Upgrading the port was no problem....but it broke my cfengine. Why? The port puts the cfengine binaries in
/usr/local/sbin, while the cfengine practice is that it has a private copy in
/var/cfengine/bin. Which would be fine if the binaries didn't have shared library dependencies. Which they do, specifically libpromises.so.1 which is gone in cfengine-3.5.0...there's a libpromises.so.3.
Though before I discovered this problem, I first wanted to make some tweaks to update.cf so that I would have some indication that it had copied up new binaries from
/var/cfengine/bin, since I noticed that files there newer than expected. Though I probably just rebuilt the same version port because a dependency had updated and
/usr/ports/UPDATING indicated that I need to do that.
This probably is why at work, the person that setup our cfengine 2 went to extreme effort to create static cfengine executables...ignoring that such things are officially not supported on Solaris. Though we seemed to get away with running those executables, built on a Sol10u3 sun4u system...on systems more current up to Sol10u11, and a few Sol11 systems and systems that are sun4v architecture.
In a past life...we had run into a statically built executable (the installer) not working on our first UltraSPARC-III system (Sun v280r)...trying to recall what our build machine was back then.... my recollection says we only had the SPARCserver 20 and SPARCstation 10, before that. Though as I recall, we had to wait for a patch from Sun as well as rebuild the executable shared on the SPARCserver 20...to have it work. It wasn't long after that though that we retired support for sun4m, changing minimum requirements. Wonder if the application has become 64-bit yet? But, for ABI backwards compatibility claim to work, the executable needs to be built shared...so that it'll find the libraries provided on newer systems to allow older executables to still work.....
portmaster probably didn't know that it should save
/usr/local/libexec/cfengine/libpromises.so.1, though would the old executables know how to find the library when its moved aside? (I do have SAVE_SHARED=wopt uncommented in my
Occurs to me that I could just restore the file from backup, it would allow me to run
and get me to where everything should work again.
Though before I did that, I had invoked
cf-promises (the one in my path --
/usr/local/sbin), and it complains about
library.cf. Guess it doesn't like the old
cfengine_stdlib.cf, the new one isn't where the old one was....it was here instead -->
/usr/local/share/cfengine/CoreBase/libraries/cfengine_stdlib.cf I do a quick look at what's in it....mainly to make sure that bundles/bodies that I use are still there...and notice some interesting new ones....such as a
freebsd_portmaster, someday I should look at cfengine3 to do port/package promising....
But first get cfengine working on policyhost, hopefully the other servers (at 3.4.4) are still working.....guess not, 3.4.4 doesn't like the 3.5.0
cfengine_stdlib.cf file. But, cf-promises is also not happy with some of my other promises....
Guess I'll update those while I get policyhost working again.
Or perhaps I need to revert....
root@zen:/var/cfengine/inputs 317# cf-agent 2013-06-15T13:22:53-0500 error: Bundle 'crontab' listed in the bundlesequence is not a defined bundle 2013-06-15T13:22:53-0500 error: Fatal CFEngine error: Errors in promise bundles 1.755u 0.113s 0:01.94 95.8% 172+2501k 133+12io 1pf+0w root@zen:/var/cfengine/inputs 318## cf-agent -v ... 2013-06-15T14:00:57-0500 verbose: Parsing file '/var/cfengine/inputs/do-crontab.cf' ...
Its there, why's it not working....
'cf-agent -d' doesn't work, but it will only do failsafe....
For some reason I had cd'd into
/usr/local/lib/perl5 on dbox and noticed that 5.16.2 was still present...well 5.12.4 was still on zen after I the upgrade to 5.14.2... and it just had
whatis files. But, I went and looked inside, and found more than just
'pkg_info -W', I found that I had other ports that had installed perl modules that didn't start with 'p5-' or depend on
So, off to rebuild those ports.
On dbox/cbox it was just
print/pdflib...plus some stray files left by already updated ports or removed ports. But, on zen there was a much bigger list of ports:
japanese/p5-Jcode (which was missed, because the package name is
Hmmm, probably need to update my i386 space, which is going to be wrong now...because uses the name
make.conf of 'global', and I haven't updated it in a long time.... Not since May 4th.
emulators/wine-devel has been updated since then, so I guess I'll have to tackle it sooner than later.... Especially, since I'm thinking of making another attempt to see if I can get other apps running in
wine versus VirtualBox....
