FreeBSD, SysAdmin

Merry Xmas: Gift ideas for a BSD aficionado

Greetings fellow BSD folks! Christmas is here ! Did you know that there’s life outside of chocolate, turkey and countless hours of watching Home Alone? Here are 6 gift ideas for the BSD aficionados out there.

1. Introduction to the FreeBSD Open Source Operating System LiveLessons


This series of videos from Addison-Wesley, is a must have for the BSD fan. During the more than 10 hours of discourse,  Dr. Marshall Kirk McKusick does a superb job of taking you into a tour of the many subsystems that make FreeBSD. The material presented here will go side-by-side with the Design and Implementation of the FreeBSD Operating System. This course is a subset of a 15-weeks long training that McKusick offers as a consultant. More information can be found on his personal website

Here’s what Dr. McKusick covers during this LiveLessons:

  • Lesson 1: Introduction to the FreeBSD Community
  • Lesson 2: Introduction to the Kernel
  • Lesson 3: Processes
  • Lesson 4: Virtual Memory
  • Lesson 5: I/O System Overview
  • Lesson 6: Devices
  • Lesson 7: The Fast Filesystem
  • Lesson 8: The ZFS Filesystem
  • Lesson 9: Networking and Interprocess Communication

You can buy the LiveLessons here.

2. Raspberry Pi


Yes, the Raspberry Pi, a tiny little computer that you can run FreeBSD. You can fetch a ready to go image at the official repo (RPI-B and RPI2) and for RPI3 you can use the images at RaspBSD. In my setup (above picture) I have a mix of 3 RPI2 and one RPI3 coupled with a NETGEAR GS108E switch (capable of VLAN tagging). To power up this setup, I’m using an Anker Multi-USB Charger.

With FreeBSD you can access the GPIO interface with gpioctl(1). Vadim Zaigrin has a full detailed blog post on how to use it.

3. Annual subscription to the FreeBSD Journal

FreeBSD Journal.png

Keeping up with all things FreeBSD might be hard, we have a very active community and  there seems to be something interesting happening. An excellent resource to keep you up to date is the FreeBSD Journal. The Journal is a bi-monthly publication that contains articles from known FreeBSD figures such as Allan Jude, Dru Lavigne, George Neville-Neil, Joseph Kong and Michael W. Lucas just to name a few.

4. All of the books from Michael Lucas


I can’t praise him enough, Michael Lucas has a rare gift of making really dry material palatable to the masses. From SSH, to PAM going to FreeBSD (including an incredible specialty series on filesystems – yep, ZFS is covered), he has done it all – but don’t tell him that, we still want him to publish more  🙂 . You can’t go wrong with any of his material, so this is extremely recommended. Check out his work at the Tilted Windmill Press or at Amazon.

5. BSD Magazine Online Courses


The BSD Magazine is a free (yes, free!) online resource that is published on a monthly basis with news, various articles and tutorials. On the BSD Magazine website you can also find some courses such as the DevOps with Chef on FreeBSD, Using FreeBSD as a Fileserver with ZFS and Deploying on office / workgroup server on FreeBSD. During the holiday season you can use the promo code holidays30 to get 30% off on everything announced on their site! A pretty good deal!

6. FreeBSD Mall Goodies


The FreeBSD Mall is a known place if you want to get FreeBSD memorabilia. From t-shirts, polo shirts, CDs, books, stickers and hats, the FreeBSD Mall has it all. Check their promo and special sections to get extra savings on assorted items. On December 23rd they just released two new FreeBSD baseball caps (have to check them out!).

Have your self a Merry Christmas and an awesome New Year !


Cloud Infra, FreeBSD, OpenStack

Using release(7) to create FreeBSD images for OpenStack – Yes, you can do it!


During a recent BSDNow podcast, Allan and Kris mentioned that it would be nice to have a tutorial on how to create a FreeBSD image for OpenStack using the official release(7) tools.

