diff --git a/en_US.ISO8859-1/books/handbook/config/chapter.sgml b/en_US.ISO8859-1/books/handbook/config/chapter.sgml index 4a05f7b9df..86ceff13b1 100644 --- a/en_US.ISO8859-1/books/handbook/config/chapter.sgml +++ b/en_US.ISO8859-1/books/handbook/config/chapter.sgml @@ -1,853 +1,882 @@ - Configuration and Tuning + + + + Chern + Lee + Written + + + Mike + Smith + Based on a tutorial written by + + + Matt + Dillon + and tuning(7) written by + + + - This chapter was written by &a.chern; and &a.murray using - information originally written by &a.msmith; and &a.dillon; + Configuration and Tuning Synopsis System configuration System optimization Configuring a system correctly can substantially reduce the amount of work and hassle involved in maintaining and upgrading it in the future. This chapter describes some of the aspects of administrative configuration of FreeBSD systems. This chapter will also describe some of the parameters that can be set to tune a FreeBSD system for optimum performance. Initial Configuration Partition layout Partition layout /etc /var /usr Base Partitions When laying out your filesystem with &man.disklabel.8; or &man.sysinstall.8;, it is important to remember that hard drives can transfer data at a faster rate from the outer tracks than the inner. Knowing this, you should place your smaller, heavily-accessed filesystems, such as root and swap, closer to the outside of the drive, while placing larger partitions, such as /usr, towards the inner. To do so, it is a good idea to create partitions in a similar order: root, swap, /var, /usr. The size of your /var partition reflects the intended use of your machine. /var is primarily used to hold: mailboxes, print spool and log files. Mail boxes and log files, in particular, can grow to unexpected sizes based upon how many users are on your system and how long your log files are kept. If you intend to run a mailserver, a /var partition of over a gig can be suitable. Additionally, /var/tmp must be large enough to contain any packages you may wish to add. The /usr partition holds the bulk - of the files required to support the system and a subdirectory - within it called /usr/local holds the - bulk of the files installed from the &man.ports.7; hierarchy. - If you do not use ports all that much and do not intend to - keep system source (/usr/src) on the machine, you can get away - with a 1 gigabyte /usr partition. However, if you install a - lot of ports (especially window managers and Linux-emulated - binaries), we recommend at least a two gigabyte /usr and if - you also intend to keep system source on the machine, we - recommend a three gigabyte /usr. Do not + of the files required to support the system and a + subdirectory within it called + /usr/local holds the bulk of the files + installed from the &man.ports.7; hierarchy. If you do not + use ports all that much and do not intend to keep system + source (/usr/src) on the machine, you can get away with a 1 + gigabyte /usr partition. However, if you install a lot of + ports (especially window managers and Linux binaries), we + recommend at least a two gigabyte /usr and if you also + intend to keep system source on the machine, we recommend a + three gigabyte /usr. Do not underestimate the amount of space you will need in this partition, it can creep up and surprise you! When sizing your partitions, keep in mind the space requirements for your system to grow. Running out of space in one partition while having plenty in another can lead to much frustration. Some users who have used &man.sysinstall.8;'s Auto-defaults partition sizer have found either their root or /var partitions too small later on. Partition wisely and generously. Swap Partition swap sizing swap partition As a rule of thumb, your swap space should typically be double the amount of main memory. For example, if the machine has 128 megabytes of memory, the swap file should be 256 megabytes. Systems with lesser memory may perform better with a lot more swap. It is not recommended that you configure any less than 256 megabytes of swap on a system and you should keep in mind future memory expansion when sizing the swap partition. The kernel's VM paging algorithms are tuned to perform best when the swap partition is at least two times the size of main memory. Configuring too little swap can lead to inefficiencies in the VM page scanning code as well as create issues later on if you add more memory to your machine. Finally, on larger systems