mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-28 12:07:10 +01:00
New script to help creation of shared readonly diskless partition.
It also has some instructions on how to setup the client and the server. I have been using this code for over 2 years on RELENG_3 and later RELENG_4. Have not tried on CURRENT, but in case there are any issues these are in /etc/rc and /etc/rc.diskless{12}
This commit is contained in:
parent
53ba84a69e
commit
047073a13a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=75537
144
share/examples/diskless/clone_root
Executable file
144
share/examples/diskless/clone_root
Executable file
@ -0,0 +1,144 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# (C) 2001 Luigi Rizzo, Gabriele Cecchetti
|
||||||
|
# <Standard BSD copyright>
|
||||||
|
# Revised 2001.04.16
|
||||||
|
#
|
||||||
|
# $FreeBSD$
|
||||||
|
#
|
||||||
|
# clone root filesystem for diskless root stuff
|
||||||
|
#
|
||||||
|
# usage
|
||||||
|
# clone_root all to do a full copy (e.g. bin, sbin...)
|
||||||
|
# clone_root update to recreate /var (including devices)
|
||||||
|
# clone_root to copy /conf and password-related files
|
||||||
|
#
|
||||||
|
# This script assumes that you use a shared readonly root and /usr
|
||||||
|
# partition. The script creates a partial clone of the root partition,
|
||||||
|
# and puts it into ${DEST} (defaults to /diskless_root ) on the server,
|
||||||
|
# where it is read.
|
||||||
|
#
|
||||||
|
# To run a diskless install you need to do the following:
|
||||||
|
#
|
||||||
|
# create /conf/default/etc/fstab
|
||||||
|
# this will replace the standard /etc/fstab and should contain
|
||||||
|
# as a minimum the following lines
|
||||||
|
# ${SERVER}:${DEST} / nfs ro 0 0
|
||||||
|
# ${SERVER}:/usr /usr nfs ro 0 0
|
||||||
|
# proc /proc procfs rw 0 0
|
||||||
|
#
|
||||||
|
# create /conf/default/etc/rc.conf
|
||||||
|
# this will replace the standard rc.conf and should contain
|
||||||
|
# the startup options for the diskless client. Most likely
|
||||||
|
# you will not need to set hostname and ifconfig_* because these
|
||||||
|
# will be already set by the startup code. You will also
|
||||||
|
# probably need to set local_startup="" so that the server's
|
||||||
|
# local startup files will not be used.
|
||||||
|
#
|
||||||
|
# create a kernel config file in /sys/i386/conf/DISKLESS with
|
||||||
|
# options MFS
|
||||||
|
# options BOOTP
|
||||||
|
# options BOOTP_NFSROOT
|
||||||
|
# options BOOTP_COMPAT
|
||||||
|
# and do a full build of the kernel.
|
||||||
|
# If you use the firewall, remember to default to open or your kernel
|
||||||
|
# will not be able to send/receive the bootp packets.
|
||||||
|
#
|
||||||
|
# On the server:
|
||||||
|
# enable NFS server and set /etc/exports as
|
||||||
|
# ${DEST} -maproot=0 -alldirs <list of diskless clients>
|
||||||
|
# /usr -alldirs
|
||||||
|
#
|
||||||
|
# enable bootpd by uncommenting the bootps line in /etc/inetd.conf
|
||||||
|
# and putting at least the following entries in /etc/bootptab:
|
||||||
|
# .default:\
|
||||||
|
# hn:ht=1:vm=rfc1048:\
|
||||||
|
# :sm=255.255.255.0:\
|
||||||
|
# :sa=${SERVER}:\
|
||||||
|
# :gw=${GATEWAY}:\
|
||||||
|
# :rp="${SERVER}:${DEST}":
|
