xpimage-notes.txt 32 KB
Newer Older
1
# Directions for setting up an XP image from scratch.
2
3
# These are raw notes and commands to paste into a shell.
# Mostly Bash shell commands for Windows, some tcsh commands for Boss or Ops.
4
5
# Some (most?) of it could be scriptified with some work. 

6
7
8
9
10
11
12
# Notice that this file has spaces instead of tabs at the beginning of lines.
# A tab in either Bash or tcsh causes it to display all of the possible command completions!

# By convention, "informational" commands are indented a couple of spaces more.
## Debugging and problem-solving stuff is double-commented.

alias v 'ls -lsF'               # "Verbose" listing
13
14
setenv en emulab.net
alias rootpc 'sudo ssh pc\!^.$en \!:2*'
15
16
alias rootrd 'rd  -K -g 1280x1024 -u root pc\!^.$en &'

17
18
19
20
21
22
23
24

    . Start with a clean XP image, without all of the freight from Russ C's work.

      - Swap in experiment Windows-1-base, log in as Administrator.

      - Set the Windows "w32time" NTP client to connect to the Emulab NTP host.

         . Runs as a service, periodically contacts the time server.
25
26
27
28
29
30
31
32
33
34
           ntp1 is a DNS alias for Ops.
           Need to restart w32time before it sees the setsntp configuration. (?)
             net time /querysntp
             net stop w32time
             net time /setsntp:ntp1
             net time /querysntp
             net start w32time
             # May take a couple of minutes to take effect.
             date
             
35
36
37
38
        . Need an NTP client, or at least the semblence of one.
            cat /etc/ntp.drift
          echo 0.000 > /etc/ntp.drift

39
40
41
42
43
44
45
46
47
48
49
50
51
52
      - Disable the Messenger Service to keep annoying pop-ups away.
            regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/Messenger
          regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/Messenger/Start 4

      - Disable the SSDP Discovery Service and Universal Plug and Play Device Host.
        This closes port 5000 to attacks.  Also the Remote Registry service.
            regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/SSDPSRV
            regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/upnphost
            regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry
          # (4 is Disabled, 3 is Manual, 2 is Automatic, 1 is only used for System services.)
          regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/SSDPSRV/Start 4
          regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/upnphost/Start 4
          regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/RemoteRegistry/Start 4

53
54
55
56
57
58
      - Set the workgroup name to EMULAB in Control Panel/System/Computer Name/Change...
        No need to reboot yet.

      - Make a "root" account in Control Panel/Administrative Tools/Computer Management/
        System Tools/Local Users and Groups/Users, put it in the Administrators and Users groups.

59
60
        . Also go into Services and Applications/Services and stop SSDP Discovery Service
          and Remote Registry.  Go into their Properties/Startup type and disable them as well.
61

62
63
        . While you're there, Right-click Start/"Explore All Users" and copy the Computer Management
          shortcut to the All Users/Desktop folder.
64
65
66
67
68
69
70
71
72

      - Start IE, make "blank" the home page. Click Tools/Internet Options/Home page/Use Blank.

      - Show My Computer.  (Desktop Properties/Desktop/Customize Desktop...)
        Turn off "Run Desktop Cleanup Wizard every 60 days".

      - Create C:/Temp, C:/Software/CygWin
      - Install CygWin
        . Download setup from www.cygwin.com/setup.exe to C:/Software/CygWin (in /share/windows, too.)
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
        . Run it.  Install dir is C:\cygwin, package dir is C:\Software\CygWin .
        . Mirror is http://mirrors.xmission.com .
        . Click [View] to "Not Installed" (alphabetical.)  
          Click on the Skip in the "New" column to add a binary version of:
            agetty, bison, cvs, cygrunsrv, ed, file, flex, gcc, gdb, make, minires-devel, nano,
            openssh, openssl-devel, patch, perl, perl-libwin32, python, rpm, rpm-build,
            rsync, shutdown, tcsh, vim, wget, zip .
        . Don't "Create an icon on the Desktop", do "Add icon to Start Menu".

        . Add ;C:\cygwin\bin to the end of the System PATH in 
          Control Panel/System/Advanced/Environment Variables.

