Author Archives: brd

Postgres in FreeBSD Jails

In the past we had to use the old SysV IPC sysctls and change the UID that each PostgreSQL server ran as under in each Jail. Which was annoying and error prone.

I started down this path because I was trying to figure out which tweaks are needed to allow PostgreSQL to run. Initially I was seeing the service postgresql initdb error out with this error:

creating template1 database in /usr/local/pgsql/data/base/1 ... FATAL: could not create shared memory segment: Function not implemented

In digging into this problem and the fact that PostgreSQL should be able to use posix shared memory now, I discovered some new jail knobs. In FreeBSD 11.0 and later it is very easy to run PostgreSQL in a FreeBSD jail.

In your jail.conf, just add:


Or if like me you are using ezjail, just add to config file for that specific jail on the _parameters line, like so:

export jail_mon_example_com_parameters="sysvmsg=new sysvsem sysvshm"

Then start the jail and install PostgreSQL:

pkg install postgresql95-server

Verify that we can initialize the database correctly:

service postgresql initdb

If that completes without error, as it should, go ahead and start up the PostgreSQL service:

service postgresql start

I really like this method as it keeps the database service isolated with the service it is running for and keeps the shared memory and the shared memory config isolated into that one jail.

Temperature Sensors

I have been thinking about setting up various temperature sensors around my home. Initially I started with some AM2302 (DHT22) sensors attached to an Arduino Ethernet. That way the data could be pushed to my FreeBSD machine and stored in Graphite. This approach has some issues, but largely works, so as the old adage goes. If it ain’t broke, don’t fix it. So I am leaving those two sensors alone.

I would like to have a few more sensors, for example, in my garage I want to have a Raspberry Pi for music streaming and maybe a camera so I can verify my garage door is closed when I am at work. Well rather than setting up another Arduino in the same place I would rather just add a Temperature sensor to the Raspberry Pi. I started looking into using the AM2302, but it really seems to work best using a micro controller where the reads are very time sensitive. Looking at the ow_temp(4) man page, this sensor is supported and would save me from having to have multiple devices. So I picked up a few DS18B20 Sensors to play with. They arrive tonight, so this is my weekend project to test if they work as expected.

Thanks to Warner Losh and others for bringing 1-Wire support to FreeBSD!

Building ARM Packages with Poudriere (the simple way)..

The current directions for building ARM packages are quite long and need to be updated. This is my work-in-progress directions until I get everything right and then I will update the documentation.

  1. Install poudriere and qemu-user-static: pkg install poudriere qemu-user-static
  2. Enable qemu-user-static in rc.conf: qemu_user_static_enable="YES"
  3. Run the startup script to configure your system for building different architectures: /usr/local/etc/rc.d/qemu_user_static start
  4. Create a ports tree to build: poudriere ports -c -m svn+https -p svn
  5. Create an ARM build jail. Note, this will take awhile: poudriere jail -c -j 11armv6 -v head -a arm.armv6 -m svn+https

Now you can test build whatever packages you want for your ARM device:
poudriere testport -j 11armv6 -p svn -o x11-wm/lxsession

Official Vagrant FreeBSD Images

I am very proud to announce that FreeBSD Vagrant images are now available.

For VMWare, create a Vagrantfile like so:

Vagrant.configure("2") do |config|
  config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true = "freebsd/FreeBSD-11.0-CURRENT" = "sh"

For VirtualBox, create a Vagrantfile like:

Vagrant.configure("2") do |config|
  config.vm.synced_folder ".", "/vagrant", id: "vagrant-root", disabled: true = "freebsd/FreeBSD-11.0-CURRENT" = "sh"
  config.vm.base_mac = "080027D14C66"

Then run:
vagrant up

On first boot the machine will come up and install missing pkgs and run freebsd-update if needed. Note that this can take a few minutes. If it fails to boot try using: vagrant up --no-destroy-on-error. On my 2004 iMac with a spinning disk it takes just over 3 minutes. On my mid 2014 MBP with a SSD it takes about 1 minute and 45 seconds. In the future we will reevaluate installing the missing packages on boot vs when the VM is built.

Note that you can replace `FreeBSD-11.0-CURRENT’ with `FreeBSD-10.0-RC2′ or others. To see a full list of versions available, check the Hashicorp Atlas website here:

Going forward:

  • All snapshots will include Vagrant images, so weekly updates of FreeBSD -STABLE branches and -CURRENT.
  • All future releases will including Vagrant images.

Fan Speed monitoring

Recently I moved a server into a proper cabinet with doors. After a few days I noticed the fans were spinning up and down. So I started investigating ways to monitor the fan speed. I figured having a graph of them long term would give me a nice way to show changes in the environment, beyond the temperature monitoring I am already doing.

I was not having much luck searching the Internet. Luckily, Darius on IRC pointed me to a project called bsdhwmon by Jeremy Chadwick, a fellow FreeBSD Developer. The server is running an older Supermicro X7SBi motherboard with a Winbond 83627HG chip which is listed on the supported page of bsdhwmon.

It was easy to setup:

  • Install bsdhwmon: pkg install bsdhwmon
  • Load the SMBus Controller driver for my motherboard: kldload ichsmb
  • Load the Generic SMB I/O Device driver: kldload smb

All I had to do from that point was run bsdhwmon:
# bsdhwmon
CPU1 Temperature 46 C
System Temperature 29 C
FAN1 10975 RPM
FAN2 11344 RPM
FAN3 7219 RPM
FAN4 7068 RPM
FAN6 11065 RPM
VcoreA 1.122 V
MCH Core 1.508 V
-12V -12.672 V
V_DIMM 1.808 V
+3.3V 3.296 V
+12V 11.904 V
5Vsb 5.046 V
5VDD 4.998 V
P_VTT 1.228 V
Vbat 3.312 V

It is important to remember to add the kernel modules to be loaded at boot. Adding the following to /boot/loader.conf will take care of that:

Note that ichsmb will load smbus, but not the smb kernel driver.

