Migrating FreshPorts from one db server to another

Leave a Comment / FreeBSD, FreshPorts, iocage, Jails, Open Source / By /

FreshPorts runs on a FreeBSD server which hosts multiple jails. Two of these jails run PostgreSQL server. When upgrading from one version of PostgreSQL to another, we run pg_dump in the new jail, and load the backup into that database server. I’m writing this blog post to keep track of this procedure so I do not have to remember it each time. take website offline sudo mv mv offline.conf.disabled offline.conf && \ sudo […]

Migrating FreshPorts from one db server to another Read More »

pkg: vulnxml parsing error: no element found

Leave a Comment / FreeBSD, Open Source / By /

Today I found this annoying situation on FreeBSD 12.1 in a FreeBSD 12.0 jail (neither of which are directly relevant to the problem at hand). [dan@serpico:~] $ sudo pkg audit -F vulnxml file up-to-date pkg: vulnxml parsing error: no element found pkg: cannot process vulnxml After a bit if thinking, I figured the vulnxml file was corrupt. I guessed it might be in /var/db/pkg: [dan@serpico:/var/db/pkg] $ ls -l total 5226 -rw-r–r– 1 root

pkg: vulnxml parsing error: no element found Read More »

Archives are important to retain and pass on knowledge

Leave a Comment / General / By /

Archives are important. When they are public and available for searching, it retains and passes on knowledge. It saves vast amounts of time. Case in point I started the copy-backups-to-tape process today. This appeared on the tape server: Jan 7 19:12:08 r720-01 kernel: (sa0:mps0:0:5:0): 64512-byte tape record bigger than supplied buffer Damn. Do I have a tape problem? Search results When searching for this, I found this FreeBSD Forums post from 2016 where

Archives are important to retain and pass on knowledge Read More »

tape01

Leave a Comment / hardware / By /

This is a small desktop / short tower case which is connected to a couple of tape libraries. This post replaces a previous post. Partitions [dan@tape01:~] $ gpart show => 40 5860533088 ada0 GPT (2.7T) 40 1024 1 freebsd-boot (512K) 1064 984 – free – (492K) 2048 4194304 2 freebsd-swap (2.0G) 4196352 5856335872 3 freebsd-zfs (2.7T) 5860532224 904 – free – (452K) => 40 5860533088 ada1 GPT (2.7T) 40 1024 1 freebsd-boot (512K)

tape01 Read More »

Listen queue overflow

Leave a Comment / Network monitoring, Networks / By /

The R720 is showing a message like this from time to time: Jan 1 07:42:20 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (1 occurrences) Jan 1 08:02:21 r720-01 syslogd: last message repeated 1 times Jan 1 08:27:22 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already in queue awaiting acceptance (2 occurrences) Jan 1 16:07:04 r720-01 kernel: sonewconn: pcb 0xfffff835e785d5b8: Listen queue overflow: 8 already

Listen queue overflow Read More »

SSL client vs server certificates and bacula-fd

Leave a Comment / OpenSSL / By /

See also OpenVPN: unsupported certificate purpose. NOTES NOTE: When using ssl-admin for Bacula: use option 4 (Perform a one-step request/sign) for clients (bacula-fd) use option S (Create new Signed Server certificate) for servers (bacula-sd and bacula-dir) I know these things, but I repeatedly go to option 4 and forget…. Original post follows Sometimes I forget about TLS / SSL / x509 certificates being available in both server and client versions, particularly when it

SSL client vs server certificates and bacula-fd Read More »

Which hosts have this vuln package installed? SamDrucker knows.

Leave a Comment / FreeBSD, Open Source, Security / By /

Today I found out about a vuln in net/py-urllib3. Nagios told me: Checking for security vulnerabilities in base (userland & kernel): Host system: Database fetched: Tue Nov 26 18:23:32 UTC 2019 py36-urllib3-1.22,1 I logged into that host and ran a pkg upgrade py36-urllib3. What other hosts have that installed? There. That’s the hosts I have to update. How about a list for csshX? Ideally, I’d like to take the query output, and construct

Which hosts have this vuln package installed? SamDrucker knows. Read More »

patching your Intel CPU Microcode using FreeBSD ports

Leave a Comment / FreeBSD / By /

Today this Nagios alert showed up: I admit it. I have not patched my micro code before. I’m doing it only because it turned up in Nagios. Browsing to that URL, I found “Starting with version 1.26, the devcpu-data port/package includes updates and mitigations for the following technical and security advisories (depending on CPU model).”. Looking on FreshPorts, I found that port. I built it. I installed it on all hosts. I followed

patching your Intel CPU Microcode using FreeBSD ports Read More »

Reviewing /var/log/pflog contents

Leave a Comment / DNS, named, pf / By /

I use pf as my packet filter. Everything blocked gets logged to /var/log/pflog.conf Late last week, I noticed my rules were allowing everything in on one interface. I changed that. Overnight I see that my Let’s Encrypt certificate renewals failed. Nagios also tells me that the DNS servers are not in sync. I suspect firewall rules. Reviewing pflog It is because I use: block log all in /etc/pf.conf pflog_enable=”YES” in /etc/rc.conf that I

Reviewing /var/log/pflog contents Read More »

knew

Leave a Comment / Disks, FreeBSD, hardware, Open Source, ZFS / By /

This post has been replaced by a newer post. For future reference, this is the knew server … oh wait, I think it’s this server which is was mounted in the 4U chassis mentioned in this post. It runs a few jails, including Bacula regression testing services. It is now mounted in a SuperChassis 846E16-R1200B This is the previous post for this system configuration. Photos of the assembly. File systems Paritions zpools Those

knew Read More »

Scroll to Top