 you can help. If you want to translate or improve our documentation, we have really expansive documentation. We have a ton of it, but that does mean that the more people we can get working on keeping that updated, the better. If you have a port, an application that you really love that might be depreciated on 3BSE, if you want to maintain or add that port, that's fantastic. We always love that. And finally, you can go through our PR list. This is also linked on the movie's page I have up there. Don't link to Buzzilla. But if you go through the PR list, you might notice some bugs that need fixing, and it might be drastically applicable to be something that you are passionate about or know a lot about. And if you find something that you can submit a patch for, that's great too. On the bottom here, I have the link to the Previously Foundations website. We have a series called Previously Fridays, which is just hour-long talks on different subjects about Previously. Roller actually did this in Previously Friday format a couple of months ago, but that was really fun, so you can find that there if you want to go back to it. And then underneath that, I have the link to our resource page, which has a ton of how-to people that you might be interested in to release tons of Previously Concepts and just general resources for becoming involved or becoming more involved in Previously. And that's kind of behind my little introduction to Previously. I have more resources listed up here. I do want to scan through, find anything that you find interesting. I have the movie's page up there. I have places to go if you have questions, the Facebook page, the mailing list for questions for Previously Questions. But I just wanted to give a brief introduction to Previously, but the best way to learn about Previously is to install it and work on it a little bit. So that's what we're going to be doing in this workshop. So I'll turn it over to Roller. Great. Thank you. So this is the guide that's going to show you most of the steps that we're going to go through today. And to find it, you can just go to bsd.pw, and there's a link to the workshop on there. I will pull that up here real quick. So no worries. I will switch to my Mac. Okay. So if you were just to go to bsd.pw, you'll see getting started with FreeBSD Workshop and the link to the workshop. And this is what we're going to do at the beginning is we're going to install FreeBSD on a working computer. Now, when I say working computer, what am I talking about? We're going to be installing FreeBSD in VirtualBox, and I'll explain to you what VirtualBox is in a minute. But there's no reason why you can't install FreeBSD on a regular computer. Just when you're teaching it in a workshop, you would have to bring a whole lab of computers for everybody to erase and install. So with VirtualBox, it gives you more of like a virtual computer and you can erase and install a computer operating system on it. So what I wanted to show you is we are going to go to FreeBSD.org to get the installer for FreeBSD. And you'll see this big yellow download FreeBSD button. That's where you want to go. And in production, you'll see a list of the recent releases listed below. So it looks like the most current is now 13.1. So we're going to just click download FreeBSD, this big yellow button. And you'll notice that the heading here FreeBSD 13.1 corresponds to that latest release. And you'll see that there's a column here for installer images. And they have many different platforms. We're going to use the top one, AMD64. And when you click on that, you're brought to a directory of the different installer files and FreeBSD just wants to be friendly. So we're offering many different types of file. The one we need for this class is going to be this disk1.iso. So if you just want to click on that, you should start downloading. And we're not going to open it with the image mount or anything. We're just going to save this file to our computer. And while that's downloading, I thought I would show you what a FreeBSD computer looks like before we jump into the whole virtual box stuff. That way you can kind of get the feel for what it is that we're going to end up with. So this is a FreeBSD laptop. It's just a regular old laptop about 10 years old. And you'll see when it starts up that you're going to just have a lot of text scrolling by. And with FreeBSD, it'll go through and at the beginning it gets to this white text. And it's kind of poking the drivers for all these different devices in your computer. And the driver usually responds with some information about it. The gray stuff is more program output. So if it's bright white, it's coming from a device. If it's gray, it's coming from the operating system giving you information about what it's starting, just a little bit of information about what it's doing. And it all flew by really fast and you didn't quite get to see it. So there is a button called pause break on your computer. If you push pause break, you can go back up. So that way you can kind of go back to the top and see what it said. So what it actually said at the beginning was it was booting and then all the copyrights and it starts walking through, like it says the CPU on this computer is i7- 3610 QM. And it just starts going through and asking how much memory is in this computer. And it just walks the whole thing. And then it gives you the name on the left is the name of the device. So for instance, if I was looking for, like, you know, a lot of those devices, you have the USB hub and we have... So this will just give you the hang of it. Like, you can kind of see all the different devices and then you'll see this ATH 0. Depending on what driver you have different cards for Wi-Fi or different card for your Ethernet, it's going to have a different driver. So this is using Atheros. So they just use ATH. It's the first card, so it starts with the 0. So ATH 0, that's going to be one of my cards. So this is just to kind of give you an overview, a little bit of what it looks like, and the reasoning why we're not installing this on a real computer, right? Because if you were to install on a real computer, everybody would have to bring computers that they're okay with erasing. But the cool thing is, see it's all text. FreeBSD can be text-based server-like and run all of its programs and stuff as a server. But you can also install an operating system desktop right on top of it. So there's no reason why you can't have a nice desktop with FreeBSD and have, you know, whatever programs you use. Like, if you use PyCharm or some of the JetBrains tools or, I mean, they all, if you can find it in the porch tree and it's working, there's no reason why you can't run it on FreeBSD. So that was just to give you a quick heads up that FreeBSD can be a regular desktop, and that's kind of where we're going to end up today as I'll teach you how to get it installed and how do you get to this point. And once you get to this point, it's really exciting because the desktop is still running, but you can jump back out to the operating system, and it has these different terminals. So you'll see the number, they're changing three, four, five, six, seven. When you get back to nine, nine is usually where XOR runs. But if you do control Alt F1 and then Alt F2, F3, it'll bring you to these different screens. So if your desktop freezes, you can just come back to the server part and cancel it. And now the desktop is canceled. So I'm going to go ahead and turn this off and we'll get started. So that download file should have finished by now. Our FreeBSD installer. So let's go ahead and, that would be like getting the actual CD, right? And now we need to take the CD and put it into the computer. I chose disk one. And I didn't choose the ones with the .xz at the end. If you did, you just need a program that can extract that file. 7zip works on the Windows. Kika works on a Mac. Go ahead. No, we're going to be showing you release today. So if you go to the big yellow download FreeBSD button, you'll be on this page. Okay. And then you'll grab the AMD64 installer. And it's only about one gig. Okay. Sure. You can always, yeah, the difference between 13.0 and 13.1 is a lot, but not for what we're doing. You know, last scale we were using 12.1, I think we were using in 2020. So it's fine. I mean, whatever version, we try to stay on the latest one, but if you'll notice on the main page of FreeBSD, it actually answers all these questions right here. You can use one of those three versions. You can use the 13.1 or 13.0 or 12.3. Those are all the latest. And upgrading isn't too hard. Go ahead. Yeah. Yeah, the upgrade, I mean, it's FreeBSD-update upgrade. And you tell it what release you want to upgrade to. It'll do some work. And then it'll ask you to type FreeBSD update. When you run it, it'll merge everything together. And it'll just, it'll try to do the best it can. And it'll try to auto-merge. And if there's something you've changed in a file that the update needs, it'll just ask you what's the difference. And you say, oh, I want to keep that custom line that I left in there. And then you continue on. And it's really stable. It actually just works. I've been running FreeBSD on my server since FreeBSD 10 something. And you just keep pushing it. And it just keeps rolling to the next one. And it's not super hard to do. Yeah. So you're going to come with, it's going to come with more packages. And more of the, you're not going to need as much of an internet connection for things. The disk one comes with a nice set of packages already. Boot only. We could even just do boot only. We don't really need any of the packages that come with it. So if we did just do boot only, we could, when you start, it just runs through the installer, slightly different order because the first thing the boot only disk wants to do is get internet. So as you go through the installer, you're setting up the internet first. So for us all to be on the same page, you might just see the screens in a different order if you're using a different version, basically. And then these image ones, I use these image ones for my actual laptop. So when I installed FreeBSD on my laptop, I didn't want to use a CD or a DVD. So I use the image and I just use the DD command and just a DD input file equals this, output file equals my USB stick, byte size equals one megabyte. And then it'll build you a USB stick, you throw it in your computer and you can boot off of it. And then you can just run it that way. So what we're going to do is if you open up virtual box, it says I have two machines running. So I'm going to turn those off. So you can just say shut down like that. You can also log into the machine and type shut down minus P now. And that is very small. I know I will change that to a bigger display here in a second. Okay. So open up virtual box and put the disk in. How do you do that? So you need to create a new virtual machine. And virtual box can virtualize many different operating systems. So it's really just saying they have built some support for other operating systems into virtual box. And if you select it from this list here, then it'll just add a few extra capabilities. It doesn't really do anything for FreeBSD. But for windows and stuff, it'll add a few extra capabilities or something. But if you just want to quickly find FreeBSD, just give your, you can either go through the list here on type and select BSD and then look for version. Or if you just type FreeBSD, it'll automatically find it. But this is the name of your machine. So I'm going to tell my getting started with FreeBSD. So I'm just going to tell you that that's what this one was. And you'll notice when I did that, it didn't know which one it is. So I'm just going to tell it, let's just do BSD 64 bit. So we still haven't put the disk in yet, but we're creating the computer to put a disk in. So the computer just needs a name and it needs a amount of memory. So just pick amount of memory that is in the green here. And if you plan on using more than one, like a minute ago you saw I was running more than one virtual machine at the same time. If you use more than one virtual machine at the same time, you're going to want to make sure that this number stays in the green. So if I was doing two gigs on a virtual machine, I was running two at the same time. They'd be taking up four gigs of my operating system and I want to make sure I still have some left over. So I'm just going to put two gigs, 2,000 megabytes and click continue. And we're just going to go with the defaults. It's recommending to create a disk. Sure, let's do that. And it's recommending the type. We're just going to go with whatever it recommends. And as you step through these, the defaults on the rest of these are perfectly fine. Go ahead. Yeah. Yeah, let's get you up to speed here. Okay. Host F. So it should be the, at the bottom, the host key is always shown on your screen. It's usually the left command or right command. But yeah, there's shortcuts for that. Yeah, the different view modes in virtual box are a little, they can get you into a weird state. So we're just going to go with the defaults for the rest of this. And we have a computer, but it doesn't have a disk in it. So what I like to do is if I, you can, you can just go into the settings of the virtual machine. So if you clicked on it and you hit in settings, you'll see there's a storage here and there's a disk inside of there that says empty. So if you click on the empty disk, it'll tell you that it's, the attributes of the disk are this optical drive and then it has this little disk icon. And if you hover it, it tells you that that's how you can mount a disk. It just says choose a virtual optical disk to use with this. So if you click on that little icon, that's where it's going to ask you to choose a disk file. So we'll choose a disk file and we'll go find the file that we just downloaded, FreeBSD 13.1 release. And now it's inserted and we're good to go. We can just click okay. And that's where we are. So if you're not there, what can help you get to this point? But all we've done is we've created a virtual machine and we've put the FreeBSD installer disk into the virtual machine. And you'll see it's listed right here. And the optical drive FreeBSD is now part of this machine. So when it turns on, it's going to try and boot from the hard drive but there's nothing on the hard drive and it's going to try and boot from the, the, well, we can check with the ordering actually. If you go here to settings, you can see the order of the system boot is right here. So it's going to try to boot floppy, then optical, then hard disk. So that's just to give you an idea. So it'll try and boot the CD first. Keep that in mind because after you install FreeBSD off the disk, it's going to restart. And when it comes back on, it's going to be starting off the disk again. So it might just go right back into the installer. So we have to do one extra step when we install FreeBSD and let's take the disk out before we reboot. And does anybody have any questions at this point? Go ahead. Okay. So what we do now is we just start it up. And I'm going to change the view of this screen here. So right now what you're seeing is very small. But if I, you don't have to do this on your machine. This is just for presenting because like, like we, like you've seen, if you start to change these settings, you might want to take a look at what the, the hot key is to sort of revert. So it's host C for scaled mode. But scaled mode kind of looks like this. It's just a bit better for presenting because it sort of scales what the screen looks like. So yeah, this is just a little bit of, of, so I'm just going to restart this so you can see what it looks like now that it's all bigger. So it boots up like this. It'll count down for about 10 seconds. Give you, we don't have to change any settings right here. So we're just going to let this count down. And now it's, it's booting up off of that disk. And once it boots up the first, before we even go down there, let's talk real quick about networking. So here at the conference where, you know, your computer's connected to the Wi-Fi to give your virtual machine a proper internet connection, we're just using NAT network. So if you go to settings of your virtual machine and you go to network, you'll see that we're just using the NAT option. There's so many options in virtual box. You could do all kinds of different stuff. We've tried bridge adapter here at the conference, but you'll start to see it say things like someone's using my IP address and all these other things. So instead we're just going to use NAT. That will, that'll work for this scenario that we're trying to do. So we're attached to NAT. Just make sure yours is doing the same thing. But welcome. So it just asks you, do you want to install FreeBSD? And of course that's the first thing. So we're going to say install. And now it's to ask me about keyboard. If you use the regular English keyboard on your computer, just click continue with default. Otherwise there's a whole slew of options and it has a test. So if you pick one of those options, make sure you do the test and make sure that it's typing what you expect. But for my computer I'm just going to do this, continue with default. And what's the name? Let's just call it getting, with no spaces, let's put little dashes, getting started with FreeBSD. I mean that's a good enough name. And to continue through these screens you press enter or return depending on your keyboard. We don't have to change any of these options. With the release version of FreeBSD we're using these are perfectly acceptable. You know you've probably heard us talk about ports and you can install packages and ports on FreeBSD. That's how we got Firefox or PyCharm or different programs. You don't have to install it here like this. There's a package system that we use to install programs. We don't actually have to select any options on the screen unless you're building FreeBSD or you have a reason for it. That's why they say FreeBSD is all these things together in one. You can learn so much more about how to build it from scratch. But to get started we're not going to change any of the defaults on that screen. It's just going to say which, how do you want your hard drive set up? They have two options, ZFS and UFS but ZFS is the recommended. So we're going to go with the top whatever is recommended that sounds good. So we'll just do return. And to do this it's going to walk you through what is your pool type for your disk. So ZFS can do magical things. It can you can tell it to have two different hard drives for your main operating system. You can set this thing up to be a mirror or different raid configurations. If you had more than one hard drive to keep it real simple we're just going to use the main stripe. There's no redundancy we're just picking one hard drive to install on. So you can get super fancy if you want to know how the stuff works. I have some books here from Michael W. Lucas but he has one called ZFS mastery. I would recommend that if you want to know how to do more FreeBSD on ZFS stuff. Okay you push enter and you'll see here we have our hard disk selection screen. And there's these little brackets but there's nothing there's nothing in the middle. That's telling you that these are available option but it's not selected. And to select in this environment you use spacebar. So if you push spacebar it'll put a little star in there. And that's how you pick the hard drive that you wanted. And now we're back here. These are things like do you want to rename your hard drive? I mean your pool of storage. So you can call it VSD storage or whatever you want to call it. They just had to come up with the default so that's the default. If you don't want to change it you don't have to. If the cool thing FreeBSD full disk encryption is actually pretty straightforward. If you want it on you just push enter here and what that'll do is your computer first turns on and before anything it wants you to decrypt it. And that's very strong encryption. People can take your hard drive right out of your computer and they wouldn't be able to do anything with it. So if you want to use, that's called jelly encryption. It's really cool to turn that on but we're not going to do that today either. To encrypt or decrypt? Oh. Yeah. Yeah. So you just get this book, pop it open to the jelly page and you'll see it's using AES X or something like that. Jelly 596. So it's called GELI and in here 5, oh no it's fine. It's a really cool program. It just says it supports GBDE and jelly. Jelly stands for Geom-based encryption. Jelly stands for I believe it's AES X or something like that. But yeah, this book is super handy for that because it's got a good index in it and it'll walk you through. And it's actually pretty short and it does say check out FreeBSD Mastery Storage Essentials as well if you wanted to learn more about that kind of stuff. Oh. Oh no, no, it doesn't use that. ZFS itself it completely encrypts the file system. So it's not specific to the hard drive that it's on. It's just the Z pool because when you learn more about ZFS you'll see that the storage is split into pools and the pools are the ones that connect to the disk. So they kind of separated it in a way where you're encrypting the whole the whole disk. The disk can't be read at all except the jelly part of it. Oh, you can still decrypt it. What I meant is if someone stole your hard drive straight out of your computer. Yeah, and they tried to okay, how do we get the data off of this thing? And it's not going to be useful to them. That's what I meant. Oh yeah, no worries. It's a really good encryption and you're not going to be able to break it open into somebody. Yep, don't use your passphrase. And actually I did bring these today just to talk about them. These are UB keys and they most of the time your UB key has to be hooked up with some server thing on the back end. Your UB key and then you have some authentication service and you can hook them together. This UB key though and it has this feature called static password and you can put 32 characters on it and you push the button and it acts like a keyboard. So that way you can have a password that you know and memorize and then you push a button and your password is 32 characters stronger and people can't see you typing it by watching your fingers. So this is a genius good idea. And it's in the previously journal on that one of the security journal