FreeBSD Notizen
gptzfsboot error
gptzfsboot error 16 lba ... (16 -> eine platte hate einen lesefehler)
Error Codes (http://www.ctyme.com/intr/rb-0606.htm#Table234):
00h successful completion
01h invalid function in AH or invalid parameter
02h address mark not found
03h disk write-protected
04h sector not found/read error
05h reset failed (hard disk)
05h data did not verify correctly (TI Professional PC)
06h disk changed (floppy)
07h drive parameter activity failed (hard disk)
08h DMA overrun
09h data boundary error (attempted DMA across 64K boundary or >80h sectors)
0Ah bad sector detected (hard disk)
0Bh bad track detected (hard disk)
0Ch unsupported track or invalid media
0Dh invalid number of sectors on format (PS/2 hard disk)
0Eh control data address mark detected (hard disk)
0Fh DMA arbitration level out of range (hard disk)
10h uncorrectable CRC or ECC error on read
11h data ECC corrected (hard disk)
20h controller failure
31h no media in drive (IBM/MS INT 13 extensions)
32h incorrect drive type stored in CMOS (Compaq)
40h seek failed
80h timeout (not ready)
AAh drive not ready (hard disk)
B0h volume not locked in drive (INT 13 extensions)
B1h volume locked in drive (INT 13 extensions)
B2h volume not removable (INT 13 extensions)
B3h volume in use (INT 13 extensions)
B4h lock count exceeded (INT 13 extensions)
B5h valid eject request failed (INT 13 extensions)
B6h volume present but read protected (INT 13 extensions)
BBh undefined error (hard disk)
CCh write fault (hard disk)
E0h status register error (hard disk)
FFh sense operation failed (hard disk)
binary jail
$ zfs create machines/jail_XXX
$ cd create machines/jail_XXX
$ fetch -q -o - http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.0-RELEASE/base.txz | tar xvpf -
$ #opt# fetch -q -o - http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.0-RELEASE/lib32.txz | tar xvpf -
$ #opt# fetch -q -o - http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/10.0-RELEASE/ports.txz | tar xvpf -
$ #opt# http://pkg.freebsd.org/freebsd:10:x86:64/latest/Latest/pkg.txz
$ cp /etc/resolv.conf etc
$ vim etc/rc.conf
see also next section
debian kfreebsd amd64 jail
/etc/rc.conf
(add)
jail_enable="YES"
kld_list="pty"
root@x4:~ # uname -a
... FreeBSD 10.0-RELEASE ...
root@_:~ # debootstrap --arch=kfreebsd-amd64 wheezy /stuff/tempjail
...
root@_:~ # echo 'root::0:0::0:0:Charlie &:/root:/bin/csh' > /stuff/tempjail/etc/master.passwd
root@_:~ # pwd_mkdb -d /stuff/tempjail/etc/ /stuff/tempjail/etc/master.passwd
# set 'login' where /etc/rc.d/jail console search for it
ln -s /stuff/tempjail/bin/login /stuff/tempjail/usr/bin/login
cat /stuff/tempjail/etc/jail.start
#!/bin/sh
/etc/init.d/rc 0
cat /stuff/tempjail/etc/jail.stop
#!/bin/sh
/etc/init.d/rc 3
# start jail
/etc/rc.d/jail start debian
# enter jail
/etc/rc.d/jail console debian
# add alias to network device
$ ifconfig igb0 192.168.0.25/24 alias
/etc/jails.conf
(add)
debian {
path = "/stuff/tempjail";
host.hostname = "debian.domain";
ip4.addr = 192.168.0.25;
mount.devfs;
exec.clean;
exec.start = "/etc/jail.start";
exec.stop = "/etc/jail.stop";
}
Freebsd anpassen
Shell
Bash als Paket installieren
freebsd# pkg_add -r bash
Standard Shell wechseln
freebsd# chsh
.vimrc
set nocompatible
virtualbox installieren
Mit sysinstall
-> Configure -> Distributions src/all installieren.
