***: dj_goku has quit IRC (Changing host)
dj_goku has joined #arpnetworks
mkb has quit IRC (Quit: leaving)
mkb_ has joined #arpnetworks
mkb_ is now known as mkb RandalSchwartz: great success by doing nothing. :)
good thing I finally had my private key sorressean: great success by doing nothing? you should write a book.
I guess reading that book would imply doing something to achieve great success, so... RandalSchwartz: heh ***: sorressean has quit IRC (Remote host closed the connection)
sorressean has joined #arpnetworks sorressean: up_the_irons: you around by chance? up_the_irons: indeed sorressean: wow. does anyone actually have a "monumental"? up_the_irons: sorressean: mercutio : is it at the login prompt?
sorressean: mercutio | but the gist is it's in single user mode
and
sorressean: mercutio | and has some directory number not found mercutio: then "Unknown error: help!" up_the_irons: sorressean: people do have Monumental's sorressean: ouch. okay. mercutio: hmm that could be bad /etc/fstab sorressean: Is there any way to get an IPMI console in text or something or am I stuck with vnc? mercutio: nope fstab looks fine up_the_irons: sorressean: have you configured your OS to output to the serial port? sorressean: I have not. mercutio: umm yeah there is a way, but it involves changing some stuff in the freebsd loader iirc up_the_irons: b/c then you could get a text-based console with ipmitool mercutio: it looks like it's pretty simple sorressean: up_the_irons: I'll send a csr from littlefieldt@wit.edu, I can bribe more eyeballs with beer if you wouldn't mind signing and I can IPMI in with his help.
Yeah probably isn't hard, I just have no way of doing that/seeing the error currently. mercutio: yeah i mean to enable it up_the_irons: sorressean: I'll sign the CSR as soon as I get it mercutio: as long as ipmi is on com1 up_the_irons: I think it's simply: echo 'console="comconsole"' >> /boot/loader.conf mercutio: yeah, if it's on com1 sorressean: oh that would be easy. up_the_irons: mercutio: yeah mercutio: i think it's on com2
wtf
using a port other than com2 requires recompiling sorressean: up_the_irons: sent mercutio: i suspect that in bios can disable hardware com1
or set it to com2, then have ipmi set to com1 sorressean: up_the_irons: mercutio : thanks a lot for the help, really appreciate it. was hoping it was something simple.
up_the_irons: also your arpnetworks.com is incredibly hard to read with a screen reader.
not that it matters, but I like to point people at arpnetworks when I get the chance. :p
mercutio: probably going to be a weekend project to figure that out, or at least a couple hours. up_the_irons: mercutio: Yeah in the BIOS i think you can set the port number for virtual serial
sorressean: Sorry it's hard to read, I never knew that mercutio: shall i reboot and go into bios and try to setup serial port sorressean: up_the_irons: I didn't think you did, I can send a list of stuff that might help this weekend if that helps. I didn't need anything from it, I was just looking at it and seen it had changed.
mercutio: if you wouldn't mind I'd appreciate it. then I only need to echo that line into loader.conf up_the_irons: sorressean: yeah that'd be great mercutio: for some erason my java froze now sorressean: the reason is java up_the_irons: hahaha
mercutio: I actually connected to serial with ipmitool, maybe that did something. I've quit now. mercutio: who knows
it's still not working for input
but i see ltters that werne't there before
oh si saw a space just now
i wonder if i go in with ipmitool sol it'll let me type up_the_irons: I didn't get any output with ipmitool mercutio: did you type anything into it? up_the_irons: yeah probalby "lkajdsf" mercutio: it's changed again wtf
i se aasdas up_the_irons: might have been me, but i've disconnected mercutio: yeah and i hadn't typed anything i was trying to do the serial
and it changed :)
woot it's working again up_the_irons: i'm not going to guess what's causing that
;)
I just created: https://trello.com/c/iThnvyyo/29-arp-metal-connect-serial-port-of-a-server-to-console-cust-for-easy-console-access mercutio: the sol is enabled for bios
but the keyboard stopped working again up_the_irons: sorressean: ^ vote if that is something you'd like to see ;)
mercutio: maybe your VPN is going in/out ? (Happens when you're connected from a different computer) sorressean: up_the_irons: will do. that would be useful. mercutio: the time is updating
and that's working continuously up_the_irons: ah OK
mercutio: there's an option in the web UI to reset video/keyboard. That usually "un-sticks" it. sorressean: up_the_irons: I didn't get a support response (there's usually automated isn't there)? my school can never manage to get email right, so it could be something else. mercutio: the macro ctrl-alt-delete worked though
i'm not sure what's with it
i can press del to get into bios
then can't move in bios up_the_irons: sorressean: I haven't received anything yet
mercutio: does the virtual keyboard work? I wonder if arrow keys are somehow not mapping right mercutio: yaeh just trying that
escape should still work to exit though? up_the_irons: yes mercutio: i've tried many keys
it's most bizzare sorressean: resent in case that matters.