articles. I'll show you how to set this up. The newer ones. Okay. Then maybe this one's just too old. This one doesn't even have like a... Some of the UB keys don't support it. So if you have some older keys or you have the blue keys, the blue keys are just like the Fido key. A lot of services like Google will support these keys but the static password thing I'll just show you kind of what it looks like or I don't have my adapter but basically it just spits out 32 characters and you can program it to whatever 32 characters you want. But I would recommend that for an encryption situation is type what you know and then have pushed the button for the rest and it's perfect for... You know, you go to conferences a lot and there's cameras everywhere and you never know when somebody watched you... You know, it could be recorded that you typed your whole passphrase and then you pushed a button. So somebody's like, ah, we've got the first part but now we need to get that key out of his pocket. And if you rotate your keys often enough you won't have to worry about that. Go ahead. Yeah, exactly. So it's catching people like that that have this system and it fools everyone and then they go, ah, this guy. How did he know to do that? So just little things like that are really interesting features that you can kind of bake into your security without having to add any services or anything. So, okay. So those are the only options, really. We just picked that we want to strike one disk and we didn't change anything else. So we're going to go ahead and go back up to install and choose return. That'll tell you one last time we're going to race this disk so if there's something on it it's about to go away. But in our situation it's a virtual disk. It's a virtual box so it's okay to erase the whole thing. And this is very quickly the installer. It'll just go through tall text based. It just extracts really quickly and it should be installed here momentarily. Okay, now it's going to ask us to what is the root password? So before we can configure the machine we have to set up an administrator. The administrator already has the username root. We just need to set a password. So go ahead and set a password but keep in mind that there will be no feedback or stars appearing while you type your password. That's just to not show how many keystrokes are in your password. It's just an extra layer of security. It's not going to tell you how many passwords. It's not going to anyone watching you not going to be able to see how many passwords are in your how many characters are in your password. It'll give you two chances. Make sure you type the same thing. So it's just going to ask you twice to make sure it's the same and then you're on this one. Yeah, sure. Drew, do you want to... Yeah, if you need me I'll run over there. I just got to grab my mask. Where did I put my mask? Oh, perfect. Okay. Cool. So now it's going to ask us to select the network interface. Since we're all using a virtual box it should all look the same. It's using this generic Ethernet. So Intel gets EM. So you'll see EM0. It's just saying this is an Intel card. It's the first Intel card. And you will just say return. And now it's asking basic things like do you want IPv4? Okay. And are you using DHCP to get that? Yes. And now it's going to go get its DHCP. And we can say no on IPv6. We can say yes. But just to keep it simple we'll just say no for this setup because it's going to do this. Okay. So automatically through virtual box and through our NAT somehow it's detected that the Wi-Fi the host is using... I mean the DNS the host is using is scale.lan. It's not going to work. So just so you know. So just take these settings out of here come down here and just change this to something that will work like 8.8.8.8 or 1.1.1.1 or one of the DNS publicly available DNS servers usually it will just pick up the one that's on your LAN or on your network if you're using DHCP. But in this specific scenario once we lay the Wi-Fi setup in the DNS you're going to have to erase that and change this to something publicly accessible. Okay. And to get down to OK you'll notice the arrows only do this you have to use tab. So tab will kind of move you around and we want to tab out to OK. So just make sure you're on OK you have your 8's in there and then we'll go for it. Okay. Let's do some time zone stuff. So we'll just select we're in America and we'll scroll down here we're in the US and just pick your time zone and then it's just going to say does that time zone appear reasonable? Say yes. And skip this part because it already figured it out and skip this part because it figured it out. Okay. So choose the services this one you really don't need to change anything on here either we're just going to leave you can set NTP D so we'll turn that one on just make sure that your time is synced and stays correct and that's really all we need to do so we'll just enter on here as well and it should ask us now this is a newer this wasn't here and the previous D10 I believe that started to show up these are different settings people have come up with to make previous D a little bit more secure because there are different things these are just different flags you can do to change things we don't have to change any of these if this is a test machine you don't have to change this one but if this isn't a test machine enable secure console why what that is is if you were to go to so we'll just go to we'll just go here real quick I'll just show you if you had a question about about how to get previous D I think I have it on here somewhere basically there's a there's a way you can go into your machine you can boot it up and you can tell the machine that you can tell the machine that you want to restart the password right here so here it is take note of this YouTube video if you're curious but basically if you forget your password you can boot in a single user mode and that's just because you can only do that if you have physical access to the keyboard and a lot of the time the previous D machine is in a rack of protected anyways and you can't get to the actual physical keyboard but if your physical keyboard is like your laptop or something you're going to want to turn that off so to do it you just go here and turn that off and now if you try to go into single user mode you can just say okay what's the password for root and then it'll let you in and then you can do stuff single user mode is really how you get into FreeBSD where you can start to fix things you can kind of manually mount the partitions it's before it started doing everything that you saw it did all the white stuff it poked all the hardware it found out everything but it didn't actually start anything else none of the gray it didn't do anything else that's single user mode it kind of gets you into FreeBSD and you want to put a password on that if that's the environment you're in and then now it's going to say do you want to add a user and this is yes we want a user and I'll call mine roller rollerangel and we're going to leave the UID like it says leave empty so we'll just leave that empty and the login group keep that how it is and now it's going to say this is how we can start to go through and this computer is going to be controlled by roller I'm the main person using it so I need to say roller can be invited into three different groups that are important there's a wheel group that's the one that allows you to do super user stuff you can become root you can set up so that if you are in the wheel group you can do super user stuff so we'll configure that so we'll just say you're part of the wheel you're part of operator that's a group that allows you to do things like restart the computer a regular user can't issue a reboot command or anything like that but this one can usually you just have to login as root if you wanted to turn the computer off or restart it or something that's just saying this user in particular if he's rebooting he has a good reason for it let him do it and then video since we're going to be doing the desktop stuff video is a good one to have the login class we're not going to set that has a lot more to do with locale settings and things like that shell I always set mine to tcsh it's a great shell I'll show you some configuration that we can do with it yeah you'll notice bash is not one of the options you can install bash it's just a port, you get it from the ports later but on previously these are the ones that come with it and a home directory, we'll leave that alone we'll leave the permissions alone and password based authentication sure keep pushing enter because it's going to do the defaults and the default not using any password and then it'll say what password should this user have and it'll ask you again to make sure it's the same and at the very end it'll say do you want to lock out the account after creation we'll just leave that at default to know and it'll give you a quick overview yours looks like this your name you're in these groups and you pick tcsh and if everything's okay then you just say yes video and then it says okay, say yes it'll ask you do you want to make another user and we'll say no and it brings us back to here now this is what I was wondering about and it's like okay, I want to reboot but if we reboot it's going to reboot right back into the installer so we're going to actually change a setting here and I'll show you what to do but so what we can do is we just we can exit to apply the configuration and then it'll ask us if there's any more changes we want to make we'll say yes we want to make changes and that's where we'll shut the computer down but before we do that I just wanted to show you real quick you'll see this option handbook at the bottom so the FreeBSD handbook is available online you can go to the FreeBSD website and check out the handbook but if you don't have internet connection and you wanted to pull up the handbook on your FreeBSD computer that's where this comes in you can install the whole handbook locally so that you've got it available no matter where you are it's not the it's the latest version of the handbook in the packages system and if you're using the default package system it could be as old as three months so keep that in mind it's a good backup but if you want the latest handbook make sure you go to the website and by default you'll see there's a star already in English so I'm just going to leave that there and push enter and now it's doing this thing at the bottom saying it's bootstrapping package so if we didn't install the handbook the first thing we'd have to do is this bootstrap package since we told FreeBSD to install the handbook it's doing that bootstrapping for us but to do the bootstrap for package you type pkg so if you didn't install the handbook the first time you go to install something that's the packaging tool you'll say pkg install and give it a name of Firefox or whatever you want to install and if you didn't already bootstrap package it'll just do it right then so it's kind of not something you really need to worry about it's just FreeBSD's package system and how it works so if you hit exit it'll say okay we're finished, what do you want to do and yes we want to make one final modification before it just reboots itself and that is to shut down the computer and dash p stands for power off you can do dash r for reboot you can also just type reboot but shut down, dash p, and then a time I'm saying now but there's no reason why you couldn't say like plus one and that plus one just means FreeBSD is going to power off in one minute and so you can just set a number of minutes there if you wanted to kind of set a delayed shutdown or something like that yeah you can put in a crawl on or something and have it do that but so that's just an interesting feature of the shutdown and so it should any second now after the full minute it'll kick in automatically and the computer will turn off you could also just type now and it'll do it right now oh no, it'll turn the whole thing off it should actually power it off, yeah there we go it'll do this waiting thing, the syncing thing this is usually what you see right at the very end and then it gives you the uptime at the very bottom and then it'll kick it out oh they'll get a shutdown command coming up on their console saying yeah, it'll tell you yeah yeah the shutdown you type man shutdown so I'll show you that next and that'll kind of give you the manual page for shutdown this is just I had the settings page open so it was confused, but I'll show you the manual page so you can kind of see what all the different things you can do like Drew was saying the documentation is super good before we turn this computer back on we want to take the disk out because you'll see it's still right there the disk is still listed so if we go into settings and we go to storage and we click disk and the same disk button we clicked before but now there's an remove disk from virtual drive option so we take the CD out and we push ok and preview season is installed when we start it up that's when we start administering it and telling it how we want it to work and what we want to do with it but that's essentially how you get it installed so what I want to do before we take a break, we'll take a break here for a minute get some water or something but create a copy of this because this is a fresh installed machine and if you click this three buttons here you can go to snapshots and snapshots has a current state and then you can click this take this will take a button so if you take a snapshot we could just call this fresh install that way we know if we ever break anything we can always just come back here and we have a freshly installed machine to work with another cool idea is we can even clone the machine so if you right click or you just click this little sheep guy here I guess we don't have to right click but you click this little sheep and it'll say ok we can make this one called getting started with freebc clone and it's automatically going to recommend that the right setting so just hit continue continue and that'll create an exact copy of it so now we just have another copy of it we can we can leave this copy alone over here we can use so this one is a copy of it freshly installed and everything and this one is the same thing but it has this snapshot so down the road as we're installing things we can take another snapshot and then if we make a mistake or something we can roll back in time and just completely undo everything ZFS lets you do the exact same thing so it's cool that VirtualBox has this trick but what if you're just using FreeBSD on a regular computer how would you roll back and move stuff around that's where you'd want to do some deep dive into the FreeBSD ZFS mastery because it can do things like that with boot environments and FreeBSD it can do pretty much the same thing okay so if you just want to take a water real quick just take a minute unfortunately it's been extra slow for yours and you're connected to the scale faster oh okay oh okay we've been having it go a little bit faster on the scale one if you wanted to try it oh yeah you could switch it now and then we could just we'll just see what it does you never know it might just work I hope everyone's had a good break we're going to jump right back in okay so what do we do now now we start administering the machine so we're going to boot up the machine so just go to this first one the other one and we're going to click on start you can double click it too to start it and mine's just going to ask me to switch to scaled mode if you can't see it very good you could also switch yours to scaled mode but as we get to I'll show you when to change that again back to normal but yeah if you want to change your view to scaled mode to make it a little bigger easier to read some of these retina displays or the really high definition displays it can make the virtual box screen super small so remember we set a root password before we created a user so that's what we're going to be using first and you'll notice this is just due to the situation with the DNS and the way that the Wi-Fi is working here with our virtual box so you'll see that it's having an issue with DNS so first thing we can do to fix that is just log in as root so just type root and the password that you gave it and if you say if you were to type catresolve.com you'll see whatever it finds and you'll see that it put it back since it was using DHCP and the computer turned on it put it back to how it was in the installer which you can manually set this up or you can just change it when the computer turns on we're just going to change it so what we do is to edit a file we use this program called Vim but we haven't installed Vim yet so FreeBSD comes with a program called VI like a lightweight Vim it's similar to Vim, but it's a text editor so we want to use a text editor so we type VI and then we want to use that same file that we just did cat on that's how you'd say that you can tell the computer that we did cat to concatenate the contents of a file just a second ago and it showed us what was in the file and now we want to edit the same file so if you want to edit we're using VI if you want to edit the same file that you just had and the second argument you could do exclamation point dollar sign that's just a quick shortcut you could also just type in the full thing and you can use tab to help complete table search and auto fill for you but yeah those are just a little trick so if you were to do that now you're into a text editor strange because you're not entered into editing mode you're not changing text right now you're actually just moving a cursor around so what we want to do is just push DD push 3 and then DD or however many lines there are that you want to erase you could just push DD a few times and erase all the lines but once it's empty just push I and just type what was that name server yeah just type name server and then 8888 this might be kind of hard so what I did was I deleted the lines with DD and then type I had to push I and that should say name server um I look like it's scooted off the screen slightly so I'll scoot that over there we go yeah so how do you save a file you push escape the easiest way is to hold down shift and push ZZ so two capital Z's capital Z, capital Z and you're out there are another way you can do colon WQ it's a little weird um so the other way to exit Vim or VI is if you were to push escape and then you did colon you'll see at the bottom a colon comes up colon WQ for write and then quit so shift ZZ is way easier just saves and quits but if you wanted to know the actual commands it's write, quit that's how VI works go ahead oh cool I'll pull that up sweet that's always good to know yep but it's there right the good thing about Vim is it's done on most yep you'll find it on pretty much any computer and it's a really good way to edit the files especially during your first interview yeah alright I bet okay so now that that's done you should be able to have just a sanity check we're just gonna ping three packets that's the C we're just gonna send three packets and if it succeeded then okay cool everything's fine looks like internet's working and a DNS is working that's how I usually test that out so now if you type PKG it already bootstrapped so it'll just tell you there wasn't enough arguments if you didn't install package if you didn't install the FreeBSD Handbook as part of the installer that same bootstrapping package thing that it did before so we're ready to go now what do we want to do we want to install some stuff so you can type clear like you just saw me clean up my screen a little bit if you want to clean your screen up you can type the word clear FreeBSD also has shortcuts you can do control L and if you're typing something and you wanted to erase what you typed you can do control U and if you type something really long and you didn't want to go all the way back you want to go back to the beginning but you don't want to do that you need to control A goes to the beginning and control E will go to the end so those couple control U to erase E to the end and L to clear the screen up those are kind of handy to have memorized so we're going to package install and when you install something with package it asks you a question if you don't usually the answer is yes you just ask it to install the package you want it to install it it will tell you the package is there here's how big it is we're about to install it, is that okay if you don't want to stop to say yes you can just put a dash Y and it will automatically say yes so we want XORG because we're going to be running a display later and that's the X11 desktop environment that kind of is what runs it and then you need a display manager so we're going to use XFCE we're going to use since we're on virtual box there's a plugin or there's a port for virtual box for FreeBSD they kind of make the when you click into the keyboard and mouse capturing happens automatically and you don't have to have it capture your keyboard and then use the hotkey to kind of escape from your machine so we'll just install that one it's called virtual box OSE dash additions virtual box dash OSE dash additions let me make that fit the whole screen I don't know how it got off the screen there I don't know let's do a search so you would just type package search vmware and see what comes up virtual box OSE and I'm trying to get that to fit and then it got mad at me I think my whole computer is locked up alright let's try that now computer might get mad at you like mine just did okay I'm back I was moving the screen around too much and it got mad at me but I was just trying to make this fit the screen so we're a little bit short on the left cool now you should be able to see everything I'm typing oh yeah it's called resolve.conf but it's not the whole word so if you just do forward slash ETC forward slash R-E-S tab it should find it yeah it's spelled R-E-S-O-L-V .conf I'll pull it up again oops okay resolve.conf was the file like that and as you can see mine just changed again so I'm going to go ahead and and that's only due to this network situation we're in here at the conference so you wouldn't have to do this all the time regularly and you can set this up manually it's just if you look here we did so our RC.conf has we're telling our Ethernet which is EM0 to get its IP address through DHCP and the DHCP is trying to do the DNS automatically if you wanted that all manual you