diff --git a/share/examples/diskless/209.157.86.12/README b/share/examples/diskless/209.157.86.12/README index 4d07fe59fd1f..0b52492979f2 100644 --- a/share/examples/diskless/209.157.86.12/README +++ b/share/examples/diskless/209.157.86.12/README @@ -8,13 +8,20 @@ rc.conf.local by having it source ../HT.DISKLESS/rc.conf.local to get class-based defaults. -total 6 -drwxr-xr-x 3 root wheel 512 Jan 26 10:56 . -drwxr-xr-x 7 root wheel 512 Jan 26 10:58 .. -drwxr-xr-x 2 root wheel 512 Jan 26 10:56 CVS -lrwxr-xr-x 1 root wheel 17 Jan 25 10:26 kernel -> /kernel.diskless2 --rw-r--r-- 1 root wheel 146 Jan 25 01:21 rc.conf.local -lrwxr-xr-x 1 root wheel 23 Jan 25 10:26 rc.local -> ../HT.DISKLESS/rc.local --rw------- 1 root wheel 539 Jan 17 15:29 ssh_host_key --rw-r--r-- 1 root wheel 343 Jan 17 15:29 ssh_host_key.pub -lrwxr-xr-x 1 root wheel 25 Jan 25 10:26 xdm-config -> ../HT.DISKLESS/xdm-config + Note: the ttys file below contains an example of how to have X startup + on boot. + +apollo:/conf/209.157.86.12# ls -la +total 7 +drwxr-xr-x 2 root wheel 512 Feb 9 00:27 . +drwxr-xr-x 8 root wheel 512 Feb 8 22:48 .. +lrwxr-xr-x 1 root wheel 20 Feb 8 22:04 fstab -> ../HT.DISKLESS/fstab +lrwxr-xr-x 1 root wheel 17 Jan 24 23:33 kernel -> /kernel.diskless2 +-rw-r--r-- 1 root wheel 133 Feb 8 22:04 rc.conf.local +lrwxr-xr-x 1 root wheel 23 Jan 25 00:41 rc.local -> ../HT.DISKLESS/rc.local +-rw------- 1 root wheel 539 Jan 17 15:29 ssh_host_key +-rw-r--r-- 1 root wheel 343 Jan 17 15:29 ssh_host_key.pub +lrwxr-xr-x 1 root wheel 26 Feb 9 00:27 syslog.conf -> ../HT.DISKLESS/syslog.conf +-rw-r--r-- 1 root wheel 1408 Feb 8 19:54 ttys +lrwxr-xr-x 1 root wheel 25 Jan 25 00:38 xdm-config -> ../HT.DISKLESS/xdm-config + diff --git a/share/examples/diskless/HT.DISKLESS/fstab b/share/examples/diskless/HT.DISKLESS/fstab new file mode 100644 index 000000000000..f1ee38f2c2bd --- /dev/null +++ b/share/examples/diskless/HT.DISKLESS/fstab @@ -0,0 +1,5 @@ +# fstab for diskless machine. Root is already mounted, as is swap. +# +209.157.86.2:/usr /usr nfs ro 0 0 +209.157.86.2:/var /var nfs ro 0 0 +proc /proc procfs rw 0 0 diff --git a/share/examples/diskless/HT.DISKLESS/rc.conf.local b/share/examples/diskless/HT.DISKLESS/rc.conf.local index 0b94b7ddf04c..16ddd1d7f18e 100644 --- a/share/examples/diskless/HT.DISKLESS/rc.conf.local +++ b/share/examples/diskless/HT.DISKLESS/rc.conf.local @@ -5,7 +5,12 @@ ldconfig_paths="$ldconfig_paths /usr/krb5/lib" ldconfig_paths_aout="$ldconfig_paths_aout /usr/krb5/lib/aout" -syslogd_flags="-f /etc/syslog.diskless.conf" +# Must do NFS mounts early +# Must not attempt to mount root rw +# +early_nfs_mounts="YES" +root_rw_mount="NO" + inetd_enable="NO" portmap_enable="NO" router_enable="NO" @@ -15,8 +20,8 @@ sendmail_enable="NO" # Enable additional services # -lpd_enable="YES" nfs_client_enable="YES" +lpd_enable="YES" ntpdate_enable="YES" ntpdate_flags="apollo.backplane.com" xntpd_enable="YES" @@ -27,59 +32,3 @@ if [ -f /etc/ipfw.conf ]; then firewall_quiet="NO" fi - -# Add customizations to the diskless mount function -# - -old_func=$diskless_mount_func -diskless_mount_func=diskless_mount_user - -diskless_mount_user() { - $old_func - - # Copy of ssh_host_key* files to where sshd - # expects them, assuming you add to /usr/local/etc/sshd_config: - # - # HostKey /var/db/ssh_host_key - # - - if [ -f $conf_dir/ssh_host_key ]; then - cp $conf_dir/ssh_host_key* /var/db - else - (cd /var/db; ssh-keygen -f ssh_host_key -P "") - fi - chmod 400 /var/db/ssh_host_key - chmod 644 /var/db/ssh_host_key.pub - - # Copy home directory so you can login - # - # - - mount_mfs -s 65536 -T qp120at dummy /home - - if [ -d /home.diskless ]; then - cd /home.diskless - for i in *; do - if [ -f $i/home.tgz ]; then - mkdir /home/$i - chown $i /home/$i - chmod 700 /home/$i - (cd /home/$i; tar xvzpf /home.diskless/$i/home.tgz) - homeok=1 - fi - done - fi - - if [ "$homeok" = "0" ]; then - echo "ERROR, NO /home.diskless DIRECTORY TO COPY TO /HOME" - homeok=0 - sleep 10 - fi - - # Firewall helper - if we configure the firewall to let through - # ports > 4000, we need to configure the machines as such. - # - - sysctl -w net.inet.ip.portrange.first=4000 -} - diff --git a/share/examples/diskless/HT.DISKLESS/rc.local b/share/examples/diskless/HT.DISKLESS/rc.local index 35d7082bb25c..f473d4152168 100755 --- a/share/examples/diskless/HT.DISKLESS/rc.local +++ b/share/examples/diskless/HT.DISKLESS/rc.local @@ -1,6 +1,17 @@ #!