# Directions for setting up an XP image from scratch. # These are raw notes and commands to paste into a shell. # Mostly Bash shell commands for Windows, some tcsh commands for Boss or Ops. # Some (most?) of it could be scriptified with some work. # Notice that this file has spaces instead of tabs at the beginning of lines. # A tab in either Bash or tcsh causes it to display all of the possible command completions! # Here's a little Emacs keyboard macro to ease the copy-and-paste business: ; Copy a command line, leaving off the whitespace on the beginning of the line. (fset 'copy-command-line [?\M-m ?\C- ?\C-e ?\C-f C-insert]) (global-set-key "\^C\^E" 'copy-command-line) # By convention, optional "informational" commands are indented a couple of spaces more. ## Debugging and problem-solving stuff is double-# commented. alias v 'ls -lsF' # "Verbose" listing setenv en emulab.net alias rootpc 'sudo ssh pc\!^.$en \!:2*' alias rootrd 'rd -K -g 1280x1024 -u root pc\!^.$en &' # In Bash, alias v='ls -lsF' . Start with a clean XP image, as it comes from the CD. - How to do the Windows XP installation and make a WINXP-BASE image: . Swap in a firewalled experiment with a FBSD-STD image. . Do "node_admin on" so PXE throws it into the FBSD MFS. . Hook up a console, reboot and modify the boot order to boot from the Windows XP CD. . Do the Windows installation, adding whatever drivers are needed. - 8 gig is a good size for the XP NTFS partition, of which 4-5 will be user space. (They can always allocate more later with Disk Manager.) - You'll save some work later if you make the first admin user account named "root". . Set the usual password for root in Control Panel / User Accounts. It asks whether to make the root files private. I've been saying "no". - While you're there, click "Change the way users log on or off" and make sure "Use Fast User Switching" is turned on. . Make sure you turn on Remote Desktop logins under Control Panel / System / Remote (!) . Go into Control Panel / Power Options / Hibernate, and make sure it's disabled. This will give you extra gigs of disk space on C: equal to your RAM size . Also set Power Options / Power Schemes to "Always On". . Set the workgroup name to EMULAB in Control Panel/System/Computer Name/Change... No need to reboot yet if you have more to do. . On reboot, restore the boot order so PXE goes back into the FBSD MFS, and make an image. (See imagezip commands below.) Make sure the Operational Mode is MINIMAL in the Image Descriptor, rather than NORMALv2! - Make a firewalled experiment using the WINXP-BASE image above, log in as "root". . The experiment should be behind a firewall, to avoid contamination. # Firewall while making Windows images. set fw [new Firewall $ns] $fw set-type ipfw2-vlan $fw set-style basic # Allow Cygwin setup and Windows Update to work. $fw add-rule "allow tcp from any to any 80,443 in via vlan0 setup keep-state" . Note that it takes a couple of minutes after booting for the RDP service to start, so don't worry if you can't log in at first. - Set the Windows "w32time" NTP client to connect to the Emulab NTP host. Runs as a service, periodically contacts the time server. # ntp1 is a DNS alias for Ops. # Do this in a Windows CMD shell, since you don't have Cygwin shells yet. net time /querysntp # Need to restart w32time before it sees the setsntp configuration. (?) net stop w32time net time /setsntp:ntp1 net time /querysntp net start w32time # May take a minute to take effect. - Disable the Messenger Service to keep annoying pop-ups away. cygrunsrv -VQ Messenger sc config Messenger start= disabled sc stop Messenger - Disable the SSDP Discovery Service and Universal Plug and Play Device Host. This closes port 5000 to attacks. Also disable the Remote Registry service. cygrunsrv -VQ SSDPSRV cygrunsrv -VQ upnphost cygrunsrv -VQ RemoteRegistry sc config SSDPSRV start= disabled sc config upnphost start= disabled sc config RemoteRegistry start= disabled sc stop SSDPSRV sc stop upnphost sc stop RemoteRegistry - Go into Control Panel/Administrative Tools (it's under Performance and Maintenance in the new Control Panel interface.) . Right-click Start/"Explore All Users" and drag a copy of the Computer Management shortcut from Administrative Tools into the All Users/Desktop folder. - If you haven't already made a "root" account, go into Computer Management/ System Tools/Local Users and Groups/Users, put it in the Administrators group. . Also make it a member of the Users groups. - Start IE, make "blank" the home page. Click Tools/Internet Options/Home page/Use Blank. - Show My Computer. (Desktop Properties/Desktop/Customize Desktop...) Turn off "Run Desktop Cleanup Wizard every 60 days". - Create C:/Temp, C:/Software/Cygwin # [Windows cmd prompt, there's no Cygwin shell yet...] mkdir C:\Temp mkdir C:\Software\Cygwin - Install Cygwin . (Try copying /etc/setup/* from an existing image to script the selection work.) # There's no scp to copy them with, so use Windows SMB File Sharing to get it # from \\fs\share\windows\cygwin-etc-setup.) mkdir C:\cygwin # Hm. Still didn't come up with the added packages selected. # When C:\Software\Cygwin/http... is copied, it thinks everything is already installed. # Removing the /etc/setup/installed.db file seems not to help. # Nothing relevant to install in HKLM/SOFTWARE/Cygnus Solutions/Cygwin, either... . Download setup from www.cygwin.com/setup.exe to C:/Software/Cygwin. Once you have a Cygwin, you can update the setup.exe by: # [On ops.] set pc=325 scp /share/windows/cygwin-setup.exe pc$pc":"/tmp/setup.exe # [On the machine.] cp /tmp/setup.exe C:/Software/Cygwin . Run Cygwin setup.exe . # After Cygwin in installed, ensure that upgrading SSH won't hang. net stop sshd C:/Software/Cygwin/setup.exe & . Install dir is C:\cygwin, package dir is C:\Software\Cygwin . . Download site mirror is http://mirrors.xmission.com . . Click [View] to "Not Installed" (alphabetical.) Click on the Skip in the "New" column to add a binary version of: agetty, bison, cvs, cygrunsrv, ed, file, flex, gcc, gdb, inetutils, make, minires-devel, more, nano, openssh (with src), openssl-devel, patch, perl, perl-libwin32, psmisc, python, rpm, rsync, shutdown, sysvinit, tcsh, vim, wget, zip . Click in the "src" column for openssh and agetty, so patches can be applied. . At the end, don't "Create an icon on the Desktop", do "Add icon to Start Menu". . Add ;C:\cygwin\bin to the end of the System PATH in Control Panel/System/Advanced/Environment Variables. . Start up a Cygwin shell and fix the shell properties: Options QuickEdit Mode on, Layout/screen buffer height 3000, window height 55. Check "Modify shortcut that started this window". - Might as well fix the Start/Programs/Accessories/Command Prompt properties, too. - Create c:\cygin\cygwin-tcsh.bat as a copy of c:\cygin\cygwin.bat with "bash --login -i" changed to "tcsh -l". ### Now we can use Cygwin (Bash) shell commands... ### alias v='ls -lsF' cd C:/cygwin sed 's/bash --login -i/tcsh -l/' < cygwin.bat > cygwin-tcsh.bat chmod +x cygwin-tcsh.bat - Copy the bash shortcut to the All Users/Desktop. - Copy it to a tcsh icon as well, changing the Target to c:\cygin\cygwin-tcsh.bat . - Copy the tcsh icon into All Users/Start Menu/Programs/Cygwin. cd C:/Documents\ and\ Settings/All\ Users cp -p Desktop/Cygwin\ TCSH\ Shell.lnk Start\ Menu/Programs/Cygwin . Set up local homedirs under /home as a symlink. ~root is already there. cd /tmp mv /home{,.orig} ln -s /cygdrive/c/Documents\ and\ Settings/ /home . The Windows hosts file should already be symlinked into the Cygwin /etc. ls -l /etc/hosts ln -s /cygdrive/c/WINDOWS/system32/drivers/etc/hosts /etc/hosts . Create a proper group file. Make wheel an alias for Administrators. mkgroup -l | \ awk '/^Administrators:/{print "wheel" substr($0, index($0,":"))} \ {print}' > /etc/group.new diff /etc/group{,.new} cp -p /etc/group{,.prev} mv /etc/group{.new,} . Update the passwd file after creating new accounts. Make root uid 0 with /home/root. mkpasswd -l | awk -F: 'BEGIN{ OFS=":" } \ { if ($1=="root") $3="0"; \ else if ($1=="sshd") $NF="/bin/false"; \ else sub("/home/", "/users/"); \ print }' > /etc/passwd.new diff /etc/passwd{,.new} cp -p /etc/passwd{,.prev} cp -p /etc/passwd{.new,} chown root /etc/{passwd,group}* ### Note: the root UID changed from 1003 to 0. ### ### Restart your Bash shell to get the new one before going on! ### . Set up the syslog daemon. (See usr/share/doc/Cygwin/inetutils-1.3.2.README) # Make sure /etc isn't owned by SYSTEM, which will prevent making syslogd.conf . chown root /etc syslogd-config -y # Start the daemon. It starts automatically at reboot. net start syslogd # Test. logger "Test syslogd." tail /var/log/messages . Set up sshd. - Edit /bin/ssh-host-config to add a -i argument to the "cygrunsrv -I sshd" lines. grep cygrunsrv /bin/ssh-host-config | grep -e -I ed /bin/ssh-host-config 1 /cygrunsrv -I sshd/s//& -i/p /cygrunsrv -I sshd/s//& -i/p w q - Then stop sshd and remove its entry (if previously installed), run ssh-host-config: (You must be logged in as root over RDP, not ssh when you do this!) cygrunsrv -VQ sshd cygrunsrv -E sshd cygrunsrv -R sshd # May need to do some unmounts before running ssh-host-config. # (It does a mount, and there's a hard-wired limit of 31 mount table entries.) mount | wc -l ## mount: /ssh-host-config.3048: Too many mount entries for s in /users/s*; do umount $s; done # Should be NO ssh processes running, not even ssh-agent! ps -Welf | grep ssh # Make sure /etc is writable by root. v -d /etc chown root /etc ssh-host-config -y -c "ntsec tty" # or run ssh-host-config without args and answer the following interactive questions: # Select privilege separation = yes, sshd user = yes, install as service = yes, # CYGWIN=ntsec tty v /etc/ssh*_config chown SYSTEM /etc/ssh*_config chmod 644 /etc/ssh*_config - Check for -i flag: look for Interactive = 0x00000001 (1) regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/sshd/Parameters - Edit /etc/sshd_config . Add AuthorizedKeysFile paths under /sshkeys/%u . grep AuthorizedKeysFile /etc/sshd_config # Make it writable to edit, then change it back. chmod g+w /etc/sshd_config ed /etc/sshd_config /AuthorizedKeysFile a AuthorizedKeysFile /sshkeys/%u/authorized_keys AuthorizedKeysFile2 /sshkeys/%u/authorized_keys2 . w q chmod g-w /etc/sshd_config # Get a running sshd to read the config file with SIGHUP. kill -HUP `cat /var/run/sshd.pid` . LogLevel defaults to INFO, can be set to VERBOSE, DEBUG1, etc. With the syslogd service running, debug events are logged to /var/log/messages . [Otherwise, they show up under Event Viewer / Application / sshd, with one line per event (ugh.) Refresh to see new events with F5.] ## sshd service debugging. ls -l /etc/sshd_config # Check. grep LogLevel /etc/sshd_config # Make it writable to edit, then change it back. chmod g+w /etc/sshd_config ed /etc/sshd_config /#LogLevel/a LogLevel DEBUG2 . w q chmod g-w /etc/sshd_config # Get a running sshd to read the config file with SIGHUP. kill -HUP `cat /var/run/sshd.pid` - Check /var/empty to avoid this error: /var/empty must be owned by root and not group or world-writable. # Actually, it must be owned by SYSTEM. v -d /var/empty chown SYSTEM /var/empty chmod go-w /var/empty - You can avoid patching and rebuilding sshd.exe if there's one saved. # Currently 4.1p1-2 . cygcheck.exe -c openssh # Either explore to \\fs\share, giving *your* login name and Windows password, # or use the "net use" command to provide it. Then UNC paths work. v //fs/share/windows/sshd.exe v /usr/sbin/sshd.exe mv /usr/sbin/sshd.exe{,.orig} cp -p //fs/share/windows/sshd.exe /usr/sbin/sshd.exe - Start sshd. cygrunsrv -S sshd tail /var/log/messages - Set up for root ssh access from Boss. v -d /home/root chown root.wheel /home/root chmod 755 /home/root passwd root daFluxGroup daFluxGroup mkdir ~root/.ssh chown root.wheel ~root/.ssh # [On boss.] set pc=201 set