with multiple SCSI disks (or multiple IDE disks operating on different controllers), it is strongly recommend that you configure swap on each drive (up to four drives). The swap partitions on the drives should be approximately the same size. The kernel can handle arbitrary sizes but internal data structures scale to 4 times the largest swap partition. Keeping the swap partitions near the same size will allow the kernel to optimally stripe swap space across the disks. Do not worry about overdoing it a little, swap space is the saving grace of Unix. Even if you don't normally use much swap, it can give you more time to recover from a runaway program before being forced to reboot. Why Partition? Why partition at all? Why not create one big root partition and be done with it? Then I don't have to worry about undersizing things! There are several reasons this is not a good idea. First, each partition has different operational characteristics and separating them allows the filesystem to tune itself to those characteristics. For example, the root and /usr partitions are read-mostly, with very little writing, while a lot of reading and writing could occur in /var and /var/tmp. By properly partitioning your system, fragmentation introduced in the smaller more heavily write-loaded partitions will not bleed over into the mostly-read partitions. Additionally, keeping the write-loaded partitions closer to the edge of the disk, for example before the really big partition instead of after in the partition table, will increase I/O performance in the partitions where you need it the most. Now it is true that you might also need I/O performance in the larger partitions, but they are so large that shifting them more towards the edge of the disk will not lead to a significant performance improvement whereas moving /var to the edge can have a huge impact. Finally, there are safety concerns. Having a small neat root partition that is essentially read-only gives it a greater chance of surviving a bad crash intact. Core Configuration rc files rc.conf The principal location for system configuration information is within /etc/rc.conf. This file contains a wide range of configuration information, principally used at system startup to configure the system. Its name directly implies this; it is configuration information for the rc* files. An administrator should make entries in the rc.conf file to override the default settings from /etc/defaults/rc.conf. The defaults file should not be copied verbatim to /etc - it contains default values, not examples. All system-specific changes should be made in the rc.conf file itself. A number of strategies may be applied in clustered applications to separate site-wide configuration from system-specific configuration in order to keep administration overheads down. The recommended approach is to place site-wide configuration into another file, eg. /etc/rc.conf.site, and then include this file into /etc/rc.conf, which will contain only system-specific information. As rc.conf is read by &man.sh.1; it is trivial to achieve this. For example: rc.conf: . rc.conf.site hostname="node15.webcompany.com" network_interfaces="fxp0 lo0" ifconfig_fxp0="inet 10.1.1.1" rc.conf.site: defaultrouter="10.1.1.254" saver="daemon" blanktime="100" The rc.conf.site file can then be distributed to every system using eg. rsync, whilst the rc.conf file remains unique. Upgrading the system eg. via &man.sysinstall.8; or 'make world' will not overwrite the rc.conf file, so system configuration information will not be lost. Application Configuration Typically, installed applications have their own configuration files, with their own syntax, etc. It is important that these files be kept separate from the base system, so that they may be easily located and managed by the package management tools. /usr/local/etc Typically, these files are installed in /usr/local/etc. In the case where an application has a large number of configuration files, a subdirectory will be created to hold them. Normally, when a port or package is installed, sample configuration files are also installed. These are usually identified with a ".default" suffix. If there are no existing configuration files for the application, they will be created by copying the .default files. For example, here is /usr/local/etc/apache: -rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf -rw-r--r-- 1 root wheel 2184 May 20 1998 access.conf.default -rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf -rw-r--r-- 1 root wheel 9555 May 20 1998 httpd.conf.default -rw-r--r-- 1 root wheel 12205 May 20 1998 magic -rw-r--r-- 1 root wheel 12205 May 20 1998 magic.default -rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types -rw-r--r-- 1 root wheel 2700 May 20 1998 mime.types.default -rw-r--r-- 1 root wheel 7980 May 20 1998 srm.conf -rw-r--r-- 1 root wheel 7933 May 20 1998 srm.conf.default It can be quickly seen that only the srm.conf file has been changed. A later update of the apache port would not overwrite this changed file. Starting Services services It is common for a system to host a number of services. These may be started in several different fashions, each having different advantages. /usr/local/etc/rc.d Software installed from a port or the packages collection will often place a script in /usr/local/etc/rc.d which is invoked at system startup with a 'start' argument, and at system shutdown with a 'stop' argument. This is the recommended way for starting system-wide services that are to be run as root, or that expect to be started as root. These scripts are registered as part of the installation of the package, and will be removed when the package is removed. A generic startup script in /usr/local/etc/rc.d looks like: #!/bin/sh echo -n ' FooBar' case "$1" in start) /usr/local/bin/foobar ;; stop) kill -9 `cat /var/run/foobar.pid` ;; *) echo "Usage: `basename $0` {start|stop}" >&2 exit 64 ;; esac exit 0 This script is called with at startup, and the at shutdown to allow it to carry out its purpose. Some services expect to be invoked by &man.inetd.8; when a connection is received on a suitable port. This is common for mail reader servers (POP and IMAP, etc.). These services are enabled by editing the file /etc/inetd.conf. See &man.inetd.8; for details on editing this file. Some additional system services may not be covered by the toggles in /etc/rc.conf. These are traditionally enabled by placing the command(s) to invoke them in /etc/rc.local. As of FreeBSD 3.1 there is no default /etc/rc.local; if it is created by the administrator it will however be honored in the normal fashion. Note that rc.local is generally regarded as the location of last resort; if there is a better place to start a service, do it there. Do not place any commands in /etc/rc.conf. To start daemons, or run any commands at boot time, place a script in /usr/local/etc/rc.d instead. It is also possible to use the &man.cron.8; daemon to start system services. This approach has a number of advantages, not least being that because &man.cron.8; runs these processes as the owner of the crontab, services may be started and maintained by non-root users. This takes advantage of an undocumented feature of &man.cron.8; the time specification may be replaced by '@reboot', which will cause the job to be run when &man.cron.8; is started shortly after system boot. Virtual Hosts virtual hosts ip aliases A very common use of FreeBSD is virtual site hosting, where one server appears to the network as many servers. This is achieved by assigning multiple network addresses to a single interface. A given network interface has one "real" address, and may have any number of "alias" addresses. These aliases are normally added by placing alias entries in /etc/rc.conf. An alias entry for the interface 'fxp0' looks like: ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx" Note that alias entries must start with alias0 and proceed upwards in order, eg. _alias1, _alias2, etc. The configuration process will stop at the first missing number. The calculation of alias netmasks is important, but fortunately quite simple. For a given interface, there must be one address which correctly represents the network's netmask. Any other addresses which fall within this network must have a netmask of all 1's. For example, consider the case where the fxp0 interface is connected to two networks, the 10.1.1.0 network with a netmask of 255.255.255.0 and the 202.0.75.16 network with a netmask of 255.255.255.240. We want the system to appear at 10.1.1.1 through 10.1.1.5 and at 202.0.75.17 through 202.0.75.20. The following entries configure the adapter correctly for this arrangement: ifconfig_fxp0="inet 10.1.1.1 netmask 255.255.255.0" ifconfig_fxp0_alias0="inet 10.1.1.2 netmask 255.255.255.255" ifconfig_fxp0_alias1="inet 10.1.1.3 netmask 255.255.255.255" ifconfig_fxp0_alias2="inet 10.1.1.4 netmask 255.255.255.255" ifconfig_fxp0_alias3="inet 10.1.1.5 netmask 