Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 10 Mar 2014 18:10:33 +1100
From:      nano <nanotek@bsdbox.co>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>, freebsd-questions@freebsd.org
Subject:   Re: FreeBSD 10 + Apache + PHP
Message-ID:  <51f8966c-b54b-43d0-a2ef-e8d1cf35d5a9@email.android.com>
In-Reply-To: <531D60C4.1020903@infracaninophile.co.uk>
References:  <CAHzLAVHoiRRg2kN2xc-KSNKrYjScmHctGKFk9tAnxEJ-rxKQbA@mail.gmail.com> <15A20437-032F-421D-BF2A-503E71F63E70@shaw.ca> <CAHzLAVGC=Jbmg-Pqv1x%2BSdE9gcBFFR7zC5R6H2T-_V==Lp61jA@mail.gmail.com> <55998E68-F3A7-4508-91C4-424536FAA494@shaw.ca> <531D60C4.1020903@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
How do you properly mix packages from the local and FreeBSD repo? I've always been advised to avoid this and use local packages exclusively.

Matthew Seaman <m.seaman@infracaninophile.co.uk> wrote:
>On 10/03/2014 04:40, Dale Scott wrote:
>>> I too want to manage hosts exclusively with binary packages.  In the
>absence
>>> > of a working a Poudriere implementation, it appears I will have to
>install it via ports. :(
>
>> I don't see how Poudriere would help in this situation (but I also
>> don't know how Poudriere works). I just have one real server and a
>> couple of dev vm's. It doesn't feel it would be worthwhile to have a
>> local Poudriere repo, update it, rebuild the packages, and then
>> finally update my couple servers, when I couldjust "pkg upgrade" on
>> each server (if I can go 100% packages). Am I missing something?
>
>poudriere is the answer right now to the problem of wanting to use
>binary packages but finding that the default packages from
>pkg.freebsd.org are not built with the correct set of options.
>
>Eventually we will have sub-packages and other improvements to the way
>binary package management happens, so that binary packages become a lot
>more flexible, but those changes depend on the final demise of the
>pkg_tools and some of the current work on pkg(8) being released.  It's
>going to take months (at best) before this problem is addressed
>effectively.
>
>Until then, building your own pkgs using poudriere allows you all the
>speed and convenience of using a package repository with the
>flexibility
>to set your own options.  You can mix local poudriere built packages
>with official FreeBSD packages -- you do need to make sure your ports
>tree is fairly close to the version used in the official builds, maybe
>by tracking the 2014Q1 branch.  Running poudriere is not hugely
>onerous.
> Once you've got it set up, you can pretty much set up cron jobs to run
>the builds you want and leave it to do its thing with little additional
>attention required.
>
>Even if you only have a very few machines to maintain, poudriere will
>alleviate the amount of time and effort you need to put into doing
>that.
>
>	Cheers,
>
>	Matthew
>
>-- 
>Dr Matthew J Seaman MA, D.Phil.
>
>PGP: http://www.infracaninophile.co.uk/pgpkey
>JID: matthew@infracaninophile.co.uk

