Tag Archives: freebsd

FreeBSD 13.1 on ThinkPad W520

I created whole FreeBSD Desktop series … but I never created an article describing how I run FreeBSD on my own daily driver – the Lenovo ThinkPad W520 from 2011 – the last one with the so much appreciated 7-row keyboard. In this article I will share how I configured FreeBSD to make the most of it. If you are curious why I use such old laptop then my older Epitaph to Laptops article explains that in detail.

This is the Table of Contents for this article.

  • FreeBSD 13.1 on ThinkPad W520
  • ThinkPad W520
  • Specifications
  • FreeBSD System Configuration
  • Desktop Environment
    • Openbox
    • XFCE
    • GNOME
  • Accessories
    • Smaller Power Supply
    • Mouse Companion
    • Two Additional USB 3.0 Ports
    • Larger Custom Battery
  • Experience
  • Summary

ThinkPad W520

This machine was out-fucking-standing when it was released in 2011 … and expensive as hell also πŸ™‚ With 4 physical cores and up to 32 GB RAM only a few laptops could compete with it – Dell Precision M4600 – also could do that back then … but not exactly the same. You see – the last Dell Precision to carry similar 7-row keyboard was Dell Precision M4500 – but that one was from 2010 and was able to pack only … 8 GB RAM (official) and 16 GB RAM (unofficial) – so its not a fair comparison. Today 11 years (!) later ThinkPad W520 is still very capable and powerful machine. The only thing that you may need to do is to replace the thermal paste. I also did that – Classic ThinkPad Thermal Paste Change – as described here.

0THIS-w520-freebsd

To make you imagine how big that 11 years time span in IT is I will try to show you example with a car. Its like driving 30 years old Mercedes-Benz W124 from 1992 today because IT world and hardware changes and improves a lot faster then automobile industry. The Mercedes-Benz W124 with its indestructible automatic transmission and engine along with comfortable suspension and automatic air conditioning – offers daily experience not that far away from today’s cars – the meritum is definitely fulfilled. I know that from first hand since I owned one not that long ago. Not to mention its legendary reliability. Its also a car that is very liked by mechanics as its very ‘serviceable’ and has lots of space for everything. You do not need to disassemble entire front bumper and the headlight just to replace a broken light beam.

w520.mercedes.w124

This is the same that I would say about ThinkPad W520 today. You can put three (!) storage devices at the same time. Two 2.5 SATA drives and one mSATA disk. Assuming you would use 8 TB 2.5 Samsung QVO drives and 2 TB mSATA drive you would have 18 TB of storage … in a 11 years old laptop. You can grow that to 19TB with 1TB SD card in the slot … and we even did not touched any USB ports yet. Today you are able to get ThinkPad W520 in nice condition for about $300 if you are not heisty and getting 32 GB of DDR3 RAM costs another $100 so its pretty affordable hardware.

Specifications

For the record below You will find specs of mine machine. I also added driver and/or package that is used to support these devices.

CPU: Intel Core i7-2820QM 2.30GHz (4C/8T) Sandy Bridge 32nm
RAM: 32 GB (4 * 8GB DDR3)
HDD0: 128GB mSATA Samsung PM830 (system)
HDD1: 4 TB 2.5 SATA Samsung 860 QVO (data)
GFX0: Intel HD Graphics 3000 (integrated) [graphics/drm-kmod]
GFX1: Nvidia Quadro 2000M (discrete) [x11/nvidia-driver-390] {nvidia}
SCR: 15.6 1920x1080
USB: 2 x USB 2.0 + 2 x USB 3.0 [ehci(4) + xhci(4)]
AUDIO: Conexant CX20590 [snd_hda(4)]
PORTS0: 1 x VGA
PORTS1: 1 x DisplayPort
PORTS2: 1 x eSata
SD: Card Reader 5in1 [sdhci(4)]
LAN: 10/100/1000 Intel 82579LM Gigabit [em(4)]
WIFI: Intel Centrino Ultimate-N 6300 AGN 802.11n [iwn(4)]
BT: Bluetooth 3.0 [ng_ubt(4)]
CAM: Webcam 720p [multimedia/webcamd]

Articles such as this one often focuses on what works and is supported by FreeBSD and what is problematic or does not work at all. The very nice thing about ThinkPad W520 under FreeBSD command is that EVERYTHING works. From Bluetooth through Card Reader and also multiple suspend/resume cycles. I am doing months of uptime on that laptop and I reboot only when I need to update the system or I want to test something … but that often also does not need reboot now as you can just reroot into other BE as described in my other ZFS Boot Environments Revolutions article.

I do not need the compute power of discrete Nvidia Quadro 2000M card so I disabled it in the BIOS – but when I tried it with drivers from the FreeBSD Ports – everything worked as desired. I use integrated Intel HD Graphics 3000 which is more then enough for my needs. To be honest I would get ThinkPad T520 which can be bought with integrated graphics only but it has two downsides. The T520 does not have any USB 3.0 ports – that one I could probably live with but … it comes only with Dual Core CPUs. You can of course place a Quad Core CPU in it by yourself – but as W520 exist I do not see a reason not to get one πŸ™‚

FreeBSD System Configuration

From many things that I really like about FreeBSD (more here – Quare FreeBSD? – in separate article) is that it can be mostly configured using just 3 files. This configuration already features all power management settings that I described in the The Power to Serve – FreeBSD Power Management article.

I installed FreeBSD in a pretty standard way with GELI full disk encryption enabled and with ZFS as the filesystem as I can not live without ZFS Boot Environments. The FreeBSD installer automatically detects and applies the so called ‘Lenovo Fix‘. When in doubt the installation procedure is described in the FreeBSD Desktop – Part 2.1 – Install FreeBSD 12 article.

Main FreeBSD configuration files.

  • /etc/rc.conf – system and services configuration
  • /etc/sysctl.conf – runtime parameters configuration
  • /boot/loader.conf – parameters configurable at boot

I will also include these below as they are also important:

  • /etc/devfs.rules – devices configuration
  • /etc/fstab – filesystems configuration
  • /etc/ttys – terminal initialization configuration
  • /etc/wpa_supplicant.conf – WiFi configuration
  • /usr/local/etc/automount.confautomount(8) configuration
  • /usr/local/etc/doas.confdoas(1) configuration
  • id(1) groups membership
  • /usr/local/etc/X11/xorg.conf.d/* – X11 configuration

First the main /etc/rc.conf configuration file.

% cat /etc/rc.conf
# SILENCE # ------------------------------------------------------------------
  rc_startmsgs=NO

# NETWORK # ------------------------------------------------------------------
  hostname=w520.local
  background_dhclient=YES
  extra_netfs_types=NFS
  defaultroute_delay=3
  defaultroute_carrier_delay=3
  gateway_enable=YES
  harvest_mask=351
  rtsol_flags="-i"
  rtsold_flags="-a -i"

# MODULES/COMMON/BASE # ------------------------------------------------------
  kld_list="${kld_list} /boot/modules/i915kms.ko"
  kld_list="${kld_list} fusefs coretemp sem cpuctl ichsmb cuse"
  kld_list="${kld_list} libiconv cd9660_iconv msdosfs_iconv udf_iconv"

# MODULES/VIRTUALBOX # -------------------------------------------------------
  vboxnet_enable=YES
  kld_list="${kld_list} vboxdrv vboxnetadp vboxnetflt"

# POWER
  performance_cx_lowest=C1
  economy_cx_lowest=Cmax
  powerd_enable=YES
  powerd_flags="-n adaptive -a hiadaptive -b adaptive -m 800 -M 2000"

# DAEMONS | yes # ------------------------------------------------------------
  zfs_enable=YES
  xdm_enable=YES
  xdm_tty=ttyv4
  nfs_client_enable=YES
  ubuntu_enable=YES
  moused_enable=YES
  syslogd_flags='-s -s'
  sshd_enable=YES
  local_unbound_enable=YES
  webcamd_enable=YES
  rctl_enable=YES

# DAEMONS | no # -------------------------------------------------------------
  linux_enable=NO
  sendmail_enable=NONE
  sendmail_submit_enable=NO
  sendmail_outbound_enable=NO
  sendmail_msp_queue_enable=NO

# FS # -----------------------------------------------------------------------
  fsck_y_enable=YES
  clear_tmp_enable=YES
  clear_tmp_X=YES
  growfs_enable=YES

# OTHER # --------------------------------------------------------------------
  keyrate=fast
  keymap=pl.kbd
  virecover_enable=NO
  update_motd=NO
  devfs_system_ruleset=desktop
  hostid_enable=NO
  savecore_enable=NO

Now the runtime parameters /etc/sysctl.conf file.

% cat /etc/sysctl.conf
# SECURITY
  security.bsd.see_jail_proc=0
  security.bsd.unprivileged_proc_debug=0

# SECURITY/RANDOM PID
  kern.randompid=1

# ANNOYING THINGS
  vfs.usermount=1
  kern.coredump=0
  hw.syscons.bell=0
  kern.vt.enable_bell=0

# ZFS DELETE FUCKUP TRIM (DEFAULT: 64)
  vfs.zfs.vdev.trim_max_active=1

# ZFS ARC TUNING
  vfs.zfs.arc.min=134217728
  vfs.zfs.arc.max=536870912

# ZFS ARC FREE ENFORCE @ 1024 \* 1024 \* 3
  vfs.zfs.arc_free_target=3145728

# JAILS/ALLOW UPGRADES IN JAILS
  security.jail.chflags_allowed=1

# JAILS/ALLOW RAW SOCKETS
  security.jail.allow_raw_sockets=1

# DESKTOP/INTERACTIVITY
  kern.sched.preempt_thresh=224

# DESKTOP QUANTUM FOR TIMESHARE THREADS IN stathz TICKS (12) NomadBSD
  kern.sched.slice=3

# DESKTOP/IRIDIUM/CHROMIUM
  kern.ipc.shm_allow_removed=1

# SAMPLE RATE CONVERTER QUALITY (0=low .. 4=high) (1) NomadBSD
  hw.snd.feeder_rate_quality=3

# PERFORMANCE/ALL SHARED MEMORY SEGMENTS WILL BE MAPPED TO UNPAGEABLE RAM
  kern.ipc.shm_use_phys=1

# VIRTUALBOX aio(4) SETTINGS
  vfs.aio.max_buf_aio=8192
  vfs.aio.max_aio_queue_per_proc=65536
  vfs.aio.max_aio_per_proc=8192
  vfs.aio.max_aio_queue=65536

# NETWORK/DO NOT SEND RST ON SEGMENTS TO CLOSED PORTS
  net.inet.tcp.blackhole=2

# NETWORK/DO NOT SEND PORT UNREACHABLES FOR REFUSED CONNECTS
  net.inet.udp.blackhole=1

# NETWORK/LIMIT ON SYN/ACK RETRANSMISSIONS (3)
  net.inet.tcp.syncache.rexmtlimit=0

# NETWORK/USE TCP SYN COOKIES IF THE SYNCACHE OVERFLOWS (1)
  net.inet.tcp.syncookies=0

# NETWORK/ASSIGN RANDOM ip_id VALUES (0)
  net.inet.ip.random_id=1

# NETWORK/ENABLE SENDING IP REDIRECTS (1)
  net.inet.ip.redirect=0

# NETWORK/IGNORE ICMP REDIRECTS (0)
  net.inet.icmp.drop_redirect=1

# NETWORK/DROP TCP PACKETS WITH SYN+FIN SET (0)
  net.inet.tcp.drop_synfin=1

# NETWORK/RECYCLE CLOSED FIN_WAIT_2 CONNECTIONS FASTER (0)
  net.inet.tcp.fast_finwait2_recycle=1

# NETWORK/CERTAIN ICMP UNREACHABLE MESSAGES MAY ABORT CONNECTIONS IN SYN_SENT (1)
  net.inet.tcp.icmp_may_rst=0

Now the boot parameters in /boot/loader.conf file.

% cat /boot/loader.conf
# CONSOLE COMMON
  autoboot_delay=1       # OPTION '-1' MEANS NO WAIT AND 'NO' MEANS INFINITE WAIT
  hw.usb.no_boot_wait=0  # DO NOT WAIT FOR USB DEVICES FOR ROOT (/) FILESYSTEM
  boot_mute=YES          # SAME AS '-m' IN LOADER - MUTE CONSOLE WITH FreeBSD LOGO
  loader_logo=none       # DESIRED LOGO: fbsdbw beastiebw beastie none
  loader_menu_frame="none"
  screen.font="6x12"

# CONSOLE RESOLUTION
  efi_max_resolution="1920x1080"

# WINE FIX
  machdep.max_ldt_segment=2048

# MODULES - BOOT
  geom_eli_load=YES
  zfs_load=YES

# drm-kmod PACKAGE - USE SEMAPHORES FOR INTER-RING SYNC
  compat.linuxkpi.semaphores=1

# drm-kmod PACKAGE - ENABLE POWER-SAVING RENDER C-STATE 6
  compat.linuxkpi.enable_rc6=7

# drm-kmod PACKAGE - ENABLE POWER-SAVING DISPLAY C-STATES
  compat.linuxkpi.enable_dc=2

# drm-kmod PACKAGE - ENABLE FRAME BUFFER COMPRESSION FOR POWER SAVINGS
  compat.linuxkpi.enable_fbc=1

# ENABLE SYNAPTICS
  hw.psm.synaptics_support=1

# DISABLE /dev/diskid/* ENTRIES FOR DISKS
  kern.geom.label.disk_ident.enable=0

# DISABLE /dev/gptid/* ENTRIES FOR DISKS
  kern.geom.label.gptid.enable=0

# TERMINAL vt(4) COLORS
  kern.vt.color.0.rgb="#000000"
  kern.vt.color.1.rgb="#dc322f"
  kern.vt.color.2.rgb="#859900"
  kern.vt.color.3.rgb="#b58900"
  kern.vt.color.4.rgb="#268bd2"
  kern.vt.color.5.rgb="#ec0048"
  kern.vt.color.6.rgb="#2aa198"
  kern.vt.color.7.rgb="#94a3a5"
  kern.vt.color.8.rgb="#586e75"
  kern.vt.color.9.rgb="#cb4b16"
  kern.vt.color.10.rgb="#859900"
  kern.vt.color.11.rgb="#b58900"
  kern.vt.color.12.rgb="#268bd2"
  kern.vt.color.13.rgb="#d33682"
  kern.vt.color.14.rgb="#2aa198"
  kern.vt.color.15.rgb="#6c71c4"

# RACCT/RCTL RESOURCE LIMITS
  kern.racct.enable=1

# DISABLE ZFS PREFETCH
  vfs.zfs.prefetch_disable=1

# POWER MGMT / POWER OFF DEVICES WITHOUT ATTACHED DRIVER
  hw.pci.do_power_nodriver=3

# POWER MANAGEMENT FOR EVERY USED AHCI CHANNEL (ahcich 0-7)
  hint.ahcich.0.pm_level=5
  hint.ahcich.1.pm_level=5
  hint.ahcich.2.pm_level=5
  hint.ahcich.3.pm_level=5
  hint.ahcich.4.pm_level=5
  hint.ahcich.5.pm_level=5
  hint.ahcich.6.pm_level=5
  hint.ahcich.7.pm_level=5

# GELI THREADS
  kern.geom.eli.threads=4

Now the mentioned /etc/devfs.rules file.

