Commit | Line | Data |
---|---|---|
35557376 MS |
1 | #!/bin/csh |
2 | # | |
3 | # This will format a new machine with a BOOT+HAMMER setup and install | |
4 | # the live CD. You would boot the live CD, dhclient your network up, | |
5 | # then run 'rconfig :hammer', assuming you have a rconfig server on the | |
6 | # LAN. Alternately fetch the script from a known location and just run it. | |
7 | # | |
8 | # ad0s1a will be setup as a small UFS /boot. ad0s1d will be setup as | |
9 | # HAMMER with all remaining disk space. Pseudo file-systems will be | |
10 | # created for /var, /usr, etc (giving them separate inode spaces and | |
11 | # backup domains). | |
12 | # | |
13 | # ad0s1d will be set up as encrypted root file system using cryptsetup. | |
14 | # During the installation process you have to choose a password and enter | |
15 | # it three times. Remember your password as you won't be able to recover | |
16 | # your data without it! | |
17 | # | |
18 | # WARNING: HAMMER filesystems (and pseudo-filesystems) must be | |
19 | # occassionally pruned and reblocked. 'man hammer' for more information. | |
20 | ||
21 | set disk = "ad0" | |
22 | ||
6a2fca96 | 23 | # For safety this only runs on a CD- or PXE-booted machine |
35557376 | 24 | # |
d98aab42 | 25 | df / | egrep -q '^(.*cd|.+:)' |
35557376 MS |
26 | if ( $status > 0 ) then |
27 | echo "This program formats your disk and you didn't run it from" | |
6a2fca96 | 28 | echo "a CD or NFS boot!" |
35557376 MS |
29 | exit 1 |
30 | endif | |
31 | ||
32 | echo "This program formats disk ${disk}! Hit ^C now or its gone." | |
33 | foreach i ( 10 9 8 7 6 5 4 3 2 1 ) | |
34 | echo -n " $i" | |
35 | sleep 1 | |
36 | end | |
37 | echo "" | |
38 | ||
39 | # Unmount any prior mounts on /mnt, reverse order to unwind | |
40 | # sub-directory mounts. | |
41 | # | |
42 | foreach i ( `df | fgrep /mnt | awk '{ print $6; }' | tail -r` ) | |
43 | echo "UMOUNT $i" | |
44 | umount $i | |
45 | end | |
46 | ||
47 | # Set our disk here | |
48 | # | |
49 | sleep 1 | |
50 | set echo | |
51 | ||
52 | # Format and label the disk. | |
53 | # | |
54 | # 'a' small UFS boot | |
55 | # 'd' HAMMER filesystem | |
56 | # | |
57 | # Use PFSs for backup domain separation | |
58 | # | |
59 | dd if=/dev/zero of=/dev/${disk} bs=32k count=16 | |
60 | fdisk -IB ${disk} | |
0a319615 | 61 | disklabel64 -r -w ${disk}s1 |
35557376 MS |
62 | disklabel64 -B ${disk}s1 |
63 | disklabel64 ${disk}s1 > /tmp/label | |
6a2fca96 | 64 | |
35557376 | 65 | cat >> /tmp/label << EOF |
6a2fca96 | 66 | a: 768m 0 4.2BSD |
35557376 MS |
67 | b: 2g * swap |
68 | d: * * HAMMER | |
69 | EOF | |
70 | disklabel64 -R ${disk}s1 /tmp/label | |
71 | ||
72 | newfs /dev/${disk}s1a | |
73 | ||
74 | # Load dm and setup a new encrypted root fs | |
75 | # | |
76 | kldload dm | |
5f17a174 | 77 | cryptsetup -y luksFormat /dev/${disk}s1d |
35557376 MS |
78 | cryptsetup luksOpen /dev/${disk}s1d root || exit 1 |
79 | ||
6a2fca96 | 80 | # Create file system |
35557376 MS |
81 | newfs_hammer -L ROOT /dev/mapper/root |
82 | ||
83 | # Mount it | |
84 | # | |
85 | mount_hammer /dev/mapper/root /mnt | |
86 | mkdir /mnt/boot | |
87 | mount /dev/${disk}s1a /mnt/boot | |
88 | ||
89 | # Create PFS mount points for nullfs. | |
90 | # | |
91 | # Do the mounts manually so we can install the system, setup | |
92 | # the fstab later on. | |
93 | mkdir /mnt/pfs | |
94 | ||
95 | hammer pfs-master /mnt/pfs/usr | |
96 | hammer pfs-master /mnt/pfs/usr.obj | |
97 | hammer pfs-master /mnt/pfs/var | |
98 | hammer pfs-master /mnt/pfs/var.crash | |
99 | hammer pfs-master /mnt/pfs/var.tmp | |
100 | hammer pfs-master /mnt/pfs/tmp | |
101 | hammer pfs-master /mnt/pfs/home | |
102 | ||
103 | mkdir /mnt/usr | |
104 | mkdir /mnt/var | |
105 | mkdir /mnt/tmp | |
106 | mkdir /mnt/home | |
107 | ||
108 | mount_null /mnt/pfs/usr /mnt/usr | |
109 | mount_null /mnt/pfs/var /mnt/var | |
110 | mount_null /mnt/pfs/tmp /mnt/tmp | |
111 | mount_null /mnt/pfs/home /mnt/home | |
112 | ||
113 | mkdir /mnt/usr/obj | |
114 | mkdir /mnt/var/tmp | |