        . Start up a Cygwin shell and fix the shell properties:
            Options QuickEdit Mode on, Layout/screen buffer height 3000, window height 55.
            Check "Modify shortcut that started this window".
          - Might as well fix the Start/Programs/Accessories/Command Prompt properties, too.
          - Copy the bash shortcut to the All Users/Desktop.  
          - Copy it to a tcsh icon as well, changing the path to c:\cygin\cygwin-tcsh.bat .
          - Copy the tcsh icon into All Users/Start Menu/Programs/Cygwin.
          - Create c:\cygin\cygwin-tcsh.bat as a copy of c:\cygin\cygwin.bat with
              bash --login -i
            changed to
              tcsh -l

        . Set up local homedirs under /home as a symlink.  ~root is already there.
            cd /tmp
            mv /home{,.orig}
            ln -s /cygdrive/c/Documents\ and\ Settings/ /home

        . Symlink the Windows hosts file into the Cygwin /etc.
            ln -s /cygdrive/c/WINDOWS/system32/drivers/etc/hosts /etc/hosts

        . Create a proper group file.  Make wheel an alias for Administrators.
106
107
            mkgroup -l | \
              awk '/^Administrators:/{print "wheel" substr($0, index($0,":"))} \
108
                   {print}' > /etc/group.new
109
110
111
112
113
114
115
116
117
118
            diff /etc/group{,.new}
            cp -p /etc/group{,.prev}
            mv /etc/group{.new,}

        . Update the passwd file after creating new accounts.  Make root uid 0 with /home/root.
            mkpasswd -l | awk -F: 'BEGIN{ OFS=":" } \
               { if ($1=="root") $3="0"; else sub("/home/", "/users/"); print }' > /etc/passwd.new
            diff /etc/passwd{,.new}
            cp -p /etc/passwd{,.prev}
            cp -p /etc/passwd{.new,}
119
            chown root /etc/{passwd,group}*
120
121

        . Set up sshd.  
122
123
124
125
126
127
          - Edit /bin/ssh-host-config to add a -i argument to the "cygrunsrv -I sshd" lines.
              ed /bin/ssh-host-config
              /cygrunsrv -I sshd/s//& -i/p
              /cygrunsrv -I sshd/s//& -i/p
              w
              q
128
          - Then start a cygwin shell and say:
129
130
131
132
133
134
135
136
137
              ssh-host-config -y -c "ntsec tty"
            or run ssh-host-config and answer the following interactive questions:
              Select privilege separation = yes, sshd user = yes, install as service = yes, 
                CYGWIN=ntsec tty
          - Check for -i flag: look for Interactive = 0x00000001 (1)
              regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/sshd/Parameters

          - Edit /etc/sshd_config
            . Add this line: AuthorizedKeysFile /sshkeys/%u/authorized_keys
Russ Fish's avatar
Tweaks.    
Russ Fish committed
138
139
140
                ed /etc/sshd_config
                /AuthorizedKeysFile
                a
141
142
143
144
AuthorizedKeysFile /sshkeys/%u/authorized_keys
.
w
q
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
            . LogLevel defaults to INFO, can be set to VERBOSE, DEBUG1, etc.
              Debug events are logged under Event View / Application / sshd,
              One line per event (ugh.)  Refresh to see new events with F5.
                ls -l /etc/sshd_config
                # Check.
                grep LogLevel /etc/sshd_config
	        # Make it writable to edit, then change it back.
                chmod g+w /etc/sshd_config
                nano /etc/sshd_config
                chmod g-w /etc/sshd_config
                # Get a running sshd to read the config file with SIGHUP.
                kill -HUP `cat /var/run/sshd.pid`

          - Start sshd.
              cygrunsrv -S sshd
160
161

          - Set up for root ssh access from Boss.
162
163
164
              chown root.wheel /home/root
              chmod 755 /home/root
              passwd root
165
166
daFluxGroup
daFluxGroup
167
168
169
170
171
172
173
174
              mkdir ~root/.ssh
              chown root.wheel ~root/.ssh
              # [On boss.]
              set pc=73
              set ssh_args='-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null"'
	      # This password isn't used for anything else, and doesn't need to be
	      # very secure because all users are in the Administrators group on the node.
              eval sudo ssh "$ssh_args" root@pc$pc id
175
daFluxGroup
176
              eval sudo scp "$ssh_args" ~root/.ssh/{id_dsa,identity}.pub root@pc$pc":".ssh
177
daFluxGroup
178
              eval sudo ssh "$ssh_args" root@pc$pc
179
daFluxGroup
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
              # [On the target.]
              id
              cd ~root/.ssh
              cat {id_dsa,identity}.pub > authorized_keys
              chmod 644 *
              ls -ld /home /home/root /home/root/.ssh /home/root/.ssh/auth*
              mkdir -p /sshkeys/root
              v -d /sshkeys
              chmod 700 /sshkeys/root
              cp -p /home/root/.ssh/authorized_keys /sshkeys/root
              ls -lR /sshkeys/root
              exit

