Sysadmin Documentation Documentation Release 1.0

Alexander Werner

Nov 05, 2018

Contents:

1 FreeBSD 3 1.1 Resources...... 3 1.2 Installation of software...... 3 1.3 Update of software...... 3 1.4 System update...... 4 1.5 Change system configuration...... 4

2 MariaDB Galera Cluster 5 2.1 Tasks...... 5

3 PF - FreeBSD Packet Filter 7 3.1 Installation...... 7 3.2 Configuration...... 7

4 Unbound DNS 9 4.1 Installation...... 9 4.2 Configuration...... 9

5 ZFS 11 5.1 Installation...... 11 5.2 Operation...... 11

6 Setup of Debian 9 on a Lenovo Thinkpad 470 13 6.1 Preparation...... 13 6.2 Booting the Installer...... 13 6.3 Partitioning the disk...... 14 6.4 Software selection...... 14 6.5 Finishing the setup...... 14 6.6 Post-Setup...... 14

7 Resources 15

8 Indices and tables 17

i ii Sysadmin Documentation Documentation, Release 1.0

This manual serves as a brief reference manual for many sysadmin Topics. It is intended more as a cheatsheet than extensive documentation. Intermediate understanding of what you are doing is required. All content is released under the BSD Documentation License, which itself is derived from the FreeBSD Documen- tation License. For details regarding the License, please see the included LICENSE file in the root of the source folder.

Contents: 1 Sysadmin Documentation Documentation, Release 1.0

2 Contents: CHAPTER 1

FreeBSD

FreeBSD is a free and open source UNIX-like Operating System well-known for its coherent design, well-grown codebase and speed and is often used on high-load servers. Well known users are WhatsApp and Netflix.

1.1 Resources

FreeBSD on Wikipedia describes the History of the operating system and gives a good overview. https://www.freebsd.org/ is the Homepage for FreeBSD, with well-wirtten documentation for almost any aspect of the system. Its Documentation for sure is one of the strong benefits of FreeBSD

1.2 Installation of software pkg is the binary package manager of FreeBSD: pkg install

If you prefer to compile the software yourself, e.g. if you need to enable build options: portsnap fetch extract # only first time running portsnap portsnap fetch update cd /usr/ports/a/b make config-recursive install clean

1.3 Update of software pkg update pkg upgrade

3 Sysadmin Documentation Documentation, Release 1.0

To update all source ports: pkg install portmaster portsnap fetch update portmaster -a

1.4 System update freebsd-update fetch freebsd-update install

1.5 Change system configuration

The main system configuration file is /etc/rc.conf. FreeBSD comes with a tool that allows changing that file, showing non-default values and getting values: sysrc = sysrc -a # show only changed settings sysrc

4 Chapter 1. FreeBSD CHAPTER 2

MariaDB Galera Cluster

2.1 Tasks

2.1.1 Cold restart

Find the node that is safe to bootraps the cluster from, look for safe_to_bootstrap: 1

$ cat /var/lib/mysql/grastate.dat # GALERA saved state version:2.1 uuid: 438f1f9f-6b1a-11e7-8ee6-b772e69ca864 seqno: -1 safe_to_bootstrap:1

Start this node first

$ systemctl set-environment _WSREP_NEW_CLUSTER='--wsrep-new-cluster'&& systemctl

˓→start mariadb&& systemctl set-environment _WSREP_NEW_CLUSTER=''

Finally, start the other nodes as usual

5 Sysadmin Documentation Documentation, Release 1.0

6 Chapter 2. MariaDB Galera Cluster CHAPTER 3

PF - FreeBSD Packet Filter

pf is a firewall originally coming from OpenBSD. Since the integration with FreeBSD, its implementation has diverged from the OpenBSD one, while most examples found on the web are very similar, the focus of this documentation lies on the FreeBSD implementation.

3.1 Installation pf is part of the FreeBSD base system. No Installation is required. Enabling pf is done as such: sysrc pf_enable=YES sysrc pf_rules=/etc/pf.conf sysrc pflog_enable=YES sysrc pflog_logfile=/var/log/pflog

After creation of a working config, the firewall can then be started: service pf start service pflog start

3.2 Configuration

The main configuration file for pf is /etc/pf.conf

7 Sysadmin Documentation Documentation, Release 1.0

8 Chapter 3. PF - FreeBSD Packet Filter CHAPTER 4

Unbound DNS

Unbound is a lightweight and secure DNS server, licensed under the BSD license.

4.1 Installation

FreeBSD Unbound is in part of the system. No installation required. Debian apt install unbound

4.2 Configuration

The most common configuration of unbound uses the root nameservers to find out about which nameserver is the authorative for a specific domain. Unbound comes with a list of root nameservers built-in, but this may become outdated. It is therefore good practice to fetch a current list of nameservers and keep it updated.

