.

2021-04-01 01:23:14 -07:00
parent 5cee123a3c
commit 90c5709862
64 changed files with 802 additions and 140 deletions
--- a/configs/etc/hosts
+++ b/configs/etc/hosts
@ -0,0 +1,43 @@
+# $FreeBSD: releng/12.2/lib/libc/net/hosts 338729 2018-09-17 18:56:47Z brd $
+#
+# Host Database
+#
+# This file should contain the addresses and aliases for local hosts that
+# share this file.  Replace 'my.domain' below with the domainname of your
+# machine.
+#
+# In the presence of the domain name service or NIS, this file may
+# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
+#
+#
+::1			localhost localhost.my.domain
+127.0.0.1		localhost localhost.my.domain
+
+192.168.0.10		nas nas.ahlawat.com
+fd01::10	nas nas.ahlawat.com
+192.168.1.10		nas nas.ahlawat.com
+fd02::10	nas nas.ahlawat.com
+192.168.2.10		nas nas.ahlawat.com
+fd05::10	nas nas.ahlawat.com
+192.168.200.10		nas nas.ahlawat.com
+fd09::10	nas nas.ahlawat.com
+192.168.10.10		nas nas.ahlawat.com
+fd0a::10	nas nas.ahlawat.com
+192.168.48.10		nas nas.ahlawat.com
+2001:470:f835::10	nas nas.ahlawat.com
+
+#
+# Imaginary network. 10.0.0.2 myname.my.domain myname 10.0.0.3 myfriend.my.domain myfriend
+#
+# According to RFC 1918, you can use the following IP networks for
+# private nets which will never be connected to the Internet:
+#
+#	10.0.0.0	-   10.255.255.255
+#	172.16.0.0	-   172.31.255.255
+#	192.168.0.0	-   192.168.255.255
+#
+# In case you want to be able to connect to the Internet, you need
+# real official assigned numbers.  Do not try to invent your own network
+# numbers but instead get one from your network provider (if any) or
+# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
+#
--- a/configs/etc/rc.conf
+++ b/configs/etc/rc.conf
@ -6,7 +6,8 @@ kld_list="nmdm vmm ipfw ipdivert linux64"
 geli_autodetach="NO"

 # Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
-dumpdev="/dev/ada2p3"
+#dumpdev="/dev/ada2p3"
+dumpdev="NO"
 dumpdir="/var/crash"
 savecore_enable="YES"

@ -31,49 +32,46 @@ firewall_logif="YES"

 # interfaces
 cloned_interfaces_sticky="YES"
-cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9"
+cloned_interfaces="lagg0 bridge1 bridge2 bridge5 bridge9 bridge10"

 ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 up"
-ifconfig_igb0="up"
-ifconfig_igb1="up"
+ifconfig_igb0="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
+ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"

-vlans_lagg0="1 2 5 9"
+vlans_lagg0="1 2 5 9 10"

 ipv6_activate_all_interfaces="YES"
 rtsold_enable="YES"

 ifconfig_lagg0_1="inet 192.168.0.10/24"
-ifconfig_lagg0_1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv"
+ifconfig_lagg0_1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv"
 ifconfig_lagg0_2="inet 192.168.1.10/24"
-ifconfig_lagg0_2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv"
+ifconfig_lagg0_2_ipv6="inet6 fd02::10/64 auto_linklocal accept_rtadv"
 ifconfig_lagg0_5="inet 192.168.2.10/24"
-ifconfig_lagg0_5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv"
+ifconfig_lagg0_5_ipv6="inet6 fd05::10/64 auto_linklocal accept_rtadv"
 ifconfig_lagg0_9="inet 192.168.200.10/24"
-ifconfig_lagg0_9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv"
+ifconfig_lagg0_9_ipv6="inet6 fd09::10/64 auto_linklocal accept_rtadv"
+ifconfig_lagg0_10="inet 192.168.10.10/24"
+ifconfig_lagg0_10_ipv6="inet6 fd0a::10/64 auto_linklocal accept_rtadv"

 ifconfig_bridge1="addm lagg0.1 up"
 ifconfig_bridge2="addm lagg0.2 up"
 ifconfig_bridge5="addm lagg0.5 up"
 ifconfig_bridge9="addm lagg0.9 up"
+ifconfig_bridge10="addm lagg0.10 up"

