freebsd notes

Table of Contents

Sys Admin Notes

System Administration

Install FreeBSD Source Code

svn checkout https://svn.FreeBSD.org/base/releng/10.2 /usr/src
  • where the 10.2 is your current release
  • svn.FreeBSD.org will automatically choose a mirror near you

Inspect Boot log

$ cat /var/run/dmesg.boot

Modify default editor from vi to nano

# For C based shell
$ setenv EDITOR </path/to/nano>

# To find path to nano
$ which nano

Check disk space usage by directory

$ sudo du -hd1 /usr

Expand Partition to Entire Drive

When a VPS is upgraded to a larger instance, the expanded drive is not recognized by the OS

  • Tutorial here 

     $ gpart recover vtbd0
 $ gpart resize -i 2 vtbd0  # 2=what is shown on gpart show vtbd0
 $ growfs -y /

 # Verify extra displace exists
 $ df -h

# Update /etc/fstab

  • On reboot, goes to mountroot prompt 

    # do a ? to see list of available disks
$ ufs:/dev/vtbd0s1

Edit Crontab

$ crontab -e

View traffic on network interfaces

$ systat -ifstat 1

Deploy Python App to FreeBSD Jail

  • Update pkg 

    $ pkg update

  • Install Dependencies using pkg 

    $ pkg install python
$ pkg install py27-pip 
$ pkg install sqlite3
$ pkg install py27-sqlite3
$ pkg install git
$ pkg install nano
$ pkg install postgresql94-client # so psycopg2 installs using pip
                                  # Need to specify version ex: 94 
$ pkg install nginx
$ pkg install py27-supervisor

  • Install Virtualenv 

      # install virtualenv
  $ pip install virtualenv

  #END_SRC

- Add SSH public key to Bitbucket or Github

  So you can clone the project


- Clone the project to your server

  Ex: Create a /var/www/ directory and clone into there


- Create a virtual env

  I keep my virtualenv inside my project as venv to keep it selfcontained

  #+BEGIN_SRC sh 
  $ virtualenv --no-site-packages venv
  # Activate virtual env (not the csh special script)
  $ source venv/bin/activate.csh

  • Verify nginx is also running in jail 

    $ service nginx status
Cannot 'status' nginx. Set nginx_enable to YES in /etc/rc.conf or use 'onestatus' instead of 'status'.
    • On a fresh install of nginx, if you get a message like that

      • Add nginxenable="YES" to /etc/defaults/rc.conf 

        nginx_enable="YES"

    • Verify nginx status again 

      service nginx status
nginx is not running.
    • Start nginx
    • by pointing to default nginx page in jail to verify forwarding works

Create Postgres user and database

# swith to pgsql user
$ su pgsql

# Connect to database
$ psql template1

OR
# Connect as root specifying user and database
$ psql -d template1 -u pgsql


# Create user w/ perm to create databases. (man createuser to see options)
$ createuser -sdrP username 

# Createdb 
$ createdb <dbname>

# Connect as user create
$ psql -U <username> -h <hostname> -d <database_name>

Run bootstrap.py

Verify can connect to db and see tables created

Make sure app is connecting to correct database by running it locally

  • activate virtual env
  • Run python app.py
  • should run wihout errors

Point webserver to nginx in app jail

Make sure supervisor is installed (py27-supervisor)

Start supervisord service

service supervisord start

Edit supervisor.conf file in /usr/local/etc/supervisor.conf

[program:uwsgi_myapp]
directory=/usr/local/www/myapp/
command=/usr/local/bin/uwsgi -s /var/run/%(program_name)s%(process_num)d.sock
        --chmod-socket=666 --need-app --disable-logging --home=venv
        --wsgi-file wsgi.py --processes 1 --threads 10
stdout_logfile="syslog"
stderr_logfile="syslog"
startsecs=10
stopsignal=QUIT
stopasgroup=true
killasgroup=true
process_name=%(program_name)s%(process_num)d
numprocs=5

Set nginx and supervisor to start on system start

  • edit /etc/defaults/rc.conf to have (note the defaults b/c its in jail)
supervisord_enable="YES"
nginx_enable="YES"

