diff options
| author | Paul Buetow <paul@buetow.org> | 2025-01-30 09:33:10 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2025-01-30 09:33:10 +0200 |
| commit | 05c63a8bd8093690eae447688383b2e3afd5a1c1 (patch) | |
| tree | 9071cfc8fe8d4c8a2027db2e1b0707440d398b6e | |
| parent | 03b1c73e47971fcce108180c87cf64339dfc7119 (diff) | |
Update content for html
| -rw-r--r-- | about/resources.html | 174 | ||||
| -rw-r--r-- | gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html | 2 | ||||
| -rw-r--r-- | gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html | 2 | ||||
| -rw-r--r-- | gemfeed/2024-01-13-one-reason-why-i-love-openbsd.html | 2 | ||||
| -rw-r--r-- | gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html | 2 | ||||
| -rw-r--r-- | gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.html | 4 | ||||
| -rw-r--r-- | gemfeed/2024-12-03-f3s-kubernetes-with-freebsd-part-2.html | 8 | ||||
| -rw-r--r-- | gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.html (renamed from gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-3.html) | 14 | ||||
| -rw-r--r-- | gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-4.html (renamed from gemfeed/f3s-kubernetes-with-freebsd-part-4.html) | 25 | ||||
| -rw-r--r-- | gemfeed/atom.xml | 1146 | ||||
| -rw-r--r-- | gemfeed/index.html | 1 | ||||
| -rw-r--r-- | index.html | 3 | ||||
| -rw-r--r-- | uptime-stats.html | 2 |
13 files changed, 564 insertions, 821 deletions
diff --git a/about/resources.html b/about/resources.html index 105c2b13..1f96848a 100644 --- a/about/resources.html +++ b/about/resources.html @@ -50,102 +50,102 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <span>In random order:</span><br /> <br /> <ul> -<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> -<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> +<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> <li>Pro Puppet; James Turnbull, Jeffrey McCune; Apress</li> -<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> -<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> <li>C++ Programming Language; Bjarne Stroustrup;</li> -<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> -<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> -<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> -<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> -<li>Hands-on Infrastructure Monitoring with Prometheus; Joel Bastos, Pedro Araujo; Packt </li> -<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> -<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> +<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> +<li>Raku Recipes; J.J. Merelo; Apress</li> +<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> +<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly</li> <li>Concurrency in Go; Katherine Cox-Buday; O'Reilly</li> +<li>21st Century C: C Tips from the New School; Ben Klemens; O'Reilly</li> +<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> <li>Distributed Systems: Principles and Paradigms; Andrew S. Tanenbaum; Pearson</li> -<li>Site Reliability Engineering; How Google runs production systems; O'Reilly</li> +<li>Tmux 2: Productive Mouse-free Development; Brain P. Hogan; The Pragmatic Programmers </li> +<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> +<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> +<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> +<li>The KCNA (Kubernetes and Cloud Native Associate) Book; Nigel Poulton</li> <li>Polished Ruby Programming; Jeremy Evans; Packt Publishing</li> +<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> +<li>Perl New Features; Joshua McAdams, brian d foy; Perl School</li> <li>Java ist auch eine Insel; Christian Ullenboom; </li> -<li>The Docker Book; James Turnbull; Kindle</li> +<li>Terraform Cookbook; Mikael Krief; Packt Publishing</li> +<li>Kubernetes Cookbook; Sameer Naik, Sébastien Goasguen, Jonathan Michaux; O'Reilly</li> +<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> +<li>Systems Performance Tuning; Gian-Paolo D. Musumeci and others...; O'Reilly</li> +<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> +<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> <li>Effective Java; Joshua Bloch; Addison-Wesley Professional</li> -<li>Raku Recipes; J.J. Merelo; Apress</li> -<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>The Docker Book; James Turnbull; Kindle</li> <li>DNS and BIND; Cricket Liu; O'Reilly</li> -<li>100 Go Mistakes and How to Avoid Them; Teiva Harsanyi; Manning Publications</li> -<li>Effective awk programming; Arnold Robbins; O'Reilly</li> -<li>Developing Games in Java; David Brackeen and others...; New Riders</li> -<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> <li>Raku Fundamentals; Moritz Lenz; Apress</li> +<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> +<li>Developing Games in Java; David Brackeen and others...; New Riders</li> <li>Leanring eBPF; Liz Rice; O'Reilly</li> -<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> -<li>Modern Perl; Chromatic ; Onyx Neon Press</li> -<li>Data Science at the Command Line; Jeroen Janssens; O'Reilly</li> -<li>Object-Oriented Programming with ANSI-C; Axel-Tobias Schreiner</li> +<li>DevOps And Site Reliability Engineering Handbook; Stephen Fleming; Audible</li> +<li>97 things every SRE should know; Emil Stolarsky, Jaime Woo; O'Reilly</li> +<li>Ultimate Go Notebook; Bill Kennedy</li> +<li>Effective awk programming; Arnold Robbins; O'Reilly</li> +<li>Funktionale Programmierung; Peter Pepper; Springer</li> +<li>Programming Perl aka "The Camel Book"; Tom Christiansen, brian d foy, Larry Wall & Jon Orwant; O'Reilly</li> +<li>The Pragmatic Programmer; David Thomas; Addison-Wesley</li> <li>Learn You Some Erlang for Great Good; Fred Herbert; No Starch Press</li> -<li>The Go Programming Language; Alan A. A. Donovan; Addison-Wesley Professional</li> -<li>Systemprogrammierung in Go; Frank Müller; dpunkt</li> +<li>Go Brain Teasers - Exercise Your Mind; Miki Tebeka; The Pragmatic Programmers</li> <li>The DevOps Handbook; Gene Kim, Jez Humble, Patrick Debois, John Willis; Audible</li> -<li>Higher Order Perl; Mark Dominus; Morgan Kaufmann</li> -<li>Funktionale Programmierung; Peter Pepper; Springer</li> -<li>The Kubernetes Book; Nigel Poulton; Unabridged Audiobook</li> -<li>Clusterbau mit Linux-HA; Michael Schwartzkopff; O'Reilly</li> -<li>Amazon Web Services in Action; Michael Wittig and Andreas Wittig; Manning Publications</li> -<li>The Practise of System and Network Administration; Thomas A. Limoncelli, Christina J. Hogan, Strata R. Chalup; Addison-Wesley Professional Pro Git; Scott Chacon, Ben Straub; Apress</li> -<li>Learn You a Haskell for Great Good!; Miran Lipovaca; No Starch Press</li> -<li>Think Raku (aka Think Perl 6); Laurent Rosenfeld, Allen B. Downey; O'Reilly</li> +<li>Modern Perl; Chromatic ; Onyx Neon Press</li> </ul><br /> <h2 style='display: inline' id='technical-references'>Technical references</h2><br /> <br /> <span>I didn't read them from the beginning to the end, but I am using them to look up things. The books are in random order:</span><br /> <br /> <ul> -<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> -<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> -<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> <li>Relayd and Httpd Mastery; Michael W Lucas</li> <li>The Linux Programming Interface; Michael Kerrisk; No Starch Press </li> <li>Groovy Kurz & Gut; Joerg Staudemeier; O'Reilly</li> <li>BPF Performance Tools - Linux System and Application Observability, Brendan Gregg; Addison Wesley</li> +<li>Implementing Service Level Objectives; Alex Hidalgo; O'Reilly</li> +<li>Algorithms; Robert Sedgewick, Kevin Wayne; Addison Wesley</li> +<li>Understanding the Linux Kernel; Daniel P. Bovet, Marco Cesati; O'Reilly</li> </ul><br /> <h2 style='display: inline' id='self-development-and-soft-skills-books'>Self-development and soft-skills books</h2><br /> <br /> <span>In random order:</span><br /> <br /> <ul> -<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> -<li>101 Essays that change the way you think; Brianna Wiest; Audible</li> -<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audible</li> -<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> -<li>Soft Skills; John Sommez; Manning Publications</li> +<li>The Power of Now; Eckhard Tolle; Yellow Kite</li> <li>Atomic Habits; James Clear; Random House Business</li> +<li>Deep Work; Cal Newport; Piatkus</li> <li>Who Moved My Cheese?; Dr. Spencer Johnson; Vermilion </li> -<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> -<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> -<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> -<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> -<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> -<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> -<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> -<li>The Power of Now; Eckhard Tolle; Yellow Kite</li> +<li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> +<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> +<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>101 Essays that change the way you think; Brianna Wiest; Audible</li> +<li>Slow Productivity; Cal Newport; Penguin Random House</li> <li>Consciousness: A Very Short Introduction; Susan Blackmore; Oxford Uiversity Press</li> -<li>Eat That Frog; Brian Tracy</li> +<li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> <li>Search Inside Yourself - The Unexpected path to Achieving Success, Happiness (and World Peace); Chade-Meng Tan, Daniel Goleman, Jon Kabat-Zinn; HarperOne</li> +<li>The 7 Habits Of Highly Effective People; Stephen R. Covey; Simon & Schuster UK</li> +<li>The Good Enough Job; Simone Stolzoff; Ebury Edge</li> <li>The Obstacle Is The Way; Ryan Holiday; Profile Books Ltd</li> -<li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> -<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> -<li>Ultralearning; Scott Young; Thorsons</li> -<li>Solve for Happy; Mo Gawdat</li> +<li>Buddah and Einstein walk into a Bar; Guy Joseph Ale, Claire Bloom; Blackstone Publishing</li> <li>Time Management for System Administrators; Thomas A. Limoncelli; O'Reilly</li> -<li>Deep Work; Cal Newport; Piatkus</li> +<li>Eat That Frog; Brian Tracy</li> <li>The Off Switch; Mark Cropley; Virgin Books</li> -<li>Stop starting, start finishing; Arne Roock; Lean-Kanban University </li> -<li>Never Split the Difference; Chris Voss, Tahl Raz; Random House Business</li> +<li>The Daily Stoic; Ryan Holiday, Stephen Hanselman; Profile Books</li> +<li>Ultralearning; Anna Laurent; Self-published via Amazon</li> <li>Influence without Authority; A. Cohen, D. Bradford; Wiley</li> -<li>Digital Minimalism; Cal Newport; Portofolio Penguin</li> -<li>Slow Productivity; Cal Newport; Penguin Random House</li> -<li>The