Fix OpenBSD guest CPU idle usage – KVM / Proxmox (qemu)

When running OpenBSD as guest under KVM, the qemu CPU usage can be quite high.
This seems to be partly because of the USB drivers being active in OpenBSD, what you can do is to disable loading of the USB drivers.
NOTE: This will stop USB keyboards and mouse from working, so it’s really only suitable for headless servers with ssh or vnc console access.

Make sure your KVM machine type is set to i440fx which should be the default setting in qemu, my guest was installed as an EFI system but it should work with BIOS too.
In the OpenBSD guest, create a file called /etc/bsd.re-config and add the following:


disable usb
disable ahci
disable uhci
disable xhci

Save the file and reboot the OpenBSD guest, the qemu/kvm process should have resonable CPU usage now, it’s might still be ~1% higher than other OSes though.

For reference, here are my proxmox settings for the OpenBSD guest:

balloon: 0
bios: ovmf
boot: order=virtio0;ide2;net0
cores: 4
cpu: max,flags=+aes
efidisk0: ext-local01:1180/vm-1180-disk-0.qcow2,efitype=4m,pre-enrolled-keys=1,size=528K
ide2: none,media=cdrom
memory: 4096
meta: creation-qemu=9.0.0,ctime=1721055908
name: OpenBSD
net0: virtio=BC:24:11:A7:55:35,bridge=vmbr0,firewall=1
numa: 0
ostype: other
scsihw: virtio-scsi-pci
smbios1: uuid=fe4b2233-55f9-445e-8355-6d9532228dcd
sockets: 1
tablet: 0
virtio0: ext-local01:1180/vm-1180-disk-1.qcow2,backup=1,cache=writeback,iothread=1,size=32G
vmgenid: 42f0eef1-b401-4988-ae8c-f09779ce062b

Resize a qcow2 disk image on Linux

For some reason, a lot of sites reference to tools that are not needed.
All you need to do to resize a qcow2 image is the following:
qemu-img resize <diskimg.qcow2> +15G
This increase the disk size by 15 Gigabyte.

Then you need to use gparted to resize the partitions you want (use a USB live boot if you don’t have a GUI installed).

Quick reference/Howto – Create a PR on Github

Initial setup

To create a PR you first need to setup API keys and gpg signature for your account on github.

To make git always sign your commits using your gpg signture, set the following config for git:
git config --global user.signingkey <key id>
git config --global commit.gpgsign true

You can find your gpg key id using:
gpg --list-secret-keys --keyid-format=long

Password for the account when prompted is your API key.

Create the PR

  1. Fork the repository on github.com that you want to create a PR for.
  2. Clone your forked repository: git clone <url>
  3. Change directory to the cloned repository and create a new branch: checkout -b <branch>
  4. Make your changes
  5. Add your changes: git add .
  6. Commit your changes to your forked repository: git commit -m "type your commit description here"
  7. Check origin using: git remote
  8. If your origin is “origin”, type: git push origin <branch> (branch is the branch in step 3)
  9. Go to your fork on github.com to submit the PR.

FreeBSD – Upgrade PHP 7.4 to 8.0 in one line

This is more of a note to myself but if you want to upgrade PHP 7.4 in one go in FreeBSD, run the following command:

pkg install `pkg query %n-%v | grep php|grep --invert json | sed 's/74/80/; s/-7.*//'`

Note: The above command excludes anything with json, the reason is because the json extension is enabled in PHP 8 by default, so there’s no such package for it. If you have other PHP json packages installed, those will be excluded too.

To check what packages the command will replace, run:

pkg query %n-%v | grep php |grep --invert json | echo `sed 's/74/80/; s/-7.*//'`

If you know what you’re doing you can edit the command for other PHP versions.

Fix Remove-AppxProvisionedPackage error

Remove-AppxProvisionedPackage : The system cannot find the path specified.
Does this look familiar? This might help fix that error for you!

It could be a mismatch somewhere that makes that command to fail.
Instead check what packages dism.exe reports is installed, we use YourPhone as example here:

DISM.exe /online /Get-ProvisionedAppxPackages

Now look at the PackageName reported by dism, then start File Explorer and go to “C:\Program Files\WindowsApps”. Here you might see a folder called Microsoft.YourPhone_2019.1126.308.0_neutral_~_8wekyb3d8bbwe which is in fact the version installed on your system, to remove it, run:

DISM.exe /online /Remove-ProvisionedAppxPackage /PackageName:Microsoft.YourPhone_2019.1126.308.0_neutral_~_8wekyb3d8bbwe

And that’s it, you have successfully removed YourPhone from your computer.

NOTE: If you do not find the app you’re looking for under “C:\Program Files\WindowsApps”, then it isn’t installed and you have a stale entry somewhere. I do not know how to remove the stale entry that dism reports though, I’ll update if I manage find to out.

Gentoo – resume compile

If a package/ebuild fails to compile on gentoo you can use this feature to continue where it failed. Useful if a compile fails and you need to make manual edits to the files. Or if a compile fails because of out of memory, can happen when you compile chromium. Run the following command:

FEATURES=keepwork emerge -av <package>

If you don’t use the “keepwork” feature, gentoo will unpack the source code again, configure and restart the compile, which might not be ideal in all cases.

Dnsmasq – Conditional DNS Forwarding for Windows Active Directory Domains

Let’s say your Windows domain is “domain.local” and your Windows DNS IP address is “192.168.1.55” and “192.168.1.56”
In OpenWrt, add this to /etc/config/dhcp:

        option rebind_protection '0'
        list server '/domain.local/192.168.1.55'
list server '/domain.local/192.168.1.56'

The trick here which isn’t well documented is that rebind protection MUST be set to ‘0’ otherwise lookups for *.domain.local will fail.
UPDATE: Be sure to NOT have filterwin2k set in dnsmasq (/etc/config/dhcp), if you do, gpupdate and AD-domain lookups will fail.

Now your other computers/devices/servers that use the dnsmasq DNS-server can resolve computers that are AD-connected.