ssh_args='-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null"' # This password isn't used for anything else, and doesn't need to be # very secure because all users are in the Administrators group on the node. eval sudo ssh "$ssh_args" root@pc$pc id daFluxGroup eval sudo scp "$ssh_args" ~root/.ssh/{id_dsa,identity}.pub root@pc$pc":".ssh daFluxGroup eval sudo ssh "$ssh_args" root@pc$pc daFluxGroup # [On the target.] id cd ~root/.ssh cat {id_dsa,identity}.pub > authorized_keys chmod 644 * ls -ld /home /home/root /home/root/.ssh /home/root/.ssh/auth* mkdir -p /sshkeys/root v -d /sshkeys chmod 777 /sshkeys chmod 700 /sshkeys/root cp -p /home/root/.ssh/authorized_keys /sshkeys/root ls -lR /sshkeys/root exit # [Check back on Boss.] eval sudo ssh "$ssh_args" pc$pc id # The following will likely complain due to nonstandard host keys. rootpc $pc id - Install the standard host keys, dated Jun 21 2001. ls -l /etc/ssh* # [On boss.] set pc=201 set ssh_args='-o "StrictHostKeyChecking no" -o "UserKnownHostsFile /dev/null"' eval sudo scp -rp "$ssh_args" /proj/testbed/fish/elab-host-keys root@pc$pc":" # Get the standard ssl certificates while we're at it. eval sudo scp -rp "$ssh_args" /proj/testbed/fish/elab-ssl-certs root@pc$pc":" eval sudo ssh "$ssh_args" root@pc$pc # [As root on the target.] ls -l ~/elab-host-keys ls -l /etc/ssh*key* ls -l /etc/orig-ssh-keys mkdir /etc/orig-ssh-keys chown root /etc/ssh*key* cp -p /etc/ssh*key* /etc/orig-ssh-keys chown SYSTEM /etc/orig-ssh-keys/* ls -l /etc/orig-ssh-keys cp -p ~/elab-host-keys/* /etc chown SYSTEM /etc/ssh*key* ls -l /etc/ssh*key* mkdir /etc/emulab ls -l ~/elab-ssl-certs/* /etc/emulab/*.pem cp -p ~/elab-ssl-certs/* /etc/emulab # The following should no longer complain due to nonstandard host keys. # [On Boss.] rootpc $pc id - Install tools: WinZip and Emacs. # [On boss:] sudo scp -rp /share/windows/emacs-21.3-fullbin-i386.tar.gz root@pc$pc":"/tmp sudo scp -rp /share/windows/winzip90.exe root@pc$pc":"/tmp # Log in as root via RDP. rootrd $pc # [On the node, as root.] # Graphical installer. Start with WinZip Classic, custom setup, no desktop icon. /tmp/winzip90.exe cd C: # Don't worry about a plethora of "Cannot change ownership" warnings. tar xfz /tmp/emacs-21.3-fullbin-i386.tar.gz # Graphical; click OK to set up the registry, start menu, etc. C:/emacs-21.3/bin/addpm.exe # Then copy the Emacs shortcut to the All Users/Desktop folder. allusers=/cygdrive/c/Documents\ and\ Settings/All\ Users chown root "$allusers"/Desktop cp "$allusers"/{Start\ Menu/Programs/Gnu\ Emacs,Desktop}/Emacs.lnk chown SYSTEM "$allusers"/Desktop # Make "emacs" be the NTEmacs runemacs starter, with "emacs-exe" for a compiler. ln -s /cygdrive/c/emacs-21.3/bin/runemacs.exe /usr/local/bin/emacs ln -s /cygdrive/c/emacs-21.3/bin/emacs.exe /usr/local/bin/emacs-exe - Get other stuff that "make client" depends on. ## Collect the include files for mysql and the Boost Graph Library. cd /usr/local/include tar cfz /share/windows/mysql-include.tgz mysql tar cfz /share/windows/boost-include.tgz boost # [On Boss.] sudo scp -rp /share/windows/{mysql,boost}-include.tgz root@pc$pc":"/tmp sudo scp -rp /share/windows/{WSName,addusers,usrtogrp,setx,devcon}.exe root@pc$pc":"/tmp # [On the target.] mkdir /usr/local/include cd /usr/local/include tar xfz /tmp/mysql-include.tgz tar xfz /tmp/boost-include.tgz # Build Elvin libs with GCC for testbed client programs. # [On Boss.] sudo scp -p /usr/testbed/www/distributions/*elvin*-4.0.3.tar.gz root@pc$pc":"/tmp # [On the node.] # Need a path without embedded spaces for the make actions to work. mkdir C:/elvin cd C:/elvin # Don't worry about a plethora of "Cannot change ownership" warnings. tar xfz /tmp/libelvin-4.0.3.tar.gz tar xfz /tmp/elvind-4.0.3.tar.gz cd C:/elvin/libelvin-4.0.3 # configure: error: Elvin requires that doubles be IEEE 754 compliant # Edit configure, line 3547, add exit(0); to patch around it. ed configure 3546p a exit(0); . w q ./configure >& configure.trace # Ends with "creating src/include/elvin/config.h" tail configure.trace # Comment this out in c:/elvin/libelvin-4.0.3/src/lib/i18n.c : #elif defined(HAVE_WINBASE_H) FreeLibrary(cat); ed c:/elvin/libelvin-4.0.3/src/lib/i18n.c /HAVE_WINBASE/p .,.+1s|^|//|p w q make >& make.log1 tail make.log1 make install >& install.log1 tail install.log1 make clean # [ SKIP # Build Elvin for Windows on Coke, and tar it up for later installation. scp -p bos:"/usr/testbed/www/distributions/*elvin*-4.0.3.tar.gz" /tmp mkdir C:/elvin cd C:/elvin tar xfz /tmp/libelvin-4.0.3.tar.gz tar xfz /tmp/elvind-4.0.3.tar.gz # Rename lib dir for makefiles in elvind. mv libelvin-4.0.3 elvin4 cd C:/elvin/elvin4 nmake /k /f Makefile.win >& lib-make.winlog1 mkdir -p C:/Program\ Files/elvin4/{bin,lib,doc} cp -p win32/bin/*.exe C:/Program\ Files/elvin4/bin cp -p win32/lib/{,*/}*.{dll,lib} C:/Program\ Files/elvin4/lib mkdir C:/Program\ Files/elvin4/include cp -p src/include/elvin/*.h C:/Program\ Files/elvin4/include cd C:/elvin/elvind-4.0.3 nmake /k /f Makefile.win >& program-make.winlog1 cp -p *.exe *.pem C:/Program\ Files/elvin4/bin cp -p [A-Z][A-Z]* C:/Program\ Files/elvin4/doc scp -p ../*/*.winlog* ops:/proj/testbed/fish/elvin scp -p ops:/proj/testbed/fish/elvin-config /cygdrive/c/Program\ Files/elvin4/bin # Install dll's in the system so the server can be run. v C:/Program\ Files/elvin4/lib chmod -R g-w C:/Program\ Files/elvin4 chmod a+x C:/Program\ Files/elvin4/lib/* cp -p C:/Program\ Files/elvin4/lib/* $nts elvin="C:/Program Files/elvin4/bin/elvinsvc.exe" v "$elvin" "$elvin" --help # Application Error - The application failed to initialize properly (0xc0000022). tar cfz /tmp/elvin4-windows.tar.gz -C /cygdrive/c Program\ Files/elvin4 scp -p /tmp/elvin4-windows.tar.gz ops:/share/windows # SKIP ] # Install the Windows Elvin, built on Coke above. # [On Boss.] sudo scp -p /share/windows/elvin4-windows.tar.gz root@pc$pc":"/tmp sudo scp -p /share/windows/elvind.conf.windows root@pc$pc":"/tmp/elvind.conf # [On the experiment