Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

MOD server & FreeBSD (FreeBSD Day Taiwan)

346 views

Published on

MOD server & FreeBSD (FreeBSD Day Taiwan)

Published in: Engineering
  • Be the first to comment

  • Be the first to like this

MOD server & FreeBSD (FreeBSD Day Taiwan)

  1. 1. MOD server and FreeBSD Kevin Lo msi funtoro The FreeBSD project
  2. 2. The beginning ...
  3. 3. Why choose FreeBSD It was chosen by accident Apart from that, there are a couple of good reasons
  4. 4. Why choose FreeBSD,cont. ● The community is always willing to help out ● The ports tree contains a large collection of 3rd party software ● Service initialization is simple rc.conf(5) ● Creating a customized memstick/iso is easy release(7) ● The BSD license, high performance network, stable, etc.
  5. 5. Architecture From http://www.funtoroeurope.com/files/clankove/struktura-bus.jpg
  6. 6. development(7) Based on -CURRENT; see Benno Rice's talk on keeping current: https://goo.gl/C5tWYa Building a memstick/iso on bhyve(4)
  7. 7. Making root file system read only ● /etc/fstab: # Device Mountpoint FStype Options Dump Pass# /dev/gpt/rootfs / ufs ro 1 1 ● /etc/rc.conf: hostid_enable="NO" sendmail_enable="NONE" syslogd_enable="NO" dumpdev="NO" root_rw_mount="NO" update_motd="NO"
  8. 8. Making root file system read only, cont. ● A Few things which should be taken care of 3rd party applications such as MySQL /etc/localtime, /etc/resolv.conf /var/db/pkg For example, you might add a line to /etc/rc.d/var that symlinks the directory to /var/db/pkg
  9. 9. Managing services boot order Services can be skipped during the boot time because impacted services haven't access to resources that haven't been booted yet Control services boot order with rcorder(8) # rcorder /etc/rc.d/* /usr/local/etc/rc.d/* ... /etc/rc.d/moused rcorder: requirement `usbd' in file `/usr/local/etc/rc.d/hald' has no providers. /usr/local/etc/rc.d/hald ...
  10. 10. Multicast TFTP server (atftpd) Clients need to download an image of the kernel through TFTP Unfortunately atftpd only built on Linux machine https://bugs.debian.org/cgi-bin/bugreport.cgi? bug=522192 Ported to FreeBSD (r262417)
  11. 11. Issues and solutions in our deployment File systems Networking
  12. 12. File systems FUSE MSDOSFS NTFS UFS2 EXT2FS TMPFS
  13. 13. FUSE FUSE is SLOW
  14. 14. MSDOSFS Lack of Unicode support Added Unicode support to MSDOSFS, SMBFS, and NTFS (r227650, r228023) Cannot export a msdosfs file system bigger than 128GB with NFS Doesn't change ctime and mtime
  15. 15. NTFS Lack of write support GSoC 2012 project "NTFS for FreeBSD" was based on Apple implementation Removed NTFS kernel support (r241636, r247665) Possible solution:Tuxera NTFS kernel driver
  16. 16. UFS2 In rw mode, softupdates + journaling = corruption ?! We disable journaling on all our UFS2 devices and in addition use this: background_fsck="NO" fsck_y_enable="YES" There's no open source utility that can read and write to UFS(2) partitions in Windows
  17. 17. EXT2FS Lack of journaling and EXT4 write supports Open source utilities (Ext2Fsd, Ext2IFS) are available for Windows that allow both reading and writing EXT2/3/4 partitions
  18. 18. TMPFS Could not be exported over NFS Quick fix for adding NFS export support to TMPFS (r230208); plus a bug fixed by jh: allow update mounts only for certain options(r234346)
  19. 19. Networking NICs rpcbind(8) Firewalls
  20. 20. NICs: em(4) Works good without known wired behavior and has produced good performance over a gigabit wire The datasheet is available The client was unable to mount NFS share over UDP Fixed by yongari (r214441) Incorrect Rx checksum handling when testing VLC's UDP-Lite (r264212) streaming mode Corrections to the RX checksum code (r249509)
  21. 21. NICs: re(4) Fails at high traffic; stress test with ftp/axel re0: watchdog timeout re0: link state changed to DOWN Use the vendor driver with minor modifications but it has one drawback: it doesn't use miibus(4) The datasheet is not available
  22. 22. rpcbind(8) rpcbind can be abused by remote attackers for rpc amplification attacks(DDoS) Prevent rpcbind from listening on all interfaces for UDP and TCP connections rpcbind_flags="-h 192.168.1.1" nfs_server_flags="-h 192.168.1.1" mountd_flags="-h 192.168.1.1"
  23. 23. Firewalls: ipfw(4) & pf(4) Kernel panic with pf kept happening locking issue; fixed as r226938 Switching to ipfw makes me/us happy
  24. 24. Support the FreeBSD project https://www.freebsdfoundation.org/donate/

×