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 10 07:18:42 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 32CF6F77
 for <freebsd-questions@freebsd.org>; Mon, 10 Mar 2014 07:18:42 +0000 (UTC)
Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk
 [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 017F1E4F
 for <freebsd-questions@freebsd.org>; Mon, 10 Mar 2014 07:18:37 +0000 (UTC)
Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk
 [81.2.117.99]) (authenticated bits=0)
 by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s2A7IGYE002715
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Mon, 10 Mar 2014 07:18:17 GMT
 (envelope-from m.seaman@infracaninophile.co.uk)
DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s2A7IGYE002715
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=infracaninophile.co.uk; s=201001-infracaninophile; t=1394435897;
 bh=drGKo/Y8YhpXJqtoYHvoHYDLjOXOLStiUr8+wdaFf9k=;
 h=Date:From:To:Subject:References:In-Reply-To;
 z=Date:=20Mon,=2010=20Mar=202014=2007:18:15=20+0000|From:=20Matthew
 =20Seaman=20<m.seaman@infracaninophile.co.uk>|To:=20David=20Christ
 ensen=20<dpchrist@holgerdanske.com>,=20=0D=0A=20freebsd-questions@
 freebsd.org|Subject:=20Re:=20FreeBSD=2010=20installer=20and=20ZFS=
 20root|References:=20<53197EF6.4070902@holgerdanske.com>=20<531991
 3D.4040207@infracaninophile.co.uk>=20<10334f5b74b05d9445d071bd08f7
 3a24@dweimer.net>=20<531A0A0B.3010902@holgerdanske.com>=20<eca0373
 9afb425884241ed23c4202a7b@dweimer.net>=20<531D51EF.1080804@holgerd
 anske.com>|In-Reply-To:=20<531D51EF.1080804@holgerdanske.com>;
 b=Ye57zFbn0sctcw9E2CT4csqXhGLkCn+OEnPDrn/Tb7eDRcNjNr5THyLLA4rCZgZ6m
 YdjCAClJuCVXGN6gQkF44YJcUMIsPPI/wxZt+fwGhCH76Co2psfV7W7RAmqQqlUj13
 TcL9PlZFXVa7NHuxdQxPdc4mkiWj9FCR9D1gdpFY=
Message-ID: <531D6737.4020708@infracaninophile.co.uk>
Date: Mon, 10 Mar 2014 07:18:15 +0000
From: Matthew Seaman <m.seaman@infracaninophile.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: David Christensen <dpchrist@holgerdanske.com>,
 freebsd-questions@freebsd.org
Subject: Re: FreeBSD 10 installer and ZFS root
References: <53197EF6.4070902@holgerdanske.com>
 <5319913D.4040207@infracaninophile.co.uk>
 <10334f5b74b05d9445d071bd08f73a24@dweimer.net>
 <531A0A0B.3010902@holgerdanske.com>
 <eca03739afb425884241ed23c4202a7b@dweimer.net>
 <531D51EF.1080804@holgerdanske.com>
In-Reply-To: <531D51EF.1080804@holgerdanske.com>
X-Enigmail-Version: 1.6
OpenPGP: id=E7F39EBF
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0"
X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk
X-Virus-Status: Clean
X-Spam-Status: No, score=-2.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00,
 DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
 lucid-nonsense.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>;
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Mar 2014 07:18:42 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 10/03/2014 05:47, David Christensen wrote:
> freebsd-questions:
>=20
> I am testing FreeBSD-10.0-RELEASE-amd64-dvd1.iso on a system with:
>=20
>     Intel D945GTPLKR motherboard
>     Intel Pentium 4 640 processor
>     4 GB RAM
>     Maxtor 5T030H3 30 GB EIDE hard drive
>=20
>=20
> I have installed FreeBSD using the encrypted ZFS root option, similar t=
o
> the screenshot at the bottom of:
>=20
>     http://www.bsdnow.tv/tutorials/fde
>=20
> Except that I set Partition Scheme to "MBR" and Swap Size to "4g".
>=20
> Question -- do I need to make swap size equal to or larger than RAM?

No.  You don't /need/ to do this, especially nowadays with machines
having large amounts of RAM (by which I mean much more than just 4GB,
which is a fairly routine amount nowadays). In your case I'd advise a
swap size of something between RAM+delta or 2 x RAM.  4GB is about the
minimum you can run a serious ZFS based server with, although for light
duties or experimental purposes you can manage ZFS with much less RAM.

> The system boots and appears to work.  Do I understand the following
> correctly?
>=20
> 1.    root@p43200:~ # gpart show -p
>     =3D>      63  60030369    ada0  MBR  (29G)
>             63  60030369  ada0s1  freebsd  [active]  (29G)
>=20
>     =3D>       0  60030369   ada0s1  BSD  (29G)
>              0   4194304  ada0s1a  freebsd-zfs  (2.0G)
>        4194304   8388608  ada0s1b  freebsd-swap  (4.0G)
>       12582912  47447457  ada0s1d  freebsd-zfs  (23G)

I wouldn't make ada0s1a a ZFS partition if all it is intended to do is
hold an unencrypted /boot -- UFS gives you everything you need for that
use case, and all the extra ZFS goodness isn't really relevant there.

