Thursday, February 20, 2020

You never had a friend like me - script is my bestie sometimes

PROBLEM:
If I do anything of interest in my home lab, I like to use the script command to create a typescript file that I can refer to later if I need to reproduce the results.

SOLUTION:

use the script command:

server1:~l$ script what_i_am_doing_typescript.txt
Script started, output file is what_i_am_doing_typescript.txt
server1:~ $ date
Thu Feb 20 10:42:24 CST 2020
server1:~ $ exit
exit

Script done, output file is what_i_am_doing_typescript.txt

FUN FACT:
If I later want to remove the carriage returns (CONTROL M) from the typescript, file use this command in vi to remove them and save (you will have to add a CONTROL V before the CONTROL M to have it work)

:^s/^M//g
ZZ


Of course, I do like
:set list
:set number 

in vi sometimes also.

at No comments:

Oh where, Oh where has my little rcs gone? - rcs Removed from FreeBSD 12 base

Got a jolt when I tried to "check out" a rcs file this morning.  rcs is Revision Control Systems and is a useful but somewhat outdated way to keep track of file changes. 
https://docs.freebsd.org/44doc/psd/13.rcs/paper.pdf


PROBLEM:
Had upgraded one of my home lab machines to FreeBSD 12.1 from 11.3 and ` co -l filename ` gave an error and there was no co or rcs man page!

ANALYSIS:
rcs was removed from the base system in FreeBSD 12.
Did not notice this fact in version 12.0 or 12.1 release notes. Must have been announced sooner, I guess.
https://www.freebsd.org/releases/12.1R/relnotes.html

SOLUTION:
(I need to add either rcs version 5.7-5.7 or 5.9.4_1 from packages on server1).
pkg install -y rcs-5.9.4_1

So all good now!

FUN FACTS:
It was initially release in 1982 by Walter F. Tichy.  https://en.wikipedia.org/wiki/Revision_Control_System as a VCS (Version Control System)

Now replaced by lots of options:  SCCS, svnlite, subversion and may others. "As Internet opened its path through the world, third generation of these tools emerged providing a decentralized version control system, allowing users to keep their revisions in multiple machines, while contributing to the same project. In this generation there are GitArch tools (BazaarArX), BitKeeperMercurial, and Monotone and many others as the third generation of VCS software tools.[3] " 
at No comments:

Thursday, February 6, 2020

The ntp gangs' all here - put ntpd files in the same directory (FreeBSD 12.x) and set owner/group to ntpd

In FreeBSD 12.x, ntpd is a new user and runs the ntpd process (daemon) instead of root.

NOT WORKING:

Look at log file and see some file permission issues.
2020-01-22T12:32:52.633975-06:00 server3 ntpd[790] frequency file /var/db/ntpd.drift.TEMP: Permission denied

HOW TO FIX:

See if ntpd user exists

` id ntpd `

If you need to manually add this user and group:

` pw groupadd ntpd -g 123
` pw useradd ntpd -u 123 -g ntpd -h - -d /var/db/ntp -s /usr/sbin/nologin -c "NTP Daemon"   `

After adding the user ntdp, it is suggested to update the password database:
` pwd_mkdb /etc/master.passwd `

And freebsd 12.0 lets you add the ntpd user and runs as that user when you add this /etc/rc.conf
ntpd_user=ntpd

 Suggested settings to place ntp files in /var/db/ntp by adding this to /etc/rc.conf

ntpd_flags="${ntpd_flags} -g -f /var/db/ntp/ntpd.drift -s /var/db/ntp"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
#freebsd 12 only, uses unpriv user called ntpd and group ntpd (UID & GID of 123)
ntpd_user=ntpd

Suggested settings for /boot/loader.conf (this symbolic links is linked to either /bootpool/boot/loader.conf or sometimes /bootdir/boot/loader/conf)

add this to /boot/loader.conf so FreeBSD 12.0 can add this kernel loadable module that ntpd use, starting on next reboot. https://www.freebsd.org/cgi/man.cgi?query=mac_ntpd&sektion=4&manpath=freebsd-release-ports

#added for ntpd to run as user ntpd in FreeBSD 12.0
mac_ntpd_load=”YES”

