pretty much
<yawn>
islandfox: let me know if you blocked icmp; my nagios can't ping your host but from VNC it appears up (SSH too)
islandfox: put a hole in for 208.79.88.56
up_the_irons: I didn't mean to, let me fix that, thanks
islandfox: np
up_the_irons: should be fixed
islandfox: yup!
tnx
w00t
heh someone launched a tactical nuke in modern warfare 2, kills everyone.. but if you launch an EMP, it only disables the enemy electronics
somethings wrong with that game
packetshaper
I've tried following the instructions for freebsd "rootonzfs" on vmware locally... still no good
so tehre's something missing in the instructions. :(
this is frustrating
I really need to be starting to move things over. :(
RandalSchwartz: Is it vital that everything is ZFS?
RandalSchwartz: what failure are you seeing, and which configuration are you trying to use?
I'm following precisely the instructions on ---
... http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
and everything steps through properly, but when I reboot, it says "can't find a ZFS Pool"
made harder by the fact that I have to hit F12 immediately after VNCing in... a button shuffle I don't always manage
as in, hard shutown (ok)
boot (ok)
repeatedly try connect "no" "connect" "no" "connected!"
and then I have to hit FN-F12. :)
it's a good thing I have two hands now, not one
RandalSchwartz: oh, I doubt I can help you with that setup... I tried that one initially wihout luck as well, with the same failure if I remember right
RandalSchwartz: unless you *really* need to boot directly from ZFS, I'd suggest this setup: http://wiki.freebsd.org/ZFSOnRoot
does that still eventually put / as ZFS?
yes, / is still fully zfs there
well, that'll work then
you just have /boot as ufs
Lemme try it with vmware first
actually, looks like that was updated as - http://wiki.freebsd.org/RootOnZFS/UFSBoot
that has more explicit commands
ah yeah, that looks like it should work with less adjustment... I forgot about the gpart swith
I would suggest adjusting that config to put the root fs as a separate tank/root or such rather than tank directly, for easier management later
where do those magic numbers come from?
gpart add -i 2 -b 2097152 -s 8380827 -t freebsd-swap ad0s3
-i is the partition index
-s is the partition size
how do I compute the size?
with gpt, I just said "use the rest of the disk"
-b is the offset
I think it'll auto-compute those
looks like I have to type those in
it's on a commandline
but are those numbers correct for *my* disk?
I know I didn't have to specify the offsets, I don't remember the size
I doubt it
ugh - so many things I never have to worry about in OSX :)
for the first part, on a clean disk, you should be able to just: gpart create -s mbr ad0 && gpart add -t freebsd md0
that last part is "md0"?
err ad0
is that the name for the freebsd part?
oh
I'm testing it here on a md device
gpart create -s bsd ad0s1
gpart add -s 1G -t freebsd-ufs ad0s1
gpart add -s 2G -t freebsd-swap ad0s1
gpar add -t freebsd-zfs ad0s1
gpart*
should do it
subsitute ad0s3 for ad0s1 in the rest of the tutorial
starting with gpart create -s mbr ad0 ?
I'm not sure why gpart directions always make the partitioning so difficult...
yes, on a clean disk
if you've been messing with it, probably want to zero the first part first to remove any artifacts
ok - I'll give that a whirl
first with vmware to see something work
gpart create -s bsd ad0s1 doesn't work
oh - I need the gpart -t line before that?
RandalSchwartz: So have a headache yet?
RandalSchwartz: the "gpart add -t freebsd ad0" creates ad0s1, if that's what you mean
I don't get headaches
I just get frustrated. :)
I've done my share of yelling this morning already
oksushi, disk geometry looks good
oops... just "ok" there.  damn autocomplete
I don't see an oksushi in the room ^_^
is /dev/ad0s1d the 4th partition of ad0s1?
as in, are the letters sequential?
ad0 is disc and s1 is slice right?
are you asking me?
because I'm asking. :)
yea
ad0 = 0 disk i guess
Well I know that BSD does disk and slices, partitions are what I'm used to with Linux ^_^, trying to learn
so if gpart show has "2" for the thing I want, then I use "b"
s x = the slice
ad0 is the disk, ad0s1 is the dos partition on the disk, ad0s1[abd] are the bsd partitions within the dos partition
ad0s1, item 2
yea
"b" = 2?
gpart show ad0s1
fdisk -l and see
RandalSchwartz: http://z.about.com/d/linux/1/0/H/1/screen_disk_label.jpg
C I think is reserved
looks like a will be 1, b 2, and d 4
c is reserved for the whole device
well, I just have 1 and 2
gpart shows 1 and 2
did you do the freebsd-zfs one?