With that, it came to me that: #1 I do have access to an OpenStack environment and #2 I am interested in having FreeBSD as a guest image in my environment. Looks like I was up for the challenge.

Previously, I’ve had success running FreeBSD 11.0-RELEASE on OpenStack with success but more could/should be done. For instance, as suggested by Allan,  wouldn’t be nice to deploy the latest code from FreeBSD ? Running -STABLE or even -CURRENT ? Yes, it would. Also, wouldn’t it be nice to customize these images for a specific need? I’d say ‘Yes’ for that as well.

With that, I thought I would give it a try, so without further ado, here’s how you
can bake a FreeBSD image using the official releng toolset.

After some research I found that the current openstack.conf file, located at /usr/src/release/tools/ could use some extra tweaks to get where I wanted. I’ve created and attached that to a bugzilla on the same topic. You can read about that here.

This diff brings the following changes:

  •  resize FreeBSD to the size of the OpenStack flavor (growfs).
  • speeds up the boot process by disabling sendmail.
  • allows an user to ssh as root with a public key.
  • make ssh respond faster by disabling DNS lookups (can be reverted).
  • enable DHCP on the vtnet interface.

Here’s our goal:

Create a FreeBSD image for OpenStack (KVM based) using the release(7) tools.

and as a bonus:

  • Be able to upload the image to OpenStack’s Glance and to manipulate a HEAT stack _from FreeBSD_


  • Make sure you have a system that can do a build(7) – disk space is important here, more CPU power helps too.
  • Patch the openstack.conf file with the new changes – you can get the file from here.
# $FreeBSD: releng/11.0/release/tools/openstack.conf 277458 2015-01-20
# 23:56:04Z gjb $

# Set to a list of packages to install.
export VM_EXTRA_PACKAGES="net/cloud-init
 devel/py-pbr devel/py-iso8601 \
 net/py-eventlet net/py-netaddr comms/py-serial devel/py-six \
 devel/py-babel net/py-oauth net/py-netifaces"

# Set to a list of third-party software to enable in rc.conf(5).
export VM_RC_LIST="cloudinit"


vm_extra_pre_umount() {
 #env ASSUME_ALWAYS_YES=yes pkg -c ${DESTDIR} delete -f -y pkg
 #rm ${DESTDIR}/var/db/pkg/repo-*.sqlite

 echo 'growfs_enable="YES"' >> ${DESTDIR}/etc/rc.conf

 # Enable sshd by default
 echo 'sshd_enable="YES"' >> ${DESTDIR}/etc/rc.conf

 # Disable DNS lookups by default to make SSH connect quickly
 echo 'UseDNS no' >> ${DESTDIR}/etc/ssh/sshd_config

 echo 'PermitRootLogin without-password' >>

 # Enable DHCP for the OpenStack instance
 echo 'ifconfig_DEFAULT="SYNCDHCP"' >> ${DESTDIR}/etc/rc.conf

 # Disable sendmail
 echo 'sendmail_enable="NO"' >> ${DESTDIR}/etc/rc.conf
 echo 'sendmail_submit_enable="NO"' >> ${DESTDIR}/etc/rc.conf
 echo 'sendmail_outbound_enable="NO"' >> ${DESTDIR}/etc/rc.conf
 echo 'sendmail_msp_queue_enable="NO"' >> ${DESTDIR}/etc/rc.conf

 # Openstack wants sudo(8) usable by default without a password.
 rm -f ${DESTDIR}/etc/resolv.conf

 # The console is not interactive, so we might as well boot quickly.
 echo 'autoboot_delay="-1"' >> ${DESTDIR}/boot/loader.conf
 echo 'beastie_disable="YES"' >> ${DESTDIR}/boot/loader.conf