            # [Check back on Boss.]
            eval sudo ssh "$ssh_args" pc$pc id
            # The following will likely complain due to nonstandard host keys.
            rootpc $pc id

          - Install the standard host keys, dated Jun 21  2001.
            ls -l /etc/ssh*
            # [On boss.]
            set pc=136
            set ssh_args='-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null"'
            eval sudo scp -rp "$ssh_args" /proj/testbed/fish/elab-host-keys root@pc$pc":"

            eval sudo ssh "$ssh_args" root@pc$pc
            # [On the target.]
207
208
209
210
211
212
213
214
215
216
217
218
219
220
              ls -l ~/elab-host-keys
              ls -l /etc/ssh*key*
              ls -l /etc/orig-ssh-keys

              mkdir /etc/orig-ssh-keys
              chown root /etc/ssh*key*
              cp -p /etc/ssh*key* /etc/orig-ssh-keys
              chown SYSTEM /etc/orig-ssh-keys/*
              ls -l /etc/orig-ssh-keys

              cp -p ~/elab-host-keys/* /etc
              chown SYSTEM /etc/ssh*key*
              ls -l /etc/ssh*key*

221
222
223
            # The following should no longer complain due to nonstandard host keys.
	    # [On Boss.] 
            rootpc $pc id
224
225

      - Install tools: WinZip and Emacs.
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
            # [On boss:]
            sudo scp -rp /share/windows/emacs-21.3-fullbin-i386.tar.gz root@pc$pc":"/tmp
            sudo scp -rp /share/windows/winzip90.exe root@pc$pc":"/tmp

            # Log in as root via RDP.
	    rootrd $pc
	    # [On the node, as root.]
            # Graphical installer.  Start with WinZip Classic, custon setup, no desktop icon.
            /tmp/winzip90.exe

            cd C:
            # Don't worry about a plethora of "Cannot change ownership" warnings.
            tar xfz /tmp/emacs-21.3-fullbin-i386.tar.gz
            # Graphical, set up the registry, start menu, etc.
            C:/emacs-21.3/bin/addpm.exe
            # Then copy the Emacs shortcut to the All Users/Desktop folder.

            # Make "emacs" be the NTEmacs runemacs starter, with "emacs-exe" for a compiler.
            ln -s /cygdrive/c/emacs-21.3/bin/runemacs.exe /usr/local/bin/emacs
            ln -s /cygdrive/c/emacs-21.3/bin/emacs.exe /usr/local/bin/emacs-exe
246
247

      - Get other stuff that "make client" depends on.
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
                ## Collect the include files for mysql and the Boost Graph Library.
                cd /usr/local/include
                tar cfz /share/windows/mysql-include.tgz mysql
                tar cfz /share/windows/boost-include.tgz boost
            # [On Boss.]
            sudo scp -rp /share/windows/{mysql,boost}-include.tgz root@pc$pc":"/tmp
            sudo scp -rp /share/windows/{WSName,addusers,usrtogrp,setx}.exe root@pc$pc":"/tmp
            # [On the target.]
            mkdir /usr/local/include
            cd /usr/local/include
            tar xfz /tmp/mysql-include.tgz
            tar xfz /tmp/boost-include.tgz

            # Build Elvin libs with GCC for testbed client programs.  
	    # [On Boss.]
            sudo scp -p /usr/testbed/www/distributions/*elvin*-4.0.3.tar.gz root@pc$pc":"/tmp
	    # [On the node.]
            # Need a path without embedded spaces for the make actions to work.
            mkdir C:/elvin
            cd C:/elvin
            # Don't worry about a plethora of "Cannot change ownership" warnings.
            tar xfz /tmp/libelvin-4.0.3.tar.gz
            tar xfz /tmp/elvind-4.0.3.tar.gz

            cd C:/elvin/libelvin-4.0.3
              # configure: error: Elvin requires that doubles be IEEE 754 compliant
              # On XP w/ no SP's, edit configure, line 3547, add exit(0); to patch around it.
            ./configure >& configure.trace 
              tail configure.trace

