See also OpenVPN: unsupported certificate purpose. NOTES NOTE: When using ssl-admin for Bacula: use option 4 (Perform a one-step request/sign) for clients (bacula-fd) use option S (Create new Signed Server certificate) for servers (bacula-sd and bacula-dir) I know these things, but I repeatedly go to option 4 and forget…. Original post follows Sometimes I forget […]
SSL client vs server certificates and bacula-fd Read More »
Today I found out about a vuln in net/py-urllib3. Nagios told me: Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Tue Nov 26 18:23:32 UTC 2019 py36-urllib3-1.22,1 I logged into that host and ran a pkg upgrade py36-urllib3. What other hosts have that installed? There. That’s the hosts I have
Which hosts have this vuln package installed? SamDrucker knows. Read More »
Today this Nagios alert showed up: I admit it. I have not patched my micro code before. I’m doing it only because it turned up in Nagios. Browsing to that URL, I found “Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).”.
patching your Intel CPU Microcode using FreeBSD ports Read More »
This post has been replaced by a newer post. For future reference, this is the knew server … oh wait, I think it’s this server which is was mounted in the 4U chassis mentioned in this post. It runs a few jails, including Bacula regression testing services. It is now mounted in a SuperChassis 846E16-R1200B
I rebooted knew yesterday for upgrades. When it came back, the main storage zpool was degraded: Is the drive alive? The drive is not listed at all in /var/run/dmesg.boot. I keep a list of the expected drives in /etc/periodic.conf, for use by a Nagios check: [dan@knew:~] $ /usr/sbin/sysrc -nf /etc/periodic.conf daily_status_smart_devices /dev/da22 /dev/da21 /dev/da20 /dev/da19
zpool degraded – one drive missing from system Read More »
When the time comes to replace a drive, it is very nice to know which drives is missing. I created this drive map to help me figure out which drive disappeared. I created this drive-bay map using a combination of: zpool status sesutil map lsblk camcontrol /var/run/dmesg.boot I have not included /var/run/dmesg.boot here. If you
Creating a drive-bay map Read More »
I’m going to implement zfstools on all my ZFS-based hosts today. I first started using this tool in July 2019. In this post: FreeBSD 12.0 and 12.1 zfstools 0.3.6_1 sanoid-2.0.1_2 Local snapshots only I will be using zfstool only for creating local snapshots. If I wanted snapshots for sending to other hosts, I would probably
zfstools & sanoid – snapshots on the local host Read More »
I recently migrated a bunch of jails from one server to another. Today I attached the Dell TL4000 tape library. A jail on this server copied Bacula backups from disk to tape. In this post: FreeBSD 12.0 Bacula 9.4.3 Dell R720 Investigation As anticipated, I needed to update the server configuration to cope with changed
Migrating a Dell TL4000 to a new FreeBSD server and attaching it to a jail Read More »
I’ve been getting these messages in /var/log/messages on slocum for as long as I can remember. Today I found out why those errors are occurring. They are logged on the FreeBSD jail host for a Nagios instance I run. Nagios runs in a jail on that host. I’ve just been ignoring the messages, but today
Oct 4 09:01:24 slocum kernel: pid 1409 (check_bacula), uid 181: exited on signal 11 Read More »
I noticed this the other day, and thought it was interesting. When the jailed property is set on a ZFS fileset, it affects the mountpoint within the jail. If your jail uses allow.mount.zfs (known as allow_mount_zfs when using iocage), the mountpoints become relative to the jail. For example, in my poudriere jail, this is what
How allow.mount.zfs affects mountpoints for ZFS Read More »