Edit nginx.conf file to have this include statement in http block

include /usr/local/etc/nginx/conf.d/*.conf;

Create conf.d directory if it doesn't exist

copy nginx.conf file to usr/local/etc/nginx/conf.d

Restart nginx, make sure no errors

Verify URL works in browser

Troubleshooting

Check log files

  • app uwsgi log file specified in ini file first for clues
  • check nginx error log file

IOError: decoder jpeg not available

Use pillow instead of PIL Make sure dependencies for PIL/pillow are installed Remove pillow and reinstall after dependencies installed on OS

  • On Ubuntu, make sure libjpeg8-dev library is installed Uninstall and re-install pillow

  • On FreeBSD 

    $ pkg search jpeg-8
jpeg-8-6
$ pkg install jpeg-8_6
    • Uninstall and reinstall pillow

    • Test you can create a thumbnail using Python REPL 

      # python
Python 2.7.10 (default, Aug  9 2015, 01:20:33)
[GCC 4.2.1 Compatible FreeBSD Clang 3.4.1 (tags/RELEASE_34/dot1-final 208032)] on freebsd10
Type "help", "copyright", "credits" or "license" for more information.
>>> from PIL import Image
>>> im = Image.open('jpeg-file-full-path')
>>> im.thumbnail((128,128), Image.ANTIALIAS)

FreeBSD Jails

Manage Jails using ezjail-admin

# View list of available jails
$ jls

# or 
$ jls -v
# Log into existing jail
$ sudo ezjail-admin console <jailname>

# OR use jexec with number parameter where # parameter == JID 
# from jls output 
$ sudo jexec 2 csh

# OR use execute a command in jail 
$ sudo jexec 1 hostname
# show host name of jail with id=1

Create new Jail

A condensed version of bsdnow

Create an ip address for jail

  • Find an ipaddress to set for jail

    Select the next ip address number 

$ jls
  • Make an alias on your network card with your network settings
$ sudo ifconfig lo10 alias 10.10.10.15 netmask 0xffffff00
  • Add network alias to /etc/rc.conf so it remembers on reboot
  • Your /etc/rc.conf file will look something like this
# Setup Jails
ezjail_enable="YES"
jail_sysvipc_allow="YES"    # For PostgresSQL

gateway_enable="YES"

cloned_interfaces="lo10"
ifconfig_lo10_alias0="inet 10.10.10.1 netmask 255.255.255.0"
ifconfig_lo10_alias1="inet 10.10.10.10 netmask 255.255.255.0"
ifconfig_lo10_alias2="inet 10.10.10.11 netmask 255.255.255.0"
ifconfig_lo10_alias3="inet 10.10.10.12 netmask 255.255.255.0"
ifconfig_lo10_alias4="inet 10.10.10.13 netmask 255.255.255.0"
ifconfig_lo10_alias5="inet 10.10.10.14 netmask 255.255.255.0"
ifconfig_lo10_alias6="inet 10.10.10.15 netmask 255.255.255.0"

  • Create the actual jail

    • use the ip address created above
    sudo ezjail-admin create busilogic-blog 10.10.10.15

  • To enable networking inside jail, copy the resolv.conf file 

    sudo cp /etc/resolv.conf /usr/jails/busilogic-blog/etc/
    • Start the jail
    sudo service ezjail start busilogic-blog

Enable networking in jail

# Replace jail name with your jail created
$ cp /etc/resolv.conf /usr/jails/<jailname>/etc/

Using fetch fails with ssl auth error

Reason: Certificate verification failed

# Install ca root
$ pkg install ca_root_nss

# Then ln or cp the combined root certificates to /etc/ssl/cert.pem
$ ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem

Starting PostGres in jail

$ su pgsql
$ pg_ctl -D /usr/local/pgsql/data initdb /usr/local/bin/pg_ctl -D /usr/local/pgsql/data -l /usr/local/pgsql/postgresql.log start

Running Ghost

# set node env
$ setenv NODE_ENV production

# verify node env set
$ env  # Should see all environment variables

# Run ghost
$ npm start

# Run Ghost forever
$ forever start index.js

Jenkins

References