Update on using Graphite with FreeNAS

A while back, I posted on using Graphite with FreeNAS. Well, there have been some changes with the recent versions, and this makes integrating Graphite with FreeNAS even easier, so it's time for an update. This applies to FreeNAS-9.3-STABLE.

FreeNAS collects metrics on itself using collectd. This is a nice program which does nothing but gather metrics, and gather them well. FreeNAS gathers basic metrics on itself - cpu, disk performance, disk space, network interfaces, memory, processes, swap, uptime, and ZFS stats, and logs it to RRD databases which can be accessed via the Reporting tab. However, as nice as that is, I much prefer the Graphite TSDB (time-series database) for storing and displaying metrics.

Previously, I was editing the collectd.conf directly, but since the collectd.conf is dynamically generated, and I'd have to add the same block of code each time that happened, I decided to move my additions to the collectd.conf into files stored on my zpool. I then just use the include directive added to the end of the native collectd.conf to call out those files. So, at this point, all I add to the native collectd.conf is this line:

Include "/mnt/sto/config/collectd/*.conf"

This makes my edits really easy, and allows me to create a script to check for it and fix it if necessary - more on that later.

In the /mnt/sto/config/collectd/ directory, I have several files - graphite.conf, hostname.conf, ntpd.conf, and ping.conf.

The graphite.conf loads and defines the write_graphite plugin:

LoadPlugin write_graphite
<Plugin "write_graphite">
  <Node "graphite">
    Host "graphite.example.net"
    Port "2003"
    Protocol "tcp"
    LogSendErrors true
    Prefix "servers."
    Postfix ""
    StoreRates true
    AlwaysAppendDS false
    EscapeCharacter "_"
  </Node>
</Plugin>

It's worth mentioning that some of the other TSDBs out there accept Graphite's native plain-text format, so this could be used with them just as well. Or, if you had another collectd host, you could use collectd's "network" plugin to send to those.

The hostname.conf redefines the hostname. The native collectd.conf uses "localhost", and that does no good when logging to a graphite server which is receiving metrics from many hosts, so I force it to the hostname of my FreeNAS system:

Hostname "nas"

In order for this to not break the Reporting tab in FreeNAS (not that I use that anymore with the metrics in Graphite) I first need to move the local RRD databases to my zpool by chcking "Reporting Database" under the "System Dataset" in the "System tab:

I then go to the RRD directory, move "localhost" to "nas", and then symlink nas to localhost:

lrwxr-xr-x   1 root  wheel       3 May 19  2015 localhost -> nas
drwxr-xr-x  83 root  wheel      83 Dec 20 10:23 nas

This way, redefining the hostname in collectd causes the RRD data to be written to the "nas" directory, but when the GUI looks for the "localhost" directory, it still finds what it's looking for and displays the metrics properly.

The ntpd.conf enables ntpd logging, which I use to monitor the time offsets on my FreeNAS box on my Icinga2 monitoring host:

LoadPlugin ntpd
<Plugin "ntpd">
        Host "localhost"
        Port 123
        ReverseLookups false
</Plugin>

Finally, ping.conf calls the Exec plugin to echo a value of "1" all the time:

LoadPlugin "exec"
<Plugin "ntpd">
  Exec "nobody:nobody" "/bin/echo" "PUTVAL nas/collectd/ping N:1"
</Plugin "ntpd">

I use this on my Icinga2 server to check the health of the collectd data, and have a dependency on this check for all the other Graphite-based checks. This way, if collectd breaks, I get alerted on collectd being broken - the actual problem. This prevents a flurry of alerts on all the things I'm checking from Graphite, which makes deciphering the actual problem more difficult.

So, I define the Graphite writer, I change the hostname so the metrics show up on the Graphite host with the proper servers.nas.* path, and I add two more groups of metrics to the default configuration. These configuration files are stored on my zpool, so even if my FreeNAS boot drive craps out (which actually happened last week) and I have to reload the OS from scratch, I don't lose these files.