I want swap on ZFS
since I don't care about dumps
and I might want to resize it
that could be dangerous, it was in the past known to be unreliable, and as far as I can tell, was never fixed
Swap is kept on b it would seem?
if you really want to, you should probably delete the freebsd-zfs partition, and add it back with index 4, as 2/b is traditionally swap
though it should still work either way
well - I'm just trying to get proof of concept going too
so for example, I'm making one big disk, instead of all the pieces
because it takes too long to type all those commands. :)
what pieces?
zroot/var, zroot/var/crash, zroot/db, zroot/db/pkg
takes forever to type all those
just to get different attributes for different parts
the install.sh creates all the right dirs anyway
yeah, I wouldn't do that anyway, most tutorials seem to like to overcomplicate things just to show off zfs...
islandfox: Ever read a linux tutorial?
Arenlor: not really
Linux tutorials are why extended partitons were created.
You apparentally need to create a partiton for every file you will ever have.
ah, heh
uh oh.  step failed
cd /zroot
mv boot bootdir/
oh - exec failed
maybe needs LD_LIBRARY_PATH alrady
oh weird, there's no /bin/cp
now I have to figure out how to fix the steps
crap
Wow.
yeah /zroot/bootdir is still mounted
so that's a cross device move
which needs a cp to work
unless that was supposed to be unmounted at some point
nope
crap - foiled again
Wait, I seem remember a story about long ago when a tape drive crashed and they had to rebuild cp and the other tools in hex.
let me start up a VM here so I can follow along...
run through all the steps... notice the step mounting /zroot/bootdir early, and then trying to "mv" into that from outside that later
the question is, should I unmount it, or should I cp the data in?
which view of /zroot/bootdir is needed?
it should be the ufs bootdir, I believe
I think this is the tricky part which I skipped, since I didn't install from release media
well - I'm stuck here, unless you can point me at relevant manpages, or try to understand the author's intent and patch it
yeah, I'm getting a VM running here, I'll run through it and try to see what's going on
it'll be a bit because I have to do it on a remote machine
ok
RandalSchwartz: ok I think I see what's going on
RandalSchwartz: in the :Move /zroot/boot into /zroot/bootdir" section
RandalSchwartz: instead of the mv, try cd /zroot; tar cf - boot | tar xf - -C bootdir
(then either mv boot out of the way, or delete it)
I suspect that's all you need to change, if not, I'm saving the whole setup I'm doing, and can post it somewhere
also you need to do a umount /zroot/bootdir before the zfs umount -a as well
RandalSchwartz: for reference, what I did (assuming no typos in copying) is here: http://islandfox.net/~pete/zfs.txt
which I just sucessfully booted into
(I had to skip around a bit while figuring things out, and haven't re-followed that 100% from scratch)
I've got to go for a while, but please let me know how it turns out
also I would suggest upgrading to the latest 8-stable after getting the install done to pick up the recent zfs fixes
thanks
YEAY!  success in vmware with GPT ZFS
the trick was that I was doing "zpool export"
because I wanted to tidy up before a reboot
but that broke the cache :)
now to try this with my VPS
oops... shoudl I have not set em0 to DHCP?
on your vps?  no
do you know where the settings go in FreeBSD?
I'm logged in through the VNC
/etc/rc.conf
ifconfig_em0= ...
ifconfig_em0="inet x.x.x.x netmask 255.255.255.252", iirc
or .250 in my case
err .240
and where do I put the default route and DNS
yeah, adjust as needed =)
defaultrouter="x.x.x.x"
dns in resolv.conf
Can anyone help me get DNS setup, if I get it working with just the one domain I can get it to work with the others.
thanks
np
bind arenlor?
I can ping my default router
this is a good sing
jlgaddis: Yes, bind9 on debian.
I have it to the point that the server itself recognizes the domain and will talk with it.
ooh, and I can ping my old box :)
not sure if i remember debian's way of doing it, recently retired my last debian box running named
Arenlor: that's the hard part :P
Now the big step, how do I get the world to recognize the domain and go to it ^_^'
arenlor: you have to delegate the domain to your name server from your registrar
go to your domain registrar and change the authoritative dns servers to point to you
you'll need two
the ip's of your dns servers
the ones running bind
there we go.  traceroute works
you need to register name servers before you can point a domain to them
names and everything
Ok so figuring out how to register them is my next step then, thanks ^_^
like if you want ns1.example.net and ns2.example.net, you will have to register ns1.example.net and ns2.example.net to point to your name server IP addresses
then you can set a domain to use ns1.example.net and ns2.example.net
I guess sshd doesn't come up by default?
