This guid uses twed0 as the harddrive. Please substitute.
Raid 5, 3 drives, Stripe Size 64k, 1 hot spare
P4 2.8 no HT, 2g Ram
Initial installation with CD-ROM FreeBSD 4.9
Selected Stanard Installation
All of the drive is used for FreeBSD
Standard boot loader
Partition Current setup, listed from outer to inner track
/ 128 Megabytes
/swap 2032 Megabytes
/tmp 256 Megabytes
/var/tmp 252 Megabytes
/var 9.8 Gigabytes
/usr 266 Gigabytes
/home 15 Gigabytes
Minimal installation package selected
Configured em0 network adapter (ip,gateway, dns, etc.)
Disable Gateway services
Enabled inetd - ftp is now active on startup
Disallowed anonymous FTP
Disable NFS Server
Disabled NFS Client
Enabled moderate security profile.
Set the time zone to America 2, United States 45, Central Time 9
Enable Linux Compatibility
Add New user to wheel account.
Added Root password.
Rebooted System.
at boot screen. Hit any other key then enter wen asked.
ok# boot -s
# cat /etc/fstab
# tunefs -n enable /filesystem (Example: tunefs -n enable /var)
# reboot
# crontab -e
--------------------- Start Additions crontab ----------------------------------
#minute hour mday month wday command
# Make sure you time is up to date
#(more listed at http://www.ntp.com)
0 7 * * * /usr/sbin/ntpdate nyse.cox.smu.edu tick.uh.edu ntp.fnbhs.com > /dev/null 2>&1
------------------------------- End --------------------------------------------
# vi /etc/hosts
-------------------- Start Changes hosts ---------------------------------------
# The files should look like this
# If your not properly listed as a host mysql will not install properly
::1 localhost.myhost.com localhost
127.0.0.1 localhost.myhost.com localhost
209.120.211.53 paris.myhost.com paris
209.120.211.53 paris.myhost.com.
--------------------------- End ------------------------------------------------
# vi /etc/mail/aliases
--------------------- Start Changes aliases ------------------------------------
root: me@my.domain
-------------------------------- End -------------------------------------------
# newaliases
# /stand/sysinstall
Configure --> Packages --> FTP --> Main Site --> net --> cvsup-without-guir-16.1h0
ok, Install, ok
Configure --> Startup --> Linux --> FTP
exit
# rehash
# vi /etc/fstab (add the following)
-------------------- Start Changes fstab ---------------------------------------
# noatime was added to these partitions
/dev/twed0s1f /tmp ufs rw,noatime 2 2
/dev/twed0s1e /var/tmp ufs rw,noatime 2 2
---------------------------- End -----------------------------------------------
-------------------- Start Additions fstab -------------------------------------
# You might not need to add this, I forget
linproc /compat/linux/proc linprocfs rw 0 0
---------------------------- End -----------------------------------------------
# cd /dev
# sh MAKEDEV twed0
# cp /usr/share/examples/cvsup/cvs-supfile /root/cvsup
# vi /root/cvsup
------------------ Start Changes CVSUP -----------------------------------------
default host=somehost.FreeBSD.org
# Change to cvs1,cvs2,cvs..,cvs13.FreeBSD.org or something like that
---------------------------- End -----------------------------------------------
# cvsup /root/cvsup
# cp /etc/defaults/make.conf /etc/make.conf
# vi /etc/make.conf
--------------------------- Start Changes make.conf ----------------------------
CPUTYPE=p4
CFLAGS= -O2 -pipe -funroll-loops
-------------------------------- End -------------------------------------------
