OpenBSD - Post Install - Wifi - USB - Pkg_add - What do I Think

v 0.3

29 Sep 13

Well, I've been the proud user of an OpenBSD 5.4 Snapshot installation, on an Asus VX1 laptop for a few days now. My initial impressions are pretty damn good.  Yes it is a basic install (hey, the ISO is only 200 meg or so) but it is clean and uncluttered.  It lets you build the system you want without any crap you don't want - and THAT helps security.  Whilst OpenBSD installs quickly, don't expect a system that can do work "out of the box" - if you do, then you will be sorely disappointed and will miss what is truly a gem.  If you want something like that, then PC-BSD is perfect for you, or on the Linux side something like Ubuntu - or even Debian or Slackware.

Take a couple of relaxing breaths, and tinker and read and gradually you will understand and build your system.

Wireless and USB

As for me, well, I was able to configure the Ethernet port during install, however the Intel Wifi card would not work.  After some reading and checking the man page for it, I worked out I had to either download the firmware directly from the OpenBSD site, or use the specialised program which checked what was needed, downloaded and installed the firmware automatically.

Man page for wpi (my card) is here:

http://www.openbsd.org/cgi-bin/man.cgi?query=wpi&sektion=4

There are two ways you can install the firmware

1. Have a wired ethernet link and use fw_update

2. Download the firmware on another computer, transfer the firmware to the laptop and run pkg_add from the directory the firmware is in.

Of course, if you are going to copy the file to your machine, you will probably use a USB memory stick.  The documentation for this is thorough and I was most impressed to see my USB sticks recognised and easily mounted.

Once the firmware is installed, then you need an appropriate config file in " /etc ".  I got the wireless card to work by putting this line in " /etc/hostname.wpi0 " 

dhcp nwid [SSID] wpakey [PASSWORD]

Packages

Package Management - again, the man page is your friend.  I found using an http mirror to be far more reliable than an ftp mirror, which kept dropping out and failing.  You need to configre " pkg.conf " with mirror sites or package directories .. you can put in more than one.  As mentioned below - if you have the packages in the default directory, then there is no need to specify that directory.

/etc/pkg.conf

installpath=http://mirror.internode.on.net/pub/OpenBSD/snapshots/packages/i386/ 

Remember the trailing "  /  "

Where do they go?

Downloaded packages can be found in " /var/db/pkg "
Installed programs are in " /usr/local/share "

... Later

OpenBSD - Windows XP Dual Boot

September 25 2013

v 0.24

Recently, I stumbled upon OpenBSD and I have to say, I like it. Despite a couple of articles I've read proclaiming that it is not as secure as it claims, I'd have to question what the authors of the article understand, since I tend to agree with the OpenBSD people. In a way, OpenBSD is a little like Dassault. Dassault believes that beautiful aeroplanes fly right. OpenBSD believes that beautiful code works properly.

Whilst OpenBSD will not pander to your ignorance (people who wonder what "the big red button does" will find out quickly), having patience and reading and doing research will quickly get you on the right track.

As an aside, my stable of preferred Operating Systems is:

• Debian Stable (with backports) for pure desktop
• PC-BSD for desktop / server (nVidia card required for X)
• OpenBSD for lots of stuff because it works.

Whilst I have been playing with OpenBSD in a Virtualbox VM, I wanted it on hardware. I have an Asus VX1 laptop that has a 160 gig HDD, 2 gig memory and an nVidia video card. It runs Windows XP. Now, WinXP has 6 months before MS withdraws support - no more security updates, so attaching it to the Internet could get (more) exciting. I didn't want to blow XP away if I could help it, so .. here we go.

First I removed all the files I could - hey I wasn't going to need them there anyway .. and I figured I could shrink the NTFS partition to 40 gig, leaving over 100 gig for OpenBSD. Initial disk configuration was:

• 2 gig hidden recovery partition
• 88 gig C drive
• 58 gig D drive

Next .. disable virtual memory and hibernation in XP. (google is your friend). These two features are responsible for the "unmoveable" files shown when you defrag. Whilst I'm sure I could shrink the partition without trouble, I wanted to play nice.

Surgery, boot with a "Parted Magic" CD. Using this, I deleted the "D" extended and logical partitions, and shrank the "C" partition to 40 gig. I was now left with the initial "hidden" recovery partition for WinXP (careful of it - if you ever use it, it will blow away OpenBSD) and the WinXP primary partitions. I created an empty, unformatted partition to fill up the disk, this coming to about 107 gig. It is important to create this partition now as I have shown. It makes things a lot safer and easier later.

OpenBSD installation uses the fdisk program to set the boot partition and to label the installation partition as "A6". THEN it uses the disklabel program to set internal "partitions" and mount points inside this. I'll not describe the process in any more detail, since OpenBSD is not something you should be playing with if you are not able to work things out. The best web-page I found to fill in the blanks and help was this:

http://www.barowy.net/tips/dual-boot.html
http://www.winimage.com/bootpart.htm

Booting the OpenBSD installation CD, I used fdisk to set the bootable partition and set its filesystem type. Then disklabel came up and I eventually accepted the defaults. There are several Youtube videos that give you more insight to this.

With the installation finished, I booted into OpenBSD - as the web page above said, I used fdisk to set the bootable partition back to NTFS and rebooted. Once in Windows again, I used the instructions to add OpenBSD to the Boot menu.

Final tip - remember you have an extra hidden partition, so be careful when you come to specifying partition numbers ...

Done.


PS    Editing the BOOT.INI in Windows ........

The referenced web page doesn't tell all you need to know, nor does it interpret the editing process correctly.

You edit BOOT.INI with the " bootcfg " command.  Whilst you can view boot.ini with notepad, you cannot edit it.  So ...

• Change default OS .. "  bootcfg /default /ID [linenumber of OS to be default] " .. In our case, we want the second OS to be made the default, so we would use the number 2.
• Change the timeout .. " bootcfg /timeout 10 "

That's it ..

