plan9 cpu/auth server setup


Cpu/auth server setup

The cpu/auth server is the first machine that should be installed when setting up a plan 9 network. A good overview of the process is available from the Bell-labs Plan9 Wiki page "configuring a standalone CPU server".

After doing a base install, the first thing to do is add the account of the cpu owner. Infomation on adding users be found in the Getting Started with plan 9 paper.

The first step is to turn of permission checking on the kfs file system:

	disk/kfscmd allow

add a line like

10002:bootes:bootes
to /adm/users, run kfscmd user to read the user database back into kfs and then run
disk/kfscmd 'create /usr/bootes bootes bootes 775 d'
disk/kfscmd 'create /mail/box/bootes bootes upas 775 d'
disk/kfscmd 'create /mail/box/bootes/mbox bootes upas 622 al'
to setup bootes's home directory and mail box.

Turn back on filesystem checking and sync (critical if you care about your files...) and halt the filesystem

	disk/kfsmd user
        disk/kfscmd disallow
        disk/kfscmd sync
        disk/kfscmd halt

Now reboot the machine using ctrl-alt-del and login as bootes (note the window system will not start at this point) next run

	/sys/lib/newuser
to set up a profile and start the window system.

The next step is to setup networking by editing /rc/bin/cpurc and /lib/ndb/local as described in the Getting Started with plan 9 paper.

When making the network entries in /lib/ndb/local make sure to add dns= and auth= entries. Our /lib/ndb/local is here . Note we had to have a class B section in the ndb/local file since we have a class B address.

The next setup is to make a number of changes to /rc/bin/cpurc as outlined in the Getting Started with plan 9 paper. Including enabling dhcp and tftp for the booting of diskless clients. Our /rc/bin/cpurc is here . This also includes sections from termrc in order to run rio on the cpu/auth server.

generate ssh keys:

	disk/kfscmd allow
	aux/ssh_genkey
	chgrp -u bootes /sys/lib/ssh/hostkey*
	disk/kfscmd disallow
	disk/kfscmd sync

Set up /lib/ndb/auth so that the cpu owner user is allowed to become any user

	hostid=bootes
	uid=!sys uid=!adm uid=*

setup authenication services:

	disk/kfscmd allow
	rm /rc/bin/service/il566
	rm /rc/bin/service/tcp567
	cd /rc/bin/service.auth
	mv authserv.il566 il566
	mv authserv.tcp567 tcp567
	disk/kfscmd disallow
	disk/kfscmd sync

Build and install a cpu server kernel. We made modifications to the default pccpudisk file to support more hardware. (requires latest plan9 updates?) Our pccpudisk file is here .

	disk/kfscmd allow
	cd /sys/src/9/pc
	mk 'CONF=pccpudisk' 9pccpudisk
	9fat:
	cp 9pccpudisk /n/9fat/9pccpud
	disk/kfscmd disallow
	disk/kfscmd sync

modify the bootfile line in /n/9fat/plan9.ini to point to the new kernel. Our plan9.ini is:

	bootfile=sd00!9fat!9pccpud
	bootdisk=local!#S/sd00/fs
	distname=plan9
	partition=new
	scsi0=type=ncr53c8xx
	ether0=type=i82557
	monitor=xga
	vgasize=1024x768x8
	mouseport=ps2

create an nvram partition on the disk, we stole a sector from the end of the swap partition. Start disk/prep using

	disk/prep /dev/sd00/plan9
use "p" to print the partition table, we are interested in the swap partition, for us this starts as 16826587 and ends as 17767827 enter commands like:
	d swap
	a swap 16826587 17767826
	a nvram 17767826 17767827

invalidate the nvram using:

	echo somegarbagehere > /dev/sd00/nvram

Reboot the machine, after the reboot it will ask for the passwd of the cpu owner user (bootes) and authentication id (bootes) and an authentication domain (acl.lanl.gov)

Now add some user accounts using auth/changeuser in particular and account for bootes. At this point the cpu/auth server should be all setup.

After the setup of the fileserver, you may want to set the the cpu/auth server to boot off of the fileserver.


not a typewriter.