From owner-freebsd-questions@FreeBSD.ORG Mon Mar 10 07:10:46 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EBF07E57 for ; Mon, 10 Mar 2014 07:10:45 +0000 (UTC) Received: from mail.bsdbox.co (122-149-22-79.static.dsl.dodo.com.au [122.149.22.79]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 8F0A2DFC for ; Mon, 10 Mar 2014 07:10:44 +0000 (UTC) Received: from oneXL.BigPond (122-149-22-79.static.dsl.dodo.com.au [122.149.22.79]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bsdbox.co (Postfix) with ESMTPSA id 768A78938A; Mon, 10 Mar 2014 07:10:29 +0000 (UTC) User-Agent: K-9 Mail for Android In-Reply-To: <531D60C4.1020903@infracaninophile.co.uk> References: <15A20437-032F-421D-BF2A-503E71F63E70@shaw.ca> <55998E68-F3A7-4508-91C4-424536FAA494@shaw.ca> <531D60C4.1020903@infracaninophile.co.uk> MIME-Version: 1.0 Subject: Re: FreeBSD 10 + Apache + PHP From: nano Date: Mon, 10 Mar 2014 18:10:33 +1100 To: Matthew Seaman , freebsd-questions@freebsd.org Message-ID: <51f8966c-b54b-43d0-a2ef-e8d1cf35d5a9@email.android.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.17 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 07:10:46 -0000 How do you properly mix packages from the local and FreeBSD repo? I've always been advised to avoid this and use local packages exclusively. Matthew Seaman wrote: >On 10/03/2014 04:40, Dale Scott wrote: >>> I too want to manage hosts exclusively with binary packages. In the >absence >>> > of a working a Poudriere implementation, it appears I will have to >install it via ports. :( > >> I don't see how Poudriere would help in this situation (but I also >> don't know how Poudriere works). I just have one real server and a >> couple of dev vm's. It doesn't feel it would be worthwhile to have a >> local Poudriere repo, update it, rebuild the packages, and then >> finally update my couple servers, when I couldjust "pkg upgrade" on >> each server (if I can go 100% packages). Am I missing something? > >poudriere is the answer right now to the problem of wanting to use >binary packages but finding that the default packages from >pkg.freebsd.org are not built with the correct set of options. > >Eventually we will have sub-packages and other improvements to the way >binary package management happens, so that binary packages become a lot >more flexible, but those changes depend on the final demise of the >pkg_tools and some of the current work on pkg(8) being released. It's >going to take months (at best) before this problem is addressed >effectively. > >Until then, building your own pkgs using poudriere allows you all the >speed and convenience of using a package repository with the >flexibility >to set your own options. You can mix local poudriere built packages >with official FreeBSD packages -- you do need to make sure your ports >tree is fairly close to the version used in the official builds, maybe >by tracking the 2014Q1 branch. Running poudriere is not hugely >onerous. > Once you've got it set up, you can pretty much set up cron jobs to run >the builds you want and leave it to do its thing with little additional >attention required. > >Even if you only have a very few machines to maintain, poudriere will >alleviate the amount of time and effort you need to put into doing >that. > > Cheers, > > Matthew > >-- >Dr Matthew J Seaman MA, D.Phil. > >PGP: http://www.infracaninophile.co.uk/pgpkey >JID: matthew@infracaninophile.co.uk -- Sent from my Android device with K-9 Mail. Please excuse my brevity. From owner-freebsd-questions@FreeBSD.ORG Mon Mar 10 07:18:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 32CF6F77 for ; Mon, 10 Mar 2014 07:18:42 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 017F1E4F for ; Mon, 10 Mar 2014 07:18:37 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [81.2.117.99]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s2A7IGYE002715 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 10 Mar 2014 07:18:17 GMT (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s2A7IGYE002715 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1394435897; bh=drGKo/Y8YhpXJqtoYHvoHYDLjOXOLStiUr8+wdaFf9k=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Mon,=2010=20Mar=202014=2007:18:15=20+0000|From:=20Matthew =20Seaman=20|To:=20David=20Christ ensen=20,=20=0D=0A=20freebsd-questions@ freebsd.org|Subject:=20Re:=20FreeBSD=2010=20installer=20and=20ZFS= 20root|References:=20<53197EF6.4070902@holgerdanske.com>=20<531991 3D.4040207@infracaninophile.co.uk>=20<10334f5b74b05d9445d071bd08f7 3a24@dweimer.net>=20<531A0A0B.3010902@holgerdanske.com>=20=20<531D51EF.1080804@holgerd anske.com>|In-Reply-To:=20<531D51EF.1080804@holgerdanske.com>; b=Ye57zFbn0sctcw9E2CT4csqXhGLkCn+OEnPDrn/Tb7eDRcNjNr5THyLLA4rCZgZ6m YdjCAClJuCVXGN6gQkF44YJcUMIsPPI/wxZt+fwGhCH76Co2psfV7W7RAmqQqlUj13 TcL9PlZFXVa7NHuxdQxPdc4mkiWj9FCR9D1gdpFY= Message-ID: <531D6737.4020708@infracaninophile.co.uk> Date: Mon, 10 Mar 2014 07:18:15 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: David Christensen , freebsd-questions@freebsd.org Subject: Re: FreeBSD 10 installer and ZFS root References: <53197EF6.4070902@holgerdanske.com> <5319913D.4040207@infracaninophile.co.uk> <10334f5b74b05d9445d071bd08f73a24@dweimer.net> <531A0A0B.3010902@holgerdanske.com> <531D51EF.1080804@holgerdanske.com> In-Reply-To: <531D51EF.1080804@holgerdanske.com> X-Enigmail-Version: 1.6 OpenPGP: id=E7F39EBF Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2014 07:18:42 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 10/03/2014 05:47, David Christensen wrote: > freebsd-questions: >=20 > I am testing FreeBSD-10.0-RELEASE-amd64-dvd1.iso on a system with: >=20 > Intel D945GTPLKR motherboard > Intel Pentium 4 640 processor > 4 GB RAM > Maxtor 5T030H3 30 GB EIDE hard drive >=20 >=20 > I have installed FreeBSD using the encrypted ZFS root option, similar t= o > the screenshot at the bottom of: >=20 > http://www.bsdnow.tv/tutorials/fde >=20 > Except that I set Partition Scheme to "MBR" and Swap Size to "4g". >=20 > Question -- do I need to make swap size equal to or larger than RAM? No. You don't /need/ to do this, especially nowadays with machines having large amounts of RAM (by which I mean much more than just 4GB, which is a fairly routine amount nowadays). In your case I'd advise a swap size of something between RAM+delta or 2 x RAM. 4GB is about the minimum you can run a serious ZFS based server with, although for light duties or experimental purposes you can manage ZFS with much less RAM. > The system boots and appears to work. Do I understand the following > correctly? >=20 > 1. root@p43200:~ # gpart show -p > =3D> 63 60030369 ada0 MBR (29G) > 63 60030369 ada0s1 freebsd [active] (29G) >=20 > =3D> 0 60030369 ada0s1 BSD (29G) > 0 4194304 ada0s1a freebsd-zfs (2.0G) > 4194304 8388608 ada0s1b freebsd-swap (4.0G) > 12582912 47447457 ada0s1d freebsd-zfs (23G) I wouldn't make ada0s1a a ZFS partition if all it is intended to do is hold an unencrypted /boot -- UFS gives you everything you need for that use case, and all the extra ZFS goodness isn't really relevant there. > The disk has an MBR partition table and yields five GEOM providers > -- ada0, ada0s1, ada0s1a, ada0s1b, and adas1d: >=20 > ada0 is the raw block device. >=20 > ada0s1 is a primary partition table entry pointing to an extended > partition table. >=20 > The extended partition table contains partitions ada0s1a, ada0s1b, > and ada0s1d. Yes, that is correct. > Question -- can I adjust the size of ada0s1a and ada0s1d during > installation? I take it you mean 'can I install using different partition sizes?' rather than 'can I change the sizes of the partitions after the fact?' The installer contains a pretty reasonable partition editor, or it is entirely possible to boot the install media to a live FS and set up your drives from the command line, and then continue the installation using the installer. If you're asking about changing the size of existing partitions, then the answer is 'maybe'. You can't shrink the size of a partition with a ZFS or UFS filesystem on it easily, and you can't move the beginning of such a partition. You can add space to the end of a partition with a FS on it, and you can do pretty much whatever you want to a swap area. >=20 > 2. root@p43200:~ # swapinfo > Device 1K-blocks Used Avail Capacity > /dev/ada0s1b 4194304 0 4194304 0% >=20 > ada0s1b is used for swap. >=20 > swap is unencrypted. >=20 > Question -- can I arrange for swap to be encrypted during installat= ion? Set this up after installation > Question -- if