A while back I was having trouble updating transactions in my TIAA-CREF account. I used to update my entering each transaction by hand every so often, but then a few years ago (when I rolled over a Rollover IRA, which I had parked my 401k of my previous employer, as the invisible money fee was huge....share counts would drop every month, with no explanation in the account statements.) I let them generate the funds I should spread my retirement into...which makes it much harder to be entering transactions by hand.
I had tried the Quicken download option, but the dates of the transactions didn't line up with my pay days or the website's transaction history. So, making the download match what I was entering was tedious, as was not entering any by hand and adjusting after download. Also, the download likes to splatter my register with placeholders, and the complain that the placeholders are missing information so it can't do gain calculations.
So, originally, I'd only like invest in 6 +/- 1 funds. Basically a fund out each slice and some multiple of 5% rather than the specific percentage an investment tool had suggested for me.
Now, I have my retirement funds spread of 12 funds in my Mandatory Plan, and 19 Funds in my Voluntary Plan (since the Voluntary has access to more choices than those specified by pension administrator.) The Mandatory Plan is funded by the mandatory 5.5% that comes out of every paycheck, plus an 8.5% match from employer. While the Voluntary Plan is money that came from other sources, which could be in the form of additional deductions from pay. But, in my case it represents what was in my previous 401k.
So, I just let the Quicken download be as it is....deleting most of the placeholder transactions, because the only transaction that doesn't appear anywhere is the share count growth of my TIAA-CREF Traditional Annuity. But, I just change them into reinvestment actions with a price of $1. Not sure how I would get quicken to tell me what the gain/loss % is from that....
Somebody had described how to do the math to get include re-investments into the overall gain, perhaps I'll have to look into that someday.
Anyways, I noticed that I somehow hadn't done a download in almost 2 months (since the download ranges are 30, 60, 90 or All), so I try to do it about every 30 days. Quicken doesn't seem too bright on knowing transactions that overlap the previous download aren't new, and it'll refuse to let me manually match them with the correct transaction, since it the transaction had already been matched (or created by a previous download). So, I have to delete some of the new transactions, along with all the placeholder entries...before accepting the rest.
Normally this works great....even if the dates happen a day or two before payday. It makes the transfer from my associated cash account for my Mandatory Plan...sure it might go negative...but it all zeros out in the end, usually.
But, then last fall, there was a weird extra $3 and change in my cash account. I kept looking for a missing transaction, but didn't see one. Eventually, I found that when it had done my annual birthday re-balancing...where it sells parts of some funds and Quicken transfers into my cash account, an then buys amounts in the other funds with Quicken transferring out of my cash account. It didn't do that when it added to my Wells Fargo Advantage Growth Fund Institutional. I fixed it by hand, somehow and continued on my way.
So being up ridiculously early this morning, because I got up at the right time during the night...but forgot to take my second dose, and too late to take it when I woke again.
So, I thought I would tackle updating to the latest perl on zen. Choose not to just do a blind
'portmaster -r perl', since that would include anything that depends on being able to run perl or depends on something that depends on perl...possibly many levels down. Somebody should come up with a simple way to only rebuild the ports that directly depend on another port....
What I decided to do what after updating perl, was
'portmaster p5-*' then do a pkg_libchk to see what ports are missing libperl.so and redo those.
I did this first by logging into my machine at work (mew) and it went quickly and worked pretty cleanly. Though there are only half the number p5- ports, and less ports missing libperl.so as well.
So, back on zen...I updated perl and then started the
'portmaster p5-*', when it stopped. A port is dependent on /usr/local/bin/perl5.14.2, which is not found because I just updated to 5.14.4!
How do you have ports that are dependent on a specific version, especially since its possible to have a different version of perl. When I first installed zen, the default perl was 5.12.x...but I had elected to upgrade to 5.14.x when that became the new default. OTOH, when I setup cbox/dbox, I opted to go with 5.16.x...and at work, mew had started before zen, so it was also 5.12.x initially...but I choose to jump that up to 5.16.x (actually no .x at first, but it was very quickly followed by a .1...which inflicted a lot of pain again....though in this latest update they have switched to just major.minor for module path, which means no more pain until its time to upgrade to a newer minor release....
