Date: Wed, 07 Aug 2002 16:53:27 -0700 From: Darren Pilgrim <dmp@pantherdragon.org> To: FreeBSD-Stable <stable@freebsd.org> Subject: Safest way to do a remote installworld? Message-ID: <3D51B2F7.CE6F51D7@pantherdragon.org> References: <20020807214726.89A505D04@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been trying to come up the safest way possible to do a remote
installworld without doing it from the console in single-user mode.
Here's what I've come up with so far, please tell me if there's
something else I can do to make it safer:
- Do normal pre-buildworld stuff and buildworld.
- Backup /, /boot, /bin, /etc, /modules, and /sbin to
/userdata/rootdir_backup.tar.
- INSTKERNNAME="kernel.GENERIC" make -e kernel -DNO_MODULES
- make kernel KERNCONF=CUSTOM
- install -o root -g wheel -m 555 -f schg /usr/obj/usr/src/sys/CUSTOM/kernel.debug /kernel.debug
- Backup, /usr/X11R6, /usr/bin, /usr/compat, /usr/include, /usr/lib,
/usr/libdata, /usr/libexec, /usr/sbin, and /usr/share to
/userdata/usr_backup.tar.
- Backup, /usr/local to /userdata/usr.local_backup.tar.
- Roll-over all logs under syslog's control.
- Backup /var to /userdata/var_backup.tar.
- Backup /root to /userdata/roothome_backup.tar.
- Backup /home and any other user-data filesystems that are on any
disks touched by installworld.
- Backup the disklabels.
- Take a snapshot of /dev using this pair of commands:
ls -alR | egrep ^c | awk '{print $1 " " $3 " " $4 " " $5 " " $6 " " $10}' >/userdata/devlist_pre-iw
ls -alR | egrep -v ^c | awk '{print $1 " " $3 " " $4 " " $5 " " $9 " " $10 " " $11}' >>/userdata/devlist_pre-iw
- Set the machine to do nothing more than bring up the normal network
configuration, an open firewall, and run what's required for a
functioning system and sshd.
- Run a script to disable logins on all accounts except for root and
the non-root admin account.
- Verify and apply this patch:
--- /usr/src/etc/rc Thu May 9 10:39:01 2002
+++ /etc/rc Wed Aug 7 03:36:41 2002
@@ -227,6 +227,14 @@
adjkerntz -i
+if [ -e /usr/obj/installworld_on_reboot ]; then
+ mount -uat ufs -o exec
+ rm /usr/obj/installworld_on_reboot
+ # /empty_fs is a synchronous filesystem by itself on a disk
+ cd /usr/src && script /empty_fs/m-iw.out make installworld
+ mount -uat ufs
+fi
+
purgedir() {
local dir file
- Reboot the machine with the new kernels and old world.
- Login in and look at dmesg output and the log files for anything
non-kosher.
- If everything looks ok, touch /usr/obj/installworld_on_reboot and
reboot again.
- Machine runs installworld, then finishes booting back to the
stripped-down multi-user state.
- Log back in and examine the installworld output for problems.
- Mergemaster
- Run /root/devupdate, which installs /usr/src/etc/MAKEDEV* to
/usr/obj/tempdev, makes the full set of devices, takes a snapshot,
then diffs that snapshot with devlist_pre-iw.
- Make any needed updates to /dev.
- cd /usr/src/release/sysinstall && make all install
- Rebuild and reinstall anything that may have gotten clobbered by
installworld (like postfix).
- Swap the special config files with the normal versions, reenable
the user accounts and reboot again.
The system should now come back up to a full running state.
- Pull down doc-all
- Test all the installed ports, rebuild and reinstall as desired.
- Pull down a new ports tree and portupgrade as desired.
What do you think?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D51B2F7.CE6F51D7>