BIG BOY LEMONADE

Firstly I start with a fresh install of FreeBSD 8.1 AMD DVD with the standard configuration options with SSH enable although this can be done from the console.

I log into the VM using SSH for the first time and install the appropriate tools using packages. I used to use make install via ports but I find updating ports from source to be quite lengthy for production servers. Of course if a package is not available or out of date I will ports and/or install completely independently using the full source tar ball.

# ssh your.servername.com

And su to root

# su

I then add WITHOUT_X11=yes to the /etc/make.conf so as little as possible X packages are installed

# vi /etc/make.conf

Then I install the following packages

# pkg_add -r bash
# pkg_add -r sudo
# pkg_add -r screen
# pkg_add -r cvsup-without-gui
# pkg_add -r wget
# pkg_add -r nano
# pkg_add -r vim
# pkg_add -r open-vm-tools-nox11
# pkg_add -r portupgrade

Next I update my shell user to use the bash shell

# chsh -s /usr/local/bin/bash

Then I add the permissions to allow wheel users to access root through sudo by commenting out the line below

# nano /usr/local/etc/sudoers

# Uncomment to allow people in group wheel to run all commands
%wheel        ALL=(ALL) ALL

Next I add the appropriate lines to the rc.conf for security and to enable the packages abov.

# nano /etc/rc.conf

portmap_enable=”NO”
inetd_enable=”NO”
clear_tmp_enable=”YES”
syslogd_flags=”-ss”
nfs_client_enable=”YES”
nfs_client_flags=”-n 4″
accf_http_load=”YES”
fusefs_enable=”YES”
vmware_guest_vmblock_enable=”YES”
vmware_guest_vmhgfs_enable=”YES”
vmware_guest_vmmemctl_enable=”YES”
vmware_guest_vmxnet_enable=”YES”
vmware_guestd_enable=”YES”

I then update my SSH config to make it more secure by editing the following lines

# nano /etc/ssh/sshd_config

PermitRootLogin no
X11Forwarding no

Next I want to update the source tree to ensure I have the latest files before I rebuild the world and kernel so I have to create a sup file.

# nano /etc/supfile

*default  host=cvsup.au.freebsd.org
*default  base=/usr
*default  prefix=/usr
*default  release=cvs
*default  tag=RELENG_8_1
*default  delete use-rel-suffix
src-all
*default tag=.
ports-all

Next I update the source tree and ports by executing the cvsup program

# cvsup -L 2 /etc/supfile

Now the source tree is up to date we can now build a new world and update the kernel.

# cd /usr/src

# make -j2 buildworld

This will take a while depending on the machine that you are compiling on so this is the best time to grab a coffee. Speaking of coffee I recently found this website Decaf Sucks developed by some coffee enthusiasts in Canberra to rate café or coffee or check on reviews right around the world. Its very well designed with heavy use of ajax which I always appreciate.

Now that is done the next step is build the kernel. I have built my kernel options around the specifications we need for the servers we use in a production environment but feel free to add more options for your own purposes. For more information on the kernel options please see the FreeBSD handbook. I named my kernel AMDVM but you can use your own Kernel or if you wish to use the standard kernel just use remove the KERNCONF=AMDVM from the command line.

# make -j2 buildkernel KERNCONF=AMDVM

Now the kernel has built successfully we need to now install it

# make installkernel KERNCONF=AMDVM

Now with the kernel installed we want to reboot the machine using the new kernel so we can then install the new world.

# reboot

Once the machine has booted back up again log in and su to root and move to the /usr/src directory

# cd /usr/src

Next we want to run mergemaster but only on the password files so they do not get overwritten as part of installing the new world.

# mergemaster -p

Generally you are not prompt for any changes if you are not upgrading to a new release.

# make installworld

Next we have to do a mergemaster to update any configuration files that require updating. You may have to run this more than once, be sure to read every change and merge the required files otherwise your configuration could be overwritten in parts.

# mergemaster

Use ‘i’ to install merged file  Use ‘r’ to re-do the merge  Use ‘v’ to view the merged file  Default is to leave the temporary file to deal with by hand
*** How should I deal with the merged file? [Leave it for later]

Now this is done it is time to reboot the machine into the newly installed world to finalise the installation.

# reboot

Log back into your virtual machine and run the following command to double check the system has been updated successfully.

# uname -a

The finished output of this command will look similar to below.

FreeBSD hostname.yourdomain.com 8.1-RELEASE-p2 FreeBSD 8.1-RELEASE-p2 #0: Wed Jan  5 17:58:40 EST 2011     [email protected]:/usr/obj/usr/src/sys/AMDVM  amd64