xpimage-notes.txt 59.8 KB
Newer Older
1
# Directions for setting up an XP image from scratch.
2 3
# These are raw notes and commands to paste into a shell.
# Mostly Bash shell commands for Windows, some tcsh commands for Boss or Ops.
4 5
# Some (most?) of it could be scriptified with some work. 

6 7
# Notice that this file has spaces instead of tabs at the beginning of lines.
# A tab in either Bash or tcsh causes it to display all of the possible command completions!
8 9 10 11
# Here's a little Emacs keyboard macro to ease the copy-and-paste business:
    ; Copy a command line, leaving off the whitespace on the beginning of the line.
    (fset 'copy-command-line [?\M-m ?\C-  ?\C-e ?\C-f C-insert])
    (global-set-key "\^C\^E" 'copy-command-line)
12

13 14
# By convention, optional "informational" commands are indented a couple of spaces more.
## Debugging and problem-solving stuff is double-# commented.
15 16

alias v 'ls -lsF'               # "Verbose" listing
17 18
setenv en emulab.net
alias rootpc 'sudo ssh pc\!^.$en \!:2*'
19 20
alias rootrd 'rd  -K -g 1280x1024 -u root pc\!^.$en &'

21 22
# In Bash,
alias v='ls -lsF'
23

24
    . Start with a clean XP image, as it comes from the CD.
25

26 27 28 29 30 31 32
      - How to do the Windows XP installation and make a WINXP-BASE image:

        . Swap in a firewalled experiment with a FBSD-STD image.
        . Do "node_admin on" so PXE throws it into the FBSD MFS.
        . Hook up a console, reboot and modify the boot order to boot from the Windows XP CD.

        . Do the Windows installation, adding whatever drivers are needed.
Russ Fish's avatar
Russ Fish committed
33
          - 8 gig is a good size for the XP NTFS partition, of which 4-5 will be user space.
34 35 36 37
            (They can always allocate more later with Disk Manager.)
          - You'll save some work later if you make the first admin user account named "root".

        . Set the usual password for root in Control Panel / User Accounts.
Russ Fish's avatar
Russ Fish committed
38
            It asks whether to make the root files private.  I've been saying "no".
39 40 41 42 43
          - While you're there, click "Change the way users log on or off" and make
            sure "Use Fast User Switching" is turned on.

        . Make sure you turn on Remote Desktop logins under Control Panel / System / Remote (!)

Russ Fish's avatar
Russ Fish committed
44
        . Go into Control Panel / Power Options / Hibernate, and make sure it's disabled.
45 46
          This will give you extra gigs of disk space on C: equal to your RAM size .
          Also set Power Options / Power Schemes to "Always On".
47 48 49 50 51 52

        . Set the workgroup name to EMULAB in Control Panel/System/Computer Name/Change...
          No need to reboot yet if you have more to do.

        . On reboot, restore the boot order so PXE goes back into the FBSD MFS, and make an image.
          (See imagezip commands below.)  
Russ Fish's avatar
Russ Fish committed
53
          Make sure the Operational Mode is MINIMAL in the Image Descriptor, rather than NORMALv2!
54 55

      - Make a firewalled experiment using the WINXP-BASE image above, log in as "root".
56

57 58 59 60 61 62 63 64 65 66
         . The experiment should be behind a firewall, to avoid contamination.

            # Firewall while making Windows images.
            set fw [new Firewall $ns]
            $fw set-type ipfw2-vlan
            $fw set-style basic

            # Allow Cygwin setup and Windows Update to work.
            $fw add-rule "allow tcp from any to any 80,443 in via vlan0 setup keep-state"

67 68
         . Note that it takes a couple of minutes after booting for the RDP service to start,
           so don't worry if you can't log in at first.
69

70 71 72 73 74 75 76 77 78 79 80
      - Set the Windows "w32time" NTP client to connect to the Emulab NTP host.
        Runs as a service, periodically contacts the time server.
          # ntp1 is a DNS alias for Ops.
          # Do this in a Windows CMD shell, since you don't have Cygwin shells yet.
          net time /querysntp
          # Need to restart w32time before it sees the setsntp configuration. (?)
          net stop w32time
          net time /setsntp:ntp1
          net time /querysntp
          net start w32time
          # May take a minute to take effect.
81 82
             
      - Disable the Messenger Service to keep annoying pop-ups away.
83 84 85
            cygrunsrv -VQ  Messenger
          sc config Messenger start= disabled
          sc stop Messenger
86 87

      - Disable the SSDP Discovery Service and Universal Plug and Play Device Host.
88 89 90 91 92 93 94 95 96 97 98 99
        This closes port 5000 to attacks.  Also disable the Remote Registry service.
            cygrunsrv -VQ  SSDPSRV
            cygrunsrv -VQ  upnphost
            cygrunsrv -VQ  RemoteRegistry

          sc config SSDPSRV start= disabled
          sc config upnphost start= disabled
          sc config RemoteRegistry start= disabled

          sc stop SSDPSRV
          sc stop upnphost
          sc stop RemoteRegistry
100

Russ Fish's avatar
Russ Fish committed
101 102 103 104 105 106
      - Go into Control Panel/Administrative Tools (it's under Performance and
        Maintenance in the new Control Panel interface.)

        . Right-click Start/"Explore All Users" and drag a copy of the Computer
          Management shortcut from Administrative Tools into the All Users/Desktop
          folder.
107

Russ Fish's avatar
Russ Fish committed
108 109 110
      - If you haven't already made a "root" account, go into Computer Management/
        System Tools/Local Users and Groups/Users, put it in the Administrators group.
        . Also make it a member of the Users groups.
111 112 113 114 115 116

      - Start IE, make "blank" the home page. Click Tools/Internet Options/Home page/Use Blank.

      - Show My Computer.  (Desktop Properties/Desktop/Customize Desktop...)
        Turn off "Run Desktop Cleanup Wizard every 60 days".

117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
      - Create C:/Temp, C:/Software/Cygwin
          # [Windows cmd prompt, there's no Cygwin shell yet...]
          mkdir C:\Temp
          mkdir C:\Software\Cygwin

      - Install Cygwin
        . (Try copying /etc/setup/* from an existing image to script the selection work.)
           # There's no scp to copy them with, so use Windows SMB File Sharing to get it
           # from \\fs\share\windows\cygwin-etc-setup.)
             mkdir C:\cygwin
           # Hm.  Still didn't come up with the added packages selected.
           # When C:\Software\Cygwin/http... is copied, it thinks everything is already installed.
           # Removing the /etc/setup/installed.db file seems not to help.
           # Nothing relevant to install in HKLM/SOFTWARE/Cygnus Solutions/Cygwin, either...