node as root (Bash shell):] rootpc $pc cd C: ls -ld Program\ Files/elvin* # Don't worry about a plethora of "Cannot change ownership" warnings. tar xvfz /tmp/elvin4-windows.tar.gz chown -R root Program\ Files/elvin4 cp -p C:/Program\ Files/elvin4/lib/* C:/WINDOWS/system32 cp -p C:/Program\ Files/elvin4/lib/* /usr/local/lib diff /usr/local/etc/elvind_ssl.pem C:/Program\ Files/elvin4/bin/elvind_ssl.pem cp -p C:/Program\ Files/elvin4/bin/elvind_ssl.pem /usr/local/etc/elvind_ssl.pem elvind="C:/Program Files/elvin4" elvin="$elvind/bin/elvinsvc.exe" ls -l "$elvind/bin" chmod -R g-w "$elvind" ## Graphical help message. "$elvin" --help & # Install as a service. "$elvin" -r # Install a config file and set the path for the server. diff /usr/local/etc/elvind.conf /tmp/elvind.conf cp /tmp/elvind.conf /usr/local/etc/elvind.conf ls -l /usr/local/etc/elvind.conf # Do once to register the config file. "$elvin" -c `cygpath -w /usr/local/etc/elvind.conf` ## Testing: start elvinsvc from the Services Manager now. net start elvinsvc.exe # Make elvinsvc automatic in services manager, or use these commands: regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/elvinsvc.exe # (4 is Disabled, 3 is Manual, 2 is Automatic, 1 is only used for System services.) regtool -v set /HKLM/SYSTEM/CurrentControlSet/Services/elvinsvc.exe/Start 2 # [ SKIP ## Use any Windows experiment with a Program object in it for testing. pid=testbed eid=Windows-1 pid=testbed eid=Windows-1b pid=testbed eid=Windows-1c $BINDIR/evproxy -s event-server -e $pid/$eid ## program-agent debugging. ps -Welf | grep program-agent $rc/rc.progagent shutdown $rc/rc.progagent boot ## Debugging. tail $LOGDIR/progagent.debug program-agent -d -e $pid/$eid -s localhost -c /var/emulab/boot/progagents # [On ops.] tevc -e testbed/Windows-1c now prog0 start \ COMMAND="bash -c 'date; hostname' > /tmp/host.txt" # [On the node.] tail /tmp/host.txt cat /local/logs/prog0.status ## C:\cygwin\bin\tcsh.exe (2504): *** couldn't create window, Win32 error 5 ## See http://comments.gmane.org/gmane.os.cygwin.patches/2559 ## This is at cygwin-1.5.17-1-winsup/cygwin/window.cc:wininfo::winthread():96 ## Try starting rc.progagent as a separate service with -i for a desktop. ## Started up and stopped immediately. Needs something else in rc.bootsetup. --dep elvinsvc.exe \ ## Depend on EmulabStartup (rc.bootsetup), which depends on the elvin service, ## and also starts evproxy. But it stops rather than staying running... --dep EmulabStartup \ ## Make it manual, and explicitly start it after rc.bootsetup in EmulabStartup. ## Works, but stays in "starting" state, err in bootsetup.log: ## cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1053: ## The service did not respond to the start or control request in a timely fashion. # SKIP ] # For setuid() to work, Root must have these rights: Create a token object; Replace a # process level token; and Increase Quota rights. # http://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-switch, # http://msdn.microsoft.com/library/en-us/secauthz/security/authorization_constants.asp editrights -u root -l editrights -u root -a SeCreateTokenPrivilege -l editrights -u root -a SeAssignPrimaryTokenPrivilege -l editrights -u root -a SeIncreaseQuotaPrivilege -l # Set up to run the program-agent service. cygrunsrv -R ProgAgent progagent=/usr/local/etc/emulab/rc/rc.progagent cygrunsrv -I ProgAgent -d "Emulab Program Agent" -i -p /cygdrive/c/cygwin/bin/bash \ --type manual \ -a "--norc --noprofile -c '$progagent >& /var/log/program-agent.log'" regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/ProgAgent/Parameters cygrunsrv -VQ ProgAgent ## This won't work until you build the Emulab programs, including program-agent, below. cygrunsrv -S ProgAgent cygrunsrv -E ProgAgent # Log files. tail /var/log/{program-agent,ProgAgent}.log touch /var/log/{program-agent,ProgAgent}.log chmod 777 /var/log/{program-agent,ProgAgent}.log # [ SKIP # Little problem: "Must be root to run this script!" # Add this: # This runs as a separate Local System service on XP. Change to root. if (WINDOWS()) { $EUID = $UID = 0; } # Testing on ops. tevc -e testbed/bsd-1 now prog0 start tevc -e testbed/bsd-1 now prog0 start COMMAND='hostname >>& /users/fish/test.out' tevc -e testbed/Windows-1 now prog0 start COMMAND='hostname>>&/users/fish/test.out' v /users/fish/test.out tail /users/fish/test.out tevc -e testbed/Windows-1 now prog0 run COMMAND='touch /tmp/foo' tevc -e testbed/Windows-1 now prog0 run COMMAND='id' tevc -e testbed/Windows-1 now prog0 run COMMAND='ls -l /users/fish' tevc -e testbed/Windows-1 now prog0 run COMMAND='ls -l /proj/testbed/fish' # [On the node.] cat /local/logs/prog0.status cat /local/logs/prog0.err cat /local/logs/prog0.out # SKIP ] - Get the testbed client code via CVS, build, and install it. rootpc $pc # [As root, on the node.] login_name=fish ws_name=kzin domain=flux.utah.edu ws_login=$login_name@$ws_name.$domain cvs_login=$login_name@cvs.$domain # Start an agent and go to your workstation to get your ssh keys for the cvs server. eval `ssh-agent -s` ssh-add -l ssh -A $ws_login ssh-add -l kdsa exit ssh $cvs_login id ssh -v $cvs_login id export CVSROOT=$cvs_login:/usr/flux/CVS CVS_RSH=ssh mkdir ~/flux cd ~/flux # First time only mkdir CVS; touch CVS/Entries; echo . > CVS/Repository # Any time the testbed tree needs to be re-created. (Takes a while.) cvs -Q co testbed # Updates After that. cat CVS/Entries cvs -n -q update testbed cvs -q update -d testbed # Install some dotfiles for Root. cp -p testbed/tmcd/cygwinxp/cygwin.root.bashrc ~root/.bashrc cp -p testbed/tmcd/cygwinxp/cygwin.root.bash_profile ~root/.bash_profile cp -p testbed/tmcd/cygwinxp/cygwin.root.emacs ~root/.emacs # No HOME envar is set for root's desktop, so Emacs defaults it to C:/ . cp -p ~root/.emacs C:/.emacs # Install site-lisp files for Emacs. v -t testbed/tmcd/cygwinxp/site-lisp v -t c:/emacs-21.3/site-lisp cp -rp testbed/tmcd/cygwinxp/site-lisp/* c:/emacs-21.3/site-lisp