Bullet Journal Method; Ryder Carroll; Fourth Estate</li> +<li>So Good They Can't Ignore You; Cal Newport; Business Plus</li> +<li>Solve for Happy; Mo Gawdat</li> +<li>The Phoenix Project - A Novel About IT, DevOps, and Helping your Business Win; Gene Kim and Kevin Behr; Trade Select</li> +<li>Soft Skills; John Sommez; Manning Publications</li> +<li>Ultralearning; Scott Young; Thorsons</li> +<li>Psycho-Cybernetics; Maxwell Maltz; Perigee Books</li> +<li>Eat That Frog!; Brian Tracy; Hodder Paperbacks</li> +<li>The Complete Software Developer's Career Guide; John Sonmez; Unabridged Audiobook</li> +<li>The Joy of Missing Out; Christina Crook; New Society Publishers</li> +<li>Staff Engineer: Leadership beyond the management track; Will Larson; Audible</li> </ul><br /> <a class='textlink' href='../notes/index.html'>Here are notes of mine for some of the books</a><br /> <br /> @@ -155,21 +155,21 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <ul> <li>Linux Security and Isolation APIs Training; Michael Kerrisk; 3-day on-site training</li> -<li>Functional programming lecture; Remote University of Hagen</li> +<li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> +<li>Protocol buffers; O'Reilly Online</li> +<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> +<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> <li>Red Hat Certified System Administrator; Course + certification (Although I had the option, I decided not to take the next course as it is more effective to self learn what I need)</li> <li>Developing IaC with Terraform (with Live Lessons); O'Reilly Online</li> <li>F5 Loadbalancers Training; 2-day on-site training; F5, Inc. </li> <li>The Well-Grounded Rubyist Video Edition; David. A. Black; O'Reilly Online</li> -<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> -<li>Structure and Interpretation of Computer Programs; Harold Abelson and more...; </li> -<li>Protocol buffers; O'Reilly Online</li> <li>Cloud Operations on AWS - Learn how to configure, deploy, maintain, and troubleshoot your AWS environments; 3-day online live training with labs; Amazon</li> -<li>Scripting Vim; Damian Conway; O'Reilly Online</li> <li>Apache Tomcat Best Practises; 3-day on-site training</li> -<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> <li>MySQL Deep Dive Workshop; 2-day on-site training</li> -<li>The Ultimate Kubernetes Bootcamp; School of Devops; O'Reilly Online</li> -<li>Algorithms Video Lectures; Robert Sedgewick; O'Reilly Online</li> +<li>Scripting Vim; Damian Conway; O'Reilly Online</li> +<li>Ultimate Go Programming; Bill Kennedy; O'Reilly Online</li> +<li>AWS Immersion Day; Amazon; 1-day interactive online training </li> +<li>Functional programming lecture; Remote University of Hagen</li> </ul><br /> <h2 style='display: inline' id='technical-guides'>Technical guides</h2><br /> <br /> @@ -187,30 +187,30 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <span>In random order:</span><br /> <br /> <ul> -<li>Deep Questions with Cal Newport</li> +<li>Cup o' Go [Golang]</li> +<li>The ProdCast (Google SRE Podcast)</li> <li>Fallthrough [Golang]</li> -<li>Maintainable</li> -<li>Hidden Brain</li> -<li>Backend Banter</li> <li>The Changelog Podcast(s)</li> -<li>Dev Interrupted</li> -<li>Fork Around And Find Out</li> <li>BSD Now</li> -<li>Cup o' Go [Golang]</li> -<li>The ProdCast (Google SRE Podcast)</li> +<li>Hidden Brain</li> +<li>Maintainable</li> +<li>Dev Interrupted</li> <li>The Pragmatic Engineer Podcast</li> +<li>Fork Around And Find Out</li> +<li>Deep Questions with Cal Newport</li> +<li>Backend Banter</li> </ul><br /> <h3 style='display: inline' id='podcasts-i-liked'>Podcasts I liked</h3><br /> <br /> <span>I liked them but am not listening to them anymore. The podcasts have either "finished" (no more episodes) or I stopped listening to them due to time constraints or a shift in my interests.</span><br /> <br /> <ul> +<li>Modern Mentor</li> <li>Go Time (predecessor of fallthrough)</li> -<li>Java Pub House</li> -<li>FLOSS weekly</li> -<li>CRE: Chaosradio Express [german]</li> <li>Ship It (predecessor of Fork Around And Find Out)</li> -<li>Modern Mentor</li> +<li>CRE: Chaosradio Express [german]</li> +<li>FLOSS weekly</li> +<li>Java Pub House</li> </ul><br /> <h2 style='display: inline' id='newsletters-i-like'>Newsletters I like</h2><br /> <br /> @@ -218,17 +218,17 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <ul> <li>The Pragmatic Engineer</li> -<li>Changelog News</li> -<li>The Valuable Dev</li> -<li>VK Newsletter</li> <li>The Imperfectionist</li> -<li>Ruby Weekly</li> -<li>byteSizeGo</li> +<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> +<li>VK Newsletter</li> <li>Monospace Mentor</li> +<li>byteSizeGo</li> +<li>Ruby Weekly</li> +<li>Changelog News</li> <li>Golang Weekly</li> -<li>Register Spill</li> <li>Applied Go Weekly Newsletter</li> -<li>Andreas Brandhorst Newsletter (Sci-Fi author)</li> +<li>The Valuable Dev</li> +<li>Register Spill</li> </ul><br /> <h1 style='display: inline' id='formal-education'>Formal education</h1><br /> <br /> diff --git a/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html b/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html index d6909a26..1a5e50ee 100644 --- a/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html +++ b/gemfeed/2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html @@ -420,7 +420,7 @@ Notice: Finished catalog run in 206.09 seconds <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a class='textlink' href='../'>Back to the main site</a><br /> <p class="footer"> diff --git a/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html b/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html index fcf4ccd6..5ba9101a 100644 --- a/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html +++ b/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html @@ -699,7 +699,7 @@ rex commons <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a class='textlink' href='../'>Back to the main site</a><br /> <p class="footer"> diff --git a/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.html b/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.html index ef8c108d..a0ab5b6e 100644 --- a/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.html +++ b/gemfeed/2024-01-13-one-reason-why-i-love-openbsd.html @@ -77,7 +77,7 @@ $ doas reboot <i><font color="silver"># Just in case, reboot one more time</font <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a class='textlink' href='../'>Back to the main site</a><br /> <p class="footer"> diff --git a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html index 99251cc8..b8dcb4c5 100644 --- a/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html +++ b/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html @@ -340,7 +340,7 @@ http://www.gnu.org/software/src-highlite --> <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD (You are currently reading this)</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a class='textlink' href='../'>Back to the main site</a><br /> <p class="footer"> diff --git a/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.html b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.html index 17fe5878..55bfc7df 100644 --- a/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.html +++ b/gemfeed/2024-11-17-f3s-kubernetes-with-freebsd-part-1.html @@ -23,7 +23,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage (You are currently reading this)</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br /> <br /> @@ -182,7 +182,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage (You are currently reading this)</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> <br /> diff --git a/gemfeed/2024-12-03-f3s-kubernetes-with-freebsd-part-2.html b/gemfeed/2024-12-03-f3s-kubernetes-with-freebsd-part-2.html index 2216cf3f..a2d445d6 100644 --- a/gemfeed/2024-12-03-f3s-kubernetes-with-freebsd-part-2.html +++ b/gemfeed/2024-12-03-f3s-kubernetes-with-freebsd-part-2.html @@ -23,7 +23,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation (You are currently reading this)</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br /> <br /> @@ -348,7 +348,9 @@ dev.cpu.<font color="#000000">0</font>.freq: <font color="#000000">2922</font> <br /> <span>To ease cable management, I need to get shorter ethernet cables. I will place the tower on my shelf, where most of the cables will be hidden (together with a UPS, which will also be added to the setup).</span><br /> <br /> -<span>What will be covered in the next post of this series? Maybe ttttbhyve/Rocky Linux and WireGuard setup as described in part 1 of this series...</span><br /> +<span>Read the next post of this series:</span><br /> +<br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>Other *BSD-related posts:</span><br /> <br /> @@ -359,7 +361,7 @@ dev.cpu.<font color="#000000">0</font>.freq: <font color="#000000">2922</font> <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation (You are currently reading this)</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> <br /> diff --git a/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-3.html b/gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.html index 813a934f..966547cc 100644 --- a/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-3.html +++ b/gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.html @@ -9,15 +9,17 @@ </head> <body> <p class="header"> -View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/content-md/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-3.md">Markdown</a> | <a href="gemini://foo.zone/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-3.gmi">Gemini</a> +View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/content-md/gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.md">Markdown</a> | <a href="gemini://foo.zone/gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.gmi">Gemini</a> </p> <h1 style='display: inline' id='f3s-kubernetes-with-freebsd---part-3-protecting-from-power-cuts'>f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</h1><br /> <br /> +<span class='quote'>Published at 2025-01-30T09:22:06+02:00</span><br /> +<br /> <span>This is the third blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution we will use on FreeBSD-based physical machines.</span><br /> <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts (You are currently reading this)</a><br /> <br /> <a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br /> <br /> @@ -250,9 +252,9 @@ END APC : <font color="#000000">2025</font>-<font color="#000000">01</font>-<fo <br /> <span>So far, so good. Host <span class='inlinecode'>f0</span> would shut down itself when short on power. But what about the <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> nodes? They aren't connected directly to the UPS and, therefore, wouldn't know that their power is about to be cut off. For this, <span class='inlinecode'>apcupsd</span> running on the <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> nodes can be configured to retrieve UPS information via the network from the <span class='inlinecode'>apcupsd</span> server running on the <span class='inlinecode'>f0</span> node, which is connected directly to the APC via USB.