FreeBSD
configurationoperating_systemsfreebsd

Maintenance #

Updates # 

freebsd-update fetch; freebsd-update install
pkg update
cd /usr/ports/; make update; portupgrade -a
ezjail-admin update -Pu
jls name | xargs -I%  pkg -j% upgrade

package management # 

pkg info -a         ;# lists all installed packages
pkg info -l <PKG>   ;# lists files installed by a specific <PKG>
pkg info -D <PKG>   ;# displays the 'install-message' once again
pkg info <PKG>      ;# displays verbose information about an installed package
pkg search -f <PKG> ;# displays verbose information about any package (not only installed)

# search all packages with "Matrix" in their description list all packges
# with name and description as usual with a simple name search:
pkg search -S description -L name -C Matrix

tips #

There is no watch(8) in the base system, but a package cmdwatch(8) under FreeBSD, which does not support intervals under one second. But we know how to help ourselves, don't we:

while (true); do $CMD; sleep .1;  clear; done

Configure top to be snappy and show more information:

alias top="top -SPwaus.1"

We can manually adjust the resolution and other screen properties of the console:

vidcontrol -g 100x37 VESA_800x600 green
vidcontrol MODE_280

Check, which kernel is currently installed against which one is currently running (read: tell, if a reboot is required):

uname -r && freebsd-version -k

Change the name of the root user (from its default “Charlie Root”) # 

pw usermod -n root -c 'www jail root'

oder zusammen mit anderen Angaben im $Editor:

chpass

problems and solutions #

acme.sh curl error Please refer to https://curl.haxx.se/libcurl/c/libcurl-errors.html for error code: 35:

pkg install ca_root_nss

and afterwards (with powerdns):

su acme --  /usr/local/sbin/acme.sh --issue --domain test.example.com --dns dns_pdns --server letsencrypt_test

Find out the order (rcorder) in which services are started during boot and which are enabled:

service -r
service -e

Issue: wsdd says OSError: [Errno 48] Address already in use:

wsdd_flags="-ibridge0"

because wsdd otherwise tries to bind multicast to multiple interfaces, which does not work if they are not on different networks hence why Address already in use

Issue: It is not possible to add, modify or delete users using pw(8) or adduser(8) and one of the following messages is shown:

pw: entry inconsistent
user disappeared during update

This happens, when the password files get out of sync. To synchronize /etc/passwd, /etc/master.passwd and /etc/pwd.db one of the following commands can be used:

pwd_mkdb -p /etc/master.passwd
vipw

Issue: Crashes in the night time

check your cronjobs, because you may have several instances of find / running within the security check pre-configured to run at 03:01. Furthermore the pkg-backup script uses xz to compress. Watch out for simultanious running jobs in jails and try not to execute the jobs in parallel. Add daily_backup_pkg_jails="*" to your /etc/periodic.conf.local to have the host executing the pkg backup script, deactivate it in every jail with something like

daily_backup_pkgdb_enable="NO"
daily_backup_pkgng_enable="NO"
daily_backup_pkg_enable="NO"

and you are good to go (I have no good solution for the security job atm).

loader.conf typo in module name and boot kernel panic #

This may even prevent you from entering single user mode, but can easily be fixed using the boot loader prompt:

disable-module vesa
disable-module vboxdrv
unset hint.apic.0.disabled
boot-conf
boot

would effectively override vesa_enable="YES" in /boot/loader.conf

J1900: No sound # 

dev.hdac.0.polling=1

disable bell (console beep) # 

sysctl kern.vt.enable_bell=0

or permanently:

kern.vt.enable_bell=0

keyboard: repeat rate # 

keyrate=330.40

WiFi in FreeBSD 11 #

FreeBSD does not automatically create a wlan0-device. Also ifconfig cannot longer be used to find the devices name. Instead there is a new sysctl value, which can be used like this:

sysctl net.wlan.devices
ifconfig wlan0 create wlandev ath0
wpa_supplicant -i wlan0 -c /usr/local/etc/wpa_supplicant.conf

(where for some reason using wpa_passphrase (3) did not work for me, just plain text passwords)

Slow WiFi Speed #

The reason may be a misconfigured country code, which leads to reduced trasmission power rate.

ifconfig wlan0  ;# part of ifconfig's output is the country, usually 'US'

create_args_wlan0="wlanmode sta country Germany"

Also I found some Forum posts where -ht was added to improve the stability. Notice, that using this option also reduces the transfer speeds dramatically.

