Home
|
UNIX
|
Oracle
|
Code
|
Practical
|
Private
NetBSD configuration
Introduction
NetBSD, the cleanest UNIX ever. Note. it seems we're not alone anymore : FreeBSD, OpenBSD, DragonflyBSD, PicoBSD, MidnightBSD, DesktopBSD, PC-BSD, MirOS/MirBSD.
Installation
During installation, you may choose :
- password encryption : SHA1
- default shell : ksh
Note. as for mount options, you can enable softdep if you won't have too much I/O on the disks.
Post installation in brief
- configure network
- configure SSH
- configure environment
- configure syslog
- remove default dotfiles and deploy custom KSH dotfiles
- configure binary packages
- configure time, crontab and indexing
Post installation in detail
Configure network
Setup the hostname,
cd /etc
vi myname
like,
host.example.net
Setup the IP address and netmask,
dmesg | egrep -i 'ethernet|network'
ifconfig -a
vi /etc/ifconfig.xennet0
like,
10.1.1.99 netmask 255.255.255.0 up
Setup the gateway,
cd /etc
vi mygate
like,
10.1.1.254
Setup static name resolutions and DNS,
vi /etc/nsswitch.conf
vi /etc/hosts
vi /etc/resolv.conf
Note. don't forget to define your own IP into /etc/hosts
Apply,
/etc/rc.d/network restart
Note. on NetBSD, the hostname also gets configured with this. No need to use the hostname command.
Check everything's fine,
ifconfig xennet0
netstat -r -f inet
ping ...
Same configs but for troubbleshooting, immediate & temporary changes,
hostname host.example.net
ifconfig pcn0 10.1.1.99 netmask 255.255.255.0 up
route delete default
route add default 10.0.0.254
Otherwise for DHCP,
vi /etc/rc.conf
like,
dhclient=yes
dhclient_flags="pcn0"
or simply,
vi /etc/ifconfig.pcn0
like,
!dhclient $int &
Otherwise for PPPOE internet access, intead of using the rp-pppoe, use the built-in thing. Use the examples from,
man pppoectl
Also for Wireless,
man ifconfig
Configure SSH
Eventually permit the root user to login remotely. This may be convenient for testing servers. Otherwise it's just for users (which can su -) which is prefered on production server so you can trace who made "su -" and changes from the logs.
vi /etc/ssh/sshd_config
like,
PermitRootLogin yes
Enable SSH,
cd /etc
vi rc.conf
like,
sshd=yes
and start it (will generate the keys),
/etc/rc.d/sshd start
Configure syslog
On small testing servers (low load), it's convenient to have as much logs as possible in the same terminal or screen window,
cd /etc
mv syslog.conf syslog.conf.dist
vi syslog.conf
like,
*.* -/var/log/messages
fix perms and apply,
chmod 640 /var/log/messages
/etc/rc.d/syslogd restart
Remove default dotfiles and deploy custom KSH dotfiles
Wipe out the default '/', '/root' and skel dotfiles,
cd /
mkdir .trash
mv .cshrc .profile .trash
cd /root
mkdir .trash
mv .cshrc .klogin .login .profile .shrc .trash
cd /etc
mv skel skel.dist
mkdir skel
Configure environment
Remove the anying login welcome message,
cd /etc
mv motd motd.dist
Make sure default shell is KSH,
grep ksh /etc/shells
useradd -D -s /bin/ksh
#chpass -s /bin/ksh username
#chsh username
Note. check "/etc/usermgt.conf"
Configure KSH (it's PDKSH on NetBSD),
cd /
vi .profile
like,
ENV=$HOME/.kshrc
then,
vi .kshrc
like,
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:\
/usr/pkg/bin:/usr/pkg/sbin:$HOME/bin
HOSTNAME=`uname -n`
LANG=C
export PATH HOSTNAME LANG
[[ $USER = root ]] && \
PS1='${HOSTNAME%%.*}# ' || \
PS1='${HOSTNAME%%.*}> '
case "$-" in *i*)
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
alias ll='ls -alF'
who
bind '^I'=complete