        . Download setup from www.cygwin.com/setup.exe to C:/Software/Cygwin.
          Once you have a Cygwin, you can update the setup.exe by:
134
           # [On ops.]
135 136 137 138
           set pc=325
           scp /share/windows/cygwin-setup.exe pc$pc":"/tmp/setup.exe
           # [On the machine.]
           cp /tmp/setup.exe C:/Software/Cygwin
139 140 141

        . Run Cygwin setup.exe .
            # After Cygwin in installed, ensure that upgrading SSH won't hang.
142
            net stop sshd
143 144 145
            C:/Software/Cygwin/setup.exe &
        . Install dir is C:\cygwin, package dir is C:\Software\Cygwin .
        . Download site mirror is http://mirrors.xmission.com .
146 147
        . Click [View] to "Not Installed" (alphabetical.)  
          Click on the Skip in the "New" column to add a binary version of:
Russ Fish's avatar
Russ Fish committed
148
            agetty, bison, cvs, cygrunsrv, ed, file, flex, gcc, gdb, inetutils, 
Russ Fish's avatar
Russ Fish committed
149
            make, minires-devel, more, nano, openssh (with src), openssl-devel, 
150 151 152
            patch, perl, perl-libwin32, psmisc, python, rpm, rsync, 
            shutdown, sysvinit, tcsh, vim, wget, zip .
          Click in the "src" column for openssh and agetty, so patches can be applied.
153
        . At the end, don't "Create an icon on the Desktop", do "Add icon to Start Menu".
154 155 156 157 158 159 160 161

        . Add ;C:\cygwin\bin to the end of the System PATH in 
          Control Panel/System/Advanced/Environment Variables.

        . Start up a Cygwin shell and fix the shell properties:
            Options QuickEdit Mode on, Layout/screen buffer height 3000, window height 55.
            Check "Modify shortcut that started this window".
          - Might as well fix the Start/Programs/Accessories/Command Prompt properties, too.
Russ Fish's avatar
Russ Fish committed
162 163 164 165 166 167 168
          - Create c:\cygin\cygwin-tcsh.bat as a copy of c:\cygin\cygwin.bat with
            "bash --login -i" changed to "tcsh -l".
               ### Now we can use Cygwin (Bash) shell commands...  ###
               alias v='ls -lsF'
               cd C:/cygwin
               sed 's/bash --login -i/tcsh -l/' < cygwin.bat > cygwin-tcsh.bat
               chmod +x cygwin-tcsh.bat
169
          - Copy the bash shortcut to the All Users/Desktop.  
170
          - Copy it to a tcsh icon as well, changing the Target to c:\cygin\cygwin-tcsh.bat .
171
          - Copy the tcsh icon into All Users/Start Menu/Programs/Cygwin.
Russ Fish's avatar
Russ Fish committed
172 173
               cd C:/Documents\ and\ Settings/All\ Users
               cp -p Desktop/Cygwin\ TCSH\ Shell.lnk Start\ Menu/Programs/Cygwin
174 175 176 177 178 179

        . Set up local homedirs under /home as a symlink.  ~root is already there.
            cd /tmp
            mv /home{,.orig}
            ln -s /cygdrive/c/Documents\ and\ Settings/ /home

Russ Fish's avatar
Russ Fish committed
180 181 182
        . The Windows hosts file should already be symlinked into the Cygwin /etc.
            ls -l /etc/hosts
              ln -s /cygdrive/c/WINDOWS/system32/drivers/etc/hosts /etc/hosts
183 184

        . Create a proper group file.  Make wheel an alias for Administrators.
185 186
            mkgroup -l | \
              awk '/^Administrators:/{print "wheel" substr($0, index($0,":"))} \
187
                   {print}' > /etc/group.new
188 189 190 191 192 193
            diff /etc/group{,.new}
            cp -p /etc/group{,.prev}
            mv /etc/group{.new,}

        . Update the passwd file after creating new accounts.  Make root uid 0 with /home/root.
            mkpasswd -l | awk -F: 'BEGIN{ OFS=":" } \
194 195 196 197
               { if ($1=="root") $3="0"; \
                 else if ($1=="sshd") $NF="/bin/false"; \
                      else sub("/home/", "/users/"); \
                 print }' > /etc/passwd.new
198 199 200
            diff /etc/passwd{,.new}
            cp -p /etc/passwd{,.prev}
            cp -p /etc/passwd{.new,}
201
            chown root /etc/{passwd,group}*
202

Russ Fish's avatar
Russ Fish committed
203 204
            ### Note: the root UID changed from 1003 to 0.  ###
            ### Restart your Bash shell to get the new one before going on!  ###
205

Russ Fish's avatar
Russ Fish committed
206 207 208 209 210 211 212 213 214 215
        . Set up the syslog daemon.  (See usr/share/doc/Cygwin/inetutils-1.3.2.README)
            # Make sure /etc isn't owned by SYSTEM, which will prevent making syslogd.conf .
            chown root /etc
            syslogd-config -y
            # Start the daemon.  It starts automatically at reboot.
            net start syslogd
              # Test.
              logger "Test syslogd."
              tail /var/log/messages

216
        . Set up sshd.  
217
          - Edit /bin/ssh-host-config to add a -i argument to the "cygrunsrv -I sshd" lines.
218
                grep cygrunsrv /bin/ssh-host-config | grep -e -I
219
              ed /bin/ssh-host-config
220
              1
221 222 223 224
              /cygrunsrv -I sshd/s//& -i/p
              /cygrunsrv -I sshd/s//& -i/p
              w
              q
225
          - Then stop sshd and remove its entry (if previously installed), run ssh-host-config:
226
            (You must be logged in as root over RDP, not ssh when you do this!)
Russ Fish's avatar
Russ Fish committed
227 228 229
                cygrunsrv -VQ sshd
              cygrunsrv -E sshd
              cygrunsrv -R sshd
230 231

              # May need to do some unmounts before running ssh-host-config.
232
              # (It does a mount, and there's a hard-wired limit of 31 mount table entries.)
233 234 235 236
              mount | wc -l
                ## mount: /ssh-host-config.3048: Too many mount entries
                for s in /users/s*; do umount $s; done

Russ Fish's avatar
Russ Fish committed
237
              # Should be NO ssh processes running, not even ssh-agent!
238 239
              ps -Welf | grep ssh

240 241 242
              # Make sure /etc is writable by root.
                v -d /etc
              chown root /etc
243

244
              ssh-host-config -y -c "ntsec tty"
245 246 247
              # or run ssh-host-config without args and answer the following interactive questions:
              # Select privilege separation = yes, sshd user = yes, install as service = yes, 
              # CYGWIN=ntsec tty
248

249
                v /etc/ssh*_config
250 251 252
              chown SYSTEM /etc/ssh*_config
              chmod 644 /etc/ssh*_config

253 254 255 256
          - Check for -i flag: look for Interactive = 0x00000001 (1)
              regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/sshd/Parameters

          - Edit /etc/sshd_config
257
            . Add AuthorizedKeysFile paths under /sshkeys/%u .
258 259 260
                  grep AuthorizedKeysFile /etc/sshd_config
                # Make it writable to edit, then change it back.
                chmod g+w /etc/sshd_config
Russ Fish's avatar
Tweaks.  
Russ Fish committed
261
                ed /etc/sshd_config
262 263
/AuthorizedKeysFile
a
264
AuthorizedKeysFile /sshkeys/%u/authorized_keys
265
AuthorizedKeysFile2 /sshkeys/%u/authorized_keys2
266 267 268
.
w
q
269
                chmod g-w /etc/sshd_config
270 271
                # Get a running sshd to read the config file with SIGHUP.
                kill -HUP `cat /var/run/sshd.pid`
272

