on loopback should allow you to do some basic verification
tests, e.g. pipe a file of random binary values into it while
concurrently reading it, and verify that you get the same contents.
Personally, I'd try to get the digital loopback working first, then if
that's OK try th
sed me to write what I
> did.
Ah yes, I'll also plug Jeremy's script. I don't use it with NFS, but
I use it (for example) to keep ntpd from trying to come up when it has
no peers because the firewall machine hasn't yet come back up, after a
power outage
a /data nfs ro,late 0 0
>
> But the network was still not up by the time /etc/rc.d/mountlate ran. So I
> slowed things down with the patch you can see below.
What's wrong with "rw,bg,intr" and "ro,bg,intr", respectively,
halfway between that and the
8.2-RELEASE, if it doesn't, go halfway between that and your current
revision, and so on.
This approach will cut the number of updates and builds you need to
try to the logarithm of the number of distinct revisions. My
impression is that it's so obvious to so
d is not to mirror the disk but only slices or
> partitions.
He is mirroring only the partitions - reread above:
gmirror label -v -n -b round-robin gm0p1 /dev/ad4p1
etc.
I don't know; it looks correct to me, but I may be missing something
as I don't currently use gpart.
--
e CPU, very
likely within a year or less.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@volcano.org
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
___
ng from a test environment into a production environment. You
can even go a step further to define and create your own packages
containing sets of configuration files you want to deploy in
conjunction with the binaries.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift.
et does it?
I would guess it's probably that either one requires the 8.x
grep -i to make a conversion function call for each char (or perhaps
line) of input to ensure the proper upper/lower case conversion rules
are followed.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing
0.14s user 0.08s sys
0.23s real 0.15s user 0.08s sys
0.22s real 0.13s user 0.09s sys
[cliftonr@oz ~]$ which grep
/usr/bin/grep
[cliftonr@oz ~]$ sudo sh -c "which grep"
/usr/bin/grep
--
Cl
they both have absolute control over the last sector on the disk
and can write critical data there - which is what this is doing -
that's begging for trouble.
Something cleaner than a kernel panic would be *nice* however... And
your point about warnings in the documentation is a good one.
--
result in merge
> conficts.)
That would be nice. Since freebsd-update clearly has done something
like generate the deltas for X.Y->Z.W for /etc files, if it were to
assume the status quo ante is that files in /etc are based on the X.Y
version of the /etc, it should already be able
ences.
> > We had this discussion a month or two ago.
>
> Do you have a link to this thread?
Thread title is: "Accidentally aborted upgrade via freebsd-update - how
to recover?"
Relevant discussion starts here, on Dec 27 2010:
<http://lists.freebsd.org/pipermail/fre
o way around verifying the changes for each file
with a changed $ID$ field, frustrating as it is.
(Also, if you realize you've made a mistake and say "N" at the end
when it asks if all the merges are OK, it kicks you out of the update
process instead of going through the merges again
for it.
The latter problem with the kernel fault sounds like a driver problem
in RELEASE_7 latest. That stuff does happen and I would guess it's
probably a distinct issue, unless you see that it goes away if you
rebuild RELEASE_7 from source while running RELEASE_7.
-- Clifton
--
ays it
should work. The following is how the man page specifies you can substitute
a newline, by prefacing a quoted actual newline with a backslash:
$ echo axa | sed 's/x/\
> /g'
a
a
That's how I remember classic sed behaving (Unix v7 or thereabouts.)
-- Clifton
--
C
ry interesting capability!
Assuming that FreeBSD considers partitioning a stripe to be valid in
principle - and you give reasons it should - then there may be a geom/driver
interaction bug to investigate here if the geom layer is refusing to write a
stripe-oriented partition to the raw drive.
--
and identical (except
for the last block of the partition) to what the OS sees later after
the mirror is formed.
I assume you're bearing in mind that if you lose either drive to a
hardware fault you lose the whole thing, and consider the risk worth
the potential speed/size gain.
