Commit Graph

945 Commits

Author SHA1 Message Date
ed
e6cbda90b2 Small cleanups to the jail script:
- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
  places as well.

Submitted by:	Jille Timmermans <jille quis cx> (not jilles)
Reviewed by:	jilles
2009-06-10 18:18:14 +00:00
rmacklem
0bff7488fb Add support for the experimental nfs subsystem to the scripts in
/etc/rc.d. They use the following new rc variables:
  nfsv4_server_enable - set to "YES" to run the experimental server
  nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
    server
  nfsuserd_flags - command line flags for nfsuserd
  nfscbd_enable - set to "YES" to run the experimental nfs client's
    NFSv4 callback daemon
  nfscbd_flags - command line flags for nfscbd

Reviewed by:	dougb
Approved by:	kib (mentor)
2009-06-02 22:15:47 +00:00
dougb
96a94e728e Make the pf and ipfw firewalls start before netif, just like ipfilter
already does. This eliminates a logical inconsistency, and a small
window where the system is open after the network comes up.
2009-06-01 05:35:03 +00:00
dougb
868d2f6a92 Substitute ypset for ypbind in REQUIRE lines. If you use ypset it has to
happen right after ypbind, and before anything that uses NIS. The only
change in rcorder accomplished by this patch is make that happen.

PR:		conf/117555
Submitted by:	John Marshall <john@rwsrv05.mby.riverwillow.net.au>
2009-06-01 04:55:13 +00:00
dougb
32600a2e82 Small cleanup, add (spurious) quotation marks around the value
for name= to make these scripts consistent with the rest.
2009-05-30 21:51:38 +00:00
dougb
d5bddd5698 As previously advertised, remove this script prior to the 8.0 branch. 2009-05-30 19:38:51 +00:00
rwatson
3079c6660f Further idmapd garbage collection -- remove rc.d Makefile reference and
default settings.

Submitted by:	Pawel Worach <pawel.worach at gmail.com>
2009-05-22 13:56:16 +00:00
rwatson
ccb17e335a Remove the unmaintained University of Michigan NFSv4 client from 8.x
prior to 8.0-RELEASE.  Rick Macklem's new and more feature-rich NFSv234
client and server are replacing it.

Discussed with:	rmacklem
2009-05-22 12:35:12 +00:00
danger
bb3ce629ca - do not create and mount new file systems on top of the old ones on every
invocation of this script once we already have one
  (in case tmpmfs="YES").

Reviewed by:	dougb
2009-05-17 08:25:02 +00:00
dougb
80dc300a9e 1. New feature; option to have the script loop until a specified hostname
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
2009-05-16 20:55:28 +00:00
dougb
23339f0750 Trim trailing whitespace from the end of a line 2009-05-16 20:26:01 +00:00
ru
5501b55f4f Added (pre|post)(start|stop) jail hooks. These can be used to run
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.

Reviewed by:	simon
2009-04-28 09:45:32 +00:00
emax
a567037bb2 - Add ipfw_nat to the list of required modules if "firewall_nat_enable"
is set and "natd_enable" is NOT set;

- Accept and pass firewall type to the external firewall script.

Submitted by:		Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru >
MFC after:		3 days
No response from:	freebsd-rc
2009-03-30 21:31:52 +00:00
guido
a2fdf11bd9 Backout previous commit due to PEBKAC 2009-03-11 12:55:12 +00:00
guido
6ff61b7dce When swap resides on a mirror and it is not stopped, the mirror
is degraded upon the next reboot and will have to be rebuild.
Thus call swapoff when rebooting (read: when stopping swap1)
2009-03-10 15:19:49 +00:00
mtm
11a3f6d706 Rename the rc.conf(5) knob if_up_delay to defaultroute_delay to better
reflect its purpose.
2009-02-17 11:55:50 +00:00
mtm
e2d943b9ca Reword informational message by rc.d/defaultroute.
PR:		conf/131458
2009-02-11 09:18:09 +00:00
bz
fabbde3ece Named normally cannot be started chrooted inside a jail. Thus treat
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.

PR:		conf/103489
Reviewed by:	dougb
MFC after:	5 days
2009-02-07 16:37:02 +00:00
mtm
3726dccb6a The 30 second wait for network interfaces to show up effectively makes the
time to boot an unplugged system 30 sec. longer for no good reason. Therefore,
add a check to make sure that any DHCP interfaces are plugged in before
waiting.
2009-02-02 15:33:22 +00:00
imp
95423b159f Spawn one fewer shells on startup. We don't use dhcp_interfaces at
all in this function, and grep shows no other instances of it
(besides, this is a function, and in a sub-shell, so all changes are
local).
2009-01-30 03:41:45 +00:00
keramida
7a4494232b Backout change 187782. It inhibits ntpd from starting at all
when ntpd_sync_on_start is set.

Noticed by:	rafan
2009-01-29 06:43:29 +00:00
keramida
ed75d66370 When synchronizing the clock at system startup time, use both
the -g and -q options.  They do a slightly different thing and
both are necessary when the time difference is large.

Noticed by:	danger, in the forums
Approved by:	roberto
MFC after:	1 week
2009-01-27 20:13:24 +00:00
bz
d8594296c6 Update jail startup script for multi-IPv4/v6/no-IP jails.
Note: this is only really necessary because of the ifconfig
      logic to add/remove the jail IPs upon start/stop.
      Consensus among simon and I is that the logic should
      really be factored out from the startup script and put
      into a proper management solution.