can just check out the FreeBSD handbook which we're going to do I'll show you where the handbook guide is and then you can learn how to set up manual network settings which is a little more involved but it's not too bad okay so we did package install okay and we were doing xorg we need sudo we need xfce and we need virtualbox ose editions firefox and we're going to install vim but we're going to install vim-x11 so a topic we're going to get into a little bit later is why you would build a port in the first place ports have all kinds of options in them so vim itself has an option do you want vim do you need vim with the desktop vim has a GUI app as well so if you don't need the GUI then you just install vim but if you need the GUI you do vim-x11 that's just the package FreeBSD package maintainers trying to be helpful they know there's three different set options people will usually either pick this one or that one if you want to custom build it yourself you can just custom build vim however you want if you want it pre-built for you then you just need to look at what's available and pick the one that has the right options that you want for us reason why we want x11 on vim is because I'm going to show you a cool copy you can copy and paste from vim but if it's x11 then the copy paste doesn't work because it doesn't understand the x clip board and things like that but we'll get there so this is just real quickly saying I want to install these handful of packages and when you hit enter it starts and it will go and install them all and I believe I'm on scale public fast and it seems to be working great which is good I'm really happy to see this part working really good because we've had issues in the past with the wifi yeah, that's what I was trying to say the specific environment running a virtual guest machine on a network that you don't control and all this stuff it can be a little strange so I would I mean can you turn the VPN off and just use scale public fast and then that should work and then that scale public fast oh, okay okay, cool it could just be having issues getting through the VPN or something yeah, that's what I was thinking it must be changing the route and dropping the packets and that's also why I brought the big regular computer just to show you that a lot of the complication goes away when you install it on a regular computer because then you're not virtualizing a network and trying to make something outside your control work um yes I didn't do Secure Illumina on this one, you can if you are following the guide exactly you'll see there's Illumina, there's KDE5 so you can install a whole bunch of display managers change them and get them to you can just pick which one you want to use so Secura is like a terminal okay, so if you get some unknown error, totally fine it just must be a conference wifi type of thing but basically it got to 178 or 179 had an issue with number 179 of 371 if you run it again it's not going to start over it'll just so you push up to run a command again and now you see it's starting 1 of 192 so it'll just pick right back up if there's an issue it'll tell you it wasn't able to get the file the first time it tried so you just push up it'll bring back the command that you typed and you push enter go ahead I erased everything and I just put name server it's 8.8.8.8 yeah, if there was anything else in there it would probably throw it off so I because I believe it had scan, scale.lan or something and I think that's where it was getting confused no problem okay, so that's going to be doing some installing, well it's doing the installing I'm going to pop open another machine here to give you an idea of what you can do with manual pages and how they work and also okay, let's see okay, so with manual pages you can type the word man and then followed by the name of the command so let's just type shutdown so if you said man shutdown you'll get the manual for the shutdown and you'll start to see the different options we were talking about you can do dash R, you can do dash P there's a bunch of other things like the message like they were talking about you can send to people and it just tells you all about it you can search through this file by typing a forward slash space bar should jump you around so you type forward slash support and push enter you'll see all the times that support pops up you push N to go to the next and P to go to the previous one and all those commands of working in a manual page come from a command like this so less is called a pager and it's to let you view one page of output at a time and another program is called more does the same thing they just like to mess with each other so they call less and one called it more but literally it's the same program as more but it just all the moving around commands and stuff for pagers applies to man pages so space bar moves you around up and down arrow keys still work and at the bottom of most man pages you should see an example section which is really maybe we'll just go to a simpler one like this one you should have an example section near the bottom that shows you a whole bunch of different things you can do with it we could even type a forward slash exam pulls it doesn't have that maybe this one doesn't have examples but that's kind of how you would get through and figure out what they do here's the package manager and all the different things you can do in here so it's always good to know let's go and check our machine and see what it's up to after it installed after it downloaded everything now it's going through all 300 packages and it's doing the install extract bit this is going to be really fast so this actually should be done here in a minute once this is done we have all the packages installed on FreeBSD and now we're ready to configure them and it should just zoom right through the rest of these really fast actually yeah this is going to be done any second now awesome then you'll see some of the suggestions packages can come with the description and the description is where the developers can put some notes for you and on most computers nowadays you don't get to see the pause break button so how do you scroll back up if you don't have pause break on VirtualBox you can find it by going to input keyboard soft keyboard with a little keyboard that controls the computer and you can push the pause break button and then you can start pushing page up, page up, page up and you can use this little keyboard to give you the buttons if you're missing them but yeah you'll notice the packages all have these little messages it'll tell you where the message what package the message came from and a little bit about it so if you missed this or you wanted to see it again and you weren't able to pause and go up you can just type package info d and the name and that will tell you just the description from that package Firefox so that's an easy way to get this listing back right so the VirtualBox OSC editions had some stuff to say that's what it had to say we already put the user in the wheel group so we don't have to worry about that so we've done oh yes we forgot to do this part so see right here where it's mentioning use the VBox SVGA that's a very important so what we want to do is we're going to go and configure that here in a second so most of FreeBSD is configured here so let's go look at RC.com when we did the installer a lot of the options that we gave the installer ended up right here in this file it asked us what's the name of our computer and it just put it right here so if you want to change the name of your computer you just come into this RC.com file and that's where you would change it we also told that we wanted NTPD and we wanted SSH so here they are this file is literally how you control everything and usually you'd go in and you'd edit the file and make changes to it there's a command called sysrc if you look at the man page for it it retrieves variables from RC.com and it can add them all that means is since it's such a common thing to edit that file we might as well make a tool to work with the file so if you want to add a line to the file this file that says for vbox guest enable is yes we would just say sysrc vbox guest enable equals yes and now if we cat you'll notice at the bottom we didn't even have to put the quotes or anything it added the quotes for us but it essentially put that vbox guest enable yes for us we want to do another one here this will be sysrc vbox service enable so we can just go up a few commands and just delete guest and type service so we should now when we look at RC.com at the bottom we should have vbox guest enable and vbox service enable now that we've done that let's go ahead and we're going to shut down the computer and do that setting that virtual box recommended so we'll just type shut down minus p now that should turn it off and we can go and make that quick adjustment all that it is is there's a video drivers that come with virtual box there's a legacy one that works much better with FreeBSD than the more current one so we'll just switch to that one so I'm going to go to my virtual box here and you can ignore this machine and that was the one I was just showing you man page commands on before well it was installing on the other one so I'm just going to go ahead and get that one out of here okay what do we do so we go to our machine and we go to settings and if you look over here and display it's going to have this graphics controller and we just want to set it to vbox svgea and then say okay that's it then we start it back up and that will get us ready for the next part which we want to actually do some desktop the desktop is going to use the graphics controller and that graphics controller actually works really good and you'll notice this countdown now this is just the main FreeBSD boot screen starting okay sure okay yeah we definitely want everybody to have the packages downloaded so we can yeah just push up again and enter and it should try again and it should pick up right back where it left off if it's saying it can't install something double check the spelling it could just be one letter off no problem that's typically the most of the problems you're going to find hello virtual box o s e editions and if you can't find something you can always just type actually I'll show you that real quick so you can type package search it's going to give me since I just restarted my computer again let me edit that resolve.com in this class yes in a regular situation of course not but you know the demo gods right that curveball at the last second so it just this isn't the typical usually the DNS settings work for whatever reason they don't work in this environment so we just have to overwrite it or we can set the manually set the IP address yeah because the DHCP yeah DHCP is just saying yeah ask the network what the settings are if you wanted to give it the settings directly you just have to program it like that DHCP is going to write at cresolve.com by itself if you don't enable DHCP you'd have to tell it what IP address you want so you can do it but I just didn't have that as part of the presentation that would be a little more involved it's not too bad but um it's just another another thing to do um yeah so if you did package search and then you typed a virtual box it should give you all the stuff so we've got virtual box OSC editions that's the one that we use but you'll see there's a whole bunch of them different settings and whatnot and you don't have to type the version number at the end it'll just grab the it'll just grab it when you type virtual box OSC editions you don't have to type the dash 6136 or anything but yeah so if most of you are still at this package install command then we can go ahead and wait a sec for yours to catch up but after the packages are installed then we can start to uh um it should be package info it gives you the list of those 300 summer packages so you can see that they're all there um if you're ever looking at something and you don't want to do the pause break trick you can do the pipe and then type less and that'll take the output and put it into a pager so you can look at it one page at a time and kind of see what it said so these are all the packages I have right now um those are all the reason why I have so many is because some of them are automatically installed as dependencies of some of the other packages um if you do remove packages which you can do with package remove so if I did package remove firefox it'll say you know is that okay I'll say yes um there could if firefox had any dependencies that was that were with it you'd need to remove those as well um so to do that you can just type package auto remove and that'll look and see if there was anything um that was installed just because something else was installed and if that dependencies no longer there it'll get rid of all of its uh apparently there was 24 packages uh that were dependencies of firefox but since I just removed firefox I don't need any of those anymore so I can uh remove yeah I have a um python web app that runs postgres and it needs the python driver for postgres it's one of the uh one of the commands so I have it go it installs py it installs postgres I think I was on 13 or something and then python goes to install its postgres driver which is using 12 something so then it had a conflict and it just goes and removes the other one so you have to sort of go oh uh either I need to use the same version of hythom on this using um and then it'll be fine but yeah you'll you might notice little things like that um but yeah there's solution for everything right just put it into another machine or who jail it or um jails are usually the solution for a lot of things a lot of people when they hear freebies do you jail they're thinking a lot more along the lines of like a lightweight virtual machine the way Michael Lucas explains it is you know you can have a you can have a server like a web server or something running and if it goes crazy how do you get into that machine and turn it off or reboot it or have it kill it so it stops being crazy I mean in the past you'd go in and you'd be killed minus nine and typing all these things you can wrap the whole thing in a jail and then you can just turn the jail off and you can make it so the jail can only use 95% of the resources so even if the thing is going completely mad you still have enough resources to log into the machine and kill it so that's kind of what he was explaining is you don't have to use all the features of jails you can just use it to kind of separate programs in their own little boxes you can do the same as behave you can restart it is but it was invented in the 90s and it's it's it uses a lot of little tricks there's a whole bunch of tricks and you don't have to implement them all either you can do lightweight you can only check out Michael's book on previous jails because you can do some really insane stuff with jails but yeah just to get around any of the weirdnesses you run into there's always a solution with RubySD oh okay yeah let's check it out let's see yeah no problem unable to update okay yeah so let's see that says okay that's a problem it's just the formatting slightly off it's usually always a formatting thing basically this doesn't have a colon and there's a space that's probably the only problem yeah crazy isn't that weird yeah you gotta love the text based stuff because if it's not working just change a piece of text and it works and you're like yeah and then the cool thing is you check all this stuff into configuration management software and your whole system is now and as you make changes it's super easy to back it up configure it, push it around awesome let me put Firefox back oh no I didn't have to type that that was part of the when we were looking at the package info and then we were saying like that it was telling you on here to do that just a way if you want to see so you can use the similar command so you can say pw group show that'll show you everybody using wheel right group show the name of the group you could use the word user show and put the name of the user so yeah and then group mod remember things like that so that was just giving you a heads up that if your user wasn't already in those groups you should probably add them yes the only reason we shut down is because the recommendation was that we change this driver here from vbox to this one so it's grayed out well the machine's running so we had to turn it off but after the sysrc commands you should look like this you should just have those two lines at the bottom that were added and that's where we left off the other one that's listed on the guide here is sysrc mouse d enable equals yes that can help usually the mouse will just work just fine but that'll add extra support for older drivers for mice you might need that so no so you might type the wrong thing and then it would just go and put it in there like that so it's really just an easy way of echo the contents into the file but you don't have to type all the weird echo you know the echo because then you'd have to get into doing I want to do these quotes but that means I have to put these and those quotes and then you'd get into that whole thing where it would just look really funny so sysrc just makes it nice because you work with that file a lot and if you mess that file up you're going to mess up the computer like if you didn't edit it yep it usually needs to be capital I mean that's just convention I would recommend you put it a capital but you might be able to get away with a lower case it might still work I don't think I've ever done it like that okay so oh yeah VBOX let's see I think we did SVGA yeah and so if you've got that set up just double check that you're this went back to normal and then when you're all caught up to that point we can step to the next bits I mean the next piece is really setting up the settings for the wheel group until people can log in and as the root and then a little bit of configuration and then we've got a desktop so we can I can catch you back up here in a second I'll just move on and we'll catch up anybody who's not caught up because there's only a few extra commands so we're going to type vi sudo and that'll bring you to the sudo configuration file at user local we don't have to know where it is because vi sudo is a shortcut command that opens that specific file for editing so we're just going to type forward slash wheel enter that'll bring us to the line that talks about what people are allowed to do so if you want to allow members of the group wheel to execute any command you can uncomment this line here oh for which one? because sudo didn't get installed try typing try typing sudo all by itself and see what it says there's no sudo you just need to do package install sudo package install sudo or yeah pkg-install yeah sudo should be instant almost because it's so teeny you can uncomment in you can uncomment by typing so in my guide here I have it's telling you exactly what to type forward slash wheel enter and then j0 xx to capital Z what that is actually doing is when you type to wheel it brought you directly here to wheel j goes down 0 goes to beginning x deletes and 2 Zs will save so that's just how I went to that line and edited it there is another one right below it that you notice same thing without a password so you can do either one you can have when you type sudo it asks you for the password or since that user is already logged in you can just let them become sudo whenever they ask without having them require a password so it's up to you the experience you want if you want to do this one then you just uncomment that with 2 Xs to delete those first couple of characters and then 2 capital Zs to save or you can do colon WQ that'll save as well but once sudo is edited then we need debus so we'll just do sysrc debus enable this is for our desktop we need to use debus to create a an id so every time you run this debus uuidgen command it creates a random user what they call unique user id this is just used to differentiate one computer from another one so if you were to take that random id you could save it into a file call it machine etsy etsy-machine-id some programs will look for this file I've only ever seen it when I do x11 forwarding so if I have all my packages installed on a different server I want to run it on this computer I can ssh into that computer with ssh forwarding run the command and it'll show up on a different computer the graphical display will show up on a different computer than the actual packages installed on in that scenario you'll get an error if you don't have this etsy-machine-id file and it won't make any sense so just put it there right now and then you'll never have to worry about it so that's why I always try to show people getting started with FreeBSD here's a few things to set up so you don't ever run into them or have to worry about them down the road now we're ready for the yeah, we should be ready to go so we have we can either reboot but we don't have to, we can type service debus start that'll start debus and then we can get out of here log out works also control D will log you out but what we want to do is we want to not be root anymore all the stuff we needed for root we set up we told it that the wheel users can now be admin so now we want to be a regular user we don't need root anymore so we log out of root and we just log in as that username that we set up earlier and once yeah, so once you're logged in now you'll notice it'll say your username at the computer and we just want to edit one quick file it doesn't exist yet so you have to type it but it's vim and then you type dot x init rc so it just means when you start x, when x initializes rc is usually like the resource configuration file so it's usually like the startup file so this is the startup file for when you start your desktop and to start your desktop we just need to give it one command so we say execute start xfce4 what that'll do is uh so we'll cat x init rc you'll see it says exec start xfce4 that means we should be able to type this before we type this let me get out of this mode that I'm in so I'm going to exit scaled mode so it's going to be a little bit smaller now but this is the normal mode when you type start x all one word just start x it'll use the driver it'll use the display manager you set up and it'll bring you into a desktop environment so this is where we want to get people to is how do you get to a desktop environment and I should