RandalSchwartz: echo 'sshd_enable="YES"' >> /etc/rc.conf
randalschwartz: rc.conf contains the stuff that starts up... defaults are in /etc/defaults/rc.conf
RandalSchwartz: not much does, by default
thanks - sorta like openbsd then
RandalSchwartz: take a look at /etc/defaults/rc.conf, then "override" those settings in /etc/rc.conf
wonderful thanks
can I start ssh after the fact right now?
something to do with /etc/rc.d ?
man, people are fucking idiots.  some fucknut walking his dog just got a shotgun pulled on him.
thats fucked up
walking down the sidewalk and shined his flashlight in my front window
Wait, you're the one who pulled the shotgun on him?
since the neighbor's got broken into about two weeks ago, i grabbed the remington and yanked the front door open and ordered him to the ground.
RandalSchwartz: probably can just do "/usr/sbin/sshd", i think
RandalSchwartz: whatever "sshd_program" is in /etc/defaults/rc.conf, along with "sshd_flags" (empty by default)
up_the_irons: you around?
RandalSchwartz: /etc/rc.d/sshd start
yeay - logged in via ssh
RandalSchwartz: what zfs setup did you end up with?
you'll never believe it :)
... http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot
but I was "tidying up" at the end by "zpool export"
and that was, in fact, corrupting the zfs
dammit - I was taught never to reboot with stuff still attache.d :)
and as long as I could type zfs list and see things, I was worried :)
ah, cool
I hope it works for you, that setup scared me off reading about the gptzfsboot loader problems...
117GB free. :)
zroot      117959040 275712 117683328     0%    /
what's the "update the ports" command?
I prefer portsnap+portupgrade personally, though there are several solutions
yeah - portsnap
comes by default
thought your name sounded familiar
just portsnap fetch?
looks like it's grabbing 60MB of something :)
portsnap fetch install or portsnap fetch update
portsnap fetch extract the first time
first time, rm -rf /usr/ports && portsnap fetch extract
after that, portsnap fetch update
unless you're installing from source, you should also do freebsd-update
yeah - it's that perl guy
and floss weekly guy
http://arenhost.net/ That work for you?
first order of business - build emacs :)
Arenlor: yep
I can sorta work vi, but not very well
oh wait, before that, screen
Awesome, it's working somewhat then, need to debug apache it seems, but other than that sweet.
arenhost.net has address 208.79.95.130
jlgaddis: Yes, but go to that IP and you'll see what I expected to show up.
yeah, i did
empty directory index
with an informative apache banner
portsnap extract seems to be working
Heh spent too much time working on this already today, taking a short break.
oh cool.  this zfs has .zfs/snapshot working :)
the OSX version didn't
so this is pretty close to the one on opensolaris
what is "vulnerability check disabled database not found"
since you don't have portaudit set up, I think
portaudit is not installed or the database isn't
randalschwartz: portaudit -Fda
ahh, probably need to install portaudit then
eww.  every time I say "make install" on a port, I get an ugly config
is there someway to say "go ahead and always use the defaults"?
make BATCH=yes install clean
aha
thanks
I suspect the options screen times out though
and it's nice that it works inside real screen :)
Yeah, this is gonna take the better part of a few days to get this to work
good thing I have plenty of other things to keep me busy *too* :)
oooh.  building perl
this looks familiar
that's odd.  Perl comes with openbsd, because the packaging system uses it
it used to be in freebsd base, but was removed (with much pain, apparently) quite a while ago
I don't blame them
Why do I need the www in the ServerName on apache?
wow - and now we're installing ruby
you don't
you can make the basename with or without www
you just have to be consistent
and put the other one as an alias
I had it as "ServerName arenhost.net" and it wouldn't load the index, changed it to "ServerName www.arenhost.net"
there's somethign else at play then
it really doesn't care about that name
unless something else epends on it
if dns is set up properly, it should work
well foo
i use ServerName domain.com and ServerAlias www.domain.com
Even more foo, both www.arenhost.net and arenhost.net are working properly.
wow, just got an order from Iceland (the first).  I've never seen so much unicode in my order form... ;)
up_the_irons: my box was turned off cuz i was ddos'd last night
how do i go about upgrading my vps?
synapze: i was just going to email you about that
and how much will it cost?
its bs
see your email in a few
i found out who did it, i pulled his dox
do you guys prosecute ddos attacks?
i have the ddos log on my vps also
as well as irc logs of him threatening/talking about it
ok re: email
synapze: i'm not in law enforcement, i can't prosecute anything.  i'm not sure my local fbi field office will care, i'm small time.  DDoS twitter and facebook, they might care about that..
up_the_irons: you have local ntp servers?
up_the_irons: well im in the process of fwd'ing the info to the authorities
this guy ddos's more than just your network :\
jlgaddis: no
up_the_irons: i was also curious, why does one of your servers send udp packets to port 0?
speaking of
anthis is the one ddos'ing your network
in here
:\
synapze: dunno, which server is sending packets to port 0?