Check if it is loaded already ` kldload mac_ntpd `


Make sure ntpd files are owned by ntpd user
  1. ls -laR /var/db/ntp*
  2. chown -R ntpd:ntpd /var/db/ntp*
  3. Stop, update the time once and restart the service when configured:
    1. ` /etc/rc.d/ntpd stop `
    2. ` /etc/rc.d/ntpdate onestart `
    3. ` /etc/rc.d/ntpd start `
  4. To update leap file, run ` ntpd fetch `
  5. Commands to check ntpd
    1. ` echo;hostname;date;ntpq -c rv | grep leap_none ` . #if leap_none exists it is synchronized correctly!!!!
    2. ` ntpq -p ` #shows servers that it is using
    3. ` ps -U ntpd ` #to show processing running as ntpd user only, should see it if it is correct.
    4. ` tail -100 /var/log/messages | grep ntp `

WORKING:

To check to see if it is running,

[me@server1 ~]$ service ntpd status
ntpd is running as pid 90506.
[me@server1 ~]$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 0.freebsd.pool. .POOL.          16 p    -   64    0    0.000    0.000   0.000
-willprox.b3orio 206.108.0.131    2 u  609 1024  377   57.935   -3.449   4.246
-clock.trit.net  43.77.130.254    2 u  922 1024  377   52.091  -10.104   0.699
*growup.su       164.67.62.194    2 u  914 1024  377   47.022   -3.294   1.912
+204.93.207.12 ( 206.55.64.78     3 u  208 1024  377    2.028   -7.900   6.618
+50-205-244-107- 50.205.244.27    2 u  503 1024  377   19.213   -4.495   2.423

Check to see if "leap_none" exists, it is synced correctly.

[me@server1 ~]$ /usr/bin/ntpq -c rv | head -1
associd=0 status=0615 leap_none, sync_ntp, 1 event, clock_sync,





at No comments:

Call me maybe? - Suggested email address comments@bsdramblings.com

Send me a comment:

 comments@bsdramblings.com

at No comments:

Does anyone really know what time it is? service ntpd status - only root can check this? (chmod 700 vs 711 vs 755)

One of my FreeBSD 12 servers did not let me check if ntpd was running unless I was root, other ones were just fine with me being non-root user.

#NOT WORKING

root@server1:~ # chmod 700 /var/db/ntp
root@server1:~ # exit
logout
[me@server1 ~]$ service ntpd status
ntpd is not running.

[me@server1 ~]$ ps axww | grep ntpd
90506  -  Ss       0:01.66 /usr/sbin/ntpd -g -f /var/db/ntp/ntpd.drift -s /var/db/ntp -p /var/db/ntp/ntpd.pid -c /etc/ntp.conf -g
16563 12  S+       0:00.00 grep ntpd
[me@server1 ~]$ cat /var/db/ntp/ntpd.pid
cat: /var/db/ntp/ntpd.pid: Permission denied

#WORKING - HOW TO FIX

[me@server1 ~]$ sudo -i
root@server1:~ # chmod 711 /var/db/ntp
root@server1:~ # ls -lag /var/db/ntp/ntpd.pid
-rw-r--r--  1 ntpd  ntpd  5 Feb  5 22:04 /var/db/ntp/ntpd.pid
root@server1:~ # cat /var/db/ntp/ntpd.pid ; echo
90506
root@server1:~ # exit
logout
[me@server1 ~]$ service ntpd status
ntpd is running as pid 90506.
[me@server1 ~]$ uname -a
FreeBSD server1 12.0-RELEASE-p13 FreeBSD 12.0-RELEASE-p13 GENERIC  amd64

#WORKING
#Running ` service ntpd status ` as non-root user successfully.

[me@server2 ~]$ ls -lagd /var/db/ntp
drwxr-xr-x  2 ntpd  ntpd  4 Feb  6 09:35 /var/db/ntp
[me@server2 ~] service ntpd status
ntpd is running as pid 94795.

#Not working ` ls -lagd /var/db/ntp. `
drwx------  2 ntpd  ntpd  4 Feb  6 10:39 /var/db/ntp

#FreeBSD needs at least 711 for file protections to have status work
drwxr-xr-x  2 ntpd  ntpd  4 Feb  6 09:35 /var/db/ntp

#to have this work, but other servers are already set to 755
drwxr-xr-x  2 ntpd  ntpd  4 Feb  6 09:35 /var/db/ntp

at No comments:
Subscribe to: Posts (Atom)

Solve your own problems! - rubber duck problem solving

If you get stuck on an issue, googling the answer is not the only way to solve the problem.   Get yourself a rubber duck, use a cardboard...