tykling trying out syncoid 6 years ago: github.com/tykling/ansible-roles/tree/master/tykbackup_client/files did it take over from your old way of doing backups ?

Title: ansible-roles/tykbackup_client/files at master · tykling/ansible-roles · GitHub

no it never really clicked for me

oki just stumbled over it, and found it inside the ansible role :) so i thought it was a match

so you still use the old way

yes

I am not really happy about it though

my problem atm is that the backup server is a jail a place where it doesnt have own direct ssh, so i need to use another port and in pf redirect that to backup jail

oh, well that should be fine

in periodic how to add the port part, i didnt really find out

add it in .ssh/config

can i tell remote port on source ssh config?

yes

didnt know that

Host backupjail.example.com

Port 2222

in .ssh/config

thanks tykling something i never knew, i will take my new knowledge and try ;)

:D np!

tykling i made it work, its actually doing its job now :) im amazed hehe thanks one more time for old documents ;)

great! :)

one more checkmark, next step is central place to review /var/logs ;) so i dont need to go check my servers and every jail

i'm having trouble to get sfp+ interface working in bsd, the cable isnot being detected as connected it seems, in ubuntu it works,tried live distro to test, here some info i collected, am i doing anything wrong? or could it be a bug? forums.freebsd.org/threads/cant-get…-nic-to-work-amd-driver-issue.93186

Title: can't get sfp+ nic to work amd driver issue? | The FreeBSD Forums

toying around with poudriere in a bhyve vm. i had a typo in my config and instead of installing jails, etc. to /usr/local/poudriere it went to /wrong/path ... so i went to rm -rf and start over, but i get all sorts of errors like this: rm: /wrong/path/jails/140Ramd64/usr/lib32/libthr.so.3: Operation not permitted ... i'm not sure what's blocking the delete, any insight?

markmcb, The installer sets an "schg" immutable flag on a couple of dozen files. Look for them with: find . -xdev -flags +schg -exec ls -ldo {} +

markmcb, what does poudriere jail -l say?

markmcb, you'd typically remove a jail using poudriere jail -d -j <name>

An schg immutable flag file will look like: -r--r--r-- 1 root wheel schg,uarch 1959392 Dec 2 2021 /lib/libc.so.7

yeah, if the old jail still shows up in poudriere, I assume you could just -d it :)

or if it's not in poudriere, you could still zfs destroy it

To recursively remove the schg flag from a path: chflags -xR 0 /the/path/desired

thanks. the old jail was there. i just deleted it. i still have a /wrong/path/jails directory that i can't get rid of... i'll try the find/chflags commands rwp mentioned

I always add -x and -xdev to avoid crossing mount points to add insurance that I don't recursively do more than I expect to do.

rwp: chflags did the trick, thanks!

If you have datasets then those are mount points and prevented from crossing those mount points. But that's usually what I want and I am working at the mount point or below.

will add that to my list of things to better understand :)

\o/

yeah that list is pretty long here too

i wonder if we could just get rid of schg nowadays

or at least not set it by default, the flag itself is useful

so that seems to have caused some collateral damage (feeling good about my decision to do this in a bhyve vm) ... does poudriere hard link OS files into the jail setup?

markmcb: no, but even if it did, removing the hard link wouldn't affect the original file

what was /wrong/path actually?

seems all my previously install packages (with pkg) got affected. pkg upgrade -f did the trick

lw: /usr/local/pudriere (missing the o)

i wonder if find followed a symlink into /

(if you used find to remove the files)

i used rm -rf /wrong/path

(after the chflags command)

that's strange, i don't know how that affect anything on the host itself

hm... does poudriere mount host filesystems into the jail at all? i didn't think it did, aside from /dev and a couple of others

how do i build a bootable vmimage with a specific kernel?

ah, apparently qemu has a -kernel option, that might help

Any idea where this was fixed? nvd.nist.gov/vuln/detail/CVE-2024-29937

Title: NVD - CVE-2024-29937

skered: as far as i'm aware this hasn't been fixed yet - no SA and i didn't see any related commits

although based on a recent doc commit, i'm wondering if it's due to users not understanding how NFS exports work

i.e. if you export /nfs/data, and that's just a directory on the root filesystem, a client can access any file on the root filesystem