</span><br /> <br /> -<span>Of course, this won't work when <span class='inlinecode'>f0</span> is down. In this case, no operational node would be connected to the UPS via USB; therefore, the current power status would not be known. However, I consider this a rare circumstance. Furthermore, in case of an <span class='inlinecode'>f0</span> system crash, sudden power outages on the two other nodes would occur at different times, making real data loss (the main concern here) effectively impossible.</span><br /> +<span>Of course, this won't work when <span class='inlinecode'>f0</span> is down. In this case, no operational node would be connected to the UPS via USB; therefore, the current power status would not be known. However, I consider this a rare circumstance. Furthermore, in case of an <span class='inlinecode'>f0</span> system crash, sudden power outages on the two other nodes would occur at different times making real data loss (the main concern here) less likely.</span><br /> <br /> -<span>And if <span class='inlinecode'>f0</span> is down and <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> receive new data and crash midway, it's likely that a client (e.g., an Android app or another laptop) still has the data stored on it, making data loss recoverable. I'd receive an alert if any of the nodes go down (more on monitoring later in this blog series).</span><br /> +<span>And if <span class='inlinecode'>f0</span> is down and <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> receive new data and crash midway, it's likely that a client (e.g., an Android app or another laptop) still has the data stored on it, making data recoverable and data loss overall nearly impossible. I'd receive an alert if any of the nodes go down (more on monitoring later in this blog series).</span><br /> <br /> <h3 style='display: inline' id='installation-on-partners'>Installation on partners</h3><br /> <br /> @@ -400,7 +402,7 @@ Jan 26 17:36:32 f2 apcupsd[2159]: apcupsd exiting, signal 15 Jan 26 17:36:32 f2 apcupsd[2159]: apcupsd shutdown succeeded </pre> <br /> -<span>All good :-) </span><br /> +<span>All good :-) See you in the next post of this series!</span><br /> <br /> <span>Other BSD related posts are:</span><br /> <br /> @@ -411,7 +413,7 @@ Jan 26 17:36:32 f2 apcupsd[2159]: apcupsd shutdown succeeded <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts (You are currently reading this)</a><br /> <br /> <span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> <br /> diff --git a/gemfeed/f3s-kubernetes-with-freebsd-part-4.html b/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-4.html index 50da4602..2cebf528 100644 --- a/gemfeed/f3s-kubernetes-with-freebsd-part-4.html +++ b/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-4.html @@ -9,7 +9,7 @@ </head> <body> <p class="header"> -View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/content-md/gemfeed/f3s-kubernetes-with-freebsd-part-4.md">Markdown</a> | <a href="gemini://foo.zone/gemfeed/f3s-kubernetes-with-freebsd-part-4.gmi">Gemini</a> +View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/content-md/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-4.md">Markdown</a> | <a href="gemini://foo.zone/gemfeed/DRAFT-f3s-kubernetes-with-freebsd-part-4.gmi">Gemini</a> </p> <h1 style='display: inline' id='f3s-kubernetes-with-freebsd---rocky-linux-bhyve-vms---part-4'>f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</h1><br /> <br /> @@ -17,7 +17,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4 (You are currently reading this)</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a href='./f3s-kubernetes-with-frhyveeebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-frhyveeebsd-part-1/f3slogo.png' /></a><br /> <br /> @@ -26,6 +26,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <ul> <li><a href='#f3s-kubernetes-with-freebsd---rocky-linux-bhyve-vms---part-4'>f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a></li> <li>⇢ <a href='#introduction'>Introduction</a></li> +<li>⇢ <a href='#check-for-popcnt-cpu-support'>Check for <span class='inlinecode'>POPCNT</span> CPU support</a></li> <li>⇢ <a href='#basic-bhyve-setup'>Basic Bhyve setup</a></li> <li>⇢ <a href='#rocky-linux-vms'>Rocky Linux VMs</a></li> <li>⇢ ⇢ <a href='#iso-download'>ISO download</a></li> @@ -47,6 +48,24 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <span>Bhyve supports running a variety of guest operating systems, including FreeBSD, Linux, and Windows, on hardware platforms that support hardware virtualization extensions (such as Intel VT-x or AMD-V). In our case, we are going to virtualize Rocky Linux, which later on in this series will be used to run k3s.</span><br /> <br /> +<h2 style='display: inline' id='check-for-popcnt-cpu-support'>Check for <span class='inlinecode'>POPCNT</span> CPU support</h2><br /> +<br /> +<span>POPCNT is a CPU instruction that counts the number of set bits (ones) in a binary number. In terms of CPU virtualization and Bhyve support for the POPCNT instruction is important because guest operating systems utilize this instruction to perform various tasks more efficiently. If the host CPU supports POPCNT, Bhyve can pass this capability to virtual machines to for better performance. Without POPCNT support, some applications might not run, or they might perform suboptimally in virtualized environments.</span><br /> +<br /> +<span>To check for <span class='inlinecode'>POPCNT</span> support, I run:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0:~ % dmesg | grep <font color="#808080">'Features2=.*POPCNT'</font> + Features2=<font color="#000000">0x7ffafbbf</font><SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,SDBG, + FMA,CX16,xTPR,PDCM,PCID,SSE4.<font color="#000000">1</font>,SSE4.<font color="#000000">2</font>,x2APIC,MOVBE,POPCNT,TSCDLT,AESNI,XSAVE, + OSXSAVE,AVX,F16C,RDRAND> +</pre> +<br /> +<span>So it's there! All good.</span><br /> +<br /> <h2 style='display: inline' id='basic-bhyve-setup'>Basic Bhyve setup</h2><br /> <br /> <span>For the management of the Bhyve VMs, we are using <span class='inlinecode'>vm-bhyve</span>, a tool not part of the FreeBSD operating system but available as a ready-to-use package. It eases VM management and reduces a lot of the overhead. We also install the required package to make Bhyve work with the UEFI firmware.</span><br /> @@ -312,7 +331,7 @@ http://www.gnu.org/software/src-highlite --> <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4 (You are currently reading this)</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> <br /> diff --git a/gemfeed/atom.xml b/gemfeed/atom.xml index 7e18508e..cd644536 100644 --- a/gemfeed/atom.xml +++ b/gemfeed/atom.xml @@ -1,12 +1,434 @@ <?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> - <updated>2025-01-29T08:04:40+02:00</updated> + <updated>2025-01-30T09:32:36+02:00</updated> <title>foo.zone feed</title> <subtitle>To be in the .zone!</subtitle> <link href="https://foo.zone/gemfeed/atom.xml" rel="self" /> <link href="https://foo.zone/" /> <id>https://foo.zone/</id> <entry> + <title>f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</title> + <link href="https://foo.zone/gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.html" /> + <id>https://foo.zone/gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.html</id> + <updated>2025-01-30T09:22:06+02:00</updated> + <author> + <name>Paul Buetow aka snonux</name> + <email>paul@dev.buetow.org</email> + </author> + <summary>This is the third blog post about my f3s series for my self-hosting demands in my home lab. f3s? The 'f' stands for FreeBSD, and the '3s' stands for k3s, the Kubernetes distribution we will use on FreeBSD-based physical machines.</summary> + <content type="xhtml"> + <div xmlns="http://www.w3.org/1999/xhtml"> + <h1 style='display: inline' id='f3s-kubernetes-with-freebsd---part-3-protecting-from-power-cuts'>f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</h1><br /> +<br /> +<span class='quote'>Published at 2025-01-30T09:22:06+02:00</span><br /> +<br /> +<span>This is the third blog post about my f3s series for my self-hosting demands in my home lab. f3s? The "f" stands for FreeBSD, and the "3s" stands for k3s, the Kubernetes distribution we will use on FreeBSD-based physical machines.</span><br /> +<br /> +<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> +<a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts (You are currently reading this)</a><br /> +<br /> +<a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br /> +<br /> +<h2 style='display: inline' id='table-of-contents'>Table of Contents</h2><br /> +<br /> +<ul> +<li><a href='#f3s-kubernetes-with-freebsd---part-3-protecting-from-power-cuts'>f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a></li> +<li>⇢ <a href='#introduction'>Introduction</a></li> +<li>⇢ <a href='#changes-since-last-time'>Changes since last time</a></li> +<li>⇢ ⇢ <a href='#freebsd-upgrade-from-141-to-142'>FreeBSD upgrade from 14.1 to 14.2</a></li> +<li>⇢ ⇢ <a href='#a-new-home-behind-the-tv'>A new home (behind the TV)</a></li> +<li>⇢ <a href='#the-ups-hardware'>The UPS hardware</a></li> +<li>⇢ <a href='#configuring-freebsd-to-work-with-the-ups'>Configuring FreeBSD to Work with the UPS</a></li> +<li>⇢ ⇢ <a href='#usb-device-detection'>USB Device Detection</a></li> +<li>⇢ ⇢ <a href='#apcupsd-installation'><span class='inlinecode'>apcupsd</span> Installation</a></li> +<li>⇢ ⇢ <a href='#ups-connectivity-test'>UPS Connectivity Test</a></li> +<li>⇢ <a href='#apc-info-on-partner-nodes'>APC Info on Partner Nodes:</a></li> +<li>⇢ ⇢ <a href='#installation-on-partners'>Installation on partners</a></li> +<li>⇢ <a href='#power-outage-simulation'>Power outage simulation</a></li> +<li>⇢ ⇢ <a href='#pulling-the-plug'>Pulling the plug</a></li> +<li>⇢ ⇢ <a href='#restoring-power'>Restoring power</a></li> +</ul><br /> +<h2 style='display: inline' id='introduction'>Introduction</h2><br /> +<br /> +<span>In this blog post, we are setting up the UPS for the cluster. A UPS, or Uninterruptible Power Supply, safeguards my cluster from unexpected power outages and surges. It acts as a backup battery that kicks in when the electricity cuts out—especially useful in my area, where power cuts are frequent—allowing for a graceful system shutdown and preventing data loss and corruption. This is especially important since I will also store some of my data on the f3s nodes.