I see people doing it by hand but is there a reason something like iocage or ezjail don't have an arch. option?

ex: I want a 32-bit jail on a 64-bit host.

skered: both of those are longer maintained

ezjail I knew but it works. iocage I thought as the replacement... What's the new jail manager?

Title: Containers - FreeBSD Wiki

skered: bastille, cbsd, and pot are probably the best candidates on that list

but, if you got like 5 jails, instead of 50-500, you might also just consider jail.conf

alpha.pkgbase.live/howto/jails.html is how i do it

Title: Howto: Setting up Jails

Like by hand? yuck.

eh, I've done worse

like written my infrastructure automaton in Perl and then rewritten it in gnu make

but right now, I've literally got four jails, and until i get buildah and podman working, I'll be doing it like this

We don't use those words in #freebsd. 🤫

hey, everythime I installed freebsd 1 on my thinkpad x1 carbon I would get the intel speed shift bug and the system would hang. So I added something to my loader.conf to set it off

but now the system gets really hot and freezes

so I disabled it again and now my computer wont even boot

isnt there a fix for this by now

13.1-release

now I have to format and start over again

sucks to be stuck on 12.*

any tips on speeding up the boot time? i need to cut it from 2 minutes in this vm to 1 minute if possible.

i put autoboot_delay=1 in /boot/loader.conf and rc_startmsgs=NO into /etc/rc.conf

i googled it but i'm not sure which suggestions make sense or don't make sense. one of them said to start commenting out random 'sleep 1' lines from startup scripts

johnjaye: A minute seems a bit long. What's taking the time?

well it's a vm and it's slow

if i switch the arch and enable kvm it should improve. but i don't care about speed just about starting it

qemu has this annoyance where even if you suspend the guest inside its monitor it still eats up cpu time on the order of a web browser. i could just suspend the process i suppose

What's the host?

the raspi4 i'm typing this on. i wanted to start a local freebsd instance on it for a project

Oh. Opportunities for things to go slow abound there.

indeed. but i'm not familiar enough with how freebsd starts up to go any further

the thing is there is not a 'standard' way to start up on arm, so i'd have to google around for the right params for that to work...

i can try the freebsd wiki's suggestion and hope for the best though

this whole intel speed shift bug is rediculous

I've managed to boot old kernel and disable it again

starting devd sure takes awhile...

but not as long as the network!

Plasmoduck: same here with a Lenovo p14s gen1. I read somewhere (can't remember where) that it is fixed in 14.0. I'm waiting, just hoping the fix to be backported to 13.2

well it's down to 24 seconds using qemu with -cpu max. very confusing.

if i tell it -cpu cortex-a72 then qemu refuses to start at all. but with -cpu host or -cpu max it boots freebsd on aarch64 in 30 seconds. then if i ask freebsd its cpu it says cortex-a72 r0p3

well that doesn't make sense but at least it's fast now

to be clear the raspi4 has cortex a72's in it... so idk the conflict here

doug713705[m]: yeah its crazy

on top of that, something is causing my system to freeze/lock up

some software I updated before upgrading to 13

it's driving me crazy

doug713705[m]: bugs.freebsd.org/bugzilla/show_bug.cgi?id=253288 ? It's already in stable/13 and releng/13.2.

Title: 253288 – hwpstate_intel: modern ThinkPads wedge under any kind of load or during boot

zapata: Thank you for the good news :)

(Took some time to read the PR) zapata, same here

anyone here use node_exporter on FreeBSD for prometheus stats? I am seeing this constantly: node_exporter[13044]: ts=2023-02-25T15:03:20.906Z caller=collector.go:169 level=error msg="collector failed" name=meminfo duration_seconds=8.8323e-05 err="couldn't get memory: cannot allocate memory"

pertho: is that in syslog?

Remilia: yes

I do not have anything like that

using node_exporter, version 1.3.1 (branch: release-1.3, revision: 6)

node_exporter, version 1.5.0 (branch: release-1.5, revision: 1)

hhmm

I guess I could just add --no-collector.meminfo to the cmdline

prometheus doesn't seem to draw the memory info properly for a freebsd client anyway

adding node_exporter_args="--no-collector.meminfo" to /etc/rc.conf fixes it but disables any memory info.. not that prometheus/grafana seem to show it which is odd

not the first time it broke I guess: prometheus/node_exporter #1344

Title: meminfo collector broken on FreeBSD · Issue #1344 · prometheus/node_exporter · GitHub

1344 – pstat -i wasn't documented on the man page bugs.freebsd.org/bugzilla/show_bug.cgi?id=1344

prometheus/node_exporter #2593 <- latest one

Title: FreeBSD: couldn't get memory: cannot allocate memory · Issue #2593 · prometheus/node_exporter · GitHub