>     The disk has an MBR partition table and yields five GEOM providers
> -- ada0, ada0s1, ada0s1a, ada0s1b, and adas1d:
>=20
>     ada0 is the raw block device.
>=20
>     ada0s1 is a primary partition table entry pointing to an extended
> partition table.
>=20
>     The extended partition table contains partitions ada0s1a, ada0s1b,
> and ada0s1d.

Yes, that is correct.

>     Question -- can I adjust the size of ada0s1a and ada0s1d during
> installation?

I take it you mean 'can I install using different partition sizes?'
rather than 'can I change the sizes of the partitions after the fact?'

The installer contains a pretty reasonable partition editor, or it is
entirely possible to boot the install media to a live FS and set up your
drives from the command line, and then continue the installation using
the installer.

If you're asking about changing the size of existing partitions, then
the answer is 'maybe'.  You can't shrink the size of a partition with a
ZFS or UFS filesystem on it easily, and you can't move the beginning of
such a partition.  You can add space to the end of a partition with a FS
on it, and you can do pretty much whatever you want to a swap area.

>=20
> 2.    root@p43200:~ # swapinfo
>     Device          1K-blocks     Used    Avail Capacity
>     /dev/ada0s1b      4194304        0  4194304     0%
>=20
>     ada0s1b is used for swap.
>=20
>     swap is unencrypted.
>=20
>     Question -- can I arrange for swap to be encrypted during installat=
ion?

Set this up after installation

>     Question -- if not, is section 18.15 of the FreeBSD handbook correc=
t
> for FreeBSD 10?
>=20
>=20
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/swap-encrypti=
ng.html
>=20
>=20
>     E.g. to encrypt swap using a one-time random key at boot, add the
> following line, or something similar per geli(8), to /etc/rc.conf:
>=20
>     geli_swap_flags=3D"-e blowfish -l 128 -s 4096 -d"

Yes -- this is the way to go.

>=20
> 3.      root@p43200:~ # zpool list -v
>     NAME            SIZE  ALLOC   FREE    CAP  DEDUP  HEALTH  ALTROOT
>     bootpool       1.98G   447M  1.55G    21%  1.00x  ONLINE  -
>       ada0s1a      1.98G   447M  1.55G         -
>     zroot          22.5G  1.73G  20.8G     7%  1.00x  ONLINE  -
>       ada0s1d.eli  22.5G  1.73G  20.8G         -
>=20
>     There are two ZFS pools, bootpool and zroot.
>=20
>     bootpool is based upon ada0s1a.
>=20
>     zroot is based upon ada0s1d.eli.
>=20
>     Question -- can I set ZFS pool options for bootpool and zroot durin=
g
> installation?

No, but the installer sets the options you'ld want already.  Hint: you
do *not* want dedup -- it sounds attractive, but really it's only useful
in some quite limited circumstances and it needs a system with a very
much larger quantity of RAM than you have.

You can easily change zpool or ZFS properties after installation, but
generally this leaves anything already written with the original settings=
=2E

>=20
> 4.      root@p43200:~ # zfs list -r -t all bootpool
>     NAME       USED  AVAIL  REFER  MOUNTPOINT
>     bootpool   447M  1.52G   446M  /bootpool
>=20
>     bootpool has only the default file system.
>=20
>     Question -- can I set ZFS file system options for bootpool during
> installation?

No, not unless you go down the route of setting up your pools etc.
manually. Set the options once you've got the machine up and running.


> 5.      root@p43200:~ # geli list
>     Geom name: ada0s1d.eli
>     State: ACTIVE
>     EncryptionAlgorithm: AES-XTS
>     KeyLength: 256
>     Crypto: software
>     Version: 7
>     UsedKey: 0
>     Flags: BOOT
>     KeysAllocated: 6
>     KeysTotal: 6
>     Providers:
>     1. Name: ada0s1d.eli
>        Mediasize: 24293097472 (23G)
>        Sectorsize: 4096
>        Mode: r1w1e1
>     Consumers:
>     1. Name: ada0s1d
>        Mediasize: 24293097984 (23G)
>        Sectorsize: 512
>        Stripesize: 0
>        Stripeoffset: 2147515904
>        Mode: r1w1e1
>=20
>     ada0s1d is consumed by geom_eli (GELI) and yields provider ada0s1d.=
eli.
>=20
>     Question -- can I set encryption options for ada0s1d.eli during
> installation?