</span><br /> +<br /> +<h2 style='display: inline' id='changes-since-last-time'>Changes since last time</h2><br /> +<br /> +<h3 style='display: inline' id='freebsd-upgrade-from-141-to-142'>FreeBSD upgrade from 14.1 to 14.2</h3><br /> +<br /> +<span>There has been a new release since the last blog post in this series. The upgrade from 14.1 was as easy as:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0: ~ % doas freebsd-update fetch +paul@f0: ~ % doas freebsd-update install +paul@f0: ~ % doas freebsd-update -r <font color="#000000">14.2</font>-RELEASE upgrade +paul@f0: ~ % doas freebsd-update install +paul@f0: ~ % doas shutdown -r now +</pre> +<br /> +<span>And after rebooting, I ran:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0: ~ % doas freebsd-update install +paul@f0: ~ % doas pkg update +paul@f0: ~ % doas pkg upgrade +paul@f0: ~ % doas shutdown -r now +</pre> +<br /> +<span>And after another reboot, I was on 14.2:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0:~ % uname -a +FreeBSD f0.lan.buetow.org <font color="#000000">14.2</font>-RELEASE FreeBSD <font color="#000000">14.2</font>-RELEASE + releng/<font color="#000000">14.2</font>-n<font color="#000000">269506</font>-c8918d6c7412 GENERIC amd64 +</pre> +<br /> +<span>And, of course, I ran this on all 3 nodes!</span><br /> +<br /> +<h3 style='display: inline' id='a-new-home-behind-the-tv'>A new home (behind the TV)</h3><br /> +<br /> +<span>I've put all the infrastructure behind my TV, as plenty of space is available. The TV hides most of the setup, which drastically improved the SAF (spouse acceptance factor).</span><br /> +<br /> +<a href='./f3s-kubernetes-with-freebsd-part-3/f3s-changes.jpg'><img alt='New hardware placement arrangement' title='New hardware placement arrangement' src='./f3s-kubernetes-with-freebsd-part-3/f3s-changes.jpg' /></a><br /> +<br /> +<span>I got rid of the mini-switch I mentioned in the previous blog post. I have the TP-Link EAP615-Wall mounted on the wall nearby, which is my OpenWrt-powered Wi-Fi hotspot. It also has 3 Ethernet ports, to which I connected the Beelink nodes. That's the device you see at the very top.</span><br /> +<br /> +<span>The Ethernet cables go downward through the cable boxes to the Beelink nodes. In addition to the Beelink f3s nodes, I connected the TP-Link to the UPS as well (not discussed further in this blog post, but the positive side effect is that my Wi-Fi will still work during a power loss for some time—and during a power cut, the Beelink nodes will still be able to communicate with each other).</span><br /> +<br /> +<span>On the very left (the black box) is the UPS, with four power outlets. Three go to the Beelink nodes, and one goes to the TP-Link. A USB output is also connected to the first Beelink node, <span class='inlinecode'>f0</span>. </span><br /> +<br /> +<span>On the very right (halfway hidden behind the TV) are the 3 Beelink nodes stacked on top of each other. The only downside (or upside?) is that my 14-month-old daughter is now chaos-testing the Beelink nodes, as the red power buttons (now reachable for her) are very attractive for her to press when passing by randomly. :-) Luckily, that will only cause graceful system shutdowns!</span><br /> +<br /> +<h2 style='display: inline' id='the-ups-hardware'>The UPS hardware</h2><br /> +<br /> +<span>I wanted a UPS that I could connect to via FreeBSD, and that would provide enough backup power to operate the cluster for a couple of minutes (it turned out to be around an hour, but this time will likely be shortened after future hardware upgrades, like additional drives and a backup enclosure) and to automatically initiate the shutdown of all the f3s nodes.</span><br /> +<br /> +<span>I decided on the APC Back-UPS BX750MI model because:</span><br /> +<br /> +<ul> +<li>Zero noise level when there is no power cut (some light noise when the battery is in operation during a power cut).</li> +<li>Cost: It is relatively affordable (not costing thousands).</li> +<li>USB connectivity: Can be connected via USB to one of the FreeBSD hosts to read the UPS status.</li> +<li>A power output of 750VA (or 410 watts), suitable for an hour of runtime for my f3s nodes (plus the Wi-Fi router).</li> +<li>Multiple power outlets: Can connect all 3 f3s nodes directly.</li> +<li>User-replaceable batteries: I can replace the batteries myself after two years or more (depending on usage).</li> +<li>Its compact design. Overall, I like how it looks.</li> +</ul><br /> +<a href='./f3s-kubernetes-with-freebsd-part-3/apc-back-ups.jpg'><img alt='The APC Back-UPS BX750MI in operation.' title='The APC Back-UPS BX750MI in operation.' src='./f3s-kubernetes-with-freebsd-part-3/apc-back-ups.jpg' /></a><br /> +<br /> +<h2 style='display: inline' id='configuring-freebsd-to-work-with-the-ups'>Configuring FreeBSD to Work with the UPS</h2><br /> +<br /> +<h3 style='display: inline' id='usb-device-detection'>USB Device Detection</h3><br /> +<br /> +<span>Once plugged in via USB on FreeBSD, I could see the following in the kernel messages:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0: ~ % doas dmesg | grep UPS +ugen0.<font color="#000000">2</font>: <American Power Conversion Back-UPS BX750MI> at usbus0 +</pre> +<br /> +<h3 style='display: inline' id='apcupsd-installation'><span class='inlinecode'>apcupsd</span> Installation</h3><br /> +<br /> +<span>To make use of the USB connection, the <span class='inlinecode'>apcupsd</span> package had to be installed:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0: ~ % doas install apcupsd +</pre> +<br /> +<span>I have made the following modifications to the configuration file so that the UPS can be used via the USB interface:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0:/usr/local/etc/apcupsd % diff -u apcupsd.conf.sample apcupsd.conf +--- apcupsd.conf.sample <font color="#000000">2024</font>-<font color="#000000">11</font>-<font color="#000000">01</font> <font color="#000000">16</font>:<font color="#000000">40</font>:<font color="#000000">42.000000000</font> +<font color="#000000">0200</font> ++++ apcupsd.conf <font color="#000000">2024</font>-<font color="#000000">12</font>-<font color="#000000">03</font> <font color="#000000">10</font>:<font color="#000000">58</font>:<font color="#000000">24.009501000</font> +<font color="#000000">0200</font> +@@ -<font color="#000000">31</font>,<font color="#000000">7</font> +<font color="#000000">31</font>,<font color="#000000">7</font> @@ + <i><font color="silver"># 940-1524C, 940-0024G, 940-0095A, 940-0095B,</font></i> + <i><font color="silver"># 940-0095C, 940-0625A, M-04-02-2000</font></i> + <i><font color="silver">#</font></i> +-UPSCABLE smart ++UPSCABLE usb + + <i><font color="silver"># To get apcupsd to work, in addition to defining the cable</font></i> + <i><font color="silver"># above, you must also define a UPSTYPE, which corresponds to</font></i> +@@ -<font color="#000000">88</font>,<font color="#000000">8</font> +<font color="#000000">88</font>,<font color="#000000">10</font> @@ + <i><font color="silver"># that apcupsd binds to that particular unit</font></i> + <i><font color="silver"># (helpful if you have more than one USB UPS).</font></i> + <i><font color="silver">#</font></i> +-UPSTYPE apcsmart +-DEVICE /dev/usv ++UPSTYPE usb ++DEVICE + + <i><font color="silver"># POLLTIME <int></font></i> + <i><font color="silver"># Interval (in seconds) at which apcupsd polls the UPS for status. This</font></i> +</pre> +<br /> +<span>I left the remaining settings as the default ones; for example, the following are of main interest:</span><br /> +<br /> +<pre> +# If during a power failure, the remaining battery percentage +# (as reported by the UPS) is below or equal to BATTERYLEVEL, +# apcupsd will initiate a system shutdown. +BATTERYLEVEL 5 + +# If during a power failure, the remaining runtime in minutes +# (as calculated internally by the UPS) is below or equal to MINUTES, +# apcupsd, will initiate a system shutdown. +MINUTES 3 +</pre> +<br /> +<span>I then enabled and started the daemon:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0:/usr/local/etc/apcupsd % doas sysrc apcupsd_enable=YES +apcupsd_enable: -> YES +paul@f0:/usr/local/etc/apcupsd % doas service apcupsd start +Starting apcupsd. +</pre> +<br /> +<h3 style='display: inline' id='ups-connectivity-test'>UPS Connectivity Test</h3><br /> +<br /> +<span>And voila, I could now access the UPS information via the <span class='inlinecode'>apcaccess</span> command; how convenient :-) (I also read through the manual page, which provides a good understanding of what else can be done with it!).</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0:~ % apcaccess +APC : <font color="#000000">001</font>,<font color="#000000">035</font>,<font color="#000000">0857</font> +DATE : <font color="#000000">2025</font>-<font color="#000000">01</font>-<font color="#000000">26</font> <font color="#000000">14</font>:<font color="#000000">43</font>:<font color="#000000">27</font> +<font color="#000000">0200</font> +HOSTNAME : f0.lan.buetow.org +VERSION : <font color="#000000">3.14</font>.<font color="#000000">14</font> (<font color="#000000">31</font> May <font color="#000000">2016</font>) freebsd +UPSNAME : f0.lan.buetow.org +CABLE : USB Cable +DRIVER : USB UPS Driver +UPSMODE : Stand Alone +STARTTIME: <font color="#000000">2025</font>-<font color="#000000">01</font>-<font color="#000000">26</font> <font color="#000000">14</font>:<font color="#000000">43</font>:<font color="#000000">25</font> +<font color="#000000">0200</font> +MODEL : Back-UPS BX750MI +STATUS : ONLINE +LINEV : <font color="#000000">230.0</font> Volts +LOADPCT : <font color="#000000">4.0</font> Percent +BCHARGE : <font color="#000000">100.0</font> Percent +TIMELEFT : <font color="#000000">65.3</font> Minutes +MBATTCHG : <font color="#000000">5</font> Percent +MINTIMEL : <font color="#000000">3</font> Minutes +MAXTIME : <font color="#000000">0</font> Seconds +SENSE : Medium +LOTRANS : <font color="#000000">145.0</font> Volts +HITRANS : <font color="#000000">295.0</font> Volts +ALARMDEL : No alarm +BATTV : <font color="#000000">13.6</font> Volts +LASTXFER : Automatic or explicit self <b><u><font color="#000000">test</font></u></b> +NUMXFERS : <font color="#000000">0</font> +TONBATT : <font color="#000000">0</font> Seconds +CUMONBATT: <font color="#000000">0</font> Seconds +XOFFBATT : N/A +SELFTEST : NG +STATFLAG : <font color="#000000">0x05000008</font> +SERIALNO : 9B2414A03599 +BATTDATE : <font color="#000000">2001</font>-<font color="#000000">01</font>-<font color="#000000">01</font> +NOMINV : <font color="#000000">230</font> Volts +NOMBATTV : <font color="#000000">12.0</font> Volts +NOMPOWER : <font color="#000000">410</font> Watts +END APC : <font color="#000000">2025</font>-<font color="#000000">01</font>-<font color="#000000">26</font> <font color="#000000">14</font>:<font color="#000000">44</font>:<font color="#000000">06</font> +<font color="#000000">0200</font> +</pre> +<br /> +<h2 style='display: inline' id='apc-info-on-partner-nodes'>APC Info on Partner Nodes:</h2><br /> +<br /> +<span>So far, so good. Host <span class='inlinecode'>f0</span> would shut down itself when short on power. But what about the <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> nodes? They aren't connected directly to the UPS and, therefore, wouldn't know that their power is about to be cut off. For this, <span class='inlinecode'>apcupsd</span> running on the <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> nodes can be configured to retrieve UPS information via the network from the <span class='inlinecode'>apcupsd</span> server running on the <span class='inlinecode'>f0</span> node, which is connected directly to the APC via USB.