ls -l c:/emacs-21.3/site-lisp # Need a resolv.conf before tmcc will work. cat /etc/resolv.conf cp -p ~/flux/testbed/tmcd/cygwinxp/resolv.conf /etc/resolv.conf # The Elvin and program-agent man pages get installed in man8. mkdir /usr/local/man/man8 # Get the downloaded binary programs into the source tree for install. ls -l ~/flux/testbed/tmcd/cygwinxp/*.exe # [On boss:] sudo scp -rp /share/windows/{WSName,addusers,usrtogrp,setx,devcon}.exe root@pc$pc":"/tmp # [Back on the client:] cp -p /tmp/{WSName,addusers,usrtogrp,setx,devcon}.exe ~/flux/testbed/tmcd/cygwinxp # Finally ready to do the Emulab makes! mkdir ~/flux/obj-real cd ~/flux/obj-real # Configure takes a while... v configure.trace* mv configure.trace{,.1} ../testbed/configure --enable-windows --enable-windowsclient >& configure.trace # Should end with "creating config.h". tail configure.trace tail -f configure.trace # The first make fails with "Cannot change ownership" warnings unpacking tg2.0 . make client-install >& make.log1 tail make.log1 # No worries. Patch it explicitly, since the patch action gets skipped. (cd ~/flux/testbed/event/trafgen; patch -p0 < tg.patch) # If this is an update, evproxy is run by rc.bootsetup and nothing stops it. # The install of evproxy in the make will fail unless we stop it first. ps -Welf | grep evproxy kill `ps -Welf | grep evproxy | awk '{print $2}'` # Ditto emulab-syncd, program-agent, and slothd. ps -Welf | grep emulab $rc/rc.syncserver shutdown $rc/rc.progagent shutdown $rc/rc.slothd stop make client-install >& make.log2 tail make.log2 tail -f make.log2 # Only needed if there are problems... v -t make.log* make client-install >& make.log3 make client-install >& make.log4 make client-install >& make.log5 make client-install >& make.log6 make client-install >& make.log7 make client-install >& make.log8 make client-install >& make.log9 . Patch the /etc/profile file to use /home dirs if the /users mounts are down. ## Note their comment: # IF THIS FILE IS MODIFIED IT WILL NOT BE UPDATED BY THE CYGWIN # SETUP PROGRAM. IT BECOMES YOUR RESPONSIBILITY. # # The latest version as installed by the Cygwin Setup program can # always be found at /etc/defaults/etc/profile # If you need to check in a new version back in CVS land... (cd ~/flux; cvs update testbed/tmcd/cygwinxp/profile) diff /etc/defaults/etc/profile ~/flux/testbed/tmcd/cygwinxp # If the diffs are right, just copy the Emulab one. cp ~/flux/testbed/tmcd/cygwinxp/profile /etc # Otherwise, edit the file. diff /etc/defaults/etc/profile /etc/profile cp /etc/defaults/etc/profile /etc ed /etc/profile /^# If the home directory doesn't exist, create it./,/^if \[ ! -d "\${HOME}" \]; then/p /^# If the home directory doesn't exist, create it./,/^if \[ ! -d "\${HOME}" \]; then/c ### Use a local dir under sshd if the mount failed. if [ ! -d "$HOME" ]; then HOME=/home/$USER fi # If the home directory doesn't exist, create it. if [ ]; then ###if [ ! -d "${HOME}" ]; then . .-10,.+5p w q . Need an NTP client, or at least the semblence of one. cat /etc/ntp.drift echo 0.000 > /etc/ntp.drift . Set up the tbshutdown script to run as a service, to get a shutdown signal. editrights -u root -l editrights -u root -a SeServiceLogonRight -l # Don't forget to set the root password to the following, if you haven't done it yet. rootpwd='daFluxGroup' # EmulabShutdown is started manually later on from rc.cygwinxp . echo "$rootpwd" cygrunsrv -R EmulabShutdown cygrunsrv -I EmulabShutdown -u root -w "$rootpwd" -p /cygdrive/c/cygwin/bin/bash \ --shutdown --type manual \ -a "--norc --noprofile -c '/usr/local/etc/emulab/tbshutdown'" cygrunsrv -VQ EmulabShutdown # If you see the following, try running rc.accounts or rc.bootsetup below to # clear it up. Haven't figured this out yet... ##cygrunsrv: Error installing a service: CreateService: Win32 error 1057: ##The account name is invalid or does not exist, or the password is invalid ##for the account name specified. # Log files touch /var/log/EmulabShutdown.log chmod 666 /var/log/EmulabShutdown.log regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/EmulabShutdown/Parameters # Manual start-up for testing. cygrunsrv -S EmulabShutdown . See if rc.bootsetup works. # Don't allow the sshd shell a shell login login in rc.accounts. grep '\^sshd:' /var/emulab/boot/usershells echo '/^sshd:/s|/bin/bash$|/bin/false|' >> /var/emulab/boot/usershells ##Running os dependent initialization script rc.cygwin ##chmod: cannot access `/var/log/EmulabStartup.log': No such file or directory ##chmod: cannot access `/etc/emulab/iscygwin': No such file or directory touch /var/log/EmulabStartup.log chmod 666 /var/log/EmulabStartup.log # May need to make /sshkeys, if it hasn't been done above. v -d /sshkeys mkdir /sshkeys chmod 777 /sshkeys ## May need to read .bashrc installed above if you haven't set up the path yet. . ~/.bashrc tmcc nodeid ## If you have problems, you may be missing /etc/resolv.conf . tmcc -d nodeid nodeid /usr/local/etc/emulab/tmcc.bin -d nodeid Connection to TMCD refused. Waiting ... ## You can test rc.cygwin separately. It should reboot, the first time, ## when it changes the node ID. $rc/rc.cygwin ## You can try the boot-time script to see that all is well. ## If you run this, and the node name hasn't been changed yet, it will reboot. $rc/rc.bootsetup . Set up the boot script to run as a service. # Start up after DHCP and Elvin, run ProgAgent afterwards. cygrunsrv -R EmulabStartup rootpwd='daFluxGroup' cygwinrc=/usr/local/etc/emulab/rc/rc.cygwin bootsetup=/usr/local/etc/emulab/rc/rc.bootsetup progagent="cygrunsrv -S ProgAgent" bootlog=/var/log/bootsetup.log cygrunsrv -I EmulabStartup -u root -w $rootpwd --dep DHCP --dep elvinsvc.exe \ -p /cygdrive/c/cygwin/bin/bash \ -a "--norc --noprofile -c '( $cygwinrc; $bootsetup; $progagent ) >& $bootlog'" cygrunsrv -VQ EmulabStartup ## If you run this, and the node name hasn't been changed yet, it will reboot. cygrunsrv -S EmulabStartup cygrunsrv --help regtool -v