Configuration for FreeBSD                                         r0.1
----------------------------------------------------------------------
Michael Smith

Overview

Configuring a system correctly can substantially reduce the amount of
work involved in maintaining and upgrading it in the future.  This 
document describes some of the aspects of administrative configuration 
of FreeBSD systems.

Core Configuration

The principal location for system configuration information is the
file /etc/rc.conf.  This file contains a wide range of configuration
information, principally used at system startup to configure the
system. Its name directly implies this; it is configuration
information for the rc* files.

An administrator should make entries in the rc.conf file to override
the default settings from /etc/defaults/rc.conf.  The defaults file
should not be copied verbatim to /etc - it contains default values,
not examples.  All system-specific changes should be made in the
rc.conf file itself.

A number of strategies may be applied in clustered applications to
separate site-wide configuration from system-specific configuration in
order to keep administration overheads down.  The recommended approach
is to place site-wide configuration into another file,
eg. /etc/rc.conf.site, and then include this file into /etc/rc.conf,
which will contain only system-specific information.

As rc.conf is read by sh(1), it is trivial to achieve this.  For
example:

  rc.conf:

	. rc.conf.site
	hostname="node15.webcompany.com"
	network_interfaces="fxp0 lo0"
	ifconfig_fxp0="inet 10.1.1.1"

  rc.conf.site:

	defaultrouter="10.1.1.254"
	saver="daemon"
	blanktime="100"
	

The rc.conf.site file can then be distributed to every system using
eg. rsync, whilst the rc.conf file remains unique.

Upgrading the system eg. via sysconfig or 'make world' will not
overwrite the rc.conf file, so system configuration information will
not be lost.
	
Installed Application Configuration

Typically, installed applications have their own configuration files,
with their own syntax, etc.  It is important that these files be kept
separate from the base system, so that they may be easily located and
managed by the package management tools.

Typically, these files are installed in /usr/local/etc.  In the case
where an application has a large number of configuration files, a
subdirectory will be created to hold them.

Normally, when a port or package is installed, sample configuration
files are also installed.  These are usually identified with a
".default" suffix.  If there are no existing configuration files for
the application, they will be created by copying the .default files.

For example, here is /usr/local/etc/apahche:

-rw-r--r--  1 root  wheel   2184 May 20  1998 access.conf
-rw-r--r--  1 root  wheel   2184 May 20  1998 access.conf.default
-rw-r--r--  1 root  wheel   9555 May 20  1998 httpd.conf
-rw-r--r--  1 root  wheel   9555 May 20  1998 httpd.conf.default
-rw-r--r--  1 root  wheel  12205 May 20  1998 magic
-rw-r--r--  1 root  wheel  12205 May 20  1998 magic.default
-rw-r--r--  1 root  wheel   2700 May 20  1998 mime.types
-rw-r--r--  1 root  wheel   2700 May 20  1998 mime.types.default
-rw-r--r--  1 root  wheel   7980 May 20  1998 srm.conf
-rw-r--r--  1 root  wheel   7933 May 20  1998 srm.conf.default

It can be quickly seen that only the srm.conf file has been changed.
A later update of the apache port would not overwrite this changed file.

Starting Services

It is common for a system to host a number of services.  These may be
started in several different fashions, each having different
advantages.

Software installed from a port or the packages collection will often
place a script in /usr/local/etc/rc.d which is invoked at system
startup with a 'start' argument, and at system shutdown with a 'stop'
argument.  This is the recommended way for starting systemwide
services that are to be run as root, or that expect to be started as
root.  These scripts are registered as part of the installation of the
package, and will be removed when the package is removed.

Some services expect to be invoked by inetd(8) when a connection is
received on a suitable port.  This is common for mail reader servers
(POP and IMAP, etc.).  These services are enabled by editing the
file /etc/inetd.conf; see inetd.conf(5) for more details.

Some additional system services may not be covered by the toggles in
/etc/rc.conf.  These are traditionally enabled by placing the
command(s) to invoke them in /etc/rc.local.  As of FreeBSD 3.1 there
is no default /etc/rc.local; if it is created by the administrator it
will however be honoured in the normal fashion.  Note that rc.local is 
generally regarded as the location of last resort; if there is a
better place to start a service, do it there.

It is also possible to use the cron(8) daemon to start system
services.  This approach has a number of advantages, not least being
that because cron runs these processes as the owner of the crontab,
services may be started and maintained by non-root users.

This takes advantage of an undocumented feature of cron; the time
specification may be replaced by '@reboot', which will cause the job
to be run when cron is started shortly after system boot.

Virtual Hosts

A very common use of FreeBSD is virtual site hosting, where one server
appears to the network as many servers.  This is achieved by assigning 
multiple network addresses to a single interface.

A given network interface has one "real" address, and may have any
number of "alias" addresses.  These aliases are normally added by
placing alias entries in /etc/rc.conf.

An alias entry for the interface 'fxp0' looks like:

 ifconfig_fxp0_alias0="inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx"

Note that alias entries must start with alias0 and proceed upwards in
order, eg. _alias1, _alias2, etc.  The configuration process will stop 
at the first missing number.

The calculation of alias netmasks is important, but fortunately quite
simple.  For a given interface, there must be one address which
correctly represents the network's netmask.  Any other addresses which 
fall within this network must have a netmask of all 1's.

For example, consider the case where the fxp0 interface is connected
to two networks, the 10.1.1.0 network with a netmask of 255.255.255.0
and the 202.0.75.16 network with a netmask of 255.255.255.240.  We
want the system to appear at 10.1.1.1 through 10.1.1.5 and at
202.0.75.17 through 202.0.75.20.

The following entries configure the adapter correctly for this
arrangement:

 ifconfig_fxp0="inet 10.1.1.1 netmask 255.255.255.0"
 ifconfig_fxp0_alias0="inet 10.1.1.2 netmask 255.255.255.255"
 ifconfig_fxp0_alias1="inet 10.1.1.3 netmask 255.255.255.255"
 ifconfig_fxp0_alias2="inet 10.1.1.4 netmask 255.255.255.255"
 ifconfig_fxp0_alias3="inet 10.1.1.5 netmask 255.255.255.255"
 ifconfig_fxp0_alias4="inet 202.0.75.17 netmask 255.255.255.240"
 ifconfig_fxp0_alias5="inet 202.0.75.18 netmask 255.255.255.255"
 ifconfig_fxp0_alias6="inet 202.0.75.19 netmask 255.255.255.255"
 ifconfig_fxp0_alias7="inet 202.0.75.20 netmask 255.255.255.255"

Filesystem Layout

There are a number of directories in which configuration information
is kept.  These include:

 /etc
	Generic system configuration information; data here is 
	system-specific.

 /etc/defaults

	Default versions of system configuration files.

 /etc/mail

	Extra sendmail configuration, other MTA configuration files.

 /etc/ppp

	Configuration for both user- and kernel-ppp programs.

 /etc/namedb

	Default location for bind(8) data.  Normally the boot file is
        located here, and contains a directive to refer to other data
        in /var/db.

 /usr/local/etc

	Configuration files for installed applications.  May contain
	per-application subdirectories.

 /usr/local/etc/rc.d

	Start/stop scripts for installed applications.

 /var/db

	Persistent system-specific data files, eg. bind(8) zone files, 
	database files, etc.