FreeBSD System Setup
Contents
- FreeBSD System Setup
- Introduction
- Base Operating System Installation
- Post Installation Tasks
- Disk Mirroring Configuration
- Software Package Management
- Encrypted Filesystem Configuration
- Firewall Settings
- Main Applications to Install
- MySQL Configuration
- PHP Configuration
- Apache Configuration
- Additional Tools Required for DrawMGT
- WebDAV Configuration
- Secure (chroot-ed) access setting for external users
- Setting logrotate
- Monitoring the Server
Introduction
This page explains how to setup a FreeBSD system capable of acting as a DrawMGT server. FreeBSD differs from Linux systems in that the basic installation includes very few users tools or applications by default. This means that you need to install all application support tools that DrawMGT requires, like Apache, MySQL and PHP.
This page describes the setup of the version 7.2. The procedure can be slightly different for other versions.
FreeBSD is well documented. See the FreeBSD Handbook
Installing FreeBSD applications, called ports is simple and is explained here.
The basic steps to prepare a FreeBSD server are:
- Install the base operating system
- Setup disk mirroring
- Install support software
- Install other support tools
- Install and test DrawMGT
These steps are described below.
Tips and Tricks
FreeBSD User Ports
If there is network problems accessing the pre-configured master databases, try an http server accessable from the internet browser, e.g.
cd /usr/ports/devel/git make MASTER_SITE_OVERRIDE=http://ftp7.freebsd.org/sites/ftp.freebsd.org/pub/FreeBSD/distfiles/ install
Base Operating System Installation
- Donwload an ISO image of the latest production production release:
- Typically you want the ISO disk-1. E.g. for release 7.2 its:
- 7.2-RELEASE-i386-disk1.iso
- Alternatively download:
- 7.2-RELEASE-i386-dvd1.iso.gz
- Note that other the CDs are not required
- Put the CD (or DVD) in the system and boot
Select Standard installation in sysinstall
Disk partitions - Setup one fdisk partition with the following FreeBSD partitions (assuming disk > 300 GB):
Partition
Size
Description/Contents
/
1 GB
root partition
swap
2-4 GB
swap parition
/var
10 GB
MySQL DBs and logs
/tmp
10 GB
Make big enough to store a DVD ISO
/usr
20 GB
Applications and ports
/e/vol001
200 GB
Web trees
/e/vol002
all remaining free space
Backups (perhaps encrypted)
Note: You should tune up the new large (>100GB) filesystems by hand in order to set the default freespace (normally 8%) to a smaller value (typically 1%). It can be done anytime on unounted filesystems. For example:
tunefs -m 1 /dev/ad0s1g
Note: Later you will make a symbolic link from /home --> /e/vol001/home
Select Everything (all development tools and sources) Minimal distribution
- Network configuration - You will need the following informaion:
- Hostname and domain for the machine
- IP address for the machine
- IP address of gateway
- IP address of primary and secondary DNS servers
Post Installation Tasks
- NTP Setup
Install openntpd port: Note: This port is probably not required. ntpd is included in a Everything distribution.
cd /usr/ports/net/openntpd make make install
Get full domain names of at least two NTP servers (called ntp1.domain and ntp2.domain below)
- Set system time with ntpdate:
ntpdate -u ntp1.domain
- Configure NTP servers, enable and start NTP daemon
vi /etc/ntp.conf server ntp1.domain server ntp2.domain :x vi /etc/rc.conf # Add: ntpd_enable="YES" :x /etc/rc.d/ntpd start
- Check NTP is running and has connected to servers:
ntpq -p
- Install and run CVSUP.
- CVSUP updates the ports collections and ensures that you install the latest applications and package versions. Basically
- it updates all the make files in the directory tree /usr/ports (or other directory trees depending on the configuration).