-- Clifton
--
On Mon, Dec 27, 2010 at 10:20:28PM -0800, Jason Helfman wrote:
> On Mon, Dec 27, 2010 at 04:52:03PM -0800, Doug Barton thus spake:
> >On 12/27/2010 16:40, Damien Fleuriot wrote:
> >>On 12/27/10 11:58 PM, Clifton Royston wrote:
> >>> OK, and oh well... I wish there
On Tue, Dec 28, 2010 at 01:40:26AM +0100, Damien Fleuriot wrote:
>
>
> On 12/27/10 11:58 PM, Clifton Royston wrote:
> >
> > OK, and oh well... I wish there were some way to automate the diffing
> > out of the $FreeBSD lines. I suppose those might be the artifact o
On Mon, Dec 27, 2010 at 03:02:56PM -0800, Jason Helfman wrote:
> On Mon, Dec 27, 2010 at 12:58:28PM -1000, Clifton Royston thus spake:
> >On Mon, Dec 27, 2010 at 02:47:53PM -0800, Jason Helfman wrote:
> >>On Mon, Dec 27, 2010 at 12:44:26PM -1000, Clifton Royston thus spake:
>
On Mon, Dec 27, 2010 at 02:47:53PM -0800, Jason Helfman wrote:
Thanks for the prompt response!
> On Mon, Dec 27, 2010 at 12:44:26PM -1000, Clifton Royston thus spake:
...
> > How can I continue from here without downloading and applying 29000+
> >patches all over again, not to
-update install" and
"sudo freebsd-update install -r 7.1-RELEASE" but that gives me:
"No updates are available to install."
Is there some way to resume where I left off?
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / cl
ferent animal than {thread,process,task} scheduling, even
when it comes to I/O-bound tasks.
-- Clifton
P.S. Trimmed -current off the CC line; crossing 3 lists seems
rather superfluous.
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Compu
es/sec
> 2) 87878728 bytes/sec
> 3) 86397125 bytes/sec
> 4) 86550094 bytes/sec
> 5) 86524741 bytes/sec
This also supports that theory - off the top of my head, maximum
theoretical possible write throughput to a similarly sized 7200rpm
drive should be 70MB/s (buffer to disk data t
both those suggestions on this list, and I would hope
(assume?) that they have equivalents under ZFS.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, netw
de scratch disk. The backing store is to
specify a region its contents can be swapped out to if the system is
under memory pressure (which certainly won't work with a DVD)
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Comp
mple.com: j...@example.com, g...@example.com, \
...
Used to be very common and still might be; it's the traditional
old-UNIX way to do organizational mail aliases/mailing lists.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I
suming that nothing in the /etc/rc sequence
will need /tmp before filesystems are mounted. (I suppose putting it
on its own filesystem also assumes that.)
In general, I think you've got a good idea and I plan to start
adopting that in the future.
-- Clifton
--
Clifton Royston --
dle attack to inject arbitrary data into
the session. Depending on your app, the likelihood of this could be
anywhere from small to huge, and the impact could be anywhere from
negligible to disastrous.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lav
ng as relay and storage queue for initially about 5000 mailboxes in
100+ domains. All spam filtering will be handled on another box.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing * http://www.iandicomputing.com/
Cus
lready checked this, but did you go through the dmesg
output relating to ata and drive detection closely?
In the past from time to time I've had machines suddenly start
crawling after an upgrade, and it turned out it was because some change
in the driver detection caused the at
This would remove the risk of side
> effects to other parts of the system, and we could also use the
> chance to compensate for the errors that arise when hz*tick !=
> 100 or when we know that hardclock does not run exactly every
> 'tick' (an integer) microseconds.
oblem might be that the OS is trying to mount
it before /usr is mounted, and the fs module is not available, although
that shouldn't generate a panic.
My 2 cents,
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing
rewall, and as far
> as the client is concerned everything is fine.
FWIW, I don't do torrents a lot, but I've had no problems running the
Vuze/Azureus torrent client behind a pfSense firewall (7.2-based with
pf)
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / cl
Sorry for the self-followup; correcting an incorrect URL.