# vi /etc/rc.conf.local
---------------------- Start Additions rc.firewall -----------------------------
firewall_enable="YES"
firewall_script="/usr/local/etc/rc.firewall"
------------------------------ End ---------------------------------------------
# vi /usr/local/etc/rc.firewall
------------------------ Start of Script ---------------------------------------
#!/bin/sh
CMD="/sbin/ipfw -f -q"
#Set the bandwidth for ICMP and TCP/UDP
#valid values, Mbit/s, Kbit/s, bit/s
#Good Rule, 150kbit/s ICMP for every 1Mbit/s TCP/UDP
ICMPLIMIT=150kbit/s
BWLIMIT="1Mbit/s"
#Replace em0 with the name of your nic card
IFINET=em0
${CMD} flush
${CMD} add allow ip from any to any via lo0
#Allow ICMP, limited 150kbit/s
${CMD} add pipe 1 icmp from any to any
${CMD} pipe 1 config bw 150Kbit/s
${CMD} add pipe 1 icmp from any to any
#STATES
${CMD} add check-state
#Public Services in, limited to 1Mbit/s
${CMD} add pipe 2 ip from any to any
${CMD} pipe 2 config bw ${BWLIMIT}
${CMD} add pipe 2 tcp from any to me ftp setup keep-state
${CMD} add pipe 2 tcp from any to me ssh setup keep-state
${CMD} add pipe 2 tcp from any to me smtp setup keep-state
${CMD} add pipe 2 tcp from any to me http setup keep-state
${CMD} add pipe 2 udp from any to me 53 keep-state
#Services out, limited to 1Mbit/s
${CMD} add pipe 3 ip from any to any
${CMD} pipe 3 config bw ${BWLIMIT}
${CMD} add pipe 3 tcp from me to any ftp setup keep-state
${CMD} add pipe 3 tcp from me to any ssh setup keep-state
${CMD} add pipe 3 tcp from me to any smtp setup keep-state
${CMD} add pipe 3 tcp from me to any http setup keep-state
${CMD} add pipe 3 udp from me to any 53 keep-state
# Log the rest
${CMD} add deny log ip from any to any
----------------------------- End ----------------------------------------------
# chmod 755 /usr/local/etc/rc.firewall
# vi /usr/src/sys/kern/kern_poll.c
----------------------- Start Changes kern_poll.c ------------------------------
#ifdef SMP
#include "opt_lint.h"
#ifndef COMPILING_LINT
#error DEVICE_POLLING is not compatible with SMP
#endif
#endif
------------------------------ End ---------------------------------------------
# cd /usr/src/sys/i386/conf
# mkdir /root/kernels
# cp GENERIC /root/kernels/SPEEDY
# ln -s /root/kernels/SPEEDY
# vi SPEEDY
----------------------- Start Changes SPEEDY -----------------------------------
# Comment out the ones that do not apply to your system
#cpu I386_CPU
#cpu I486_CPU
#cpu I586_CPU
cpu I686_CPU
----------------------------- End ----------------------------------------------
------------------------- Start Additions SPEEDY -------------------------------
makeoptions COPTFLAGS="-O2 -pipe -funroll-loops"
options DEVICE_POLLING
options HZ=1000
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options TCP_DROP_SYNFIN
options IPSTEALTH
options DUMMYNET
------------------------------ End ---------------------------------------------
# /usr/sbin/config SPEEDY
# cd ../compile/SPEEDY
# make depend
--------- Start, only for computer with 512m Ram. Speeds up Makeworld ----------
# chflags -R noschg /usr/obj/
# rm -rf /usr/obj/*
# cat /etc/fstab |grep -i swap
/dev/twed0s1b none swap sw 0 0
# mount_mfs -s 614400 /dev/twed0s1b /usr/obj
----------------------------- End ----------------------------------------------
# make -j2 buildworld
# make -j2 buildkernel KERNCONF=SPEEDY
# make -j2 installworld
# make -j2 installkernel KERNCONF=SPEEDY
# reboot
at boot screen. Hit any other key then enter wen asked.