2593 – [small] security hole and nfs compatibility bug in rexecd.c bugs.freebsd.org/bugzilla/show_bug.cgi?id=2593

pertho: hmm I updated mine just now to 1.5

not seeing any errors currently

but it has only been 5 minutes

1.5.0 is definitely broken.. the fix was committed 2 weeks ago.. but 1.5.0 came out end of November 2022 :/

wonder if that could be backpatched into the FreeBSD port.. hmmm

if portsnap is going away.. what's replacing it?

ah ha.. this may have been fixed in 1.5.0p3

I'm on 1.5.0p1

Remilia: node_exporter-1.5.0_3 fixes it! :)

am I correct in assuming this commit is for -CURRENT (14.0?) and not 13.1? svnweb.freebsd.org/base?view=revision&revision=362631

Title: [base] Revision 362631

pertho: that's two years old. chances are it's in 13.0

Per freebsd.org/security/unsupported , -current was still 13-current, ie before ... beat me to it.

Title: Unsupported FreeBSD Releases | The FreeBSD Project

still seeing loads of these messages: kernel: linux: jid 0 pid 1456 (VizCompositorTh): possibly incorrect MADV_DONTNEED

pertho: cgit.freebsd.org/src/log/sys/compat/linux/linux_mmap.c?h=releng/13.2

you can look through there for it

maybe git blame etc

hmm.. I'm on 13.1-RELEASE-p7

freshbsd.org/freebsd/src/commit/05e…2d8294bb4c98664ef8ef689b0caf24b5112 it's in 12.2

Title: FreeBSD / src / 05e842d8294bb4c98664ef8ef689b0caf24b5112 - FreshBSD

Title: FreeBSD / src / 362631 - FreshBSD

hmm.. that revision (362631) may not fix the messages

ah well.. wait for 13.2 at the end of next month then :D

pertho: test beta / stable now, test current, demand fixes from current

pertho: oh, makes sense, it was 'node_exporter: 1.3.1_6 -> 1.5.0_3' for me

welp

`BTX halted` on boot

I'm in the middle of migrating cluster node 3/3 to new h/w

and thats cluster node 2/3 crapping itself

which leaves ... 1 of 3 nodes which is not quorum :-(

I have backups, but damn that timing is awkward

:-|

dch: do you have any clue to why?

not really. `BTX halted` is ~ probably ~ the first boot sector or two on the SSD mirror

but these are UEFI boxes so something happened that has borked both NVMes to the point it cant boot

so my guess is a h/w fault, maybe backplane or something

you said new hardware... is it "same" kind of hardware or is the any diff in controllers sata/raid and so on

there*

oh so this node has died while I'm migrating / upgrade *another* node

completely different h/w / vendors / locations

gonna turn this bad one off for 10m maybe it just got too warm for its own good

:/ could always hope

I am repeatedly being stumped by a syncoid hosta:system/data localsys/data "cannot create snapshots : permission denied" errors. I keep checking permission, wondering, why, the others work fine. After about 10 minutes of trial and error I remember: the source filesystem is jailed. I must do a 'zfs jailed=off` first....

dvl: that is so annoying, every time I run into it

Don't be like me. Think jailed first, then permissions.

what do you folks use to get notifications about zfs failures?

no zed on fbsd it seems

nfsd man page doesnt say anything about notifications

some vague mutterings on the internet about devd something something

silly that `zpool status -x` isn't silent when all is well, or you coudl stick it right into a cron job

Well, there is "-n" option, at least in 13.1, to send mail when the command exits with 0 code

1 2 * * * -n zfs status

Let me try that again. "crontab(5)" has "-n" option, at least in 13.1, to not send mail when the command exits with 0 code

there also is zfsd

above when i said nfsd, i meant zfsd, sorry

can it do email notifications? man page is a little sparse

also the man page doesnt document the return status of any of the userspace zfs tools

That lack should be filed as (document) bugs

parv: agreed

where to? openzfs i guess

Title: zfs/man at master · openzfs/zfs · GitHub

I liked thru a few, didn't see any exit codes

vext01: zfsd will generate system messages which get handled by syslogd just like any other daemon with system logging capability, which has been a thing on Unix-likes for decades.

vext01: i set a script to run `zfs status` and send me a push notificatin if it differs from the last `zfs status`

it's pretty simple, i didn't want to wire it into syslog

You _do NOT_ under any circumstances want to rely on email for notifications about storage (or anything else) failing, because email isn't a reliable delivery protocol.

what is more reliable for you then? ;-) irc?