PC-BSD - Taking the Plunge

v 0.2

18Aug 13

I've been thinking that it is time for a new computer - after all, the machine that I've been using is 6 years old.  The server setup I'd done has been chugging along nicely and the interesting thing is that it is as fast as my Windows desktop.  After doing a bit of fantasy building, I thought "why not just use the server machine - add a couple of things and make it really good before moving on and getting what I really want?"

And then my Windows desktop started cutting out - I figured the CPU was overheating, so I specially cleaned it - which fixed things for a while - but I had this sense of unease.  What really bothered me was the software raid I'd used with Windows .. tight licencing with Microsoft made me think that if this thing fell over, then I'd have a "bother of a time" getting it sorted, so I started dragging stuff off it.

I had about half my data off, when a strange electrical smell started - then "BANG!!!" and a flash from the power supply.  And the house got dark.  Alright, I thought, at least I know what the problem is now ....  A visit to my local friendly computer shop and with a new power supply my machine was now as good as new again.  I'd gone past the tipping point though, and I wanted to move on.  Yes, I did need Windows for a couple of things, but I wanted out.

My "Home Server" .. it was inexpensive to put together, having an i3 CPU, an Nvidia GTS450 graphics card I had lying around (to make PC-BSD work), 8 gig memory and a Western Digital 2 TB "Green" hard disk.  I had (so I thought) another of these disks lying around, and I went out to purchase a third.  I had finished playing with the machine with PC-BSD and thought this was an opportunity to re-do things the way I wanted, using things I'd learned.

The Plan

• Re-install the latest PC-BSD rolling release.
• Use three 2tb disks in a ZFS Raid-1z configuration
• Use Jails and Virtualbox to run servers in the background

PC-BSD - the Really Cool Stuff

Whilst I remain a committed fan of Debian (Wheezy is just so cool), PC-BSD has too many great things going for it not to be used.  A few months ago when I was looking at it, there were two "killer problems" .. it would not immediately recognise USB memory sticks, and the Flash video was not an Adobe "priority".  Well, the USB problem has been solved, and I figured that if I really needed Flash video, then a Virtualbox VM would do it for me.

What has me really excited about PC-BSD is the user-friendly implementation of the Zetabyte File System (ZFS).  

The installation routine allows a simple implementation of many "multiple disk" file systems in Raidz configuration.  You can have a simple "mirror" configuration with two disks, moving up from there.  I have a three disk configuration whereby the failure of one disk allows me to replace it and then re-build the configuration without loss of data.

But wait! There's more!

Using the PC-BSD Control Panel you can specify system snapshots to allow you to roll back in the GRUB menu to a previously good system (if an upgrade wasn't all you hoped for).  This system snapshot does NOT affect your own files - it is purposefully restricted to system files.

Servers running in a jail can have snapshots taken automatically, say, every hour so that if all hell breaks loose, you can just roll back to the last good server.  Say someone attacks your  server in its jail .. and trashes files and installs malware.  Roll back and the malware is gone and the files are back.  Magic!

Steak knives!

The supplied backup program .... the PBI installation system for additional programs ....

My Experience

Drives

First, I discovered that I did not have three WD Green drives, but two with a Seagate one.  Ah .. it will be ok.  Ultimately I had to shoehorn the Seagate drive in because of a lack of mounting holes .. but figured ... "it will be ok" .... well, it wasn't BUT that showed how great ZFS is .... and I was able to fix everything. 

So, what was the problem with the Seagate drive? .. well I just laid it out on top of one of the other two drives .. giving the drive circuitry no chance of getting any cooling air.  The obvious happened and the drive fell out of the ZFS zpool.  Bother.  BUT .. the zpool kept working!

Next day when I rebooted, everything worked! The zpool resilvered .. aha ... sounds like a case for duct-tape! ... Yes, I have duct-taped the Seagate drive to give it cooling .. but it works and I've had no further problems.

USB

The USB problem has been largely fixed.  So long as your USB Memory stick has 16 gig or less, then no problems for copying TO the computer.  PCBSD does not recognise  USB memory sticks greater than 16 gig.

Where the problem comes in is with copying files FROM the computer TO the memory stick.  What happens is that the system complains that it is unable to re-set the permissions to yours and in the case I was faced with ... that was 700 info windows to click through.  !Fun.

NTFS .. no probs .. though I found that it was very difficult to unmount an external drive.

Overall?

I'm still here.





Later.

Debian Wheezy - Virtualbox Shared Folders

v 0.2

8th Jun 2013

One thing I've never found very satisfactory is the method of organising shared folders between a Linux guest and the Host systems in Virtualbox.  The instructions I've read have never seen to be satisfactory.  Until now.  In this example, I'll use a Windows host and a Debian Wheezy guest system, however it works exactly the same on my Macbook for OSX.

• First, add a shared folder to the Virtualbox manager for the VM.  I added "C:/Users/geoff/share" .  Make sure "automount" and "make permanent" are ticked and "read only" NOT ticked for bi-directional sharing.
• Within the Wheezy guest, install the package " gnome-system-tools ".  This gives you additional administration tools, such as group management.
• Open "Applications | System tools | Administration | Users and Groups"
• Manage Groups
• Scroll down till you find the group " vboxsf "
• Highlight it and click "Properties"
• You will see a list of usernames in the box "Group Members" - tick the users you wish to be able to use the shared folder.  Authenticate the action with the root password.
• Close the programs and Reboot.
• Log in, and open Nautilus - navigate to the " /Media " directory.  You will see a directory named (in my case)  " sf_share ".  (the directory is always named " sf_ ...... " ) .  Any file you now place in that directory in Host, will be shown when you open the directory in Guest.

Done!!


Later.

