does sysutils/bhyve-firmware images support enabling secure boot in virtual machine?

ivy, the specs for this device ("OWC Mercury Elite Pro Dual") say "UASP (USB Attached SCSI Protocol) is supported"

which suggests that it can, but must not, use UASP

treefrob: well, not sure, but the device doesn't appear to present a block storage device. perhaps there's a configuration option? i'd suggest asking the vendor

unfortunately there is no config option (would be some sort of switch on the back)

yeah, I'll ask OWC

treefrob: install the lsblk package

It has a lsblk command

geom disk list perhaps

I find the lsblk in the port to be an poor analogue to the linux version of the command. On FreeBSD the best I have found is "geom -t" and supplementing that with "geom disk list".

SponiX, deimosBSD, rwp: thanks

well I'll be damned. I disconnected the external enclosure from the type-C jack (which belongs to a DeLock "front panel" connected to a mobo USB riser) and connected it instead to a type-A jack on the I/O shield and immediately da0 appeared

When I run iperf3 in udp mode in a vnet jail, the upload is always the same as I set on the command line, never the real bandwidth I have to the server. Anyone knows how I can get the correct number without reverting to tcp mode ?

running `iperf3 -c ping-ams1.online.net -u -b 2048M` on the host gives me the correct numbers: 957mbit down and 950mbit up

running the exact same command in a jail on that machine gives me 957mbit down and 2.05 Gbits up

I do want to use udp mode as that will provide statistics about jitter as well, something the tcp mode does not

you get two numbers for udp mode

like:

[ 5] 0.00-1.00 sec 7.14 GBytes 61.1 Gbits/sec 0.000 ms 0/468854 (0%) sender

[ 5] 0.00-1.00 sec 5.29 GBytes 45.2 Gbits/sec 0.001 ms 121534/468853 (26%) receiver

yeah

[ 5] 0.00-10.00 sec 2.39 GBytes 2.05 Gbits/sec 0.000 ms 0/1754189 (0%) sender

[ 5] 0.00-10.00 sec 1.11 GBytes 949 Mbits/sec 0.016 ms 0/1748937 (0%) receiver

my 'problem' here is that the number for 'sender' is whatever I specify as target bandwidth on the command line. not the actual bandwidth I have with the test server

it does show the correct numbers when running the command on my host (outside of the jail)

This is what my host reports:

[ 5] 0.00-10.02 sec 1.12 GBytes 957 Mbits/sec 0.000 ms 0/821241 (0%) sender

[ 5] 0.00-10.02 sec 1.11 GBytes 950 Mbits/sec 0.013 ms 0/818749 (0%) receiver

which is correct, since I have a 1/1 gbit connection to the internetz on this machine

sender is how fast iperf tries to send at for udp

it'll go to whatever number you select until you run out of tcp

I did iperf3 -c localhost -u -b 100G

for that example output

i'm running the same command, on the host and in the jail: `iperf3 -c ping-ams1.online.net -u -b 2048M` and on my host it shows correct and in the jail it shows 'unf upload 2.05Gbits'

if all else fails I will have to run iperf on the host, but if possible I'd like to have it in a jail

it is probably that the gigabit interface is providing back pressure, but the epair/bridge whatever isn't

the packets are dropped when they hit the gigabit interface and to the jail networking thats further in the network

it's a vnet jail indeed

if you pass the gigabit interface into the jail you might get the expected result

gheh, it's the main interface for this machine so that's not goin to happen

I have a jail configured, following the instructions in the Handbook. 'pkg' is not setup inside the jail. I do have lighttpd installed in there and it seems like it keeps getting updated as well. I'm not sure how that is happeing though.

but thanks for explaining [tj]

the upload is basically testing the speed of epair to bridge, instead of the connection to the remote machine

the *wire* speed of the epair or bridge

mns: do you use pkg -r? (with -c or -j pkg would be set up inside the jail)

nimaje: I use: /usr/bin/time -p sudo /bin/sh -c 'pkg update && pkg upgrade'

on the host? then that shouldn't affect the jail and if inside the jail pkg should be set up in it

nimaje: thats on the host.

