Category Archives: Uncategorized

Valuable News – 2022/05/16

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

OPNsense 22.1.7 Released.
https://forum.opnsense.org/index.php?topic=28303.0

TrueNAS 13.0 Succeeds TrueNAS 12.0.
https://www.truenas.com/blog/truenas-13-0-succeeds-truenas-12-0/

OpenBSD on 2020 M1 MacBook Air.
https://kernelpanic.life/hardware/openbsd-m1-macbook-air.html

Enterprise Strength FreeBSD Based TrueNAS 13.0 Released.
https://www.theregister.com/2022/05/11/truenas_13_released/

Thunderbird 102 – 7 Great New Features Coming.
https://blog.thunderbird.net/2022/05/7-great-new-features-coming-to-thunderbird-102/

Nvidia Releases Open Source GPU Kernel Modules.
https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/

Modernize Your Oracle Workloads to PostgreSQL with Database Migration Service.
https://cloud.google.com/blog/products/databases/migrate-oracle-to-postgresql

Customizing FreeBSD Ports and Packages.
https://klarasystems.com/articles/customizing-freebsd-ports-and-packages/

Get Started with Bareos – Open Source Client Server Backup Solution.
https://opensource.com/article/22/5/bareos-open-source-client-server-backup-solution

BSD Now 454 – Compiling 50% Faster.
https://www.bsdnow.tv/454

FreeBSD as Desktop – Here is How.
https://www.youtube.com/watch?v=94RWnYI0Ul0

Power of Red Hat Ecosystem.
http://aikchar.me/blog/power-of-the-red-hat-ecosystem.html

FreeBSD Networking Basics – WiFi and Bluetooth.
https://freebsdfoundation.org/freebsd-project/resources/networking-basics-wifi-and-bluetooth/

Lets Have a Look at FreeBSD Bhyve VMs.
https://www.youtube.com/watch?v=1B89B9TQXuI

The as-tree(1) Prints List of Paths as Tree.
https://github.com/jez/as-tree

In Other BSDs for 2022/05/14.
https://www.dragonflydigest.com/2022/05/14/26919.html

Starting at Beginning – FreeBSD Shell.
https://klarasystems.com/articles/interacting-with-freebsd-learning-the-fundamentals-of-the-freebsd-shell-2/

Own Your Calendar and Contacts with OpenBSD/Baikal/FOSS Android.
https://baak6.com/baikal-openbsd-fossdroid/

FreeBSD 13.1-RELEASE Release Notes.
https://www.freebsd.org/releases/13.1R/relnotes/

OpenZFS: All About Cache vdev or L2ARC.
https://klarasystems.com/articles/openzfs-all-about-l2arc/

Hardware

MIPS unveils RISC-V eVocore P8700 and I8500 Multiprocessor IP Cores.
https://www.cnx-software.com/2022/05/11/mips-unveils-risc-v-evocore-p8700-and-i8500-multiprocessor-ip-cores/

Internal Computer Storage Types – Pros and Cons.
https://www.onlogic.com/company/io-hub/internal-computer-storage-types-pros-and-cons/

Wireless is a Trap.
https://www.benkuhn.net/wireless/

Other

Hackers – 20 Years of Awesome.
https://www.scip.ch/en/?labs.20151112

Fallout 2 Reference Edition – Reverse Engineering by Alexander Batalov.
https://nma-fallout.com/threads/fallout-2-reference-edition-reverse-engineering-fallout-2-by-alexander-batalov.221139/
https://medium.com/@alex.batalov/reverse-engineering-fallout-2-5dad1421de21

Firefox 100 Improved Process Isolation.
https://hacks.mozilla.org/2022/05/improved-process-isolation-in-firefox-100/

50 Years Ago Andrei Tarkovsky Made Most Disturbing Sci-Fi Movie Ever.
https://www.inverse.com/entertainment/solaris-50-year-anniversary

ONKYO Has Gone Bankrupt.
https://www.lbtechreviews.com/news/hi-fi/onkyo-has-gone-bankrupt

EOF

Valuable News – 2022/05/10

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Branching for NetBSD 10.
https://mail-index.netbsd.org/current-users/2022/05/02/msg042278.html

Compiling OpenBSD Kernel 50% Faster.
https://flak.tedunangst.com/post/compiling-an-openbsd-kernel-50-faster

OmniOSce v11 r151042 Release Notes.
https://github.com/omniosorg/omnios-build/blob/r151042/doc/ReleaseNotes.md

PyScript is Pythonic Alternative to Scratch/JSFiddle/Other Programming Frameworks.
https://github.com/pyscript/pyscript

Forgetting About Problem of Memory.
https://davmac.wordpress.com/2022/04/30/forgetting-about-the-problem-of-memory/

How to Contribute to OpenBSD Project.
https://dataswamp.org/~solene/2022-05-03-contributing-to-openbsd.html

Export Your FreeBSD iocage Jails.
https://www.youtube.com/watch?v=UuxBuUO32Xs

Bash Oneliners.
https://github.com/onceupon/Bash-Oneliner

FreeBSD ZFS Image for Vultr.
https://github.com/5u623l20/vultr-freebsd-zfs

FreeBSD Driver Updates for Apple Mac Models.
https://twitter.com/FreeBSDHelp/status/1521997142889762816

AppManager is GUI for OpenBSD Package Manager.
https://tildegit.org/solene/AppManager

FreeBSD 13.1-RC6 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2022-May/000762.html

FreeBSD 13.1-RC6 Released Due to Lingering Bugs.
https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-13.1-RC6-Released

FreeBSD Foundation – Lets Talk About Foundation Funding.
https://freebsdfoundation.org/blog/lets-talk-about-foundation-funding/

Top 5 Features of FreeBSD!
https://www.youtube.com/watch?v=sfQcjIt9vTE

SmartOS 20220505 Release.
https://smartos.topicbox.com/groups/smartos-discuss/T51a4f5f4992e2624-Mc0572c1592472d3679eecffa/smartos-release-20220505

MyBee – Most Simplified FreeBSD Based API for Creating and Destroying K8S and Cloud VMs.
https://myb.convectix.com/
https://github.com/myb-project/guide

BSD Now 453 – TwinCat/BSD Hypervisor.
https://www.bsdnow.tv/453

XigmaNAS 12.3.0.4.9047 Released.
https://sourceforge.net/projects/xigmanas/files/XigmaNAS-12.3.0.4/12.3.0.4.9047/

FreeBSD in the Office – Blue Sky Thinking!
https://www.youtube.com/watch?v=O-UM7aDv_xE

My OpenBSD Desktop – Move from FreeBSD.
https://blog.passwordclass.xyz/blogs/2022/05/my-openbsd-desktop.html

How to Mount NTFS Filesystem on FreeBSD/NetBSD/OpenBSD.
https://www.pc-freak.net/blog/how-to-mount-ntfs-windows-xp-filesystem-on-freebsd-netbsd-openbsd/

In Other BSDs for 2022/05/07.
https://www.dragonflydigest.com/2022/05/07/26892.html

Viable Alternative – FreeBSD 13.0 not RPi OS on Raspberry Pi.
https://www.youtube.com/watch?v=Cx7_zvh-b6k

OpenBSD 7.1 Fan Noise and High Temperature Solution.
https://dataswamp.org/~solene/2022-04-21-openbsd-71-fan-noise-temperature.html

ZFS on SMR Drives.
https://vermaden.wordpress.com/2022/05/08/zfs-on-smr-drives/

Hardware

India Launches Digital India RISC-V (DIR-V) Program.
https://pib.gov.in/PressReleaseIframePage.aspx?PRID=1820621

Flagship cirrus7 System is Now Available with AMD and Intel Latest CPUs.
https://www.fanlesstech.com/2022/05/alder-lake-nimbus-available.html

Wide (and Weird) World of Two Screen Laptops. [2008]
https://www.technologizer.com/2008/12/19/two-screen-laptops/

Corsair K70 RGB TKL Optical Mechanical Keyboard.
https://www.techpowerup.com/review/quick-look-corsair-k70-rgb-tkl-champion-series-optical-mechanical-keyboard/

Topton M6 Quad Core Intel N5105 with 16GB RAM and 2.5GbE LAN Mini PC Review.
https://www.servethehome.com/topton-m6-review-an-intel-jasper-lake-mini-pc-with-2-5gbe-n5105/

Firefly RK3588S – Fastest ARM Based SBC We Ever Tested.
https://www.youtube.com/watch?v=WlECRxfqWrs

Explaining RISC-V – x86 and ARM Alternative.
https://www.youtube.com/watch?v=Ps0JFsyX2fU

Life

My Experience Getting Tech Job with No Degree or Relevant Work Experience.
https://lowlyswe.substack.com/p/my-experience-getting-a-tech-job?s=r

IBM Asshole Test.
https://johnpublic.mataroa.blog/blog/the-asshole-test/

Other

Real Reason First Version of Windows NT Was Called 3.1.
https://liam-on-linux.dreamwidth.org/83538.html

EOF

ZFS on SMR Drives

The ZFS filesystem (more often called OpenZFS lately – as the project name) is a great filesystem for many purposes. From home or desktop/laptop solutions to enterprise offerings. Traditional disk drives have non overlapping magnetic tracks parallel to each other. These are PMR disks (Perpendicular Magnetic Recording). Hard disk drive manufacturers – to pack even more data into the same size platters – also offer SMR disks. In SMR disks data tracks are written to overlap part of previously written track – this results in narrower tracks and higher density. I will try to visualize this difference below using my favorite Enterprise Architect ASCII Edition software.

 PMR                    SMR

[xxx][___][___][___]   [xx[__[__[___]
[___][xxx][___][___]   [__[xx[__[___]
[___][___][xxx][___]   [__[__[xx[___]
[___][___][___][xxx]   [__[__[__[xxx]
[___][xxx][___][xxx]   [__[xx[__[xxx]
[xxx][___][___][xxx]   [xx[__[__[xxx]

12345678901234567890   12345678901234

I marked the filled blocks on both disks with xxx marks. As you can compare the below ‘size’ of the taken place the same data on SMR disk takes less physical space then on traditional PMR drives. This comes at a price through. Writes are little ‘crippled’ comparing to PMR drives. Especially heavy and random I/O writes are ‘problematic’ and slower on SMR drives … but it does not mean they are useless.

disk

For the backup or clone purposes they are more then enough. I personally use SMR drives for my backup solutions. Its just about price/performance ratio.

Here are mine backup solutions based on the SMR drives:

Speed

How ZFS behaves on SMR drives? Very well I would say. ZFS tries to pack as much random I/O into sequential with its ZFS features – described in detail in the zpool-features(7) man page for example.

I recently tried ZFS on top of GELI encrypted partition on a 5 TB external USB SMR drive. I needed to copy little more then 3 TB of data there. I used rsync(1) for that purpose. These are the arguments I use for my rsync(1) jobs.

% rsync --modify-window=1 -l -t -r -D -v -S -H --force    \
        --progress --no-whole-file --numeric-ids --delete \
        /files/ /media/external/files/

Of course I do not write all these options by hand – I just a script wrapper for that – rsync-delete.sh – available on my scripts page.

