Difference between revisions of "FreeBSD"
(→Iocage/Warden Jails) |
|||
Line 156: | Line 156: | ||
CentOS useful for tunables for FreeNAS | CentOS useful for tunables for FreeNAS | ||
https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS | https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS | ||
+ | |||
+ | |||
+ | =Limiting Jail Resources with RCTL= | ||
+ | Here is how you limit the amount of RAM or CPU each jail can have. | ||
+ | A | ||
+ | dd the following line to /boot/loader.conf: | ||
+ | |||
+ | kern.racct.enable="1" | ||
+ | |||
+ | Reboot to activate. | ||
+ | |||
+ | The following is how to constrain CPU usage, in percentage: | ||
+ | |||
+ | rctl -a jail:JAILNAME:pcpu:deny=75 | ||
+ | |||
+ | The following is how to constrain virtual and physical RAM usage, in percentage: | ||
+ | |||
+ | rctl -a jail:JAILNAME:vmemoryuse:deny=512M | ||
+ | |||
+ | rctl -a jail:JAILNAME:memoryuse:deny=1024M | ||
+ | |||
+ | To view the currently applied limits: | ||
+ | |||
+ | rctl | ||
+ | |||
+ | To view the resources used by a jail: | ||
+ | |||
+ | rctl -u jail:JAILNAME |
Revision as of 15:54, 10 March 2023
FreeBSD
FreeBSD is a free and open-source Unix-like operating system descended from Research Unix via the Berkeley Software Distribution (BSD). FreeBSD is a direct descendant of BSD of which was historically called "BSD Unix" or "Berkeley Unix" (in violation of the UNIX trademark). The first version of FreeBSD was released in 1993 and, as of 2005, FreeBSD was the most widely used open-source BSD operating system, accounting for more than three-quarters of all installed BSD systems.
FreeBSD shares similarities with Linux but has two major differences in scope and licensing; FreeBSD maintains a complete system, i.e. the project delivers a kernel, device drivers, userland utilities, and documentation, as opposed to Linux only delivering a kernel, drivers, and relying upon third-parties for system software. FreeBSD source code is generally released under a permissive BSD license, as opposed to the copyleft GPL used by Linux.
The FreeBSD project includes a security team overseeing all software shipped in the base distribution. A wide range of additional third-party applications may be installed using the pkg package management system, FreeBSD Ports, or by compiling source code.
Due to its licensing, much of FreeBSD's codebase has become an integral part of other operating systems, such as Apple's Darwin (the basis for macOS, iOS, watchOS, and tvOS), the open-source NAS/SAN operating system FreeNAS, the Nintendo Switch system software, and the system software for Sony's PlayStation 3 and PlayStation 4.
Contents
Pools
To list pools:
zpool import
To import a pool:
zpool import POOLNAME
This pool has to be mounted manually if moved from another system.
zfs set mountpoint=/mnt/dirname poolname zfs mount -a
Attach a mirror to existing hard drive in FreeBSD/FreeNAS
Let's assume ada0 is your existing disk, ada1 is the new one, tank is the pool name.
gpart create -s gpt /dev/ada1 gpart add -i 1 -b 128 -t freebsd-swap -s 2g /dev/ada1 gpart add -i 2 -t freebsd-zfs /dev/ada1
- Run
zpool status
and note the gptid of the existing disk - Run
glabel status
and find the gptid of the newly created partition. It is the gptid associated with ada1p2.
zpool attach tank /dev/gptid/[gptid_of_the_existing_disk] /dev/gptid/[gptid_of_the_new_partition]
It may take a while to resilver your drive after this - you will not have access to it whilst this is running.