Package Management #

Information about the currently installed packages are in the file /var/db/pkg/local.sqlite, which should therefore be backed up, where deleting /var/db/pkg/repo-FreeBSD.sqlite will recreate (and may therefore 'repair') the package database next time one runs pkg. The /etc/pkg/FreeBSD.conf contains the url to the pkg database. By default it is set to pkg+http://pkg.FreeBSD.org/${ABI}/quarterly, but it can make sense to use latest instead of quarterly when using ports and pkg's at the same time, because they are theoretically in sync (practically there are other ports trees which may not be in sync, but not in the default configuration). - thanks to “blackflow” on irc/freenode

pkg: An error occured while fetching package # 

pkg: An error occured while fetching package
Unable to update repository FreeBSD
Error updating repositories!

The root cause: /etc/pkg/FreeBSD.conf contains an URL, often pkg+https://pkg.FreeBSD.org/${ABI}/quarterly, which cannot be accessed.

There are multiple reasons why that can happen, but the above error message is the same for all of them:

  1. DNS: if host pkg.FreeBSD.org does not resolve the address (repair with adapting /etc/resolv.conf)

  2. HTTPS: certificate cannot be checked (e.g. letsencrypt), install pkg install ca_root_nss to fix it? Does not work? Temporarily use http instead of https!

  3. firewall/connectivity: the system cannot communicate to the outside world. a jail may be restricted by a firewall. icmp can work and http not in that case.

assign an IPv6 alias address
# set
ifconfig re0 inet6 2a01:04f8:XXXX:YYYY::1:1 alias
# unset
ifconfig re0 inet6 2a01:04f8:XXXX:YYYY::1:1 -alias
deactivate ntp

If sockstat -l | grep 123 displays many entries, one for each of your jails, the service may not be running within the jail. Add to the hosts /etc/ntpd.conf:

interface ignore wildcard
interface listen 127.0.0.1
interface listen ::1

…and restart ntpd.

ZFS under FreeBSD #

In a replication stream (-R) from Linux to FreeBSD, if you get an error:

Cannot receive incremental stream: dataset is busy

it could be, because there was a vdev fully transferred and that triggered a warning in the system log (/var/log/messages):

[...] vdev state changed [...]

If you could not receive the datastream for that reason, it can be solved by setting the following property during the transfer:

zfs set volmode=dev [datapool|dataset]

But if you want to mount individual slices (partitions) from the zvol the above command causes trouble, because gnop can only be used with geom providers. After resetting volmode=geom it may not be necessary to play with offsets, because you can then find the slices under /dev/zvol/[...].

booting ZFS from GPT #

zfsbootcfg can be used to create a /boot.config file. This file contains, what can also be manually written after the boot: prompt and to boot zfs we can usually just use /boot/zfsloader -P (skip -P if you do not want to use the serial console).

At the boot: shell it is possible to type a ? (question mark) to list files in the / directory, but it is also possible to write ?boot/ to see the contents of that directory. That is nice for debugging.

Even legacy (mbr) boot is possible with this:

gpart add -a 4k -s 512K -t freebsd-boot ada0
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0

After upgrades: Create a new basejail with the same additional packages as the old one # 

pkg -r /usr/jails/_basejail-13.1 query -a %n | xargs pkg -r /usr/jails/_basejail-13.2 install -y
top