As I started to copy files on the drive I watched the write speeds using iostat(8) and zpool-iostat(8) tools. I expected quite slow operation but even with the enabled zstd compression and AES-XTS 256bit GELI encryption I got pretty decent results.

Here are the iostat(8) results. Each line means average of 10 minutes (600 seconds). Check the speeds for da0 drive below.

% iostat 600
       tty            ada0             ada1              da0             cpu
 tin  tout KB/t  tps  MB/s  KB/t  tps  MB/s  KB/t  tps  MB/s  us ni sy in id
   1     1  513  120  59.9  29.5   39   1.1   742   65  46.8   4  8 17  2 69
   0     2  615   94  56.6  19.1   22   0.4   751   68  49.8   1  3 14  1 82
   0     0  561  106  57.9  17.9   20   0.4   760   70  52.0   1  2 14  1 82
   0     0 1015   57  56.8  18.4   16   0.3   769   68  50.9   1  3 15  1 81
   0     0 1017   57  56.3  18.5   16   0.3   757   68  50.6   1  3 14  1 81
   0     1  752   72  53.0  16.6   23   0.4   765   67  50.1   1  1 13  0 85
   0     0 1014   51  50.1  16.5   21   0.3   723   68  48.3   1  1 13  0 86
   0     0 1012   51  50.2  19.8   18   0.3   743   68  49.2   1  1 12  0 86

And here are the zpool-iostat(8) results.

% zpool iostat POOL 600
              capacity     operations     bandwidth
pool        alloc   free   read  write   read  write
----------  -----  -----  -----  -----  -----  -----
POOL        3.18T  1.37T      7     56  53.5K  40.7M
POOL        3.20T  1.34T      0     57  9.01K  41.4M
POOL        3.22T  1.33T      0     47  3.29K  32.3M
POOL        3.24T  1.31T      0     47  5.59K  33.9M
POOL        3.25T  1.29T      0     43  3.39K  24.3M
POOL        3.27T  1.28T      0     42  3.01K  25.5M
POOL        3.28T  1.27T      0     44  3.14K  26.8M
POOL        3.29T  1.26T      0     42  3.49K  23.9M

The drive was attached over USB 3.0 port so there was not 35 MB/s limitation from USB 2.0 port. I would say that the results are very decent and consistent.

Tuning

There are several settings that can help you squeeze maximum from these SMR drives on ZFS filesystem.

First are ZFS pool settings. You want the latest zstd compression to save some space. Also better compression means less physical bytes need to be written to the drive so less I/O operations. You should also turn atime into off state as it will not be needed. You should also increase recordsize to something really big like 1m (1 megabyte) so you will get higher compressratio and also will need to have less metadata for more ZFS blocks. Keep in mind that ZFS will still use variable block size and not only the 1m maximum. If something is smaller (like 100k) then it would take for example 80k (after applied zstd compression). You will not waste 920k here πŸ™‚

Keep in mind that most newer and larger drives use 4k blocks (instead of 512b). Sometimes its 512e method which means that drive firmware will ‘present’ device with 512b blocks while underneath these eight 512k blocks just lay down on a single 4k block. For these reasons its important to keep in mind several things.

When adding new partitions with gpart(8) remember to align them to 4k with -a 4k argument.

# gpart add -t freebsd-zfs -a 4k da0

Next – when initializing the geli(8) encryption layer – make sure you add -s 4096 argument.

# geli init -s 4096 /dev/da0p1

The last thing is ZFS pool creation with proper ashift property – it can not be changed later. On FreeBSD UNIX its done that way:

# sysctl vfs.zfs.min_auto_ashift=12
# zpool create POOL da0
# zdb -C POOL | grep ashift
                ashift: 12

If you are curious what 12 means then below table will help you:

ASHIFT  BLOCKSIZE
     9  512b
    10  1k
    11  2k
    12  4k
    13  8k

Last but not least is the redundant_metadata option. By default its at all setting but its desired to set it into the most state. Do you need redundant metadata? I think not. When your single drive will fail the redundant metadata would not help and if your ZFS pool have some redundancy level like raidz or mirror then redundant metadata is also not needed because its just ‘normally’ redundant being spread across several disks.

Keep in mind that ZFS resilver process on some of these SMR drives can take forever. Some people from Reddit reported that they successfully resilvered their ZFS pools with SMR drives but that does not have to be the case for all SMR drives out there. You can also check Ars Technica tests of resilver on SMR disks.

Here is the summary of ZFS tunables suggested – you will find in depth description of all of them in the zfsprops(7) man page.

# zfs set redundant_metadata=most POOL
# zfs set compression=zstd        POOL
# zfs set atime=off               POOL
# zfs set recordsize=1m           POOL

The TRIM operations upon deletion create additional unwanted ‘stress’ for SMR drives and TRIM operations are not needed on non-SSD drives so you can disable them entirely on the ZFS pool level.

# zpool autotrim=off POOL

If needed you can manually trigger the TRIM operations with this command.

# zpool trim POOL
# zpool status POOL
  pool: POOL
 state: ONLINE
  scan: scrub repaired 0B in 02:17:22 with 0 errors on Sun May  8 05:18:22 2022
config:

        NAME          STATE     READ WRITE CKSUM
        POOL          ONLINE       0     0     0
          da0p1.eli   ONLINE       0     0     0  (trimming)

errors: No known data errors


If you do not want to disable TRIM operations then you can limit their rate. By default the TRIM commands are executed at 64 rate. You can limit them to 1 and still have them enabled with following sysctl(8) tunable.

# sysctl vfs.zfs.vdev.trim_max_active=1

If you want to make it survive across reboots then put it into the /etc/sysctl.conf file.

Logic could suggest that simpler/older filesystems such as FreeBSD UFS for example could be more suitable solution for SMR drives … but the reality shows that not so much. Check this Reddit thread for example – Appalling Performance on External USB SMR Drive – to name just one.

Hope this article will help you get most of your SMR drives.

Regards.

EOF

Valuable News – 2022/05/02

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Open Source Voices 29 – Deb Goodkin – Executive Director of FreeBSD Foundation.
https://www.opensourcevoices.org/29

SELinux is Unmanageable – Just Turn It Off If It Gets in Your Way.
https://www.ctrl.blog/entry/selinux-unmanageable.html

I Ported New Hare Compiler to OpenBSD.
https://briancallahan.net/blog/20220427.html

Upload FreeBSD Custom Image on DigitalOcean.
https://www.adminbyaccident.com/freebsd/how-to-upload-a-freebsd-custom-image-on-digitalocean/

Vuls 0.19.6 Released – Vulnerability Scanner for Linux and FreeBSD.
https://securityonline.info/vuls-vulnerability-scanner-linuxfreebsd/

OPNsense 22.1.6 Released.
https://meterpreter.org/opnsense/

FreeBSD Networking Basics – WiFi and Bluetooth.
https://freebsdfoundation.org/freebsd-project/resources/networking-basics-wifi-and-bluetooth/

Building Your Own FreeBSD Based NAS with ZFS – Part 2.
https://klarasystems.com/articles/part-2-tuning-your-freebsd-configuration-for-your-nas/

Black FreeBSD sddm Theme.
https://github.com/gregf/sddm-freebsd-purplish

The httm is Dream of CLI ZFS Time Machine.
https://github.com/kimono-koans/httm

Nice FreeBSD dwm Config.
https://www.reddit.com/r/unixporn/comments/udu9iq/dwm_linux_is_cool_but_freebsd_is_cooler/
https://gitlab.com/vladimir235ivakh/freebsd-dwm/-/tree/main/

Why Do I Keep Coming Back to BSD?
https://jrgsystems.com/posts/2022-04-28-why-i-keep-coming-back-to-bsd/

FreeBSD 13.1-RC5 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2022-April/000735.html

Running Commands on Remote Linux/FreeBSD/UNIX Host.
https://www.cyberciti.biz/tips/linux-running-commands-on-a-remote-host.html

FreeBSD Games Directory.
https://github.com/tigersharke/FreeBSD-Games-Directory

Back to Drawing Board – Ansible Training Machines.
https://jpmens.net/2022/04/28/back-to-the-drawing-board-ansible-training-machines/

Xlibe is X11 Xlib Compatibility Layer Implemented on Top of Haiku API.
https://github.com/waddlesplash/xlibe

Setup Bluetooth on FreeBSD.
https://www.youtube.com/watch?v=nNQ1-M23HJI

Probing My SSD Latency.
https://flak.tedunangst.com/post/probing-my-ssds-latency

Loving FreeBSD Indie Games.
https://www.youtube.com/watch?v=MO8_RJQTg0g

Redox OS 0.7.0 Available.
https://www.redox-os.org/news/release-0.7.0/

In Other BSDs for 2022/04/30.
https://www.dragonflydigest.com/2022/04/30/26878.html

BSD Now 452 – Unknown Hackers.
https://www.bsdnow.tv/452

Use freebsd-update-probe.sh to Efficiently Determine if Updates for FreeBSD are Required.
https://github.com/tux2bsd/freebsd-update-probe

Install FreeBSD with XFCE and NVIDIA Drivers. [2021]
https://nudesystems.com/install-freebsd-with-xfce-and-nvidia-drivers/

Running Solaris 11.4 CBE as QEMU/NVMM Guest.
https://retrobsd.ddns.net/s2dwt9.htm

Hardware

Morefine S500+ Review – AMD Ryzen 7 5700U Mini PC.
https://www.cnx-software.com/2022/04/26/morefine-s500-review-amd-ryzen-7-5700u-mini-pc-windows-11-ubuntu-20-04/

Life

North Koreans Jailbreaking Phones to Access Forbidden Media.
https://www.wired.com/story/north-korean-phone-jailbreakers/

New Hypothesis of Obesity – Dr. Michael Eades.
https://www.youtube.com/watch?v=pIRurLnQ8oo

103 Bits of Advice I Wish I Had Known.
https://kk.org/thetechnium/103-bits-of-advice-i-wish-i-had-known/

Other

I Already Love The Invincible Robots.
https://www.thegamer.com/the-invincible-robots/

EOF

Valuable News – 2022/04/25

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Stars of FreeBSD – FreeBSD Foundation.
https://www.youtube.com/watch?v=wqiZ-1qv3Uw

The iblock – Block Scanner TCP Connections Under OpenBSD.
https://doc.huc.fr.eu.org/en/monitor/iblock-openbsd/

Operating Systems Battle: OpenBSD vs NixOS.
https://dataswamp.org/~solene/2022-04-18-openbsd-vs-nixos.html

How to Talk to Local IPMI Under OpenBSD.
https://utcc.utoronto.ca/~cks/space/blog/unix/OpenBSDLocalIPMI

Install OpenBSD/riscv64 on QEMU.
https://briancallahan.net/blog/20220418.html

Interacting with FreeBSD – Fundamentals of FreeBSD Shells.
https://klarasystems.com/articles/interacting-with-freebsd-learning-the-fundamentals-of-the-freebsd-shell-2/