</span><br /> +<br /> +<span>Of course, this won't work when <span class='inlinecode'>f0</span> is down. In this case, no operational node would be connected to the UPS via USB; therefore, the current power status would not be known. However, I consider this a rare circumstance. Furthermore, in case of an <span class='inlinecode'>f0</span> system crash, sudden power outages on the two other nodes would occur at different times making real data loss (the main concern here) less likely.</span><br /> +<br /> +<span>And if <span class='inlinecode'>f0</span> is down and <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> receive new data and crash midway, it's likely that a client (e.g., an Android app or another laptop) still has the data stored on it, making data recoverable and data loss overall nearly impossible. I'd receive an alert if any of the nodes go down (more on monitoring later in this blog series).</span><br /> +<br /> +<h3 style='display: inline' id='installation-on-partners'>Installation on partners</h3><br /> +<br /> +<span>To do this, I installed <span class='inlinecode'>apcupsd</span> via <span class='inlinecode'>doas pkg install apcupsd</span> on <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span>, and then I could connect to it this way:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f1:~ % apcaccess -h f0.lan.buetow.org | grep Percent +LOADPCT : <font color="#000000">12.0</font> Percent +BCHARGE : <font color="#000000">94.0</font> Percent +MBATTCHG : <font color="#000000">5</font> Percent +</pre> +<br /> +<span>But I want the daemon to be configured and enabled in such a way that it connects to the master UPS node (the one with the UPS connected via USB) so that it can also initiate a system shutdown when the UPS battery reaches low levels. For that, <span class='inlinecode'>apcupsd</span> itself needs to be aware of the UPS status.</span><br /> +<br /> +<span>On <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span>, I changed the configuration to use <span class='inlinecode'>f0</span> (where <span class='inlinecode'>apcupsd</span> is listening) as a remote device. I also changed the <span class='inlinecode'>MINUTES</span> setting from 3 to 6 and the <span class='inlinecode'>BATTERYLEVEL</span> setting from 5 to 10 to ensure that the <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> nodes could still connect to the <span class='inlinecode'>f0</span> node for UPS information before <span class='inlinecode'>f0</span> decides to shut down itself. So <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> must shut down earlier than <span class='inlinecode'>f0</span>:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f2:/usr/local/etc/apcupsd % diff -u apcupsd.conf.sample apcupsd.conf +--- apcupsd.conf.sample <font color="#000000">2024</font>-<font color="#000000">11</font>-<font color="#000000">01</font> <font color="#000000">16</font>:<font color="#000000">40</font>:<font color="#000000">42.000000000</font> +<font color="#000000">0200</font> ++++ apcupsd.conf <font color="#000000">2025</font>-<font color="#000000">01</font>-<font color="#000000">26</font> <font color="#000000">15</font>:<font color="#000000">52</font>:<font color="#000000">45.108469000</font> +<font color="#000000">0200</font> +@@ -<font color="#000000">31</font>,<font color="#000000">7</font> +<font color="#000000">31</font>,<font color="#000000">7</font> @@ + <i><font color="silver"># 940-1524C, 940-0024G, 940-0095A, 940-0095B,</font></i> + <i><font color="silver"># 940-0095C, 940-0625A, M-04-02-2000</font></i> + <i><font color="silver">#</font></i> +-UPSCABLE smart ++UPSCABLE ether + + <i><font color="silver"># To get apcupsd to work, in addition to defining the cable</font></i> + <i><font color="silver"># above, you must also define a UPSTYPE, which corresponds to</font></i> +@@ -<font color="#000000">52</font>,<font color="#000000">7</font> +<font color="#000000">52</font>,<font color="#000000">6</font> @@ + <i><font color="silver"># Network Information Server. This is used if the</font></i> + <i><font color="silver"># UPS powering your computer is connected to a</font></i> + <i><font color="silver"># different computer for monitoring.</font></i> +-<i><font color="silver">#</font></i> + <i><font color="silver"># snmp hostname:port:vendor:community</font></i> + <i><font color="silver"># SNMP network link to an SNMP-enabled UPS device.</font></i> + <i><font color="silver"># Hostname is the ip address or hostname of the UPS</font></i> +@@ -<font color="#000000">88</font>,<font color="#000000">8</font> +<font color="#000000">87</font>,<font color="#000000">8</font> @@ + <i><font color="silver"># that apcupsd binds to that particular unit</font></i> + <i><font color="silver"># (helpful if you have more than one USB UPS).</font></i> + <i><font color="silver">#</font></i> +-UPSTYPE apcsmart +-DEVICE /dev/usv ++UPSTYPE net ++DEVICE f0.lan.buetow.org:<font color="#000000">3551</font> + + <i><font color="silver"># POLLTIME <int></font></i> + <i><font color="silver"># Interval (in seconds) at which apcupsd polls the UPS for status. This</font></i> +@@ -<font color="#000000">147</font>,<font color="#000000">12</font> +<font color="#000000">146</font>,<font color="#000000">12</font> @@ + <i><font color="silver"># If during a power failure, the remaining battery percentage</font></i> + <i><font color="silver"># (as reported by the UPS) is below or equal to BATTERYLEVEL,</font></i> + <i><font color="silver"># apcupsd will initiate a system shutdown.</font></i> +-BATTERYLEVEL <font color="#000000">5</font> ++BATTERYLEVEL <font color="#000000">10</font> + + <i><font color="silver"># If during a power failure, the remaining runtime in minutes</font></i> + <i><font color="silver"># (as calculated internally by the UPS) is below or equal to MINUTES,</font></i> + <i><font color="silver"># apcupsd, will initiate a system shutdown.</font></i> +-MINUTES <font color="#000000">3</font> ++MINUTES <font color="#000000">6</font> + + <i><font color="silver"># If during a power failure, the UPS has run on batteries for TIMEOUT</font></i> + <i><font color="silver"># many seconds or longer, apcupsd will initiate a system shutdown.</font></i> + +</pre> +<span>So I also ran the following commands on <span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span>:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f1:/usr/local/etc/apcupsd % doas sysrc apcupsd_enable=YES +apcupsd_enable: -> YES +paul@f1:/usr/local/etc/apcupsd % doas service apcupsd start +Starting apcupsd. +</pre> +<br /> +<span>And then I was able to connect to localhost via the <span class='inlinecode'>apcaccess</span> command:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f1:~ % doas apcaccess | grep Percent +LOADPCT : <font color="#000000">5.0</font> Percent +BCHARGE : <font color="#000000">95.0</font> Percent +MBATTCHG : <font color="#000000">5</font> Percent +</pre> +<br /> +<h2 style='display: inline' id='power-outage-simulation'>Power outage simulation</h2><br /> +<br /> +<h3 style='display: inline' id='pulling-the-plug'>Pulling the plug</h3><br /> +<br /> +<span>I simulated a power outage by removing the power input from the APC. Immediately, the following message appeared on all the nodes:</span><br /> +<br /> +<pre> +Broadcast Message from root@f0.lan.buetow.org + (no tty) at 15:03 EET... + +Power failure. Running on UPS batteries. +</pre> +<br /> +<span>I ran the following command to confirm the available battery time:</span><br /> +<br /> +<!-- Generator: GNU source-highlight 3.1.9 +by Lorenzo Bettini +http://www.lorenzobettini.it +http://www.gnu.org/software/src-highlite --> +<pre>paul@f0:/usr/local/etc/apcupsd % apcaccess -p TIMELEFT +<font color="#000000">63.9</font> Minutes +</pre> +<br /> +<span>And after almost 60 minutes (<span class='inlinecode'>f1</span> and <span class='inlinecode'>f2</span> a bit earlier, <span class='inlinecode'>f0</span> a bit later due to the different <span class='inlinecode'>BATTERYLEVEL</span> and <span class='inlinecode'>MINUTES</span> settings outlined earlier), the following broadcast was sent out:</span><br /> +<br /> +<pre> +Broadcast Message from root@f0.lan.buetow.org + (no tty) at 15:08 EET... + + *** FINAL System shutdown message from root@f0.lan.buetow.org *** + +System going down IMMEDIATELY + +apcupsd initiated shutdown +</pre> +<br /> +<span>And all the nodes shut down safely before the UPS ran out of battery!</span><br /> +<br /> +<h3 style='display: inline' id='restoring-power'>Restoring power</h3><br /> +<br /> +<span>After restoring power, I checked the logs in <span class='inlinecode'>/var/log/daemon.log</span> and found the following on all 3 nodes:</span><br /> +<br /> +<pre> +Jan 26 17:36:24 f2 apcupsd[2159]: Power failure. +Jan 26 17:36:30 f2 apcupsd[2159]: Running on UPS batteries. +Jan 26 17:36:30 f2 apcupsd[2159]: Battery charge below low limit. +Jan 26 17:36:30 f2 apcupsd[2159]: Initiating system shutdown! +Jan 26 17:36:30 f2 apcupsd[2159]: User logins prohibited +Jan 26 17:36:32 f2 apcupsd[2159]: apcupsd exiting, signal 15 +Jan 26 17:36:32 f2 apcupsd[2159]: apcupsd shutdown succeeded +</pre> +<br /> +<span>All good :-) See you in the next post of this series!