On Sat, Jun 13, 2009 at 09:54:52AM -1000, Clifton Royston wrote:
...
> due to the two Ethernet ports and low power consumption, and put the
> pfSense package on it (FreeBSD 7.1-based) for a firewall; it runs a
> packet filteri
s.html
Note these are both passively cooled and draw around 5w; I think they
also come in at about half the price of what you were looking at, if
they'll do.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing *
On Sun, Jun 07, 2009 at 04:12:41PM -0400, Scott Ullrich wrote:
> On Sun, Jun 7, 2009 at 3:36 PM, Chris Rees wrote:
> > 2009/6/7 Clifton Royston :
> >
> >> If you feel you just *can't* do it via a script in
> >> /usr/local/etc/rc.d, which is the better way,
in which your script runs relative to other startup scripts.
-- Clifton
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network des
, one character at a time. You can
actually decode some of it with a bit of attention:
virtual address= 0 x 601
kernel t r a p
f a u l t
...
or something of the kind. The issue is not really to do with serial
console vs. video console, which i
ven't tried this, but it's been on my mind to mess around
with soon.
In this case, I would want the designated backup drive to always be
lowest-priority, to ensure the mirror never accidentally started
rebuilding from a newly reinserted backup. (This probably wouldn't
happen a
o
get the install medium premounted for bootstrapping?
I'm attaching my hacked-up fbsd-installiso2img.sh in case anyone else
is interested in playing with it further.
-- Clifton
- cut here
#!/bin/sh
# fbsd-install-iso2img.sh
# Original version by Dario Freni 9/2006
# Enhancements
options=1b
inet x.y.z.w ...
inet x.y.z.v ...
ether 00:1f:d0:cd:3c:9c
media: Ethernet autoselect (100baseTX )
status: active
--
Clifton Royston -- clift...@iandicomputing.com / clift...@lava.net
President - I and I Computing * http://www.iand
a' (256M
> or 512M), followed by swap on 'b', followed by the big-ass root
> partition on 'd' using your favorite filesystem.
For those who want resilience, on FreeBSD you could also make that boot
partition mirrored across drives with gmirror
ust so you know, if you don't shut down normally, the mirror is not
marked into a synchronized state, so it usually has to rebuild after a
panic or other crash. That's probably unrelated to the crash.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMA
12*8*1024*1024 = 100,663,296 so that would mean not merely zero but
negative packet and network overhead.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, s
a history of security issues), and
> > Courier (no interest).
>
> Also avoid /usr/ports/mail/imap-uw.
Performance on imap-uw is lousy also.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicom
bleshoot this, no access to the system in question, but I
thought it might help to know that others have run into the same
problem.
> The thing which is very interesting is:
> Why period is 5 min?
Might be something to do with ARP? Not sure.
-- Clifton
--
Clifton Royston -
never
noticed because they didn't block the build from completing.)
There is only one approved and "guaranteed" by the maintainers way to
build things. That doesn't mean it's the only way to do things, but if
you build things differently, it's up to you to un
nt hours of your
life you won't get back - do you want to sign up for some more hours
further down the road?
-- Clifton (suddenly questioning why I'm spending hours on mailing lists
today)
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I an
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
___
freebsd-stable@freeb
loit
were guessed by another developer and then confirmed. They're now
circulating, so I think we can expect engineered attacks soon.
All:
Upgrade your servers today, do not wait.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Compu
On Tue, Jul 22, 2008 at 09:37:14AM -0700, Doug Barton wrote:
> Clifton Royston wrote:
> > I also think that modular design of security-sensitive tools is the
> >way to go, with his DNS tools as with Postfix.
>
> Dan didn't write postfix, he wrote qmail.
I kno
g way, but I think he has usually
proved to be right on security issues.
I also think that modular design of security-sensitive tools is the
way to go, with his DNS tools as with Postfix.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I
uch less work than a full version
upgrade.
