Use of COMPAT Kernel Options
Hello, I'm working on editing the kernel configuration file for a custom kernel. The system will be running FreeBSD 8.0-RELEASE-p1. I'm wondering about the use of the COMPAT options in the kernel config. COMPAT_43 COMPAT_43TTY COMPAT_FREEBSD[4-7] I'm not aware of any software I use which requires certain compatibility with old system calls. The system will be running PHP, Nginx, PostgreSQL, InspIRCd, and other small applications (The latest stable releases of each). Is it recommended that I keep certain compatibility flags? If I recall correctly, previous documentation claimed that it was required to keep COMPAT_43TTY, but I no longer see this in the handbook. Thanks for the help. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Use of COMPAT Kernel Options
On Fri, Dec 04, 2009 at 04:39:59PM -0500, APseudoUtopia wrote: Hello, I'm working on editing the kernel configuration file for a custom kernel. The system will be running FreeBSD 8.0-RELEASE-p1. I'm wondering about the use of the COMPAT options in the kernel config. COMPAT_43 Well, COMPAT_43 one isn't even in GENERIC anymore, so I guess it is not that important anymore. COMPAT_43TTY This is still in the GENERIC kernel. I'd keep it in initially. Then build a kernel without it. If that fails to start the system properly, you'll always have a good kernel to fall back on. Have a look at what is written under COMPATIBILITY OPTIONS in /sys/conf/NOTES. COMPAT_FREEBSD[4-7] If you do not have binaries from ealier FreeBSD versions around, you can skip these. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp3aoPXzrDzp.pgp Description: PGP signature
Re: Use of COMPAT Kernel Options
--- On Fri, 12/4/09, Roland Smith rsm...@xs4all.nl wrote: From: Roland Smith rsm...@xs4all.nl Subject: Re: Use of COMPAT Kernel Options To: APseudoUtopia apseudouto...@gmail.com Cc: FreeBSD Questions freebsd-questions@freebsd.org Date: Friday, December 4, 2009, 9:52 PM On Fri, Dec 04, 2009 at 04:39:59PM -0500, APseudoUtopia wrote: Hello, I'm working on editing the kernel configuration file for a custom kernel. The system will be running FreeBSD 8.0-RELEASE-p1. I'm wondering about the use of the COMPAT options in the kernel config. COMPAT_43 Well, COMPAT_43 one isn't even in GENERIC anymore, so I guess it is not that important anymore. COMPAT_43TTY This is still in the GENERIC kernel. I'd keep it in initially. Then build a kernel without it. If that fails to start the system properly, you'll always have a good kernel to fall back on. Have a look at what is written under COMPATIBILITY OPTIONS in /sys/conf/NOTES. COMPAT_FREEBSD[4-7] If you do not have binaries from ealier FreeBSD versions around, you can skip these. FWIW, a FreeBSD 8.0 kernel fails to build without COMPAT_FREEBSD7 so I'd keep that. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Use of COMPAT Kernel Options
On Fri, Dec 4, 2009 at 5:04 PM, Gardner Bell gbel...@rogers.com wrote: --- On Fri, 12/4/09, Roland Smith rsm...@xs4all.nl wrote: From: Roland Smith rsm...@xs4all.nl Subject: Re: Use of COMPAT Kernel Options To: APseudoUtopia apseudouto...@gmail.com Cc: FreeBSD Questions freebsd-questions@freebsd.org Date: Friday, December 4, 2009, 9:52 PM On Fri, Dec 04, 2009 at 04:39:59PM -0500, APseudoUtopia wrote: Hello, I'm working on editing the kernel configuration file for a custom kernel. The system will be running FreeBSD 8.0-RELEASE-p1. I'm wondering about the use of the COMPAT options in the kernel config. COMPAT_43 Well, COMPAT_43 one isn't even in GENERIC anymore, so I guess it is not that important anymore. COMPAT_43TTY This is still in the GENERIC kernel. I'd keep it in initially. Then build a kernel without it. If that fails to start the system properly, you'll always have a good kernel to fall back on. Have a look at what is written under COMPATIBILITY OPTIONS in /sys/conf/NOTES. COMPAT_FREEBSD[4-7] If you do not have binaries from ealier FreeBSD versions around, you can skip these. FWIW, a FreeBSD 8.0 kernel fails to build without COMPAT_FREEBSD7 so I'd keep that. It didn't for meI initially compiled with not a single COMPAT option before I sent the mail to this list. I wanted to inquire about it before I installed the kernel. But it did build with no COMPAT options at all ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Use of COMPAT Kernel Options
--- On Fri, 12/4/09, APseudoUtopia apseudouto...@gmail.com wrote: From: APseudoUtopia apseudouto...@gmail.com Subject: Re: Use of COMPAT Kernel Options To: Gardner Bell gbel...@rogers.com Cc: Roland Smith rsm...@xs4all.nl, FreeBSD Questions freebsd-questions@freebsd.org Date: Friday, December 4, 2009, 10:17 PM On Fri, Dec 4, 2009 at 5:04 PM, Gardner Bell gbel...@rogers.com wrote: --- On Fri, 12/4/09, Roland Smith rsm...@xs4all.nl wrote: From: Roland Smith rsm...@xs4all.nl Subject: Re: Use of COMPAT Kernel Options To: APseudoUtopia apseudouto...@gmail.com Cc: FreeBSD Questions freebsd-questions@freebsd.org Date: Friday, December 4, 2009, 9:52 PM On Fri, Dec 04, 2009 at 04:39:59PM -0500, APseudoUtopia wrote: Hello, I'm working on editing the kernel configuration file for a custom kernel. The system will be running FreeBSD 8.0-RELEASE-p1. I'm wondering about the use of the COMPAT options in the kernel config. COMPAT_43 Well, COMPAT_43 one isn't even in GENERIC anymore, so I guess it is not that important anymore. COMPAT_43TTY This is still in the GENERIC kernel. I'd keep it in initially. Then build a kernel without it. If that fails to start the system properly, you'll always have a good kernel to fall back on. Have a look at what is written under COMPATIBILITY OPTIONS in /sys/conf/NOTES. COMPAT_FREEBSD[4-7] If you do not have binaries from ealier FreeBSD versions around, you can skip these. FWIW, a FreeBSD 8.0 kernel fails to build without COMPAT_FREEBSD7 so I'd keep that. It didn't for meI initially compiled with not a single COMPAT option before I sent the mail to this list. I wanted to inquire about it before I installed the kernel. But it did build with no COMPAT options at all Error on my part, sorry for the noise. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
kernel options for ipv6 firewall
