Re: Getting "Boot error" after replacing a disk in softraid
Also, if I boot from a USB stick, with only the new SSD attached, the softraid is registered as degraded (as the other old disk is missing), so it has been populated, and the partition is also marked with an asterisk for boot, but I still cannot boot from that drive.
Re: Getting "Boot error" after replacing a disk in softraid
> I suspect this error comes from your BIOS/UEFI rather than the OpenBSD > boot loader. Did you check how boot drives are configured in firmware? I already tested that by moving the new disk to another box and boot it from that, unfortunately I get the same error.
Getting "Boot error" after replacing a disk in softraid
I have a softraid mirror setup with two old spinning disks. I have detached one of the disks from the mirror and attached a new SSD. I then wanted to rebuild the mirror, using one old spinning drive and the new SSD, and then afterwards, remove the old spinning drive and replace with yet another SSD, ending up with a mirror of two new SSDs. After I attached the new SSD to the box, I did: fdisk -iy sd1 (the new disk) Then I cloned the layout of the old drive onto the new: disklabel sd0 > layout disklabel -R sd1 layout Then I used installboot: installboot sd1 And started rebuilding the mirror: bioctl -R /dev/sda1 sd2 (sd2 being the RAID device) This worked fine and the mirror is up. However, when I now dettach the old drive and boot from only the new SSD, I get "Boot error". What am I missing?
Re: OpenBSD alternative setup to ZFS on Linux or FreeBSD
> Once data is no longer "work in progress", archive it to write-only > media and take it out of the regular backup loop. What kind of write-only media do you use/recommend?
OpenBSD alternative setup to ZFS on Linux or FreeBSD
Ever since I read a post on @misc from Nick Holland to someone asking about running a large filesystem on OpenBSD, in which Nick wrote: > ZFS is kinda the IPv6 of file systems. A few good ideas trying to > solve a one issue... and then they went way overboard trying to pack > too much else into it. > > I've setup some cool stuff using ZFS (dynamically sized partitions, > snapshots, zfs sends of snapshots to other machines, etc), but man, I > spent a comical amount of time babysitting and fixing file system > problems. The 1980s are over, file systems should Just Work now. If > you are babysitting them constantly, something ain't right. If > someone wants to add a ZFS-like "scrubbing" feature to ffs, I'd be > all for it. But not for the penalties that come with ZFS. I have been thinking about a simple way to do some of this because ZFS just keeps getting bigger and bigger and more and more complex. I was thinking something like this: Running disks in RAID1 or RAID5 (pick your poison) with softraid. Then for every important big file use something like par2cmdline to create parity data. par2cmdline can be used to verify and re-create files. I would perhaps also create simple checksums for files as well, because that's faster to run through a script, checking all files, than par2verify. For smaller files, perhaps put them into a version control system with integrity checking and parity rather than the above. Of course backup is essential, it's not about that. Running a script that checks all checksums is a "poor mans" version of ZFS scrubbing. If bit rot is found, repair the file with par2 parity. For send/receive, if needed, I think rsync is adequate as it also uses checksums to validate the transfer of files. Any feedback? Do you do something similar on OpenBSD? Cheers.
Creating a softraid mirror from a regular OpenBSD disk
I have an OpenBSD box running with a single drive. I wanted to add a second drive and then run the two in a softraid mirror in order for the first disk to not be a single point of failure in the box. Is that possible or does the first disk needs to be reformattet and repartitioned before adding a second disk? Thanks.
Ensuring data integrity
In the latest book by Michael Lucas, OpenBSD Mastery: Filesystems, Michael writes, "A filesystem should put data on disk. That data should be safely stored and reliably read. That's it. Error checking? Deduplication? No. The operating system has other tools for ensuring data integrity and compactness." If I setup a couple of drives in a RAID mirror on OpenBSD to serve as a NAS box, what is the best way to ensure data integrity? -- Sent with Tutanota, enjoy secure & ad-free emails.