Now that I have the tools, I can monitor it at will.

FreeBSD + Packer = Vagrant

So I recently discovered a tool to build Vagrant images called Packer. It allows you to script the install via key presses over VNC to automate the install of any OS. I am running on a rather fast machine (Core i7, 16GB of RAM, SSD), so I suspect there might be some lurking problems for people on slower machines due to timing of the commands.

Everything is available from my Github repo:

To get started:

  • Install Vagrant and Packer
  • Clone the repo onto your machine
  • Build the Vagrant box: packer build template.json
  • Wait while it builds..
  • Start the Vagrant box: vagrant up
  • Start hacking: vagrant ssh

Give it a spin and let me know what you think!

Upgrading Graphite

Recently swills@ upgraded Graphite and reconfigured how it works to fit more in to the FreeBSD file system layout.

So if you are upgrading from a graphite installation older than 0.9.12_1, you will need to follow the following instructions:

  1. Stop carbon
  2. Copy the old data from /usr/local/storage/whisper/* to /var/db/carbon/whisper/
  3. Copy the /usr/local/etc/carbon/carbon.conf.example over to carbon.conf
  4. Set the SECRET_KEY to something random in /usr/local/etc/graphite/
  5. Then follow the instructions after the install, including updating the httpd.conf per the message after the install
  6. Restart Carbon and Apache

Be careful that you do not miss any of the steps and you should have a working Graphite install.

Puppet + pkgng/poudriere

First thing we will need a clone of into /usr/local/etc/puppet/modules/.

This will be pushed out to the clients as long as: pluginsync = true

For me the next step is to create a manifests/init.pp in the new module directory. This is important to me because I want to sync out a /usr/local/etc/pkg.conf to all my machines so that they point to my internal poudriere repos. So I end up with something like this:

file { "/usr/local/etc/pkg.conf":
        mode => 755,
        owner => root,
        content => "packagesite: http://pkg/91-web/

Once that is done it is easy to use pkgng packages via:

package { "www/apache22":
        ensure => installed,
        provider => pkgng,
        require => File['/usr/local/etc/pkg.conf'],

BSDCan 2013 Talk: FreeBSD Birth to Death: Managing the Lifecycle of a FreeBSD Server

This is a bunch of links to the tools I talk about in my presenation





Config Management:
Salt Stack:





Serial Console:

Generic Resources:
FreeBSD Handbook:
Everything Sysadmin Blog:

The Importance of Serial Console

I have long been a huge fan of having serial console on my servers–it can really save the day when a mistake is made. Yesterday, one of my coworkers botched the sshd_config in an upgrade of a server, so the server came up fine, but without sshd. As a result, the system was not accessible for remote login via the network.

Over the years, I have done serial console in many ways. I began with a single null modem cable between the back of two servers. Next, I utilized a RocketPort multi-port serial card with 8 serial ports on it. These days, I have moved on to employing big serial console servers such as those made by OpenGear, providing up to 48 ports. They also have ancillary features such as providing a Nagios platform and Environmental monitoring.

No matter your physical connectivity, I recommend using Conserver. This helps by logging what is happening on the console, which can be very handy if you need to see what happened in the past whether it be a function of the system, or to see who did what. It also provides multi-user access, so you can watch while someone else is working and both of you can collaborate on fixing a problem.

In order for the previous technologies to be useful, the servers require configuration as well. The first step is to configure the BIOS for serial console redirection. Once this has been performed, the OS will need to be configured to present a console login via the serial port. The FreeBSD Handbook explains how to do this Here.

PXE Booting FreeBSD 9

I have thrown together a quick guide to get FreeBSD 9 to PXE Boot:

In FreeBSD 9, a few things have changed. If you have an old PXE environment from FreeBSD 8, you will want to make note of the following:

  • No more mfsroot.
  • Which means, no more changes to /boot/loader.conf, it should be empty infact.
  • You need the new pxeboot binary from 9, do not try using an old one.

Pushing the Puppet patch for FreeBSD password management upstream

I attended LISA in Boston last week and was able to talk to a few of the Puppet developers. This reminded me I needed to push this patch upstream.

I opened a ticket in the Puppet Bug tracker, 11318. Then I found out that someone by the nick of tdb had already incorporated our changes into another pull request that adds more functionality and some unit tests. So hopefully this will be committed soon and we can have this support upstream.

I just wanted to thank tdb for taking this work and running with it!

brd’s notes

My old anoncvs/cvsup server ( finally died and I am working on building up a new one.

I have setup the hardware and I am prepared to ship the server out. Just need to confirm the new IP info and ship it out. Hopefully I will get this done this week prior to heading out to LISA.

brd’s notes

I am attending the FreeBSD Developer Summit for the next two days proceeding BSDCan. It is good to see everyone again and wonderful to sit down and talk with them face to face. Simon and I will be getting together and working on some clusteradm@ topics. I am currently in the Documentation Working Group meeting and we have covered many different subjects, but one of interest to me is.. We are talking about converting from SGML to XML for the Handbook and Articles. There are many benefits, such as making digital publishing easier.

brd’s notes

Describing what I really wanted to happen a coworker of mine, Andrew Hust, was able to help me write up the ruby to get it done. So without further delay:

I will be sending this to the FreeBSD puppet port maintainer and submitting it as a patch to the port soon. I wanted to get it out there so we could get some feedback.

Update: See the new patch I posted in the comments.