Tuesday, January 29, 2013

PC-BSD 9.1 Jails and a bit of PBI

v 0.2
29 Jan 13



PBI

I should mention a couple of niceties in dealing with PBI installs: 
  • The package does not appear on your menu until the next time you log in.
  • There is a preference selection to prevent the package making an icon on the desktop if you wish.


Jails

I started my exploration of Jails with a Linux Jail.  First thing you have to decide is what local network address you are going to assign the Jail.  At the very least, assign an address high up in the local address space - say 192.168.1.160 ..  Next you get to name the jail and finally to choose which of the two scripts to use to install it.  At the moment, there is the choice between Debian Squeeze and Gentoo.  I chose Debian, since I'm more familiar with it and just like it and intend using Debian Jails.

Once you start the script, it just works.  No deciding how big or anything like that.  The Jail uses what it needs to.  Nice.  Note the checkbox that starts the jail on system startup.  Oh, and when you shut down, the Jail is gracefully shut down before PC-BSD exits.

Upon completion, the Warden presents you with a list of your Jails and their status.  Select your Jail, and under the "Tools" tab, you can start a root terminal to use the Jail.  At the moment, the intent is text only via the terminal, however with more development, an X server environment will be easily achievable.

Would you like Wheezy or Sid with your Jail?

Whilst I am really happy that Debian is one of the two Linux distros selected for scripts to start Jails, probably because Debian has the BSD kernel available, Debian 6.0 Squeeze is old.  It is on the verge of being "Old-Stable".  Debian 7.0 Wheezy is on the verge of being the new Debian Stable for Servers.  What to do?

The answer is really, really, simple.

The shell script used to start the Debian Squeeze Jail is located in
/usr/local/share/warden/linux-installs

You can look at the script or view the source here:
http://trac.pcbsd.org/browser/pcbsd/current/src-sh/warden/linux-installs/debian-6-squeeze

Look at Line 18 of the script:
debootstrap squeeze ${jDIR}

Here you can see that the way that Debian is installed is that "debootstrap" is called to load "squeeze" over the internet.  Replace "squeeze" with "wheezy" and you will load Debian 7.0 Wheezy into the jail.  I see no reason why this should not work with Sid as well.


Now that is cool.




Later .........

PC-BSD 9.1 - An Initial Look, Packages and Jails

 v 0.2
29 Jan 13

I think I've found the system I want to use on my computers, and the basis for servers.  The more I look into what I can do with PC-BSD, the more I like it.   This time, I'm having an initial look around my PC-BSD installation, and then talking about a few issues and concepts I've had to get my head around.  Don't forget, of course, to refer to the PC-BSD forumns, wiki and handbook.  I've found the handbook very helpful, though wrong in the case of the Grub2 bootloader.

After logging in, and looking at your preferred desktop (mine is Gnome2 in this case) it is time to see just what we have been able to install.

  • First place for me to look is in the "Internet" menu.  Depending on your initial selections, you will have up to four web browsers installed, email client, graphical "wget", newsreader, rss aggregator and a bittorrent application.  Firing up Konqueror and going to Youtube, you find that the Adobe Flash plugin is already there and that playing of videos and sound works well.  I plugged in USB headsets and they worked fine.  There are a number of tools in the "Development" menu, the Education section has the normal KDE applications, including the KStars planetarium and the Marble virtual globe.  The Games section has an extensive array of different games, even some Strategy games.  There are several more extensive games available for download.
  • Graphics has an extensive suite of tools, from Painting, Scanning, Viewing, Photo Albums and up to Panorama and the Hugin 360 deg immersive Panorama maker.
  • Multimedia covers Audio and Video players, an audio recorder and Burners.
  • The Office section has the Calligra suite, the KDE PIM, email, calendar, pdf viewers, Planning and many more.

All I can say, is explore and have fun.  There is a lot of stuff here.


Flash Blue

The Adobe Flash plug-in has a known issue in web browsers.  We have an attack of the Smurfs.  People are BLUE!!!  Turns out that this is a "feature" of this Flash plugin when combined with the nVidia 3d acceleration.  Right click on the video, go to "Settings" and uncheck the hardware acceleration box.  Fixed!!


PBI - the Push Button Installer

As you may, or may not know, the traditional BSD package management is via "Ports" where you download the source and compile it on your system.  For the average user, this can be a little challenging - certainly until you understand the process.  Instead, PC-BSD has developed a system whereby installing packages onto the system is more in line with what you would expect if you used a Windows system.  AppCafe allows you to scan the contents of a "PBI" repository and then install what you want with the click of a button.