Since I'm only adding one line to the bottom of the collectd.conf file, it becomes very easy to check for my additions, and if necessary, add them. I have a short script which I run via cron: (the "Tasks" tab in the FreeNAS GUI)

#!/bin/bash

# Set the file path and the line I want to add
conf=/etc/local/collectd.conf
inc='Include "/mnt/sto/config/collectd/*.conf"'

# Fail if I'm not running as root
if (( EUID ))
then
  echo "ERROR: Must be run as root. Exiting." >&2
  exit 1
fi

# Check to see if the line is in the config file
if grep -q Include $conf
then
    : All good, exit quietly.
else
    : Missing the include line! Add it!
    echo "$inc" >> $conf
    service collectd restart
    logger -p user.warn -t "collectd" \
         "Added Include line to collectd.conf and restarted."
    echo "Added include to collectd.conf" | \
         mail -s "Collectd fixed on NAS" mymyselfandi@example.com
fi

If I reboot my FreeNAS system, the collectd.conf gets reverted. Not a huge problem if I can wait no more than 30 minutes for my cron job to run, but in 9.3, I can do even better. I can call the script at boot time as a postinit script from the Init/Shutdown Scripts section of "Tasks":

 

This way, when I boot the system, it runs the check script, which sees the missing Include line, adds it automatically, and restarts collectd so it resumes logging to my Graphite server.

This setup has proven to be wonderfully reliable, and unless/until native Graphite support is added to FreeNAS, should keep on working.

How to use tip tinner

So a buddy who knows things about how to solder told me I had to get tip tinner. Perfect, I got R&R Lotion tip tinner. (fun side note - when you get a notification on your phone that your "R&R Lotion..." shipped, it might not be what first comes to mind.) So I got it, it comes with no instructions. Looks pretty simple, but hey, I don't know what I'm doing, and I tend to not just guess, especially when I just shelled out good money for a nice adjustable soldering station. So, I search, and I found this, the best and simplest guide to using tip tinner that I found. It really is pretty easy.

Creating an access jail "jump box" on FreeNAS

If you wish to have external access to your network through SSH, it's a very good idea to have a very limited purpose "jump box" with the only external access, with that then tightly limited as to whom can log into it and what they can do when they get there. Here is what I've developed using a jail on a FreeNAS system.

I've stolen some ideas from DrKK's Definitive Guide to Installing OwnCloud in FreeNAS (or FreeBSD)

1. Start with the latest version of FreeNAS. I'll leave it up to you to figure that part out.
2. Create a standard jail, choose Advanced mode, make sure the IP is valid, and uncheck "VIMAGE"
3. Log into the jail via "jls" and "jexec"
   jls
   sudo jexec access csh
4. Remove all installed packages that aren't the pkg command:
   pkg info | awk '$1 !~ /^pkg-/ {print $1}' | xargs pkg remove -y
5. Update installed files using the pkg command:
   pkg update
   pkg upgrade -ypkg will likely update itself.
6. Install bash and openssh-portable via the pkg command:
   pkg install -y bash openssh-portable
    
7. Move the old /etc/ssh directory to a safe place and create a symlink to /usr/local/etc
   mv /etc/ssh /etc/oldssh
   ln -s /usr/local/etc/ssh /etc/sshNOTE: this step is purely for convenience and is not necessary but may avoid confusion since the native ssh files won't be used.
8. Make sure your /usr/local/etc/sshd_config contains at least the following:
   Port 22
   AllowGroups user
   AddressFamily inet
   PermitRootLogin no
   PasswordAuthentication no
   PermitEmptyPasswords no
   PermitUserEnvironment yes
9. Enable the openssh sshd and start it:
   echo openssh_enable=YES >> /etc/rc.conf
   service openssh start
10. Verify that openssh is listening on port 22:
    sockstat -l4 | grep 22
11. Create the users' restricted bin directory:
    mkdir -m 555 /home
    mkdir -m 0711 /home/bin
    chown root:wheel /home/bin
    This creates the directory owned by root and without read permission for the users.
12. You can create symlinks in here for commands that the users will be allowed to run in their restricted shell. I prefer to take this a step farther - since it's only a jump box, its only purpose is to ssh in, and ssh on to another system. I further restrict this by creating a shell script wrapper around the ssh command which restricts the hosts that the user can login to from the jump box.
    