probably get my computer some power here uh and now you'll see it this one will auto resize since we did the virtual box stuff um it should pick up the size when you change the screen now and now we have a regular computer and we can open up things like firefox and the cool thing is now that we're in firefox we can find yeah so let's uh yeah so this is kind of where I want people to get to we'll get you up to this point and then we'll continue on um I'll just pull up the address here of the of the FreeBSD handbook the local one so to open a local file you got to use the file um protocol and then you do user local share doc FreeBSD and double check that that file exists so how do we do that we can go to the terminal here and we're just looking inside here so we're just going to we're just going to be able to do cat so we'll say cat and we'll say is there a file in user local share and I'm just pushing tab to autocomplete doc freeBSD tab um and then book and then we have handbook and then they call it handbook enpdf oh interesting looks like they uh they changed it to a pdf interesting so we'll just change that to uh what do they call it handbook.pdf yeah it's called handbook en we'll just copy this whole thing ok so copy you can just select in here and then you should be able to use the edit menu to copy cool take all that off ok so this is a local copy of the previous handbook and you can get to it and that should help you with things like now we should be able to come in here and search the freeBSD handbook for um yeah cool and then you'll notice if config you'll see ideas on how to set up interface cards um yeah so cool looks like everything's working ok so here's the address to the uh handbook um that is very small so I will put that up on um a terminal and make it much bigger so you can actually see it um ok so I'll make that really big oh the command to start what oh start x all one word and this is once you get x started you can open up your web browser and you should be able to see something like this if you type that into your web browser you should be able to access your um your handbook but that's just one way of accessing the handbook obviously if you have the internet it's a good idea to uh use the the latest version of the handbook but um like I said you might be on a plane or you might be troubleshooting your internet it would be nice to have the handbook if you didn't have internet um that's what I typed to get the handbook up um so yeah to catch up what what we did um I'm just looking here at this guide here so I'll just pull it up um I'll scroll down slightly um the scrolling can be a little different inside of virtual box as well just to give you a heads up and we're currently right now at the down here and we just did these last couple of commands so we were working on the package install and then we did the sysrc commands and then the vi sudo we told debus to enable and we edited that xinit rc file with that startxfce4 oops yeah like I said the um the uh for sometimes the scrolling on here can throw you off a little bit and then if you'll also notice on the guide there are other desktop environments you can install so xfce is the one that looks like this with the little mouse at the bottom um this little mouse guy and there's gnome, there's kde there's a few others lumina um so you can just kind of get the hang of which one you like um start to play around with them you can change all the appearance settings and everything so um cool and is everybody up to this point did you get your graphical display started okay oh still downloading yeah the downloads yeah I'm just on scale public fast but I don't know um cool so yeah I guess um while we're waiting I can pull up another one so we can just to show you we can also do um let me get out of here oh whoops not that one so I'm gonna log out and try a different one yeah it's while we're waiting I'll just install another um so I'll do sudo dash i to become root and I'm going to package install kde5 which is a big one um but we'll do it anyways whatever yeah you'll see kde5 itself just kde is 567 packages yeah it's because it comes with everything right kde is was always designed to be this desktop of all things and it has quite a few uh features in there let me double check I believe I've used it before oh yeah no worries yeah I use sys control for things when I'm looking around I mean like when I turned on my I use this laptop for recording and my screen and things like that so um I usually have to figure out like what's the default um audio interfaces they're using and um I use sys control for that okay um probably just some which graphics display um driver did you pick we'll probably just pick a different one so just shut it down and then we'll uh we'll try one of the other um also debuts might not be enabled but if you go into the machine settings yeah so just um yeah and then go to display and then which one does it show yeah that one change that one so you have to actually turn the computer off and you could just yeah power off and uh yeah to the uh the third one cool and then okay and then it's saying it's invalid because they don't like that one virtual box itself is like why in the world would you use the old graphics controller like oh because we want to they're like but it's it's not the new one yes you can't change the display controller in virtual box with the computers on or the virtual machines running um but yeah after you change that you should be able to boot up and log in type start x and it should come alive that's exciting part because now you get to see you know a lot of linux distributions even there's there's people who've made previous d products to do similar thing but they'll set up all this stuff for you and so you're not quite sure how they did it where they made the setting changes or any of that it just comes as part of the operating system but cool thing like I guess like Drew was saying some of the people after you get used to previous d you start to realize where all the settings are because you had to change them to get it to work and then you have the sanity check you can do of like well I didn't change that file so it should still work the same or the last thing I did change was in that file maybe there's a typo or something right so it kind of gives you that that peace of mind that the machine is not going to have some weird database setting that didn't work right and now your whole computer registry doesn't work or you know like the typical operating system issues where the computer itself uses all these weird background things to keep track of how it runs previously just use text files so if there's a problem with it it's a text file somewhere you can just go edit and that's why we use vi and vim and these things because you're working a lot on the command line with text files and cool looks like your startx is working yeah no problem very cool oh it didn't start I thought it's not start oh ok try the mouse d then did you do the mouse d enable thing you can also change the mouse here to input oh and it doesn't have an option what did I change mine to there are different settings for the mouse if you shut the computer down you could try a different mouse setting they have like let me pull one up where's the mouse right here so it's system pointing device you could try usb tablet if your ps2 mouse isn't working we can talk about for those of you who are ready for something I'll still come back to this and we're just waiting for the download as well to try a different graphical environment display environment but I do have more than one machine here so I can boot up another one to kind of show you a few things so if I boot this guy up you'll see here that there was only two seconds and it started with the auto boot delay to however long you want I like it at 2 seconds 10 seconds is kind of long 30 seconds is crazy long sometimes you'll see virtual machine companies like digital ocean or something like that digital ocean doesn't do freebies anymore they used to until a month ago you can still get it there you would just have to take this image from virtual box now they don't have a way of doing it manually anymore or automatically but they set their boot time to 30 seconds so if you see some you can always just change those things if it's taking too long okay so I'm going to log into a different machine here real fast and yeah because this one still has 200 packages and I wanted to show you something else so if you want to update your machine there's a command called freebiesd update and if you look at the man page it's used to move things around from release to release and you'll notice here it says but not from stable or current so the freebiesd update tool is specifically for the release version of freebiesd and the way we usually use it is if you actually look at it freebiesd update is really just a script so if you look at the script you're going to see this that you have this whole let me go to user local then freebiesd update yeah so we should just be able to type a which freebiesd update there it is, it's in that user freebiesd update so if we were to cat, user has been freebiesd update you see it's the shell script and if we were to look inside the shell script there's a pager so the pager here gets set depending upon what you're doing basically what it'll do is if there's a bunch of files that it updated about it and it'll walk you through it, you have to push down space bar you have to walk through the pager, if you don't want to deal with that you just want to push the update and have it you change the value of the environment variable so you're going to say mpager which is the environment variable they're using in the script you're going to say we're going to set that to cat instead of less so now if it has something to show me the screen, it's not going to make me interact with it because there's typically nothing I do to interact with it anyways it just stops me and makes me read it and put space bar or whatever so if you do the cat, you don't get that then you can just type freebiesd update fetch and then you can run this again and you can type freebiesd update install you can type them both one after another it'll do that as well it'll fetch the updates, it'll install the updates and if you notice I'm on 13.0 on this computer because this is just one that I already had I'm just going to switch back over and see how this guy is doing okay yeah, so this is freebiesd 13.1 that we installed today and this was installed a little while ago and you'll notice they don't have any updates but they do have a message saying you know, freebiesd 13.0 is approaching its end of life date we recommend that you upgrade so upgrading is also not too difficult we can show you that in a second but to update your that just updates the operating system how do you update the packages packages are updated with package update and if there's any upgrades then you would need to type package upgrade so package update we'll get any updates and if in your currently installed programs have version upgrades you'll also need to type package upgrade and then I always put dash y on the upgrade because it's going to ask you a question so you'll see it's upgrading package itself to the latest package and then there was 158 files that need to be upgraded on this machine so that's how you bring a machine up to date but not necessarily that's not how you go from 13.0 to 13.1 that's just how you update the current release that you're on and the current packages the freebiesd handbook has a good documentation on the upgrade process you can find the handbook online by going to freebiesd.org and documentation handbook and then in here if you were to type upgrade you'll see there's upgrading freebiesd and they walk you through it and really all we really would need to do is freebiesd update upgrade dash r this one so freebiesd update dash r the name of what you want to update to the upgrade so we're just waiting for that to finish doing the install of some applications um if you wanted to see the upgrade I could show you so it's freebiesd update dash r and I want to go to 13.1 release so what it'll do is it'll find the differences between the one I'm on and which one I want to go to and what I'm doing now it just inspects the machine and then does that look reasonable right? when we first installed we didn't pick any of those options so it's just reminding us that we didn't install debug or 32 debug those were some of the options we were installing which is fine we didn't it's just verifying this is what it seems to have found does that make sense so yes that will uh everything that it does right now it's not actually going to change the system it's going to prepare the system for changes and if you don't go through with it then it won't change anything but if you want to go through with it then you actually have to follow it up by typing a few more commands which shouldn't take too long and then we'll go back and see how KDE is doing we're getting there 400 out of 560 but yeah this part of the inspection just takes a little bit longer but yeah it looks like it finished that piece shouldn't be too much more but yeah I mean I've upgraded for you to see multiple times and it just is really stable it just keeps going to the next version and working just fine some things might change though between versions slightly so you just have to keep an eye out nothing's coming to mind of like what exactly would change just every once in a while you might see something done slightly differently but they should either give you a warning about it or you can read about it in the changelog online so there should be a changelog when you go to the actual page for FreeBSD and they should have all these different notes and things that you might want to pay attention to they'll give you all these heads ups if something was to change when you upgrade or anything like that but typically things don't change enough for you to notice it doesn't usually throw off anything so you should be fine but cool so yeah we'll just let this keep doing its upgrade in the background so I can kind of show you what a FreeBSD upgrade looks like but it looks like her KDE is just about it's just about done it's good yeah I don't recommend doing KDE for this workshop just because of how many packages it is it is one of the biggest display managers but once you see KDE then you'll realize oh okay they try to make this whole environment of KDE stuff for you to work with so it's just got all kinds of tools and remember after the fetching comes the install extract so even though it is about to hit 500 and something it still has to install all those packages and there it goes okay and this one shouldn't take too long most of these packages are pretty small this is what FreeBSD looks like when it's upgrading it'll tell you how many packages it has how many patches it has to do so 5191 patches and this is just downloading them the longest part about the upgrade is applying the patches so after it downloads all those then it'll start applying them and that'll take a minute but yeah hopefully you saw in this using Xorg and XFCE how you can quickly go from a server to a desktop right they're really not so different one of them just has a lot of extra support packages around it so you can have a display a graphical display but you don't have to have a special version of FreeBSD there's not like a FreeBSD server and a FreeBSD desktop version or anything like that it's FreeBSD and if you want a desktop you install an environment through the package and port system go right ahead yeah because we at the beginning I did bring this guy to show this is a FreeBSD laptop we don't have to do the virtual box thing but the workshop environment basically that's the only reason but you can do all this same stuff on a real computer and you'll be right it'll be a lot happier because you're not messing with virtual box oh okay right we don't have to do that anymore you can if you want to but yeah the installer handles it all and UFS is using okay so you want to have an NBR G we're using the newer one the G yeah because we need to be able to change disk labels and all those things so you can do all that you can even use NBR if you really want to but the installer defaults old fashioned one yeah yeah especially with the UEFI boot that helps a lot so if your computer has secure boot like this does, this ThinkPad when I install I had to go into the BIOS and turn off secure boot otherwise it wouldn't boot that's like a Windows thing I believe and they might have incorporated it for Linux or something but what you'll find with FreeBSD is there's probably a lot of people using the desktop like I am but there's probably not as many of operating distributions that you would see that you just do all this stuff for you so it's a little more hands on there are some projects though if you look at Drew's getting started documentation on the FreeBSD website they should have pointing in the right direction there's GhostBSD and there's NomadBSD there's a few people trying to move that forward so yeah and we just installed XFCE to show them what it looks like but now we can do we just installed so I'm going to put a little meaning to comment that out we just installed KDE so if we want to run KDE we can say execute start Plasma X11 and now when we type start X we should be getting KDE instead which is this whole own fun environment that has all kinds of stuff going on so that's what KDE is going to look like a little more and it looks so funny right now because I left it in scaled mode so make sure if you're using the display if you're not using the console and you're actually using a desktop to get out of scaled mode just being a regular mode because now that we have the drivers installed it resizes the screen automatically depending on how big your window is so and this one comes with its own console looks like this so you'll start to see that you know there's all kinds of different programs you can use to interact with the terminal this one's called console there's XFCE had its own XFCE terminal and there's a few others but as you can see there's just all kinds of settings and stuff in here so you can go ahead and feel free to play around with that pretty cool so I'm going to go ahead and exit out of this yeah that's what we just did we just installed KDE from the repository the package binary package but the packages are all they all come from source so if you wanted to change them from source you can go in and we have a program that makes that way easier in FreeBSD called Pujir and that's here I'll pull that up so I'm going to get out of this one it's kind of let's just get out of here okay so we're going to leave this guy and we'll come in through there should be a shutdown a log out button in here I think it's right here yeah log out cool okay so Pujir that's a really cool system that you can customize packages so if you wanted to customize KDE and build it from source you can use Pujir to build your own packages customize them build them and then you can install from your own local package repository it doesn't have to be a server running somewhere your local package repository could be a file a directory of files so Pujir will create the file structure directory for you and I'll show you how to do that in a little bit we have that at the bottom of our guide if you're just getting here and you didn't see we do have this guide if you go to bsd.pw we have a guide here getting started with FreeBSD and there's a workshop and we're just going through this guide right now we're at we just installed all the packages and we did the start x we picked one of these and we started x so this is where we are and then here's some of the known issues you can read about if your machine isn't working and here's how we open the FreeBSD Handbook and then we were just talking about FreeBSD updates and upgrades next would be jails which we kind of talked about a second earlier but jails are really cool we will talk about jails here in a second this is what I was saying earlier if you upgrade FreeBSD this is the upgrade in progress we're going from 13 to 13.1 and it finished all the patches but now it's saying there's some files that we can't merge automatically because you must have edited them on your machine so if you push enter it will bring you into the file and it will just ask you to look at the part that has these little arrows in it and the equal sign so these little back arrows and this equal sign it's just showing you that your version has video with roller at the end and the version they're trying to merge the video group doesn't have roller in it so get rid of the video group without roller and then you can just delete this little markup that they put in there and that's it that's how the file looks now you can save and quit it it asks you if everything is yep I missed one so if it looks reasonable you say no and it doesn't do anything so if you come back and run to upgrade again it should skip all the long parts that it did before and try and that merge again so we'll just say yeah now it's checking that all those patches went through and then it's going to find that merge conflict again for the group file yeah you're right I forgot the arrows going the other way just fine yeah it previously is really good about remembering where it was and picking right back up off where it left off so it might take a sec because I have to do all the checks all over again but it's just double checking that everything's where it's supposed to be in that note at all should ask me that same question again which shouldn't take too long the inspection is really only limited by the speed of the processor and that processor is much faster than this one as we saw his install was like extracting and mega fast mine's doing pretty good but it's not super fast okay so we should see the same thing here now saying our group file has extra entries but yeah we'll come back to that one in a second it looks like it's taking a minute I'm going to switch this back to scaled mode and we can talk about jails because I don't know if you okay wait there it is okay it already downloaded all the files it should realize that really quickly I think it's just doing a check some real quick on all the files to make sure it actually has 100% of the file and it's correct but yeah we'll come check on that in a second so let's talk about jails because that's really the last part of upgrades