So, how do you make a "PBI" ? .. The EasyPBI application allows you to create a "PBI" package from a "Port".  The downside is that you need to know a little bit more than just how to push a button.  The advantage of this is, though, that as people create PBI packages from Ports, the number of packages in the PC-BSD package repository increases.


Ports and PC-BSD

Yes, you can still use the Ports system in PC-BSD - after all, it is just FreeBSD under the hood.  BUT.  Should you install a Port onto your system, you run the risk of having it deleted during a system upgrade.  The answer is to use a "Ports Jail".  Install your Ports into such a "Jail" and you can transparently use your ports and keep them secure.


Jails


The Jail is in my view the "Killer Feature" of BSD.  A Jail is a semi-virtualised sandbox that lets you run a separate instance of BSD or Linux at what is effectively native speed.  You can have a "Ports Jail" where you run your Ports on their own protected BSD system, a BSD Jail where you can install a server (or even multiple BSD Jails for separate servers), or a "Linux Jail" where you can run a Linux system and the appropriate applications.  All with their own IP addresses and userspace.

What happens if an attacker compromises a server or system within a Jail?  That is why it is called a Jail.  The attacker is corralled within that userspace.  Neat.

Finally, given that the "Jail" feature is incorporated into BSD, you can use it knowing that a company such as Oracle or VMWare do not hold you at their mercy.  Next time, I want to explore Jails in more detail and learn how to use them - I already have several tasks I want to achieve with them and I'm keen to find out more.

Package Observation ..

In closing - the ONLY package system that is guaranteed immune from deletion during a system upgrade is the PC-BSD "PBI" package system.  Both the normal BSD packages and ports should be installed using a Ports Jail.


Later...

Friday, January 18, 2013

PC-BSD 9.1 - Login and Control Panel

v 0.2
18 Jan 13

The first time you start PC-BSD it goes into the initial configuration, asking language, locale, checking you are happy with your video resolution and setting the root password and creating an account for you.  You are then presented with the log-in screen.  Highlight your name, and before entering your password if you look at the bottom status bar, you will see a number of selectors, one of which is for the desktop you wish to use.  Default is KDE, but I prefer Gnome or LXDE.  For the rest of this, I'll use Gnome2 as the reference (it seems to be faster than KDE) as we look around.  It is pretty much the same for all the Desktops.

Once the initial first time screens are presented when you log in, you see the desktop.  On the left are six icons if you are in Gnome.  Whilst all my autoconfiguration tasks completed successfully, there was one time they didn't - I had no network capability.  This was solved by going to the network configuration the control panel. so ...

PC-BSD Control Panel

I'm not going to go through every item here, but there are a few that are of initial interest. 
  • Under System management, the "About" selection gives you information about your system (obviously). 
  • Hardware compatibility tells you about your Video driver, resolution, whether the ethernet device is connected, wifi and the Sound device. 
  • The Network Configuration opens to a screen with a list of Network adapters - I highlighted the one (there was only one for me) and pressed the "configure" button.  I found that the device had been disabled with a check box in the bottom left hand corner - I unchecked it and then "apply" and "close".  Can't remember whether I restarted or not, but the problem was fixed.
  • There is a gui Firewall Manager - doesn't get easier than this.
  • "System Manager" - this is worth looking at.  It chooses the PC-BSD mirror you use for installing packages, which system packages you want to install and enables you to download the ports tree.

Services and Startup Applications

There are two places to see what applications and services start automatically.
  • System management > Service Manager
  • Desktop environment > Startup Applications

Tools

  • Life Preserver - this is the system backup program - it allows you to schedule your backups to a remote server if you wish
  • Warden - this application allows you to configure and manage your "Jails".  A note here would not do it all justice.


AppCafe

AppCafe is both a separate icon on the desktop and included in the Control Panel.  When you start it, it connects to a repository and presents you with an extensive list of applications you can install on your system.  Many applications are quite large - larger than you would expect.  The reason for this is that PC-BSD installs the application AND its dependencies for each application.  Yes it takes more room but it also removes the "dependency hell" that can exist when different applications expect different versions of a library.

I have not covered all selections - my aim was to cover some of the areas that were of initial interest to me and may be to you.  Once you get started, it is easy to move on from there.  Next I'll look at some of the applications that come "out of the box" and some minor issues, such as the "Attack of the Smurfs" when watching Youtube.


Later ....