Debian Wheezy - Install and Config of an OLD X31 Laptop - Part 2

v 0.2

23 May 13

Enhancing Wheezy.  I've often wondered what the magic formula was that when spoken would transform Debian and unlock its secrets.  Unfortunately, that formula is experience, finding those magic packages over time that will make it all so much easier for you.  First though, we have to learn about Debian mirrors.

Apt Sources

The heart of what makes Debian different is the system of software Mirrors, apt repositories and for Wheezy, the backports.  So, let's add the backports to the apt sources so that if later on newer software is added to this repository, we can install it.  (it is also worthwhile reading the instructions on http://backports.debian.org )
http://backports.debian.org/news/Backports_integrated_into_the_main_archive/

Open a root terminal from the accessories menu, change to the /etc/apt directory and then as root, edit sources.list:
# nano sources.list

add   deb http://ftp.debian.org/debian/ wheezy-backports main contrib non-free
        deb-src http://ftp.debian.org/debian/ wheezy-backports main contrib non-free

note:  pick the mirror closest to you for best performance ... I have ftp.au.debian.org

Iceweasel and Icedove

While we are here, why not make iceweasel the current release in phase with firefox?  Go to http://mozilla.debian.net  .

add  deb http://mozilla.debian.net/ wheezy-backports iceweasel-release  to your sources.list then ^O and return to save ^X to exit  (control O .... )

The iceweasel release repository has a keyring that identifies it as genuine .. you can download it from the website, or install it from the repository.

# aptitude update  (it will complain that it doesn't have a keyring for the mozilla archive)
# aptitude install pkg-mozilla-archive-keyring

To get iceweasel installed, you will have to update from the command line after you have saved and exited from nano as so (note, it MUST be the command line, Synaptic won't work for the initial install):

# aptitude update
# aptitude install -t wheezy-backports iceweasel

(note - aptitude is probably preferable to apt-get as it does exactly the same thing but keeps track of dependencies installed on the machine a little better).

There .. Iceweasel 21, the current release.  The webpage at mozilla.debian.net has instructions for icedove (Thunderbird) as well.

Gnome Workspaces Tip

I had both Iceweasel and an open terminal in the same workspace.  I dragged the Iceweasel icon in the workspace to another, so now I have terminal in one and Iceweasel in another.

Lxde

I wanted to see what a difference a lighter desktop made, so thought I'd install lxde.  Once again, in a root terminal:
# aptitude search lxde     (to find the correct package to install)
# aptitude install lxde

Changing the desktop background in lxde - click both mouse buttons on the desktop for the menu (it should just be the right button but for some reason on my X31 I needed both).  I changed the wallpaper mode to "Center on the Screen" to give a nicer look to the default artwork.

Other Items of Interest

Synaptic is a generally more convenient way to install packages and gives an easy way of exploring the entire software collection.  It is installed by default.  Note that you can't use it to do the initial install of things from backports, only subsequent updates.

• nautilus-dropbox  - this adds Dropbox and nautilus integration. A dropbox menu item is installed in the internet category ...
• ttf-mscorefonts-installer - Ms Truetype Core Fonts - install these to get nicer fonts in the web browser.
• BUM  Boot Up Manager manages init processes
• rcconf  Another Boot process manager

Default artwork for Debian - look in /etc/alternatives

LibreOffice

The libreOffice website has an installer for debian packages for the up-to-date suite.  BUT it is also in wheezy-backports

http://linuxg.net/how-to-install-libreoffice-4-0-3-on-debian-7-wheezy-via-backports-ppa/

You have already put the backports into your sources.list .. so ..

# apt-get update
# apt-get -t wheezy-backports install libreoffice

Installing via Backports - A Note

Once more ..

When you first install a package via backports, you have to use the command line and " -t " to activate the package.  Once you have done that then the new version will be tracked in synaptic etc and update when a new package becomes available.

What packages are there?  Well, the only way I've worked out so far is to look through the package pool and identify new packages.  For example, Gnome 3.8 is available in backports should you wish to install.  The backports packages don't appear in Synaptic till you install them via aptitude / apt-get

Look at this in your browser:    ftp://ftp.debian.org/debian/pool/

Skype

Skype is only available in 32 bit deb packages, so use of the "multi-arch" feature of Wheezy will be needed if you have a 64 bit install.  I'll not go into how to do this .. something for another time.  For a 32 bit install of Debian though:

• Download the deb package to the machine.
• Right click on it and open with the Gdebi package installer. (Gdebi also downloads and installs dependencies.)
• Install
• Type in the admin password when asked.

Cloud Storage

• In addition to dropbox, there is SpiderOak, which has clients for both 32 bit and 64 bit Debian.  SpiderOak is noted for being encrypted so that even if they wanted, they would be unable to access your data.
• Google Drive - Check out Insync  https://www.insynchq.com/linux

...




Later

Debian Wheezy - Install and Config on an OLD X31 Laptop - part 1

 v0.2

22 May 13

Now that Wheezy has been released stable, I thought it might be appropriate to re-visit the installation on an old computer, just to see how it goes.  I have an IBM X31 laptop that is about 10 years old.  It has a 1.4 centrino, 768 meg of memory and an ati mobility radeon gpu.  What I want to do here is to go through the installation of Wheezy, concentrating on the little bits that people may find unusual and need some re-assurance on, then discuss how I configured the system, what applications I loaded and generally how I made the system useable.  The present system on it is PCBSD 9.1.  I found that to be too slow for my liking, so back to Debian for the desktop.

Stupid is as Stupid does

Too often I hear unwarranted critisism of Debian which is almost always ill-informed and .. well .. just basically "stupid".  I recently saw a posting of someone highly critical of Debian because it would not install on any of their machines - there were no drivers for their network cards and it kept complaining about the CPU.  Some basic research would have shown them they needed to do the simple step of putting the easily found firmware onto a USB stick or download the installation ISO which included the non-free drivers.  Of course they had the wrong ISO anyway .. they were trying to install 64bit Debian onto a 32 bit processor.  The moral?  Make sure you blame the correct "tool".

