• FreeBsdSystemSetup

FreeBSD System Setup

Introduction

This page explains how to setup a FreeBSD system capable of acting as a DrawMGT server. FreeBSD differers from Linux systems in that the basic installation includes very few users tools or applications by default. This means that you need to install all application support tools that DrawMGT requires, like Apache, MySQL and PHP.

FreeBSD is well documented. See the FreeBSD Handbook

Installing FreeBSD applications, called ports is simple and is explained here.

The basic steps to prepare a FreeBSD server are:

1. Install the base operating system
2. Setup disk mirroring
3. Install support software
4. Install other support tools
5. Install and test DrawMGT

These steps are described below.

Base Operating System Installation

1. Donwload an ISO image of the latest production production release:

   • http://www.freebsd.org/where.html

   • Typically you want the ISO disk-1. E.g. for release 7.2 its:
     • 7.2-RELEASE-i386-disk1.iso
   • Alternatively download:
     • 7.2-RELEASE-i386-dvd1.iso.gz
   • Note that other the CDs are not required
2. Put the CD (or DVD) in the system and boot

3. Select Standard installation in sysinstall

4. Disk partitions - Setup the following partitions (assuming disk > 300 GB):

   • Partition	Size	Description/Contents
     /	1 GB	root partition
     swap	2-4 GB	swap parition
     /var	10 GB	MySQL DBs and logs
     /tmp	10 GB	Make big enough to store a DVD ISO
     /usr	20 GB	Applications and ports
     /e/vol001	all remaining free space	Web trees and backups

   • Note: Later you will make a symbolic link from /home --> /e/vol001/home

5. Select Minimal distribution

6. Network configuration - You will need the following informaion:
   • Hostname and domain for the machine
   • IP address for the machine
   • IP address of gateway
   • IP address of primary and secondary DNS servers

Post Installation Tasks

1. NTP Setup

   • Get full domain names of at least two NTP servers (called ntp1.domain and ntp2.domain below)

   • Set system time with ntpdate:

     ntpdate -u ntp1.domain

   • Configure NTP servers, enable and start NTP daemon

     vi /etc/ntp.conf
     server ntp1.domain
     server ntp2.domain
     :x
     
     vi /etc/rc.conf
     # Add:
     xntpd_enable="YES"
     :x
     
     /etc/rc.d/ntp start

   • Check NTP is running and has connected to servers:

     ntpq -p 

2. Install and run CVSUP.
   • CVSUP updates the ports collections and ensures that you install the latest applications and package versions. Basically
     • it updates all the make files in the directory tree /usr/ports (or other directory trees depending on the configuration).
   • Install cvsup (this can take 10-20 minutes)

     cd /usr/ports/net/cvsup-without-gui
     make install

   • Configure a ports supfile

     cd /root
     mkdir cvsup
     cd cvsup
     
     vi ports-supfile
     # Add the following
     *default host=cvsup.ch.FreeBSD.org
     *default base=/var/db
     *default prefix=/usr
     *default release=cvs tag=.
     *default delete use-rel-suffix
     
     *default compress
     
     #src-all
     #doc-all
     ports-all
     :x

   • Create script to run the runs the ports file: Pot the following code
     • into the file /root/cvsup/run-cvsup.sh, then set execute permissions on the file.

     #
     # cvsup options:
     #
     #  -g         Disables GUI
     #  -L 2       Log verbosity=2
     #
     
     PROD=$0
     TS=`/bin/date +'%Y%m%d-%H%M'`
     
     CVSUP=/usr/local/bin/cvsup
     
     CVSUP_OPTS='-g -L 2'
     CVSUP_SUPFILE='ports-supfile'
     LOG_FILE=${CVSUP_SUPFILE}-${TS}.log
     
     if [ ! -f ${CVSUP_SUPFILE} ]
     then
       echo "${PROD}: No such file: ${CVSUP_SUPFILE}"
       exit 1
     fi
     
     echo "${PROD}: Log file: ${LOG_FILE}"
     echo "${PROD}: SUP file: ${CVSUP_SUPFILE}"
     echo "${PROD}: Start: `date`"
     
     ${CVSUP} ${CVSUP_OPTS} ${CVSUP_SUPFILE} > ${LOG_FILE}
     
     echo "${PROD}: Done:  `date`"
     