- Install cvsup (this can take 10-20 minutes)
cd /usr/ports/net/cvsup-without-gui make install
Configure a ports supfile
cd /root mkdir cvsup cd cvsup vi ports-supfile # Add the following *default host=cvsup.ch.FreeBSD.org *default base=/var/db *default prefix=/usr *default release=cvs tag=. *default delete use-rel-suffix *default compress #src-all #doc-all ports-all :x
- Create script to run the runs the ports file: Put the following code
- into the file /root/cvsup/run-cvsup.sh, then set execute permissions on the file.
# # cvsup options: # # -g Disables GUI # -L 2 Log verbosity=2 # PROD=$0 TS=`/bin/date +'%Y%m%d-%H%M'` CVSUP=/usr/local/bin/cvsup CVSUP_OPTS='-g -L 2' CVSUP_SUPFILE='ports-supfile' LOG_FILE=${CVSUP_SUPFILE}-${TS}.log if [ ! -f ${CVSUP_SUPFILE} ] then echo "${PROD}: No such file: ${CVSUP_SUPFILE}" exit 1 fi echo "${PROD}: Log file: ${LOG_FILE}" echo "${PROD}: SUP file: ${CVSUP_SUPFILE}" echo "${PROD}: Start: `date`" ${CVSUP} ${CVSUP_OPTS} ${CVSUP_SUPFILE} > ${LOG_FILE} echo "${PROD}: Done: `date`"
- Run cvsup: This could take 10-15 minutes (depending on the network connection)
chmod +x run-cvsup.sh ./run-cvsup.sh ports-supfile
- CVSUP updates the ports collections and ensures that you install the latest applications and package versions. Basically
- Install manpages
mount /cdrom cd /cdrom/7.2-RELEASE/manpages/ ./install.sh
- Install vim
cd /usr/ports/editors/vim make install # Note: it installs python26 also
- Install bash
cd /usr/ports/shells/bash make install
Disk Mirroring Configuration
See: FreeBSD Handbook Chapter 19 GEOM: Modular Disk Transformation Framework Note that the device files /dev/ad1 and /dev/ad2 can be different depending on the hardvare, e.g. /dev/ad4 and /dev/ad5 on the bp.softxs.ch server.
- Boot in single user mode.
- Mount all file systems in read/write mode:
mount -u / mount -a -t ufs
- Start entering gnome command:
sysctl kern.geom.debugflags=16 gmirror label -v -b round-robin gm0 /dev/ad0 Metadata value stored on /dev/ad0 Done. echo 'geom_mirror_load="YES"' > /boot/loader.conf
- Update /etc/fstab
cp /etc/fstab /etc/fstab.orig vi /etc/fstab # Change each adN to gm0, and insert a mirror after /dev. For example: # /dev/ad0s1a --> /dev/mirror/gm0s1a. :x
- Reboot, and look for messages like the following:
ad0: 238475MB <HDT722525DLAT80 V44OA40A> at ata0-master UDMA133 acd0: DVDR <NEC DVD RW ND-3540A/1.01> at ata0-slave UDMA33 ad2: 238475MB <HDT722525DLAT80 V44OA40A> at ata1-master UDMA133 GEOM_MIRROR: Device gm0 created (id=577175128). GEOM_MIRROR: Device gm0: provider ad0 detected. GEOM_MIRROR: Device gm0: provider ad0 activated. GEOM_MIRROR: Device gm0: provider mirror/gm0 launched. Trying to mount root from ufs:/dev/mirror/gm0s1a
- Add the second disk to the mirror
gmirror insert gm0 /dev/ad2
- Check in /var/log/messages
Dec 29 13:46:11 thor kernel: GEOM_MIRROR: Device gm0: provider ad2 detected. Dec 29 13:46:11 thor kernel: GEOM_MIRROR: Device gm0: rebuilding provider ad2. ..
- Check status on command line
gmirror status Name Status Components mirror/gm0 COMPLETE ad0 ad2
- Should show two components.