Debian Versions

Debian is not just one distro.  It is three separate distros, or branches, that can be mixed together to form whichever explosive grade you are brave enough to stand.

• Stable - currently Wheezy.  Server or conservative desktop.  Rock solid with software that has been tested for months - which is why it is "older".  New software versions will NEVER appear in stable.
• Testing - currently Jessie.  Generally suitable for an advanced desktop - software that has done a couple of weeks bug checking.
• Unstable - Adrenalin Junkie desktop - software straight from the developer.

Installing Wheezy

For the installation, I suggest you first read the excellent guide on howtoforge "the perfect desktop Debian Squeeze".  That will provide a sound starting point and in itself will show you how to find your way round a Debian install.

I downloaded the 32bit 386 CD1 using the torrent from the Debian website and burnt it.  There are other options, namely use the " netinstall " cd, but that is what I did.  I chose the default install using the text screens.  Being less powerful than is normal for today, there were considerable delays of blank blue screens between steps, but it got there.  Then it displayed the message:

missing firmware ipw2100

This indicated the wireless card I had installed in the miniPCI slot needed a non-free driver.  Easy.  I'd previously downloaded and expanded the driver firmware zip file from Debian (which includes both 32 and 64 bit), into a folder on a USB stick.  I inserted it, and the machine then searched the stick until it found the drivers and then continued, finally telling me the connection choices I had:

• eth0 intel pro 100 wired
• eth1 intel wireless/pro 2100 on a miniPCI card  G
• wlan0 Atheros AR5212/AR5213 built in wifi B

The installer suggested wlan0

The next screen presented me with available networks   then asked the type of encryption .. I chose WPA, typed in the password and off it went ...

The partitioner gives you four choices.

• Guided for the entire disk, giving you the choice of everything in one partition, a separate home partition, other partitions
• Guided for LVM - the logical volume manager - this allows you to configure multiple disks into RAID
• Guided LVM encrypted - allows you to set up an encrypted disk.  When the machine boots, it asks a password for the disk.
• Manual

Just because I can, I chose the encrypted option.

It then asked me which disk I wished to partition and identified both the IDE internal disk and the attached USB stick as SCSI disks, sda and sdb respectively.  I chose the internal one (der) and opted for only one partition.  Past experience tells me the formatting takes a LOOONNNGGG time for the encryption .. for 40 gig disk.  First step was to erase the disk, it took just over 2 hrs this time.  It then asked me for a passphrase for the disk encryption.

After the base install, it was time for the specific software such as Desktop etc.  Debian uses a command called "tasksel" for this.  Now I knew the ISO had not burnt quite correctly but everything had gone well till this point when the installation failed.  Not to worry, I simply unchecked all of the selections and this allowed the installation to complete with only the base selection (which is still considerably more powerful than MSDOS of yore).  Everything worked for the boot into a basic command line.

What I planned to do was boot to the command line in root, and then run " tasksel " and continue the installation using a Debian Mirror, however when I did, the wireless didn't work owing to the restricted install, and since I could be neither bothered to get it going, nor find an ethernet cable to continue, I just burnt another ( good this time ) CD and re-did the install.  Least work for me since this was simply happening in the background.  The full install of the default desktop took 4.5 hrs which includes 2 hrs to erase the disk for the encrypted disk - if you want a vanilla install, it would be 2.5 hrs - and this on a laptop that is roughly as powerful as a Pentium 4 3.0.

Now, how long does it take to boot?  I do know that booting into KDE on PCBSD was very slow on this machine.

• Boot to Grub - 8 sec
• Grub to Passphrase - 4 sec
• Passphrase to Gdm3 - 45 sec
• Gdm3 to Gnome Classic mode - 25 sec  (Gnome 3 does not work on this machine, the graphics are not good enough).
• Gdm3 to lxde first time -  6 sec.

There is a significant improvement to the default artwork between Squeeze and Wheezy.  The previous artwork made me want to rip it out immediately whereas the Wheezy artwork is understated and far more elegant.  I can see that it would not get in your way when doing work.  I like it.

Gnome Classic

The default Gnome Classic mode is really quite nice.  There are four workspaces shown along the bottom panel, and along the top, there is:

• Applications Menu
• Places Menu
• Date and time
• Battery indicator and charging status
• Volume selector
• Bluetooth selector (I'd forgotten this laptop had bluetooth)
• Network applet
• "User Menu" on the far right, with availability, System settings and session / power selections.

I had a play with the function keys and "trackstick" .. all worked as far as I could tell.  There is of course, a package to deal with IBM laptops.  During the course of playing with the keys, I turned off the wireless access.  When you turn off wireless, you turn off all adapters.  I simply went to the network applet, selected the adapter I wanted and off it went and connected.  Painless.

Conclusion

I have found the Debian Installer to be one of the most reliable ways of installing Linux to a computer.  Debian 7.0 may not be spectacular, but it is nice.  It does its job and stays out of your way whilst allowing you to enhance it with later packages.

Next .. enhancing the basic Wheezy ..



Later.

PC-BSD 9.1 Two Months

v 0.2

21 Mar 13

I've been using, reading about and playing with PC-BSD for two months now.  What do I think?

PC-BSD is an excellent server and desktop operating system.  I would gladly give my Parents such a system to use in their day-to-day lives.  It is stable, easy to use and provides a large number of easily installed third party applications.

It is not perfect, mind you.  An nVidia video card is highly recommended for a trouble-free experience, and the default desktop of KDE is strongly advised.  Automounting of USB devices does not occur, and the tray application in KDE must be used to detect and mount these.  Once the device is recognised and told to automount next time, you can use another desktop, however KDE remains the most reliable general desktop to use with PC-BSD.  That is not to say the others don't work well, but KDE is the most mature in this circumstance.  (and I say that as someone who was dragged back to admit that).  Should you disbelieve me - go ahead and find out yourself.  Automount has not worked in Gnome for some time, and the KDE tray app only mounts a USB device that it already knows about (in Gnome).

