Valuable News – 2020/09/14

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

FreeBSD Adds Intel GVT-d Support for Bhyve.
https://reviews.freebsd.org/D26209

Find Which Package Provides Given File in OpenBSD.
https://dataswamp.org/~solene/2020-09-04-pkglocate-openbsd.html

FreeBSD DRM (Graphics Stack) Report 2020/08/31.
https://lists.freebsd.org/pipermail/freebsd-x11/2020-September/026584.html

DragonflyBSD HAMMER2 Now Supports Autoexpand.
http://lists.dragonflybsd.org/pipermail/commits/2020-September/769675.html

FreeBSD Makes net.fibs in Each VNET Growable.
https://svnweb.freebsd.org/base?view=revision&revision=364465

The pkgsrc Developer Monotony.
https://bentsukun.ch/posts/pkgsrc-toil/

BSD Weekly – Issue 36.
https://bsdweekly.com/issues/36

Browsable Snapshots with ZFS.
https://theorangeone.net/posts/zfs-browsable-snapshots/

Sync Your Files Over P2P Network with Resilio Sync.
https://www.maketecheasier.com/sync-files-over-p2p-network-with-resilio-sync/

OpenBSD DNS Server with unbound and nsd (2019).
https://jamsek.dev/posts/2019/Jul/28/openbsd-dns-server-with-unbound-and-nsd/

Figure Out OpenBSD Packages Dependencies with pkg_depts Tool.
https://github.com/mpfr/pkg_depts

BSD Now 367 – Changing Jail Datasets.
https://www.bsdnow.tv/367

Tarsnap – Cleaning Up Old Backups.
https://dan.langille.org/2020/09/10/tarsnap-cleaning-up-old-backups/

GNU GDB Debugger and NetBSD – Part 4.
https://blog.netbsd.org/tnf/entry/the_gnu_gdb_debugger_and3

Shell Tutorial for Absolute Beginners.
https://kamila.is/teaching/shell/

Install FreeBSD GUI by Compilation from Ports.
https://www.youtube.com/watch?v=RYZtDq8PYqQ

Introduction to Hardware Hacking on FreeBSD with Raspberry Pi.
https://www.youtube.com/watch?v=OZKImUtlGl0
https://adventurist.me/presentations/freebsdandraspberrypi-ffstream/freebsdandraspberrypi-ffstream.html

In Other BSDs for 2020/09/12.
https://www.dragonflydigest.com/2020/09/12/24939.html

Update to FreeBSD ure(4) Realtek RTL8152/RTL8153 Driver from ~90Mbps to 950Mbps.
https://svnweb.freebsd.org/base?view=revision&revision=365648

GSoC Reports – Benchmarking NetBSD – 3rd Evaluation Report.
https://blog.netbsd.org/tnf/entry/gsoc_reports_benchmarking_netbsd_third

FreeBSD 12.2-BETA1 Now Available.
https://lists.freebsd.org/pipermail/freebsd-stable/2020-September/092680.html

Aggressive pf(4) Configuration for SSH Protection.
https://blog.thechases.com/posts/bsd/aggressive-pf-config-for-ssh-protection/

New Oshogbo Project – zedfs.com – News and Tutorials about ZFS.
https://oshogbo.vexillium.org/blog/80/
https://zedfs.com

New XigmaNAS 12.1.0.4.7743 Release Available.
http://sourceforge.net/projects/xigmanas/files/XigmaNAS-12.1.0.4/12.1.0.4.7743/

Install OpenBSD on Raspberry Pi 4.
https://www.sudopigeon.com/raspberry-pi/os-install-installing-openbsd-on-a-raspberry-pi-4/

Tuning PostgreSQL on ZFS.
https://pg.uptrace.dev/zfs/

Interprocess Communication in FreeBSD 11 – Performance Analysis.
https://arxiv.org/abs/2008.02145
https://arxiv.org/pdf/2008.02145.pdf

MidnightBSD Developer Journal – webcam.
https://www.justjournal.com/users/mbsd/entry/33807

Hardware

AMD PSB Vendor Locks EPYC CPUs for ‘Enhanced Security’ at Cost.
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/

LTO9 Specs Released with 18 TB Raw and 45 TB Compressed.
https://www.lto.org/2020/09/a_the-lto-program-releases-specifications-for-upcoming-generation-9/

Armari Magnetar X64T Workstation – 64 Cores of AMD EPYC All Sustained at 4.0 GHz.
https://www.anandtech.com/show/16070/a-rendering-powerhouse-the-armari-magnetar-x64t-workstation-with-4-ghz-allcore-threadripper-3990x

AMD Based 6W Lenovo ThinkCentre M75n Available.
https://www.fanlesstech.com/2020/09/thinkcentre-m75n-iot-available.html

Axiomtek PICO317 Fanless Atom x5-E3940 Pico-ITX SBC with mSATA and up to 8 GB RAM.
https://www.cnx-software.com/2020/09/11/pico317-fanless-atom-x5-e3940-pico-itx-sbc-powers-industrial-iot-applications/
https://www.axiomtek.com/Default.aspx?MenuId=Products&FunctionId=ProductView&ItemId=25762&C=PICO317&upcat=137#

USB Mass Storage and USB Attached SCSI … are Both SCSI.
https://www.devever.net/~hl/usbuas

NVIDIA to Acquire ARM for $40 Billion.
https://www.anandtech.com/show/16080/nvidia-to-acquire-arm-for-40-billion
https://nvidianews.nvidia.com/news/nvidia-to-acquire-arm-for-40-billion-creating-worlds-premier-computing-company-for-the-age-of-ai

Banana Pi BPI-M5 Amlogic S905X3 SBC in Works.
https://www.cnx-software.com/2020/09/14/banana-pi-bpi-m5-amlogic-s905x3-sbc/

20 Greatest Home Computers Ranked.
https://www.theguardian.com/games/2020/sep/07/the-20-greatest-home-computers-ranked

Life

Citroen Ami – Tiny Cube on Wheels that French 14 Year Olds Can Drive.
https://www.theguardian.com/world/2020/sep/11/ami-the-tiny-cube-on-wheels-that-french-14-year-olds-can-drive

Other

AVIF Has Landed.
https://jakearchibald.com/2020/avif-has-landed/

Cassidy Desk.
https://cassidyjames.com/desk/

Bullfrog after Populous.
https://www.filfre.net/2020/09/bullfrog-after-populous/

EOF

Valuable News – 2020/09/07

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Vermaden – FreeBSD – HP Elitebook – Very Nice.
https://www.youtube.com/watch?v=KiY32p3LH6c

Installing OpenBSD 6.7 with Disk Encryption and FVWM Ricing.
https://medium.com/@crhenr/installing-openbsd-6-7-with-disk-encryption-fvwm-ricing-b6fb7e2073e6

Minimal OpenBSD Virtual Machine.
https://medium.com/@AliFarzanrad/minimal-openbsd-virtual-machine-94dcd06dacf

FreeBSD Foundation Celebrates 20 Years of Promoting and Supporting FreeBSD Project.
https://itsfoss.com/freebsd-foundation-20-years/

Modernizing OpenBSD Console.
https://www.cambus.net/modernizing-the-openbsd-console/

Tailscale for illumos.
https://blog.shalman.org/tailscale-for-illumos/

OpenZFS Support Merged into FreeBSD HEAD.
https://svnweb.freebsd.org/base?view=revision&revision=364746

Running Wine in 32-bit Sandbox on 64-bit NetBSD.
https://washbear.neocities.org/wine-sandbox.html

Bastille Manager as XigmaNAS Extension.
https://www.xigmanas.com/forums/viewtopic.php?f=71&t=14848

CVE-2020-7460 – FreeBSD Kernel Privilege Escalation.
https://www.thezdi.com/blog/2020/9/1/cve-2020-7460-freebsd-kernel-privilege-escalation

Rewritten in Rust – Modern Alternatives of Command Line Tools.
https://zaiste.net/posts/shell-commands-rust/

Android App Development Under FreeBSD.
https://baohaojun.github.io/blog/2020/06/16/0-Android-App-development-under-FreeBSD.html

Beginners Guide to FreeBSD.
https://www.fosslife.org/beginners-guide-freebsd

FreeBSD 11.3 End of Life Announced.
https://lists.freebsd.org/pipermail/freebsd-announce/2020-September/001982.html

FreeBSD Cluster with Pacemaker and Corosync.
https://vermaden.wordpress.com/2020/09/03/freebsd-cluster-with-pacemaker-and-corosync/

BSD Weekly – Issue 35.
https://bsdweekly.com/issues/35

BSD Now 366 – Bootloader Zpool Checkpoints.
https://www.bsdnow.tv/366

Bhyve – FreeBSD Hypervisor.
https://klarasystems.com/articles/bhyve-the-freebsd-hypervisor/

BpyTop on FreeBSD – Bashtop Goodliness.
https://www.youtube.com/watch?v=ZeSol-Igoeo

First FreeBSD CURRENT Snapshots Built from FreeBSD Git Sources.
https://lists.freebsd.org/pipermail/freebsd-current/2020-September/076975.html

FreeBSD Mini Git Primer.
https://hackmd.io/hJgnfzd5TMK-VHgUzshA2g

Migrating from Mastodon to Pleroma.
https://icyphox.sh/blog/mastodon-to-pleroma/

KDE Su Adds OpenBSD doas(1) Support.
https://invent.kde.org/frameworks/kdesu/-/merge_requests/5

In Other BSDs for 2020/09/05.
https://www.dragonflydigest.com/2020/09/05/24909.html

Quare FreeBSD?
https://vermaden.wordpress.com/2020/09/07/quare-freebsd/

Lessons Learned from SSH Credential Honeypots.
https://systemoverlord.com/2020/09/04/lessons-learned-from-ssh-credential-honeypots.html

Hardware

AnandTech Best SSDs – 2020/08.
https://www.anandtech.com/show/9799/best-ssds

PinePhone Manjaro Community Edition.
https://www.pine64.org/2020/08/31/pinephone-manjaro-community-edition/

ARM Cortex-R82 – First 64-bit Real Time Processor.
https://www.anandtech.com/show/16056/arm-announces-cortexr82-first-64bit-real-time-processor

Reducing SATA Power Consumption.
https://insanity.industries/post/sata-power-consumption/

Seagate IronWolf Pro 18TB HDD and 4TB IronWolf NAS SSDs Arrive.
https://www.servethehome.com/seagate-ironwolf-pro-18tb-hdd-and-4tb-ironwolf-nas-ssds-arrive/

Why I Love ARM and PowerPC.
https://opensource.com/article/18/4/why-i-love-arm-and-powerpc

8086 Microcode Disassembled.
https://www.reenigne.org/blog/8086-microcode-disassembled/

Look at Die of 8086 Processor.
https://www.righto.com/2020/06/a-look-at-die-of-8086-processor.html

Life

Amazon Drivers are Hanging Smartphones in Trees to Get More Work.
https://www.bloomberg.com/news/articles/2020-09-01/amazon-drivers-are-hanging-smartphones-in-trees-to-get-more-work

Mass Surveillance Program Exposed by Snowden Was Illegal.
https://www.reuters.com/article/us-usa-nsa-spying/u-s-court-mass-surveillance-program-exposed-by-snowden-was-illegal-idUSKBN25T3CK

Other

Complete Oracle to PostgreSQL Migration Guide.
https://www.enterprisedb.com/blog/the-complete-oracle-to-postgresql-migration-guide-tutorial-move-convert-database-oracle-alternative

PostgreSQL 13 Beta – Index Deduplication.
https://blog.rustprooflabs.com/2020/09/postgres-beta3-btree-dedup

EOF

Quare FreeBSD?

I really wanted to make this article short … but I failed miserably. At least I tried to organize it well so one may get back to it after ‘some’ reading because its not a short lecture. I wanted to title it Why FreeBSD? but when you type that into your favorite duck.com search engine there are so many similar articles. I wanted it to have distinguished and unique name so I used Latin word for ‘why‘ which is ‘quare‘.

logo-freebsd

What FreeBSD can offer you that other operating systems does not? From all of the operating systems I used I find FreeBSD to suck the least. This post is not here to convince you to use or try FreeBSD – this you will have to do by yourself. This article will show you why FreeBSD is valuable or better alternative to other operating systems and is definitely not dying.

This is the Table of Contents for this article.

  • Base System
  • ZFS Boot Environments
  • Rescue
  • Audio
  • Jails
  • FreeBSD Ports Infrastructure
  • Updating/Building from Source
  • Storage
  • Init System
  • Linux Binary Compatibility
  • Simplicity
  • Evolution Instead Rewriting
  • Documentation
  • Community
  • Closing Thoughts

Base System

When you install a Linux system its just a bunch of RPM or DEB packages. For example of you install CentOS 7.8 Minimal variant you end up with several hundred RPM packages installed. After a week or month many of these packages will get updates sometimes making this CentOS system unusable or even unbootable (recent GRUB Boothole problem for example). On the contrary FreeBSD comes with a Base System concept. This means that when you install FreeBSD you install a minimal system as a whole. No packages or subsystems to be separately updated. Just whole Base System. That means that /boot /bin /sbin /usr /etc /lib /libexec /rescue directories are untouchable by any packages. When you decide to install packages (or build them using FreeBSD Ports) they will all fall into the /usr/local prefix. That means /usr/local/etc for configuration. The /usr/local/bin and /usr/local/sbin directories for binaries. The /usr/local/lib and /usr/local/libexec for libraries and so on. The FreeBSD Base System kernel modules are kept in the same dir along with the kernel in the /boot/kernel directory. To make things tidy all kernel modules that are provided by packages go into the /boot/modules dir. Everything has its place and its separated.

