Sunday, October 16, 2005

Upgrading FreeBSD 5.4 to 6.0

I upgraded my first production box from FreeBSD 5.4 to 6.0 with great success. This box runs Apache, MySQL, PHP, and my ncid server. Other than ncid, nothing else is really production nor critical on this box. This is my least "production" server so it was the least-risky to attempt.

I did the usual cvsup, using tag RELENG_6 to get the 6.0 RC1 sources, and built and installed world/kernel and ran mergemaster. For more details on how to do these things, I recommend Richard Bejtlich's excellent Keeping FreeBSD Up To Date article. Richard does a good job of addressing everything there, no need to reinvent the wheel.

Everything came out perfectly well with one small change with serial port naming that kept my ncid server from starting. Serial ports in 5.x were /dev/cuaaX and are now /dev/cuadX where X is the number of the serial port. This box has one serial port so it changed from /dev/cuaa0 to /dev/cuad0. A simple change in my ncidd.conf file and manually firing up ncidd fixed that.

All else is running well with no other changes at all. Looks like FreeBSD 5.x to 6.0 upgrades will be pretty painless.

Saturday, October 01, 2005

Installing MySQL on FreeBSD

I'm installing MySQL in a fresh FreeBSD jail and thought it'd be a good idea to document the quick, easy process, so the next time someone asks me how to do this, I can just point them to this.

Update your Ports
First, cvsup your ports collection so you have the most recent versions available.

Choose a Version
This isn't very clear or simple. There are four different MySQL versions in FreeBSD ports - 3.23, 4.0, 4.1, and 5.0. Unless your intended application only works with MySQL 3.x, I wouldn't recommend using that version. MySQL 5 is the current development version, so I wouldn't recommend it for production use either. MySQL 4.1 is the latest "production release" as of this writing, so generally this is what you will want to use.

The installation is almost as straight forward as usual. There are some make options that may be of interest.

You may use the following build options:

WITH_CHARSET=charset Define the primary built-in charset (latin1).

WITH_XCHARSET=list Define other built-in charsets (may be 'all').

WITH_COLLATION=collate Define default collation (latin1_swedish_ci).

WITH_OPENSSL=yes Enable secure connections.

WITH_LINUXTHREADS=yes Use the linuxthreads pthread library.

WITH_PROC_SCOPE_PTH=yes Use process scope threads
(try it if you use libpthread).

BUILD_OPTIMIZED=yes Enable compiler optimizations
(use it if you need speed).

BUILD_STATIC=yes Build a static version of mysqld.
(use it if you need even more speed).

WITHOUT_INNODB=yes Disable support for InnoDB table handler.

WITH_NDB=yes Enable support for NDB Cluster.

For the most common uses you can get by without any options. I typically use BUILD_OPTIMIZED and BUILD_STATIC.

cd /usr/ports/databases/mysql41-server
make BUILD_OPTIMIZED=yes BUILD_STATIC=yes install clean

MySQL will now install.

Configure to Start on Boot
A startup script is installed in the usual location, /usr/local/etc/rc.d/. Before this startup script will function, you need to open your /etc/rc.conf and add the line mysql_enable="YES".

Start MySQL
MySQL is now configured to start at boot, but you probably don't want to reboot just to get it to start. Just run the following.

/usr/local/etc/rc.d/ start

Now MySQL is running and ready for use.

Recent Happenings

Couple things keeping me busy lately.

One, the new m0n0wall Documentation Site and all the new documentation contained therein for this open source firewall project. This makes public much of the work I've done over the last several months, and will become the new location for documentation as soon as I get it in a bit better shape. I'm hosting this site on my colocated server at Louisville ISP's data center, rather than on the main site. This makes it easier on Manuel, founder of m0n0wall, and I, since I write most of the documentation and he isn't involved much in it. The documentation for open source firewall project pfSense will begin to be forked off of this site once we decide on a suitable documentation platform.

Second, I've been working with best selling computer book author Dave Taylor as coauthor on a series of e-books. Connect Safely is the name of this project, offering Wireless Security and Privacy Guides. My typical audience isn't really the intended audience for this series, but if you're a frequent wireless network user and aren't extremely familiar with wireless network security concerns, you really should consider this. I can't tell you how many even quite computer literate folks I've seen giving their passwords to the world on a hot spot. As a bonus for more technical readers, I wrote a section on using Ethereal to analyze your network traffic to ensure it is being protected. Stay safe on wireless networks - check it out.