% cat /etc/devfs.rules
[desktop=10]
add path 'acd*'      mode 0660 group operator
add path 'cd*'       mode 0660 group operator
add path 'da*'       mode 0660 group operator
add path 'pass*'     mode 0660 group operator
add path 'xpt*'      mode 0660 group operator
add path 'fd*'       mode 0660 group operator
add path 'md*'       mode 0660 group operator
add path 'uscanner*' mode 0660 group operator
add path 'ugen*'     mode 0660 group operator
add path 'usb/*'     mode 0660 group operator
add path 'video*'    mode 0660 group operator
add path 'cuse*'     mode 0660 group operator
add path 'lpt*'      mode 0660 group cups
add path 'ulpt*'     mode 0660 group cups
add path 'unlpt*'    mode 0660 group cups

Filesystems and SWAP configuration.

% cat /etc/fstab
# SWAP
  /dev/gpt/swap0  none  swap  sw  0 0

# FreeBSD PSEUDO - NEEDED BY wine(1)
  procfs  /proc  procfs  rw  0 0

# Ubuntu Linux PSEUDO
  linprocfs  /compat/ubuntu/proc     linprocfs  rw,late                    0 0
  linsysfs   /compat/ubuntu/sys      linsysfs   rw,late                    0 0
  devfs      /compat/ubuntu/dev      devfs      rw,late                    0 0
  fdescfs    /compat/ubuntu/dev/fd   fdescfs    rw,late,linrdlnk           0 0
  tmpfs      /compat/ubuntu/dev/shm  tmpfs      rw,late,size=1g,mode=1777  0 0
  /home      /compat/ubuntu/home     nullfs     rw,late                    0 0
  /tmp       /compat/ubuntu/tmp      nullfs     rw,late                    0 0

Terminals configuration under /etc/ttys file. Important part is the ttyv4 entry to match the xdm_tty=ttyv4 value from /etc/rc.conf file.

% grep '^[^#]' /etc/ttys | cat
console none                            unknown off insecure
ttyv0   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv1   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv2   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv3   "/usr/libexec/getty Pc"         xterm   onifexists secure
ttyv4   "/usr/libexec/getty Pc"         xterm   off secure
ttyv5   "/usr/libexec/getty Pc"         xterm   off secure
ttyv6   "/usr/libexec/getty Pc"         xterm   off secure
ttyv7   "/usr/libexec/getty Pc"         xterm   off secure
ttyv4   "/usr/local/bin/xdm -nodaemon"  xterm   off secure
ttyu0   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu1   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu2   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
ttyu3   "/usr/libexec/getty 3wire"      vt100   onifconsole secure
dcons   "/usr/libexec/getty std.9600"   vt100   off secure
xc0     "/usr/libexec/getty Pc"         xterm   onifconsole secure
rcons   "/usr/libexec/getty std.9600"   vt100   onifconsole secure

Wireless config – as an example for different network types. As you have seen I did not included any network information in the /etc/rc.conf file – this is because I use my own network.sh solution to connect to various both wire and wireless networks – FreeBSD Network Management with network.sh Script – described in detail here.

# cat /etc/wpa_supplicant.conf
# GENERAL
eapol_version=2
ap_scan=1
fast_reauth=1

# OPEN NETWORKS
network={
  key_mgmt=NONE
  priority=0
}

# NETWORK WITH HIDDEN SSID
network={
  scan_ssid=1
  ssid="hidden-network"
  psk="12341234"
  priority=0
}

# NAMED OPEN NETWORK
network={
  ssid="Free_Internet"
  key_mgmt=NONE
  priority=0
}

# NORMAL WPA/WPA2 SECURED NETWORK
network={
  ssid="SECURED"
  psk="12345678"
}

The automount(8) config.

% cat /usr/local/etc/automount.conf
  USERUMOUNT=YES
  USER=vermaden
  FM='caja --no-desktop'
  NICENAMES=YES

The doas(1) configuration.

# cat /usr/local/etc/doas.conf
# CORE
  permit nopass keepenv root     as root
  permit nopass keepenv vermaden as root

# THE network.sh SCRIPT
  # pw groupmod network -m YOURUSERNAME
  # cat /usr/local/etc/doas.conf
  permit nopass :network as root cmd /etc/rc.d/netif args onerestart
  permit nopass :network as root cmd /usr/sbin/service args squid onerestart
  permit nopass :network as root cmd dhclient
  permit nopass :network as root cmd ifconfig
  permit nopass :network as root cmd killall args -9 dhclient
  permit nopass :network as root cmd killall args -9 ppp
  permit nopass :network as root cmd killall args -9 wpa_supplicant
  permit nopass :network as root cmd ppp
  permit nopass :network as root cmd route
  permit nopass :network as root cmd tee args -a /etc/resolv.conf
  permit nopass :network as root cmd tee args /etc/resolv.conf
  permit nopass :network as root cmd umount
  permit nopass :network as root cmd wpa_supplicant

Groups I am member of with id(1) output.

% id vermaden | tr ' ' '\n' | tr ',' '\n'
uid=1000(vermaden)
gid=1000(vermaden)
groups=1000(vermaden)
0(wheel)
5(operator)
44(video)
69(network)
145(webcamd)
920(vboxusers)

Current X11 configuration.

% cat /usr/local/etc/X11/xorg.conf.d/card.conf
Section "Device"
  Identifier "Card0"
  Option "DPMS"
  Driver "intel"
  Option "DRI" "3"
  Option "AccelMethod" "sna"
  Option "TearFree" "true"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/flags.conf
Section "ServerFlags"
  Option "DontZap" "off"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/keyboard.conf
Section "InputDevice"
  Identifier "Keyboard0"
  Driver "kbd"
  Option "XkbLayout" "pl"
  Option "XkbOptions" "terminate:ctrl_alt_bksp,ctrl:nocaps"
EndSection

% cat /usr/local/etc/X11/xorg.conf.d/touchpad.conf
Section "InputClass"
  Identifier "touchpad"
  MatchIsTouchpad "on"
  Driver "libinput"
  Option "Tapping" "on"
  Option "NaturalScrolling" "on"
EndSection

I also do not rely on ‘stock’ fan speeds and set my own speeds according to CPU temperature with acpi-thinkpad-fan.sh script.

Desktop Environment

Openbox

As for the ‘desktop environment’ that I use – its my custom setup with Openbox along with tools like Tint2 and Dzen2 – for the most basic setup. The screenshot is from FreeBSD 11.1 but it looks exactly the same today.

freebsd-desktop-2019-04

I described this setup in details in the entire FreeBSD Desktop series.

XFCE

I have also tried XFCE – I liked it especially with the Global Menu app-menu plugin. You go this way with this XFCE Cupertino Way handy guide.

xfce-ghostbsd

GNOME

I also tried GNOME for a test – it did not suit me well so I went back to my Openbox setup – but You may find it more comfortable to use. Here is the FreeBSD GNOME 3 Fast Track article that will help you with that.

gnome-4-apps

Accessories

There are some accessories that are very handy with the ThinkPad W520 laptop. I will describe them below.

Smaller Power Supply

The ThinkPad W520 comes with quite large brick of ThinkPad 170W Power Supply. It works. Its OK … but you can use smaller one and more universal at the same time. I use the ThinkPad 135W Power Supply that originally was sold with ThinkPad W510 – the earlier model. Besides being smaller in size it also has one additional advantage. Its plug is round and also fits into other ThinkPads from this line like ThinkPad X220 or ThinkPad T420s. The original ThinkPad 170W Power Supply unfortunately only fits into the ThinkPad W520 laptop. Below you can compare their sizes.

w520.ps

Mouse Companion

After checking many mouse models – as described in the UNIX Mouse Shootout article – I finally settled with Logitech Triathlon M720 mouse. I have plugged the Lenovo USB Receiver into the back ‘powered’ USB port. While I use that mouse over the USB receiver you can also connect it using Bluetooth – also to other computers. This mouse has a special dedicated button to switch between 3 different computers. Unfortunately the copy-paste between them does not work πŸ™‚

mouse-M720

If you would like to ‘save’ that port for something else then you may use special USB board adapter that you will place in the Bluetooth module under the palm rest. You would loose Bluetooth support then of course – but not everyone uses that. Its available for example on Aliexpress site and looks like that.

w520.usb-bluetooth-pink

I do not use it as I do not need the ‘back’ USB port so below you will find its mounted picture on the ThinkPad X220 laptop instead – along with the Lenovo USB Receiver attached.

w520.usb-bluetooth

Two Additional USB 3.0 Ports

The ThinkPad W520 comes with not well known today ExpressCard port. With this cheap adapter from Aliexpress you can add two additional USB 3.0 ports. You may of course do not need that many ports – but if you are left handed then you probably use mouse on the left of your laptop – then USB ports on the right will be handy.

w520.express

These USB 3.0 ports may be also useful with some bhyve(8) setups. Currently its not supported to pass-thru just a single USB port to a virtual machine. You need to pass thru entire controller. This way you can pass-thru that controller to bhyve(8) VM and have another USB 3.0 ports on the host.

Larger Custom Battery

The original largest extended battery for ThinkPad W520 had 9400mAh capacity. Its possible to get even larger custom extended battery but in the same physical size and shape – with 9600mAh capacity – and for only about $50. To remind you the original one costs closer to $200 unfortunately. I got mine from this Aliexpress page. With my power settings and with this battery along with enabled WiFi and screen brightness just one step less then maximum brightness it show more then 7 hours of time left in acpiconf(8) command.

% acpiconf -i 0
Design capacity:        10368 mAh
Last full capacity:     10368 mAh
Technology:             secondary (rechargeable)
Design voltage:         10800 mV
Capacity (warn):        518 mAh
Capacity (low):         18 mAh
Low/warn granularity:   1 mAh
Warn/full granularity:  1 mAh
Model number:           42T4763
Serial number:              1
Type:                   LION
OEM info:               SANYO
State:                  discharging
Remaining capacity:     97%
Remaining time:         7:17
Present rate:           1393 mA (17086 mW)
Present voltage:        12266 mV

As you can see from the command above this custom battery size is even reported as closer to 10400mAh instead of advertised 9600maH. I do not know how to check which one is closer to truth – but the fact is that it allows longer work then the official one – and for smaller price.

Experience

This laptop along with its smaller and lighter brothers such as ThinkPad X220 or ThinkPad T420s are the best machines I know to work on FreeBSD … but maybe its because I do not use newer laptops πŸ™‚ The general experience of FreeBSD on ThinkPad W520 is stable and uninterrupted work count in days and weeks of uptime. The suspend/resume works like a charm with many cycles possible – not just one. I one even recorded such suspend/resume cycle with many applications and games running on a busy FreeBSD system. Its available here FreeBSD 12.2 Suspend/Resume on a Vimeo page.

Here is now its being used daily.

w520.real

Summary

I have been using this laptop since many years and I even laugh that as its a decade old – I would use it for the next decade πŸ™‚ Most/all of this configuration applies to other ThinkPad models from this lineup like X220/T420s/T420/T520 … probably even L520 (but I did not tested that one).

EOF

Automated Kickstart Install of RHEL/Clones

There are two approaches to making your life more automated about installing multiple instances of operating systems. You can either maintain up-to-date templates for them or you can have automated/scripted installations. In this article I will share how to generate ISO image and Kickstart configuration to install Red Hat Enterprise Linux (and its clones such as Alma/Rocky/CentOS/Scientific/…) in easy and fast way. For the process I will use 8.5 version of RHEL.

Here is the Table of Contents for this article.

  • Logo
  • Possibilities
  • Environment
    • FreeBSD – www
    • RHEL Client – kickme
  • Validate
  • Generation
    • kickstart.config
    • kickstart.skel
    • kickstart.sh
    • ISO
  • Result
  • Alternatives
  • Summary

Logo

Shortly after IBM acquisition Red Hat started to use kinda boring ‘just a red hat’ logo – but its earlier logo – shown below – was more interesting.

rhel-logo

If you stare long enough you will see two dinosaurs. The Tyrannosaurus (red) punching a Triceratops (white) in the head. Once you see it you will not be able to unsee it πŸ™‚

Possibilities

There are many ways to do that automated Kickstart installation. You can use NFS/HTTP/FTP/HTTPS or your own generated DVD media … or use ‘stock’ DVD and Kickstart config available somewhere on the network.

I will use the following method that I find currently is best suited for my needs:

  • FreeBSD host with NGINX serving RHEL 8.5 DVD content (rhel-8.5-x86_64-dvd.iso) over HTTP.
  • Generate small (less then 1 MB in size) ISO with Kickstart config on it.
  • Boot from small rhel-8.5-x86_64-boot.iso ISO and also with generated Kickstart ISO.

Environment

I will use VirtualBox for this demo with NAT Network configuration for the virtual machines network adapters. The nat0 VirtualBox network is defined as 10.0.10.0/24 and I use Port Forwarding to access these machines from the FreeBSD host system.

Machines:

  • 10.0.10.210 - www – FreeBSD system with NGINX to serve RHEL 8.5 DVD contents
  • 10.0.10.199 - kickme – RHEL machine that would be installed with automated Kickstart install

FreeBSD – www

Below you will find the FreeBSD machine configuration as seen on VirtualBox.

vm-www

Its default FreeBSD ZFS install on single disk. Nothing fancy here to be honest. Below you will find its configuration from /etc/rc.conf file. I also installed the nginx package but the only thing I did with NGINX was to enable it to start automatically. I used the default stock config that points at /usr/local/www/nginx place. I later copied the RHEL 8.5 DVD contents to the /usr/local/www/nginx/rhel-8.5 directory. It takes about 10 GB.

www # cat /etc/rc.conf
hostname=www
ifconfig_em0="inet 10.0.10.210 netmask 255.255.255.0"
defaultrouter=10.0.10.1
sshd_enable=YES
nginx_enable=YES
zfs_enable=YES
dumpdev=AUTO
sendmail_enable=NO
sendmail_submit_enable=NO
sendmail_outbound_enable=NO
sendmail_msp_queue_enable=NO
update_motd=NO

Here is the unmodified NGINX config but with comments non displayed.

www # grep -v '#' /usr/local/etc/nginx/nginx.conf | grep '^[^#]'
worker_processes  1;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   /usr/local/www/nginx;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
    }
}

Here are the contents of the /usr/local/www/nginx/rhel-8.5 directory after copying here contents of RHEL 8.5 DVD.

www:~ # ls -l /usr/local/www/nginx/rhel-8.5/
total 71
-r--r--r--  1 root  wheel     60 Apr  6 21:34 .discinfo
-r--r--r--  1 root  wheel   1560 Apr  6 21:34 .treeinfo
dr-xr-xr-x  4 root  wheel      4 Apr  6 21:50 AppStream
dr-xr-xr-x  4 root  wheel      4 Apr  6 21:53 BaseOS
dr-xr-xr-x  3 root  wheel      3 Apr  6 21:53 EFI
-r--r--r--  1 root  wheel   8154 Apr  6 21:53 EULA
-r--r--r--  1 root  wheel  18092 Apr  6 21:53 GPL
-r--r--r--  1 root  wheel   1669 Apr  6 21:53 RPM-GPG-KEY-redhat-beta
-r--r--r--  1 root  wheel   5135 Apr  6 21:53 RPM-GPG-KEY-redhat-release
-r--r--r--  1 root  wheel   1796 Apr  6 21:53 TRANS.TBL
-r--r--r--  1 root  wheel   1455 Apr  6 21:53 extra_files.json
dr-xr-xr-x  3 root  wheel      6 Apr  6 21:54 images
dr-xr-xr-x  2 root  wheel     16 Apr  6 21:54 isolinux
-r--r--r--  1 root  wheel    103 Apr  6 21:54 media.repo

RHEL Client – kickme

Below you will find the RHEL machine that will be used for the automated Kickstart installation – also as seen on VirtualBox.

vm-kickme

To make that example more interesting (and more corporate) I added second NIC for the backup network – so we will also have to generate additional route for it in the Kickstart config.