 # Reboot quickly, Don't wait at the panic screen
 echo 'debug.trace_on_panic=1' >> ${DESTDIR}/etc/sysctl.conf
 echo 'debug.debugger_on_panic=0' >> ${DESTDIR}/etc/sysctl.conf
 echo 'kern.panic_reboot_wait_time=0' >> ${DESTDIR}/etc/sysctl.conf

 touch ${DESTDIR}/firstboot
 return 0


  • Fetch the FreeBSD source code and extract it under /usr/src
  • Once the code is in place, follow the regular process of build(7) and perform a `make buildworld buildkernel`
  • Change into the release directory (/usr/src/release) and perform a make cloudware

That’s it! This will generate a qcow2 image with 1.4G in size and a raw image of 2G.
The entire process uses the release(7) toolchain to generate the image and should work with newer versions of FreeBSD.

Tested with 11.0-RELEASE-p1 and also tested on OpenStack Mitaka.

Bonus Tips: Installing OpenStack cli tools.

Instal pip:

pkg install py27-pip

Install the OpenStack Python Client:

pip install python-openstackclient

Install the legacy OpenStack Clients (might be needed for some environments).

pip install python-heatclient
pip install python-nova client

Next, create an openrc file and source it. Here’s an example:

unset ${!OS_*}
export OS_AUTH_URL=
export OS_USERNAME=admin
export OS_PASSWORD=NotMyPassw0rd
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default

Then, source it:

source ~/

Right now, you have all you need to operate OpenStack. To test, let’s try the following:

  1. Upload our newly created FreeBSD image to OpenStack’s Glance.
  2. Spin up a stack that uses our FreeBSD image by invoking a Heat template
  3. Test the connectivity to the new stack
  4. Clean the stack

Let’s go!

With the image now fully created, upload it to glance.

[root@freebsd /usr/src/release]# cd /usr/obj/usr/src/release
[root@freebsd /usr/obj/usr/src/release]# glance image-create \ 
 --progress              \ 
 --disk-format qcow2     \
 --name FreeBSD-OpenStack\
 --file openstack.qcow2  \
 --container bare

Create a heat stack called “freebsd-image-test” using the freebsd-openstack.yaml file.

[root@freebsd ~]# openstack stack create -t ./freebsd-openstack.yaml freebsd-image-test

| Field               | Value                                      |    
| id                  | e217ba55-6892-4012-aebb-e8b2f7032df7       |    
| stack_name          | freebsd-image-test                         |    
| description         | This template generates a FreeBSD instance |    
|                     |                                            |    
| creation_time       | 2016-12-07T01:26:46                        |    
| updated_time        | None                                       |    
| stack_status        | CREATE_IN_PROGRESS                         |    
| stack_status_reason | Stack CREATE started                       |    

Now that the stack is created, let’s get the floating IP of the instance and ssh into it. For this example, I’m using a key named “cse-pubkey”. You can/should change that on the template to reflect your environment.

[root@freebsd ~]# openstack stack output show --all freebsd-image-test 
| Field               | Value                                   |             
| instance_private_ip | {                                       |             
|                     |   "output_value": "",          |             
|                     |   "output_key": "instance_private_ip",  |             
|                     |   "description": "No description given" |             
|                     | }                                       |             
| instance_public_ip  | {                                       |             
|                     |   "output_value": "",     |             
|                     |   "output_key": "instance_public_ip",   |             
|                     |   "description": "No description given" |             
|                     | }                                       |             

Test the connection to the instance.

[root@lppa240 ~]# ssh -i cse_id_rsa
The authenticity of host ' (' can't be established.
ECDSA key fingerprint is SHA256:LX06d48gTGV+SCrl3DJlWw5i4j7+IjaHDW6J2s/JwzQ.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '' (ECDSA) to the list of known hosts.
FreeBSD 11.0-RELEASE-p1 (GENERIC) #1: Sat Dec  3 10:54:58 EST 2016

Welcome to FreeBSD!

Release Notes, Errata:
Security Advisories:
FreeBSD Handbook:
Questions List:
FreeBSD Forums:

Documents installed with the system are in the /usr/local/share/doc/freebsd/
directory, or can be installed later with:  pkg install en-freebsd-doc
For other languages, replace "en" with a language code like de or fr.

Show the version of FreeBSD installed:  freebsd-version ; uname -a
Please include that output and any error messages when posting questions.
Introduction to manual pages:  man man
FreeBSD directory layout:      man hier

Edit /etc/motd to change this login announcement.
root@freebsd-image-test-instance-qk6lpulwbxp4:~ # uptime
 1:30AM  up 3 mins, 1 users, load averages: 0.27, 0.30, 0.14

All set!

Cleaning the stack

[root@freebsd ~]# heat stack-delete freebsd-image-test


FreeBSD, SysAdmin

Continuous Learning: Why I’ve opted to learn BSD’s and so should you

– I’m making this a permanent entry into the blog under “Learn BSD”.
– Added reference to BSDTV, OpenBSD FAQ, Dragronfly BSD Digest

Magic now. Magic I unnerstan’.

The Color of Magic, Discworld #1


Yes, magic, but unlike our character Rincewind in The Color of Magic, the spells that I’ve learned over the years by using BSD’s are still somewhat accessible in my memory – I don’t just forget them after studying it for months but using it for just a single time. This is the kind of knowledge you should be going for as well, the one that you can build and sharp over time, that is, without having to relearn it all.

Roughly after 15 years using FreeBSD and OpenBSD and working in a different industries and positions, I do not regret my choice to stick with these systems. I initially, as many I believe, started my UNIX-like journey with Linux, trying various distros for a while. I was fortunate to be introduced to FreeBSD (and OpenBSD after that) by a friend during college, and since that, never looked back. Don’t get me wrong, I still do use Linux, as I did use Solaris, when they made more sense or were somehow required – and that’s ok. I still try to use FreeBSD/OpenBSD whenever I can, in and out of Corporate world.

The BSD Culture

On an interview for the BSD Magazine, Dru Lavigne phrased how the BSD community really works:

You can (and should) slow down and learn how things work. It can be a mind shift to learn that the freedom to use and change how something works does exist, and isn’t considered stealing. And that learning how something works, while hard, can be fun. BSD culture, in particular, is well suited for those who have the time and temperament to dive into how things work.

The BSD culture does indeed invites one to go on, learn and share. Overtime, this mindset will stick with you, it sure did to me, becoming a part of my professional and personal life.

Really ? How? Mind sharing some examples?

I am all for using the right tool for the right job and I’ve being satisfied to a large degree by the amount of proper tools that both, FreeBSD and OpenBSD bring to the table. Here’s a brief list of solutions that I’ve used:

  • OpenBSD’s svlan interface to capture QinQ traffic for a Telecom Customer (capture traffic from a DSLAM Cabinet on the street).
  • Flow analysis with pflow and nfsen on OpenBSD.
  • File sharing with FreeNAS.
  • Firewalling a branch office with OpenBSD.
  • Using Asterisk (Soft PBX) on OpenBSD to connect a small office.
  • Create a 3G wifi hotspot with OpenBSD (pf, ppp) on a tradeshow.
  • Deployed a reversed ssh tunnel from an OpenStack private cloud into a FreeBSD droplet at Digital Ocean. This allowed me and my team to troubleshoot our OpenStack cloud appliance running  on a conference floor (that is, working after hours from the hotel).

All of that can/could be done by something else (Linux, for example). But the simplicity and careful way the BSDs are documented were unprecedented for me as an Engineer. Many times all I had access to were the man pages so knowing they were accurate was unprecedent.

The situation today

The one topic that bothers me though, is the latest trends in IT. Every week, it seems to be a tremendous amount of “new technology” (aka NIH solutions)  all over the place – followed by nonsense hype.  With that, think about what makes sense to you and think about the time you will invest (yes, invest) continuous learning these technologies.

If you are coming from Linux and is new to BSDs, take a moment to read the excelent A Comparative Introduction to FreeBSD for Linux Users at Digital Ocean.

The Tomes of Magic – Audio, Video et al

Reading material (Online):


FreeBSD –

  • The Design and Implementation of the FreeBSD (Amazon)
  • Absolute FreeBSD: The Complete Guide to FreeBSD, 2nd Edition (Amazon)
  • FreeBSD Mastery: Storage Essentials (IT Mastery) (Volume 4) (Amazon)
  • FreeBSD Mastery: ZFS (IT Mastery) (Volume 7) (Amazon)
  • FreeBSD Mastery: Specialty Filesystems (IT Mastery) (Volume 8) (Amazon)
  • FreeBSD Mastery: Advanced ZFS (IT Mastery) (Volume 9) (Amazon)

OpenBSD –

  • Absolute OpenBSD: Unix for the Practical Paranoid 2nd Edition (Amazon)
  • The Book of PF: A No-Nonsense Guide to the OpenBSD Firewall  (Amazon)

Audio and Video:

Meeting the Wizards

In some occasions, you can meet the “pointy-hats” in these events:

This is by no means a full list of the events. For an updated list, please refer to these:

Baking it: Running FreeBSD on a Raspberry Pi

If you want to learn or teach BSD, you should be aware that FreeBSD runs on a few accessible devices ($) such as the Raspberry Pi (B+, 2 and now 3). This is incredible interesting and as we move move forward, more of these devices are expected to be supported. Here’s an idea, you can use RPI’s with the _free_ material from to spread the knowledge. As a matter of fact this would work not only for the internals of FreeBSD  but also for practitioners to get hands on.

  • Pros: Cheap platform, easy way to get started and to teach others.
  • Cons: Initial setup and cost when going with more than one PI. Availability of the Raspberry Pi in your region can be tricky.

In a hurry ? Try using a cloud

A quick way to have access to BSDs is to use one of the main public cloud providers such as Digital Ocean, AWS and Microsoft Azure.

  • Pros: Immediate access. Easiest way to get started. Can be very cheap (pay per use).
  • Cons: Initial setup. Might not be accessible from a Corporate environment (firewall, etc).

If you can’t go with a cloud environment, another option is to fire up Vagrant with FreeBSD with the official releases from the FreeBSD Release Team.

Going all in: Using it as a desktop

To fully learn FreeBSD or another BSD for that matter, is to go all in. Based on my own experience, I would suggest that you install either one of the BSDs and build up a desktop (which is honestly fairly easy) or to go with a ready-to-go option such as the awesome TrueOS. As a matter of fact, one should go ahead with TrueOS and see how well integrated a FreeBSD desktop can be. Don’t be fooled, TrueOS _IS_ FreeBSD and carries all of the advanced computing capabilities you’d find on FreeBSD (OpenZFS, Dtrace, GELI Encryption, Jails, bhyve just to name a few) but it takes the burden of building and fine tuning a FreeBSD Desktop – plus some extra awesomeness developed by Kris and the team (AppCafe, SysAdm, etc).


2016 is almost coming into an end, so how about this as a challenge. How about starting 2017 by deep diving into FreeBSD, taking the time to learn a set of tools that are likely to stay with you for the next years to come? Expect more information on that front here.




Cloud Infra, OpenStack

OpenStack Neutron Diagrams

<!– –>

TL;DR: Neutron diagrams depicted below are available on my Github repo.

During my presentation on Troubleshooting Neutron Networks (OpenStack Summit 2016 in Barcelona – details and video) there were many network diagrams used to illustrated the various scenarios with Neutron networks.

Many stackers were asking where to get these diagrams and as promised, here they are:


east-west DVR traffic


north-south traffic



east-west traffic with VXLAN

GitHub – dcasati/OpenStack/tree/master/OS2016BCN-Troubleshooting-Neutron

The diagrams can be open using and are made available under the Creative Commons License (CC by 4.0). You can show/hide the different layers and well as edit each component individually.

Have fun!