Date: Tue, 20 Jun 2017 10:44:36 -0500 (CDT) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "Jim Ohlstein" <jim@mailman-hosting.com> Cc: "Peter Ludikovsky" <peter@ludikovsky.name>, freebsd-questions@freebsd.org Subject: Re: New User, new server Message-ID: <31261.128.135.52.6.1497973476.squirrel@cosmo.uchicago.edu> In-Reply-To: <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com> References: <800e15b2-d7f5-d339-bd77-862e9d0cab5b@ludikovsky.name> <e78c3da2-2b85-4b2b-ef3e-396b59208e72@mailman-hosting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, June 20, 2017 10:22 am, Jim Ohlstein wrote: > Hello, > > On 06/20/2017 10:33 AM, Peter Ludikovsky wrote: >> Hello, >> >> I recently acquired a former office tower to replace my old home >> server (Debian 8), itself an even older office tower. As it's my >> primary storage location for images and documents I want something >> stable, and I want to try something besides Linux, so I'm going for >> FreeBSD 11-RELEASE. Which brings a few questions: > > Good choice! > >> >> 1) The new machine comes with a 128G SSD, in addition to the 2 4T >> HDDs from the older server. I'd like to set up ZFS root, with a slice >> of the SSD as ZIL and L2ARC, and the root mirrored across the SSD and >> the 2 HDDs. Does this make sense, and if so what would be the ideal >> slice layout? Or should I just use the whole SSD as ZIL/L2ARC? > > I wouldn't mirror anything across an SSD and a magnetic drive (or two). > Pick either the SSD or the drives. > > ZIL/L2ARC may be overkill on a home system unless it's frequently > accessed by multiple users, but if you insist on having both on one SSD, > make them the only things on the drive, and keep everything else on the > 4TB drives. It's best to have ZIL and L2ARC on different, dedicated > devices, but your hardware eliminates that possibility. > >> >> 1.1) Can I start this setup with just the SSD an one HDD, as to keep >> the old server alive until everything is migrated? > > It's very easy to add to ZFS if you plan to mirror. You can add a > striped drive, but the results won't be as good as if you create the > zpool as striped. > >> >> 2) Moving data from the old machine. Can I run zfs send/receive to >> get the ZFS on Linux datasets onto FreeBSD, or do I need to (r)sync? > > It _should_ work, but rsync will work. > >> >> 3) Firewalling: PF, IPFW, or IPFilter? The machine will be behind an >> ISP provided router, but I'm paranoid enough to want an additional >> firewall on that machine, and one that plays nice with fail2ban at >> that. > > Unless you're running services that expect outside connections (say if > this is a file server), it won't matter. In fact, it really doesn't > matter anyway. I originally used IPFilter, but at some point I switched over to IPFW. The problem with IPFilter I had was: IPFilter has very small buffer, so on busy server you end up with locked up connections once buffer gets filled. To fix that you had to go and edit a couple of lines in IPFilter kernel module, and recompile it... and keep doing it with every kernel update. It is possible that that is changed, but if I were to start now, I either would go with PF or IPFW (the last somehow virtually didn't have any learning curve for Linux refugee - me). Valeri > Pick one, learn it, use it. I use PF. I've used the other > two also. PF includes functionality for port redirection and NAT. I have > no idea about fail2ban. I use PF tables and the expiretable utility. > >> >> 4) As far as I understand it the host plays gateway for jails. Does >> that mean that any firewalling is done there too? If so, is any >> special configuration required besides enabling IP forwarding? (NAT, >> …) > > Yes. PF (at least) applies all rules to all packets. I'd assume the > others do as well. > >> >> 5) Currently all services on the machine run together. With FreeBSD >> I'd like to jail them. Is there an easy way to convert, or will I be >> creating jails for the services & shovel the data over as if it's a >> fresh install? > > You'll have to create the jails manually and move your data. The ezjail > utility, among others, makes this easy. Creating a cloned loopback for > your jails allows them to communicate with each other while being > isolated from the outside. > >> >> Any pointers are appreciated. I'm in no hurry (old machine ain't >> dying yet), and I'd rather do it slow & clean than fast & dirty. >> > > > -- > Jim Ohlstein > Profesional Mailman Hosting > https://mailman-hosting.com > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31261.128.135.52.6.1497973476.squirrel>