That is separation between Base System binaries (at /bin /sbin /usr/bin /usr/sbin dirs) and Third Party Packages maintained by pkg(8) and are located at /usr/local/bin and /usr/local/sbin dirs. We all know differences between bin (user) and sbin (root) binaries but in FreeBSD there is also another more UFS related separation. When there was only UFS filesystem in the FreeBSD world the /bin and /sbin binaries were available at boot after the root (/) filesystem was mounted and yet before /usrย  filesystem was mounted – this is historical (and still useful in the UFS setups) distinction dating to old UNIX days. In ZFS setups it does not matter as all files are on ZFS pool anyway.

The FreeBSD Base System separation also helps with another thing – if any package gets the ‘great’ idea to install new compiler named cc and override the default system compiler … or to add libraries/includes in such a way that makes it super hard to get back into a working system. If some random FreeBSD package would add libc.so to /usr/local/lib dir then you are covered and not prevented from running programs as usual because FreeBSD system binaries are linked to stuff in /usr/lib dir. This is why there is PATH variable on UNIX systems (and FreeBSD as well) to set which directories should be searched for binaries first. On FreeBSD by default its set search Base System binaries dirs first and then Third Party Packages later.

You can update (or not) the Base System separately from the installed packages with freebsd-update(8) command when using RELEASE or by recompiling with make buildworld and make installworld commands when using STABLE/CURRENT systems. When it comes to packages you can update them using the pkg(8) tool or portmaster when building from FreeBSD Ports tree under /usr/ports dir. That means that any packages updates will not touch your FreeBSD Base System at all. For example when you mess up (and I have done that in the beginning of my FreeBSD journey) the compiled ports and packages and you want to start over the only thing you have to do is remove /usr/local and /boot/modules and /var/db/pkg directories. That’s it. You are just reverted to your Base System and can start over. This is just not possible when using Linux system. Even with Gentoo that many concepts are based on FreeBSD ideas does not have Base System feature. This Base System also have additional feature. Because its separated from packages version no one stops you from running oldshool FreeBSD 9.0 from 2012 and install there latest Firefox 80 or LibreOffice 7.0. You can not install latest Firefox on Ubuntu from 2012 …

One may be ‘afraid’ that such Base System independent from installed packages would take more space but nothing far more from the truth. The fresh installed FreeBSD 12.1 system uses less then 1 GB of disk space and takes less then 75 MB of RAM with sshd(8) running. For the comparison fresh CentOS 7.8 install with ‘Minimal’ set chosen takes 1.1 GB of disk space and uses more then 100 MB RAM with sshd(8) running. Such CentOS system is really naked and really needs more packages to be usable while FreeBSD with its Base System is far more capable and powerful and comes along with builtin latest version of LLVM/CLANG compiler suite for example.

More on the Base System topic:

ZFS Boot Environments

I have talked about this many times and probably one time too less because Linux world still ignores this bless. Having ZFS Boot Environments its such a game changer that once you realize how powerful it is you will never want to use a system that does not support it. The idea is that you can snapshot a running system at any moment of time and then reboot into that moment (or snapshot) if something happened. Its perfect solution for upgrade or changes to the system. The FreeBSD systems are already well ‘protected’ from problems arising after updating the packages but ZFS Boot Environments takes this to a whole new level.

groundhog

Like in the movie Groundhog Day (1993) with ZFS Boot Environments you will have limitless chances to get your shit toghether. Even the Base System updates and changes are protected by it. You can even transport that Boot Environment by using zfs send and zfs recv commands to other system … or propagate it on many systems. You can create Jails containers from it … or install new version of FreeBSD in the new Boot Environment and reboot into it while still having your older ‘production’ system untouched.

More on the ZFS Boot Environments topic:

Rescue

When you really mess up to the point that even Base System concept or ZFS Boot Environments feature did not stopped you from killing your FreeBSD installation then there is one more level of rescue … the Rescue subsystem.

rescue

You have about 150 statically linked binaries available at your disposal for the rescue mission of that FreeBSD installation. You probably think now that if its so many binaries then it probably takes a lot of space … nothing far more from the truth. Its actually one static binary with hardlinks … and it takes whooping 11 MB of disk space.

# ls -lh /rescue | head -5
total 1118446
-r-xr-xr-x  146 root  wheel    11M 2020.02.19 21:10 [
-r-xr-xr-x  146 root  wheel    11M 2020.02.19 21:10 bectl
-r-xr-xr-x  146 root  wheel    11M 2020.02.19 21:10 bsdlabel
-r-xr-xr-x  146 root  wheel    11M 2020.02.19 21:10 bunzip2

They Rescue subsystem even contains such binaries as bectl(8) for ZFS Boot Environments management or zfs(8) and zpool(8) commands for the ZFS filesystem. Here is complete list of these binaries.

# ls /rescue
[           dd               fsck_ffs      init       mdmfs          ping      rtsol        unlink
bectl       devfs            fsck_msdosfs  ipf        mkdir          ping6     savecore     unlzma
bsdlabel    df               fsck_ufs      iscsictl   mknod          pkill     sed          unxz
bunzip2     dhclient         fsdb          iscsid     more           poweroff  setfacl      unzstd
bzcat       dhclient-script  fsirand       kenv       mount          ps        sh           vi
bzip2       disklabel        gbde          kill       mount_cd9660   pwd       shutdown     whoami
camcontrol  dmesg            geom          kldconfig  mount_msdosfs  rcorder   sleep        xz
cat         dump             getfacl       kldload    mount_nfs      rdump     spppcontrol  xzcat
ccdconfig   dumpfs           glabel        kldstat    mount_nullfs   realpath  stty         zcat
chflags     dumpon           gpart         kldunload  mount_udf      reboot    swapon       zdb
chgrp       echo             groups        ldconfig   mount_unionfs  red       sync         zfs
chio        ed               gunzip        less       mt             rescue    sysctl       zpool
chmod       ex               gzcat         link       mv             restore   tail         zstd
chown       expr             gzip          ln         nc             rm        tar          zstdcat
chroot      fastboot         halt          ls         newfs          rmdir     tcsh         zstdmt
clri        fasthalt         head          lzcat      newfs_msdos    route     tee          
cp          fdisk            hostname      lzma       nextboot       routed    test         
csh         fsck             id            md5        nos-tun        rrestore  tunefs       
date        fsck_4.2bsd      ifconfig      mdconfig   pgrep          rtquery   umount   

More on the Rescue topic:

Audio

Not many people expect from FreeBSD to shine in that department but it shines a lot here and not from yesterday but from decades. Remember when Linux got rid of the old OSS subsystem with one channel and came up with ‘great’ idea to write ALSA? I remember because I used Linux back then. Disaster is very polite word to describe Linux audio stack back then … and then PulseAudio came and whole Linux audio system got much worse. Back then because of that one OSS channel and many ALSA channels meant that ONLY ONE application with OSS backend could do the sound (for example WINE). But if another application would want to ‘make’ sound using OSS and you already have WINE started then it will be soundless because that one and only OSS channel was already taken. And remember that ALSA was so bad back then that KDE or GNOME made their own sound daemons mixing audio in userspace that were incompatible with each other. That means if you used KDE and GNOME apps back then you could have sound from GNOME apps but not from KDE apps or vice versa. One big fucking audio hell on Linux.

audio

Lets get back to FreeBSD audio then. What FreeBSD offered? A whooping 256 OSS channels mixed live in kernel for low latency. Everything audio related just worked out of the box – and still works today. You could have WINE or KDE/GNOME sound backends attached to their OSS channels and also ALSA apps getting their sound device without a problem. Even when you plugged a 5.1 surround system into FreeBSD it worked out of the box without any configuration and applications were able to use it immediately. That FreeBSD audio supremacy remains today as PulseAudio sound mixing in userspace while generally working incorporates large latency on Liunx compared to in kernel FreeBSD mixing with low latency.

Comrade meka suggested that FreeBSD is also the only OS which has virtual_oss that allows mixing/resampling/compressing in user space and allows one to have Bluetooth headphones and USB microphone represented as single sound card.

More on the Audio topic:

Jails

The FreeBSD Jails are one of the oldest OS Level Virtualization implementations dating back to 1999. Even the Solaris Zones/Containers came five years later in 2004.

containers

After Docker was introduced in Linux the term OS Level Virtualization became less used to the Containers term and now the FreeBSD Jails along with Solaris Zones/Containers are named 1st generation containers. But that naming nomenclature change does not make FreeBSD Jails less powerful. They are also really brain dead simple to use. You just need a directory – for example /jail/nextcloud – where you will extract the FreeBSD Base System for desired release version – for example base.txz from 12.1-RELEASE and create the Jail config in the /etc/jail.conf file as shown below.

# mkdir -p /jail/nextcloud
# fetch -o - http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.1-RELEASE/base.txz | tar --unlink -xpJf - -C /jail/nextcloud
# cat /etc/jail.conf
nextcloud {
  host.hostname = nextcloud.local;
  ip4.addr = 10.0.0.100;
  path = /jail/nextcloud;
}

Now you can start you Jail right away.

# service jail onestart nextcloud
Starting jails: nextcloud.

Voila! Your FreeBSD Jail is already running.

# jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.100      nextcloud.local               /jail/nextcloud

You can of course have a trimmed down version of FreeBSD Base System in the Jail if that is needed. The ZFS filesystem also helps here greatly because with zfs clone only your ‘base’ Jail will take space and only the changes you make to Jails created from it. Thanks to other FreeBSD subsystem – the Linux Binary Compatibility – you can also create a Linux Jail – for example running Devuan Jail.

The FreeBSD Jails are also very lightweight. You can boot and use about 1000 FreeBSD Jails on a single FreeBSD system with 4 GB RAM.

They are also very easy to debug and troubleshoot comparing even to plain Docker – not to even mention Kubernetes which requires whole team of highly skilled people to maintain.

The FreeBSD Jails may be configured/managed only by the Base System utilities such as jls(8)/jexec(8) but you can also select from many third party Jail management frameworks. From all available ones I would choose BastilleBSD because of their modern approach and many ready to use templates for all needed use cases.

More on the Jails topic:

FreeBSD Ports Infrastructure

This is one of another examples why FreeBSD rocks that much. When you install Ubuntu or CentOS in some version there is chance that you will end up with not latest versions of packages but with versions that were quite up-to-date when this distribution version was released. Its especially visible in the CentOS world (and its upstream enterprise source system from Red Hat) where packages are quite up-to-date when .0 (dot zero) release is published but are VERY outdated when .8 or .9 incarnation of that release is available. Not to even mention that Firefox for example is released every month …

packages

As I said before when describing the FreeBSD Base System the FreeBSD Ports (and packages built from it available through pkg(8)) are independent. That means that third party software from FreeBSD Ports is almost always up-to-date (or very close to it). You can even check it on the repology.org site for the details. Below you will find a ‘snapshot’ of the repology.org stats from time of writing this article. The ‘online’ table is very long so I copy/pasted just the systems relevant to the article.

repology

One of the other advantages of FreeBSD Ports is that it offers really MASSIVE amount of software counting 40354 ports when writing this article and still rising. Amount of ready to be installed packages are little smaller with more then 32000 available.

I once migrated for a while to OpenSolaris in 2009 on my Dell Latitude D630 laptop because I really liked all the Solaris features (including ZFS and ZFS Boot Environments that were not available on FreeBSD back then) and the OpenSolaris GNOME based desktop was pretty nice back then even with Time Slider feature for ZFS snapshots in the Nautilus file manager. I got working WiFi connection, sound was working, generally everything on my laptop was supported and working with OpenSolaris … but there was no software. Of course ‘large’ projects like GIMP or OpenOffice was available even in the default pkg(8) repository but not much else. There was less then 4000 packages back then on OpenSolaris while about 25000 packages on FreeBSD if I recall correctly.

You can also easily browse available FreeBSD Ports (and its options) on the web by using the https://freshports.org/ page.

ports

The count of FreeBSD Ports is one thing, the features is another. No matter which Linux distribution you are using you will find a software that was compiled and shipped without that needed flag that you desperately need. If you find such software on FreeBSD it ‘hurts’ only for a moment because you can VERY EASILY recompile that software with needed options and replace that ‘default’ package with yours. For example the FreeBSD project is afraid to provide packages of Lame because of existing MP3 patents, so multimedia/ffmpeg package is built without MP3 support (with --disable-libmp3lame flag). That is why I have my own audio/lame and multimedia/ffmpeg packages built with my configure options and that is very easy to achieve. You need to go to the /usr/ports/multimedia/ffmpeg dir type make config and select [x] LAME at the ncurses dialog. Your chosen options will be saved as plain /var/db/ports/multimedia_ffmpeg/options file. If you remove that file (or type make rmconfig) then these custom options will reset to defaults. Then you type make build deinstall install clean and your port with new options is ready and installed as package. Nothing more is needed. You can even lock that package from the pkg(8) upgrades with pkg lock -y ffmpeg command so it will not be modified later but its better to rebuild such packages everytime you do a pkg upgrade procedure because of libraries versions bump and changes. While its very easy and fast to create a script with these commands to make it more automated you can also use other parts of the FreeBSD Ports infrastructure – enter Poudriere (or Synth) – more on that in the next part.

You also do not have to configure each port that way (which could be PITA for large amount of ports) but you may specify your needed (OPTIONS_SET) or unwanted (OPTIONS_UNSET) parameters only once globally using the /etc/make.conf file. You can also specify which default versions of software you want to use, for example Apache 2.2 instead of 2.4 and PHP 7.0 instead of 7.2. You can find all default versions in the /usr/ports/Mk/bsd.default-versions.mk file. Once you setup these options you can build/rebuild or update your packages from FreeBSD Ports by portmaster(8) tool. Like on Gentoo Linux with USE flags. But this is the original. Gentoo took all/most of its ideas from FreeBSD system and its Ports infrastructure.