list /HKLM/SYSTEM/CurrentControlSet/Services/EmulabStartup/Parameters sc query EmulabStartup . Make a $HOME envar for everybody, so Emacs works on startup from the desktop. - Set a user environment variable: HOME = /users/%USERNAME% - Stored in HKCU/Environment, which is HKU/*/Environment based on the user SIDs. - The user registry key (folder) is created at first login, doesn't exist before that. Run setx after that at login time to set the HOME environment variable value. # Check. regtool get /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME # Use a literal Windows command rather than a script. regtool -s set /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME \ 'cmd /C "if not %USERNAME% == root if not %USERNAME% == Administrator setx HOME //fs/%USERNAME%"' # Undo. regtool unset /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME # Check that setx.exe is in system32. v C:/WINDOWS/system32/setx.exe # [ SKIP if patched sshd.exe and agetty.exe installed above. . Patch sshd so that shares (including /users homedirs) work with public-key logins. Also touches a file when client input is received, so slothd will know. - RDP into a node as root and shut down all ssh processes before update. (Otherwise, installation of an openssh update can hang mysteriously.) net stop sshd ps -Welf | grep ssh - Go through Cygwin setup and make sure everything is updated. cygcheck -c openssh /cygdrive/c/software/cygwin/setup.exe & cygcheck -c openssh . View "Partial" will show what it wants to download and install. . Also select src for openssh, which goes under /usr/src . . When base dll's are updated, it will tell you to reboot. Do it. - Install the source patches. (Go get CVSROOT and agent keys set above first.) (cd ~/flux; cvs update testbed/tmcd/cygwinxp) (cd ~/flux; cvs co testbed/tmcd/cygwinxp) ##cd /usr/src/openssh-4.1p1-2 cd /usr/src/openssh-4.2p1-1 v -t *.[ch] | head -30 # Enable no-password ssh logins which can access shared homedirs. cp -p uidswap.c{,.orig} patch -p1 --dry-run < ~/flux/testbed/tmcd/cygwinxp/uidswap.c.patch patch -p1 -b < ~/flux/testbed/tmcd/cygwinxp/uidswap.c.patch diff -c uidswap.c{.orig,} # Enable slothd to know of the last SSH client input time. for f in channels.{h,c} serverloop.c; do cp -p $f{,.orig}; done v *.orig patch -p1 --dry-run < ~/flux/testbed/tmcd/cygwinxp/sshd-client-input-time.patch patch -p1 -b < ~/flux/testbed/tmcd/cygwinxp/sshd-client-input-time.patch diff -c channels.h{.orig,} diff -c channels.c{.orig,} diff -c serverloop.c{.orig,} - Configure. Takes a while. # These are the options that contrib/cygwin/README specifies: prefix=/usr sbindir=/usr/sbin datadir=$prefix/share ./configure > configure.trace 2>&1 \ --prefix=/usr \ --sysconfdir=/etc \ --libexecdir=${sbindir} \ --localstatedir=/var \ --datadir=${prefix}/share \ --mandir=${datadir}/man \ --infodir=${datadir}/info tail configure.trace tail -f configure.trace - Just make and install sshd.exe, assuming everything else is up-to-date. make sshd.exe > make.log.1 2>&1 tail make.log.1 tail -f make.log.1 # Make sure sshd is closed down while installing. ps -Welf | grep sshd net stop sshd mv /usr/sbin/sshd.exe{,.prev} /usr/bin/install -c -m 0755 -s sshd /usr/sbin/sshd.exe net start sshd . Patch agetty to support 115.2kbps serial line speed. cd /usr/src/agetty-2.1-1 cp -p agetty.c{.orig} patch -p1 --dry-run < ~/flux/testbed/tmcd/cygwinxp/agetty.c.patch patch -p1 -b < ~/flux/testbed/tmcd/cygwinxp/agetty.c.patch make # Test. If it exits after 10 seconds, turn off EMS below and reboot. time ./agetty -L -T vt100 -n ttyS0 115200 ttyS0 make install /usr/bin/install -s -m 755 -o administrator -g administrators agetty.exe /sbin # SKIP ] . Set up agetty for console logins. - Make sure Console Redirection is disabled after boot in the BIOS settings. - Turn off Windows EMS, because it disables the serial console for agetty. Windows "Emergency Management Services" is a second level of redirection. If you see the "Starting Windows" progress bar on the serial port, it's on. The result is that the serial port won't even show up in Device Manager. # Look for the EMS "OS Load Options: /redirect" and turn it off. bootcfg /query # Assuming the Boot Entry you want is #1: bootcfg /ems OFF /id 1 bootcfg /query - Install the patched agetty, if not done above. #[As the user:] cp /share/windows/agetty.exe /tmp #[As root:] mv /sbin/agetty.exe{,.orig} /usr/bin/install -s -m 755 -o administrator -g administrators /tmp/agetty.exe /sbin - Set up the sysvinit package to run agetty. . Uncomment the serial console line in /etc/inittab. Set Com1 to 115.2kbps, which is determined by the serial concentrator. cat /etc/inittab ed /etc/inittab /agetty/s/^#//p /agetty/s/9600/115200/p w q . The postinstall script does init with autoanswer=no. v /etc/inittab chown system.system /etc/inittab chown system.system /etc/rc cygrunsrv -VQ init cygrunsrv -R init # Init starts agetty from inittab. Send it an interrupt signal at shutdown. cygrunsrv -I init -d "Cygwin SysV init" -p /sbin/init -a -i -s INT net start init . Make a load average log for slothd, averaged over a 1 minute period. - /proc/loadavg is hard-wired to "0.00 0.00 0.00" on Cygwin now. - All attempts to script this setup to reproduce it on another computer have failed so far, including using its own "Save/Restore Settings" and transplanting the registry subtree. - Click into Computer Management / Performance Logs and Alerts / Counter Logs. Right-click "New Log Settings..." in the logs pane, Name: "ldavg", OK. General tab, Counters list, "Add Counters...", check "Use local computer counters", click "Add" to add % total processor (the default), click "Close". Sample data every: Interval: "60" seconds. Log Files tab, Log file type: "Text File (Comma delimited)", Uncheck "End file names with" so the result goes into ldavg.csv . Configure... Location: "C:\cygwin\var\run", Log file size: "Limit of: 1 MB", OK. Schedule tab, Start Log: Click "At" (which defaults to the current