daemontools on redhat enterprise 6.0

So, for a project I needed to get something running in order to insure memcached would keep on running. The (for me) natural choice for this was daemontools (0.76 at time of writing).

There are a couple of things you have to pay attention to, in order to get this going on RHEL 6. (and I suppose many other Linux distro’s)

Phase 1 – get the source and compile it

get the source tarball here (note: this might not be the current version anymore!) and download it to /usr/local/src

  • unpack it with tar -zvxf daemontools-0.76.tar.gz and cd into admin/daemontools-0.76.
  • edit src/conf-cc and add ‘-include /usr/include/errno.h’ at the end of the line. (anywhere is fine, really)
  • run package/install

this should give you the needed files in /command and an existing /service

Phase 2 – fixing startup

Daemontools requires a somewhat different approach to starting up then you might be used to. ( the most common way being /etc/init.d/<name>, and using chkconfig to influence when it starts). Daemontools should be started on boot, and init must be told to restart it when it dies. This ensures continued operation. The installer you ran in phase 1, took care of this by adding a line in /etc/inittab, but that’s an old method, and for the sake of continued operation (and working straight away) we’ll use the new method:

  • Remove the added line from /etc/inittab.
  • cd /etc/init
  • create a new file called svscan.conf, and put the following contents in:
start on runlevel [345]
exec /command/svscanboot

now, tell init, it should re-read it’s configuration, and then start svscanboot:

  • initctl reload-configuration
  • initctl start svscan

if you check now, you should see a happily running svscan, and daemontools is ready to kick some:

2676 ?        Ss     0:00 /bin/sh /command/svscanboot
2678 ?        S      0:00  \_ svscan /service

Enjoy! I hope this little post was helpful.

FreeBSD 7.1-RC1 Security Advisories

FreeBSD - The power to serve

One day, you’re bouncing all over the place because there’s an official 7.1-RC1, the next, there’s already two security advisories.

To sum them up:

  • protosw
    safe to ignore unless you have local users, safe to ignore if you haven’t loaded / compiled in the ng_* modules

    Index: sys/kern/uipc_domain.c
    --- sys/kern/uipc_domain.c	(revision 186366)
    +++ sys/kern/uipc_domain.c	(working copy)
    @@ -112,13 +112,18 @@
     #define DEFAULT(foo, bar)	if ((foo) == NULL)  (foo) = (bar)
     	DEFAULT(pu->pru_accept, pru_accept_notsupp);
    +	DEFAULT(pu->pru_bind, pru_bind_notsupp);
     	DEFAULT(pu->pru_connect, pru_connect_notsupp);
     	DEFAULT(pu->pru_connect2, pru_connect2_notsupp);
     	DEFAULT(pu->pru_control, pru_control_notsupp);
    +	DEFAULT(pu->pru_disconnect, pru_disconnect_notsupp);
     	DEFAULT(pu->pru_listen, pru_listen_notsupp);
    +	DEFAULT(pu->pru_peeraddr, pru_peeraddr_notsupp);
     	DEFAULT(pu->pru_rcvd, pru_rcvd_notsupp);
     	DEFAULT(pu->pru_rcvoob, pru_rcvoob_notsupp);
     	DEFAULT(pu->pru_sense, pru_sense_null);
    +	DEFAULT(pu->pru_shutdown, pru_shutdown_notsupp);
    +	DEFAULT(pu->pru_sockaddr, pru_sockaddr_notsupp);
     	DEFAULT(pu->pru_sosend, sosend_generic);
     	DEFAULT(pu->pru_soreceive, soreceive_generic);
     	DEFAULT(pu->pru_sopoll, sopoll_generic);
  • ftpd
    you can ignore it if you don’t run this ftp daemon, or if you have disabled ftp all together. Otherwise: patch it right the heck now!