Google Drive on FreeBSD.
https://www.youtube.com/watch?v=Ly7ve5r4hG0

Memray Memory Profiler for Python Just went Open Source.
https://github.com/bloomberg/memray

OpenBSD 7.1 Fan Noise and High Temperature Solution.
https://dataswamp.org/~solene/2022-04-21-openbsd-71-fan-noise-temperature.html

OPNSense – Powerful Open Source Network Firewall and Router.
https://www.youtube.com/watch?v=Qrglquxw-6I

OpenBSD 7.1 Released.
https://www.openbsd.org/71.html

OpenBSD Webzine – Issue 9.
https://webzine.puffy.cafe/issue-9.html

FreeBSD 13.0-RC4 Now Available.
https://lists.freebsd.org/pipermail/freebsd-stable/2021-March/093374.html

FreeBSD 13.0-RC4 Released with POWER Fixes and Other Bugs Addressed.
https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-13.0-RC4-Released

Smooth Mouse and Clipboard Sharing and Auto Resize on Xorg and FreeBSD with VMware Tools.
http://www.unibia.com/unibianet/freebsd/vmware-tools-smooth-mouse-clipboard-sharing-auto-resize-xorg-and-freebsd

OpenBSD 7.1 RELEASED.
https://marc.info/?l=openbsd-announce&m=165054715122282

WiFi 802.11ac on FreeBSD with wifibox.
https://jrgsystems.com/posts/2022-04-20-802.11ac-on-freebsd-with-wifibox/

Tribblix in the AWS Cloud.
http://www.tribblix.org/aws.html

Apple Discontinues Mac OS X Server.
https://www.osnews.com/story/134804/apple-discontinues-macos-server/

New FreeBSD Foundation Board Member Interview – Cat Allman.
https://freebsdfoundation.org/blog/new-board-member-interview-cat-allman/

How to Run FreeBSD/aarch64 (arm64) and FreeBSD/riscv64 Images Under FreeBSD/amd64 (x86_64).
https://gist.github.com/Mostly-BSD/4f193574f507865308281c8dfa96a2ab

BSD Now 451 – Tuning ZFS Recordsize.
https://www.bsdnow.tv/451

My Polyamorous Relationship with Operating Systems: FreeBSD/openSUSE/Fedora.
https://peter.czanik.hu/posts/polyamorous-relationship-freebsd-opensuse-fedora/

Reduce httpd Web Server Bandwidth Usage by Serving Compressed Files.
https://dataswamp.org/~solene/2022-04-22-openbsd-httpd-gzip.html

LibreSSL 3.5.2 Release Notes.
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.2-relnotes.txt

Building FreeBSD from Source into BE.
https://hackmd.io/@dch/r1X8LNVaB

In Other BSDs for 2022/04/23.
https://www.dragonflydigest.com/2022/04/23/26861.html

OpenBSD 7.1 is Out Including Apple M1 Support.
https://www.theregister.com/2022/04/22/openbsd_71_released_including_apple/

BVCP Web Interface for Bhyve Hypervisor on BSD.
https://www.youtube.com/watch?v=huwVFZdOBQk

Hardware

Unannounced MeLE Quieter3Q Spotted.
https://www.fanlesstech.com/2022/04/unannounced-mele-quieter3q-available.html

Lenovo Notebook BIOS Vulnerabilities.
https://support.lenovo.com/us/en/product_security/len-73440

Framework Laptop Mainboard.
https://github.com/FrameworkComputer/Mainboard

How Retool Upgraded Our 4 TB PostgreSQL Database.
https://retool.com/blog/how-we-upgraded-postgresql-database/

EC-I3588J 8-Core 8K Computer.
https://en.t-firefly.com/product/industry/eci3588j

StarFive Peleases Perf Tool for Highest Performance RISC-V CPU.
https://www.cnx-software.com/2022/04/24/starfive-releases-perf-tool-for-highest-performance-risc-v-ip-dubhe/

Lenovo ThinkStation P340 Tiny PC with NVIDIA GPU Review.
https://www.servethehome.com/lenovo-thinkstation-p340-tiny-1l-pc-with-nvidia-gpu-review-intel/

Life

Monopoly on Your Mind – Part 1 – Consolidation Craze and Illusion of Choice.
https://rebeccastrong.substack.com/p/big-media-big-conflicts-of-interest

Other

Experts Suggest that Leaked Game Boy Emulators for Switch Were Made by Nintendo.
https://www.osnews.com/story/134799/leaked-game-boy-emulators-for-switch-were-made-by-nintendo-experts-suggest/

Fixing Entire Super Mario 64 Source Code – Insane N64 Performance.
https://www.youtube.com/watch?v=t_rzYnXEQlE

EOF

Valuable News – 2022/04/19

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

FreeBSD with 0.01% Desktop Operating System Market Share Worldwide.
https://gs.statcounter.com/os-market-share/desktop/worldwide/#monthly-200901-202108

Impressions from First Time Mac User.
https://loganmarchione.com/2022/04/impressions-from-a-first-time-mac-user/

Fuzzing FreeBSD 12.3.
https://code610.blogspot.com/2022/04/fuzzing-freebsd-123.html

Use FreeBSD and Old PC for NAS.
https://www.youtube.com/watch?v=sM-9Qm5vGTs

OpenBSD is Based.
https://www.youtube.com/watch?v=KeUsE-3nSes

OpenBSD 7.1 and Calm Window Manager (CWM).
https://www.youtube.com/watch?v=h2uaTIi5jTw

Ten Reasons I Love OpenBSD.
https://www.youtube.com/watch?v=N8foGWujObk

PekWM FreeBSD Desktop.
https://www.youtube.com/watch?v=RAVk0quXLu0

Solaris 11.4 CBE Free for Open Source Developers and Non Production Use.
https://www.phoronix.com/scan.php?page=news_item&px=Oracle-Solaris-11.4-CBE

Improving Replication Security with OpenZFS Delegation.
https://klarasystems.com/articles/improving-replication-security-with-openzfs-delegation/

FreeBSD Foundation Spring 2022 Update.
https://freebsdfoundation.org/news-and-events/newsletter/freebsd-foundation-spring-2022-update/

FreeBSD Foundation – Fundraising Update 2022 Q1.
https://freebsdfoundation.org/blog/fundraising-update-q1-2022/

Introduction to FreeBSD Jails.
https://freebsdfoundation.org/freebsd-project/resources/introduction-to-freebsd-jails/

FreeBSD 13.1 on ThinkPad W520.
https://vermaden.wordpress.com/2022/04/14/freebsd-13-1-on-thinkpad-w520/

OPNsense 22.1.6 Released.
https://forum.opnsense.org/index.php?topic=27943.0

Upcomming FreeBSD 13.1-RELEASE Interesting Changes.
https://blog.passwordclass.xyz/blogs/2022/04/freebsd-13-1-release.html

BSD Now 450 – Unix Tool Writing.
https://www.bsdnow.tv/450

Cron Best Practices.
https://blog.sanctum.geek.nz/cron-best-practices/

Haiku Activity and Contract 2022/03 Report.
https://www.haiku-os.org/blog/waddlesplash/2022-04-08_haiku_activity_contract_report_march_2022/

FreeBSD 13.1-RC3 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2022-April/000718.html

FreeBSD 13.1-RC3 Brings ZSTD for Libarchive and Build Fixes.
https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-13.1-RC3-Released

FreeBSD Framework Laptop Page Updated.
https://wiki.freebsd.org/Laptops/Framework_Laptop

Citadel Compiles on FreeBSD.
https://uncensored.citadel.org/readfwd?go=Citadel%20Support?start_reading_at=2099298416#2099298416

Quick FreeBSD DHCP Server in Less than 10 Minutes.
https://www.youtube.com/watch?v=in9hB4zOQ1Y

Shrinking ZFS Root Pool – HDD to SSD Migration.
https://blog.grem.de/sysadmin/Shrinking-ZFS-Pool-2014-05-29-21-00.html

Celebrating 50 Years of UNIX Operating System.
http://unix50.org/

Welcome and Unwelcome Technologies in helloSystem.
https://github.com/helloSystem/hello/wiki/Welcome-and-unwelcome-technologies/

In Other BSDs for 2022/04/16.
https://www.dragonflydigest.com/2022/04/16/26843.html

FreeBSD Foundation – FreeBSD Timeline.
https://freebsdfoundation.org/freebsd/timeline/

FreeBSD WiFi Status Update.
https://lists.freebsd.org/archives/freebsd-wireless/2022-April/000451.html

Migrating ZFS Pool to Smaller Disk.
https://imil.net/blog/posts/2022/migrating-zpool-to-a-smaller-disk/

Linux Capabilities to FreeBSD Capsicum.
https://lists.freebsd.org/archives/freebsd-hackers/2022-April/001028.html

Beckhoff FreeBSD Hypervisor Enables Virtual Machines for Control Applications.
https://www.automationworld.com/control/article/22144694/beckhoff-hypervisor-enables-virtual-machines-for-control-applications

Hardware

CHUWI RZBOX AMD Ryzen 9 4900H Mini PC Review.
https://www.servethehome.com/chuwi-rzbox-amd-ryzen-9-4900h-mini-pc-review/

Where Can I See Many Examples of Real Companies Software Architecture?
https://news.ycombinator.com/item?id=30986893

ASRock 4X4 BOX-5000 Mini PC with AMD Zen 3 Ryzen 5000 U-Series CPU.
https://www.cnx-software.com/2022/04/12/asrock-4×4-box-5000-series-mini-pc-features-amd-zen-3-ryzen-5000-u-series-processor/

Ever Wonder How Far Passive Cooling Can Go?
https://www.fanlesstech.com/2022/04/ever-wonder-how-far-passive-cooling-can.html

Minisforum GK50 with Pentium N5030 and 8 GB RAM Available.
https://www.fanlesstech.com/2022/04/minisforum-gk50-available.html

New Heat Engine with No Moving Parts as Efficient as Steam Turbine.
https://news.mit.edu/2022/thermal-heat-engine-0413

ASRock Industrial Unveils 4X4 BOX-5000 Series with AMD Zen 3 Ryzen 5000 APUs.
https://www.techpowerup.com/293818/asrock-industrial-unveils-the-4×4-box-5000-series-with-amd-zen-3-ryzen-5000-apus-for-energized-performance

ECS Announces LIVA One A300 Mini-PC with AMD Ryzen and Athlon CPUs.
https://www.techpowerup.com/293822/ecs-announces-liva-one-a300-mini-pc

Fanless Intel J4125 4x i225 Virtualized Firewall Appliance Review.
https://www.servethehome.com/topton-intel-j4125-4x-i225-fanless-virtualized-firewall-appliance-review-pfsense-opnsense-proxmox-ve/

A500 Mini Review.
https://lyonsden.net/the-a500-mini-review/

Other

New Chapter Begins for Triton and SmartOS.
https://www.joyent.com/blog/a-new-chapter-begins-for-triton-and-smartos

Video Conferencing Apps May Listen Even when Mic is Off.
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/

DuckDuckGo Removes Pirate Sites and YouTube-DL from Its Search Results.
https://torrentfreak.com/duckduckgo-removes-pirate-sites-and-youtube-dl-from-its-search-results-220415/

EOF

FreeBSD 13.1 on ThinkPad W520

I created whole FreeBSD Desktop series … but I never created an article describing how I run FreeBSD on my own daily driver – the Lenovo ThinkPad W520 from 2011 – the last one with the so much appreciated 7-row keyboard. In this article I will share how I configured FreeBSD to make the most of it. If you are curious why I use such old laptop then my older Epitaph to Laptops article explains that in detail.

