コンテンツにスキップ

FreeBSD

Sambaの転送速度がやけに遅い

オフロード機能が悪い時

ifconfig igb0 -tso4 -tso6 -rxcsum -txcsum -rxcsum6 -txcsum6
ifconfig igb1 -tso4 -tso6 -rxcsum -txcsum -rxcsum6 -txcsum6

FreeBSD as Router

Unbound

最初から入っている /usr/sbin/local-unbound を使用する。

  • 起動: /etc/rc.d/local_unbound start
  • 設定ファイル: /etc/unbound/
  • デフォルトパス: /var/unbound
    • ログファイルも /var/unbound/var/log/ にある
  • キャッシュダンプ: /usr/sbin/local-unbound-control dump_cache
  • インフラキャッシュダンプ: /usr/sbin/local-unbound-control dump_infra

カーネル管理

freebsd-kernel でユーザーランドのバージョン確認。-k を付けるとカーネルバージョン。

% freebsd-version 
11.4-RELEASE-p3
% freebsd-version -k
11.4-RELEASE-p3

パッチのみの適用

# freebsd-update fetch
# freebsd-update install

バージョンアップ

# freebsd-update -r 12.0-RELEASE
# freebsd-update install
# reboot
# freebsd-update install

ユーザー操作

su - してrootになるには wheel グループに所属する必要がある

adduser ${USER}
pw groupadd ${GROUP}
pw groupmod wheel -m ${USER}
pw groupshow wheel
pw userdell ${USER}

sudo

入ってないので入れる。

pkg install sudo

visudo を叩いてwheelグループのどちらかコメントアウトを外す。

## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL

## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL

Network

route

route -6 del default
route -6 add default fe80::1%igb0

lagg

/etc/rc.conf に以下のように書いて service netif restart する。

# lagg0 (igb0 + igb1)
ifconfig_igb0="up"
ifconfig_igb1="up"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto loadbalance laggport igb0 laggport igb1 mtu 9000"
ifconfig_lagg0_alias0="inet 192.168.1.3 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
ifconfig_lagg0_ipv6="inet6 2001:db8:1:2::3/64"
ipv6_defaultrouter="fe80::1%lagg0"

パッケージ管理

  • pkg : パッケージ管理コマンド
# pkg update
# pkg upgrade

ics-dhcp-server

# pkg install isc-dhcp44-server
...
Message from isc-dhcp44-server-4.4.2_1:

--
****  To setup dhcpd, please edit /usr/local/etc/dhcpd.conf.

****  This port installs the dhcp daemon, but doesn't invoke dhcpd by default.
      If you want to invoke dhcpd at startup, add these lines to /etc/rc.conf:

            dhcpd_enable="YES"                          # dhcpd enabled?
            dhcpd_flags="-q"                            # command option(s)
            dhcpd_conf="/usr/local/etc/dhcpd.conf"      # configuration file
            dhcpd_ifaces=""                             # ethernet interface(s)
            dhcpd_withumask="022"                       # file creation mask

****  If compiled with paranoia support (the default), the following rc.conf
      options are also supported:

            dhcpd_chuser_enable="YES"           # runs w/o privileges?
            dhcpd_withuser="dhcpd"              # user name to run as
            dhcpd_withgroup="dhcpd"             # group name to run as
            dhcpd_chroot_enable="YES"           # runs chrooted?
            dhcpd_devfs_enable="YES"            # use devfs if available?
            dhcpd_rootdir="/var/db/dhcpd"       # directory to run in
            dhcpd_includedir="<some_dir>"       # directory with config-
                                                  files to include

****  WARNING: never edit the chrooted or jailed dhcpd.conf file but
      /usr/local/etc/dhcpd.conf instead which is always copied where
      needed upon startup.

openldap-server

# pkg install openldap-server
...
Message from openldap-client-2.4.57:

--
The OpenLDAP client package has been successfully installed.

Edit
  /usr/local/etc/openldap/ldap.conf
to change the system-wide client defaults.

Try `man ldap.conf' and visit the OpenLDAP FAQ-O-Matic at
  http://www.OpenLDAP.org/faq/index.cgi?file=3
for more information.
=====
Message from openldap-server-2.4.57:

--
The OpenLDAP server package has been successfully installed.

In order to run the LDAP server, you need to edit
  /usr/local/etc/openldap/slapd.conf
to suit your needs and add the following lines to /etc/rc.conf:
  slapd_enable="YES"
  slapd_flags='-h "ldapi://%2fvar%2frun%2fopenldap%2fldapi/ ldap://0.0.0.0/"'
  slapd_sockets="/var/run/openldap/ldapi"

Then start the server with
  /usr/local/etc/rc.d/slapd start
or reboot.