My opinion only. I'm not a developer, and I'm not running any
recursive resolvers on BIND these days; my limited set of machines are
running djbdns instead, so I have more flexibility.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED]
so it's marked dirty, so it
must rebuild it. It is the precise analogy of finding all the file
systems dirty on boot and fscking them, following a crash.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicom
not used
to execute makefiles. At a guess, you seem to be confusing "Makefile"
with the "Makefile.pl" included as part of many Perl packages. The
"pl" extension on the latter is what indicates the use of Perl.
Try "man ports" for more information about how the
Next time it appears to freeze, see if you can ssh into it; my
experience on the Debian box was that this continued to work even
though the console was completely unresponsive following the freeze.
If you don't want to spend a lot of time on this, I'd try a different
video card; I have
goal, and as a software
developer I know it's ridiculously, insanely difficult to design to a
goal like that, but I do think that continuation is one of the main
factors behind the nostalgia for the 4.x line.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
nsulting; that's why I decided to jump to
a release line. However, it's a reasonable option for someone who's
maintaining their own larger groups of systems.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I
itions of terms.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
___
freebsd-sta
ugh.
IMHO, you should still be fine as long as you've got /tmp, /usr/,
/var, and the home directories residing on other partitions. If you're
using /home under / for home directories, you might want to move it to
/usr/home and symlink /home to it.
-- Clifton
--
Clifton Ro
On Fri, Jun 06, 2008 at 12:08:54PM -0400, Vivek Khera wrote:
>
> On Jun 4, 2008, at 4:43 PM, Clifton Royston wrote:
>
> > Speaking just for myself, I'd love to get a general response from
> >people who have run servers on both as to whether 6.3 is on average
> >
On Thu, Jun 05, 2008 at 01:21:35AM +0200, Greg Byshenk wrote:
> On Wed, Jun 04, 2008 at 04:41:45PM -0500, Kevin Kinsey wrote:
> > Clifton Royston wrote:
>
> > > For example, if I take a 6.3R CD, or build one for 6-RELENG, is there
> > >a way to do an "upgrade
an "upgrade in place" on each server? Or would it work
better to do a build from recent source on the development server, then
export /usr/src and /usr/obj via NFS to the production servers and do
the usual "make installkernel; reboot;" etc. sequence on them? (In my
case I do h
ing in your shell or environment
is somehow getting into the buildworld environment and causing make or
the inner shell to misparse the commandline to gcc.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandi
efinitive answer as I have VMWare but haven't set up FreeBSD under it
yet.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network cons
thing as it being a hardware problem.
I've been seeing this on all of my SMP machines since October, and
have reported it onlist, and I've been successfully running FreeBSD for
nearly 10 years (starting with 3.3) and BSD/OS for years before that.
It ain't necess
d for busy webservers
kern.ipc.somaxconn=1024
# From FreeBSD mailing list, reported on improving stability with
# ggatec/ggated.
net.inet.tcp.sendspace=1048576
net.inet.tcp.recvspace=1048576
kern.ipc.maxsockbuf=2049152
# Disable hyperthreading "logical CPUs"
machdep.hlt_logical_cpu
via a combination of adding RAM and tuning kernel
parameters I eventually got them to where they'll reliably stay up for
reasonably long stretches, certainly more than the 20 days uptime I was
getting when I first upgraded them.
-- Clifton
--
Clifton Royston --
dialup connection.
If that is case, your problem is that your NAT implementation is
broken or incomplete, or your NAT configuration also incorporates a
firewall blocking NTP. (Note also that if you connect through dial-up,
naturally you're not going through any firewall present on the LAN, so
a f
always be ad0 and ad1 and
> so on it makes this much easier.
And if you ever add a second drive, and it happens to be detected
first, expect a lot of work getting things working again. There are
good reasons for doing it this way, though you do get a choice.
-- Clifton
--
Clifton Roysto
274
Did you try replacing cabling as a previous poster recommended? I've
had similar problems with both traditional parallel ATA and SATA due to
marginal cables, which of course are not solved by swapping drives.
Not saying there's not a software problem here, just that there is
> (as messages arrive)? I imagine something like that would either do a
> "tail -f" on log files or listen as a syslog filter.