Software Package Management
Encrypted Filesystem Configuration
The configuration can be performed exactly as decribed in FreeBSD Handbook in chapter 'Disk Encryption with gbde'. The only difference is, that no kernel compilation and manual module loading is necessary, because gbde is part of the default kernel on FreeBSD 7.x. Because the mounting of an encrypted filesystem can be done manually only, the best way to create a shell script under root's home directory in directory bin:
mount_crypt.sh
The script contains the following lines:#!/bin/sh #kldload geom_bde && gbde attach /dev/mirror/gm0s1h -l /etc/gbde/gm0s1h.lock && fsck -p -t ffs /dev/mirror/gm0s1h.bde && mount /dev/mirror/gm0s1h.bde /e/vol002 && echo "Encrypted filesystem /dev/mirror/gm0s1h.bde successfully mounted to /e/vol002."
Firewall Settings
IPFILTER is used as firewall. It is exactly set as described in FreeBSD Handbook - Chapter 30.5 The IPFILTER (IPF) Firewall. Short summary of required steps: To activate IPF at boot time, the following statements need to be added to /etc/rc.conf:
# IPFILTER TN 2010-02-23 ipfilter_enable="YES" # Start ipf firewall ipfilter_rules="/etc/ipf.rules" # loads rules definition text file ipmon_enable="YES" # Start IP monitor log ipmon_flags="-Ds" # D = start as daemon # s = log to syslog # v = log tcp window, ack, seq # n = map IP & port to names
Rulesets must be defined in /etc/rc.conf. An example ruleset (ipf.rules.orig) of a very secure inclusive type of firewall can be found in FreeBSD Handbook - 30.5.13 Inclusive Ruleset Example. Only some modifications (ipf.rules) was made for the server bp.softxs.hu, additionaly the intarface name change (dc0->ale0):
[ntibor@centos1 schema]$ diff /tmp/ipf.rules /tmp/ipf.rules.orig.ale0 # Outgoing DNS enabled --------------------------------------------------------------- 26,29c26,27 < pass out quick on ale0 proto tcp from any to 94.247.88.2 port = 53 flags S keep state < pass out quick on ale0 proto udp from any to 94.247.88.2 port = 53 keep state < pass out quick on ale0 proto tcp from any to 195.228.155.98 port = 53 flags S keep state < pass out quick on ale0 proto udp from any to 195.228.155.98 port = 53 keep state --- > pass out quick on ale0 proto tcp from any to xxx port = 53 flags S keep state > pass out quick on ale0 proto udp from any to xxx port = 53 keep state # Outgoing DHCP enabled ------------------------------------------------------------- 36c34 < #pass out log quick on ale0 proto udp from any to any port = 67 keep state --- > pass out log quick on ale0 proto udp from any to any port = 67 keep state # Outgoing NTP enabled ------------------------------------------------------------- 52,53d49 < # Allow out ntp < pass out quick on ale0 proto tcp from any to any port = 123 flags S keep state # Outgoing FTP disabled ------------------------------------------------------------ 63c59 < #pass out quick on ale0 proto tcp from any to any port = 21 flags S keep state --- > pass out quick on ale0 proto tcp from any to any port = 21 flags S keep state # Outgoing Telnet disabled -------------------------------------------------------- 71c66 < #pass out quick on ale0 proto tcp from any to any port = 23 flags S keep state --- > pass out quick on ale0 proto tcp from any to any port = 23 flags S keep state # Incoming DHCP disabled ---------------------------------------------------------- 145c140 < #pass in quick on ale0 proto udp from 94.247.88.1 to any port = 68 keep state --- > pass in quick on ale0 proto udp from z.z.z.z to any port = 68 keep state # Incoming HTTP disabled (only HTTPS used) and incoming HTTPS enabled------------- 148,151c143 < # pass in quick on ale0 proto tcp from any to any port = 80 flags S keep state < < # Allow in secure www function https over TLS SSL < pass in quick on ale0 proto tcp from any to any port = 443 flags S keep state --- > pass in quick on ale0 proto tcp from any to any port = 80 flags S keep state
Main Applications to Install
Recommended installation sequence is as listed here.