Thursday, January 17, 2013

PC-BSD 9.1 - Installation Comments

 v 0.2
17 Jan 13

I wrote recently about my initial look at PC-BSD 9.1.  I gave initial installation impressions and some general thoughts about what it felt like.  I did give a detailed explanation of getting it dual-booting with Debian Linux, and emphasised that you should use an nVidia video card for best results.  Here, I'll talk in a bit more detail about the installation process.

In point form, here are the steps I went through to get the installation completed.
  • Reboot with Parted Magic
  • Once it had booted, the CD was ejected.
  • Started Gparted - tray retracted
  • Shrunk my Debian Wheezy install - shrinking and moving partitions.  There was a warning when I moved a partition that this could render the system unbootable, however this only referred to the boot partition.
  • Created a new Primary partition at the end (1.6 TB) to contain the BSD install.
  • Took over an hour to do tasks.

  • Rebooted in to Debian to make sure it worked.
  • Booted with PC-BSD DVD.
  • Default boot went into full screen graphical installer
  • English
  • Desktops - Customise - I chose all those desktops and components I wanted
  • Disk - Advanced - I chose the disk, and selected the patition I wanted from the drop-down list.  CAREFUL, default is to gobble the entire disk.
  • File system - ZFS because I have more than 2 gig memory AND I am 64 bit.
  • Left the "install bootable MBR" so that it would install the boot loader to the start of the partition, as well as the initial part on the MBR
  • IF you have multiple HDD AND you will use all of them, you have the option of configuring RAID
  • Do you want to Encrypt your data?
  • Mount point options
  • Summary
  • Start Installation

I found the PC-BSD installation screens quite straightforward, though you really do need to look and think about what you are doing.  If you make a mistake, you can always do the installation again - after all, for most of the time

There are a number of desktops that are available to be installed - they are all on the DVD.  The KDE desktop is the primary one - check which parts of the desktop you want installed.  As an example the KDE office Calligra is not installed by default.  You also have the choice of Gnome2, LXDE, XFCE, and then a host of "unsupported" desktops.

Along with the desktops, there are development, Hardware drivers (nVidia, HPLip) and Miscellaneous sections (Compiz, MythTV, VMWare and Virtualbox Guest additions) as well as a couple of other packages.  As I have said before, I would definitely want to use an nVidia video card because of its support in PC-BSD.

The ZFS file system seems to have a number of advantages when it comes to the subject of Jails, so I'm glad I installed that.  I was quite impressed that there was the option to set up a RAID array, so installing two or three identical disks could well be worthwhile.  I initially thought I might be able to do RAID 5, but I think there is only RAID 1,2 or 3.  Another great feature is being able to easily encrypt your data directories.  Excellent.



Still early days yet, but looking promising.  I have noted that using Dropbox and the like may have some limitations, but on the other hand, there are other things that can be done ...





Later ....

Monday, January 14, 2013

PC-BSD 9.1 - Aha! At last!

v 0.4.1
14 Jan 13
16 Jan 13
16 jan 13 Afternoon

I saw on Distrowatch recently, that a new version of PC-BSD had been released.  At the back of my mind I've always wanted to try that, or Free-BSD.  It was re-enforced when I was looking through the titles of the Linux Action Show and saw they had a review of it.  What I saw impressed me no end:
  • Simple Installation
  • Jails
  • Absolutely Solid

I should talk about "Jails".  To me, these are the killer feature of Free-BSD and PC-BSD.  They are effectively a Virtual Machine within the system, but they are not.  More like a sandbox.  As an example, you can create a BSD jail or a Linux jail that runs a complete operating system in a sandbox - for example set up a server there with its own IP address.  If an intruder breaks in, they are trapped inside the jail.  But there is more!  Backups, cloning, snapshots. All done with ease.

Another two really impressive features are the firewall setup and the automatic backup.  Easy to set up and effective.  What more can I say?

The acknowledged problems at the moment include deficiencies in the ATI and Intel video drivers, however progress is expected on these issues by version 9.2 of PC-BSD.

PC-BSD in Virtualbox

I started by downloading the Virtualbox image - a whole 2.4 gig.  I unpacked it and it expanded to about 7.8 gig (from memory) and when mated to Virtualbox, it was a disk that would expand to 34 gig.

The first run allowed me to easily set up the video resolution, timezone and language.  Impressive.  The ability to add software was just so easy I was thinking that this would make a really good vanilla home computer.  Web browsing, email, instant messaging, skype, office, finance - the list goes on.  AND secure.  Very secure.