anyways okay we'll finish upgrades and then we'll move on to jails because it looks like we don't have to wait any longer so it's asking us the etsy group file what the difference is and yeah if we looked at the whole thing there was two lines there was this guy and this one so what it's saying is the new one has video but it also now comes along with real time and idle time it didn't have those before so I'm going to get rid of that and then I don't want the default one I want to keep mine so that's really all you'd have to do is it wanted to add video real time and idle but video was slightly different so I had to do it manually so to save you can do the colon wq but just remember that um the escape the escape and two z's works just as good two capital Z's and you're out that's an easy way to do it so yes it looks reasonable there might be another file that's the new version there's no problems with it does that look fine yes and now it's just showing you here's everything that will be removed and if you hit spacebar or you hit spacebar if you actually are curious you want to see everything otherwise you're going to hit q a few times okay so it still hasn't changed your system it prepared it it's all ready to go it knows what it needs to do but it hasn't done it yet so it's telling you at the bottom if you're ready then you type previously update install that'll do the update then you gotta reboot the computer come back in and run that one more time which it tells you it says okay we're good please reboot run this one more time to finish installing updates so you can actually type the word reboot if you want and it's we're almost up to 13-1 so the kernel is 13-1 and now it just needs to do a couple of clean up tasks so the reboot got it got the kernel there but now we just need to get the rest of the user land and everything so we just type the freebc update install one more time and it'll clean up do the rest and we're on 13-1 okay so I'm logging in as root with sudo-i um-i is an easy way to just become sudo um um and then it'll just ask you for your password and freebc update install that'll do the rest of the upgrade it'll finish it all up this doesn't take very long this is this usually is very fast and then we have a command on freebc we have uname you can do uname and then dash a to see the version but freebcd also just has freebcd-version um if you wanted of to get just the text that is the version but yeah that shouldn't take too long um cool did a little bit of scanning and that's cool done so if we type uname dash a or freebcd version you can kind of see the difference between those two one of them has got a whole lot of information the other one's just exactly the version but we're at 13-1 now and your packages you should reinstall them so to do that just package upgrade dash y and that should um actually upgrade do dash f y um that'll force everything to upgrade reason for that is um when you do a version upgrade like this you wanna do the force because you want it to just reinstall everything in case it needs to um usually things will work fine but I always do that as a backup just in case um but yeah after this is done running through it's fetched like it normally would it'll be you'll be stable, you'll be there, you'll be ready to do something else and um the uh cool so the we'll just take a break here and we'll come back and talk about jails and we'll get you started with jails and what cool things you can kind of do with them um yeah so feel free to get a water or take a break for a second I'll be right back oh I didn't know what time it is is it lunch right now do you know what time we're coming back oh okay well we could just make it up okay yeah do you guys wanna come back here at two sure okay perfect thank you so much and um I'll hang around and work with people to get you caught up if you want hi sure yeah no one should be coming in here but yeah just just log in his route and walk away hahaha hahaha yeah yeah uh next we're gonna be talking about jails so jails are kind of like the container system for free BST oh cool oh perfect ix oh wow yeah let's where do we end up um installer yeah because the virtual machine image will import into virtual box and when you start it it'll have a username already created and a password already created so it's more of like a ready to go type of thing but then you don't see how to install it so the last command we ran here was uh start x we were looking at this file and playing with the different settings so i'm gonna set it back to um the one we showed which was xfce that way if you were to type start x you should see this and then we have a terminal here at the bottom and we can make that bigger with the control plus plus and if you're having trouble finding out what buttons work this uh soft keyboard is very helpful because it works like a normal keyboard usually let me pull this guy back up so jails uh free BST jails have been around for a long time um you'll find references to them all over the place but one of the main things that to take away from jails is they're really complicated um you really need to understand the file system the networking the operating system the reason why we bring it up in a getting started workshop is it's super interesting and you can get started with it pretty easily it's some of the fancier things people try to do with jails that makes it um more complicated really um i mean people use it to run really really old versions of free BST uh if they if they needed to um either for experimentation or maybe there's a production app that's been around forever that no one ever rebuilt and so they need to run it still they can run it in a jail um oh jailbreak um yeah i wouldn't consider jailbreak and jails the same um the jailbreak on an iphone is really they didn't want you to be root user um and that's basically forcing your way into becoming a root user on your iphone um a jail is more like think of it like a two way mirror right you're the operating system and you want a program to run and you don't want the program to be able to just run rampant and all over your operating system and change things and slow down ticket resources or whatever so what you can do is you can put it into its own little environment and inside of the jail you don't you don't really see that you're in a jail it looks like you're on a normal free BST computer you have all the same uh files that you would want you go to access and edit them but there is this separation that's visible to you from the inside but from the outside the system administrator can have the program running in the jail and if the the program wants to do anything fancy to sort of change a file that another program uses it's not going to be able to if that program is in it outside of its jail so very similar to C groups and namespaces and um a good a good use for it is just to kind of put a wrap around a program and because you can restart a jail really easily if your program is having issues and you need to kill it um but the program is taking up 100% of the cpu resources on the computer how to how it becomes really hard to log in as an administrator when your program kind of blows up and it won't if it's slowing your whole computer down how do you log into it to control that situation um it would just be painful you you'd be waiting your turn you'd be trying to log in forever and then once you're logged in then you'd be trying to kill the thing well if it's a jail you can do resources you can say this jail can only use a certain amount of resources on the machine so if the program ever does go crazy you can just turn off the jail and since it's like a wrap around the whole program it will just reboot the whole thing and it basically just allows the processes for a program to stay together and not escape and run rampant and mess with other things that's kind of the high level overview and like I said it gets real complicated because you can do so many things with jails um it's incredible so we'll just get started so you can kind of see how to even get started with jails and what is available so we're gonna log in as root with sudo-i so we're already into the computer we have it logged in um just make sure that you have access to the internet by pinging pinging something if you don't it's probably due to the wireless settings here um they do have some security settings enabled so the DNS isn't gonna work properly through virtual box guest because your host already has the same IP address so it might be a little weird so you might need to change this file to look like this so resolve.conf may need to just have one line that says name server space and then a publicly accessible DNS that's what we found in this workshop how the internet seems to be working better if you set it up like that and then if you type ifconfig you should see that you have your address and it's a 10.0.2 address which is typical for virtual box um virtual box network is just set to net so that's really the trickery that we have to get the internet working so if you're at that point then we can do this so we're gonna log in as root sudo-i and now we can edit a file there's a this file login.conf this has to do with locale settings and utf-8 and things like that I believe the 13.1 and 13.0 I believe in the 13 versions of frebsd this is not need to be changed but um because as you can see the char set equals utf-8 laying equals utf-8 those didn't used to be part of uh they just didn't used to be part of this file so we used to have to go in and add those two lines so we can just leave that alone it looks like it's already set and just to make sure that it works type locale and it should just have utf-8 all across the board and if it does we want to look for iocache so we just do package search iocache and see what the version is so looks like they have py39 iocache so that's the one we want so we'll say package install py39 iocache and it'll ask you if you want to install it you can just say yes with a why and that will go ahead and install it and the first thing that it wants to do is activate um this command iocache is a wrapper around the frebsd jails um settings uh yes do you have a question yeah uh here's the command and I'll put that up at the top with control l so that's how you get iocache and now we can use it so as root we'll say iocache and you were going to want to do um or a zpool status in case you renamed your pool so just do zpool status because you want to check the pool name right here if you left your pool name zroot that's fine if you didn't that's also fine you just need to use that name here in a second so iocache needs to activate to your zpool so to do it you just say iocache activate in the name of your zpool so mine's called a z root and it says successfully activated um and then you can do iocache uh list and you'll see there's nothing there this whole list of the name, state, release everything is set to default there's nothing there so we should now see an empty table right and um let's see tune this is a performance thing um it's not iocache is written in python and this if you have python on previous d there's ways to get a little extra performance out of it and that's using a uh mounting a file system so we'll mount that file system um so mount a file system with the type um fd sc so f desk fs and uh you just say space null and then space dev fd so that will mount the file system right now and python will you know just if it's there it'll use it if it's not it won't but that just makes it a little bit faster but in order to keep that around for future uh reboots and and actually make that part of the configuration you can add it to what's called the file system table so if we then uh etsy fs tab that's our file system table you'll see all the files systems that get mounted when the computer starts and there's currently just the one but we can add a new line so i just put j to go down and i'm adding a new line with o uh that'll open the text to edit on the line following where you were so i'm here and i just want to mount uh the device is going to be called f desk fs and then you just push tab oh it's offscreen thanks the um let me scoot that over slightly and then yeah okay cool and you push tab in between these entries right so there's f desk fs and then tab and i usually like to tab over to where you're kind of in the right column here you don't have to um you can just have one tab in between them all but to kind of line them up i tab it a few times so it's lined up so it looks nice but um i'm going to say you're going to mount to devfd and the type is null and the options um are read write or no that's not the type the type is f desk fs sorry options read write and then um the dump and the pass are zeros how do you um what oh because um when i type when you type the mount command to use the null but apparently use null just because it's the same as the name of the device but when you put it into the file system table you actually have to spell it out twice so i had to spell it out here and over here but on the command line you don't have to do that but yeah this file is read when the computer starts and it will mount these things and then you'll see um if you want to you can kind of line these all up so that they they're all in a column but you um as long as you have that row this one line that looks just like that f desk fs and then the mount point slash devfd files with some type is f desk fs options read write dump and pass are at zero so we just save that you can do colon wq if you want to save and that's just going to improve the speed performance so if that didn't work um the instructions are in the guide but you also don't that's just an optimization you don't need that um so what you need to remember we did iokage list and there's nothing there so what you do is uh iokage fetch and this should look up the different releases that iokage is working with and it asks you to type the number the default is the most current one so you don't even have to type a number um I'm just going to push enter and it'll get me the latest so that's going to get uh an image of 13.1 that can be used uh with iokage and this is literally just going to let us uh it's going to be like we're installing free viste in its own environment it'll be like its own server and everything but this one in particular is going to uh be a jail so according to uh it's going to look and act like its own machine but it's going to be contained inside of the host machine so we'll just uh the fetch shouldn't take too long and then um we can list the releases that it has downloaded so iokage list by default will show you the the the jails that are installed which are none but if you do the uh dash R after iokage list it'll show you the releases that you've downloaded and uh right now i'm downloading 13.1 release shouldn't take too long and there is a good book for this and it's just called free viste mastery uh jails and no i brought the other ones with me today i didn't bring that one but i do have that one um these are some other good books to get if you're curious this is third yeah this is the this is the latest one the third edition yeah there's just been a few changes this might i believe this touches on a lot more of the current current yeah and they try to make the jails book last just because of the complexity of jails um because what we're using them for is to uh uh for is to experiment right and and and kind of get the get an idea of what it would be like to have a separate isolated free viste install but um you'll i mean you can just get as creative as you want with jails some people just use them to separate their servers so instead of having one server that has the app server and the database and the web server you could just have a jail that is the app server and a jail that's the web server and a jail that's the database that way they can't interact with each other they can still interact with each other like they're supposed to but they can't accidentally step on each other's toes or um take each other down uh we did have a question that came up earlier of you know if there is a merge conflict if there's dependencies of dependencies like you installed a program it had a lot of dependencies but another program kind of conflicted how would you you know deal with that um you could put the programs in their own jail if you wanted and it does just make it a little more complex to administer the system so we're not going to cover too much system administration we're just going to cover the basics of getting a jail setup and typing commands inside the jail okay so now if we did iocades list but we pushed R at the end you'll see the base is fetched 13.1 release um if you want to know any any um so there is a manual page for iocage but there's also right there you'll see this iocage you can do dash dash help as well so um you might want to look into that if you had more questions and then um if you had a question about a certain command like um activate or something like that you can type the name of the command and then put help after that and it should give you help for the specific command uh sub command yes yeah um so uh tilted windmill uh press is the place to go yeah tilted windmill press uh or mwl mwl.io that's gotta be the easiest one uh that stands for Michael W. Lucas so mwl.io that should bring you right here this should have his nonfiction books and then he should have his um sysadmin and then you should see we have the pseudo mastery we have ed mastery ssh and pam tar snap okay so it's not there it's a nonfiction operating system there it is um this would be the guy so it's really cool right lightweight virtualization you can manage the jails from the host um there's a lot of stuff you can do so he he he he says strip away the mystery yeah because it does get kind of confusing um so we'll just real quickly get a jail installed and then we'll show you what that looks like so you can say I'll cage so I'll put this to the top here create dash capital T except that's dash and then we have uh n for name and then what do you want to call it so we'll just call this uh previous djl or something like that so you can name it whatever you want after dash n and then we'll set the ip for addr so the ipv4 address and we'll set that to 10 0 2 I'll just set it to 16 or something and the release we wanted to use was the 13 dot uh 1 release in all caps cool jail successfully created and now what do we do with it right so if we type the io cage list you can see there's a privacy jail it's down right now we've got one and here's the ip address so to bring it up you would say io cage um start and then the name of the jail um that will only work if the jail's already started um so you can actually oh right let's try it so it should just work fbsd jail and then io cage list right and now it's up but we're not connected to it so to connect to it you type io cage console and when you type i've io cage console in the name of the jail um you should now be in the jail and if you look it brought in our resolve dot com from our host file and if we were to change this to oh it doesn't have them see so now we don't have them in here anymore um so let's do vi and we'll just make a quick change like if I was to add let's say I was to add the 1.1 that's another publicly available service for dns so if we were to add that and then we were to cat that that is within the jail we leave the jail so control d or you can just type log out now let's look at the resolve dot com file and see how they're different so the jail can have its own settings and configuration and packages but it can still run on the same computer so it is a little bit interesting um uh especially since it just works so fluently in the background like that just um but yeah that's kind of how you would create servers and then you can start doing the same thing before package install and put whatever packages you want on it and get it working however you need to but those are the basics is how do you actually create it and how do you get into it to run commands so now I'll just show you how to destroy it and it'll ask you are you sure and it's still running so if you're sure you want to destroy it and you don't feel like typing I okay stop first you can put a f in there and it'll force it to go away oh good good point um yeah it um it's all created again the uh you can't from the host you can see in the output if you do ps you look at top or whatever and you can see the program running from the host but inside the jail you can't see any of the programs running on the host you can only see what's inside of your environment so if I was to do um if we were just to look at some of the services running right we have xorg and a few xfce and a few other things but if we were to um console into that machine you can do the same thing you can type start first or you can just do the f and that'll start it for you okay so we're in now if we look at the top on this thing there's nothing running I mean that's that's four things so this computer this jail has basically nothing happening inside of it and um but from the host um you can start to see the jails um if you wanted to to start looking in ps and you know look around a little bit um there's gonna be a lot going on in here um but basically from the jail there are if you typed um yeah see right there that dash capital J that's how you could select a specific jail by id from outside the jail you can see what's going on inside the jail with the capital J but the same ps commands will work and this will show just the there should be a jail in there somewhere um uh where's the J yeah right there there was a J so these ones have the J on them those should be the ones running in the jail um and then you so if you start reading the man pages on these things you can start to see um most things will support capital J flag um so you can just see what's happening inside the jail and not have to log into it or anything first um so I'll just kill that and that was what I wanted to show you with jails today um there's so much more we could jump into but I thought um Pujir would be next why Pujir so so far everything we've done is like this we package install something right and that's fine but every once in a while you run into the case where the package has some settings you want to turn on most of the time it's something like this ffmpeg or something like that it'll come with certain options enabled but it won't have other options enabled and a lot of