bind '^I'=complete-list
bind -m '^L'='clear^M'
;;
esac
note. it is necessary to check for interactive shell (case $- in *i*), check e.g. with scp
then,
cd ~/
ln -s ../.profile
ln -s ../.kshrc
note. it's necessary to have both profile and kshrc in one's homedir to get the right prompt into GNU Screen windows
apply immediately,
. /.kshrc
Edit mail aliases,
cd /etc/mail
vi aliases
newaliases
Eventually configure a smart host,
cd /etc/postfix
vi main.cf
change,
relayhost = smtp.free.fr
Configure binary packages
To use the provided pkgsrc binaries,
cd ~/
vi .kshrc
add,
PKG_PATH=ftp://ftp.fr.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/5.0.2_2010Q2/All
PASSIVE_FTP=yes
export PKG_PATH PASSIVE_FTP
apply,
. ./.kshrc
install those packages,
pkg_add \
screen \
wget \
lynx \
lftp
note. add the -v flag is you want
note. to configure screen,
cd /etc
mkdir -p /usr/pkg/etc
ln -s /usr/pkg/etc/screenrc
vi screenrc
like,
startup_message off
caption always "%-Lw%{= BW}%50>%n%f* %t%{-}%+Lw%< %{=b BW} %H %{-} %l %c %d/%m/%Y"
bindkey ^[, prev
bindkey ^[; next
shelltitle ""
autodetach on
defscrollback 65000
then user specifics,
cd ~/
vi .screenrc
like e.g.,
screen -t "log" 0 tail -F /var/log/messages
and launch,
cd ~/
screen
Configure time & crontab
Synchronize the time manually once through NTP,
ntpdate -u ntp.obspm.fr
note. '-s' for syslog output, '-u' for firewall bypass, '-b' for bootime
note. you could also make it through "date -s ..."
and enable the NTP daemon for smooth time synch,
cd /etc
mv ntp.conf ntp.conf.dist
sed '/^$/d;/^#/d' ntp.conf.dist > ntp.conf
vi ntp.conf
note. remove the ^tos line if connecting to one NTP server only
note. in france there's 'ntp.obspm.fr' and 'ntp1.dedibox.fr'
apply,
echo "ntpd=yes" >> /etc/rc.conf
/etc/rc.d/ntpd start
Disable at, check log rotation (once a day is fine, textproc will be fast when using grep against it), enable monthly crontab (/etc/monthly),
crontab -e
e.g.,
#*/10 * * * * /usr/libexec/atrun
0 0 * * * /usr/bin/newsyslog
#0 0 * * mon /usr/bin/newsyslog
...
30 5 1 * * /bin/sh /etc/monthly 2>&1 | tee /var/log/monthly.out | sendmail -t
Note. indexing (/usr/libexec/locate.updatedb) is included in the weekly crontab (/etc/weekly)
Build the locate database (/var/db/locate.database),
/usr/libexec/locate.updatedb
Note. the weekly crontab (/etc/weekly) updates this database if it exists
Security
man 8 security
Note. if you edit 'login.conf',
vi /etc/login.conf
don't forget to apply the changes,
cap_mkdb /etc/login.conf
Update the system
First, fetch the NetBSD sets from your prefered mirror to some directory. Note. 'misc.tgz' and 'etc.tgz' are links to '../../../share'. Therefore a simple FTP mget won't do.
Update the kernel,
mv /netbsd /netbsd.old
tar xvzpfe kern-GENERIC.tgz -C /
shutdown -r now
Note. don't do "reboot" on BSD systems
Note. you need to boot with the new kernel before the userland update. Otherwise "tar", "gunzip" and basic commands may segfault.
Boot in single user mode (to prevent a second reboot thereafter). At bootloader's prompt,
boot -s
then,
mount -o rw /
Update the userland,
tar xzphfe base.tgz -C /
tar xzphfe comp.tgz -C /
tar xzphfe man.tgz -C /
tar xzphfe misc.tgz -C /
tar xzphfe text.tgz -C /
mkdir /root/etc
tar xzphfe etc.tgz -C /root/etc
etcupdate -b /root/etc
#etcupdate -s etc.tgz
cd /dev
./MAKEDEV all
sync
sh /etc/rc
#shutdown -r now
Note. there's also the 'postinstall' script but it removes old libs and acts without asking. 'etcupdate' + MAKEDEV are just fine !
