Installing FreeBSD 5.3 on QUARKPRIME
Jump to navigation
Jump to search
Initial installation
The install of FreeBSD 5.3 was fairly typical, with the exception that ACPI had to be disabled. This can be done by selecting "2" at the boot prompt, and permanently by adding hw.acpi.0.disable="1" to /boot/loader.conf.
After booting, the 54GB RAID-5 volume was partitioned like so:
/ | UFS2 | 512MB |
/clients | UFS2 w/ SoftUp. | 36GB |
/var | UFS2 w/ SoftUp. | 3GB |
/usr | UFS2 w/ SoftUp. | 10GB |
After partitioning, base, compat4x, manpages, src, ports, and perl were selected for installation.
Configuration
The initial configuration consisted of adding the above-mentioned ACPI line to /boot/loader.conf, and then adding this /etc/rc.conf file:
usbd_enable="YES" hostname="quarkprime.cs.earlham.edu" nisdomainname="cs.earlham.edu" ifconfig_xl0="inet 159.28.230.91 netmask 255.255.255.0" ifconfig_xl1="inet 192.168.0.91 netmask 255.255.255.0" named_enable="YES" rwhod_enable="YES" sshd_enable="YES" nfs_server_enable="YES" mountd_enable="YES" mountd_flags="-rl" rpc_lockd_enable="YES" rpc_statd_enable="YES" rpcbind_enable="YES" ntpd_enable="YES" nis_client_enable="YES" nis_client_flags="-S cs.earlham.edu,159.28.230.91,159.28.230.3" nis_server_enable="YES" nis_yppasswdd_enable="YES" defaultrouter="159.28.230.1" saver="green" enable_quotas="YES" accounting_enable="YES" linux_enable="YES" kern_securelevel_enable="YES" kern_securelevel="1"
- I rebooted to make sure everything worked, and then ran ssh-keygen -t dsa to generate a public/private key pair, and gave it no password to remove the need to use an agent. I appended quarkprime's /root/.ssh/id_dsa.pub in quark's /root/.ssh/authorized_keys file, and quark's /root/.ssh/id_dsa.pub in quarkprime's /root/.ssh/authorized_keys file.
- After getting ssh working, I installed a precompiled cvsup using /stand/sysinstall, and then proceeded to pull down fresh ports and src trees. I recompiled the kernel to enable SMP and quota support, and also to cut down on the amount of hardware drivers loaded with it.
- For the NIS configuration, I made sure that the domainname was set to cs.earlham.edu, fired up rpcbind and ypserv, and then ran ypinit -s cs.earlham.edu to pull a fresh NIS map from quark. I added +:::::::: to the end of /etc/passwd and +::: to the end of /etc/group to enable the fall-through to NIS.
- I put the 192.168.0 address for quark, quarkprime, image, and backup in /etc/hosts.
- I installed the Amanda client utilities, with the server set as backup.
- I installed LPRng, and copied over quark's printcap file to /etc/ on quarkprime. I also installed the ifhp package to provide support for our HP printers.
- Because of a security issue with the default perl 5.8.5, I decided to upgrade to 5.8.6. I built the portupgrade utility so I could run this command:
portupgrade -f `(pkg_info -R perl-5\* |tail +4; \ find /usr/local/lib/perl5/site_perl/5.[68].[1245] -type f -print0 \ | xargs -0 pkg_which -fv | sed -e '/: ?/d' -e 's/.*: //')|sort -u`
- I installed Apache with these options: WITH_APACHE_SUEXEC=yes APACHE_SUEXEC_CALLER=nobody APACHE_SUEXEC_LOG=/var/log/httpd/httpd-suexec.log APACHE_SUEXEC_USERDIR=www WITH_APACHE_MODACCEL=yes WITH_APACHE_MODDEFLATE=yes.
- I installed all the Apache modules from quark, except: mod_auth_pgsql (broken pkg-list)
- I installed ImageMagick, which in turn installed the ghostscript port.
- I installed zsh.
- I would have installed wget, but there are multiple vulnerabilities.
- I installed PHP4 from ports, copying quark's config for the extensions. I installed all the extensions except: curl (security vulnerability)
- As work progressed, I discovered a bugin the PHP Postgres module that causes Apache to segfault. The only fix I discovered was an upgrade to Apache 2 and PHP5. This will necessitate figuring out how ipfw/dummynet or ipf/altq work for bandwidth management, because mod_bandwidth hasn't been ported to Apache 2. All other modules work normally.
Todo
- Setup rsync for /clients and /var/mail
- Install vim and emacs
- Figure ACPI problem wrt rebooting