no idea how your packages in the jail magically get updated then

I'll have to backtrack and see how that works

hrm, i have an amd ryzen 7 7800x3d running at 4.2ghz, it should support a boost mode to take it to 5.2ghz but i'm not sure how to do that

only 1 core should be boosted, i'm running a single threaded app all on 1 core anyway

Demosthenex: my understanding is that turbo/boost is handled inside the CPU and while it is possible to monitor it somehow, it's not exposed via the normal ACPI frqeuency tables. i'm not 100% sure about that though

ok. well the dev.cpu...freq only ever says 4200

i'm trying to make sure that power saving, cpu freq reduction, etc are never enabled. i want this job to get as much cpu time as possible

i have Cmax in the rc.conf for performance. powerd with -a max -b max.

right. what i mean is there is no way to turn this on or off, it doesn't appear as a discrete frequency you can enable, the CPU simply does it when thermal headroom is available

i'm seeing a weird temperature flux too, which makes me wonder if it's hitting turbo

it runs at an avg of 55C, then zooms up to 75C for maybe a minute, then back down to 55C

this happens routinely at regular intervals that don't appear to be aligned with any routine jobs

could that be boosting?

Demosthenex: I also have this question with a custom-PBO ryzen 5700X and a larger boost clock override of +200MHz. I'd like to ideally see the real CPU frequency rather than the P0 ACPI-exposed frequency in tools like htop

svmhdvn: try installing turbostat

sometimes it will tell me extra details, the rest of the time it dies with a floating point exception

there's currently no support in FreeBSD to get the actual frequency

on an AMD chip (works for Intel)

if turbostat works, then because it directly talks to the CPU (rather than to the kernel)

similar to lets say cpufetch

i get this wild consistent temperature swing

I might be interested in trying to add this support, at least for a small subset of zen chips to start. Is there any documentation online on how tools like Ryzen Master or HWInfo (on windows) is able to get this data? I'm assuming it's through MSRs

though i have a constant load

i installed netdata which is now giving me close to realtime temperature graph, and i'm seeing this 5 minute temperature cycle. bizarre

Good morning all. I'd like to call and invite you back to God, turn to Jesus and be forgiven of all sin. Heed this call whoever has ears to hear.

what

our mascot is literally a daemon

Someone had to get their proselytism quota for the day.

geez.

gzar: i invoke the atheist's curse. may you stay up all night with existential dread wondering if you've been lied to all these years.

Demosthenex: And I will pray for you, I hope you will seriously reconsider your ways

gzar: good thing i'll be here to think for you.

Demosthenex: Proverbs 14:12 There is a way which seemeth right unto a man, but the end thereof are the ways of death.

hell yeah death

okay cool man. see you later

fortune -m Noxzema

hrm, rebooting into bios, i had to enable this new PBO think (optimized booster?)

is there a way to tell if a pkg was insatlled using "pkg -r" ?

I use: pkg which /usr/local/bin/zstd => /usr/local/bin/zstd was installed by package zstd-1.5.7

I use: pkg info | grep zstd => zstd-1.5.7 Fast real-time compression algorithm

rwp: thanks. Using 'pkg which' says its not in the database. I'll have to see how I went about and got this jail setup.

You say jail and I am not sure... I would double check that "pkg info" lists out other packages of other things that are installed in the jail. I would run that in the jail of course. Or I would give pkg the -j jail option. Or the pkg -r /jails/jail5 option you mentioned. To make sure the results are from the jail.

rwp: Thanks! I tried 'pkg -r /usr/local/jails/containers/<container> info <package>' and that seemed to work. I tried using 'which' with a path relative to the container root but that didn't provide any results. So it must have been 'pkg -r' that I used.

There are multiple ways to do things. Personally I usually jexec into the jail and install packages that way by being inside the jail when installing. But the -j and -r methods should also work.

rwp: I've not setup firewall rules for my jails, otherwise I'd use 'pkg -j'. Uptil now, it was just one jail I had but now I'm going to be adding multiple jails.