The first casualty was
devel/p5-B-Keywords ...and I find its depended on by
textproc/p5-Test-Perl-Critic....with the last port being the leaf. So that seems to be that it was probably just a build depend for something I had installed long ago (since it doesn't sound like anything I could call in any of my own perl scripts.) So, I figure I'll just delete those packages and carry on.
Nope, the next port also fails with the same strange demand.
After hunting around a bit, to try and figure out what is making this port think it depends on the previous version of perl...it dawns on me that the perl port updates
/etc/make.conf as to what version of perl is installed.
And, I have
being managed by cfengine3.
So, I go update the file, and try to svn commit the change....which blows up because the perl modules needed for the commit hook haven't been updated yet.
Well, guess I'll stop cfengine3 from reverting my
/etc/make.conf (by disabling the promise from the root side) Though IIRC now, the commit hook is mainly to prevent root from doing commits into my subversion repository, instead of the put subversion on an NFS filesystem and have rootsquash prevent root from being able to write into the repository, that we do at work.
Phew....I can commit updated
/etc/make.conf and let cfengine promise it. Perhaps in a future project, I'll see if there's some way to have cfengine set that dynamically or something.
Though should I have cfengine promising all of
/etc/make.conf ? There's a block in
/etc/make.conf that is the same across all my FreeBSD systems, since its the ports that I come across that don't like
'make -j#'. And, it was intended to have cfengine promise that part, though it there have been other additions that I want the same on all my FreeBSD systems, like the override on modules in net-snmp, that I mention when I ran into some cacti. Though there's value in having cfengine having the whole file....or rather its that the files are in subversion.
Next up...nagios has alerted me that spamassassin has stopped, yeah, I guess that would happen. Which means there's going to be a big chunk of spam in all my mailboxes (126...I need to find a good way to aggregate them back so that I can read them all ... from roundcube) module rebuilds are done, and spamassassin seems to be running again (probably because cfengine3 has a promise to keep for that) Though might work better if I do an 'sa-compile' to make sure that part is right...though seemed to me it was only major.minor....
And, its the same time suck....cacti.
Last weekend got away from me, because I to make another attempt to improve
cacti performance. I had tried adding 3 more devices to it, and that sent it over the limit.
I tried the
boost plugin....but it didn't help, and only made things more complicated and failure prone. Evidently, updating rrd files is not a constraint on my
cacti server. Probably because of running on an SSD.
I made another stab at getting the percona monitoring scripts to actually work under script server, but that failed. I suspect the scripts aren't reentrant, because of their use of global variables and relying on 'exit' to cleanup things it allocates or opens.
I had blown some previous weekend when I had tried to build the most recent version of hiphop to maybe compile the scripts, but after all the work in figuring out how to compile the latest 2.0x version...it would SEGV, just as the older lang/hiphop-php did after resolving the problem of building with the current boost (a template had changed to need a static method, meaning old code won't link with newer boost libraries without a definition of this.) And, this is beyond what I have in my wheelhouse to try to fix.
During the week, I had come across some more articles on tuning FreeBSD, namely a discussion of kern.hz for desktop vs servers. Where it being 1000 by default is good for desktops, but the historical setting of 100 being what to use for servers. Though IIRC, ubuntu uses 250 HZ for desktops and 100 HZ for servers, it also doesn't do preemption in its server kernel along with other changes (wonder if some of those would apply to FreeBSD?) Though modern kernels have been moving to be tickless. Which I thought was in for FreeBSD 9, though the more correct term is dynamic tick mode...and which is more about not doing unnecessary work when things are idle. Which isn't the case with 'cbox'. So, perhaps, fiddling with kern.hz and other sysctls might still be relevant. Though haven't really found anything detailed/complete on what would apply to my situation.
So, I thought I would give kern.hz=100 a shot.