The Poudriere is a build framework that uses FreeBSD Ports and FreeBSD Jails to build requested packages in clean reproducible way. You can create whole new binary package repository for pkg(8) command to use with it. I mentioned Synth because while Poudriere is often used to produce whole package repository the Synth is usually used just to rebuild several packages that does not fit your needs.

There is one important things about FreeBSD Ports that is often misunderstood by newcomers. What is the difference between the Ports and packages that are fetched and installed by pkg(8) tool? Its quite simple. A package is just a build and installed port. Nothing more or less. When you use the binary packages using pkg(8) command you are using packages that someone (the FreeBSD project in that case) built for you from the FreeBSD Ports in some point in time. While FreeBSD strives to maintain as up-to-date built packages as possible its the nature of FreeBSD Ports that they are always more up-to-date then the built packages. That is why you may build and install a new version of needed packages by yourself using FreeBSD Ports. One may think of such usage when it comes to security holes. When some locally executed commands (like file(1) for example) has a security hole then its not critical for you to update it as fast as possible because that security hole can be harmless for you, but when new version of Firefox fixes very important security hole then its better to update from FreeBSD Ports version faster because waiting 2 days for the package to be built (along with other packages) can be too long.

More on the FreeBSD Ports topic:

Updating/Building from Source

While the FreeBSD Ports infrastructure is for third party software the FreeBSD Base System (or its parts) also can be easily and convenient build from source. The FreeBSD kernel config is also very small and simple. While Linux kernel config contains thousands of options – 4432 for example in the default CentOS 8.2 install the FreeBSD GENERIC config has about 20 times options less – only 260 options. But that does not saturate the topic. You can start with MINIMAL FreeBSD kernel config which has only 75 options specified.

Linux # grep -c '^CONFIG' /boot/config-$( uname -r )
4432

FreeBSD # grep -c -E '^(device|options)' /usr/src/sys/amd64/conf/GENERIC
260

FreeBSD # grep -c -E '^(device|options)' /usr/src/sys/amd64/conf/MINIMAL
75

… and its not only about smaller amount of options. Can you tell my how many steps (and which ones are required) to rebuild CentOS or Ubuntu for example without Bluetooth support?

code

On the contrary its very simple (and fast) on the FreeBSD side. While /etc/make.conf file is used to enable/disable Ports options the /etc/src.conf file is used to enable/disable FreeBSD Base System options while building it from source. To build FreeBSD without Bluetooth support just add WITHOUT_BLUETOOTH=yes to the /etc/src.conf file and type these to build it:

# beadm create safe
# cd /usr/src
# make buildworld kernel
# reboot
# cd /usr/src
# make installworld
# mergemaster -iU
# reboot

Voila! You now have FreeBSD without Bluetooth support … and if any of the steps failed or because of your lack of experience/expertise your FreeBSD system does not boot or is broken you can use tools from /rescue to try to fix it (or at least figure out what is broken) and when you do not want to cope with this jest select safe ZFS Boot Environment at the FreeBSD loader(8) to boot to the system before you started building modified version of FreeBSD. Yes, You are bulletproof here. While having 294 WITHOUT_X options and 125 WITH_X options you can really tune FreeBSD Base System to your needs.

# zgrep -c WITHOUT_ /usr/share/man/man5/src.conf.5.gz
294

# zgrep -c WITH_ /usr/share/man/man5/src.conf.5.gz
125

The big downside of updating FreeBSD by source is that you can not use the freebsd-update tools to do it … but nothing stops you from creating your own FreeBSD Update Server so you will be able to use freebsd-update by adding updates using a CURRENT or STABLE system instead of RELEASE. That process is described in the Build Your Own FreeBSD Update Server article of official FreeBSD documentation.

More on the FreeBSD Source Updates/Builds topic:

Storage

Storage is one of the parts where FreeBSD really shines. Lots of people adore FreeBSD for well integrated ZFS filesystem and its really true. ZFS in FreeBSD has always been first class citizen. Lately OpenZFS 2.0 has been also integrated from the upstream joint FreeBSD and Linux repository. More and more FreeBSD features and solutions are using ZFS features.

openzfs

Most of these people that like integrated ZFS in FreeBSD do not know about the FreeBSD GEOM modular disk transformation framework which provides various storage related features and utilities like software RAID0/RAID1/RAID10/RAID3/RAID5 configurations or transparent encryption of underlying devices with GELI/GDBE (like LUKS on Linux). It also allows transparent filesystem journaling for ANY filesystem with GJOURNAL (yes also for FAT32 or exFAT) or allows one to export block devices over network with GEOM GATE devices (like NFS for block devices).

storage

FreeBSD also has its own FUSE implementation which allows all these FUSE based filesystems to work natively on FreeBSD. While lots of Linux folks know DRBD probably very few of them knew that FreeBSD comes with its own DRBD like solution called HAST – which does exactly the same thing. While ZFS has a lot features and possibilities FreeBSD still maintains and develops fast and small memory footprint UFS filesystem which today is used either with Soft Updates (SU) or Journaled Soft Updates (SUJ) depending on the use case. For example 10 TB data on UFS filesystem with Journaled Soft Updates (SUJ) takes about 1 minute under fsck(8). These storage solutions are available from FreeBSD Base System alone. The FreeBSD Ports offers much more with distributed filesystems solutions such as CEPH, LeoFS, LizardFS or Minio for Amazon S3 compatible storage.

More on the Storage topic:

Init System

FreeBSD offers really simple yet very powerful init system. It has system wide config under /etc/rc.conf file when you can enable/disable needed services with service_enable=YES and service_enable=NO stanzas. You do not even need to launch vi(1) to add them – just type sysrc service_enable=YES and they are added to the /etc/rc.conf file. There are also default values and services that are enabled and you will find them – along with many comments – in the /etc/defaults/rc.conf file. Each FreeBSD service file has PROVIDE/REQUIRE stanzas which are then used to automatically order the services to start. Services that can be run in parallel are started in parallel to save time. For example its pointless to start sshd(8) daemon without network. To start or stop the serivice you need to type service sshd start or service sshd stop command. But when a service is not enabled in the /etc/rc.conf file then you need to used add onestart and onestop instead. The Base System separation remains here as FreeBSD Base System services are located at /etc/rc.d directory and third party applications from ports/packages are kept under /usr/local prefix which means /usr/local/etc/rc.d dir.

When using systemd(1) you never know how the services gonna start because it will be different each time. Zero determinism. On FreeBSD you know exactly which services will start when because they are always ordered in the same state according to the PROVIDE/REQUIRE stanzas. FreeBSD also offers tools that will tell you the exact order – rcorder(8) – which can be used for all services, Base System services or third party services separately. There is also service -r command that will show you what was the orfer at the boot time.

# rcorder /etc/rc.d/* | head
/etc/rc.d/growfs
/etc/rc.d/sysctl
/etc/rc.d/hostid
/etc/rc.d/zvol
/etc/rc.d/dumpon
/etc/rc.d/ddb
/etc/rc.d/geli
/etc/rc.d/gbde
/etc/rc.d/ccd
/etc/rc.d/swap

# rcorder /usr/local/etc/rc.d/* | tail
/usr/local/etc/rc.d/hald
/usr/local/etc/rc.d/git_daemon
/usr/local/etc/rc.d/fscd
/usr/local/etc/rc.d/cupsd
/usr/local/etc/rc.d/cups_browsed
/usr/local/etc/rc.d/clamav-clamd
/usr/local/etc/rc.d/clamav-milter
/usr/local/etc/rc.d/clamav-freshclam
/usr/local/etc/rc.d/avahi-dnsconfd
/usr/local/etc/rc.d/aria2

# rcorder /etc/rc.d/* /usr/local/etc/rc.d/* 2> | grep -C 3 sshd
/etc/rc.d/ubthidhci
/etc/rc.d/syscons
/etc/rc.d/swaplate
/etc/rc.d/sshd
/etc/rc.d/cron
/etc/rc.d/jail
/etc/rc.d/localpkg

Adding new service to FreeBSD is also very easy as template for new service is very small and simple.

#!/bin/sh

. /etc/rc.subr

name=dummy
rcvar=dummy_enable

start_cmd="${name}_start"
stop_cmd=":"

load_rc_config $name
: ${dummy_enable:=no}
: ${dummy_msg="Nothing started."}

dummy_start()
{
	echo "$dummy_msg"
}

run_rc_command "$1"

If its not simple enought for you there is dedicated FreeBSD article about writing them – Practical rc.d Scripting in BSD – available here.

More on the Init System topic:

Linux Binary Compatibility

While Linux can not be FreeBSD – the FreeBSD can be Linux – and its not some slow emulation – its implementation of Linux system calls. There was time when enterprises used to work with Linux only applications (not available on FreeBSD by then) using the Linux Binary Compatibility on FreeBSD because it was faster then running them natively on Linux – FreeBSD Used to Generate Spectacular Special Effects – an official FreeBSD Press Release about FreeBSD being used to generate spacial effects to the one of the best movies of all time – The Matrix (1999).

matrix

Today the LINUX_COMPAT is also natively fast and allows one to run Linux applications – even Linux games in X11 with hardware acceleration for graphics. Think of it as WINE but for Linux applications. It lives under /compat/linux directory. It even implements Linux /proc virtual filesystem which can be mounted at the /compat/linux/proc dir but its not mandatory. For any software that does not come with source code and works on Linux the Linux Binary Compatibility saves the day. For example the f.lux project. Before I got to know Redshift I used f.lux Linux binary using LINUX_COMPAT to suppress blue spectrum light from my FreeBSD screen. The Linux Binary Compatibility subsystem can also be used to run Linux bases FreeBSD Jails – with Devuan for example.

More on the Linux Binary Compatibility topic:

Simplicity

FreeBSD is simple but not coarse/ornery. For example as Linux the FreeBSD system also supports the /proc virtual filesystem but on FreeBSD its optional and not used by default while Linux could not live without it. But while Linux has mandatory /proc it also has another virtual filesystem residing under /sys … but why Linux people need two different virtual filesystems with similar purposes? Why they could not create everything under /proc as it already existed. That is big enigma for my sanity.

But /sys is not the end of that madness. Its just a beginning.

What about these?

  • securityfs
  • devpts
  • cgroup
  • pstore
  • bpf
  • configfs
  • selinuxfs
  • systemd-1
  • mqueue
  • debugfs
  • hugetlbfs

Take a look at the FreeBSD mount(8) output after the default install on ZFS.

FreeBSD # mount
zroot/ROOT/12.1 on / (zfs, local, noatime, nfsv4acls)
devfs on /dev (devfs, local, multilabel)
zroot/tmp on /tmp (zfs, local, noatime, nosuid, nfsv4acls)
zroot/var/mail on /var/mail (zfs, local, nfsv4acls)
zroot/usr/home on /usr/home (zfs, local, noatime, nfsv4acls)
zroot/var/crash on /var/crash (zfs, local, noatime, noexec, nosuid, nfsv4acls)
zroot/var/log on /var/log (zfs, local, noatime, noexec, nosuid, nfsv4acls)
zroot/var/audit on /var/audit (zfs, local, noatime, noexec, nosuid, nfsv4acls)
zroot/var/tmp on /var/tmp (zfs, local, noatime, nosuid, nfsv4acls)
zroot/usr/src on /usr/src (zfs, local, noatime, nfsv4acls)
zroot/usr/ports on /usr/ports (zfs, local, noatime, nosuid, nfsv4acls)

Several ZFS datasets and one virtual devfs filesystem for /dev directory. With install on UFS it would be similar with several UFS partitions mounted instead of ZFS datasets.

Take a look at the CentOS 8.2 installation with just one physical root (/) XFS filesystem.

[root@centos8 ~]# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime,seclabel)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /dev type devtmpfs (rw,nosuid,seclabel,size=919388k,nr_inodes=229847,mode=755)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,seclabel)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,seclabel,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,nodev,seclabel,mode=755)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,seclabel,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime,seclabel)
bpf on /sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpuset)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,memory)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,blkio)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,hugetlb)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,net_cls,net_prio)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,cpu,cpuacct)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,freezer)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,perf_event)
cgroup on /sys/fs/cgroup/rdma type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,rdma)
cgroup on /sys/fs/cgroup/pids type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,pids)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,seclabel,devices)
configfs on /sys/kernel/config type configfs (rw,relatime)
/dev/sda1 on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)
selinuxfs on /sys/fs/selinux type selinuxfs (rw,relatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=34,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=17309)
mqueue on /dev/mqueue type mqueue (rw,relatime,seclabel)
debugfs on /sys/kernel/debug type debugfs (rw,relatime,seclabel)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime,seclabel,pagesize=2M)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,seclabel,size=187088k,mode=700)

Fuck me. Its even really hard to just find any REAL filesystem there … fortunately we can ask for only XFS filesystems to display.

[root@centos8 ~]# mount -t xfs
/dev/sda1 on / type xfs (rw,relatime,seclabel,attr2,inode64,noquota)

Lets get on the networking now. Lets assume that you want to make standard enterprise networking setup on a physical server with two interfaces aggregated together into highly available interface bond0 (lagg0 on FreeBSD) and then you want to put VLAN tag and IP address on that VLAN. The CentOS 7.x/8.x installer (Anaconda) will welcome you with this mess.

