Setting Up FreeBSD

This setup of FreeBSD was done on Hetzner servers.

Cleanup drives

[root@rescue ~]# gmirror load
[root@rescue ~]# gmirror status
      Name    Status  Components
mirror/gm0  COMPLETE  ad6 (ACTIVE)
                      ad4 (ACTIVE)
[root@rescue ~]# gmirror remove gm0 ad4
[root@rescue ~]# gmirror remove gm0 ad6
[root@rescue ~]# destroygeom -d ad6

or

[root@rescue ~]# dd if=/dev/zero of=/dev/ad4 bs=1024 count=1
1+0 records in
1+0 records out
1024 bytes transferred in 0.000180 secs (5688698 bytes/sec)
[root@rescue ~]# dd if=/dev/zero of=/dev/ad6 bs=1024 count=1
1+0 records in
1+0 records out
1024 bytes transferred in 0.000183 secs (5592405 bytes/sec)

Installation

Installation via http://wiki.hetzner.de/index.php/FreeBSD_installieren

                     Hetzner Online AG - installimage

          Your server will be installed now, this will take some time
                  You can abort at any time with CTRL+C ...

Creating a file system(up to 10 minutes)...DONE
Extract image... DONE
Setting up german time... DONE
Copying kernel... DONE
Configuring rc.conf... DONE
Configuring loader.conf... DONE
Enabling SSH login for root... DONE
Configuring resolv.conf... DONE

Congratulations! The configuration has been completed successfully.
You can now use 'reboot' to boot your newly installed FreeBSD system.

[root@rescue ~]# installimage

Choose following options:

  • FreeBSD 8.3
  • 64 Bit
  • /dev/ad4 und /dev/ad6, RAID 1
  • UFS
  • manual input, 32 GB

Prompt

sed -i '' -e 's/set prompt.*/set prompt = "%? %n@%m:%/ # "/' /root/.cshrc

rc.conf

cat > /etc/rc.conf <<HERE
hostname="INSERT HOSTNAME HERE"

# Filesystems
zfs_enable="NO"

# Network
ifconfig_re0="inet X6.Y.Z9.A37 netmask 255.255.255.224 media 100BaseTX mediaopt full-duplex,flag0"
defaultrouter="X6.Y.Z9.A25"

# Services
syslogd_flags="-ss"
sshd_enable="YES"
ntpd_enable="YES"
HERE

Sources

Please read this post also: .

cat >>/etc/make.conf <<HERE
# Updating, "make update" in /usr/src
SUP_UPDATE=
SUP=               /usr/bin/csup
SUPFLAGS=          -L 2
SUPHOST=           cvsup.de.FreeBSD.org
SUPFILE=           /root/cvsup/standard-supfile
PORTSSUPFILE=      /root/cvsup/ports-supfile
HERE

Copy and edit CVSup files:

cd /root
mkdir cvsup

For FreeBSD sources and ports collection:

cp /usr/share/examples/cvsup/standard-supfile /root/cvsup/standard-supfile
cp /usr/share/examples/cvsup/ports-supfile /root/cvsup/ports-supfile
sed -i '' -e 's/*default host=CHANGE_THIS/*default host=cvsup.de/' /root/cvsup/*
csup -L 2 /root/cvsup/standard-supfile
csup -L 2 /root/cvsup/ports-supfile

Lets define a directory for packages, which are created from ports. This way packages can be easily installed in a jail: Environment variable PACKAGES contains the directory, where packages will be copied.

mkdir -p /var/ports/packages
setenv PACKAGES /var/ports/packages
cat >>/root/.cshrc <<HERE
# Packages
setenv PACKAGES /var/ports/packages
HERE

Update on a regular basis:

Option 1 is csup:

crontab -
#  m  h    d dom  d command
   0  4/4  *  *   * csup -L 2 /root/standard-supfile >&! cron-csup-standard-supfile.log
  15  4/4  *  *   * csup -L 2 /root/ports-supfile >&! cron-csup-ports-supfile.log
  30  4    *  *   * /usr/sbin/freebsd-update cron

Option 2 is make update:

crontab -
#  m  h    d dom  d command
   0  4/4  *  *   * ( cd /usr/src ; make update >&! make-update.log )
  30  4    *  *   * /usr/sbin/freebsd-update cron >&! freebsd-update.log

Allow “root” to use cron:

echo "root" > /var/cron/allow
echo "root" > /var/at/allow

Useful packages

Coding, Compiler:

  • clang
  • llvm
  • git

System tools:

  • cpdup
  • unison
  • smartmontools

Security:

  • expiretable
  • sshguard
  • pftop

ccache

Install ccache:

cd /usr/ports/devel/ccache
make config
make config-recursive
make
make package-recursive clean
rehash

.cshrc anpassen und ccache Einstellungen setzen:

cat >>$HOME/.cshrc <<HERE
# ccache
setenv PATH /usr/local/libexec/ccache:$PATH
setenv CCACHE_PATH /usr/bin:/usr/local/bin
setenv CCACHE_DIR /var/tmp/ccache
setenv CCACHE_LOGFILE /var/log/ccache.log
if ( -x /usr/local/bin/ccache ) then
  /usr/local/bin/ccache -M 4G > /dev/null
endif
HERE

/etc/make.conf anpassen:

cat >>/etc/make.conf <<HERE
# ccache
.if ${.CURDIR:M*/ports/devel/ccache}
  NO_CCACHE= yes
.endif
.if (!empty(.CURDIR:M/usr/src*) || !empty(.CURDIR:M/usr/obj*)) &amp;&amp; !defined(NOCCACHE)
  CC:=${CC:C,^cc,/usr/local/libexec/ccache/world/cc,1}
  CXX:=${CXX:C,^c++,/usr/local/libexec/ccache/world/c++,1}
.endif
HERE

Re-login!

Compile kernel and userland

  • Set options

    sed -i '' -e 's/kern.securelevel=/#kern.securelevel/g' /etc/rc.conf
    sed -i '' -e 's/ezjail_enable="YES"/ezjail_enable="NO"/g' /etc/rc.conf
  • Save known-good kernel and test reboot

    rm -rf /boot/kernel.last ; cp -Rp /boot/kernel /boot/kernel.last
    reboot
  • Update sources

    cd /usr/src
    csup -L 2 /root/standard-supfile ; csup -L 2 /root/ports-supfile
    less UPDATE
  • Recompile userland

    • Cleanup

      cd /usr/obj
      chflags -R noschg *
      rm -rf /usr/obj/*
    • Configuration

      mergemaster -p

      From man mergemaster:

      -p          Pre-buildworld mode.  Compares only files known to be essen-
                  tial to the success of {build|install}world, including
                  /etc/make.conf.
    • Compile

      cd /usr/src
      make buildworld
  • Recompile kernel

    • Create configuration

      cd /usr/src/sys/`uname -m`/conf
      cp GENERIC MYKERNEL
      vi MYKERNEL
    • Save configuration

      cp /usr/src/sys/`uname -m`/conf/MYKERNEL /root
    • Compile

      cd /usr/src

      You can specify kernel(s) to compile with KERNCONF=:

      make buildkernel KERNCONF="MYKERNEL GENERIC"

      alternatively put KERNCONF into /etc/make.conf and use plain make buildkernel:

      echo 'KERNCONF="MYKERNEL GENERIC"' >>/etc/make.conf
      make buildkernel
  • Install kernel

    make KODIR=/boot/GENERIC KERNCONF="GENERIC" installkernel
    make KODIR=/boot/kernel.new KERNCONF="MYKERNEL" installkernel
  • Reboot with new kernel

    nextboot -k kernel.new
    reboot
  • Make new kernel standard

    rm -rf /boot/kernel.old
    mv /boot/kernel /boot/kernel.old
    mv /boot/kernel.new /boot/kernel
  • Install userland

    cd /usr/src
    make installworld
    • Cleanup (delete) old files

      make delete-old
    • Configuration

      mergemaster -iC
      man mergemaster
      -i          Automatically install any files that do not exist in the des-
                  tination directory.
      -C          After a standard mergemaster run, compares your
                  rc.conf[.local] options to the defaults.
    • Cleanup (delete) old libraries

      make delete-old-libs
    • Update jails

      ezjail-admin update -i
  • Set options

    sed -i '' -e 's/#kern.securelevel=/kern.securelevel/g' /etc/rc.conf
    sed -i '' -e 's/ezjail_enable="NO"/ezjail_enable="YES"/g' /etc/rc.conf
  • Reboot

    reboot
  • Cleanup

    cd /usr/src; make clean
    cd /usr/ports; make clean
    
    unset NUMCPU; @ NUMCPU = `sysctl -n kern.smp.cpus` + 1
This entry was posted in System Administration and tagged , . Bookmark the permalink.