At first it seemed to make a difference....no improvement in how long to complete a poll, but the load was lower. Until I realized that a service had failed to start after reboot. I had only run the rc script by hand, I hadn't tested it in a reboot situation. And, its not an rc script....it was used to be a single line in rc.local that worked on ubuntu and FreeBSD (except on one of the Ubuntu systems it results in a ton of zombie processes, so making it an init.d script that I could call restart on happened.
So, I spent quite a lot of time reworking it into what will hopefully be an accept rc script. One thing I had changed was that instead of using a pipe ('|') which was causing the process after the pipe to respawn and turn the previous process into a zombie each time the log file was rotated and "tail -F" announced the switch. And, this was while I was moving the service to FreeBSD (and management under cfengine 3.)
Though looking at my cacti graphs later....while the service had failed to start after reboot, it turned out to have been running for sometime, until I had broken it completely in trying to rc-ify the init script. Will, duh....I had cfengine set to promise that the process was running, and it had repaired that it hadn't started after the reboot.
Another thing I had done with I had init-ified the startup of this service, was I switched from using pipe ('|') to using a fifo, which addressed the respawning and zombie problem and eliminated the original reason to have an init.d script....
While the init.d script had worked on FreeBSD...it was just starting the two processes with '&' on the end then exiting. FreeBSD's rc subroutines do a bit more than that. So things weren't working. The problem was that even though I was using daemon instead of '&', so that daemon would capture the pid and make a pidfile. seems daemon wants the process it manages to be fully working before it'll detach. But, the process is blocked until there's a sink on the other end of the fifo. (does sink fit was the name for the fifo's reader?) I first wonder if I could just flip the two around, but I suspect starting the read process first would be just as blocked until the write process is started. So, I cheated by doing a prestart of the writing process and only tracking the reading process.
Though it took a bit more work to get the 'status' action to work....eventually found I needed to define 'interpreter' since the reading process is a perl script. And, the check_pidfile does more than just check to see if there's a process at the pid, but that its the right process. And, it distinguishes between arg0 and the rest.
Pretty slick...guess I need to do a more thorough reading of the various FreeBSD handbooks, etc. Of course, it has been 13+ years between when I first played with FreeBSD to its take over of my life now.
As for the tuning....it had made a small difference, but no improvement on cacti system stats. Basically the load average fluctuates a bit more and the CPU utilization seems to be a bit lower...though it could because the 4 lines of the cacti graph aren't so close to each other now.
Meanwhile...I noticed that one of the block rules in my firewall had a much higher count than I would expect, so I think I was about to get logging configured to see what that's about.....(which I was working on when I remembered that I hadn't rebooted after making the kern.hz change to /boot/loader.conf yesterday...the commit also picked up files that I had touched while working on moving the one remaining application on 'box', though that may get delayed to another weekend....perhaps the 4 day one coming up.)
I had set cf-execd's schedule to be really infrequent (3 times an hour), because I was doing a lot of testing and cf-agent collisions are messy....messier than they were in cfengine 2 (in 2 it usually just failed to connect and aborted, in 3 it would keep trying and splatter bits and pieces everywhere....which is bad when there are parts using single copy nirvana. resulting in services getting less specific configs, until the next run.
But, I sort of brought back dynamic bundle sequences.... but key off of "from_cfexecd", so I can test my new promise with less problems of colliding with established promises. Though there are other areas where things still get messy.... need to clean up some of the promises I had based on how things were done at work, so that the promises are more standalone.
Kind of weird using my home cfengine 3 setup, and other admin activities, as the means to break the bad habits I had picked up at work....
So a few days ago, databases/sqlite3 was updated in ports. And, in the
portmaster run, I was faced with its config dialog. Think I had gone with the defaults previously, but decided to take a closer look this time. Saw that SECURE_DELETE, with the description "Overwrite deleted information with zeros". That sounds like a waste of time, I should probably turn that off.
A quick online search, I found this:
The secure_delete setting causes deleted content to be overwritten with zeros. There is a small performance penalty for this since additional I/O must occur. On the other hand, secure_delete can prevent sensitive information from lingering in unused parts of the database file after it has allegedly been deleted.
Yup, definitely just a waste of time...even says so. The OTOH, wrong. Why? Because I'm running my FreeBSD system on ZFS, which is copy-on-write. Its just spinning my wheels create a new copy of the file filled with zeros, and the old file is just unlinked somewhere intact, and then unlinking that new copy that it had filled with zeros. When just unlinking the old file achieves the same thing faster.
