An Introduction to hardware hacking with FreeBSD
This tutorial will provide an introduction to controlling hardware from FreeBSD. We will cover using General Purpose Input and Output (GPIO) to interface with the real world using tools in the FreeBSD base system. We expand on this basic IO by interfacing with sensors and output devices via standard buses. To complete the tutorial we will make a simple status application to let us know when the someone has broken the build.
In the tutorial we will perform practical activities using an ARM Single Board Computer (SBC) running FreeBSD. Attendees will get a material pack including a SBC, interesting output devices and some sensors to make new hardware projects with FreeBSD.
Attendees should be comfortable on the command line, have a laptop with a spare USB-A port and serial terminal software (cu, minicom or screen will work). Everything else will be provided.
Tom Jones is a founder and director of a Hackerspace in Aberdeen Scotland (57northhacklab.org.uk). He started hardware hacking on FreeBSD trying to port a project from Linux and got sucked into the world of kernel hacking.
Network management with the OpenBSD Packet Filter Toolset
The OpenBSD Packet Filter (PF) is at the core of the network management toolset available to professionals working with the BSD family of operating systems.
Understanding the networking toolset is essential to building and maintaining a functional envirionment. The present session will teach the principles and hands-on operation of the extensive network tools available on OpenBSD and sister operating systems. Basic to intermediate understanding of TCP/IP networking is expected and required for this session.
Topics covered include
- The basics of and network design and taking it a big further
- Building rulesets
- Keeping your configurations readable and maintainable
- Filtering, diversion, redirection, Network Address Translation
- Handling services that require proxying (ftp-proxy and others)
- Address tables and daemons that interact with your setup through them
- The whys and hows of DMZs and network segmentation
- Tackling noisy attacks and other pattern recognition tricks
- Annoying spammers with spamd
- Basics of and not-so basic traffic shaping
- Monitoring your traffic
- Troubleshooting: Discovering and correcting errors and faults
- Your network and its interactions with the Internet at large
- Common mistakes in internetworking and peering
- Keeping the old IPv4 world in touch with the new of IPv6
Time allowing and to the extent necessary, we will cover recent developments in the networking tools and variations between the implementations in the sister BSD operating systems.
Participants should bring a laptop, the format of the session will be compact lectures interspersed with hands-on lab excercises based directly on the theory covered in the lecture parts.
Poudriere for Port Maintenance
This class will be complementary to Nicholas Zeising’s course on FreeBSD ports, which I believe he is also submitting. Ideally it should be scheduled so that a student could attend his class first, and then this one. However, having attended Nick’s course is only a recommendation, not a requirement.
- Contributors to FreeBSD Ports
- Port Maintainers
- FreeBSD Systems Administrators
- People interested in running a private pkg(8) repository
- Familiarity with FreeBSD and the Ports system
- Interest in customizing and developing ports
- A laptop with access to a Unix shell interface (Mac, Linux, FreeBSD are suitable, as would be a VM running FreeBSD)
- Understanding how to use SSH, git (via GitHub), ansible, a text editor of some form, and the ability to install additional software as required.
A GitHub login account is not required. We will be cloning repositories only, which can be done via HTTP.
This will be a hand-on practical class. Each student will be provided with access to a pretty-much virgin installation of FreeBSD 12 on amd64, and will build a poudriere server with multiple jail instances (combinations of FreeBSD i386 and FreeBSD amd64 architectures, and version 11.2 and 12.0 jails), nginx as a web front-end and a ports tree based on a working checkout from one of the project’s VCSes (git in this instance, although usage of SVN will be described.)
All of the above should be made fairly quick and tractable by applying the power of Ansible to automate the work. Students will be able to take away the playbooks for later use on their own systems.
We will then illustrate how to use this setup to test-build ports with modifications, what diagnostic information you can obtain from poudriere logs, how to debug build problems and what to do when what poudriere logs is not enough to solve them.
We will conclude by talking about how this setup fits into a full ports development and testing workflow, how it facilitates contributing changes back to the FreeBSD project and how it can be adapted for use as a private pkg(8) repository setup.
I’ve been a FreeBSD and ports user and professional sys-admin for more years than I care to remember (first FreeBSD install was 2.2.x, first PR was sometime in the last millenium), but a Ports committer only since 2012. In between maintaining a modest collection of ports, I made some contributions to pkg(8) development and then got completely distracted from all that by being the Core team secretary for 4 years.
Building a container infrastructure based
on FreeBSD Jails with Ansible
Nowadays container technologies like Docker are the first thing you here when the question on how to deploy and manage (micro) services. However, FreeBSD already has lots of features out of the box that can be used to implement lots of the wanted characteristics, but there is still a need for glue code to integrate it into a complete solution.
Ansible is a powerful configuration automation and management system that has a relatively low entry barrier. It uses mostly python and ssh, of which the later is needed in most cases anyway to be able to remotely manage the systems. This means that not only the overhead is comparatively low, but also it does not have too many dependencies that will break over time with things like new software releases.
Utilizing the flexible template engine and already available modules to manage features like ZFS, firewall and jail.conf, we will be able to automatically deploy a system that includes
- creating read only templates for service jails
- configuring the network
- configuring the firewall
- creating (multiple) running service jails from these templates
- duplicating jails
- scripting the upgrade & restart of the base and service jails
This tutorial will walk through the steps required to build a working service infrastructure with an example webservice and a database for it from ground up.
This tutorial is intended for people who have a basic knowledge of YAML, UNIX shell and basic administration of a FreeBSD system and networking. Principal knowledge of Ansible and templating as well as basic understanding of FreeBSD jails are required.
I’m currently working mostly as a sysadmin running a variety of systems and infrastructure, both in my professional role as running infrastructure for NGOs in my free time. My first UNIX system was some weird linux distriution when i was still in school back in 1997 and since then have used some free UNIX version almost all the time both privately and when building systems and infrastructure professionally.
An Introduction to the FreeBSD Open-Source Operating System
Who Should Take this Course
This course provides a broad overview of how the FreeBSD kernel implements its basic services. It will be most useful to those who need to learn how these services are provided. Individuals involved in technical and sales support can learn the capabilities and limitations of the system; applications developers can learn how to effectively and efficiently interface to the system; systems programmers without direct experience with the FreeBSD kernel can learn how to maintain, tune, and interface to such systems. This course is directed to users who have had at least a year of experience using a UNIX-like system. They should have an understanding of fundamental algorithms (searching, sorting, and hashing) and data structures (lists, queues, and arrays).
This course will provide a firm background in the FreeBSD kernel. The course will cover basic kernel services, locking, process structure, scheduling, signal handling, jails, capsicum sandboxing, and virtual and physical memory management. The kernel I/O structure will be described showing how I/O is multiplexed, disks are managed, special devices are configured, and system virtualization is done. The course then describes the VFS filesystem interface that supports multiple filesystem types. The course covers the implementation and capabilities of the UFS filesystem and the techniques for maintaining filesystem consistency. The filesystem section ends with a description of the ZFS filesystem capabilities, implementation, and integration into FreeBSD. The course also covers the socket-based network architecture, layering, and implementation. The socket communications primitives and internal layering will be discussed, with emphasis on the interfaces between the layers; the TCP/IP implementation will be used as an example. A discussion of routing issues and the netmap interface will be included. The presentations will emphasize code organization, data structure navigation, and algorithms. It will not cover the machine specific parts of the system such as the implementation of device drivers.
Marshall Kirk McKusick
Dr. Marshall Kirk McKusick’s work with Unix and BSD development spans nearly forty years. It begins with his first paper on the implementation of Berkeley Pascal in 1979, goes on to his pioneering work in the eighties on the BSD Fast File System, the BSD virtual memory system, the final release of 4.4BSD-Lite from the University of California at Berkeley Computer Systems Research Group, and carries on with his work on FreeBSD. A key figure in Unix and BSD development, his experiences chronicle not only the innovative technical achievements but also the interesting personalities and philosophical debates in Unix over the past forty years.
Managing Unix systems with Ansible
Ansible is an easy-to-learn configuration management and orchestion utility, renown for not requiring agents or daemons on the systems it manages. The objective of this tutorial is for attendees to get to know how Ansible works and to learn how to use it to apply configuration changes to Unix systems they want to manage.
With a focus on automating installation and configuration of remote systems (making file changes, installing packages, creating users), we will learn how to use Ansible to accomplish these tasks, and we’ll learn the basics of its configuration scripts, which are called playbooks.
This tutorial explains to attendees what Ansible is, how to install it, and what it can be used for. We will address how Ansible uses SSH, what modules and tasks are, the requirements for priviledge escalation, what idempotence is, and how to perform simple tasks on a number of target hosts. We will introduce attendees to the Jinja2 templating system which Ansible can make use of for configuration files, and we’ll give tips on how to survive having to use YAML. Variables, facts, and task loops will round off the offerings in this introductory workshop.
This tutorial is intended for people without prior knowledge of Ansible but who want to become more efficient in managing systems. The tutorial assumes attendees are familiar with basic Unix shell commands, know how to work with a text editor, and know how to login to a machine over SSH. Attendees should bring a laptop.
Jan-Piet Mens is an independent Unix/Linux consultant and sysadmin who’s worked with Unix-systems since 1985. JP does odd bits of coding, and works extensively with the Domain Name System and as such, he authored the book Alternative DNS Servers as well as a variety of other technical publications. He’s contributed various modules as well as the documentation system to the Ansible project and dreamed up the Open Source OwnTracks project. (http://jpmens.net)