Thursday, December 18, 2014

Get started with FreeBSD: A brief intro for Linux users

If you've never tried FreeBSD, take a few minutes now -- you might be surprised

Among the legions of Linux users and admins, there seems to be a sort of passive curiosity about FreeBSD and other *BSDs. Like commuters on a packed train, they gaze out at a less crowded, vaguely mysterious train heading in a slightly different direction and wonder what traveling on that train might be like -- for a moment. The few who cross over find themselves in a place that is equal parts familiar and foreign. And the strange parts can be scary.

For those who've known only Linux, FreeBSD has places of darkness and confusion. But if you know what they are going in, it's easy enough to get past them. I've been a BSD guy since the heady days of BSDi and SunOS, so let me give you a brief introduction. You might be surprised at how much you like it.

First off, modern FreeBSD does not automatically mean you need to compile everything. While old habits die hard and many veteran FreeBSD users still build their entire OS from source, most FreeBSD users these days opt for binary installs and package installation. It’s faster, of course, and the benefits of custom compilation are fewer on newer hardware.

The easiest way to get a test FreeBSD box up and running is to download a boot-only ISO and fire up a VM. FreeBSD is available in production and legacy releases, not unlike Ubuntu’s LTS scheme. FreeBSD 8.4-Release and 9.3-Release are considered legacy, while 10.1-Release is production. If you want to be as current as possible, go with 10.1, but 9.3-Release should be good for most everyone. This brief walkthrough is based on 9.3.

Boot from the boot-only ISO and you’ll soon see an install screen. You can boot the LiveCD version, grab a shell, or install FreeBSD.

Let’s install it. Set the keyboard, pick a host name, and take the defaults on the distribution selection dialog. This will install a basic system with the ports tree, which we might want to have for custom compilations later. Next, we set up a NIC to download the install packages, which should be self-explanatory, then choose a mirror site -- the closer the better.

Next comes disk partitioning. This is where some Linux users get the willies; FreeBSD is different enough from Linux to throw them for a loop. Fundamentally, however, it’s the same: We define partitions and configure swap and mount points. We can even configure labels and use ZFS, but for this test, let’s select guided partitioning. This will set up a boot partition, swap partition, and a main partition mounted as root.

Once the partitions have been formatted, the installer will pull down the distribution files and install them on the disk. On a reasonably fast Internet connection, this will take a surprisingly short period of time — only a few minutes on a 20Mb circuit. You can set the root password, time zone, and a few startup options (take the default to have sshd start), and add a user or two if you like (note that root login via SSH is disabled by default). Then exit and reboot into your fresh FreeBSD installation.


After the reboot, log in as root, or as a user and su to root, and do some basic housekeeping. First, run freebsd-update fetch to download all the update patches. In a minute or two, you’ll see a list of what files will be updated to bring the system to current. Now run freebsd-update install to install the patches. Boom, you’re current.

Now, let’s install software we might need. We’ll be using pkgng, the newer FreeBSD package management system. You’ll find it very easy to use. Run pkg, and you’ll be prompted to install pkgng. Now run pkg update. Then pkg search bash to see a list of packages matching the string bash. We can install the bash shell with pkg install bash. We can install anything else the same way. If we want to install a LAMP stack and Perl, we would issue pkg install apache24 php5 mod_php5 mysql55-server php5-mysql perl5. Look familiar? Note that you could as easily install PHP 5.3, 5.4, 5.5, or 5.6, or MySQL 5.1, 5.5, or 5.6.

When we install these packages, they install by default under /usr/local. This includes the startup scripts, which will be in /usr/local/etc/rc.d/. Configurations are usually in /usr/local/etc, and binaries in /usr/local/bin. Core system utilities like ssh and bind, however, will be under /usr, with configurations in /etc.

Of utmost importance in FreeBSD is /etc/rc.conf. This is where the bulk of basic system configuration is handled; it's also where we set interface IP addresses and tell the system what services to start. You can’t really install and start a system service with FreeBSD without also enabling it in /etc/rc.conf. This tends to result in fewer problems with services that don’t start on reboot because an admin forgot to set them that way. If you set apache24_enable=“YES” in /etc/rc.conf, then Apache will start at boot and manually from the shell, but if you don’t set that, Apache won’t start either way (well, unless you start it with /usr/local/etc/rc.d/apache24 onestart). You can also set variables like socket file locations and command-line parameters in /etc/rc.conf. All of your other daemons will behave this way — it’s a one-stop shop for system configuration.

Then there’s pf, the fantastic FreeBSD firewall. Have a look at /usr/share/examples/pf/pf.conf, copy it to /etc/pf.conf, and modify it as needed. You’ll find it much simpler than iptables. The example file shows how to do NAT, port redirection, and basic firewalling, and how to permit traffic to reach certain ports. It really doesn’t get much easier than pass in on $ext_if proto tcp to ($ext_if) port ssh, or adding IP addresses and subnets to definable tables and referencing them with single rule. Seriously, pf is fantastic.

Oh, and ports — the part that tends to concern Linux-only folks. The FreeBSD ports and packages collection is a hierarchy of all software available via the FreeBSD project. Organized into logical groups (lang, www, mail, shells, security, and so forth), ports allows you to build and install any of that software from source.

We already installed the ports collection, but we might as well get it up to date. Run portsnap fetch to download the latest ports snapshot, then portsnap extract to update the entirety of the ports tree.

To build a package, you only need to navigate into the ports subdirectory and issue make. However, because we’re also using pkgng, we need to tie the two together if we need to install from ports instead of pkgng. Edit /etc/make.conf and add the line WITH_PKGNG="yes".

Generally speaking, we would only build from ports if the package available from pkgng is missing compile-time options. For instance, we might need package foo compiled with libbar support, but the foo package does not have libbar support by default. Thus, we would find foo under /usr/ports and issue make, which would prompt us for compile-time options. We’d select libbar support, and the package and all dependencies would be built. Then running make install would install foo, and pkgng would know all about it. Running pkg info foo would give us all that information.


There’s plenty more to FreeBSD than this short intro, such as enabling Linux software compatibility and using ZFS, but perhaps this glimpse across the tracks is enough to convince a few Linux-only folks to take a walk on the other side. There’s an awful lot to like about FreeBSD, and it’s not as scary as you might think.

Source: InfoWorld by Paul Venezia

No comments:

Post a Comment