Miscellaneous
Power off
Shutdown the system and power off,
shutdown -p now
GRUB
Install and configure GRUB,
pkg_add -v grub
grub-install --no-floppy /dev/sd0d
vi /grub/menu.lst
like,
title NetBSD
root (hd0,0,a) # NetBSD on 1st MBR partition of 1st IDE disk
chainloader +1
title NetBSD_multiboot
root (hd0,0,a) # NetBSD on 1st MBR partition of 1st IDE disk
kernel /netbsd
Note. with grub-install, there's no need to proceed manually,
#grub --no-floppy
#root (hd0,a)
#setup (hd0)
Note. you can also proceed manually at grub prompt. By chainloading
the NetBSD bootloader,
grub> rootnoverify (hd0,0)
grub> chainloader +1
grub> boot
or by booting the kernel directly:
grub> root (hd0,0,a)
grub> kernel /netbsd
grub> boot
Disable ACPI
boot -u
disable acpi0
for permanent change,
vi /boot.cfg
change '1' to '3',
default=3
NFS server
Configure your shared dirs,
/data/0nfs -ro -alldirs -maproot=root -network 192.168.0.0/24
Enable the daemons,
cd /etc
vi rc.conf
add,
nfs_server=yes
nfsd_flags="-tun 4"
nfs_client=yes
rpcbind=yes
rpcbind_flags="-l"
mountd=yes
lockd=yes
statd=yes
note. nfsd -t for tcp, -u for udp
apply,
/etc/rc.d/rpcbind start
/etc/rc.d/mountd start
/etc/rc.d/nfsd start
/etc/rc.d/nfslocking start
and to stop all,
/etc/rc.d/nfslocking stop
/etc/rc.d/nfsd stop
/etc/rc.d/mountd stop
/etc/rc.d/rpcbind stop
Softdep
You may speed up a bit harddisk i/o performance by activating soft depedencies (safter than async),
vi /etc/fstab
like,
/dev/wd0a / ffs rw,softdep 1 1
ATA Harddrive standby (for idling NAS or a laptop)
/sbin/atactl wd0 smart enable
/sbin/atactl wd1 smart enable
/sbin/atactl wd2 smart enable
/sbin/atactl wd0 setidle 602
/sbin/atactl wd1 setidle 601
/sbin/atactl wd2 setidle 600
/sbin/atactl wd0 setstandby 902
/sbin/atactl wd1 setstandby 901
/sbin/atactl wd2 setstandby 900
Cdrom
If you're inserting CDroms very often,
mkdir /mnt/cdrom
vi /etc/fstab
like,
/dev/cd0a /mnt/cdrom cd9660 ro,noauto 0 0
wscons mouse
If you're not working remotely and prefer the console over X11, you may need to activate wscons mouse support and some larger screen resolution. To activate wscons' mouse,
cp /usr/share/examples/wsmoused/wsmoused.conf /etc
chmod u+w /etc/wsmoused.conf
vi /etc/wsmoused.conf
like,
device = /dev/wsmouse;
mode selection {
slowdown_x = 1;
slowdown_y = 1;
}
enable the wsmouse daemon,
vi /etc/rc.conf
like,
wsmoused=YES
and start it,
/etc/rc.d/wsmoused start
80x50 virtual terminals
To get 80x50,
vi /etc/wscons.conf
uncomment,
font ibm - 8 ibm /usr/share/wscons/fonts/vt220l.808
and change those lines,
screen 1 80x50 vt100
screen 2 80x50 vt100
screen 3 80x50 vt100
note. 'vt220' won't work
note. '/etc/ttys' respawns getty on those virtual terminals
apply,
wsconscfg -d -F 1
wsconscfg -d -F 2
wsconscfg -d -F 3
/etc/rc.d/wscons restart
Note. 'ps auxw | grep getty' to check the getty processes have their TTYs
Note. to initialize the vterms manually,
#/usr/sbin/wsfontload -h 8 -e ibm -N ibm /usr/share/wscons/fonts/vt220l.808
#/usr/sbin/wsconscfg -t 80x50 -e vt100 1
#/sbin/wsconsctl -w "encoding=fr"
Edit master.passwd
Either,
vipw
or,
vi /etc/master.passwd
pwd_mkdb /etc/master.passwd
Boot loader usage
You can switch to serial console interactively,
consdev com0
To boot the default kernel from the boot loader prompt,
boot hd0a:netbsd
#boot /netbsd