programs get all their abilities for converting audio files converting video files just use ffmpeg to do it so when you have the output like if you're on a video editor inside free viste and you want to save to mp4 usually it'll use ffmpeg to do that so if your ffmpeg isn't compiled to support mp4 then you won't have that option so what you need to do is build and compile the package and set the option yourself um if you get into that scenario so Pujir is a tool for building and filing packages and making your own package repository but you don't have to host the package repository on a web server somewhere Pujir can package up all the packages it creates for you and you can point to the directory that it built them in so you can change your repository from a server URL to a file URL so to get it we'll just say package install and it's built kind of funny it stands for like like I think it was one of those like big barrels that had um what do they call it like gunpowder in it or something like that it's a french word it's a weird french word um um but yeah I think it sounds like powder keg or something like that kind of a strange word but um ok so we'll do package install Pujir and I just did the dash y so it wouldn't ask me are you sure because I am sure I do want it um and we need the place for its packages to go um so I'll just say um make a directory user ports dist files uh and you have to spell that right uh makedir ok so I made the directory ports dist files and then I need a directory user local pujir uh and now we just need to edit the configuration file for pujir so that should be in user local etsy pujir.conf um and it's just going to ask you a few things if you just scroll down you'll see um a lot of the you can just uncomment some of the things so uncomment z pool z pool equals z root and it's telling you you know you need some space to do this to the command to check space on previous d I'll just show you real quick is df-h that'll show you the computer and sort of how much space you're working with um let's see available is 3.6 um on this machine because we've already used 7.6 because I installed so I'm going to get rid of KDE 5 and um anything else that was associated with it just see if I can get some space back otherwise the pujir is going to need to be running on a computer with a little bit bigger hard drive um package auto remove is just searching all those files KDE installed earlier and seeing if it can get rid of some of them for us um yeah I believe the default in virtual box is 16 gigs that it wants to give your machine um so we should be able to get some space back by taking off some of the stuff that we use but if we don't have enough space we can add another hard drive we usually do two gigs or 2000 megs um it seems to work pretty good the so I was just trying to delete some packages here we'll see what that says and then after it's done doing that we might we'll see how much space we have left um when you guys run df-h how much space does your machine say does it have at least 7 gigs available um because if you looked right here it said uh pujir needs at least 7 gigs of free space to have it working and I only have 3.6 so I'm just trying to delete some stuff but we probably could um just if it is virtual box we could just add another hard drive and format it, mount it and then use that pool might be what we're going to have to do so we'll just get ready for that in case that's where we need to go with this so I'll just scoot this up so we can see if that finishes we go to the previous dhandbook and we search zfs quick start you'll see very quickly how to format a new device so single disk pools what we want so what do we do? we can go like this so we don't have to delete anything we can just I'll just control c this so we don't have to wait for it we can do shut down turn it off go into virtual box and add another hard drive that's bigger, just for Poojer so wait for the machine to shut down all the way and then come to the machine and go to settings and we have storage and we have under the id controller there's only one hard drive so if we add hard disk right here and then we'll show the disk that you can add and we want to make a new one so we'll hit create and the same menu from before right we can go with all the defaults except the size well we can even leave the size I mean 16 gigs is fine now but I mean if we're worried we can bump it up to like 25 or something so I'll just make mine 25 gigs and then I'll choose it so here it is choose now it's connected and I'll make it bigger here so view scaled mode so to see all these flying by you would notice right there ADA0 and then ADA1 virtual hard disks and don't worry if you didn't catch that you can always do the input keyboard soft keyboard and hit the pause break button and click home I'll bring you back to the top and then you can kind of you can close this or keep it open because I want to hit the pause break button again but basically we can go down down down until we start to see the hard drives here they are and you'll notice that there's another one so the ADA0 was the one we were using before you'll see it's that 16 16 gigs and then here's the new one a little over 25 gigs it's called ADA1 so what do we do well we just tell Pujir about that so well first we need to set it in z pool but so we'll sudo-i to become root so now that we're root just go back here real quick and you'll see the to create a simple pool you just z pool create the name and then slash dev slash that number that we got so mine is z pool create I'll call mine Pujir Pujir01 or something like that and what was it dev ADA01 and now if I do df-h I've got 25 gigs of free space on Pujir01 I still only have the three from the other one but now I've got this new hard drive to work with so if I was to edit that Pujir file now I can point to this Pujir01 z pool which one I would bump that up to 25 just so you don't have to do this add extra distinct because we kept it at the default but then when we got the Pujir we needed more space before it was 16 oh for memory we're doing two gigs but for hard disk size we're doing like 25 gigs so is that the hard disk one yeah that's the hard disk one 25 just a little bit more space okay so we're going to edit the Pujir file now so we'll just vim into user local etsypujir.conf and we're going to modify z pool and FreeBSD host so z pool now we need to change that to the name of the new pool mine's called Pujir01 and it has to be spelled right so make sure that's spelled right and then we're going to go look for host which should be down here FreeBSD host equals change this so we'll change that to HTTPS download.freeBSD.org and if you notice right above it it gives you that address it's saying we suggest this one it's kind of hard to see because my VimRC is you know the Vim configuration on my root is making the background text blue so it's kind of hard to see but we'll just let that be okay so with those couple of settings now you're able to create a jail for Pujir and the way you do that is you do because Pujir uses a jail system it doesn't use IOCage but it uses a jail system to create a completely separate separate operating system environment where it builds things so it doesn't mess with any of your local packages or anything so you type Pujir jail jail-c for create dash j for the jail name so I'm going to call mine AMD64 and then there's the release version so mine's going to be 13.1 and that's just the name of it right I'm going to do dash V for the version of FreeBSD I want to use so 13.1 release so Pujir jail-c dash j the name of the jail dash V the version of FreeBSD and that should do this very similar thing it'll go out and get that base image that it needs and this is going to create the environment for building your jail what's it mad about so it's saying you have an image file that's inaccessible um that's fine that doesn't matter centOS 7 minimal is it by default comes with virtual box? no virtual box has a section in it where you can manage disk images and it looks no it looks like it's complaining right here so if you go to storage right here it says that this is mounted um so it was trying to boot off of a non-existent cd yeah no problem so yeah that should just come right back let's make sure it comes back and now what's it saying um not a hypervisor okay VTX is disabled in the BIOS so that means your computer you have to go into the BIOS and turn on VTX yeah just because virtual box is hypervisor and it's got to have it depends on that processor support which is why you're gonna hear people with the newest mac m1 it's not virtual box isn't a thing on that they're not virtualizing they haven't created a hypervisor for the new processor yet I know VMware is working on one but it's super beta virtual box in the forum says they're not gonna make a virtual box for the new mac m1 because they'd have to rewrite their whole tool and they're not gonna do that um okay so it says your jail called 6413.1 of version 13.1 is ready to be used so how do we use it um well first we can look it up we can see uh Pugier jail-l right that should show you a listing so there we go we've got that jail and the jail needs its own ports collection so this is the source the jail needs all the source for all the ports um so that it can create packages so uh that's why you just do Pugier ports and dash cp and then head that'll clone the ports tree the ports tree is literally make files and all the instructions for how to install um a package on FrabiousD like what does it take to you know get vlc or firefox or whatever to install um you know you have to go to firefox you need to download the binary um so someone's wrote a script to do whatever needs to happen but all within FrabiousD so that's what the ports collection is and that's what Drew was talking about in his presentation at the beginning was if you want to maintain one of these ports or if there's something that is a unix like a program maybe it's on linux but you don't see it on FrabiousD you can go read the porting guide and you can use these tools to figure out how to make it work and then you can kind of get more involved and uh help help out with that but I did take a workshop at uh BSD EuroBSDcon conference in Romania about building packages uh and it was really cool um a lot of the a lot Pugier helps a lot if you're a package container too if you're someone that builds and ports packages this this will make your life so much easier because in the past you would have a machine that you want to build your stuff on and if it wasn't built in a jail then you'd have to have a way of creating a fresh environment every time to run all your builders in and it this just makes it so much easier because it that's what it was designed to do it's just a tool that does a lot of the automation of building packages for you and then we'll get into like why would you build a package right because you want to change the options and I'll show you the screen here once we have Pugier installed there's a screen where you can see all the options and we'll look at some packages and start to see what are all what what options are available and why would we consider them and then you'll see like ffmpeg has so many cool options and you can just toggle them on and then you get all that capability that comes with the tool but the people that make the packages for you on the FreeBSD package repository they had to pick some default settings so they picked either what they thought was best or what feedback they got from people or whatever but they have to pick some default so if you're one that wants to start changing defaults then you just have to build your own packages but at least you have that option to do that because there might be a packages where you just want to turn most of the options off and it makes the package even smaller and it runs better because it's smaller but you know if there's things you're not using you can always strip them out as well or for compliance reasons like that's why a lot of people in high secure environments love FreeBSD because if you can build everything from source and you have all the source yourself and you've built it all yourself then it's a lot easier to explain to compliance officers or whoever the reason why you fill this is secure and you know you didn't just pull it off with an FTP you didn't just pull some binary and run it on your machine right you had to actually build the thing because that's usually where like a lot of weird stuff happens is linking and package linking binaries when they get built people can do some weird stuff to them so if you just to give you that peace of mind you can build them yourself some people build them themselves just for that reason we just want to make sure no one tampered with this and this is identical to what it was supposed to be trust but verify oh here it is the ports collection is huge so that's probably what's going on here so it's going to take a minute for all the ports the files for all the ports to kind of download shouldn't be too long but it will take a second and then while we wait for that what I wanted to show you so we'll kind of the other things that I had to show you after this was okay it's installed and for a package and then how do we change the package repository so we'll get into that but if it's going to take a long time on the screen we can also pull up a different virtual machine and talk about what are so why do we create this clone right the this was the clone that we created earlier I'm actually going to double check the settings so I'm just going to power it off real quick the when we cloned it it should have regenerated the MAC address by default so it doesn't have the same exact network MAC address this one ends in EB6C that's the one that's running this one ends in EB6C yeah so it copied this so just go into your clone and regenerate your MAC address so that it's not exactly the same because we want to be able to network the computers together then we can control them and we can show you kind of how to do some SSH stuff so okay I just want to change the MAC address on that second computer we will go back to that here in a second but it looks like this is finished so I will show you that in a second but here we are okay Pudger reports done we have this so if you have a machine that has a list of packages already that you wanted to use you can jump in there and pull down query all the packages what that's saying is make this big so I have a just to show you I have a this should work okay so here's a machine that I run FreeBSD on that has some packages on it so to get a list of packages off your machine if you were curious about if you wanted to get it in the right format that Pudger uses I'll just show you real quick so you type package query dash E and then they have this little formatter you can use to say percent A equals 0 and then percent O and then you can pipe that into T package list what T does is it not only cats the contents of what it does but it saves it to a file so if I was to look at package list now I have a list that's ready to give it a Pudger if I want to Pudger to build all these packages for me this is the format I'd need so the packages are listed in like a category package category package category so that's the format I just wanted to show you that's the format that they're they're kind of looking for if you wanted to give it a whole list of packages at once so I just thought I'd show you that so there's two ways to configure custom options and now we're going to show you so you can either create a file like a configuration file that would have something in it that looks like a if you wanted the option of default version so you wanted every time it looks for SSL you wanted SSL to actually be the Libre SSL that's how you would change that option you can set options manually and then provide the file in your configuration or the easier way if you don't know what to type in the file it's Pudger options and then you just give it the name of the jail so my jail is called AMD64 13.1 and my port's collection is called head and I'd like the output to be saved in oh, so the package list thing right so now it's going to ask me which packages and I can give it my list of packages so what do we have for a list of packages I wanted to show you guys how we could build ffmpeg I believe if you're not sure what it is you can always just go here to fresh ports so if you're on duck duck go they have a bang they created for this it's called bang fresh ports and then you could type like ffmpeg that should give you the category and the the name so here it is, it's ffmpeg it's in multi media which makes sense so we should just be able to put multi media slash ffmpeg into a package list file and use it so I'll just make a package list file so I'll have to erase this right now I'll just say multi media ffmpeg and that's all that's in my package list file now so I want to tell Poojer to use that and show me what are the options for that package so Poojer options amd64131 the head ports collection and we'll save it and we're going to use this package list file there's no such jail am64 because it's amd that I put as the name okay this is what an option screen looks like anything that already has an X in it is the default that they are going to use this is so just it'll kind of tell you what these things are but as you can see they could be wildly different it has a lot to do with the guys that make the actual open source program then it does FreeBSD so ffmpeg the program has some default options that aren't set so lame okay they made mp3 support no default now that's good that wasn't a default before and then I believe it would be x264 was the other one oh cool and they enabled both of those too those didn't used to also didn't used to be selected so in the past I used to have to come in here and modify ffmpeg so that it had these options so that when I built other programs they were able to you know have codec support because a lot of programs they don't write I mean most programming you do you don't actually write all the code right you just pull in a bunch of libraries that do most of the stuff and then you write your code so ffmpeg is found everywhere and it's typically the Swiss Army knife tool people use to do audio video encoding yeah this is very since the port's collection is so he was asking about is this similar to the make commands and the whole port's tree is make basically like well the whole port's collection everything is built off of make files and things like that so Poojera is just instrumenting those make files you can do all this stuff manually and you'll hear about things called port master you might see install instructions for what you're saying to install it from ports so if you ever notice people are installing stuff from ports they're probably doing it I mean you probably don't want to you probably just want to do package install unless there's a real reason why you don't want the binary package and you want to build it yourself the port's collection is all about building packages it's not really you don't have to use it and it's a little more complicated if you actually wanted to use it so we're just going to say ok and that that's going to go to all the dependencies and ask me the same thing so here's all the dependencies ffmpeg's going to pull in and the options for them as well so I'm going to take the defaults on all these but as you can see it starts to go through all the different tools that are used by a program and it asks you the same question so this is pulling in a lot of different things just for ffmpeg but it is a very powerful tool so I'm just going to enter a whole bunch of times because I'm not sure how many packages are in here for ffmpeg but it seems to be maybe maybe a hundred I don't know it's quite a few there's a lot of stuff so I'm just going to hold down enter here for a second because I don't need to customize everything but that's what's good is once you figure out what the options are then you can just set them in a file ok cool ok so it did the options now the options are set which is good the then this is how you build so you just say Pujir and you say bulk parallel give it the jail name give it the package the ports collection to use and your list and it should pull up a pretty cool looking screen that will show the ports that it's building and it says you can hit CTRL T at any time to see where the stats so if I hit CTRL T it gives me 13 seconds have gone by 16 seconds have gone by but it kind of gives you an idea of how many have skipped how many have failed how many there are to build so it's going to build 256 packages and it'll just start building from source it's usually the thing that takes forever on most computers so what's recommended is we'll scroll down here a little bit I actually included in my guide here which we'll start to look at here so we'll go down to where did I tell you to get the file so what I usually do is I actually use this tool called Ansible which we'll talk about today and with Ansible you can do all the same things that so I'm just going to cancel that this will take way too long to build all the packages but when the packages are built they'll show up in user local poodger and then all the packages will be listed in here and you would see them in your ports tree stuff like that and I probably don't have tree if you don't have tree I recommend it it's a cool little command that does stuff like this it'll kind of went a little bit too deep but tree will go into a directory and show you all the directories inside of it and all the things inside of that but the ports tree is pretty big so that takes a while to curl but this is where all your packages that are built will end up and then this is where the configuration for your packages will end up so if you wanted to see the files that were generated the custom files that were generated for your options you can dig in here and find them and see what the options were set to that way you know what to type in the future but the packages end up in your data so you'll see there's a data one there and data is going to have all the latest packages inside of it so use your local pudre or data and then what you would do is you can you can go into your your main file that previously uses with package so it's called etsy package repose not package.conf okay so it should be user local etsy package and we'll just create that directory if it doesn't exist so we'll make the