PC-BSD has introduced a "Rolling Release" concept.  I have not been successful in having it work flawlessly and at this time would recommend against using it - stay with 9.1 for the moment.

If you would prefer to stay with FreeBSD, then I still recommend using PC-BSD to install the vanilla OS.  Why?  The PC-BSD installer makes installation using the ZFS filesystem really, really easy.  If you can use ZFS then you should.  It has many really useful features, such as dynamic use of the space to manage its partition scheme, System Snapshots and more.

Easy management of Jails via Warden makes administration of Servers really easy.  You can have several Jails consisting of either BSD or Linux systems that you can snapshot or clone at your desire.  Make no mistake, though - once you go beyond the desktop, you really do need to have as much knowledge as any other system, it is just that you can get that first setup done so much easier.



Perfect?  Far from it.

Worth using?  Most Definitely.




....... Later.

PC-BSD 9.1 Linux Jails, VirtualBox, Citadel Groupware

v 0.2

6 Feb 13

The last few days, I've been playing with PC-BSD Jails via Warden.  I've found that the BSD Jails work just great, as I've mentioned previously, however I've been having problems installing servers on a Debian Linux Jail.  Some servers install without a hitch, and others just won't let the outside world see them. 

A case in point is installing Citadel Groupware.  In the Linux Jail, the two components can't talk to each other - Webcit, which provides the outward facing web interface, can't see the Citserver to talk on TCP 504.  Installing on Virtualbox, no problems - it installs without a hitch.

Another example is the installation of Web Servers.  Apache - nope.  Nginx - worked out of the box.  In all cases, the installation was using the standard Debian packages from the Main repository.

Debian Jail - Install Script

The way Debian is installed in a Linux Jail, is using the debootstrap command.  The way this is set in the install script is simply:

debootstrap squeeze

However, there are several architectures for Debian, in particular, the ones we want use the FreeBSD kernel .. should we include the architecture we want?  So, it would look like:

debootstrap --arch kfreebsd-i386 squeeze
or
debootstrap --arch kfreebsd-amd64 squeeze

I haven't really seen any difference, however I wonder ...

Citadel Again

Maybe I take a little longer for the concepts to sink in, but I've finally satisfied myself that the Debian packages do the same installation (albeit with files in different places - because it is Debian).

• The servers are installed
• The "citadel" user is created to run the server
• The init scripts are sorted.

The outcome of all this is that when the machine (virtual or real) is started, Citadel starts as well.

How to re-configure the Citadel Server?  There is a setup script in
"/usr/lib/citadel-server"
Run that script if you need to and you can adjust ports, and add an admin user.

Be aware, that Webcit ignores your setup instructions.  Get a text editor and edit
"/etc/default/webcit"
to your liking.




Later .........

PC-BSD 9.1 - More Jails and Linux

v 0.3.1

1 Feb 13
2 Feb 13
4 Feb 13

As I mentioned a couple of posts ago, most things are easy in hindsight, but maddening when you have to work them out.  Another such example I have found with PC-BSD Jails under the "Warden".  Rather than try and organise what I've found into little chunks, this will be a narration of the adventure.

I started learning about Jails using a Linux Jail.  I used an IP address within the router address space.  All was well until I tried to communicate with services within the Jail that I thought I'd started.  Not only that, but when I check the router's "attached devices" list, my Jail was nowhere to be seen.

I remembered there were two tutorial articles about Jails in BSD Magazine, one on Linux Jails in issue 12/12 and a tutorial on installing OwnCloud in a Standard Jail in issue 9/12.

The article on Linux Jails went into NAT configuration on the host and editing a few configuration files - I must confess I found this puzzling as a requirement since everything else about PC-BSD organisation of Jails was so automated.  Eventually I went back to the beginning and went through the tutorial setting up a standard BSD Jail.

What I found with the BSD Jail was that there were several other tools to manage these Jail types - including a Process manager, where I could make sure the processes I wanted were started.  That is where I started remembering the list of ports being monitored in the Linux Jail ....  Also, it was about that time I chanced on reading a statement in the PC-BSD forums where the poster pointed out that Warden does quite a few things in the background.

So ...

I cloned my BSD Jail, giving one an IP in the router address space, and the other another address in another address space.  I made sure the Apache process was started in each Jail and that the firewall had opened port 80.  Then I went to another computer on my network and simply typed in the IP address of each jail in a web browser.  The Jail with the router address space address worked immediately and Apache talked back.  The other one, not.

My conclusion as to Jail IP address:

• If you are simply starting a Jail - give it an IP in the router address space.
• If you are going to configure NAT on the host system, use another address space.

How do you find the Jail if the router does not know about it?  When you address your Jail, the router queries each of its attached machines.  When it queries the host machine, that machine recognises the Jail address and passes the request on to the Jail.  So the router doesn't have to know about the Jail, it just has to be able to have an address in its address space that it can give to the host machine that then knows.

NOW .. I went back to my Linux Jail - with its IP address in the router address space.  I installed an SSH server, made sure it was started (the listened port came up on the info tab).  I opened the SSH port on the firewall.  I then went to another machine on the network,

ssh (ip address)

The Jail replied!  Victory!

So you can now configure your router to talk to a Jail just like any other attached machine.  I would guess you could even assign a static IP to a Jail, using the mac address of the host machine.

A final note about Debian Jails.  When you install the Jail, there are several configuration tasks that are not taken care of that would normally be done so in a Debian Install, but are not.  That is my next little task to take care of with a Debian Linux Jail ....


Later ............

PS
For Debian,

• an easy way to manage startup services is to load package " rcconf " and use that to graphically set services.
• to set the default Locale, install package  " locales " and run " dpkg-reconfigure locales " to select and set your desired Locale.

