Infrastructure at your Service

Daniel Westermann

PostgreSQL on FreeBSD, updating & configuration

In the last post we installed FreeBSD, configured the keyboard, time zone and the first network interface, which gets it’s IP address via DHCP. In this post we’ll look at how we can configure the second interface, which gets a static IP address in the host only network. Once we’ve done that, we’ll update the system to the latest packages, have a look at the file system layout and kernel parameters so we can later on proceed with installing PostgreSQL.

Currently we only have the NAT interface configured. We could start working with the system in the VirtualBox console:

You’ll quickly notice that this is not much fun as the size of the terminal is fixed, rather small, and copy&paste is not working. Using a remote SSH connection is more convenient and we can already do that by using port forwarding with the NAT interface:


Having that ready we can connect with SSH:

[email protected]:~$ ssh -o Port=4444 [email protected]
The authenticity of host '[localhost]:4444 ([127.0.0.1]:4444)' can't be established.
ECDSA key fingerprint is SHA256:aq6Eb4lW5rDz+BTR9cLrK6uXiIqhSNuLBhYVH5w+f/o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:4444' (ECDSA) to the list of known hosts.
Password for [email protected]:
Password for [email protected]:

Even if the password is correct, we’ll not be able to connect as root, as logins over ssh with root are not allowed. So, back to the console:

This is of course nothing you should do with serious installations, but for testing it is fine. Restarting services in FreeBSD is done with the “service” command:

From now on the SSH connection will accept root logins:

[email protected]:~$ ssh -o Port=4444 [email protected]
Password for [email protected]:
Last login: Thu Feb 18 22:42:21 2021
FreeBSD 12.2-RELEASE r366954 GENERIC 

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
[email protected]:~ $ 

That SSH is actually started when the system is booting, is controlled by rc.conf:

[email protected]:~ $ cat /etc/rc.conf
hostname="freebsd.it.dbi-services.com"
keymap="ch.kbd"
ifconfig_em0="DHCP"
sshd_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"

Remember, we are not on Linux, there is no systemd, so everything is configured in plain files. Now, that we are logged in, lets bring the system to the latest packages. To do this in FreeBSD, there is the “freebsd-update” command. The first step is to fetch the updates (which will give you a list of files that will be updated), the second step is to actually install the updates:

[email protected]:~ # freebsd-update fetch
src component not installed, skipped
Looking up update.FreeBSD.org mirrors... none found.
Fetching public key from update.FreeBSD.org... done.
Fetching metadata signature for 12.2-RELEASE from update.FreeBSD.org... done.
Fetching metadata index... done.
Fetching 2 metadata files... done.
Inspecting system... done.
Preparing to download files... done.
Fetching 91 patches.....10....20....30....40....50....60....70....80....90 done.
Applying patches... done.
The following files will be updated as part of updating to
12.2-RELEASE-p3:
/bin/freebsd-version
/boot/kernel/autofs.ko
/boot/kernel/kernel
/boot/kernel/linux.ko
/boot/kernel/linux64.ko
/boot/kernel/mqueuefs.ko
...
[email protected]:~ # freebsd-update install
src component not installed, skipped
Installing updates...Scanning //usr/share/certs/blacklisted for certificates...
Scanning //usr/share/certs/trusted for certificates...
 done.

Time to configure our second interface. To get the name of the interfaces there is “ifconfig”:

[email protected]:~ # ifconfig -a
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:c1:d7:d6
        inet 10.0.2.15 netmask 0xffffff00 broadcast 10.0.2.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29
em1: flags=8802 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:39:4e:9a
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29
lo0: flags=8049 metric 0 mtu 16384
        options=680003
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21

The first one (em0) is our NAT interface, the second on (em1) is the one attached to the host only network. Configuring network interfaces is also done via /etc/rc.conf:

hostname="freebsd.it.dbi-services.com"
keymap="ch.kbd"
ifconfig_em0="DHCP"
ifconfig_em1="inet 192.168.22.17 netmask 255.255.255.0"
sshd_enable="YES"
ntpd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
zfs_enable="YES"

Once you restarted the network, the second interface is ready:

[email protected]:~ # service netif restart
Stopping dhclient.
Stopping Network: lo0 em0 em1.
lo0: flags=8048 metric 0 mtu 16384
        options=680003
        groups: lo
        nd6 options=21
em0: flags=8c02 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:c1:d7:d6
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29
em1: flags=8c02 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:39:4e:9a
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29
Starting Network: lo0 em0 em1.
lo0: flags=8049 metric 0 mtu 16384
        options=680003
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21
em0: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:c1:d7:d6
        inet 10.0.2.15 netmask 0xffffff00 broadcast 10.0.2.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29
em1: flags=8843 metric 0 mtu 1500
        options=81009b
        ether 08:00:27:39:4e:9a
        inet 192.168.22.17 netmask 0xffffff00 broadcast 192.168.22.255
        media: Ethernet autoselect (1000baseT )
        status: active
        nd6 options=29

Port forwarding to the NAT interface is not anymore required from now on, as you can directly connect to the second interface:

[email protected]:~$ ssh [email protected]
The authenticity of host '192.168.22.17 (192.168.22.17)' can't be established.
ECDSA key fingerprint is SHA256:aq6Eb4lW5rDz+BTR9cLrK6uXiIqhSNuLBhYVH5w+f/o.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.22.17' (ECDSA) to the list of known hosts.
Password for [email protected]:
Last login: Thu Feb 18 23:29:46 2021 from 10.0.2.2
FreeBSD 12.2-RELEASE r366954 GENERIC 

Welcome to FreeBSD!

Release Notes, Errata: https://www.FreeBSD.org/releases/
Security Advisories:   https://www.FreeBSD.org/security/
FreeBSD Handbook:      https://www.FreeBSD.org/handbook/
FreeBSD FAQ:           https://www.FreeBSD.org/faq/
Questions List: https://lists.FreeBSD.org/mailman/listinfo/freebsd-questions/
FreeBSD Forums:        https://forums.FreeBSD.org/

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.

I really like how easy it is to configure the network. One line in the correct file, and you’re done.

When we installed FreeBSD in the last post, we opted for ZFS as the file system, and this is how it looks like:

[email protected]:~ $ df -h
Filesystem            Size    Used   Avail Capacity  Mounted on
zroot/ROOT/default     26G    1.1G     25G     4%    /
devfs                 1.0K    1.0K      0B   100%    /dev
zroot/tmp              25G     96K     25G     0%    /tmp
zroot                  25G     96K     25G     0%    /zroot
zroot/usr/home         25G     96K     25G     0%    /usr/home
zroot/usr/src          25G     96K     25G     0%    /usr/src
zroot/usr/ports        26G    711M     25G     3%    /usr/ports
zroot/var/audit        25G     96K     25G     0%    /var/audit
zroot/var/crash        25G     96K     25G     0%    /var/crash
zroot/var/log          25G    144K     25G     0%    /var/log
zroot/var/mail         25G     96K     25G     0%    /var/mail
zroot/var/tmp          25G     96K     25G     0%    /var/tmp

The installer created one zpool and several file systems within that pool:

[email protected]:~ $ zpool list
NAME    SIZE  ALLOC   FREE  CKPOINT  EXPANDSZ   FRAG    CAP  DEDUP  HEALTH  ALTROOT
zroot  27.5G  1.79G  25.7G        -         -     0%     6%  1.00x  ONLINE  -
[email protected]:~ $ zfs list
NAME                 USED  AVAIL  REFER  MOUNTPOINT
zroot               1.79G  24.9G    96K  /zroot
zroot/ROOT          1.09G  24.9G    96K  none
zroot/ROOT/default  1.09G  24.9G  1.09G  /
zroot/tmp             96K  24.9G    96K  /tmp
zroot/usr            711M  24.9G    96K  /usr
zroot/usr/home        96K  24.9G    96K  /usr/home
zroot/usr/ports      711M  24.9G   711M  /usr/ports
zroot/usr/src         96K  24.9G    96K  /usr/src
zroot/var            624K  24.9G    96K  /var
zroot/var/audit       96K  24.9G    96K  /var/audit
zroot/var/crash       96K  24.9G    96K  /var/crash
zroot/var/log        144K  24.9G   144K  /var/log
zroot/var/mail        96K  24.9G    96K  /var/mail
zroot/var/tmp         96K  24.9G    96K  /var/tmp

With ZFS you have all the nice features such as RAID, de-duplication, compression, snapshots and much more. There is a dedicated page in the FreeBSD wiki if you want dig deeper and play around with ZFS.