||||||
|
#
|
||||||
|
# client1:ha=0123456789ab:tc=.default
|
||||||
|
#
|
||||||
|
# and make sure that client1 is listed in /etc/hosts
|
||||||
|
|
||||||
|
# VARIABLES:
|
||||||
|
# some manual init is needed here.
|
||||||
|
# DEST the diskless_root dir (goes into /etc/bootptab and /etc/exports
|
||||||
|
# on the server)
|
||||||
|
# DEVICES device entries to create in /dev
|
||||||
|
DEST=/diskless_root
|
||||||
|
DEVICES="all snd1 bktr0"
|
||||||
|
|
||||||
|
# you should not touch these vars:
|
||||||
|
# SYSDIRS system directories and mountpoints
|
||||||
|
# DIRS mountpoints (empty dirs)
|
||||||
|
# PWFILES files related to passwords
|
||||||
|
# TOCOPY files and dirs to copy from root partition
|
||||||
|
|
||||||
|
SYSDIRS="dev proc root usr var"
|
||||||
|
DIRS="cdrom home mnt"
|
||||||
|
PWFILES="master.passwd passwd spwd.db pwd.db"
|
||||||
|
TOCOPY="bin boot compat etc modules sbin stand sys"
|
||||||
|
|
||||||
|
init_diskless_root() {
|
||||||
|
echo "Cleaning old diskless root ($DEST)"
|
||||||
|
cd /
|
||||||
|
rm -rf ${DEST} && echo "Old diskless root removed."
|
||||||
|
echo "Creating $DEST..."
|
||||||
|
mkdir -p $DEST && echo "New diskless root created."
|
||||||
|
echo "+++ Now copy original tree from / ..."
|
||||||
|
ex=""
|
||||||
|
(cd / ; tar -clf - ${TOCOPY} ) | (cd $DEST; tar xvf - )
|
||||||
|
#(cd / ; find -x dev | cpio -o -H newc ) | \
|
||||||
|
# (cd $DEST; cpio -i -H newc -d )
|
||||||
|
echo "+++ Fixing permissions on some objects"
|
||||||
|
chmod 555 $DEST/sbin/init
|
||||||
|
}
|
||||||
|
|
||||||
|
update_conf_and_pw() {
|
||||||
|
echo "+++ Copying files in /conf and password files"
|
||||||
|
(cd ${DEST} ; rm -rf conf )
|
||||||
|
(cd / ; tar clf - conf ) | (cd ${DEST}; tar xvf - )
|
||||||
|
mkdir -p ${DEST}/conf/etc # used to mount things
|
||||||
|
(cd /etc ; tar cvf - ${PWFILES} ) | (cd ${DEST}/etc ; tar xf - )
|
||||||
|
}
|
||||||
|
|
||||||
|
update() {
|
||||||
|
echo "+++ update: create mountpoints and device entries, kernel"
|
||||||
|
for i in ${SYSDIRS} ${DIRS}
|
||||||
|
do
|
||||||
|
rm -r -f ${DEST}/$i
|
||||||
|
mkdir -p ${DEST}/$i && chown root:wheel ${DEST}/$i && echo -n "$i "
|
||||||
|
done
|
||||||
|
echo "."
|
||||||
|
ln -s /var/tmp ${DEST}/tmp
|
||||||
|
echo "+++ Now use MAKEDEV to create devices ${DEVICES}"
|
||||||
|
(cd $DEST/dev ; cp /dev/MAKEDEV . )
|
||||||
|
(cd $DEST/dev ; /dev/MAKEDEV ${DEVICES} )
|
||||||
|
(cd $DEST/dev ; ln -s /dev/sysmouse mouse )
|
||||||
|
echo "+++ Copying kernel from /sys/compile/DISKLESS"
|
||||||
|
cp /sys/compile/DISKLESS/kernel $DEST/kernel
|
||||||
|
echo "."
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# Main entry point
|
||||||
|
case $1 in
|
||||||
|
all) # clean and reinstall the whole diskless_root
|
||||||
|
init_diskless_root
|
||||||
|
update
|
||||||
|
update_conf_and_pw
|
||||||
|
;;
|
||||||
|
|
||||||
|
update) # clean and rebuild mountpoints and device entries
|
||||||
|
update
|
||||||
|
update_conf_and_pw
|
||||||
|
;;
|
||||||
|
|
||||||
|
*) # copy /conf and password files
|
||||||
|
update_conf_and_pw
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
exit 0
|
||||||
|
### end of file ###
|
Loading…
Reference in New Issue
Block a user