PC-BSD 9.1 Jails and a bit of PBI

v 0.2

29 Jan 13

PBI

I should mention a couple of niceties in dealing with PBI installs: 

• The package does not appear on your menu until the next time you log in.
• There is a preference selection to prevent the package making an icon on the desktop if you wish.

Jails

I started my exploration of Jails with a Linux Jail.  First thing you have to decide is what local network address you are going to assign the Jail.  At the very least, assign an address high up in the local address space - say 192.168.1.160 ..  Next you get to name the jail and finally to choose which of the two scripts to use to install it.  At the moment, there is the choice between Debian Squeeze and Gentoo.  I chose Debian, since I'm more familiar with it and just like it and intend using Debian Jails.

Once you start the script, it just works.  No deciding how big or anything like that.  The Jail uses what it needs to.  Nice.  Note the checkbox that starts the jail on system startup.  Oh, and when you shut down, the Jail is gracefully shut down before PC-BSD exits.

Upon completion, the Warden presents you with a list of your Jails and their status.  Select your Jail, and under the "Tools" tab, you can start a root terminal to use the Jail.  At the moment, the intent is text only via the terminal, however with more development, an X server environment will be easily achievable.

Would you like Wheezy or Sid with your Jail?

Whilst I am really happy that Debian is one of the two Linux distros selected for scripts to start Jails, probably because Debian has the BSD kernel available, Debian 6.0 Squeeze is old.  It is on the verge of being "Old-Stable".  Debian 7.0 Wheezy is on the verge of being the new Debian Stable for Servers.  What to do?

The answer is really, really, simple.

The shell script used to start the Debian Squeeze Jail is located in
/usr/local/share/warden/linux-installs

You can look at the script or view the source here:
http://trac.pcbsd.org/browser/pcbsd/current/src-sh/warden/linux-installs/debian-6-squeeze

Look at Line 18 of the script:
debootstrap squeeze ${jDIR}

Here you can see that the way that Debian is installed is that "debootstrap" is called to load "squeeze" over the internet.  Replace "squeeze" with "wheezy" and you will load Debian 7.0 Wheezy into the jail.  I see no reason why this should not work with Sid as well.


Now that is cool.




Later .........

PC-BSD 9.1 - An Initial Look, Packages and Jails

 v 0.2

29 Jan 13

I think I've found the system I want to use on my computers, and the basis for servers.  The more I look into what I can do with PC-BSD, the more I like it.   This time, I'm having an initial look around my PC-BSD installation, and then talking about a few issues and concepts I've had to get my head around.  Don't forget, of course, to refer to the PC-BSD forumns, wiki and handbook.  I've found the handbook very helpful, though wrong in the case of the Grub2 bootloader.

After logging in, and looking at your preferred desktop (mine is Gnome2 in this case) it is time to see just what we have been able to install.

• First place for me to look is in the "Internet" menu.  Depending on your initial selections, you will have up to four web browsers installed, email client, graphical "wget", newsreader, rss aggregator and a bittorrent application.  Firing up Konqueror and going to Youtube, you find that the Adobe Flash plugin is already there and that playing of videos and sound works well.  I plugged in USB headsets and they worked fine.  There are a number of tools in the "Development" menu, the Education section has the normal KDE applications, including the KStars planetarium and the Marble virtual globe.  The Games section has an extensive array of different games, even some Strategy games.  There are several more extensive games available for download.
• Graphics has an extensive suite of tools, from Painting, Scanning, Viewing, Photo Albums and up to Panorama and the Hugin 360 deg immersive Panorama maker.
• Multimedia covers Audio and Video players, an audio recorder and Burners.
• The Office section has the Calligra suite, the KDE PIM, email, calendar, pdf viewers, Planning and many more.

All I can say, is explore and have fun.  There is a lot of stuff here.


Flash Blue

The Adobe Flash plug-in has a known issue in web browsers.  We have an attack of the Smurfs.  People are BLUE!!!  Turns out that this is a "feature" of this Flash plugin when combined with the nVidia 3d acceleration.  Right click on the video, go to "Settings" and uncheck the hardware acceleration box.  Fixed!!


PBI - the Push Button Installer

As you may, or may not know, the traditional BSD package management is via "Ports" where you download the source and compile it on your system.  For the average user, this can be a little challenging - certainly until you understand the process.  Instead, PC-BSD has developed a system whereby installing packages onto the system is more in line with what you would expect if you used a Windows system.  AppCafe allows you to scan the contents of a "PBI" repository and then install what you want with the click of a button.

So, how do you make a "PBI" ? .. The EasyPBI application allows you to create a "PBI" package from a "Port".  The downside is that you need to know a little bit more than just how to push a button.  The advantage of this is, though, that as people create PBI packages from Ports, the number of packages in the PC-BSD package repository increases.


Ports and PC-BSD

Yes, you can still use the Ports system in PC-BSD - after all, it is just FreeBSD under the hood.  BUT.  Should you install a Port onto your system, you run the risk of having it deleted during a system upgrade.  The answer is to use a "Ports Jail".  Install your Ports into such a "Jail" and you can transparently use your ports and keep them secure.


Jails

The Jail is in my view the "Killer Feature" of BSD.  A Jail is a semi-virtualised sandbox that lets you run a separate instance of BSD or Linux at what is effectively native speed.  You can have a "Ports Jail" where you run your Ports on their own protected BSD system, a BSD Jail where you can install a server (or even multiple BSD Jails for separate servers), or a "Linux Jail" where you can run a Linux system and the appropriate applications.  All with their own IP addresses and userspace.

What happens if an attacker compromises a server or system within a Jail?  That is why it is called a Jail.  The attacker is corralled within that userspace.  Neat.