- MySQL Server/Client
cd /usr/ports/databases/mysql54-server make install # Note: it installs mysql54-client also /usr/local/bin/mysql_install_db
- Apache
cd /usr/ports/www/apache22 make install # Use default options plus MYSQL
- PHP5, PEAR and PECL_HTTP (use defaults is not otherwise noted)
cd /usr/ports/lang/php5 make install # Use default options plus APACHE2 cd /usr/ports/lang/php5-extensions make install # Use default options plus MBSTRING, MYSQL, BUNDLED_PCRE, UTF8 cd /usr/ports/devel/pear make install cd /usr/ports/databases/pear-DB make install cd /usr/ports/sysutils/pear-Log make install # Select options PEAR_DB, PEAR_Mail, PEAR_NET_SMTP cd /usr/ports/net/pear-XML_RPC make install cd /usr/ports/mail/pear-Mail_Mime make install cd /usr/ports/www/pecl-http make install
- Perl packages
cd /usr/ports/devel/p5-Config-General make install
- mb-string
- If on any reason PHP4 is used then the multibyte string packege is needed
cd /usr/ports/converters/php4-mbstring make install
- If on any reason PHP4 is used then the multibyte string packege is needed
MySQL Configuration
- FreeBSD does not automatically include a default my.cnf for MySQL. Instead, a set of sample configuration files can be found under /usr/local/share/mysql. These configuration files include my-small.cnf, my-medium.cnf, my-large.cnf, my-innodb-heavy-4G, and my-huge.cnf. The appropriate file can be copied and used as a template configuration:
cp /usr/local/share/mysq/mysql-large.cnf /usr/local/etc/my.cnf /usr/local/etc/rc.d/mysql-server restart
Setting binary log expiration, default database character set and collation in [mysqld] section of my.cnf.
vi /usr/local/etc/my.cnf [mysqld] ... expire_logs_days=14 -- hold binary log for 2 weeks (more than enough) ... character_set_server=utf8 collation_server=utf8_general_ci -- for western languages or utf8_hungarian_ci
Use the following command in mysql to check actual and available settings
mysql .... SHOW CHARACTER SET; -- list available character sets SHOW COLLATION LIKE 'utf8%'; -- list available UTF-8 collations -- show current database settings show variables like "character_set_%"; -- show current settings show variables like "collation_%"; -- List all databases with locale information (mysql 5.x) select SCHEMA_NAME, DEFAULT_CHARACTER_SET_NAME, DEFAULT_COLLATION_NAME from information_schema.SCHEMATA;
Use the following command in mysql to create database not as default settings
create database db character set utf8 collate utf8_hungarian_ci;
- Notes
- Use the following command to set the correct character set in mysql:
set names utf8;
- mysql allows you enter national characters if the LANG variable is correctly set
export LANG=en_US.UTF-8
- Note that character conversion will be made automatically if you copy data between databases of different characters sets
- Check if mysql timezone table is filled up:
mysl> select * from mysql.time_zone_name
- If the select above gives no records, fill up the timezone table:
$ mysql_tzinfo_to_sql /usr/share/zoneinfo | mysql -uroot -psqladmin mysql
PHP Configuration
Change php.ini, take the recommended production version and change it
cd /usr/local/etc cp php.ini-recommended php.ini vi php.ini diff php.ini-recommended php.ini 213c213 < allow_call_time_pass_reference = Off --- > allow_call_time_pass_reference = On 313c313 < max_execution_time = 30 ; Maximum execution time of each script, in seconds --- > max_execution_time = 240 ; Maximum execution time of each script, in seconds 316c316 < memory_limit = 128M ; Maximum amount of memory a script may consume (128MB) --- > memory_limit = 512M ; Maximum amount of memory a script may consume (256MB) 382c382 < display_errors = Off --- > display_errors = On 443c443 < ;error_log = filename --- > error_log = /var/log/php_errors.log 499c499 < post_max_size = 8M --- > post_max_size = 128M 534c534 < ;include_path = ".:/php/includes" --- > include_path = ".:/php/includes:/usr/local/share/pear" 612c612 < upload_max_filesize = 2M --- > upload_max_filesize = 128M 725c725 < ;date.timezone = --- > date.timezone = "Europe/Zurich" 986c986 < ;browscap = extra/browscap.ini --- > browscap = /usr/local/etc/browscap.ini 1055c1055 < ;session.save_path = "/tmp" --- > ;session.save_path = "/var/lib/php/session" 1148c1148 < session.use_trans_sid = 0 --- > session.use_trans_sid = 1
Install a browscap.ini file. Download php_browscap.ini from http://browsers.garykeith.com/downloads.asp,
- change the name to browscap.ini, and save it in the /usr/local/etc.