Not sure.  Unless you know exactly what you're doing with crypto stuff,
I'd advise taking the defaults the installer gives you, or you could
accidentally end up with something less secure than you intended.

> 6.      root@p43200:~ # zfs list -r -t all zroot
>     NAME                 USED  AVAIL  REFER  MOUNTPOINT
>     zroot               1.73G  20.4G   144K  none
>     zroot/ROOT           411M  20.4G   144K  none
>     zroot/ROOT/default   411M  20.4G   411M  /
>     zroot/tmp            176K  20.4G   176K  /tmp
>     zroot/usr           1.33G  20.4G   144K  /usr
>     zroot/usr/home       144K  20.4G   144K  /usr/home
>     zroot/usr/ports      813M  20.4G   813M  /usr/ports
>     zroot/usr/src        545M  20.4G   545M  /usr/src
>     zroot/var           1.31M  20.4G   688K  /var
>     zroot/var/crash      148K  20.4G   148K  /var/crash
>     zroot/var/log        212K  20.4G   212K  /var/log
>     zroot/var/mail       144K  20.4G   144K  /var/mail
>     zroot/var/tmp        152K  20.4G   152K  /var/tmp
>=20
>     zroot has many file systems.
>=20
>     Question -- can I set ZFS file system options during installation?

No -- this is a post installation job.  The installer gets it pretty
much right already in any case.

	Cheers,

	Matthew

--=20
Dr Matthew J Seaman MA, D.Phil.

PGP: http://www.infracaninophile.co.uk/pgpkey
JID: matthew@infracaninophile.co.uk


--0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.20 (Darwin)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQJ8BAEBCgBmBQJTHWc4XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC
QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkATAP0QAIBt/in7Efh6Uv2f6OvHXZxa
8YCoj7Q3rjy0LVj5ruoDkQfInWu0nUNX+QbXLPbwa3zm4Fiuirv+fLpXelEMeide
Bw7GWEq9C/E/ANQOstYWkePYIk6SnIfn1Qok8QBlv7nFBmOjX2BF+iBosOf1UDjK
EyRK7Rbwht8maMlsbiQGchGb8JuuCtEERhpwmQvK3c16q2RxE/x6EqG9IPivLRBf
IN6Xwd4gE/UOpFIzBPhTyX5K1Awd9HMYBMlNmJUmVtFN9T1YFO8vMClDzFq2m/T3
01kRWTBt/7ABFTstb8+qqqV/u0IhEDL+rlyLEu4blWfWMKSAA4NxfhiVocRtnOPL
OJzQ8NQ3MXmkFFH3TjhYf87HzzgxH1wUQlw5FBw5tLsp7ww7t+lzM/N3nfEYig73
1x+hvUIAP12BE27ZKG8H5gb6jYdCFAj+8gcsrut+BKjvmln4SHK/cq7WsU6/+O7L
s8IQ70L7QxWD7zVs2ZTY9W5SHJaG0214ylFq/I9lYkQE8eTIWPYe8PPIKrQ3Xdh7
O/zmfUnL5oK+2Djc0jvpesJFZXm9KyJPW9p7Qg+wxKf8W+hyY0aelPm9qpUPqYkN
sn9lnT/IoRJMbUzFTQjaoesx8jvkG6rdiSujfnSfLpCG4XQuDDhegw1p74SIscpz
Lh+9TVzzNPDrRuiwPNgz
=uBK8
-----END PGP SIGNATURE-----

--0Qgi31rwOqjeIIxcvL85B7P8Q1QCDFTl0--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51f8966c-b54b-43d0-a2ef-e8d1cf35d5a9>