/bin/sh -. /etc/rc.conf +if [ -f /etc/rc.conf ]; then + . /etc/rc.conf +fi + +# Firewall helper - if we configure the firewall to let through +# ports > 4000, we need to configure the machines as such. +# + +sysctl -w net.inet.ip.portrange.first=4000 + +# Setup spool +# cat >> /var/spool/lpd/ljet4.ps << EOF #!/bin/sh @@ -9,11 +20,58 @@ cat >> /var/spool/lpd/ljet4.ps << EOF gs -q -dSAFER -dNOPAUSE -sDEVICE=ljet4 -r600x600 -dBitsPerPixel=1 \ -sOutputFile=- - EOF + chmod 755 /var/spool/lpd/ljet4.ps + mkdir /var/spool/ljet4 chown daemon /var/spool/ljet4 -if [ "X$start_xdm" = "XYES" ]; then - ( sleep 10; xdm -config $conf_dir/xdm-config ) > /dev/null 2>&1 & +# Setup remote source +# + +mount_mfs -s 600000 -T qp120at dummy /src +mount apollo:/FreeBSD /FreeBSD +mkdir /src/u3 +mkdir /src/u3/usr.obj + +# Copy of ssh_host_key* files to where sshd +# expects them, assuming you add to /usr/local/etc/sshd_config: +# +# HostKey /var/db/ssh_host_key +# +# Then restart sshd ( the /usr/local/etc/rc.d script installed by +# the port probably failed due to the lack of host keys ) + +if [ -f /conf/ME/ssh_host_key ]; then + cp /conf/ME/ssh_host_key* /var/db +else + (cd /var/db; ssh-keygen -f ssh_host_key -P "") +fi +chmod 400 /var/db/ssh_host_key +chmod 644 /var/db/ssh_host_key.pub +/usr/local/sbin/sshd + +# Copy home directory so you can login +# +# + +mount_mfs -s 65536 -T qp120at dummy /home + +if [ -d /home.diskless ]; then + cd /home.diskless + for i in *; do + if [ -f $i/home.tgz ]; then + mkdir /home/$i + chown $i /home/$i + chmod 700 /home/$i + (cd /home/$i; tar xzpf /home.diskless/$i/home.tgz) + homeok=1 + fi + done +fi + +if [ "${homeok:=0}" = "0" ]; then + echo "ERROR, NO /home.diskless DIRECTORY TO COPY TO /HOME" + sleep 10 fi diff --git a/share/examples/diskless/HT.DISKLESS/syslog.conf b/share/examples/diskless/HT.DISKLESS/syslog.conf new file mode 100644 index 000000000000..a7df1e96deea --- /dev/null +++ b/share/examples/diskless/HT.DISKLESS/syslog.conf @@ -0,0 +1,3 @@ +*.err;kern.debug;auth.notice;mail.crit;lpr.info /dev/console +*.err;kern.debug;auth.notice;mail.crit root +*.emerg * diff --git a/share/examples/diskless/HT.DISKLESS/ttys b/share/examples/diskless/HT.DISKLESS/ttys new file mode 100644 index 000000000000..2c357d4b3b3b --- /dev/null +++ b/share/examples/diskless/HT.DISKLESS/ttys @@ -0,0 +1,52 @@ +# +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# name getty type status comments +# +# This entry needed for asking password when init goes to single-user mode +# If you want to be asked for password, change "secure" to "insecure" here +console none unknown off secure +# +ttyv0 "/usr/X11R6/bin/xdm -nodaemon -config /conf/209.157.86.6/xdm-config" cons25 on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" cons25 on secure +ttyv2 "/usr/libexec/getty Pc" cons25 on secure +ttyv3 "/usr/libexec/getty Pc" cons25 on secure +# Serial terminals +ttyd0 "/usr/libexec/getty std.9600" unknown off secure +ttyd1 "/usr/libexec/getty std.9600" unknown off secure +ttyd2 "/usr/libexec/getty std.9600" unknown off secure +ttyd3 "/usr/libexec/getty std.9600" unknown off secure +# Pseudo terminals +ttyp0 none network +ttyp1 none network +ttyp2 none network +ttyp3 none network +ttyp4 none network +ttyp5 none network +ttyp6 none network +ttyp7 