嘻嘻哈哈的部落格(blog)

折腾这个事儿很长时间了

一方面现在装FreeBSD很少

不急

所以一直也没弄好

最近快年底了，得赶紧弄完

所以今天终于搞定了

结构是局域网上有一台install server

上面开着ftp、tftp服务

要装的机器pxe去抓tftp上的启动image启动机器

然后用户输入装机用的网络设备、ip、掩码、网关、dns服务器

然后系统就自动去ftp server上抓东西安装

安装完毕

自动重起

文件install.cfg的内容：

debug=yes

command=sh /stand/setmedia.sh

system

configFile=/stand/setmedia.cfg

loadConfig

 文件setmedia.sh的内容：

#!/bin/sh

set PATH=$PATH:/bin:/usr/bin:/sbin:/usr/sbin:/sbin

export PATH

tmpfile=/stand/install.tmp

config=/stand/setmedia.cfg

#menu=/stand/menu.cfg

menu=""

eval icount=0

for i in `ifconfig -l`; do

        menu="${menu}${i} ${i} "

#       echo -n "$i $i " >> ${menu}

        icount=$((${icount} + 1))

done

if [ -z "${iface}" ]; then

        dialog –title "Select Install Interface" \

                –menu "Please select the network interface for install you with to perform." \

                        -1 -1 ${icount} `echo ${menu}` 2>${tmpfile}

        read iface < ${tmpfile}

        rm -f ${tmpfile}

fi

if [ -z "${ip}" ]; then

        dialog –title "Input IP Address" \

                –inputbox "Please input the ip address of ${iface} for install you with to perform." \

                        -1 -1 2>${tmpfile}

        read ip < ${tmpfile}

        rm -f ${tmpfile}

fi

if [ -z "${netmask}" ]; then

        dialog –title "Input Netmask" \

                –inputbox "Please input the netmask of the network." \

                        -1 -1 2>${tmpfile}

        read netmask < ${tmpfile}

        rm -f ${tmpfile}

fi

if [ -z "${gateway}" ]; then

        dialog –title "Input Gateway" \

                –inputbox "Please input the default gateway of the network." \

                        -1 -1 2>${tmpfile}

        read gateway < ${tmpfile}

        rm -f ${tmpfile}

fi

if [ -z "${nameserver}" ]; then

        dialog –title "Input Nameserver’s IP" \

                –inputbox "Please input the ip of the nameserver." \

                        -1 -1 2>${tmpfile}

        read nameserver < ${tmpfile}

        rm -f ${tmpfile}

fi

if [ -z "${server}" ]; then

        dialog –title "Select Install Server" \

                –menu "Please select the server you wish to install from." \

                        -1 -1 3 \

                        "192.168.222.21" "@idc1" \

                        "10.102.5.31" "@idc2" \

                        "10.1.21.49" "@office1" 2>${tmpfile}

        read server < ${tmpfile}

        rm -f ${tmpfile}

fi

echo "hostname=autoinst.sohu.com" >> ${config}

echo "domainname=sohu.com" >> ${config}

echo "nameserver=${nameserver}" >> ${config}

echo "defaultrouter=${gateway}" >> ${config}

echo "ipaddr=${ip}" >> ${config}

echo "netmask=${netmask}" >> ${config}

echo "" >> ${config}

echo "_ftpPath=ftp://${server}/pub/os/FreeBSD/releases/i386/4.11" >> ${config}

echo "netDev=${iface}" >> ${config}

echo "mediaSetFTP" >> ${config}

echo "distSetMinimum" >> ${config}

disks=`sysctl -n kern.disks`

if [ ! -z "${disks}" ]; then

        disk=`echo ${disks} | sed -e ’s/ .*//g’`

fi

echo "disk=${disk}" >> ${config}

echo "partition=all" >> ${config}

echo "bootManager=standard" >> ${config}

echo "diskPartitionEditor" >> ${config}

echo "#diskPartitionWrite" >> ${config}

echo "${disk}s1-1=ufs 1024000 /" >> ${config}

echo "${disk}s1-2=swap 4096000 none" >> ${config}

echo "${disk}s1-3=ufs 4096000 /var" >> ${config}

echo "${disk}s1-4=ufs 2048000 /root" >> ${config}

echo "${disk}s1-5=ufs 10240000 /usr" >> ${config}

echo "${disk}s1-6=ufs 0 /opt" >> ${config}

echo "diskLabelEditor" >> ${config}

echo "installCommit" >> ${config}

echo "shutdown" >> ${config}

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

前一篇文章提到make boot.flp有问题

后来

我有重新用4.11reelease的source make world后

再

cd /usr/src/release;make boot.flp

这次倒不是出上次的错误

但还是出新错误

"

cd: can’t cd to /R/stage/trees/bin/dev

*** Error code 2

Stop.
*** Error code 1

Stop

"
 