    Index: libexec/ftpd/ftpcmd.y
    --- libexec/ftpd/ftpcmd.y	(revision 185134)
    +++ libexec/ftpd/ftpcmd.y	(working copy)
    @@ -1191,7 +1191,7 @@
      * getline - a hacked up version of fgets to ignore TELNET escape codes.
    -char *
     getline(char *s, int n, FILE *iop)
     	int c;
    @@ -1207,7 +1207,7 @@
     			if (ftpdebug)
     				syslog(LOG_DEBUG, "command: %s", s);
     			tmpline[0] = '\0';
    -			return(s);
    +			return(0);
     		if (c == 0)
     			tmpline[0] = '\0';
    @@ -1244,13 +1244,24 @@
     		*cs++ = c;
    -		if (--n <= 0 || c == '\n')
    +		if (--n <= 0) {
    +			/*
    +			 * If command doesn't fit into buffer, discard the
    +			 * rest of the command and indicate truncation.
    +			 * This prevents the command to be split up into
    +			 * multiple commands.
    +			 */
    +			while (c != '\n' && (c = getc(iop)) != EOF)
    +				;
    +			return (-2);
    +		}
    +		if (c == '\n')
     	sigprocmask(SIG_SETMASK, &osset, NULL);
     	if (c == EOF && cs == s)
    -		return (NULL);
    +		return (-1);
     	*cs++ = '\0';
     	if (ftpdebug) {
     		if (!guest && strncasecmp("pass ", s, 5) == 0) {
    @@ -1270,7 +1281,7 @@
     			syslog(LOG_DEBUG, "command: %.*s", len, s);
    -	return (s);
    +	return (0);
     static void
    @@ -1300,9 +1311,14 @@
     		case CMD:
     			(void) signal(SIGALRM, toolong);
     			(void) alarm(timeout);
    -			if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
    +			n = getline(cbuf, sizeof(cbuf)-1, stdin);
    +			if (n == -1) {
     				reply(221, "You could at least say goodbye.");
    +			} else if (n == -2) {
    +				reply(500, "Command too long.");
    +				(void) alarm(0);
    +				continue;
     			(void) alarm(0);
     #ifdef SETPROCTITLE
    Index: libexec/ftpd/extern.h
    --- libexec/ftpd/extern.h	(revision 185134)
    +++ libexec/ftpd/extern.h	(working copy)
    @@ -46,7 +46,7 @@
     void    ftpd_logwtmp(char *, char *, struct sockaddr *addr);
     int	ftpd_pclose(FILE *);
     FILE   *ftpd_popen(char *, char *);
    -char   *getline(char *, int, FILE *);
    +int	getline(char *, int, FILE *);
     void	lreply(int, const char *, ...) __printflike(2, 3);
     void	makedir(char *);
     void	nack(char *);
    Index: libexec/ftpd/ftpd.c
    --- libexec/ftpd/ftpd.c	(revision 185134)
    +++ libexec/ftpd/ftpd.c	(working copy)
    @@ -2794,15 +2794,20 @@
     	char *cp;
    +	int ret;
     	if (!transflag) {
     		syslog(LOG_ERR, "Internal: myoob() while no transfer");
     		return (0);
     	cp = tmpline;
    -	if (getline(cp, 7, stdin) == NULL) {
    +	ret = getline(cp, 7, stdin);
    +	if (ret == -1) {
     		reply(221, "You could at least say goodbye.");
    +	} else if (ret == -2) {
    +		/* Ignore truncated command. */
    +		return (0);
     	if (strcmp(cp, "ABOR\r\n") == 0) {

I noticed that the -RC2 branch is in place too now. Almost there…. must … be … patient …


And FreeBSD 7.1-RC1 official

FreeBSD - The power to server

You got to love the way they write the release announcements:

“Gee. Did we really implement that new interface that way? That needs a bit more work.”

So,  it’s now the last few legs of the release cycle, and I’m looking forward to it.

DO read the release announcement or /usr/src/UPDATING, specialy if you currently have a system that uses the em(4) driver (Intel E1000 NIC), it might change with this release, to igb(4).


December 22, 2008Permalink 1 Comment

gearing up for FreeBSD 7.1

We’re only a little bit removed from the next major FreeBSD release. The branch has been tagged, and the ports-tree is (thank God!) unfrozen once again. The first Release Candidate has hit the FTP servers.

I’ve been running -PRERELEASE for a while now, and haven’t found any problems so far, not on real-steal hardware, nor on vmware virtualized hardware.


Windows market share drops below 90%

Some historical firsts are quite newsworthy.

Net Applications reports that for the first time ever, Windows market share has dropped below 90%.  According to sources, this is mainly because Mac OS X is grabbing a stronger footing in the global OS market with 8.87% share. Linux, the iPhone and the PS3 gain a bit too, while FreeBSD looses 0.01%.

Now mind you, these are digits from consumers visiting sites, there could be much more market share for Linux and FreeBSD, because there are many servers running those operating systems, and servers don’t tend to visit websites all that much. The same, off course, can be said for windows servers.

