IT notes


To enable ensure kernel is compiled with: makeoptions DEBUG=-g # Build kernel with gdb(1) debug symbols makeoptions WITH_CTF=1 # Run ctfconvert(1) for DTrace support options KDTRACE_FRAME # Ensure frames are compiled in options KDTRACE_HOOKS # Kernel DTrace hooks options DDB_CTF # Kernel ELF linker loads CTF data Build kernel, reboot: kldload dtraceall To check for example redis-server: dtrace -x ustackframes=100 -n 'profile-197 /execname == "redis-server" && arg1/ {@[ustack()] = count(); } tick-60s { exit(0); }' -o out.


If pkg can’t be installed because missing pkg.txz.pubkeysig, try this: Go to /usr/local/poudriere/data/packages/13amd64-default/.latest/Latest: echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /usr/local/etc/ssl/keys/pkg.key -binary -out ./pkg.txz.pubkeysig

Bhyve Ubuntu

In /etc.rc.conf: cloned_interfaces="lo1 bridge0 tap0" config_lo1="inet" autobridge_interfaces="bridge0" autobridge_bridge0="tap* igb0" ifconfig_bridge0="addm igb0 addm tap0 up description bhyve" In /boot/loader.conf: vmm_load="YES" nmdm_load="YES" Check that you have: sysctl Create the volume: zfs create -V100G -o volmode=dev tank/ubuntuvm Install: pkg install uefi-edk2-bhyve this will create /usr/local/share/uefi-firmware/BHYVE_UEFI.fd Setup and install: bhyve -AHP -w \ -s 1:0,lpc \ -s 2:0,virtio-net,tap0 \ -s 3:0,ahci-cd,/tank/iso/ubuntu-20.04.2-live-server-amd64.iso \ -s 4:0,virtio-blk,/dev/zvol/tank/ubuntuvm \ -s 29,fbuf,tcp=,w=800,h=600,wait \ -l bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.

vultr shutdown -o -n -r now

To prevent the system to hang on “detaching uhub0” reboot using the flag -n: shutdown -o -n -r now

Start 2 XS SATA

To install FreeBSD using the rescue system on a Start-2-XS-SATA from #!/bin/sh -x USER=monkey PASSWORD=secret gpart destroy -F ada0 gpart create -s gpt ada0 gpart bootcode -b /boot/pmbr -p /boot/gptboot -i 1 ada0 gpart add -t freebsd-boot -l boot -s 128K ada0 gpart add -t freebsd-swap -l swap -s 4g ada0 gpart add -t freebsd-ufs -l root ada0 gpart set -a active ada0 newfs /dev/gpt/root mount /dev/gpt/root /mnt cd /tmp fetch http://ftp.


To load kernel modules after local disks are mounted add this to /etc/rc.conf: kld_list="fuse" in this case module fuse will be loaded


To get an overview of the system: # sysctl -a | egrep -i 'hw.machine|hw.model|hw.ncpu' hw.machine: amd64 hw.model: Intel(R) Xeon(R) Silver 4110 CPU @ 2.10GHz hw.ncpu: 16 hw.machine_arch: amd64

MANIFEST No Such File or Directory

If when trying to install FreeBSD using bsdinstall you get: "Error while fetching file:///usr/freebsd-dist/MANIFEST" - no such file or directory Try to: [email protected]:~ # mkdir -p /usr/freebsd-dist/ [email protected]:~ # touch /usr/freebsd-dist/MANIFEST And then start again


The sockstat command list open Internet or UNIX domain sockets. List open tcp in ipv4: # sockstat -4l Show connectd sockets in port 443 and tcp: # sockstat -P tcp -p 443 -c List unix sockets: # sockstat -u


Update Freebsd using freebsd-update: Set in /etc/rc.conf: kern_securelevel_enable="NO" kern_securelevel="0" reboot and then: # freebsd-update upgrade -r 10.4-RELEASE # freebsd-update install # reboot # freebsd-update install Repeate then to upgrade to 11.1 freebsd-update upgrade -r 11.1-RELEASE Only security patches: # freebsd-update fetch # freebsd-update install To update the packages: # pkg-static upgrade -f # freebsd-update install A forced upgrade of all installed packages will replace the packages with fresh versions from the repository even if the version number has not increased.