ok# boot -s
# mount -a -t nonfs
# cd /usr/src
# mergemaster -p
# rm -fr /etc.old
# cp -Rp /etc /etc.old
# /usr/sbin/mergemaster
# cd /usr/src/release
# make all install
# fastboot
# cd /usr/ports/security/openssl
# make install -DOPENSSH_OVERWRITE_BASE && make clean
# cd /usr/ports/www/lynx
# make install clean
# cd /usr/ports/shells/bash-completion
# make install clean
# cd /usr/ports/ftp/wget
# make install clean
# cd /usr/ports/graphics/ImageMagick/
# make install clean
# cd /usr/ports/graphics/jhead/
# make install clean
# cd /usr/ports/devel/linuxthreads
# make install LINUXTHREADS_DETECT_UNSAFE_EXIT=yes WITH_CONDWAIT_PATCH=yes && make clean
# reboot
# cd /usr/ports/databases/mysql40-server
# make BUILD_OPTIMIZED=YES BUILD_STATIC=yes WITH_LINUXTHREADS=yes WITH_CONDWAIT_PATCH=yes && make install && make clean
# reboot
# mysql -u root -p
SET PASSWORD FOR root = PASSWORD('mypassword');
SET PASSWORD FOR root@"localhost" = PASSWORD('mypassword');
quit;
# cd /usr/ports/www/apache13-modssl
# make -DHARD_SERVER_LIMIT-1024 && make install && make clean
# /usr/local/etc/rc.d/apache.sh start
# make certificate
# mkdir /usr/local/www/html
# chown root:wheel /usr/local/www/html
# rm -R /usr/local/www/data*
# rm -R /usr/local/www/cgi-bin*
# mkdir /usr/local/www/cgi-bin
# chown root:wheel /usr/local/www/cgi-bin
# cd /usr/ports/www/mod_perl
# make install clean
# cd /usr/ports/lang/php4
# make -DEAPI
BZIP2
CTYPE
CURL
GD
GETTEXT
MCRYPT
MHASH
MYSQL
OPENSSL
OVERLOAD
PCRE
POSIX
RECODE
SESSION
SHMOP
SYSVSHM
SYSVSEM
SOCKETS
XML
ZIP
ZLIB
# make install
# make clean
# cd /usr/ports/www/turck-mmcache
# make install clean
# mkdir /usr/local/src
# vi /etc/newsyslog.conf
------------------------ Add the following -------------------------------------
/var/log/httpd-access.log 644 4 * @T04 Z /var/run/httpd.pid 30
/var/log/httpd-error.log 644 4 100 * Z /var/run/httpd.pid 30
------------------------------ End --------------------------------------------
# vi /usr/local/etc/apache/httpd.conf
------------------ Start httpd.conf Modifications ------------------------------
MinSpareServers 10
MaxSpareServers 20
StartServers 512 #Some server might have problems if you set this to 1024
MaxClients 512
MaxRequestsPerChild 1000
Timeout 60
LoadModule gzip_module libexec/apache/mod_gzip.so #(uncomment line)
AddModule mod_gzip.c #(uncomment line)
Listen 10.20.155.1:80
ServerAdmin webmaster@yourhost.com
DocumentRoot "/usr/local/www/html"
UseCanonicalName off
<Directory "/usr/local/www/html">
AddHandler cgi-script .cgi #(uncomment line)
AddType text/html .shtml #(uncomment line)
AddHandler server-parsed .shtml #(uncomment line)
VirtualHost *:80 # uncomment for virtual hosting
# do not asign server name with virtual host
---------------------------- End -----------------------------------------------
-------------------- Start httpd.conf Additions --------------------------------
<Files ~ "\.pl$">
Options +ExecCGI +Includes
SetHandler perl-script
PerlHandler Apache::Registry
PerlSendHeader On
</Files>
<Directory /usr/local/www/cgi-bin>
<Files ~ "\.cgi">
SetHandler perl-script
PerlHandler Apache::Registry
PerlSendHeader On
</Files>
AllowOverride None
Options Indexes ExecCGI Includes
Order allow,deny
Allow from all
</Directory>
------------------------------- End --------------------------------------------
# cp /usr/local/etc/php.ini-recomended /usr/local/etc/php.ini
# vi /usr/local/etc/php.ini
---------------------- Start php.ini additions ---------------------------------
[mmcache]
extension="/usr/local/lib/php/20020429/mmcache.so"
mmcache.shm_size="16"
mmcache.cache_dir="/tmp"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"
mmcache.shm_only="0"
mmcache.compress="1"
mmcache.keys="shm_and_disk"
mmcache.sessions="shm_and_disk"
mmcache.content="shm_and_disk"
------------------------------------End ----------------------------------------
------------------------- Start php.ini changes --------------------------------
