The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in […]
Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it comes to private certificate authorities. I use the security/ssl-admin port for that. Today in particular, I spent about 2 hours trying to debug issues while adding TLS to existing Bacula clients. I was getting […]
Today I found out about a vuln in net/py-urllib3. Nagios told me: Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Tue Nov 26 18:23:32 UTC 2019 py36-urllib3-1.22,1 I logged into that host and ran a pkg upgrade py36-urllib3. What other hosts have that installed? There. That’s the hosts I have […]
Today this Nagios alert showed up: I admit it. I have not patched my micro code before. I’m doing it only because it turned up in Nagios. Browsing to that URL, I found “Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).”. […]
I use pf as my packet filter. Everything blocked gets logged to /var/log/pflog.conf Late last week, I noticed my rules were allowing everything in on one interface. I changed that. Overnight I see that my Let’s Encrypt certificate renewals failed. Nagios also tells me that the DNS servers are not in sync. I suspect firewall […]
For future reference, this is the knew server … oh wait, I think it’s this server which is was mounted in the 4U chassis mentioned in this post. It runs a few jails, including Bacula regression testing services. It is now mounted in a SuperChassis 846E16-R1200B This recent post outlines the modifications so it boots […]
I rebooted knew yesterday for upgrades. When it came back, the main storage zpool was degraded: Is the drive alive? The drive is not listed at all in /var/run/dmesg.boot. I keep a list of the expected drives in /etc/periodic.conf, for use by a Nagios check: [dan@knew:~] $ /usr/sbin/sysrc -nf /etc/periodic.conf daily_status_smart_devices /dev/da22 /dev/da21 /dev/da20 /dev/da19 […]
When the time comes to replace a drive, it is very nice to know which drives is missing. I created this drive map to help me figure out which drive disappeared. I created this drive-bay map using a combination of: zpool status sesutil map lsblk camcontrol /var/run/dmesg.boot I have not included /var/run/dmesg.boot here. If you […]
For reference, the previous post on this server is still available. This server was upgraded on Feb 2 2019. Only the storage persisted. Everything else was upgraded. The hardware M/B – Supermicro X9DRE-TF+ RAM – 128GB composed of 8x 16GB DDR3 1600Mhz 21300 ECC/REG CPU – 2x E5-2620v2 – Intel Six Core 2.10Ghz Xeon 15MB […]
I’m going to implement zfstools on all my ZFS-based hosts today. I first started using this tool in July 2019. In this post: FreeBSD 12.0 and 12.1 zfstools 0.3.6_1 sanoid-2.0.1_2 Local snapshots only I will be using zfstool only for creating local snapshots. If I wanted snapshots for sending to other hosts, I would probably […]