- Setup session directory
mkdir -p /var/lib/php/session chmod 770 /var/lib/php/session chgrp www /var/lib/php/session
The session timeout (timeout for automatic logout) is set also in php.ini. See Setting Session Timeout.
Apache Configuration
Basic Configuration
- Enable and start HTTP daemon
vi /etc/rc.conf # Add: apache22_enable="YES" :x
Apache PHP module configuration
- Edit apache configuration file:
vi /usr/local/etc/apache22/httpd.conf
Comment out setting AddDefaultCharset to allow the META tags in HTML content to control the character set
#AddDefaultCharset UTF-8
You have to add index.php after index.html to the DirectoryIndex directive, so it should look like this:
# DirectoryIndex: sets the file that Apache will serve if a directory # is requested. # <IfModule dir_module> DirectoryIndex index.html index.php </IfModule>
- Add the following lines at the end and save changes:
AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps
- Start apache
/usr/local/etc/rc.d/apache22 start
- Check apache php modul
- Create phpinfo
cd /usr/local/www/apache22/data cat > phpinfo.php <?php phpinfo( ); ?> ^D # CTRL-D = EOF
- Run phpinfo in the browser (use appropriate address instead of 192.168.1.100):
http://192.168.1.100/phpinfo.php
- You should see a detailed table about PHP and apache settings.
- Check apache, php and mysql
Create test-db.php (native mysql connection) in /usr/local/www/apache22/data
- Run test-db.php from the browser, you should get the message "connected"
http://192.168.1.100/test-db.php
Create user.php (PEAR DB connection) in /usr/local/www/apache22/data
- Run user.php from the browser
http://192.168.1.100/user.php
- You should get a similar table:
Host
User
Password
localhost
root
*E2DB48CF596333DCD736D6DDFDA77AFB1068A7DF
- Check apache logfile for any error:
view /var/log/httpd-error.log
Virtual Host Configuration
Additional Tools Required for DrawMGT
PERL modules, wget, zip
cd /usr/ports/www/p5-HTML-Parser make install cd /usr/ports/ftp/wget make install cd /usr/ports/archivers/zip make install
htmldoc
Unfortunately the htmldoc version which supports UTF-8 is not available in FreeBSD port. Wee need 1.9.x or higher. It must be installed manually as root:
# remove htmldoc if it is installed from port pkg_info | grep htmld pkg_delete htmldoc-1.8.27_5 # download htmldoc source cd /root wget http://ftp.easysw.com/pub/htmldoc/snapshots/htmldoc-1.9.x-r1629.tar.bz2 tar xf htmldoc-1.9.x-r1629.tar.bz2 cd ./htmldoc-1.9.x-r1629 ./configure make make install
pdflatex
We need to install texlive package as root, which is not available (yet) as user port.
cd /tmp wget http://mirror.ctan.org/systems/texlive/tlnet/install-tl-unx.tar.gz tar xf install-tl-unx.tar.gz cd install-tl-20120104 O # options L # create symlinks in standard directories <Enter> 3x R # return to main menu I # start installation to hard disk
Thai language support is not build in the LaTeX babel package, we need to istall it manually if necessary (CAUTION: use gmake instead of make):
wget ftp://linux.thai.net/pub/thailinux/software/thailatex/thailatex-0.4.6.tar.gz tar xf thailatex-0.4.6.tar.gz cd thailatex-0.4.6 ./configure --with-texmfdir=/usr/local/texlive/2011/texmf gmake install cd sripts sh sync-babel sh sync-thailatex cd /usr/ports/print/fontforge make install wget ftp://linux.thai.net/pub/thailinux/software/thaifonts-scalable/thaifonts-scalable-0.4.17.tar.gz tar xf thaifonts-scalable-0.4.17.tar.gz cd thaifonts-scalable-0.4.17 ./configure --enable-latex --with-texmfdir=/usr/local/texlive/2011/texmf gmake install
WebDAV Configuration
See here.