273
            . LogLevel defaults to INFO, can be set to VERBOSE, DEBUG1, etc.
Russ Fish's avatar
Russ Fish committed
274 275 276
              With the syslogd service running, debug events are logged to /var/log/messages .
              [Otherwise, they show up under Event Viewer / Application / sshd,
               with one line per event (ugh.)  Refresh to see new events with F5.]
277
              ## sshd service debugging.
278 279 280
                ls -l /etc/sshd_config
                # Check.
                grep LogLevel /etc/sshd_config
281
                # Make it writable to edit, then change it back.
282
                chmod g+w /etc/sshd_config
283 284
                ed /etc/sshd_config
/#LogLevel/a
285
LogLevel DEBUG2
286 287 288
.
w
q
289 290 291 292
                chmod g-w /etc/sshd_config
                # Get a running sshd to read the config file with SIGHUP.
                kill -HUP `cat /var/run/sshd.pid`

293 294
          - Check /var/empty to avoid this error:
              /var/empty must be owned by root and not group or world-writable.
Russ Fish's avatar
Russ Fish committed
295
            # Actually, it must be owned by SYSTEM.
296 297 298 299
              v -d /var/empty
            chown SYSTEM /var/empty
            chmod go-w /var/empty

300
          - You can avoid patching and rebuilding sshd.exe if there's one saved.
Russ Fish's avatar
Russ Fish committed
301 302 303 304
              # Currently 4.1p1-2 .
              cygcheck.exe -c openssh
              # Either explore to \\fs\share, giving *your* login name and Windows password,
              # or use the "net use" command to provide it.  Then UNC paths work.
305
              v //fs/share/windows/sshd.exe
Russ Fish's avatar
Russ Fish committed
306 307
              v /usr/sbin/sshd.exe

308 309 310
              mv /usr/sbin/sshd.exe{,.orig}
              cp -p //fs/share/windows/sshd.exe /usr/sbin/sshd.exe

311 312
          - Start sshd.
              cygrunsrv -S sshd
313
              tail /var/log/messages
314 315

          - Set up for root ssh access from Boss.
Russ Fish's avatar
Russ Fish committed
316
                v -d /home/root
317 318 319
              chown root.wheel /home/root
              chmod 755 /home/root
              passwd root
320 321
daFluxGroup
daFluxGroup
322 323 324
              mkdir ~root/.ssh
              chown root.wheel ~root/.ssh
              # [On boss.]
325
              set pc=201
326
              set ssh_args='-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null"'
327 328
              # This password isn't used for anything else, and doesn't need to be
              # very secure because all users are in the Administrators group on the node.
329
              eval sudo ssh "$ssh_args" root@pc$pc id
330
daFluxGroup
331
              eval sudo scp "$ssh_args" ~root/.ssh/{id_dsa,identity}.pub root@pc$pc":".ssh
332
daFluxGroup
333
              eval sudo ssh "$ssh_args" root@pc$pc
334
daFluxGroup
335 336 337 338 339 340 341 342 343 344 345 346
                # [On the target.]
                id
                cd ~root/.ssh
                cat {id_dsa,identity}.pub > authorized_keys
                chmod 644 *
                ls -ld /home /home/root /home/root/.ssh /home/root/.ssh/auth*
                mkdir -p /sshkeys/root
                v -d /sshkeys
                chmod 777 /sshkeys
                chmod 700 /sshkeys/root
                cp -p /home/root/.ssh/authorized_keys /sshkeys/root
                ls -lR /sshkeys/root
347 348
              exit

349 350 351 352
              # [Check back on Boss.]
              eval sudo ssh "$ssh_args" pc$pc id
              # The following will likely complain due to nonstandard host keys.
              rootpc $pc id
353 354 355 356

          - Install the standard host keys, dated Jun 21  2001.
            ls -l /etc/ssh*
            # [On boss.]
357 358
              set pc=201
              set ssh_args='-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null"'
359
            eval sudo scp -rp "$ssh_args" /proj/testbed/fish/elab-host-keys root@pc$pc":"
360 361
            # Get the standard ssl certificates while we're at it.
            eval sudo scp -rp "$ssh_args" /proj/testbed/fish/elab-ssl-certs root@pc$pc":"
362 363

            eval sudo ssh "$ssh_args" root@pc$pc
364
            # [As root on the target.]
365 366 367 368 369 370 371 372 373 374 375 376 377 378
              ls -l ~/elab-host-keys
              ls -l /etc/ssh*key*
              ls -l /etc/orig-ssh-keys

              mkdir /etc/orig-ssh-keys
              chown root /etc/ssh*key*
              cp -p /etc/ssh*key* /etc/orig-ssh-keys
              chown SYSTEM /etc/orig-ssh-keys/*
              ls -l /etc/orig-ssh-keys

              cp -p ~/elab-host-keys/* /etc
              chown SYSTEM /etc/ssh*key*
              ls -l /etc/ssh*key*

379
              mkdir /etc/emulab
380 381 382
              ls -l ~/elab-ssl-certs/* /etc/emulab/*.pem
              cp -p ~/elab-ssl-certs/* /etc/emulab

383
            # The following should no longer complain due to nonstandard host keys.
384
            # [On Boss.] 
385
            rootpc $pc id
386 387

      - Install tools: WinZip and Emacs.
388 389 390 391 392
            # [On boss:]
            sudo scp -rp /share/windows/emacs-21.3-fullbin-i386.tar.gz root@pc$pc":"/tmp
            sudo scp -rp /share/windows/winzip90.exe root@pc$pc":"/tmp

            # Log in as root via RDP.
393 394
            rootrd $pc
            # [On the node, as root.]
395
            # Graphical installer.  Start with WinZip Classic, custom setup, no desktop icon.
396 397 398 399 400
            /tmp/winzip90.exe

            cd C:
            # Don't worry about a plethora of "Cannot change ownership" warnings.
            tar xfz /tmp/emacs-21.3-fullbin-i386.tar.gz
401
            # Graphical; click OK to set up the registry, start menu, etc.
402
            C:/emacs-21.3/bin/addpm.exe
Russ Fish's avatar
Russ Fish committed
403

404
            # Then copy the Emacs shortcut to the All Users/Desktop folder.
405 406 407 408
            allusers=/cygdrive/c/Documents\ and\ Settings/All\ Users
            chown root "$allusers"/Desktop
            cp "$allusers"/{Start\ Menu/Programs/Gnu\ Emacs,Desktop}/Emacs.lnk
            chown SYSTEM "$allusers"/Desktop
409 410 411 412

            # Make "emacs" be the NTEmacs runemacs starter, with "emacs-exe" for a compiler.
            ln -s /cygdrive/c/emacs-21.3/bin/runemacs.exe /usr/local/bin/emacs
            ln -s /cygdrive/c/emacs-21.3/bin/emacs.exe /usr/local/bin/emacs-exe
413 414