I hope it does because my other email addresses are tied up on the down box up_the_irons: sorressean: nothing yet. you could just copy & paste the CSR into a private gist sorressean: up_the_irons: doing that now mercutio: it seems it's not easy to change serial port
it may be possible to run manual getty once booted sorressean: mercutio: if it's a lot of trouble I don't mind recompiling once I get things up and running.
oh I didn't think about doing getty mercutio: yeah that was mostly about getting you up and running :)
getty -h runs a getty locally :) up_the_irons: mercutio: there's also "/usr/libexec/getty std.9600 ttyu0"
mercutio: that's how you put it on the serial port mercutio: ok cool up_the_irons: might need to change speed and/or port (u0, u1, ...) mercutio: yeah it's u2 i think up_the_irons: OK mercutio: hmm that's not working up_the_irons: is it in single-user mode still? mercutio: yeh
but a getty should still work
could just fsck it manually up_the_irons: thought gettys didn't work in single user mode... mercutio: that's why i'm starting it manually sorressean: mercutio: if you don't mind doing that, I'm cool with whatever works. up_the_irons: mercutio: sorressean has a new VPN cert. You could let him have serial control now. mercutio: serial's not showing anything once it loads freebsd is the issue
it shows the freebsd loader... up_the_irons: aah ok mercutio: that's why was trying to get a getty up_the_irons: so you're still doing it over Java mercutio: yeah up_the_irons: OK mercutio: well both are open up_the_irons: roger that mercutio: uhh
i think i got it but i have black on black text? :)
yeah restart ipmitool and it's there
ok i have /usr/libexec/getty std.115200 cuau2 &
but it needs l/p, so sorressean can test it out
so serial is all yours sorressean. do you know how to use ipmitool? BryceBot: That's what she said!! sorressean: mercutio: was just reading manpage/getting everything going. mercutio: ipmitool -I lanplus -H <ip> -U <username> -P <password> sol activate sorressean: Oh. sweet, thanks mercutio: while vpn is connected.
brb sorressean: got it. thanks a lot, really appreciate it. getting everything set up and I'll connect. does that persist over a reboot? up_the_irons: i just connected, got a getty! sorressean: sweet. thanks!
I screwed up and overwrote the CA. Is that publically available? mercutio: it won't persist over reboot with the manual getty up_the_irons: sorressean: you mean ARP_Networks_Server_CA.crt ? mercutio: oh wow
i think i found a better solution sorressean: up_the_irons: yeah. mercutio: apparently you can set the comconsole port now
but the freebsd thing i was reading didn't mention that up_the_irons: o'rly? mercutio: http://serverfault.com/questions/574351/serial-over-lan-on-freebsd-10-0-with-supermicro-x9-scm-f up_the_irons: touche
sorressean: I added it to your gist sorressean: up_the_irons: heh, thanks. appreciate it up_the_irons: mercutio: oh damn, there's "comconsole_port" mercutio: Despite what the FreeBSD handbook seems to say, you should not need to compile a custom kernel.
yeah up_the_irons: mercutio: that's a great answer that guy gave
great find!! mercutio: i'm too used to openbsd's docs that actually are authorative up_the_irons: haha yeah sorressean: mercutio: that's bad ass, thanks
also openbsd is to cool for me. up_the_irons: openbsd has the best serial port support on the planet mercutio: are you set sorressean ? sorressean: mercutio: I believe so, yes. thanks again, I really appreciate the help... and I owe you a beer if you ever end up in boston. :p up_the_irons: mercutio: thanks!! sorressean: up_the_irons: is there a separate openvpn password from that of key? up_the_irons: sorressean: no sorressean: that's odd. I can use openssl openssl rsa -in mycert-arpnetworks.key -check and decrypt the key fine, but can not authenticate to vpn. up_the_irons: sorressean: let me check
sorressean: try again, I think it was an issue with the CN (was different than your last cert) sorressean: up_the_irons: trying again. sorry, smoke alarms started going off.
had to afk a sec. haha up_the_irons: I'm going to be relocating soon myself; driving home sorressean: up_the_irons: sorry for the confusion, we're good to go.
thanks again for the help! up_the_irons: sorressean: OK so all good? sorressean: up_the_irons: yeah. good to go. up_the_irons: ok great! sorressean: thanks!
mercutio: I have ipmitool -I lanplus -H ... -P ... -U ... sol (I can't scroll far enough to see your command). Is that what you were using?