[root@centos7 ~]# ls -1 /etc/sysconfig/network-scripts/ifcfg-*
ifcfg-Bond_connection_1
ifcfg-eno49
ifcfg-eno49-1
ifcfg-eno50
ifcfg-eno50-1
ifcfg-VLAN_connection_1

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-Bond_connection_1
DEVICE=bond0
BONDING_OPTS="miimon=1 updelay=0 downdelay=0 mode=active-backup"
TYPE=Bond
BONDING_MASTER=yes
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_PRIVACY=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="Bond connection 1"
UUID=ca85417f-8852-43bf-96ee-5bd3f0f83648
ONBOOT=yes

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno49
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno49
UUID=2f60f50b-38ad-492a-b90a-ba736acf6792
DEVICE=eno49
ONBOOT=no

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno49-1
HWADDR=xx:xx:xx:xx:xx:xx
TYPE=Ethernet
NAME=eno49
UUID=342b8494-126d-4f3a-b749-694c8c922aa1
DEVICE=eno49
ONBOOT=yes
MASTER=bond0
SLAVE=yes

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno50
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eno50
UUID=4fd36e24-1c6d-4a65-a316-7a14e9a92965
DEVICE=eno50
ONBOOT=no

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno50-1
HWADDR=xx:xx:xx:xx:xx:xx
TYPE=Ethernet
NAME=eno50
UUID=a429b697-73c2-404d-9379-472cb3c35e06
DEVICE=eno50
ONBOOT=yes
MASTER=bond0
SLAVE=yes

[root@centos7 ~]# cat/etc/sysconfig/network-scripts/ifcfg-VLAN_connection_1
VLAN=yes
TYPE=Vlan
PHYSDEV=ca85417f-8852-43bf-96ee-5bd3f0f83648
VLAN_ID=601
REORDER_HDR=yes
GVRP=no
MVRP=no
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=10.20.30.40
PREFIX=24
GATEWAY=10.20.30.1
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_PRIVACY=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="VLAN connection 1"
UUID=90f7a9bb-1443-4adf-a3eb-86a03b23ecfb
ONBOOT=yes

For the record – I have choosen ‘STATIC’ IPv4 address but installer made these interfaces to use DHCP and that STATIC address. That could be a bug but lets get to the point.

After manual fixing with vi(1) (and hour later) this is how it supposed to look.

[root@centos7 ~]# cat /etc/sysconfig/network
GATEWAY=10.20.30.1
NOZEROCONF=yes

[root@centos7 ~]# ls -1 /etc/sysconfig/network-scripts/ifcfg-*
ifcfg-bond0
ifcfg-bond0.601
ifcfg-eno49
ifcfg-eno50

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BONDING_OPTS="miimon=1 updelay=0 downdelay=0 mode=active-backup"
TYPE=Bond
BONDING_MASTER=yes
BOOTPROTO=none
IPV4_FAILURE_FATAL=no
IPV6INIT=no
ONBOOT=yes

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-bond0.601
VLAN=yes
TYPE=Vlan
VLAN_ID=601
DEVICE=bond0.601
REORDER_HDR=yes
GVRP=no
MVRP=no
BOOTPROTO=none
IPADDR=10.20.30.40
PREFIX=24
IPV4_FAILURE_FATAL=no
IPV6INIT=no
ONBOOT=yes

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno49
BOOTPROTO=none
IPV4_FAILURE_FATAL=no
IPV6INIT=no
TYPE=Ethernet
NAME=eno49
DEVICE=eno49
ONBOOT=yes
MASTER=bond0
SLAVE=yes

[root@centos7 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eno50
BOOTPROTO=none
IPV4_FAILURE_FATAL=no
IPV6INIT=no
TYPE=Ethernet
NAME=eno50
DEVICE=eno50
ONBOOT=yes
MASTER=bond0
SLAVE=yes

Better … but still takes A LOT OF SPACE and several files to cover that quite simple setup. Not to mention its level of complication and making that very error prone way. The same configuration on FreeBSD would take just 7 lines within single /etc/rc.conf file as shown below.

ifconfig_fxp0="up"
ifconfig_fxp1="up"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto failover laggport fxp0 laggport fxp1"
vlans_lagg0="601"
ifconfig_lagg0_601="inet 10.20.30.40/24"
defaultrouter="10.20.30.1"

What about the boot process? FreeBSD boots from root on ZFS partition with just small 512 KB not mountable partition. No separate /boot device is needed. On the other side Linux always needs that separate /boot partition filled with GRUB modules. No matter if its ZFS or LVM. That is why implementation of ZFS Boot Environments is quite complicated on Linux bacause even if you have root on ZFS on a Linux system there is still unprotected /boot filesystem that can not be snapshoted with ZFS and has to be protected in old classic way which kill the idea of ZFS Boot Environments or Linux.

FreeBSD is really simple and well thought operating system. But also a very underestimated one.

Evolution Instead Rewriting

How many Linux tools or subsystems are abandoned or superseeded by new ones? Why the ifconfig(8) command was not updated with new options and instead a new ip(8) command was introduced? Same with netstat(8) being replaced by ss(8). Same with arp(8)/iwconfig/route(8) and many more. What about whole init system? The Linux world has been taken over by systemd(1) whenever you like it or not. Even distributions that have grown their mature init systems like Ubuntu with its Upstart has moved to systemd(1) altogether. The distributions that do not use it are very few and considered a niche today.

evolution

In the FreeBSD land on the countary such things happen only if there is no other way to implement new things. Its the last thing wanted in the FreeBSD. FreeBSD evolves and is developed with stability and backward compatibility in mind. Userland tools are grown and updated with new options instead of rewriting them over and over again. Not to mention how many new bugs are introduced by changing one tool to another.

More on the Evolution Instead Rewriting topic:

Documentation

Having system that can do almost anything but not knowing how to do that makes that system pretty useless (or at least pretty PITA to use). FreeBSD offers second to none documentation that is actively maintained and updated. Along with its legendary FreeBSD Handbook and FreeBSD FAQ the FreeBSD project also offers official FreeBSD Articles about various FreeBSD topics. The Man Pages are also very detailed and contain many examples. There is also FreeBSD Wiki page for work in progress documentation and ideas related to FreeBSD development and if you have any problems or questions related to FreeBSD there are official FreeBSD Forums and oldschool Mailing Lists available.

documentation

These were only the official project knowledge sources but there are also lots of FreeBSD books. Here are the best and up-to-date ones.

  • Absolute FreeBSD – Complete Guide to FreeBSD – 3nd Edition (2019)
  • Beginning Modern Unix (2018)
  • Book of PF – 3rd Edition (2015)
  • Design and Implementation of FreeBSD 11 Operating System – 2nd Edition (2015)
  • FreeBSD Device Drivers (2012)
  • FreeBSD Mastery – ZFS (2015)
  • FreeBSD Mastery – Advanced ZFS (2016)
  • FreeBSD Mastery – Storage Essentials (2014)
  • FreeBSD Mastery – Specialty Filesystems (2015)
  • FreeBSD Mastery – Jails (2019)

There are also two magazines that are dedicated to BSD and FreeBSD systems. Both are free and cover lots of interesting topics regarding FreeBSD.

With all this knowledge and support its really hard not to achieve what you need/want with FreeBSD system.

Community

Last but not least and I would say its even more important then good documentation (which FreeBSD has awesome). People that use FreeBSD do that conciously and are often experienced not only in FreeBSD land but also in topics related to other UNIX systems. Often they took long road of first using the Linux systems before finally setting on the FreeBSD land or they still do Linux adminitration for a living while resting using far more reasonable and sensible FreeBSD solution. I always find FreeBSD Community helpful and friendly. Always willingly helpful – especially towards newcommers. Even when you try to ‘force’ FreeBSD people to ‘fight’ in unjust/doubtful discussion they will reply with dignity and technical arguments instead of yelling at you.

The FreeBSD project even made several articles and Handbook chapters especially for Linux newcommers (or sometimes called systemd(1) refugees).

Closing Thoughts

I tried really hard to not make it a Linux rant but some may feel it that way – if so please remember that this was not my intention. FreeBSD like Linux and like any other operating system has its ups and downs. Hope that I showed you most interesting FreeBSD parts. I may add new sections here without a warning in the future ๐Ÿ™‚

EOF

ย 

FreeBSD Cluster with Pacemaker and Corosync

I always missed ‘proper’ cluster software for FreeBSD systems. Recently I got to run several Pacemaker/Corosync based clusters on Linux systems. I thought how to make similar high availability solutions on FreeBSD and I was really shocked when I figured out that both Pacemaker and Corosync tools are available in the FreeBSD Ports and packages as net/pacemaker2 and net/corosync2 respectively.

In this article I will check how well Pacemaker and Corosync cluster works on FreeBSD.

pacemaker

There are many definitions of a cluster. One that I like the most is that a cluster is a system that is still redundant after losing one of its nodes (is still a cluster). This means that 3 nodes is a minimum for a cluster by that definition. The two node clusters are quite problematic because of their biggest exposure to the split brain problem. That is why often in the two node clusters additional devices or systems are added to make sure that this split brain does not happen. For example one can add third node without any resources or services just as a ‘witness’ role. Other way is to add a shared disk resource that will serve the same purpose and often its a raw volume with SCSI-3 Persistent Reservation mechanism used.

Lab Setup

As usual it will be entirely VirtualBox based and it will consist of 3 hosts. To not create 3 same FreeBSD installations I used 12.1-RELEASE virtual machine image available from the FreeBSD Project directly:

There are several formats available – qcow2/raw/vhd/vmdk – but as I will be using VirtualBox I used the VMDK one.

Here is the list of the machines for the GlusterFS cluster:

  • 10.0.10.111 node1
  • 10.0.10.112 node2
  • 10.0.10.113 node3

Each VirtualBox virtual machine for FreeBSD is the default one (as suggested in the VirtualBox wizard) with 512 MB RAM and NAT Network as shown on the image below.

machine

Here is the configuration of the NAT Network on VirtualBox.

nat-network-01

nat-network-02

Before we will try connect to our FreeBSD machines we need to make the minimal network configuration inside each VM. Each FreeBSD machine will have such minimal /etc/rc.conf file as shown example for node1 host.

root@node1:~ # cat /etc/rc.conf
hostname=node1
ifconfig_em0="inet 10.0.10.111/24 up"
defaultrouter=10.0.10.1
sshd_enable=YES

For the setup purposes we will need to allow root login on these FreeBSD machines with PermitRootLogin yes option in the /etc/ssh/sshd_config file. You will also need to restart the sshd(8) service after the changes.

root@node1:~ # grep PermitRootLogin /etc/ssh/sshd_config
PermitRootLogin yes

root@node1:~ # service sshd restart

By using NAT Network with Port Forwarding the FreeBSD machines will be accessible on the localhost ports. For example the node1 machine will be available on port 2211, the node2 machine will be available on port 2212 and so on. This is shown in the sockstat utility output below.

nat-network-03-sockstat

nat-network-04-ssh

To connect to such machine from the VirtualBox host system you will need this command:

vboxhost % ssh -l root localhost -p 2211

Packages

As we now have ssh(1) connectivity we need to add needed packages. To make our VMs resolve DNS queries we need to add one last thing. We will also switch to ‘quarterly’ branch of the pkg(8) packages.

root@node1:~ # echo 'nameserver 1.1.1.1' > /etc/resolv.conf
root@node1:~ # sed -i '' s/quarterly/latest/g /etc/pkg/FreeBSD.conf

Remember to repeat these two upper commands on node2 and node3 systems.

Now we will add Pacemaker and Corosync packages.

root@node1:~ # pkg install pacemaker2 corosync2 crmsh

root@node2:~ # pkg install pacemaker2 corosync2 crmsh

root@node3:~ # pkg install pacemaker2 corosync2 crmsh

These are messages both from pacemaker2 and corosync2 that we need to address.

Message from pacemaker2-2.0.4:

--
For correct operation, maximum socket buffer size must be tuned
by performing the following command as root :

# sysctl kern.ipc.maxsockbuf=18874368

To preserve this setting across reboots, append the following
to /etc/sysctl.conf :

kern.ipc.maxsockbuf=18874368

======================================================================

Message from corosync2-2.4.5_1:

--
For correct operation, maximum socket buffer size must be tuned
by performing the following command as root :

# sysctl kern.ipc.maxsockbuf=18874368

To preserve this setting across reboots, append the following
to /etc/sysctl.conf :

kern.ipc.maxsockbuf=18874368

We need to change the kern.ipc.maxsockbuf parameter. Lets do it then.

root@node1:~ # echo 'kern.ipc.maxsockbuf=18874368' >> /etc/sysctl.conf
root@node1:~ # service sysctl restart

root@node2:~ # echo 'kern.ipc.maxsockbuf=18874368' >> /etc/sysctl.conf
root@node2:~ # service sysctl restart

root@node3:~ # echo 'kern.ipc.maxsockbuf=18874368' >> /etc/sysctl.conf
root@node3:~ # service sysctl restart

Lets check what binaries come with these packages.

root@node1:~ # pkg info -l pacemaker2 | grep bin
        /usr/local/sbin/attrd_updater
        /usr/local/sbin/cibadmin
        /usr/local/sbin/crm_attribute
        /usr/local/sbin/crm_diff
        /usr/local/sbin/crm_error
        /usr/local/sbin/crm_failcount
        /usr/local/sbin/crm_master
        /usr/local/sbin/crm_mon
        /usr/local/sbin/crm_node
        /usr/local/sbin/crm_report
        /usr/local/sbin/crm_resource
        /usr/local/sbin/crm_rule
        /usr/local/sbin/crm_shadow
        /usr/local/sbin/crm_simulate
        /usr/local/sbin/crm_standby
        /usr/local/sbin/crm_ticket
        /usr/local/sbin/crm_verify
        /usr/local/sbin/crmadmin
        /usr/local/sbin/fence_legacy
        /usr/local/sbin/iso8601
        /usr/local/sbin/pacemaker-remoted
        /usr/local/sbin/pacemaker_remoted
        /usr/local/sbin/pacemakerd
        /usr/local/sbin/stonith_admin

root@node1:~ # pkg info -l corosync2 | grep bin
        /usr/local/bin/corosync-blackbox
        /usr/local/sbin/corosync
        /usr/local/sbin/corosync-cfgtool
        /usr/local/sbin/corosync-cmapctl
        /usr/local/sbin/corosync-cpgtool
        /usr/local/sbin/corosync-keygen
        /usr/local/sbin/corosync-notifyd
        /usr/local/sbin/corosync-quorumtool

root@node1:~ # pkg info -l crmsh | grep bin
        /usr/local/bin/crm

Cluster Initialization

Now we will initialize our FreeBSD cluster.