Finally, given that the "Jail" feature is incorporated into BSD, you can use it knowing that a company such as Oracle or VMWare do not hold you at their mercy.  Next time, I want to explore Jails in more detail and learn how to use them - I already have several tasks I want to achieve with them and I'm keen to find out more.

Package Observation ..

In closing - the ONLY package system that is guaranteed immune from deletion during a system upgrade is the PC-BSD "PBI" package system.  Both the normal BSD packages and ports should be installed using a Ports Jail.


Later...

PC-BSD 9.1 - Login and Control Panel

v 0.2

18 Jan 13

The first time you start PC-BSD it goes into the initial configuration, asking language, locale, checking you are happy with your video resolution and setting the root password and creating an account for you.  You are then presented with the log-in screen.  Highlight your name, and before entering your password if you look at the bottom status bar, you will see a number of selectors, one of which is for the desktop you wish to use.  Default is KDE, but I prefer Gnome or LXDE.  For the rest of this, I'll use Gnome2 as the reference (it seems to be faster than KDE) as we look around.  It is pretty much the same for all the Desktops.

Once the initial first time screens are presented when you log in, you see the desktop.  On the left are six icons if you are in Gnome.  Whilst all my autoconfiguration tasks completed successfully, there was one time they didn't - I had no network capability.  This was solved by going to the network configuration the control panel. so ...

PC-BSD Control Panel

I'm not going to go through every item here, but there are a few that are of initial interest. 

• Under System management, the "About" selection gives you information about your system (obviously). 
• Hardware compatibility tells you about your Video driver, resolution, whether the ethernet device is connected, wifi and the Sound device. 
• The Network Configuration opens to a screen with a list of Network adapters - I highlighted the one (there was only one for me) and pressed the "configure" button.  I found that the device had been disabled with a check box in the bottom left hand corner - I unchecked it and then "apply" and "close".  Can't remember whether I restarted or not, but the problem was fixed.
• There is a gui Firewall Manager - doesn't get easier than this.
• "System Manager" - this is worth looking at.  It chooses the PC-BSD mirror you use for installing packages, which system packages you want to install and enables you to download the ports tree.

Services and Startup Applications

There are two places to see what applications and services start automatically.

• System management > Service Manager
• Desktop environment > Startup Applications

Tools

• Life Preserver - this is the system backup program - it allows you to schedule your backups to a remote server if you wish
• Warden - this application allows you to configure and manage your "Jails".  A note here would not do it all justice.

AppCafe

AppCafe is both a separate icon on the desktop and included in the Control Panel.  When you start it, it connects to a repository and presents you with an extensive list of applications you can install on your system.  Many applications are quite large - larger than you would expect.  The reason for this is that PC-BSD installs the application AND its dependencies for each application.  Yes it takes more room but it also removes the "dependency hell" that can exist when different applications expect different versions of a library.

I have not covered all selections - my aim was to cover some of the areas that were of initial interest to me and may be to you.  Once you get started, it is easy to move on from there.  Next I'll look at some of the applications that come "out of the box" and some minor issues, such as the "Attack of the Smurfs" when watching Youtube.


Later ....

PC-BSD 9.1 - Installation Comments

 v 0.2

17 Jan 13

I wrote recently about my initial look at PC-BSD 9.1.  I gave initial installation impressions and some general thoughts about what it felt like.  I did give a detailed explanation of getting it dual-booting with Debian Linux, and emphasised that you should use an nVidia video card for best results.  Here, I'll talk in a bit more detail about the installation process.

In point form, here are the steps I went through to get the installation completed.

• Reboot with Parted Magic
• Once it had booted, the CD was ejected.
• Started Gparted - tray retracted
• Shrunk my Debian Wheezy install - shrinking and moving partitions.  There was a warning when I moved a partition that this could render the system unbootable, however this only referred to the boot partition.
• Created a new Primary partition at the end (1.6 TB) to contain the BSD install.
• Took over an hour to do tasks.

• Rebooted in to Debian to make sure it worked.
• Booted with PC-BSD DVD.
• Default boot went into full screen graphical installer
• English
• Desktops - Customise - I chose all those desktops and components I wanted
• Disk - Advanced - I chose the disk, and selected the patition I wanted from the drop-down list.  CAREFUL, default is to gobble the entire disk.
• File system - ZFS because I have more than 2 gig memory AND I am 64 bit.
• Left the "install bootable MBR" so that it would install the boot loader to the start of the partition, as well as the initial part on the MBR
• IF you have multiple HDD AND you will use all of them, you have the option of configuring RAID
• Do you want to Encrypt your data?
• Mount point options
• Summary
• Start Installation

I found the PC-BSD installation screens quite straightforward, though you really do need to look and think about what you are doing.  If you make a mistake, you can always do the installation again - after all, for most of the time

There are a number of desktops that are available to be installed - they are all on the DVD.  The KDE desktop is the primary one - check which parts of the desktop you want installed.  As an example the KDE office Calligra is not installed by default.  You also have the choice of Gnome2, LXDE, XFCE, and then a host of "unsupported" desktops.

Along with the desktops, there are development, Hardware drivers (nVidia, HPLip) and Miscellaneous sections (Compiz, MythTV, VMWare and Virtualbox Guest additions) as well as a couple of other packages.  As I have said before, I would definitely want to use an nVidia video card because of its support in PC-BSD.

The ZFS file system seems to have a number of advantages when it comes to the subject of Jails, so I'm glad I installed that.  I was quite impressed that there was the option to set up a RAID array, so installing two or three identical disks could well be worthwhile.  I initially thought I might be able to do RAID 5, but I think there is only RAID 1,2 or 3.  Another great feature is being able to easily encrypt your data directories.  Excellent.



Still early days yet, but looking promising.  I have noted that using Dropbox and the like may have some limitations, but on the other hand, there are other things that can be done ...





Later ....