directory called user local etsy pkg repose and then we'll use that to user local etsy pkg repose we'll create a new one called freebsd.conf and this is going to take freebsd as the name of the repository and we're going to set the enabled value to um no so now the freebsd main repository is not enabled and then to create your own one you would just make another file call it whatever you want um I'm just going to name mine the same as my gel um and inside of that you just give it that same name and you can set a repository up and the repository just needs to be have a url and um an enabled and the way that you do the url is you just make it a file url so it's a file um slash slash and then you go to slash data um slash uh what was it user local poodger data so we had user local poodger data and that's it so that would change your repository and when you typed um uh package upgrade dash fy it'll reinstall your packages and it'll use the repository to do that um but I don't actually want to do that on this machine um because we didn't finish building the packages so I'll just erase um erase this and it'll go back to normal so user local etsy pkg I'll just erase that whole pkg folder and um now I can still do regular stuff like uh yeah and now it's saying um no packages available so we're going to have to put the package repository back so we can do um we'll just put the previous d1 back what we'll say enabled is yes um you can mix them um it's not recommended but you can do it um because you might run into that merge I mean that conflict situation from earlier um where you have like a little it should work in general um you should just be able to build the custom packages that you care about but once you get into custom building packages you probably are going to be in an environment where everything needs to be built from source so then you would just have your own package repository anyways and you could build them all from defaults and they'd be really similar so it kind of gives you those options um yeah you can do it but there may be a certain program that has a problem with it um you never know um uh that could that could come up um the what we're going to do now is so that yeah that's that's kind of all the pruderer stuff that I would show you the um the other thing I want to show you today was called ansible and ansible lets you do SSH commands automate them really so you're kind of setting up you're setting up an environment where you can control a computer from another computer and um so we're going to go control a computer so in virtual box to control computers you're going to need to change some network settings um just slightly because you're going to want the computers to be able to talk to each other um the easiest way to do that is with this thing called nat network so you should be able to go into the virtual box settings and go to network just the settings of virtual box itself not of a particular machine so on a mac it's up here in preferences but on windows it should be maybe file settings or something like that but come into the settings and go to um network and I've added one called nat network you probably don't have any so to add a new network you just click add and it just throws it on there right um and to delete one you can just click on uh delete um but to edit it right you can double click it and it's just going to create a network that supports dhcp and has 10 0 2 0 with the subnet mask 24 that's just going to give our computers a place to have a little land they can talk to each other on so to set your computer up to use that you just go to the computer settings network and instead of nat use nat network and select the network there and then pick the machine you want to use to control it and do the same thing settings network nat network and that's why I had you create a clone earlier because now you can do the settings um inside of this cloned machine so here's the clone machine that we created network nat network yeah I just put all the VMs into the same nat network so that now they can see each other this is the one we created for the workshop this is the one we cloned after we created our first VM right after we created it we cloned it um we cloned it so that we could have a separate copy of it so that we can use it for things um particularly for something like this so if I wanted to install um if I boot this machine up you'll see it's right back where we were after this morning right after we cloned it so it doesn't have all the settings that we went through because it's brand new but we don't really need to do much all we really want to do is uh set up a uh an ssh key and turn on ssh and make sure that we can connect to this machine so I'll make this bigger with uh scaled mode and then we'll just look um I believe we did create the user account but we didn't make sudo right so if we go into a root and we could do the vi sudo there's no vi sudo because we didn't even install it so there's no packages or anything this is a brand new computer from this morning so we're all the way back to where we were doing package um and then we were doing package install stuff right so um and we since we're here and our DNS isn't working in this workshop correctly we can go into vi at cresolve.conf again and make sure that that is set to publicly accessible so everything has internet connection it just works like it's supposed to we'll verify um what's it mad about oh thanks I'm like why is it mad at me okay one two three cool okay so we're connected everything seems to be working but we don't have anything so what do you need the bare minimum on a machine to get going um you're gonna need um just go check our our um rc.conf okay it looks like it has sshgs enabled already that's good um we need sudo so let's grab that um sudo comes with vi sudo which allows you to edit the config file without having to go hunt it down and then we'll just do slash wheel and we'll go down to this line and uncomment it um that should be I mean so now we have a machine it has a user that can be an administrator and do stuff and it just doesn't have an ssh key right so yeah sshd is running um so now we to get the ssh key um on that ansible machine um we don't need to do that on this machine um so we'll go to the other machine so for you you would be going to this getting started with a previous steam machine so just boot that one up and then to create the key login as your normal user okay so we're logged in as a normal user we're just gonna quickly um fix that resolve.conf setting the internet then we can do the command so be your regular user not root so just make sure your regular person you can say who am I to find out and then um you would do ssh keygen and set the type dash t to um ed to 5519 and dash f and you can give it a name like uh ansible. so this is going to be your private key your private key pair is going to have these names right so now it's going to ask you what's your phrase that you want to use to lock the key down so you set that up and you have a public key a private key pair created but to use them um you would do uh ssh agent is the best um because you can store the key into the agent right so give it your shell remember we set up tcsh for the shell and then give it the uh ssh add command and the name of your file so we call those ansible that should ask us for our passphrase and now it's added that means if we were to look at our environment variables we should have this ssh agent and the sock thing and so essentially our machine now if we ssh somewhere it'll try to use that key um where do we want to ssh well this machine over here if we do if config this is the machine that we just set up um that this is the clone so if you type if config on the cloned copy we just want to get that ip address so it's 10 0 2 dot 6 so if we wanted to connect to that machine we would have to type ssh the name of our user at 10 0 2 6 right was it 2 6 okay so that'll get you in say yes I want to connect and the password of the local user on the machine you're trying to connect to and now we're in we're connected but that's not really what we want we want to copy our key to that machine's authorized keys file so you can use just go back up and then go to the beginning and say ssh copy-id that's all you need to do enter the exact same command with just slightly different when you type your password this time correctly correctly type your password what it did that time was instead of connecting to the machine it put your key into the authorized keys file of the remote machine what that means is next time you go to connect those connect because you're authorized so now you don't have to type the password anymore the only time you type the password is ssh agent ssh add you add your key and now anything you do the rest of the day or any time you're logged into the ssh agent session you don't have to sign in anymore to your servers if they have your authorized keys which is super helpful if you do an automation stuff like we're about to show with Ansible because you don't want to have to keep logging into all these machines especially if you're controlling them all at the same time so now that we have it doing that we can download i've made a playbook for you so if you were to get the playbook it's at fetch http bsd.pw ansible directory tar gz that downloads it to extract you just do tar and then this X so we have xzvf we want to extract it we want to unzip it because it's gzipped that's the gz stands for so extract the archive unzip it and we'll want to tell it to do all that to this file ansible directory tar gz so that tears it all apart and now we have if we do tree ansible we should see this nice little playbook so it has a configuration file group variables host file so the host file is the first thing we're going to look at so the host file let's get out of there the host file is in so we're going to cd into ansible just to get into that directory okay here's what's in here a couple of directories so what we want to do is we're going to vim that host file and you'll see that I have a common and a pudger common is for stuff that I do commonly among computers it's mostly the free bsd stuff or the python stuff I'll show you those and then pudger so I want to switch both of those for that 10 0 2 6 so in vim you can do that with substitute so you do colon percent s for substitute and then you start typing what it is that you want to substitute so I want to take that and it'll highlight it as you type it and then I want to switch it with this and I don't want to do that just once I want to do that globally and I want to do that whole file and that'll change it okay so our host file now knows about these things but what are those right those are roles so if you look at ansible those things in roles and it has these things called handlers and so a role has a common it has a name and the name can have these different subfolders I typically use these folders to do different things services tasks are all the things that you would normally do edit a file, download a package whatever you need to do and then templates are like I have this file can you just put it into place and if there's any variables in this template file put the variables in first and then put the file into place so I would use that typically for my DHCP server I need to give it certain settings and it's a big long configuration file so I go in the configuration file and I put all the places where my settings are and put some variables for things that I want to make easy to change but that's a high level overview we will dig into these what we're doing in this machine is the common task is saying make sure you have python because ansible uses python so this bootstrap command is all about running python running on the machine using just literally typing package install the right version of python and we'll look at that file here real quick so that's a roles common, tasks bootstrap you'll see that it has a name a raw become and a changed win the raw is what it's going to type so it's literally just going to type sudo package install python 3.7 that is oh yeah this is an ansible configuration file ansible does all its configuration and yaml files like this so in order for ansible to work it needs python because the remote machine needs python it installs it for you the same way you would so it will go to your host log into the machine and it'll type that command for you so then now the computer has python on it this is an older version of python because this so we can change that number here to like 9 probably a better version or 10 even python 3.10 is probably where we're at actually right now so you can change that to 3.10 if you want the become that means be sudo changed win false means tell ansible this command succeeded ansible usually knows if a command has succeeded or failed but it uses python to do that so this is the only one the raw module doesn't have that capability so you change when false just says just tell ansible this thing worked because it doesn't know if it worked or not so just assume that it worked because I mean that should work just fine so we'll do that and then you'll see we had this freeBSD update so you remember earlier we updated freeBSD here's what that looks like in ansible so ansible you can give it the shell module which means run this command like I was on the shell it's kind of like the raw module but it uses shell which means you can do stuff like double ampersand they do have one called command but command just runs commands it doesn't know what this means so if you do shell then it'll go okay I'm gonna do this one and then I'm gonna do this one and then I'm gonna do that one the reason I put them all together like that is because that's how I usually type it anyways and this is just how I update my computer that updates freeBSD this updates your packages and that upgrades all the packages so that'll bring it all the way up to date so that's why when I first connect to the machine I usually run that so become yes that means I want to be sudo otherwise it won't work basically it would be like me typing the command without sudo and it wouldn't work the SSH config is a pretty straight forward one this was specifically for the the computer the freeBSD sometimes when you use freeBSD in a hosting provider they'll install it for you right so I was using digital ocean and they installed this for me the SSH by default on digital ocean allows root login without password so they can login if they have like a key or something but I don't want root login on my server ever so I'm looking for that root login so I'm doing a regular expression let's find a line that's what this upstart the little care it starts with so it says start the line has to start with permit root login without password if it does delete it and replace it with this and don't back it up permit root and then this is a new one notify restart SSH so a notify calls a handler and a handler restarts like I was telling you it'll restart services or things like that so if I was to look at um handlers you'll see that we have a restart SSH in here all a handler does is it just says there's a service called SSHD and the state of it needs to be restarted be root and you're listening if something notifies restart SSH if the notify has the exact contents of restart SSH this will listen for that so this is only ever triggered if a notify gets called this will happen SSH will restart and then it'll have the new settings and it'll be ready for the next thing the um that's it so that's what the common role does so on all free BSD systems I typically do that so I have that in a common role and it'll set up them all up now specific to pudger I made a role for that there's really only a few files there's the pudger and the package list so the package list should look familiar um pudger templates package list this is just the um the category and then the port name um we had multimedia ffmpeg you can hear it looks like I put uh um some graphics thing maybe I'll just change that to uh we'll just set it to what we were looking at earlier multimedia ffmpeg cool and then um the other things that are in there we had a um a task that's really the only other thing to worry about these main files just include other files so you don't really have to worry about them um so I'm just going to do um the pudger task okay what does pudger do um there's a tool called rsync and you can sync from a remote server to your server or from your server to a remote server in this case why would we use ansible for pudger um because you can automate the whole thing you could change the host file you could rent a server from somewhere run it for an hour and this server could be from digital ocean or something it could you could have it cranked all the way up it could be a really expensive server if you run it monthly but if you're only running it for an hour perhaps it's only cost a quarter or 20 cents or something so you could build an extra powerful server build all your packages and ports on it in record time and then use rsync to sync them down so first we need rsync though so we'll get rsync and then we'll get pudger you can combine these two together you can do you can have a name of a package and then a list of of packages for it to install um I do have I did explain that a little bit in my um if you go here bsdpw you'll see at bsdcan this year I did a ansible playbooks to automate deployment of various services on free bsd here's all the code from that this one has more of some more tricks in it installing packages with multiple with a whole list of packages all at once and different things so if you wanted to grab this ansible code that's probably a good one it's got a lot of a lot of good little tricks in here um so um quick and show you they had a router and then a web app I think router is probably the right one and then um where is it projects bsdcan ansible router and then we had um roles right and then a router and then a task and then probably this one it would show like here's how you install multiple items you say package you put in quotes item and then you say with items and you put a little dash in the items below it so that'll install multiple packages all at once and I can make that bigger so yeah that's a cool trick you don't have to type it all one at a time like I had on here um but you know as we learn we have a new update so I have pudrear and rsync and just like we did before but instead of typing makedir we type file so and the state of directory so I just need a directory user reports dist files and then I also need a directory user local pudrear okay and then I need to configure pudrear so remember we opened up the comp file we looked for freebsdhost we added download freebsd.org to it well that's exactly what this does and same thing we're looking for something that starts with a commented out z pool and it's setting it how it's supposed to be and then it did the pudrear jail command like we did and the pudrear ports command this one puts the package list onto the remote server in their home directory and then this one builds this one will download so this is the end so after it's all done building on a powerful server you do your download packages here and to use rsync you just use the module called synchronize and so synchronize you want to pull so pull remote to here the source is the pudrear data packages and the destination is roller home packages or wherever I want and now all I'd have to do is set my package repository to point to that folder and I'd have it all ready to go and I could go and erase that so you can even add into these commands that will create the server for you and then delete the server for you I never really got into that because I keep switching providers there's digital ocean, vulture linode and they all work differently so if you come up with some really fancy code and then they change something then you'll have to come up with more fancy code so I kind of just do that part manually right I'll go create the server I'll add my ssh key and I'll put the ip address in my host file and I'm done so let's try this so how do you run a playbook you say ansible playbook you can put a dash with two v's you can see more of the output you don't have any v's for verbosity but you can do a whole bunch of v's if you want to see more stuff I think two v's is practical it shows you just enough and then you give it the name of the playbook so our playbook is called playbook where what oh yeah when I fetch the ansible folder yeah fetch is a command so man fetch fetch is just a command that downloads things it's like wget on linux yeah I don't think I don't know if we even have wget yeah there's a wget but it's fetch is really the it's just included we didn't have to install it it already came with previously so it gave us an error when we tried to connect so let's first just double check that we actually can connect okay we can so it wasn't mad about so it's saying oh it's because there is no okay that's fine if you notice it's trying to connect to my machine using the default name that DigitalOcean sets its user to so DigitalOcean usually calls its user FreeBSD so all my stuff is based around DigitalOcean because that's typically where I push everything but a month ago they stopped supporting FreeBSD so you can still use FreeBSD on there you would just have to probably export the digital box image to a file upload the file to DigitalOcean and create a droplet from that file and then set up all the network settings yourself I don't know why they removed support for it but they did so you can still use it but it's not an option in the menu anymore but how do we change that so anything that's different between computers it should probably be a configuration so you can set those up in groupfars all config all of the things that need to change so I had like a port name here now we didn't use that port name but we could have if we wanted to use that and then deploy users obviously FreeBSD so let's first change that to roller because that's what it was supposed to be and then we didn't actually use port name anywhere but if we wanted to use port name somewhere I mean we could have did it in Poojir role templates and then we had that package list to use a variable right you would just say what was that package I think that's what they were calling it or package name or what would I call it package name a port name so I did port name there so if you want to use variables you can throw them