Swatch, logwatch, probably numerous others.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
Preside
ves, so any one drive you try
to boot from has only 1/Nth of the relevant sectors.
Does this help?
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, sy
identical load, and I have
at least attempted to configure them the same way. Both have
/var/crash set up and "dumpon" enabled in rc.conf. Both crashed in the
last week. I got a dump on one, which I now need to analyze, but have
twice failed to get a dump on the other. (Once this
tem, and make sure
there isn't some kind of chipset/motherboard/BIOS issue when 16GB is
populated.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, sys
ng the maximum sync setting may have helped, but I
don't consider it confirmed yet.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming,
.d
and /usr/local/etc/rc.d scripts behave much more coherently and
consistently.
There are two different ways to get it to DWIM - either get in the
habit of doing 2) then 1), or get in the habit of using forcestop.
Given this, I don't see it as a problem.
-- Clifton
--
Clifto
On Wed, Nov 21, 2007 at 07:16:15AM -1000, Clifton Royston wrote:
> All three SMP servers I recently installed with 6.2p8 from a custom
> build CD rebooted within the space of 24 hours about a day ago. (One
> of them is still not up; it sounds like it's requiring me to get to th
t in 4.8x,
and they didn't make it to one month in 6.2.)
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network design, systems and network consulting services
___
ned in some odd places which had no apparent connection with
compile flags.)
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputing.com/
Custom programming, network des
ore tolerant when running only a single bank or not running in
dual-channel. If you can find the manual, you might want to check that
possibility.
-- Clifton
--
Clifton Royston -- [EMAIL PROTECTED] / [EMAIL PROTECTED]
President - I and I Computing * http://www.iandicomputin
On Wed, Oct 17, 2007 at 12:24:29PM +1000, Greg Black wrote:
> On 2007-10-16, Clifton Royston wrote:
>
> > Thanks for this very timely mention! The cluster of servers I am
> > about to upgrade from 4.8 to 6.2 relies heavily on
> > NFS to an old Netapp. If I have got
ot;
> #rpc_statd_enable="YES"
> rpcbind_enable="YES"
>
> Making those changes ended the "Fatal double fault && reboot in 15
> seconds..."
Thanks for this very timely mention! The cluster of servers I am
about to upgrade from 4.8 to 6.2 rel
igured webserver built with an appropriate
client-connection service model. OTOH, if you can guess the process
limits correctly, you can usually set them with a safety margin such
that the machine won't hit the number of processes to force it into
paging; it'll be unresponsive to clients a
On Tue, Dec 17, 2002 at 04:59:37PM -0600, Craig Boston wrote:
> On Tue, 2002-12-17 at 13:02, Clifton Royston wrote:
> > ipf does have the ability to more correctly simulate a closed port.
> > I did a similar exercise on my personal OpenBSD firewall box earlier
> > this yea
personal OpenBSD firewall box earlier
this year; I won't go through your whole ruleset, but basically for
every TCP port you block, you need to add a return-rst, and for every
UDP port you block, you need to add return-icmp(port-unr). This
provides a pretty good simulation of a host running no
the old format, and
we've experienced no such problems on a different system running
RELENG-4.5, which has the same mix of formats for crypted passwords.
I'm baffled.
At the moment I don't seem to be experiencing the intermittent login
failures you're describing, but I
switch, hub, bla bla bla...
>
> What switch? And why set the media? "Bonkers" is a bit vague.
>
> The Intel autosenses speed/duplex well with Intel, 3Com, and Cisco switches
> from my dealings with and does so with FBSD or Win 9x/NT.
Add HP Procurve switches to
ll our servers, but have been
slowly swapping them out with the Intel Pro/100+s as we do other
upgrades. We're down to two servers left with the Dec cards in them.
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED]
The named which can be named is not
thanks for all the rapid answers! Clearly a good list!
-- Clifton
--
Clifton Royston -- LavaNet Systems Architect -- [EMAIL PROTECTED]
"An absolute monarch would be absolutely wise and good.
But no man is strong enough to have no interest.
There
91 matches
Mail list logo