cant remember the host name would have to check logs
it was lots of packets right before my vps/ssh session died
something.arpnetworks.com
synapze: yeah, i know anthis did it
oic
are you srs?
its not my fault that happened
at least let me ge the logs off my vps
and i think you and anthis need to work out your differences elsewhere; it is not fair to everyone else
this doenst even involve me
he was targeting a user on my vps
and i happened to be the box he was on
who is on your vps is not my concern, it is _yours_; anything that happens to it is  your responsibility
anthis: have fun when the feds knock on your door
wow, so much for running my website
up_the_irons: its not my fault what some lame ddos kiddie does either
i cant control the actions of others
can we compromise and i remove that user from my vps?
i put tons of work into that vps
I really like the fact that I allow IRC services on my network, but when shit like this happens, I can really see why most networks don't allow.  I use IRC for legitimate purposes, and lots of others do as well;  but when guys who run bots and offer shell accounts and cause trouble, that really chaps me off
i gave a shell to a few of my close trusted friends
you can even look at my passwd file
synapze: you can't control the actions of others?  of course not, do you know what "responsibility" means?  It is _not_ your fault, but it *is* your responsibility
can we compromise and i remove the user that anthis was targeting and get my vps back?
synapze: nope
so im responsible for the actoins of others?
i see your logic
synapze: you know how much that DoS cost me in time and energy, and how many people it affected, many of them in this very channel?  I could charge you managed services fees ($250 / mo) and I'd still not make up my loss
anthis made more threats didnt he?
thats why ure not giving my vps back
thats the only reason he would be in here
you caused trouble, that is why your vps was cancelled
so the ddos kiddie gets his way and a legitimate customer gets fucked
nice huh
i didnt cause trouble
anthis did
i set up that vps so i could host an affiliate site for an e-cig company
yup, true, what do you want me to do?  I have a business to run
nice how there is no good way to stop UDP floods; let's complain to the IETF
anyway, synapze + anthis: settle your differences elsewhere
I have work to do
anthis: now im really making sure you get yours
thanks for fucking up my vps permanently
fuck me
whoever mentioned +q the other day, THANK YOU
:)
_now_ i have work to do
Does arenhost.info and arenhost.net look the same to anyone?
Arenlor: they look identical to me in a browser
up_the_irons: That's what I thought, don't know why but my computer has the wrong IP stuck in it. Tried flushing DNS and everything, and I use OpenDNS and it has the right IP.
Arenlor: what OS you run?
Actually just tried it on a separate computer and it gives the same issue.
dns cacher somewhere
Which is not cool.
Especially given that I run OpenDNS and have DD-WRT on my router to try to prevent issues like this.
using dnsmasq or whatever on dd-wrt?
it's probably caching it
Had thought it was disabled.
22:07 <@up_the_irons> whoever mentioned +q the other day, THANK YOU
22:07 <@up_the_irons> :)
Whoops.
Stupid middle click.
+q is yummy.
what is +q ?
quiet
quiet on what?
huh
it quiets them
theyre mute pretty much in the channel
I guess I don't need to kno
eh
if they set +q mode on you
you can't talk in here
if it's set in here.
... (mhoran:#arpnetworks) 22:07 <@up_the_irons> whoever mentioned +q the other day,  - THANK YOU
+q = mode
are you talking about +q being set hhere?
yes
it was set on
why does he say THANK_YOU?
because he didnt know what +q was
and why was it useful to find out?
is +q on now here?
or was it before?
dood
you've got a lot of questions
i dont think he's set +q on anyone
but it's available in all channels
well - that's why I'm curious... why is he saying THANK_YOU
because he wants to be *able* to queit someone?
because sometimes people get out of hand
yeah, ok
read the guys conversation up there
I don't see it all
just some quotes from him
ah
which don't make any sense
I don't have a huge scrollback, by choice
crazy]
what you run
oh heh
I don't want anyone to get the idea that they can say somethign *here* to me, on top of all the *other* ways to reach me
I don't one more place to look
what ?
if you thought you could say something in here when I wasn't around, and that I'd get it eventually, you woudln't try also sending me email or IM
ah
so that's one *more* thing I have to check
it's like that movie
so I let everyoen know I don't have more than about 4 pages of scrollback
where you have to get rejected by 7 different decies
devices
RandalSchwartz, you promised to give me a plug in your show
in truth, there's a bit more than that, but everything on freenode competes :)
a plug?
yea
you know how you plugged arpnetworks vps ?
yes
tell the world that my farting is amazing and spectacular
since I've not experienced that (nor want to), I don't think so :)
oh you have.
what are you trying to do with your vps
hw.ncpu = 1 ?
we can't burst with two procs?
think youz got to pay extra