    If you have half a clue, you'll wonder how this prevents them from ssh'ing to another host when they get to one that they are allowed access to, and the answer is, if they have the permissions on that host - it doesn't. So it's not a fantastic level of security, but I wanted to see if I could do it. You'll also notice that you need to create a file /home/bin/sshauth.cfg which has the format of "username ALL" or "username host1 host2 ..." which dictates access.
13. Symlink in the "logger" command to the /home/bin directory:
    ln -s /usr/bin/logger /home/bin
14. Create the user group "user" (as called out in the sshd_config above) so the users can log in:
    pw groupadd user
15. Create the users with each home directory under /home, with the shell /usr/local/bin/rbash, no password based authentication, and the group created in the previous step.
    adduser
16. Change to the user's home directory and remove all the dot files
    cd /home/user
    rm .??*
17. Create the following .bash_profile in the user's home directory:
    export PATH=/home/bin
    FROM=${SSH_CLIENT%% *}
    logger -p user.warn -t USER_LOGIN "User $LOGNAME logged in from $FROM"
    export HISTFILE=/dev/null
    [[ $TERM == xterm* ]] && echo -ne "\033]0;JAIL-$HOSTNAME\007"
    PS1="\!-$HOSTNAME\$ "
18. The file permissions should be set, but confirm:
    chmod 644 .bash_profile
    chown root:wheel .bash_profile
19. Create the ssh directory and give it to the user:
    mkdir -m 700 .ssh
    chown user:user .ssh
20. Install the user's authorized_keys file in the ssh directory, and make sure the permissions are right:
    chown user:user .ssh/authorized_keys
    chmod 600 .ssh/authorized_keys
21. Your user should be able to login at this point, and do nothing beyond what you've given them access to in the /home/bin directory.

Handy SVC mini-scripts

In a former life, I was a storage administrator for Thomas Jefferson University Hospital in Center City, Philadelphia. Aside from the wide array of lunch options we had to choose from, another thing I really enjoyed was working with IBM's SVC, or SAN Volume Controller. As a sysadmin, there are few software packages that you truly enjoy working with and you think are really, really good, but the SVC was one of those. One of the reasons was because the command-line interface was just a restricted Bash shell - something I knew very, very well. This allowed me to do pretty amazing things, as the shell is a wonderfully capable programming language. Back then, I had a Wiki that I used as a notepad, and I had several pages on the cool things you could do with SVC on the command line. Here is one of those pages, cut-and-pasted from my internal webserver. Be warned, though - none of this has been updated since about 2007!

Thanks to the awesome Aussie Storage Blog for the inspiration to resurrect these old pages.

---

SVC's command line interface (CLI) is a restricted bash shell. You might not be able to cd to other directories or run commands like "grep" or "awk", (see below) but you can still do some really useful stuff using the shell builtins available to you.

Basic info

---

• The "for var in blah blah blah blah; do; done" and "while read; do; done" loops are very powerful tools available to the shell script programmer, and are the backbone of virtually every miniscript I write.
• SVC's bash is restricted, but otherwise the same as the bash you would find on any linux box. Prior to SVC 4.2, the bash version is 2.05. At 4.2, the bash is updated to 3.1. If you've got a linux system available to play with, you can try out these miniscripts there before you try them on your production SVC. If you want to test these scripts on a different linux system, you might want to see the SVC miniscript testing page.
• Before you actually run commands, ESPECIALLY on an SVC where you can cause some serious damage to your SAN, prefix the command with an "echo" so you can see the command it would run without actually running the command!
  