This is the Table of Contents for this article.

  • FreeBSD 13.1 on ThinkPad W520
  • ThinkPad W520
  • Specifications
  • FreeBSD System Configuration
  • Desktop Environment
    • Openbox
    • XFCE
    • GNOME
  • Accessories
    • Smaller Power Supply
    • Mouse Companion
    • Two Additional USB 3.0 Ports
    • Larger Custom Battery
  • Experience
  • Summary

ThinkPad W520

This machine was out-fucking-standing when it was released in 2011 … and expensive as hell also πŸ™‚ With 4 physical cores and up to 32 GB RAM only a few laptops could compete with it – Dell Precision M4600 – also could do that back then … but not exactly the same. You see – the last Dell Precision to carry similar 7-row keyboard was Dell Precision M4500 – but that one was from 2010 and was able to pack only … 8 GB RAM (official) and 16 GB RAM (unofficial) – so its not a fair comparison. Today 11 years (!) later ThinkPad W520 is still very capable and powerful machine. The only thing that you may need to do is to replace the thermal paste. I also did that – Classic ThinkPad Thermal Paste Change – as described here.

0THIS-w520-freebsd

To make you imagine how big that 11 years time span in IT is I will try to show you example with a car. Its like driving 30 years old Mercedes-Benz W124 from 1992 today because IT world and hardware changes and improves a lot faster then automobile industry. The Mercedes-Benz W124 with its indestructible automatic transmission and engine along with comfortable suspension and automatic air conditioning – offers daily experience not that far away from today’s cars – the meritum is definitely fulfilled. I know that from first hand since I owned one not that long ago. Not to mention its legendary reliability. Its also a car that is very liked by mechanics as its very ‘serviceable’ and has lots of space for everything. You do not need to disassemble entire front bumper and the headlight just to replace a broken light beam.

w520.mercedes.w124

This is the same that I would say about ThinkPad W520 today. You can put three (!) storage devices at the same time. Two 2.5 SATA drives and one mSATA disk. Assuming you would use 8 TB 2.5 Samsung QVO drives and 2 TB mSATA drive you would have 18 TB of storage … in a 11 years old laptop. You can grow that to 19TB with 1TB SD card in the slot … and we even did not touched any USB ports yet. Today you are able to get ThinkPad W520 in nice condition for about $300 if you are not heisty and getting 32 GB of DDR3 RAM costs another $100 so its pretty affordable hardware.

Specifications

For the record below You will find specs of mine machine. I also added driver and/or package that is used to support these devices.

CPU: Intel Core i7-2820QM 2.30GHz (4C/8T) Sandy Bridge 32nm
RAM: 32 GB (4 * 8GB DDR3)
HDD0: 128GB mSATA Samsung PM830 (system)
HDD1: 4 TB 2.5 SATA Samsung 860 QVO (data)
GFX0: Intel HD Graphics 3000 (integrated) [graphics/drm-kmod]
GFX1: Nvidia Quadro 2000M (discrete) [x11/nvidia-driver-390] {nvidia}
SCR: 15.6 1920x1080
USB: 2 x USB 2.0 + 2 x USB 3.0 [ehci(4) + xhci(4)]
AUDIO: Conexant CX20590 [snd_hda(4)]
PORTS0: 1 x VGA
PORTS1: 1 x DisplayPort
PORTS2: 1 x eSata
SD: Card Reader 5in1 [sdhci(4)]
LAN: 10/100/1000 Intel 82579LM Gigabit [em(4)]
WIFI: Intel Centrino Ultimate-N 6300 AGN 802.11n [iwn(4)]
BT: Bluetooth 3.0 [ng_ubt(4)]
CAM: Webcam 720p [multimedia/webcamd]

Articles such as this one often focuses on what works and is supported by FreeBSD and what is problematic or does not work at all. The very nice thing about ThinkPad W520 under FreeBSD command is that EVERYTHING works. From Bluetooth through Card Reader and also multiple suspend/resume cycles. I am doing months of uptime on that laptop and I reboot only when I need to update the system or I want to test something … but that often also does not need reboot now as you can just reroot into other BE as described in my other ZFS Boot Environments Revolutions article.

I do not need the compute power of discrete Nvidia Quadro 2000M card so I disabled it in the BIOS – but when I tried it with drivers from the FreeBSD Ports – everything worked as desired. I use integrated Intel HD Graphics 3000 which is more then enough for my needs. To be honest I would get ThinkPad T520 which can be bought with integrated graphics only but it has two downsides. The T520 does not have any USB 3.0 ports – that one I could probably live with but … it comes only with Dual Core CPUs. You can of course place a Quad Core CPU in it by yourself – but as W520 exist I do not see a reason not to get one πŸ™‚

FreeBSD System Configuration

From many things that I really like about FreeBSD (more here – Quare FreeBSD? – in separate article) is that it can be mostly configured using just 3 files. This configuration already features all power management settings that I described in the The Power to Serve – FreeBSD Power Management article.

I installed FreeBSD in a pretty standard way with GELI full disk encryption enabled and with ZFS as the filesystem as I can not live without ZFS Boot Environments. The FreeBSD installer automatically detects and applies the so called ‘Lenovo Fix‘. When in doubt the installation procedure is described in the FreeBSD Desktop – Part 2.1 – Install FreeBSD 12 article.

Main FreeBSD configuration files.

  • /etc/rc.conf – system and services configuration
  • /etc/sysctl.conf – runtime parameters configuration
  • /boot/loader.conf – parameters configurable at boot

I will also include these below as they are also important:

  • /etc/devfs.rules – devices configuration
  • /etc/fstab – filesystems configuration
  • /etc/ttys – terminal initialization configuration
  • /etc/wpa_supplicant.conf – WiFi configuration
  • /usr/local/etc/automount.confautomount(8) configuration
  • /usr/local/etc/doas.confdoas(1) configuration
  • id(1) groups membership
  • /usr/local/etc/X11/xorg.conf.d/* – X11 configuration

First the main /etc/rc.conf configuration file.

% cat /etc/rc.conf
# SILENCE # ------------------------------------------------------------------
  rc_startmsgs=NO

# NETWORK # ------------------------------------------------------------------
  hostname=w520.local
  background_dhclient=YES
  extra_netfs_types=NFS
  defaultroute_delay=3
  defaultroute_carrier_delay=3
  gateway_enable=YES
  harvest_mask=351
  rtsol_flags="-i"
  rtsold_flags="-a -i"

# MODULES/COMMON/BASE # ------------------------------------------------------
  kld_list="${kld_list} /boot/modules/i915kms.ko"
  kld_list="${kld_list} fusefs coretemp sem cpuctl ichsmb cuse"
  kld_list="${kld_list} libiconv cd9660_iconv msdosfs_iconv udf_iconv"

# MODULES/VIRTUALBOX # -------------------------------------------------------
  vboxnet_enable=YES
  kld_list="${kld_list} vboxdrv vboxnetadp vboxnetflt"

# POWER
  performance_cx_lowest=C1
  economy_cx_lowest=Cmax
  powerd_enable=YES
  powerd_flags="-n adaptive -a hiadaptive -b adaptive -m 800 -M 2000"

# DAEMONS | yes # ------------------------------------------------------------
  zfs_enable=YES
  xdm_enable=YES
  xdm_tty=ttyv4
  nfs_client_enable=YES
  ubuntu_enable=YES
  moused_enable=YES
  syslogd_flags='-s -s'
  sshd_enable=YES
  local_unbound_enable=YES
  webcamd_enable=YES
  rctl_enable=YES

# DAEMONS | no # -------------------------------------------------------------
  linux_enable=NO
  sendmail_enable=NONE
  sendmail_submit_enable=NO
  sendmail_outbound_enable=NO
  sendmail_msp_queue_enable=NO

# FS # -----------------------------------------------------------------------
  fsck_y_enable=YES
  clear_tmp_enable=YES
  clear_tmp_X=YES
  growfs_enable=YES

# OTHER # --------------------------------------------------------------------
  keyrate=fast
  keymap=pl.kbd
  virecover_enable=NO
  update_motd=NO
  devfs_system_ruleset=desktop
  hostid_enable=NO
  savecore_enable=NO

Now the runtime parameters /etc/sysctl.conf file.

% cat /etc/sysctl.conf
# SECURITY
  security.bsd.see_jail_proc=0
  security.bsd.unprivileged_proc_debug=0

# SECURITY/RANDOM PID
  kern.randompid=1

# ANNOYING THINGS
  vfs.usermount=1
  kern.coredump=0
  hw.syscons.bell=0
  kern.vt.enable_bell=0

# ZFS DELETE FUCKUP TRIM (DEFAULT: 64)
  vfs.zfs.vdev.trim_max_active=1

# ZFS ARC TUNING
  vfs.zfs.arc.min=134217728
  vfs.zfs.arc.max=536870912

# ZFS ARC FREE ENFORCE @ 1024 \* 1024 \* 3
  vfs.zfs.arc_free_target=3145728

# JAILS/ALLOW UPGRADES IN JAILS
  security.jail.chflags_allowed=1

# JAILS/ALLOW RAW SOCKETS
  security.jail.allow_raw_sockets=1

# DESKTOP/INTERACTIVITY
  kern.sched.preempt_thresh=224

# DESKTOP QUANTUM FOR TIMESHARE THREADS IN stathz TICKS (12) NomadBSD
  kern.sched.slice=3

# DESKTOP/IRIDIUM/CHROMIUM
  kern.ipc.shm_allow_removed=1

# SAMPLE RATE CONVERTER QUALITY (0=low .. 4=high) (1) NomadBSD
  hw.snd.feeder_rate_quality=3

# PERFORMANCE/ALL SHARED MEMORY SEGMENTS WILL BE MAPPED TO UNPAGEABLE RAM
  kern.ipc.shm_use_phys=1

# VIRTUALBOX aio(4) SETTINGS
  vfs.aio.max_buf_aio=8192
  vfs.aio.max_aio_queue_per_proc=65536
  vfs.aio.max_aio_per_proc=8192
  vfs.aio.max_aio_queue=65536

# NETWORK/DO NOT SEND RST ON SEGMENTS TO CLOSED PORTS
  net.inet.tcp.blackhole=2

# NETWORK/DO NOT SEND PORT UNREACHABLES FOR REFUSED CONNECTS
  net.inet.udp.blackhole=1

# NETWORK/LIMIT ON SYN/ACK RETRANSMISSIONS (3)
  net.inet.tcp.syncache.rexmtlimit=0

# NETWORK/USE TCP SYN COOKIES IF THE SYNCACHE OVERFLOWS (1)
  net.inet.tcp.syncookies=0

# NETWORK/ASSIGN RANDOM ip_id VALUES (0)
  net.inet.ip.random_id=1

# NETWORK/ENABLE SENDING IP REDIRECTS (1)
  net.inet.ip.redirect=0

# NETWORK/IGNORE ICMP REDIRECTS (0)
  net.inet.icmp.drop_redirect=1

# NETWORK/DROP TCP PACKETS WITH SYN+FIN SET (0)
  net.inet.tcp.drop_synfin=1

# NETWORK/RECYCLE CLOSED FIN_WAIT_2 CONNECTIONS FASTER (0)
  net.inet.tcp.fast_finwait2_recycle=1

# NETWORK/CERTAIN ICMP UNREACHABLE MESSAGES MAY ABORT CONNECTIONS IN SYN_SENT (1)
  net.inet.tcp.icmp_may_rst=0

Now the boot parameters in /boot/loader.conf file.

