IT notes

DTrace

To enable ensure kernel is compiled with: makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support options KDTRACE_FRAME # Ensure frames are compiled in options KDTRACE_HOOKS # Kernel DTrace hooks options DDB_CTF # Kernel ELF linker loads CTF data Build kernel, reboot: kldload dtraceall To check for example redis-server: dtrace -x ustackframes=100 -n 'profile-197 /execname == "redis-server" && arg1/ {@[ustack()] = count(); } tick-60s { exit(0); }' -o out.

pkg.txz.pubkeysig

If pkg can’t be installed because missing pkg.txz.pubkeysig, try this: Go to /usr/local/poudriere/data/packages/13amd64-default/.latest/Latest: echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /usr/local/etc/ssl/keys/pkg.key -binary -out ./pkg.txz.pubkeysig

Bhyve Ubuntu

In /etc.rc.conf: cloned_interfaces="lo1 bridge0 tap0" config_lo1="inet 127.0.1.1/8" autobridge_interfaces="bridge0" autobridge_bridge0="tap* igb0" ifconfig_bridge0="addm igb0 addm tap0 up description bhyve" In /boot/loader.conf: vmm_load="YES" nmdm_load="YES" Check that you have: sysctl net.link.tap.up_on_open=1 Create the volume: zfs create -V100G -o volmode=dev tank/ubuntuvm Install: pkg install uefi-edk2-bhyve this will create /usr/local/share/uefi-firmware/BHYVE_UEFI.fd Setup and install: bhyve -AHP -w \ -s 1:0,lpc \ -s 2:0,virtio-net,tap0 \ -s 3:0,ahci-cd,/tank/iso/ubuntu-20.04.2-live-server-amd64.iso \ -s 4:0,virtio-blk,/dev/zvol/tank/ubuntuvm \ -s 29,fbuf,tcp=0.0.0.0:5900,w=800,h=600,wait \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.

vultr shutdown -o -n -r now

To prevent the system to hang on “detaching uhub0” reboot using the flag -n: shutdown -o -n -r now

Start 2 XS SATA

To install FreeBSD using the rescue system on a Start-2-XS-SATA from online.net: #!/bin/sh -x USER=monkey PASSWORD=secret gpart destroy -F ada0 gpart create -s gpt ada0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0 gpart add -t freebsd-boot -l boot -s 128K ada0 gpart add -t freebsd-swap -l swap -s 4g ada0 gpart add -t freebsd-ufs -l root ada0 gpart set -a active ada0 newfs /dev/gpt/root mount /dev/gpt/root /mnt cd /tmp fetch http://ftp.

kld_list

To load kernel modules after local disks are mounted add this to /etc/rc.conf: kld_list="fuse" in this case module fuse will be loaded

hw.(machine|model|ncpu)

To get an overview of the system: # sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu' hw.machine: amd64 hw.model: Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz hw.ncpu: 16 hw.machine_arch: amd64

MANIFEST No Such File or Directory

If when trying to install FreeBSD using bsdinstall you get: "Error while fetching file:///usr/freebsd-dist/MANIFEST" - no such file or directory Try to: [email protected]:~ # mkdir -p /usr/freebsd-dist/ [email protected]:~ # touch /usr/freebsd-dist/MANIFEST And then start again

sockstat

The sockstat command list open Internet or UNIX domain sockets. List open tcp in ipv4: # sockstat -4l Show connectd sockets in port 443 and tcp: # sockstat -P tcp -p 443 -c List unix sockets: # sockstat -u

freebsd-update

Update Freebsd using freebsd-update: Set in /etc/rc.conf: kern_securelevel_enable="NO" kern_securelevel="0" reboot and then: # freebsd-update upgrade -r 10.4-RELEASE # freebsd-update install # reboot # freebsd-update install Repeate then to upgrade to 11.1 freebsd-update upgrade -r 11.1-RELEASE Only security patches: # freebsd-update fetch # freebsd-update install To update the packages: # pkg-static upgrade -f # freebsd-update install A forced upgrade of all installed packages will replace the packages with fresh versions from the repository even if the version number has not increased.