  So, before you run "svctask rmvdisk $x" from inside a loop; first run "echo svctask rmvdisk $x" and verify that it's going to do what you think it's going to do. Much better to see that you messed something up on the screen than let your SVC try to remove every vdisk you've got assigned. Clients will not be happy nor will they be too understanding when you tell them you were using some ultra-fancy "bash miniscripts" to make working on the SVC more efficient.

Possible gotchas

---

Beyond the obvious gotchas of really screwing up the configuration of your SVC if you get your miniscripts wrong, there are a couple little gotchas to be aware of.

* Variables set inside loops are not available outside of loops.

found=0
svcinfo lsvdisk -nohdr | while read line
do
    [[ $line == *DS4800* ]] && (( ++found ))
done
echo "Found $found vdisks on the DS4800"

This will always report 0 vdisks, even if it does find vdisks, because the loop executes in a subshell, and thus any modification to the variable won't be available to the parent shell. A workaround is to use command substitution and catch the STDOUT of the loop:

found=$(svcinfo lsvdisk -nohdr | while read x; do [[ $x == *DS4800* ]] && echo -n X; done)
echo "Found ${#found} vdisks on the DS4800"

For each disk I find, I echo an "X". At the end of the loop, I've got stored in the variable "found" something which looks like "XXXXX" for five vdisks. Echoing "${#found}" gives me the length of the variable, and thus, the number of vdisks. Painful workaround? Yep.

This is a bash thing -- don't blame SVC. Korn shell (ksh) works just fine either way, but we're not running on the ksh, are we?

Multi-line entry

---

To make things more readable, you can enter your mini scripts on multiple lines:

svcinfo lsmdisk -delim : | while read line
do
    echo "$line"
done

(this miniscript doesn't really accomplish anything... just echoes what it reads, as if we ran "svcinfo lsmdisk | cat")

Bash will convert your entry to a one-liner (separating lines with ";" as appropriate) when it enters it into the history file, so the above will look like this in the history file:

svcinfo lsmdisk -delim: | while read line; do echo "$line"; done

Because of this, when I'm writing mini-scripts, I just edit them in the one-line format. Your option.

Shortening command lines

---

if/then with only one command can be simplified:

if [[ $x = "yes" ]]
then
    echo "yes"
fi

can be simplified to:

[[ $x = "yes" ]] && echo "yes"

if/then/else with only one command can be simplified:

if [[ $x == "yes" ]]
then
    echo "yes"
else
    echo "no"
fi

can be shortened to:

[[ $x == "yes" ]] && echo "yes" || echo "no"

Multiple commands can be run as well:

if [[ $x == "yes" ]]
then
    echo "yes"
    runcommand
fi

can be shortened to:

[[ $x == "yes" ]] && echo "yes" && runcommand

• caveat: The shortened version will not work exactly the same as the long version. In the short version, "runcommand" is only run if the first command, echo "yes" is successful. Odds are good that an echo isn't going to fail, but if "runcommand" was first and it failed, the next command doesn't run. In the "long" if/then format, both commands will be run, even if the first fails.
• Basically, unless you really understand how the "&&" and "||" dividers work, stick to single commands in your shortened if/then commands. Anyhow, the if/then syntax for multiple commands (on one line) is still pretty easy:
  
  if test; then command1; command2; fi

No "ls"? No problem!

---

SVC's restricted bash shell gives you very, VERY few commands. You can still get by without some of them using the bash builtins. Here's how we can simulate the "ls" command:

echo /dumps/*

This lists the contents of the /dumps/ directory, but in a pretty ugly format... all the files are listed separated by a space, and wrapped around lines. A little hard to read. Here's how we can have something more like "ls -F" format: ("/" appended to the name of directories)

for file in /dumps/*
do
    [[ -d $file ]] && echo "$file/" || echo "$file"
done

I don't know of any bash builtins that could give us the equivalent output of "ls -l", though. No way to get file size, permissions, or ownership. You can check if your own permissions as related to the file (can I read, write, execute) but can't see who owns it. That said, if the file is there, as admin you will have permissions to access it

No "grep"? No worries!

---

Wouldn't it be nice to "svcinfo lsvdisk | grep MyDisk"? Here's how: (basic form)

svcinfo lsvdisk -nohdr -delim : | while read line
do
    [[ $line = *match* ]] && echo $line
done

• The bash used in SVC is kinda old (version 2.05 on SVC v4.1) which is too bad. If it were a more modern version (v3.x) there are many REALLY powerful pattern matching capabilities available as builtins... including regular expressions!
• WUHU! SVC 4.2 has upgraded bash to version 3.x! This opens up some REAL possibilities for powerful pattern matching. See the bash doc for more info.

No "awk"? No concerns!

---

Since most SVC output is field specific, you can use modify the "grep" code above bash to split up the stuff that you're reading:

svcinfo lsmdiskgrp -nohdr -delim : | while IFS=: read id name status nummdisk numvdisk size extsize free
do
    [[ $name == *4500* ]] &&  echo "MDiskGroup $name (id $id) has $free available of $size"
done

Note: Using the ":" delimiter and setting IFS allows us to handle blank fields. F'rinstance, "lsvdisk" often has blanks for FC_id, FC_name, RC_id, and RC_name. (unless you've got Flash Copy on that vdisk) but the vdisk UID might be important to you. If you don't set IFS and leave "delim" unset, there will just be extra blank space, and the vdisk UID will be set to the "FC_id". Setting the IFS to the delimiter makes it set the blank fields to blank. IF you don't have to deal with blank fields (like say lsmdiskgrp) then you can leave the delim unset and just use a read: (you should still turn off the header so you don't process that!)

svcinfo lsmdiskgrp -nohdr | while read id name status nummdisk numvdisk size extsize free
do
   ...

No "sleep"? Now that's a problem.

---

If you wanted to run a command repeatedly, separated by a certain time delay, I haven't figured out how to do that yet. The "sleep" command, oddly enough, isn't a bash builtin. (even though it seems like it could be, very easily... and not to harp on ksh93, but it's a builtin there as well, and takes fractional delays, to go with ksh93's capability for floating-point math... oh, and it leaves variables set in loops available to the original shell...)

One option I considered was checking the first field of /proc/uptime in a loop, and exiting the loop when the value equals (( initialvalue + sleeptime )), but the problem there is that bash will check the contents of the file as often as it can, many times a second, creating a possibly significant load on the system, which isn't a good idea.

• Interactive workaround for no "sleep" command:

Instead of having the system delay for a certain period of time, you can have the system wait for your input, using the "read" command to read a line of input. You can then CTRL-C or put in a specific exit string:

while read keyb
do
    svc command goes here
    [[ $keyb == x ]] && break
done

This will execute the command every time you hit ENTER, and if you type a single "x", it will return you to a command prompt. Don't use "exit" instead of "break" or you'll be logged out when you type "x".

Building associative arrays

---

One of the biggest pains in the butt with bash is the variable scoping. If you want to build an associative array of, say, mDisk Name mapping to its state, you can't just set up a while loop with the output of lsmdisk piped into it. The reason is that the pipe spawns a subshell and the array that you're merrily building belongs to the subshell and so ceases to exist once you exit the loop

I worked out the following method.

1. Build an array of your keys, using command substitution
2. Build an array of your values, using command substitution
3. Iterate over your values and generate your associative array

eg

vdiskIds=(`svcinfo lsvdisk -nohdr | while read id rest; do echo -n "$id "; done`)
vdiskNames=(`svcinfo lsvdisk -nohdr | while read id name rest; do echo -n "$name "; done`)
vdiskNameMap=()
for (( i = 0 ; i < ${#vdiskNames[

} ; i++ ))do

 vdiskNameMap[${vdiskIds[$i]}]=${vdiskNames[$i]}

done @]

Because no subshell was spawned for the last loop, vdiskNameMap is avaiable for later. I use this in my extent summary script

Functions in bash

---

If you wanted to use the "grep" code above and actually call it "grep", you could do that by defining a function:

function grep { while read line; do [[ $line == *$1* ]] && echo "$line"; done }

• Since you can't edit your .bash_profile or .bashrc, every time you log into the SVC, you'd have to re-enter the function. This could be done via cut & paste, or if you wanted to get fancy, an expect script which logged in, defined your functions, and then gave you interactive control.