First we need to make sure that names of the nodes are DNS resolvable.

root@node1:~ # tail -3 /etc/hosts

10.0.10.111 node1
10.0.10.112 node2
10.0.10.113 node3

root@node2:~ # tail -3 /etc/hosts

10.0.10.111 node1
10.0.10.112 node2
10.0.10.113 node3

root@node3:~ # tail -3 /etc/hosts

10.0.10.111 node1
10.0.10.112 node2
10.0.10.113 node3


Now we will generate the Corosync key.

root@node1:~ # corosync-keygen
Corosync Cluster Engine Authentication key generator.
Gathering 1024 bits for key from /dev/random.
Press keys on your keyboard to generate entropy.
Writing corosync key to /usr/local/etc/corosync/authkey.

root@node1:~ # echo $?
0

root@node1:~ # ls -l /usr/local/etc/corosync/authkey
-r--------  1 root  wheel  128 Sep  2 20:37 /usr/local/etc/corosync/authkey

Now the Corosync configuration file. For sure some examples were provided by the package maintainer.

root@node1:~ # pkg info -l corosync2 | grep example
        /usr/local/etc/corosync/corosync.conf.example
        /usr/local/etc/corosync/corosync.conf.example.udpu

We will take the second one as a base for our config.

root@node1:~ # cp /usr/local/etc/corosync/corosync.conf.example.udpu /usr/local/etc/corosync/corosync.conf

root@node1:~ # vi /usr/local/etc/corosync/corosync.conf
               /* LOTS OF EDITS HERE */

root@node1:~ # cat /usr/local/etc/corosync/corosync.conf

totem {
  version: 2
  crypto_cipher: aes256
  crypto_hash: sha256
  transport: udpu

  interface {
    ringnumber: 0
    bindnetaddr: 10.0.10.0
    mcastport: 5405
    ttl: 1
  }
}

logging {
  fileline: off
  to_logfile: yes
  to_syslog: no
  logfile: /var/log/cluster/corosync.log
  debug: off
  timestamp: on

  logger_subsys {
    subsys: QUORUM
    debug: off
  }
}

nodelist {

  node {
    ring0_addr: 10.0.10.111
    nodeid: 1
  }

  node {
    ring0_addr: 10.0.10.112
    nodeid: 2
  }

  node {
    ring0_addr: 10.0.10.113
    nodeid: 3
  }

}

quorum {
  provider: corosync_votequorum
  expected_votes: 2
}

Now we need to propagate both Corosync key and config across the nodes in the cluster.

We can use some simple tools created exactly for that like net/csync2 cluster synchronization tool for example but plain old net/rsync will serve as well.

root@node1:~ # pkg install -y rsync

root@node1:~ # rsync -av /usr/local/etc/corosync/ node2:/usr/local/etc/corosync/
The authenticity of host 'node2 (10.0.10.112)' can't be established.
ECDSA key fingerprint is SHA256:/ZDmln7GKi6n0kbad73TIrajPjGfQqJJX+ReSf3NMvc.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node2' (ECDSA) to the list of known hosts.
Password for root@node2:
sending incremental file list
./
authkey
corosync.conf
service.d/
uidgid.d/

sent 1,100 bytes  received 69 bytes  259.78 bytes/sec
total size is 4,398  speedup is 3.76

root@node1:~ # rsync -av /usr/local/etc/corosync/ node3:/usr/local/etc/corosync/
The authenticity of host 'node2 (10.0.10.112)' can't be established.
ECDSA key fingerprint is SHA256:/ZDmln7GKi6n0kbad73TIrajPjGfQqJJX+ReSf3NMvc.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'node3' (ECDSA) to the list of known hosts.
Password for root@node3:
sending incremental file list
./
authkey
corosync.conf
service.d/
uidgid.d/

sent 1,100 bytes  received 69 bytes  259.78 bytes/sec
total size is 4,398  speedup is 3.76

Now lets check that they are the same.

root@node1:~ # cksum /usr/local/etc/corosync/{authkey,corosync.conf}
2277171666 128 /usr/local/etc/corosync/authkey
1728717329 622 /usr/local/etc/corosync/corosync.conf

root@node2:~ # cksum /usr/local/etc/corosync/{authkey,corosync.conf}
2277171666 128 /usr/local/etc/corosync/authkey
1728717329 622 /usr/local/etc/corosync/corosync.conf

root@node3:~ # cksum /usr/local/etc/corosync/{authkey,corosync.conf}
2277171666 128 /usr/local/etc/corosync/authkey
1728717329 622 /usr/local/etc/corosync/corosync.conf

Same.

We can now add corosync_enable=YES and pacemaker_enable=YES to the /etc/rc.conf file.

root@node1:~ # sysrc corosync_enable=YES
corosync_enable:  -> YES

root@node1:~ # sysrc pacemaker_enable=YES
pacemaker_enable:  -> YES

root@node2:~ # sysrc corosync_enable=YES
corosync_enable:  -> YES

root@node2:~ # sysrc pacemaker_enable=YES
pacemaker_enable:  -> YES

root@node3:~ # sysrc corosync_enable=YES
corosync_enable:  -> YES

root@node3:~ # sysrc pacemaker_enable=YES
pacemaker_enable:  -> YES

Lets start these services then.

root@node1:~ # service corosync start
Starting corosync.
Sep 02 20:55:35 notice  [MAIN  ] Corosync Cluster Engine ('2.4.5'): started and ready to provide service.
Sep 02 20:55:35 info    [MAIN  ] Corosync built-in features:
Sep 02 20:55:35 warning [MAIN  ] interface section bindnetaddr is used together with nodelist. Nodelist one is going to be used.
Sep 02 20:55:35 warning [MAIN  ] Please migrate config file to nodelist.

root@node1:~ # ps aux | grep corosync
root  1695   0.0  7.9 38340 38516  -  S    20:55    0:00.40 /usr/local/sbin/corosync
root  1699   0.0  0.1   524   336  0  R+   20:57    0:00.00 grep corosync

Do the same on the node2 and node3 systems.

The Pacemaker is not yet running so that will fail.

root@node1:~ # crm status
Could not connect to the CIB: Socket is not connected
crm_mon: Error: cluster is not available on this node
ERROR: status: crm_mon (rc=102): 

We will start it now.

root@node1:~ # service pacemaker start
Starting pacemaker.

root@node2:~ # service pacemaker start
Starting pacemaker.

root@node3:~ # service pacemaker start
Starting pacemaker.

You need to give it little time to start because if you will execute crm status command right away you will get 0 nodes configured message as shown below.

root@node1:~ # crm status
Cluster Summary:
  * Stack: unknown
  * Current DC: NONE
  * Last updated: Wed Sep  2 20:58:51 2020
  * Last change:  
  * 0 nodes configured
  * 0 resource instances configured


Full List of Resources:
  * No resources

… but after a while everything is detected and works as desired.

root@node1:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 21:02:49 2020
  * Last change:  Wed Sep  2 20:59:00 2020 by hacluster via crmd on node2
  * 3 nodes configured
  * 0 resource instances configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * No resources

The Pacemaker runs properly.

root@node1:~ # ps aux | grep pacemaker
root      1716   0.0  0.5 10844   2396  -  Is   20:58     0:00.00 daemon: /usr/local/sbin/pacemakerd[1717] (daemon)
root      1717   0.0  5.2 49264  25284  -  S    20:58     0:00.27 /usr/local/sbin/pacemakerd
hacluster 1718   0.0  6.1 48736  29708  -  Ss   20:58     0:00.75 /usr/local/libexec/pacemaker/pacemaker-based
root      1719   0.0  4.5 40628  21984  -  Ss   20:58     0:00.28 /usr/local/libexec/pacemaker/pacemaker-fenced
root      1720   0.0  2.8 25204  13688  -  Ss   20:58     0:00.20 /usr/local/libexec/pacemaker/pacemaker-execd
hacluster 1721   0.0  3.9 38148  19100  -  Ss   20:58     0:00.25 /usr/local/libexec/pacemaker/pacemaker-attrd
hacluster 1722   0.0  2.9 25460  13864  -  Ss   20:58     0:00.17 /usr/local/libexec/pacemaker/pacemaker-schedulerd
hacluster 1723   0.0  5.4 49304  26300  -  Ss   20:58     0:00.41 /usr/local/libexec/pacemaker/pacemaker-controld
root      1889   0.0  0.6 11348   2728  0  S+   21:56     0:00.00 grep pacemaker

We can check how Corosync sees its members.

root@node1:~ # corosync-cmapctl | grep members
runtime.totem.pg.mrp.srp.members.1.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.1.ip (str) = r(0) ip(10.0.10.111) 
runtime.totem.pg.mrp.srp.members.1.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.1.status (str) = joined
runtime.totem.pg.mrp.srp.members.2.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.2.ip (str) = r(0) ip(10.0.10.112) 
runtime.totem.pg.mrp.srp.members.2.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.2.status (str) = joined
runtime.totem.pg.mrp.srp.members.3.config_version (u64) = 0
runtime.totem.pg.mrp.srp.members.3.ip (str) = r(0) ip(10.0.10.113) 
runtime.totem.pg.mrp.srp.members.3.join_count (u32) = 1
runtime.totem.pg.mrp.srp.members.3.status (str) = joined

… or the quorum information.

root@node1:~ # corosync-quorumtool
Quorum information
------------------
Date:             Wed Sep  2 21:00:38 2020
Quorum provider:  corosync_votequorum
Nodes:            3
Node ID:          1
Ring ID:          1/12
Quorate:          Yes

Votequorum information
----------------------
Expected votes:   3
Highest expected: 3
Total votes:      3
Quorum:           2  
Flags:            Quorate 

Membership information
----------------------
    Nodeid      Votes Name
         1          1 10.0.10.111 (local)
         2          1 10.0.10.112
         3          1 10.0.10.113

The Corosync log file is filled with the following information.

root@node1:~ # cat /var/log/cluster/corosync.log
Sep 02 20:55:35 [1694] node1 corosync notice  [MAIN  ] Corosync Cluster Engine ('2.4.5'): started and ready to provide service.
Sep 02 20:55:35 [1694] node1 corosync info    [MAIN  ] Corosync built-in features:
Sep 02 20:55:35 [1694] node1 corosync warning [MAIN  ] interface section bindnetaddr is used together with nodelist. Nodelist one is going to be used.
Sep 02 20:55:35 [1694] node1 corosync warning [MAIN  ] Please migrate config file to nodelist.
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] Initializing transport (UDP/IP Unicast).
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] Initializing transmit/receive security (NSS) crypto: aes256 hash: sha256
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] The network interface [10.0.10.111] is now up.
Sep 02 20:55:35 [1694] node1 corosync notice  [SERV  ] Service engine loaded: corosync configuration map access [0]
Sep 02 20:55:35 [1694] node1 corosync info    [QB    ] server name: cmap
Sep 02 20:55:35 [1694] node1 corosync notice  [SERV  ] Service engine loaded: corosync configuration service [1]
Sep 02 20:55:35 [1694] node1 corosync info    [QB    ] server name: cfg
Sep 02 20:55:35 [1694] node1 corosync notice  [SERV  ] Service engine loaded: corosync cluster closed process group service v1.01 [2]
Sep 02 20:55:35 [1694] node1 corosync info    [QB    ] server name: cpg
Sep 02 20:55:35 [1694] node1 corosync notice  [SERV  ] Service engine loaded: corosync profile loading service [4]
Sep 02 20:55:35 [1694] node1 corosync notice  [QUORUM] Using quorum provider corosync_votequorum
Sep 02 20:55:35 [1694] node1 corosync notice  [SERV  ] Service engine loaded: corosync vote quorum service v1.0 [5]
Sep 02 20:55:35 [1694] node1 corosync info    [QB    ] server name: votequorum
Sep 02 20:55:35 [1694] node1 corosync notice  [SERV  ] Service engine loaded: corosync cluster quorum service v0.1 [3]
Sep 02 20:55:35 [1694] node1 corosync info    [QB    ] server name: quorum
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] adding new UDPU member {10.0.10.111}
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] adding new UDPU member {10.0.10.112}
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] adding new UDPU member {10.0.10.113}
Sep 02 20:55:35 [1694] node1 corosync notice  [TOTEM ] A new membership (10.0.10.111:4) was formed. Members joined: 1
Sep 02 20:55:35 [1694] node1 corosync warning [CPG   ] downlist left_list: 0 received
Sep 02 20:55:35 [1694] node1 corosync notice  [QUORUM] Members[1]: 1
Sep 02 20:55:35 [1694] node1 corosync notice  [MAIN  ] Completed service synchronization, ready to provide service.
Sep 02 20:58:14 [1694] node1 corosync notice  [TOTEM ] A new membership (10.0.10.111:8) was formed. Members joined: 2
Sep 02 20:58:14 [1694] node1 corosync warning [CPG   ] downlist left_list: 0 received
Sep 02 20:58:14 [1694] node1 corosync warning [CPG   ] downlist left_list: 0 received
Sep 02 20:58:14 [1694] node1 corosync notice  [QUORUM] This node is within the primary component and will provide service.
Sep 02 20:58:14 [1694] node1 corosync notice  [QUORUM] Members[2]: 1 2
Sep 02 20:58:14 [1694] node1 corosync notice  [MAIN  ] Completed service synchronization, ready to provide service.
Sep 02 20:58:19 [1694] node1 corosync notice  [TOTEM ] A new membership (10.0.10.111:12) was formed. Members joined: 3
Sep 02 20:58:19 [1694] node1 corosync warning [CPG   ] downlist left_list: 0 received
Sep 02 20:58:19 [1694] node1 corosync warning [CPG   ] downlist left_list: 0 received
Sep 02 20:58:19 [1694] node1 corosync warning [CPG   ] downlist left_list: 0 received
Sep 02 20:58:19 [1694] node1 corosync notice  [QUORUM] Members[3]: 1 2 3
Sep 02 20:58:19 [1694] node1 corosync notice  [MAIN  ] Completed service synchronization, ready to provide service.