(this is really unfortunate behaviour but it's innate in how NFS works)

Title: src - FreeBSD source tree

i hope it's not *this* because this is a known 30-year-old vulnerability, i was hoping it would be something more interesting

hmm, make memstick has to be run as root? install: /src/obj/src/freebsd/src/main/riscv.riscv64/release/dist/kernel/boot/kernel/kernel: chown/chgrp: Operation not permitted

i wonder how bricoler gets around this

udevrules/groups, suid, sudo?

what's udevrules?

er that's Linuxism... what does FreeBSD call them....

i don't think bricoler uses any of those though, at least based on a quick grep

devfs?

devd?

Does memstick make the image or writes it to disk?

there are no matches for sudo, devd or devfs in the bricoler source, yet it somehow manages to build a memstick image (and boot it) without root... i guess i'll dig into the code later once i've solved this problem

actually no, bricoler creates a vmimage, not a memstick, i wonder if that works differently

I think that's just dirs on disk converted via something like qemu?

right, the issue seems to be it tries to installworld into a directory then turn that into a disk image

and it's the installworld bit that needs root

Otherwise I think any/all disk operations needs some high level user even mdconfig.

I guess for setuiding?

i wonder if bricoler does something clever with mtree + makefs

Or just permissions

skered: right. i expected this might require root, the odd part is that bricoler doesn't need root to do the same thing

I would interested in seeing the permissions of the data in the images

+be

let me run it again and check, might take a while

What's bricoler too?

github.com/markjdb/bricoler - a utility for booting source trees in qemu

Title: GitHub - markjdb/bricoler

skered: seems like file ownership in the bricoler build is fine: le-fay.org/tmp/30d/YOmis5.txt

Is this the booted image?

Or the image itself?

yes, that is inside qemu in the booted image

It appears to just me makefs?

No special devices or privileges are required to perform this task.

skered: for make vm-image, or make memstick?

vm-image

memstick wants to make both legacy and EFI bootable images?

It seems EFI should just be doable via makefs.

let me try with vm-image instead of memstick then

or vm-release rather

Well this is the context of bricoler's vm-image.

ok, now i'm confused, 'make -C release -j8 TARGET=riscv TARGET_ARCH=riscv64 vm-release' returns immediately but doesn't build anything

weird behavior that maybe makes sense (but i don't understand). pkg version. it's lightning fast UNLESS I have clone the ports tree to /usr/ports then it is insanely slow. like 10+ minutes. i'm not using /usr/ports for anything other than looking at files. why would it existing slow things down? if i delete it, pkg version is back to light speed.

markmcb: i suggest truss'ing it to see what it's doing

ok, will try that. my first truss'ing

suggest truss pkg version 2>&1 > truss.out so you can examine it more easily

I have two zpools connected, both on USB drives. I want to copy some datasets from one to the other. is zfs send | zfs recv the best way, even locally?

yourfate: yes

ty

you can also use rsync, but send|recv is generally better as it is guarantee to preserve all metadata, compressed blocks, etc., and is usually faster

ye, the dataset used compression

right, that's neat, no need to uncompress/recompress

it will decrypt by default though

but no one should be using zfs native encryption anyway as it's broken

I don't use encryption rn

its not very performant on my rpi

yeah, no hardware crypto on rpi

I used aes adiantum on it, with BTRFS when it was still linux

that performed very well

its an aes implementation optimized for running on CPU

btrfs with aes-adiantum + zstd compression

it was still easily fast enough to max out the hdd

i only get ~200MB/s from my rpi ssd anyway, probably due lack of UASP in freebsd

still spinning rust there :D

I have a little bit of spinning rust

its just an external hdd connected to it, as a network share for unimportant stuff, like TV shows to play on the TV

I now swapped it for a larger one, so I'm moving the datasets over

a sort of shitty NAS

I have a decent nas offsite

my NAS is spinning rust but that's 8x 8TB SAS disks, not sure to connect that to rpi :-)

my nas I put in a network cabinet in my parents' basement. when I set it up I was still living in a small studio and didn't want the noise