none network +ttyp8 none network +ttyp9 none network +ttypa none network +ttypb none network +ttypc none network +ttypd none network +ttype none network +ttypf none network +ttypg none network +ttyph none network +ttypi none network +ttypj none network +ttypk none network +ttypl none network +ttypm none network +ttypn none network +ttypo none network +ttypp none network +ttypq none network +ttypr none network +ttyps none network +ttypt none network +ttypu none network +ttypv none network diff --git a/share/examples/diskless/HT.STD/syslog.conf b/share/examples/diskless/HT.STD/syslog.conf new file mode 100644 index 000000000000..cb92c6e6db07 --- /dev/null +++ b/share/examples/diskless/HT.STD/syslog.conf @@ -0,0 +1,11 @@ +*.err;kern.debug;auth.notice;mail.crit /dev/console +# *.notice;kern.debug;lpr,auth.info;mail.crit /var/log/messages +*.debug;kern.debug;lpr,auth.info;mail.crit;news.crit /var/log/messages +mail.info /var/log/maillog +news.info /var/log/news +lpr.info /var/log/lpd-errs +cron.* /var/log/cron +#*.err root +#*.notice;auth.debug root +#*.alert root +*.emerg * diff --git a/share/examples/diskless/HT.STD/ttys b/share/examples/diskless/HT.STD/ttys new file mode 100644 index 000000000000..bcd059bd9091 --- /dev/null +++ b/share/examples/diskless/HT.STD/ttys @@ -0,0 +1,52 @@ +# +# @(#)ttys 5.1 (Berkeley) 4/17/89 +# +# name getty type status comments +# +# This entry needed for asking password when init goes to single-user mode +# If you want to be asked for password, change "secure" to "insecure" here +console none unknown off secure +# +ttyv0 "/usr/libexec/getty Pc" cons25 on secure +# Virtual terminals +ttyv1 "/usr/libexec/getty Pc" cons25 on secure +ttyv2 "/usr/libexec/getty Pc" cons25 on secure +ttyv3 "/usr/libexec/getty Pc" cons25 on secure +# Serial terminals +ttyd0 "/usr/libexec/getty std.9600" unknown off secure +ttyd1 "/usr/libexec/getty std.9600" unknown off secure +ttyd2 "/usr/libexec/getty std.9600" unknown off secure +ttyd3 "/usr/libexec/getty std.9600" unknown off secure +# Pseudo terminals +ttyp0 none network +ttyp1 none network +ttyp2 none network +ttyp3 none network +ttyp4 none network +ttyp5 none network +ttyp6 none network +ttyp7 none network +ttyp8 none network +ttyp9 none network +ttypa none network +ttypb none network +ttypc none network +ttypd none network +ttype none network +ttypf none network +ttypg none network +ttyph none network +ttypi none network +ttypj none network +ttypk none network +ttypl none network +ttypm none network +ttypn none network +ttypo none network +ttypp none network +ttypq none network +ttypr none network +ttyps none network +ttypt none network +ttypu none network +ttypv none network diff --git a/share/examples/diskless/ME b/share/examples/diskless/ME index 1179d64787a6..85178e088a54 100644 --- a/share/examples/diskless/ME +++ b/share/examples/diskless/ME @@ -1,18 +1,37 @@ -When templating, ME is typically a softlink to the appropriate host -subdirectory. This softlink is different for each machine and -should not be updated by the template process. Any system-wise configuration -file that needs to be personalized is typically turned into a softlink -through /conf/ME. For example, /etc/rc.conf.local would be turned into a -softlink pointing to /conf/ME/rc.conf.local. +When templating, /conf/ME is typically a softlink to +/conf/. When doing a diskless boot, /conf/ME is +retargeted by /etc/rc.diskless1 from pointing to the server to pointing +to the client's directory, /conf/. The retargeting +is accomplished through an MFS -o union mount. -On any given machine, ME is typically a link to the hostname which also -exists as a subdirectory in the /conf directory. So, for each machine you -do: +When templating, this softlink should be different for each machine. +When doing a diskless boot, this softlink is typically part of the / NFS +mount from the