= FreeBSD System Setup =
== Introduction ==
This page explains how to setup a FreeBSD system capable of acting as a DrawMGT server. FreeBSD differs from Linux systems in that the basic installation includes very few users tools or applications by default. This means that you need to install all application support tools that DrawMGT requires, like Apache, MySQL and PHP.

This page describes the setup of the version 7.2. The procedure can be slightly different for other versions.

FreeBSD is well documented. See the [[http://www.freebsd.org/doc/en/books/handbook|FreeBSD Handbook]]

Installing FreeBSD applications, called ''ports'' is simple and is explained [[http://www.freebsd.org/doc/en/books/handbook/ports.html|here]].

The basic steps to prepare a FreeBSD server are:

 1. Install the base operating system
 1. Setup disk mirroring
 1. Install support software
 1. Install other support tools
 1. Install and test DrawMGT

These steps are described below.

== Base Operating System Installation ==
 1. Donwload an ISO image of the latest production production release:
  * http://www.freebsd.org/where.html
  * Typically you want the ISO disk-1. E.g. for release 7.2 its:
   * 7.2-RELEASE-i386-disk1.iso
  * Alternatively download:
   * 7.2-RELEASE-i386-dvd1.iso.gz
  * Note that other the CDs are not required

 1. Put the CD (or DVD) in the system and boot

 1. Select '''Standard''' installation in ''sysinstall''

 1. Disk partitions - Setup one fdisk partition with the following FreeBSD partitions (assuming disk > 300 GB):
  .
 || Partition || Size || Description/Contents ||
 || / || 1 GB || root partition ||
 || swap || 2-4 GB || swap parition ||
 || /var || 10 GB || MySQL DBs and logs ||
 || /tmp || 10 GB || Make big enough to store a DVD ISO ||
 || /usr || 20 GB || Applications and ports ||
 || /e/vol001 || all remaining free space || Web trees and backups ||



 * Note: Later you will make a symbolic link from /home --> /e/vol001/home

 * Select '''Minimal''' distribution

 * Network configuration - You will need the following informaion:
  * Hostname and domain for the machine
  * IP address for the machine
  * IP address of gateway
  * IP address of primary and secondary DNS servers

== Post Installation Tasks ==

 1. NTP Setup
  * Install openntpd port:
  {{{
cd /usr/ports/net/openntpd
make
make install

}}}

  * Get full domain names of at least two NTP servers (called '''ntp1.domain''' and '''ntp2.domain''' below)
  * Set system time with ntpdate:
  {{{
ntpdate -u ntp1.domain

}}}

  * Configure NTP servers, enable and start NTP daemon
  {{{
vi /etc/ntp.conf
server ntp1.domain
server ntp2.domain
:x

vi /etc/rc.conf
# Add:
ntpd_enable="YES"
:x

/etc/rc.d/ntpd start

}}}

  * Check NTP is running and has connected to servers:
  {{{
ntpq -p

}}}

 1. Install and run CVSUP.
  * CVSUP updates the ports collections and ensures that you install the latest applications and package versions. Basically
   . it updates all the make files in the directory tree /usr/ports (or other directory trees depending on the configuration).

  * Install cvsup (this can take 10-20 minutes)
  {{{
cd /usr/ports/net/cvsup-without-gui
make install

}}}

  * Configure a '''ports supfile'''
  {{{
cd /root
mkdir cvsup
cd cvsup

vi ports-supfile
# Add the following
*default host=cvsup.ch.FreeBSD.org
*default base=/var/db
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix

*default compress

#src-all
#doc-all
ports-all
:x

}}}

  * Create script to run the runs the ports file: Put the following code
   . into the file /root/cvsup/run-cvsup.sh, then set execute permissions on the file.
  {{{
#!/bin/sh
#
# cvsup options:
#
#  -g         Disables GUI
#  -L 2       Log verbosity=2
#

PROD=$0
TS=`/bin/date +'%Y%m%d-%H%M'`

CVSUP=/usr/local/bin/cvsup

CVSUP_OPTS='-g -L 2'
CVSUP_SUPFILE='ports-supfile'
LOG_FILE=${CVSUP_SUPFILE}-${TS}.log

if [ ! -f ${CVSUP_SUPFILE} ]
then
  echo "${PROD}: No such file: ${CVSUP_SUPFILE}"
  exit 1
fi

echo "${PROD}: Log file: ${LOG_FILE}"
echo "${PROD}: SUP file: ${CVSUP_SUPFILE}"
echo "${PROD}: Start: `date`"

${CVSUP} ${CVSUP_OPTS} ${CVSUP_SUPFILE} > ${LOG_FILE}

echo "${PROD}: Done:  `date`"


}}}

  * Run cvsup: This could take 10-15 minutes (depending on the network connection)
  {{{
chmod +x run-cvsup.sh
./run-cvsup.sh ports-supfile

}}}

 1. Install manpages
  . {{{
mount /cdrom
cd /cdrom/7.2-RELEASE/manpages/
./install.sh

}}}

 1. Install vim
  . {{{
cd /usr/ports/editors/vim
make install # Note: it installs python26 also
}}}

 1. Install bash
  . {{{
cd /usr/ports/shells/bash
make install
}}}

== Disk Mirroring Configuration ==
See: FreeBSD Handbook [[http://www.freebsd.org/doc/en/books/handbook/geom.html|Chapter 19 GEOM: Modular Disk Transformation Framework]]

 1. Boot in single user mode.

 1. Mount all file systems in read/write mode:
  . {{{
mount -u /
mount -a -t ufs

}}}

 1. Start entering gnome command:
  . {{{
sysctl kern.geom.debugflags=16

gmirror label -v -b round-robin gm0 /dev/ad0
Metadata value stored on /dev/ad0
Done.

echo 'geom_mirror_load="YES"' > /boot/loader.conf

}}}

 1. Update /etc/fstab
  . {{{
cp /etc/fstab /etc/fstab.orig
vi /etc/fstab
# Change each adN to gm0, and insert a mirror after /dev. For example:
#  /dev/ad0s1a --> /dev/mirror/gm0s1a.
:x

}}}

 1. Reboot, and look for messages like the following:
  . {{{
ad0: 238475MB <HDT722525DLAT80 V44OA40A> at ata0-master UDMA133
acd0: DVDR <NEC DVD RW ND-3540A/1.01> at ata0-slave UDMA33
ad2: 238475MB <HDT722525DLAT80 V44OA40A> at ata1-master UDMA133
GEOM_MIRROR: Device gm0 created (id=577175128).
GEOM_MIRROR: Device gm0: provider ad0 detected.
GEOM_MIRROR: Device gm0: provider ad0 activated.
GEOM_MIRROR: Device gm0: provider mirror/gm0 launched.
Trying to mount root from ufs:/dev/mirror/gm0s1a

}}}

 1. Add the second disk to the mirror
  . {{{
gmirror insert gm0 /dev/ad2

}}}

 1. Check in /var/log/messages
  . {{{
Dec 29 13:46:11 thor kernel: GEOM_MIRROR: Device gm0: provider ad2 detected.
Dec 29 13:46:11 thor kernel: GEOM_MIRROR: Device gm0: rebuilding provider ad2.
..

}}}

 1. Check status on command line
  . {{{
gmirror status
      Name    Status  Components
mirror/gm0  COMPLETE  ad0
                      ad2

}}}

  * Should show two components.

== Software Package Management ==
== Encrypted Filesystem Configuration ==
 1. '''To be completed'''

== Main Applications to Install ==
Recommended installation sequence is as listed here.
 1. MySQL Server/Client
  . {{{
cd /usr/ports/databases/mysql54-server
make install # Note: it installs mysql54-client also
/usr/local/bin/mysql_install_db
}}}
 1. Apache
  . {{{
cd /usr/ports/www/apache22
make install # Use default options plus MYSQL
}}}
 1. PHP5 and PEAR
  . {{{
cd /usr/ports/lang/php5
make install # Use default options plus APACHE2
cd /usr/ports/lang/php5-extensions
make install # Use default options plus MBSTRING, MYSQL, BUNDLED_PCRE, UTF8
cd /usr/ports/devel/pear
make install
cd /usr/ports/databases/pear-DB
make install
cd /usr/ports/sysutils/pear-Log
make install # Select options PEAR_DB, PEAR_Mail, PEAR_NET_SMTP
cd /usr/ports/net/pear-XML_RPC
make install
cd /usr/ports/mail/pear-Mail_Mime
make install
}}}

== PHP Configuration ==
 * Change '''php.ini''', take the recommended production version and change it
 . {{{
cd /usr/local/etc
cp php.ini-recommended php.ini
vi php.ini
diff php.ini-recommended php.ini
213c213
< allow_call_time_pass_reference = Off
---
> allow_call_time_pass_reference = On
313c313
< max_execution_time = 30     ; Maximum execution time of each script, in seconds
---
> max_execution_time = 120     ; Maximum execution time of each script, in seconds
443c443
< ;error_log = filename
---
> error_log = /var/log/php_errors.log
468c468
< variables_order = "GPCS"
---
> variables_order = "EGPCS"
534c534
< ;include_path = ".:/php/includes"
---
> include_path = ".:/php/includes:/usr/local/share/pear"
612c612
< upload_max_filesize = 2M
---
> upload_max_filesize = 16M
767c767
< ;sendmail_path =
---
> sendmail_path = /usr/sbin/sendmail -t -i
1052c1052
< ;session.save_path = "/tmp"
---
> session.save_path = "/var/lib/php/session"
}}}
 * Setup session directory
 . {{{
mkdir -p /var/lib/php/session
chmod 770 /var/lib/php/session
chgrp www /var/lib/php/session
}}}