- We now support starting of no-IP jails.
- Remove the global jail_<jname>_netmask option as it is only
  helpful to set netmasks/prefixes for the right address
  family and per address.
- Implement jail_<jname>_ip options to support both
  address familes with regard to ifconfig logic.
- Implement _multi<n> support suffix to the jail_<jname>_ip
  option to configure additional addresses to avoid overlong,
  unreadbale jail_<jname>_ip lines with lots of addresses.

Submitted by:	initial work from Ruben van Staveren
Discussed on:	freebsd-jail in Nov 2008.
Reviewed by:	simon, ru (partial, older version)
MFC after:	1 week
2009-01-26 12:59:11 +00:00
brooks
906e066d74 Correct a bug where /etc/rc.d/defaultroute fails to finish by printing a
newline when it fails to obtain an address via DHCP. This made the next
rc script begin its output on the same line.

PR:		conf
Submitted by:	Bruce Cran <bruce at cran dot org dot uk>
MFC after:	3 days
2008-12-17 17:35:14 +00:00
dfr
2fb03513fc Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
pjd
1893f5dd32 ifconfig(8) can take only one interface at a time. 2008-10-30 20:24:25 +00:00
ru
821d9baa1c Allow a jail's IP alias to be created with an arbitrary netmask.
MFC after:	3 days
2008-09-24 15:18:27 +00:00
thompsa
09662c68f9 Allow a jail to be started with a specific route fib.
Reviewed by:	secteam (simon)
Reviewed by:	brooks, bz
2008-09-16 20:18:25 +00:00
jhb
ff9581861d Add the ability to run /usr/sbin/crashinfo on a new core dump automatically
during boot.  Right now this is disabled by default, but it can be enabled
by setting 'crashinfo_enable=YES' in rc.conf.

MFC after:	2 weeks
2008-08-29 20:30:30 +00:00
des
4da9acb2ce Make obrien happy 2008-08-25 16:28:54 +00:00
rpaulo
4bfcd9ff65 Cope with the file rename by changing rc variables. 2008-08-21 00:04:19 +00:00
obrien
19743e2df1 Rename the RCng 'kernel' script to 'kernel_symlink'. 2008-08-20 03:02:06 +00:00
obrien
5c4a4c1479 Rename the RCng 'kernel' script to 'kernel_symlink'.
Requested by: many
2008-08-19 14:23:31 +00:00
obrien
0475264d7b Only symlink booted kernel directory to /boot/kernel if user has explicitly
requested it.  This is too dangerous to just do behind the admin's back.
2008-08-09 01:19:00 +00:00
dougb
6f04a5d9f3 When using SRV records the protocols and services files need to be in the
chroot /etc directory.

PR:		conf/121101
Submitted by:	Stefan `Sec` Zehl <sec@42.org>
2008-08-01 06:11:33 +00:00
jhb
9c7525b3ac Oops, restore the recent changes to make startup messages quieter. 2008-07-31 22:13:14 +00:00
jhb
4072a30fef Parse sysctl settings from /etc/sysctl.conf.local after /etc/sysctl.conf
if it exists.  This mirrors similar behavior for /boot/loader.conf and
/etc/rc.conf.

Obtained from:	Yahoo!
MFC after:	1 week
2008-07-31 21:57:35 +00:00
marcel
be01d3a915 With uart(4) default, change /dev/cuad# to /dev/cuau# and
sio# to uart# so that out-of-the-box FreeBSD is consistent.
2008-07-19 20:12:02 +00:00
marcel
6043671e8a With uart(4) default, change /dev/cuad# to /dev/cuau# and
sio# to uart# so that out-of-the-box FreeBSD is consistent.
2008-07-19 20:11:33 +00:00
dougb
f25eee8d08 Add the shutdown KEYWORD to those scripts that start persistent services
to allow them to do a "clean" shutdown.

I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.

I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.
2008-07-16 19:50:29 +00:00
dougb
cc4d6b8e36 As previously discussed, add the svn:executable property to all scripts 2008-07-16 19:22:48 +00:00
mtm
cb7c47a584 The pfctl(8) program is already pretty verbose, so don't print extra
information in quiet mode.
2008-07-11 08:11:49 +00:00
mtm
661fae6762 Remove the $DUMPDIR variable. It's redundant and the rest of the
script uses $dumpdir directly.
2008-07-06 08:31:29 +00:00
mtm
e28d296d11 Make checking for the availability of core dumps work in the case
that $dumpdev is not set to "AUTO".

Reported by: Paul B. Mahol <onemda@gmail.com>
2008-07-06 07:51:29 +00:00
mtm
0087e14c9d No need to display the result of enabling the ipfw sysctl if it's
successfull. Issue a warning if it fails, however.
2008-07-05 15:27:39 +00:00
mtm
9308cac661 There's no need to announce that we're mounting local filesystems when
running in quiet mode since if we fail to mount any of them the boot
process gets interrupted.
2008-07-05 15:19:58 +00:00
mtm
b9483125e6 Quiet down rc.d/nfsclient by not printing anything in 'quiet' mode. Instead
issue a warning of it fails to set the sysctls.
2008-07-05 15:13:21 +00:00
mtm
106e8ef4a8 Backout r179941. The nfsclient knob always confuses me. I should have
double-checked my setup before commiting.

Noticed by: Florian Smeets
Pointy hat to: mtm
2008-06-27 15:45:17 +00:00
mtm
3d60b25497 Quiet rc.d/syscons unless it has something to say. 2008-06-24 21:01:56 +00:00
mtm
06cbeaa694 Add a -q flag to swapon(8) to suppress informational messages. Use it in
rc.d.
Note: errors are not affected by this flag.
2008-06-23 22:17:08 +00:00