The new bsdInstaller is here but unfortunately as we saw it still doesn’t support a full ZFS installation. Also, due to the new layout of the installer the traditional way of installing from <FIXIT> doesn’t work anymore. The installation files are now located under /usr/freebsd-dist and the new “Live CD” option doesn’t create any kind of live fs. Therefore we have to improvise.

For the purpose of this demonstration am using a 9-Current that I created on April 29th. Boot with your 9-Current and choose “Lice CD” when prompted.

The first thing we need to do is to make /tmp writable so that we can store the zpool.cache file.

umount /dev/md1
mdmfs -s 512M md1 /tmp

That should be enough. Now,  lets partition our drive. I will be using a GPT scheme and create a native swap partition of 4 GB Ram, the rest will be allocated to ZFS. This guide installs FreeBSD on a single disk but this could be easily reproduced for a mirror or a raidz1 pool.

gpart create -s gpt ada0
gpart add -b 34 -s 64k -t freebsd-boot ada0
gpart add -s 4G -t freebsd-swap -l swap0 ada0
gpart add -t freebsd-zfs -l disk0 ada0
gpart bootcode -b /boot/pmbr -p /boot/gptzfsboot -i 1 ada0

My disk is now ready so I will create a pool and call it zroot and then mount it under /mnt. During this procedure some error messages will appear “can not mount, failed to create mount point”. The reason for those is that /mnt is read only but you can safely ignore them since we will export and import back our pool.

zpool create zroot /dev/gpt/disk0
zpool set bootfs=zroot zroot
zfs set checksum=fletcher4 zroot

Now lets create the file system layout. You can safely ignore the error messages about mounting  again since the pool hasn’t been exported/imported yet.

zfs set mountpoint=/mnt zroot
zfs create zroot/usr
zfs create zroot/var
zfs create -o compression=on -o exec=on -o setuid=off zroot/tmp
zfs create -o compression=lzjb -o setuid=off  zroot/usr/ports
zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/distfiles
zfs create -o compression=off -o exec=off -o setuid=off zroot/usr/ports/packages
zfs create -o compression=lzjb -o exec=off -o setuid=off  zroot/usr/src
zfs create -o compression=lzjb  -o exec=off     -o setuid=off   zroot/var/crash
zfs create -o exec=off -o setuid=off zroot/var/db
zfs create -o compression=lzjb  -o exec=on -o setuid=off  zroot/var/db/pkg
zfs create -o exec=off -o setuid=off   zroot/var/empty
zfs create -o compression=lzjb  -o exec=off -o setuid=off  zroot/var/log
zfs create -o compression=gzip -o exec=off -o setuid=off zroot/var/mail
zfs create -o exec=off -o setuid=off   zroot/var/run
zfs create -o compression=lzjb  -o exec=on -o setuid=off   zroot/var/tmp

Now at this point I will export the pool, import back while preserving the zpool.cache in /tmp

zpool export zroot
zpool import -o cachefile=/tmp/zpool.cache zroot

The pool is now mounted under /mnt and we can now proceed with the final steps.

chmod 1777 /mnt/tmp
cd /mnt ; ln -s /usr/home home
chmod 1777 /mnt/var/tmp
cp /tmp/zpool.cache /mnt/boot/zfs/zpool.cache

Next we need to install FreeBSD. Like I said things have changed therefore the procedure is different. This guide assumes that you also want to install source and ports. For a minimal installation only base.txz lib32.txz kernel.txz are necessary.

sh
cd /usr/freebsd-dist
export DESTDIR=/mnt
for file in base.txz lib32.txz kernel.txz doc.txz ports.txz src.txz;
do (cat $file | tar --unlink -xpJf - -C ${DESTDIR:-/}); done

Done! Now, all that is left is to create the rc.conf, loader.conf and fstab.

echo 'zfs_enable="YES"' >> /mnt/etc/rc.conf
echo 'zfs_load="YES"' >> /mnt/boot/loader.conf
echo 'vfs.root.mountfrom="zfs:zroot"' >> /mnt/boot/loader.conf
cat << EOF > /mnt/etc/fstab
# Device                       Mountpoint              FStype  Options         Dump    Pass#
/dev/gpt/swap0                 none                    swap    sw              0       0
EOF

Final steps

zfs set readonly=on zroot/var/empty
zfs unmount -a

If you get a device busy message try umount -f /mnt

zfs set mountpoint=legacy zroot
zfs set mountpoint=/tmp zroot/tmp
zfs set mountpoint=/usr zroot/usr
zfs set mountpoint=/var zroot/var

Reboot, adjust time zone info, add a password for root, add a user and enjoy!!!

