freebsd in the cloud
play

FreeBSD in the cloud FreeBSD & ZFS VPS from a users perspective - PowerPoint PPT Presentation

Feb 17, 2024 •280 likes •593 views

FreeBSD in the cloud FreeBSD & ZFS VPS from a users perspective Saturday, May 14, 2011 Whos talking? Unix admin since 1987 FreeBSD user since 1.1.5.1 Committer, 1999-2003 KFU.COM - ISP 1993-2001 (or so), now personal domain.

  1. FreeBSD in the cloud FreeBSD & ZFS VPS from a user’s perspective Saturday, May 14, 2011

  2. Who’s talking? Unix admin since 1987 FreeBSD user since 1.1.5.1 Committer, 1999-2003 KFU.COM - ISP 1993-2001 (or so), now personal domain. Saturday, May 14, 2011

  3. What prompted this? Servers require static IP addresses. Consumer grade internet service with static addressing is limited and costly Speed envy was the last straw 50 mbps >> 6 mbps (but really 10 mbps >> 768 kbps) Saturday, May 14, 2011

  4. Phase 1: Conversion to ZFS Before VPS, I set up a mirrored ZFS tank config after yet another disk failure. ZFS as the root can be done, but is an intensely manual procedure. See URLs at the end for procedure. Very important to not skip any steps. One in particular is the zpool.cache file. Saturday, May 14, 2011

  5. ZFS gotchas ZFS requires a lot of kernel memory. Remember this for later when we talk about VPS. ZFS does not have good recovery tools At the same time, it (appears to) not need them as much. Saturday, May 14, 2011

  6. ZFS benefits Snapshots that are fast and work Granular “filesystem” creation Filesystems are like cleenex Filesystems share common pool of free space Reservations can be used to insure availability Saturday, May 14, 2011

  7. Snapshot strategy Backups serve two purposes “Oops. I didn’t mean to remove that file.” “Oops. The disk just exploded.” Saturday, May 14, 2011

  8. Snapshot strategy: backup Took my cue from Time Machine Hourly snapshots that last a day Daily snapshots that last a week Weekly snapshots that last a month zfsnap Saturday, May 14, 2011

  9. Snapshot strategy: DR DR = Disaster Recovery Send snapshots offsite: ‘zfs send’ I wrote a script that is in /usr/local/periodic/weekly Use bzip2 and ssh to send the latest weekly snapshot offsite Use ssh with a special public key that has a fixed command - “shotput.pl” Saturday, May 14, 2011

  10. Filesystem specialization Not everything needs to be backed up. Back up the daily postgresql backup, not the actual database. Back up the Cyrus IMAP mail partition, but don’t bother backing up the partition metadata metapartition configuration directive Turn off atime on root, /usr Saturday, May 14, 2011

  11. Filesystem specialization Don’t snapshot /usr/src, /usr/obj or /usr/ports at all Saturday, May 14, 2011

  12. Swap on ZFS zfs create -V - create a virtual block device - creates node in /dev/zvol/ zfs set org.freebsd:swap=on zfs_enable=”YES” in rc.conf: enables checking for swap devices. Not a panacea: heavy swap usage (like building a JDK port) causes livelocks if you have insufficient kernel memory Saturday, May 14, 2011

  13. Phase 2: To the cloud! I picked rootbsd.net Advantages: FreeBSD is actually supported! You can ask them to provision your machine without setup, and with the install DVD mounted for booting to perform a custom installation Disadvantages: Stingy with RAM Saturday, May 14, 2011

  14. quack.kfu.com I chose their Omicron offering 768M RAM This is awfully tight for a ZFS config 40 GB disk 500 GB/mo I/O 10 GB of backup disk Saturday, May 14, 2011

  15. ZFS tuning /boot/loader.conf: vm.kmem_size="330M" vm.kmem_size_max="330M" vfs.zfs.arc_max="40M" vfs.zfs.vdev.cache.size="5M" vfs.zfs.prefetch_disable=1 Saturday, May 14, 2011

  16. Ok, you paid... now what? Your console is a VNC server. You could configure it for X, in principle, but XVnc is a better choice Since you’re going to do root on ZFS, you’re going to boot up the Live DVD and do a manual install with the ‘fixit’. You can open support tickets to ask them to mount the DVD for you whenever (but there’s a time lag). Power-cycle the VPS and the DVD will go away. Saturday, May 14, 2011

  17. Filesystem layout tank (mountpoint=legacy) tank/usr tank/usr/src tank/usr/obj tank/usr/ports tank/var tank/home tank/home/pgsql, tank/home/imap-spool, tank/home/imap-meta Saturday, May 14, 2011