255.255.255.255" ifconfig_fxp0_alias4="inet 202.0.75.17 netmask 255.255.255.240" ifconfig_fxp0_alias5="inet 202.0.75.18 netmask 255.255.255.255" ifconfig_fxp0_alias6="inet 202.0.75.19 netmask 255.255.255.255" ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255" Configuration Files <filename>/etc</filename> Layout There are a number of directories in which configuration information is kept. These include: /etc Generic system configuration information; data here is system-specific. /etc/defaults Default versions of system configuration files. /etc/mail Extra sendmail configuration, other MTA configuration files. /etc/ppp Configuration for both user- and kernel-ppp programs. /etc/namedb Default location for bind(8) data. Normally the boot file is located here, and contains a directive to - refer to other data in /var/db. + refer to other data in /var/db. /usr/local/etc Configuration files for installed applications. May contain per-application subdirectories. /usr/local/etc/rc.d Start/stop scripts for installed applications. /var/db Persistent system-specific data files, eg. bind(8) zone files, database files, and so on. Hostnames hostnames DNS - /etc/resolv.conf + <filename>/etc/resolv.conf</filename> - resolv.conf + + resolv.conf + /etc/resolv.conf dictates how FreeBSD's resolver accesses the Internet Domain Name System (DNS). The most common entries to resolv.conf are: nameserver The IP address of a nameserver the resolver should query. The servers are queried in the order listed with a maximum of three. search Search list hostname lookup. This is normally determined by the domain of the local hostname. domain The local domain name. A typical resolv.conf: search foobar.com nameserver 147.11.1.11 nameserver 147.11.100.30 &man.dhclient.8; usually rewrites resolv.conf with information received from the DHCP server. <filename>/etc/hosts</filename> hosts /etc/hosts is a simple text database reminiscent of the old Internet. It works in conjunction with DNS and NIS providing name to IP address mappings. Local computers connected via a LAN can be placed in here for simplistic naming purposes instead of setting up a &man.named.8; server. Additionally, /etc/hosts can be used to provide a local record of Internet names, reducing the need to query externally for commonly accessed names. # $FreeBSD$ # # Host Database # This file should contain the addresses and aliases # for local hosts that share this file. # In the presence of the domain name service or NIS, this file may # not be consulted at all; see /etc/nsswitch.conf for the resolution order. # # ::1 localhost localhost.my.domain myname.my.domain 127.0.0.1 localhost localhost.my.domain myname.my.domain # # Imaginary network. #10.0.0.2 myname.my.domain myname #10.0.0.3 myfriend.my.domain myfriend # # According to RFC 1918, you can use the following IP networks for # private nets which will never be connected to the Internet: # # 10.0.0.0 - 10.255.255.255 # 172.16.0.0 - 172.31.255.255 # 192.168.0.0 - 192.168.255.255 # # In case you want to be able to connect to the Internet, you need # real official assigned numbers. PLEASE PLEASE PLEASE do not try # to invent your own network numbers but instead get one from your # network provider (if any) or from the Internet Registry (ftp to # rs.internic.net, directory `/templates'). # /etc/hosts takes on the simple format of: [Internet address] [official hostname] [alias1] [alias2] ... For example: 10.0.0.1 myRealHostname.foobar.com myRealHostname foobar1 foobar2 Consult &man.hosts.5; for more information. Log File Configuration log files <filename>syslog.conf</filename> syslog.conf syslog.conf is the configuration file for the &man.syslogd.8; program. It indicates which types of syslog messages are logged to particular log files. # $FreeBSD$ # # Spaces ARE valid field separators in this file. However, # other *nix-like systems still insist on using tabs as field # separators. If you are sharing this file between systems, you # may want to use only tabs as field separators here. # Consult the syslog.conf(5) manpage. *.err;kern.debug;auth.notice;mail.crit /dev/console *.notice;kern.debug;lpr.info;mail.crit;news.err /var/log/messages security.* /var/log/security mail.info /var/log/maillog lpr.info /var/log/lpd-errs cron.* /var/log/cron *.err root *.notice;news.err root *.alert root *.emerg * # uncomment this to log all writes to /dev/console to /var/log/console.log #console.info /var/log/console.log # uncomment this to enable logging of all log messages to /var/log/all.log #*.