Hi, I'm trying to reconfigure and recompile my kernel to use a ipv6 firewall. So far I added this to the kernel (from http://techie.devnull.cz/ipv6/ipfw2- ipv6-dummynet/) : # IPFW2 options IPFW2 options IPFIREWALL_VERBOSE #enable logging to syslogd(8) options IPFIREWALL_FORWARD #enable transparent proxy support options IPFIREWALL_VERBOSE_LIMIT=100#limit verbosity options IPFIREWALL_DEFAULT_TO_ACCEPT#allow everything by default and I tried this also (from http://www.kame.net/~suz/freebsd-ipv6-config- guide.txt) : options IPV6FIREWALL #options IPV6FIREWALL_VERBOSE #options IPV6FIREWALL_VERBOSE_LIMIT=100 #options IPV6FIREWALL_DEFAULT_TO_ACCEPT But all I get is an unknown option error when I do a make buildkernel. I've added also this to my /etc/rc.conf : #IPv6 gateway6_enable=YES ipv6_enable=YES #ipv6_gateway_enable=YES #ipv6_router_enable=YES ipv6_network_interfaces=vr0 tun0 # Enable ip6fw. ipv6_firewall_enable=YES ipv6_firewall_type=client # ipv6_firewall_quiet=NO ipv6_firewall_quiet=YES # suppress rule display. (By default, it's NO) ipv6_firewall_logging=YES # enable events logging. (By default, it's NO) ipv6_firewall_flags= # Flags passed to ip6fw when type is a filename pf is enabled for ipv4. So what option(s) do I need to use a ipv6 firewall in my kernel ? -- Beni. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: kernel options for ipv6 firewall
beni wrote: and I tried this also (from http://www.kame.net/~suz/freebsd-ipv6-config- guide.txt) : options IPV6FIREWALL #options IPV6FIREWALL_VERBOSE #options IPV6FIREWALL_VERBOSE_LIMIT=100 #options IPV6FIREWALL_DEFAULT_TO_ACCEPT But all I get is an unknown option error when I do a make buildkernel. That information is out of date. ipfw now handles both IPv4 and IPv6 without any extra kernel configuration required. All you need to do is write rules that reference IPv6 addresses etc. I've added also this to my /etc/rc.conf : #IPv6 gateway6_enable=YES ipv6_enable=YES #ipv6_gateway_enable=YES #ipv6_router_enable=YES ipv6_network_interfaces=vr0 tun0 # Enable ip6fw. ipv6_firewall_enable=YES ipv6_firewall_type=client # ipv6_firewall_quiet=NO ipv6_firewall_quiet=YES # suppress rule display. (By default, it's NO) ipv6_firewall_logging=YES # enable events logging. (By default, it's NO) ipv6_firewall_flags=# Flags passed to ip6fw when type is a filename Take a look at /etc/rc.firewall6 -- that just does for IPv6 what rc.firewall does for IPv4. Your settings above should enable it to work, but you'll need to put the correct network numbers, prefix len and IP address into the rc.firewall6 file. (Not a particularly nice piece of design: configuration information like that shouldn't require you to edit the actual rc script.) pf is enabled for ipv4. pf will also do IPv6 automatically. With pf's really very handy indeed feature of being able to deduce from the interface name the IP numbers / networks to put in the rulesets, you can write rules that operate on IPv4 only: pass in on $ext_if inet proto tcp \ from any to $ext_if port ssh \ flags S/SA keep state \ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) IPv6 only: pass in on $ext_if inet6 proto tcp \ from any to $ext_if port ssh\ flags S/SA keep state \ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) or both: pass in on $ext_if proto tcp\ from any to $ext_if port ssh \ flags S/SA keep state\ (max-src-conn-rate 3/30, overload ssh-bruteforce flush global) Although this last is internally transformed into two rules, one for the IPv4 address on the i/f, and the other for the IPv6 address. See 'pfctl -sr' for the generated rules. So on my machine, that becomes: pass in on de0 inet6 proto tcp from any to fe80::240:5ff:fea5:8db7 port = ssh flags S/SA keep state (source-track rule, max-src-conn-rate 3/30, overload ssh-bruteforce flush global, src.track 30) pass in on de0 inet proto tcp from any to 81.187.76.162 port = ssh flags S/SA keep state (source-track rule, max-src-conn-rate 3/30, overload ssh-bruteforce flush global, src.track 30) (not that I've yet seen any ssh bruteforce attempts over IPv6) If you need bandwidth limiting facilities, you can do this with pf as well, but you will have to compile a custom kernel to enable the ALTQ features. It's equivalent to IPFW's dummynet but there are subtle differences in the way it operates that may or may not be a show stopper for you. So what option(s) do I need to use a ipv6 firewall in my kernel ? Same as you need for either pf or ipfw with IPv4 -- in fact, you frequently don't need to modify the GENERIC kernel at all. You can just load ipfw as a kld. Same with pf, unless you need to use altq which still requires some compiled-in stuff in the kernel. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Kernel options for increasing connections/shared buffers in Postgres
Hi everyone, I'm running OpenNMS on 6.2-Release, and I get this error message when it, I think, tries to hit the postgres DB: FATAL: Too many clients My guess is I'm getting this because I can't increase max connections and shared buffers in postgresql.conf because I haven't added the kernel options they want, yet. I've never used Postgres before and my exposure to DB's in general is minimal. I read somewhere, I forget now, that in order to increase max connections and shared buffers in postgresql.conf, you're supposed to have the following options with these values in your kernel: SHMMAXPGS=65536 SEMMNI=40 SEMMNS=240 SEMUME=40 SEMMNU=120 It seems most of the docs for OpenNMS relate to linux or solaris. Are these values ok for FreeBSD? I notice in LINT there are more options: SEMMAP=31 SEMMSL=61 SEMOPM=101 SHMALL=1025 SHMMAX=(SHMMAXPGS *PAGE_SIZE+1) SHMMIN=2 SHMMNI=33 SHMSEG=9 I google them, but I'm not real sure what it all means when they're used in conjunction with one another. Should I be using any of them? If so, what value, since I'm not using the defaults for the one's postgres wants compiled in. Before I do this, I wanted to see if this was ok. This box has 512MB RAM, 1GB swap file and it won't be doing anything other than running postgres server8.1, tomcat 4.1 and opennms 1.2.9. Thanks, Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: Kernel Options fo a File Server