I'm used to my server having irclogs and it saves me from scrollback mercutio: activate at the end sorressean: oh gotcha. thanks mercutio: did you get in ok sorressean ? JC_Denton: didn't realize arp had a trello
i like the block storage idea mercutio: it's recent sorressean: mercutio: sorry, was afw figuring stuff out. yeah, got everything booted back up. I thinki my drive is going bad. mercutio: smartctl it sorressean: yeah. that's my second goal
there was a clean boot, so nothing to make fs break but fsck had a really hard time recovering mercutio: freebsd's ufs isn't actually very good for data integrity sorressean: been thinking of switching email to googl eapps though so I don't have to manage it, so a rebuild would be pretty quick and easy mercutio: i reckon zfs is better sorressean: mercutio: journaling was enabled
Yeah. it probably is mercutio: i went off freebsd originally due to data corruption :)
it's how i ended up with openbsd
'cos when i was new apparently freebsd was better for desktops sorressean: I've been considering openbsd, but I love jails and the reinventing the wheel for funzies doesn't seem all that great to me.
opensmtpd openhttpd for example mercutio: yeah jails is kind of nifty feature to have
i dunno i always used postfix with openbsd :)
i'm not even sure what freebsd uses by default sorressean: sendmail :(
postfix isn't hard to set up, but tuning it for spam is really really hard. mercutio: it is? BryceBot: That's what she said!! sorressean: I've got clamav plus spamassassin plus postfix and ack. mercutio: you can kill a lot with spamhaus rbl sorressean: I don't know, never really managed to find the happy medium to block out all the phishing emails and allow good stuff.
yeah, that gets blocked at the edge. mercutio: my e-mail /was/ pretty good
recently it's been getting wors e:)
very low false positive though
which is what's important to me :)
i had a spam somewhere, now i can't find it. maybe it is pretty good :) sorressean: yeah that's what I want.
I see spikes. sometimes I don't get anything, then I'll get five "we noticed a transaction to a spammer" from paypal phishing mercutio: yeah i got some bank spam once
damn i can't find it
i'm using amavis btw
with spamassassin
and pyzor
pyzor, razor, dkim, domainkeys, argh
ok maybe it is a bit complicated :)
i also have -all on my spf
which means people can't pretend to be my domain sorressean: lol yeah. it's just hard to get right. mercutio: it's been incremental for me
i've hosted my own mail for like 17 years sorressean: I'd love to say the same, but I didn't start mail when I was 8.
Also I feel like mail has been incremental over the alst 17 years. you get something right, some asshole abuses it, add another layer. now it's just like dam there's 95 layers you need. fIorz: it's not really that bad, is it?
you kinda need a spam filter, and maybe add SPF records sorressean: I don't know. I get lots of email from princes who are going to die from cancer of the left eyeball who have 55 million dollars they would love to send to me
not bad, just takes tuning is my only point. fIorz: I dunno, just throw spamassassin at it and train it?
I never tuned anything, just set spamassassin to learn everything it considers ham as ham, and then train it on every spam that gets through (to make it unlearn the wrong information, and learn the correct information instead)
it's not perfect, but good enough for me, very low false positive rate, and not much work to set up
(and for spam from companies that I'm a customer of (which might be difficult to filter with a spam filter), I simply give everyone an individual random localpart, so if some webshop starts spamming, I simply disable the address) up_the_irons: JC_Denton: the Trello board is pretty new; you're encouraged to vote on features you like JC_Denton: will do up_the_irons: cool :) sorressean: hrm. looks like I might need to do a total reinstall
it's ufs fault, the drives look fine. well, drive.
up_the_irons: is freebsd 10.3 in the library in ipmi? going to reinstall tomorrow I think. to bad openbsd doesn't have jails, this would be enough. mercutio: freebsd 10.3 release for amd64 and i386 are both there
what's happened to the dat sorressean ? ***: ben1 has joined #arpnetworks
ChanServ sets mode: +o ben1
mercutio has quit IRC (Read error: Connection reset by peer)