resize SR_CRYPTO?
I'm messing around with resizing a VM disk that contains a softraid crypto volume, and I've not managed to figure out how to non-destructively resize the crypto volume. The man pages only mention creating a crypto volume, not *resizing*, so this strikes me as a "wipe, rebuild, restore" operation. Am I correct in thinking this is a wipe, rebuild, restore situation, or is there an option/program I've missed for resizing? Thanks, Jonathon
Re: Building AMI for AWS EC2
On Thu, Jan 21, 2016 at 09:30:57AM +0100, Reyk Floeter wrote: > On Wed, Jan 20, 2016 at 08:56:25PM -0800, Jonathon Sisson wrote: > > On Wed, Jan 20, 2016 at 02:51:21PM -0800, Simon McFarlane wrote: > > > Hi all, > > > > > > Now that the Xen guest stuff is getting some love, I think it would be fun > > > to toy around with OpenBSD on EC2 (particularly because of EBS -- other > > > VPS > > > providers like the old standby ARP Networks don't allow you to attach > > > copious amounts of storage to a low-spec system). > > > > > > There are a couple public AMIs available, but I'm curious as to how they > > > are > > > built. It'd be pretty cool to be able to build a given snapshot into an > > > AMI, > > > rather than be dependent on whomever is creating the public ones. > > > > > > If the builder of the public AMIs is reading this, I'd love to hear what > > > your process is. > > > > > > Thanks, > > > Simon > > > > > I have a relatively simple process involving the use of vmimport. > > > > Basically, build out the VM how you want (I used VirtualBox, but YMMV), > > then ran something like ec2-import-volume to bring the VHD into AWS. > > Once that was complete, I booted up an Amazon Linux instance, stopped it, > > detached the root volume, attached the OpenBSD volume as /dev/xvda, then > > booted up into OpenBSD. Afterwards, create an AMI of your work. > > > > Also note that OpenBSD won't recognize EBS volumes attached as anything > > other than xvd*. I haven't bothered looking into why. > > > > We don't have a Xen driver for the blkfront disks yet, and we only > support the emulated IDE controller. Nobody has started working on it > yet. The Xen HVPVM layer and the netfront (xnf) driver were necessary > to bootstrap OpenBSD in EC2, the blkfront driver is optional but > needed to mount additional volumes. > > Reyk > Ahh, understood. It wasn't necessarily an issue, as I've been able to mount any EBS volume I want as xvd* devices, so certainly not a concern, it was just behavior I noticed =) Thanks for the explanation!
Re: Building AMI for AWS EC2
On Wed, Jan 20, 2016 at 02:51:21PM -0800, Simon McFarlane wrote: > Hi all, > > Now that the Xen guest stuff is getting some love, I think it would be fun > to toy around with OpenBSD on EC2 (particularly because of EBS -- other VPS > providers like the old standby ARP Networks don't allow you to attach > copious amounts of storage to a low-spec system). > > There are a couple public AMIs available, but I'm curious as to how they are > built. It'd be pretty cool to be able to build a given snapshot into an AMI, > rather than be dependent on whomever is creating the public ones. > > If the builder of the public AMIs is reading this, I'd love to hear what > your process is. > > Thanks, > Simon > I have a relatively simple process involving the use of vmimport. Basically, build out the VM how you want (I used VirtualBox, but YMMV), then ran something like ec2-import-volume to bring the VHD into AWS. Once that was complete, I booted up an Amazon Linux instance, stopped it, detached the root volume, attached the OpenBSD volume as /dev/xvda, then booted up into OpenBSD. Afterwards, create an AMI of your work. Also note that OpenBSD won't recognize EBS volumes attached as anything other than xvd*. I haven't bothered looking into why. -Jonathon
Re: Misc questionning about DNS
On Tue, Jan 13, 2015 at 04:33:56PM -0800, Jason Adams wrote: Split DNS is a very good reason for using bind, and its not that hard to set up. I could private email you an example. If unbound doesn't do this, it is missing one of the main reasons people and institutions run their own dns servers (whether or not they are behind nat). I think there's a serious amount of confusion going on about the goal of unbound. It's *not* an authoritative name server. It doesn't try to be (aside from very, very simple configurations). It's a recursive caching resolver. Saying unbound is broken because it doesn't have split DNS is like saying lighttpd is garbage because it doesn't handle imap like nginx.
