From a8f095b0abf98b743019aa61f59fae6a6b632e39 Mon Sep 17 00:00:00 2001 From: Aaron Taylor Date: Mon, 9 Nov 2020 00:26:52 -0800 Subject: [PATCH] Added "unix hints" and "freebsd file server" notes from old website to new. --- data/notes/freebsd_12_file_server.md | 189 +++++++++++++++++++++ data/notes/freebsd_12_file_server.metadata | 6 + data/notes/unix_misc.md | 51 ++++++ data/notes/unix_misc.metadata | 6 + 4 files changed, 252 insertions(+) create mode 100755 data/notes/freebsd_12_file_server.md create mode 100644 data/notes/freebsd_12_file_server.metadata create mode 100644 data/notes/unix_misc.md create mode 100644 data/notes/unix_misc.metadata diff --git a/data/notes/freebsd_12_file_server.md b/data/notes/freebsd_12_file_server.md new file mode 100755 index 0000000..6ede5de --- /dev/null +++ b/data/notes/freebsd_12_file_server.md @@ -0,0 +1,189 @@ +System Notes - talisker.SGK - File Server +========================================= + +These notes cover the creation of a FreeBSD fileserver serving encrypted ZFS +volumes via Samba. + +General Info +------------ + + Hostname: talisker.SGK + Version: FreeBSD 12.1 + + Motherboard: X8DT3-LN4F (manual saved in hw_support) + Processors: 2x L5630 Xeons (4 cores @ 2.13 GHz, low power) + Memory: 48 GB (12x 4GB R2 Registered ECC) + Note: Configured in lockstep mode, leaving 32 GB usable + Hard Drives: + 3x 120 GB Intel DC S3500 (3-way boot mirror) + 2x 8.0 TB WD Red (2-way mirror for media) + 3x 3.0 TB WD Red (3-way mirror for personal files) + 2x 2.0 TB used SAS (2-way mirror for scratch space) + Note: The onboard SAS controller is limited to 2.0 TB max drive size. + Consequently, one boot drive and the five drives >2.0 TB are on the + SATA channels and all remaining drives are on SAS, even though this + splits the boot mirror across controllers. + +Installed Ports +--------------- + + sysutils/screen + net/samba410 + -LDAP + -ADS + -AD_DC + (due to dependency errors, build devel/llvm80 and devel/meson first) + sysutils/zfs-stats + sysutils/zfstools + sysutils/bacula9-server + +MTX + dns/bind-tools + devel/git + irc/irssi + security/nmap + sysutils/smartmontools + archivers/zip + archivers/gtar + mail/ssmtp + +Encrypted ZFS Mirrors +--------------------- + +The following example creates a 2-way mirror using `ada1` and `ada2`. First, +create the encrypted devices. + + geli init -l 256 /dev/ada1 + geli init -l 256 /dev/ada2 + geli attach /dev/ada1 + geli attach /dev/ada2 + geli status + +In order to be prompted for the passphrase on boot, add the following line to +`/etc/rc.conf`. + + geli_devices="ada1 ada2" + +Next, create the ZFS mirror. Enable compression by default, using LZ4 since it +will abort the compression attempt if the initial results are not significant. + + zpool create zfs_mirror_1 mirror /dev/ada1.eli /dev/ada2.eli + zfs set compress=lz4 zfs_mirror_1 + zpool status + +Automated ZFS Snapshots +----------------------- + +Set the `com.sun:auto-snapshot` property on relevant zpools and verify it is +inherited. + + zfs set com.sun:auto-snapshot=true zfs_mirror_1 + +Create `/etc/cron.d/zfs-snapshots` with something like the following. + + PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin + 15,30,45 * * * * root /usr/local/sbin/zfs-auto-snapshot frequent 4 + 0 * * * * root /usr/local/sbin/zfs-auto-snapshot hourly 24 + 7 0 * * * root /usr/local/sbin/zfs-auto-snapshot daily 7 + 14 0 * * 7 root /usr/local/sbin/zfs-auto-snapshot weekly 4 + 28 0 1 * * root /usr/local/sbin/zfs-auto-snapshot monthly 12 + +Note that you can exclude specific snapshot intervals with the following +property (e.g. frequent, daily, etc). + + zfs set com.sun:auto-snapshot:frequent=false zfs_mirror_1 + +Automated ZFS Scrubs +-------------------- + +Create `/etc/cron.d/zfs-scrubs` with the following contents. + + PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin + 0 0 0 * * root /sbin/zpool scrub zroot + 0 0 0 * * root /sbin/zpool scrub zfs_mirror_1 + 0 0 0 * * root /sbin/zpool scrub zfs_mirror_2 + 0 0 0 * * root /sbin/zpool scrub zfs_mirror_3 + +Samba Notes +----------- + +Create `/usr/local/etc/smb4.conf` with the following contents. Add additional +entries for each zpool. + + [global] + workgroup = WORKGROUP + server string = Samba Server + netbios name = Talisker + wins support = Yes + security = user + passdb backend = tdbsam + ntlm auth = yes + + [zfs_mirror_1] + path = /zfs_mirror_1 + valid users = ataylor + writable = yes + browsable = yes + read only = no + guest ok = no + public = no + create mask = 0666 + directory mask = 0755 + +Create a Samba user, using a different password than the system account. + + pdbedit -a ataylor + +Manually start