      - Get other stuff that "make client" depends on.
415

416 417 418 419 420 421
                ## Collect the include files for mysql and the Boost Graph Library.
                cd /usr/local/include
                tar cfz /share/windows/mysql-include.tgz mysql
                tar cfz /share/windows/boost-include.tgz boost
            # [On Boss.]
            sudo scp -rp /share/windows/{mysql,boost}-include.tgz root@pc$pc":"/tmp
422
            sudo scp -rp /share/windows/{WSName,addusers,usrtogrp,setx,devcon}.exe root@pc$pc":"/tmp
423 424 425 426 427 428 429
            # [On the target.]
            mkdir /usr/local/include
            cd /usr/local/include
            tar xfz /tmp/mysql-include.tgz
            tar xfz /tmp/boost-include.tgz

            # Build Elvin libs with GCC for testbed client programs.  
430
            # [On Boss.]
431
            sudo scp -p /usr/testbed/www/distributions/*elvin*-4.0.3.tar.gz root@pc$pc":"/tmp
432
            # [On the node.]
433 434 435 436 437 438 439 440 441
            # Need a path without embedded spaces for the make actions to work.
            mkdir C:/elvin
            cd C:/elvin
            # Don't worry about a plethora of "Cannot change ownership" warnings.
            tar xfz /tmp/libelvin-4.0.3.tar.gz
            tar xfz /tmp/elvind-4.0.3.tar.gz

            cd C:/elvin/libelvin-4.0.3
              # configure: error: Elvin requires that doubles be IEEE 754 compliant
442 443 444 445 446 447 448 449
              # Edit configure, line 3547, add exit(0); to patch around it.
              ed configure
3546p
a
exit(0);
.
w
q
450
            ./configure >& configure.trace 
Russ Fish's avatar
Russ Fish committed
451 452
            # Ends with "creating src/include/elvin/config.h"
            tail configure.trace
453

Russ Fish's avatar
Russ Fish committed
454 455
            # Comment this out in c:/elvin/libelvin-4.0.3/src/lib/i18n.c :
                      #elif defined(HAVE_WINBASE_H)
456
                              FreeLibrary(cat);
457 458 459 460 461 462
            ed c:/elvin/libelvin-4.0.3/src/lib/i18n.c
            /HAVE_WINBASE/p
            .,.+1s|^|//|p
            w
            q

463
            make >& make.log1
Russ Fish's avatar
Russ Fish committed
464
            tail make.log1
465
            make install >& install.log1
Russ Fish's avatar
Russ Fish committed
466
            tail install.log1
467 468
              make clean

Russ Fish's avatar
Russ Fish committed
469
# [ SKIP
470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506
            # Build Elvin for Windows on Coke, and tar it up for later installation.
            scp -p bos:"/usr/testbed/www/distributions/*elvin*-4.0.3.tar.gz" /tmp
            mkdir C:/elvin
            cd C:/elvin
            tar xfz /tmp/libelvin-4.0.3.tar.gz
            tar xfz /tmp/elvind-4.0.3.tar.gz
            # Rename lib dir for makefiles in elvind.
            mv libelvin-4.0.3 elvin4

            cd C:/elvin/elvin4
            nmake /k /f Makefile.win >& lib-make.winlog1
            mkdir -p C:/Program\ Files/elvin4/{bin,lib,doc}
            cp -p win32/bin/*.exe C:/Program\ Files/elvin4/bin
            cp -p win32/lib/{,*/}*.{dll,lib} C:/Program\ Files/elvin4/lib
            mkdir C:/Program\ Files/elvin4/include
            cp -p src/include/elvin/*.h C:/Program\ Files/elvin4/include

            cd C:/elvin/elvind-4.0.3        
            nmake /k /f Makefile.win >& program-make.winlog1
            cp -p *.exe *.pem C:/Program\ Files/elvin4/bin
            cp -p [A-Z][A-Z]* C:/Program\ Files/elvin4/doc
              scp -p ../*/*.winlog* ops:/proj/testbed/fish/elvin
            scp -p ops:/proj/testbed/fish/elvin-config /cygdrive/c/Program\ Files/elvin4/bin

            # Install dll's in the system so the server can be run.
            v C:/Program\ Files/elvin4/lib
            chmod -R g-w C:/Program\ Files/elvin4
            chmod a+x C:/Program\ Files/elvin4/lib/*
            cp -p C:/Program\ Files/elvin4/lib/* $nts

            elvin="C:/Program Files/elvin4/bin/elvinsvc.exe"
              v "$elvin"
            "$elvin" --help
            # Application Error - The application failed to initialize properly (0xc0000022).

            tar cfz /tmp/elvin4-windows.tar.gz -C /cygdrive/c Program\ Files/elvin4
            scp -p /tmp/elvin4-windows.tar.gz ops:/share/windows
Russ Fish's avatar
Russ Fish committed
507
# SKIP ]
508 509 510 511 512 513 514 515 516 517

            # Install the Windows Elvin, built on Coke above.
            # [On Boss.]
            sudo scp -p /share/windows/elvin4-windows.tar.gz root@pc$pc":"/tmp
            sudo scp -p /share/windows/elvind.conf.windows root@pc$pc":"/tmp/elvind.conf

            # [On the experiment node as root (Bash shell):]
            rootpc $pc
              cd C:
                ls -ld Program\ Files/elvin*
518
              # Don't worry about a plethora of "Cannot change ownership" warnings.
519 520 521 522 523 524 525 526 527 528
              tar xvfz /tmp/elvin4-windows.tar.gz
              chown -R root Program\ Files/elvin4
              cp -p C:/Program\ Files/elvin4/lib/* C:/WINDOWS/system32
              cp -p C:/Program\ Files/elvin4/lib/* /usr/local/lib
                diff /usr/local/etc/elvind_ssl.pem C:/Program\ Files/elvin4/bin/elvind_ssl.pem
              cp -p C:/Program\ Files/elvin4/bin/elvind_ssl.pem /usr/local/etc/elvind_ssl.pem

              elvind="C:/Program Files/elvin4"
              elvin="$elvind/bin/elvinsvc.exe"
                ls -l "$elvind/bin"
529 530
              chmod -R g-w "$elvind"
                ## Graphical help message.
531 532 533 534 535 536 537
                "$elvin" --help &
              # Install as a service.
              "$elvin" -r
              # Install a config file and set the path for the server.
                diff /usr/local/etc/elvind.conf /tmp/elvind.conf
              cp /tmp/elvind.conf /usr/local/etc/elvind.conf
                ls -l /usr/local/etc/elvind.conf
538
              # Do once to register the config file.
539 540
              "$elvin" -c `cygpath -w /usr/local/etc/elvind.conf`
                  ## Testing: start elvinsvc from the Services Manager now.
541
                  net start elvinsvc.exe
542
              # Make elvinsvc automatic in services manager, or use these commands:
543
                regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/elvinsvc.exe
544 545 546
              # (4 is Disabled, 3 is Manual, 2 is Automatic, 1 is only used for System services.)
              regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/elvinsvc.exe/Start 2

Russ Fish's avatar
Russ Fish committed
547
# [ SKIP
548 549 550 551 552
              ## Use any Windows experiment with a Program object in it for testing.
              pid=testbed eid=Windows-1
                pid=testbed eid=Windows-1b
                pid=testbed eid=Windows-1c
              $BINDIR/evproxy -s event-server -e $pid/$eid
553 554
              
              ## program-agent debugging.
555 556 557 558 559 560 561 562 563 564 565 566
                ps -Welf | grep program-agent
                $rc/rc.progagent shutdown
              $rc/rc.progagent boot
                ## Debugging.
                tail $LOGDIR/progagent.debug
                program-agent -d -e $pid/$eid -s localhost -c /var/emulab/boot/progagents
                # [On ops.]
                tevc -e testbed/Windows-1c now prog0 start \
                    COMMAND="bash -c 'date; hostname' > /tmp/host.txt"
                # [On the node.]
                tail /tmp/host.txt
                cat /local/logs/prog0.status
567
              
568 569 570 571
                ## C:\cygwin\bin\tcsh.exe (2504): *** couldn't create window, Win32 error 5
                ## See http://comments.gmane.org/gmane.os.cygwin.patches/2559
                ## This is at cygwin-1.5.17-1-winsup/cygwin/window.cc:wininfo::winthread():96
                ## Try starting rc.progagent as a separate service with -i for a desktop.
572
                
573 574
                  ## Started up and stopped immediately.  Needs something else in rc.bootsetup.
                  --dep elvinsvc.exe \
575
                
576 577 578
                  ## Depend on EmulabStartup (rc.bootsetup), which depends on the elvin service,
                  ## and also starts evproxy.  But it stops rather than staying running...
                  --dep EmulabStartup \
579
                
580 581 582 583
                ## Make it manual, and explicitly start it after rc.bootsetup in EmulabStartup.
                ## Works, but stays in "starting" state, err in bootsetup.log:
                ##  cygrunsrv: Error starting a service: QueryServiceStatus:  Win32 error 1053:
                ##  The service did not respond to the start or control request in a timely fashion.
Russ Fish's avatar
Russ Fish committed
584
# SKIP ]
585 586

              # For setuid() to work, Root must have these rights: Create a token object; Replace a
587 588 589 590 591 592 593 594
              # process level token; and Increase Quota rights.
              # http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch,
              # http://msdn.microsoft.com/library/en-us/secauthz/security/authorization_constants.asp
              editrights -u root -l
              editrights -u root -a SeCreateTokenPrivilege -l
              editrights -u root -a SeAssignPrimaryTokenPrivilege -l
              editrights -u root -a SeIncreaseQuotaPrivilege -l

Russ Fish's avatar
Russ Fish committed
595
              # Set up to run the program-agent service.
596
                cygrunsrv -R ProgAgent
597
              progagent=/usr/local/etc/emulab/rc/rc.progagent
598
              cygrunsrv -I ProgAgent -d "Emulab Program Agent" -i -p /cygdrive/c/cygwin/bin/bash \
599
                  --type manual \
600
                  -a "--norc --noprofile -c '$progagent >& /var/log/program-agent.log'"
601
                regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/ProgAgent/Parameters
602
                cygrunsrv -VQ ProgAgent
Russ Fish's avatar
Russ Fish committed
603 604 605 606
                  ## This won't work until you build the Emulab programs, including program-agent, below.
                  cygrunsrv -S ProgAgent
                  cygrunsrv -E ProgAgent
                # Log files.
607 608 609 610
                  tail /var/log/{program-agent,ProgAgent}.log
                touch /var/log/{program-agent,ProgAgent}.log
                chmod 777 /var/log/{program-agent,ProgAgent}.log

Russ Fish's avatar
Russ Fish committed
611
# [ SKIP
612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632
                # Little problem: "Must be root to run this script!"
                # Add this: 
                  # This runs as a separate Local System service on XP.  Change to root.
                  if (WINDOWS()) { $EUID = $UID = 0; }

                # Testing on ops.
                tevc -e testbed/bsd-1 now prog0 start
                tevc -e testbed/bsd-1 now prog0 start COMMAND='hostname >>& /users/fish/test.out'

                tevc -e testbed/Windows-1 now prog0 start COMMAND='hostname>>&/users/fish/test.out'
                  v /users/fish/test.out
                  tail /users/fish/test.out
                tevc -e testbed/Windows-1 now prog0 run COMMAND='touch /tmp/foo'
                tevc -e testbed/Windows-1 now prog0 run COMMAND='id'
                tevc -e testbed/Windows-1 now prog0 run COMMAND='ls -l /users/fish'
                tevc -e testbed/Windows-1 now prog0 run COMMAND='ls -l /proj/testbed/fish'

                # [On the node.]
                cat /local/logs/prog0.status
                cat /local/logs/prog0.err
                cat /local/logs/prog0.out
Russ Fish's avatar
Russ Fish committed
633
# SKIP ]
634 635 636

      - Get the testbed client code via CVS, build, and install it.
            rootpc $pc
637
            # [As root, on the node.]
638 639 640 641
            login_name=fish ws_name=kzin domain=flux.utah.edu
            ws_login=$login_name@$ws_name.$domain
            cvs_login=$login_name@cvs.$domain

642 643 644 645 646 647 648
            # Start an agent and go to your workstation to get your ssh keys for the cvs server.
            eval `ssh-agent -s`
              ssh-add -l
            ssh -A $ws_login
              ssh-add -l
            kdsa
            exit
649 650 651

            ssh $cvs_login id
              ssh -v $cvs_login id
Russ Fish's avatar
Russ Fish committed
652
            export CVSROOT=$cvs_login:/usr/flux/CVS CVS_RSH=ssh
653 654 655

              mkdir ~/flux
            cd ~/flux
656 657
              # First time only
              mkdir CVS; touch CVS/Entries; echo . > CVS/Repository
658
            # Any time the testbed tree needs to be re-created.  (Takes a while.)
659
            cvs -Q co testbed
660 661 662
              # Updates After that.
              cat CVS/Entries
                cvs -n -q update testbed
663
              cvs -q update -d testbed
664

Russ Fish's avatar
Russ Fish committed
665
            # Install some dotfiles for Root.
666 667 668
            cp -p testbed/tmcd/cygwinxp/cygwin.root.bashrc ~root/.bashrc
            cp -p testbed/tmcd/cygwinxp/cygwin.root.bash_profile ~root/.bash_profile
            cp -p testbed/tmcd/cygwinxp/cygwin.root.emacs ~root/.emacs
669
            # No HOME envar is set for root's desktop, so Emacs defaults it to C:/ .
670 671
            cp -p ~root/.emacs C:/.emacs

Russ Fish's avatar
Russ Fish committed
672
            # Install site-lisp files for Emacs.
673 674
              v -t testbed/tmcd/cygwinxp/site-lisp
              v -t c:/emacs-21.3/site-lisp
675 676 677 678 679 680
            cp -rp testbed/tmcd/cygwinxp/site-lisp/* c:/emacs-21.3/site-lisp
            ls -l c:/emacs-21.3/site-lisp