Seems like will have to spend time and get pf setup

This confuses me... How are firewall rules related to installing packages using pkg -j into a jail?

pkg -j still wants to setup 'pkg' inside the jail from what I recall seeingbefore.

So, have you somehow blocked your jails from having the ability to fetch by HTTP files from the Internet? Are they air-gapped? Is that the issue?

rwp: I followed the Handbook setup for jails, but I didn't want to give them direct access to the internet. thin jails with nullfs support. works as a web server.

for now I have what I want

mns, They key configuration point there is "thin jails" which means that upgrading them in the jail is going to be counter to the configuration of thin being based upon another snapshot/fsclone.

Because (to be explicit for the lurkers here) that would expand the thin part into a new thick jail and lose the benefits of being thin.

I don't have anything against thin jails but I do think that for most purposes thick jails are easier to manage and less trouble and not worth the effort to make them thin. However if someone is doing laboratory experiments setting up 10,000 jails then of course thin becomes extremely advantageous.

mns, Since you are using thin jails you are going to have to work the problem of upgrading the base layer such that things propagate up through the layers to the thin jails.

rwp: yeah I don't mind working that out. Its a good way to learn things. Eventually I'll have many jails while experiement with infrastructure as code type of stuff. I had set this jail up a while ago, but couldn't tell how I had gotten the packages installed. With your help have been able to figure out that it was done using "pkg -r"

time to head out to a concert

laters

Enjoy!

I unfortunately got a NanoPi R5S. The main network interface generates a new MAC address at every boot. Is there some way in FreeBSD to prevent this, or to override it and set a fixed one?

zilti: in /etc/rc.conf you can try something like this: ifconfig_xxx0="ether xx:xx:xx:xx:xx:xx inet 192.168.0.1/24"

i don't remember if that's the exact syntax

ivy: I think it would be, but it seems to at least not work with DHCP; my config is `ifconfig_eqos0="ether F2:00:24:DD:9A:14 DHCP inet6 accept_rtadv"`

pretty sure you have to split ipv6 configs into a ifconfig_xxx_ipv6 variable

nimaje: Ahh that did it, thanks! I copied that from ifconfig_DEFAULT and added the ether thing.

you should also file a bug if you think that behaviour is wrong, but usually if this happens it's because the card doesn't have a burned-in address at all

ivy: afaik it is the latter. Which apparently is also the reason why the two additional PCIe-connected ethernet ports don't work; apparently the realtek driver only works with cards that have burned-in addresses

that sounds more like an actual bug, but if they're re(4), you may be glad they don't work (that driver has issues)

ivy: they're re(4) indeed

The only reason anyone uses those cards is that they have long been the cheapest option. Cheapest. And most terrible problematic awful horrible option. They would never be chosen by anyone who knew what they were getting.

rwp: sure, but it would help if the freebsd driver wasn't broken

Hello everyone.... I wonder it is anything functional on the virtualization with freebsd (last I checked only proper viable promise was clonos and cbsd), and second... what is the AI looking in FreeBSD... is there ollama runing on freebsd (or something similar that one can use open source large models such llama or others

acu: freebsd has had virtualisation with bhyve since 2014

I need to setup a small host virtualization server that will run 10 virtual machines, with two NICs one LAN one WAn, with two storage (4 TB nvme and 8 TB spining drive)...

ivy: thanks, yes I know... I was wondering what is the state of some proxmox style solution --- like clonos.convectix.com

I am wondering what is the VISION and STRATEGY of freebsd leaders ? I assume virtualization and AI are sufficiently important that would warrant some attention (perhaps some grants ?)

acu, spinning rust*(

s/\(//

whoops

s/(//

CrtxReavr, it is a bit cryptic of what you are saying --- if you talk about VISION and STRATEGY - about freebsd... yeah - could not find any place with that... I will look at BSDCAN videos... but AI and VIRTUALIZATION are not optional...

o_O

I'm talking about drives.

platters = spinning rust

Yeah - I am innamored about them - Ijust have on ZFS 8 tb that gives me errors - I did not back it app - I am toast :(

You have ZFS on a single drive?