32bit Libraries installieren
cd /usr/src/
make build32 install32; ldconfig -v -m -R /usr/lib32
Virtualbox installieren (hier ohne GUI)
# cd /usr/ports/emulators/virtualbox
# make config
Options for virtualbox-ose 3.2.6
[ ] QT4 Build with QT4 Frontend
[ ] DEBUG Build with debugging symbols
[ ] GUESTADDITIONS Build with Guest Additions
[ ] DBUS Build with D-Bus and HAL support
[ ] PULSEAUDIO Build with PulseAudio
[ ] X11 Build with X11 support
[ ] VDE Build with VDE support
[X] VNC Build with VNC support
[ ] WEBSERVICE Build Webservice
# make install
.....
VirtualBox was installed.
You need to load the vboxdrv kernel module via /boot/loader.conf:
vboxdrv_load="YES"
For bridged networking please add the following line to your /etc/rc.conf:
vboxnet_enable="YES"
Reboot the machine to load the needed kernel modules.
You also have to add all users to your vboxusers group in order to use vbox.
% pw groupmod vboxusers -m jerry
Running VirtualBox as non-root user may fail with a fatal error
NS_ERROR_FACTORY_NOT_REGISTERED. In this case delete /tmp/.vbox-*-ipc file.
Check wiki page for known issues and troubleshooting:
http://wiki.freebsd.org/VirtualBox
VBoxManage
VM Beschreibung anlegen
VBoxManage createvm --name <NAME> --ostype Linux --register
Blockdevice als virtuelle Festplatte anlegen
VBoxManage internalcommands createrawvmdk -filename .VirtualBox/disks/openvz-host.vmdk -rawdisk /dev/zvol/tank/openvz-host
RAW host disk access VMDK file .VirtualBox/disks/openvz-host.vmdk created successfully.
SATA Controller zu virtueller Maschine hinzufügen
VBoxManage storagectl openvz-host --name controller-1 --add sata
Festplatte an SATA Controller hängen
VBoxManage storageattach openvz-host --storagectl controller-1 --port 0 --device 0 --type hdd --medium ~/.VirtualBox/disks/openvz-host.vmdk
Ein DVD-Medium registrieren
VBoxManage openmedium dvd /tank/share/software/betriebssystem/debian/debian-505-i386-netinst.iso
Alle bekannten DVDs listen
VBoxManage list dvds
Einen IDE-Controller hinzufügen
VBoxManage storagectl openvz-host --name controller-2 --add ide
Eine DVD anhand ihrer UUID an den IDE-Controller hängen
VBoxManage storageattach openvz-host --storagectl controller-2 --port 0 --device 0 --type dvddrive --medium 712395e2-656a-4916-b18f-83b053f53aa9
Eine weitere physikalisches Blockdevice als Datei repräsentiert anlegen
VBoxManage internalcommands createrawvmdk -filename .VirtualBox/disks/vz.nbd.vmdk -rawdisk /dev/zvol/tank/nbd/vz.nbd
Und an Port 2 des SATA Controller hängen
VBoxManage storageattach openvz-host --storagectl controller-1 --port 1 --device 0 --type hdd --medium ~/.VirtualBox/disks/vz.nbd.vmdk
Verschlüsseltes swap
http://www.freebsd.org/doc/handbook/swap-encrypting.html
/etc/rc.conf
geli_swap_flags="-e blowfish -l 128 -s 4096 -d"
/etc/fstab
/dev/ad2s1b.eli none swap sw 0 0
Swap einmal eingehängt:
geli onetime -e blowfish -l 128 -s 4096 -d /dev/ad2s1b
swapon /dev/ad2s1b.eli
Swap auf zfs zvols's ist evil.