The kickme RHEL machine needs to have two (2) CD-ROM drives. In the PRIMARY (the one to boot from) we will load the rhel-8.5-x86_64-boot.iso ISO file. In the SECONDARY one we will load our generated kickme.oemdrv.iso ISO file containing Kickstart config file.

Validate

There also exists pykickstart package which offers ksvalidator tool. Theoretically it allows you to make sure that your Kickstart config has proper syntax and that it would work – but only in theory. Here is what it RHEL documentation states about its accuracy.

rhel-ksvalidator

It means that you will not know if your Kickstart config will work until you really try it – thus I do not cared that much about this tool as is not available on FreeBSD.

Generation

Now to the most important part – Kickstart generation and ISO generation. Probably the easiest way to create new Kickstart config is to install ‘by hand’ new RHEL system under virtual machine and then take the generated by Anaconda /root/anaconda-ks.cfg file as a starting point. This is what I also did.

When you would like to install next host you will have to edit the hostname and IP addresses for next host in that Kickstart file – which seems not very convenient to say the least. In order to make that less PITA I created a kickstart.sh script that will read values from kickstart.config file and then put them into the kickstart.skel file that would be base for our future installations. Then the kickstart.sh will copy the generated Kickstart file and used Kickstart config with that hostname as a backup or for future reference – or for example for documentation purposes.

kickstart.config

Here is how such kickstart.config file looks like.

# cat kickstart.config
  SYSTEM_NAME=kickme
  REPO_SERVER_IP=10.0.10.210
  INTERFACE1=enp0s3
  IP_ADDRESS1=10.0.10.199
  NETMASK1=255.255.255.0
  INTERFACE2=enp0s8
  IP_ADDRESS2=10.0.90.199
  NETMASK2=255.255.255.0
  GATEWAY=10.0.10.1
  NAMESERVER1=1.1.1.1
  NAMESERVER2=9.9.9.9
  NTP1=132.163.97.6
  NTP2=216.239.35.0
  ROUTE_NET=10.0.40.10/24
  ROUTE_VIA=10.0.20.1

kickstart.skel

The kickstart.skel file is little longer – this is our barebone for the Kickstart configs.

# cat kickstart.skel
#version=RHEL8

# USE sda DISK
ignoredisk --only-use=sda

# CLEAR DISK PARTITIONS BEFORE INSTALL
clearpart --all --initlabel

# USE text INSTALL
text

# USE ONLINE INSTALLATION MEDIA
url --url=http://REPO_SERVER_IP/rhel-8.5/BaseOS --noverifyssl

# KEYBOARD LAYOUTS
keyboard --vckeymap=us --xlayouts='us','pl'

# LANGUAGE
lang en_US.UTF-8

# NETWORK INFORMATION
network --bootproto=static --device=INTERFACE1 --ip=IP_ADDRESS1 --netmask=NETMASK1 --gateway=GATEWAY --nameserver=NAMESERVER1,NAMESERVER2 --noipv6 --activate
network --bootproto=static --device=INTERFACE2 --ip=IP_ADDRESS2 --netmask=NETMASK2 --noipv6 --activate --onboot=on
network --hostname=SYSTEM_NAME

# REPOS
repo --name="AppStream" --baseurl=http://REPO_SERVER_IP/rhel-8.5/AppStream

# ROOT PASSWORD
rootpw --plaintext asd

# DISABLE Setup Agent ON FIRST BOOT
firstboot --disable

# DISABLE SELinux AND FIREWALL
selinux --disabled
firewall --disabled

# OMIT X11
skipx

# REBOOT AND EJECT BOOT MEDIUM
reboot --eject

# TIMEZONE
timezone Europe/Warsaw --isUtc --nontp

# PARTITIONS
part   /boot/efi --fstype="efi"   --size=600  --ondisk=sda --label=EFI  --fsoptions="umask=0077,shortname=winnt"
part   /boot     --fstype="xfs"   --size=1024 --ondisk=sda --label=BOOT --fsoptions="rw,noatime,nodiratime"
part   pv.475    --fstype="lvmpv" --size=1    --ondisk=sda --grow

# LVM
volgroup rootvg --pesize=4096 pv.475
logvol /         --fstype="xfs"   --size=1024 --name=root --label="ROOT" --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /usr      --fstype="xfs"   --size=5120 --name=usr  --label="USR"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /var      --fstype="xfs"   --size=3072 --name=var  --label="VAR"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /tmp      --fstype="xfs"   --size=1024 --name=tmp  --label="TMP"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /opt      --fstype="xfs"   --size=1024 --name=opt  --label="OPT"  --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol /home     --fstype="xfs"   --size=1024 --name=home --label="HOME" --vgname=rootvg --fsoptions="rw,noatime,nodiratime"
logvol swap      --fstype="swap"  --size=4096 --name=swap --label="SWAP" --vgname=rootvg

# RPM PACKAGES
%packages
@^minimal-environment
kexec-tools
nfs-utils
nfs4-acl-tools
perl
chrony
%end

# KDUMP
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end

# POST INSTALL COMMANDS TO EXECUTE
%post --log=/root/ks-post.log --interpreter=/usr/bin/bash

  # POST: route
  echo ROUTE_NET via ROUTE_VIA > /etc/sysconfig/network-scripts/route-INTERFACE2

  # POST: chrony CONFIG
  cat << TIME > /etc/chrony.conf
server NTP1 iburst
server NTP2 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
keyfile /etc/chrony.keys
leapsectz right/UTC
TIME

  # POST: chrony SERVICE
  systemctl enable chronyd

%end

# PASSWORD REQUIREMENTS
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

kickstart.sh

… and last but not least – the kickstart.sh script. It does not take any arguments – it just loads the kickstart.config file variables and then replaces all config options in kickstart.skel with sed(1) to generate new Kickstart file as files/${SYSTEM_NAME}.cfg file. It also copies that config into files/${SYSTEM_NAME}.config for convenience.

# cat kickstart.sh
#! /bin/sh

if [ ! -f kickstart.config ]
then
  echo "ERROR: file 'kickstart.config' not available"
  exit 1
fi

if [ ! -f kickstart.skel ]
then
  echo "ERROR: file 'kickstart.skel' not available"
  exit 1
fi

. "$( pwd )/kickstart.config"

mkdir -p files ksfloppy iso

cp kickstart.config files/${SYSTEM_NAME}.config

if [ ${?} -eq 0 ]
then
  echo "INFO: kickstart config copied to 'files/${SYSTEM_NAME}.config' location"
else
  echo "ERROR: could not copy config to 'files/${SYSTEM_NAME}.config' location"
  exit 1
fi

sed                                           \
  -e s@SYSTEM_NAME@${SYSTEM_NAME}@g           \
  -e s@SALT_MINION_NAME@${SALT_MINION_NAME}@g \
  -e s@SALT_MASTER_IP@${SALT_MASTER_IP}@g     \
  -e s@REPO_SERVER_IP@${REPO_SERVER_IP}@g     \
  -e s@RHEL_MAJOR@${RHEL_MAJOR}@g             \
  -e s@RHEL_VERSION@${RHEL_VERSION}@g         \
  -e s@RHEL_ARCH@${RHEL_ARCH}@g               \
  -e s@INTERFACE1@${INTERFACE1}@g             \
  -e s@IP_ADDRESS1@${IP_ADDRESS1}@g           \
  -e s@NETMASK1@${NETMASK1}@g                 \
  -e s@INTERFACE2@${INTERFACE2}@g             \
  -e s@IP_ADDRESS2@${IP_ADDRESS2}@g           \
  -e s@NETMASK2@${NETMASK2}@g                 \
  -e s@GATEWAY@${GATEWAY}@g                   \
  -e s@NAMESERVER1@${NAMESERVER1}@g           \
  -e s@NAMESERVER2@${NAMESERVER2}@g           \
  -e s@NTP1@${NTP1}@g                         \
  -e s@NTP2@${NTP2}@g                         \
  -e s@ROUTE_NET@${ROUTE_NET}@g               \
  -e s@ROUTE_VIA@${ROUTE_VIA}@g               \
  kickstart.skel > files/${SYSTEM_NAME}.cfg

if [ ${?} -eq 0 ]
then
  echo "INFO: kickstart file 'files/${SYSTEM_NAME}.cfg' generated"
else
  echo "ERROR: failed to generate 'files/${SYSTEM_NAME}.cfg' kickstart file"
  exit 1
fi

echo "INFO: mkisofs(8) output BEGIN"
echo "-----------------------------"

mkisofs -J -R -l -graft-points -V "OEMDRV" \
        -input-charset utf-8 \
        -o iso/${SYSTEM_NAME}.oemdrv.iso \
        ks.cfg=files/${SYSTEM_NAME}.cfg ksfloppy

echo "-----------------------------"
echo "INFO: mkisofs(8) output ENDED"

if [ ${?} -eq 0 ]
then
  echo "INFO: ISO image 'iso/${SYSTEM_NAME}.oemdrv.iso' generated"
else
  echo "ERROR: failed to generate 'iso/${SYSTEM_NAME}.oemdrv.iso' ISO image"
  exit 1
fi

ISO

It finishes its work in less then a second. Here is its output.

kickstart.sh

… and the generated ISO file.

# ls -lh iso/kickme.oemdrv.iso
-rw-r--r--  1 root  wheel   366K Apr 10 21:57 iso/kickme.oemdrv.iso

Result

Now – when you boot the kickme VirtualBox virtual machine with CD-ROM devices loaded you will end up with RHEL system installed according to your generated Kickstart config. Here are some files from the kickme RHEL installed system.

Filesystems with LABELs such as BOOT or VAR defined.

# lsblk -i -f
NAME            FSTYPE      LABEL UUID                                   MOUNTPOINT
sda
|-sda1          xfs         BOOT  b5c66ea5-b38a-4072-b1a8-0d5882ace179   /boot
|-sda2          vfat        EFI   BB7A-4BFD                              /boot/efi
`-sda3          LVM2_member       e9BwIq-4I2W-zX6y-As42-f9N2-WTTR-WfHKdC
  |-rootvg-root xfs         ROOT  dbf8dd30-51cc-408a-9d05-b1ae67c0637c   /
  |-rootvg-swap swap        SWAP  c8a016b5-f43d-4510-9703-e9c68f02ae64   [SWAP]
  |-rootvg-usr  xfs         USR   c6694796-a5bd-4833-9a6b-a740e8bf83bf   /usr
  |-rootvg-home xfs         HOME  5264afe6-5d9c-4dc3-9d8d-e19078864aea   /home
  |-rootvg-opt  xfs         OPT   039e9575-3af8-4a8b-95c0-54fb8a515f70   /opt
  |-rootvg-tmp  xfs         TMP   11709a48-a64f-4b93-86a3-e943ff9ecf01   /tmp
  `-rootvg-var  xfs         VAR   ed20343c-b915-4234-b13e-0c6c94e03edc   /var
sr0
sr1

The /etc/fstab file with rw,noatime,nodiratime mount options.

# grep '^[^#] /etc/fstab
/dev/mapper/rootvg-root /                       xfs     rw,noatime,nodiratime 0 0
UUID=b5c66ea5-b38a-4072-b1a8-0d5882ace179 /boot xfs     rw,noatime,nodiratime 0 0
UUID=BB7A-4BFD          /boot/efi               vfat    defaults,uid=0,gid=0,umask=077,shortname=winnt 0 2
/dev/mapper/rootvg-home /home                   xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-opt  /opt                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-tmp  /tmp                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-usr  /usr                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-var  /var                    xfs     rw,noatime,nodiratime 0 0
/dev/mapper/rootvg-swap none                    swap    defaults        0 0

Networking on two network interfaces and additional route generated.

# cat /etc/sysconfig/network-scripts/ifcfg-enp0s3
# Generated by parse-kickstart
TYPE=Ethernet
DEVICE=enp0s3
UUID=e1fddd41-f398-4c1d-8bef-e28ef705d568
ONBOOT=yes
IPADDR=10.0.10.199
NETMASK=255.255.255.0
GATEWAY=10.0.10.1
IPV6INIT=no
DNS1=1.1.1.1
DNS2=9.9.9.9
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME="System enp0s3"

# cat /etc/sysconfig/network-scripts/ifcfg-enp0s8
# Generated by parse-kickstart
TYPE=Ethernet
DEVICE=enp0s8
UUID=5454b587-8c29-41a7-93f8-532c814865de
ONBOOT=yes
IPADDR=10.0.90.199
NETMASK=255.255.255.0
IPV6INIT=no
PROXY_METHOD=none
BROWSER_ONLY=no
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME="System enp0s8"

# cat /etc/sysconfig/network-scripts/route-enp0s8
10.0.40.10/24 via 10.0.20.1

# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 1.1.1.1
nameserver 9.9.9.9

Alternatives

Its also possible to use the livemedia-creator from the lorax package … but I would omit it. To be honest I tried it – and it did not worked at all. I started the following process … and it run for more then a DAY and produced NOTHING.

# livemedia-creator \
    --make-iso \
    --ram 4096 \
    --vcpus 4 \
    --iso=/mnt/rhel-8.5-x86_64-boot.iso \
    --ks=/mnt/mykick.cfg

The log file for the operation was also EMPTY. At least that was the run when using the virt-install option with creating everything under virtual machine. This also intrigue me a lot. Why use virtual machines just to create installation media? Its just a bunch of files. There are better options available such as chroot(8) for example … or even so glorified containers such as Docker or Podman. Why use fully fledged virtual machine just to create ISO image? This is a big mystery for me.

Seems that livemedia-creator also has --no-virt option available … but as documentation states – it can “render the entire system unusable” – not very production ready solution for my taste. Below is a screenshot from the official RHEL documentation.

rhel-render

Pity that livemedia-creator did not worked for me – but I already have a working process for that.

Some people also suggested these as valuable alternatives:

Maybe some day I will find time to check them out.

Summary

I am not the best at summaries so I will just write here that the article has ended successfully πŸ™‚

Regards.

EOF

ZFS Compatibility

The best free filesystem on Earth – ZFS – also often named OpenZFS recently – has also become very portable in recent years of its development. The OpenZFS Distributions page lists 6 (six) operating systems already.

They are:

  • FreeBSD
  • Illumos
  • Linux
  • MacOS
  • NetBSD
  • Windows

… but if you would like to create a ZFS pool compatible with all of them … which options and ZFS features should you choose? There is OpenZFS Feature Flags page dedicated exactly to that topic.

zfs-feature-flags

These are the ones that have yes value in all operating systems.