== Apache Configuration ==

=== Basic Configuration ===
  * Enable and start HTTP daemon
  {{{
vi /etc/rc.conf
# Add:
apache22_enable="YES"
:x
}}}

=== Apache PHP module configuration ===
  * Edit apache configuration file:
  . {{{
vi /usr/local/etc/apache22/httpd.conf
}}}
    * You have to add index.php after index.html to the !DirectoryIndex directive, so it should look like this:
    . {{{
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.php
</IfModule>
}}}

    * Add the following lines at the end and save changes:
    . {{{
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
}}}

  * Start apache
  . {{{
/usr/local/etc/rc.d/apache22 start
}}}

  * Check apache php modul
   * Create phpinfo
   . {{{
cd /usr/local/www/apache22/data
cat > phpinfo.php
<?php phpinfo( ); ?>
^D     # CTRL-D = EOF
}}}
   * Run phpinfo in the browser (use appropriate address instead of 192.168.1.100):
   . {{{
http://192.168.1.100/phpinfo.php
}}}
   . You should see a detailed table about PHP and apache settings.

  * Check apache, php and mysql
   * Create [[test-db.php]] (native mysql connection) in /usr/local/www/apache22/data 
   * Run test-db.php from the browser, you should get the message "connected"
   . {{{
http://192.168.1.100/test-db.php
}}}
   * Create [[user.php]] (PEAR DB connection) in /usr/local/www/apache22/data 
   * Run user.php from the browser
   . {{{
http://192.168.1.100/user.php
}}}
   . You should get a similar table:
   .
   || Host || User || Password ||
   || localhost || root || *E2DB48CF596333DCD736D6DDFDA77AFB1068A7DF ||

  * Check apache logfile for any error:
  . {{{
  view /var/log/httpd-error.log
}}}

=== Virtual Host Configuration ===
== Additional Tools Required for DrawMGT ==
 *. PERL modules, wget, zip, htmldoc
  . {{{
cd /usr/ports/www/p5-HTML-Parser
make install
cd /usr/ports/ftp/wget
make install
cd /usr/ports/archivers/zip
make install
cd /usr/ports/textproc/htmldoc
make install
}}}

== Monitoring the Server ==
 1. File system space
 1. Backups
 1. Mirroring ok
  * By hand
  {{{
gmirror status -s
mirror/gm0  COMPLETE  ad0
mirror/gm0  COMPLETE  ad2

}}}

  * Via cron
  {{{
# lofn.softxs.ch:crontab
# $Id$
#
# -- Gmirror monitoring
#
57 02 * * * /root/bin/mailcron -x -u"alan@softxs.ch" -s"lofn: Gmirror monitoring" /root/bin/checkGmirror.pl -v
#
# -- end --

}}}

  * Script: /root/bin/checkGmirror.pl
  {{{
#!/usr/bin/perl
#
# Check that gmirror disks are present and OK.
# By default expects that two disks are present.
#
# Usage: checkGmirror.pl [-v]
#
# Typical output of 'gmirror status -s'
#
#   mirror/gm0  COMPLETE  ad0
#   mirror/gm0  COMPLETE  ad2
#
#   $component  $status   $device
#

use strict;

my $V = ( $ARGV[ 0 ] eq '-v' ) ? 1 : 0;

my $RC = 0;

my $EXPECTED_DEVICE_COUNT = 2;

my $CMD="/sbin/gmirror status -s";

open( CMD, "$CMD|" ) or die( "$0: Unable to run command: \'$CMD\'\n" );

my %components;
my $line;
while( defined( $line = <CMD> ) ) {
  chomp ( $line );
  my( $component, $status, $device ) = split( /\s+/, $line );
  $components{ $device } = $status;
  $RC = 1 if ( $status eq 'DEGRADED' );
}
close( CMD );

if ( scalar( keys( %components ) ) != $EXPECTED_DEVICE_COUNT ) {
  $RC = 1;
  $V = 1;
}

if ( $RC || $V ) {
  if ( $RC ) {
    print( "$0: ERROR: gmirror: status: BAD\n" );
  } else {
    print( "$0: gmirror: status OK\n" );
  }
  foreach my $device ( keys( %components ) ) {
    my $status = $components{ $device };
    print( "  device: $device, status: $status\n" );
  }
}

exit $RC;

# -- end --

}}}