I've ugpraded the kernel on the development image to 2.4.27.
Some kind of fandango on core got bagend in a pretty sorry state. A reinstall solved that, and we're back up and running.
I've attempted to upgrade RT from 3.0 and 3.2. It's not a good idea.
It appears that RT's Perl module for interfacing with the stock Postgres module doesn't pass passwords properly in FreeBSD. It fails with "request for password failed" everytime I try to upgrade the database, even with password authentication disabled. I think we're living with 3.0 for a while.
I've upgraded both quarkprime and quark to Sendmail 8.13 to allow us to take advantage of the greet_pause feature, and to be in line for bug fixes as necessary.
I've tested out SMTP AUTH and relaying, and all seems to be goodl.
I've upgraded Maple from 9.0 to 9.5 on our production image. (Note that the ACLs still need to be synced; I didn't know about the proper way to go about this).
I've upgraded our Firefox installation on the development ACL image from 0.9.3 to 1.0PR.
After many hours of banging my head against the wall, I finally tracked down the problems with the AGS router.
The problems originally manifested themselves in the router being inaccessible. After cycling power a few times a waiting an hour with nothing happening, I tracked down a console cable and wired it up to netbsd.admin. The router came up, but in default configuration mode (this was several days ago).
I got exceptionally close to getting everything working, but I could never get a ping beyond the directly-attached networks. I recalled an incompatibility between "ip routing" and "ip default-gateway", but even after tweaking these values in every way possible I could either get a packet all the way from AGS to the outside world, or routing between directly-attached subnets.
After lots of frustration, I stumbled across a crock of a solution, which is to have two routes:
ip route 0.0.0.0 0.0.0.0 159.28.230.1
ip route 159.28.0.0 255.255.0.0 159.28.230.1
The problem, of course, is that the AGS's IOS release is ancient enough to think that CIDR is an idealistic fantasy. It also reveals a gap in our reference manuals, which is the "ip classless" configuration parameter. I added that in, disabled ip routing, and turned default-gateway back on, and everything is working beautifully.
I've upgraded PHP on quarkprime from 4.3.4 to 4.3.8 to try to fix some library problems wrt ppckernel. The experience was long, tiring, and frought with peril. Avoid it at all costs.
The steps I did:
1. Uninstall everything. Yes, everything. Apache, PHP, and mod_*. Apache and PHP seem to dump core if you don't do this, although this might be specific to us. (We also were upgrading Perl.)
2. Build Apache w/ mod_ssl support.
3. Build all the modules you uninstalled.
4. Build lang/php4.
5. This is the tricky part to realize. Some genius decided to split PHP into a "base" part and an "extensions" part. There's no reason I can think of that you would want only a base installation, and the ease of upgrading modules is far offset by the sheer tomfoolery that needs to be done to get to that point. And how many times do you need to build a new PHP module anyways? So, build lang/php4-extensions. If you mess up the config the first time, realize that it also uses the unannounced "new and improved" way of configuring ports, where not even a complete rebuild of the ports tree can remove a configuration. Run "make config" if you need to restart the configuration process.
6. If you haven't done so yet, you'll find yourself saying "WTF?" at this step. Because the ports doesn't configure the path to the extensions directory, so you have to add it yourself to etc/php.ini. Find extension_dir, and put in something like this:
/usr/local/lib/php/
You should be done at this point, and deserving of a break.
I've installed strace on quark and quarkprime for debugging purposes.
I've changed the path to ispell in sqspell_setup.php from "ispell" to "/usr/local/bin/ispell". This fixes a problem where PHP can't find ispell.
I've changed the default paper size for dvips from A4 to US Letter. To do this, make the "letter" entry in /usr/share/texmf/dvips/config/config.ps come before anything else.
I've gotten the AGS working again. I had to rebuild the entire configuration, but it's passing packets.
I looked this morning for the Solaris CDs that came with millie, but I was unable to find them. I checked the ENI lab (including the Ultra 60 box), the admin office, and the 4th floor but turned up nothing.