Of course, what happens a little while later there's an update to www/firefox in ports, where the
configure fails because sqlite3 wasn't built with SQLITE_SECURE_DELETE. Well, I'm not turning on stupid for Firefox...I'm already disappointed by how slow it has become (and PGO seems to be broken again), to where chrome/chromium is now my everywhere browser. Which is working on the most part now that I don't have a Solaris workstation as part of my everywhere.
Well, its just
configure that is testing for it and complaining...so there should be a way to turn it off. Hmmm, no option to do that, guess I'll have to later the configure script. Do I inject a patch into the files directory? Looks like the file is being adjusted elsewhere, though I don't see a patch in files that is working on it. Okay, its the post-patch target in the
Makefile. Can I just add to that? Guess the way to do it is to change AC_MSG_ERROR to something that doesn't terminate the
configure. Unfortunately I have
portmaster.rc opertion "PM_DEL_BUILD_ONLY=pm_dbo" uncommented, so can't quickly look what AC_MSG_??? I could use. Find some online documentation, that describes AC_MSG_CHECKING, AC_MSG_RESULT, AC_MSG_NOTICE, AC_MSG_ERROR, AC_MSG_FAILURE, AC_MSG_WARN...first 3 are messages that aren't emitted if '--quiet' or '--silent' options are used. I don't think those options are used normally, but seems like a good idea to me. I'll use AC_MSG_NOTICE (though now that think of it, AC_MSG_RESULT is probably valid, since it was an AC_MSG_CHECKING that comes before the AC_MSG_ERROR...)
Well, AC_MSG_NOTICE is undefined. Guess the autoconf being used is different than the one I found online. AC_MSG_ERROR and AC_MSG_FAILURE cause exits, but AC_MSG_WARN writes to stderr and continues. Guess, that's what I'll have to use then.
So, I insert the change, and create quick diff so that I can reapply it as a patch for next time....
Pages: 1· 2
I had acquired my first HSTI Wireless Media Stick back on April 24th, 2011 (from a marketplace seller on Amazon.com)...it took some time to arrive and I blogged about it on April 30th, 2011 -- Getting local content to show on my Roku XDS.
Now my Roku has moved to my other HD display (24" 1080p), but that was before my old Samsung HDTV (43" 720p) regenerated into a Samsung Smart 3DTV (50" 1080p).... so I'm back to living room TV being my main viewing device for all content, though TiVo has a box that I could connect to the smaller display to access my TiVo content there....which I may want to get at a later date. The majority of content I watch is from TiVo...one of these days I need to setup my blu-ray player so I can get back into watching DVDs (not sure when I'll have blu-ray discs, but need to get back on my netflix backlog).
But, the other day I had an mp4 file that I needed to play....and I thought I should get someway to do that to my 50" HD display... Had to settle with using the Roku for a bit. And, decided that the plan will be to acquire another HSTi Wireless Media Stick.
After searching around online, eventually found that ordering directly from HSTi was the only option now. So, I ordered another one on May 17th. It arrived yesterday. But, I didn't set it up until I got home from work today. Somehow I had forgotten again that HSTi is in Calgary, Alberta. Not that I'll be going up there in the immediate future....
Anyways, no big surprises...good thing I had solved my USB2.0 and Windows 7 in VirtualBox on FreeBSD problem (got a Silex SX-DS-4000U2). I'm sharing TARDIS from orac to it still, since I don't yet have a replica on zen yet (need to free up space). Though when I moved the HSTi Wireless Media Stick it had forgotten the share, so had to pull up web again and add it back. Interesting that its graphic shows the itself, while the graphic on my older stick is that of the original Wireless Media Stick (it used to be the correct graphic, but after an update it keeps showing the graphic of the older version.) Though this one came from the factory with the latest firmware, so who knows what'll happen when there's an update.
Was interesting using the SmartTV to view it, though wonder if it'll be a problem with it constantly discovering the stick every time I turn it on and presenting dialogs and such. Afterwards I tried the Amazon app to see if that was working yet....it was still saying I needed to update my TV, though this time there was an update....and now that works. Which might make it interesting to decide on what I should do. The only problem with using the SmartTV versus some other viewer....the TV is only 2.1 audio while other routes I can get 5.1, and its a different input on my receiver....