time, as well as the future.) Stop Log: Click "When the 1-MB log file is full.", When a log file closes: "Start a new log file". Check all three tabs, click OK. # ldavg should start out red (stopped) and then turn green (started) if you # refresh with F5. It will start again after reboot. # You can turn it off and on with the right-click menu on "ldavg" in the logs pane. tail -f /var/run/ldavg.csv # The first one is always 99.999, etc. . Disable TCP/IP address autoconfiguration, so unswitched interfaces like the sixth NICs on the pc3000's don't get Microsoft class B network 169.254 addresses assigned. svcs=/HKLM/SYSTEM/CurrentControlSet/Services tcpp=$svcs/Tcpip/Parameters regtool set -i $tcpp/IPAutoconfigurationEnabled 0 . Reboot to make sure it all works right. Note that prepare clears out the source trees, so don't do it until you've booted once and know that everything else works. prepare /sbin/reboot ================================================================ Making images . Windows Update - This might be needed after each Microsoft "Patch Tuesday" (second tues of the month.) - Start up Internet Explorer and go to: . http://update.microsoft.com - The first time, just installs/updates the updater and asks to reboot. - I just choose the EXPRESS update, installing all high-priority updates. - Don't turn on Automatic Updates. - After rebooting, check again if there's more to install. To install SP2, you must have access to a console screen, because the Windows Firewall defaults to block both SSH and RDP. Disable it. . You may need to free disk space to install SP2, or allocate a partition. du -sm C:/WINDOWS/ServicePackFiles/i386 rm -rf C:/WINDOWS/ServicePackFiles/i386 du -sm C:/WINDOWS/SoftwareDistribution/Download rm -rf C:/WINDOWS/SoftwareDistribution/Download/* - Could be a good time to update Cygwin as well. . Beware of stepping on the sshd.exe and agetty.exe patches. . Run prepare to clear out experiment-specific state. rootpc $pc # Ignore complaints about all of the C:/Documents and Settings directories # that were never created because the users didn't log in... prepare exit . Add an entry at the beginning of xpimage-log.txt, and create the image descriptor if it's not an existing image. . Capture the image with imagezip. You can specify the PC from which to grab the image when you create an image-id. Do it in red-dot mode so you can set the Reboot Waittime to 240 seconds. When updating existing images, I do it by hand in two stages, as below. # [On boss.] set pc=61 img=SP1 image=SP1_2005-08-22 set pc=72 img=SP0 image=SP0_2005-08-22 set pc=109 img=UPDATE image=UPDATE_2005-08-22 set pc=210 img=BASE-pc3000 image=BASE-pc3000_2005-08-31 set pc=201 img=SP0-pc3000 image=SP0-pc3000_2005-09-01 set pc=201 img=SP1-pc3000 image=SP1-pc3000_2005-09-01 set pc=242 img=SP2-pc3000 image=SP2-pc3000_2005-09-01 set pc=242 img=UPDATE-pc3000 image=UPDATE-pc3000_2005-09-01 df -m /proj/testbed/images /usr/testbed/images # Verify SSH working. rootpc $pc id # Boot into the MFS. The serial console will show you when it's open for business. echo $pc $image wap node_admin on pc$pc & # Should not be necessary if ssh from root@boss to the node is working. rootpc $pc /sbin/reboot ## You may see: shutdown: Couldn't reboot: Error 53 The network path was not found. ## Try this command: rootpc $pc 'tsshutdn 1 /REBOOT /DELAY:1' ## Or you can shutdown/restart it from the task manager under RDP, ## or just wait a while and Emulab will cycle power to force a reboot. # Wait until the node is in the MFS, based on the serial console. # Make WINXP-TMP on /proj, then move it to /usr/testbed/images with the right name. rootpc $pc cd /proj/testbed/images df -m /proj/testbed/images ls -lt /proj/testbed/images/WINXP* # IDE disk (pc1 - pc178) imagezip -o -I 2 -I 3 -I 4 /dev/ad0 /proj/testbed/images/WINXP-TMP.ndz # SCSI disk. (pc201 - pc360) imagezip -o -I 2 -I 3 -I 4 /dev/da0 /proj/testbed/images/WINXP-TMP.ndz ls -lt /proj/testbed/images/WINXP* exit # Reboot the source node back into Windows. echo $pc $image wap node_admin off pc$pc & # Move the image to /usr/testbed/images to avoid NFS reads, for faster swap-in. ls -l /{proj,usr}/testbed/images/WIN* ls -l /proj/testbed/images/WINXP-TMP.ndz /usr/testbed/images/WINXP-$image.ndz df -m /usr/testbed/images cp /{proj,usr}/testbed/images/WINXP-TMP.ndz # Check. ls -l /{proj,usr}/testbed/images/WINXP-TMP.ndz cksum /usr/testbed/images/WINXP-TMP.ndz & ssh ops cksum /proj/testbed/images/WINXP-TMP.ndz # Install with mv. Frisbee might have the old inode still open. ls -l /usr/testbed/images/WINXP-{TMP,$image}.ndz mv /usr/testbed/images/WINXP-{TMP,$image}.ndz ls -l /usr/testbed/images/WINXP-$image.ndz df -m /usr/testbed/images # Clear the temp from /proj. rm -f /proj/testbed/images/WINXP-TMP.ndz df -m /proj/testbed/images ls -l /{proj,usr}/testbed/images/WIN* # Make symlinks without the date suffix, corresponding to the Image ID's. ls -l /usr/testbed/images/WINXP-$img* ## -new images for testing, before we commit. rm /usr/testbed/images/WINXP-$img-new.ndz ln -s WINXP-$image.ndz /usr/testbed/images/WINXP-$img-new.ndz rm /usr/testbed/images/WINXP-$img.ndz ln -s WINXP-$image.ndz /usr/testbed/images/WINXP-$img.ndz ================================================================ - Installing service packs Service packs are cumulative, so there's no point in installing both SP1 and SP2. . SP1 # [On boss:] sudo scp -rp /share/windows/xpsp1a_en_x86.exe root@pc$pc":"/tmp # [Log in as root via RDP.] rootrd $pc /tmp/xpsp1a_en_x86.exe & # Options: Do Not Archive Files # Reboot to finish. . SP2 - http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx sudo scp -rp /share/windows/WindowsXP-KB835935-SP2-ENU.exe root@pc$pc":"/tmp # [Log in as root via RDP.] rootrd $pc # It unpacks the component files each time you run it... /tmp/WindowsXP-KB835935-SP2-ENU.exe /help & # Switches are /quiet (no interaction), /passive (progress bar), # /norestart (Don't boot), /n (no backup.) # This