            # Need a resolv.conf before tmcc will work.
              cat /etc/resolv.conf
            cp -p ~/flux/testbed/tmcd/cygwinxp/resolv.conf /etc/resolv.conf
681 682

            # The Elvin and program-agent man pages get installed in man8.
683 684
            mkdir /usr/local/man/man8
              
685
            # Get the downloaded binary programs into the source tree for install.
686 687
              ls -l ~/flux/testbed/tmcd/cygwinxp/*.exe
            # [On boss:]
688
            sudo scp -rp /share/windows/{WSName,addusers,usrtogrp,setx,devcon}.exe root@pc$pc":"/tmp
689
            # [Back on the client:]
690
            cp -p /tmp/{WSName,addusers,usrtogrp,setx,devcon}.exe ~/flux/testbed/tmcd/cygwinxp
691

692
            # Finally ready to do the Emulab makes!
693 694
            mkdir ~/flux/obj-real
            cd ~/flux/obj-real
695 696

            # Configure takes a while...
697 698 699
              v configure.trace*
              mv configure.trace{,.1}
            ../testbed/configure --enable-windows --enable-windowsclient >& configure.trace
Russ Fish's avatar
Russ Fish committed
700 701 702
            # Should end with "creating config.h".
            tail configure.trace
              tail -f configure.trace
703 704 705

            # The first make fails with "Cannot change ownership" warnings unpacking tg2.0 .
            make client-install >& make.log1
Russ Fish's avatar
Russ Fish committed
706
            tail make.log1
707 708 709 710 711 712 713
            # No worries.  Patch it explicitly, since the patch action gets skipped.
            (cd ~/flux/testbed/event/trafgen; patch -p0 < tg.patch)

            # If this is an update, evproxy is run by rc.bootsetup and nothing stops it.
            # The install of evproxy in the make will fail unless we stop it first.
            ps -Welf | grep evproxy
              kill `ps -Welf | grep evproxy | awk '{print $2}'`
714 715
            # Ditto emulab-syncd, program-agent, and slothd.
              ps -Welf | grep emulab
716
            $rc/rc.syncserver shutdown
717
            $rc/rc.progagent shutdown
718 719
            $rc/rc.slothd stop

720
            make client-install >& make.log2
Russ Fish's avatar
Russ Fish committed
721 722
            tail make.log2
              tail -f make.log2
723 724

                # Only needed if there are problems...
725
                  v -t make.log*
726
                make client-install >& make.log3
727 728
                make client-install >& make.log4
                make client-install >& make.log5
729 730 731 732
                make client-install >& make.log6
                make client-install >& make.log7
                make client-install >& make.log8
                make client-install >& make.log9
733 734

      . Patch the /etc/profile file to use /home dirs if the /users mounts are down.
735
        ## Note their comment:
736 737 738 739 740
        # IF THIS FILE IS MODIFIED IT WILL NOT BE UPDATED BY THE CYGWIN
        # SETUP PROGRAM.  IT BECOMES YOUR RESPONSIBILITY.
        #
        # The latest version as installed by the Cygwin Setup program can
        # always be found at /etc/defaults/etc/profile
Russ Fish's avatar
Russ Fish committed
741
            # If you need to check in a new version back in CVS land...
742
            (cd ~/flux; cvs update testbed/tmcd/cygwinxp/profile)
743
          diff /etc/defaults/etc/profile ~/flux/testbed/tmcd/cygwinxp
744 745 746
            # If the diffs are right, just copy the Emulab one.
            cp ~/flux/testbed/tmcd/cygwinxp/profile /etc
          # Otherwise, edit the file.
747 748
            diff /etc/defaults/etc/profile /etc/profile
            cp /etc/defaults/etc/profile /etc
749 750 751 752 753 754 755 756 757 758 759 760
          ed /etc/profile
  /^# If the home directory doesn't exist, create it./,/^if \[ ! -d "\${HOME}" \]; then/p
/^# If the home directory doesn't exist, create it./,/^if \[ ! -d "\${HOME}" \]; then/c
### Use a local dir under sshd if the mount failed.
if [ ! -d "$HOME" ]; then
        HOME=/home/$USER
fi
# If the home directory doesn't exist, create it.
if [ ]; then
###if [ ! -d "${HOME}" ]; then
.
  .-10,.+5p
761 762
  w
  q
763

764 765 766 767
      . Need an NTP client, or at least the semblence of one.
            cat /etc/ntp.drift
          echo 0.000 > /etc/ntp.drift

768
      . Set up the tbshutdown script to run as a service, to get a shutdown signal.
769 770
            editrights -u root -l
          editrights -u root -a SeServiceLogonRight -l
Russ Fish's avatar
Russ Fish committed
771
          # Don't forget to set the root password to the following, if you haven't done it yet.
772
          rootpwd='daFluxGroup'
773
          # EmulabShutdown is started manually later on from rc.cygwinxp .
774
          echo "$rootpwd"
775 776 777 778
            cygrunsrv -R EmulabShutdown
          cygrunsrv -I EmulabShutdown -u root -w "$rootpwd" -p /cygdrive/c/cygwin/bin/bash \
              --shutdown --type manual \
              -a "--norc --noprofile -c '/usr/local/etc/emulab/tbshutdown'"
779
          cygrunsrv -VQ EmulabShutdown
780

781
          # If you see the following, try running rc.accounts or rc.bootsetup below to 
782
          # clear it up.  Haven't figured this out yet...
783 784 785
          ##cygrunsrv: Error installing a service: CreateService:  Win32 error 1057:
          ##The account name is invalid or does not exist, or the password is invalid 
          ##for the account name specified.
786

Russ Fish's avatar
Russ Fish committed
787
          # Log files
788 789 790
          touch /var/log/EmulabShutdown.log
          chmod 666 /var/log/EmulabShutdown.log
          regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/EmulabShutdown/Parameters
791
            # Manual start-up for testing.
792
            cygrunsrv -S EmulabShutdown
793 794

      . See if rc.bootsetup works.
Russ Fish's avatar
Russ Fish committed
795 796 797 798
          # Don't allow the sshd shell a shell login login in rc.accounts.
            grep '\^sshd:' /var/emulab/boot/usershells
          echo '/^sshd:/s|/bin/bash$|/bin/false|' >> /var/emulab/boot/usershells

799 800 801
          ##Running os dependent initialization script rc.cygwin
          ##chmod: cannot access `/var/log/EmulabStartup.log': No such file or directory
          ##chmod: cannot access `/etc/emulab/iscygwin': No such file or directory
802 803
          touch /var/log/EmulabStartup.log
          chmod 666 /var/log/EmulabStartup.log
Russ Fish's avatar
Russ Fish committed
804 805 806 807 808 809 810

          # May need to make /sshkeys, if it hasn't been done above.
          v -d /sshkeys
            mkdir /sshkeys
            chmod 777 /sshkeys

              ## May need to read .bashrc installed above if you haven't set up the path yet.
811
              . ~/.bashrc
812
            tmcc nodeid
813
              ## If you have problems, you may be missing /etc/resolv.conf .
814 815 816 817
              tmcc -d nodeid
                    nodeid 
                    /usr/local/etc/emulab/tmcc.bin  -d nodeid 
                    Connection to TMCD refused. Waiting ...
Russ Fish's avatar
Russ Fish committed
818 819
            ## You can test rc.cygwin separately.  It should reboot, the first time, 
            ## when it changes the node ID.
820
            $rc/rc.cygwin
821

Russ Fish's avatar
Russ Fish committed
822 823 824
            ## You can try the boot-time script to see that all is well.
            ## If you run this, and the node name hasn't been changed yet, it will reboot.
            $rc/rc.bootsetup
825

826 827
      . Set up the boot script to run as a service.