man tuning? Cheers, Lars. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Carey Posted At: Tuesday, May 22, 2007 1:28 PM Posted To: FreeBSD-Questions Conversation: Kernel Options fo a File Server Subject: Kernel Options fo a File Server Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options fo a File Server
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Carey Posted At: Tuesday, May 22, 2007 1:28 PM Posted To: FreeBSD-Questions Conversation: Kernel Options fo a File Server Subject: Kernel Options fo a File Server Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. On 23/05/07, FreeBSD-Questions [EMAIL PROTECTED] wrote: man tuning? Cheers, Lars. Indeed, not so much kernel options, but filesystem options would likely benefit you the most, especially if you can determine ahead how big your average file size will be. -- -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options fo a File Server
From what I heard from most BSD'ers it's not really feasible to re-compile or customize the kernel much these days. If you truly need to compile/optimize the kernel you're already overworking your hardware. With that being said I’m curious myself, I'm always interested in squeezing a little out of my hardware. Ivan Carey wrote: Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Kernel-Options-fo-a-File-Server-tf3795709.html#a10771337 Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options fo a File Server
PeterPluta wrote: From what I heard from most BSD'ers it's not really feasible to re-compile or customize the kernel much these days. If you truly need to compile/optimize the kernel you're already overworking your hardware. With that being said I’m curious myself, I'm always interested in squeezing a little out of my hardware. Ivan Carey wrote: Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] First, please don't top post. Thanks. I typically recompile a kernel for almost every new machine. You can certainly change a great deal of options within the kernel that you otherwise can't do. For instance do a 'make LINT' in /usr/src/sys/i386/conf and grok the LINT file for options. There are tons of tweaks you could do. If you want to tweak the file server I would look more into tunefs. man tunefs...this will probably be where you will find the most info about getting the most out of your filesystem. -Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options fo a File Server
On Wed, May 23, 2007 at 12:42:17PM -0700, PeterPluta wrote: Ivan Carey wrote: Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. From what I heard from most BSD'ers it's not really feasible to re-compile or customize the kernel much these days. If you truly need to compile/optimize the kernel you're already overworking your hardware. With that being said I’m curious myself, I'm always interested in squeezing a little out of my hardware. (Please don't top post.) Recompiling the kernel and customizing it (i.e. leaving things out that you don't need) are not very hard at all. Things like enabling kernel thread preemption and file system softupdates might help with performance. But in general you could say that removing code for devices and subsystems that aren't used anyway might speed up booting a bit, but will not help much with speeding up daily usage. The tuning(7) manpage gives lots of tips on getting the best performance out of your system. Note that the kernel occupies only a small section of the material in that page. For instance, for a file server the file system layout is much moe important due to higher transfer speeds from the outer edges of the disks. Roland -- R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) pgp089WGtKO9Y.pgp Description: PGP signature
Kernel Options fo a File Server
Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. Thanks, Ivan ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options fo a File Server
Ivan Carey wrote: Hello, What would be the best Kernel options to run a file server? I will be using an Intel server mother board with one Xeon quad core CPU installed (this mother board has 2 CPU sockets) 2GB RAM and dual 500Gb SATA HDD's I am thinking of options that would make the kernel efficient as a pure file server. Thanks, Ivan Even with a GENERIC kernel you're going to be disk-bound, unless you have them in RAID 0, in which case you'll be network bound. If you are running i386 you can take out 486 and 586 support, that's probably the biggest single improvement you can make, and it's incremental at best. --- Thanks, Josh Paetzel ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: optimal kernel options for VMWARE guest system
Jeff Dickens wrote: Jeff Dickens wrote: John Nielsen wrote: On Tuesday 03 October 2006 12:58, Jeff Dickens wrote: I have some Freebsd systems that are running as VMware guests. I'd like to configure their kernels so as to minimize the overhead on the VMware host system. After reading and partially digesting the white paper on timekeeping in VMware virtual machines (http://www.vmware.com/pdf/vmware_timekeeping.pdf) it appears that I might want to make some changes. Has anyone addressed this issue? I haven't read the white paper (yet; thanks for the link), but I've had good results with recent -STABLE VM's running under ESX server 3. Some thoughts: As I do on most of my installs, I trimmed down GENERIC to include just the drivers I use. In this case that was mpt for the disk and le for the network (although I suspect forcing the VM to present e1000 hardware and then using the em driver would work as well if not better). The VMware tools package that comes with ESX server does a poor job of getting itself to run, but it can be made to work without too much difficulty. Don't use the port, run the included install script to install the files, ignore the custom network driver and compile the memory management module from source (included). If using X.org, use the built-in vmware display driver, and copy the vmmouse driver .o file from the VMware tools dist to the appropriate dir under /usr/X11. Even though the included file is for X.org 6.8, it works fine with 6.9/7.0 (X.org 7.1 should include the vmmouse driver.) Run the VMware tools config script from a non-X terminal (and you can ignore the warning about running it remotely if you're using SSH), so it won't mess with your X display (it doesn't do anything not