1#!/bin/csh 2# 3# This will format a new machine with a BOOT+HAMMER setup and install 4# the live CD. You would boot the live CD, dhclient your network up, 5# then run 'rconfig :hammer', assuming you have a rconfig server on the 6# LAN. Alternately fetch the script from a known location and just run it. 7# 8# ad0s1a will be setup as a small UFS /boot. ad0s1d will be setup as 9# HAMMER with all remaining disk space. Pseudo file-systems will be 10# created for /var, /usr, etc (giving them separate inode spaces and 11# backup domains). 12# 13# ad0s1d will be set up as encrypted root file system using cryptsetup. 14# During the installation process you have to choose a password and enter 15# it three times. Remember your password as you won't be able to recover 16# your data without it! 17# 18# WARNING: HAMMER filesystems (and pseudo-filesystems) must be 19# occassionally pruned and reblocked. 'man hammer' for more information. 20 21set disk = "ad0" 22 23# For safety this only runs on a CD-booted machine 24# 25df / | awk '{ print $1; }' | fgrep cd 26if ( $status > 0 ) then 27 echo "This program formats your disk and you didn't run it from" 28 echo "A CD boot!" 29 exit 1 30endif 31 32echo "This program formats disk ${disk}! Hit ^C now or its gone." 33foreach i ( 10 9 8 7 6 5 4 3 2 1 ) 34 echo -n " $i" 35 sleep 1 36end 37echo "" 38 39# Unmount any prior mounts on /mnt, reverse order to unwind 40# sub-directory mounts. 41# 42foreach i ( `df | fgrep /mnt | awk '{ print $6; }' | tail -r` ) 43 echo "UMOUNT $i" 44 umount $i 45end 46 47# Set our disk here 48# 49sleep 1 50set echo 51 52# Format and label the disk. 53# 54# 'a' small UFS boot 55# 'd' HAMMER filesystem 56# 57# Use PFSs for backup domain separation 58# 59dd if=/dev/zero of=/dev/${disk} bs=32k count=16 60fdisk -IB ${disk} 61disklabel64 -r -w ${disk}s1 auto 62disklabel64 -B ${disk}s1 63disklabel64 ${disk}s1 > /tmp/label 64cat >> /tmp/label << EOF 65 a: 256m 0 4.2BSD 66 b: 2g * swap 67 d: * * HAMMER 68EOF 69disklabel64 -R ${disk}s1 /tmp/label 70 71newfs /dev/${disk}s1a 72 73# Load dm and setup a new encrypted root fs 74# 75kldload dm 76cryptsetup -y luksFormat /dev/${disk}s1 77cryptsetup luksOpen /dev/${disk}s1d root || exit 1 78 79newfs_hammer -L ROOT /dev/mapper/root 80 81# Mount it 82# 83mount_hammer /dev/mapper/root /mnt 84mkdir /mnt/boot 85mount /dev/${disk}s1a /mnt/boot 86 87# Create PFS mount points for nullfs. 88# 89# Do the mounts manually so we can install the system, setup 90# the fstab later on. 91mkdir /mnt/pfs 92 93hammer pfs-master /mnt/pfs/usr 94hammer pfs-master /mnt/pfs/usr.obj 95hammer pfs-master /mnt/pfs/var 96hammer pfs-master /mnt/pfs/var.crash 97hammer pfs-master /mnt/pfs/var.tmp 98hammer pfs-master /mnt/pfs/tmp 99hammer pfs-master /mnt/pfs/home 100 101mkdir /mnt/usr 102mkdir /mnt/var 103mkdir /mnt/tmp 104mkdir /mnt/home 105 106mount_null /mnt/pfs/usr /mnt/usr 107mount_null /mnt/pfs/var /mnt/var 108mount_null /mnt/pfs/tmp /mnt/tmp 109mount_null /mnt/pfs/home /mnt/home 110 111mkdir /mnt/usr/obj 112mkdir /mnt/var/tmp 113mkdir /mnt/var/crash 114 115mount_null /mnt/pfs/var.tmp /mnt/var/tmp 116mount_null /mnt/pfs/var.crash /mnt/var/crash 117mount_null /mnt/pfs/usr.obj /mnt/usr/obj 118 119chmod 1777 /mnt/tmp 120chmod 1777 /mnt/var/tmp 121 122# Install the system from the live CD 123# 124cpdup -o / /mnt 125cpdup -o /boot /mnt/boot 126cpdup -o /usr /mnt/usr 127cpdup -o /var /mnt/var 128cpdup -i0 /etc.hdd /mnt/etc 129 130chflags -R nohistory /mnt/tmp 131chflags -R nohistory /mnt/var/tmp 132chflags -R nohistory /mnt/var/crash 133chflags -R nohistory /mnt/usr/obj 134 135# Create some directories to be used for NFS mounts later on. 136# Edit as desired. 