3 # This will format a new machine with a BOOT+HAMMER setup and install
4 # the live CD. You would boot the live CD, dhclient your network up,
5 # then run 'rconfig :hammer', assuming you have a rconfig server on the
6 # LAN. Alternately fetch the script from a known location and just run it.
8 # ad0s1a will be setup as a small UFS /boot. ad0s1d will be setup as
9 # HAMMER with all remaining disk space. Pseudo file-systems will be
10 # created for /var, /usr, etc (giving them separate inode spaces and
13 # ad0s1d will be set up as encrypted root file system using cryptsetup.
14 # During the installation process you have to choose a password and enter
15 # it three times. Remember your password as you won't be able to recover
16 # your data without it!
18 # WARNING: HAMMER filesystems (and pseudo-filesystems) must be
19 # occassionally pruned and reblocked. 'man hammer' for more information.
23 # For safety this only runs on a CD- or PXE-booted machine
25 df / | egrep -q '^(*.cd|.+:)'
26 if ( $status > 0 ) then
27 echo "This program formats your disk and you didn't run it from"
28 echo "a CD or NFS boot!"
32 echo "This program formats disk ${disk}! Hit ^C now or its gone."
33 foreach i ( 10 9 8 7 6 5 4 3 2 1 )
39 # Unmount any prior mounts on /mnt, reverse order to unwind
40 # sub-directory mounts.
42 foreach i ( `df | fgrep /mnt | awk '{ print $6; }' | tail -r` )
52 # Format and label the disk.
55 # 'd' HAMMER filesystem
57 # Use PFSs for backup domain separation
59 dd if=/dev/zero of=/dev/${disk} bs=32k count=16
61 disklabel64 -r -w ${disk}s1 auto
62 disklabel64 -B ${disk}s1
63 disklabel64 ${disk}s1 > /tmp/label
65 cat >> /tmp/label << EOF
70 disklabel64 -R ${disk}s1 /tmp/label
74 # Load dm and setup a new encrypted root fs
77 cryptsetup -y luksFormat /dev/${disk}s1d
78 cryptsetup luksOpen /dev/${disk}s1d root || exit 1
81 newfs_hammer -L ROOT /dev/mapper/root
85 mount_hammer /dev/mapper/root /mnt
87 mount /dev/${disk}s1a /mnt/boot
89 # Create PFS mount points for nullfs.
91 # Do the mounts manually so we can install the system, setup
95 hammer pfs-master /mnt/pfs/usr
96 hammer pfs-master /mnt/pfs/usr.obj
97 hammer pfs-master /mnt/pfs/var
98 hammer pfs-master /mnt/pfs/var.crash
99 hammer pfs-master /mnt/pfs/var.tmp
100 hammer pfs-master /mnt/pfs/tmp
101 hammer pfs-master /mnt/pfs/home
108 mount_null /mnt/pfs/usr /mnt/usr
109 mount_null /mnt/pfs/var /mnt/var
110 mount_null /mnt/pfs/tmp /mnt/tmp
111 mount_null /mnt/pfs/home /mnt/home
117 mount_null /mnt/pfs/var.tmp /mnt/var/tmp
118 mount_null /mnt/pfs/var.crash /mnt/var/crash
119 mount_null /mnt/pfs/usr.obj /mnt/usr/obj
122 chmod 1777 /mnt/var/tmp
124 # Install the system from the live CD
127 cpdup -o /boot /mnt/boot
128 cpdup -o /usr /mnt/usr
129 cpdup -o /var /mnt/var
130 cpdup -i0 /etc.hdd /mnt/etc
132 chflags -R nohistory /mnt/tmp
133 chflags -R nohistory /mnt/var/tmp
134 chflags -R nohistory /mnt/var/crash
135 chflags -R nohistory /mnt/usr/obj
137 # Create some directories to be used for NFS mounts later on.
140 foreach i ( /proc /usr/doc /usr/src /repository /ftp /archive )
141 if ( ! -d /mnt$i ) then
146 cat > /mnt/etc/fstab << EOF
147 # Device Mountpoint FStype Options Dump Pass#
148 /dev/${disk}s1d / hammer rw 1 1
149 /dev/${disk}s1a /boot ufs rw 1 1
150 /dev/${disk}s1b none swap sw 0 0
151 /pfs/usr /usr null rw 0 0
152 /pfs/var /var null rw 0 0
153 /pfs/tmp /tmp null rw 0 0
154 /pfs/home /home null rw 0 0
155 /pfs/var.tmp /var/tmp null rw 0 0
156 /pfs/usr.obj /usr/obj null rw 0 0
157 /pfs/var.crash /var/crash null rw 0 0
158 proc /proc procfs rw 0 0
159 # misc NFS mounts to get your test box access to 'stuff'
160 #crater:/repository /repository nfs ro,intr,bg 0 0
161 #crater:/usr/doc /usr/doc nfs ro,intr,bg 0 0
162 #crater:/ftp /ftp nfs ro,intr,bg 0 0
163 #crater:/sources/HEAD /usr/src nfs ro,intr,bg 0 0
164 #pkgbox:/archive /archive nfs ro,intr,bg 0 0
168 # Mount devfs and create a new initrd
173 # Because root is not on the boot partition we have to tell the loader
174 # to tell the kernel where root is.
176 cat > /mnt/boot/loader.conf << EOF
178 initrd.img_load="YES"
179 initrd.img_type="md_image"
180 vfs.root.mountfrom="ufs:md0s0"
181 vfs.root.realroot="crypt:hammer:/dev/${disk}s1d:root"
184 # Setup interface, configuration, sshd
186 set ifc = `route -n get default | fgrep interface | awk '{ print $2; }'`
187 set ip = `ifconfig $ifc | fgrep inet | fgrep -v inet6 | awk '{ print $2; }'`
188 set lip = `echo $ip | awk -F . '{ print $4; }'`
190 echo -n "ifconfig_$ifc=" >> /mnt/etc/rc.conf
191 echo '"DHCP"' >> /mnt/etc/rc.conf
192 cat >> /mnt/etc/rc.conf << EOF
195 hostname="test$lip.MYDOMAIN.XXX"
196 dumpdev="/dev/${disk}s1b"
201 cat >> /mnt/etc/sysctl.conf << EOF
202 #net.inet.ip.portrange.first=4000
205 # Allow sshd root logins via dsa key only
207 fgrep 'PermitRootLogin without-password' /mnt/etc/ssh/sshd_config >& /dev/null
209 echo "PermitRootLogin without-password" >> /mnt/etc/ssh/sshd_config
212 # additional loader.conf stuff
213 #cat >> /mnt/boot/loader.conf << EOF
217 # Get sshd working - auto install my key so I can login.
219 #mkdir -p /mnt/root/.ssh
220 #cat > /mnt/root/.ssh/authorized_keys << EOF
224 if ( ! -f /mnt/etc/ssh/ssh_host_dsa_key ) then
226 ssh-keygen -t dsa -f ssh_host_dsa_key -N ""
229 # take CD out and reboot