not, is section 18.15 of the FreeBSD handbook correc= t > for FreeBSD 10? >=20 >=20 > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypti= ng.html >=20 >=20 > E.g. to encrypt swap using a one-time random key at boot, add the > following line, or something similar per geli(8), to /etc/rc.conf: >=20 > geli_swap_flags=3D"-e blowfish -l 128 -s 4096 -d" Yes -- this is the way to go. >=20 > 3. root@p43200:~ # zpool list -v > NAME SIZE ALLOC FREE CAP DEDUP HEALTH ALTROOT > bootpool 1.98G 447M 1.55G 21% 1.00x ONLINE - > ada0s1a 1.98G 447M 1.55G - > zroot 22.5G 1.73G 20.8G 7% 1.00x ONLINE - > ada0s1d.eli 22.5G 1.73G 20.8G - >=20 > There are two ZFS pools, bootpool and zroot. >=20 > bootpool is based upon ada0s1a. >=20 > zroot is based upon ada0s1d.eli. >=20 > Question -- can I set ZFS pool options for bootpool and zroot durin= g > installation? No, but the installer sets the options you'ld want already. Hint: you do *not* want dedup -- it sounds attractive, but really it's only useful in some quite limited circumstances and it needs a system with a very much larger quantity of RAM than you have. You can easily change zpool or ZFS properties after installation, but generally this leaves anything already written with the original settings= =2E >=20 > 4. root@p43200:~ # zfs list -r -t all bootpool > NAME USED AVAIL REFER MOUNTPOINT > bootpool 447M 1.52G 446M /bootpool >=20 > bootpool has only the default file system. >=20 > Question -- can I set ZFS file system options for bootpool during > installation? No, not unless you go down the route of setting up your pools etc. manually. Set the options once you've got the machine up and running. > 5. root@p43200:~ # geli list > Geom name: ada0s1d.eli > State: ACTIVE > EncryptionAlgorithm: AES-XTS > KeyLength: 256 > Crypto: software > Version: 7 > UsedKey: 0 > Flags: BOOT > KeysAllocated: 6 > KeysTotal: 6 > Providers: > 1. Name: ada0s1d.eli > Mediasize: 24293097472 (23G) > Sectorsize: 4096 > Mode: r1w1e1 > Consumers: > 1. Name: ada0s1d > Mediasize: 24293097984 (23G) > Sectorsize: 512 > Stripesize: 0 > Stripeoffset: 2147515904 > Mode: r1w1e1 >=20 > ada0s1d is consumed by geom_eli (GELI) and yields provider ada0s1d.= eli. >=20 > Question -- can I set encryption options for ada0s1d.eli during > installation? Not sure. Unless you know exactly what you're doing with crypto stuff, I'd advise taking the defaults the installer gives you, or you could accidentally end up with something less secure than you intended. > 6. root@p43200:~ # zfs list -r -t all zroot > NAME USED AVAIL REFER MOUNTPOINT > zroot 1.73G 20.4G 144K none > zroot/ROOT 411M 20.4G 144K none > zroot/ROOT/default 411M 20.4G 411M / > zroot/tmp 176K 20.4G 176K /tmp > zroot/usr 1.33G 20.4G 144K /usr > zroot/usr/home 144K 20.4G 144K /usr/home > zroot/usr/ports 813M 20.4G 813M /usr/ports > zroot/usr/src 545M 20.4G 545M /usr/src > zroot/var 1.31M 20.4G 688K /var > zroot/var/crash 148K 20.4G 148K /var/crash > zroot/var/log 212K 20.4G 212K /var/log > zroot/var/mail 144K 20.4G 144K /var/mail > zroot/var/tmp 152K 20.4G 152K /var/tmp >=20 > zroot has many file systems. >=20 > Question -- can I set ZFS file system options during installation? No -- this is a post installation job. The installer gets it pretty much right already in any case. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matthew@infracaninophile.co.uk --0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTHWc4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATAP0QAIBt/in7Efh6Uv2f6OvHXZxa 8YCoj7Q3rjy0LVj5ruoDkQfInWu0nUNX+QbXLPbwa3zm4Fiuirv+fLpXelEMeide Bw7GWEq9C/E/ANQOstYWkePYIk6SnIfn1Qok8QBlv7nFBmOjX2BF+iBosOf1UDjK EyRK7Rbwht8maMlsbiQGchGb8JuuCtEERhpwmQvK3c16q2RxE/x6EqG9IPivLRBf IN6Xwd4gE/UOpFIzBPhTyX5K1Awd9HMYBMlNmJUmVtFN9T1YFO8vMClDzFq2m/T3 01kRWTBt/7ABFTstb8+qqqV/u0IhEDL+rlyLEu4blWfWMKSAA4NxfhiVocRtnOPL OJzQ8NQ3MXmkFFH3TjhYf87HzzgxH1wUQlw5FBw5tLsp7ww7t+lzM/N3nfEYig73 1x+hvUIAP12BE27ZKG8H5gb6jYdCFAj+8gcsrut+BKjvmln4SHK/cq7WsU6/+O7L s8IQ70L7QxWD7zVs2ZTY9W5SHJaG0214ylFq/I9lYkQE8eTIWPYe8PPIKrQ3Xdh7 O/zmfUnL5oK+2Djc0jvpesJFZXm9KyJPW9p7Qg+wxKf8W+hyY0aelPm9qpUPqYkN sn9lnT/IoRJMbUzFTQjaoesx8jvkG6rdiSujfnSfLpCG4XQuDDhegw1p74SIscpz Lh+9TVzzNPDrRuiwPNgz =uBK8 -----END PGP SIGNATURE----- --0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0--