PC-BSD on Hardware - First Blush

I'll not hold you in suspense - on my chosen "box" (the $400 box described elsewhere on this blog) the whole experience was initially unusable.  I could not even get it to install and configure.  In my particular instance it was just garbage.

Now, it is all very well to report my experience, but WHY did it not work?

Two reasons.
  • Video driver
  • Boot manager
I have an i3 chip in my machine, which provides a level of Intel video capability.  As noted above, that is a deficiency that has already been noted.  The system would come up, confirm my video resolution (1680 x 1050) and go for 24 bit.  When I accepted (or even tried with reduced colour depth with vesa) it just crashed.  Unuseable. (subsequently found to be the lack of driver for the on-board intel video)

The Boot manager detected my Linux install, but I was unable to select it.  BSD was the only thing that would work.  Major work needed.  BSD is almost worse than Windows in its lack of ability to play with other children.  In all the Googling I did, I found people pleading for solutions for dual-boot problems, with nothing that really worked.  Even the official documentation was useless for me when I tried to use Grub2. Solved with a different menu-entry, and after finding out that Grub2 decided to change their numbering system for partitions but nobody knew.

Second Blush - We have Liftoff with nVidia

 Well, I took Cmdr Taggart's advice from Galaxy Quest ... and I kept thinking about this and experimenting.

nVidia cards are mentioned a lot.  I had one lying around, though it needed an extra power supply.  Eventually, I relented and bought the cable, connected it up and .... YES! We have liftoff!  32 minutes past the hour. 

AND the machine was significantly faster as well.

Third Blush - Damn you Grub2!!!!


Computer HDD Setup

I have Debian Linux (wheezy) on the first primary partition, with PC-BSD on the second primary partition using the zfs filesystem.  When I installed PC-BSD, I installed its bootloader which overwrote Grub2 on the MBR.

Recovering Debian Grub2

To re-install Grub2 on the MBR in a Debian system, the installation cd/dvd have the tools specifically built in.  Google on the Debian Wiki and it directs you to the appropriate section of the Debian installation guide.
  • Boot using the Debian Install Disk
  • Advanced Options
  • Recovery Mode
  • You will progress through various screens which are the first part of the Debian Installer - don't worry too much because none of the info will be written to the disk.  Eventually ....
  • A screen will present the available partitions - select the one you want to be the root partition.
  • Select the menu entry to re-install Grub
That's it.

Manual Menu Entries in Debian Grub2

Like a lot of things in life, many things are only obvious in hind-sight.  Gaining that knowledge is hard won, but you feel good after the fact.

Debian automatically builds the Grub2 config file " /boot/grub/grub.cfg" .  There is no point editing it (and they warn you about this - it is a text file that you can read) because it is over-written the next time grub.cfg is created.  Instead, if you look at the end of the file, you will see that they point you to a customisation file " /etc/grub.d/40_custom " .  Open it in an editor (as superuser) and you can add your manual entries to the bottom.  Save the file and then once again as superuser:
" update-grub "
This will incorporate your custimisations in a new grub.cfg file.

Adding PC-BSD to Grub2

The entry I eventually found was for me (after piecing things together) was:

menuentry "PC-BSD 9.1" {
set root='(hd0,2)'
chainloader +1
}

"hd0,2"  -  well, ARRRRGGGGHHHHHHH!!!!!!!!
  • 0 stands for the first hard disk, because you count your disks from zero.
  • 2 stands for the second partition because you count your partitions from one.
 chainloader +1  allows grub to go to the bootloader for PC-BSD which I installed initially if you remember and which is loaded at the start of the PC-BSD partition.

Finally, to change the timeout and default menu entries, I've written previously about this here:
http://glassfloor.blogspot.com.au/search/label/Grub

 So, What do I Think?

 This is definitely worth sticking with as the potential rewards are significant.  So far, I have the system up and running - and the Grub2 bootloader is doing what I want.  Everything boots smoothly to what I want.

If you want to use PC-BSD (and like I said, for a family this makes a great system) .. use an nVidia video card and have only BSD on the system. Once you know what you are doing with re-configuring boot loaders, it is pretty straightforward - but getting there may be an effort.

I'm glad I stuck it out despite my initial setbacks because I'm really quite excited about what can be done with PC-BSD.  For the moment though, I'm happy with what I've achieved and that what I've written up above may help someone have an easier time than me.  I'll write further on this as it is worthwhile documenting.




Later