% cat /boot/loader.conf
# CONSOLE COMMON
  autoboot_delay=1       # OPTION '-1' MEANS NO WAIT AND 'NO' MEANS INFINITE WAIT
  hw.usb.no_boot_wait=0  # DO NOT WAIT FOR USB DEVICES FOR ROOT (/) FILESYSTEM
  boot_mute=YES          # SAME AS '-m' IN LOADER - MUTE CONSOLE WITH FreeBSD LOGO
  loader_logo=none       # DESIRED LOGO: fbsdbw beastiebw beastie none
  loader_menu_frame="none"
  screen.font="6x12"

# CONSOLE RESOLUTION
  efi_max_resolution="1920x1080"

# WINE FIX
  machdep.max_ldt_segment=2048

# MODULES - BOOT
  geom_eli_load=YES
  zfs_load=YES

# drm-kmod PACKAGE - USE SEMAPHORES FOR INTER-RING SYNC
  compat.linuxkpi.semaphores=1

# drm-kmod PACKAGE - ENABLE POWER-SAVING RENDER C-STATE 6
  compat.linuxkpi.enable_rc6=7

# drm-kmod PACKAGE - ENABLE POWER-SAVING DISPLAY C-STATES
  compat.linuxkpi.enable_dc=2

# drm-kmod PACKAGE - ENABLE FRAME BUFFER COMPRESSION FOR POWER SAVINGS
  compat.linuxkpi.enable_fbc=1

# ENABLE SYNAPTICS
  hw.psm.synaptics_support=1

# DISABLE /dev/diskid/* ENTRIES FOR DISKS
  kern.geom.label.disk_ident.enable=0

# DISABLE /dev/gptid/* ENTRIES FOR DISKS
  kern.geom.label.gptid.enable=0

# TERMINAL vt(4) COLORS
  kern.vt.color.0.rgb="#000000"
  kern.vt.color.1.rgb="#dc322f"
  kern.vt.color.2.rgb="#859900"
  kern.vt.color.3.rgb="#b58900"
  kern.vt.color.4.rgb="#268bd2"
  kern.vt.color.5.rgb="#ec0048"
  kern.vt.color.6.rgb="#2aa198"
  kern.vt.color.7.rgb="#94a3a5"
  kern.vt.color.8.rgb="#586e75"
  kern.vt.color.9.rgb="#cb4b16"
  kern.vt.color.10.rgb="#859900"
  kern.vt.color.11.rgb="#b58900"
  kern.vt.color.12.rgb="#268bd2"
  kern.vt.color.13.rgb="#d33682"
  kern.vt.color.14.rgb="#2aa198"
  kern.vt.color.15.rgb="#6c71c4"

# RACCT/RCTL RESOURCE LIMITS
  kern.racct.enable=1

# DISABLE ZFS PREFETCH
  vfs.zfs.prefetch_disable=1

# POWER MGMT / POWER OFF DEVICES WITHOUT ATTACHED DRIVER
  hw.pci.do_power_nodriver=3

# POWER MANAGEMENT FOR EVERY USED AHCI CHANNEL (ahcich 0-7)
  hint.ahcich.0.pm_level=5
  hint.ahcich.1.pm_level=5
  hint.ahcich.2.pm_level=5
  hint.ahcich.3.pm_level=5
  hint.ahcich.4.pm_level=5
  hint.ahcich.5.pm_level=5
  hint.ahcich.6.pm_level=5
  hint.ahcich.7.pm_level=5

# GELI THREADS
  kern.geom.eli.threads=4

Now the mentioned /etc/devfs.rules file.

% cat /etc/devfs.rules
[desktop=10]
add path 'acd*'      mode 0660 group operator
add path 'cd*'       mode 0660 group operator
add path 'da*'       mode 0660 group operator
add path 'pass*'     mode 0660 group operator
add path 'xpt*'      mode 0660 group operator
add path 'fd*'       mode 0660 group operator
add path 'md*'       mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'ugen*'     mode 0660 group operator
add path 'usb/*'     mode 0660 group operator
add path 'video*'    mode 0660 group operator
add path 'cuse*'     mode 0660 group operator
add path 'lpt*'      mode 0660 group cups
add path 'ulpt*'     mode 0660 group cups
add path 'unlpt*'    mode 0660 group cups

Filesystems and SWAP configuration.

% cat /etc/fstab
# SWAP
  /dev/gpt/swap0  none  swap  sw  0 0

# FreeBSD PSEUDO - NEEDED BY wine(1)
  procfs  /proc  procfs  rw  0 0

# Ubuntu Linux PSEUDO
  linprocfs  /compat/ubuntu/proc     linprocfs  rw,late                    0 0
  linsysfs   /compat/ubuntu/sys      linsysfs   rw,late                    0 0
  devfs      /compat/ubuntu/dev      devfs      rw,late                    0 0
  fdescfs    /compat/ubuntu/dev/fd   fdescfs    rw,late,linrdlnk           0 0
  tmpfs      /compat/ubuntu/dev/shm  tmpfs      rw,late,size=1g,mode=1777  0 0
  /home      /compat/ubuntu/home     nullfs     rw,late                    0 0
  /tmp       /compat/ubuntu/tmp      nullfs     rw,late                    0 0

Terminals configuration under /etc/ttys file. Important part is the ttyv4 entry to match the xdm_tty=ttyv4 value from /etc/rc.conf file.

% grep '^[^#]' /etc/ttys | cat
console none                            unknown off insecure
ttyv0   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv1   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv2   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv3   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv4   "/usr/libexec/getty Pc"         xterm   off secure
ttyv5   "/usr/libexec/getty Pc"         xterm   off secure
ttyv6   "/usr/libexec/getty Pc"         xterm   off secure
ttyv7   "/usr/libexec/getty Pc"         xterm   off secure
ttyv4   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
ttyu0   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu1   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu2   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu3   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
dcons   "/usr/libexec/getty std.9600"   vt100   off secure
xc0     "/usr/libexec/getty Pc"         xterm   onifconsole secure
rcons   "/usr/libexec/getty std.9600"   vt100   onifconsole secure

Wireless config – as an example for different network types. As you have seen I did not included any network information in the /etc/rc.conf file – this is because I use my own network.sh solution to connect to various both wire and wireless networks – FreeBSD Network Management with network.sh Script – described in detail here.

# cat /etc/wpa_supplicant.conf
# GENERAL
eapol_version=2
ap_scan=1
fast_reauth=1

# OPEN NETWORKS
network={
  key_mgmt=NONE
  priority=0
}

# NETWORK WITH HIDDEN SSID
network={
  scan_ssid=1
  ssid="hidden-network"
  psk="12341234"
  priority=0
}

# NAMED OPEN NETWORK
network={
  ssid="Free_Internet"
  key_mgmt=NONE
  priority=0
}

# NORMAL WPA/WPA2 SECURED NETWORK
network={
  ssid="SECURED"
  psk="12345678"
}

The automount(8) config.

% cat /usr/local/etc/automount.conf
  USERUMOUNT=YES
  USER=vermaden
  FM='caja --no-desktop'
  NICENAMES=YES

The doas(1) configuration.

# cat /usr/local/etc/doas.conf
# CORE
  permit nopass keepenv root     as root
  permit nopass keepenv vermaden as root

# THE network.sh SCRIPT
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd wpa_supplicant

Groups I am member of with id(1) output.

% id vermaden | tr ' ' '\n' | tr ',' '\n'
uid=1000(vermaden)
gid=1000(vermaden)
groups=1000(vermaden)
0(wheel)
5(operator)
44(video)
69(network)
145(webcamd)
920(vboxusers)

Current X11 configuration.

% cat /usr/local/etc/X11/xorg.conf.d/card.conf
Section "Device"
  Identifier "Card0"
  Option "DPMS"
  Driver "intel"
  Option "DRI" "3"
  Option "AccelMethod" "sna"
  Option "TearFree" "true"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/flags.conf
Section "ServerFlags"
  Option "DontZap" "off"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/keyboard.conf
Section "InputDevice"
  Identifier "Keyboard0"
  Driver "kbd"
  Option "XkbLayout" "pl"
  Option "XkbOptions" "terminate:ctrl_alt_bksp,ctrl:nocaps"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/touchpad.conf
Section "InputClass"
  Identifier "touchpad"
  MatchIsTouchpad "on"
  Driver "libinput"
  Option "Tapping" "on"
  Option "NaturalScrolling" "on"
EndSection

I also do not rely on ‘stock’ fan speeds and set my own speeds according to CPU temperature with acpi-thinkpad-fan.sh script.

Desktop Environment

Openbox

As for the ‘desktop environment’ that I use – its my custom setup with Openbox along with tools like Tint2 and Dzen2 – for the most basic setup. The screenshot is from FreeBSD 11.1 but it looks exactly the same today.

freebsd-desktop-2019-04

I described this setup in details in the entire FreeBSD Desktop series.

XFCE

I have also tried XFCE – I liked it especially with the Global Menu app-menu plugin. You go this way with this XFCE Cupertino Way handy guide.

xfce-ghostbsd

GNOME

I also tried GNOME for a test – it did not suit me well so I went back to my Openbox setup – but You may find it more comfortable to use. Here is the FreeBSD GNOME 3 Fast Track article that will help you with that.

gnome-4-apps

Accessories

There are some accessories that are very handy with the ThinkPad W520 laptop. I will describe them below.