When updating if get something like this: pkg: Newer FreeBSD version for package jsoncpp: - package: 1101503 - running kernel: 1100506 Try uname -KU to get the version, and then: pkg -o OSVERSION=1100506 update -f pkg -o OSVERSION=1100506 upgrade

update port

Make a copy of the current port: cp -R <port-name> <port-name>.orig Work on the port: make makesum make checksum make stage make check-orphans make package make install make deinstall make clean Crete the diff, first change one level up: diff -u port-name.orig port-name > port-name.diff Submit the patch.


To start an application on port 80 being not root: sysctl net.inet.ip.portrange.reservedhigh=79 That will allow to bind an application in any port > 79, to allow any port: sysctl net.inet.ip.portrange.reservedhigh=0 Add this to /etc/sysctl.conf to keep changes persistent across reboots: net.inet.ip.portrange.reservedhigh=79

bsdinstall MANIFEST

When installing FreeBSD from an ftp/http it may complain that MANIFEST file is missing, to solve the problem try this: export DISTRIBUTIONS="kernel.txz base.txz" mkdir /usr/freebsd-dist export BSDINSTALL_DISTDIR="/usr/freebsd-dist/" export BSDINSTALL_DISTSITE="" bsdinstall distfetch cd /usr/freebsd-dist fetch Then run bsdinstall

Syslogd 8 bit

If want to log full utf-8 strings “emoji’s” use the option -8, example on /etc/rc.conf: syslogd_flags="-ssC8" The optiosn are: -s Operate in secure mode. Do not log messages from remote machines. If specified twice, no network socket will be opened at all, which also disables logging to remote machines. -C Create log files that do not exist (permission is set to 0600). -8 Tells syslogd not to interfere with 8-bit data.

vm tools

vmware tools guest FreeBSD While running FreeBSD as a guest on VMWARE the vm-tools can be installed with this: $ pkg install open-vm-tools-nox11 Later enable them on /etc/rc.conf: vmware_guest_vmblock_enable="YES" vmware_guest_vmhgfs_enable="YES" vmware_guest_vmmemctl_enable="YES" vmware_guest_vmxnet_enable="YES" vmware_guestd_enable="YES"


FreeBSD zfs disk image Use VirtualBox to install FreeBSD using UFS. After having FreeBSD installed, update your sources and build a custom world and kernel based on your needs for the new image to be created: # cd /usr/src # make -j4 buildworld buildkernel adjust -j4 to the number or cpu cores Use this script to create the image: $ mkdir /raw && cd /raw $ fetch --no-verify-peer https://raw.

ipv6 tunnelbroker

6in4 6in4 uses tunneling to encapsulate IPv6 traffic over explicitly-configured IPv4 links. The 6in4 traffic is sent over the IPv4 Internet inside IPv4 packets whose IP headers have the IP protocol number set to 41. “6to4” is a tunneling method that is only interesting for reaching IPv6-only services. And 6to4 makes sense only if one has a public IPv4 address. As a rule, you only need to enable “6to4” if you want to access services that are only IPv6.

observability tools

FreeBSD Linux src:


FreeBSD & MySQL UTC After doing a fresh install, load the UTC zone: $ cd /usr/share/zoneinfo $ mysql_tzinfo_to_sql UTC UTC | mysql -u root mysql Edit the /etc/my.cnf: [mysqld] default-time-zone='UTC' This will set the default timezone on the server to be UTC To get current timezone of the mysql you can do following things: mysql> SELECT @@global.time_zone, @@session.time_zone;