            # Comment out #elif defined(HAVE_WINBASE_H)
                              FreeLibrary(cat);
              in c:/elvin/libelvin-4.0.3/src/lib/i18n.c
            make >& make.log1
              tail make.log1
            make install >& install.log1
              tail install.log1
              make clean

# SKIP[
            # Build Elvin for Windows on Coke, and tar it up for later installation.
            scp -p bos:"/usr/testbed/www/distributions/*elvin*-4.0.3.tar.gz" /tmp
            mkdir C:/elvin
            cd C:/elvin
            tar xfz /tmp/libelvin-4.0.3.tar.gz
            tar xfz /tmp/elvind-4.0.3.tar.gz
            # Rename lib dir for makefiles in elvind.
            mv libelvin-4.0.3 elvin4

            cd C:/elvin/elvin4
            nmake /k /f Makefile.win >& lib-make.winlog1
            mkdir -p C:/Program\ Files/elvin4/{bin,lib,doc}
            cp -p win32/bin/*.exe C:/Program\ Files/elvin4/bin
            cp -p win32/lib/{,*/}*.{dll,lib} C:/Program\ Files/elvin4/lib
            mkdir C:/Program\ Files/elvin4/include
            cp -p src/include/elvin/*.h C:/Program\ Files/elvin4/include

            cd C:/elvin/elvind-4.0.3        
            nmake /k /f Makefile.win >& program-make.winlog1
            cp -p *.exe *.pem C:/Program\ Files/elvin4/bin
            cp -p [A-Z][A-Z]* C:/Program\ Files/elvin4/doc
              scp -p ../*/*.winlog* ops:/proj/testbed/fish/elvin
            scp -p ops:/proj/testbed/fish/elvin-config /cygdrive/c/Program\ Files/elvin4/bin

            # Install dll's in the system so the server can be run.
            v C:/Program\ Files/elvin4/lib
            chmod -R g-w C:/Program\ Files/elvin4
            chmod a+x C:/Program\ Files/elvin4/lib/*
            cp -p C:/Program\ Files/elvin4/lib/* $nts

            elvin="C:/Program Files/elvin4/bin/elvinsvc.exe"
              v "$elvin"
            "$elvin" --help
            # Application Error - The application failed to initialize properly (0xc0000022).

            tar cfz /tmp/elvin4-windows.tar.gz -C /cygdrive/c Program\ Files/elvin4
            scp -p /tmp/elvin4-windows.tar.gz ops:/share/windows
# SKIP]

            # Install the Windows Elvin, built on Coke above.
            # [On Boss.]
            sudo scp -p /share/windows/elvin4-windows.tar.gz root@pc$pc":"/tmp
            sudo scp -p /share/windows/elvind.conf.windows root@pc$pc":"/tmp/elvind.conf

            # [On the experiment node as root (Bash shell):]
            rootpc $pc
              cd C:
                ls -ld Program\ Files/elvin*
              tar xvfz /tmp/elvin4-windows.tar.gz
              chown -R root Program\ Files/elvin4
              cp -p C:/Program\ Files/elvin4/lib/* C:/WINDOWS/system32
              cp -p C:/Program\ Files/elvin4/lib/* /usr/local/lib
                diff /usr/local/etc/elvind_ssl.pem C:/Program\ Files/elvin4/bin/elvind_ssl.pem
              cp -p C:/Program\ Files/elvin4/bin/elvind_ssl.pem /usr/local/etc/elvind_ssl.pem

              elvind="C:/Program Files/elvin4"
              elvin="$elvind/bin/elvinsvc.exe"
                ls -l "$elvind/bin"
              chmod -R g-w "C:/Program Files/elvin4"
                "$elvin" --help &
              # Install as a service.
              "$elvin" -r
              # Install a config file and set the path for the server.
                diff /usr/local/etc/elvind.conf /tmp/elvind.conf
              cp /tmp/elvind.conf /usr/local/etc/elvind.conf
                ls -l /usr/local/etc/elvind.conf
              "$elvin" -c `cygpath -w /usr/local/etc/elvind.conf`
                  ## Testing: start elvinsvc from the Services Manager now.
              # Make elvinsvc automatic in services manager, or use these commands:
            	regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/elvinsvc.exe
              # (4 is Disabled, 3 is Manual, 2 is Automatic, 1 is only used for System services.)
              regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/elvinsvc.exe/Start 2