Fesptlatte einbinden
mit sysinstall
[root@x3 ~]% sysinstall
# erstellen eines slice mit 2929854312 Sektoren a 512byte
# bei sysinstall fehlen bei dieser Eingabe 16065 Sektoren
# deshalb 2929854312+16065=2929870377
# so bleiben ca. 216mb ungenutzt als Reserve
oder fdisk
fdisk -p /dev/QUELLE | fdisk -i -f - /dev/ZIEL
# -p Ausgabe maschinenlesbar
# -i initialize
# -f config quelle
[root@x3 ~]% geli init -b -l 256 -s 4096 /dev/da2s1
[root@x3 ~]% geli attach /dev/da2s1
[root@x3 ~]% zpool add -nf tank da2s1.eli
[root@x3 ~]% zpool add -f tank da2s1.eli
Network Block Devices (NBD) Server
FIXME - synchronize
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: nbd-server
# REQUIRE: devfs syslogd
. /etc/rc.subr
name="nbd-server"
rcvar="nbd_server_enable"
start_cmd="nbd_server_start"
stop_cmd="nbd_server_stop"
nbd_server_start()
{
echo -n "Start nbd-server: "
for port_file in ${nbd_server_disks}; do
port="`echo ${port_file} | cut -d : -f 1`"
file="`echo ${port_file} | cut -d : -f 2`"
echo -n "${file}@${port} "
nbd-server ${port} "${file}"
done
echo
}
nbd_server_stop() {
echo -n "Stoppe nbd-server:"
for pid in `pgrep nbd-server`; do
echo -n " $pid"
kill $pid
echo -n "."
done
echo
}
load_rc_config $name
load_rc_config $name
run_rc_command "$1"
/etc/rc.conf
nbd_server_enable="YES"
nbd_server_disks="10101:/dev/zvol/tank/nbd/aurora_root.nbd 10102:/dev/zvol/tank/nbd/orakel_root.nbd"
Troubleshooting
Zerkonfiguriertes root ufs Dateisystem unter Linux editieren
Linux Kernel anpassen
Um ufs beschreibbar unter Linux laufen lassen zu können muss wahrscheinlich bei den meisten Distributionen der Kernel angepasst werden.
File systems --->
[*] Miscellaneous filesystems --->
<M> UFS file system support (read only)
[*] UFS file system write support (DANGEROUS)
Eine Anleitung um den Kernel unter zu kompilieren gibts hier: http://ghantoos.org/2009/04/04/mounting-ufs-in-readwrite-under-linux/
Mounten
Da Freebsd Slices verwendet und diese auch mit Kernel Unterstützung bei Loop Devices nicht erkannt werden muss eventuell ein Offset beim mounten angegeben werden um das passende Slice zu finden.
mount -o loop,rw,ufstype=5xbsd,offset=32256 -t ufs freebsd_root.img /mnt/
FIXME woher offset nehmen?
Administration
ports Sicherheitsaudit
PKG_DBDIR=/###/jail_###/var/db/pkg pkg_info -aE | portaudit -f -
ports Sammlung installieren/updaten
# Erstmalig runterladen z.b. in neuer Jail.
portsnap fetch
# auspacken
portsnap extract
# updaten
portsnap update
# oder
portsnap fetch update
jails aus sourcen erzeugen
(in virtalbox)
Die jails werden auf einer virtuellen Festplatte mit zfs installiert.
new install log
Ausgangspunkt ist das Grundsystem der Installer CD.
# portsnap fetch extract
# cd /usr/ports/ports-mgmt/portmaster
# make install clean distclean
# portmaster editors/vim-lite sysutils/smartmontools sysutils/screen shells/bash ports-mgmt/portaudit
Die portmaster.conf editieren, damit alte Distfiles beim Update gelöscht werden:
# mv /usr/local/etc/portmaster.rc.src /usr/local/etc/portmaster.rc
Die Zeile "ALWAYS_SCRUB_DISTFILES=dopt" einkommentieren.
echo "hw.syscons.bell=0" >> /etc/sysctl.conf
cp /usr/local/share/vim/vim73/vimrc_example.vim /usr/local/share/vim/vimrc
pw usernmod user -G wheel
Jails einrichten
mkdir /usr/jails
mkdir /usr/jails/template
fetch -q -o - ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/9.1-RELEASE/base.txz | tar xvpf -
fetch -q -o - ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/9.1-RELEASE/lib32.txz | tar xpf -
fetch -q -o - http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/9.1-RELEASE/ports.txz | tar xvpf -
tar cpf - . | tar xvf - -C /usr/jails/first
ifconfig epair0 create
ifconfig epair0 vnet first
ifconfig bridge0 create
ifconfig bridge0 addm bfe0 addm epair0b up
ifconfig epair0a up
http://bsdbased.com/2009/12/06/freebsd-8-vimage-epair-howto http://wiki.polymorf.fr/index.php/Howto:FreeBSD_jail_vnet