max_execution_time = 180
max_input_time = 60
memory_limit = 24M
post_max_size = 8M
upload_max_filesize = 6M
include_path = ".:/usr/local/bin/pear"
session.name = PHPSESSID
session.cookie_lifetime = 36000
-------------------------------- End -------------------------------------------
# reboot
# cd /usr/ports/mail/postfix/
# make install clean (select no packages, then answer yes to all questions)
# vi /etc/rc.conf
------------------------- Start Changes rc.conf --------------------------------
sendmail_enable="NONE"
-------------------------------- End -------------------------------------------
# cd /usr/local/etc/rc.d
# ln -s /usr/local/sbin/postfix postfix.sh
# cd /usr/local/
# wget http://umn.dl.sourceforge.net/sourc.../awstats-60.zip
# unzip awstats-60.zip
# mv awstats-6.0 awstats
# perl -MCPAN -e shell
install Net::XWhois
# mkdir /etc/awstats
# chmod -R 0755 /usr/local/awstats/wwwroot/cgi-bin/
# cp /usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf /usr/local/etc/awstats/awstats.www.myvirtualhost.com.conf
# touch /usr/local/awstats/wwwroot/cgi-bin/urlalias.txt
# vi /usr/local/etc/awstats/awstats.www.myvirtualhost.com.conf (change)
------ Start Changes awstats awstats.www.myvirtualhost.com.conf ----------------
LogFile="gzip -d </var/log/httpd-access.log.0.gz |"
SiteDomain="www.myvirtualhost.com"
DirCgi="/awstats"
DirIcons="/icons"
StyleSheet="/awstatscss"
LoadPlugin="tooltips"
LoadPlugin="hostinfo"
---------------------------------Stop-------------------------------------------
# cp -R /usr/local/awstats/wwwroot/icon/ /usr/local/www/icons/
# cp -R /usr/local/awstats/wwwroot/cgi-bin/ /usr/local/www/cgi-bin/
# perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.myvirtualhost.com -update
# vi /usr/local/etc/apache/httpd.conf
------------------------- Additions httpd.conf ---------------------------------
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
------------------------------- End --------------------------------------------
# /usr/local/etc/rc.d/apache.sh stop
# /usr/local/etc/rc.d/apache.sh start
# cd /usr/ports/net/rrdtool
# make install clean
# cd /usr/ports/net-mgmt/net-snmp
# make install clean
# cd /usr/local/www/html/
# wget http://www.raxnet.net/downloads/cac...ti-0.8.5.tar.gz
# tar zxvf cacti-0.8.5.tar.gz
# mv /usr/local/www/html/cacti-0.8.5/ /usr/local/www/cacti/
# chown -R root:wheel /usr/local/www/cacti/
# vi /usr/local/cacti/scripts/linux_memory.pl
------------------------ Start Changes linux_memory.ph -------------------------
# meminfo only works with linux emulation
#$mem = `cat /proc/meminfo | grep -w "$ARGV[0]"`;
$mem = `cat /compat/linux/proc/meminfo | grep -w "$ARGV[0]"`;
-------------------------------- End -------------------------------------------
# mysqladmin -uroot -p create cacti
# mysql -uroot -p cacti < /usr/local/www/html/cacti/cacti.sql
# mysql -uroot -p mysql
GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword';
flush privileges;
# vi /usr/local/www/html/cacti/include/config.php
----------------------- Start Changes config.php -------------------------------
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "cactiuser";
---------------------------------- End -----------------------------------------
# vi /usr/local/etc/apache/httpd.conf
---------------------- Start Additions httpd.conf ------------------------------
Alias /cacti "/usr/local/cacti"
------------------------------- End --------------------------------------------
# crontab -e
------------------ Start Additions crontab -e ----------------------------------
# updates awstats after log rotation
30 4 * * * perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=www.myvirtualhost.com -update > /dev/null 2>&1
# Cacti updated every 5 minutes
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/local/bin/php /usr/local/cacti/cmd.php > /dev/null 2>&1
----------------------------- End ----------------------------------------------