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

工作需要定制FreeBSD启动包boot.flp

于是

cd /usr/src/release;make boot.flp

结果出错：

cc -O -pipe -I/usr/src/sbin/dhclient/common/../../../contrib/isc-dhcp -I/usr/src/sbin/dhclient/common/../../../contrib/isc-dhcp/includes -c /usr/src/sbin/dhclient/common/../../../contrib/isc-dhcp/common/alloc.c -o alloc.o ld: could not exec elf/ld in /usr/obj/usr/src/i386/usr/libexec: No such file or directory *** Error code 1 Stop in /usr/src/sbin/dhclient/common. *** Error code 1 Stop in /usr/src/sbin/dhclient. *** Error code 1 Stop in /usr/src/release/boot_crunch. *** Error code 1 Stop in /usr/src/release. *** Error code 1 Stop in /usr/src/release.

重新装了Developer包

还是出这个错

55555555

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

这两天测试装机

发现一个问题

FreeBSD4.11启动机器的时候

当显示：80

"ata0: resetting devices .."

然后就死掉了

硬盘是ibm的80G的ide硬盘

查了一些资料

说是disable掉ide的dma模式就会好了

于是

再重新启动

在出现9秒等待的时候

敲空格键中止

输入：

set hw.ata.ata_dma="0"

set hw.ata.atapi_dma="0"

boot

终于起来了

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

在文件/etc/rc.conf中设定：

ipfilter_enable=”YES”
ipfilter_rules=”/etc/ipf.rules”
ipmon_enable=”YES” # optional
ipmon_flags=”-Ds” # optional

bash-2.05b# cat /etc/ipf.rules
#######################################################
# No restrictions on Inside LAN Interface for private network
# Not needed unless you have LAN
#######################################################

#pass out quick on xl0 all
#pass in quick on xl0 all

#######################################################
# No restrictions on Loopback Interface
#######################################################
pass in quick on lo0 all
pass out quick on lo0 all

#######################################################
# Interface facing Public Internet (Outbound Section)
# Interrogate session start requests originating from behind the
# firewall on the private network
# or from this gateway server destine for the public Internet.
#######################################################

# Allow out access to my ISP’s Domain name server.
# xxx must be the IP address of your ISP’s DNS.
# Dup these lines if your ISP has more than one DNS server
# Get the IP addresses from /etc/resolv.conf file
pass out quick on xl0 proto tcp from any to xxx port = 53 flags S keep state
pass out quick on xl0 proto udp from any to xxx port = 53 keep state

# Allow out access to my ISP’s DHCP server for cable or DSL networks.
# This rule is not needed for ‘user ppp’ type connection to the
# public Internet, so you can delete this whole group.
# Use the following rule and check log for IP address.
# Then put IP address in commented out rule & delete first rule
pass out log quick on xl0 proto udp from any to any port = 67 keep state
#pass out quick on xl0 proto udp from any to z.z.z.z port = 67 keep state

# Allow out non-secure standard www function
pass out quick on xl0 proto tcp from any to any port = 80 flags S keep state

# Allow out secure www function https over TLS SSL
pass out quick on xl0 proto tcp from any to any port = 443 flags S keep state

# Allow out send & get email function
pass out quick on xl0 proto tcp from any to any port = 110 flags S keep state
pass out quick on xl0 proto tcp from any to any port = 25 flags S keep state

# Allow out Time
pass out quick on xl0 proto tcp from any to any port = 37 flags S keep state

# Allow out nntp news
pass out quick on xl0 proto tcp from any to any port = 119 flags S keep state

# Allow out gateway & LAN users non-secure FTP ( both passive & active modes)
# This function uses the IPNAT built in FTP proxy function coded in
# the nat rules file to make this single rule function correctly.
# If you want to use the pkg_add command to install application packages
# on your gateway system you need this rule.
pass out quick on xl0 proto tcp from any to any port = 21 flags S keep state

# Allow out secure FTP, Telnet, and SCP
# This function is using SSH (secure shell)
pass out quick on xl0 proto tcp from any to any port = 22 flags S keep state

# Allow out non-secure Telnet
pass out quick on xl0 proto tcp from any to any port = 23 flags S keep state

# Allow out FBSD CVSUP function
pass out quick on xl0 proto tcp from any to any port = 5999 flags S keep state

# Allow out ping to public Internet
pass out quick on xl0 proto icmp from any to any icmp-type 8 keep state

# Allow out whois for LAN PC to public Internet
pass out quick on xl0 proto tcp from any to any port = 43 flags S keep state

# Block and log only the first occurrence of everything
# else that’s trying to get out.
# This rule enforces the block all by default logic.
block out log first quick on xl0 all

#######################################################
# Interface facing Public Internet (Inbound Section)
# Interrogate packets originating from the public Internet
# destine for this gateway server or the private network.
#######################################################