# SKIP[
              ## Use any Windows experiment with a Program object in it for testing.
              pid=testbed eid=Windows-1
                pid=testbed eid=Windows-1b
                pid=testbed eid=Windows-1c
              $BINDIR/evproxy -s event-server -e $pid/$eid
	      
	      ## program-agent debugging.
                ps -Welf | grep program-agent
                $rc/rc.progagent shutdown
              $rc/rc.progagent boot
                ## Debugging.
                tail $LOGDIR/progagent.debug
                program-agent -d -e $pid/$eid -s localhost -c /var/emulab/boot/progagents
                # [On ops.]
                tevc -e testbed/Windows-1c now prog0 start \
                    COMMAND="bash -c 'date; hostname' > /tmp/host.txt"
                # [On the node.]
                tail /tmp/host.txt
                cat /local/logs/prog0.status
	      
                ## C:\cygwin\bin\tcsh.exe (2504): *** couldn't create window, Win32 error 5
                ## See http://comments.gmane.org/gmane.os.cygwin.patches/2559
                ## This is at cygwin-1.5.17-1-winsup/cygwin/window.cc:wininfo::winthread():96
                ## Try starting rc.progagent as a separate service with -i for a desktop.
	        
                  ## Started up and stopped immediately.  Needs something else in rc.bootsetup.
                  --dep elvinsvc.exe \
	        
                  ## Depend on EmulabStartup (rc.bootsetup), which depends on the elvin service,
                  ## and also starts evproxy.  But it stops rather than staying running...
                  --dep EmulabStartup \
	        
                ## Make it manual, and explicitly start it after rc.bootsetup in EmulabStartup.
                ## Works, but stays in "starting" state, err in bootsetup.log:
                ##  cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 1053:
                ##  The service did not respond to the start or control request in a timely fashion.
# SKIP]

              # For setuid() to work, Root must have these rights: Create a token object; Replace a
401
402
403
404
405
406
407
408
              # process level token; and Increase Quota rights.
              # http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch,
              # http://msdn.microsoft.com/library/en-us/secauthz/security/authorization_constants.asp
              editrights -u root -l
              editrights -u root -a SeCreateTokenPrivilege -l
              editrights -u root -a SeAssignPrimaryTokenPrivilege -l
              editrights -u root -a SeIncreaseQuotaPrivilege -l

409
              # program-agent service start-up.
410
411
                cygrunsrv -R ProgAgent
              cygrunsrv -I ProgAgent -d "Emulab Program Agent" -i -p /cygdrive/c/cygwin/bin/bash \
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
                  --type manual \
                  -a "--norc --noprofile -c '/usr/local/etc/emulab/rc/rc.progagent >& /var/log/program-agent.log'"
                regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/ProgAgent/Parameters
                cygrunsrv -Q ProgAgent
                cygrunsrv -S ProgAgent
                cygrunsrv -E ProgAgent

                  tail /var/log/{program-agent,ProgAgent}.log
                touch /var/log/{program-agent,ProgAgent}.log
                chmod 777 /var/log/{program-agent,ProgAgent}.log

# SKIP[
                # Little problem: "Must be root to run this script!"
                # Add this: 
                  # This runs as a separate Local System service on XP.  Change to root.
                  if (WINDOWS()) { $EUID = $UID = 0; }

                # Testing on ops.
                tevc -e testbed/bsd-1 now prog0 start
                tevc -e testbed/bsd-1 now prog0 start COMMAND='hostname >>& /users/fish/test.out'

                tevc -e testbed/Windows-1 now prog0 start COMMAND='hostname>>&/users/fish/test.out'
                  v /users/fish/test.out
                  tail /users/fish/test.out
                tevc -e testbed/Windows-1 now prog0 run COMMAND='touch /tmp/foo'
                tevc -e testbed/Windows-1 now prog0 run COMMAND='id'
                tevc -e testbed/Windows-1 now prog0 run COMMAND='ls -l /users/fish'
                tevc -e testbed/Windows-1 now prog0 run COMMAND='ls -l /proj/testbed/fish'

