***: dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
mkb has quit IRC (Quit: leaving)
mkb_ has joined #arpnetworks
mkb_ is now known as mkb
RandalSchwartz: great success by doing nothing. :)
good thing I finally had my private key
sorressean: great success by doing nothing? you should write a book.
I guess reading that book would imply doing something to achieve great success, so...
RandalSchwartz: heh
***: sorressean has quit IRC (Remote host closed the connection)
sorressean has joined #arpnetworks
sorressean: up_the_irons: you around by chance?
up_the_irons: indeed
sorressean: wow. does anyone actually have a "monumental"?
up_the_irons: sorressean: mercutio : is it at the login prompt?
sorressean: mercutio | but the gist is it's in single user mode
and
sorressean: mercutio | and has some directory number not found
mercutio: then "Unknown error: help!"
up_the_irons: sorressean: people do have Monumental's
sorressean: ouch. okay.
mercutio: hmm that could be bad /etc/fstab
sorressean: Is there any way to get an IPMI console in text or something or am I stuck with vnc?
mercutio: nope fstab looks fine
up_the_irons: sorressean: have you configured your OS to output to the serial port?
sorressean: I have not.
mercutio: umm yeah there is a way, but it involves changing some stuff in the freebsd loader iirc
up_the_irons: b/c then you could get a text-based console with ipmitool
mercutio: it looks like it's pretty simple
sorressean: up_the_irons: I'll send a csr from littlefieldt@wit.edu, I can bribe more eyeballs with beer if you wouldn't mind signing and I can IPMI in with his help.
Yeah probably isn't hard, I just have no way of doing that/seeing the error currently.
mercutio: yeah i mean to enable it
up_the_irons: sorressean: I'll sign the CSR as soon as I get it
mercutio: as long as ipmi is on com1
up_the_irons: I think it's simply: echo 'console="comconsole"' >> /boot/loader.conf
mercutio: yeah, if it's on com1
sorressean: oh that would be easy.
up_the_irons: mercutio: yeah
mercutio: i think it's on com2
wtf
using a port other than com2 requires recompiling
sorressean: up_the_irons: sent
mercutio: i suspect that in bios can disable hardware com1
or set it to com2, then have ipmi set to com1
sorressean: up_the_irons: mercutio : thanks a lot for the help, really appreciate it. was hoping it was something simple.
up_the_irons: also your arpnetworks.com is incredibly hard to read with a screen reader.
not that it matters, but I like to point people at arpnetworks when I get the chance. :p
mercutio: probably going to be a weekend project to figure that out, or at least a couple hours.
up_the_irons: mercutio: Yeah in the BIOS i think you can set the port number for virtual serial
sorressean: Sorry it's hard to read, I never knew that
mercutio: shall i reboot and go into bios and try to setup serial port
sorressean: up_the_irons: I didn't think you did, I can send a list of stuff that might help this weekend if that helps. I didn't need anything from it, I was just looking at it and seen it had changed.
mercutio: if you wouldn't mind I'd appreciate it. then I only need to echo that line into loader.conf
up_the_irons: sorressean: yeah that'd be great
mercutio: for some erason my java froze now
sorressean: the reason is java
up_the_irons: hahaha
mercutio: I actually connected to serial with ipmitool, maybe that did something. I've quit now.
mercutio: who knows
it's still not working for input
but i see ltters that werne't there before
oh si saw a space just now
i wonder if i go in with ipmitool sol it'll let me type
up_the_irons: I didn't get any output with ipmitool
mercutio: did you type anything into it?
up_the_irons: yeah probalby "lkajdsf"
mercutio: it's changed again wtf
i se aasdas
up_the_irons: might have been me, but i've disconnected
mercutio: yeah and i hadn't typed anything i was trying to do the serial
and it changed :)
woot it's working again
up_the_irons: i'm not going to guess what's causing that
;)
I just created: https://trello.com/c/iThnvyyo/29-arp-metal-connect-serial-port-of-a-server-to-console-cust-for-easy-console-access
mercutio: the sol is enabled for bios
but the keyboard stopped working again
up_the_irons: sorressean: ^ vote if that is something you'd like to see ;)
mercutio: maybe your VPN is going in/out ? (Happens when you're connected from a different computer)
sorressean: up_the_irons: will do. that would be useful.
mercutio: the time is updating
and that's working continuously
up_the_irons: ah OK
mercutio: there's an option in the web UI to reset video/keyboard. That usually "un-sticks" it.
sorressean: up_the_irons: I didn't get a support response (there's usually automated isn't there)? my school can never manage to get email right, so it could be something else.
mercutio: the macro ctrl-alt-delete worked though
i'm not sure what's with it
i can press del to get into bios
then can't move in bios
up_the_irons: sorressean: I haven't received anything yet
mercutio: does the virtual keyboard work? I wonder if arrow keys are somehow not mapping right
mercutio: yaeh just trying that
escape should still work to exit though?
up_the_irons: yes
mercutio: i've tried many keys
it's most bizzare
sorressean: resent in case that matters.