The default shell on FreeBSD is not bash, but tcsh.

[email protected]:~ $ echo $SHELL
/bin/csh

If you are not happy with that, you can install bash using the pkg command. When pkg is used for the first time it needs to bootstrap itself:

[email protected]:~ # pkg search bash
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+http://pkg.FreeBSD.org/FreeBSD:12:amd64/quarterly, please wait...
Verifying signature with trusted certificate pkg.freebsd.org.2013102301... done
Installing pkg-1.16.1...
Extracting pkg-1.16.1: 100%
pkg: Repository FreeBSD missing. 'pkg update' required
bash-5.1.4                     GNU Project's Bourne Again SHell
bash-completion-2.11,2         Programmable completion library for Bash
bash-static-5.1.4              GNU Project's Bourne Again SHell
bashtop-0.9.25_1               Linux/OSX/FreeBSD resource monitor
checkbashisms-2.19.6           Check for the presence of bashisms
erlang-mochiweb-basho-2.9.0p2  Erlang library for building lightweight HTTP servers (Basho fork)
mybashburn-1.0.2_4             Ncurses CD burning bash script
p5-Bash-Completion-0.008_2     Extensible system to provide bash completion
p5-Term-Bash-Completion-Generator-0.02.8_2 Generate bash completion scripts
switchBashZsh-1.1              Portable shell setup for Bash/Zsh across FreeBSD/Linux/Cygwin

Because we care about warnings we’ll update first, and then install bash:

[email protected]:~ # pkg update
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
[email protected]:~ # pkg install bash
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: 100%
The following 4 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        bash: 5.1.4
        gettext-runtime: 0.21
        indexinfo: 0.3.1
        readline: 8.0.4

Number of packages to be installed: 4

The process will require 11 MiB more space.
2 MiB to be downloaded.

Proceed with this action? [y/N]: y
[1/4] Fetching bash-5.1.4.txz: 100%    1 MiB   1.5MB/s    00:01    
[2/4] Fetching indexinfo-0.3.1.txz: 100%    6 KiB   5.8kB/s    00:01    
[3/4] Fetching readline-8.0.4.txz: 100%  353 KiB 361.2kB/s    00:01    
[4/4] Fetching gettext-runtime-0.21.txz: 100%  165 KiB 168.8kB/s    00:01    
Checking integrity... done (0 conflicting)
[1/4] Installing indexinfo-0.3.1...
[1/4] Extracting indexinfo-0.3.1: 100%
[2/4] Installing readline-8.0.4...
[2/4] Extracting readline-8.0.4: 100%
[3/4] Installing gettext-runtime-0.21...
[3/4] Extracting gettext-runtime-0.21: 100%
[4/4] Installing bash-5.1.4...
[4/4] Extracting bash-5.1.4: 100%
[[email protected] ~]# bash --version
GNU bash, version 5.1.4(0)-release (amd64-portbld-freebsd12.2)
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Pretty much the same as in Linux, is setting kernel parameters. All the parameters can be either set with “sysctl” or directly in sysctl.conf:

[[email protected] ~]# sysctl -a | head
kern.ostype: FreeBSD
kern.osrelease: 12.2-RELEASE
kern.osrevision: 199506
kern.version: FreeBSD 12.2-RELEASE r366954 GENERIC

kern.maxvnodes: 112396
kern.maxproc: 7396
kern.maxfiles: 64209
kern.argmax: 524288
kern.securelevel: -1
[[email protected] ~]# cat /etc/sysctl.conf | head
# $FreeBSD: releng/12.2/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
#
#  This file is read when going to multi-user and its contents piped thru
#  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
#

# Uncomment this to prevent users from seeing information about processes that
# are being run under another UID.
#security.bsd.see_other_uids=0
vfs.zfs.min_auto_ashift=12

We have configured the network, updated the system and we know how to search for, and install packages, and we know how we can set kernel parameters. Ready for installing PostgreSQL, in the next post.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Daniel Westermann
Daniel Westermann

Principal Consultant & Technology Leader Open Infrastructure