                # [On the node.]
                cat /local/logs/prog0.status
                cat /local/logs/prog0.err
                cat /local/logs/prog0.out
# SKIP]
446
447
448

      - Get the testbed client code via CVS, build, and install it.
            rootpc $pc
449
450
451
452
453
454
455
456
457
458
459
460
461
462
            # [As root, on the node.]
	    set ws_login=fish@kzin.flux.utah.edu
            # Start an agent and go to your workstation to get your ssh keys for the cvs server.
            eval `ssh-agent -s`
              ssh-add -l
            ssh -A $ws_login
              ssh-add -l
            kdsa
            exit
              ssh -v $ws_login id

              mkdir ~/flux
            cd ~/flux
            export CVSROOT=$ws_login:/usr/flux/CVS CVS_RSH=ssh
463
464
465

              # First time only
              mkdir CVS; touch CVS/Entries; echo . > CVS/Repository
466
            # Any time the testbed tree needs to be re-created.
467
468
            cvs -Q co testbed

469
470
471
472
              # Updates After that.
              cat CVS/Entries
                cvs -n -q update testbed
              cvs -Q update -d testbed
473
474
475
476
477

            # Some dotfiles for Root.
            cp -p testbed/tmcd/cygwinxp/cygwin.root.bashrc ~root/.bashrc
            cp -p testbed/tmcd/cygwinxp/cygwin.root.bash_profile ~root/.bash_profile
            cp -p testbed/tmcd/cygwinxp/cygwin.root.emacs ~root/.emacs
478
            # No HOME envar is set for root's desktop, so Emacs defaults it to C:/ .
479
480
            cp -p ~root/.emacs C:/.emacs

481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
            # Site-lisp files for Emacs.
            cp -rp testbed/tmcd/cygwinxp/site-lisp/* c:/emacs-21.3/site-lisp
            ls -l c:/emacs-21.3/site-lisp

            # Need a resolv.conf before tmcc will work.
              cat /etc/resolv.conf
            cp -p ~/flux/testbed/tmcd/cygwinxp/resolv.conf /etc/resolv.conf
             
            mkdir /usr/local/man/man8
              
            # Get the binary programs into the source tree for install.
              ls -l ~/flux/testbed/tmcd/cygwinxp/*.exe
            # [On boss:]
            sudo scp -rp /share/windows/{WSName,addusers,usrtogrp,setx}.exe root@pc$pc":"/tmp
            # [Back on the client:]
            cp -p /tmp/{WSName,addusers,usrtogrp,setx}.exe ~/flux/testbed/tmcd/cygwinxp

	    # Finally ready to do the Emulab makes!
            mkdir ~/flux/obj-real
            cd ~/flux/obj-real
              v configure.trace*
              mv configure.trace{,.1}
            ../testbed/configure --enable-windows --enable-windowsclient >& configure.trace
              # Should end with "creating config.h".
              tail configure.trace

            # The first make fails with "Cannot change ownership" warnings unpacking tg2.0 .
            make client-install >& make.log1
              tail make.log1
            # No worries.  Patch it explicitly, since the patch action gets skipped.
            (cd ~/flux/testbed/event/trafgen; patch -p0 < tg.patch)

            # If this is an update, evproxy is run by rc.bootsetup and nothing stops it.
            # The install of evproxy in the make will fail unless we stop it first.
            ps -Welf | grep evproxy
              kill `ps -Welf | grep evproxy | awk '{print $2}'`
            make client-install >& make.log2
              tail make.log2

                # Only needed if there are problems...
                make client-install >& make.log3
                make -k client-install >& make.log4
                make -k client-install >& make.log5
                make client-install >& make.log6
                make client-install >& make.log7
                make client-install >& make.log8
                make client-install >& make.log9
528
529
530

      . Patch the /etc/profile file to use /home dirs if the /users mounts are down.
        Remember that /etc/profile may get stepped on when you upgrade CygWin!
531
            (cd ~/flux; cvs update testbed/tmcd/cygwinxp/profile)
532
          diff /etc/profile ~/flux/testbed/tmcd/cygwinxp
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
            # If the diffs are right, just copy the Emulab one.
            cp ~/flux/testbed/tmcd/cygwinxp/profile /etc
          # Otherwise, edit the file.
          ed /etc/profile
  /^# If the home directory doesn't exist, create it./,/^if \[ ! -d "\${HOME}" \]; then/p
/^# If the home directory doesn't exist, create it./,/^if \[ ! -d "\${HOME}" \]; then/c
### Use a local dir under sshd if the mount failed.
if [ ! -d "$HOME" ]; then
        HOME=/home/$USER
fi
# If the home directory doesn't exist, create it.
if [ ]; then
###if [ ! -d "${HOME}" ]; then
.
  .-10,.+5p
548
549

      . Set up the tbshutdown script to run as a service, to get a shutdown signal.
550
551
552
553
            editrights -u root -l
          editrights -u root -a SeServiceLogonRight -l
          # Don't forget to set the root password to this.
          rootpwd='daFluxGroup'
554
          # EmulabShutdown is started manually later on from rc.cygwinxp .
555
          echo "$rootpwd"
556
557
558
559
560
            cygrunsrv -R EmulabShutdown
          cygrunsrv -I EmulabShutdown -u root -w "$rootpwd" -p /cygdrive/c/cygwin/bin/bash \
              --shutdown --type manual \
              -a "--norc --noprofile -c '/usr/local/etc/emulab/tbshutdown'"

561
562
563
564
565
          # If you see the following, try running rc.accounts or rc.bootsetup below to 
	  # clear it up.  Haven't figured this out yet...
          ##cygrunsrv: Error installing a service: CreateService:  Win32 error 1057:
          ##The account name is invalid or does not exist, or the password is invalid 
          ##for the account name specified.
566

567
568
569
          touch /var/log/EmulabShutdown.log
          chmod 666 /var/log/EmulabShutdown.log
          regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/EmulabShutdown/Parameters
570
          cygrunsrv -Q EmulabShutdown
571
572
	    # Manual start-up.
            cygrunsrv -S EmulabShutdown
573
574

      . See if rc.bootsetup works.
575
576
577
          ##Running os dependent initialization script rc.cygwin
          ##chmod: cannot access `/var/log/EmulabStartup.log': No such file or directory
          ##chmod: cannot access `/etc/emulab/iscygwin': No such file or directory
578
579
          touch /var/log/EmulabStartup.log
          chmod 666 /var/log/EmulabStartup.log
580
581
582
583
584
585
586
            tmcc nodeid
              ## Missing /etc/resolv.conf .
              tmcc -d nodeid
                    nodeid 
                    /usr/local/etc/emulab/tmcc.bin  -d nodeid 
                    Connection to TMCD refused. Waiting ...
            ## Should reboot, the first time, when it changes the node ID.
587
            $rc/rc.cygwin
588
589
          v -d /sshkeys
          mkdir /sshkeys
590
          chmod 777 /sshkeys
591
            $rc/rc.accounts
592
593
594
595
          $rc/rc.bootsetup

      . Set up the boot script to run as a service.

596
597
598
          # Better: with dependency on Elvin, run rc.cygwin separately first, ProgAgent after.
              cygrunsrv -R EmulabStartup 
          rootpwd='daFluxGroup'
599
600
          cygrunsrv -I EmulabStartup -u root -w $rootpwd -p /cygdrive/c/cygwin/bin/bash \
           --dep elvinsvc.exe \
601
           -a "--norc --noprofile -c '( /usr/local/etc/emulab/rc/rc.cygwin; /usr/local/etc/emulab/rc/rc.bootsetup; cygrunsrv -S ProgAgent ) >& /var/log/bootsetup.log'"
602

603
604
605
606
607
608
609
610
611
612
613
614
615
616
              cygrunsrv -Q EmulabStartup 
            cygrunsrv -S EmulabStartup 
            cygrunsrv --help
          regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/EmulabStartup/Parameters
          sc query EmulabStartup

      . Make a $HOME envar for everybody, so Emacs works on startup from the desktop.
        - Set a user environment variable: HOME = /users/%USERNAME%
        - Stored in HKCU/Environment, which is HKU/*/Environment based on the user SIDs.
        - The user registry key (folder) is created at first login, doesn't exist before that.
          Run setx after that at login time to set the HOME environment variable value.
                # Check.
                regtool get /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME
          # Use the Windows command prompt rather than a script.
617
618
          regtool -s set /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME \
            'cmd /C "if not %USERNAME% == root if not %USERNAME% == Administrator setx HOME //fs/%USERNAME%"'
619
620
621
                # Undo.
                regtool unset /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME
          # Check that setx.exe is in system32.
622
623
624
625
626
          v C:/WINDOWS/system32/setx.exe

================================================================
Making images

627
     . Uninstall the experimental net devices in Computer Management/Device Manager.
628
         # Check which one is the control net interface.
629
630
631
         ipconfig /all
       Select a non-control net interface, hit delete, enter.
       Takes about 15 seconds per interface.
632

633
     . Run prepare to clear out experiment-specific state.
634
635
636
637
638
        rootpc $pc
          # Ignore complaints about all of the C:/Documents and Settings directories
          # that were never created because the user didn't log in...
          prepare
          exit
639
640
641

    . Add an entry at the beginning of xpimage-log.txt, and create the image descriptor.

642
643
644
645
646
647
648
649
650
651
    . Capture the image with imagezip.  
      You can specify the PC from which to grab the image when you create an image-id.
      When updating existing images, I do it by hand in two stages, as below.
    
        # [On boss.]
        set pc=136 image=SP1
        set pc=73 image=SP0a
        set pc=2 image=SP0
        df -m /proj/testbed/images /usr/testbed/images
          # Verify SSH working.
652
653
          rootpc $pc id

654
        # Boot into the MFS.  The serial console will show you when it's open for business.
655
        wap node_admin on pc$pc &
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
              # Should no longer be necessary.
              rootpc $pc /sbin/reboot

        # Make WINXP-TMP on /proj, then move it to /usr/testbed/images with the right name.
        rootpc $pc
          cd /proj/testbed/images
          df -m /proj/testbed/images
          ls -l WINXP*
          imagezip -o -I 2 -I 3 -I 4 /dev/ad0 WINXP-TMP.ndz
          ls -l WINXP*
          exit

        # Reboots the source node back into Windows.
        wap node_admin off pc$pc

        # Move the image to /usr/testbed/images to avoid NFS reads, for faster swap-in.
          ls -l /{proj,usr}/testbed/images/WIN*
        ls -l /proj/testbed/images/WINXP-TMP.ndz /usr/testbed/images/WINXP-$image.ndz
        df -m /usr/testbed/images
        cp /{proj,usr}/testbed/images/WINXP-TMP.ndz
        # Check.
        ls -l /{proj,usr}/testbed/images/WINXP-TMP.ndz
        cksum /usr/testbed/images/WINXP-TMP.ndz & ssh ops cksum /proj/testbed/images/WINXP-TMP.ndz
          # May want to save a version or two along the way.
          v /usr/testbed/images/WINXP-$image*.ndz
          df -m /usr/testbed/images
          mv /usr/testbed/images/WINXP-$image{,-7-05}.ndz
        # Install with mv.  Frisbee might have the old inode still open.
        mv /usr/testbed/images/WINXP-{TMP,$image}.ndz
        ls -l /usr/testbed/images/WINXP-$image.ndz
        df -m /usr/testbed/images
        # Clear the temp from /proj.
        rm -f /proj/testbed/images/WINXP-TMP.ndz
        df -m /proj/testbed/images
          ls -l /{proj,usr}/testbed/images/WIN*
        
692
    . DEMOTING an image to /proj/testbed/images (edit the image descriptor.)
693
694
695
696
697
698
699
700
701
702
        ls -l /usr/testbed/images/WINXP-$image.ndz
        df -m /proj/testbed/images
        cp /usr/testbed/images/WINXP-$image.ndz /proj/testbed/images
        # Check.
        ls -l /{usr,proj}/testbed/images/WINXP-$image.ndz
        ssh ops cksum /proj/testbed/images/WINXP-$image.ndz & cksum /usr/testbed/images/WINXP-$image.ndz
        # Clear the old copy.
        df -m /usr/testbed/images
        rm -f /usr/testbed/images/WINXP-$image.ndz
        df -m /usr/testbed/images