附一个连接：

http://forums.freebsd.org/showthread.php?t=12082

KMS／GEM出patch了。虽然现在只是在 HEAD代码中应用，并且还不是正式测试版。但是也可以看到了进展，看到了曙光。

http://www.phoronix.com/scan.php?page=news_item&px=OTYzMA

http://wiki.freebsd.org/Intel_GPU

实际上，在FreeBSD中有这样一个工具：boot0cfg，其man手册说这是一个 boot managerinstallation/configuration utility，通过这个工具可以修改硬盘的MBR（也就是引导扇区）。这不就是我们所需要的么？作者仔细阅读了boot0cfg的man手册，详细了解 了其各项参数的意义。最后给出了本文将要说明的这种修复MBR的方案：

1、  通过FreeBSD引导光盘启动FreeBSD的Fixit控制台，在这个控制台下可以使用各种系统工具——这些系统工具都位于引导光盘上，而引导光盘则 被自动挂载到了/mnt2上，使用者也不需要修改PATH环境变量，因为PATH环境变量也被自动地做了修改，使得不用给出绝对路径就可以使用各种系统工 具，这其中自然也包括boot0cfg。

2、  通过下列命令修复MBR（也即硬盘的引导扇区），关于boot0cfg的这几个命令行选项，这里仅做简要说明，感兴趣的读者请参考[1]。以下命令需要root权限（这句是废话，通过Fixit控制台进入系统自然就是root用户）：

boot0cfg -B -v -o noupdate -t 185 ad0

简要的说明一下：

-B选项：指明要在硬盘上安装引导程序

-v选项：给出详细信息

-o noupdate选项：避免在某些平台上出现问题（这些平台带有反病毒硬件，不允许修改MBR）

-t 185选项：启动时暂停10秒（近似值），以允许用户选择要启动的系统

早就拜读有关ZFS的资料，得知ZFS是一个很棒的文件系统。而且FreeBSD也支持ZFS，但是一直没有机会使用。

趁这次服务器换成1T的硬盘，干脆直接用上ZFS文件系统。

加密命令：
cat {想要加密的文件名} | crypt {想要设置的密码} > {新文件名/*也可以是源文件名*/}

解密命令：
crypt { 密码} <被加密文件的文件名> <解密后生成新文件的名称/*这里决不可使用被加密的文件名*/>

现有一个文档“ricky1”
#cat ricky1 | crypt 1234 > ricky1
这样一来“ricky1”就被加密了

要想将ricky1解密则使用下面的命令
#crypt 1234 <ricky1> ricky2

http://zi0r.com/2010/02/28/freebsd-redundant-dns-with-carp.html

Improve reliability with CARP and redundant DNS on two boxes. Almost everyone already has (at least) two nameservers, so why not add CARP into the mix to make it appear as if they’re always available?

This setup assumes two nameservers. Both nameservers will have a total of 3 IPs assigned to them, two of which are the floating CARP IPs and one of which is a unique management IP for each box. Each nameserver will be the CARP backup for the other nameservers primary nameserver IP. If one goes down, the other will assume responsibility for the IP.

You’ll need to assign your nameservers two new IPs (to be used for management) and take the original pair of IPs and we’ll use those for the carp interfaces.

1. Rebuild/install your kernel with:
device carp

2. Edit /etc/rc.conf to add:
cloned_interfaces=“carp0 carp1”
ifconfig_carp0=“create”
ifconfig_carp1=“create”

3. Setup the CARP interfaces:

I set the vhid’s to be the last octet of the floaty IP, however, you can set them to be whatever you want as long as they match on both boxes.

On ns1:
Create /etc/start_if.carp0 with the following:
#!/bin/sh
ifconfig carp0 vhid XX advbase 1 advskew 10 pass supersecretpasswordhere netmask

Create /etc/start_if.carp1 with the following:
#!/bin/sh
ifconfig carp1 vhid YY advbase 2 advskew 10 pass othersupersecretpasswordhere netmask

Then run:
chmod go-rwx /etc/start_if.carp*;chmod +x /etc/start_if.carp*

On ns2:
Create /etc/start_if.carp0 with the following:
#!/bin/sh
ifconfig carp0 vhid YY advbase 1 advskew 10 pass supersecretpasswordhere netmask

Create /etc/start_if.carp1 with the following:
#!/bin/sh
ifconfig carp1 vhid XX advbase 2 advskew 10 pass othersupersecretpasswordhere netmask

Then run:
chmod go-rwx /etc/start_if.carp*;chmod +x /etc/start_if.carp*

• carp0 on both boxes will be its PRIMARY IP whereas carp1 will be the SECONDARY IP on both. In a non-failover scenario, this means that carp0 on both boxes should show up as MASTER and carp1 should show up as BACKUP.