  • async_destroy
  • bookmarks
  • empty_bpobj
  • enabled_txg
  • filesystem_limits
  • lz4_compress
  • hole_birth
  • multi_vdev_crash_dump
  • spacemap_histogram

I would also include these as only older NetBSD 4.0.5 version does not support them – but they are supported in newer NetBSD 5.3 version.

  • embedded_data
  • large_blocks
  • sha512
  • skein

There is also a dedicated zpool-features(7) man page for that information on the OpenZFS page and also zpool-features(7) man page on the FreeBSD page.

On the FreeBSD system the /usr/share/zfs/compatibility.d directory has files with supported ZFS Feature Flags for many major operating systems and ZFS versions.

% ls /usr/share/zfs/compatibility.d
2018
2019
2020
2021
compat-2018
compat-2019
compat-2020
compat-2021
freebsd-11.0
freebsd-11.1
freebsd-11.2
freebsd-11.3
freebsd-11.4
freebsd-12.0
freebsd-12.1
freebsd-12.2
freenas-11.0
freenas-11.1
freenas-11.2
freenas-11.3
freenas-9.10.2
grub2
openzfs-2.0-freebsd
openzfs-2.0-linux
openzfs-2.1-freebsd
openzfs-2.1-linux
openzfsonosx-1.7.0
openzfsonosx-1.8.1
openzfsonosx-1.9.3
openzfsonosx-1.9.4
truenas-12.0
ubuntu-18.04
ubuntu-20.04
zol-0.6.1
zol-0.6.4
zol-0.6.5
zol-0.7
zol-0.8

Unfortunately it misses NetBSD and Illumos systems for example … but having information from the OpenZFS Feature Flags page we can find Feature Flags set that will be supported everywhere.

Here are the stats for supported ZFS Feature Flags. The higher the number the more operating systems and ZFS version it covers.

% grep -h '^[^#]' /usr/share/zfs/compatibility.d/* \
    | sort -n \
    | uniq -c \
    | sort -n
   2 draid
   5 bookmark_written
   5 device_rebuild
   5 livelist
   5 log_spacemap
   5 redacted_datasets
   5 redaction_bookmarks
   5 zstd_compress
   9 allocation_classes
   9 bookmark_v2
   9 project_quota
   9 resilver_defer
  10 edonr
  10 encryption
  11 large_dnode
  11 userobj_accounting
  18 spacemap_v2
  20 device_removal
  20 obsolete_counts
  20 zpool_checkpoint
  31 sha512
  31 skein
  32 multi_vdev_crash_dump
  36 filesystem_limits
  36 large_blocks
  37 bookmarks
  37 embedded_data
  37 enabled_txg
  37 extensible_dataset
  37 hole_birth
  37 spacemap_histogram
  38 async_destroy
  38 empty_bpobj
  38 lz4_compress

As the GNU GRUB is very outdated when it comes to ZFS support it should be pretty bulletproof to use it as a starting point of limited ZFS Feature Flags support.

% cat /usr/share/zfs/compatibility.d/grub2
# Features which are supported by GRUB2
async_destroy
bookmarks
embedded_data
empty_bpobj
enabled_txg
extensible_dataset
filesystem_limits
hole_birth
large_blocks
lz4_compress
spacemap_histogram

To make sure we are compatible we will now cross-link the GNU GRUB data.

First we will ‘generate’ the grep(1) command arguments that we will use in the next command.

% grep '^[^#]' /usr/share/zfs/compatibility.d/grub2 \
  | while read I
    do
      echo "-e ' ${I}' \\"
    done
-e ' async_destroy' \
-e ' bookmarks' \
-e ' embedded_data' \
-e ' empty_bpobj' \
-e ' enabled_txg' \
-e ' extensible_dataset' \
-e ' filesystem_limits' \
-e ' hole_birth' \
-e ' large_blocks' \
-e ' lz4_compress' \
-e ' spacemap_histogram' \

Lets now use these arguments to filter the ZFS features.

% grep -h '^[^#]' /usr/share/zfs/compatibility.d/grub2/* \
    | sort -n \
    | uniq -c \
    | sort -n \
    | grep -e ' async_destroy' \
           -e ' bookmarks' \
           -e ' embedded_data' \
           -e ' empty_bpobj' \
           -e ' enabled_txg' \
           -e ' extensible_dataset' \
           -e ' filesystem_limits' \
           -e ' hole_birth' \
           -e ' large_blocks' \
           -e ' lz4_compress' \
           -e ' spacemap_histogram' \
    | wc -l
      11

% grep -h '^[^#]' /usr/share/zfs/compatibility.d/grub2 | wc -l
      11

So if seems that GRUB list of ZFS Feature Flags seems pretty compatible.

Lets now cross-reference that GRUB data with the data from the OpenZFS Feature Flags page.

I will create new /usr/share/zfs/compatibility.d/OZFF file that has these ZFS Feature Flags as content.

% cat /usr/share/zfs/compatibility.d/OZFF
async_destroy
bookmarks
empty_bpobj
enabled_txg
filesystem_limits
lz4_compress
hole_birth
multi_vdev_crash_dump
spacemap_histogram
embedded_data
large_blocks
sha512
skein

% wc -l /usr/share/zfs/compatibility.d/OZFF
      13

So there are 11 GRUB ZFS Feature Flags and 13 OpenZFS ‘Compatible’ Feature Flags.

Lets see how it they compare.

% cat /usr/share/zfs/compatibility.d/OZFF \
    | grep -e async_destroy \
           -e bookmarks \
           -e embedded_data \
           -e empty_bpobj \
           -e enabled_txg \
           -e extensible_dataset \
           -e filesystem_limits \
           -e hole_birth \
           -e large_blocks \
           -e lz4_compress \
           -e spacemap_histogram \
    | wc -l
      10

I expected 11 here instead of 10 … we will not have to compare GRUB results to the OpenZFS Feature Flags section.

% grep -h '^[^#]' /usr/share/zfs/compatibility.d/{grub2,OZFF} \
    | sort -n \
    | uniq -c \
    | sort -n
   1 extensible_dataset
   1 multi_vdev_crash_dump
   1 sha512
   1 skein
   2 async_destroy
   2 bookmarks
   2 embedded_data
   2 empty_bpobj
   2 enabled_txg
   2 filesystem_limits
   2 hole_birth
   2 large_blocks
   2 lz4_compress
   2 spacemap_histogram

Seems that we finally got our 10 most compatible OpenZFS Feature Flags set.

Its this set:

  • async_destroy
  • bookmarks
  • embedded_data
  • empty_bpobj
  • enabled_txg
  • filesystem_limits
  • hole_birth
  • large_blocks
  • lz4_compress
  • spacemap_histogram

To make it more comfortable to use we will put them it into the separate /usr/share/zfs/compatibility.d/COMPATIBLE file.

# cat /usr/share/zfs/compatibility.d/COMPATIBLE
async_destroy
bookmarks
embedded_data
empty_bpobj
enabled_txg
filesystem_limits
hole_birth
large_blocks
lz4_compress
spacemap_histogram

Lets now try to make that best effort most-compatible ZFS pool.

I will use one of my scripts – mdconfig.sh – to easy manipulate md(4) memory disks on FreeBSD.

# truncate -s 1g FILE
# mdconfig.sh -c FILE
IN: created vnode at /dev/md0
# zpool create -o compatibility=COMPATIBLE compatible /dev/md0
# zpool list
NAME         SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP    HEALTH  ALTROOT
compatible   960M   116K   960M        -         -     0%     0%  1.00x    ONLINE  -
zroot        118G  48.6G  69.4G        -         -    36%    41%  1.00x    ONLINE  -


Now lets see what is zpool upgrade command showing us.

# zpool upgrade
This system supports ZFS pool feature flags.

All pools are formatted using feature flags.


Some supported features are not enabled on the following pools. Once a
feature is enabled the pool may become incompatible with software
that does not support the feature. See zpool-features(7) for details.

Note that the pool 'compatibility' feature can be used to inhibit
feature upgrades.

POOL  FEATURE
---------------
compatible
      multi_vdev_crash_dump
      large_dnode
      sha512
      skein
      userobj_accounting
      encryption
      project_quota
      device_removal
      obsolete_counts
      zpool_checkpoint
      spacemap_v2
      allocation_classes
      resilver_defer
      bookmark_v2
      redaction_bookmarks
      redacted_datasets
      bookmark_written
      log_spacemap
      livelist
      device_rebuild
      zstd_compress
      draid
zroot
      userobj_accounting
      encryption
      project_quota
      allocation_classes
      resilver_defer
      bookmark_v2
      redaction_bookmarks
      redacted_datasets
      bookmark_written
      log_spacemap
      livelist
      device_rebuild
      zstd_compress
      draid

There are LOTS of ZFS Feature Flags to be activated but if we want to have our ZFS pool keep compatible – we will have to stay away from it πŸ™‚

zfs-terminal

You may get impression that you miss a lot … but you do not miss that much. Here are the ZFS Feature Flags you can fully utilize.

# zpool get all compatible | grep -v disabled
NAME        PROPERTY                       VALUE                          SOURCE
compatible  size                           960M                           -
compatible  capacity                       0%                             -
compatible  altroot                        -                              default
compatible  health                         ONLINE                         -
compatible  guid                           5395735446052695775            -
compatible  version                        -                              default
compatible  bootfs                         -                              default
compatible  delegation                     on                             default
compatible  autoreplace                    off                            default
compatible  cachefile                      -                              default
compatible  failmode                       wait                           default
compatible  listsnapshots                  off                            default
compatible  autoexpand                     off                            default
compatible  dedupratio                     1.00x                          -
compatible  free                           960M                           -
compatible  allocated                      116K                           -
compatible  readonly                       off                            -
compatible  ashift                         0                              default
compatible  comment                        -                              default
compatible  expandsize                     -                              -
compatible  freeing                        0                              -
compatible  fragmentation                  0%                             -
compatible  leaked                         0                              -
compatible  multihost                      off                            default
compatible  checkpoint                     -                              -
compatible  load_guid                      17463015630652190527           -
compatible  autotrim                       off                            default
compatible  compatibility                  COMPATIBLE                     local
compatible  feature@async_destroy          enabled                        local
compatible  feature@empty_bpobj            enabled                        local
compatible  feature@lz4_compress           active                         local
compatible  feature@spacemap_histogram     active                         local
compatible  feature@enabled_txg            active                         local
compatible  feature@hole_birth             active                         local
compatible  feature@extensible_dataset     enabled                        local
compatible  feature@embedded_data          active                         local
compatible  feature@bookmarks              enabled                        local
compatible  feature@filesystem_limits      enabled                        local
compatible  feature@large_blocks           enabled                        local

You get the very decent LZ4 compression and also ZFS Bookmarks feature which are very useful feature for sync|recv mechanism.

Keep in mind that the -o compatibility= switch for zpool(8) is available on OpenZFS 2.1 or newer. The 2.1 version is already available on the FreeBSD 13.1-BETA* releases and will be part of the FreeBSD 13.1-RELEASE systems. To make use of it on older FreeBSD releases you will have to use openzfs and openzfs-kmod packages and also use the following settings in the /boot/loader.conf file.

From that one:

zfs_load=YES

Into that one:

zfs_load=NO
openzfs_load=YES

With these openzfs and openzfs-kmod packages and above settings in the /boot/loader.conf file you can use this OpenZFS 2.1 on FreeBSD 12.2 – on FreeBSD 12.3 – and on FreeBSD 13.0 … and of course on upcoming FreeBSD 13.1 release.

Not sure if I should have add anything more here. Feel free to remind me in the commends πŸ™‚

EOF

ZFS Boot Environments Revolutions

I do not have to remind you that I am a big fan of ZFS Boot Environments feature. From the time when I first used it on OpenSolaris and Solaris systems I was really fascinated by it. Bulletproof upgrades and changes to entire system … and it was possible more then decade ago. Like a Dream. Today with beadm(8) and bectl(8) tools and also the FreeBSD loader(8) the ZFS Boot Environments are first class and one of the main features of the FreeBSD operating system.

Back in the more ‘normal’ times (before C19) I was able to talk two times about ZFS Boot Environments. I hope I explained them well.

  • 1st in Poland at PBUG meeting – with presentation available HERE.
  • 2nd in Holland at NLUUG conference – with presentation available HERE.

I do not know any downsides of ZFS Boot Environments but if you would stick a gun into my head and make me find one – I would say that you still have to reboot(8) to change to the other BE. This is about to change …

Reroot Instead Reboot

What is reroot? Its the ability to switch to other root filesystem without the need for full system reboot. The loaded and running kernel stays the same of course – but this is the only downside. This feature is implemented in the reboot(8) command with -r argument.

As we can read in the FreeBSD 10.3-RELEASE Release Notes page:

The initial implementation of “reroot” support has been added to the reboot(8) utility, allowing the root filesystem to be mounted from a temporary source filesystem without requiring a full system reboot. (r293744) (Sponsored by The FreeBSD Foundation)

How can reroot be useful here? It will save you a lot of time when you did not updated the kernel. There are two types of update strategies when using the ZFS Boot Environments. You can create new BE (as a backup world that you can get back to) and update the running system. Then you can use checkrestart(1) to verify which processes should be restarted because either binaries or libraries has been updated.

checkrestart.1

The other way was to create new separate BE (while not touching the running one) and then mount it and update that new BE and reboot into it later. This created a need to reboot(8) but not anymore. Especially when you just update the packages with pkg(8) command.

beadm(8)

With the new reroot option of beadm(8) you will tell FreeBSD to reroot your running kernel into specified BE. It will definitely have less impact in virtual machines as they reboot quite fast but imagine saved time on a server class physical machine with about 10 minutes lost for BIOS POST messages and initialization … or personal desktop/laptop GELI encrypted system without the need to type in again the GELI password to decrypt it after reboot.

beadm.reroot

On the screenshot above I use the latest FreeBSD 13.1-BETA1 but it works the same on other production FreeBSD releases such as 12.3-RELEASE or 13.0-RELEASE. The new upgraded beadm(8) is available from its home at GitHub page here:

I will add that updated version to the FreeBSD Ports tree later along with updated man page later.

Usage

Usage of this new feature is quite simple. You type beadm reroot BENAME in the terminal and FreeBSD reroots into that BE without reboot. Takes about 9-10 seconds on my 11 years old ThinkPad W520 so it may be even faster on your more up to date system.

# beadm list
BE        Active Mountpoint  Space Created
12.3      -      -            9.5G 2021-10-18 13:14
13.0.p6   -      -           13.9G 2022-01-27 11:07
13.0      -      -           12.9G 2022-03-05 15:02
13.0.safe -      -            2.8M 2022-03-08 14:54
13.1      NR     /            9.5G 2022-03-12 00:18
13.1.safe -      -          544.0M 2022-03-13 23:18

# beadm activate 13.1.safe
Activated successfully

# beadm reroot 13.1.safe

… and you are going the route similar to typing shutdown now on a running system. All services are stopped. Then root is changed to new one. Then system continues to boot along with starting all its services as usual. Just without the BIOS POST and the bootloader and kernel parts.

The reroot feature is especially useful in one of these scenarios:

From what I know the bectl(8) does not has that reroot feature but maybe it will be added to it somewhere in the future.