Oh well, back to other projects....
So, doing cacti on cbox doesn't seem to be working long term... but, the moment is being prepared for....I starting to assemble the pieces to build a new machine to do this and handle some other tasks that I've been looking for a place for.
Back to cfengine, I added a promise for dnetc (distributed.net)....and then a promise to finally configure CUPS on the two servers. And, then I turned to nagios.
I spent a couple evenings creating the initial configuration of nagios, working in design changes that I wanted to make and initial monitoring of localhost (dbox). Though it wasn't straight forward....there were differences here and there....mostly in FreeBSD layout, paths, and some of the commands taking different options. But, eventually I got everything running. My old check_dyndns worked once, but then stopped working.... problem was that it did 'stat -c "%Y" ..." which doesn't work on FreeBSD, 'stat -f "%m" ...' was the adjustment for that. All, while all the checks_* seem to be there, command definitions was lacking....but I guess having command definitions for everything is part of the debian/ubuntu packaging. There were other frills that came with that, that I don't mind not having...
I did run into check_ntp being deprecated....with check_ntp_time and check_ntp_peer being the tests to use....separating and making more clear on whether you're comparing time between servers using ntp or checking the state of the ntp server...
It did show some interesting oddities in holding NTP time on my home network.... I know that I should have 3 or more ntp servers, but it seems that I'm often landing in the state where I only have 2....with lots of delay, resulting in pretty good swings of jitter....almost makes me wonder if this something I could graph in cacti....
Wonder if I can find a cheap NTP appliance somewhere....
The last stumbling block was check_dhcp. Which seems to be broken on FreeBSD. All, the discussion on it seemed to point to firewalls, but no firewalls and it still didn't work....tcpdump on both places, and its saying it sending stuff, but no packets appearing on the network. But, I can see the other DHCP traffic on the network.
I remove that check and call it a night. I mull some possible work arounds....first one I tried was setting up linux compability and try running the check_dhcp from my working (ubuntu) nagios. Well, it didn't work...it couldn't find an interface. Oh well, guess there's the ugly way....use nrpe to invoke it. Though that didn't work right away.....probably because while I had created new nrpe configs for all my servers in cfengine, I haven't put any of my ubuntu servers under cfengine yet. Most of the other promises haven't been implemented for ubuntu yet. It was pretty simple to include nrpe.cfg for everything.... in fact it condensed to only 3 files.... a freebsd version, an ubuntu version and a host specific version for orac. Well, not right away...that happened more recently...while I was going through and updating the nrpe.cfg's by hand on the ubuntu servers. Was when I noticed that some of the files were only different in comments....so I made further simplifications in cfengine...which'll propagate out eventually....
Long term, I'll probably just have to track down some alternate implementation of check_dhcp....
I then add cbox to monitoring...and then looked to see about monitoring things that are on cbox/dbox...so I found checks for freeradius, cups, squid, along with improvements to checks on ntp. The check_squid was tricky....I got it working by hand, after making the suggested change for the default Cache type parsing, which turned out to be changes for squid3 vs. squid2 (but box is still running squid 2.7 - since I had re-built it by hand with SSL support, and blocked ubuntu from updating it. Orac wasn't blocked so it eventually turned into squid3.
it worked by hand, but wouldn't work under nagios...turned out that the embedded perl wasn't liking it. I was going to disable embedded perl for it, when I took a look at seeing what it was complaining about. And, did some reading on embedded perl.... the gist was "use strict", "perl -w" and "perl -c" as starting points. perl -w was find, but perl -c had one problem....which I fixed. But, no go. And, then noticed the line "# todo : use strict", guess I'll have to deal with that.
And, making that all happy, got it working.