</span><br /> +<br /> +<span>Other BSD related posts are:</span><br /> +<br /> +<a class='textlink' href='./2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html'>2016-04-09 Jails and ZFS with Puppet on FreeBSD</a><br /> +<a class='textlink' href='./2022-07-30-lets-encrypt-with-openbsd-and-rex.html'>2022-07-30 Let's Encrypt with OpenBSD and Rex</a><br /> +<a class='textlink' href='./2022-10-30-installing-dtail-on-openbsd.html'>2022-10-30 Installing DTail on OpenBSD</a><br /> +<a class='textlink' href='./2024-01-13-one-reason-why-i-love-openbsd.html'>2024-01-13 One reason why I love OpenBSD</a><br /> +<a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> +<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> +<a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts (You are currently reading this)</a><br /> +<br /> +<span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> +<br /> +<a class='textlink' href='../'>Back to the main site</a><br /> + </div> + </content> + </entry> + <entry> <title>Working with an SRE Interview</title> <link href="https://foo.zone/gemfeed/2025-01-15-working-with-an-sre-interview.html" /> <id>https://foo.zone/gemfeed/2025-01-15-working-with-an-sre-interview.html</id> @@ -695,7 +1117,7 @@ http://www.gnu.org/software/src-highlite --> <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation (You are currently reading this)</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br /> <br /> @@ -1020,7 +1442,9 @@ dev.cpu.<font color="#000000">0</font>.freq: <font color="#000000">2922</font> <br /> <span>To ease cable management, I need to get shorter ethernet cables. I will place the tower on my shelf, where most of the cables will be hidden (together with a UPS, which will also be added to the setup).</span><br /> <br /> -<span>What will be covered in the next post of this series? Maybe ttttbhyve/Rocky Linux and WireGuard setup as described in part 1 of this series...</span><br /> +<span>Read the next post of this series:</span><br /> +<br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>Other *BSD-related posts:</span><br /> <br /> @@ -1031,7 +1455,7 @@ dev.cpu.<font color="#000000">0</font>.freq: <font color="#000000">2922</font> <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation (You are currently reading this)</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> <br /> @@ -1063,7 +1487,7 @@ dev.cpu.<font color="#000000">0</font>.freq: <font color="#000000">2922</font> <br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage (You are currently reading this)</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a href='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png'><img alt='f3s logo' title='f3s logo' src='./f3s-kubernetes-with-freebsd-part-1/f3slogo.png' /></a><br /> <br /> @@ -1222,7 +1646,7 @@ dev.cpu.<font color="#000000">0</font>.freq: <font color="#000000">2922</font> <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage (You are currently reading this)</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> <br /> @@ -3691,7 +4115,7 @@ http://www.gnu.org/software/src-highlite --> <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD (You are currently reading this)</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a class='textlink' href='../'>Back to the main site</a><br /> </div> @@ -4050,7 +4474,7 @@ $ doas reboot <i><font color="silver"># Just in case, reboot one more time</font <a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> <a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> <a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <br /> <a class='textlink' href='../'>Back to the main site</a><br /> </div> @@ -8297,710 +8721,4 @@ http://www.gnu.org/software/src-highlite --> </div> </content> </entry> - <entry> - <title>Let's Encrypt with OpenBSD and Rex</title> - <link href="https://foo.zone/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html" /> - <id>https://foo.zone/gemfeed/2022-07-30-lets-encrypt-with-openbsd-and-rex.html</id> - <updated>2022-07-30T12:14:31+01:00</updated> - <author> - <name>Paul Buetow aka snonux</name> - <email>paul@dev.buetow.org</email> - </author> - <summary>I was amazed at how easy it is to automatically generate and update Let's Encrypt certificates with OpenBSD.</summary> - <content type="xhtml"> - <div xmlns="http://www.w3.org/1999/xhtml"> - <h1 style='display: inline' id='let-s-encrypt-with-openbsd-and-rex'>Let's Encrypt with OpenBSD and Rex</h1><br /> -<br /> -<span class='quote'>Published at 2022-07-30T12:14:31+01:00</span><br /> -<br /> -<span>I was amazed at how easy it is to automatically generate and update Let's Encrypt certificates with OpenBSD.</span><br /> -<br /> -<pre> - / _ \ - The Hebern Machine \ ." ". / - ___ / \ - .."" "".. | O | - / \ | | - / \ | | - --------------------------------- - _/ o (O) o _ | - _/ ." ". | - I/ _________________/ \ | - _/I ." | | - ===== / I / / | - ===== | | | \ | _________________." | -===== | | | | | / \ / _|_|__|_|_ __ | - | | | | | | | \ "._." / o o \ ." ". | - | --| --| -| / \ _/ / \ | - \____\____\__| \ ______ | / | | | - -------- --- / | | | - ( ) (O) / \ / | - ----------------------- ".__." | - _|__________________________________________|_ - / \ - /________________________________________________\ - ASCII Art by John Savard -</pre> -<br /> -<h2 style='display: inline' id='table-of-contents'>Table of Contents</h2><br /> -<br /> -<ul> -<li><a href='#let-s-encrypt-with-openbsd-and-rex'>Let's Encrypt with OpenBSD and Rex</a></li> -<li>⇢ ⇢ <a href='#what-s-let-s-encrypt'>What's Let's Encrypt?</a></li> -<li>⇢ <a href='#meet-acme-client'>Meet <span class='inlinecode'>acme-client</span></a></li> -<li>⇢ <a href='#configuration'>Configuration</a></li> -<li>⇢ ⇢ <a href='#acme-clientconf'>acme-client.conf</a></li> -<li>⇢ ⇢ <a href='#httpdconf'>httpd.conf</a></li> -<li>⇢ ⇢ <a href='#cron-job'>CRON job</a></li> -<li>⇢ <a href='#relaydconf-and-smtpdconf'>relayd.conf and smtpd.conf</a></li> -<li>⇢ <a href='#rexification'>Rexification</a></li> -<li>⇢ ⇢ <a href='#general-acme-client-configuration'>General ACME client configuration</a></li> -<li>⇢ ⇢ <a href='#service-rexification-'>Service rexification </a></li> -<li>⇢ <a href='#all-pieces-together'>All pieces together</a></li> -<li>⇢ <a href='#conclusion'>Conclusion</a></li> -</ul><br /> -<h3 style='display: inline' id='what-s-let-s-encrypt'>What's Let's Encrypt?</h3><br /> -<br /> -<span class='quote'>Let's Encrypt is a non-profit certificate authority run by Internet Security Research Group that provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. It is the world's largest certificate authority, used by more than 265 million websites, with the goal of all websites being secure and using HTTPS.</span><br /> -<br /> -<a class='textlink' href='https://en.wikipedia.org/wiki/Let's_Encrypt'>Source: Wikipedia</a><br /> -<br /> -<span>In short, it gives away TLS certificates for your website - for free! The catch is, that the certificates are only valid for three months. So it is better to automate certificate generation and renewals.</span><br /> -<br /> -<h2 style='display: inline' id='meet-acme-client'>Meet <span class='inlinecode'>acme-client</span></h2><br /> -<br /> -<span><span class='inlinecode'>acme-client</span> is the default Automatic Certifcate Management Environment (ACME) client on OpenBSD and part of the OpenBSD base system. </span><br /> -<br /> -<span>When invoked, the client first checks whether certificates actually require to be generated.</span><br /> -<br /> -<ul> -<li>It first checks whether a certificate already exists; if not, it will attempt to generate a new one.</li> -<li>If the certificate already exists but expires within the next 30 days, it will renew it.</li> -<li>Otherwise, <span class='inlinecode'>acme-client</span> won't do anything.</li> -</ul><br /> -<span>Oversimplified, the following steps are undertaken by <span class='inlinecode'>acme-client</span> for generating a new certificate:</span><br /> -<br /> -<ul> -<li>Reading its config file <span class='inlinecode'>/etc/acme-client.conf</span> for a list of hosts (and their alternative names) to generate certificates. So it means you can also have certificates for arbitrary subdomains!</li> -<li>Automatic generation of the private certificate part (the certificate key) and the certificate signing request (CSR) to <span class='inlinecode'>/etc/ssl/...</span>.</li> -<li>Requesting Let's Encrypt to sign the certificate. This also includes providing a set of temporary files requested by Let's Encrypt in the next step for verification.</li> -<li>Let's Encrypt then will contact the hostname for the certificate through a particular URL (e.g. <span class='inlinecode'>http://foo.zone/.well-known/acme-challenge/...</span>) to verify that the requester is the valid owner of the host.</li> -<li>Let's Encrypt generates a certificate, which then is downloaded to <span class='inlinecode'>/etc/ssl/...</span>.</li> -</ul><br /> -<h2 style='display: inline' id='configuration'>Configuration</h2><br /> -<br /> -<span>There is some (but easy) configuration required to make that all work on OpenBSD.</span><br /> -<br /> -<h3 style='display: inline' id='acme-clientconf'>acme-client.conf</h3><br /> -<br /> -<span>This is how my <span class='inlinecode'>/etc/acme-client.conf</span> looks like (I copied a template from <span class='inlinecode'>/etc/examples/acme-client.conf</span> to <span class='inlinecode'>/etc/acme-client.conf</span> and added my domains to the bottom:</span><br /> -<br /> -<pre> -# -# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $ -# -authority letsencrypt { - api url "https://acme-v02.api.letsencrypt.org/directory" - account key "/etc/acme/letsencrypt-privkey.pem" -} - -authority letsencrypt-staging { - api url "https://acme-staging-v02.api.letsencrypt.org/directory" - account key "/etc/acme/letsencrypt-staging-privkey.pem" -} - -authority buypass { - api url "https://api.buypass.com/acme/directory" - account key "/etc/acme/buypass-privkey.pem" - contact "mailto:me@example.com" -} - -authority buypass-test { - api url "https://api.test4.buypass.no/acme/directory" - account key "/etc/acme/buypass-test-privkey.pem" - contact "mailto:me@example.com" -} - -domain buetow.org { - alternative names { www.buetow.org paul.buetow.org } - domain key "/etc/ssl/private/buetow.org.key" - domain full chain certificate "/etc/ssl/buetow.org.fullchain.pem" - sign with letsencrypt -} - -domain dtail.dev { - alternative names { www.dtail.dev } - domain key "/etc/ssl/private/dtail.dev.key" - domain full chain certificate "/etc/ssl/dtail.dev.fullchain.pem" - sign with letsencrypt -} - -domain foo.zone { - alternative names { www.foo.zone } - domain key "/etc/ssl/private/foo.zone.key" - domain full chain certificate "/etc/ssl/foo.zone.fullchain.pem" - sign with letsencrypt -} - -domain irregular.ninja { - alternative names { www.irregular.ninja } - domain key "/etc/ssl/private/irregular.ninja.key" - domain full chain certificate "/etc/ssl/irregular.ninja.fullchain.pem" - sign with letsencrypt -} - -domain snonux.land { - alternative names { www.snonux.land } - domain key "/etc/ssl/private/snonux.land.key" - domain full chain certificate "/etc/ssl/snonux.land.fullchain.pem" - sign with letsencrypt -} -</pre> -<br /> -<h3 style='display: inline' id='httpdconf'>httpd.conf</h3><br /> -<br /> -<span>For ACME to work, you will need to configure the HTTP daemon so that the "special" ACME requests from Let's Encrypt are served correctly. I am using the standard OpenBSD <span class='inlinecode'>httpd</span> here. These are the snippets I use for the <span class='inlinecode'>foo.zone</span> host in <span class='inlinecode'>/etc/httpd.conf</span> (of course, you need a similar setup for all other hosts as well):</span><br /> -<br /> -<pre> -server "foo.zone" { - listen on * port 80 - location "/.well-known/acme-challenge/*" { - root "/acme" - request strip 2 - } - location * { - block return 302 "https://$HTTP_HOST$REQUEST_URI" - } -} - -server "foo.zone" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/foo.zone.fullchain.pem" - key "/etc/ssl/private/foo.zone.key" - } - location * { - root "/htdocs/gemtexter/foo.zone" - directory auto index - } -} -</pre> -<br /> -<span>As you see, plain HTTP only serves the ACME challenge path. Otherwise, it redirects the requests to TLS. The TLS section then attempts to use the Let's Encrypt certificates.