address isn't in the (limited size) NDP cache their router would need to buffer the packet, try to resolve the address, if that address is not configured anywhere they'd need to wait for a timeout before possibly generating a host-unreachable icmp6 message and discarding the packet. These are all slow operations using cpu resources on a router where those resources are usually quite limited. Now consider the number of addresses in the subnet and that someone on the internet can send packets to any address. There are similar issues for v4 (using ARP rather than NDP to find MAC addresses) but the scale is vastly different - and most addresses will be in use anyway so most of the time a randomly addressed packet will already have the MAC address in the ARP cache. There are other ways to handle this (e.g. add a small 'link net' between the router and your host) but config for that is a bit more hassle to do on the provider's side - typically with that setup you'd have a separate vlan per customer too, as well as the route table entry across the provider's network for the link net, using more resources on routers/switches. > In the IPv4 example, my address is 104.167.241.211, the gateway is > 104.167.241.193, and the subnet mask 255.255.255.192. The network length > then is /26. I don't control the entire /26 subnet, only one single IPv4 > address within it, but my network would have a prefix length of /26. All of the /26 is probably directly reachable (using ARP to lookup the MAC address). And vice-versa, other addresses in the /26 will be expecting to be able to send packets to you directly rather than going via the gateway. > Isn't using a prefix length of /48 the same in the case of IPv6? I don't > control the entire /48, but the gateway 2602:fccf:400::1 shares the > first 48 network bits with my IPv6 address 2602:fccf:400:41:: You almost certainly can't reach the rest of the /48 without going via the gateway. > If I were to set the routing prefix length to 64, then I could manually > add an extra route to the IPv6 gateway. But then, wouldn't I want to set > my IPv4 address with a subnet mask of 255.255.255.255, so that the > network length would be 32 rather than 26, and also add a manual route > there? Some providers do do that for v4, but if they had they'd be telling you to use the /32. There's a lot less reason to do it for v4 though.