828
          # Start up after DHCP and Elvin, run ProgAgent afterwards.
829 830
              cygrunsrv -R EmulabStartup 
          rootpwd='daFluxGroup'
831 832 833 834 835 836 837 838
          cygwinrc=/usr/local/etc/emulab/rc/rc.cygwin
          bootsetup=/usr/local/etc/emulab/rc/rc.bootsetup
          progagent="cygrunsrv -S ProgAgent"
          bootlog=/var/log/bootsetup.log
          cygrunsrv -I EmulabStartup -u root -w $rootpwd --dep DHCP --dep elvinsvc.exe \
            -p /cygdrive/c/cygwin/bin/bash \
            -a "--norc --noprofile -c '( $cygwinrc; $bootsetup; $progagent ) >& $bootlog'"
          cygrunsrv -VQ EmulabStartup 
839

Russ Fish's avatar
Russ Fish committed
840
            ## If you run this, and the node name hasn't been changed yet, it will reboot.
841 842 843 844 845 846 847 848 849 850 851 852
            cygrunsrv -S EmulabStartup 
            cygrunsrv --help
          regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/EmulabStartup/Parameters
          sc query EmulabStartup

      . Make a $HOME envar for everybody, so Emacs works on startup from the desktop.
        - Set a user environment variable: HOME = /users/%USERNAME%
        - Stored in HKCU/Environment, which is HKU/*/Environment based on the user SIDs.
        - The user registry key (folder) is created at first login, doesn't exist before that.
          Run setx after that at login time to set the HOME environment variable value.
                # Check.
                regtool get /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME
853
          # Use a literal Windows command rather than a script.
854 855
          regtool -s set /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME \
            'cmd /C "if not %USERNAME% == root if not %USERNAME% == Administrator setx HOME //fs/%USERNAME%"'
856 857 858
                # Undo.
                regtool unset /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME
          # Check that setx.exe is in system32.
859 860
          v C:/WINDOWS/system32/setx.exe

861
# [ SKIP if patched sshd.exe and agetty.exe installed above.
862
      . Patch sshd so that shares (including /users homedirs) work with public-key logins.
Russ Fish's avatar
Russ Fish committed
863
        Also touches a file when client input is received, so slothd will know.
864 865

        - RDP into a node as root and shut down all ssh processes before update.
866
          (Otherwise, installation of an openssh update can hang mysteriously.)
867 868 869
            net stop sshd
            ps -Welf | grep ssh

870 871 872 873 874 875 876
        - Go through Cygwin setup and make sure everything is updated.  
              cygcheck -c openssh
              /cygdrive/c/software/cygwin/setup.exe &
              cygcheck -c openssh
          . View "Partial" will show what it wants to download and install.
          . Also select src for openssh, which goes under /usr/src .
          . When base dll's are updated, it will tell you to reboot.  Do it.
877

878
        - Install the source patches.  (Go get CVSROOT and agent keys set above first.)
879 880
            (cd ~/flux; cvs update testbed/tmcd/cygwinxp)
              (cd ~/flux; cvs co testbed/tmcd/cygwinxp)
881 882
          ##cd /usr/src/openssh-4.1p1-2
          cd /usr/src/openssh-4.2p1-1
883
            v -t *.[ch] | head -30
Russ Fish's avatar
Russ Fish committed
884 885

          # Enable no-password ssh logins which can access shared homedirs.
886 887 888
          cp -p uidswap.c{,.orig}
            patch -p1 --dry-run < ~/flux/testbed/tmcd/cygwinxp/uidswap.c.patch
          patch -p1 -b < ~/flux/testbed/tmcd/cygwinxp/uidswap.c.patch
889
            diff -c uidswap.c{.orig,}
890

Russ Fish's avatar
Russ Fish committed
891
          # Enable slothd to know of the last SSH client input time.
892 893
          for f in channels.{h,c} serverloop.c; do cp -p $f{,.orig}; done
            v *.orig
Russ Fish's avatar
Russ Fish committed
894 895
            patch -p1 --dry-run < ~/flux/testbed/tmcd/cygwinxp/sshd-client-input-time.patch
          patch -p1 -b < ~/flux/testbed/tmcd/cygwinxp/sshd-client-input-time.patch
896 897 898
            diff -c channels.h{.orig,}
            diff -c channels.c{.orig,}
            diff -c serverloop.c{.orig,}
Russ Fish's avatar
Russ Fish committed
899

900 901 902 903 904 905 906 907 908 909 910
        - Configure.  Takes a while.
            # These are the options that contrib/cygwin/README specifies:
            prefix=/usr sbindir=/usr/sbin datadir=$prefix/share
            ./configure > configure.trace 2>&1 \
                --prefix=/usr \
                --sysconfdir=/etc \
                --libexecdir=${sbindir} \
                --localstatedir=/var \
                --datadir=${prefix}/share \
                --mandir=${datadir}/man \
                --infodir=${datadir}/info
911 912
              tail configure.trace
                tail -f configure.trace
913 914 915

        - Just make and install sshd.exe, assuming everything else is up-to-date.
            make sshd.exe > make.log.1 2>&1
916 917
              tail make.log.1
                tail -f make.log.1
918 919 920 921

            # Make sure sshd is closed down while installing.
            ps -Welf | grep sshd
            net stop sshd
922
            mv /usr/sbin/sshd.exe{,.prev}
923 924
            /usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd.exe
            net start sshd
925 926 927 928 929 930 931 932 933 934 935 936

      . Patch agetty to support 115.2kbps serial line speed.

        cd /usr/src/agetty-2.1-1
        cp -p agetty.c{.orig}
          patch -p1 --dry-run < ~/flux/testbed/tmcd/cygwinxp/agetty.c.patch
        patch -p1 -b < ~/flux/testbed/tmcd/cygwinxp/agetty.c.patch
        make
          # Test.  If it exits after 10 seconds, turn off EMS below and reboot.
          time ./agetty -L -T vt100 -n ttyS0 115200 ttyS0
        make install
          /usr/bin/install -s -m 755 -o administrator -g administrators agetty.exe /sbin
Russ Fish's avatar
Russ Fish committed
937
# SKIP ]
938

939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981
      . Set up agetty for console logins.

        - Make sure Console Redirection is disabled after boot in the BIOS settings.

        - Turn off Windows EMS, because it disables the serial console for agetty.
          Windows "Emergency Management Services" is a second level of redirection.
          If you see the "Starting Windows" progress bar on the serial port, it's on.
          The result is that the serial port won't even show up in Device Manager.