takes a LONG TIME to install. /tmp/WindowsXP-KB835935-SP2-ENU.exe /n /norestart & - Turn off the Windows Firewall by default. netsh firewall show config netsh firewall set opmode DISABLE # The above netsh firewall commands won't work until after # the reboot, and then you're locked out from ssh, RDP, and even ping. # Gotta have console access after the reboot to turn off the firewall. . Disk space cleanup. du -sm C:/WINDOWS/ServicePackFiles/i386 rm -rf C:/WINDOWS/ServicePackFiles/i386 du -sm C:/WINDOWS/SoftwareDistribution/Download rm -rf C:/WINDOWS/SoftwareDistribution/Download/* - Explorer/Help/About Windows (actually the 'winver' command) says this: . SP2 + Windows Update - Version 5.1 (Build 2600.xpsp_sp2_gdr.050301-1519: Service Pack 2) . SP2 download, on top of SP1 with no Windows Update - Version 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158: Service Pack 2) . SP1, partially updated to SP2 - Version 5.1 (Build 2600.xpsp2.050301-1526: Service Pack 1) . SP1 - Version 5.1 (Build 2600.xpsp1.020828-1920: Service Pack 1) . SP0 (no SP's) - Version 5.1 (Build 2600.xpclient.010817-1148) . DEMOTING an image to /proj/testbed/images (edit the image descriptor unless it's symlinked.) ls -l /usr/testbed/images/WINXP-$image.ndz df -m /proj/testbed/images cp -p /usr/testbed/images/WINXP-$image.ndz /proj/testbed/images # Check. ls -l /{usr,proj}/testbed/images/WINXP-$image.ndz ssh ops cksum /proj/testbed/images/WINXP-$image.ndz & cksum /usr/testbed/images/WINXP-$image.ndz # Clear the old copy. df -m /usr/testbed/images rm -f /usr/testbed/images/WINXP-$image.ndz df -m /usr/testbed/images ================================================================ Updating a set of existing images. . Build changes one place, make tarballs to update the others. #[On the build node, as me.] date=2005-09-19 updates=/proj/testbed/fish/winxp cd / # Work around a running sshd. cp -p /usr/sbin/sshd.exe{,.new} sysfiles="usr/sbin/sshd.exe.new bin/ssh-host-config etc/sshd_config \ etc/profile sbin/agetty.exe etc/inittab" v $sysfiles tar cvfz $updates/sys_$date.tgz $sysfiles cd /usr/local elabpat="etc/emulab man/man{1/{install,emulab}-*,8/program-*}" elabfiles=`eval "echo $elabpat"` v -d $elabfiles v /etc/emulab/paths.* tar cvfz $updates/elab_$date.tgz $elabfiles #[On Boss.] set date=2005-09-19 set updates=/proj/testbed/fish/winxp set nodes="SP0 SP1 SP2 UPDATE" set hw=pc850 set hw=pc3000 set pid=testbed eid=new-windows-$hw set exp=$eid.$pid.emulab.net foreach node ( $nodes ) echo $node.$exp ping -c 1 $node.$exp end # Copy the tarballs to /tmp as me, and unpack as root . # (Could get them via Samba, except Root has no Samba access.) foreach node ( $nodes ) scp -p $updates/*_$date.tgz $node.$exp\:/tmp end # First update Cygwin setup, then Cygwin itself. foreach node ( $nodes ) echo $node.$exp ssh $node.$exp cp -p /share/windows/cygwin-setup.exe /tmp/setup.exe sudo ssh $node.$exp "cd C:/Software/Cygwin; cp /tmp/setup.exe .; " \ "rm -f cygwin-setup.exe; ls -l" end # Gotta do this part under an RDP login, *as root*. set rootpwd='daFluxGroup' set rd=/proj/testbed/fish/rdesktop/rdesktop-1.3.1 set rdarg="-K -g 1280x1024-500+0" foreach node ( $nodes ) echo $node.$exp (cd $rd; ./rdesktop $rdarg -u root -p "$rootpwd" $node.$exp &) sleep 1 end #[On the node, as root, under RDP.] echo $HOME regtool get /HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run/SetHOME # Installing OpenSSH hangs if you update it while it's running. # Uninstall openssh first if it's being updated. cygrunsrv -VQ sshd cygcheck -c openssh ls -l /etc/moduli ps -Welf | grep ssh net stop sshd # Click the Keep button, then change the New column to Uninstall on net/openssh. /cygdrive/c/software/cygwin/setup.exe & # Re-install openssh again. /cygdrive/c/software/cygwin/setup.exe & # Now update everything else. /cygdrive/c/software/cygwin/setup.exe & # May need to reboot and run again before adding any new packages like sysvinit. cygcheck -c sysvinit /sbin/reboot # Unpack the patched and edited system files. net stop init tar xvfz /tmp/sys_*.tgz -C / net start init # sshd.exe may be busy, move the busy executable aside. ls -l /usr/sbin/sshd* cd /usr/sbin net stop sshd mv sshd.exe{,.prev} mv sshd.exe{.new,} ls -l /usr/sbin/sshd* net start sshd #[On Boss.] # Shut down the Emulab services. foreach node ( $nodes ) echo $node.$exp sudo ssh $node.$exp 'ps -Welf | grep emulab; killall evproxy' sudo ssh $node.$exp '$rc/rc.syncserver shutdown; $rc/rc.progagent shutdown; '\ '$rc/rc.slothd stop; sleep 5; ps -Welf | grep emulab; ' sudo ssh $node.$exp 'killall emulab-sync program-agent slothd' end # Unpack the Emulab files. foreach node ( $nodes ) echo $node.$exp sudo ssh $node.$exp "tar xfz /tmp/elab_*.tgz -C /usr/local" echo "" sleep 1 end . Do one-time updates #[On Boss.] foreach node ( $nodes ) echo $node.$exp sudo ssh $node.$exp "bootcfg /query; bootcfg /ems OFF /id 1; bootcfg /query" sudo ssh $node.$exp "chown system.system /etc/inittab /etc/rc; "\ "cygrunsrv -I init -d 'Cygwin SysV init' -p /sbin/init -a -i -s INT; "\ "net start init" end - Some things still have to be done through the GUI under RDP. . Go into Control Panel / Power Options / Hibernate, and make sure it's disabled. Also set Power Options / Power Schemes to "Always On". . Reboot and test. #[On Boss.] node_reboot -e $pid,$eid # Network configs. foreach node ( $nodes ) echo $node.$exp sudo ssh $node.$exp "ipconfig /all" echo "" end # Connectivity test. foreach node1 ( $nodes ) foreach node2 ( $nodes ) if ( "$node1" != "$node2" ) then echo $node1 pings $node2 sudo ssh $node1.$exp "ping $node2" endif end end . Update the dates in the image ID's. # [On boss:] mysql tbdb select imagename, created, path from images where imagename like 'WINXP%'; select imagename, created, path from images where imagename like 'WINXP-SP_'; update images set created='2005-08-22 16:49' where imagename like 'WINXP-SP_'; update images set created='2005-08-22 16:49' where imagename like 'WINXP-UPDATE';