Cpu/auth server setup
The cpu/auth server is the first machine that should be installed when setting up a plan 9 network. A good overview of the process is available from the Bell-labs Plan9 Wiki page "configuring a standalone CPU server".
We use the Integrated 100BT network to do the base install, as the GigE card is not supported by the install process.
During the diskprep stage of the install we and nvram and cache partitions. To do this, use "p" to print the partition table. We are interested in the default fs partition, which we are going to decrease in size to make room for the cache and nvram partitions. For us the fs partition starts at 20482 and ends at 16826619 To change the partitions, enter commands like:
d fs a fs 20382 15500000 a cache 15500000 16826618 a nvram 16826618 16826619 w q
the final disk layout is:
>>> p 9fat 0 20482 (20482 sectors, 10.00 MB) fs 20482 15500000 (15479518 sectors, 7.38 GB) cache 15500000 16826618 (1326618 sectors, 647.76 MB) nvram 16826618 16826619 (1 sectors, 512 B ) swap 16826619 17767827 (941208 sectors, 459.57 MB)
After doing the install, the next thing to do is add the account of the cpu owner. Infomation on adding users be found in the kfs section of the plan 9 wiki.
Login as "glenda" and turn of permission checking on the kfs file system:
disk/kfscmd allow
add a line like
10002:bootes:bootesto /adm/users, run kfscmd user to read the user database back into kfs and then run
disk/kfscmd 'create /usr/bootes bootes bootes 775 d' disk/kfscmd 'create /mail/box/bootes bootes upas 775 d' disk/kfscmd 'create /mail/box/bootes/mbox bootes upas 622 al'to setup bootes's home directory and mail box.
Turn back on filesystem checking and sync (critical if you care about your files...) and halt the filesystem
disk/kfscmd sync
disk/kfscmd halt
Now reboot the machine using ctrl-alt-del and login as bootes (note the window system will not start at this point) next run
/sys/lib/newuserto set up a profile and start the window system.
install any updates (link)
Build and install a cpu server kernel. We made modifications to the pccpudisk . file to support more hardware. We also added a patch to etherga620.c to support the acenic cards .
disk/kfscmd allow cd /sys/src/9/pc mk 'CONF=pccpudisk' 9pccpudisk 9fat: cp 9pccpudisk /n/9fat/9pccpud disk/kfscmd disallow disk/kfscmd sync
modify /n/9fat/plan9.ini to use the new kernel, GigE cards and support netbooting. enabling multiconfig in the 3rd Ed. may require rebuilding 9load. Our plan9.ini is:
[menu] menuitem=net, network boot menuitem=local, disk boot menudefault=net,15 [net] bootargs=il -g 172.16.82.254 -h plan9 ether /net/ether0 172.16.82.1 255.255.255.0 0 172.16.82.2 172.16.82.1 [local] bootargs=local!#S/sd00/fs [common] bootfile=sd00!9fat!9pccpud distname=plan9 partition=new scsi0=type=ncr53c8xx ether0=type=ga620 ether1=type=ga620 monitor=sgi1600SW vgasize=1600x1024x8 mouseport=ps2
invalidate the nvram using:
echo somegarbagehere > /dev/sd00/nvram
The next step is to setup networking by editing /rc/bin/cpurc and /lib/ndb/local as described in the Network configuration section of the plan 9 wiki.
Because of the 2 interfaces in the cpu/auth server we need 2 versions of the ndb database. /lib/ndb/local for the internal interface and /lib/ndb/external for the external interface.
Note we had to have a class B section in both ndb files since we have a class B addresses.
The next setup is to make a number of changes to /rc/bin/cpurc Including enabling dhcp and tftp on the internal interface for the booting of diskless clients. Plus many changes to support the 2 interfaces. Our cpurc includes sections from termrc in order to run rio on the cpu/auth server and powerwall machines.
Set up /lib/ndb/auth so that the cpu owner user is allowed to become any user
hostid=bootes uid=!sys uid=!adm uid=*
setup custom authenication services for the cpu/auth server:
disk/kfscmd allow mkdir /rc/bin/service.plan9e /rc/bin/service.plan9e.auth mkdir /rc/bin/service.plan9i /rc/bin/service.plan9i.auth cp /rc/bin/service/* /rc/bin/service.plan9e/ cp /rc/bin/service/* /rc/bin/service.plan9i/ mv /rc/bin/service.plan9e/il566 /rc/bin/service.plan9e/_il566 mv /rc/bin/service.plan9i/il566 /rc/bin/service.plan9i/_il566 mv /rc/bin/service.plan9e/tcp567 /rc/bin/service.plan9e/_tcp567 mv /rc/bin/service.plan9i/tcp567 /rc/bin/service.plan9i/_tcp567 cp /rc/bin/service.auth/* /rc/bin/service.plan9e.auth/ cp /rc/bin/service.auth/* /rc/bin/service.plan9i.auth/ mv /rc/bin/servive.plan9e.auth/authserv.il566 /rc/bin/service.plan9e.auth/il566 mv /rc/bin/servive.plan9i.auth/authserv.il566 /rc/bin/service.plan9i.auth/il566 mv /rc/bin/servive.plan9e.auth/authserv.tcp567 /rc/bin/service.plan9e.auth/tcp567 mv /rc/bin/servive.plan9i.auth/authserv.tcp567 /rc/bin/service.plan9i.auth/tcp567 mv /rc/bin/servive.plan9e.auth/il565 /rc/bin/service.plan9e.auth/_il565 mv /rc/bin/servive.plan9i.auth/il565 /rc/bin/service.plan9i.auth/_il565 disk/kfscmd disallow disk/kfscmd sync
Directories with plan9e in the name are for the services run on the external interface of the cpu/auth server machine plan9, those with plan9i, are for the internal interface. We disabled the il565 service in the auth directories as it exists in the normal service directories as well.
make changes to /lib/namespace so the external interface gets setup in the default namespace.
Connect the Gigbit ethernet fibres and reboot the machine. After the reboot it will ask for the passwd of the cpu owner user (bootes) and authentication id (bootes) and an authentication domain (plan9.lanl.net)
Now add some user accounts using auth/changeuser in particular and account for bootes. At this point the next step is to setup the fileserver
Next is the setup of the fileserver
Last Modified: May 27 2002
dpx@acl.lanl.gov