This is significant, Windows has always been the dominant party in the desktop user market, and seemingly, this is changing. This whole year, Windows has pretty much shown a slow but sure decent, with as much as 91.64% market share in April of this year down to less then 90% today.

Why is this important? Well, Microsoft has been under fire for years on end now, allegations and convictions for unfair business tactics and anti-competitive behavior have cost them billions in legal fees, fines and penalties. This is sure to spark a change within the ranks of Microsoft, where the old walls get broken down, and a new flag of cooperation is to be seen on the Redmond flagpole. Perhaps not so much because the end user is aware of the bad things Microsoft has been doing, but more because other vendors (like Apple) offer  better user experience on the desktop. Even the 0.83% share for Linux can be seen as truth to that statement, with the rise of user friendly distributions like the many Ubuntu versions.

Another important factor is the fact that many businesses are adopting an anti-vendor-lock in policy, where they do not wish to be dependent on just one software vendor and their course.

Another key factor is the ‘Vista factor’. Enthusiasm from many people not withstanding, a lot of people have even been heard making the dreaded ‘ME’ comparison earlier. Quite a few of the kinks have been worked out since that initial release, but consumers have long memories, and businesses do not like the heavy hardware requirements Vista has.

I’m not quite opening the champagne bottle just yet, but I am getting rather optimistic about the downward trend for windows. It should spark inovation in the offices of Microsoft, and inovation is the key to all progress.


FreeBSD portupgrade / portversion dumps core

First of all: do not panic

Second: get some coffee

Finaly: rm /var/db/pkg/pkgdb.db

I think this comes from upgrading portupgrade somewhere along the line, and accidentaly switching between database formats (hash, or bdb4 btree). The strangest thing is that I’ve searched high and low with Google, but no results anywhere. (not even any of the FreeBSD maillinglists). So it took me a little while to figure out this one.

HP has clue, but not quite enough (yet)

I like HP servers. True enough, I like Supermicro better, but big companies tend not to like Supermicro due to the fact you have to assemble them yourself, and there’s no real support / SLA agreement possible with them (for now – I hear it’s in the works). Most people in the ISP world know however, that Supermicro is extremely reliable stuff, and priced extremely nicely.

Anyhow, I’m stuck with HP, which is not a bad platform to get stuck with to begin with. FreeBSD runs beautifully on it, but then you have to do without the insight manager agents, the same deal applies when you run Ubuntu. Centos 4 and 5 are a breeze, just edit /etc/redhat-release so it reflects a RedHat version of Enterprise Server, and install the software like you normaly do.

One thing I seriously dislike however, is that when I run Ubuntu or FreeBSD on a HP box, my monitoring capabilities drop to almost zero. With RedHat or Centos I can monitor through the insight manager agents (who hook into SNMP), and use the nagios check_compaq_insight.pl, and as soon as something breaks: I get paged. With FreeBSD (and ubuntu) that seems completely impossible. My last attempt on an Ubuntu box to install those agents resulted in some very serious library problems, because the installer auto-installed some distro-specific rpm’s. That showed me who’s boss. (not!).

Anyhow, during my daily stroll at the Nagios Exchange I noticed a plugin that I hadn’t noticed before: check_ilo2_health. This is a great little plugin written in Perl. Instead of the old: talk to snmpd approach, this little bugger talks directly to the ilo2 interface (ilo/il01 won’t work), and more specifically: it’s XML interface.

wait. did you say XML interface?

Yup, the ILO2 sports a nice new XML interface, with which you can communicate. HP even provides a bunch of examples on how to talk shop with it. Nice hey?

Now I thought, did HP actually put everything you can monitor with the insight agents into the ILO2 and make it accessible with XML?

Unfortunatly: no. (yes, that was quite disappointing).

You can get quite a bit of useful information through the XML interface, including the speed of the fans, temperature readings from all the internal sensors. You can even configure a lot of things, like users and IP settings through it. You can even upgrade the ILO2 firmware through the XML interface. But nothing on RAID status, rebuild status, etc. I tried this against a brand spanking new DL380 G5, so if it doesn’t work there, it won’t work anywhere.

If anyone at HP reads this: please extend the ILO2 so everything is accessible through it’s XML interface. That saves us a lot of trouble of trying to get those agents installed on other operating systems. FreeBSD is too good an OS to ignore, even for an OEM as big as you. (and you don’t, judging from this news-snippet (PDF)). So either open up the XML interface more, or provide us with insight manager agents for FreeBSD. (I would be more then happy to help with testing).