Date: Wed, 07 Aug 2002 16:53:27 -0700 From: Darren Pilgrim <dmp@pantherdragon.org> To: FreeBSD-Stable <stable@freebsd.org> Subject: Safest way to do a remote installworld? Message-ID: <3D51B2F7.CE6F51D7@pantherdragon.org> References: <20020807214726.89A505D04@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've been trying to come up the safest way possible to do a remote installworld without doing it from the console in single-user mode. Here's what I've come up with so far, please tell me if there's something else I can do to make it safer: - Do normal pre-buildworld stuff and buildworld. - Backup /, /boot, /bin, /etc, /modules, and /sbin to /userdata/rootdir_backup.tar. - INSTKERNNAME="kernel.GENERIC" make -e kernel -DNO_MODULES - make kernel KERNCONF=CUSTOM - install -o root -g wheel -m 555 -f schg /usr/obj/usr/src/sys/CUSTOM/kernel.debug /kernel.debug - Backup, /usr/X11R6, /usr/bin, /usr/compat, /usr/include, /usr/lib, /usr/libdata, /usr/libexec, /usr/sbin, and /usr/share to /userdata/usr_backup.tar. - Backup, /usr/local to /userdata/usr.local_backup.tar. - Roll-over all logs under syslog's control. - Backup /var to /userdata/var_backup.tar. - Backup /root to /userdata/roothome_backup.tar. - Backup /home and any other user-data filesystems that are on any disks touched by installworld. - Backup the disklabels. - Take a snapshot of /dev using this pair of commands: ls -alR | egrep ^c | awk '{print $1 " " $3 " " $4 " " $5 " " $6 " " $10}' >/userdata/devlist_pre-iw ls -alR | egrep -v ^c | awk '{print $1 " " $3 " " $4 " " $5 " " $9 " " $10 " " $11}' >>/userdata/devlist_pre-iw - Set the machine to do nothing more than bring up the normal network configuration, an open firewall, and run what's required for a functioning system and sshd. - Run a script to disable logins on all accounts except for root and the non-root admin account. - Verify and apply this patch: --- /usr/src/etc/rc Thu May 9 10:39:01 2002 +++ /etc/rc Wed Aug 7 03:36:41 2002 @@ -227,6 +227,14 @@ adjkerntz -i +if [ -e /usr/obj/installworld_on_reboot ]; then + mount -uat ufs -o exec + rm /usr/obj/installworld_on_reboot + # /empty_fs is a synchronous filesystem by itself on a disk + cd /usr/src && script /empty_fs/m-iw.out make installworld + mount -uat ufs +fi + purgedir() { local dir file - Reboot the machine with the new kernels and old world. - Login in and look at dmesg output and the log files for anything non-kosher. - If everything looks ok, touch /usr/obj/installworld_on_reboot and reboot again. - Machine runs installworld, then finishes booting back to the stripped-down multi-user state. - Log back in and examine the installworld output for problems. - Mergemaster - Run /root/devupdate, which installs /usr/src/etc/MAKEDEV* to /usr/obj/tempdev, makes the full set of devices, takes a snapshot, then diffs that snapshot with devlist_pre-iw. - Make any needed updates to /dev. - cd /usr/src/release/sysinstall && make all install - Rebuild and reinstall anything that may have gotten clobbered by installworld (like postfix). - Swap the special config files with the normal versions, reenable the user accounts and reboot again. The system should now come back up to a full running state. - Pull down doc-all - Test all the installed ports, rebuild and reinstall as desired. - Pull down a new ports tree and portupgrade as desired. What do you think? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D51B2F7.CE6F51D7>