accomplished above). Then run the rc.d script to start the VMware tools. I haven't noticed any timekeeping issues so far. JN ___ What is the advantage of using the e1000 hardware, and is this documented somewhere? I got the vxn network driver working without issues; I just had to edit the .vxn file manually: I'm using the free VMware server V1 rather than the ESX server. ethernet0.virtualDev=vmxnet I've got timekeeping running stably on these. I turn on time sync via vmware tools in the .vmx file: tools.syncTime = TRUE and in the guest file's rc.conf start ntpd with flags -Aqgx so it just syncs once at boot and exits. I'm not using X on these. They're supposed to be clean lean systems to run such things as djbdns and qmail. And they do work well. My main goal is to reduce the background load on the VMware host system so that it isn't spending more time than it has to simulating interrupt controllers for the guests. I'm wondering about the disable ACPI boot option. I suppose I first should figure out how to even roughly measure the effect of any changes I might make. Well, I've done some pseudo-scientific measurement on this. I currently have five freebsd virtual systems running, and one Centos 4 (linux 2.6), This command give some info on the background cpu usage: (The host is a Centos 3 system, linux 2.4) [EMAIL PROTECTED] root]# ps auxww | head -1 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND [EMAIL PROTECTED] root]# ps auxww | grep vmx root 18031 12.7 1.5 175440 39916 ? S Oct09 345:50 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Goose/freebsd-6.1-i386.vmx -@ root 18058 12.9 1.4 174772 36916 ? S Oct09 351:01 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Duck/freebsd-6.1-i386.vmx -@ root 18072 16.2 5.5 246372 141776 ? S Oct09 440:16 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/BlueJay/freebsd-6.1-i386.vmx -@ root 18086 12.9 1.4 174688 38464 ? S Oct09 351:47 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Heron/freebsd-6.1-i386.vmx -@ root 18100 9.4 4.1 385712 107348 ? S Oct09 256:25 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Newt/freebsd-6.1-i386.vmx -@ root 18139 12.2 2.5 299388 65132 ? S Oct09 330:35 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Centos4/Centos4.vmx -@ root 28930 0.0 0.0 3680 672 pts/3S14:08 0:00 grep vmx [EMAIL PROTECTED] root]# As one can see the one called Newt is consistently lower in the %CPU column. Curiously enough, this *is* the one I built a custom kernel for. The config file I used is posted below: Besides commenting out devices I wasn't using NFS, etc, I commented out the apic and pctimer devices. Do you think I'm on the right track for reducing interrupt frequency? Also, if I were to want to move this kernel to other FreeBSD systems, how much has to move, the whole /boot/kernel directory? Finally I did have to re-run the vmware-config-tools.pl script after rebuilding
Re: optimal kernel options for VMWARE guest system
Jeff Dickens wrote: John Nielsen wrote: On Tuesday 03 October 2006 12:58, Jeff Dickens wrote: I have some Freebsd systems that are running as VMware guests. I'd like to configure their kernels so as to minimize the overhead on the VMware host system. After reading and partially digesting the white paper on timekeeping in VMware virtual machines (http://www.vmware.com/pdf/vmware_timekeeping.pdf) it appears that I might want to make some changes. Has anyone addressed this issue? I haven't read the white paper (yet; thanks for the link), but I've had good results with recent -STABLE VM's running under ESX server 3. Some thoughts: As I do on most of my installs, I trimmed down GENERIC to include just the drivers I use. In this case that was mpt for the disk and le for the network (although I suspect forcing the VM to present e1000 hardware and then using the em driver would work as well if not better). The VMware tools package that comes with ESX server does a poor job of getting itself to run, but it can be made to work without too much difficulty. Don't use the port, run the included install script to install the files, ignore the custom network driver and compile the memory management module from source (included). If using X.org, use the built-in vmware display driver, and copy the vmmouse driver .o file from the VMware tools dist to the appropriate dir under /usr/X11. Even though the included file is for X.org 6.8, it works fine with 6.9/7.0 (X.org 7.1 should include the vmmouse driver.) Run the VMware tools config script from a non-X terminal (and you can ignore the warning about running it remotely if you're using SSH), so it won't mess with your X display (it doesn't do anything not accomplished above). Then run the rc.d script to start the VMware tools. I haven't noticed any timekeeping issues so far. JN ___ What is the advantage of using the e1000 hardware, and is this documented somewhere? I got the vxn network driver working without issues; I just had to edit the .vxn file manually: I'm using the free VMware server V1 rather than the ESX server. ethernet0.virtualDev=vmxnet I've got timekeeping running stably on these. I turn on time sync via vmware tools in the .vmx file: tools.syncTime = TRUE and in the guest file's rc.conf start ntpd with flags -Aqgx so it just syncs once at boot and exits. I'm not using X on these. They're supposed to be clean lean systems to run such things as djbdns and qmail. And they do work well. My main goal is to reduce the background load on the VMware host system so that it isn't spending more time than it has to simulating interrupt controllers for the guests. I'm wondering about the disable ACPI boot option. I suppose I first should figure out how to even roughly measure the effect of any changes I might make. Well, I've done some pseudo-scientific measurement on this. I currently have five freebsd virtual systems running, and one Centos 4 (linux 2.6), This command give some info on the background cpu usage: (The host is a Centos 3 system, linux 2.4) [EMAIL PROTECTED] root]# ps auxww | head -1 USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND [EMAIL PROTECTED] root]# ps auxww | grep vmx root 18031 12.7 1.5 175440 39916 ? S Oct09 345:50 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Goose/freebsd-6.1-i386.vmx -@ root 18058 12.9 1.4 174772 36916 ? S Oct09 351:01 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Duck/freebsd-6.1-i386.vmx -@ root 18072 16.2 5.5 246372 141776 ? S Oct09 440:16 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/BlueJay/freebsd-6.1-i386.vmx -@ root 18086 12.9 1.4 174688 38464 ? S Oct09 351:47 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Heron/freebsd-6.1-i386.vmx -@ root 18100 9.4 4.1 385712 107348 ? S Oct09 256:25 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Newt/freebsd-6.1-i386.vmx -@ root 18139 12.2 2.5 299388 65132 ? S Oct09 330:35 /usr/lib/vmware/bin/vmware-vmx -C /var/lib/vmware/Virtual Machines/Centos4/Centos4.vmx -@ root 28930 0.0 0.0 3680 672 pts/3S14:08 0:00 grep vmx [EMAIL PROTECTED] root]# As one can see the one called Newt is consistently lower in the %CPU column. Curiously enough, this *is* the one I built a custom kernel for. The config file I used is posted below: Besides commenting out devices I wasn't using NFS, etc, I commented out the apic and pctimer devices. Do you think I'm on the right track for reducing interrupt frequency? Also, if I were to want to move this kernel to other FreeBSD systems, how much has to move, the whole /boot/kernel directory? Finally I did have to re-run the vmware-config-tools.pl script after rebuilding the kernel. newt# cat
Re: optimal kernel options for VMWARE guest system
John Nielsen wrote: On Tuesday 03 October 2006 12:58, Jeff Dickens wrote: I have some Freebsd systems that are running as VMware guests. I'd like to configure their kernels so as to minimize the overhead on the VMware host system. After reading and partially digesting the white paper on timekeeping in VMware virtual machines (http://www.vmware.com/pdf/vmware_timekeeping.pdf) it appears that I might want to make some changes. Has anyone addressed this issue? I haven't read the white paper (yet; thanks for the link), but I've had good results with recent -STABLE VM's running under ESX server 3. Some thoughts: As I do on most of my installs, I trimmed down GENERIC to include just the drivers I use. In this case that was mpt for the disk and le for the network (although I suspect forcing the VM to present e1000 hardware and then using the em driver would work as well if not better). The VMware tools package that comes with ESX server does a poor job of getting itself to run, but it can be made to work without too much difficulty. Don't use the port, run the included install script to install the files, ignore the custom network driver and compile the memory management module from source (included). If using X.org, use the built-in vmware display driver, and copy the vmmouse driver .o file from the VMware tools dist to the appropriate dir under /usr/X11. Even though the included file is for X.org 6.8, it works fine with 6.9/7.0 (X.org 7.1 should include the vmmouse driver.) Run the VMware tools config script from a non-X terminal (and you can ignore the warning about running it remotely if you're using SSH), so it won't mess with your X display (it doesn't do anything not accomplished above). Then run the rc.d script to start the VMware tools. I haven't noticed any timekeeping issues so far. JN ___ What is the advantage of using the e1000 hardware, and is this documented somewhere? I got the vxn network driver working without issues; I just had to edit the .vxn file manually: I'm using the free VMware server V1 rather than the ESX server. ethernet0.virtualDev=vmxnet I've got timekeeping running stably on these. I turn on time sync via vmware tools in the .vmx file: tools.syncTime = TRUE and in the guest file's rc.conf start ntpd with flags -Aqgx so it just syncs once at boot and exits. I'm not using X on these. They're supposed to be clean lean systems to run such things as djbdns and qmail. And they do work well. My main goal is to reduce the background load on the VMware host system so that it isn't spending more time than it has to simulating interrupt controllers for the guests. I'm wondering about the disable ACPI boot option. I suppose I first should figure out how to even roughly measure the effect of any changes I might make. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: optimal kernel options for VMWARE guest system
On Wednesday 04 October 2006 10:48, Jeff Dickens wrote: John Nielsen wrote: On Tuesday 03 October 2006 12:58, Jeff Dickens wrote: I have some Freebsd systems that are running as VMware guests. I'd like to configure their kernels so as to minimize the overhead on the VMware host system. After reading and partially digesting the white paper on timekeeping in VMware virtual machines (http://www.vmware.com/pdf/vmware_timekeeping.pdf) it appears that I might want to make some changes. Has anyone addressed this issue? I haven't read the white paper (yet; thanks for the link), but I've had good results with recent -STABLE VM's running under ESX server 3. Some thoughts: As I do on most of my installs, I trimmed down GENERIC to include just the drivers I use. In this case that was mpt for the disk and le for the network (although I suspect forcing the VM to present e1000 hardware and then using the em driver would work as well if not better). The VMware tools package that comes with ESX server does a poor job of getting itself to run, but it can be made to work without too much difficulty. Don't use the port, run the included install script to install the files, ignore the custom network driver and compile the memory management module from source (included). If using X.org, use the built-in vmware display driver, and copy the vmmouse driver .o file from the VMware tools dist to the appropriate dir under /usr/X11. Even though the included file is for X.org 6.8, it works fine with 6.9/7.0 (X.org 7.1 should include the vmmouse driver.) Run the VMware tools config script from a non-X terminal (and you can ignore the warning about running it remotely if you're using SSH), so it won't mess with your X display (it doesn't do anything not accomplished above). Then run the rc.d script to start the VMware tools. I haven't noticed any timekeeping issues so far. JN ___ What is the advantage of using the e1000 hardware, and is this documented somewhere? I got the vxn