- 追加された行はこのように表示されます。
- 削除された行は
このように表示されます。
!! FreeBSD 10.x
!Web 認証ツール
pfSense
!FreeBSD-10 の Tips
ProLiant Gen9 以降は FreeBSD10.3 以降を利用の事
[2016-JUN-01] FreeBSD R10.3では x2apicを offにする必要はなくなりました。
https://www.hpe.com/jp/ja/servers/bsd/faq/freebsd-answer.html
! ディスクの使用量
FreeBSD 10.2 パーティションの使用量
未使用の場合
/ : 2.1G
/usr/src : 1.9G ( freebsd のソース )
/usr/obj : 3.3G ( buildworld した場合 )
/usr/ports : 2.1G + 3G 程度(コンパイルするとき)
/usr/local のサイズ
/var のサイズ
1パーティションで作成の場合には 24G+4G(SWAPサイズ) 30G 程度??
Buildworld,BuildKernel & Portsをビルドした後 ( /root/bin/mkisoimages.sh した後)
Filesystem Size Used Avail Capacity Mounted on
/dev/ada0p2 46G 26G 17G 61% /
+ Swap + Home
----
ifconfig re0 media 1000baseTX mediaopt full-duplex
----
FreeBSDルータの通信速度が遅いと感じたら、LRO, TSOオプションをオフにしてみよう
/etc/rc.confのネットワークインターフェイスを設定する行にLRO, TSOを無効化する指示(-lro -tso)を追加
ifconfig_vtnet0="inet <IPアドレス> netmask <ネットマスク> -lro -tso"
----
! FB10 -> FB11 upgrade
Upgrading from FreeBSD 11.0-RELEASE
# : > /usr/bin/bspatch
# freebsd-update fetch
# freebsd-update install
Upgrading from FreeBSD 10.3-RELEASE and Earlier
# : > /usr/bin/bspatch
## freebsd-update upgrade -r 11.0-RELEASE
## freebsd-update upgrade -r 11.1-RELEASE
# # nohup freebsd-update -r 11.3-RELEASE upgrade
# freebsd-update -r 11.3-RELEASE upgrade
# freebsd-update install
<reboot the system>
# freebsd-update install
<rebuild third-party software>
# freebsd-update install
<Package UPdate>
# pkg upgrade -y
< erace old so files >
# freebsd-update install
FreeBSD-UPgrade PROXY use
# # env HTTP_PROXY="http://192.168.11.80:8080" freebsd-update upgrade -r 11.1-RELEASE
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update upgrade -r 11.4-RELEASE
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
< Reboot>
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
# env HTTP_PROXY="http://127.0.0.1:18080" pkg bootstrap -f
# env HTTP_PROXY="http://127.0.0.1:18080" pkg upgrade -y
< >
# env HTTP_PROXY="http://127.0.0.1:18080" freebsd-update install
# setenv HTTP_PROXY "http://proxy.ne.jp:8080"
# setenv HTTP_PROXY_AUTH "basic:*:userid:password"
# setenv HTTP_PROXY "http://userid:password@proxy.ne.jp:8080"
# setenv HTTP_TIMEOUT 1800
SCREEN command で復旧する
$ screen ssh stepserver
$ << ctrl+a d >> ( ctrl+a の後に d ) [にてデタッチ]
ーSSHに再接続したら,"screen -ls " で復帰したい画面を選ぶことができます。
$ssh remote
screen freebsd-update upgrade -r 11.1-RELEASE
$
<< ctrl+a d >> で接続解除
$
$ ssh remote
$ screen -ls
There are several suitable screens on:
12762.pts-4.user (12/15/2016 07:05:42 PM) (Detached)
$ screem -r
----
!ports の管理
pkg install rsync
pkg install portsnap
pkg install subversion
pkg install portupgrade
pkg install python2
pkg install python3
#
# env HTTP_PROXY="http://192.168.100.10:18080" pkg install squid
# env HTTP_PROXY="http://192.168.100.10:18080" pkg install net-snmpd
# env HTTP_PROXY="http://192.168.100.10:18080" pkg install apcupsd
# env HTTP_PROXY="http://192.168.110.80:8080" pkg install py27-sqlite3
初回
portsnap fetch
portsnap extract
2回目移行
portsnap fetch
portsnap update
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap fetch
## env HTTP_PROXY="http://172.16.70.10:8080" portsnap update
#
## rm /var/db/portsnap/tag # アップデートがうまく行かないばあい
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch extract &
# env HTTP_PROXY="http://192.168.11.80:8080" portsnap fetch update &
pkg version -vL=
portupgrade -rR apache
# X 関連の build には 9Gbyte のHDDの空きが必要 ( /usr/ports で 11Gbyte 程度必要 )
----
!src の管理
# cd /usr/src
# rm -rf *
# svn checkout svn://svn.FreeBSD.org/base/releng/10.1 /usr/src
# # mv /usr/src /usr/src.bak 1
# # svn checkout https://svn.freebsd.org/base/releng/10.3 /usr/src
#
# cd /usr/src
# svn update /usr/src
cd /usr/src
make update SVN_UPDATE=yes
----
! /proc を使う
詳しくは
FB-tips
を
/etc/fstab に以下を追加
proc /proc procfs rw,noauto 0 0
一時的に使う場合には
## mount /proc
# mount -t procfs proc /proc
----
! 一つの Ether-net device に複数の IP を割り当てる
> ifconfig em0 alias 172.29.0.1 netmask 255.255.255.0
----
! CPU の温度を測る
/boot/loader.conf に
## amdtemp_load="YES"
coretemp_load="YES"
を追加 ( どちらにするかは試す事 )
確認方法
# sysctl -a | grep temperature
# sysctl -a | grep temperature
hw.acpi.thermal.tz1.temperature: 29.8C
hw.acpi.thermal.tz0.temperature: 27.8C
dev.cpu.1.temperature: 43.0C
dev.cpu.0.temperature: 45.0C
! NTFS のマウント
$ kldload fuse
$ dmesg
....