Samba. + + service samba_server start + +Configure Samba to autostart on boot by adding the following to `/etc/rc.conf`. + + samba_server_enable="YES" + +Status Emails +------------- + +After building, run `make replace` inside the `mail/ssmtp` port to +automatically disable sendmail/etc and replace with ssmtp. + +Create `/usr/local/etc/ssmtp/ssmtp.conf` with the following contents. + + # The person who gets all mail for userids < 1000 + # Make this empty to disable rewriting. + root=ataylor@subgeniuskitty.com + + # The place where the mail goes. The actual machine name is required + # no MX records are consulted. Commonly mailhosts are named mail.domain.com + # The example will fit if you are in domain.com and your mailhub is so named. + mailhub=mail.subgeniuskitty.com:465 + + # Where will the mail seem to come from? + rewriteDomain=subgeniuskitty.com + + # The full hostname + hostname=talisker.subgeniuskitty.com + + # Set this to never rewrite the "From:" line (unless not given) and to + # use that address in the "from line" of the envelope. + FromLineOverride=YES + + # Use SSL/TLS to send secure messages to server. + UseTLS=YES + + # Credentials accepted by remote SMTP server + AuthUser=ataylor@subgeniuskitty.com + AuthPass=password_goes_here + +Edit `/etc/passwd` and `/etc/master.passwd`, changing the name of the root +account from `Charlie &` to something suitable for the `FROM:` field in emails. +After, run `/usr/sbin/pwd_mkdb -p /etc/master.passwd`. + +Create `/etc/cron.d/status-emails` with suitable contents. For example: + + PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin + 0 0 * * 0 root /sbin/zpool list | /usr/bin/mail -s "talisker.SGK - zpool list" ataylor@subgeniuskitty.com + 0 0 * * 0 root /sbin/zpool status | /usr/bin/mail -s "talisker.SGK - zpool status" ataylor@subgeniuskitty.com + 0 0 * * 0 root /sbin/zfs list -t snapshot | /usr/bin/mail -s "talisker.SGK - zfs snapshots" ataylor@subgeniuskitty.com + 0 0 * * 0 root /sbin/zfs list | /usr/bin/mail -s "talisker.SGK - zfs list" ataylor@subgeniuskitty.com + 0 0 * * 0 root /usr/local/bin/zfs-stats -IMAE | /usr/bin/mail -s "talisker.SGK - zfs stats" ataylor@subgeniuskitty.com diff --git a/data/notes/freebsd_12_file_server.metadata b/data/notes/freebsd_12_file_server.metadata new file mode 100644 index 0000000..1cc9f99 --- /dev/null +++ b/data/notes/freebsd_12_file_server.metadata @@ -0,0 +1,6 @@ +[DEFAULT] +page_title = FreeBSD 12 File Server +meta_keywords = +meta_description = +menu_text = FreeBSD 12 File Server +menu_priority = 9000 diff --git a/data/notes/unix_misc.md b/data/notes/unix_misc.md new file mode 100644 index 0000000..5b8b3a8 --- /dev/null +++ b/data/notes/unix_misc.md @@ -0,0 +1,51 @@ +# Redirect File Descriptor of Running Process # + +This note explains how to redirect `stdin` (or any other file descriptor) of a +pre-existing process using the GNU debugger (`gdb`) and a FIFO. It was tested +on FreeBSD 11. + +An example of use would be saving the contents of remote `vi` sessions after +they are detached due to a dropped connection. + +First, make a FIFO: + + $ mkfifo /tmp/vififo + +Assuming there is a pre-existing `vi` session with PID `91266`, connect +with `gdb`, close file descriptor `0` and reopen it as a connection to the +FIFO with the `call close` and `call open` commands. + + $ gdb -p 91266 + + Attaching to process 91266 + + (gdb) call close (0) + $1 = 0 + (gdb) call open ("/tmp/vififo", 0600) + +At this point `gdb` will appear to hang. Leave it and open a new terminal. Use +`echo` to send characters to the process through the FIFO. + +Special characters may be escaped by pressing `Ctrl-V` followed by the +character. For example, to send an `Escape`, press `Ctrl-V` followed by +`Escape` which results in an `Escape` code, or `^[`. + +Continuing the example, tell `vi` to save the current buffer to a file. + + $ echo "^[:w /tmp/vi_recover.txt" > /tmp/vififo + +After this command the `gdb` session should start responding again, returning +to a `(gdb)` prompt. Exit `gdb`. + + $2 = 0 + (gdb) quit + A debugging session is active. + + Inferior 1 [process 91266] will be detached. + + Quit anyway? (y or n) Y + Detaching from program: /hh/bin/vi, process 91266 + [Inferior 1 (process 91266) detached] + +The characters have now been received by `vi` and a file should be waiting at +`/tmp/vi_recover.txt`. diff --git a/data/notes/unix_misc.metadata b/data/notes/unix_misc.metadata new file mode 100644 index 0000000..f7cbb63 --- /dev/null +++ b/data/notes/unix_misc.metadata @@ -0,0 +1,6 @@ +[DEFAULT] +page_title = Misc UNIX Notes +meta_keywords = +meta_description = +menu_text = UNIX Misc +menu_priority = 3000 -- 2.20.1