Here is the configuration.

root@node1:~ # crm configure show
node 1: node1
node 2: node2
node 3: node3
property cib-bootstrap-options: \
        have-watchdog=false \
        dc-version=2.0.4-2deceaa3ae \
        cluster-infrastructure=corosync

As we will not be configuring the STONITH mechanism we will disable it.

root@node1:~ # crm configure property stonith-enabled=false

New configuraion with STONITH disabled.

root@node1:~ # crm configure show
node 1: node1
node 2: node2
node 3: node3
property cib-bootstrap-options: \
        have-watchdog=false \
        dc-version=2.0.4-2deceaa3ae \
        cluster-infrastructure=corosync \
        stonith-enabled=false

The STONITH configuration is out of scope of this article but properly configured STONITH looks like that.

stonith

First Service

We will now configure our first highly available service – a classic – a floating IP address ๐Ÿ™‚

root@node1:~ # crm configure primitive IP ocf:heartbeat:IPaddr2 params ip=10.0.10.200 cidr_netmask="24" op monitor interval="30s"

Lets check how it behaves.

root@node1:~ # crm configure show
node 1: node1
node 2: node2
node 3: node3
primitive IP IPaddr2 \
        params ip=10.0.10.200 cidr_netmask=24 \
        op monitor interval=30s
property cib-bootstrap-options: \
        have-watchdog=false \
        dc-version=2.0.4-2deceaa3ae \
        cluster-infrastructure=corosync \
        stonith-enabled=false

Looks good – lets check the cluster status.

root@node1:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:03:35 2020
  * Last change:  Wed Sep  2 22:02:53 2020 by root via cibadmin on node1
  * 3 nodes configured
  * 1 resource instance configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * IP  (ocf::heartbeat:IPaddr2):        Stopped

Failed Resource Actions:
  * IP_monitor_0 on node3 'not installed' (5): call=5, status='complete', exitreason='Setup problem: couldn't find command: ip', last-rc-change='2020-09-02 22:02:53Z', queued=0ms, exec=132ms
  * IP_monitor_0 on node2 'not installed' (5): call=5, status='complete', exitreason='Setup problem: couldn't find command: ip', last-rc-change='2020-09-02 22:02:54Z', queued=0ms, exec=120ms
  * IP_monitor_0 on node1 'not installed' (5): call=5, status='complete', exitreason='Setup problem: couldn't find command: ip', last-rc-change='2020-09-02 22:02:53Z', queued=0ms, exec=110ms

Crap. Linuxism. The ip(8) command is expected to be present in the system. This is FreeBSD and as any UNIX system it comes with ifconfig(8) command instead.

We will have to figure something else. For now we will delete our useless IP service.

root@node1:~ # crm configure delete IP

Status after deletion.

root@node1:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:04:34 2020
  * Last change:  Wed Sep  2 22:04:31 2020 by root via cibadmin on node1
  * 3 nodes configured
  * 0 resource instances configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * No resources

Custom Resource

Lets check what resources are available by stock Pacemaker installation.

root@node1:~ # ls -l /usr/local/lib/ocf/resource.d/pacemaker
total 144
-r-xr-xr-x  1 root  wheel   7484 Aug 29 01:22 ClusterMon
-r-xr-xr-x  1 root  wheel   9432 Aug 29 01:22 Dummy
-r-xr-xr-x  1 root  wheel   5256 Aug 29 01:22 HealthCPU
-r-xr-xr-x  1 root  wheel   5342 Aug 29 01:22 HealthIOWait
-r-xr-xr-x  1 root  wheel   9450 Aug 29 01:22 HealthSMART
-r-xr-xr-x  1 root  wheel   6186 Aug 29 01:22 Stateful
-r-xr-xr-x  1 root  wheel  11370 Aug 29 01:22 SysInfo
-r-xr-xr-x  1 root  wheel   5856 Aug 29 01:22 SystemHealth
-r-xr-xr-x  1 root  wheel   7382 Aug 29 01:22 attribute
-r-xr-xr-x  1 root  wheel   7854 Aug 29 01:22 controld
-r-xr-xr-x  1 root  wheel  16134 Aug 29 01:22 ifspeed
-r-xr-xr-x  1 root  wheel  11040 Aug 29 01:22 o2cb
-r-xr-xr-x  1 root  wheel  11696 Aug 29 01:22 ping
-r-xr-xr-x  1 root  wheel   6356 Aug 29 01:22 pingd
-r-xr-xr-x  1 root  wheel   3702 Aug 29 01:22 remote

Not many … we will try to modify the Dummy service into an IP changer on FreeBSD.

root@node1:~ # cp /usr/local/lib/ocf/resource.d/pacemaker/Dummy /usr/local/lib/ocf/resource.d/pacemaker/ifconfig

root@node1:~ # vi /usr/local/lib/ocf/resource.d/pacemaker/ifconfig
               /* LOTS OF TYPING */

Because of the WordPress blogging system limitations I am forced to post this ifconfig resource as an image … but fear not – the text version is also available here – ifconfig.odt – for download.

Also the first version did not went that well …

root@node1:~ # setenv OCF_ROOT /usr/local/lib/ocf
root@node1:~ # ocf-tester -n resourcename /usr/local/lib/ocf/resource.d/pacemaker/ifconfig
Beginning tests for /usr/local/lib/ocf/resource.d/pacemaker/ifconfig...
* rc=3: Your agent has too restrictive permissions: should be 755
-:1: parser error : Start tag expected, '<' not found
usage: /usr/local/lib/ocf/resource.d/pacemaker/ifconfig {start|stop|monitor}
^
* rc=1: Your agent produces meta-data which does not conform to ra-api-1.dtd
* rc=3: Your agent does not support the meta-data action
* rc=3: Your agent does not support the validate-all action
* rc=0: Monitoring a stopped resource should return 7
* rc=0: The initial probe for a stopped resource should return 7 or 5 even if all binaries are missing
* Your agent does not support the notify action (optional)
* Your agent does not support the demote action (optional)
* Your agent does not support the promote action (optional)
* Your agent does not support master/slave (optional)
* rc=0: Monitoring a stopped resource should return 7
* rc=0: Monitoring a stopped resource should return 7
* rc=0: Monitoring a stopped resource should return 7
* Your agent does not support the reload action (optional)
Tests failed: /usr/local/lib/ocf/resource.d/pacemaker/ifconfig failed 9 tests

But after adding 755 mode to it and making several (hundred) changes it become usable.

root@node1:~ # vi /usr/local/lib/ocf/resource.d/pacemaker/ifconfig
             /* LOTS OF NERVOUS TYPING */
root@node1:~ # chmod 755 /usr/local/lib/ocf/resource.d/pacemaker/ifconfig
root@node1:~ # setenv OCF_ROOT /usr/local/lib/ocf
root@node1:~ # ocf-tester -n resourcename /usr/local/lib/ocf/resource.d/pacemaker/ifconfig
Beginning tests for /usr/local/lib/ocf/resource.d/pacemaker/ifconfig...
* Your agent does not support the notify action (optional)
* Your agent does not support the demote action (optional)
* Your agent does not support the promote action (optional)
* Your agent does not support master/slave (optional)
* Your agent does not support the reload action (optional)
/usr/local/lib/ocf/resource.d/pacemaker/ifconfig passed all tests

Looks usable.

The ifconfig resource. Its pretty limited and with hardcoded IP address as for now.

ifconfig

Lets try to add new IP resource to our FreeBSD cluster.

Tests

root@node1:~ # crm configure primitive IP ocf:pacemaker:ifconfig op monitor interval="30"

Added.

Lets see what status command now shows.

root@node1:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:44:52 2020
  * Last change:  Wed Sep  2 22:44:44 2020 by root via cibadmin on node1
  * 3 nodes configured
  * 1 resource instance configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * IP  (ocf::pacemaker:ifconfig):       Started node1

Failed Resource Actions:
  * IP_monitor_0 on node3 'not installed' (5): call=24, status='Not installed', exitreason='', last-rc-change='2020-09-02 22:42:52Z', queued=0ms, exec=5ms
  * IP_monitor_0 on node2 'not installed' (5): call=24, status='Not installed', exitreason='', last-rc-change='2020-09-02 22:42:53Z', queued=0ms, exec=2ms

Crap. I forgot to copy this new ifconfig resource to the other nodes. Lets fix that now.

root@node1:~ # rsync -av /usr/local/lib/ocf/resource.d/pacemaker/ node2:/usr/local/lib/ocf/resource.d/pacemaker/
Password for root@node2:
sending incremental file list
./
ifconfig

sent 3,798 bytes  received 38 bytes  1,534.40 bytes/sec
total size is 128,003  speedup is 33.37

root@node1:~ # rsync -av /usr/local/lib/ocf/resource.d/pacemaker/ node3:/usr/local/lib/ocf/resource.d/pacemaker/
Password for root@node3:
sending incremental file list
./
ifconfig

sent 3,798 bytes  received 38 bytes  1,534.40 bytes/sec
total size is 128,003  speedup is 33.37

Lets stop, delete and re-add our precious resource now.

root@node1:~ # crm resource stop IP
root@node1:~ # crm configure delete IP
root@node1:~ # crm configure primitive IP ocf:pacemaker:ifconfig op monitor interval="30"

Fingers crossed.

root@node1:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:45:46 2020
  * Last change:  Wed Sep  2 22:45:43 2020 by root via cibadmin on node1
  * 3 nodes configured
  * 1 resource instance configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * IP  (ocf::pacemaker:ifconfig):       Started node1

Looks like running properly.

Lets verify that its really up where it should be.

root@node1:~ # ifconfig em0
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:2a:78:60
        inet 10.0.10.111 netmask 0xffffff00 broadcast 10.0.10.255
        inet 10.0.10.200 netmask 0xffffff00 broadcast 10.0.10.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29

root@node2:~ # ifconfig em0
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:80:50:05
        inet 10.0.10.112 netmask 0xffffff00 broadcast 10.0.10.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29

root@node3:~ # ifconfig em0
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:74:5e:b9
        inet 10.0.10.113 netmask 0xffffff00 broadcast 10.0.10.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29

Seems to be working.

Now lets try to move it to the other node in the cluster.

root@node1:~ # crm resource move IP node3
INFO: Move constraint created for IP to node3

root@node1:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:47:31 2020
  * Last change:  Wed Sep  2 22:47:28 2020 by root via crm_resource on node1
  * 3 nodes configured
  * 1 resource instance configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * IP  (ocf::pacemaker:ifconfig):       Started node3

Switched properly to node3 system.

root@node3:~ # ifconfig em0
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:74:5e:b9
        inet 10.0.10.113 netmask 0xffffff00 broadcast 10.0.10.255
        inet 10.0.10.200 netmask 0xffffff00 broadcast 10.0.10.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29

root@node1:~ # ifconfig em0
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:2a:78:60
        inet 10.0.10.111 netmask 0xffffff00 broadcast 10.0.10.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29

Now we will poweroff the node3 system to check it that IP is really highly available.

root@node2:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:49:57 2020
  * Last change:  Wed Sep  2 22:47:29 2020 by root via crm_resource on node1
  * 3 nodes configured
  * 1 resource instance configured

Node List:
  * Online: [ node1 node2 node3 ]

Full List of Resources:
  * IP  (ocf::pacemaker:ifconfig):       Started node3

root@node3:~ # poweroff

root@node2:~ # crm status
Cluster Summary:
  * Stack: corosync
  * Current DC: node2 (version 2.0.4-2deceaa3ae) - partition with quorum
  * Last updated: Wed Sep  2 22:50:16 2020
  * Last change:  Wed Sep  2 22:47:29 2020 by root via crm_resource on node1
  * 3 nodes configured
  * 1 resource instance configured

Node List:
  * Online: [ node1 node2 ]
  * OFFLINE: [ node3 ]

Full List of Resources:
  * IP  (ocf::pacemaker:ifconfig):       Started node1

Seems that failover went well.

The crm command also colors various sections of its output.

failover

Good to know that Pacemaker and Corosync cluster runs well on FreeBSD.

Some work is needed to write the needed resource files but one with some time and determination can surely put FreeBSD into a very capable highly available cluster.