fuse-freebsd: version 0.4.4, FUSE ABI 7.8
$ cat /etc/rc.conf
...
fuse_load="YES"
...
How to mountting
$ ntfs-3g -oro /dev/sda0s2 /mnt/ntfs
$ mount | grep ntfs
## 基本的には コマンドでマウントする もし自動でするのであれば
#### mount_ からプログラム名が始まっていないので、fstab に記載するには
#### mount_ntfs から ntfs-3g へシンボリックリンクを作る必要がある。
!Release ISO の作成
FB-bootdvd
にまとめた
----
ベンチマークpolygraph1.3.1
----
! /boot/loader.conf
#RELOAD is
# service sysctl restart
#
# amdtemp_load="YES"
coretemp_load="YES"
# Accept filters for data, http and DNS requests
# Useful when your software creates process/thread on each request (i.e. apache)
# Note: DNS accf available on 8.0+
# Note: In case of badly written software this can increase performance,
# but I still would recommend against using accept filters in production because of
# their opacity - they really break abstractions. Also it's not trivial to debug/monitor
# their state.
#accf_data_load="YES"
#accf_http_load="YES"
#accf_dns_load="YES"
# Async IO system calls
aio_load="YES"
# Linux specific devices in /dev
# As for 8.1 it only /dev/full
#lindev_load="YES"
# Adds NCQ support in FreeBSD
# WARNING! all ad[0-9]+ devices will be renamed to ada[0-9]+
# 8.0+ only
#ahci_load="YES"
#siis_load="YES"
# FreeBSD 9+
# New Congestion Control for FreeBSD
cc_htcp_load="YES"
#cc_cubic_load="YES"
# Increase kernel memory size to 3G.
#
# Use ONLY if you have KVA_PAGES in kernel configuration, and you have more than 3G RAM
# Otherwise panic will happen on next reboot!
#
# It's required for high buffer sizes: kern.ipc.nmbjumbop, kern.ipc.nmbclusters, etc
# Useful on highload stateful firewalls, proxies or ZFS fileservers
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#vm.kmem_size="3G"
# If you have really busy forking webserver (i.e. apache13) you may run out of processes
#kern.maxproc=10000
# If your server has lots of swap (>4Gb) you should increase following value
# according to http://lists.freebsd.org/pipermail/freebsd-hackers/2009-October/029616.html
# Otherwise you'll be getting errors
# "kernel: swap zone exhausted, increase kern.maxswzone"
#kern.maxswzone="256M"
# Older versions of FreeBSD can't tune maxfiles on the fly
#kern.maxfiles="200000"
# Useful for databases
# Sets maximum data size to 1G
# (FreeBSD 7.2+ amd64 users: Check that current value is lower!)
#kern.maxdsiz="1G"
# Maximum buffer size(vfs.maxbufspace)
# You can check current one via vfs.bufspace
# Should be lowered/upped depending on server's load-type
# Usually decreased to preserve kmem
# (default is 10% of mem)
#kern.maxbcache="512M"