# Log onto http://www.myvirtualhost.com/cacti/ follow directions User: admin Password: admin
# vi /etc/fstab (change the following)
# vi /etc/sysctl.conf
--------------------------Start Additions sysctl.conf --------------------------
kern.polling.enable=1
vfs.write_behind=1
vfs.hirunningspace=10485760 #(1/2 total buffer on Harddisks, For Raid (4 hardisks X 8meg buffers) /2= 16384)
kern.ipc.somaxconn=4096 # systat -vmstat 1 will give you more information
kern.ipc.maxsockbuf=1048576 # use it to determin the rest of the values
kern.maxfiles=16384 # I will be slowly working on formulas for the rest
vfs.vmiodirenable=1
kern.maxfiles=65536z
------------------------------------ End ---------------------------------------
# vi /boot/loader.conf
------------------------- Starting Additions loader.conf -----------------------
kern.maxusers=512
kern.ipc.nmbclusters=96000 # run netstat -m under load, basic formula (6000 pages/hour *16)
# or (128 conections * 2 per connection * 8)
kern.ipc.maxsockets=96000 # equal to kern.ipc.nmbclusters, tune later using netstat -m
kern.ipc.somaxconn=1024 # As suggested by FreeBSD handbook
net.inet.tcp.inflight_min=6144 # As suggested by FreeBSD handbook
net.inet.tcp.inflight_debug to 0 # disable debuging
---------------------------------- End -----------------------------------------
# reboot
# cd /usr/ports/net/slurm
# make install clean
Notes:
# Check for port upgrades
pkg_version -v |grep -v up-to-date |less
# Simple Harddrive benchmark
time top -bu >/dev/null
# Stat monitor
top
# Harddrive monitor/net
systat -vmstat 1
# Network Statistics
netstat -m
# Complete list of network tunables, systat.conf
sysctl net
# Network Stats
systat -tcp 1
# Slurm, a Network monitor using human readable output
slurm
Links:
http://www.ezunix.org/
http://silverwraith.com/
http://www.raisdorf.net/files/FreeB...rf/article.html
http://osuosl.org/benchmarks/bc/methodology/
http://www.wormulon.net/publications/tuning
http://www.freebsd.org/doc/en_US.IS...ing-sysctl.html
Notes:
From http://silverwraith.com/papers/freebsd-tuning.php
--------------------------------------------------------------------------------------------------------
You can enable DEVICE_POLLING in your kernel. DEVICE_POLLING changes the method through which data gets from your network card to the kernel. Traditionally, each time the network card needs attention (for example when it receives a packet), it generates an interrupt request. The request causes a context switch and a call to an interrupt handler. A context switch is when the CPU and kernel have to switch from user land (the user's programs or daemons), and kernel land (dealing with device drivers, hardware, and other kernel-bound tasks). The last few years have seen significant improvements in the efficiency of context switching but it is still an extremely expensive operation. Furthermore, the amount of time the system can have to spend when dealing with an interrupt can be almost limitless. It is completely possible for an interrupt to never free the kernel, leaving your machine unresponsive. Those of us unfortunate enough to be on the wrong side of certain Denial of Service attacks will know about this.
The DEVICE_POLLING option changes this behavior. It causes the kernel to poll the network card itself at certain predefined times: at defined intervals, during idle loops, or on clock interrupts. This allows the kernel to decide when it is most efficient to poll a device for updates and for how long, and ultimately results in a significant increase in performance.
If you want to take advantage of DEVICE_POLLING, you need to compile two options in to your kernel:
* options DEVICE_POLLING
* options HZ=1000
Mail servers typically have a very large number of network connections, which transfer a small amount of data for a short period of time, before closing the connection. Here is it useful for us to have a large number of small network buffers.
