Difference between revisions of "OpenBSD readonly root"

From WTFwiki
Jump to navigation Jump to search
(link to other pages)
Line 5: Line 5:
 
mostly in the end-user or volatile-power routing environments.  Most often, I've done this<br />
 
mostly in the end-user or volatile-power routing environments.  Most often, I've done this<br />
 
on [http://www.soekris.com/ Soekris] [http://www.soekris.com/net4801.htm net4801] devices.<br />
 
on [http://www.soekris.com/ Soekris] [http://www.soekris.com/net4801.htm net4801] devices.<br />
We'll show an example of how to do it on a net4801, which is the same procedure for a net5501,<br/>
 
and we'll be using OpenBSD 4.6 for the example.<br/>
 
 
<br />
 
<br />
 
To perform such a magic trick, you need to do a bit more planning.  It's not as easy to run some<br />
 
To perform such a magic trick, you need to do a bit more planning.  It's not as easy to run some<br />
Line 15: Line 13:
 
space.<br />
 
space.<br />
  
= Practice =
+
= Detailed Examples =
 +
* [[OpenBSD Soekris Read Only Root]]
 +
* [[Sun Netra t1 compact flash root]]
  
== Installation ==
+
= Other Useful Info =
Perform a [[Setting up PXE|PXE-boot]] standard OpenBSD 4.6 i386 install, the following differences apply:<br/>
+
* [[Setting up PXE]] or: "building a netboot server"
* Press ^P at the 5-second BIOS countdown, then "boot f0" to boot from the first ethernet port.
 
* Interrupt the loader after it gives you a prompt (type anything, it stops the counter).
 
* Type the following, in this order:
 
 
 
  stty com0 19200
 
  set tty com0
 
  boot /bsd.rd
 
 
 
You should now be booting a kernel and be tossed into the OpenBSD installer.. look elsewhere<br/>
 
for instructions on how to properly setup PXE booting for OpenBSD, or maybe I'll document it<br/>
 
someday.<br/>
 
<br/>
 
* When installing, you should partition your CF card with 1 giant / partition, and *no swap*
 
* It'll ask you later on if you want to change the console to com0, tell it yes and choose 19200 to match the soekris BIOS settings.<br/>
 
* Once installed, reboot into your installation and do basic post-install configuration, including setting up network interfaces, adding packages, configuring sudo, etc.. the idea is to have a fully installed system that just needs configuration.
 
<br/>
 
Login and 'sudo ksh' if you haven't already: you'll need to perform a number of steps,<br/>
 
which I'll detail below..<br/>
 
 
 
  # cp /etc/rc /etc/rc-dist
 
  # ftp -o /etc/rc http://wtf.hijacked.us/random/OpenBSD-ro-rc/4.6-rc
 
  # cp /dev/MAKEDEV /etc/MAKEDEV
 
  # touch /var/run/ntpd.drift
 
  # touch /var/run/dhcpd.leases
 
  # touch /var/run/dhclient.leases.vr0
 
  # touch /var/run/dhclient.leases.vr1
 
  # touch /var/run/dhclient.leases.vr2
 
  # touch /var/run/dhclient.leases.vr3
 
  # ln -s /var/run/dhclient.leases.vr0 /var/db/dhclient.leases.vr0
 
  # ln -s /var/run/dhclient.leases.vr1 /var/db/dhclient.leases.vr1
 
  # ln -s /var/run/dhclient.leases.vr2 /var/db/dhclient.leases.vr2
 
  # ln -s /var/run/dhclient.leases.vr3 /var/db/dhclient.leases.vr3
 
  # ln -s /var/run/dhcpd.leases /var/db/dhcpd.leases
 
  # ln -s /var/run/ntpd.drift /var/db/ntpd.drift
 
  # pkill -9 cron
 
  # mv /var/cron /var/cron-dist
 
  # rm -f /var/cron-dist/tabs/.sock
 
  # cp -Rp /var/cron-dist /var/log/cron-running
 
  # ln -s /var/log/cron-running /var/cron
 
  # /usr/sbin/rndc-confgen -a -t /var/named
 
  # chmod 0640 /var/named/etc/rndc.key
 
  # mv /var/named /var/named-dist
 
  # mkdir /var/named
 
  # cat /etc/fstab | sed '1,$s/\/ ffs rw/\/ ffs ro/g' >/etc/fstab
 
  # mv /home /cfhome
 
  # mkdir /home
 
  # cat /etc/syslog.conf | grep -v -e xferlog -e lpd-errs >/etc/syslog.conf
 
  # cat /etc/newsyslog.conf | grep -v -e xferlog -e lpd-errs >/etc/newsyslog.conf
 
  # reboot
 
 
 
There.. if you did everything correctly and didn't do anything too funny with your system<br/>
 
before setting up read-only-root, things should come up with *no errors during boot*.. good luck.
 
 
 
[[User:Jontow|Jontow]] 16:10, 3 December 2009 (EST)
 

Revision as of 17:40, 3 December 2009

Theory

In a lot of situations, you'll find yourself not wanting to check filesystems, thereby
facilitating hard power-downs with ~no data loss. I've come across this case a few times,
mostly in the end-user or volatile-power routing environments. Most often, I've done this
on Soekris net4801 devices.

To perform such a magic trick, you need to do a bit more planning. It's not as easy to run some
services in a configuration like this, since they need areas to write to. Even worse is when they
need to write data that you actually want to keep. In this case, I like to avoid the RO root
scenario, because it adds some awkward complexity that involves a regular mount-writable/sync/remount-ro
cycle. In general though, most services you can get away with just providing them ramdisk scratch
space.

Detailed Examples

Other Useful Info