network driver working without issues; I just had to edit the .vxn file manually: I'm using the free VMware server V1 rather than the ESX server. ethernet0.virtualDev=vmxnet Not documented, just my opinion that the em(4) driver is probably a better performer than le(4), and the former has awareness of media speeds, etc. I actually haven't tried using the vxn network driver yet. My view could be tainted by old experiences with VMware Workstation 3 and the lnc(4) driver, though. I've got timekeeping running stably on these. I turn on time sync via vmware tools in the .vmx file: tools.syncTime = TRUE and in the guest file's rc.conf start ntpd with flags -Aqgx so it just syncs once at boot and exits. I'm not using X on these. They're supposed to be clean lean systems to run such things as djbdns and qmail. And they do work well. My main goal is to reduce the background load on the VMware host system so that it isn't spending more time than it has to simulating interrupt controllers for the guests. I'm wondering about the disable ACPI boot option. I suppose I first should figure out how to even roughly measure the effect of any changes I might make. So far I'm just experimenting with FreeBSD VM's in my spare time. Our only production VM's at the moment are Windows and a Fedora instance or two. It'd be nice if there were a central repository for some of these tips and other info. (Maybe there are threads on VMTN, I haven't really looked). JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
optimal kernel options for VMWARE guest system
I have some Freebsd systems that are running as VMware guests. I'd like to configure their kernels so as to minimize the overhead on the VMware host system. After reading and partially digesting the white paper on timekeeping in VMware virtual machines (http://www.vmware.com/pdf/vmware_timekeeping.pdf) it appears that I might want to make some changes. Has anyone addressed this issue? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: optimal kernel options for VMWARE guest system
On Tuesday 03 October 2006 12:58, Jeff Dickens wrote: I have some Freebsd systems that are running as VMware guests. I'd like to configure their kernels so as to minimize the overhead on the VMware host system. After reading and partially digesting the white paper on timekeeping in VMware virtual machines (http://www.vmware.com/pdf/vmware_timekeeping.pdf) it appears that I might want to make some changes. Has anyone addressed this issue? I haven't read the white paper (yet; thanks for the link), but I've had good results with recent -STABLE VM's running under ESX server 3. Some thoughts: As I do on most of my installs, I trimmed down GENERIC to include just the drivers I use. In this case that was mpt for the disk and le for the network (although I suspect forcing the VM to present e1000 hardware and then using the em driver would work as well if not better). The VMware tools package that comes with ESX server does a poor job of getting itself to run, but it can be made to work without too much difficulty. Don't use the port, run the included install script to install the files, ignore the custom network driver and compile the memory management module from source (included). If using X.org, use the built-in vmware display driver, and copy the vmmouse driver .o file from the VMware tools dist to the appropriate dir under /usr/X11. Even though the included file is for X.org 6.8, it works fine with 6.9/7.0 (X.org 7.1 should include the vmmouse driver.) Run the VMware tools config script from a non-X terminal (and you can ignore the warning about running it remotely if you're using SSH), so it won't mess with your X display (it doesn't do anything not accomplished above). Then run the rc.d script to start the VMware tools. I haven't noticed any timekeeping issues so far. JN ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: question of kernel options
On 29-Jan-2006 gahn wrote: Hi: Where can I find the list of all options of kernel file for freebsd 5.4? Thanks /usr/src/sys/conf/NOTES for cross-platform options /usr/src/sys/${ARCH}/conf/NOTES for architecture-specific options -- Conrad J. Sabatier [EMAIL PROTECTED] -- In Unix veritas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
question of kernel options
Hi: Where can I find the list of all options of kernel file for freebsd 5.4? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question of kernel options
gahn wrote: Hi: Where can I find the list of all options of kernel file for freebsd 5.4? Thanks cd /usr/src/sys/[insert_your_arch_here]/conf; make LINT; All you have to do is fire up your favorite editor and open up the LINT file that's been created. Of course you have to be root to do this. -Garrett ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
RE: question of kernel options
Look in the same directory where the default kernel source is. One of the files has all the options. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of gahn Sent: Sunday, January 29, 2006 3:33 PM To: freebsd general questions Subject: question of kernel options Hi: Where can I find the list of all options of kernel file for freebsd 5.4? Thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kernel options
Imran Imtiaz schrieb: where can i find all the customization options of ther kernel? See src/sys/conf/NOTES for platform-independent options and for example src/sys/i386/conf/NOTES for i386-specific options. Regards Björn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
kernel options
where can i find all the customization options of ther kernel? cause in GENERIC kernel there are many options missing so where can i get all the options like if i want to add quota and all others. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel options optimal for desktop?
Good time of day to all freebsd-questions readers! I'm using FreeBSD 6.0 for my desktop. I think the GENERIC kernel is not optimal for desktop usage. So can you advise me what options to use for better performance? My hardware is a Pentium 3 [EMAIL PROTECTED] chipset, 512 Mb RAM, ATA100 30 GB HDD, GeForce2 MX400 video. -- Good luck! Alexander Polakov ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel options optimal for desktop?