Summary

Not sure that ZFS Boot Environments Revolutions is the best title for this blog post, but as I used Reloaded on my 2nd ZFS Boot Environments presentation I though that sticking to The Matrix (1999) schema. I could of course do 3rd and updated presentation … but I am afraid that it will not happen … or at least not soon.

I did not thought that the FreeBSD Enterprise Storage presentation that I gave at 2020/02 PBUG would be my last – it was more then 2 years ago.

EOF

Sensors Information on FreeBSD

I remember vigorous discussions that were taken several years ago about monitoring hardware sensors on FreeBSD system. Back then I never really needed them. Not that I need them now but I recently got to know the sensors(1) command on Linux. Without any arguments it just prints the available sensors data on the screen and exits. Like example output from ThinkPad T14 laptop.

RHEL % sensors
coretemp-isa-0000
Adapter: ISA adapter
Package id 0:  +51.0Β°C  (high = +100.0Β°C, crit = +100.0Β°C)
Core 0:        +49.0Β°C  (high = +100.0Β°C, crit = +100.0Β°C)
Core 1:        +50.0Β°C  (high = +100.0Β°C, crit = +100.0Β°C)
Core 2:        +51.0Β°C  (high = +100.0Β°C, crit = +100.0Β°C)
Core 3:        +49.0Β°C  (high = +100.0Β°C, crit = +100.0Β°C)

acpitz-virtual-0
Adapter: Virtual device
temp1:        +54.0Β°C  (crit = +128.0Β°C)

iwlwifi_1-virtual-0
Adapter: Virtual device
temp1:        +54.0Β°C

thinkpad-isa-0000
Adapter: ISA adapter
fan1:        2873 RPM

Nothing spectacular to be honest – but also a nice single place to check all temperatures instead of filtering endless sysctl(8) output.

The FreeBSD framework was known as bsdhwmon name and last available version is from somewhere in 2015. Its even available in the FreeBSD packages and I tried to install it and use.

FreeBSD # pkg search hwmon
bsdhwmon-20151206              Hardware sensor monitoring utility for FreeBSD

FreeBSD # pkg install -y bsdhwmon
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 1 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        bsdhwmon: 20151206

Number of packages to be installed: 1

12 KiB to be downloaded.

[1/1] Fetching bsdhwmon-20151206.pkg: 100%   12 KiB  12.0kB/s    00:01
Checking integrity... done (0 conflicting)
[1/1] Installing bsdhwmon-20151206...
[1/1] Extracting bsdhwmon-20151206: 100%

FreeBSD # pkg info -l bsdhwmon-20151206
bsdhwmon-20151206:
        /usr/local/man/man8/bsdhwmon.8.gz
        /usr/local/sbin/bsdhwmon
        /usr/local/share/licenses/bsdhwmon-20151206/BSD2CLAUSE
        /usr/local/share/licenses/bsdhwmon-20151206/LICENSE
        /usr/local/share/licenses/bsdhwmon-20151206/catalog.mk

FreeBSD # /usr/local/sbin/bsdhwmon
Your motherboard does not appear to be supported.  Please visit
https://github.com/koitsu/bsdhwmon to see if support for your motherboard
and/or system is under development.

I do not want to be harsh but not very useful. I expected at least something … anything. Seems that the project is dead for 7 years not without a reason.

I checked what is already available in several places of the FreeBSD system that may be used as data source to create something similar to the sensors(1) command. I started with sysctl(8) output and later went to smartctl(8) command from the smartmontools package. This data was more then enough to start with something.

Meet the first version of small sensors.sh script that gathers all these data sources and prints them all on screen.

sensors.code

Below you will find output from my elderly ThinkPad W520 laptop.

FreeBSD # sensors.sh

            BATTERY/AC/TIME/FAN/SPEED
 ------------------------------------
                       hw.acpi.acline: 1
                 hw.acpi.battery.time: 274
                 hw.acpi.battery.life: 99
                hw.acpi.cpu.cx_lowest: C1
                   dev.acpi_ibm.0.fan: 0
             dev.acpi_ibm.0.fan_level: 0
             dev.acpi_ibm.0.fan_speed: 2454

                  SYSTEM/TEMPERATURES
 ------------------------------------
      hw.acpi.thermal.tz0.temperature: 48.1C
                dev.cpu.7.temperature: 47.0C
                dev.cpu.6.temperature: 47.0C
                dev.cpu.5.temperature: 46.0C
                dev.cpu.4.temperature: 47.0C
                dev.cpu.3.temperature: 46.0C
                dev.cpu.2.temperature: 47.0C
                dev.cpu.1.temperature: 48.0C
                dev.cpu.0.temperature: 48.0C

                   DISKS/TEMPERATURES
 ------------------------------------
   smart.ada0.airflow_temperature_cel: 36.0C

Another example output from my home NAS with two 5TB SATA disks – Silent Fanless FreeBSD Server – described here more.

FreeBSD # sensors.sh

            BATTERY/AC/TIME/FAN/SPEED
 ------------------------------------
                hw.acpi.cpu.cx_lowest: C1

                  SYSTEM/TEMPERATURES
 ------------------------------------
      hw.acpi.thermal.tz0.temperature: 26.9C
                dev.cpu.3.temperature: 50.0C
                dev.cpu.2.temperature: 50.0C
                dev.cpu.1.temperature: 48.0C
                dev.cpu.0.temperature: 49.0C

                   DISKS/TEMPERATURES
 ------------------------------------
   smart.ada1.airflow_temperature_cel: 33.0C
       smart.ada1.temperature_celsius: 33.0C
   smart.ada0.airflow_temperature_cel: 33.0C
       smart.ada0.temperature_celsius: 33.0C

You can grab it from my scripts site – sensors.sh – I did not created separate GitHub page for it.

It comes with some simple builtin help message that I think explains everything.

sensors.help

Please check how it works on your system and let me know if it would be useful to add something more to it. As I not so long ago changed employer to the one that uses SLES and RHEL systems I can not test it on physical FreeBSD servers. Not that my earlier employer would be a huge help here as only several physical machines were FreeBSD based – but at least they were the biggest ones – FreeBSD Enterprise 1 PB Storage – you can read about these here. I also made a PBUG presentation later partially about that machine. You can find it – FreeBSD Enterprise Storage at PBUG – here.

UPDATE 1 – Screenshot After Updates

Many people suggested and submitted some interesting updates to the – sensors.sh – script – thank you for that. The script remains in the same place but here is how it looks and behave now.

sensors.update.1

EOF.

XFCE Cupertino Way

I really like GhostBSD … and NomadBSD. They are really great graphical and easy to use FreeBSD variants for the lack of better word. While NomadBSD is more focused on portable USB pendrive edition the GhostBSD is more like a Ubuntu replacement. Install and use on your laptop or desktop computer. It comes in two flavors – the default MATE edition and an alternative XFCE edition.

One of the things I really like about Ubuntu MATE edition is that it comes with desktop layout helper tool that will allow you to select one of the available predefined MATE desktop layouts.

ubuntu-mate-desktop-layout

From all of the available ones I like the ‘Cupertino’ one the most – its tries to mimic the Apple Mac OS X operating system behavior with global menu on top and Plank dock at the bottom … and it does it really well.

ubuntu-mate-cupertino

I wanted to do something similar on GhostBSD but unfortunately the Vala Panel Application Menu for MATE desktop environment is not available for FreeBSD (and that means its also not available for GhostBSD). Fortunately the XFCE global menu is available on FreeBSD as x11/xfce4-appmenu-plugin package so I will try to make GhostBSD look more like Ubuntu Mate in its Cupertino layout with several easy steps.

By default GhostBSD XFCE edition comes with single XFCE panel at the bottom. I have done pretty straightforward installation with fish(1) shell chosen as default during installation.

ghostbsd-xfce-default

Fonts

By default GhostBSD comes with 96 DPI set by the installer. Lets change that to something smaller. Start the Appearance application.

xfce-appearance

Now set the desired settings for the fonts on the Fonts tab. After some checks the 80 DPI along with Hinting set to None looked best. I also switched to the Ubuntu font.

xfce-fonts

ZSH Shell and Terminal

While the fish(1) shell is quite decent interactive shell with sane defaults I really prefer the POSIX syntax compatible zsh(1) shell instead. I talked more about that in my Ghost in the Shell – Part 7 – ZSH Setup article.

I will not repeat everything I wrote there and I will just paste the instructions here to make that zsh(1) shell configured and nice looking.

root # pkg install -y \
         zsh \
         zsh-autosuggestions \
         zsh-syntax-highlighting \
         ubuntu-font

root # fetch -o /usr/local/etc/zshrc https://raw.githubusercontent.com/vermaden/scripts/master/zshrc

user % fetch -o ~/.zshrc             https://raw.githubusercontent.com/vermaden/scripts/master/DOT.zshrc

user % fetch -o ~/.zshrc.DOAS.SUDO   https://raw.githubusercontent.com/vermaden/scripts/master/DOT.zshrc.DOAS.SUDO

user % chsh -s /usr/local/bin/zsh

user % fc-cache -f

As we are at the terminal related things enable Solarized (Dark) theme in the XFCE Terminal options.

terminal-theme

… and change font to Ubuntu Mono with your preferred size.

teminal-font

Now you have the zsh(1) shell configured and set as your default shell. Also the XFCE Terminal looks better now. Some settings will require logout and login route but I recommend something different. Go through all these setting and then do just one single reboot or logout/login routing.

zsh-ready

XFCE Global Menu

I though that XFCE global menu is – same as MATE one – not available on FreeBSD. Fortunately Joel Carnat with its FreeBSD 13 on ThinkPad T460s article proved me wrong. He even added the instructions to his guide – for which I am very thankful to him.

To get XFCE global menu on FreeBSD (and GhostBSD) we need to do these steps.

root # pkg install -y xfce4-appmenu-plugin

user % xfconf-query -c xsettings -p /Gtk/ShellShowsMenubar -n -t bool -s true

user % xfconf-query -c xsettings -p /Gtk/ShellShowsAppmenu -n -t bool -s true

user % xfconf-query -c xsettings -p /Gtk/Modules -n -t string -s appmenu-gtk-module

Now we will be able to add the XFCE AppMenu Plugin to our top panel.

xfce-appmenu-plugin

We need to now move the XFCE panel from bottom to the top. Go into the Panel Preferences as shown below and move it.

xfce-panel-move-top

After moving it to the top and enabling the Lock Panel option add/remove the Items to match this list below. Feel free to also add other items that you need.

xfce-top-panel-items

To make the XFCE AppMenu Plugin look even better enable Bold Application Name in its Preferences dialog.

xfce-appmenu-bold

As for the Whisker Menu left only icon enabled to display to make it look better.

whisker-icon

The XFCE AppMenu Plugin should be now ready and the top panel should look somewhat like that.

xfce-global-menu-short

You can also customize the DateTime plugin to your needs.

xfce-datetime

Window Manager

The Window Manager settings are not controlled by the Appearance application. It has its own separate one. Lets start it.

xfce-window-manager

We will also set the Ubuntu font here.

Groups

Make sure your user (vuk in this guide) is in below groups.

root # pw groupmod wheel    -m vuk
root # pw groupmod operator -m vuk
root # pw groupmod video    -m vuk
root # pw groupmod network  -m vuk

You can omit the network group if you do not intend to use network.sh to manage your network connections.

Plank

As the last step we will add the Plank dock at the bottom.

root # pkg install -y plank

user % plank &

user % plank --preferences

You should see something like that on the bottom of your screen.

xfce-plank-bottom

The Plank preferences are shown below.

xfce-plank-preferences

Make sure to add Plank to Startup so it will start automatically at each login.

xfce-plank-startup

Result

After all these steps our GhostBSD looks more or less like that now.

xfce-ghostbsd

Plain FreeBSD Way

Some people will prefer to stick to the ‘original’ FreeBSD instead of using preconfigured GhostBSD. This last section is for them. First install FreeBSD like described HERE. Then install these packages shown below.

root # pkg install -y exa ubuntu-font xfce xfce4-appmenu-plugin xorg-minimal

user % echo '. /usr/local/etc/xdg/xfce4/xinitrc' > ~/.xinitrc

user % xintrc

Now having done the above do all the steps from that article.

The end result seems quite similar.

xfce-freebsd

You may even want to replace Plank with another bottom XFCE Panel if you want.

xfce-freebsd-pkg-prime

Viola! You have XFCE configured on plain FreeBSD. One thing to keep in mind is that besides XFCE you have nothing more πŸ™‚ Using GhostBSD method all other things are configured. With plain FreeBSD way you have no device automounting. No network plugin in the taskbar. No power management tuning. No other applications. Nothing. But you can all do it yourself using the needed articles from the FreeBSD Desktop series or other sources.

One last thing. I really appreciate that GhostBSD exists and is actively maintained and expanded – this guide is not here to make it look bad. Its here to make it better.

Regards.

Epitaph to Laptops

This article was in my ‘TODO’ list since almost start of this blog several years ago. Usually I try to focus on positive side of things but this article is one way highway quite the opposite way. If you do not want do lose your good attitude then please do not read further. Nothing good awaits you at the end for you unfortunately. The song of King Crimson – Epitaph is appropriate tune here. You have been warned.

Naive

When I was younger I though that World only gets better. Things are improved. People live better and longer. Cars broke less frequently and need less maintenance. Computers not only go faster and draw less power but they become more usable and allow people to be more productive because of new features introduced.

Unfortunately it’s not true. Some things are improving but other get forgotten or get worse. Depending on the current geopolitical situation people live better or worse. Cars are more complicated then ever so they broke more and are now also often disturbed by software and firmware updates – not to mention bugs and security issues. It’s harder today to find a car (even used one) that is reliable, cheap in maintenance and also with engine not crippled by for example EURO 7 regulations enforced by EU. Computers are faster … or at least they have more CPU cores and draw some less power but one thing in computing went entirely wrong way.

Laptops

It’s not about their CPUs or RAM. Screens also got better – they are brighter then ever – and FullHD 1920×1080 resolution finally become the standard. Some manufacturers went even further with 16:10 or even 3:2 screen ratios. Larger touchpads with support for multi touch and gestures are also very often and welcome. There is however one aspect that ALL laptop manufacturers got entirely wrong.

Keyboards

The first laptop I got was Dell Latitude C600.

0THIS-dell-c600-mod-freebsd

With its 7-row keyboard and functional INS/DEL HOME/END PGUP/PGDN layout at the top right side probably fixed me for life.

0THIS-dell-c600-keyboard

This is the most important fragment I am talking about.

0THIS-INS-DEL

It was so obvious for me that it was there – providing standard cursor position manipulation without taking all the space that a TKL (tenkeyless) keyboard takes. Its 1024×768 screen resolution may seem very ancient today but it was higher then the default consensus at 800×600 one back then.

Besides the great keyboard that Dell laptop also provided other useful feature – modularity. It had two universal bays for things like:

  • batteries
  • CD-ROM or CD-RW drive
  • floppy drive

You could put two batteries to maximize battery power or put CD-RW drive instead of battery to get other functionality. The two batteries also meant that you could run this laptop as long as you want if you only had enough charged batteries. This was available almost two decades ago. 19 years to be precise. My currently favorite FreeBSD operating system also run well on it with Fluxbox on X11 display server.