I kept it there, its now my offsite backup target

lw: only 8 disks, those are rookie numbers

mine is an of-the-shelf synology box with only 2 drives

SponiX: it's not a dick waving contest. this is more than enough storage for our requirements

lw: you sure?

lol

it's 28% used, so yes, sure

the send/recv seems to be decently fast

neat

and it keeps all the permissions etc. I like this.

lw, I have problems

jbo: we noticed

.__.

lw, soo... the I226-LM NIC on my new mainboard is only giving me 100 Mbps according to iperf3. it's not a cabling issue, it's not a switch issue. it's truly specific to this new setup.

the thing is, ifconfig igc0 says:

1000baseT <full-duplex>

wow, i'm not the only one having issues building electron: pkg.freebsd.org doesn't build it either due insufficient resources: bugs.freebsd.org/bugzilla/show_bug.cgi?id=278049

Title: 278049 – net-im/signal-desktop: not in repo anymore and version expired

jbo: tried changing cable?

oh, you said yes

you changed the switch as well?

I did

and this is a proper cisco switch that cost more than the mainboard

<background:laughingsoundfromNSPswithCiscoexperienced>

jbo: does it work if you run iperf to localhost? just to rule out any weird OS issues

lw, getting 40 Gbps that way

i'm expecting a system with I225-V ports soon so curious about this issue, although i probably won't use them

lw, well, according to the mainboard manufacturer, it's I226-LM any chance that that's the issue?

the manpage doesn't say it supports that but i would be inclined to assume that's just a doc issue, probably the same chip

I though the same, yes.

plus it's technically working :D

and ifconfig reports 1000base-T

did you try a different iperf endpoint? what are you testing against?

lw, against a host on the same switch. neither that host nor a 3rd host have any issues doing 1 Gbps via iperf3

hmm

jbo: any errors in netstat -m or netstat -in? what does cpu use look like when iperf is running?

also check errors on the switchport

and is it *exactly* 100Mbps or just vaguely around that?

lw, well it's 97Mbps

98 sometimes

whatever

it's static, constant.

yeah about what you'd expect for IP over 100BASE-TX

jbo: i don't have any other ideas especially since i don't own this hardware, but i think a bug or a quick mail to the driver maintainer might be in order

lw, nothing obvious with netstat -m and netstat -lm

jbo: second one is dash eye (i) dash em (m)

and Oerrs is the relevant column

(or Ierrs maybe)

lw, nothing in there - at all

it produces empty output, or it's all zero?

produces empty output

that's strange, you should at least have an entry for lo0

wait

-i -n, not -i -m. i said it the first the first time :-)

lw, netstat -i -n reports 0 froth both Ierrs and Oerrs on that interface. it does have 0 Ierrs and 436 Oerrs on the vm-public interface tho (but this is host-to-host, no vm invovled)

that's probably not related

jbo: check stats on the switch too (show int geX/Y/Z)

can you be more explicit?

not especially as i don't have any IOS devices here to check but it should list input/output errors on the port

is that part of netstat?

no it's an IOS command

or do you not have login access to the switch?

oh, you talk about the ethernet switch, not the switch on my host for bhyve vms -__-

oh. yeah

i doubt bhyve switch is related to this issue :-)

although you never know, stranger things have happened

jbo: is the igc in the (local, freebsd) bridge? might be worth trying it outside the bridge just to rule that out

lw, I don't have enough FreeBSD networking knowledge to know what that means/what to do.

jbo: ifconfig bridge0 delm igc0 # note: this will take your network offline; ifconfig bridge0 inet 1.2.3.4/24 -alias; ifconfig igc0 inet 1.2.3.4 up; route add default 1.2.3.1 # replace 1.2.3.4/24 with your IP address and 1.2.3.1 with your router

sorry, deletem, not delm

oh, and that should be ifconfig 1.2.3.4/24 up

don't know why you keep asking me for network advice i can't even type words

as long as you don't try pasting we're good :p

jbo: i have to say though this feels like a driver bug

i wonder if freebsd⊙ic would be interested, although igc(4) says Netgate rewrote the driver