Skip to the end of this post for the lesson part of this blog post. This email arrived in my inbox yesterday at about 10:00 PM: This is the backup script for my database dumps on my server at home. I immediately recognized it as the follow-on from a table I had just added. It was late, I was headed to bed. I forgot about it. Until this morning. This morning This morning, […]
I’ve been working on this for a while. [23:18 r730-01 dvl ~] % pkg audit curl-8.4.0 is vulnerable: curl — SOCKS5 heap buffer overflow CVE: CVE-2023-38545 WWW: https://vuxml.FreeBSD.org/freebsd/d6c19e8c-6806-11ee-9464-b42e991fc52e.html 1 problem(s) in 1 installed package(s) found. [23:18 r730-01 dvl ~] % The original vuxml entry got it wrong. This problem was fixed in 8.4.0 A subsequent commit fixed that. So why am I still having this problem 48 hours later? mtime. This Mastodon thread
Got a pkg vuln you can’t get rid of? Read More »
Today, while mucking about with a new cronjob and log file for acme.sh, I stumbled across these error messages: Why was I stumbling around? This email arrived after the daily cert renewal: Three skips. Three error messages. Let’s look at that file: [18:37 certs dan ~] % sudo ls -l /var/db/acme/certs.int.unixathome.org.key -rw-r—– 1 root acme 116 Oct 6 20:21 /var/db/acme/certs.int.unixathome.org.key That should be readable. I checked some ZFS snapshots from earlier this week.
acm.esh key ’/var/db/acme/certs.int.unixathome.org.key’ is unreadable Read More »
On Wednesday Oct 6th, I was greeted by these log messages: This is the output from the cronjob run by the acme user in my jail called certs. This is the daily run to renew any certificates which are soon to expire. This is the job in question: [19:36 certs dan ~] % sudo crontab -l -u acme 44 16 * * * /usr/local/sbin/acme.sh –cron –home /var/db/acme/.acme.sh > /dev/null [19:44 certs dan ~]
Use of K* file pairs for HMAC is deprecated – acme.sh Read More »
I recently moved a Time Capsule instance from a FreeBSD host into a jail. Today, I’m going to create a new Time Capsule which uses Samba instead of AFP. Why? Samba seems to be the preferred solution because AFP has been deprecated. It still works, but let’s go Samba. Not covered in this post, but recommended: snapshot your datasets on a regular basis. I like using sanoid for that. That way, if your
Creating a Time Capsule instance using Samba, FreeBSD, and ZFS Read More »
This approach did not work, because I used the wrong set of filesystems. See below for Error. This post has been replaced by Jails with embedded, but not jailed, ZFS datasets – how to mount/umount – corrected. NOTE: on yesterday’s (2023-10-04) reboot, the file systems did not properly mount. zfs get mounted said they were mounted, but the directories were empty. Stopping, then starting the jail resulted in a proper mount. I wonder
Jails with embedded, but not jailed, ZFS datasets – how to mount/umount Read More »
Can I really swap CPU and RAM between my Dell R730 servers? I wrote about that recently. Sure. It might just work. First, let’s look at the service tags and find out. I have four Dell R730 servers in the basement: r730-01 – main development server – contains 2x E5-2650L v3 : add some RAM from r730-04 and swap in the CPUs (E5-2699V3) from r730-02 – 9ZJ1282 – 591-BBCH : PowerEdge R730/R730xd Motherboard
Can I really swap CPU and RAM between my Dell R730 servers? Read More »
I have Macbooks at home I use them. I use Time Capsule on ZFS on FreeBSD to back them up. In this post: FreeBSD 13.2 OSX Ventura 13.6 I first implemented this directly on the FreeBSD host. Today, I am moving that service into a jail. This post will roughly outline the changes I made to accomplish this move. It won’t go into the details of how to set up Time Capsule. See
Moving time capsule from host to jail and connecting my MacBook to ZFS on FreeBSD Read More »
I have four Dell R730 servers in the basement: r730-01 – main development server r730-02 – unused r730-03 – main storage server r730-04 – unused So what’s on each one? If you look at each of the links, you’ll find this information on CPU and RAM. The information is collected from /var/run/dmesg.boot, but not presented as a direct copy/paste. It has been rearranged for ease of reading. r730-01 This host is used for
Why didn’t I choose the bigger CPUs? Read More »
This post has been replaced by a newer one. For reference, the previous post on this server is still available. Today I noticed this post is out of date. I like to keep this information around for each host, just in case it’s needed during a rescue mission. This is my primary developer server in my basement. gpart zpool list zpool status zfs list dmesg sesutil show jls