  18. And now... Xen Xen is how our VPS is provisioned. AMD64 is recommended arch. /sys/amd64/conf/XENHVM will build a kernel designed to interface directly with Xen One caveat: the kernel will panic without a patch xn0 panic: “do something smart” Saturday, May 14, 2011

  19. Speaking of panic... What if you create an unbootable kernel? Oh, go into the loader, unload, load /boot/kernel.old/ kernel, etc, boot -s No! zpool.cache loading is magical. There is no good solution for this at present. The best I have found is to unload, set the kernel path variable to /boot/kernel.old/ and then boot -s and have it load everything. Got this to work once... Saturday, May 14, 2011

  20. Kernel tuning DEVICE_POLLING SW_WATCHDOG watchdogd_enable=”YES” in rc.conf NO_ADAPTIVE_{MUTEXES,RWLOCKS,SX} kern.hz=100 (in /boot/loader.conf) Saturday, May 14, 2011

  21. Operational suggestions ssh rumpelstiltskin attacks for $diety’s sake, use keys and turn off passwords! ChallengeResponseAuthentication no bruteblockd to turn logging volume down 4 botched auth attempts -> 10 minute “time out” Saturday, May 14, 2011

  22. Operational suggestions Watch out for bandwidth spikes Strategic dummynet application - HTTP capped at 1 MB/sec to avoid potential overage charges disable root pw, use sudo Saturday, May 14, 2011

  23. Xenstore Exploration We’re living in a Xen domU. We know that. We can examine our (small) world. The xenstore is our window. I owe the community a xen-client port. Sorry. xenstore-ls device xenstore-read /local/domain/0/backend/vif/192/0/mac Saturday, May 14, 2011

  24. Xenstore future Actually communicate with the VPS provider? A real-time network odometer? /usr/local/periodic script to warn of impending overage? Saturday, May 14, 2011

  25. Other ideas An interface between Xen and watchdog(9)? Have dom0 power-cycle us if the watchdog timer expires Saturday, May 14, 2011

  26. To-do list Commit the “do something smart” patch and merge back Fix swap-on-ZFS livelocking Also nice if livelocks would trigger watchdog(9) somehow De-magic-ify zpool.cache loading support in loader In other words, make it easier to boot an alternate kernel Support root on ZFS in the installer Saturday, May 14, 2011

  27. References: Ports: sysutils/zfsnap security/bruteblock security/sudo Saturday, May 14, 2011

  28. References PRs: kern/154302: xn0 panic: “do something smart” kern/153804: zpool.cache loading is too magical Saturday, May 14, 2011

  29. References URLs: http://www.rootbsd.net/ (tbd: my ZFS send / shotput scripts) http://wiki.freebsd.org/RootOnZFS/GPTZFSBoot/Mirror http://wiki.freebsd.org/ZFSTuningGuide Saturday, May 14, 2011

  30. Questions? Saturday, May 14, 2011

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD

FreeBSD is not Linux Niclas Zeising zeising@FreeBSD.org what is FreeBSD what is FreeBSD complete operating system documentation over 30 000 packages a community history history patches to v6 Unix ex/vi, pascal Berkely Software

715 views • 28 slides
Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project

Tracking FreeBSD in a Commercial Environment Warner Losh imp@FreeBSD.org The FreeBSD Project BSDCan 2009 Ottawa, Canada 8 May 2009 Background and Context FreeBSD Development Model Product Life Cycle Tracking Options SVK Hints

801 views • 45 slides
FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin

FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin

FreeBSD Around the World! Deb Goodkin Executive Director The FreeBSD Foundation @dgoodkin Goals - Share FreeBSDs long history - What is FreeBSD and Why People Use It - Why you should use and/or contribute to FreeBSD - FreeBSD Foundation

1.1k views • 34 slides
FreeBSD/VPC Virtual Private Cloud support (fka SDN) Virtualization Status bhyve(4) is a

FreeBSD/VPC Virtual Private Cloud support (fka SDN) Virtualization Status bhyve(4) is a

FreeBSD/VPC Virtual Private Cloud support (fka SDN) Virtualization Status bhyve(4) is a stable, performant hypervisor Network isolation is not core to bhyve(4) today Use of VNET(9) for manipulating FIBS for tap(4) interfaces is

445 views • 18 slides
UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude --

UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude --

UCL for FreeBSD A universal config language for (almost) everything in FreeBSD Allan Jude -- ScaleEngine Inc. allanjude@freebsd.org twitter: @allanjude Introduction Allan Jude 13 Years as FreeBSD Server Admin FreeBSD docs committer

