Sunday, September 14, 2008

Upgrading FreeBSD

I decided it was finally time to take care of our old FreeBSD server and get it running something supported. This box is the main server for our household. It processes mail, provides network services (imap, dhcp, dns), houses photos, music, video, and acts as a web server for the house, including a calendar and addressbook. So it's a rather important box for our family and when it is down it is missed. In fact, during this latest upgrade my wife asked me at least 6 different times either "can I get to my e-mail yet?" or "can I get to the addressbook yet?"

The box is a "K-Mart special", an old Microtel that K-Mart used to sell with Linux & Lindows pre-installed (no Windows license). It's an AMD Duron running at 850 MHz. After it arrived I immediately replaced the disk and installed FreeBSD. I don't even remember when I originally purchased and installed it, but we have had it for many years. It's been doing a great job but it has a number of issues. There are only 4 drive bays and they are all full. I have to keep a small disk as ad0 in order to boot because the BIOS can't boot from larger disks. Bus contention between the on-board ATA controller and the 3ware RAID controller make it unwise to actually use ad0. So I have a small ad0 that's unused, a large ad4 that contains system partitions and /home, and 2 disks on the RAID array for the "important" stuff (photos, video, svn, database backups). I looked in to upgrading the BIOS but it was made by Award Software, which merged with Phoenix, which then outsourced all distrubution of BIOS updates to eSupport, which charges money! So I haven't done that.

I installed FreeBSD 6.2 on the box in January of 2007. At the time I thought I would be clever and put /home and /var on separate partitions. I figured that I would be able to retain both of them through an upgrade making the whole process simpler and faster. But I was wrong. 6.2 reached EOL earlier this year and I knew it was time to endure another upgrade. I thought I had taken lots of good notes when I installed 6.2. As it turns out there was much I didn't write down. I also neglected to write down things I have done to the box since then (like how I installed Ruby on Rails with Postgres support). So I just spent the last two days fussing with the box. Once the core system was in place I spent the rest of the time restoring equivalent functionality by installing all the packages that I use. This morning I finally finished (at least I think I got everything).

On my initial attempt at installing 7.0 I wiped the root partition and left /var and /home intact. This quickly ran in to problems as the package database is kept in /var. Thus the system thought I was asking it to install packages that it already had, or for which it had conflicting versions. Heeding the advice of some folks on #lopsa I went out and bought another disk. As it turned out Fry's had a sale: 320GB Western Digital Caviar drives for $64. That's less than most 160G drives, so that's what I got.

I opened the case, pulled the old drive and rejumpered it as slave, installed the new drive as master, then gently rested the old drive on the bottom of the case. Don't try this at home, kids! (But then I'm the guy that used to hot plug SCSI drives on running systems.) The rest should be easy, right? I wish.

One thing I did differently this time which really helped down the road: I installed the Developer-X package rathern than just Developer. This installed many of the X11 packages off the CD. I've never done this before because it's a headless server, so why would it need X? Well, as it turns out, there are many packages I want which depend on some part of X11 and I end up pulling a lot of that cruft in anyway.

After the installation and the freebsd-update I copied over the dns stuff, the user information, the host keys, and /etc/mail. Then I had to copy over the home directories which took about 2 hours. My clever idea of keeping /home separate was absolutely no help at all. I still had to copy the bits because I was putting in a new disk and there wasn't room in the case to house both of them. Ditto /var as I had to copy the half-gig of /var/mail too.

From that point I was able to boot multi-user and start installing stuff. Since my machine isn't terribly fast, I prefer to install pre-made packages from the freebsd servers via "pkg_add -r". I installed a total of 21 packages this way, and of course many of those pulled in others. But I discovered some unfortunate things along the way. Some pre-made packages didn't have everything I needed so I had to compile them from ports. This enabled me to select what parts I wanted to create. PHP5 has to be compiled from ports as the package does not include the apache module. PDFlib is required by gnuplot but there is no package for it so it has to be compiled from ports. There is no package for rubygem-postgres (Postgres support in Ruby on Rails) so it has to be compiled from a port. The package for apcupsd (for monitoring my APC UPS) does not include the cgi programs for showing the UPS status via a web site, so it has to be compiled. The php5-pgsql package (postgres support for PHP) depends on postgres 8.1 and not 8.2. And the last thing I discovered is that I need to switch my users to SSL-based imap: the uw-imap package intentionally does not allow plaintext connections. This is a very reasonable selection, but not currently workable in my home, so I also compiled from that port. But don't worry: you'd have to be physically connected to the network in my house to see the passwords.

I also use jpgraph on our internal web site for building graphs on the fly in PHP. The package for jpgraph relies on a tarball that apparently is no longer available. Fortunately installing it from scratch is easy. I had to install php5-gd first, but then it was just a matter of extracting the latest tarball and copying the files in to the right place in /usr/local/share/php5.

There were some configuration tweaks I had to perform by comparing against the config files on the old disk. I suppose clever use of subversion would make that step a tad easier. By tonight I was pretty certain that I had remembered everything, and that the system was finally back to 100%. Then I discovered that I forgot to configure and enable NTP. Sigh.

No comments: