Wednesday, January 28, 2015

How To Add Swap on FreeBSD Unix Systems

I need additional swap space to improve my FreeBSD Unix server/desktop performance. How do I add a swap file to FreeBSD system using command line options without creating a new partitions? How do I encrypt swap space on a FreeBSD Unix server for security purpose?

A swap is nothing but space or file on a disk that can used as virtual memory. In FreeBSD and Unix-like operating systems, it is common to use a whole partition of a hard disk for swapping. When a FreeBSD based server runs out of memory, the kernel can move sleeping or inactive processes into swap area. A dedicated Swap partition goes a long way to avoid system freeze but if you notice you are running out of RAM or your applications are consuming too much of it then you may want to setup a swapfile. This guide helps you add a swap space on FreeBSD based Unix server.


How do I add swap on FreeBSD version 9 or older?

You will create the swap file by typing the following dd command as the root user:
dd if=/dev/zero of=/root/swap.8G.bin bs=1M count=8192
This should create an 8GB file called swap.8G.bin in /root/. To make sure this worked you can type:
ls -alh  /root/swap.8G.bin
 
For security reason set the permissions, run:
chmod 0600 /root/swap.8G.bin
ls -alh  /root/swap.8G.bin
 
Sample outputs:
Fig.01: How to create a swap file on FreeBSD version 9.X and Earlier Commands
Fig.01: How to create a swap file on FreeBSD version 9.X and Earlier Commands

How do I activate swap space on the boot time?

To add this to your rc.conf you will type:
echo 'swapfile="/root/swap.8G.bin"' >> /etc/rc.conf
If you want to see if it is there in your rc.conf you can type:
tail /etc/rc.conf
Reboot the system:
 
reboot

A note about enabling the swap file immediately without rebooting the system

If you want to apply the swapfile immediately type the following command:
## Enable swap space ## 
mdconfig -a -t vnode -f /root/swap.8G.bin -u 0
 
## Find out configured devices i.e. swap device name ##
mdconfig -l -v
 
## Turn it on ##
swapon /dev/md0
 
Sample outputs:
Fig.02: FreeBSD find out swap device name created/attached with the mdconfig command
Fig.02: FreeBSD find out swap device name created/attached with the mdconfig command

To see details of your swap information type:
swapinfo -k
swapinfo -k | grep '/root/swap.8G.bin'
swapinfo -h
 
Sample outputs:
Device          1K-blocks     Used    Avail Capacity
/dev/ada0p3       1048540     736K     1.0G     0%
/dev/md0          8388608       0B     8.0G     0%
Total             9437148     736K     9.0G     0%

How to set up swap file on FreeBSD version 10.x or later

First, create the swap file (128M) using dd command:
dd if=/dev/zero of=/root/swap1 bs=1m count=128
Set the proper permissions on the new file for security reason:
chmod 0600 /root/swap1
Edit /etc/fstab, enter:
vi /etc/fstab
Add/append the following line:
 
## md42 will be assigned by system, use any unused device name (run 'mdconfig -lv' to get list of attached memory device names) ##
md42 none swap sw,file=/root/swap1 0 0
 
If you want to see if it is there in your /etc/fstab you can type:
tail /etc/fstab
Now, swap space will be added on system boot time. To add and activate swap space immediately, run:
 
swapon -aq
 
To see details of your swap type:
 
swapinfo -k
 
Sample session from my FreeBSD10 based server:
Fig.03: How to add  a swap file on FreeBSD version 10.x and Later
Fig.03: How to add a swap file on FreeBSD version 10.x and Later

A note about securing and encrypting swap space on a FreeBSD server

Encrypting swap space can avoid leakage of sensitive information such as passwords and other data in memory.

Procedure to encrypt swap file

Type the following command to create a swap file called /root/en.swap0
# dd if=/dev/random of=/root/en.swap0 bs=1m count=64
# mdconfig -a -t vnode -f /root/en.swap0
# geom eli init md0

Sample outputs:
Enter new passphrase:
Reenter new passphrase:
 
Metadata backup can be found in /var/backups/md0.eli and
can be restored with the following command:
 
 # geli restore /var/backups/md0.eli md0
 
Attach md0, enter:
# geom eli attach md0
Turn on encrpted swap file:
# swapon /dev/md0.eli
Verify newly created swap space:
# swapinfo -k
Sample session:
Fig.04: Encrypting swap file on a FreeBSD 10.x server
Fig.04: Encrypting swap file on a FreeBSD 10.x server

This hack is a little ugly but works. I strongly suggest that you use encrypted swap space as described here.

How can I disable devices and files for paging and swapping on FreeBSD?

Type the following command to disable /dev/md0 swap space:
# swapoff /dev/md0
# swpainfo -k

How can I display swap usage summary on FreeBSD?

Use the top command:
# top
Sample outputs (look for Swap in outputs):
 
last pid:   874;  load averages:  0.47,  0.32,  0.27                                                                                                                                                                                                    up 0+00:34:48  16:52:35
22 processes:  1 running, 21 sleeping
CPU:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
Mem: 14M Active, 13M Inact, 104M Wired, 80M Buf, 1841M Free
Swap: 1216M Total, 1216M Free
 
  PID USERNAME    THR PRI NICE   SIZE    RES STATE    TIME    WCPU COMMAND
  721 root          1  20    0 25328K  3704K select   0:00   0.00% ntpd
  755 root          1  20    0 86084K  6896K select   0:00   0.00% sshd
  765 root          1  20    0 23980K  5188K select   0:00   0.00% sendmail
  758 root          1  20    0 23492K  3452K pause    0:00   0.00% csh
....
..
 
You can also use pstat or swapinfo commands:
# pstat -s
OR
# swapinfo -k
You can also use vmstat/systat commands:
# vmstat
# systat swap

See man pages for more info:
$ man vmstat
$ man systat
$ man top
$ man swapinfo
$ man pstat

0 comments:

Post a Comment