(discover the power of syslog)

There's plenty of tools that're made to solve this problem, including but not limited to zabbix, prometheus, librenms and many others.

epony: if email isn't reliable, irc sure isn't.

apis to push services, like pushover or pushbullet aren't bad at a small scale

or.. *shiver* ... Slack

If you read the RFCs for SMTP, the closest you'll get to "reliability" is that the server shouldn't "lose mail for frivalous reasons" (or something to that effect).

That's an actual RFC using language _that_ nebulous, so you know it's bad. :P

some people use XMPP like sendmail too

but store and forward is more reliable than sent and "lost"

There's no real point in listing all the bad ideas people have had, because they'll keep having them at a rate that far exceeds any reasonable way of enumerating them :P

:-)

debdrup: email is more reliable than relying on me to learn any of those tools :P

rtprio: thanks, i like that

might just write a script that sends a diff

Yes, what do I know, I've only been in storage, network, and systems administration for a few decades.

:)

such noob, wow

I think there is a confusion between monitoring and alerting, and their componenets. Nobody argues that dedicated monitoring application like zabbix is a good tool for detecting problems in the system. But how does zabbix do alerting?

It can show you the error on the dashboard, but this is not alering. It can send an email, sms, push notification, call an http endpoint..

As with any network communication there is a chance of failed delivery

But even if the alert has failed to reach the destination, the even will not be lost, it will be stored in zabbix database somewhere and you will see on the dahboard

Install a bell & apppoint person to send a courier to hit appropriate person with clue fish

Prometheus is not a complete monitoring or alerting solution, so but it can be a part of one

parv: yes :) but a courier can get hit by a bus

.oO(Man! All these damn exceptions)

I'd say that no single channel is reliable. By combining different channels together and using them as fallbacks for each other is the closes you get for relaibility

including a bell and a buttler with an evelope on a tray

I think what debdrup was trying to say is that "don't just fire off an email in a script that detected a problem"

because if this email gets lost you will loose the trace of a problem

first - save the event in some sort of database

and then let a separate agent worry about delivering an event

zabbix does it for you, many other solutions do too

I have people on IRC message me when alpha.pkgbase.live falls over, or its certificate runs out…

Title: Unofficial FreeBSD pkgbase repository

that's monitoring and notification outsourced…

after certain point this stops serving you well. One of my favorite ways to get AWS fix their shit is to post about broken thing on twitter

works better then paid support

you might notice that I've burned out on systems administration, but if you haven't, a nice monitoring system (not nagios) will bring you … uh.… something.

ngortheone: my twitter accounts are emptied and set private

ngortheone: it's just one service, and getting feedback gives me a feeling for how many people use it / rely on it.

which i think is ca 5.

not the point, I was trying to say that service interrup notification relayed over public channels damage your reputation

you may not care about it atm, but when you are a size of Amazon you can't afford it

twitter in general is a bad,bad place

ngortheone: it's a service used by 5 people, and it has Alpha in the name and title and description

sometimes I think that POSIX was written by predators for aliens

check this: (man 3 daemon)

Unless the argument noclose is non-zero, daemon() will redirect standard input, standard output, and standard error to /dev/null

double-negation, unless.. non-zero

who writes docs like that?

daemon isn't even in POSIX, that's a FreeBSD man page

they could've called the argument "keep_open" and say - "keep_open >=1 keeps file descriptors open, if == 0 then file descriptors are redirected to /dev/null"

well, it exists in Linux too

yeah?

with the same description and argument tames

Title: daemon(3) - Linux manual page

it's a BSD function that GNU/Linux adopted, then. :P Not POSIX.

Linux actually has slightly better description

"If noclose is zero, daemon() redirects standard input, standard output, and standard error to /dev/null; otherwise, no changes are made to these file descriptors."

 

which avoids mental gymnastics required to figure out the double-negated sentence

agreed, this is a better description

the one in the gnu/linux man page

well, ok, dis on POSIX was unfounded... this time :D

OpenBSD has removed the double negation, but NetBSD and DragonFlyBSD retain the double negation in their man pages

Title: daemon(3) - OpenBSD manual pages

yeah, we can do even better -> rename noclose argument to keepopen

then description makes sense: keepopen == 0 -> /dev/null

otherwise..well keep those descriptors open

gonna break someone's code? :3

unfortunately..

ngortheone: submit a patch for the man page :D

i wouldn't mind seeing the wording changed to how OpenBSD's has it

already on it

it would read better

nice

thank you <3

trying to locate the man page

/usr/src/lib/libc/gen/daemon.3

the 'locate' command works well

it's installed to, of course:

/usr/share/man/man3/daemon.3.gz

Thanks! Found it

Title: man 3 daemon: remove double negation by ngortheone · Pull Request #671 · freebsd/freebsd-src · GitHub

I approve of this, including the 'will redirect' -> 'redirects'

openbsd did so too

I took their text verbatim