          # Look for the EMS "OS Load Options: /redirect" and turn it off.
            bootcfg /query
            # Assuming the Boot Entry you want is #1:
            bootcfg /ems OFF /id 1
            bootcfg /query

        - Install the patched agetty, if not done above.
            #[As the user:]
            cp /share/windows/agetty.exe /tmp
            #[As root:]
              mv /sbin/agetty.exe{,.orig}
            /usr/bin/install -s -m 755 -o administrator -g administrators /tmp/agetty.exe /sbin

        - Set up the sysvinit package to run agetty.

         . Uncomment the serial console line in /etc/inittab.
           Set Com1 to 115.2kbps, which is determined by the serial concentrator.
               cat /etc/inittab
             ed /etc/inittab
             /agetty/s/^#//p
             /agetty/s/9600/115200/p
             w
             q

         . The postinstall script does init with autoanswer=no.
               v /etc/inittab
             chown system.system /etc/inittab
             chown system.system /etc/rc
               cygrunsrv -VQ init
               cygrunsrv -R init
             # Init starts agetty from inittab.  Send it an interrupt signal at shutdown.
             cygrunsrv -I init -d "Cygwin SysV init" -p /sbin/init -a -i -s INT
             net start init

982
      . Make a load average log for slothd, averaged over a 1 minute period.
Russ Fish's avatar
Russ Fish committed
983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002

        - /proc/loadavg is hard-wired to "0.00 0.00 0.00" on Cygwin now.

        - All attempts to script this setup to reproduce it on another computer have
          failed so far, including using its own "Save/Restore Settings" and
          transplanting the registry subtree.

       - Click into Computer Management / Performance Logs and Alerts / Counter Logs.
          Right-click "New Log Settings..." in the logs pane, 
            Name: "ldavg", OK.

          General tab, 
            Counters list, "Add Counters...",
              check "Use local computer counters",
              click "Add" to add % total processor (the default),
              click "Close".
            Sample data every: Interval: "60" seconds.

          Log Files tab, 
            Log file type: "Text File (Comma delimited)", 
1003 1004 1005 1006
            Uncheck "End file names with" so the result goes into ldavg.csv .
            Configure... 
              Location: "C:\cygwin\var\run",
              Log file size: "Limit of: 1 MB", OK.
Russ Fish's avatar
Russ Fish committed
1007 1008 1009 1010

          Schedule tab, 
            Start Log: Click "At" (which defaults to the current time, as well as the future.) 
            Stop Log: Click "When the 1-MB log file is full.",
1011
              When a log file closes: "Start a new log file".
Russ Fish's avatar
Russ Fish committed
1012

1013
          Check all three tabs, click OK.
Russ Fish's avatar
Russ Fish committed
1014

1015 1016
          # ldavg should start out red (stopped) and then turn green (started) if you
          # refresh with F5.  It will start again after reboot.
Russ Fish's avatar
Russ Fish committed
1017 1018
          # You can turn it off and on with the right-click menu on "ldavg" in the logs pane.  
            tail -f /var/run/ldavg.csv
1019 1020
          # The first one is always 99.999, etc.

1021 1022 1023 1024 1025
      . Disable TCP/IP address autoconfiguration, so unswitched interfaces like the sixth NICs
        on the pc3000's don't get Microsoft class B network 169.254 addresses assigned.
          svcs=/HKLM/SYSTEM/CurrentControlSet/Services tcpp=$svcs/Tcpip/Parameters
          regtool set -i $tcpp/IPAutoconfigurationEnabled 0

Russ Fish's avatar
Russ Fish committed
1026 1027
      . Reboot to make sure it all works right.  Note that prepare clears out the source
        trees, so don't do it until you've booted once and know that everything else works.
1028 1029
          prepare
          /sbin/reboot
Russ Fish's avatar
Russ Fish committed
1030

1031

1032 1033 1034
================================================================
Making images

1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048
    . Windows Update
      - This might be needed after each Microsoft "Patch Tuesday" (second tues of the month.)
      - Start up Internet Explorer and go to:
        . http://update.microsoft.com
           - The first time, just installs/updates the updater and asks to reboot.
           - I just choose the EXPRESS update, installing all high-priority updates.
           - Don't turn on Automatic Updates.

           - After rebooting, check again if there's more to install.

             To install SP2, you must have access to a console screen, because the
             Windows Firewall defaults to block both SSH and RDP.  Disable it.

             . You may need to free disk space to install SP2, or allocate a partition.
Russ Fish's avatar
Russ Fish committed
1049 1050
                   du -sm C:/WINDOWS/ServicePackFiles/i386
                 rm -rf C:/WINDOWS/ServicePackFiles/i386
1051 1052 1053 1054
                   du -sm C:/WINDOWS/SoftwareDistribution/Download
                 rm -rf C:/WINDOWS/SoftwareDistribution/Download/*

      - Could be a good time to update Cygwin as well.  
1055
        . Beware of stepping on the sshd.exe and agetty.exe patches.
1056

1057
     . Run prepare to clear out experiment-specific state.
1058 1059
        rootpc $pc
          # Ignore complaints about all of the C:/Documents and Settings directories
1060
          # that were never created because the users didn't log in...
1061
          prepare
1062

1063
          exit
1064

1065 1066
    . Add an entry at the beginning of xpimage-log.txt, and create the image
      descriptor if it's not an existing image.
1067

1068 1069
    . Capture the image with imagezip.  
      You can specify the PC from which to grab the image when you create an image-id.
1070
      Do it in red-dot mode so you can set the Reboot Waittime to 240 seconds.
1071 1072 1073
      When updating existing images, I do it by hand in two stages, as below.
    
        # [On boss.]
1074 1075 1076 1077
        set pc=61 img=SP1 image=SP1_2005-08-22
        set pc=72 img=SP0 image=SP0_2005-08-22
        set pc=109 img=UPDATE image=UPDATE_2005-08-22

Russ Fish's avatar
Russ Fish committed
1078 1079 1080 1081 1082 1083
        set pc=210 img=BASE-pc3000 image=BASE-pc3000_2005-08-31
        set pc=201 img=SP0-pc3000 image=SP0-pc3000_2005-09-01
        set pc=201 img=SP1-pc3000 image=SP1-pc3000_2005-09-01
        set pc=242 img=SP2-pc3000 image=SP2-pc3000_2005-09-01
        set pc=242 img=UPDATE-pc3000 image=UPDATE-pc3000_2005-09-01

1084 1085
        df -m /proj/testbed/images /usr/testbed/images
          # Verify SSH working.
1086 1087
          rootpc $pc id

1088
        # Boot into the MFS.  The serial console will show you when it's open for business.
Russ Fish's avatar
Russ Fish committed
1089
        echo $pc $image
1090
        wap node_admin on pc$pc &
1091
              # Should not be necessary if ssh from root@boss to the node is working.
1092
              rootpc $pc /sbin/reboot
Russ Fish's avatar
Russ Fish committed
1093 1094 1095 1096