In that time many laptop manufacturers provided both more productive 7-row keyboard and modularity … or at least business oriented ones … even with SUN SPARC or IBM POWER CPUs. The IBM RS-6000 POWERbook is shown below.

0THIS-IBM-RS-6000-601

… and the Tadpole SPARCbook also.

0THIS-Tadpole-SPARCbook

Several years later I went for upgrade and got the Dell Latitude D630 laptop with successful Intel Core 2 Duo CPU and 1400×900 screen which provided so much more screen space and flexibility.

0THIS-dell-d630-freebsd

Besides the obvious 7-row keyboard its creators got great idea that extended main battery would extend in the front of the laptop instead of the back. That had two implications. First – you got a lot of usable ports at the back. Second – you got additional elegant palm rest on the front. Both Dell D630 batteries shown below.

0THIS-dell-d630-battery

Besides this ‘frontal’ idea it also had universal UltraBay slot on the side which similarly to the earlier Dell C600 allowed one of the following accessories:

  • CD-RW or DVD-RW drive
  • additional bay battery

Thanks to that you could extend the battery life of your laptop to about 8 hours … even on FreeBSD with its limited power management back then. You could also get additional batteries to work as long as you like of course. It was introduced in 2007. I even run OpenSolaris on that laptop for some time and all hardware was fully supported. The only problem OpenSolaris had back then is the same one as OpenIndiana has now. Very small amount of packages of additional software. Back then FreeBSD provided most software that was available on Linux but OpenSolaris was in its own limited league. I really liked OpenSolaris WiFi management with dladm(1M) tho.

After some time my attention went into revolutionary Lenovo ThinkPad X300 with custom low power Core 2 Duo L7100 CPU designed by Intel only for this model.

0THIS-thinkpad-x300

It was as thin and light as Apple MacBook Air while providing same functionality and modularity as other Latitude and ThinkPad laptops. Same as my previous laptop it had ‘main’ and ‘additional’ battery interchangeable with the DVD-RW drive. It had awesome speakers. Never had THAT GOOD speakers in laptop again as they were ThinkPad X300.

After I started my work at new employer I got Dell Latitude E6400 so Lenovo ThinkPad X300 became kinda redundant.

0THIS-dell-e6400-freebsd

That Dell was NOT as sturdy or reliable as magnesium body Dell D630 but it had the most important feature – the oldschool 7-row keyboard.

Life went by and some time later I needed to take a look at something newer. At my work I got myself in the position of being responsible for selection of a laptop that would be successor for the Dell Latitude E6400 that we had. After checking what is available I frighted for Lenovo ThinkPad W520 back then … and I even succeeded … and failed at the same time.

0THIS-task-failed

I got approval for my choice for entire department … but the corporate process to make it happening took so long that Lenovo stopped offering ThinkPad W520 and started shipping its successor ThinkPad W530. I was really sad by that fact – the ThinkPad W530 was the first Lenovo laptop with new ‘island’ type keyboard instead of the classic 7-row keyboard.

0THIS-thinkpad-w530-freebsd

The so much appreciated and needed INS/DEL HOME/END PGUP/PGDN block was gone … forever. I thought that maybe the World is ‘right’ and I am ‘wrong’. For the next 3 years I have tried to ‘migrate’ mentally with my ‘muscle memory’ to the new island keyboard layout … unsuccessfully. The only thing that went well was … ThinkPad W530 warranty keyboard replacement because the key with letter ‘E’ failed and fell off.

It was obvious for me that I need to get other laptop – a one with 7-row keyboard layout. Today I would probably just reflash the ThinkPad W530 Embedded Controller with custom firmware written by Hamish Coleman and put there ThinkPad W520 keyboard there but that option was not available back then. I also encourage you to watch the Hamish Coleman speech My Personal Fight Against the Modern Laptop from 2017.

After checking what laptops the World has to offer … I was disappointed. Since 2012 not a single laptop manufacturer offered a laptop with 7-row keyboard. Zero. Nada. Zip. None. I decided to take a look in the past instead. The last Dell Latitude models that got the 7-row keyboard were E6410 for 14″ or 6510 for 15″ screen – were introduced in 2010. Lenovo with its X220/T420/T420s/T520/W520 lineup were from 2011 – survived a year longer. As I got used to 14 inches I opted for ThinkPad T420s (slimmer and lighter ThinkPad T420 version).

0THIS-T420s

With its 1600×900 screen and also my usual two batteries setup (with one being placed in the UltraBay) It was pleasure to use (and carry as it was quite light also).

In the mean time it was needed for me to pick up newer laptop at my employee. Knowing what market has to offer I only wanted the laptop to be light and small and that it should have FullHD 1920×1080 resolution screen … and my demands were met. I got Dell Latitude E7280 laptop … with GLARE touch capable FullHD screen. Great …

0THIS-dell-E7280-laptop

As you can see it was running Windows and my ex-company policy was very simple here. Windows or GTFO. For the first several years – when my ex-company was not that big I was able to work more productive with FreeBSD on that ThinkPad W530. Unfortunately that ex-employer grown to the ‘corporation’ level too much and that ruined many things. After having ThinkPad W530 I did not expected much from new Dell but it got my disappointment to a whole new level. Take a look at the top right part of its keyboard.

0THIS-dell-E7280-keyboard

Besides the fact that INSERT key is ‘shared under the F12 button and I need to use now the FN key to send it each time is another level of PITA … but placing the keyboard shortcut to DISABLE WIFI one key next really got me pissed. I do not have to tell you how many times instead if just pressing INSERT key I disconnected my WiFi card which also meant disconnecting VPN and all the tasks that I had in place … not to mention how much time it takes to first reconnect WiFi and then to reconnect again to the VPN … but the next key to the right is SUSPEND – which I also got several times while only trying to use INSERT. Awesome. Even better. Also – did you notice where is the POWER button? Yes – I also lost part of my work several times because of that. Probably Dell Latitude E7280 was my worst laptop experience.

Some may wonder why I use INSERT so much? I got used to copy-paste with SHIFT-INSERT and CTRL-SHIFT-INSERT shortcuts – this is the guilty one I suppose.

Some time later – as size and weight was not an issue – the larger FullHD 1920×1080 screen equipped ThinkPad T520 laptop got my attention. I did not needed the dedicated graphics card of ThinkPad W520 but there were two drawbacks comparing to ThinkPad W520. Four physical CPU cores and USB 3.0 ports. With current JavaScript overblown web pages World I welcome the fact that ThinkPad W520 can hold 32 GB of RAM. It was huge amount in 2011 when it was released and it is more then enough now. As you probably guessed I got the ThinkPad W520 laptop.

0THIS-w520-freebsd

It was the best upgrade ever. After replacing the thermal paste as described in my older Classic ThinkPad Thermal Paste Change article I finally felt like at home again. Its not possible to add additional battery into the UltraBay slot as only DVD-RW or SATA HDD caddy are allowed – but with extended battery I get about 5+ hours of battery time – more then needed.

Fast forward to today … I am running 11 years old ThinkPad W520 laptop and looking at what is available – I do not see any perspectives on what could be my next daily driver. All manufacturers decided to abandon the productive 7-row keyboard in order to sell ‘island’ type keyboard equipped laptops. Some of them even went completely insane as they now add a POWER button on the top right keyboard key. Insanity.

0THIS-POWER-button

The only thing a reasonable user can do is to disable it in the software to not accidentally lost its work.

For some time I believed that Lenovo would make something more from its Retro ThinkPad initiative that allowed ThinkPad 25th Anniversary Edition to see the light of day … but that also not happened.

0THIS-thinkpad-T25

This slightly modified ThinkPad T470 had dull dark FullHD screen and only one version available. It was also produced in only 5000 pieces … worldwide. It was in 2017 and fast forward 5 years nothing more has happened as we are in 2022 now. Also because only 5000 of them were created its almost impossible to get a used one.

Some people took the matters in their hands and started to make their own modern and modified ThinkPad variations. The most known ones are ThinkPad T62 and ThinkPad X330 with replaced high resolution screens and sometimes even thin bevels along with new hardware underneath of course.

Even today the ThinkPad W520 is quite fast machine. The FreeBSD kernel compilation takes about 600 seconds. On the fresh brand new System76 laptop with also 4 core Intel i7-1165G7 CPU and same 32 GB RAM it takes 300 seconds. Keeping in mind that there are 11 years between these laptops this does not seem that much to be honest.

About quarter ago I changed my employer and got new business laptop – the brand new ThinkPad T14 GEN 1 one.

0THIS-T14-screen

It has the same keyboard layout as ThinkPad W530 which is kinda good remembering how fucked up was the Dell Latitude E7280. The biggest issue with these keyboards (T14/W530) is the lack of empty space between ESC and F1 keys. If you switch desktops with ALT-F1 to ALT-F4 keys then you need to ‘waste’ some more time to make sure you are not doing the ALT-ESC shortcut which is for something entirely else. Its also good to be back on X11 as my new employer allows you to choose RHEL instead of Windows.

Back to ‘personal’ laptops – if my ThinkPad W520 would break I would just get another one … and another … or ThinkPad T520 if W520 would not be available. If for some reason I would not be able to use them anymore I would probably get that:

  • cheapest laptop with enough cores/RAM and FullHD screen
  • wireless “tenkeyless” keyboard in front of that laptop

Maybe I will even put that ‘proper’ keyboard on top of the builtin one to save space.

0THIS-future

It will take little more space but at least it will be usable and productive.

Generation Lost in the Bazaar

For long time I assumed that a lot other people also lack that keyboard layout. Seems I was partially wrong. One of my mates realize me that a lot of people grown up even without ever using the INS/DEL HOME/END PGUP/PGDN layout. I will quote him below.

I didn’t know I was raised without those keys!
I mean, they were there but I wasn’t taught how to use them properly.
And now it seems we can’t find them so frequently…

If like me you went to school in Poland you would probably know (or at least recall a little) a poem of Polish poet JΓ³zef Ignacy Kraszewski titled called Birds in a Cage. Let me quote it for you here as its not that long.

Birds in a Cage
‘Why do you weep?’ a young canary said to an old canary,
‘You are better off now in a cage than you were in the fields.’
‘You were born in it,’ said the old one, ‘so I forgive you;
I was once free but now I’m in a cage and that is why I am weeping.’

Why do I quote it here? Because its very similar to the situation of new laptops available now. Those who do not know the oldschool modular laptops with 7-row keyboards are kinda born in a cage. They pick their MacBook or latest ThinkPad X1 Carbon machines with island keyboard layouts and believe that these are the best possible choices. Its was not always like that.

Future

I do not see the (laptops) future in bright lights. I like what PINE64 PineBook or Framework Laptop bring to the table but on the keyboard side … its still the island type dark ages.

References

I am not the only one that feels cheated by the industry. If you are like me here is some more fuel for your nostalgia.

Regards.

Books About FreeBSD

There are many books in which FreeBSD is covered or it is the one of the main objectives of such book. Today I will guide you through these books. I will try to focus on more up to date ones because it would be pointless (beyond historical purposes) to read them now.

The Hateful Eight

I will start with official FreeBSD documentation – as it offers 8 different books for you to get to know that UNIX operating system better. The two most known are FreeBSD Handbook and FreeBSD FAQ. The FreeBSD Handbook covers all/most general topics about FreeBSD operating system setup and administration while FreeBSD FAQ tries to answer most popular questions about it – and does it quite well. There are also other books that are more developer oriented. Below you will find the list of all available eight books from the FreeBSD project.

FreeBSD Handbook https://freebsd.org/handbook
FreeBSD FAQ https://freebsd.org/faq
FreeBSD Architecture Handbook https://docs.freebsd.org/en/books/arch-handbook/
FreeBSD Developers Handbook https://docs.freebsd.org/en/books/developers-handbook/
FreeBSD Porters Handbook https://docs.freebsd.org/en/books/porters-handbook/
Design and Implementation of 4.4BSD Operating System https://docs.freebsd.org/en/books/design-44bsd/
Project Model for FreeBSD https://docs.freebsd.org/en/books/dev-model/
FreeBSD Documentation Project Primer for New Contributor https://docs.freebsd.org/en/books/fdp-primer/

Example FreeBSD Handbook page from PDF file below.

freebsd-handbook

… and while you can download and read PDF files (there are also EPUB/HTML/TXT formats available for download) you can also read it online – this is how the FreeBSD FAQ looks online.

freebsd-faq-www

I sometimes miss that FreeBSD project does not deliver dedicated book in the same PDF/EPUB/HTML/TXT manner for the FreeBSD man pages as for example Solaris or AIX does. At least you can read them online on the https://man.freebsd.org/command page where you will put the needed man page in the place of ‘command’ word – for example the manual page for gstat(8) command is available at https://man.freebsd.org/gstat URL.

If there are two man pages with the same name like crontab(1) and crontab(5) for example then add the man page section number after the slash (/) at the end of URL like that https://man.freebsd.org/crontab/5 – this will solve that problem.

Below you can see the Solaris 10 – Man Pages Section 1M – System Administration Commands book with all Solaris administrative (1M) commands. For FreeBSD the administrative commands are at (8) section.

sol10man1M

The Usual Suspects

The most known books that cover FreeBSD operating system aspects are the ones that are authored by Michael W. Lucas (in more recent titles sometimes accompanied by Allan Jude).

The most famous (and useful) one is the Absolute FreeBSD – Complete Guide to FreeBSD in its most recent 3nd Edition. It is quite recent as its from 2019 year. You can get it both in digital (PDF/EPUB) and traditional printed way. If you already read the FreeBSD Handbook and FreeBSD FAQ are wondering what you should get next to continue your FreeBSD journey then this book is the answer. It fill all the gaps and bring a lot of additional information that you will find very useful in your day to day life with FreeBSD system.

absolute-fbsd

Several books later (not only technical) Michael W. Lucas started the FreeBSD Mastery series with many interesting books about FreeBSD. For the two that cover the ZFS filesystem Allan Jude is also a coauthor.

mastery

Here they are:

  • FreeBSD Mastery: Storage Essentials (2014)
  • FreeBSD Mastery: Specialty Filesystems (2015)
  • FreeBSD Mastery: ZFS (2015)
  • FreeBSD Mastery: Advanced ZFS (2016)
  • FreeBSD Mastery: Jails (2019)

If you are gonna read them – then also do it in that order sa they are listed above. You will need all that ‘introduction’ to get the most of FreeBSD Jails. Even Michael W. Lucas mentioned that you need to ‘do’ several other of his books to truly take advantage of all things written in the FreeBSD Mastery: Jails book. While the FreeBSD Mastery: Storage Essentials and FreeBSD Mastery: Specialty Filesystems are very close related to FreeBSD operating system the other two FreeBSD Mastery: ZFS and FreeBSD Mastery: Advanced ZFS have also a lot of general ZFS knowledge not only limited to FreeBSD operating system.

One additional word about the FreeBSD Mastery: Jails book as its quite ‘special’ in approach. For most parts of the FreeBSD operating system the FreeBSD Handbook covers some or most of the information and tasks needed to do convening particular topic. When it comes to FreeBSD Jails its not that simple anymore. There are two types of Jails. The ‘traditional’ Jails that use the host system network stack and the new ‘VNET’ Jails that bring their own – separate from the host – network stack. It gives you a lot more possibilities and features but it comes with only one downside. The official FreeBSD Handbook does not cover the ‘VNET’ Jails at all. Zero. Nada. Zip. None. You can get ‘some’ grasp about them from the FreeBSD man pages but that is definitely not enough. The ‘VNET’ Jails are of course production ready from many years but for some reason the missing chapter in the FreeBSD Handbook is still missing. That is the most important reason why you should get the FreeBSD Mastery: Jails book.