4. Ensure named is configured to bind to the management IP (for zone transfers, etc.), ns1.ip and ns2.ip (on both boxes!) or ensure that it listens on *.

5. Add net.inet.carp.log=2 to /etc/sysctl.conf for some extra logging info.

6. Reboot. Your primary box should come up with ns1.ip as MASTER and ns2.ip as BACKUP. Your secondary box should come up with ns2.ip as MASTER and ns1.ip as BACKUP. Check ifconfig and dmesg to confirm.

• Note: CARP traffic is multicast and you may need to alter firewalls as appropriate to allow it. The destination is VRRP.MCAST.NET/224.0.0.18.
  For defining masters/slaves, etc. in bind you will want to reference the management IPs of the boxes, not the floating CARP addresses.

• Note: You can actually skip using the start_if.* files if you elect to put the ifconfig statements into rc.conf. In order to limit access to your CARP authentication key, you would need to change the permissions on rc.conf which could be bad in certain situations.

• ESX Note: If you’re trying to do this with a box in VMware, you’ll need to disable the vSwitch security features (accept: promisc, forged transmits, mac changes). This is not advisable in production as any VM on that switch can sniff traffic from any other VM. For my setup at home, I simply allocated a second NIC and a second vSwitch and made the security changes on the dedicated vSwitch. No other VMs should share this other vSwitch where the security features have been disabled.

实易智能DNS系统4.0.0版本，在前面几个重要版本的基础上，继续增加了许多企业级应用功能和增加更多的易用性功能。

新增功能：

1、增加中文域名、记录支持
2、增加双机热备、负载均衡功能
3、增加链路聚合功能
4、增加查询统计图形功能
5、增加域名、记录导出功能
6、增加在线升级功能
7、增加开启、关闭域名智能解析功能
8、增加手工同步时间功能
9、增加中文域名转码工具功能
10、增加设置https的CA证书功能
11、增加根据服务器内存大小自动调整日志、存储空间大小功能
12、增加SSH功能
13、增加IP库更新功能
14、增加system shell功能

易用性调整：

1、增强记录查找功能，可以导出，批量修改等
2、域名、线路管理操作后跳转到当前页等
3、简化安装后初始化网卡配置
4、增加批量导入域名、记录的详细提示信息
5、简化批量导入IP库的功能
6、增加清空线路IP库功能

修正问题：

1、不能导入TXT记录的问题
2、记录查找时，不能翻页的问题
3、不能恢复默认WEB端口、防火墙规则和默认密码
4、whois工具查询中国域名乱码问题
5、修改admin密码后http方式不能登录
6、不能查看中文域名查询统计
7、关闭区域传送功能

软件升级：

1、核心系统升级到FreeBSD-8.1最新稳定版本
2、DNS 升级到9.7.2最新稳定版本

其他说明：

1、只有购买技术服务的用户，才能升级到4.0版。
2、从4.0版本开始采用UTF-8编码，升级前请仔细阅读“如何从3.x升级到4.0版本“的说明。
3、使用前，请仔细阅读4.0版本的使用手册！

下载地址：

下载页面： http://www.forease.net/product-dl/category/5

4.0.0-RELEASE 32位安装包
4.0.0-RELEASE 32位升级包

4.0.0-RELEASE 64位安装包
4.0.0-RELEASE 64位升级包

更多下载…

昨天发现 http://svn.bluelife.at/nightlies/ 上面最新的ports包里的开发版本已经升级到4.0.0版了。趁着make world升级完系统后，也将VirtualBox升级到4.0版。老习惯了，每次make world升级完系统，都重新编译安装下VirtualBox。

新版本增加了USB，远程桌面等功能。不过USB不会用，远程桌面暂时用不着。

抱着尝新和测试的态度，使用VirtualBox4。如果有什么问题，反馈给ports维护作者，也是一个贡献嘛。

从一个博客上看到，已经在着手移植了。

http://huichen.org/en/2010/07/hiphop-for-freebsd/

为连接ssh，自己开发了个 pam 模块，命名为 pam_fedns.so。在i386环境，连接ssh没问题，amd64的环境连接就提示加载pam_fedns.so失败。

在网上找了个测试例子，检测发现少md5的连接库。加上-lmd 就搞定了。

#include <dlfcn.h>
#include <stdio.h>

int
main (int argc, char **argv) {

void *dlh;

dlh = dlopen(argv[1], RTLD_NOW);
if (dlh) {
printf(“dlopen %s worked\n”, argv[1]);
} else {
printf(“dlopen %s failed: %s\n”, argv[1], dlerror());
}
return 0;
}

原文链接：

http://freebsd.monkey.org/freebsd-stable/200709/msg00136.html