EOF

Valuable News – 2020/08/31

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

FreeBSD Merges OpenZFS Support in HEAD (CURRENT).
https://svnweb.freebsd.org/base?view=revision&revision=364746

LibreSSL 3.2.1 Released.
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.2.1-relnotes.txt

FreeBSD Sound – ALSA and QT.
https://blahg.josefsipek.net/?p=596

Ansible Role to Provision Zone on OpenIndiana.
https://eenfach.de/gitblit/summary/eenfachoi!oi-zone.git

Oldest BSD.
https://www.youtube.com/watch?v=ww60o940kEk

FreeBSD Finally Merges in OpenZFS.
https://www.theregister.com/2020/08/26/openzfs_freebsd_merger/

OpenZFS 2.0.0-RC1 Available.
https://github.com/openzfs/zfs/releases/tag/zfs-2.0.0-rc1

How to Build Name Server with DNS over TLS (DoT).
https://www.bsdhowto.ch/externaldns.html

BSD Now 365 – Whole Year Round.
https://www.bsdnow.tv/365

Origin Stories About Unix.
https://opensource.com/article/20/8/unix-history?sc_cid=7016000000127ECAAY

FreeBSD Fridays – Introduction to FreeBSD Security.
https://www.youtube.com/watch?v=N-7xZB0afyA

In Other BSDs for 2020/08/29.
https://www.dragonflydigest.com/2020/08/29/24886.html

FreeBSD Configure AWS SES with Postfix MTA.
https://www.cyberciti.biz/faq/freebsd-configure-aws-ses-with-postfix-mta/

GSoC 2020 – Fuzzing NetBSD Network Stack in Rumpkernel Environment – Part 2.
https://blog.netbsd.org/tnf/entry/gsoc_2020_report_2_fuzzing

Hardware

SiPEED MAiX AMIGO – Portable 64bit RISC-V AI Development Kit with Display and Cameras.
https://www.cnx-software.com/2020/08/24/sipeed-maix-amigo-portable-64-bit-risc-v-ai-development-kit-display-cameras/

D.A.C. LCD Computer Concept Model (1988).
https://collection.cooperhewitt.org/objects/18648535/

AMD Ryzen Embedded V2000 ZEN2 CPU in 2020Q4/2021Q1.
https://www.cnx-software.com/2020/08/25/amd-ryzen-embedded-v2000-zen2-processors/

Better Yield on 5nm than 7nm – TSMC Update on Defect Rates for N5 Process.
https://www.anandtech.com/show/16028/better-yield-on-5nm-than-7nm-tsmc-update-on-defect-rates-for-n5

Sun Ultra 24 – Reborn.
http://mroach.com/2020/08/sun-ultra-24-reborn/

NODE Mini Server V3 Transforms Raspberry Pi 4 Into Server/Mini PC.
https://www.cnx-software.com/2020/08/26/node-mini-server-v3-transforms-raspberry-pi-4-into-a-server-or-mini-pc/

Surprising New Feature in AMD Ryzen 3000.
https://www.agner.org/forum/viewtopic.php?t=41

Intel ‘Cripple AMD’ Function.
https://www.agner.org/forum/viewtopic.php?f=1&t=6

Impact of Marvell ThunderX3 General Purpose SKUs Canceled.
https://www.servethehome.com/impact-of-marvell-thunderx3-general-purpose-skus-canceled/

Other

Puffin Cloud Learning Renders Web Pages Up to 14 Times Faster on Raspberry Pi.
https://www.cnx-software.com/2020/08/24/puffin-cloud-learning-renders-web-pages-up-to-14-times-faster-on-raspberry-pi/

Firefox 80.0 Released.
https://www.mozilla.org/en-US/firefox/80.0/releasenotes/

EOF

Valuable News – 2020/08/24

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

Changing from One Dataset to Another within FreeBSD [iocage] Jail.
https://dan.langille.org/2020/08/16/changing-from-one-dataset-to-another-within-a-freebsd-iocage-jail/

LibreSSL 3.1.4 Available.
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.1.4-relnotes.txt

Sandbox for FreeBSD – Security Mechanism for Applying Additional Constraints on Running Programs.
https://www.relkom.sk/en/fbsd_sandbox.shtml

OPNsense 20.7.1 Released.
https://opnsense.org/opnsense-20-7-1-released/

Solaris 10 Zones on Illumos Tribblix.
https://ptribble.blogspot.com/2020/08/solaris-10-zones-on-tribblix.html

Bringing ZFS Pool Checkpoints to FreeBSD Bootloader.
https://oshogbo.vexillium.org/blog/79/

BSD Weekly – Issue 33.
https://bsdweekly.com/issues/33

Reimplementation of NetBSD Based on Microkernel by Andy Tanenbaum (2014).
https://www.youtube.com/watch?v=hvkn0VcjVPY

FreeBSD Updated devd.conf(5) to Document All Possible Events.
https://twitter.com/bsdimp/status/1295835473680535552
https://svnweb.freebsd.org/base?view=revision&revision=364359
https://reviews.freebsd.org/D26105

Telemetry in Linux and BSD – Why Is It Important?
https://www.facebook.com/notes/freebsd-users-group/telemetry-in-linux-and-bsd-why-is-it-important/341450173689706/

BSD Now 364 – FreeBSD Wireless Grind.
https://www.bsdnow.tv/364

ZStandard Compression Algorithm Added to OpenZFS (and FreeBSD).
https://github.com/openzfs/zfs/commit/10b3c7f5e424f54b3ba82dbf1600d866e64ec0a0
https://papers.freebsd.org/2018/bsdcan/jude-zfs_zstd/

WireGuard in NetBSD.
https://mail-index.netbsd.org/current-users/2020/08/20/msg039393.html

FreeBSD on SPARC64 (is Dead).
https://eerielinux.wordpress.com/2020/02/15/freebsd-on-sparc64-is-dead/

PostgreSQL on FreeBSD.
https://www.youtube.com/watch?v=fdbO5Jpopbg

VTM – Text Based Desktop Environment.
https://vtm.netxs.online/
https://www.youtube.com/watch?v=fLumnSctakY

In Other BSDs for 2020/08/22.
https://www.dragonflydigest.com/2020/08/22/24839.html

Random Wifi USB – OpenSUSE/GhostBSD/FreeBSD/NomadBSD.
https://www.youtube.com/watch?v=soVIUsdqWeg

Hardware

iXsystems Launches M60 High Availability Storage Appliance.
https://www.servethehome.com/ixsystems-launches-m60-high-availability-storage-appliance/?hss_channel=tw-20491096

IBM POWER10 Searching for Holy Grail of Compute.
https://www.servethehome.com/ibm-power10-searching-for-the-holy-grail-of-compute/

IBM Reveals Next Generation IBM POWER10 Processor.
https://newsroom.ibm.com/2020-08-17-IBM-Reveals-Next-Generation-IBM-POWER10-Processor

IBM POWER10 Processor Chip Summary.
https://regmedia.co.uk/2020/08/17/ibm_power10_summary.pdf

Marvell Thunder X3 Time to Shine at Hot Chips 32.
https://www.servethehome.com/marvell-thunderx3-time-to-shine/

Backblaze Hard Drive Stats 2020 Q2.
https://www.backblaze.com/blog/backblaze-hard-drive-stats-q2-2020/

Helios64 Production – Update 4.
https://blog.kobol.io/2020/08/23/helios64-update4/

The zrepl 0.3.0 Released.
https://github.com/zrepl/zrepl/releases/tag/v0.3.0

Life

Why Efficiency is Dangerous and Slowing Down Makes Life Better.
https://psyche.co/ideas/why-efficiency-is-dangerous-and-slowing-down-makes-life-better

Other

Why Did Mozilla Removed XUL Addons from Firefox?
https://yoric.github.io/post/why-did-mozilla-remove-xul-addons/

Blockchain – Amazing Solution for Almost Nothing.
https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing/86714927310-8f431cae

There is No Good Reason to Trust Blockchain Technology.
https://www.wired.com/story/theres-no-good-reason-to-trust-blockchain-technology/

Cutting Google Out of Your Life.
https://degoogle.jmoore.dev/

Worldwide Mobile Data Pricing – Cost of 1GB of Mobile Data in 228 Countries.
https://www.cable.co.uk/mobiles/worldwide-data-pricing/

EOF

Valuable News – 2020/08/17

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

FreeBSD CURRENT and STABLE Binary Upgrades.
https://up.bsd.lv/
https://twitter.com/michaeldexter/status/1292493863358050304

FreeBSD with OpenZFS Memstick Images for Testing.
https://people.freebsd.org/~freqlabs/freebsd-openzfs/latest/

GSoC Reports – Benchmarking NetBSD – 2nd Evaluation Report.
https://blog.netbsd.org/tnf/entry/gsoc_reports_benchmarking_netbsd_second

BSD Now 363 – Traditional Unix Toolchains.
https://www.bsdnow.tv/363

TrueNAS 12.0 BETA 2 Available.
https://www.truenas.com/docs/hub/intro/release-notes/tn-12_0-beta2/

Next Generation Server Setup – Hosting Static Websites and Apps Simultaneously on OpenBSD.
https://gist.github.com/anon987654321/4532cf8d6c59c1f43ec8973faa031103

Talk – Introduction to OpenBSD.
https://blog.lambda.cx/posts/openbsd-introduction-talk/

GhostBSD 20.08.04 Install and Review.
https://www.youtube.com/watch?v=NHXt9jQ4W8s

HardenedBSD August 2020 Status Report and Call for Donations.
https://hardenedbsd.org/article/shawn-webb/2020-08-15/hardenedbsd-august-2020-status-report-and-call-donations

In Other BSDs for 2020/08/15.
https://www.dragonflydigest.com/2020/08/15/24829.html

OpenIndiana 2016.04 Release Notes.
https://wiki.openindiana.org/oi/2016.04+Release+notes

Nextcloud in FreeNAS Jail Served by NGINX Behind Reverse Proxy by IIS.
https://techutils.in/blog/2020/08/17/stackbounty-nginx-iis-freenas-nextcloud-nextcloud-in-a-freenas-jail-served-by-nginx-behind-a-reverse-proxy-by-iis/

Videoconferencing on FreeBSD.
https://www.davidschlachter.com/misc/freebsd-videoconferencing

Hardware

Over 400 Vulnerabilities on Qualcomm Snapdragon Chip Threaten Mobile Phones Usability Worldwide.
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

Zero Terminal – Modular Raspberry Pi Zero Powered HandHeld PC.
https://www.cnx-software.com/2020/08/12/zero-terminal-v3-is-a-modular-raspberry-pi-zero-w-powered-handheld-pc/

Intel Xe-LP GPU Architecture Deep Dive.
https://www.anandtech.com/show/15973/the-intel-xelp-gpu-architecture-deep-dive-building-up-from-the-bottom

Life

Young Children Would Rather Explore than Get Rewards.
https://news.osu.edu/young-children-would-rather-explore-than-get-rewards/

Vitamin D – Part 1 – Back to Basics.
https://www.devaboone.com/post/vitamin-d-part-1-back-to-basics

Other

Changing World – Changing Mozilla – 250 People Layoff.
https://blog.mozilla.org/blog/2020/08/11/changing-world-changing-mozilla/

If NSA Has Been Hacking Everything How Has Nobody Seen Them Coming?
https://blog.thinkst.com/p/if-nsa-has-been-hacking-everything-how.html

EOF

Valuable News – 2020/08/10

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

FreeBSD Screen Capture Software.
https://www.youtube.com/watch?v=yUrwkiDGMfM

GhostBSD Telegram.
https://www.youtube.com/watch?v=D78V77Q4Lmw

FreeBSD Virtual Data Centre with Potluck – DevOps and Infrastructure as Code – Part I.
https://honeyguide.eu/posts/virtual-dc1/

FreeBSD Virtual Data Centre with Potluck – DevOps and Infrastructure as Code – Part II.
https://honeyguide.eu/posts/virtual-dc2/

FreeBSD Virtual Data Centre with Potluck – DevOps and Infrastructure as Code – Part III.
https://honeyguide.eu/posts/virtual-dc3/

GNU GDB Debugger and NetBSD – Part 3.
https://blog.netbsd.org/tnf/entry/the_gnu_gdb_debugger_and2

GSoC Reports – Enhancing Syzkaller Support for NetBSD – Part 2.
https://blog.netbsd.org/tnf/entry/gsoc_reports_enhancing_syzkaller_support1

GSoC Reports – Fuzzing Rumpkernel Syscalls on NetBSD – Part 2.
https://blog.netbsd.org/tnf/entry/gsoc_reports_fuzzing_rumpkernel_syscalls1

BSD Router Project 1.97 Released.
https://sourceforge.net/projects/bsdrp/files/BSD_Router_Project/1.97/

FreeBSD Foundation Q2 2020 Status Update.
https://freebsdfoundation.org/blog/freebsd-foundation-q2-2020-status-update/

LibreOffice 7.0 Announced.
https://blog.documentfoundation.org/blog/2020/08/05/announcement-of-libreoffice-7-0/
https://wiki.documentfoundation.org/ReleaseNotes/7.0

Hardware Support in FreeBSD is Not So Bad – Over 90% of Popular Hardware is Supported.
https://www.facebook.com/notes/freebsd-users-group/hardware-support-in-freebsd-is-not-so-bad-over-90-of-popular-hardware-is-support/637752697094067/

Upgrade FreeNAS to TrueNAS.
https://www.youtube.com/watch?v=SsxvPhlOiYI

Another Terminal Based Graphical Activity Monitor gotop Written in Go.
https://github.com/xxxserxxx/gotop

GSoC 2020 2nd Evaluation Report – Curses Library Automated Testing on NetBSD.
https://blog.netbsd.org/tnf/entry/gsoc_2020_second_evaluation_report

NetBSD on NanoPi NEO2.
https://www.cambus.net/netbsd-on-the-nanopi-neo2/

FreeBSD on NanoPi NEOLTS.
https://adventurist.me/posts/00297

LLVM 10.0.0 Imported Into OpenBSD Current.
https://undeadly.org/cgi?action=article;sid=20200806001449

USB Audio Devices on FreeBSD.
https://www.davidschlachter.com/misc/freebsd-usb-audio

SHFM is File Manager Written in POSIX Shell.
https://github.com/dylanaraps/shfm

Squid SSL Decryption with FreeBSD.
https://cs7networks.co.uk/2020/02/17/squid-ssl-decryption-with-freebsd/

FreeBSD – Security Hardening Operating System.
https://www.linuxsecrets.com/3868-freebsd-security-hardening-operating-system

Before You Move to GhostBSD! – 3 Tips.
https://www.youtube.com/watch?v=S6MrZ_e12mk

Install Wireguard VPN Client in FreeBSD Jail.
https://www.cyberciti.biz/faq/how-to-install-a-wireguard-vpn-client-in-a-freebsd-jail/

In Other BSDs for 2020/08/08.
https://www.dragonflydigest.com/2020/08/08/24797.html