# Block all inbound traffic from non-routable or reserved address spaces
block in quick on xl0 from 192.168.0.0/16 to any #RFC 1918 private IP
block in quick on xl0 from 172.16.0.0/12 to any #RFC 1918 private IP
block in quick on xl0 from 10.0.0.0/8 to any #RFC 1918 private IP
block in quick on xl0 from 127.0.0.0/8 to any #loopback
block in quick on xl0 from 0.0.0.0/8 to any #loopback
block in quick on xl0 from 169.254.0.0/16 to any #DHCP auto-config
block in quick on xl0 from 192.0.2.0/24 to any #reserved for docs
block in quick on xl0 from 204.152.64.0/23 to any #Sun cluster interconnect
block in quick on xl0 from 224.0.0.0/3 to any #Class D & E multicast

##### Block a bunch of different nasty things. ############
# That I do not want to see in the log

# Block frags
block in quick on xl0 all with frags

# Block short tcp packets
block in quick on xl0 proto tcp all with short

# block source routed packets
block in quick on xl0 all with opt lsrr
block in quick on xl0 all with opt ssrr

# Block nmap OS fingerprint attempts
# Log first occurrence of these so I can get their IP address
block in log first quick on xl0 proto tcp from any to any flags FUP

# Block anything with special options
block in quick on xl0 all with ipopts

# Block public pings
block in quick on xl0 proto icmp all icmp-type 8

# Block ident
block in quick on xl0 proto tcp from any to any port = 113

# Block all Netbios service. 137=name, 138=datagram, 139=session
# Netbios is MS/Windows sharing services.
# Block MS/Windows hosts2 name server requests 81
block in log first quick on xl0 proto tcp/udp from any to any port = 137
block in log first quick on xl0 proto tcp/udp from any to any port = 138
block in log first quick on xl0 proto tcp/udp from any to any port = 139
block in log first quick on xl0 proto tcp/udp from any to any port = 81

# Allow traffic in from ISP’s DHCP server. This rule must contain
# the IP address of your ISP’s DHCP server as it’s the only
# authorized source to send this packet type. Only necessary for
# cable or DSL configurations. This rule is not needed for
# ‘user ppp’ type connection to the public Internet.
# This is the same IP address you captured and
# used in the outbound section.
pass in quick on xl0 proto udp from z.z.z.z to any port = 68 keep state

# Allow in standard www function because I have apache server
pass in quick on xl0 proto tcp from any to any port = 80 flags S keep state

# Allow in non-secure Telnet session from public Internet
# labeled non-secure because ID/PW passed over public Internet as clear text.
# Delete this sample group if you do not have telnet server enabled.
#pass in quick on xl0 proto tcp from any to any port = 23 flags S keep state

# Allow in secure FTP, Telnet, and SCP from public Internet
# This function is using SSH (secure shell)
pass in quick on xl0 proto tcp from any to any port = 22 flags S keep state

# Block and log only first occurrence of all remaining traffic
# coming into the firewall. The logging of only the first
# occurrence stops a .denial of service. attack targeted
# at filling up your log file space.
# This rule enforces the block all by default logic.
block in log first quick on xl0 all
################### End of rules file ###########################

这是一个网上找的比较完善的ipf防火墙脚本范本

实际应用还得做一些小小的改动

比如网卡的设备号

防火墙的策略什么的

Tags: Tags: FreeBSD, Security 作者 哈哈
No Comments »

跟linux一样
FreeBSD下也有隐含的参数可以在启动的时候做fsck -y的操作
这个开关就是fsck_y_enable
当你在/etc/rc.conf中设定
fsck_y_enable=”YES”
的时候
每次启动
都会做fsck -y xxxxxx的操作
这样就不会一发生严重错误就挂起等待手工干预

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

周五

一台FreeBSD(跑Squid)当了好几回

每次死的都是非常彻底

ilo看遗言原来是"All mbuf clusters exhausted"

mbuf满是FreeBSD系统一个比较常见的问题

4、5年以前就在出

克好像也没有什么好的解决办法

除了一味调高mbuf的值

其实我们的系统的mbuf值是调过的

而且已经非常大了

最后只有把这台FreeBSD的服务切到另一台跑其它服务的Linux机器上

这才OK

其实这台机器硬件性能还不差

我们也重新做过kernel

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

关于这个话题

网上有n多的文章

以前一直是搞得不太明白

这次又有人问

特地认真地测了一测

把经验贴出来

也许对大家解决问题有帮助

我们用SecureCRT或者别的什么模拟终端软件

从自己机器(通常是windows)登上FreeBSD的机器

这种情况通常不存在字库问题

中文字库通常是在自己机器上已经有了的

其实这种情况中文是缺省就支持了的

如果文件filename里有中文

那么vim filename就能看见中文

或者是more filename也行

注意：

vi filename不行！

这与vi好像不支持中文有关系（或者说是缺省不支持中文）

升级成vim就没问题了

这是看文件里的中文

基本上来说不需要做任何的设置

还有就是在命令行输入中文

比如说touch 中文

这样生成一个文件名叫"中文"的文件

这样就需要把环境变量LANG、LC_CTYPE设置成zh_CN.EUC

中文显示还有个问题

就是ls下中文文件名显示成????