server and points to the server's conf directory, but gets +retargeted during the /etc/rc.diskless1 phase. - cd /conf - ln -s this_machines_name ME +System-wide configuration files must generally be targeted through /conf/ME. +For example, your /etc/rc.conf.local should become a softlink to +/conf/ME/rc.conf.local and your real rc.conf.local should go into the +appropriate /conf/ directory. This is also true of +/etc/rc.local, /etc/fstab, /etc/syslog.conf, /etc/ccd.conf, /etc/ipfw.conf, +/etc/motd, /etc/resolv.conf, and possibly even /etc/ttys ( if you want +to start an X session up on boot on certain of your machines ). + +When templating, you duplicate your / and /usr partitions on each machine's +local disk from a single master ( assuming /var and /home reside elsewhere ), +EXCEPT for the /conf/ME softlink. The /conf/ME softlink is the only thing +on / that should be different for each machine. + +There are often categories of configuration files. For example, all of your +shell machines may use one resolv.conf while all of your mail proxies may +use another. Configuration files can be categorized fairly easily through +/conf/HT. directories. You put the actual configuration file in +/conf/HT. and make a softlink from +/conf/ME//config-file to "../HT.. In the BOOTP workstation /conf/$IP/rc.conf.local, you must typically turn *OFF* most of the system option defaults in /etc/rc.conf as well @@ -38,6 +37,13 @@ syslogd and other programs. This example is not designed to run out of the box and some modifications are required. + >> NOTE << HT.DISKLESS/ttys contains the typical configuration required + to bring X up at boot time. Essentially, it runs xdm in the foreground + with the appropriate arguments rather then a getty on ttyv0. You must + run xdm on ttyv0 in order to prevent xdm racing with getty on a virtual + terminal. Such a race can cause your keyboard to be directed away from + the X session, essentially making the session unusable. + Typically you should start with a clean slate by tar-copying this example directory to /conf and then hack on it in /conf rather then in /usr/share/examples/diskless. diff --git a/share/examples/diskless/README.TEMPLATING b/share/examples/diskless/README.TEMPLATING index 13804f337581..babf670c1eee 100644 --- a/share/examples/diskless/README.TEMPLATING +++ b/share/examples/diskless/README.TEMPLATING @@ -148,6 +148,11 @@ /conf//. Depending on your system configuration, there may be other files not listed above that you have to worry about. + In many cases, /conf/ME/filename is itself a softlink to + "../HT.xxxx/filename", where HT.xxxx is something like HT.STD ... this + added complexity actually makes it easier to manage multiple + classifications of machines. + DELETION OF FILES Any file found on the template destination that does not exist in the diff --git a/share/examples/diskless/archive.backplane.com/README b/share/examples/diskless/archive.backplane.com/README index 8d23ef2363e3..4b111e3bb739 100644 --- a/share/examples/diskless/archive.backplane.com/README +++ b/share/examples/diskless/archive.backplane.com/README @@ -1,6 +1,6 @@ aliases, forward.map, and ndomain.map are typically softlinks to some - other common directory such as HT.STD. + other common directory such as HT.STD. Also syslog.conf and ttys. You can create machine classifications, which I call 'HT.XXX' directories, to hold common files for a particular functional machine class. @@ -17,3 +17,5 @@ lrwxr-xr-x 1 root wheel 21 Jan 25 10:27 forward.map -> ../HT.STD/forward.map lrwxr-xr-x 1 root wheel 21 Jan 25 10:27 ndomain.map -> ../HT.STD/ndomain.map -rw------- 1 root wheel 464 Jan 25 13:53 rc.conf.local -rw-r--r-- 1 root wheel 283 Jan 24 18:33 resolv.conf +lrwxr-xr-x 1 root wheel 21 Feb 9 01:09 syslog.conf -> ../HT.STD/syslog.conf +lrwxr-xr-x 1 root wheel 14 Feb 9 01:08 ttys -> ../HT.STD/ttys