Re: Pf monitoring
On Mon, Jan 12, 2015 at 05:20:40PM +0100, Fr??d??ric URBAN wrote: Hi guys, I'm trying to find a way to get pf stats (ie: return of pfctl -si) outside of the host to be sure that pf states count are under a certain value. Usually I use snmp on other *Nix based OS but with snmpd(8) i'm unable to achieve this (PF-MIB looks unpopulated). I agree snmp is a old and unsecure protocol so any other solution will fit aswell. Thankfully F.URBAN pfstatd does this well, but integrating it with other monitoring solutions may not be very easy (honestly, I've not tried. I have pfstatd running on a pf box with a remote machine running pfstat to gather and graph everything).
Re: OpenBSD + OptiPlex 320 = frozen clock?
On Fri, Jan 02, 2015 at 10:47:02AM -0500, John Merriam wrote: Hello. I have a strange issue with OpenBSD on my Dell OptiPlex 320. The clock doesn't move: # date; sleep 55; date Thu Jan 1 02:25:47 EST 2015 Thu Jan 1 02:25:47 EST 2015 # sysctl kern.timecounter.choice I have a Dell that has a broken clocksource that exhibits the same. Set kern.timecounter.choice to one of the other choices (you'll have to experiment with that, I can't help you there). Once you find the one that works, set it in /etc/sysctl.conf and be on your way.
Re: OpenBSD + OptiPlex 320 = frozen clock?
On Sun, Jan 04, 2015 at 01:23:24PM -0500, Jonathon Sisson wrote: # sysctl kern.timecounter.choice I have a Dell that has a broken clocksource that exhibits the same. Set kern.timecounter.choice to one of the other choices (you'll have to experiment with that, I can't help you there). Once you find the one that works, set it in /etc/sysctl.conf and be on your way. As already pointed out, that should have been set kern.timecounter.hardware using one of the kern.timecounter.choice options
Re: interesting question about shells
On Fri, Dec 26, 2014 at 03:48:43PM -0500, Wayne Cuddy wrote: A good book that I recommend to get started is From Bash to Zsh. I found it easier to start with rather the supplied reference documentation. Does From Bash to Zsh cover ksh, csh, tcsh, etc...? It sounds like a great book idea, but it looks to me like the book literally just covers Bash and Zsh? Is that the case?
Re: Openbsd broke my hard drive twice! Getting frustrated
On Tue, Dec 23, 2014 at 12:42:25AM -0200, Henrique Lengler wrote: On 2014-12-23 00:12, OpenBSD lists wrote: # cd /usr/src/distrib/miniroot/ # grep -B3 'inconsistent state' install.sub At any prompt except password prompts you can escape to a shell by typing '!'. Default answers are shown in []'s and are selected by pressing RETURN. You can exist this program at any time by pressing Control-C, but this can leave your system in an inconsistent state. Did you not see this warning while installing? What about my second attempt in which I did everything normally? -- Henrique Lengler Here's a silly question...is it an EFI system? I would think the installer wouldn't boot properly if so, but you may have to go into your BIOS and set it up for legacy boot? I don't know. I've never heard of an OS install causing physical damage to a machine (though a few FreeBSD installs I performed around the 6.X/7.X timeframe caused *me* to harm a computer =).
Re: Openbsd broke my hard drive twice! Getting frustrated
On Tue, Dec 23, 2014 at 03:22:51AM -0200, Henrique Lengler wrote: On 2014-12-23 02:55, Eric Furman wrote: No. This is done by the BIOS. After the computer boots the BIOS then hands over control to the OS. So this it the time the OS is able to do whatfuck it wants with my HDD, and so the OS have control over HDD. Right? And yes, that is a gross over simplification of what actually happens. There is no way that any OS can 'break' a hard drive. So why this happened when using OpenBSD? -- Henrique Lengler OpenBSD does not support UEFI secure boot. I'm not a developer, so I won't offer an answer as to why support is lacking, but I suspect it has something to do with UEFI being a metric fuckton of bullshit. That said, I'm willing to bet if you disable secure boot, it'll act differently than what it is now. And, depending on what distro of Linux you installed, it may support UEFI (and hence the BIOS boot of Linux may not have been with UEFI disabled).
Re: make search=curl - Illegal EPRT Command + freeze
make search key=p5-www-curl Lars NoodC)n wrote: I'm trying to get hold of CPAN's WWW::Curl:Easy, which might be in ports, on 4.4-current (snapshot from 29 august). make search=p5-www-curl (or any other search) in ports hangs with the following error: === Checking files for freeze-2.5 freeze-2.5.tar.gz doesn't seem to exist on this system Fetch ftp://ftp.warwick.ac.uk/pub/compression/freeze-2.5.tar.gz Illegal EPRT Command anonymous FTP to warwick *seems* to show nothing in that directory. I've tried 3 different ftp clients. make stays stuck and doesn't respond even to Cancel (^c) but pkill ftp from another console brings back shell. Regards, -Lars