Smaller Power Supply

The ThinkPad W520 comes with quite large brick of ThinkPad 170W Power Supply. It works. Its OK … but you can use smaller one and more universal at the same time. I use the ThinkPad 135W Power Supply that originally was sold with ThinkPad W510 – the earlier model. Besides being smaller in size it also has one additional advantage. Its plug is round and also fits into other ThinkPads from this line like ThinkPad X220 or ThinkPad T420s. The original ThinkPad 170W Power Supply unfortunately only fits into the ThinkPad W520 laptop. Below you can compare their sizes.

w520.ps

Mouse Companion

After checking many mouse models – as described in the UNIX Mouse Shootout article – I finally settled with Logitech Triathlon M720 mouse. I have plugged the Lenovo USB Receiver into the back ‘powered’ USB port. While I use that mouse over the USB receiver you can also connect it using Bluetooth – also to other computers. This mouse has a special dedicated button to switch between 3 different computers. Unfortunately the copy-paste between them does not work πŸ™‚

mouse-M720

If you would like to ‘save’ that port for something else then you may use special USB board adapter that you will place in the Bluetooth module under the palm rest. You would loose Bluetooth support then of course – but not everyone uses that. Its available for example on Aliexpress site and looks like that.

w520.usb-bluetooth-pink

I do not use it as I do not need the ‘back’ USB port so below you will find its mounted picture on the ThinkPad X220 laptop instead – along with the Lenovo USB Receiver attached.

w520.usb-bluetooth

Two Additional USB 3.0 Ports

The ThinkPad W520 comes with not well known today ExpressCard port. With this cheap adapter from Aliexpress you can add two additional USB 3.0 ports. You may of course do not need that many ports – but if you are left handed then you probably use mouse on the left of your laptop – then USB ports on the right will be handy.

w520.express

These USB 3.0 ports may be also useful with some bhyve(8) setups. Currently its not supported to pass-thru just a single USB port to a virtual machine. You need to pass thru entire controller. This way you can pass-thru that controller to bhyve(8) VM and have another USB 3.0 ports on the host.

Larger Custom Battery

The original largest extended battery for ThinkPad W520 had 9400mAh capacity. Its possible to get even larger custom extended battery but in the same physical size and shape – with 9600mAh capacity – and for only about $50. To remind you the original one costs closer to $200 unfortunately. I got mine from this Aliexpress page. With my power settings and with this battery along with enabled WiFi and screen brightness just one step less then maximum brightness it show more then 7 hours of time left in acpiconf(8) command.

% acpiconf -i 0
Design capacity:        10368 mAh
Last full capacity:     10368 mAh
Technology:             secondary (rechargeable)
Design voltage:         10800 mV
Capacity (warn):        518 mAh
Capacity (low):         18 mAh
Low/warn granularity:   1 mAh
Warn/full granularity:  1 mAh
Model number:           42T4763
Serial number:              1
Type:                   LION
OEM info:               SANYO
State:                  discharging
Remaining capacity:     97%
Remaining time:         7:17
Present rate:           1393 mA (17086 mW)
Present voltage:        12266 mV

As you can see from the command above this custom battery size is even reported as closer to 10400mAh instead of advertised 9600maH. I do not know how to check which one is closer to truth – but the fact is that it allows longer work then the official one – and for smaller price.

Experience

This laptop along with its smaller and lighter brothers such as ThinkPad X220 or ThinkPad T420s are the best machines I know to work on FreeBSD … but maybe its because I do not use newer laptops πŸ™‚ The general experience of FreeBSD on ThinkPad W520 is stable and uninterrupted work count in days and weeks of uptime. The suspend/resume works like a charm with many cycles possible – not just one. I one even recorded such suspend/resume cycle with many applications and games running on a busy FreeBSD system. Its available here FreeBSD 12.2 Suspend/Resume on a Vimeo page.

Here is now its being used daily.

w520.real

Summary

I have been using this laptop since many years and I even laugh that as its a decade old – I would use it for the next decade πŸ™‚ Most/all of this configuration applies to other ThinkPad models from this lineup like X220/T420s/T420/T520 … probably even L520 (but I did not tested that one).

EOF

Valuable News – 2022/04/11

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Announcing pkgsrc-2022Q1 Branch.
https://mail-index.netbsd.org/netbsd-announce/2022/03/30/msg000336.html

How to Prepare FreeBSD Server to Be Managed by Ansible Tool.
https://www.cyberciti.biz/faq/how-to-prepare-freebsd-server-to-be-managed-by-ansible-tool/

FreeBSD Enables Running Jails inside Jails.
https://github.com/freebsd/freebsd-src/commit/35cf9fecbd80f56e39524f480240acfd953c93e1

Tachyum Successfully Runs FreeBSD in Prodigy Ecosystem – Expands Open-Source OS Support.
https://www.tachyum.com/media/press-releases/2022/04/05/tachyum-successfully-runs-freebsd-in-prodigy-ecosystem-expands-open-source-os-support/

Tachyum Feature Preview FreeBSD.
https://www.youtube.com/watch?v=i_k4EY4tRAE

FreeBSD 2022/03 Hardware Trends.
https://github.com/bsdhw/Trends/tree/master/Dist/FreeBSD

The snapaid Utility Downloads and Verifies FreeBSD Releases and Snapshots.
https://funkthat.com/gitea/jmg/snapaid

Writing NetBSD Kernel Module.
https://saurvs.github.io/post/writing-netbsd-kern-mod/

New LPAR2RRD 7.40 Release.
https://lpar2rrd.com/note740.php

Tachyum Gets FreeBSD Running on Prodigy ISA Emulation Platform for AI/HPC.
https://www.phoronix.com/scan.php?page=news_item&px=Tachyum-Emulator-Boots-FreeBSD

Apple M1 Status Update for NetBSD.
https://mail-index.netbsd.org/port-arm/2022/04/06/msg007621.html
https://twitter.com/ebijun/status/1480042814704873473/photo/1

Building Your Own FreeBSD Based NAS.
https://klarasystems.com/articles/building-your-own-freebsd-based-nas-with-zfs/

Tachyum Successfully Runs FreeBSD in Prodigy Ecosystem – Expands Open Source OS Support.
https://finance.yahoo.com/news/tachyum-successfully-runs-freebsd-prodigy-120000531.html

OPNsense 22.1.5 Released.
https://forum.opnsense.org/index.php?topic=27832.0

FreeBSD vs OpenBSD – Which is Right for You?
https://www.ateamsystems.com/tech-blog/freebsd-vs-openbsd-which-is-right-for-you/

FreeBSD 13.1-RC2 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2022-April/000700.html

Awesome Fetch – CLI Fetch Tools for System Information.
https://beucismis.github.io/awesome-fetch/

OpenSSH 9.0/9.0p1 Release Notes.
https://www.openssh.com/releasenotes.html

Using Windows After 15 Years on Linux.
https://duncanlock.net/blog/2022/04/06/using-windows-after-15-years-on-linux/

FreeBSD 13.1-RC2 Released with More Fixes.
https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-13.1-RC2

Castle Game Engine Works Flawlessly on FreeBSD.
https://castle-engine.io/wp/2022/04/08/freebsd-build/

FreeBSD Supports Three Finger Drag in psm(4) Driver.
https://twitter.com/michael_yuji/status/1512385776755314691

Use recordsize=32KB with ZFS ZVOLs for Bhyve Clients with UFS Filesystem.
https://twitter.com/encthenet/status/1512563753245544450

SmartOS 20220407 Release.
https://smartos.topicbox.com/groups/smartos-discuss/Tece4cfa310e908d2-M7d1716421b8003c0abf98046/smartos-release-20220407

Vulnerable Packages on FreeBSD: pkg audit.
https://linux-audit.com/vulnerable-packages-on-freebsd-pkg-audit/

New NVIDIA Open Source Linux Kernel Graphics Driver Appears Under MIT License.
https://www.phoronix.com/scan.php?page=news_item&px=NVIDIA-Kernel-Driver-Source

Does SWAP Still Matter on UNIX in 2022?
https://lists.nycbug.org:8443/pipermail/talk/2022-April/018486.html

In Other BSDs for 2022/04/09.
https://www.dragonflydigest.com/2022/04/09/26828.html

Unexpected Importance of Trailing Slash.
https://tookmund.com/2022/04/importance-of-the-trailing-slash

Printing with FreeBSD – Quick and Dirty Way.
https://www.youtube.com/watch?v=YW8y48DdptA

Signal TLS Proxies for FreeBSD and OpenBSD. No Docker Required.
https://github.com/RainmakerRaw/Signal_TLS_Proxy_BSD

Setup Login for Windows Samba Active Directory on FreeBSD.
https://www.neelc.org/posts/freebsd-ad-login/

Hardware

AMD Explains Why Intel Switched to Hybrid Core Architecture.
https://www.hardwaretimes.com/amd-explains-why-intel-switched-to-a-hybrid-core-architecture/

USB-C Hubs and My Slow Descent into Madness.
https://overengineer.dev/blog/2021/04/25/usb-c-hub-madness.html

HP EX900 1TB NVMe SSD Review.
https://www.servethehome.com/hp-ex900-1tb-nvme-ssd-review/

Why Not Pentium III?
https://86box.net/2022/03/21/why-not-p3.html

Width of Bays for 3.5 and 5.25 Drives.
https://twitter.com/Foone/status/1512445244096229376

CORSAIR Launches K70 RGB TKL Optical Mechanical Gaming Keyboard.
https://www.techpowerup.com/293716/corsair-launches-k70-rgb-tkl-optical-mechanical-gaming-keyboard

AQIRYS Aludra TKL Keyboard Review.
https://www.techpowerup.com/review/aqirys-aludra-tkl/

Seagate Announces 20TB Variant of SkyHawk AI Hard Drive.
https://www.techpowerup.com/293204/seagate-announces-20tb-variant-of-skyhawk-ai-hard-drive

Life

Bill Jolitz – Konown Mostly for BSD 386 Development – Has Died.
https://minnie.tuhs.org/pipermail/tuhs/2022-April/025643.html

Unknown Hackers – Open Source Pioneers Bill and Lynne Jolitz May Be Most Famous Programmers You Have Never Heard of. [2000]
https://www.salon.com/2000/05/17/386bsd/

Other

Twitter Edits You.
http://www.kevinmarks.com/twittereditsyou.html

Fallout ET TU 1.7 Released.
https://nma-fallout.com/threads/fallout-et-tu-1-7-released.221087/

Scoop – Command Line Installer for Windows.
https://scoop.sh/

Firefox 99 is Out.
https://nakedsecurity.sophos.com/2022/04/05/firefox-99-is-out-no-major-bugs-but-update-anyway/

Super Simple Storage Service (S4) is New Innovation in Cloud Storage.
http://www.supersimplestorageservice.com/

Those HTML Attributes You Never Use.
https://www.smashingmagazine.com/2022/03/html-attributes-you-never-use/

Automated Kickstart Install of RHEL/Clones.
https://vermaden.wordpress.com/2022/04/11/automated-kickstart-install-of-rhel-clones/

EOF

Automated Kickstart Install of RHEL/Clones

There are two approaches to making your life more automated about installing multiple instances of operating systems. You can either maintain up-to-date templates for them or you can have automated/scripted installations. In this article I will share how to generate ISO image and Kickstart configuration to install Red Hat Enterprise Linux (and its clones such as Alma/Rocky/CentOS/Scientific/…) in easy and fast way. For the process I will use 8.5 version of RHEL.

Here is the Table of Contents for this article.