这个可以通过在ls后加参数-w即可

Tags: Tags: FreeBSD 作者 哈哈
No Comments »

上周五一个朋友问我怎么修改vim(6.x的版本)里的变量$VIMRUNTIME的值

我找了一台机器

发现：

这个变量是装了vim-enhanced包，而且要是6.x以上版本才会有的

否则

缺省是没有的

而且这个变量缺省是指向目录/usr/share/vim/vimxx的

上面这里的xx是vim的版本号，比如63

上面这个缺省指向是在vim里用":echo $VIMRUNTIME"来看的

不知道怎么改

于是google了一把

发现大多文章都提到通过修改$VIMRUNTIME/下

或$VIMRUNTIME/syntax/下的一些.vim文件来达到修改vim的配置的目的的方法

也还有几篇中文文档提到可以在~/.vimrc里设定环境变量VIMRUNTIME的值

但这些文档里都是讲将$VIMRUNTIME指向程序vim的实际位置

一般应该是/usr/bin/vim

最后还是回到vim里

用命令":help $VIMRUNTIME"找到了答案

看下面我摘抄的这一段：

The environment variable "$VIMRUNTIME" is used to locate various support files, such as the on-line documentation and files used for syntax highlighting.  For example, the main help file is normally"$VIMRUNTIME/doc/help.txt". You don’t normally set $VIMRUNTIME yourself, but let Vim figure it out.  This is the order used to find the value of $VIMRUNTIME:

1. If the environment variable $VIMRUNTIME is set, it is used.  You can use    this when the runtime files are in an unusual location.

2. If "$VIM/vim{version}" exists, it is used.  {version} is the version    number of Vim, without any ‘-’ or ‘.’.  For example: "$VIM/vim54".  This is    the normal value for $VIMRUNTIME.

3. If "$VIM/runtime" exists, it is used.

4. The value of $VIM is used.  This is for backwards compatibility with older    versions.

5. When the ‘helpfile’ option is set and doesn’t contain a ‘$’, its value is    used, with "doc/help.txt" removed from the end.

For Unix, when there is a compiled-in default for $VIMRUNTIME (check the output of ":version"), steps 2, 3 and 4 are skipped, and the compiled-in default is used after step 5.  This means that the compiled-in default overrules the value of $VIM.  This is useful if $VIM is "/etc" and the runtime files are in "/usr/share/vim/vim54".

Once Vim has done this once, it will set the $VIMRUNTIME environment variable. To change it later, use a ":let" command like this: >        

:let $VIMRUNTIME = "/home/piet/vim/vim54"

Tags: Tags: FreeBSD, Linux, Open Source 作者 哈哈
No Comments »

其实我们工作中用resin多是和apache结合起来使用

用的其实就只是于for apache的plugin的功能(用来解析jsp文件)

同时还有可能用做一个应用服务器(监听6802端口)

来支持servlet

支持jsp仅需要做一个apache的模块儿mod_caucho

这样其实很简单

注意：

装resin之前需要先装jdk

然后再把环境变量JAVA_HOME指向这个jdk的目录

把resin的二进制文件当下来

解开

tar xzvf resin-3.0.13.tar.gz

cd resin-3.0.13

./configure –with-apxs=/usr/local/apache/bin/apxs

#这里的/usr/local/apache为apache的安装目录

make

make install

（注意：

make的时候可能会出错，像这样：

“/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory”

这个问题好解决，

首先确认krb5-devel、krb5-lib等rpm包已经装上

然后

ln -s /usr/kerberos/include/com_err.h /usr/include/

ln -s /usr/kerberos/include/profile.h /usr/include/

 ln -s /usr/kerberos/include/krb5.h /usr/include/

就行了）

#此时会在apache的某个目录(一般是/usr/local/apache/libexec/)下生成文件mod_caucho.so

应用服务器呢

复杂一些

本来我们装的就是二进制包

应用服务器也都是装好了的

只需要我们启动就好

一般启动脚本为$RESIN_HOME/bin/httpd.sh

只不过httpd.sh启动的不只是应用服务器

还有一个web server（监听8080端口）

web server是我们所不需要的

所以我们一般都修改文件$RESIN_HOME/conf/resin.conf

将web server这部分注释掉

Tags: Tags: FreeBSD, Linux 作者 哈哈
No Comments »