Boot loader configuration
PC console,
cp /usr/mdec/boot /
fdisk -i wd0
#fdisk -B wd0
installboot -v -o timeout=5 /dev/rwd0a /usr/mdec/bootxx_ffsv2
Note. the latter needs to be executed after every /boot.cfg change
Note. -o needs to be repeated
Note. to check weather you have FFSv1 or v2,
dumpfs /dev/rwd0a | head -5
Note. for serial output,
cp /usr/mdec/boot /
fdisk -i wd0
fdisk -i -c /usr/mdec/mbr_com0_9600 wd0
#fdisk -B wd0
installboot -v -o timeout=5 -o console=com0 /dev/rwd0a /usr/mdec/bootxx_ffsv2
Note. default -o speed is 9600
Configure a console on the serial port,
vi /etc/ttys
like,
tty00 "/usr/libexec/getty std.9600" unknown on secure
Rebuild the kernel
Download the source and extract it,
cd ~/
tar xzf syssrc.tgz -C /
customize your new kernel,
cd /usr/src/sys/arch/i386/conf
cp GENERIC CUSTOM
vi CUSTOM
Note. beside your device driver selection, eventually change those e.g.,
options WS_KERNEL_FG=WSCOL_RED
config netbsd root on sd0a type ffs
Note. you may want to name your kernel after machine's name (instead of CUSTOM),
#hostname -s | tr [a-z] [A-Z]
Compile it and reboot,
config CUSTOM
cd ../compile/CUSTOM
make depend
make
mv /netbsd /netbsd.old
cp netbsd /
ls -l /
shutdown -r now
Refs.
Rebuild the system
For a NetBSD release, simply fetch all the tarballs but 'xsrc.tgz' as user,
id -un
ftp -a ftp://ftp.fr.netbsd.org/pub/NetBSD/NetBSD-5.0/source/sets/gnusrc.tgz
ftp -a ftp://ftp.fr.netbsd.org/pub/NetBSD/NetBSD-5.0/source/sets/sharesrc.tgz
ftp -a ftp://ftp.fr.netbsd.org/pub/NetBSD/NetBSD-5.0/source/sets/src.tgz
ftp -a ftp://ftp.fr.netbsd.org/pub/NetBSD/NetBSD-5.0/source/sets/syssrc.tgz
as for NetBSD current, use CVS or RSYNC against a mirror. For CVS,
#export CVSROOT=anoncvs@anoncvs.fr.netbsd.org:/cvsroot
#export CVS_RSH=ssh
#cd /usr
#cvs -q co src
to update,
#cd /usr/src
#cvs -q update -dP
for RSYNC,
#pkg_info | grep rsync
#rsync -a rsync://rsync.fr.NetBSD.org/NetBSD/NetBSD-current/src .
to update,
#make cleandir
#rsync -av rsync://rsync.fr.NetBSD.org/NetBSD/NetBSD-current/src .
Extract the source tarballs,
progress -zf gnusrc.tgz tar xf -
progress -zf sharesrc.tgz tar xf -
progress -zf src.tgz tar xf -
progress -zf syssrc.tgz tar xf -
mv usr/src .
rmdir usr
(Eventually proceed with your custom source code changes)
Prepare the directories,
rm -rf dest obj tools release
mkdir dest obj tools release
cd src
Build the sets,
./build.sh \
-D ../dest \
-N 0 \
-O ../obj \
-R ../release \
-T ../tools \
-U -u distribution sets >../sets.log 2>../sets.error.log &
tail -F ../build.log
Note. the target here is double : 'distribution' and 'sets'.
Note. for help,
#./build.sh -h | less
Note. to make the ISO,
#pkg_info | grep mkisofs
#... release iso-image
Refs.
Firefox
Native NetBSD Firefox package works (linux emul doesn't as of today : segfault), use Flash via "nspluginwrapper". Works even on NetBSD/amd64.
Comparison
+ serial boot floppies and cdrom iso
+ FFS has no .snap (like freebsd) nor lost-found (ext2), great for brutal perm changes
+ brand /bin/ksh (PDKSH) and background processes are quiet, their stdout doesn't show up in your shell
+ rc.d/network restart DOES setup the hostname
+ netbsd and freebsd have "ifconfig _if_ create" to create an interface, on linux it's just "ifconfig dummy0 IP netmask ...", same for bond0.
References