  • Logo
  • Possibilities
  • Environment
    • FreeBSD – www
    • RHEL Client – kickme
  • Validate
  • Generation
    • kickstart.config
    • kickstart.skel
    • kickstart.sh
    • ISO
  • Result
  • Alternatives
  • Summary

Logo

Shortly after IBM acquisition Red Hat started to use kinda boring ‘just a red hat’ logo – but its earlier logo – shown below – was more interesting.

rhel-logo

If you stare long enough you will see two dinosaurs. The Tyrannosaurus (red) punching a Triceratops (white) in the head. Once you see it you will not be able to unsee it πŸ™‚

Possibilities

There are many ways to do that automated Kickstart installation. You can use NFS/HTTP/FTP/HTTPS or your own generated DVD media … or use ‘stock’ DVD and Kickstart config available somewhere on the network.

I will use the following method that I find currently is best suited for my needs:

  • FreeBSD host with NGINX serving RHEL 8.5 DVD content (rhel-8.5-x86_64-dvd.iso) over HTTP.
  • Generate small (less then 1 MB in size) ISO with Kickstart config on it.
  • Boot from small rhel-8.5-x86_64-boot.iso ISO and also with generated Kickstart ISO.

Environment

I will use VirtualBox for this demo with NAT Network configuration for the virtual machines network adapters. The nat0 VirtualBox network is defined as 10.0.10.0/24 and I use Port Forwarding to access these machines from the FreeBSD host system.

Machines:

  • 10.0.10.210 - www – FreeBSD system with NGINX to serve RHEL 8.5 DVD contents
  • 10.0.10.199 - kickme – RHEL machine that would be installed with automated Kickstart install

FreeBSD – www

Below you will find the FreeBSD machine configuration as seen on VirtualBox.

vm-www

Its default FreeBSD ZFS install on single disk. Nothing fancy here to be honest. Below you will find its configuration from /etc/rc.conf file. I also installed the nginx package but the only thing I did with NGINX was to enable it to start automatically. I used the default stock config that points at /usr/local/www/nginx place. I later copied the RHEL 8.5 DVD contents to the /usr/local/www/nginx/rhel-8.5 directory. It takes about 10 GB.

www # cat /etc/rc.conf
hostname=www
ifconfig_em0="inet 10.0.10.210 netmask 255.255.255.0"
defaultrouter=10.0.10.1
sshd_enable=YES
nginx_enable=YES
zfs_enable=YES
dumpdev=AUTO
sendmail_enable=NO
sendmail_submit_enable=NO
sendmail_outbound_enable=NO
sendmail_msp_queue_enable=NO
update_motd=NO

Here is the unmodified NGINX config but with comments non displayed.

www # grep -v '#' /usr/local/etc/nginx/nginx.conf | grep '^[^#]'
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   /usr/local/www/nginx;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
    }
}

Here are the contents of the /usr/local/www/nginx/rhel-8.5 directory after copying here contents of RHEL 8.5 DVD.

www:~ # ls -l /usr/local/www/nginx/rhel-8.5/
total 71
-r--r--r--  1 root  wheel     60 Apr  6 21:34 .discinfo
-r--r--r--  1 root  wheel   1560 Apr  6 21:34 .treeinfo
dr-xr-xr-x  4 root  wheel      4 Apr  6 21:50 AppStream
dr-xr-xr-x  4 root  wheel      4 Apr  6 21:53 BaseOS
dr-xr-xr-x  3 root  wheel      3 Apr  6 21:53 EFI
-r--r--r--  1 root  wheel   8154 Apr  6 21:53 EULA
-r--r--r--  1 root  wheel  18092 Apr  6 21:53 GPL
-r--r--r--  1 root  wheel   1669 Apr  6 21:53 RPM-GPG-KEY-redhat-beta
-r--r--r--  1 root  wheel   5135 Apr  6 21:53 RPM-GPG-KEY-redhat-release
-r--r--r--  1 root  wheel   1796 Apr  6 21:53 TRANS.TBL
-r--r--r--  1 root  wheel   1455 Apr  6 21:53 extra_files.json
dr-xr-xr-x  3 root  wheel      6 Apr  6 21:54 images
dr-xr-xr-x  2 root  wheel     16 Apr  6 21:54 isolinux
-r--r--r--  1 root  wheel    103 Apr  6 21:54 media.repo

RHEL Client – kickme

Below you will find the RHEL machine that will be used for the automated Kickstart installation – also as seen on VirtualBox.

vm-kickme

To make that example more interesting (and more corporate) I added second NIC for the backup network – so we will also have to generate additional route for it in the Kickstart config.

The kickme RHEL machine needs to have two (2) CD-ROM drives. In the PRIMARY (the one to boot from) we will load the rhel-8.5-x86_64-boot.iso ISO file. In the SECONDARY one we will load our generated kickme.oemdrv.iso ISO file containing Kickstart config file.

Validate

There also exists pykickstart package which offers ksvalidator tool. Theoretically it allows you to make sure that your Kickstart config has proper syntax and that it would work – but only in theory. Here is what it RHEL documentation states about its accuracy.

rhel-ksvalidator

It means that you will not know if your Kickstart config will work until you really try it – thus I do not cared that much about this tool as is not available on FreeBSD.

Generation

Now to the most important part – Kickstart generation and ISO generation. Probably the easiest way to create new Kickstart config is to install ‘by hand’ new RHEL system under virtual machine and then take the generated by Anaconda /root/anaconda-ks.cfg file as a starting point. This is what I also did.

When you would like to install next host you will have to edit the hostname and IP addresses for next host in that Kickstart file – which seems not very convenient to say the least. In order to make that less PITA I created a kickstart.sh script that will read values from kickstart.config file and then put them into the kickstart.skel file that would be base for our future installations. Then the kickstart.sh will copy the generated Kickstart file and used Kickstart config with that hostname as a backup or for future reference – or for example for documentation purposes.

kickstart.config

Here is how such kickstart.config file looks like.

# cat kickstart.config
  SYSTEM_NAME=kickme
  REPO_SERVER_IP=10.0.10.210
  INTERFACE1=enp0s3
  IP_ADDRESS1=10.0.10.199
  NETMASK1=255.255.255.0
  INTERFACE2=enp0s8
  IP_ADDRESS2=10.0.90.199
  NETMASK2=255.255.255.0
  GATEWAY=10.0.10.1
  NAMESERVER1=1.1.1.1
  NAMESERVER2=9.9.9.9
  NTP1=132.163.97.6
  NTP2=216.239.35.0
  ROUTE_NET=10.0.40.10/24
  ROUTE_VIA=10.0.20.1

kickstart.skel

The kickstart.skel file is little longer – this is our barebone for the Kickstart configs.

# cat kickstart.skel
#version=RHEL8

# USE sda DISK
ignoredisk --only-use=sda

# CLEAR DISK PARTITIONS BEFORE INSTALL
clearpart --all --initlabel

# USE text INSTALL
text

# USE ONLINE INSTALLATION MEDIA
url --url=http://REPO_SERVER_IP/rhel-8.5/BaseOS --noverifyssl

# KEYBOARD LAYOUTS
keyboard --vckeymap=us --xlayouts='us','pl'

# LANGUAGE
lang en_US.UTF-8

# NETWORK INFORMATION
network --bootproto=static --device=INTERFACE1 --ip=IP_ADDRESS1 --netmask=NETMASK1 --gateway=GATEWAY --nameserver=NAMESERVER1,NAMESERVER2 --noipv6 --activate
network --bootproto=static --device=INTERFACE2 --ip=IP_ADDRESS2 --netmask=NETMASK2 --noipv6 --activate --onboot=on
network --hostname=SYSTEM_NAME

# REPOS
repo --name="AppStream" --baseurl=http://REPO_SERVER_IP/rhel-8.5/AppStream

# ROOT PASSWORD
rootpw --plaintext asd

# DISABLE Setup Agent ON FIRST BOOT
firstboot --disable

# DISABLE SELinux AND FIREWALL
selinux --disabled
firewall --disabled

# OMIT X11
skipx

# REBOOT AND EJECT BOOT MEDIUM
reboot --eject

# TIMEZONE
timezone Europe/Warsaw --isUtc --nontp

# PARTITIONS
part   /boot/efi --fstype="efi"   --size=600  --ondisk=sda --label=EFI  --fsoptions="umask=0077,shortname=winnt"
part   /boot     --fstype="xfs"   --size=1024 --ondisk=sda --label=BOOT --fsoptions="rw,noatime,nodiratime"
part   pv.475    --fstype="lvmpv" --size=1    --ondisk=sda --grow

# LVM
volgroup rootvg --pesize=4096 pv.475
logvol /         --fstype="xfs"   --size=1024 --name=root --label="ROOT" --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /usr      --fstype="xfs"   --size=5120 --name=usr  --label="USR"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /var      --fstype="xfs"   --size=3072 --name=var  --label="VAR"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /tmp      --fstype="xfs"   --size=1024 --name=tmp  --label="TMP"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /opt      --fstype="xfs"   --size=1024 --name=opt  --label="OPT"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /home     --fstype="xfs"   --size=1024 --name=home --label="HOME" --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol swap      --fstype="swap"  --size=4096 --name=swap --label="SWAP" --vgname=rootvg

# RPM PACKAGES
%packages
@^minimal-environment
kexec-tools
nfs-utils
nfs4-acl-tools
perl
chrony
%end

# KDUMP
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end

# POST INSTALL COMMANDS TO EXECUTE
%post --log=/root/ks-post.log --interpreter=/usr/bin/bash

  # POST: route
  echo ROUTE_NET via ROUTE_VIA > /etc/sysconfig/network-scripts/route-INTERFACE2

  # POST: chrony CONFIG
  cat << TIME > /etc/chrony.conf
server NTP1 iburst
server NTP2 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
keyfile /etc/chrony.keys
leapsectz right/UTC
TIME

  # POST: chrony SERVICE
  systemctl enable chronyd

%end

# PASSWORD REQUIREMENTS
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

kickstart.sh

… and last but not least – the kickstart.sh script. It does not take any arguments – it just loads the kickstart.config file variables and then replaces all config options in kickstart.skel with sed(1) to generate new Kickstart file as files/${SYSTEM_NAME}.cfg file. It also copies that config into files/${SYSTEM_NAME}.config for convenience.