* /var/log/all.log # uncomment this to enable logging to a remote loghost named loghost #*.* @loghost # uncomment these if you're running inn # news.crit /var/log/news/news.crit # news.err /var/log/news/news.err # news.notice /var/log/news/news.notice !startslip *.* /var/log/slip.log !ppp *.* /var/log/ppp.log Consult the &man.syslog.conf.5; manpage for more information. <filename>newsyslog.conf</filename> newsyslog.conf newsyslog.conf is the configuration file for &man.newsyslog.8;, a program that is scheduled to run normally by &man.cron.8; &man.newsyslog.8; determines when log files require archiving or rearranging. logfile is moved to logfile.1, logfile.1 is moved to logfile.2, and so on. Additionally, the log files may be archived in &man.gzip.1; format causing them to be named: logfile.0.gz, logfile.1.gz, and so on. newsyslog.conf indicates which log files are to be managed, how many are to be kept, and when they are to be touched. Log files can be rearranged and/or archived when they have either reached a certain size, or at a certain periodic time/date. # configuration file for newsyslog # $FreeBSD$ # # logfilename [owner:group] mode count size when [ZB] [/pid_file] [sig_num] /var/log/cron 600 3 100 * Z /var/log/amd.log 644 7 100 * Z /var/log/kerberos.log 644 7 100 * Z /var/log/lpd-errs 644 7 100 * Z /var/log/maillog 644 7 * @T00 Z /var/log/sendmail.st 644 10 * 168 B /var/log/messages 644 5 100 * Z /var/log/all.log 600 7 * @T00 Z /var/log/slip.log 600 3 100 * Z /var/log/ppp.log 600 3 100 * Z /var/log/security 600 10 100 * Z /var/log/wtmp 644 3 * @01T05 B /var/log/daily.log 640 7 * @T00 Z /var/log/weekly.log 640 5 1 $W6D0 Z /var/log/monthly.log 640 12 * $M1D0 Z /var/log/console.log 640 5 100 * Z Consult the &man.newsyslog.8; manpage for more information. <filename>sysctl.conf</filename> sysctl.conf sysctl sysctl.conf looks much like rc.conf. Values are set in a variable=value form. The specified values are set after the system goes into multi-user mode. Not all variables are settable in this mode. A sample sysctl.conf turning off logging of fatal signal exits and letting Linux programs know they are really running under FreeBSD. kern.logsigexit=0 # Do not log fatal signal exits (e.g. sig 11) compat.linux.osname=FreeBSD compat.linux.osrelease=4.3-STABLE Tuning with sysctl sysctl Tuning with sysctl &man.sysctl.8; is an interface that allows you to make changes to a running FreeBSD system. This includes many advanced options of the TCP/IP stack and virtual memory system that can dramatically improve performance for an experienced system administrator. Over five hundred system variables can be read and set using &man.sysctl.8; At its core, &man.sysctl.8; serves to do two functions: read and modify system settings. To view all readable variables: &prompt.user; sysctl -a To read a particular variable, for example, - kern.maxproc: + kern.maxproc: &prompt.user; sysctl kern.maxproc kern.maxproc: 1044 To set a particular variable, use the = option: &prompt.root; sysctl kern.maxfiles=5000 kern.maxfiles: 2088 -> 5000 Settings of sysctl variables are usually either strings, numbers, or booleans. A boolean being 1 for yes or a 0 for no. Tuning disks Sysctl Variables - vfs.vmiodirenable + <varname>vfs.vmiodirenable</varname> - vfs.vmiodirenable + + vfs.vmiodirenable + The vfs.vmiodirenable sysctl variable defaults to 0 (off) (though soon it will default to 1) and may be set to 0 (off) or 1 (on). This parameter controls how directories are cached by the system. Most directories are small and use but a single fragment (typically 1K) in the filesystem and even less (typically 512 bytes) in the buffer cache. However, when operating in the default mode the buffer cache will only cache a fixed number of directories even if you have a huge amount of memory. Turning on this sysctl allows the buffer cache to use the VM Page Cache to cache the directories. The advantage is that all of memory is now available for caching directories. The disadvantage is that the minimum in-core memory used to cache a directory is the physical page size (typically 4K) rather than 512 bytes. We recommend turning this option on if you are running any services which manipulate large numbers of files. Such services can include web caches, large mail systems, and news systems. Turning on this option will generally not reduce performance even with the wasted memory but you should experiment to find