137# 138foreach i ( /proc /usr/doc /usr/src /repository /ftp /archive ) 139 if ( ! -d /mnt$i ) then 140 mkdir /mnt$i 141 endif 142end 143 144cat > /mnt/etc/fstab << EOF 145# Device Mountpoint FStype Options Dump Pass# 146/dev/${disk}s1d / hammer rw 1 1 147/dev/${disk}s1a /boot ufs rw 1 1 148/dev/${disk}s1b none swap sw 0 0 149/pfs/usr /usr null rw 0 0 150/pfs/var /var null rw 0 0 151/pfs/tmp /tmp null rw 0 0 152/pfs/home /home null rw 0 0 153/pfs/var.tmp /var/tmp null rw 0 0 154/pfs/usr.obj /usr/obj null rw 0 0 155/pfs/var.crash /var/crash null rw 0 0 156proc /proc procfs rw 0 0 157# misc NFS mounts to get your test box access to 'stuff' 158#crater:/repository /repository nfs ro,intr,bg 0 0 159#crater:/usr/doc /usr/doc nfs ro,intr,bg 0 0 160#crater:/ftp /ftp nfs ro,intr,bg 0 0 161#crater:/sources/HEAD /usr/src nfs ro,intr,bg 0 0 162#pkgbox:/archive /archive nfs ro,intr,bg 0 0 163EOF 164 165 166# Mount devfs and create a new initrd 167# 168mount_devfs /mnt/dev 169chroot /mnt mkinitrd 170 171# Because root is not on the boot partition we have to tell the loader 172# to tell the kernel where root is. 173# 174cat > /mnt/boot/loader.conf << EOF 175dm_load="YES" 176initrd.img_load="YES" 177initrd.img_type="md_image" 178vfs.root.mountfrom="ufs:md0s0" 179vfs.root.realroot="crypt:hammer:/dev/${disk}s1d:root" 180EOF 181 182# Setup interface, configuration, sshd 183# 184set ifc = `route -n get default | fgrep interface | awk '{ print $2; }'` 185set ip = `ifconfig $ifc | fgrep inet | fgrep -v inet6 | awk '{ print $2; }'` 186set lip = `echo $ip | awk -F . '{ print $4; }'` 187 188echo -n "ifconfig_$ifc=" >> /mnt/etc/rc.conf 189echo '"DHCP"' >> /mnt/etc/rc.conf 190cat >> /mnt/etc/rc.conf << EOF 191sshd_enable="YES" 192dntpd_enable="YES" 193hostname="test$lip.MYDOMAIN.XXX" 194dumpdev="/dev/${disk}s1b" 195EOF 196 197# Misc sysctls 198# 199cat >> /mnt/etc/sysctl.conf << EOF 200#net.inet.ip.portrange.first=4000 201EOF 202 203# adjust work directory for pkgsrc in case we want 204# to mount /usr/pkgsrc read-only. 205# 206cat >> /mnt/usr/pkg/etc/mk.conf << EOF 207.ifdef BSD_PKG_MK # begin pkgsrc settings 208WRKOBJDIR= /usr/obj/pkgsrc 209.endif # end pkgsrc settings 210EOF 211 212# Allow sshd root logins via dsa key only 213# 214fgrep 'PermitRootLogin without-password' /mnt/etc/ssh/sshd_config >& /dev/null 215if ( $?status ) then 216 echo "PermitRootLogin without-password" >> /mnt/etc/ssh/sshd_config 217endif 218 219# additional loader.conf stuff 220#cat >> /mnt/boot/loader.conf << EOF 221#if_nfe_load="YES" 222#EOF 223 224# Get sshd working - auto install my key so I can login. 225# 226#mkdir -p /mnt/root/.ssh 227#cat > /mnt/root/.ssh/authorized_keys << EOF 228#ssh-dss ... 229#EOF 230 231if ( ! -f /mnt/etc/ssh/ssh_host_dsa_key ) then 232 cd /mnt/etc/ssh 233 ssh-keygen -t dsa -f ssh_host_dsa_key -N "" 234endif 235 236# take CD out and reboot 237# 238