# cat kickstart.sh
#! /bin/sh

if [ ! -f kickstart.config ]
then
  echo "ERROR: file 'kickstart.config' not available"
  exit 1
fi

if [ ! -f kickstart.skel ]
then
  echo "ERROR: file 'kickstart.skel' not available"
  exit 1
fi

. "$( pwd )/kickstart.config"

mkdir -p files ksfloppy iso

cp kickstart.config files/${SYSTEM_NAME}.config

if [ ${?} -eq 0 ]
then
  echo "INFO: kickstart config copied to 'files/${SYSTEM_NAME}.config' location"
else
  echo "ERROR: could not copy config to 'files/${SYSTEM_NAME}.config' location"
  exit 1
fi

sed                                           \
  -e s@SYSTEM_NAME@${SYSTEM_NAME}@g           \
  -e s@SALT_MINION_NAME@${SALT_MINION_NAME}@g \
  -e s@SALT_MASTER_IP@${SALT_MASTER_IP}@g     \
  -e s@REPO_SERVER_IP@${REPO_SERVER_IP}@g     \
  -e s@RHEL_MAJOR@${RHEL_MAJOR}@g             \
  -e s@RHEL_VERSION@${RHEL_VERSION}@g         \
  -e s@RHEL_ARCH@${RHEL_ARCH}@g               \
  -e s@INTERFACE1@${INTERFACE1}@g             \
  -e s@IP_ADDRESS1@${IP_ADDRESS1}@g           \
  -e s@NETMASK1@${NETMASK1}@g                 \
  -e s@INTERFACE2@${INTERFACE2}@g             \
  -e s@IP_ADDRESS2@${IP_ADDRESS2}@g           \
  -e s@NETMASK2@${NETMASK2}@g                 \
  -e s@GATEWAY@${GATEWAY}@g                   \
  -e s@NAMESERVER1@${NAMESERVER1}@g           \
  -e s@NAMESERVER2@${NAMESERVER2}@g           \
  -e s@NTP1@${NTP1}@g                         \
  -e s@NTP2@${NTP2}@g                         \
  -e s@ROUTE_NET@${ROUTE_NET}@g               \
  -e s@ROUTE_VIA@${ROUTE_VIA}@g               \
  kickstart.skel > files/${SYSTEM_NAME}.cfg

if [ ${?} -eq 0 ]
then
  echo "INFO: kickstart file 'files/${SYSTEM_NAME}.cfg' generated"
else
  echo "ERROR: failed to generate 'files/${SYSTEM_NAME}.cfg' kickstart file"
  exit 1
fi

echo "INFO: mkisofs(8) output BEGIN"
echo "-----------------------------"

mkisofs -J -R -l -graft-points -V "OEMDRV" \
        -input-charset utf-8 \
        -o iso/${SYSTEM_NAME}.oemdrv.iso \
        ks.cfg=files/${SYSTEM_NAME}.cfg ksfloppy

echo "-----------------------------"
echo "INFO: mkisofs(8) output ENDED"

if [ ${?} -eq 0 ]
then
  echo "INFO: ISO image 'iso/${SYSTEM_NAME}.oemdrv.iso' generated"
else
  echo "ERROR: failed to generate 'iso/${SYSTEM_NAME}.oemdrv.iso' ISO image"
  exit 1
fi

ISO

It finishes its work in less then a second. Here is its output.

kickstart.sh

… and the generated ISO file.

# ls -lh iso/kickme.oemdrv.iso
-rw-r--r--  1 root  wheel   366K Apr 10 21:57 iso/kickme.oemdrv.iso

Result

Now – when you boot the kickme VirtualBox virtual machine with CD-ROM devices loaded you will end up with RHEL system installed according to your generated Kickstart config. Here are some files from the kickme RHEL installed system.

Filesystems with LABELs such as BOOT or VAR defined.

# lsblk -i -f
NAME            FSTYPE      LABEL UUID                                   MOUNTPOINT
sda
|-sda1          xfs         BOOT  b5c66ea5-b38a-4072-b1a8-0d5882ace179   /boot
|-sda2          vfat        EFI   BB7A-4BFD                              /boot/efi
`-sda3          LVM2_member       e9BwIq-4I2W-zX6y-As42-f9N2-WTTR-WfHKdC
  |-rootvg-root xfs         ROOT  dbf8dd30-51cc-408a-9d05-b1ae67c0637c   /
  |-rootvg-swap swap        SWAP  c8a016b5-f43d-4510-9703-e9c68f02ae64   [SWAP]
  |-rootvg-usr  xfs         USR   c6694796-a5bd-4833-9a6b-a740e8bf83bf   /usr
  |-rootvg-home xfs         HOME  5264afe6-5d9c-4dc3-9d8d-e19078864aea   /home
  |-rootvg-opt  xfs         OPT   039e9575-3af8-4a8b-95c0-54fb8a515f70   /opt
  |-rootvg-tmp  xfs         TMP   11709a48-a64f-4b93-86a3-e943ff9ecf01   /tmp
  `-rootvg-var  xfs         VAR   ed20343c-b915-4234-b13e-0c6c94e03edc   /var
sr0
sr1

The /etc/fstab file with rw,noatime,nodiratime mount options.

# grep '^[^#] /etc/fstab
/dev/mapper/rootvg-root /                       xfs     rw,noatime,nodiratime 0 0
UUID=b5c66ea5-b38a-4072-b1a8-0d5882ace179 /boot xfs     rw,noatime,nodiratime 0 0
UUID=BB7A-4BFD          /boot/efi               vfat    defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
/dev/mapper/rootvg-home /home                   xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-opt  /opt                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-tmp  /tmp                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-usr  /usr                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-var  /var                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-swap none                    swap    defaults        0 0

Networking on two network interfaces and additional route generated.

# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
# Generated by parse-kickstart
TYPE=Ethernet
DEVICE=enp0s3
UUID=e1fddd41-f398-4c1d-8bef-e28ef705d568
ONBOOT=yes
IPADDR=10.0.10.199
NETMASK=255.255.255.0
GATEWAY=10.0.10.1
IPV6INIT=no
DNS1=1.1.1.1
DNS2=9.9.9.9
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME="System enp0s3"

# cat /etc/sysconfig/network-scripts/ifcfg-enp0s8
# Generated by parse-kickstart
TYPE=Ethernet
DEVICE=enp0s8
UUID=5454b587-8c29-41a7-93f8-532c814865de
ONBOOT=yes
IPADDR=10.0.90.199
NETMASK=255.255.255.0
IPV6INIT=no
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME="System enp0s8"

# cat /etc/sysconfig/network-scripts/route-enp0s8
10.0.40.10/24 via 10.0.20.1

# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 1.1.1.1
nameserver 9.9.9.9

Alternatives

Its also possible to use the livemedia-creator from the lorax package … but I would omit it. To be honest I tried it – and it did not worked at all. I started the following process … and it run for more then a DAY and produced NOTHING.

# livemedia-creator \
    --make-iso \
    --ram 4096 \
    --vcpus 4 \
    --iso=/mnt/rhel-8.5-x86_64-boot.iso \
    --ks=/mnt/mykick.cfg

The log file for the operation was also EMPTY. At least that was the run when using the virt-install option with creating everything under virtual machine. This also intrigue me a lot. Why use virtual machines just to create installation media? Its just a bunch of files. There are better options available such as chroot(8) for example … or even so glorified containers such as Docker or Podman. Why use fully fledged virtual machine just to create ISO image? This is a big mystery for me.

Seems that livemedia-creator also has --no-virt option available … but as documentation states – it can “render the entire system unusable” – not very production ready solution for my taste. Below is a screenshot from the official RHEL documentation.

rhel-render

Pity that livemedia-creator did not worked for me – but I already have a working process for that.

Some people also suggested these as valuable alternatives:

Maybe some day I will find time to check them out.

Summary

I am not the best at summaries so I will just write here that the article has ended successfully πŸ™‚

Regards.

EOF

Valuable News – 2022/04/04

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Why the Name Postfix?
https://marc.info/?l=postfix-users&m=164841848519002&w=2

Introducing Caddy-SSH.
https://www.caffeinatedwonders.com/2022/03/28/new-ssh-server/

Sandboxing Mechanism with pledge() and unveil() Support on FreeBSD.
https://lists.freebsd.org/archives/freebsd-hackers/2022-March/000923.html

FreeBSD/EC2 – What I Have Been Up to.
https://www.daemonology.net/blog/2022-03-29-FreeBSD-EC2-report.html

SerenityOS Browser Now Passes Acid3 Test.
https://twitter.com/awesomekling/status/1508953394836353024

Tuning Recordsize in OpenZFS.
https://klarasystems.com/articles/tuning-recordsize-in-openzfs/

FreeBSD User Tests Out Fedora Linux 36.
https://www.youtube.com/watch?v=ySXYTXUvghc

Meet numastat.py Script to Show Memory Use by NUMA Domain on FreeBSD.
https://twitter.com/blaagh/status/1509284322959888387
https://gist.github.com/Freaky/bfa3f6dff4b2e8081eb07d987ae96e72

BSD Now 448 – Controlling Resource Limits.
https://www.bsdnow.tv/448

FreeBSD 13.1-RC1 Now Available.
https://lists.freebsd.org/archives/freebsd-stable/2022-April/000651.html

FreeBSD Adds to uart(4) Concept of Unique Serial Devices.
https://cgit.freebsd.org/src/commit/?id=ad93649d

FreeBSD Imports Realtek rtw88(4) Driver.
https://cgit.freebsd.org/src/commit/?id=2774f206

Basics of ZFS Snapshot Management.
https://klarasystems.com/articles/basics-of-zfs-snapshot-management/

MidnightBSD 2.1.5 – Getting Better.
https://www.youtube.com/watch?v=mnzTClh2uzA

FreeBSD 13.1-RC1 Pulls in OpenZFS 2.1 and WiFi Updates.
https://www.phoronix.com/scan.php?page=news_item&px=FreeBSD-13.1-RC1

FreeBSD 13.1-RC1 Released.
https://meterpreter.org/freebsd/

Upgrading PostgreSQL Jail.
https://www.brianlane.com/post/upgrade-postgres-jail/

Chrome/Chromium Refuses Patches to Support FreeBSD.
https://twitter.com/CendyneNaga/status/1509547577297051651

In Other BSDs for 2022/04/02.
https://www.dragonflydigest.com/2022/04/02/26809.html

Multiprocess Support for LLDB on FreeBSD.
https://www.moritz.systems/blog/multiprocess-support-for-lldb/

FreeBSD 13.1 BETA3 Gnome 41.
https://www.youtube.com/watch?v=ULOPyeZwWJg

Improving NGINX Performance with Kernel TLS and SSL_sendfile() on Linux and FreeBSD.
https://www.nginx.com/blog/improving-nginx-performance-with-kernel-tls/

Create Hybrid ZFS Pool with Disks of Different Sizes.
https://news.ycombinator.com/item?id=30904418

AMD Acquires Pensando for Its DPU Future.
https://www.servethehome.com/amd-acquires-pensando-for-its-dpu-future-intel-ipu-nvidia-bluefield-marvell-octeon-fungible/
https://www.amd.com/en/press-releases/2022-04-04-amd-expands-data-center-solutions-capabilities-acquisition-pensando

Hardware

All New Powerful ITX-3588J 8K AI Mini-ITX Mainboard.
https://www.youtube.com/watch?v=WhwKPGRuGDM

Lenovo ThinkCentre M90q Tiny Gen 3 Released with 2.5GbE Option.
https://www.servethehome.com/lenovo-thinkcentre-m90q-tiny-gen-3-quietly-released-with-2-5gbe-option-intel/

4×4 Inch NUC 12 Spotted.
https://www.fanlesstech.com/2022/04/breaking-4×4-inch-nuc-rebranded-as-nuc.html

Life

Maybe You Should do Less Work.
https://www.johnwhiles.com/posts/work.html

Other

RIP – Fallout Developers Profile – Scott Bennie.
http://archive.nma-fallout.com/article.php?id=35576

Twitter Founder Jack Dorsey Expresses Regret for Damaging the Internet.
https://thepostmillennial.com/twitter-founder-jack-dorsey-expresses-regret-for-damaging-the-internet

EOF