   • Run cvsup: This could take 10-15 minutes (depending on the network connection)

     chmod +x run-cvsup.sh
     ./run-cvsup.sh ports-supfile

Disk Mirroring Configuration

See: FreeBSD Handbook Chapter 19 GEOM: Modular Disk Transformation Framework

1. Boot in single user mode.
2. Mount all file systems in read/write mode:

   • mount -u /
     mount -a -t ufs

3. Start entering gnome command:

   • sysctl kern.geom.debugflags=16
     
     gmirror label -v -b round-robin gm0 /dev/ad0
     Metadata value stored on /dev/ad0
     Done.
     
     echo 'geom_mirror_load="YES"' > /boot/loader.conf

4. Update /etc/fstab

   • cp /etc/fstab /etc/fstab.orig
     vi /etc/fstab
     # Change each ad to a gm, and insert a mirror after /dev. For example:
     #  /dev/ad0s1a --> /dev/mirror/gm0s1a.
     :x

5. Reboot, and look for messages like the following:

   • ad0: 238475MB <HDT722525DLAT80 V44OA40A> at ata0-master UDMA133
     acd0: DVDR <NEC DVD RW ND-3540A/1.01> at ata0-slave UDMA33
     ad2: 238475MB <HDT722525DLAT80 V44OA40A> at ata1-master UDMA133
     GEOM_MIRROR: Device gm0 created (id=577175128).
     GEOM_MIRROR: Device gm0: provider ad0 detected.
     GEOM_MIRROR: Device gm0: provider ad0 activated.
     GEOM_MIRROR: Device gm0: provider mirror/gm0 launched.
     Trying to mount root from ufs:/dev/mirror/gm0s1a

6. Add the second disk to the mirror

   • gmirror insert gm0 /dev/ad2

7. Check in /var/log/messages

   • Dec 29 13:46:11 thor kernel: GEOM_MIRROR: Device gm0: provider ad2 detected.
     Dec 29 13:46:11 thor kernel: GEOM_MIRROR: Device gm0: rebuilding provider ad2.
     ..

8. Check status on command line

   • gmirror status
           Name    Status  Components
     mirror/gm0  COMPLETE  ad0
                           ad2

   • Should show two components.

Software Package Management

Encrypted Filesystem Configuration

1. To be completed

Main Applications to Install

1. PHP5
2. MySQL Server/Client
3. Apache

Apache Configuration

Basic Configuration

Virtual Host Configuration

Additional Tools Required for DrawMGT

Monitoring the Server

1. File system space
2. Backups
3. Mirroring ok
   • By hand

     gmirror status -s
     mirror/gm0  COMPLETE  ad0
     mirror/gm0  COMPLETE  ad2

   • Via cron

     # lofn.softxs.ch:crontab
     # $Id$
     #
     # -- Gmirror monitoring
     #
     57 02 * * * /root/bin/mailcron -x -u"alan@softxs.ch" -s"lofn: Gmirror monitoring" /root/bin/checkGmirror.pl -v
     #
     # -- end --

   • Script: /root/bin/checkGmirror.pl

     #
     # Check that gmirror disks are present and OK.
     # By default expects that two disks are present.
     #
     # Usage: checkGmirror.pl [-v]
     # 
     # Typical output of 'gmirror status -s'
     #
     #   mirror/gm0  COMPLETE  ad0
     #   mirror/gm0  COMPLETE  ad2
     #
     #   $component  $status   $device
     #
     
     use strict;
     
     my $V = ( $ARGV[ 0 ] eq '-v' ) ? 1 : 0;
     
     my $RC = 0;
     
     my $EXPECTED_DEVICE_COUNT = 2;
     
     my $CMD="/sbin/gmirror status -s";
     
     open( CMD, "$CMD|" ) or die( "$0: Unable to run command: \'$CMD\'\n" );
     
     my %components;
     my $line;
     while( defined( $line = <CMD> ) ) {
       chomp ( $line );
       my( $component, $status, $device ) = split( /\s+/, $line );
       $components{ $device } = $status;
       $RC = 1 if ( $status eq 'DEGRADED' );
     }
     close( CMD );
     
     if ( scalar( keys( %components ) ) != $EXPECTED_DEVICE_COUNT ) {
       $RC = 1;
       $V = 1;
     }
     
     if ( $RC || $V ) {
       if ( $RC ) {
         print( "$0: ERROR: gmirror: status: BAD\n" );
       } else {
         print( "$0: gmirror: status OK\n" );
       }
       foreach my $device ( keys( %components ) ) {
         my $status = $components{ $device };
         print( "  device: $device, status: $status\n" );
       }
     }
     
     exit $RC;
     
     # -- end --