</span><br /> -<br /> -<span>It is worth noticing that <span class='inlinecode'>httpd</span> will start without the certificates being present. This will cause a certificate error when you try to reach the HTTPS endpoint, but it helps to bootstrap Let's Encrypt. As you saw in the config snippet above, Let's Encrypt only requests the plain HTTP endpoint for the verification process, so HTTPS doesn't need to be operational yet at this stage. But once the certificates are generated, you will have to reload or restart <span class='inlinecode'>httpd</span> to use any new certificate.</span><br /> -<br /> -<h3 style='display: inline' id='cron-job'>CRON job</h3><br /> -<br /> -<span>You could now run <span class='inlinecode'>doas acme-client foo.zone</span> to generate the certificate or to renew it. Or you could automate it with CRON.</span><br /> -<br /> -<span>I have created a script <span class='inlinecode'>/usr/local/bin/acme.sh</span> for that for all of my domains:</span><br /> -<br /> -<pre> -#!/bin/sh - -function handle_cert { - host=$1 - # Create symlink, so that relayd also can read it. - crt_path=/etc/ssl/$host - if [ -e $crt_path.crt ]; then - rm $crt_path.crt - fi - ln -s $crt_path.fullchain.pem $crt_path.crt - # Requesting and renewing certificate. - /usr/sbin/acme-client -v $host -} - -has_update=no -handle_cert www.buetow.org -if [ $? -eq 0 ]; then - has_update=yes -fi -handle_cert www.paul.buetow.org -if [ $? -eq 0 ]; then - has_update=yes -fi -handle_cert www.tmp.buetow.org -if [ $? -eq 0 ]; then - has_update=yes -fi -handle_cert www.dtail.dev -if [ $? -eq 0 ]; then - has_update=yes -fi -handle_cert www.foo.zone -if [ $? -eq 0 ]; then - has_update=yes -fi -handle_cert www.irregular.ninja -if [ $? -eq 0 ]; then - has_update=yes -fi -handle_cert www.snonux.land -if [ $? -eq 0 ]; then - has_update=yes -fi - -# Pick up the new certs. -if [ $has_update = yes ]; then - /usr/sbin/rcctl reload httpd - /usr/sbin/rcctl reload relayd - /usr/sbin/rcctl restart smtpd -fi -</pre> -<br /> -<span>And added the following line to <span class='inlinecode'>/etc/daily.local</span> to run the script once daily so that certificates will be renewed fully automatically:</span><br /> -<br /> -<pre> -/usr/local/bin/acme.sh -</pre> -<br /> -<span>I am receiving a daily output via E-Mail like this now:</span><br /> -<br /> -<pre> -Running daily.local: -acme-client: /etc/ssl/buetow.org.fullchain.pem: certificate valid: 80 days left -acme-client: /etc/ssl/paul.buetow.org.fullchain.pem: certificate valid: 80 days left -acme-client: /etc/ssl/tmp.buetow.org.fullchain.pem: certificate valid: 80 days left -acme-client: /etc/ssl/dtail.dev.fullchain.pem: certificate valid: 80 days left -acme-client: /etc/ssl/foo.zone.fullchain.pem: certificate valid: 80 days left -acme-client: /etc/ssl/irregular.ninja.fullchain.pem: certificate valid: 80 days left -acme-client: /etc/ssl/snonux.land.fullchain.pem: certificate valid: 79 days left -</pre> -<br /> -<h2 style='display: inline' id='relaydconf-and-smtpdconf'>relayd.conf and smtpd.conf</h2><br /> -<br /> -<span>Besides <span class='inlinecode'>httpd</span>, <span class='inlinecode'>relayd</span> (mainly for Gemini) and <span class='inlinecode'>smtpd</span> (for mail, of course) also use TLS certificates. And as you can see in <span class='inlinecode'>acme.sh</span>, the services are reloaded or restarted (<span class='inlinecode'>smtpd</span> doesn't support reload) whenever a certificate is generated or updated.</span><br /> -<br /> -<h2 style='display: inline' id='rexification'>Rexification</h2><br /> -<br /> -<span>I didn't write all these configuration files by hand. As a matter of fact, everything is automated with the Rex configuration management system.</span><br /> -<br /> -<a class='textlink' href='https://www.rexify.org'>https://www.rexify.org</a><br /> -<br /> -<span>At the top of the <span class='inlinecode'>Rexfile</span> I define all my hosts:</span><br /> -<br /> -<pre> -our @acme_hosts = qw/buetow.org paul.buetow.org tmp.buetow.org dtail.dev foo.zone irregular.ninja snonux.land/; -</pre> -<br /> -<h3 style='display: inline' id='general-acme-client-configuration'>General ACME client configuration</h3><br /> -<br /> -<span>ACME will be installed into the frontend group of hosts. Here, blowfish is the primary, and twofish is the secondary OpenBSD box.</span><br /> -<br /> -<pre> -group frontends => 'blowfish.buetow.org', 'twofish.buetow.org'; -</pre> -<br /> -<span>This is my Rex task for the general ACME configuration:</span><br /> -<br /> -<pre> -desc 'Configure ACME client'; -task 'acme', group => 'frontends', - sub { - file '/etc/acme-client.conf', - content => template('./etc/acme-client.conf.tpl', - acme_hosts => \@acme_hosts, - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '644'; - - file '/usr/local/bin/acme.sh', - content => template('./scripts/acme.sh.tpl', - acme_hosts => \@acme_hosts, - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '744'; - - file '/etc/daily.local', - ensure => 'present', - owner => 'root', - group => 'wheel', - mode => '644'; - - append_if_no_such_line '/etc/daily.local', '/usr/local/bin/acme.sh'; - }; -</pre> -<br /> -<span>And there is also a Rex task just to run the ACME script remotely:</span><br /> -<br /> -<pre> -desc 'Invoke ACME client'; -task 'acme_invoke', group => 'frontends', - sub { - say run '/usr/local/bin/acme.sh'; - }; - -</pre> -<br /> -<span>Furthermore, this snippet (also at the top of the Rexfile) helps to determine whether the current server is the primary server (all hosts will be without the <span class='inlinecode'>www.</span> prefix) or the secondary server (all hosts will be with the <span class='inlinecode'>www.</span> prefix):</span><br /> -<br /> -<pre> -# Bootstrapping the FQDN based on the server IP as the hostname and domain -# facts aren't set yet due to the myname file in the first place. -our $fqdns = sub { - my $ipv4 = shift; - return 'blowfish.buetow.org' if $ipv4 eq '23.88.35.144'; - return 'twofish.buetow.org' if $ipv4 eq '108.160.134.135'; - Rex::Logger::info("Unable to determine hostname for $ipv4", 'error'); - return 'HOSTNAME-UNKNOWN.buetow.org'; -}; - -# To determine whether the server is the primary or the secondary. -our $is_primary = sub { - my $ipv4 = shift; - $fqdns->($ipv4) eq 'blowfish.buetow.org'; -}; -</pre> -<br /> -<span>The following is the <span class='inlinecode'>acme-client.conf.tpl</span> Rex template file used for the automation. You see that the <span class='inlinecode'>www.</span> prefix isn't sent for the primary server. E.g. <span class='inlinecode'>foo.zone</span> will be served by the primary server (in my case, a server located in Germany) and <span class='inlinecode'>www.foo.zone</span> by the secondary server (in my case, a server located in Japan):</span><br /> -<br /> -<pre> -# -# $OpenBSD: acme-client.conf,v 1.4 2020/09/17 09:13:06 florian Exp $ -# -authority letsencrypt { - api url "https://acme-v02.api.letsencrypt.org/directory" - account key "/etc/acme/letsencrypt-privkey.pem" -} - -authority letsencrypt-staging { - api url "https://acme-staging-v02.api.letsencrypt.org/directory" - account key "/etc/acme/letsencrypt-staging-privkey.pem" -} - -authority buypass { - api url "https://api.buypass.com/acme/directory" - account key "/etc/acme/buypass-privkey.pem" - contact "mailto:me@example.com" -} - -authority buypass-test { - api url "https://api.test4.buypass.no/acme/directory" - account key "/etc/acme/buypass-test-privkey.pem" - contact "mailto:me@example.com" -} - -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> - -<% for my $host (@$acme_hosts) { %> -domain <%= $prefix.$host %> { - domain key "/etc/ssl/private/<%= $prefix.$host %>.key" - domain full chain certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem" - sign with letsencrypt -} -<% } %> - -</pre> -<br /> -<span>And this is the <span class='inlinecode'>acme.sh.tpl</span>:</span><br /> -<br /> -<pre> -#!/bin/sh - -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; --%> - -function handle_cert { - host=$1 - # Create symlink, so that relayd also can read it. - crt_path=/etc/ssl/$host - if [ -e $crt_path.crt ]; then - rm $crt_path.crt - fi - ln -s $crt_path.fullchain.pem $crt_path.crt - # Requesting and renewing certificate. - /usr/sbin/acme-client -v $host -} - -has_update=no -<% for my $host (@$acme_hosts) { -%> -handle_cert <%= $prefix.$host %> -if [ $? -eq 0 ]; then - has_update=yes -fi -<% } -%> - -# Pick up the new certs. -if [ $has_update = yes ]; then - /usr/sbin/rcctl reload httpd - /usr/sbin/rcctl reload relayd - /usr/sbin/rcctl restart smtpd -fi -</pre> -<br /> -<h3 style='display: inline' id='service-rexification-'>Service rexification </h3><br /> -<br /> -<span>These are the Rex tasks setting up <span class='inlinecode'>httpd</span>, <span class='inlinecode'>relayd</span> and <span class='inlinecode'>smtpd</span> services:</span><br /> -<br /> -<pre> -desc 'Setup httpd'; -task 'httpd', group => 'frontends', - sub { - append_if_no_such_line '/etc/rc.conf.local', 'httpd_flags='; - - file '/etc/httpd.conf', - content => template('./etc/httpd.conf.tpl', - acme_hosts => \@acme_hosts, - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { service 'httpd' => 'restart' }; - - service 'httpd', ensure => 'started'; - }; - -desc 'Setup relayd'; -task 'relayd', group => 'frontends', - sub { - append_if_no_such_line '/etc/rc.conf.local', 'relayd_flags='; - - file '/etc/relayd.conf', - content => template('./etc/relayd.conf.tpl', - ipv6address => $ipv6address, - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '600', - on_change => sub { service 'relayd' => 'restart' }; - - service 'relayd', ensure => 'started'; - }; - -desc 'Setup OpenSMTPD'; -task 'smtpd', group => 'frontends', - sub { - Rex::Logger::info('Dealing with mail aliases'); - file '/etc/mail/aliases', - source => './etc/mail/aliases', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { say run 'newaliases' }; - - Rex::Logger::info('Dealing with mail virtual domains'); - file '/etc/mail/virtualdomains', - source => './etc/mail/virtualdomains', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { service 'smtpd' => 'restart' }; - - Rex::Logger::info('Dealing with mail virtual users'); - file '/etc/mail/virtualusers', - source => './etc/mail/virtualusers', - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { service 'smtpd' => 'restart' }; - - Rex::Logger::info('Dealing with smtpd.conf'); - file '/etc/mail/smtpd.conf', - content => template('./etc/mail/smtpd.conf.tpl', - is_primary => $is_primary), - owner => 'root', - group => 'wheel', - mode => '644', - on_change => sub { service 'smtpd' => 'restart' }; - - service 'smtpd', ensure => 'started'; - }; - -</pre> -<br /> -<span>This is the <span class='inlinecode'>httpd.conf.tpl</span>:</span><br /> -<br /> -<pre> -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> - -# Plain HTTP for ACME and HTTPS redirect -<% for my $host (@$acme_hosts) { %> -server "<%= $prefix.