4.2.1 Root Nameserver list

FreeBSD wget https://www.internic.net/domain/named.cache -O /var/unbound/etc/root.hints

Debian wget https://www.internic.net/domain/named.cache -O /etc/unbound/root.hints

9 Sysadmin Documentation Documentation, Release 1.0

10 Chapter 4. Unbound DNS CHAPTER 5

ZFS

5.1 Installation

FreeBSD ZFS can be selected when installing FreeBSD. No Package installation is required. Debian echo "deb http://ftp.debian.org/debian stretch main contrib" > /etc/apt/sources.list apt update apt install zfs-dkms

5.2 Operation

5.2.1 List Pools zpool list

5.2.2 List Datasets zfs list

5.2.3 Enable compression zfs set compression=lz4 zroot

11 Sysadmin Documentation Documentation, Release 1.0

5.2.4 Show compression ratio zfs get compressratio

12 Chapter 5. ZFS CHAPTER 6

Setup of Debian 9 on a Lenovo Thinkpad 470

6.1 Preparation

Grab a copy of the current Netinstall ISO, at the time of writing it can be found at https://cdimage.debian.org/ debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso Image an empty CD or USB stick with that ISO - how to do that depends on your current operating system and is out of scope for this guide. Enter the EFI of the the notebook and make sure that Secure Boot under the Security Tab is set to Disabled . Insert your created boot medium and reboot.

6.2 Booting the Installer

In the Debian GNU/Linux installer boot menu select Install. Select your native Language, Country and Keyboard layout in the next dialogues. Make sure your network cable is connected to the notebook before confiriming the Keyboard selection, as the Installer will try to auto-detect the network in the next step. When you are asked to load the non-free firmware from an external disk, select No, and select the wired network connection (enp. . . ) as primary interface. Now enter the hostname for your new laptop, and your domain name in the next dialogue. If you have a local network, set your domain name to local or another name that identifies your network. Now leave the fields for the root password blank twice. This tells the Installer to disable the root login, and your User that will be created afterwards will be granted sudo-rights. Enter your Full Name (not username), and on the next page your desired username. Provide a secure password twice.

13 Sysadmin Documentation Documentation, Release 1.0

6.3 Partitioning the disk

Select the first option to use the guided partitioning, and select the third option to use the whole disk with encrypted LVM. Now select your internal drive from the list. If you have booted from USB, the installer medium will also show up, so be careful to select the right disk. Now select the fourth option, to create separate /home, /var and /tmp partitions. Select Yes to setup LVM and enter your encryption master password. The longer the password, the safer. On the next screen you see the to be created partitions. Select the /boot partition and change the Filesystem type to ext4. Select the last option in the overview to apply the changes.

6.4 Software selection

You are prompted to add another CD/DVD, select no. Now choose the nearest mirror, it should be preselected with a sane default, so just choose this. You are prompted to partake in the package usage survey, this will send statistics about the packages you install from the official repositories to the debian maintainers. You are now prompted to install package groups. Select the Debian desktop environment, GNOME, Cinnamon, Printserver, SSH server and Standard System Tools groups. During the installation of the selected packages, you might get prompted about the default paper size and the PAM- Profiles to be activated. For the pam profiles it is safe to select all of them. Do not enable setuid for manpages, the notebook is fast enough to do that live. If you are asked which display manager to use by default, choose gdm3.

6.5 Finishing the setup

Choose yes to install the GRUB boot manager onto the boot disk, and select the SSD on the next page.

6.6 Post-Setup

Login to your new machine, and edit the file /etc/apt/sources.list‘to contain ‘contrib non-free‘after each occurence of‘main: deb http://deb.debian.org/debian/ stretch main contrib non-free # repeat for every line

Enable the backports repository by adding the following to the new file /etc/apt/sources.list.d/backports.list: deb http://ftp.debian.org/debian stretch-backports main contrib

Update the package repositories and install the wifi firmware as well as virtualbox: apt update apt install firmware-iwlwifi virtualbox

Now reboot to make sure the virtualbox modules and wifi firmware are loaded on boot.

14 Chapter 6. Setup of Debian 9 on a Lenovo Thinkpad 470 CHAPTER 7

Resources

This is an unordered list of Resources that are of Interest for the SysAdmin. • https://github.com/kahun/awesome-sysadmin • https://github.com/Kickball/awesome-selfhosted • https://reddit.com/r/selfhosted

15 Sysadmin Documentation Documentation, Release 1.0

16 Chapter 7. Resources CHAPTER 8

Indices and tables

• genindex • search

17