Network buffer clusters are assigned two per connection, one for sending and one for receiving. The size of the buffer dictates how fast data will be able to funnel through the network, and in the event of a network delay how much data will be able to backlog on the server for that connection before there is a problem. Having a network buffer too small means data will be backlogged at the CPU waiting for the network to clear. This causes greater CPU overhead. Having a network buffer too large means that memory is wasted as the buffer will not be used efficiently. Finding this balance is key to tuning.
When we discuss simultaneous network connections, we refer to connections in any network state: SYN_SENT, SYN_RECV, ESTABLISHED, TIME_WAIT, CLOSING, FIN_WAIT, FIN_WAIT_2, etc. Even if the network connection is in an ESTABLISHED state for only a few seconds, it can end up in any of the other states for a long time. I generally find that multiplying the number of ESTABLISHED connections by 8 leaves me with room to breath in the event that I see an abnormally high surge of traffic inbound or outbound. I've come to this number over time through trial and error. So if you expect to have a peak of 128 servers sending you mail, having 2048 network buffer clusters would be good (128 * 2 per connection * 8). Also remember that connections can take up to two full minutes or more to close completely. So if you expect more than 128 mails in any given two minute period, you also need to increase the number to accomodate that.
Another important value to control is the maximum number of sockets. One socket is created per network connection, and one per unix domain socket connection. While remote servers and clients will connect to you on the network, more and more local applications are taking advantage of using unix domain sockets for inter-process communication. There is far less overhead as full TCP packets don't have to be constructed. The speed of unix domain socket communication is also much faster as data does not have to go over the network stack but can instead go almost directly to the application. The number of sockets you'll need depends on what applications will be running. I would recommend start with with same number of network buffers, and then tuning it as appropriate.
You can find out how many network buffer clusters in use with the command netstat -m
* kern.ipc.nmbclusters=2048
* kern.ipc.maxsockets=2048
Note: With any performance tuning, it is important to monitor your system after you make your changes. Did you go overboard, or underestimate what you would need? Always check and adjust accordingly. The numbers here might not be the exact ones that you need!
Web servers again like mail servers, go through periods of highs and lows. While on average you might servers 100 pages a minute, at your low you might server 10 pages a minute and at peak over 1000 pages a minute. Whether you have 128Mb RAM, or 1Gb RAM, you should try and be as liberal as possible in allocating memory to your network stack. Using the above example, at a peak of 1000 pages per minute, your clusters and sockets should be around 16384 (1000 pages * 2 per connection * 4 connections * 2 for growth) in /boot/loader.conf:
* kern.ipc.nmbclusters=16384
* kern.ipc.maxsockets=16384
----------------------------------------------------------------------------------------------------------
http://news.gw.com/freebsd.performance/44
vfs.hirunningspace
It is my experience, too, that this variable is too low by default for
"intelligent" disk controllers with large buffers. However, the amount
of buffer space for outstanding disk operations is taken from the
kernel's disk i/o buffer, which is normally auto-sized at boot time,
based on the amount of memory you have. But you can also override it.
You may want to check 'vfs.maxbufspace' and make 'vfs.hirunningspace'
only a fraction of it. Not more that 1/4, for instance. And adapting
'vfs.lorunningspace' accordingly is also a good idea (it's a hysteresis).
'O / S > FreeBSD' 카테고리의 다른 글
| FreeBSD 설치 후 확인 사항 및 포트 관리 기본 (0) | 2007/06/01 |
|---|---|
| FreeBSD 간단정리 (0) | 2007/06/01 |
| apache2+php5 설치 (0) | 2007/06/01 |
| FreeBSD 에서 Apache 1.3.x 설치하기 (0) | 2007/06/01 |
| Speedy FreeBSD optimized apache, mysql, php etc (0) | 2007/06/01 |
| FreeBSD 에서 PHP 4.x 설치하기 (0) | 2007/06/01 |
O / S/FreeBSD
최근에 달린 댓글
링크
최근에 받은 트랙백
태그목록