FreeBSD System Setup

Introduction

This page explains how to setup a FreeBSD system capable of acting as a DrawMGT server. FreeBSD differs from Linux systems in that the basic installation includes very few users tools or applications by default. This means that you need to install all application support tools that DrawMGT requires, like Apache, MySQL and PHP.

This page describes the setup of the version 9.0. The procedure can be slightly different for other versions.

FreeBSD is well documented. See the FreeBSD Handbook

Installing FreeBSD applications, called ports is simple and is explained here.

The basic steps to prepare a FreeBSD server are:

  1. Install the base operating system
  2. Setup disk mirroring
  3. Install support software
  4. Install other support tools
  5. Install and test DrawMGT

These steps are described below.

Tips and Tricks

FreeBSD User Ports

If there is network problems accessing the pre-configured master databases, try an http server accessable from the internet browser, e.g.

Base Operating System Installation

To be completed

Post Installation Tasks

  1. NTP Setup
    • Configure NTP servers, enable and start NTP daemon
      vi /etc/ntp.conf
      # zg-3.softxs.ch:/etc/ntp.conf
      server 0.ch.pool.ntp.org
      server 1.ch.pool.ntp.org
      server 2.ch.pool.ntp.org
      server 3.ch.pool.ntp.org
      :x
      
      vi /etc/rc.conf
      # Add:
      ntpd_enable="YES"
      :x
      
      /etc/rc.d/ntpd start
    • Check NTP is running and has connected to servers:
      ntpq -p
    • Configure user ports
      To be completed
    • Install manpages
    • To be completed
  2. Install vim
    • cd /usr/ports/editors/vim
      make install # Note: it installs python26 also
  3. Install bash
    • cd /usr/ports/shells/bash
      make install
  4. Install lsof
    • cd /usr/ports/sysutils/lsof
      make install

Disk Mirroring Configuration

Software Package Management

Encrypted Filesystem Configuration

To be completed

Firewall Settings

Main Applications to Install

Recommended installation sequence is as listed here.

  1. MySQL Server/Client
    • cd /usr/ports/databases/mysql55-server
      make install # Note: it installs mysql55-client also
  2. Apache
    • cd /usr/ports/www/apache22
      make install # Use default options plus MYSQL
  3. PHP5, PEAR and PECL_HTTP (use defaults if not otherwise noted)
    • cd /usr/ports/lang/php5
      make install # Use default options plus APACHE
      cd /usr/ports/lang/php5-extensions
      make install # Use default options plus MBSTRING, MYSQL
      cd /usr/ports/devel/pear
      make install
      cd /usr/ports/databases/pear-DB
      make install
      cd /usr/ports/sysutils/pear-Log
      make install # Select options PEAR_DB, PEAR_Mail, PEAR_NET_SMTP
      cd /usr/ports/net/pear-XML_RPC
      make install
      cd /usr/ports/mail/pear-Mail_Mime
      make install
      cd /usr/ports/www/pecl-http
      make install
  4. Perl packages
    • cd /usr/ports/devel/p5-Config-General
      make install

MySQL Configuration

the first time you start the MySQL server after an upgrade from an earlier version, i.e. if the database files were copied from an earlier version.

PHP Configuration

Apache Configuration

Basic Configuration

Apache PHP module configuration

Virtual Host Configuration

Additional Tools Required for DrawMGT

PERL modules, wget, zip

htmldoc

pdflatex

WebDAV Configuration

See here.

DocBook Configuration

See here.

Secure (chroot-ed) access setting for external users

SSH login to allow SSH port forwarding

Create a minimal chroot environment for user who logs in the system with ssh. Only the shell will be enabled. Perform the whole procedure as root.

Allow SCP and SFTP only

Create a minimal chroot environment for user who should have the rights only to use scp and sftp limited to his home directory. A good and free SFTP and FTP client for Windows is WinSCP. Perform the whole procedure below as root.

Setting logrotate

Monitoring the Server

  1. File system space
  2. Backups
  3. Mirroring ok
    • By hand
      gmirror status -s
      mirror/gm0  COMPLETE  ad0
      mirror/gm0  COMPLETE  ad2
    • Via cron
      # lofn.softxs.ch:crontab
      # $Id$
      #
      # -- Gmirror monitoring
      #
      57 02 * * * /root/bin/mailcron -x -u"alan@softxs.ch" -s"lofn: Gmirror monitoring" /root/bin/checkGmirror.pl -v
      #
      # -- end --
    • Script: /root/bin/checkGmirror.pl
      #
      # Check that gmirror disks are present and OK.
      # By default expects that two disks are present.
      #
      # Usage: checkGmirror.pl [-v]
      #
      # Typical output of 'gmirror status -s'
      #
      #   mirror/gm0  COMPLETE  ad0
      #   mirror/gm0  COMPLETE  ad2
      #
      #   $component  $status   $device
      #
      
      use strict;
      
      my $V = ( $ARGV[ 0 ] eq '-v' ) ? 1 : 0;
      
      my $RC = 0;
      
      my $EXPECTED_DEVICE_COUNT = 2;
      
      my $CMD="/sbin/gmirror status -s";
      
      open( CMD, "$CMD|" ) or die( "$0: Unable to run command: \'$CMD\'\n" );
      
      my %components;
      my $line;
      while( defined( $line = <CMD> ) ) {
        chomp ( $line );
        my( $component, $status, $device ) = split( /\s+/, $line );
        $components{ $device } = $status;
        $RC = 1 if ( $status eq 'DEGRADED' );
      }
      close( CMD );
      
      if ( scalar( keys( %components ) ) != $EXPECTED_DEVICE_COUNT ) {
        $RC = 1;
        $V = 1;
      }
      
      if ( $RC || $V ) {
        if ( $RC ) {
          print( "$0: ERROR: gmirror: status: BAD\n" );
        } else {
          print( "$0: gmirror: status OK\n" );
        }
        foreach my $device ( keys( %components ) ) {
          my $status = $components{ $device };
          print( "  device: $device, status: $status\n" );
        }
      }
      
      exit $RC;
      
      # -- end --

FreeBsdSystem90Setup (last edited 2013-07-08 09:08:13 by gprs4f7a50b0)

Copyright 2008-2014, SoftXS GmbH, Switzerland