FreeBSD 7.0 New Install

I’ve been running various versions of FreeBSD since 2001, and over that time the installation procedure has changed several times as new versions of the operating system have been released. Since I’m jack of all trades (or at least many trades), often several months or more passes without significant work in the UNIX environment, and my memory fades as I’m engrossed in something completely different such as software development work. I’m still running FreeBSD 6.1 in production environments, but want to make the move to 7.0 soon. Before doing so, however, I decided to set up a reference system and document the setup process to avoid major surprises (or my own memory glitches) as I reinstall the OS on the production systems — and hopefully have as a result minimum downtime possible.

Step one… FreeBSD installation using the Custom install. I post my notes below; perhaps someone will find this useful. The system is being set up as a web/db/mail server that is administered remotely; no X11 is needed or desired.

1. Use custom install w/defaults except..
   Skip PCCARD: YES
   Media Type: CDROM
2. Set keymap if not ASCII (I use Finnish keyboard so I selected “Finnish ISO”) and timezone in post install.
3. Old mount point & label info is ok (from the older installations). I use “4069M” for boot, “6100M” for swap, and rest for application data (generally a largish RAID-5 or RAID-6 array is used), the respective mount point labels are “/”, swap, and “/usr”. I use standard boot record since no other operating systems are installed on the system. Boot drive is made bootable, softupdates is enabled on the data slice.
4. Configure network, system name, keyboard map (sysinstall should’ve created delta for it) in /etc/rc.conf.  Much more should and will go into it, but the basics that will get the system online are:
   
keymap="finnish.iso" #obviously optional :)
hostname="this.systemname.com"
defaultrouter="192.168.1.1"
ifconfig_em0="inet 192.168.1.99 netmask 255.255.255.0" #currently installing behind a firewall
fsck_y_enable="yes" #this is good to set in case your system crashes during setup without orderly shutdown.. you don't have to press "yes" a million times

   Note that you may have a different kind of network interface and you might have to adjust the “ifconfig_em0 accordingly.
5. Configure DNSes in /etc/resolv.conf. I use OpenDNS servers, like so:
   
domain this.systemname.com
nameserver 208.67.222.222
nameserver 208.67.220.220
6. If you’re basing this installation on an older install, import your old .cshrc or the equivalent alias/setting file of your favorite shell (makes the life easier as aliases work, etc).
7. If you’re not using X11, enter `WITHOUT_X11′ in /etc/make.conf so you don’t have to set it in the environment every time.
   
WITHOUT_X11=yes #don't compile GUI to ports apps
CPUTYPE=i686 #set this for modern Intel CPUs
KERNCONF=YOUR_KERNEL_CONF_FILE_NAME
OPENSSLBASE=/usr/local #obviously if you use OpenSSL
8. Build /usr/ports/net/cvsup with WITHOUT_X11 set in make.conf (as above) or in the environment, or use /usr/ports/net/cvsup-without-gui/ and update the ports tree.First create /usr/local/etc/cvsup/supfile.ports containing:
   
*default host=cvsup12.FreeBSD.org
*default base=/usr/local/etc/cvsup
*default prefix=/usr
*default release=cvs tag=.
*default delete use-rel-suffix
ports-all

   If you want to use the fastest cvs server available, install /usr/ports/sysutils/fastest_cvsup/ and run with fastest_cvsup -c us (replace ‘us’ with your local country code if you’re not in the U.S. :-)), then use the cvs server indicated as the default host. Then update ports with
   /usr/local/bin/cvsup -g -L 2 /usr/local/etc/cvsup/supfile.ports

   You can use an optional `-d 100′ to limit file deletions to 100 initially to make sure update is working and the entire ports tree won’t be wiped out. Then remove it for full run (intial run *will* need to delete more than 100 files, but they’re not all in sequence)

9. Build & install /usr/ports/editors/joe (or whatever your favorite editor might be); this makes life easier as configuration progresses.
10. Build & install /usr/ports/security/openssh-portable. Use defaults + select `Enable CHROOT support’ (for later use)
11. Create a non-root user for remote login. vipw is an easy way to manage users.
12. Configure OpenSSH daemon in /usr/local/etc/ssh/sshd_config & make sure sshd starts (set openssh_enable=”yes” in /etc/rc.conf, and make sure the start file is called /usr/local/etc/rc.d/openssh.sh; reboot may be required to create the necessary server keys & start the service (confirm with ps -waux | grep “ssh”).sshd_config params of note (for initial access) are..
    
AllowUsers root MyUserName
PermitRootLogin without-password #allow root login only with a RSA-key
PasswordAuthentication yes
UsePAM no
UseDNS no

    ** remote login should be possible at this point **
13. Create /usr/local/etc/cvsup/supfile.sources with the below content, then update sources with /usr/local/bin/cvsup -g -L 2 /usr/local/etc/cvsup/supfile.sources
    
*default host=cvsup17.FreeBSD.org
*default base=/usr/local/etc/cvsup
*default prefix=/usr
*default release=cvs tag=RELENG_7_0
*default delete use-rel-suffix
src-all
doc-all
14. Review kernel configuration at /usr/src/sys/i386/conf (see my kernel defaults in the next post).
15. Build & install new world if any deltas were applied in source update:
    cd /usr/src && make buildworld.
    If there are problems, try the following, then run buildworld again.
    
cd /usr/obj
chflags -R noschg *
rm -rf *

    When buildworld completes, reboot the system, select option 4, or interrupt the reboot (option 6) and type boot -s to boot into single user mode; accept /bin/sh as the shell, then continue with the following commands to install new world:
    
mount -u /
mount -a -t ufs
swapon -a

    cd /usr/src
    make installworld

    exit (goes multi-user)

16. Build custom kernel & install with below commands:
    
cd /usr/src
make cleandir
make buildkernel
if this fails, try cd /usr/src/usr.sbin/config/ && make depend all install clean and also check your kernel configuration file for problems, then start the above build process again.
17. Make a backup copy of the old kernel and install the new:
    
cp -Rp /boot/kernel /boot/kernel.recent
make installkernel
18. Reboot & confirm that the latest kernel version is running with uname -a (or uname -rs).
19. Make a copy of the functional kernel if boot is ok:chflags -R noschg /boot/kernel && cp -Rp /boot/kernel /boot/kernel.save && chflags -R schg /boot/kernel
    
20. Set /boot/loader.conf parameters, like so:
    
kern.ipc.nmbclusters=16384 # Set the number of mbuf clusters
kern.ipc.maxsockets=16384 # Set the number of tcp sockets
kern.ipc.maxpipekva=67108864
kern.maxusers=128

Basic install & kernel setup is now complete.