As we are in the FreeBSD Jails scope … I should also mention the FreeBSD Jails using VNETs book by Derik Ramirez from 2020.

added-JAILS

Its not as ‘big’ as the FreeBSD Mastery: Jails but keep in mind that half of Michael W. Lucas content is about the iocage(8) framework … which is quite dead now unfortunately. The biggest upside of FreeBSD Jails using VNETs book is that it covers – as described in the book title – the VNET Jails. Also being released in 2020 its very up to date.

The Taste of Others

Written in 2018 by Manish Jain the book Beginning Modern Unix covers both FreeBSD and Linux operating systems at the same time.

beginning-modern-unix

It also beginner friendly and as author writes in Preparing for Part I“The structure is intended to make things simple for Windows users planning to migrate to FreeBSD/Linux.” I also really liked the author explanation in the Preface about why he choose BSD/FreeBSD and GNU/Linux (like that syntax by the way). You can find part of it below.

beginning-modern-unix-preface

To be honest I like that ‘dual’ approach with sections showing how to achieve the same on two different (yet somewhat similar) operating systems. It may be useful especially when writing playbooks for various configuration management software like Ansible or Salt. I know that most of these configuration management systems provide their own ‘general’ integrations like ‘install packages’ on a system and then it uses pkg(8) on FreeBSD and yum(8) on CentOS but sometimes not all integrations are available or they are also sometimes broken or buggy. I have heard several times this already that its safer to rely on your own scripts and ‘raw’ commands instead of the ‘integration modules’ in many cases. Of course your millage may vary.

The Beginning Modern Unix book covers many desktop related topics but it also covers POSIX shell scripting and basic C programming which is very nice.

Another interesting ‘dual’ book is UNIX The Textbook from 2017 by Syed Mansoor Sarwar and Robert M. Koretsky authors.

unix-textbook

In its 3rd Edition it covers both Solaris and FreeBSD (in a form of PC-BSD tho) systems. As Solaris by default uses GNOME and PC-BSD (while it existed) used KDE the book also covers a lot about these two desktop environments.

unix-textbook-preface

It is illustrated with many useful diagrams of how things work on UNIX system. Below you can check the pipe explanation.

unix-textbook-pipe

Another good part of the book is that it also covers a lot of POSIX shell scripting and C programming techniques. Even covering things like writing simple servers, inter process communication, threads and a lot more. The book is really huge with almost 1400 pages of useful content. The book leave you at the end of each chapter with QUESTIONS AND PROBLEMS. This approach reminds me of the legendary The C Programming Language written by Brian Kernighan and Dennis Ritchie UNIX fathers where it was also present.

Next one is very well known UNIX and Linux System Administration Handbook by Evi Nemeth and Garth Snyder and Trent R. Hein and Ben Whaley … but it depends which version you get πŸ™‚

unix-linux-admin-4th

The 4th Edition is more conservative and covers Linux/Solaris/HP-UX/AIX systems. This is the description of which systems they have chosen in 2011 and why.

unix-linux-admin-4th-systems

If you try to find FreeBSD there you will fail. They only mentioned it once and added that along with OpenBSD and NetBSD and that BSD systems “(…) enjoy somewhat less support from third-party software vendors.” See for yourself.

unix-linux-admin-4th-freebsd

Lets now move 7 years forward to 2017 in which the 5th edition of the same UNIX and Linux System Administration Handbook book was released. Authors also changed a little with Dan Mackin being added to current lineup of authors of this book.

unix-linux-admin-5th

Besides modified cover I would risk a stance that its quite entirely different book right now. Its because the 5th Edition covers only Linux and … FreeBSD. No AIX. No Solaris. No HP-UX. Authors also added quite long justification on why they have chosen these operating systems and not the other ones. The time of oldschool UNIX dinosaurs that ruled for decades seem to slowly vanish. Its probably not without reason.

The last HP-UX version 11.31 (also known as 11i v3 variant) was released in 2007. Still uses ‘manual’ packages like in 1995. I like its ‘ecosystem’ tho. What I mean by that is that you can install and setup several HP-UX machines. Setup HP Serviceguard HA cluster on these machines and then make HP Virtual Machines or HP SRP Containers highly available between these hosts as Serviceguard services. I was fortunate enough to be able to see such 6 node cluster in action and it worked really well.

The last AIX version 7.2 was released in 2015 but I do not recall any ground braking features. Also AIX still does not have any modern package management and the most that IBM AIX developers could do was to adopt RPM database to add RPM packages along with the native ones. In 2021 the newer AIX 7.3 release also saw the light of day … but also without any groundbreaking features. In other words the last two AIX system releases fell only like a maintenance releases. While the HP-UX ‘ecosystem’ is ‘connected’ between their products and features its not that easy and simple in the AIX ‘POWER World’. For example its not possible to create similar setup with LPARs or WPARs that their high availability would be controlled by PowerHA cluster software. Even if you would create LPARs with purely virtual devices and storage from the SAN network. The POWER ecosystem offers a feature called Remote Restart for LPARs on HMC but its far from being close to what HP-UX ecosystem offers here.

As for Solaris … I think that Oracle taking over SUN is probably one of the worst things that could happen to Solaris. Oracle could extend and continue the OpenSolaris road started by SUN. It could move and expand Solaris to 21st century. Instead it also went the ‘maintenance’ road along with maximizing the cash outcome of Solaris ‘asset’ with 11.3 in 2015 and 11.4 in 2018 releases. Besides adding PF firewall from OpenBSD and Live Migration feature for Kernel Zones I do not recall any groundbreaking features to be added. Maybe some ZFS development but looking at what OpenZFS is achieving with each release these Oracle developments do not look ‘big’ at all. From what is known Oracle also fired most of SPARC and Solaris developers leaving only small teams to make it running in ‘maintenance mode’ up to 2034 to which Oracle promised to keep Solaris alive instead of moving forward with Solaris 12.0 which was even in alpha or beta state. I agree with authors statement in which they say that “The popularity of UNIX has been waning for some time, and most of the stalwart UNIX distributions (e.g., Solaris, HP-UX, and AIX) are no longer in common use.”

Below is the authors description why they have chosen the FreeBSD and Linux systems for the 5th Edition of their well respected and acknowledged book.

unix-linux-admin-5th-systems

Back to FreeBSD world … and the authors quote why FreeBSD was included in this most recent version of their book – “The open source descendants of BSD are exceptions to this trend and continue to enjoy a cult following, particularly among operating system experts, free software evangelists, and security-minded administrators. In other words, some of the world’s foremost operating system authorities rely on the various BSD distributions. Apple’s macOS has a BSD heritage.” This most recent version is also little shorter with ‘only’ about 1200 pages while earlier edition topped at little over 1300. Keep in mind that newer edition covers Linux and FreeBSD while the older one had to describe and document to systems more.

Last but not least I should also mention the Book of PF – No Nonsense Guide to OpenBSD Firewall book by Peter N.M. Hansteen from 2015 in its most recent 3rd Edition.

pf-book

While originally targeted at OpenBSD users the FreeBSD users will also be able to get a lot of useful knowledge about PF firewall that FreeBSD uses. Keep in mind that there are some syntax differences between OpenBSD and FreeBSD PF firewalls.

Source Code

Here you will find the books that are little less useful for sysadmins and more useful for developers and programmers. We will start with updated Design and Implementation of FreeBSD 11 Operating System from 2015 in 2nd Edition form. Written by one of the original BSD UNIX and FreeBSD developers Marshall Kirk McKusick along with other two FreeBSD developers George V. Neville-Neil and Robert N.M. Watson.

design-implementation-bsd

Its generally more up to date version of the official FreeBSD documentation available as Design and Implementation of 4.4BSD Operating System title from the FreeBSD project documentation page – which one of the authors is also Marshall Kirk McKusick. Is it worth to get it then? Absolutely. A lot have changed and many new technologies have been imported into FreeBSD source tree such as ZFS or DTrace or for example the ULE scheduler.

The final book that I would like to mention here is the FreeBSD Device Drivers book from 2012 written by Joseph Kong.

bsd-device-drivers

The book tries to achieve what it title says – to help you first understand and then modify or write your own device drivers. While it covers little older FreeBSD 8 version it is not a problem because the FreeBSD API and ABI change very slow and only when no other way is possible.

Another great tool for programmers and developers in the process of making FreeBSD better is book about DTrace – the dynamic tracing framework. The DTrace – Dynamic Tracing in Oracle Solaris, Mac OS X, and FreeBSD book.

added-DTRACE

Written by Brendan Gregg and Jim Mauro in 2011 greatly helps to jump into that topic in simple and straightforward way. Besides covering FreeBSD it also does cover Mac OS X, Solaris and even OpenSolaris. That means that it should also be useful for Illumos developers. The book contains a lot of DTrace scripts and examples on how to use that fantastic tool.

Another book that you may find useful in your FreeBSD programmer career is the Designing BSD Rootkits: An Introduction to Kernel Hacking book by Joseph Kong.

added-ROOTKITS

Written in 2007 still contains lots of up to date information for the FreeBSD hackers. While the term ‘rootkit’ may be taken ‘negatively’ the author itself describes the book by himself the best way – “Though rootkits have a fairly negative image, they can be used for both good and evil. Designing BSD Rootkits arms you with the knowledge you need to write offensive rootkits, to defend against malicious ones, and to explore the FreeBSD kernel and operating system in the process.” I agree with the author here. To be well protected against something you first need to know how that thing works. The book contains many code examples that you may compile and use and also build upon with your own ideas. Would recommend.

Gone with the Wind

If you know other FreeBSD related books then please let me know.

For those few that did not noticed – the titles of the headers are really great movies πŸ™‚

Secure Containerized Browser

By default Chromium on OpenBSD (not so) recently got OpenBSD’s unveil(2) support. That means that of you run Chromium with --enable-unveil flag then it will be prevented from accessing anything other than the ~/Downloads directory. No such thing on FreeBSD exists. Firefox or Chromium have access to all files user can read – even to your system sshd(8) keys or even worse to your private keys laying in the ~/.ssh dir. On FreeBSD thanks to its FreeBSD Jails technology we can create secure containerized browser with only access to the specified directory. On my system its the ~/download dir.

You may want to check other desktop related articles in the FreeBSD Desktop series on the FreeBSD Desktop page.

Configuration

We will start with /etc/jail.conf file configuration. For the record – we will be using /jail for our FreeBSD Jails main dir. I will also use /jail dir for the ‘base’ FreeBSD versions tarballs as a convenient place. As I use 10.0.0.0/24 address space I will use 10.0.0.200 for our containerized browser. Feel free to pick other IP from which you will be able to reach the Internet. The /etc/jail.conf is shown below. One thing to note here. As I am using WiFi wlan0 interface I have put that into the Jail configuration. If you use LAN interface (for example em0) then put that instead into this Jail config. As you see from the example below we will be using Firefox browser in out example.

root@host # cat /etc/jail.conf

# GLOBAL
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.clean;
  exec.consolelog = "/var/log/jail_${name}_console.log";
  mount.devfs;
  host.hostname = ${name};
  path = /jail/${name};

# JAILS
  firefox {
    devfs_ruleset = 30;
    ip4.addr = 10.0.0.200;
    interface = wlan0;
    allow.raw_sockets;
    allow.sysvipc;
    mount.fstab = "/jail/firefox/etc/fstab";
  }

As you can see we will also be using devfs(8) rules in the /etc/devfs.rules file – shown below. This configuration is needed to have access to sound(4) in our FreeBSD Jail. If you do not need sound then you can delete devfs_ruleset = 30; from the /etc/jail.conf file and also do not add anything in the /etc/devfs.rules file.

root@host # cat /etc/devfs.rules
[sound=30]
add path 'mixer*' unhide
add path 'dsp*'   unhide

If we are about to share the ~/download dir with our containerized browser then we need to somehow add that information to our FreeBSD Jail. We will use the FreeBSD’s mount_nullfs(8) command to mount our currently existing ~/download dir into our FreeBSD Jail. We will use following /jail/firefox/etc/fstab for that purpose.

root@host # cat /jail/firefox/etc/fstab
#SOURCE         #MNT                                      #TYPE   #OPTS       #DUMP/PASS
/data/download  /jail/firefox/usr/home/vermaden/download  nullfs  rw,noatime  0 0

Of course you do not have to share any directory with your containerized browser.

You may as well would want to make this jails start everytime you boot your system. To do that add below lines to the /etc/rc.conf file as shown below.

jail_enable=YES
jail_parallel_start=YES
jail_list="firefox"

Create the Jail

As I use FreeBSD 13.0-RELEASE I would be using also the FreeBSD 13.0-RELEASE Jail for that purpose. If you are running for example FreeBSD 12.3-RELEASE then make sure that you will use FreeBSD 12.3-RELEASE Jail. The Jail version needs to be lower then the host system version. We will now fetch needed FreeBSD ‘base’ file and unpack it within /jail/firefox dir where our container would live. We will also configure several other basic files such as /etc/resolv.conf or /etc/hosts files.

root@host # mkdir -p /jail/BASE /jail/firefox /jail/firefox/usr/home/vermaden/download

root@host # fetch -o /jail/BASE/13.0-RELEASE-base.txz \
    http://ftp.freebsd.org/pub/FreeBSD/releases/amd64/13.0-RELEASE/base.txz

root@host # tar -xvpf /jail/BASE/13.0-RELEASE-base.txz -C /jail/firefox

root@host # echo nameserver 1.1.1.1 > /jail/firefox/etc/resolv.conf

root@host # echo 10.0.0.200 firefox >> /jail/firefox/etc/hosts

root@host # cat << EOF > /jail/firefox/etc/fstab
#SOURCE         #MNT                                      #TYPE   #OPTS       #DUMP/PASS
/data/download  /jail/firefox/usr/home/vermaden/download  nullfs  rw,noatime  0 0
EOF

We will now start our fresh FreeBSD Jail.

root@host # service jail onestart firefox

We can now also see two new mounts in the mount(8) output.

root@host # mount | tail -2
/data/download on /jail/firefox/usr/home/vermaden/download (nullfs, local, noatime)
devfs on /jail/firefox/dev (devfs)

root@host # mount -p | tail -2 | column -t
/data/download /jail/firefox/usr/home/vermaden/download nullfs rw,noatime 0 0
devfs /jail/firefox/dev devfs rw 0 0

You may want to update the FreeBSD version to the most up to date one with freebsd-update(8) commands.

root@host # freebsd-update -b /jail/firefox fetch
root@host # freebsd-update -b /jail/firefox install

Install Needed Packages

Before installing anything we will first switch to the latest branch for the pkg(8) packages to have most up to date software. We will then process to installing the Firefox package. We will also need x11/xauth package for X11 Forwarding process.

root@host # sed -i '' s.quarterly.latest.g /jail/firefox/etc/pkg/FreeBSD.conf

root@host # grep latest /jail/firefox/etc/pkg/FreeBSD.conf
  url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",

root@host # jls
   JID  IP Address      Hostname                      Path
     1  10.0.0.200      firefox                       /jail/firefox

root@host # jexec 1

(root@jail) # pkg install -y firefox xauth

Create Matching User and Configure sshd(8) Daemon

We will now enter our FreeBSD Jail again for several other needed tasks for our containerized browser to be working. First is creating inside similar user as you currently use inside. Especially with the same UID/GID to have files with proper permissions in your real ~/download directory instead of files with other UID/GID that you will have to chown(8) with root user. As my vermaden user uses UID/GID 1000 I will also use that inside. I will also set simple password that You will only use once – to copy your public SSH key there.

root@host # jexec 1

(root@jail) # echo your-username-password-goes-here | pw user add -u 1000 -n vermaden -m -s /bin/sh -h 0

Now we need to run /usr/local/bin/dbus-uuidgen --ensure once to make sure DBUS is initialized properly. Firefox and many other apps would not start if we omit that step.