I hope it does because my other email addresses are tied up on the down box
up_the_irons: sorressean: nothing yet. you could just copy & paste the CSR into a private gist
sorressean: up_the_irons: doing that now
mercutio: it seems it's not easy to change serial port
it may be possible to run manual getty once booted
sorressean: mercutio: if it's a lot of trouble I don't mind recompiling once I get things up and running.
oh I didn't think about doing getty
mercutio: yeah that was mostly about getting you up and running :)
getty -h runs a getty locally :)
up_the_irons: mercutio: there's also "/usr/libexec/getty std.9600 ttyu0"
mercutio: that's how you put it on the serial port
mercutio: ok cool
up_the_irons: might need to change speed and/or port (u0, u1, ...)
mercutio: yeah it's u2 i think
up_the_irons: OK
mercutio: hmm that's not working
up_the_irons: is it in single-user mode still?
mercutio: yeh
but a getty should still work
could just fsck it manually
up_the_irons: thought gettys didn't work in single user mode...
mercutio: that's why i'm starting it manually
sorressean: mercutio: if you don't mind doing that, I'm cool with whatever works.
up_the_irons: mercutio: sorressean has a new VPN cert. You could let him have serial control now.
mercutio: serial's not showing anything once it loads freebsd is the issue
it shows the freebsd loader...
up_the_irons: aah ok
mercutio: that's why was trying to get a getty
up_the_irons: so you're still doing it over Java
mercutio: yeah
up_the_irons: OK
mercutio: well both are open
up_the_irons: roger that
mercutio: uhh
i think i got it but i have black on black text? :)
yeah restart ipmitool and it's there
ok i have /usr/libexec/getty std.115200 cuau2 &
but it needs l/p, so sorressean can test it out
so serial is all yours sorressean. do you know how to use ipmitool?
BryceBot: That's what she said!!
sorressean: mercutio: was just reading manpage/getting everything going.
mercutio: ipmitool -I lanplus -H <ip> -U <username> -P <password> sol activate
sorressean: Oh. sweet, thanks
mercutio: while vpn is connected.
brb
sorressean: got it. thanks a lot, really appreciate it. getting everything set up and I'll connect. does that persist over a reboot?
up_the_irons: i just connected, got a getty!
sorressean: sweet. thanks!
I screwed up and overwrote the CA. Is that publically available?
mercutio: it won't persist over reboot with the manual getty
up_the_irons: sorressean: you mean ARP_Networks_Server_CA.crt ?
mercutio: oh wow
i think i found a better solution
sorressean: up_the_irons: yeah.
mercutio: apparently you can set the comconsole port now
but the freebsd thing i was reading didn't mention that
up_the_irons: o'rly?
mercutio: http://serverfault.com/questions/574351/serial-over-lan-on-freebsd-10-0-with-supermicro-x9-scm-f
up_the_irons: touche
sorressean: I added it to your gist
sorressean: up_the_irons: heh, thanks. appreciate it
up_the_irons: mercutio: oh damn, there's "comconsole_port"
mercutio: Despite what the FreeBSD handbook seems to say, you should not need to compile a custom kernel.
yeah
up_the_irons: mercutio: that's a great answer that guy gave
great find!!
mercutio: i'm too used to openbsd's docs that actually are authorative
up_the_irons: haha yeah
sorressean: mercutio: that's bad ass, thanks
also openbsd is to cool for me.
up_the_irons: openbsd has the best serial port support on the planet
mercutio: are you set sorressean ?
sorressean: mercutio: I believe so, yes. thanks again, I really appreciate the help... and I owe you a beer if you ever end up in boston. :p
up_the_irons: mercutio: thanks!!
sorressean: up_the_irons: is there a separate openvpn password from that of key?
up_the_irons: sorressean: no
sorressean: that's odd. I can use openssl openssl rsa -in mycert-arpnetworks.key -check and decrypt the key fine, but can not authenticate to vpn.
up_the_irons: sorressean: let me check
sorressean: try again, I think it was an issue with the CN (was different than your last cert)
sorressean: up_the_irons: trying again. sorry, smoke alarms started going off.
had to afk a sec. haha
up_the_irons: I'm going to be relocating soon myself; driving home
sorressean: up_the_irons: sorry for the confusion, we're good to go.
thanks again for the help!
up_the_irons: sorressean: OK so all good?
sorressean: up_the_irons: yeah. good to go.
up_the_irons: ok great!
sorressean: thanks!
mercutio: I have ipmitool -I lanplus -H ... -P ... -U ... sol (I can't scroll far enough to see your command). Is that what you were using?