PC-BSD 9.1 - Aha! At last!

v 0.4.1

14 Jan 13

16 Jan 13
16 jan 13 Afternoon

I saw on Distrowatch recently, that a new version of PC-BSD had been released.  At the back of my mind I've always wanted to try that, or Free-BSD.  It was re-enforced when I was looking through the titles of the Linux Action Show and saw they had a review of it.  What I saw impressed me no end:

• Simple Installation
• Jails
• Absolutely Solid

I should talk about "Jails".  To me, these are the killer feature of Free-BSD and PC-BSD.  They are effectively a Virtual Machine within the system, but they are not.  More like a sandbox.  As an example, you can create a BSD jail or a Linux jail that runs a complete operating system in a sandbox - for example set up a server there with its own IP address.  If an intruder breaks in, they are trapped inside the jail.  But there is more!  Backups, cloning, snapshots. All done with ease.

Another two really impressive features are the firewall setup and the automatic backup.  Easy to set up and effective.  What more can I say?

The acknowledged problems at the moment include deficiencies in the ATI and Intel video drivers, however progress is expected on these issues by version 9.2 of PC-BSD.

PC-BSD in Virtualbox

I started by downloading the Virtualbox image - a whole 2.4 gig.  I unpacked it and it expanded to about 7.8 gig (from memory) and when mated to Virtualbox, it was a disk that would expand to 34 gig.

The first run allowed me to easily set up the video resolution, timezone and language.  Impressive.  The ability to add software was just so easy I was thinking that this would make a really good vanilla home computer.  Web browsing, email, instant messaging, skype, office, finance - the list goes on.  AND secure.  Very secure.

PC-BSD on Hardware - First Blush

I'll not hold you in suspense - on my chosen "box" (the $400 box described elsewhere on this blog) the whole experience was initially unusable.  I could not even get it to install and configure.  In my particular instance it was just garbage.

Now, it is all very well to report my experience, but WHY did it not work?

Two reasons.

• Video driver
• Boot manager

I have an i3 chip in my machine, which provides a level of Intel video capability.  As noted above, that is a deficiency that has already been noted.  The system would come up, confirm my video resolution (1680 x 1050) and go for 24 bit.  When I accepted (or even tried with reduced colour depth with vesa) it just crashed.  Unuseable. (subsequently found to be the lack of driver for the on-board intel video)

The Boot manager detected my Linux install, but I was unable to select it.  BSD was the only thing that would work.  Major work needed.  BSD is almost worse than Windows in its lack of ability to play with other children.  In all the Googling I did, I found people pleading for solutions for dual-boot problems, with nothing that really worked.  Even the official documentation was useless for me when I tried to use Grub2. Solved with a different menu-entry, and after finding out that Grub2 decided to change their numbering system for partitions but nobody knew.

Second Blush - We have Liftoff with nVidia

 Well, I took Cmdr Taggart's advice from Galaxy Quest ... and I kept thinking about this and experimenting.

nVidia cards are mentioned a lot.  I had one lying around, though it needed an extra power supply.  Eventually, I relented and bought the cable, connected it up and .... YES! We have liftoff!  32 minutes past the hour. 

AND the machine was significantly faster as well.

Third Blush - Damn you Grub2!!!!

Computer HDD Setup

I have Debian Linux (wheezy) on the first primary partition, with PC-BSD on the second primary partition using the zfs filesystem.  When I installed PC-BSD, I installed its bootloader which overwrote Grub2 on the MBR.

Recovering Debian Grub2

To re-install Grub2 on the MBR in a Debian system, the installation cd/dvd have the tools specifically built in.  Google on the Debian Wiki and it directs you to the appropriate section of the Debian installation guide.

• Boot using the Debian Install Disk
• Advanced Options
• Recovery Mode
• You will progress through various screens which are the first part of the Debian Installer - don't worry too much because none of the info will be written to the disk.  Eventually ....
• A screen will present the available partitions - select the one you want to be the root partition.
• Select the menu entry to re-install Grub

That's it.

Manual Menu Entries in Debian Grub2

Like a lot of things in life, many things are only obvious in hind-sight.  Gaining that knowledge is hard won, but you feel good after the fact.

Debian automatically builds the Grub2 config file " /boot/grub/grub.cfg" .  There is no point editing it (and they warn you about this - it is a text file that you can read) because it is over-written the next time grub.cfg is created.  Instead, if you look at the end of the file, you will see that they point you to a customisation file " /etc/grub.d/40_custom " .  Open it in an editor (as superuser) and you can add your manual entries to the bottom.  Save the file and then once again as superuser:
" update-grub "
This will incorporate your custimisations in a new grub.cfg file.

Adding PC-BSD to Grub2

The entry I eventually found was for me (after piecing things together) was:

menuentry "PC-BSD 9.1" {
set root='(hd0,2)'
chainloader +1
}

"hd0,2"  -  well, ARRRRGGGGHHHHHHH!!!!!!!!

• 0 stands for the first hard disk, because you count your disks from zero.
• 2 stands for the second partition because you count your partitions from one.

 chainloader +1  allows grub to go to the bootloader for PC-BSD which I installed initially if you remember and which is loaded at the start of the PC-BSD partition.

Finally, to change the timeout and default menu entries, I've written previously about this here:
http://glassfloor.blogspot.com.au/search/label/Grub

 So, What do I Think?

 This is definitely worth sticking with as the potential rewards are significant.  So far, I have the system up and running - and the Grub2 bootloader is doing what I want.  Everything boots smoothly to what I want.

If you want to use PC-BSD (and like I said, for a family this makes a great system) .. use an nVidia video card and have only BSD on the system. Once you know what you are doing with re-configuring boot loaders, it is pretty straightforward - but getting there may be an effort.

I'm glad I stuck it out despite my initial setbacks because I'm really quite excited about what can be done with PC-BSD.  For the moment though, I'm happy with what I've achieved and that what I've written up above may help someone have an easier time than me.  I'll write further on this as it is worthwhile documenting.




Later