Since we don't have the capability to set aliases in restricted shell, you can use this if you want to get rid of the annoying need to prefix everything with "svcinfo" and "svctask":

function lsmdiskgrp { svcinfo lsmdiskgrp $*; }

"lsmdiskgrp" now works just like "svcinfo lsmdiskgrp", taking options (like "-nohdr") and arguments (like the name or id or an mdiskgrp) without having to type "svcinfo" first.

• bash can be finicky when you define a function and put commands in { } brackets. Usually bash isn't like perl in needing each line terminated with ";", but if you have a simple command like we have here, end the command with a ";" before the closing "}". Watch your whitespace, too.

A more powerful miniscript

---

An example. If you're running extents migrations, the progress information given by "svcinfo lsmigrate" is a little hard to read:

IBM_2145:TJUH_SVC:admin>svcinfo lsmigrate
migrate_type MDisk_Extents_Migration
progress 33
migrate_vdisk_index 13
migrate_source_mdisk_index 10
migrate_target_mdisk_index 1
number_extents 160
max_thread_count 1
migrate_type MDisk_Extents_Migration
progress 90
migrate_vdisk_index 12
migrate_source_mdisk_index 10
migrate_target_mdisk_index 1
number_extents 60
max_thread_count 1

...and so forth. That's pretty ugly. Wouldn't it be nice if we could see output in a format like:

Vdisk  13  52% of  160 extents
Vdisk   1  10% of  819 extents
Vdisk  10  37% of   64 extents
Vdisk   7  22% of   96 extents
Vdisk   4   0% of  194 extents

Much nicer! It's actually pretty easy. Here's the command line:

svcinfo lsmigrate | while read x y; do
    [[ $x = progress ]] && p=$y
    [[ $x = migrate_vdisk_index ]] && vdisk=$y
    [[ $x = number_extents ]] && printf "Vdisk %3d %3d%% of %4d extents\n" "$vdisk" "$p" "$y"
done

Normally I'll just create the whole command line with one line and semicolons separating commands, since it's easier to return to that line and edit.

In this instance, 0% means it hasn't started the migration... it can only run four threads at once, so a vdisk at 0% is waiting. Let's fancy it up some:

svcinfo lsmigrate | while read x y; do \
    [[ $x = progress ]] && p=$y \
    [[ $x = migrate_vdisk_index ]] && vdisk=$y \
    if [[ $x = number_extents ]]; then \
        if [[ $p = 0 ]]
        then
             echo "Vdisk $vdisk is waiting..."
        else 
             printf "Vdisk %3d %3d%% of %4d extents\n" "$vdisk" "${p}" "$y"
        fi; fi
done

That produces output like this:

Vdisk   1  35% of  819 extents
Vdisk   4  85% of  194 extents
Vdisk   5  82% of  160 extents
Vdisk   0   6% of   16 extents
Vdisk 14 is waiting...
Vdisk 17 is waiting...
Vdisk 32 is waiting...

...and so forth!

As you can see, the command lines can get a little complicated, but you can do some REALLY powerful stuff.

More advanced stuff

---

• A progress bar could be simulated like so:
  ->

  bar="########################################"       # That's 40 pound signs
  barlen=${#bar}                                       # Sets "barlen" to 40 - the length of "bar"
  space="                                        "     # 40 spaces
  blocks=$((p*barlen/100))                             # How many blocks for that percentage.
  echo ">${bar:0:$blocks}${space:0:$((barlen-blocks))<"

  
  For a value of p=70; output would look like this:
  ->>############################ <
  pmwiki isn't showing all the spaces properly here... there would be 28 pound signs followed by 12 spaces, keeping the whole width between the > < characters at 40 characters.