Try `man slapd' and the online manual at
  http://www.OpenLDAP.org/doc/
for more information.

slapd runs under a non-privileged user id (by default `ldap'),
see /usr/local/etc/rc.d/slapd for more information.

samba.schemaの取得

# cd /usr/local/etc/openldap
# fetch -o schema/samba.schema 'https://git.samba.org/samba.git/?p=samba.git;a=blob_plain;f=examples/LDAP/samba.schema'

samba4

# pkg install samba413
...
=====
Message from bash-completion-2.11,2:

--
To enable the bash completion library, add the following to
your .bashrc file:

[[ $PS1 && -f /usr/local/share/bash-completion/bash_completion.sh ]] && \
        source /usr/local/share/bash-completion/bash_completion.sh

See /usr/local/share/doc/bash-completion/README.md for more information.
=====
Message from ca_root_nss-3.58:

--
FreeBSD does not, and can not warrant that the certification authorities
whose certificates are included in this package have in any way been
audited for trustworthiness or RFC 3647 compliance.

Assessment and verification of trust is the complete responsibility of the
system administrator.


This package installs symlinks to support root certificates discovery by
default for software that uses OpenSSL.

This enables SSL Certificate Verification by client software without manual
intervention.

If you prefer to do this manually, replace the following symlinks with
either an empty file or your site-local certificate bundle.

  * /etc/ssl/cert.pem
  * /usr/local/etc/ssl/cert.pem
  * /usr/local/openssl/cert.pem
=====
Message from trousers-0.3.14_3:

--
To run tcsd automatically, add the following line to /etc/rc.conf:

tcsd_enable="YES"

You might want to edit /usr/local/etc/tcsd.conf to reflect your setup.

If you want to use tcsd with software TPM emulator, use the following
configuration in /etc/rc.conf:

tcsd_enable="YES"
tcsd_mode="emulator"
tpmd_enable="YES"

To use TPM, add your_account to '_tss' group like following:

# pw groupmod _tss -m your_account
=====
Message from libinotify-20180201_2:

--
Libinotify functionality on FreeBSD is missing support for

  - detecting a file being moved into or out of a directory within the
    same filesystem
  - certain modifications to a symbolic link (rather than the
    file it points to.)

in addition to the known limitations on all platforms using kqueue(2)
where various open and close notifications are unimplemented.

This means the following regression tests will fail:

Directory notifications:
   IN_MOVED_FROM
   IN_MOVED_TO

Open/close notifications:
   IN_OPEN
   IN_CLOSE_NOWRITE
   IN_CLOSE_WRITE

Symbolic Link notifications:
   IN_DONT_FOLLOW
   IN_ATTRIB
   IN_MOVE_SELF
   IN_DELETE_SELF

Kernel patches to address the missing directory and symbolic link
notifications are available from:

https://github.com/libinotify-kqueue/libinotify-kqueue/tree/master/patches

You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot
of files.
=====
Message from gamin-0.1.10_10:

--
Gamin will only provide realtime notification of changes for at most n files,
where n is the minimum value between (kern.maxfiles * 0.7) and
(kern.maxfilesperproc - 200). Beyond that limit, files will be polled.

If you often open several large folders with Nautilus, you might want to
increase the kern.maxfiles tunable (you do not need to set
kern.maxfilesperproc, since it is computed at boot time from kern.maxfiles).

The behavior of gamin can be controlled via the various gaminrc files.
See http://www.gnome.org/~veillard/gamin/config.html on how to create
these files.  In particular, if you find gam_server is taking up too much
CPU time polling for changes, something like the following may help
in one of the gaminrc files:

# reduce polling frequency to once per 10 seconds
# for UFS file systems in order to lower CPU load
fsset ufs poll 10
--
===>   NOTICE:

The gamin port currently does not have a maintainer. As a result, it is
more likely to have unresolved issues, not be up-to-date, or even be removed in
the future. To volunteer to maintain this port, please create an issue at:

https://bugs.freebsd.org/bugzilla

More information about port maintainership is available at:

https://www.freebsd.org/doc/en/articles/contributing/ports-contributing.html#maintain-port
=====
Message from samba413-4.13.1_1:

--
How to start: http://wiki.samba.org/index.php/Samba4/HOWTO

* Your configuration is: /usr/local/etc/smb4.conf

* All the relevant databases are under: /var/db/samba4

* All the logs are under: /var/log/samba4

* Provisioning script is: /usr/local/bin/samba-tool

For additional documentation check: http://wiki.samba.org/index.php/Samba4

Bug reports should go to the: https://bugzilla.samba.org/

pam_ldap & nss_ldap

# pkg install pam_ldap nss_ldap
...
=====
Message from pam_ldap-186:

--
Edit /usr/local/etc/ldap.conf in order to use this module.  Then
create a /usr/local/etc/pam.d/ldap with a line similar to the following:

login   auth    sufficient      /usr/local/lib/pam_ldap.so
=====
Message from nss_ldap-1.265_13:

--
The nss_ldap module expects to find its configuration files at the
following paths:

LDAP configuration:     /usr/local/etc/nss_ldap.conf
LDAP secret (optional): /usr/local/etc/nss_ldap.secret

zfs

壊れた時にUSBスティックから起動して zpool import -f したい時というのはたまにある。

# -f: 強制
# -R: マウントポイント
zpool import -fR /mnt ${pool_name}

同名のpool名がある場合はimport出来ないので -t で別名を与える。

# zpool import -fR /mnt zroot
cannot import 'zroot': a pool with that name already exists
use the form 'zpool import [-t] <pool | id> <newpool>' to give it a new temporary or permanent name
# zpool import -fR /mnt -t zroot zroot_11R4

zpool upgrade 2020/10/20

# freebsd-version 
11.4-RELEASE-p3
# freebsd-version -k
11.4-RELEASE-p3
# zpool status
  pool: lib_02
 state: ONLINE
status: Some supported features are not enabled on the pool. The pool can
        still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
        the pool may no longer be accessible by software that does not support
        the features. See zpool-features(7) for details.
  scan: resilvered 3.84T in 0 days 16:43:11 with 0 errors on Thu Oct 19 13:01:57 2017
config:

        NAME        STATE     READ WRITE CKSUM
        lib_02      ONLINE       0     0     0
          raidz2-0  ONLINE       0     0     0
            da5     ONLINE       0     0     0
            da0     ONLINE       0     0     0
            da3     ONLINE       0     0     0
            da2     ONLINE       0     0     0
            da1     ONLINE       0     0     0
            da4     ONLINE       0     0     0

errors: No known data errors

  pool: zroot
 state: ONLINE
status: Some supported features are not enabled on the pool. The pool can
        still be used, but some features are unavailable.
action: Enable all features using 'zpool upgrade'. Once this is done,
        the pool may no longer be accessible by software that does not support
        the features. See zpool-features(7) for details.
  scan: scrub repaired 0 in 0 days 00:00:33 with 0 errors on Sun Mar  3 01:52:49 2019
config:

        NAME          STATE     READ WRITE CKSUM
        zroot         ONLINE       0     0     0
          mirror-0    ONLINE       0     0     0
            gpt/zfs0  ONLINE       0     0     0
            gpt/zfs1  ONLINE       0     0     0

errors: No known data errors
# zpool upgrade lib_02
This system supports ZFS pool feature flags.

Enabled the following features on 'lib_02':
  sha512
  skein
  device_removal
  obsolete_counts
  zpool_checkpoint
  spacemap_v2

# zpool upgrade zroot
This system supports ZFS pool feature flags.

Enabled the following features on 'zroot':
  sha512
  skein
  device_removal
  obsolete_counts
  zpool_checkpoint
  spacemap_v2

If you boot from pool 'zroot', don't forget to update boot code.
Assuming you use GPT partitioning and da0 is your boot disk
the following command will do it:

        gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 da0

# gpart show
=>       34  125045357  ada0  GPT  (60G)
         34       1024     1  freebsd-boot  (512K)
       1058    4194304     2  freebsd-swap  (2.0G)
    4195362  120850029     3  freebsd-zfs  (58G)

=>       34  125045357  ada1  GPT  (60G)
         34       1024     1  freebsd-boot  (512K)
       1058    4194304     2  freebsd-swap  (2.0G)
    4195362  120850029     3  freebsd-zfs  (58G)

# gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0
partcode written to ada0p1
bootcode written to ada0
# gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada1
partcode written to ada1p1
bootcode written to ada1
# zpool status
  pool: lib_02
 state: ONLINE
  scan: resilvered 3.84T in 0 days 16:43:11 with 0 errors on Thu Oct 19 13:01:57 2017
config:

        NAME        STATE     READ WRITE CKSUM
        lib_02      ONLINE       0     0     0
          raidz2-0  ONLINE       0     0     0
            da5     ONLINE       0     0     0
            da0     ONLINE       0     0     0
            da3     ONLINE       0     0     0
            da2     ONLINE       0     0     0
            da1     ONLINE       0     0     0
            da4     ONLINE       0     0     0

errors: No known data errors

  pool: zroot
 state: ONLINE
  scan: scrub repaired 0 in 0 days 00:00:33 with 0 errors on Sun Mar  3 01:52:49 2019
config:

        NAME          STATE     READ WRITE CKSUM
        zroot         ONLINE       0     0     0
          mirror-0    ONLINE       0     0     0
            gpt/zfs0  ONLINE       0     0     0
            gpt/zfs1  ONLINE       0     0     0

errors: No known data errors

Memo


最終更新日: 2021-05-16 14:52:22