TrueOS and Warden: Easy to Deploy FreeBSD Servers

Dru LavigneDirector of Community Development, iXsystemsTxLF, June 1, 2013

Outline

Introduction

TrueOS Features

Automated Deployment

Warden Features

Additional Resources

Introduction

PC-BSD Project started as a graphical installer and graphical utilities to make it easy to install and use a FreeBSD desktop

Project did not simply port existing Linux utils due to differences between Linux and BSD and to provide one consistent look

Each graphical utility is a QT based front-end based on a Bourne (sh) back-end, meaning that the same functionality can be achieved on a minimalist desktop or even a command-line only system

Introduction

These utilities proved to also be useful for server installation and administration

This presentation introduces the following utilities which ease the deployment of servers:

TrueOS: a FreeBSD command line server plus the CLI versions of PC-BSD utils and some extra tools designed to ease the learning curve for Linux sysadmins (e.g. bash, sudo, nano, rsync, screen, smartmontools)

Introduction

pc-sysinstall: fully scriptable, CLI version of the installer, specifically designed for customized installations and automated deployments

thin client: script to easily create an installation server for automated installs over PXE

Warden: utility for deploying and managing FreeBSD and Linux jails (light-weight, virtualized operating systems)

TrueOS Features

Easy to install, CLI-only FreeBSD server using graphical installer or an automated script

Supports ZFS configuration during install: mirror, RAIDZ, RAIDZ2, RAIDZ3, datasets, and properties (e.g. compression, atime, exec, canmount)

Installation sets the login user account, optionally enables SSH, and sets root password (SSH root logins are denied by default)

ZFS in GUI Installer

ZFS in GUI Installer

TrueOS Features

If install with ZFS, beadm(1) can be used to take a snapshot of the boot environment before performing an upgrade

If the upgrade fails, simply activate that snapshot to boot into the previous boot environment

Upcoming Features

9.2 will include utilities to schedule automatic ZFS scrubs, create and manage ZFS snapshots, and create beadm snapshots--these can be performed now using zfs(8) and beadm(1)

Once the necessary boot changes have been made to FreeBSD, a utility will be created to make it easy to select from beadm snapshots at system boot

Automated Deployment

The backend to the graphical installer is a script named pc-sysinstall. Its syntax is similar to sysinstall(8), making it easy to convert existing custom deployments

Adds directives to layout disks with ZFS

Examples can be found in /usr/share/examples/pc-sysinstall/

The graphical installer saves its config to /root/pc-sysinstall.cfg, making it easy to customize a complex installation

Sample Config

Automated Deployment

To automatically rollout a custom configuration over PXE, use the thinclient script to create an installation server

This script installs and configures a DHCP server, TFTP server, and NFS server

A sample installation script can be found in /usr/home/thinclient/installscripts/pc-sysinstall.example

Install clients automatically boot into a menu:

PXE Client Menu

Warden Features

Since 2000, FreeBSD has provided light-weight OS virtualization using jail(8)

Ideally suited for deploying servers who host network services as services are isolated from both the host system and any other jails

Warden makes it easy to deploy and manage jails, start/stop services within jails, and install/upgrade software within jails

Warden Features

Warden supports 3 types of jails:

1.1. Ports Jail: used to safely install and use ports/packages (software) without affecting underlying OS and its software2.3.2. Traditional Jail: used to securely deploy network services4.5.3. Linux Jail: used to securely deploy Linux servers (currently Gentoo and Debian Squeeze)

Warden GUI

Warden Features

If the host's filesystem is ZFS, Warden can be used to schedule and manage ZFS snapshots, even for Linux jails

Snapshots can be deployed to another system

Jails can be exported (all of its software, configuration, and files) and imported to another jail or system

Managing Snapshots in Warden

CLI Version of Warden

Upcoming Warden Features

Ability to create named jails (not just IP)

IP addresses and aliases can be changed on the fly

Templates allow you to select any version of FreeBSD (from 4.1 to HEAD) to deploy

Vnet support provides each jail its own networking stack, loopback address, IPsec, etc.

Additional Resources

Documentation: http://wiki.pcbsd.org

IRC: #pcbsd on Freenode

Automating the deployment of FreeBSD & PC-BSD systems: http://www.bsdcan.org/2013/schedule/attachments/248_bsdcan2013.pdf

Additional Resources

The Warden - FreeBSD and Linux Jail Management:http://www.youtube.com/watch?v=2WEX_W7nH3Y

Improvements to Jail Management via the Warden: http://bsdmag.org/magazine/1838-jails-firewall-with-pf(page 16-17)

Questions?

Contact:

dru@freebsd.org

URL to Slides:

http://slideshare.net/dlavigne/tlf2013