Bash links

---

• http://www.gnu.org/software/bash/
  GNU's page on bash.
• http://www.gnu.org/software/bash/manual/bashref.html
  GNU's bash reference manual

Logging FreeNAS performance data into Graphite

Update 12/23/2015 - I now have an updated post which supercedes this post.

Update 12/2/2015 - This information is dated, and there's a really good way to handle FreeNAS logging to Graphite with FreeNAS 9.3 that I need to document. I'll update this post with a link once I get that post done. In the meantime, this is just a placeholder.

FreeNAS is a great NAS appliance that I have been known to install just about anywhere I can. One of the things that makes it so cool is the native support for RRD graphs which you can view in the "Reporting" tab. What would be cooler, though, is if it could log its data to the seriously awesome metrics collection software Graphite. I've been working on getting Graphite installed at work, and have always wanted metrics collection at my house (because: nerd) and so once I got a Graphite server up and running, one of the first things I did was modify my FreeNAS system to point to the Graphite server.

Here are the steps I followed on FreeNAS 9.2.1.8.  I'm overdue for FreeNAS 9.3 and once I've done the upgrade, I'll update these instructions as necessary.

1. Install a Graphite server.  Four little words which sound so easy, but mask the thrill and heartbreak that can come with trying to accomplish this task. I tried several guides and was a little daunted when I saw most of them mentioning how much of a pain in the ass installing Graphite can be, but then I managed to find this nice, simple guide that used the EPEL packages on a CentOS box. Following those instructions, I managed to get two CentOS 6 boxes up and running in pretty short order, and then with some slight modifications, I set up a CentOS 7 graphite server at home.
2. Make sure port 2003 on your Graphite box is visible to your FreeNAS box. This usually involves opening some firewall rules.
3. SSH into your FreeNAS box. (If you don't know what this means, you probably never got to this step, as "Install a Graphite server" would have entirely broken your will to live.) You will also need to log into your FreeNAS box as either root, or a user that has sudo permission.
4. Edit the collectd config file:
1. sudo vi /etc/local/collectd.conf
2. At the top of the file, change "Hostname" from "localhost" to your hostname for the NAS. Otherwise, your NAS will report to the Graphite host as "localhost", and that's less than useful.
   
   Hostname "nastard"
   ...
3. There is a block of lines all starting with "LoadPlugin". At the bottom of this block, add "LoadPlugin write_graphite":
   
   ...
   LoadPlugin processes
   LoadPlugin rrdtool
   LoadPlugin swap
   LoadPlugin uptime
   LoadPlugin syslog
   LoadPlugin write_graphite
   
   ...
4. At the bottom of the file, add the following block, substituting the hostname for your graphite hostname:
   
   ...
   
    
       Host "graphite.example.net"
       Port "2003"
       Protocol "tcp"
       LogSendErrors true
       Prefix "servers."
       Postfix ""
       StoreRates true
       AlwaysAppendDS false
       EscapeCharacter "_"
    
5. Change to the directory "/var/db/collectd/rrd" - this is where FreeNAS logs its RRD metrics that is visible in the GUI. If we just restart collectd, it's going to start logging under the hostname (since we changed that above) and that'll break the UI's RRD graphs. While we'll still have the data in graphite, we can have our graphite cake and RRD eat it too by doing the following steps.
6. Shut down collectd:
   
   sudo service collectd stop
7. Move the "localhost" directory (under /var/db/collectd/rrd) to whatever you set the hostname to in the collectd.conf above:
   
   sudo mv localhost nastard
8. Symlink the directory back to "localhost":
   
   sudo ln -s nastard localhost
9. Restart collectd:
   
   sudo service collectd start
10. That's it! At this point, you can reload the FreeNAS GUI and see that you still have your RRD data, but more importantly, if you go to your Graphite GUI, you'll see that you should now be getting metrics.