 # adding IP to bridges does not work
 #ifconfig_bridge1="inet 192.168.0.10/24"
-#ifconfig_bridge1_ipv6="inet6 2603:3024:3f6:e1::10/64 auto_linklocal accept_rtadv"
-#ifconfig_bridge2="inet 192.168.1.10/24"
-#ifconfig_bridge2_ipv6="inet6 2603:3024:3f6:e2::10/64 auto_linklocal accept_rtadv"
-#ifconfig_bridge5="inet 192.168.2.10/24"
-#ifconfig_bridge5_ipv6="inet6 2603:3024:3f6:e5::10/64 auto_linklocal accept_rtadv"
-#ifconfig_bridge9="inet 192.168.200.10/24"
-#ifconfig_bridge9_ipv6="inet6 2603:3024:3f6:e9::10/64 auto_linklocal accept_rtadv"
+#ifconfig_bridge1_ipv6="inet6 fd01::10/64 auto_linklocal accept_rtadv"

 defaultrouter="192.168.0.5"
-ipv6_defaultrouter="2603:3024:3f6:e1::5"
+ipv6_defaultrouter="fd01::5"
 # interfaces

 hostname="nas.ahlawat.com"

 syslogd_enable="YES"
-syslogd_flags="-ss"
+syslogd_flags="-C -O rfc5424 -ss"

 syslog_ng_enable="NO"
 syslog_ng_config="-u daemon"
--- a/configs/etc/rctl.conf
+++ b/configs/etc/rctl.conf
@ -0,0 +1 @@
+jail:ioc-jump:vmemoryuse:deny=4G/jail
--- a/configs/etc/sysctl.conf
+++ b/configs/etc/sysctl.conf
@ -1,4 +1,4 @@
-# $FreeBSD: releng/12.1/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
+# $FreeBSD: releng/12.2/sbin/sysctl/sysctl.conf 337624 2018-08-11 13:28:03Z brd $
 #
 #  This file is read when going to multi-user and its contents piped thru
 #  ``sysctl'' to adjust kernel values.  ``man 5 sysctl.conf'' for details.
@ -7,6 +7,7 @@
 # Uncomment this to prevent users from seeing information about processes that
 # are being run under another UID.
 security.bsd.see_other_uids=0
+security.bsd.see_other_gids=0
 security.bsd.unprivileged_read_msgbuf=0
 security.bsd.unprivileged_proc_debug=0
 kern.randompid=1
@ -32,6 +33,13 @@ hw.intr_storm_threshold=9000
 kern.ipc.maxsockbuf=16777216
 kern.ipc.shm_use_phys=1
 kern.ipc.soacceptqueue=1024
+
+kern.ipc.nmbclusters=24513148
+kern.ipc.nmbjumbop=9192430
+kern.ipc.nmbjumbo9=2723683
+kern.ipc.nmbjumbo16=1532071
+kern.ipc.nmbufs=117663120
+
 kern.maxvnodes=4194304
 kern.random.harvest.mask=351
 kern.threads.max_threads_per_proc=9000
@ -67,7 +75,7 @@ net.inet.tcp.recvbuf_inc=65536
 net.inet.tcp.recvbuf_max=16777216
 net.inet.tcp.recvspace=262144
 net.inet.tcp.rfc6675_pipe=1
-net.inet.tcp.sendbuf_inc=32768
+net.inet.tcp.sendbuf_inc=65536
 net.inet.tcp.sendbuf_max=16777216
 net.inet.tcp.sendspace=262144
 net.inet.tcp.syncache.rexmtlimit=0
@ -95,7 +103,7 @@ vfs.zfs.arc_max=51539607552
 vfs.zfs.delay_min_dirty_percent=96
 vfs.zfs.dirty_data_max=12884901888
 vfs.zfs.prefetch_disable=0
-vfs.zfs.top_maxinflight=128
+#vfs.zfs.top_maxinflight=128
 vfs.zfs.trim.txg_delay=2
 vfs.zfs.txg.timeout=90
 vfs.zfs.vdev.aggregation_limit=1048576
@ -116,3 +124,12 @@ net.inet.tcp.rack.data_after_close=0
 #Cheap Disk Issues
 kern.cam.ada.default_timeout=60
 kern.cam.da.default_timeout=90
+
+# best way to see misconfigured or non operational services
+net.inet.tcp.log_in_vain: 1
+net.inet.udp.log_in_vain: 1
+
+# Disable File Handle Affinity for NFS write operations.
+# It improves NFS write throughput with ZFS sync=always on ship/pxe
+vfs.nfsd.fha.write=0
+vfs.nfsd.fha.max_nfsds_per_fh=32