inside of like that and it'll basically before it puts this file in a place that'll go through read this put whatever the variable was in into the file and then it'll transfer to the computer so now if we were to run it Ansible playbook double V now it's saying it's still trying to connect as the reason why in this particular case is the the playbook itself has a it's not in the playbook it's in the config okay there's only a few files in here right see that first one Ansible.cfg I think that's where it is yeah it was in here as well you don't need it in two places and then we did change you can make a variable I usually do make a variable that's called Python version you'll see that in my other playbooks that should be the trick though now so it'll connect to the machine it's bootstrapping Python basically it's installing Python and then now it's trying to do the freeBSD upgrade and then the um yep that was also a problem the um it's using 3.10 now which I mentioned but I forgot to change so yeah we'll just run it again and the cool thing Ansible you can either run it again and it'll do everything again you can also um so I'm just gonna cancel it real quick it was in the middle of installing Pudera right so I can run it all again and it'll go check if it doesn't need to it won't do a bunch of the things that it just did um so if we look at the um the soft keyboard let's pull up the pause break here scroll up a little bit ok so if you were to look install rsync ok it went through install the package disable root ssh logins it did that it actually didn't need to change anything because this didn't have that um configuration like the dilution did so it looked it didn't find anything that need to be changed so it just said change false um the previous D update ok so if you wanted to skip directly to a um oops let's pull it back up sorry make sure you turn off the pause break if you enable it ok you just give it the name so you just say you go up and then say dash dash start at task equals the name of the task install poo it'll start there so it'll skip all the other stuff and start there the other one you can do is you can add dash dash step step is cool because every time it does something before it does it it'll ask you if you want to do it so this is good if you're making sure your stuff works but you don't want to run everything and you just want to make sure it works so no I don't want to do that you know right um yes right you can change whatever you need to change um if you um if you hit see it'll continue like you didn't type step um but yeah you can just keep trying um no yes no so yeah um that's kind of what I would recommend is is step and um start at task are really helpful when you're creating playbooks because once they work then you don't have to do anything you just run the playbook it does all this stuff but in the meantime while you're figuring it out you can step through it you can start at a certain task um and that's kind of what we use it for um you know just to control machines the same way we would control machines but in a little more automated fashion um so does anybody have any questions about Ansible it's very similar to this program called salt um there's many other configuration management programs that do pretty much the same thing which one I haven't used that chef I've heard of where did I heard of chef yeah I've heard of chef and they have recipes and stuff yeah so chef is similar so yeah any type of configuration management tool should be able to do the same type of thing but it's really just to get you out of the terminal typing the commands manually on the machine it's more of a we know the commands work so let's just edit the host file and tell it what machines we want to control and then then then you kind of can step away from the whole thing and have really good automation and um what I like to use it for is um I have playbooks that set up my whole stack and all my services and everything so when I want to make updates to it I could go into the systems and upgrade Python and then Python has packages that need to be upgraded and then FreeBSD needs to be updated and FreeBSD needs to be upgraded and all these things or I could create a new server run my program on it and it will put everything in place where it needs to be but it will get all the newest versions of everything so I can just make sure it works and then delete the old one um typically with my systems the only unique part is the database so I run a script that will use that synchronize thing it will go in it will tell the database to back it up the database will be backed up but it will be on a file on the remote server it will use synchronize to pull it down and then it will delete that file and now I've got the server backed up and then I can restore the server to my new machine make sure everything is working and erase the old one and that's typically how I like to do it um and the cool thing FreeBSD has a solution called Carp which we can we can look at the um uh yeah Carp so you see user level common address redundancy protocol that's interesting but anyways um what Carp does is it you can give multiple servers the same IP address and set one is like the master and then that way you don't have to change any configuration settings um upstream you know we could have things that think your database servers at this address and that is where your database server is but maybe you've got four of them and um Carp will just make it so that the upstream doesn't have to worry about any of that stuff upstream just has their configuration file pointing at 10.0.2.6 and that's all they care about and you have five servers called 10.0.2.6 because you can do that with Carp which that's what makes FreeBSD so cool is you'll hear a lot of these technologies just coming up all the time and they're amazing Kubernetes and all these things well what do they do and then when you I mean if you can implement the same things and very common easy to understand FreeBSD why not just stay over here and do it this way especially since some of the best performing clusters I've ever seen are FreeBSD machines they're just incredibly powerful and they're usually ran by a small team because you don't need this giant team to manage these things because there's a small handful of configuration files that does everything and it doesn't seem like it'd be that powerful but that's what I love about it is as it gets more complicated and you learn more things and you go further down the rabbit hole you bring all this complexity with you if you document it like this um but your documentation runs so Ansible just makes your documentation on how things work actually become the thing that makes your code run and so you don't you no longer do you have to worry about how did I do let's encrypt I don't remember how I got the HTTPS certificates or whatever so that's why I brought this computer so I'll just show you now this before we close out here this is my FreeBSD laptop and this is where I do all these things regular basis um and kind of just give you a quick overview of what you can do with this software and why I think it's so cool because what you've learned so far is how to create an operating system and install a few services maybe a desktop maybe I want to customize some of the programs but you've got enough pieces now where you can start to learn how to do something in Linux or learn how to do something in Windows or some completely different environment and you can kind of see I can probably do that over here um and once you start to play around over here the implementation becomes much nicer actually when you look at it at the end of the day I think the I heard it said that FreeBSD the idea behind it is really a few tools you can learn to do everything and that's what makes you so powerful and I really like that idea and that's really what Drew was trying to say at the beginning was the stability of it isn't just around it's it being super fast and reliable it's also around it being understandable so that you can step back into a very complex process but actually pick up where you left off and not be too confused about it so I'm gonna start X this is my personal laptop I use it to develop Python code this would be I've developed Python that's my dog he's cool I've got four of this they're waiting at the window probably right now for me like where did he go but this is what this looks like so this is PyCharm you can use it to you know control your code you can do all stuff on the command line too but PyCharm has just got a nice interface but essentially this is all the same stuff I was talking about Ansible with the roles and it has different things like a web server and database and but this database is using MongoDB just because it's so simple so I just want to show you real fast how powerful this stuff is because there's no reason why you can't build full on websites with these things like this so here's a website I built this connects to an API you put your email in here you put your email in here that'll connect to MailChimp's API and it sends your email address across MailChimp and if you look over here to services we had a service called a mailing list that's all it really did it was it grabbed my API keys from MailChimp and it just needs the the groupings which is this is just some MailChimp settings but essentially what it really needs is the email so it grabs the email it strips it and makes it lowercase if we wanted to we could be grabbing their name and address and stuff but I set those to blank but yeah that's really and then it'll call the API it'll try to call their API and subscribe the user so it gets you to this place where you can have these very understandable project that you build in Python but then it just runs so good on FreeBSD because how do you get this to run it's you just go here and you say okay I just need to run a couple of commands set up my server maybe do some git stuff right I have a git repo and it has a key file and copy a few things into place and start some services and the coolest thing here is this one right here so you're seeing this template using gUnicornRC I down here am running Python dash M and that's how I'm running my app if I wanted FreeBSD to do that for me every time the computer starts you just create a file and you put it in the right directory and it'll do that for you so the file looks like this these are FreeBSD start up files they are called RC scripts but essentially you just put the different little pieces let me close this things up so you put this is that command right there it's dash W gUnicornWorkers and it's got the time out and then the main app so it's running the same command but there's a plenty of other things right like it's changing to that directory it's using this username it's using that group it's logging to this file it's running as a demon in the background there's a few extra things you can do but essentially you just give it a name on what you want to call it so when you do service restart or that's the name that you would use service gUnicornRestart so you give it the name that you want to call it and then you just say that this is a Python it's using the Python from the virtual environment so go into the username of the person and all these variables come from that config file so before this goes on to FreeBSD Python comes in Ansible reads this puts all the variables into here and then throws it on to the machine so when FreeBSD sees this file it looks a little bit more like this actually so okay so I'm logging into that machine and I want to look at that file and that file is what user local at crc.d gUnicorn and you'll see it read through and it placed every little piece with FreeBSD projects coach Aaron so it found my project directory it found the username everything it just puts it where it's supposed to go so that's what's cool about these things is very flexible and that way you don't have to invent new ways to run your software you use the same ways the ports to use is to run any software why not have your custom app also use the same infrastructure so that FreeBSD is just really cool that way and you can kind of tap into things and yeah so that's kind of where I'm at and I thought I'd just show you that you can build really cool piece you can build really cool I don't think I'm running my server right now really cool pieces of functionality and build websites with databases that pull information and you know these are all you know right now this is what BSDPW is going to end up being like I just don't usually build tools for myself I build them for friends and people but eventually I will build one for the BSDPW website so it's more of a right now it looks more like a blog you know just pretty basic but I'm going to be switching it over to more of a full python web app soon and my idea for it is just to be the place where you learn all these things and as I go down more rabbit holes and learn more things I'm getting into salt next so I'll be making salt how to do stuff with salt and different things like that so if you're curious I will be updating this playlist but basically these last three are on my channel the YouTube channel these top three or this is the FreeBSD channel and this was a conference I did so if you want to learn a few more things check this out also it will be updated going forward and I hope to have more of a full on project pushed over there as well and yeah make sure you check out this talk when it comes out that was pretty cool just about how I have my you know we've all been at our houses and how have you set up your house to be a little more friendly so I teach you kind of how I have my router set up and run my gateway and my firewall DNS DHCP those kinds of things yeah so if there aren't any if you have any further questions you can always get a hold of me you can either click this contact here at the top but the easiest way my email is just roller at this website so yeah roller at bsd.pw is me so if you need to send me an email that's where you do it and I look forward to hearing from anybody if you have any questions and I've heard of people using Jenkins I believe FreeBus even has a FreeBus the Jenkins for building stuff a public one that you can look at I think I've seen it that they use for building stuff they have a wiki on what they're using it for yeah so I mean Jenkins is pretty universally can use it with most anything and so here's some information about it and presentations and stuff like that but yeah I hope you guys got the bug like I do I mean I had a lot of anxiety trying to show this stuff to people originally because I was like this is just how I do it I don't know if this is the right way to do it or not but it works and typically on the internet you'll get people replying to you being like ah you're doing that all wrong but they don't tell you how to do it right they'll just say you're doing it all wrong on some forums somewhere like Quora usually is where I hear weird stuff from people about FreeBusD I'll try to answer a question on Quora and they'll be like you can't update and upgrade FreeBusD with that long command you're gonna just delete all my port configurations that's because you're installing all your stuff from ports because you don't understand why you're installing stuff from ports because if you did you would be building your own repository outside of the machine you're using and this wouldn't be a problem so you start to run into those kind of things like if you set it up how I do you won't have a lot of these problems so that's why I decided I'd get out and start teaching people because I didn't just learn all this stuff I learned from rabbit holes in trying and then a lot of these books are super helpful but there's so much more in these books that I haven't shown and so that's why I recommend them I'm using at Helm for my firewall the book of PF it's called packet filter firewall it's super super powerful SSH and then this networking for sysadmins is a really good book because it just helps you get your head wrapped around stuff that you should care about and it's thin enough that it doesn't cover a bunch of random stuff it's really built for system administrators but yeah I can just show you stuff all day I love this stuff I run Plex on my servers if you don't know what Plex is check it out radar sonar all kinds of cool things that you can install to automate your media server life Plex P-L-E-X what this does is you tell it the folder and the type and then it handles the metadata so I say my movies are in my movies folder and it goes alright let's see what's in there and then it goes oh I there's a database that has all the information about this movie and a picture and a description and it looks like Netflix so it'll kind of turn your thing into something like that so you have music library it'll crawl through all of your music and make it look pretty you can download it to your phone and stuff so it does a lot of the cool things that you don't want to do so yeah I use this for all my media stuff and there's some tools that you can also install to help out with that but yeah I would just highly recommend that and which one flute oh no I build all my mobile apps how do you spell it? oh wait flutter dating okay I think I'm on the wrong one cheers welcome to flutter oh no oh okay build apps for any screen and what are they okay so you're creating an app no that's interesting no I'm doing all my stuff just using stuff like this so this is fantastic this tool somebody built during COVID because they're bored and they don't want to go crazy but this guy is brilliant and he did the coolest javascript stuff you've ever seen basically I was showing it a little earlier but so you can start your app and it does stuff like this so it does HTML over Ajax in the background so you kind of get like a HTML API I guess you would call it so if I logged in as the admin the admin could come to the videos page and see the library videos and add a new category they could just click that button and this form comes directly from the Ajax API so it calls Python, Python responds with HTML and it goes right here on the page what's cool about that is the HTML that goes back on the page you can control too so I can just edit and add something change this right who's the author roller angel whatever when I hit save it takes that data puts it right back on to the page it's probably easier to see over here so like the previous day it just puts it right back on the page updates in the database and puts it on the page it does cool stuff like that what an amazing tool because to install it you just have to include one file HTMLX that's all it needs and you just do an Ajax Git or an Ajax post or whatever and the URL that you need it to do that from and it just makes building websites amazing for that reason because it gets you away from the idea of your admin has to go to the admin section to do stuff and they can only do stuff on a backend admin screen right it gets you that idea of well why can't the admin be looking at something they want to change and just change it so that kind of gives that's what that's all about you can delete and add put a new Python video in here or whatever so this isn't really Python video but I'll just show you you know put the link for YouTube in there and the thing I did was YouTube has different links I only need this part I don't need the whole thing and also YouTube does this thing where if you hit share that has this link too so there's two different links you have to worry about here but so it could either end with the ID or it could have the ID as a query string so to deal with that you can go to the view model here and just find the one for the video and find the one for the ad video and all we're doing is we're creating a URL class because there's this package called Yarl so it makes searchable URLs so you give it a URL and you call it so now it becomes a URL basically and then I can just say query.getV and that will give me the video ID if that didn't get set because it didn't work then just do the path but don't start with the slash start from after the slash so you just put a little one there this is called slicing on Python you can tell it to start one in and go to the end you can also go to reverse you can do with slicing to grab just a certain section it's kind of like paging in a database where you just want to load a certain number of results and just grab just those so that's kind of what slicing does but yeah, that's why I love pythons and along with FreeBSD and all these things is because you can start to get a very understandable very powerful piece of technology that is reproducible with Ansible and configuration management and it's stable as hell because it's running on FreeBSD and you know it's secure and you know when you update it in all the packages it'll just work and you know I mean usually I just keep pushing updates on my servers for years and they just keep being happy because they're not running very many packages anyways to keep all this running so low resource utilization, super high performance and easy to understand you step back into it and you're like I see what's going on here and if you don't remember that's what your Ansible has all your configuration in there you know, here's what my configuration files look like for this whole website, right? I needed to give them a fully qualified domain name I needed to set the projects directory I needed to give it a Python version because in this particular one I made Python version go and replace that number all over the place because as you saw earlier I had it where I forgot to update it so projects that I actually use on a regular basis that features in there where it actually takes the version and puts it where it's supposed to go and things like that and none of this is secret this is all fine, I could show it to you, it's fine the secrets are here and they look like that and it's Ansible you do Ansible playbook in your command but you can do pass and you give it the password to decrypt the vault that'll decrypt this file and all the API keys or database passwords or whatever you needed with your app, this secret that you didn't want to set somewhere that's where you can keep it it'll stay with your code, it'll live with your code but it's not accessible until you decrypt it and you only need to decrypt it when you create this thing and you push it out there and that kind of stuff but yeah, any more questions? great, thank you