pkg -o OSVERSION

When updating if get something like this: pkg: Newer FreeBSD version for package jsoncpp: - package: 1101503 - running kernel: 1100506 Try uname -KU to get the version, and then: pkg -o OSVERSION=1100506 update -f pkg -o OSVERSION=1100506 upgrade

update port

Make a copy of the current port: cp -R <port-name> <port-name>.orig Work on the port: make makesum make checksum make stage make check-orphans make package make install make deinstall make clean Crete the diff, first change one level up: diff -u port-name.orig port-name > port-name.diff Submit the patch.

80

To start an application on port 80 being not root: sysctl net.inet.ip.portrange.reservedhigh=79 That will allow to bind an application in any port > 79, to allow any port: sysctl net.inet.ip.portrange.reservedhigh=0 Add this to /etc/sysctl.conf to keep changes persistent across reboots: net.inet.ip.portrange.reservedhigh=79

bsdinstall MANIFEST

When installing FreeBSD from an ftp/http it may complain that MANIFEST file is missing, to solve the problem try this: export DISTRIBUTIONS="kernel.txz base.txz" mkdir /usr/freebsd-dist export BSDINSTALL_DISTDIR="/usr/freebsd-dist/" export BSDINSTALL_DISTSITE="https://download.freebsd.org/ftp/releases/amd64/amd64/12.1-RELEASE/" bsdinstall distfetch cd /usr/freebsd-dist fetch https://download.freebsd.org/ftp/releases/amd64/amd64/12.1-RELEASE/MANIFEST Then run bsdinstall

Syslogd 8 bit

If want to log full utf-8 strings “emoji’s” use the option -8, example on /etc/rc.conf: syslogd_flags="-ssC8" The optiosn are: -s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines. -C Create log files that do not exist (permission is set to 0600). -8 Tells syslogd not to interfere with 8-bit data.

vm tools

vmware tools guest FreeBSD While running FreeBSD as a guest on VMWARE the vm-tools can be installed with this: $ pkg install open-vm-tools-nox11 Later enable them on /etc/rc.conf: vmware_guest_vmblock_enable="YES" vmware_guest_vmhgfs_enable="YES" vmware_guest_vmmemctl_enable="YES" vmware_guest_vmxnet_enable="YES" vmware_guestd_enable="YES"

zfs

FreeBSD zfs disk image Use VirtualBox to install FreeBSD using UFS. After having FreeBSD installed, update your sources and build a custom world and kernel based on your needs for the new image to be created: # cd /usr/src # make -j4 buildworld buildkernel adjust -j4 to the number or cpu cores Use this script to create the image: https://github.com/nbari/freebsd/blob/master/zfs/zfs.sh $ mkdir /raw && cd /raw $ fetch --no-verify-peer https://raw.

ipv6 tunnelbroker

6in4 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. The 6in4 traffic is sent over the IPv4 Internet inside IPv4 packets whose IP headers have the IP protocol number set to 41. https://en.wikipedia.org/wiki/6in4 “6to4” is a tunneling method that is only interesting for reaching IPv6-only services. And 6to4 makes sense only if one has a public IPv4 address. As a rule, you only need to enable “6to4” if you want to access services that are only IPv6.

observability tools

FreeBSD Linux src: http://www.brendangregg.com/blog/2015-03-06/performance-analysis-bsd.html

mysql_tzinfo_to_sql

FreeBSD & MySQL UTC After doing a fresh install, load the UTC zone: $ cd /usr/share/zoneinfo $ mysql_tzinfo_to_sql UTC UTC | mysql -u root mysql Edit the /etc/my.cnf: [mysqld] default-time-zone='UTC' This will set the default timezone on the server to be UTC To get current timezone of the mysql you can do following things: mysql> SELECT @@global.time_zone, @@session.time_zone;