$host %>" { - listen on * port 80 - location "/.well-known/acme-challenge/*" { - root "/acme" - request strip 2 - } - location * { - block return 302 "https://$HTTP_HOST$REQUEST_URI" - } -} -<% } %> - -# Gemtexter hosts -<% for my $host (qw/foo.zone snonux.land/) { %> -server "<%= $prefix.$host %>" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem" - key "/etc/ssl/private/<%= $prefix.$host %>.key" - } - location * { - root "/htdocs/gemtexter/<%= $host %>" - directory auto index - } -} -<% } %> - -# DTail special host -server "<%= $prefix %>dtail.dev" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>dtail.dev.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>dtail.dev.key" - } - location * { - block return 302 "https://github.dtail.dev$REQUEST_URI" - } -} - -# Irregular Ninja special host -server "<%= $prefix %>irregular.ninja" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>irregular.ninja.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>irregular.ninja.key" - } - location * { - root "/htdocs/irregular.ninja" - directory auto index - } -} - -# buetow.org special host. -server "<%= $prefix %>buetow.org" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>buetow.org.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>buetow.org.key" - } - block return 302 "https://paul.buetow.org" -} - -server "<%= $prefix %>paul.buetow.org" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>paul.buetow.org.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>paul.buetow.org.key" - } - block return 302 "https://foo.zone/contact-information.html" -} - -server "<%= $prefix %>tmp.buetow.org" { - listen on * tls port 443 - tls { - certificate "/etc/ssl/<%= $prefix %>tmp.buetow.org.fullchain.pem" - key "/etc/ssl/private/<%= $prefix %>tmp.buetow.org.key" - } - root "/htdocs/buetow.org/tmp" - directory auto index -} -</pre> -<br /> -<span>and this the <span class='inlinecode'>relayd.conf.tpl</span>:</span><br /> -<br /> -<pre> -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> - -log connection - -tcp protocol "gemini" { - tls keypair <%= $prefix %>foo.zone - tls keypair <%= $prefix %>buetow.org -} - -relay "gemini4" { - listen on <%= $vio0_ip %> port 1965 tls - protocol "gemini" - forward to 127.0.0.1 port 11965 -} - -relay "gemini6" { - listen on <%= $ipv6address->($hostname) %> port 1965 tls - protocol "gemini" - forward to 127.0.0.1 port 11965 -} -</pre> -<br /> -<span>And last but not least, this is the <span class='inlinecode'>smtpd.conf.tpl</span>:</span><br /> -<br /> -<pre> -<% - our $primary = $is_primary->($vio0_ip); - our $prefix = $primary ? '' : 'www.'; -%> - -pki "buetow_org_tls" cert "/etc/ssl/<%= $prefix %>buetow.org.fullchain.pem" -pki "buetow_org_tls" key "/etc/ssl/private/<%= $prefix %>buetow.org.key" - -table aliases file:/etc/mail/aliases -table virtualdomains file:/etc/mail/virtualdomains -table virtualusers file:/etc/mail/virtualusers - -listen on socket -listen on all tls pki "buetow_org_tls" hostname "<%= $prefix %>buetow.org" -#listen on all - -action localmail mbox alias <aliases> -action receive mbox virtual <virtualusers> -action outbound relay - -match from any for domain <virtualdomains> action receive -match from local for local action localmail -match from local for any action outbound -</pre> -<br /> -<h2 style='display: inline' id='all-pieces-together'>All pieces together</h2><br /> -<br /> -<span>For the complete <span class='inlinecode'>Rexfile</span> example and all the templates, please look at the Git repository:</span><br /> -<br /> -<a class='textlink' href='https://codeberg.org/snonux/rexfiles'>https://codeberg.org/snonux/rexfiles</a><br /> -<br /> -<span>Besides ACME, other things, such as DNS servers, are also rexified. The following command will run all the Rex tasks and configure everything on my frontend machines automatically:</span><br /> -<br /> -<pre> -rex commons -</pre> -<br /> -<span>The <span class='inlinecode'>commons</span> is a group of tasks I specified which combines a set of common tasks I always want to execute on all frontend machines. This also includes the ACME tasks mentioned in this article!</span><br /> -<br /> -<h2 style='display: inline' id='conclusion'>Conclusion</h2><br /> -<br /> -<span>ACME and Let's Encrypt greatly help reduce recurring manual maintenance work (creating and renewing certificates). Furthermore, all the certificates are free of cost! I love to use OpenBSD and Rex to automate all of this.</span><br /> -<br /> -<span>OpenBSD suits perfectly here as all the tools are already part of the base installation. But I like underdogs. Rex is not as powerful and popular as other configuration management systems (e.g. Puppet, Chef, SALT or even Ansible). It is more of an underdog, and the community is small.</span><br /> -<br /> -<span>Why re-inventing the wheel? I love that a <span class='inlinecode'>Rexfile</span> is just a Perl DSL. Also, OpenBSD comes with Perl in the base system. So no new programming language had to be added to my mix for the configuration management system. Also, the <span class='inlinecode'>acme.sh</span> shell script is not a Bash but a standard Bourne shell script, so I didn't have to install an additional shell as OpenBSD does not come with the Bash pre-installed.</span><br /> -<br /> -<span>E-Mail your comments to <span class='inlinecode'>paul@nospam.buetow.org</span> :-)</span><br /> -<br /> -<span>Other *BSD related posts are:</span><br /> -<br /> -<a class='textlink' href='./2016-04-09-jails-and-zfs-on-freebsd-with-puppet.html'>2016-04-09 Jails and ZFS with Puppet on FreeBSD</a><br /> -<a class='textlink' href='./2022-07-30-lets-encrypt-with-openbsd-and-rex.html'>2022-07-30 Let's Encrypt with OpenBSD and Rex (You are currently reading this)</a><br /> -<a class='textlink' href='./2022-10-30-installing-dtail-on-openbsd.html'>2022-10-30 Installing DTail on OpenBSD</a><br /> -<a class='textlink' href='./2024-01-13-one-reason-why-i-love-openbsd.html'>2024-01-13 One reason why I love OpenBSD</a><br /> -<a class='textlink' href='./2024-04-01-KISS-high-availability-with-OpenBSD.html'>2024-04-01 KISS high-availability with OpenBSD</a><br /> -<a class='textlink' href='./2024-11-17-f3s-kubernetes-with-freebsd-part-1.html'>2024-11-17 f3s: Kubernetes with FreeBSD - Part 1: Setting the stage</a><br /> -<a class='textlink' href='./2024-12-03-f3s-kubernetes-with-freebsd-part-2.html'>2024-12-03 f3s: Kubernetes with FreeBSD - Part 2: Hardware and base installation</a><br /> -<a class='textlink' href='./f3s-kubernetes-with-freebsd-part-4.html'>f3s-kubernetes-with f3s: Kubernetes with FreeBSD - Rocky Linux Bhyve VMs - Part 4</a><br /> -<br /> -<a class='textlink' href='../'>Back to the main site</a><br /> - </div> - </content> - </entry> </feed> diff --git a/gemfeed/index.html b/gemfeed/index.html index 23f39e99..9e70f21a 100644 --- a/gemfeed/index.html +++ b/gemfeed/index.html @@ -15,6 +15,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <h2 style='display: inline' id='to-be-in-the-zone'>To be in the .zone!</h2><br /> <br /> +<a class='textlink' href='./2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 - f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <a class='textlink' href='./2025-01-15-working-with-an-sre-interview.html'>2025-01-15 - Working with an SRE Interview</a><br /> <a class='textlink' href='./2025-01-01-posts-from-october-to-december-2024.html'>2025-01-01 - Posts from October to December 2024</a><br /> <a class='textlink' href='./2024-12-15-random-helix-themes.html'>2024-12-15 - Random Helix Themes</a><br /> @@ -13,7 +13,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte </p> <h1 style='display: inline' id='foozone'>foo.zone</h1><br /> <br /> -<span class='quote'>This site was generated at 2025-01-29T08:04:40+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> +<span class='quote'>This site was generated at 2025-01-30T09:32:36+02:00 by <span class='inlinecode'>Gemtexter</span></span><br /> <br /> <span>Welcome to the foo.zone. Everything you read on this site is my personal opinion and experience. You can call me a Linux/*BSD enthusiast and hobbyist. I mainly write about tech, IT, programming and sometimes also about self-improvement here. And I also like coding.</span><br /> <br /> @@ -41,6 +41,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte <br /> <h3 style='display: inline' id='posts'>Posts</h3><br /> <br /> +<a class='textlink' href='./gemfeed/2025-02-01-f3s-kubernetes-with-freebsd-part-3.html'>2025-02-01 - f3s: Kubernetes with FreeBSD - Part 3: Protecting from power cuts</a><br /> <a class='textlink' href='./gemfeed/2025-01-15-working-with-an-sre-interview.html'>2025-01-15 - Working with an SRE Interview</a><br /> <a class='textlink' href='./gemfeed/2025-01-01-posts-from-october-to-december-2024.html'>2025-01-01 - Posts from October to December 2024</a><br /> <a class='textlink' href='./gemfeed/2024-12-15-random-helix-themes.html'>2024-12-15 - Random Helix Themes</a><br /> diff --git a/uptime-stats.html b/uptime-stats.html index 56ce2fec..55bdccf7 100644 --- a/uptime-stats.html +++ b/uptime-stats.html @@ -13,7 +13,7 @@ View this page as <a href="https://codeberg.org/snonux/foo.zone/src/branch/conte </p> <h1 style='display: inline' id='my-machine-uptime-stats'>My machine uptime stats</h1><br /> <br /> -<span class='quote'>This site was last updated at 2025-01-29T08:04:40+02:00</span><br /> +<span class='quote'>This site was last updated at 2025-01-30T09:32:36+02:00</span><br /> <br /> <span>The following stats were collected via <span class='inlinecode'>uptimed</span> on all of my personal computers over many years and the output was generated by <span class='inlinecode'>guprecords</span>, the global uptime records stats analyser of mine.</span><br /> <br /> |