# Sendfile buffers
# Note: i386 only
#kern.ipc.nsfbufs=10240
# syncache tuning
net.inet.tcp.syncache.hashsize=32768
net.inet.tcp.syncache.bucketlimit=32
net.inet.tcp.syncache.cachelimit=1048576
# Send RST on listen queue overflow / memory shortage.
# Hosts behind Load-Balancer should set it to 1 to fail fast.
# Hosts facing clients should set it to 0 for client to retry connection.
#net.inet.tcp.syncache.rst_on_sock_fail=0
# Increased hostcache
# Later host cache can be viewed via net.inet.tcp.hostcache.list hidden sysctl
# Very useful for it's RTT RTTVAR
# Must be power of two
net.inet.tcp.hostcache.hashsize=65536
# hashsize * bucketlimit (which is 30 by default)
# It allocates 255Mb (1966080*136) of RAM
net.inet.tcp.hostcache.cachelimit=1966080
# TCP control-block Hash table tuning
# See: http://serverfault.com/questions/372512/why-change-net-inet-tcp-tcbhashsize-in-freebsd
net.inet.tcp.tcbhashsize=524288
# Disable ipfw deny all
# Should be uncommented when there is a chance that
# kernel and ipfw binary may be out-of sync on next reboot
#net.inet.ip.fw.default_to_accept=1
#
# SIFTR (Statistical Information For TCP Research) is a kernel module that
# logs a range of statistics on active TCP connections to a log file.
# See prerelease notes:
# http://groups.google.com/group/mailing.freebsd.current/browse_thread/thread/b4c18be6cdce76e4
# and man 4 sitfr
#siftr_load="YES"
# Enable superpages, for 7.2+ only
# See: http://lists.freebsd.org/pipermail/freebsd-hackers/2009-November/030094.html
vm.pmap.pg_ps_enabled=1
# Useful if you are using Intel-Gigabit NIC
#hw.em.rxd=4096
#hw.em.txd=4096
#hw.em.rx_process_limit="-1"
# Also if you have A LOT interrupts on NIC - play with following parameters
# NOTE: You should set them for every NIC
#dev.em.0.rx_int_delay: 250
#dev.em.0.tx_int_delay: 250
#dev.em.0.rx_abs_int_delay: 250
#dev.em.0.tx_abs_int_delay: 250
# There is also multithreaded version of em/igb drivers that can be found here:
# http://people.yandex-team.ru/~wawa/
#
# for additional em monitoring and statistics use
# sysctl dev.em.0.stats=1 ; dmesg
# sysctl dev.em.0.debug=1 ; dmesg
# Also after r209242 (-CURRENT) there is a separate sysctl for each stat variable;
# Same tunings for igb
#hw.igb.rxd=4096
#hw.igb.txd=4096
#hw.igb.rx_process_limit=100
# Some useful netisr tunables. See sysctl net.isr
#net.isr.maxthreads=4
#net.isr.defaultqlimit=10240
#net.isr.maxqlimit=10240
# Bind netisr threads to CPUs
#net.isr.bindthreads=1
#
# FreeBSD 9.x+
# Increase interface send queue length
# See commit message http://svn.freebsd.org/viewvc/base?view=revision&revision=207554
net.link.ifqmaxlen=1024
# IPC prametor
kern.ipc.msgmnb=8192
kern.ipc.msgssz=64
kern.ipc.msgtql=2048
# Nicer boot logo =)
loader_logo="beastie"
!sysctl.conf
# $FreeBSD: releng/10.1/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
#
# Ensure ZFS uses 4k block size
vfs.zfs.min_auto_ashift=12
kern.ipc.somaxconn=2048
# set to at least 16MB for 10GE hosts
kern.ipc.maxsockbuf=16777216
# socket buffers
net.inet.tcp.recvspace=4194304
net.inet.tcp.sendspace=2097152
net.inet.tcp.sendbuf_max=16777216
net.inet.tcp.recvbuf_max=16777216
net.inet.tcp.sendbuf_auto=1
net.inet.tcp.recvbuf_auto=1
net.inet.tcp.sendbuf_inc=16384
net.inet.tcp.recvbuf_inc=524288
# security
security.bsd.see_other_uids=0
security.bsd.see_other_gids=0
# drop UDP packets destined for closed sockets
net.inet.udp.blackhole=1
# drop TCP packets destined for closed sockets
net.inet.tcp.blackhole=2
# ipfw
net.inet.ip.fw.verbose_limit=3
# H-TCP congestion control algorithm
net.inet.tcp.cc.algorithm=htcp
# maximum incoming and outgoing IPv4 network queue sizes
net.inet.ip.intr_queue_maxlen=2048
net.route.netisr_maxqlen=2048
!Tips
https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning
!passwd の移行
master.passwd を
> pwd_mkdb -p /etc/master.passwd
実行
----
! FreeBSD チーミング
https://www.infraexpert.com/study/etherchannel1.html
https://www.cyberciti.biz/faq/freebsd-network-link-aggregation-trunking/
https://bompopo.wordpress.com/2012/01/25/freebsd-lagg%E3%81%AB%E3%82%88%E3%82%8B%E3%83%81%E3%83%BC%E3%83%9F%E3%83%B3%E3%82%B0%E8%A8%AD%E5%AE%9A/
https://qastack.jp/server/64356/freebsd-performance-tuning-sysctl-parameter-loader-conf-kernel
https://wiki.freebsd.org/NetworkPerformanceTuning
https://calomel.org/freebsd_network_tuning.html
----