The only other quirk was the memory check wouldn't work on FreeBSD, I guess there's no mallinfo() available for that. So, no running that test on those servers....plus no Cache test on box. But, it still left enough variety of tests that worked on all. And, it wasn't so much that I wanted to get all the information, but I choose to define all the different tests with ports set into the test....so running the check would also test that all my squid ports worked. There's actually only two that matter, but I have all my squid's configured the same, listening on 5 or 7 ports....depending on whether I have SSL enabled. Though I pretty much only need two now. I'm not doing transparent proxying and I don't need the SSL now that I've split box into dbox/cbox....the SSL was so ddclient could work on box and update dyndns via proxy to DSL....
Next up is adding zen to nagios, and coming with with more tests of things that are specific to zen, but covered or not covered in the old nagios.
Though as I worked along...there were things I couldn't find monitors for...though I realized that I could have cfengine promise that those services were running. Plus cfengine was also taking care of other things. So, I should probably work on writing some promises for zen. So, I can have promises to make sure things are started up again after a port is updated or that php/extensions.ini is reordered, etc.
But, I'll probably continue adding everything else to nagios first.
The home server migration that I wrote about on April 7th, hit a delay .... I started working on migrating cacti and nagios.
I probably should've started with nagios, since I don't think that would've taken as long as cacti has.
I had already been monitoring the new servers using my old cacti installation. I had pretty much decided that moving the old installation to the new servers wasn't going to straightforward.... partly because of versions, and no easy intermediary. But, I wasn't too worried about the historical data in my old cacti....
I figured that once I got things up and running, I'd just export the templates and import them into my new system and I'd be done.
But, then I hit a hitch....the squid templates I had weren't working on the new system....all I could find were old results about issues with doing SNMP to ports other than 161, and possibly due to newer versions of net-snmp....though that later turned out to be a wild goose.
Anyways...the work around was to use the proxy option in net-snmp. Though I recall having tried net-snmp before discovering bsnmpd on FreeBSD, but I gave it a shot.
Before I got to testing the proxy...I soon saw that it wasn't giving the same information as bsnmpd...specifically, for the HOST-RESOURCES-MIB and parts of UCB-SNMP-MIB. So, I decided that I could proxy net-snmp to bsnmpd and get those. But, that didn't work.....after some reading the answer was I needed to either map bsnmpd in somewhere else or exclude those areas from net-snmp.
Well, during the build of net-snmp, it did make reference to being able to set some variables in make.conf -- such as NET_SNMP_WITH_MIB_MODULE_LIST and NET_SNMP_WITHOUT_MIB_MODULE_LIST. And, by default NET_SNMP_WITH_MIB_MODULE_LIST contained "host disman/event-mib smux mibII/mta_sendmail mitII/tcpTable ucd-snmp/diskio sctp-mib if-mib"
So, I tried setting NET_SNMP_WITH_MIB_MODULE_LIST without host and ucb-snmp/diskio and tried to exclude the rest of ucb-snmp in NET_SNMP_WITHOUT_MIB_MODULE_LIST. Which got me a strange error about host being in both lists.
I delved into the Makefile, and found while the other settable NET_SNMP parameters were done as '?=' in the Makefile, the NET_SNMP_WITH_MODULE_LIST was done as '+='...with conditionals that '+=' the last two modules.
OSVERSION >= 700028 adds 'sctp-mib' and the port option MFD_REWRITES adds 'if-mib'....I had started looking at what the fix might be, but decided that all I needed to do was remove all these lines...since I'm going to have my own definition in my /etc/make.conf file.
Trying to exclude all of ucd-snmp wouldn't make things work....but I did an snmpwalk comparing bsnmpd and net-snmp, and decided that the two areas that were lacking were ucd-snmp/diskio and ucd-snmp/disk_hw. So, I recreated the 'original' NET_SNMP_WITH_MODULE_LIST in /etc/make.conf, without 'host' and 'ucd-snmp/diskio' and put 'ucd-snmp/disk_hw' in NET_SNMP_WITHOUT_MODULE_LIST. The build grumbled, but finished.
I that worked.....all my ucd/snmp host graphs were working on m new cacti server in the same detail that I was getting before (IE: the CPU Utilization gave traces for each of the 8 vCPUs...instead of just one.... I could see all the ZFS filesystems, not just the the single zroot.
So, I went back to looking at getting squid graphs to work....that didn't work.
It was a dark and stormy...late afternoon...yesterday, and....
