uk-image.txt 3.07 KB
Newer Older
1
Stuff I did to make a node image for University of Kentucky and Georgia Tech.
2
3
4
5
6
7
8
9
10
11
Much of this overlaps with local image creation (see newimage.txt).

Start with one of our freshly loaded images.

A. FreeBSD (while running single user):

* Make sure local filesystems are mounted:
  mount -at ufs

* /root/.cvsup/auth
12
13
14
  Customize host/domain, change the password.  Then run "cvpasswd" giving the
  password just used.  Put the line spit out by cvpasswd in the boss node's
  /usr/testbed/sup/cvsupd.passwd file.
15
16
17
18
19
20
21
22

* /root/.ssh
  Remove known_hosts if it exists.  Put in local boss root pub key.
  Leave in our pub key if acceptible.

* /etc/localtime
  Copy the correct file over from /usr/share/zoneinfo

23
* /usr/local/etc/emulab/master.passwd
24
25
26
  Change the root password, this file will get installed by prepare.

* /etc/ssh/ssh_host*
Mike Hibler's avatar
Mike Hibler committed
27
28
29
  Generate new host keys.  Actually, copy from an existing image if
  available (i.e., we use a single host key across all images and OSes
  within a testbed).
30

31
* /etc/emulab/{client,emulab}.pem
Mike Hibler's avatar
Mike Hibler committed
32
33
34
35
36
37
  Generate new ones.  This needs to be done on the site's boss node.
  Go into the build tree "ssl" subdirectory and edit the *.cnf.in files
  to update the "[ req_distinguished_name ]" section with the appropriate
  country, state, city, etc.  Then do a "gmake boss-installX" which generates
  the certs and installs the server-side.  Grab the emulab.pem and client.pem
  from that directory to put in the images.
38
39

* Unmount filesystems, and remount root read-only to be safe:
40
41
  cd /
  umount -h <fs node name>
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
  umount -at ufs
  mount -u -o ro /


B. While running Linux (single user):

* /root/.cvsup/auth
  Customize host/domain, leave password alone?

* /root/.ssh
  Remove known_hosts if it exists.  Put in local boss root pub key.
  Leave in our pub key if acceptible.

* /etc/localtime
  Copy the correct file over from /usr/share/zoneinfo

* /etc/ssh/ssh_host*
Mike Hibler's avatar
Mike Hibler committed
59
60
61
  Generate new host keys.  Actually, copy from an existing image if
  available (i.e., we use a single host key across all images and OSes
  within a testbed).
62
63
64
65
66

* /etc/testbed/shadow
  Change the root password, this file will get installed by prepare.

* /etc/testbed/{client,emulab}.pem
Mike Hibler's avatar
Mike Hibler committed
67
  Generate new ones.  This needs to be done on the site's boss node.
68
  Go into the source tree "ssl" subdirectory and edit the *.cnf.in files
Mike Hibler's avatar
Mike Hibler committed
69
  to update the "[ req_distinguished_name ]" section with the appropriate
70
71
72
73
74
75
  country, state, city, etc.  Then go to the build directory and do a
  "gmake boss-installX" which generates the certs and installs the
  server-side.  Grab the emulab.pem and localhost.pem from that directory
  to put in the images as emulab.pem and client.pem.  [ NOTE: we can
  get by without the certs if the client tmcc and server tmcd are built
  without SSL support (tmcc-nossl and tmcd-nossl targets).
76
77

* Remount root filesystem read-only (IMPORTANT!)
78
  cd /
79
80
  mount -o remount,ro /

Mike Hibler's avatar
Mike Hibler committed
81
82
83
84
* Fsck it for good luck.  Actually, not only good luck but also resets
  some time stamp that forces an fsck periodically
  fsck -f <root device>

85
86
87
D. Frisbee MFS (boss:/tftpboot/frisbee/boot/mfsroot):

E. FreeBSD MFS (boss:/tftpboot/boot/mfsroot):