As I was setting up a firewall on my freebsd server I had to choose between one of the three firewalls available. There is the freebsd developed firewall ipfw, the older filter ipf and the openbsd developed pf. As for features they have all their advantages and disadvantages. Best is to read firewall documentation of freebsd. In the end my decision was to use pf for one reason - it can check the syntax before it is running any command.
After more than a year working on my mail setup, I think I have it running in a pretty good way. As some of the stuff is not documented at all in the wide of the internet, I will post parts here to make it accessible to others. Many setups use the MTA (postfix, exim) to store mails on the filesystem. My setup lets dovecot take care of that. That way it is the only process able to change data on the filesystem.
This weekend I had a small problem with my omnios installation. The installation is now more than a year old and back then, the feature flags for zfs were really fresh. So as time went on, zfs got better but somehow it was missed to update the grub installation. When I then booted my server on friday, I did not get up again as grub was unable to load my zpool.
A very nice feature on Solaris was the possibility to initialize new zones with a sysidcfg file. This does not exist on omnios. With kayak, omnitis deployment server, a way to run postboot scripts was created. The way is the file /.initialboot. This is just a shell script which gets executed on the first boot and gets removed afterwards. Nothing much but already very useful to make the initial setup for dns and the ip.
I had the need to filter logs from different programs into different places - in this case the postgres and nginx logs. The man page of syslog.conf describes it pretty good, but misses some examples to make it more clear. So here is how I configured it, to make it easier. First, I edited the syslog.conf # filter everything apart from postgres and nginx !-postgres,nginx *.err;kern.warning;auth.notice;mail.crit /dev/console # and all the other stuff # filter only postgres !postgres *.* /var/log/postgresql.log # filter only nginx !nginx *.* /var/log/nginx.log The next step is to setup the log rotate.
I got an interesting question regarding zones on Solaris in #omnios. scarcry: Does anyone know how to move a zone from one zpool to another? There are some guides out there on how to move a zone from one machine to another, but most of them install the zone in the same place as before. But instead of moving it from one machine to another, this small guide will just show what to do, when only the location is chaning.
This is some kind of hint for others, which may have the same problems I had. I wanted to compile llvm 3.1 on omnios, an illumos distribution but it did not work out like I wanted it to. One of the first errors I got was a linking error. Text relocation remains referenced against symbol offset in file llvm::LoopBase<llvm::MachineBasicBlock, llvm::MachineLoop>::getLoopPredecessor() const 0x149a /tmp/build_gibheer/llvm-3.1.src/Release/lib/libLLVMCodeGen.a(MachineLICM.o) llvm::LoopBase<llvm::MachineBasicBlock, llvm::MachineLoop>::getExitBlocks(llvm::SmallVectorImpl<llvm::MachineBasicBlock*>&) const 0x6200 /tmp/build_gibheer/llvm-3.1.src/Release/lib/libLLVMCodeGen.a(MachineLICM.o) ld: fatal: relocations remain against allocatable but non-writable sections The problem in this case is, that parts of the llvm code are not compiled position independent (PIC).
Today someone told me about natural and inner joins. As I’m using SQL for many years already, I was a bit puzzled at first. I heard of the terms, but thought till now, that they were meaning the same. The first thing I did was looking in the PostgreSQL documentation and yes, they are not the same. But they are also the same. The inner join is the default for doing joins.
Today we release a small project from me - zero 0.1.0. It is aimed at being a toolkit for building web services. It is build around the idea of abstracting away what is tedious work and work with the information clearer. With that in mind, some modules are already included. These are the following. Request This class provides an interface to information regarding the request and making them available grouped together in other parts.
Just out of curiosity I tried to build a service for PostgreSQL and the systemd init system. Before that, I only read the service files of postgres and dhcp delivered with Archlinux. What I wanted to build is a service file able to start multiple instances of postgres with separate configuration files. This was much easier than I thought it would be. Systemd supports that pretty well and the only thing to do, is add an ‘@’ to the service file name.
After I switched everywhere to a tiling wm, I wondered how everybody else locks his screen. Sure, you can lock the screen with a keybinding, but what when you leave the pc for talking and then leave it be? The tool I found is xautolock and works pretty good. After a configurable time span it starts the lock and after another time it can also start suspend, hibernate or whatever. I use it with the following settings: xautolock -locker slock -time 2 -killer “systemctl suspend” -killtime 10 & This starts slock, the simple locker, after two minutes and sends the pc into suspend after 10 minutes in activity.
To rotate logs on a Solaris system you have to configure logadm to do it. This is a small example on how it could look like for lighttpd. Execute the two following statements to create two log entries logadm -w /var/lighttpd/1.4/logs/access.log -p 1d -C 8 -a 'pkill -HUP lighttpd; true' logadm -w /var/lighttpd/1.4/logs/error.log -p 1d -C 8 -a 'pkill -HUP lighttpd; true' After that, there should be two new entries in /etc/logadm.conf with all parameters you gave to logadm.