I had started out almost 7 years ago with a Siemens 4100 DSL Modem, which worked the way I needed it to for my home network. And, wasn't sure how easy it would be to find another like it. I was running it in the cross between router and bridge mode...so that my router could maintain my dyndns info (though it wasn't too long after that I moved that to ddclient on box, which has been more reliable...but I was having ddclient scrape from the router, though the ddclient for the router on my Cox connection wasn't supported so that uses checkip.dyndns.org. So, now both do.
Would probably be too much work to make ddclient go out on the right IP so that ip route will send it to the DSL router, so it can query the DSL modem for what the real external IP is. Though the new cbox/dbox setup would simplify things....but the migration has stalled as I've been working on getting cacti moved from box...and it hasn't been going well. Lots of old templates and such don't work on the new, so I've been reworking what I feel I can't live without....
That includes the graphs of my DSL modem stats....
Anyways....when the Siemens 4100 started dropping the connection a lot (around the 3 year mark) and changing the filter didn't help, I had heard that these things wear out... So, I tracked down a new Siemens 4100 on eBay...and switched to that....and that got things working again.... Then a couple years ago, things go bad consistently....though I could see from my cacti graphs that SNR drops in the evening. Though I wasn't able to get local service to restore/fix things. I tried the AT&T forum on dslreports.com, and they changed me to Interleaved, which helped....
But, I had started shopping around for a new DSL modem.... somewhere in my journey's I acquired a Zoom ADSL X3 5760 Modem. But, since things were working...I put it aside as my spare for when things stop. Seems I've had it so long that its no longer available....got it July 9, 2012 according to Amazon.com
For a while now, it would drop the connection now and then during the week (between its weekly self-reboot)...at first I suspected the router, since its twin had gone away in much the same way several months earlier. Though the router do also have failsafe configured, so if it can't talk (ping) to box or the WAN gateway...it reboots. Though at some point AT&T made their gateways unpingable. So, it was pinging google.
But, on April 6 it got really bad....my IRC connection was resetting practically constantly. Though since I had swapped the router before, and swapped it again. Though maybe now I wonder if its watchdog was too aggressive. Things were usable, but the line drops would be annoying. Also the IP staying the same through drops didn't make me question the DSL modem.
But, then on April 13, things start getting really bad....and I was getting 50+ messages a day from ddclient that my IP changed. It seemed to stablize a bit on Monday....though it was still dropping regular enough that I switched to using Cox for my IRC screen session. Was going to defer to the weekend to make the swap.
Well, yesterday the weather was bad...lots of lightning, rain....and I first display I looked at when I got home said "NO INTERNET". Though it was probably a temporary outage, because it did appear to eventually come back while I was working on unboxing my 'new' DSL modem. And, try to figure out how to set it up without the Windows wizard it provides or the lack of documentation with it...there was a small CD, which didn't really provide much depth....but I found what IP it would be and that it has web interface....it also has a telnet interface and an FTP interface.
Anyways...it turned out to be pretty straight forward getting it working...the hard part was figuring out what the non-default options meant, and whether I would want them.... the main one I turned on was "fullcone NAT". And, I set my router in with a reserved IP and made it DMZ host, so I can keep all my forwards there...plus the Zoom is limited to 16, which isn't enough .... though this may change when I make use of its DMZ feature as well (doing reverse proxy on cbox/dbox to everywhere else on my home network...running firewall on these boxes already, to implement policy based routing.) And, enabling ICMP on the WAN interface (its also possible to enable http, ftp and telnet on the WAN interface as well.)
Getting it working in Cacti again, turned out to be much harder.
Pages: 1· 2
Latest Poopli Updaters -- http://lkc.me/poop
|<< <||> >>|
lhaven tivo backuppc appletv box orac b2evolution tardis freebsd raid boinc «tivo premiere» linux «sans digital» usb dvd cox «tivo hd» «air purifier» staples mdadm cfengine3 twitter woot zen «watch instantly» «doctor who» amazon.com upgrade cpap «hd movie» ubuntu replaytv tv virtualbox prescription 10.04lts «amazon prime» «powersource 400» eyeglasses «windows xp» ebay «windows 7» «chicago tardis» raid1 netflix «instant streaming» ups migration dsl