Secure (chroot-ed) access setting for external users
SSH login to allow SSH port forwarding
Create a minimal chroot environment for user who logs in the system with ssh. Only the shell will be enabled. Perform the whole procedure as root.
Create the user (e.g. limited) with own group and sh as shell (as root) and change the ownership of his home directory (needed by chroot).
adduser cd /home/limited chown root:wheel .
- Copy the minimum environment to allow to run /bin/sh with /home/limited as root directory:
ldd /bin/sh # determine shared libraries to be copied libedit.so.6 => /lib/libedit.so.6 (0x28097000) libncurses.so.7 => /lib/libncurses.so.7 (0x280ac000) libc.so.7 => /lib/libc.so.7 (0x280eb000) mkdir lib cp /lib/libedit.so.6 /lib/libncurses.so.7 /lib/libc.so.7 lib # copy the ELF runner mkdir libexec cp /libexec/ld-elf.so.1 libexec
- Change sshd settings to switch in chroot-ed environment for this user ans restart sshd:
vim /etc/ssh/sshd_config # add the following lines Match User limited ChrootDirectory %h Match /etc/rc.d/sshd restart
Allow SCP and SFTP only
Create a minimal chroot environment for user who should have the rights only to use scp and sftp limited to his home directory. A good and free SFTP and FTP client for Windows is WinSCP. Perform the whole procedure below as root.
- Install rssh from the ports system, if it is not installed yet:
cd /usr/ports/shells/rssh make install
Create the user (e.g. limited) with own group and rssh as shell (as root) and change the ownership of his home directory (needed by chroot).
adduser cd /home/limited chown root:wheel .
- Create and edit rssh config file
cp -n /usr/local/etc/rssh.conf.dist /usr/local/etc/rssh.conf # CAUTION only at first time setting vi /usr/local/etc/rssh.conf # uncoment the following lines to enable rcp and sftp allowscp allowsftp # add the following line for each user user=limited:022:00011:/home/limited
Copy the minimum chroot environment to allow to run rssh, sftp with /home/limited as root directory:
cd /home/limited mkdir -p usr/bin usr/libexec usr/local/libexec usr/lib lib libexec bin dev etc cp /usr/bin/scp usr/bin/ cp /usr/libexec/sftp-server usr/libexec/ cp /usr/local/libexec/rssh_chroot_helper usr/local/libexec/ cp /bin/sh bin/ cp /libexec/ld-elf.so.1 libexec ldd /usr/bin/scp /bin/sh # determine shared libraries to be copied /usr/bin/scp: libssh.so.4 => /usr/lib/libssh.so.4 (0x28081000) libcrypt.so.4 => /lib/libcrypt.so.4 (0x280be000) libcrypto.so.5 => /lib/libcrypto.so.5 (0x280d7000) libz.so.4 => /lib/libz.so.4 (0x28230000) libc.so.7 => /lib/libc.so.7 (0x28242000) libgssapi.so.9 => /usr/lib/libgssapi.so.9 (0x28344000) libkrb5.so.9 => /usr/lib/libkrb5.so.9 (0x2834b000) libasn1.so.9 => /usr/lib/libasn1.so.9 (0x28385000) libcom_err.so.4 => /usr/lib/libcom_err.so.4 (0x283ae000) libmd.so.4 => /lib/libmd.so.4 (0x283b0000) libroken.so.9 => /usr/lib/libroken.so.9 (0x283bf000) /bin/sh: libedit.so.6 => /lib/libedit.so.6 (0x28097000) libncurses.so.7 => /lib/libncurses.so.7 (0x280ac000) libc.so.7 => /lib/libc.so.7 (0x280eb000) cp /usr/lib/libssh.so.4 /usr/lib/libgssapi.so.9 /usr/lib/libkrb5.so.9 /usr/lib/libasn1.so.9 /usr/lib/libcom_err.so.4 /usr/lib/libroken.so.9 usr/lib cp /lib/libcrypt.so.4 /lib/libcrypto.so.5 /lib/libz.so.4 /lib/libc.so.7 /lib/libmd.so.4 /lib/libedit.so.6 /lib/libncurses.so.7 lib