I'm used to my server having irclogs and it saves me from scrollback
mercutio: activate at the end
sorressean: oh gotcha. thanks
mercutio: did you get in ok sorressean ?
JC_Denton: didn't realize arp had a trello
i like the block storage idea
mercutio: it's recent
sorressean: mercutio: sorry, was afw figuring stuff out. yeah, got everything booted back up. I thinki my drive is going bad.
mercutio: smartctl it
sorressean: yeah. that's my second goal
there was a clean boot, so nothing to make fs break but fsck had a really hard time recovering
mercutio: freebsd's ufs isn't actually very good for data integrity
sorressean: been thinking of switching email to googl eapps though so I don't have to manage it, so a rebuild would be pretty quick and easy
mercutio: i reckon zfs is better
sorressean: mercutio: journaling was enabled
Yeah. it probably is
mercutio: i went off freebsd originally due to data corruption :)
it's how i ended up with openbsd
'cos when i was new apparently freebsd was better for desktops
sorressean: I've been considering openbsd, but I love jails and the reinventing the wheel for funzies doesn't seem all that great to me.
opensmtpd openhttpd for example
mercutio: yeah jails is kind of nifty feature to have
i dunno i always used postfix with openbsd :)
i'm not even sure what freebsd uses by default
sorressean: sendmail :(
postfix isn't hard to set up, but tuning it for spam is really really hard.
mercutio: it is?
BryceBot: That's what she said!!
sorressean: I've got clamav plus spamassassin plus postfix and ack.
mercutio: you can kill a lot with spamhaus rbl
sorressean: I don't know, never really managed to find the happy medium to block out all the phishing emails and allow good stuff.
yeah, that gets blocked at the edge.
mercutio: my e-mail /was/ pretty good
recently it's been getting wors e:)
very low false positive though
which is what's important to me :)
i had a spam somewhere, now i can't find it. maybe it is pretty good :)
sorressean: yeah that's what I want.
I see spikes. sometimes I don't get anything, then I'll get five "we noticed a transaction to a spammer" from paypal phishing
mercutio: yeah i got some bank spam once
damn i can't find it
i'm using amavis btw
with spamassassin
and pyzor
pyzor, razor, dkim, domainkeys, argh
ok maybe it is a bit complicated :)
i also have -all on my spf
which means people can't pretend to be my domain
sorressean: lol yeah. it's just hard to get right.
mercutio: it's been incremental for me
i've hosted my own mail for like 17 years
sorressean: I'd love to say the same, but I didn't start mail when I was 8.
Also I feel like mail has been incremental over the alst 17 years. you get something right, some asshole abuses it, add another layer. now it's just like dam there's 95 layers you need.
fIorz: it's not really that bad, is it?
you kinda need a spam filter, and maybe add SPF records
sorressean: I don't know. I get lots of email from princes who are going to die from cancer of the left eyeball who have 55 million dollars they would love to send to me
not bad, just takes tuning is my only point.
fIorz: I dunno, just throw spamassassin at it and train it?
I never tuned anything, just set spamassassin to learn everything it considers ham as ham, and then train it on every spam that gets through (to make it unlearn the wrong information, and learn the correct information instead)
it's not perfect, but good enough for me, very low false positive rate, and not much work to set up
(and for spam from companies that I'm a customer of (which might be difficult to filter with a spam filter), I simply give everyone an individual random localpart, so if some webshop starts spamming, I simply disable the address)
up_the_irons: JC_Denton: the Trello board is pretty new; you're encouraged to vote on features you like
JC_Denton: will do
up_the_irons: cool :)
sorressean: hrm. looks like I might need to do a total reinstall
it's ufs fault, the drives look fine. well, drive.
up_the_irons: is freebsd 10.3 in the library in ipmi? going to reinstall tomorrow I think. to bad openbsd doesn't have jails, this would be enough.
mercutio: freebsd 10.3 release for amd64 and i386 are both there
what's happened to the dat sorressean ?
***: ben1 has joined #arpnetworks
ChanServ sets mode: +o ben1
mercutio has quit IRC (Read error: Connection reset by peer)