Protips:

• Collectd writes data every 10 seconds by default. If you write all your collectd data with the "servers." prefix as I've shown above, you can make sure your whisper files are configured for this interval with the following block in your /etc/carbon/storage-schemas.conf:
  
  [collectd]
  pattern = ^servers\.
  retentions = 10s:90d,1m:1y
  This will retain your full 10s metrics for a month (30d), 1 minute interval metrics for a year. That config results in each whisper file being 15MB, and with my NAS config (with 6 running jails) I have 220 whisper files for a total disk space of 1.2G. Considering disk space is pretty cheap, you could easily adjust these numbers up to retain more data for longer.  You should also read up on the graphite aggregator which controls how the data is parsed down when it's saved at lesser intervals.
  
  Thanks to Ben K for pointing out that more than one or two aggregations will greatly increase the amount of disk access. Initially I had a four stage aggregation, but that would require a crapload of access happening with each write. Since Graphite is very IO intensive to begin with, that's not a good idea.

Strava guide to a full lap of the MTB trails at Lake Nockamixon.

A proper full lap of Nockamixon involves going all the way around in a clockwise direction, making right turns most everywhere there is an option. No crossover or duplicated riding.  (one exception, noted below)

The trail map at ridenox.com helps greatly in following these lap directions.

Start off from the Tower Rd parking lot, do the Cold Spot and Hammer loops by staying to the right at the first split. Early on, you'll come to a four-way intersection with another trail -- keep going straight, that other trail is just access to the lake for the fishermen/fisherwomen.  Soon after that, the trail comes to something like a "T", where you need to make a right turn.  Making the left skips the 1.4 mile Hammer trail -- see the Caveats below.

Coming across the stream at the end of the north trails, take the right and do the short section of trail that does not have a Strava segment.  (I informally call this one the "DMZ", although it's technically the lower part of the Haycock Run loop.)  This puts you onto the connector trail southbound, which dumps you out onto the "Sidewalk" stream crossing with the big flat rocks.

That leads to the South loop, officially two loops, Jaywalk and South Park. This is the biggest segment.

At the end of the south loop, you re-cross the stream at the "Sidewalk" crossing.  This is the only place that you ride the same trail in both directions, but only to the entrance of the Eastern Woods trail northbound. Eastern Woods takes you to Haycock Run uphill which leads you back to the stream crossing. (watch for the right turn after the stone buildup over the big log)  Cross that, ride to the split before the parking lot, and you've just done a full loop of Nox!  You are now free to revel in your awesomeness.

Have fun, ride fast, but ride safe.  Sightlines at Nox can be very short, and if you run someone over because you're chasing segments, or don't help someone who needs it for the same reason, you're a twatwaffle and should stop riding.

Caveats:

• You have to make sure to stay to the right when you get to the Hammer - otherwise, your lap is bogus and if you get the KOM, you're totally lame. (unless you're just out having fun and happen to accidentally match the full loop segment because Strava's segment matching is pretty crappy, in which case, bummer.)  If you get a bogus KOM because of shortcutting, don't be surprised if Bob Eichlin comes out and scorches the earth trying to beat you. 
• The "Bump Track" on the South Park loop is not a favorite of some, and some shortcut it. Technically you should do it if you want an honest "full lap" but I don't find it particularly interesting, and most GPS units aren't good enough to reliably report if you actually did or not sooooo...
• I've done crossovers to change things up every now and then, such as riding the Hammer trail in the CW direction, then continuing on when you get back to the Cold Spot.  It'll still match, and if anything, it'll make your full lap time slightly slower.  The key is to hit all the trails.
• Going in this direction, you will very likely miss the "Gnome Home" on the South Park loop, unless you know where to look.  It's just after a fairly large log over which is built up on either side with dirt.