(root@jail) # /usr/local/bin/dbus-uuidgen --ensure

Now the sshd(8) daemon. The only thing we need to do is to add it to the system startup and also add X11UseLocalhost no option to its config file.

(root@jail) # sysrc sshd_enable=YES
sshd_enable: NO -> YES

(root@jail) # echo X11UseLocalhost no >> /etc/ssh/sshd_config

(root@jail) # service sshd start
Generating RSA host key.
2048 SHA256:VnrvItf0tl738C5Oc2St6T63/6o8zaDlfUskB+NrElo root@firefox (RSA)
Generating ECDSA host key.
256 SHA256:ZAjcAGqlrVwvY+J9MuVzErx9QUOqIOJE3nJX/Oqwtpk root@firefox (ECDSA)
Generating ED25519 host key.
256 SHA256:JdzUql2D2+X8iBn3c1jWDHQRNQMKqWGOcL4J16fIX0E root@firefox (ED25519)
Performing sanity check on sshd configuration.
Starting sshd.

Copy Public SSH Key and Start

Copying your public SSH key is optional but if you omit this step then you would have to type your FreeBSD Jail user password every time you would want to start your secure Firefox instance.

vermaden@host % ssh-copy-id -i ~/.ssh/id_rsa vermaden@10.0.0.200
Password:

Now you can start your containerized browser. I have added some useful flags for ssh(1) client like compression with -C and fastest supported encryption with -c aes128-ctr option. The -X is for X11 Forwarding option. I also added GDK_SYNCHRONIZE=1 to make Firefox yell less πŸ™‚

vermaden@host % ssh -C -c aes128-ctr -X vermaden@10.0.0.200 env GDK_SYNCHRONIZE=1 firefox --new-instance

Now without password you should see fresh Firefox instance.

firefox-fresh

I will now try to play some random video. I can not show you that from an image but the sound also works πŸ™‚

firefox-youtube

Similar setup can be created for other browser if Firefox is not your browser of choice of course. If you are curious how much space it uses its about this:

root@host # du -smx /jail/BASE/13.0-RELEASE-base.txz /jail/firefox 
181 /jail/BASE/13.0-RELEASE-base.txz
1603 /jail/firefox

root@host # du -smx -A /jail/BASE/13.0-RELEASE-base.txz /jail/firefox
181 /jail/BASE/13.0-RELEASE-base.txz
2601 /jail/firefox

I also added the -A flag in second the du(1) command to show you how much more space would be used without the ZFS LZ4 compression.

UPDATE 1 – Use XPRA Instead of X11 Forwarding

Some people complained that this is quite good setup but they were not happy with using X11 Forwarding for the connection method. I decided to add additional XPRA method to connect to our secure containerized browser. First thing you need to do is to install the x11/xpra package on both the host system and also inside the jail container.

root@host # pkg install -y xpra
(root@jail) # pkg install -y xpra

Now – after logging into your user in the Jail container – vermaden in may case – we will use the xpra commands to create new session with Firefox browser.

Lets see if any xpra sessions currently exists.

(vermaden@jail) % xpra list
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
No xpra sessions found

Seems not. We can not start our Firefox session.

(vermaden@jail) % xpra start --bind-tcp=:14500 --start='firefox --new-instance'
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
Entering daemon mode; any further errors will be reported to:
  /tmp/xpra/S19958.log
Actual display used: :0
Actual log file name is now: /tmp/xpra/:0.log

We can see in the xpra list command that new session appeared.

(vermaden@jail) % xpra list
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
Found the following xpra sessions:
/home/vermaden/.xpra:
        LIVE session at :0

We can also see that xpra is now listening on the 14500 port.

(vermaden@jail) % sockstat -l4
USER     COMMAND    PID   FD PROTO  LOCAL ADDRESS         FOREIGN ADDRESS
vermaden python3.8  20781 3  tcp4   10.0.0.200:14500      *:*
root     sshd       58454 3  tcp4   10.0.0.200:22         *:*
root     syslogd    48568 5  udp4   10.0.0.200:514        *:*

We will now move to out host and start graphical xpra client to connect to our FreeBSD Jail with Firefox process.

update1-xpra-main

After clicking the large Connect button we can now enter our Jail address.

update1-xpra-connect

After again clicking the Connect button on the bottom this time we can now se our Firefox browser from our secure environment.

update1-xpra-firefox

After we done our job at more secure Firefox we can now end our xpra session on the jail system.

(vermaden@jail) % xpra stop
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
xpra initialization error:
 cannot find any live servers to connect to

(vermaden@jail) % xpra list
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
No xpra sessions found

As XPRA provides OpenGL acceleration you may verify that fact from your host system using below command.

vermaden@host % xpra opengl
Warning: XDG_RUNTIME_DIR is not defined
 and '/run/user/1000' does not exist
 using '/tmp'
Warning: cannot handle window transparency
 screen is not composited
Warning: vendor 'Intel Open Source Technology Center' is greylisted,
 you may want to turn off OpenGL if you encounter bugs
Warning: window 0xffffffff changed its transparency attribute
 from False to True, behaviour is undefined
GLU.version=1.3
GLX=1.4
accelerate=3.1.5
accum-alpha-size=0
accum-blue-size=0
accum-green-size=0
accum-red-size=0
alpha-size=0
aux-buffers=0
blue-size=8
buffer-size=24
depth=24
depth-size=0
direct=True
display_mode=ALPHA, DOUBLE
double-buffered=True
green-size=8
level=0
max-viewport-dims=16384, 16384
opengl=3.0
pyopengl=3.1.5
red-size=8
renderer=Mesa DRI Intel(R) HD Graphics 3000 (SNB GT2)
rgba=True
safe=True
shading-language-version=1.30
stencil-size=0
stereo=False
success=True
texture-size-limit=8192
transparency=True
vendor=Intel Open Source Technology Center
zerocopy=True

You can also use VNC or other methods of course.

Hope that helps πŸ™‚

EOF

UNIX Mouse Shootout

While most hardcore UNIX users prefer keyboard shortcuts over anything else – and I often align with that view – I really do appreciate good mouse on my UNIX system. In the end its close to impossible to edit images in GIMP without mouse for example. This ‘shootout’ will definitely be subjective as it will be limited only to mice that I own(ed). I will not bore you with all the technical specifications of these devices – you can check them on your own.

Besides – UNIX has two copy/paste buffers instead of just one like in most systems. There is PRIMARY and SECONDARY buffers in X11 for mouse. One is used when you use Copy/Paste options from menus and/or keyboard shortcuts like [CTRL]+[C] and [CTRL]+[V] ones. The other one is used when you just SELECT the text. After releasing the left mouse button (and finishing the selection) you have that text stored in your SECONDARY buffer. You may now paste that with pressing the third/middle mouse button. But the PRIMARY buffer did not changed during that operation so you can also paste the other text you had in your PRIMARY buffer from the earlier [CTRL]+[C] operation. This makes mouse on UNIX more useful – definitely bigger then in other systems.

While Bluetooth is widely used on most mobile phones/tables and even cars now I do not find it desired as the only protocol for the mouse. I do not have anything against it when it comes as an additional possibility like with the Logitech M720 Triathlon mouse – its even nice that way – but I would not use mouse that the only possible way to connect/operate is by Bluetooth protocol. Maybe on a macOS UNIX but definitely not on FreeBSD UNIX πŸ™‚

AMIGA ‘Tank’ Mouse

The first mouse device that I used was the oldschool AMIGA ‘Tank’ Mouse which I used alongside my first computer – AMIGA A600. When I used it or played Cannon Fodder it felt more then up to the task but using only two buttons mouse (without any scroll and third button) in 2021 feels almost impossible for me.

mouse-amiga-tank

It was possible to run AMIGA UNIX (also known as Amix) on AMIGA hardware. That was an AT&T Unix System V Release 4 developed as alternative to default AmigaOS but you needed Amiga A3000UX hardware for that.

amiga-unix

Unfortunately the AMIGA A600 was not supported 😦

Lenovo and ThinkPad Twins

One of my older/earlier mouse models that I used were quite ‘identical’ mouse models Lenovo Wireless USB Mouse (0A36188) and ThinkPad Wireless USB Mouse (0A36193) – both made by Lenovo for the record. They have the same size and work mostly the same but the older one – ThinkPad model (0A36193) – had more responsive third button (the one under the wheel) – the Lenovo (0A36188) kinda needed real strength to press it – that was its downside.

mouse-thinkpad-lenovo

I still own the ThinkPad one (0A36193) and use it from time to time when I travel – the two AA batteries allow quite long operation of more then a month – which is more then enough for my standards.

Its my first mouse that got additional buttons on the scroll wheel for left and right operations – I used it for volume control on my UNIX system which was (and still is) VERY convenient.

While I really like its/their small size – but after some longer use I really miss some more ergonomic shape under my hand. That means that it ‘will do’ for short periods of usage in travel situations but for long work use something more ergonomic then these.

Logitech Marathon M705 (GEN 1)

I got it after more then a year of using Lenovo and ThinkPad mice. It was real upgrade with quite nice profiled shape to the right hand. It was also quite heavy – but that was good – it felt really good to operate in hand. It was branded as very long to use without changing or charging the batteries and it really did provided in that department – I needed to change/charge the batteries maybe once a year or less often. It was also more precise then simple ThinkPad/Lenovo mouse.

mouse-M705-GEN1

The volume buttons from the wheel that I used on the Lenovo and ThinkPad mice was not quite possible here. While the mouse have these left/right buttons on the wheel they were clumsy and not very precise – so you loss more time trying to press them properly then doing it the other way. With Logitech M705 I ‘moved’ my volume controls to other two buttons that were available under the thumb button. Fortunately there are two of those additional buttons so it was perfect for volume up and volume down actions.

This is also the first mouse that allowed to toggle the wheel to be ‘clickless’ – you can literally spin it for several seconds without any resistance – it just keeps rolling itself – and to be honest – that is one of the features I now DEMAND from any mouse. It makes life so much better (and faster). Instead of scrolling many – many times to get where its needed – you just spin it once and wait till you get there – and even a lot faster then with ‘traditional’ clicking mouse wheel.

Another advantage of that approach is that tip of your finger does not hurt after all day long of scrolling … and if you need precision clicking wheel – then just toggle it and you can click-scroll as usual.

With LogitechΒ Marathon M705 mouse I also grow another ‘useful’ habit (or need) in a mouse. I started to use the lower thumb button to toggle between pause/play for my Deadbeef music player. Before that I used to switch to Workspace 3 where it plays music and press [C] key to toggle pause/play. After adding additional deadbeef --play-pause action to my xbindkeys(1) config now all I have to do to toggle between play and pause is to just push my thumb mouse button. Way faster πŸ™‚

Logitech Performance MX

After reading many comparisons with Logitech MX Master generations I finally settled on the Logitech Performance MX mouse. It is really big and that is really big advantage. It handles/lies really nice in a hand and being quite large and heavy it is very precise and you got ‘good’ feeling and confidence of using it. I really liked it till I got to know its two big downsides … first was the battery time. I needed to change/charge battery about once a week. That was REALLY disappointing. The other downside was that it was not able to properly operate on a flat WOOD surface (like on the photo below). Plain simple flat wood. All other mice worked well on this surface while this one did not. The marketed Darkfield sensor was useless. These were the two reasons that I got rid of it.

mouse-logitech-performance-MX

Same as with M705 the left/right buttons on the wheel were not very precise so I used the additional thumb buttons for volume management. The Logitech Performance MX mouse also comes with micro USB port at the front so you may use the mouse while you are charging it. Its real pity that Logitech did not used two (or even three) AA batteries for this mouse to make it last longer … but that would not resolve the Darkfield sensor not able to cope with movement on the wood πŸ™‚

Logitech Marathon M705 (GEN 2)

I have read a lot of hate and disappointment about the latest generation of Logitech Marathon M705 mouse. Also the lower thumb button is missing and currently it uses only one AA battery. It still provides very long time without the need to change/charge and its lighter now. Its neither bad nor good – its just different. The precision is similar but after using Logitech Performance MX you really miss that big size.

mouse-M705-GEN2

The second generation of M705 did not improved the left/right buttons on the wheel so I decided to stick with additional thumb buttons for volume management.

I also really missed that lower thumb button that is gone from the GEN 2 Logitech Marathon M705 mouse – needed to go back to my [C] routine …

Logitech Triathlon M720

I recently got the possibility to check and use the Logitech Triathlon M720 mouse and I must say that I am positively surprised. Its both Bluetooth and USB dongle mouse so you can choose which way you would like to connect it to your computers. The plural form is intended here as the Logitech M720 allows you to switch between 3 computers with additional dedicated button. It also got ‘back’ the lower thumb button that was missing on the latest generation of the Logitech M705 mouse. The light/white lower bottom of the mouse looks little strange though … but its kinda not visible when it is laying on the table.

mouse-M720

The M720 has more precise left/right buttons on the wheel but I got so used to manage volume with my thumb that I currently keep these ‘wheel’ buttons unused.

Having the lower thumb button again I was also able to get back to my toggle play/pause Deadbeef operation. Yay!

Missing

I never owned Logitech MX Master mouse. I used version ‘3’ for short time as one of my buddies own it and it felt quite similar to Logitech Performance MX in operation but not quite the same. Similar but different. I think that it would be comfortable but not sure about the precision on wood and battery time. Maybe I will got it some day and add an update here.

mouse-MX-master

… but given the fact that Logitech MX Master mouse also has micro USB port at its front for charging I would suspect that battery time is also not that great. Similarly like the Logitech Triathlon M720 it also allows to switch its presence between 3 computers. There is also additional wheel for vertical scrolling. Never used that but maybe it would be useful in GIMP for example.

Summary

So what does a good UNIX mouse feature? I would summarize all the needed (or at least useful) feats in a list below.

  • needs to be at lest a little ergonomic
  • allows to toggle wheel between click and clickless operation
  • have additional buttons for custom actions
  • allows more then one month of work on batteries
  • works on different surfaces without a problem
  • has a USB dongle so Bluetooth is not needed

What other features you desire in mouse? I also thought about ‘vertical’ mouse type/shape and also about trackball. I tried my neighbor Logitech trackball several times but I am not sure I would get used to it after so many years of ricing the mice πŸ™‚

External Discussions

EOF