Encryption
Unlock Geli-encrypted ZFS Volume:
geli attach -k [geli_key_file] [dev_to_unlock]
Example:
geli attach -k /data/geli/geli.key /dev/ada0p2
To import the pool, see Pools
Iocage/Warden Jails
To migrate jails from one pool to another:
zfs snapshot -r poolname/jails@relocate zfs send -R poolname/jails@relocate | zfs receive -vF newpool/jails
To migrate a jail from one computer to another:
iocage stop jailname iocage export jailname
Exporting jails will create a zip file "jail_name_date.zip" inside "/mnt/iocage/images/". To import these backups, copy the exported backup files into "/mnt/iocage/images/" and then restore:
iocage import jailname_name_date.zip
If iocage gives trouble, use the jail name instead:
iocage import jailname
Change iocage pool location:
iocage activate NEWPOOLNAME
To clone jail1 to jail2, run:
iocage clone jail1 --name jail2
Manual import of a jail:
zfs create zpool1/iocage/jails/jail1 zfs recv -F zpool1/iocage/jails/jail1 < jail1_2020-10-24 zfs recv -F zpool1/iocage/jails/jail1/data < jail1_2020-10-24_data zfs recv -F zpool1/iocage/jails/jail1/root < jail1_2020-10-24_root
Automatically stop, make an export backup, and start all available iocage jails in a for loop into zpool1/iocage/images:
for i in $(iocage list |awk '{print $4}' |grep -vi name|awk NF); do iocage stop $i && iocage export $i && iocage start $i; done
Iohyve/Bhyve Virtual Machines
The following is how to get Iohyve PCI passthrough working in FreeNAS with pfsense.
Get the PCI addresses for the ethernet card.
pciconf -lv
Find the PCI addresses for the ethernet card. A multi-port card will have several. You will need them for the pptdev2 tunable in a x/y/z format. This example is for two ethernet ports with PCI addresses x1/y1/z1 and x2/y2/z2.
Go to System > Tunables and configure the following options to enable iohyve and PCI passthrough. pptdevs2 is used because regular pptdevs did not work so it depends on the setup.
Variable | Value | Type
iohyve_enable | YES | rc
iohyve_flags | kmod=1 net=<eth0,eth1> | rc
pptdevs2 | x1/y1/z1 x2/y2/z2 | loader
vmm_load | YES | loader
Configure the virtual machine using iohyve within terminal:
iohyve setup pool=(pool name)
iohyve create pfsense 8G
iohyve set pfsense ram=2048mb
iohyve set pfsense cpu=2
iohyve set pfsense pcidev:7=passthru,x1/y1/z1
iohyve set pfsense pcidev:8=passthru,x2/y2/z2
iohyve set pfsense os=pfsense
iohyve set pfsense bargs="-S -A -H -P"
Some have to dd the image to the zvol. It can be installed any other way so long as it boots properly. Make sure the paths and files are correct. You can disregard the following if you are able to boot using other methods.
iohyve fetch https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz
zfs rename zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz zeus/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img
cd /iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/
gunzip pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img.gz
dd if=/iohyve/ISO/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img/pfSense-CE-memstick-serial-2.4.4-RELEASE-p1-amd64.img of=/dev/zvol/zeus/iohyve/pfsense/disk0 bs=1m
Start the VM
iohyve start pfsense
In another shell session, connect to the console to perform the installation.
iohyve console pfsense
Set it to automatically boot.
iohyve set pfsense boot=1
Here are some good resources to use for this in case this doesn't work:
https://murf.se/2016/01/05/iohyve-and-pci-passthru.html
Iohyve manual man page https://github.com/pr1ntf/iohyve/wiki/Manual
Iohyve wiki https://github.com/pr1ntf/iohyve/wiki
USB passthrough example https://github.com/pr1ntf/iohyve/wiki/USB-3.0-PCI-Controller-Pass-through
CentOS useful for tunables for FreeNAS https://github.com/pr1ntf/iohyve/wiki/Installing-CentOS-7-on-FreeNAS
Limiting Jail Resources with RCTL
Here is how you limit the amount of RAM or CPU each jail can have. A dd the following line to /boot/loader.conf:
kern.racct.enable="1"
Reboot to activate.
The following is how to constrain CPU usage, in percentage:
rctl -a jail:JAILNAME:pcpu:deny=75
The following is how to constrain virtual and physical RAM usage, in percentage:
rctl -a jail:JAILNAME:vmemoryuse:deny=512M
rctl -a jail:JAILNAME:memoryuse:deny=1024M
To view the currently applied limits:
rctl
To view the resources used by a jail:
rctl -u jail:JAILNAME