After wandering around on Sun's website, I noticed that you can download Solaris 9.0 ISOs for Sparc for free. They also have a preview release of Solaris 10 that is also available, so we have some options available.
I've installed the command-line MP3 player mpg123 from RPM on both the development and production images.
Present: Charlie, Dan, Skylar
* Talk to HIP about moving proto out of the closet (midterm break).
* Change keys?
* Take VT220 from Stanley.
* Mylex battery.
I have made a few updates to office1:
* I updated KDE to 3.3. I let it compile overnight, and it was done in the morning. Whee!
* I copied over the default ACL ssh{d}_config file. Nothing exciting.
* I am in the process of adding USE flags to the /etc/make.conf file. I have a list made up in the office, and I'm open to suggestions.
I've moved our proxy services from millie to admin. This frees up the last service that millie is used for, so millie is in cluster's camp now. I also added Privoxy to the equation to do ad filtering.
I've turned office1 into a Gentoo rsync mirror. I made it a private mirror for just 159.28.0.0/16 (I hope that subnet mask is correct...I've never done this before, so correct me if I'm wrong).
office1 doesn't seem like the best place for an rsync mirror. Maybe move it to image or quarkprime sometime?
Rowan noticed that mail to wernle.org was bouncing due to a broken TLS implementation on their end.
To solve it, he suggested we add this line to /etc/mail/access:
Try_TLS:mail.wernle.org NO
This solved the problem. After adding that line, I used this command to rebuild the access database:
makemap hash access < /etc/mail/access
I've upgraded rsync on quark and quarkprime in response to a buffer overflow regarding the way rsync handles paths.
I finally got around to upgrading tkman on the production image on the ACLs. The basic drill is to grab the latest and greatest from Sourceforge, untar it, and make it. You might have to change the WISH variable in the Makefile to something that exists, but that's the only problem I ran into.
Mic found a problem in the fortune database, which involved the installation of "potentially offensive" fortunes. The README file says that "potentially offensive" fortunes are not installed by default, but examination of the Makefile reveals that to be false. I uninstalled fortune, fixed the Makefile, and reinstalled. I've submitted a problem report to freebsd-bugs@freebsd.org regarding this.
I fixed a problem with the cvsweb configuration on quark. Something had replaced the scalar command_path with an array, which caused the CGI script to crash. I changed command_path back to a scalar and it works.
There's been quite a few changes today involving moving gear around.
* I've cleaned out the admin office of the unnecessary machinery. millie,backup, and the admins are now up on 4th floor. millie and the admins are sitting out on the table, and I moved backup into the closet next to quarkprime.
* To serve CS410, and also to provide routing for the admin cluster (and OS cluster, if need be), I moved the Cisco AGS up to 4th floor as well.
* I moved bagend out of the closet to make room for backup, and put it on the table.
* I moved the spare Cisco 2511 up to 4th floor, and hooked its console up to bagend. I tried some tips from the Cisco website to reset the password, but none of them worked. The tips are on top of the 2511 (which is on top of the AGS) if anyone wants to take a crack at it.
* I switched the 4th floor and admin printers. The admin printer has been printing very gray pages, and this is a far easier solution than actually fixing whatever is wrong with the admin printer. The 4th floor printer hardly gets used anyways, so I doubt it will be a problem.
I've taken quarkprime offline to try to get it as close to quark's setup as possible. I blew everything away, booted off a rescue CD, and started restoring off backup's dumps of quark. Hopefully it'll be done sometime today.
I "fixed" the arplookup complaints about a0 on quark by setting this sysctl variable:
net.link.ether.inet.log_arp_wrong_iface=0
I just pulled a Gentoo image from office1 tonight. Systemimager installed without a hitch, but prepareclient always failed. Some searching on the systemimager mailing lists turned up a fix:
I modified /usr/lib/systemimager/perl/SystemImager/Common.pm line 426. I changed the sfdisk command to 'sfdisk -uS'. After that prepareclient worked fine.
The image is called ACL_GENTOO2004090101, and it has not been tested yet.