out. - hw.ata.wc + <varname>hw.ata.wc</varname> - hw.ata.wc + + hw.ata.wc + FreeBSD 4.3 flirted with turning off IDE write caching. This reduced write bandwidth to IDE disks but was considered - necessary due to serious data consistency issues introduced by - hard drive vendors. Basically the problem is that IDE drives - lie about when a write completes. With IDE write caching - turned on, IDE hard drives will not only write data to disk - out of order, they will sometimes delay some of the blocks - indefinitely when under heavy disk loads. A crash or power - failure can result in serious filesystem corruption. So our - default was changed to be safe. Unfortunately, the result was - such a huge loss in performance that we caved in and changed - the default back to on after the release. You should check - the default on your system by observing the hw.ata.wc sysctl - variable. If IDE write caching is turned off, you can turn it - back on by setting the kernel variable back to 1. This must - be done from the boot loader at boot time. Attempting to do - it after the kernel boots will have no effect. + necessary due to serious data consistency issues introduced + by hard drive vendors. Basically the problem is that IDE + drives lie about when a write completes. With IDE write + caching turned on, IDE hard drives will not only write data + to disk out of order, they will sometimes delay some of the + blocks indefinitely when under heavy disk loads. A crash or + power failure can result in serious filesystem corruption. + So our default was changed to be safe. Unfortunately, the + result was such a huge loss in performance that we caved in + and changed the default back to on after the release. You + should check the default on your system by observing the + hw.ata.wc sysctl variable. If IDE write + caching is turned off, you can turn it back on by setting + the kernel variable back to 1. This must be done from the + boot loader at boot time. Attempting to do it after the + kernel boots will have no effect. - Please see &man.ata.4;. + For more information, please see &man.ata.4;. SoftUpdates SoftUpdates tunefs - The &man.tunefs.8; can be used to fine-tune a filesystem. In this - situation, we are only concerned with its ability to toggle softupdates - on and off, which is done so by: + The &man.tunefs.8; program can be used to fine-tune a + filesystem. This program has many different options, but for + now we are only concerned with toggling SoftUpdates on and + off, which is done by : &prompt.root; tunefs -n enable /filesystem &prompt.root; tunefs -n disable /filesystem A filesystem cannot be modified with &man.tunefs.8; while it is mounted. A good time to enable SoftUpdates is before any partitions have been mounted, in single-user mode. SoftUpdates drastically improves meta-data performance, mainly file creation and deletion, through the use of a memory cache. We recommend turning SoftUpdates on on all of your filesystems. There are two downsides to SoftUpdates that you should be aware of: First, - softupdates guarantees filesystem consistency in the case of a crash + SoftUpdates guarantees filesystem consistency in the case of a crash but could very easily be several seconds (even a minute!) behind updating the physical disk. If you - crash you may lose more work than otherwise. Secondly, softupdates + crash you may lose more work than otherwise. Secondly, SoftUpdates delays the freeing of filesystem blocks. If you have a filesystem (such as the root filesystem) which is close to full, doing a major update of it, e.g. make installworld, can run it out of space and cause the update to fail. Tuning kernel limits Tuning kernel limits File/process limits - kern.maxfiles + <varname>kern.maxfiles</varname> - kern.maxfiles + + kern.maxfiles + kern.maxfiles can be raised or lowered based upon your system requirements. This variable indicates the maximum number of file descriptors on your system. When the file descriptor table is full, file: table is full will show up repeatedly - in dmesg. + in the system message buffer, which can be viewed with the + dmesg command. Each open file, socket, or fifo uses one file descriptor. A large-scale production server may easily require many thousands of file descriptors, depending on the kind and number of services running concurrently. kern.maxfile's default value is dictated by the option in your kernel config. kern.maxfiles grows proportionally to the value of . \ No newline at end of file