863 views • 31 slides
How to Bootstrap a BSD Conference Li-Wen Hsu <lwhsu@FreeBSD.org> Something about Me Li-Wen

How to Bootstrap a BSD Conference Li-Wen Hsu <lwhsu@FreeBSD.org> Something about Me Li-Wen

How to Bootstrap a BSD Conference Li-Wen Hsu <lwhsu@FreeBSD.org> Something about Me Li-Wen Hsu ( ) tw.FreeBSD.org admin FreeBSD ports comitter since 2007 CI.FreeBSD.org maintainer twn.FreeBSD.org site admin

576 views • 43 slides
Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008

Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008

Crypto Acceleration on FreeBSD Philip Paeps philip@FreeBSD.org The FreeBSD Project meetBSD 2008 Mountain View, CA, USA 16 November 2008 Cryptography in FreeBSD The opencrypto Framework Performance Measurements Future Directions

228 views • 20 slides
The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org

The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org

The Future of OpenZFS and FreeBSD EuroBSDCon 2019, Lillehammer, Norway allanjude@freebsd.org Summary & Introductions Allan Jude Klara Inc. FreeBSD Core Team FreeBSD Professional OpenZFS Developer Services and Support Covered in this

864 views • 29 slides
Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of

Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of

Improving the FreeBSD Translation Tools Warren Block wblock@FreeBSD.org The Importance of Translation bring FreeBSD to non-English speakers translators are ambassadors enlarge the community: Metcalfe's Law The FreeBSD Documentation books

477 views • 21 slides
Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack EuroBSDCon

Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack EuroBSDCon

Introduction to Multithreading and Multiprocessing in the FreeBSD SMPng Network Stack EuroBSDCon 2005 26 November 2005 Robert Watson Ed Maste FreeBSD Core Team FreeBSD Developer rwatson@FreeBSD.org emaste@FreeBSD.org Computer Laboratory

459 views • 43 slides
pot: FreeBSD containers on FreeBSD Luca Pizzamiglio pizzamig@FreeBSD.org FOSDEM 2018 whoami(1)

pot: FreeBSD containers on FreeBSD Luca Pizzamiglio pizzamig@FreeBSD.org FOSDEM 2018 whoami(1)

pot: FreeBSD containers on FreeBSD Luca Pizzamiglio pizzamig@FreeBSD.org FOSDEM 2018 whoami(1) Luca Pizzamiglio aka pizzamig@ FreeBSD enthusiast Port committer since August 2017 Building packages at trivago 2018-02-03 2 pot:

447 views • 34 slides
Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD

Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD

Protecting your Privacy with FreeBSD and Tor Christian Brffer brueffer@FreeBSD.org MeetBSD Warsaw, Poland November 18, 2007 Overview Who needs anonymity anyway? Anonymization concepts T or FreeBSD What else to take

465 views • 34 slides
Improving the FreeBSD TCP Implementation An update on all things TCP in FreeBSD and how they

Improving the FreeBSD TCP Implementation An update on all things TCP in FreeBSD and how they

Improving the FreeBSD TCP Implementation An update on all things TCP in FreeBSD and how they affect you Lawrence Stewart lastewart@swin.edu.au Centre for Advanced Internet Architectures (CAIA) Swinburne University of Technology Outline Who

500 views • 38 slides
Walking Through Walls PostgreSQL FreeBSD tmunro@freebsd.org tmunro@postgresql.org

Walking Through Walls PostgreSQL FreeBSD tmunro@freebsd.org tmunro@postgresql.org

Walking Through Walls PostgreSQL FreeBSD tmunro@freebsd.org tmunro@postgresql.org thomas.munro@enterprisedb.com About me New to FreeBSD hacking Mentors: mjg, allanjude ~20 years work on proprietary C, C++,

532 views • 38 slides
ZFS on FreeBSD: A Quick Tutorial Tai-hwa Liang <avatar@FreeBSD.org> History/Availability

ZFS on FreeBSD: A Quick Tutorial Tai-hwa Liang <avatar@FreeBSD.org> History/Availability

ZFS on FreeBSD: A Quick Tutorial Tai-hwa Liang <avatar@FreeBSD.org> History/Availability Designed by Sun Microsystems (Sep-14-2004). First OpenSolaris inclusion: Nov-16-2005. Solaris 10 inclusion: Jun-2006. Became part of FreeBSD on

340 views • 9 slides
Subclassing NEWBUS Unlocking NEWBUS potential Warner Losh imp@FreeBSD.org The FreeBSD