Alexander Polakov wrote: Good time of day to all freebsd-questions readers! I'm using FreeBSD 6.0 for my desktop. I think the GENERIC kernel is not optimal for desktop usage. So can you advise me what options to use for better performance? My hardware is a Pentium 3 [EMAIL PROTECTED] chipset, 512 Mb RAM, ATA100 30 GB HDD, GeForce2 MX400 video. Read the kernel section of the handbook. Read man tuning and man make.conf, but for a simple beginning, figure out what tasks you want to benchmark (see ls /usr/ports/benchmarks), and get a baseline with the GENERIC kernel. Then you want to set CPUTYPE, disable the cpu I486_CPU and cpu I586_CPU statements, and maybe disable drivers you don't need, IPv6 (aka options INET6), etc. Be prepared to roll back to a working kernel if you change too much. Benchmark some more, and see whether you find anything interesting. Be prepared to have someone tell you to run /usr/src/tools/tools/ministat. :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Removing kernel options and devices in today's world
On 10/29/05, Doug Poland [EMAIL PROTECTED] wrote: Hello, I've been using FreeBSD since 2.1.5 and have dutifully tweaked my kernels to include devices I need, and remove unwanted things. This made a big difference on 486's with 16MB of memory. Over the years I've developed a procedure for keeping track of changes in GENERIC and reducing the amount of time it takes to build a custom kernel for a given box. Fast-forward to 2005, PCI, SMP, gigabytes of RAM, kernel loadable modules and FreeBSD 6.x. As I begin preparing some boxes for updating to 6, I'm wondering if it's really worth the effort to tweak a kernel? And by this I mean removing devices and options. It's trivial to have an include for the devices/options I need to add to every kernel. But the list of things to take out keeps getting bigger and bigger and the chance for errors in editing increase. I'm thinking of just running GENERIC with necessary additions. Most of my boxes are workstations or department-sized servers supporting basic web, email, and file/print services. Architecture is all 32-bit Intel ranging from modest PIII to 4-way Xeon P4. I can come up with several arguments for both cases (running GENERIC vs. trimming all unneeded fat from a kernel). Has anyone else wrestled with this issue and come up with interesting conclusions? -- Regards, Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] I leave almost everything on my desktop machines, but who needs usb, firewire and wifi on a production DB server? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Removing kernel options and devices in today's world
Hello, I've been using FreeBSD since 2.1.5 and have dutifully tweaked my kernels to include devices I need, and remove unwanted things. This made a big difference on 486's with 16MB of memory. Over the years I've developed a procedure for keeping track of changes in GENERIC and reducing the amount of time it takes to build a custom kernel for a given box. Fast-forward to 2005, PCI, SMP, gigabytes of RAM, kernel loadable modules and FreeBSD 6.x. As I begin preparing some boxes for updating to 6, I'm wondering if it's really worth the effort to tweak a kernel? And by this I mean removing devices and options. It's trivial to have an include for the devices/options I need to add to every kernel. But the list of things to take out keeps getting bigger and bigger and the chance for errors in editing increase. I'm thinking of just running GENERIC with necessary additions. Most of my boxes are workstations or department-sized servers supporting basic web, email, and file/print services. Architecture is all 32-bit Intel ranging from modest PIII to 4-way Xeon P4. I can come up with several arguments for both cases (running GENERIC vs. trimming all unneeded fat from a kernel). Has anyone else wrestled with this issue and come up with interesting conclusions? -- Regards, Doug ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
dummynet problem, kernel options checked
Hello, I'm running FreeBSD 5.3 Stable, installed from an iso on one of the dutch ftp mirrors. Everything works fine, installation went as expected. After a while I wanted some simple traffic shaping, and since the machine I wanted that for isn't the fastest, I chose to use ipfw with dummynet. From what I read that was not very resource-intensive. I recompiled the kernel, copied the GENERIC and added the following options: options IPFIREWALL #ipfw options DUMMYNET#dummynet options HZ=1000 #strongly recommended I looked into both the ipfw and dummynet manpages, and I under- stood this would be all that was needed. The compiling went fine, ipfw works, dummynet doesn't. I can add pipes, but configurating bandwith (or actually, just ipfw pipe 1 config is enough), gives me the following error: ipfw: setsockopt(IP_DUMMYNET_CONFIGURE): Protocol not available I tried the usual, looking into the handbook, faq, and searching newsgroups and the web. Everything there tells me that DUMMYNET isn't in my kernel options. I checked numerous times, and it is really there. Is there any way I could check if it really compiled? I vaguely remember something containing the word dummynet flashing by while compiling. Any advice is appreciated, Lucas ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet problem, kernel options checked
Lucas wrote: [ ... ] Is there any way I could check if it really compiled? I vaguely remember something containing the word dummynet flashing by while compiling. If you check `dmesg`, you should see a line like: DUMMYNET initialized (011031) However, your problem sounds like your kernel and world are out-of-sync. If you've updated your sources and reinstalled the kernel, you'll also need to reinstall the world, too. -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: dummynet problem, kernel options checked
Lucas wrote: [ ... ] Is there any way I could check if it really compiled? I vaguely remember something containing the word dummynet flashing by while compiling. If you check `dmesg`, you should see a line like: DUMMYNET initialized (011031) However, your problem sounds like your kernel and world are out-of-sync. If you've updated your sources and reinstalled the kernel, you'll also need to reinstall the world, too. I didn't install any sources when installing freebsd, I was in a hurry and didn't bother, then I installed the sources from ftp because it would be easier then fiddling with cdroms, but only installed sys.. I know, dumb. Thanks! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Kernel Options
Hi, I am working with the Kernel config file to optimize it and also to improve the overall security of the system! I have the following quetions: (1) There are a few options that are not available in the default kernel... like the IPFIREWALL options(and the like)... I basically need to know all possible options I can add to the kernel config file! (2) I guess these options can be used to set the kernel variables accessible through the sysctl command. So can I create my own options so that I can set a few kernel variables as and when I build the custom kernel? (3) and also my aim includes optimizing the kernel... so by enabling only the options I need to I should get a get optimization... is there anything else that can be done? (4) My aim is to improve local and network security. I guess enabling IPFIREWALL helps with the network security part are there any special options for local security? Thank you. -HKR - Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages! ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options