Kerberos Heimdal problem on OpenBSD: Failed to verify AP-REQ
Hi, I have setup an OpenBSD 7.2 machine running Heimdal 7.7.0 as a Kerberos server. I then have an NFS Linux server running Arch Linux on another machine. I then have a FreeBSD NFS client and another Arch Linux NFS client on other physical hardware (all physical machines on the same LAN). Without Kerberos, I can mount the NFS share from both FreeBSD and Linux without any problems, but when I try to mount the NFS share on the Linux machine, with Kerberos running, i.e. using "sec=krb5" on exports as well as the mount command, from either the FreeBSD client or the Linux client, I get the following error in the log on the OpenBSD Heimdal server: Oct 29 00:16:54 foo kdc[55215]: Failed to verify AP-REQ: Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 Oct 29 00:16:54 foo kdc[55215]: Failed parsing TGS-REQ from IPv4:192.168.1.4 Oct 29 00:16:54 foo kdc[55215]: tgs-req: sending error: -1765328353 to client Oct 29 00:16:54 foo kdc[55215]: sending 81 bytes to IPv4:192.168.1.4 When I list the key types on the OpenBSD machine, I get: aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 On FreeBSD I get: aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac-md5 aes256-cts-hmac-sha1-96 On Linux it's: aes256-cts-hmac-sha1-96 des3-cbc-sha1 arcfour-hmac I don't quite understand the error message or whether that is relevant for the key types: Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96 But I don't see "hmac-sha1-96-aes256", listed anywhere. I have no prior experience using Kerberos and are wondering if anyone on this list have experience using the Kerberos port on OpenBSD and whether this problem look familiar? Thanks. Cheers!
support update
The entry under Denmark listed with a company name "Zen System" doesn't exist. There no longer is such a company, and the URL redirects to a completely different company that doesn't provide any kind of OpenBSD service.
Questions about the code commit review process
Hi, What is the code commit review process in OpenBSD? A developer with commit access, does his code get reviewed by other developers before a release, and if so, is that an internal requirement? Thanks. Kind regards.
Re: Timestamps missing on httpd's error log
Is there any particular reason why this issue is being ignored? https://www.mail-archive.com/bugs@openbsd.org/msg15344.html
Re: Why is tmpfs not working on OpenBSD?
On Monday, September 6th, 2021 at 12:50 PM, Marc Espie wrote: > On Sun, Sep 05, 2021 at 10:12:33PM +0000, iio7 wrote: > > > > On 2021-09-05, iio7 < > > > > > > i...@protonmail.com > > > > > > wrote: > > > > > > > mount -t tmpfs tmpfs /home/foo/tmp/ > > > > === > > > > > > > > mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported > > > > > It isn't built into the standard kernels, disabled with this commit:: > > > > > revision 1.229 > > > > > > date: 2016/07/25 19:52:56 > > > > > > disable tmpfs because it receives zero maintainance. > > > > Why isn't it removed? It is kinda "misguiding". > > There might be hope that someone who has the time would do proper > > maintenance... That's fine. I just naturally assumed that something like this would be mentioned in the man page, or on the FAQ or somewhere else, which is where I looked. When I didn't find anything I just assumed that there where something wrong with my system or setup. I didn't even consider searching the mailing list because I would never had guessed that OpenBSD was in this state. Over the years I have come to know OpenBSD for its prime documentation. Shipping a solution in the base that isn't working is not what I normally connect with OpenBSD.
Re: Why is tmpfs not working on OpenBSD?