115 | mkdir /mnt/var/crash | |
116 | ||
117 | mount_null /mnt/pfs/var.tmp /mnt/var/tmp | |
118 | mount_null /mnt/pfs/var.crash /mnt/var/crash | |
119 | mount_null /mnt/pfs/usr.obj /mnt/usr/obj | |
120 | ||
121 | chmod 1777 /mnt/tmp | |
122 | chmod 1777 /mnt/var/tmp | |
123 | ||
124 | # Install the system from the live CD | |
125 | # | |
126 | cpdup -o / /mnt | |
127 | cpdup -o /boot /mnt/boot | |
128 | cpdup -o /usr /mnt/usr | |
129 | cpdup -o /var /mnt/var | |
130 | cpdup -i0 /etc.hdd /mnt/etc | |
131 | ||
132 | chflags -R nohistory /mnt/tmp | |
133 | chflags -R nohistory /mnt/var/tmp | |
134 | chflags -R nohistory /mnt/var/crash | |
135 | chflags -R nohistory /mnt/usr/obj | |
136 | ||
137 | # Create some directories to be used for NFS mounts later on. | |
138 | # Edit as desired. | |
139 | # | |
140 | foreach i ( /proc /usr/doc /usr/src /repository /ftp /archive ) | |
141 | if ( ! -d /mnt$i ) then | |
142 | mkdir /mnt$i | |
143 | endif | |
144 | end | |
145 | ||
146 | cat > /mnt/etc/fstab << EOF | |
147 | # Device Mountpoint FStype Options Dump Pass# | |
148 | /dev/${disk}s1d / hammer rw 1 1 | |
149 | /dev/${disk}s1a /boot ufs rw 1 1 | |
150 | /dev/${disk}s1b none swap sw 0 0 | |
151 | /pfs/usr /usr null rw 0 0 | |
152 | /pfs/var /var null rw 0 0 | |
153 | /pfs/tmp /tmp null rw 0 0 | |
154 | /pfs/home /home null rw 0 0 | |
155 | /pfs/var.tmp /var/tmp null rw 0 0 | |
156 | /pfs/usr.obj /usr/obj null rw 0 0 | |
157 | /pfs/var.crash /var/crash null rw 0 0 | |
158 | proc /proc procfs rw 0 0 | |
159 | # misc NFS mounts to get your test box access to 'stuff' | |
160 | #crater:/repository /repository nfs ro,intr,bg 0 0 | |
161 | #crater:/usr/doc /usr/doc nfs ro,intr,bg 0 0 | |
162 | #crater:/ftp /ftp nfs ro,intr,bg 0 0 | |
163 | #crater:/sources/HEAD /usr/src nfs ro,intr,bg 0 0 | |
164 | #pkgbox:/archive /archive nfs ro,intr,bg 0 0 | |
165 | EOF | |
166 | ||
167 | ||
168 | # Mount devfs and create a new initrd | |
169 | # | |
170 | mount_devfs /mnt/dev | |
171 | chroot /mnt mkinitrd | |
172 | ||
173 | # Because root is not on the boot partition we have to tell the loader | |
174 | # to tell the kernel where root is. | |
175 | # | |
176 | cat > /mnt/boot/loader.conf << EOF | |
177 | dm_load="YES" | |
178 | initrd.img_load="YES" | |
179 | initrd.img_type="md_image" | |
180 | vfs.root.mountfrom="ufs:md0s0" | |
181 | vfs.root.realroot="crypt:hammer:/dev/${disk}s1d:root" | |
182 | EOF | |
183 | ||
184 | # Setup interface, configuration, sshd | |
185 | # | |
186 | set ifc = `route -n get default | fgrep interface | awk '{ print $2; }'` | |
187 | set ip = `ifconfig $ifc | fgrep inet | fgrep -v inet6 | awk '{ print $2; }'` | |
188 | set lip = `echo $ip | awk -F . '{ print $4; }'` | |
189 | ||
190 | echo -n "ifconfig_$ifc=" >> /mnt/etc/rc.conf | |
191 | echo '"DHCP"' >> /mnt/etc/rc.conf | |
192 | cat >> /mnt/etc/rc.conf << EOF | |
193 | sshd_enable="YES" | |
194 | dntpd_enable="YES" | |
195 | hostname="test$lip.MYDOMAIN.XXX" | |
196 | dumpdev="/dev/${disk}s1b" | |
197 | EOF | |
198 | ||
199 | # Misc sysctls | |
200 | # | |
201 | cat >> /mnt/etc/sysctl.conf << EOF | |
202 | #net.inet.ip.portrange.first=4000 | |
203 | EOF | |
204 | ||
35557376 MS |
205 | # Allow sshd root logins via dsa key only |
206 | # | |
207 | fgrep 'PermitRootLogin without-password' /mnt/etc/ssh/sshd_config >& /dev/null | |
208 | if ( $?status ) then | |
209 | echo "PermitRootLogin without-password" >> /mnt/etc/ssh/sshd_config | |
210 | endif | |
211 | ||
212 | # additional loader.conf stuff | |
213 | #cat >> /mnt/boot/loader.conf << EOF | |
214 | #if_nfe_load="YES" | |
215 | #EOF | |
216 | ||
217 | # Get sshd working - auto install my key so I can login. | |
218 | # | |
219 | #mkdir -p /mnt/root/.ssh | |
220 | #cat > /mnt/root/.ssh/authorized_keys << EOF | |
221 | #ssh-dss ... | |
222 | #EOF | |
223 | ||
224 | if ( ! -f /mnt/etc/ssh/ssh_host_dsa_key ) then | |
225 | cd /mnt/etc/ssh | |
226 | ssh-keygen -t dsa -f ssh_host_dsa_key -N "" | |
227 | endif | |
228 | ||
229 | # take CD out and reboot | |
230 | # |