Create a devfs filesystem inside the /dev directory in the chroot environment
vi /etc/fstab # add the following line none /home/limited/dev devfs rw 0 0 mount -t devfs devfs /home/limited/dev
Copy both /etc/passwd and /etc/master.passwd to the chroot environment. It is a good idea to edit them and remove all existing accounts except the one(s) for the user(s) that will have access to the chroot. After edited the files, we have to use the pwd_mkdb tool to generate the password database inside the chroot environment:
cp /etc/passwd /etc/master.passwd etc/ pwd_mkdb -d /home/limited/etc /home/limited/etc/master.passwd
Setting logrotate
- Edit /etc/newsyslog.conf and add similar lines:
# # -- HCMC2 # # logfilename [owner:group] mode count size when flags /home/hcmc2/www/html/test/var/hcmc2/zg.softxs.ch-test/log/drawmgt.log www:hcmc2 664 10 50000 * J /home/hcmc2/www/html/test/var/hcmc2/zg.softxs.ch-test/log/event.log hcmc2:hcmc2 664 10 50000 * J /home/hcmc2/www/html/prod/var/hcmc2/zg.softxs.ch-prod/log/drawmgt.log www:hcmc2 664 10 50000 * J /home/hcmc2/www/html/prod/var/hcmc2/zg.softxs.ch-prod/log/event.log hcmc2:hcmc2 664 10 50000 * J
Monitoring the Server
- File system space
- Backups
- Mirroring ok
- By hand
gmirror status -s mirror/gm0 COMPLETE ad0 mirror/gm0 COMPLETE ad2
- Via cron
# lofn.softxs.ch:crontab # $Id$ # # -- Gmirror monitoring # 57 02 * * * /root/bin/mailcron -x -u"alan@softxs.ch" -s"lofn: Gmirror monitoring" /root/bin/checkGmirror.pl -v # # -- end --
- Script: /root/bin/checkGmirror.pl
# # Check that gmirror disks are present and OK. # By default expects that two disks are present. # # Usage: checkGmirror.pl [-v] # # Typical output of 'gmirror status -s' # # mirror/gm0 COMPLETE ad0 # mirror/gm0 COMPLETE ad2 # # $component $status $device # use strict; my $V = ( $ARGV[ 0 ] eq '-v' ) ? 1 : 0; my $RC = 0; my $EXPECTED_DEVICE_COUNT = 2; my $CMD="/sbin/gmirror status -s"; open( CMD, "$CMD|" ) or die( "$0: Unable to run command: \'$CMD\'\n" ); my %components; my $line; while( defined( $line = <CMD> ) ) { chomp ( $line ); my( $component, $status, $device ) = split( /\s+/, $line ); $components{ $device } = $status; $RC = 1 if ( $status eq 'DEGRADED' ); } close( CMD ); if ( scalar( keys( %components ) ) != $EXPECTED_DEVICE_COUNT ) { $RC = 1; $V = 1; } if ( $RC || $V ) { if ( $RC ) { print( "$0: ERROR: gmirror: status: BAD\n" ); } else { print( "$0: gmirror: status OK\n" ); } foreach my $device ( keys( %components ) ) { my $status = $components{ $device }; print( " device: $device, status: $status\n" ); } } exit $RC; # -- end --
- By hand