bsd hack wrote: Hi, I am working with the Kernel config file to optimize it and also to improve the overall security of the system! Hi, that's good. I'll try to give you some ideas to start inline below: I have the following quetions: (1) There are a few options that are not available in the default kernel... like the IPFIREWALL options(and the like)... I basically need to know all possible options I can add to the kernel config file! Have a look at /usr/src/sys/i386/conf/NOTES file (assuming your machine architecture is i386, if not look in specific directory): # cat /usr/src/sys/i386/conf/NOTES | head # # NOTES -- Lines that can be cut/pasted into kernel and hints configs. # # This file contains machine dependent kernel configuration notes. For # machine independent notes, look in /sys/conf/NOTES. It points you to another file: usr/src/sys/conf/NOTES. There are options with explanations in both files. Also check FreeBSD Handbook: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html (2) I guess these options can be used to set the kernel variables accessible through the sysctl command. So can I create my own options so that I can set a few kernel variables as and when I build the custom kernel? Any sysctl variable can be set in /etc/sysctl.conf file which is used before system goes to multi-user state. Many of them can be even changed live. Check man sysctl(8), it will also bring loader.conf(5) to your attention. Thank you. -HKR Good luck, Karol -- Karol Kwiatkowski freebsd at orchid dot homeunix dot org ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Kernel Options
On 2004-07-28 12:02, bsd hack [EMAIL PROTECTED] wrote: I have the following quetions: (1) There are a few options that are not available in the default kernel... like the IPFIREWALL options(and the like)... I basically need to know all possible options I can add to the kernel config file! Try reading these: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig-config.html (2) I guess these options can be used to set the kernel variables accessible through the sysctl command. So can I create my own options so that I can set a few kernel variables as and when I build the custom kernel? I don't think so. Read the Handbook sections I posted above for details. (3) and also my aim includes optimizing the kernel... so by enabling only the options I need to I should get a get optimization... is there anything else that can be done? If security is what concerns you, the Handbook has also this chapter: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/security.html There also many online articles that deal with the issue of security on a BSD system. Google will reveal dozens of them, but here's a starting pointer just to get you going: http://www.onlamp.com/pub/ct/13 Cheers, Giorgos ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Excess Kernel Options
Hi, I need to recompile my kernel on a server to add quota support. I'm thinking while I'm doing that, I should go ahead and remove everything else I don't need like SCSI, RAID, etc. The thing I'm wondering about is: I have no use for USB, Firewire, etc. on this server. Even though the server has USB on it, if I compile the kernel without USB support will that cause problems? Thank you, Scott ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Excess Kernel Options
SonServers Christian Web Hosting wrote: Hi, I need to recompile my kernel on a server to add quota support. I'm thinking while I'm doing that, I should go ahead and remove everything else I don't need like SCSI, RAID, etc. The thing I'm wondering about is: I have no use for USB, Firewire, etc. on this server. Even though the server has USB on it, if I compile the kernel without USB support will that cause problems? No. I do it all the time. You can remove any device from your kernel that you're not using, even if it exists in your machine. The thing to remember about that is that devices often have dependencies that aren't always obvious. (i.e., using a USB HDD requires SCSI support) -- Bill Moran Potential Technologies http://www.potentialtech.com ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
All the possible Kernel options
This week-end I was trying to get my Atapi CDRW to burn something and noticed I needed the CAM support enabled for it. Reading the handbook gave me the necessary option for the kernel : *device atapicam *It worked but I remember posting a question about where to find all the different options for the Kernel. The response was easy and located into the /sys/i386/conf/NOTES file (under 5.x). The thing is I couldn't find any trace of the Device atapicam in either GENERIC or NOTES. Is this normal or is there any other hidden options I should be aware of ? Thank you Dany * * ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: All the possible Kernel options
# [EMAIL PROTECTED] / 2004-01-05 07:53:02 -0500: This week-end I was trying to get my Atapi CDRW to burn something and noticed I needed the CAM support enabled for it. Reading the handbook gave me the necessary option for the kernel : *device atapicam *It worked but I remember posting a question about where to find all the different options for the Kernel. The response was easy and located into the /sys/i386/conf/NOTES file (under 5.x). The thing is I couldn't find any trace of the Device atapicam in either GENERIC or NOTES. Is this normal or is there any other hidden options I should be aware of ? take a look at (IIRC) /sys/conf/NOTES -- If you cc me or remove the list(s) completely I'll most likely ignore your message.see http://www.eyrie.org./~eagle/faqs/questions.html ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: All the possible Kernel options
On Monday 05 January 2004 05:53 am, Dany wrote: This week-end I was trying to get my Atapi CDRW to burn something and noticed I needed the CAM support enabled for it. Reading the handbook gave me the necessary option for the kernel : *device atapicam *It worked but I remember posting a question about where to find all the different options for the Kernel. The response was easy and located into the /sys/i386/conf/NOTES file (under 5.x). The thing is I couldn't find any trace of the Device atapicam in either GENERIC or NOTES. Is this normal or is there any other hidden options I should be aware of ? --- --- Try this: shell-prompt: cd /sys/i386/conf shell-prompt: make LINT shell-prompt: grep atapicam LINT -- Our care should not be to have lived long as to have lived enough. -Seneca ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
How to determine the kernel options that are compiled in a running kernel?
I've got a customized kernel but no KERNCONF file, how can I determine what options/devices were used when compiling the kernel? Thanks, Sam ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How to determine the kernel options that are compiled in a running kernel?
On Tue, Nov 11, 2003 at 10:55:30AM -0700, [EMAIL PROTECTED] wrote: I've got a customized kernel but no KERNCONF file, how can I determine what options/devices were used when compiling the kernel? In general you can only do this if you compiled in a copy of your configuration file into your kernel with options INCLUDE_CONFIG_FILE (see the comment in NOTES/LINT for how to extract it again from the kernel). Kris pgp0.pgp Description: PGP signature
Re: How to determine the kernel options that are compiled in a runningkernel?
I've got a customized kernel but no KERNCONF file, how can I determine what options/devices were used when compiling the kernel? Short of having INCLUDE_CONFIG_FILE in your kernel config at compile time as Kris mentioned, kldstat -v can give you pretty good idea what's in there. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
SYSVSHM Kernel options
I have been doing significant reading on the kernel options related to tuning PostgreSQL and I am wondering how to best go about increasing the paged memory available to FreeBSD. I have read the following suggestions: options SYSVSHM options SHMMAXPGS=4096 (place total shared mem here) options SHMSEG=256 options SYSVSEM options SEMMNI=256 options SEMMNS=512 options SEMMNU=256 options SEMMAP=256 AND /You might also want to use the sysctl setting to lock shared memory into RAM and prevent it from being paged out to swap, e.g. kern.ipc.shm_use_phys /My question is, should i go ahead and increase the SHMMAXPGS value to any amount of memory that i choose? what are the consequences of doing this on a freebsd system? What problems might be caused and will this degrade the rest of the system? What is the affect of locking shared memory into RAM using the sysctl utility? I have never tuned the system in this way before and I am wary of messing around. Thanks! octavian To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message