Installing FreeBSD 5.3 on QUARKPRIME
From Earlham Cluster Department
The install of FreeBSD 5.3 was fairly typical, with the exception that ACPI had to be disabled. This can be done by selecting "2" at the boot prompt, and permanently by adding hw.acpi.0.disable="1" to /boot/loader.conf.
After booting, the 54GB RAID-5 volume was partitioned like so:
|/clients||UFS2 w/ SoftUp.||36GB|
|/var||UFS2 w/ SoftUp.||3GB|
|/usr||UFS2 w/ SoftUp.||10GB|
After partitioning, base, compat4x, manpages, src, ports, and perl were selected for installation.
The initial configuration consisted of adding the above-mentioned ACPI line to /boot/loader.conf, and then adding this /etc/rc.conf file:
usbd_enable="YES" hostname="quarkprime.cs.earlham.edu" nisdomainname="cs.earlham.edu" ifconfig_xl0="inet 18.104.22.168 netmask 255.255.255.0" ifconfig_xl1="inet 192.168.0.91 netmask 255.255.255.0" named_enable="YES" rwhod_enable="YES" sshd_enable="YES" nfs_server_enable="YES" mountd_enable="YES" mountd_flags="-rl" rpc_lockd_enable="YES" rpc_statd_enable="YES" rpcbind_enable="YES" ntpd_enable="YES" nis_client_enable="YES" nis_client_flags="-S cs.earlham.edu,22.214.171.124,126.96.36.199" nis_server_enable="YES" nis_yppasswdd_enable="YES" defaultrouter="188.8.131.52" saver="green" enable_quotas="YES" accounting_enable="YES" linux_enable="YES" kern_securelevel_enable="YES" kern_securelevel="1"
- I rebooted to make sure everything worked, and then ran ssh-keygen -t dsa to generate a public/private key pair, and gave it no password to remove the need to use an agent. I appended quarkprime's /root/.ssh/id_dsa.pub in quark's /root/.ssh/authorized_keys file, and quark's /root/.ssh/id_dsa.pub in quarkprime's /root/.ssh/authorized_keys file.
- After getting ssh working, I installed a precompiled cvsup using /stand/sysinstall, and then proceeded to pull down fresh ports and src trees. I recompiled the kernel to enable SMP and quota support, and also to cut down on the amount of hardware drivers loaded with it.
- For the NIS configuration, I made sure that the domainname was set to cs.earlham.edu, fired up rpcbind and ypserv, and then ran ypinit -s cs.earlham.edu to pull a fresh NIS map from quark. I added +:::::::: to the end of /etc/passwd and +::: to the end of /etc/group to enable the fall-through to NIS.
- I installed the Amanda client utilities, with the server set as backup.
- I installed LPRng, and copied over quark's printcap file to /etc/ on quarkprime. I also installed the ifhp package to provide support for our HP printers.
- Because of a security issue with the default perl 5.8.5, I decided to upgrade to 5.8.6. I built the portupgrade utility so I could run this command:
portupgrade -f `(pkg_info -R perl-5\* |tail +4; \ find /usr/local/lib/perl5/site_perl/5.. -type f -print0 \ | xargs -0 pkg_which -fv | sed -e '/: ?/d' -e 's/.*: //')|sort -u`
- I installed Apache with these options: WITH_APACHE_SUEXEC=yes APACHE_SUEXEC_CALLER=nobody APACHE_SUEXEC_LOG=/var/log/httpd/httpd-suexec.log APACHE_SUEXEC_USERDIR=www WITH_APACHE_MODACCEL=yes WITH_APACHE_MODDEFLATE=yes.
- I installed all the Apache modules from quark, except: mod_auth_pgsql (broken pkg-list)
- I installed ImageMagick, which in turn installed the ghostscript port.
- I installed zsh.
- I would have installed wget, but there are multiple vulnerabilities.
- I installed PHP4 from ports, copying quark's config for the extensions. I installed all the extensions except: curl (security vulnerability)
- As work progressed, I discovered a bugin the PHP Postgres module that causes Apache to segfault. The only fix I discovered was an upgrade to Apache 2 and PHP5. This will necessitate figuring out how ipfw/dummynet or ipf/altq work for bandwidth management, because mod_bandwidth hasn't been ported to Apache 2. All other modules work normally.
- I installed radiusd from ports, and copied the configuration over. Nothing too interesting.
- Installed vim and emacs.
- I installed amanda-client, and copied over .amandahosts from quark.
- I installed snort, with Flexible response, and Postgres/MySQL support. I put snort_enable="YES" and snort_interfaces="xl0" in /etc/rc.conf. I had to create /var/log/snort.
- I installed ACID, and copied over the configuration file from quark.
- bsdsar has been installed from ports.
- chkrootkit installed.
- Installed fetchmail.
- Installed gnupg with WITH_LDAP=yes and WITH_SUID_GPG=yes.
- Installed gnuplot with GD, HISTOGRAMS, PDF, PNG, and READLINE.
- Installed htmldoc.
- Installed mailman, and copied over /usr/local/mailman from quark.
- Installed rdate.
- Installed rdesktop.
- Installed reportmagic.
- Installed tcl/tk.
- Installed teTeX.
- Installed transfig.
- Installed unix2dos.
- Installed xdvi.
- Installed xemacs.
- Installed xfig.
- Installed xpdf.
- Installed zoo.
- Put /sbin/swapoff /dev/da0s1b to work around kern/75850.
- Install gdb6.
- Check all perl and php modules are installed.
- Install Proftpd (or some FTP service).
- Make sure printing is working.