OpenBSD LiveCD/LiveDVD FuguIta Start.
http://fuguita.org/index.php?FuguIta%2FStart

GhostBSD 20.08.04 Available.
https://ghostbsd.org/20.08.04_release_announcement

Hardware

AMD Zen Laptops at 6W TDP – Dual Core for Education.
https://www.anandtech.com/show/15953/amd-zen-now-at-6w-tdp-dual-core-for-education

Whats Wrong with Intel – Former Principal Engineer Unloads.
https://www.pcworld.com/article/3569182/whats-wrong-with-intel-and-how-to-fix-it-former-principal-engineer-unloads.html

Intel Suffers 20GB Data Breach – Documents Leaked to Internet.
https://www.anandtech.com/show/15962/intel-data-breach-20gb-of-ip-leaked

Intel Leak – 20GB of Source Code/Internal Docs from Alleged Breach.
https://www.bleepingcomputer.com/news/security/intel-leak-20gb-of-source-code-internal-docs-from-alleged-breach/

Intel/ARM/POWER/AMD Processors Vulnerable to New Side-Channel Attacks.
https://modernnetsec.io/intel-arm-ibm-amd-processors-vulnerable-to-new-side-channel-attacks/

BSD Now 362 – 2.11-BSD Restoration.
https://www.bsdnow.tv/362

AMD Ryzen 7 Pro 4750G Review – Renoir Ushers in New Era for 7nm Desktop APUs.
https://www.tomshardware.com/reviews/amd-ryzen-7-pro-4750g-renoir-review

Portable a-XP AMD Threadripper Workstation PC.
https://www.mediaworkstations.net/systems/portable-amd-workstations/a-xp/

Open Hardware PowerPC Notebook.
https://stafwag.github.io/blog/blog/2020/08/09/powerpc-notebook/

AMD Ryzen Embedded DFI GHF51 SBC Review.
https://www.cnx-software.com/2020/08/10/amd-ryzen-embedded-sbc-review-with-ubuntu-20-04/

Life

Physical Attractiveness Bias in Legal System.
https://www.thelawproject.com.au/insights/attractiveness-bias-in-the-legal-system

Bill English – Computer Mouse Co-Creator Dies at 91.
https://www.bbc.com/news/technology-53638033

Other

UX of LEGO Interface Panels.
https://www.designedbycave.co.uk/2020/LEGO-Interface-UX/

Latest Firefox Rolls out Enhanced Tracking Protection 2.0 – Blocking Redirect Trackers by Default.
https://blog.mozilla.org/blog/2020/08/04/latest-firefox-rolls-out-enhanced-tracking-protection-2-0-blocking-redirect-trackers-by-default/

Google Accidentally Enables Home Smart Speakers to Listen in to Everyday House Sounds.
https://www.independent.co.uk/life-style/gadgets-and-tech/news/google-home-smart-speakers-listen-switch-on-smoke-detector-glass-breaking-a9652991.html

IBM is Already Gutting Red Hat and Firing Employees Without Warning.
http://techrights.org/2020/08/02/red-hat-layoffs/

I am Open Sourcing Have I Been Pwned Code Base.
https://www.troyhunt.com/im-open-sourcing-the-have-i-been-pwned-code-base/

Interview with Vermaden.
https://tintaescura.com/interview-with-vermaden/

EOF

Valuable News – 2020/08/03

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

DragonFlyBSD Updates Its Intel/Radeon (Linux Ported) Graphics Driver Code.
https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-DRM-4.12.14-Port

Dual Boot Install FreeBSD (with ZFS) Alongside Another OS.
https://forums.freebsd.org/threads/uefi-gpt-dual-boot-how-to-install-freebsd-with-zfs-alongside-another-os-sharing-the-same-disk.75734/

WordPress Server Setup on OpenBSD.
https://daulton.ca/2020/03/openbsd-wordpress-server/

Zabbix Server Setup on OpenBSD.
https://daulton.ca/2020/03/openbsd-zabbix-server/

FreeBSD Foundation Got New Look.
https://freebsdfoundation.org/blog/weve-got-a-new-look/

FreeBSD Foundation – FreeBSD Resources
https://freebsdfoundation.org/freebsd-project/resources/

5 Ways to Help FreeBSD.
https://youtu.be/cma_EBER0JM

FreeBSD is Amazing Operating System.
https://www.unixsheikh.com/articles/freebsd-is-an-amazing-operating-system.html

FreeBSD 64bit Assembler (amd64).
https://honeyguide.eu/posts/asm64-fbsd/

BSD Weekly – Issue 30.
https://bsdweekly.com/issues/30

Refactoring FreeBSD Kernel with Checked C.
https://cs.rochester.edu/u/jzhou41/papers/freebsd_checkedc.pdf

FreeNAS 11.3-U4.1 Available.
https://www.ixsystems.com/blog/library/freenas-11-3-u4-1/

Install and Configure FreeBSD on Raspberry Pi.
https://cromwell-intl.com/open-source/samba-active-directory/freebsd-raspberry-pi.html

Setup BIND Slave DNS Server on FreeBSD.
https://cromwell-intl.com/open-source/samba-active-directory/slave-dns.html

Active Directory Service with Samba on FreeBSD.
https://cromwell-intl.com/open-source/samba-active-directory/samba.html

Deploy Users/Groups on Samba Based Active Directory Server on FreeBSD.
https://cromwell-intl.com/open-source/samba-active-directory/deployment.html

BSD Now 361 – Function Based MicroVM.
https://www.bsdnow.tv/361

Call for Testing for Vendor OpenZFS in FreeBSD.
https://lists.freebsd.org/pipermail/freebsd-hackers/2020-July/056338.html

OPNsense 20.7 Legendary Lion Released.
https://opnsense.org/opnsense-20-7/

FreeBSD grub-bhyve Bootloader Virtual Machine Escapes.
https://github.com/renorobert/grub-bhyve-bugs

BootHole and Seven Other Vulnerabilities Patched in GNU GRUB2.
https://9to5linux.com/boothole-and-seven-other-vulnerabilities-patched-in-grub2-update-your-distros-now

Red Hat and CentOS Systems are not Booting Due to BootHole Patches.
https://arstechnica.com/gadgets/2020/07/red-hat-and-centos-systems-arent-booting-due-to-boothole-patches/

Linus Torvalds on EFI Intel Brain Damage.
https://yarchive.net/comp/linux/efi.html

Introduction to ZFS – Place to Start.
https://www.servethehome.com/an-introduction-to-zfs-a-place-to-start/

In Other BSDs for 2020/08/01.
https://www.dragonflydigest.com/2020/08/01/24783.html

FreeBSD Foundation Celebrates 20th Anniversary.
https://www.tfir.io/freebsd-foundation-celebrates-20th-anniversary/

BSD Gaming is Improving – Proton on FreeBSD.
https://www.youtube.com/watch?v=wfvbyWGkRW0

Testing Linux Steam Proton on GhostBSD (FreeBSD) with BSD Linuxulator.
https://www.youtube.com/watch?v=H8ihW0m3bRQ

Creating Wireguard VPN on OpenBSD.
https://xosc.org/wireguard.html

DragonflyBSD Imports AMD Temperature Driver and SMN Support from FreeBSD.
https://www.phoronix.com/scan.php?page=news_item&px=DragonFlyBSD-AMD-TEMP-SMN

Finding File Duplicates with fdupes(1) on FreeBSD.
https://rubenerd.com/finding-file-duplicates-with-fdupes/

Hardware

Purism Librem 14 Adds Microphone Kill Switch Enhancements.
https://puri.sm/posts/librem-14-adds-microphone-kill-switch-enhancements/

Why I Still Use Old PowerPC Mac in 2020.
https://www.howtogeek.com/682300/why-i-still-use-an-old-powerpc-mac-in-2020/

Sun Ultra 3 Mobile Workstation Review. http://freesoftwaremagazine.com/articles/sun_workstation/

List of Known SSDs with Internal 8k Blocks.
https://github.com/openzfs/zfs/blob/master/cmd/zpool/os/linux/zpool_vdev_os.c#L98

Life

Mysterious Case of Man Who Can Read Letters But Not Numbers.
https://www.sciencemag.org/news/2020/07/mysterious-case-man-who-can-read-letters-not-numbers-exposes-complex-roots

How One Hour of Slow Breathing Changed my Life.
https://www.theguardian.com/lifeandstyle/2020/jul/26/every-breath-you-take-the-lost-art-of-breathing

Other

Firefox 79 – Safe Return of Shared Memory/New Tooling/Platform Updates.
https://hacks.mozilla.org/2020/07/firefox-79/

EOF

Valuable News – 2020/07/27

The Valuable News weekly series is dedicated to provide summary about news, articles and other interesting stuff mostly but not always related to the UNIX or BSD systems. Whenever I stumble upon something worth mentioning on the Internet I just put it here.

Today the amount information that we get using various information streams is at massive overload. Thus one needs to focus only on what is important without the need to grep(1) the Internet everyday. Hence the idea of providing such information ‘bulk’ as I already do that grep(1).

UNIX

SIMH Setup for 2.11BSD Restoration Project.
https://bsdimp.blogspot.com/2020/07/simh-setup-for-211bsd-restoration.html

Software Inventory with Salt on FreeBSD.
https://blog.socruel.nu/freebsd/software-inventory-with-salt-on-freebsd.html

20 Years of FOSS Office Suite.
https://blog.documentfoundation.org/blog/2020/07/18/20-years-of-the-foss-office-suite/

OmniOS Community Edition r151030bl/r151032al/r151034l Available.
https://omniosce.org/article/030bl-032al-034l

Ars Technica – TrueNAS Core Will Soon Replace FreeNAS.
https://arstechnica.com/gadgets/2020/07/an-easy-mode-for-zfs-we-test-the-truenas-core-12-0-beta/

Month and Half of Self Hosted Email on OpenBSD.
https://www.paritybit.ca/blog/a-month-and-a-half-of-self-hosted-email

FreeBSD Qt WebEngine GPU Acceleration.
https://euroquis.nl/freebsd/2020/07/21/webengine.html

ThinkPad T480 is My New Main Laptop which Runs FreeBSD [2019].
https://genneko.github.io/playing-with-bsd/hardware/freebsd-on-thinkpad-t480/

Installing Debian Under FreeBSD Bhyve.
https://blahg.josefsipek.net/?p=595

Monitoring Your Own Infrastructure Using Grafana/InfluxDB/CollectD.
https://serhack.me/articles/monitoring-infrastructure-grafana-influxdb-connectd/

BSD Weekly – Issue 29.
https://bsdweekly.com/issues/29

Adding Networking to 2.11BSD PL 195.
https://bsdimp.blogspot.com/2020/07/adding-networking-to-211bsd-pl-195.html

FreeBSD Fridays – Intro to FreeBSD.
https://www.youtube.com/watch?v=h-gJePs8XDI

OpenBSD on Odroid H2+ dmesg(8) Output.
http://ix.io/2cbM

FreeNAS 11.3-U4 Available.
https://www.ixsystems.com/blog/library/freenas-11-3-U4/

FreeBSD Fixed Bug in mountd.c That is 30 Years Old.
https://svnweb.freebsd.org/base?view=revision&revision=363435

BSD Now 360 – Full Circle.
https://www.bsdnow.tv/360

LLVM 10.0.1 Finally Ready as Latest Stable Compiler Version.
https://www.phoronix.com/scan.php?page=news_item&px=LLVM-10.0.1-Released

FreeBSD Core Team 10 in Review.
https://www.freebsdfoundation.org/blog/freebsd-core-team-10-in-review/

ZFS High Availability Filesystem with Minio on FreeBSD.
https://honeyguide.eu/posts/minio-fuse/

In Other BSDs for 2020/07/25.
https://www.dragonflydigest.com/2020/07/25/24761.html

69 Times FreeBSD Performance Improvement – VFS Lockless Lookup for TMPFS/UFS/ZFS.
https://twitter.com/FreeBSDHelp/status/1287635674561048576

Small Mailserver Best Current Practices.
https://bridge.grumpy-troll.org/2020/07/small-mailserver-bcp/

Hardware

Ubuntu Linux Performance on AMD Rome and Intel Cascade Lake.
https://www.phoronix.com/scan.php?page=article&item=rome-cascade-2020&num=1

Pinebook Pro Pre Orders Open with Shipping in 2020/08.
https://www.pine64.org/2020/07/20/pinebook-pro-pre-orders-open-with-shipping-in-august-2020/

Gigabyte Shows Marvell ThunderX3 R282 2U Server.
https://www.servethehome.com/gigabyte-shows-marvell-thunderx3-r282-2u-server/

AMD Launches 12 Desktop Renoir Ryzen 4000G Series APUs.
https://www.anandtech.com/show/15921/amd-launches-12-desktop-renoir-ryzen-4000g-series-apus-but-you-cant-buy-them

iXsystems FreeNAS Mini XL+ Review – 8 Bay ZFS Power for Pros.
https://itenterpriser.com/reviews/ixsystems-freenas-mini-xl-review-8-bay-zfs-power-for-pros/

KDE Slimbook – 3rd Edition.
http://kde.slimbook.es/

Intel 7nm Delayed By 6 Months.
https://www.anandtech.com/show/15926/intel-7nm-delayed-by-6-months-company-to-take-pragmatic-approach-in-using-3rd-party-fabs

Other

30 Year Old Commodore Amiga Still Controlling Heat and AC in 19 Public Schools.
https://www.digitaltrends.com/computing/theres-30-year-old-commodore-amiga-still-controlling-heat-ac-19-public-schools/

Planetary Anachronism – No Man’s Sky Beautifully Rendered on Amiga 1000.
https://nmsspot.com/2018/03/14/a-planetary-anachronism-no-mans-sky-beautifully-rendered-on-the-amiga-1000/

EOF