deimosBSD: if you like ipfw, you might be interested in a primer i wrote for it a few months ago.

enjoy :-)

Guys, any way of testing a geli password on a running machine (/ and swap are encrypted)? I don't remember which of my like 50 passwords I used to do the disk encryption.. :) so ideally I'd like to find out which one it is before I do a reboot and have half an hour downtime guessing the password.

Onepamopa: you can backup data from these partitions before reboot

I know I can. There's not much to backup, it's a production server with a few services running.

So, there's no way to test passwords?

The F-ing chatgpt gives me geli attach -n -j /dev/stdin /dev/ada0p3  (-n without an argument) to do a "dry-run" without creating an .eli but from what I see on man geli ... that doesn't seem to be the case, at least according to the man..

don't trust chatgpt with your data

or with anything for that matter …

That's exactly why I asked here first...

you could try to change the password. it should ask you to give the current one before allowing to change to a new one ( from: forums.freebsd.org/threads/verifying-password-for-geli.58634 )

also found -C (dry-run)

chatgpt is endless source of false information that feels strangely true

btw, the encryption was done manually (UFS, not ZFS via the setup)

since the encryption is geli, the filesystem will not matter for this (imo)

dry-run only seems to work for `geli attach`, but it checks the password and informs if it's wrong. it did so for me with a wrong password (but currently can't test with the correct one)

So, geli attach -C -n 1 -j /dev/stdin /dev/ada0p3  should work for testing the password

(-n 1 because the key is 0x01 according to geli dump)

i lmfao'd when it told me who my parents are, gave a source too but there was nothing like that on that page!

lol :)

so why using it for geli...

I was waiting for a response here, so I decided to "give it a shot"

Wasn't about to do what it told me tho ..

how's 14.4 looking?

is beadm still something that i can use to create boot environments for rolling back?

Macer yes, but also make sure you have an updated boot archive.

bootadm list-archive

it's a fresh install. i haven't really done much to it yet. i'm just prepping it to use cbsd on it for jails/vms

yeah, beadm is still and will continue to be well-supported

xv8: did you mean beadm?

i don't see a bootadm

let me take a look at wiki.freebsd.org/BootEnvironments

Macer oh gosh, forgive me, I thought I was in the #solaris channel xD

Waking up and giving advice uncaffeinated is not recommended.

lol

Solaris, FreeBSD, same thing really... at least filesystem wise >:)

a piece of me is wondering if it would be possible to just zfs send the proxmox zvols of VM vdisks over and run them in bhyve untouched.

i'm pretty sure proxmox doesn't do anything special to them. they're just raw disk zvols.

why not try? :P

whats the worse than could happen, you have to zfs send them again?

i can't yet. no disks in the freebsd server yet

but i did manage to get freebsd on the ancient supermicro 1u in that picture. i had a hard time of it since i'm using usb drives connected in the two internal usb ports (on the motherboard) for booting freebsd and after the install finished it took like 10 minutes to shut down.

maybe flushing the usb drive cache? not really sure. i attempted to re-install like 4 times and this time waited at the end to see if it would eventually shut down.

probably

sync &

that's still valid command

so beadm looks pretty straighforward, but do you have to reboot for the new be to accept changes?

ie: you're still making changes to default until you reboot?

Seems like N = now and R = reboot?

seems so

Macer: we have bectl(8)

doh!

yeah.. lol

let me give it a read

beadm was deprecated, right?

I just set this up a week or two ago and it was my first time with boot environments

i really wish this 1u didn't take like 5 minutes just to post. i need to take a hard look at the bios and see if i can speed that up at all.

wip_01 NR / 1.80G 2025-05-21 08:49

nice

beadm doesn't give you a menu on boot does it?

i didn't have the ipmi console open when i reboot

IIRC, if you've more than one BE, you should see an option at the bootloader

#8 I think

i see. let me reboot and take a look

ah it sure does. nice.

though, fun fact: the BE is kinda only a suggestion, as I got myself into a situation where the bootloader was properly showing the BEs and letting me apparently boot into them, but FreeBSD was grabbing completely the wrong disk for the root FS

the 'old' root FS was on another disk and wasn't even ZFS