On Monday, September 6th, 2021 at 12:49 AM, Theo de Raadt wrote: > iio7 i...@protonmail.com wrote: > > > On Sunday, September 5th, 2021 at 10:41 PM, Theo de Raadt > > dera...@openbsd.org wrote: > > > > > iio7 i...@protonmail.com wrote: > > > > > > > > On 2021-09-05, iio7 < > > > > > > > > > > i...@protonmail.com > > > > > > > > > > wrote: > > > > > > > > > > > mount -t tmpfs tmpfs /home/foo/tmp/ > > > > > > === > > > > > > > > > > > > mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported > > > > > > > > > It isn't built into the standard kernels, disabled with this commit:: > > > > > > > > > revision 1.229 > > > > > > > > > > date: 2016/07/25 19:52:56 > > > > > > > > > > disable tmpfs because it receives zero maintainance. > > > > > > > > Why isn't it removed? It is kinda "misguiding". > > > > > > Shucks, you must feel terrible about our decision. > > > > Well, compared to the fact that you, back in 2016, wrote that, > > > > "We don't spend hours of our time adding unimportant notes to that file.", > > concerning updating the FAQ about this, maybe > > > > instead of giving these useless comments, that you apparently > > > > have got plenty of time to do, you should actually provide some > > > > kind of useful information somewhere! > > or we could decide we don't owe whiners like you anything > > and continue to focus only on what we want to do Sure, you do that while I cancel my financial support and then find something better to spend it on.
Re: Why is tmpfs not working on OpenBSD?
On Sunday, September 5th, 2021 at 10:41 PM, Theo de Raadt wrote: > iio7 i...@protonmail.com wrote: > > > > On 2021-09-05, iio7 < > > > > > > i...@protonmail.com > > > > > > wrote: > > > > > > > mount -t tmpfs tmpfs /home/foo/tmp/ > > > > === > > > > > > > > mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported > > > > > It isn't built into the standard kernels, disabled with this commit:: > > > > > revision 1.229 > > > > > > date: 2016/07/25 19:52:56 > > > > > > disable tmpfs because it receives zero maintainance. > > > > Why isn't it removed? It is kinda "misguiding". > > Shucks, you must feel terrible about our decision. Well, compared to the fact that you, back in 2016, wrote that, "We don't spend hours of our time adding unimportant notes to that file.", concerning updating the FAQ about this, maybe instead of giving these useless comments, that you apparently have got plenty of time to do, you should actually provide some kind of useful information somewhere!
Re: Why is tmpfs not working on OpenBSD?
> On 2021-09-05, iio7 < i...@protonmail.com > wrote: >> # mount -t tmpfs tmpfs /home/foo/tmp/ >> mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported > It isn't built into the standard kernels, disabled with this commit:: > revision 1.229 > date: 2016/07/25 19:52:56 > disable tmpfs because it receives zero maintainance. Why isn't it removed? It is kinda "misguiding".
Why is tmpfs not working on OpenBSD?
# mount -t tmpfs tmpfs /home/foo/tmp/ mount_tmpfs: tmpfs on /home/foo/tmp: Operation not supported Sent with [ProtonMail](https://protonmail.com/) Secure Email.
Experience using httpd in production on busy machines?
I am in the process of deploying an updated version of a PHP web application that has been running on Apache and Nginx on Linux. This time I have done all the development running the webserver on OpenBSD httpd+PHP. The setup is so much simpler and I am used to running OpenBSD boxes as gateways/firewall so I am familiar. However, before I take the final step and deploy the new application on OpenBSD httpd in production I would like to hear if anyone has any experience to share regarding performance compared to running Apache or Nginx on Linux? Any caveats to look out for? Kind regards! Sent with [ProtonMail](https://protonmail.com/) Secure Email.
Securing MariaDB on OpenBSD
I have just installed MariaDB on a 6.9 box and I was wondering whether adding a root password is needed? The root user can access the database without a password by default, but IMHO if the box gets compromised and someone reaches root access, adding a password to the database root user doesn't really seem that useful? Also, MariaDB has been setup as per OpenBSD maintainer instructions with: # install -d -m 0711 -o _mysql -g _mysql /var/www/var/run/mysql And /etc/my.cnf: [client-server] socket = /var/www/var/run/mysql/mysql.soc The "mysql_secure_installation" script fails with: ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysql/mysql.sock' (2) Any feedback would be appriceated. Kind regards Sent with [ProtonMail](https://protonmail.com/) Secure Email.