Subclassing NEWBUS Unlocking NEWBUS potential Warner Losh imp@FreeBSD.org The FreeBSD

Subclassing NEWBUS Unlocking NEWBUS potential Warner Losh imp@FreeBSD.org The FreeBSD Project BSDCan 2013 Ottawa, Canada 18 May 2013 http://people.freebsd.org/~imp/bsdcan2013-slides.pdf How I Learned to Stop Worrying and Love NEWBUS

646 views • 47 slides
IMPROVING NURSINGS PUBLIC IMAGE: ONE NURSE AT A TIME! CAROL J. HUSTON, MSN, MPA, DPA, FAAN

IMPROVING NURSINGS PUBLIC IMAGE: ONE NURSE AT A TIME! CAROL J. HUSTON, MSN, MPA, DPA, FAAN

IMPROVING NURSINGS PUBLIC IMAGE: ONE NURSE AT A TIME! CAROL J. HUSTON, MSN, MPA, DPA, FAAN PROFESSOR EMERITA, SCHOOL OF NURSING CALIFORNIA STATE UNIVERSITY, CHICO Thank you ATI for inviting me to Savanah and thank you all for coming!

1.3k views • 128 slides
Ah! The next season, when you see the geese migrating, going to a warmer place, to sort the

Ah! The next season, when you see the geese migrating, going to a warmer place, to sort the

If between friends and partners we were geese... Ah! The next season, when you see the geese migrating, going to a warmer place, to sort the winter... Pay attention that they fly in a V formation Maybe you will be interested in knowing

414 views • 20 slides
Turner-Benny Wakefield University of Auckland Chair of Allied Health Dietitian Aotearoa New

Turner-Benny Wakefield University of Auckland Chair of Allied Health Dietitian Aotearoa New

Ms Petrina Clare McCann Georgia Clinical Lecturer Turner-Benny Wakefield University of Auckland Chair of Allied Health Dietitian Aotearoa New Zealand 11:00 - 11:55 WS #32: Mobilising Allied Health to Improve General Practice Output 12:05

815 views • 53 slides
Future economic efficiency of gas distribution grids Christian Brosig M.Sc. Prof. Dr. Eberhard

Future economic efficiency of gas distribution grids Christian Brosig M.Sc. Prof. Dr. Eberhard

Future economic efficiency of gas distribution grids Christian Brosig M.Sc. Prof. Dr. Eberhard Waffenschmidt Frank Strmpler M.Sc. 17.05.2018 IESC Cologne, Germany The case Decreasing consumption [1] BMWI: Energiedaten gesamt, 2016. 2

391 views • 22 slides
Club Awards District cricketer of the year Daniel Flynn One Day Player of the Year Joshua

Club Awards District cricketer of the year Daniel Flynn One Day Player of the Year Joshua

RTDCC Senior Awards for the 2015/16 Season Club Awards District cricketer of the year Daniel Flynn One Day Player of the Year Joshua Marks Terry Walters - Never Say Die Award Cody Barrett Roger Moylan Shield Most Outstanding Under 19

163 views • 3 slides
Teaching and Learning Phonics at Chrishall Primary School Aims To share how phonics is

Teaching and Learning Phonics at Chrishall Primary School Aims To share how phonics is

Teaching and Learning Phonics at Chrishall Primary School Aims To share how phonics is taught. To develop parents confidence in helping their children with phonics and reading. To teach the basics of phonics and some useful

484 views • 31 slides
RE RESEARCH ETHICS CS FOR PHY R PHYSICI CISTS UNIV OF LUXEMBOURG COLLOQUIUM KATRINA A.

RE RESEARCH ETHICS CS FOR PHY R PHYSICI CISTS UNIV OF LUXEMBOURG COLLOQUIUM KATRINA A.

RE RESEARCH ETHICS CS FOR PHY R PHYSICI CISTS UNIV OF LUXEMBOURG COLLOQUIUM KATRINA A. BRAMSTEDT, PHD LUXEMBOURG AGENCY FOR RESEARCH INTEGRITY 13 MARCH 2019 Voluntary, anonymous e-polling using smartphone, iPad, laptop LARI MISSION &

453 views • 41 slides
Breast Cancer Research Stamp (BCRS) FACTS Introduced in the United States in 1997 after two

Breast Cancer Research Stamp (BCRS) FACTS Introduced in the United States in 1997 after two

Breast Cancer Research Stamp (BCRS) FACTS Introduced in the United States in 1997 after two years of Congressional lobbying efforts. First ever fund-raising stamp issued in the United States Sales to date exceed 950 million stamps

481 views • 47 slides

More recommend