On Aug 31, 2014, at 7:32 PM, Jake Turner wrote:
>
> Hi Borja,
>
> Have you’ve been able to write up a guide to installing NFSen on FreeBSD yet?
> :)
I had to recall some steps, as my nfsen installations have been runnning for a
long time. I am verifying this as I am writing it
on a freshly installed 10-STABLE amd64.
The trick is to install everything you need from ports, except for nfsen and
nfdump. Once you have the
necessary ports installled in place, just compile and install nfdump and nfsen
from the original sources.
In my case I use PHP as a fast-cgi module (php-fpm) and nginx as a web server,
but doing the same
with Apache is easy. WARNING, though: the config files I am going to include
are not meant at all
to be exposed to the world. I focused on making it work, so unless you verify
them very well you should
not use them in an exposed server at all.
Installing the dependencies is easy. You need:
- Perl. I had problems with Perl crashing in the past. 5.18 is working fine for
me. (/usr/ports/lang/perl5.18). I am not using threaded Perl nor perl_malloc.
Not that I have verified anything regarding perl_malloc, but I remember the
threaded Perl was somewhat unstable on FreeBSD.
- rrdtool (/usr/ports/databases/rrdtool). It will install all the dependencies
it needs. In the past I used to have the
following options in /etc/make.conf in order to avoid installing plenty of X11
dependencies but I think they are mostly useless now.
WITHOUT_X11=1
WITH_X11=0
USE_X11="NO"
I disable the use of mmap in rrdtool because mmap has (or had) performance
problems on ZFS and I use ZFS extensively. But
- The mentioned modules, Mail::Header and Mail::Internet are easy to install:
/usr/ports/mail/p5-Mail-Tools. Same with Socket6: Make sure you install
Socket6. /usr/ports/net/p5-Socket6.
Compiling nfdump:
You need autoconf (/usr/ports/devel/autoconf), just make install.
Configure works. However, as FreeBSD doesn't put /usr/local/{lib,include} as a
default path for building tools, it won't detect rrd. Just use the
--with-rrdpath configure option. In my case, this configure command does the
trick: ./configure --enable-nfprofile --enable-sflow --with-rrdpath=/usr/local
That done, make and make install, as usual. It should work. As far as I have
tried, Clang (the built-in compiler in FreeBSD 10) works.
Now, the nfsen, webserver and PHP part. Some of the decisions are due to
personal preference. Anyway, I always recommend to run PHP as a FastCGI
program, never as a linked module. That way you have an easy way to control the
maximum number of PHP scripts running in parallel and you can avoid some nasty
overload situations.
I use nginx as a web server. Just cd /usr/ports/www/nginx and built by default,
unless you want to add some specific module. In the past I used Apache, again
with PHP as a FastCGI backend.
PHP: I am using PHP 5.4 (Currently /usr/ports/lang/php5). Make sure to select
the "FPM" option with make config, and just make install.
PHP extensions (/usr/ports/lang/php5-extensions). Enable the sockets option in
make config, and, in case you plan to use MySQL for plugins such as Nfsight,
MySQL. WARNING: IF YOU INTEND TO USE MYSQL, BETTER INSTALL YOUR FAVOURITE MYSQL
VERSION *BEFORE* COMPILING THE PHP EXTENSIONS. OTHERWISE A MYSQL VERSION WILL
BE CHOSEN BY THE PORT DEPENDENCES.
Now let's install nfsen.
You need two directories. One for the base system (which includes the nfsen
programs and the data) and another one for the www infrastructure. I use to do
it on /usr/local/nfsen and /var/www/nfsen.
Extract nfsen. You will find a "etc" directory with a sample configuration file
(nfsen-dist.conf). Just copy it to nfsen.conf and customize what you need. You
want to set up the base (BASEDIR) and www (HTMLDIR).
Also, pay attention to the user ids it needs. By default it will have two
users: "netflow" and "www". "www" is created by the nginx install, but you need
to create "netflow". I created it using "adduser", locked out user, group
netflow as well, and make it a member of the "www" group. Use nologin as the
shell, and you can lock out the account after using it, although maybe you will
want it to have some use if you intend to run some cron scripts.
So, just cd to the nfsen sources and "./install.pl etc/nfsen.conf".
That should do the trick unless something is missing. It will complain if the
"netflow" user is not a member of the "www" group, for instance.
Now, the last part, making nfsight and php work. Warning: I am not an expert on
the nuances of WWW servers and I find the subject rather boring, so, as this
is intended to be in an isolated network, I just made it work. So, WARNING:
USING THIS STUPID CONFIGURATION IN A PUBLIC FACING SERVER CAN BE INDEED
DANGEROUS, USE AT YOUR OWN RISK.
This part is more WWW/PHP trickery than nfsen actually.
That said, if you can suggest an enhancement I will be very grateful.
The relevant sections to make it work are these: (remember I have my WWW root
directory on /var/www). This should do the trick of sending the PHP requests to
the FastCGI backend.
/usr/local/etc/nginx/nginx.conf
(...)
http {
(blah blah)
server {
(blah blah)
location / {
root /var/www;
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/var/www/$fastcgi_script_name;
fastcgi_read_timeout 300;
include fastcgi_params;
}
With everything in place you can test the configuration.
- Start nfsen (/usr/local/nfsen/bin/nfsen start). It will complain about symbol
clashes but it will work. (Subroutine AbuseWhois::sockaddr_in6 redefined at
/usr/local/lib/perl5/5.18/Exporter.pm line 66. at
/usr/local/nfsen/libexec/AbuseWhois.pm line 42.
To make sure it really started, run /usr/local/nfsen/bin/nfsen status. It will
give the same warnings about redefined symbols, but it will confirm it is
working:
NfSen version: 1.3.6p1
NfSen status:
Collector for (peer1 peer2) port 9996 is running [2626].
Collector for (upstream1) port 9995 is running [2629].
nfsen daemon: pid: [2631] is running.
- Start php-fpm and nginx. If you haven't enabled them on rc.conf, just
/usr/local/etc/rc.d/php-fpm onestart and /usr/local/etc/rc.d/nginx onestart)
I think this is pretty complete (I have gone through the installation on an
empty machine to make sure).
The hurdles on FreeBSD are mainly the assumption that some packages installed
by default on Linux are present everywhere (such as p5-Socket6), and anyway web
servers are somewhat capricious pieces of software :)
One warning: in the past at least I had problems to define Netflow sources
*unless* I specified a color for their channel on the nfsen.conf file. So, this
works,
%sources = (
'upstream1' => { 'port' => '9995', 'col' => '#0000ff', 'type' =>
'netflow' },
);
but defining a source without a color does not.
Let me know if it works or you have any problem. I've been running NfSen on
FreeBSD for years, I am currently using both Sflow and Netflow, and I even run
several different instances on the same server, just defining different BASEDIR
and HTMLDIR directories.
Cheers,
Borja.
------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Nfsen-discuss mailing list
Nfsen-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfsen-discuss
