| notes on configuring a plan 9 cpu+file+authentication server. |
|---|
| i am a big fan of the plan 9 operating system. i had been running just a standalone terminal load on a laptop for a while to get familiar with it but once i got hooked i just had to set up a server too. the directions on the plan 9 wiki are a little vague as regards setting up a combined cpu, authentication, and file server, so i put this page together to distill all the resources that i used down to a single page of step by step directions. |
| the first thing you need to do is figure out what distribution to use given the hardware you have on hand. if you have a fairly old bog standard sort of computer to work with, you can probably just use the official distribution from the plan 9 site. if you are running on newer hardware particularly that which is using the ICH9 chipset like a new atom based board, you will want to use the 9atom distribution prepared by erik quanstrom instead of the offical release because it contains essential driver updates. |
| at the time of this writing, note that 9atom will only work when the ICH9 is set to AHCI mode in the BIOS, otherwise the system will hang on boot at the message, aoepnp(<nil>). |
| really, at this point in time, if you are running on bare metal hardware, it is almost probably best to use the 9atom distribution regardless of the vintage of your equipment, simply because it is probably more up to date than the official release iso. however, if you are installing plan 9 on a vmware esxi virtual machine then you will want to use the official distribution ISO instead of the 9atom release, because the 9atom release seems to hang on boot before reaching the installer. |
| vmware esxi note: when setting up a virtual machine in vmware esxi to run plan 9, specify the virtual disk controller type as buslogic parallel. none of the other controller types will be detected by plan 9. |
| regardless of the release that you use, the installation procedure will be the same. once you are in the installer, just do a typical installation with defaults as you would do for a standalone terminal. when picking the filesystem type, you can choose to just do fossil only; it is not required to have fossil+venti to run a fileserver. other than that, the installation should be fairly self explanatory. once the installation is done, reboot the system and log in as glenda. now we are ready to get down to the business of configuring the system to run as a server. |
| vmware esxi note: the graphical installer will not run in a vmware esxi virtual machine due to driver support issues. instead of the GUI starting and automatically dropping to the installer, you will land at a prompt. at the prompt, type inst/textonly and continue as prompted. the graphics will work fine (at 640x480x8) when you boot the installed system from disk. |
| we will start out as the wiki suggests, making a directory for our server configuration files and editing the cpurc file. |
cd /cfg; mkdir $sysname; dircp example $sysname cd /cfg/$sysname acme cpurc |
| the plan 9 wiki leaves out some important stuff when discussing the cpurc file. refer to my cpurc file below to get a general idea of what should go in there. |
#!/bin/rc # cpu-specific startup authdom=diablonet.net facedom=diablonet.net fileserver=kfs # set up the network interface bind -b '#l0' /net bind -a '#I0' /net ip/ipconfig -g 172.16.1.1 ether /net/ether0 172.16.1.10 255.255.255.0 # set up resolution. we are running nameservers elsewhere. ndb/cs ndb/dns -r # ip/dhcpd # ip/tftpd # authentication server auth/secstored auth/keyfs -wp -m /mnt/keys >/dev/null >[2=1] auth/cron >>/sys/log/cron >[2=1] # listen for connections aux/listen -q -t /rc/bin/service.auth -d /rc/bin/service tcp # timesync aux/timesync -n -l 128.105.37.11 # start rio on the console with USB mouse for (i in m i S t P U) bind -a '#'^$i /dev >/dev/null >[2=1] usb/usbd usb/usbmouse aux/vga -l $vgasize exec rio |
| if you are using a ps/2 mouse instead of a USB mouse, you will want to substitute the following to start rio on the console. |
# start rio on the console with ps/2 mouse
for (i in m i S t P)
bind -a '#'^$i /dev >/dev/null >[2=1]
aux/mouse $mouseport
aux/vga -l $vgasize
exec rio
|
| if you are installing on a vmware esxi virtual machine, you will have to turn off video hardware acceleration before starting rio. you need to bind to the VGA device before you can turn off hardware acceleration. |
# start rio on the console with ps/2 mouse
for (i in m i S t P v)
bind -a '#'^$i /dev >/dev/null >[2=1]
aux/mouse $mouseport
aux/vga -l $vgasize
# disable video hardware acceleration
echo 'hwaccel off' > /dev/vgactl
exec rio
|
| they will tell you in the wiki to add some things to the cpurc file, and some other things to the cpustart file. it turns out that you can just put it all in the cpurc file; there is no need to use two different files. |
| note that we are only listening for authentication connections on tcp and not il. this is because il is no longer included in the kernel by default. if you try to listen for il connections without support being compiled in, you will get errors. you dont need actually il for things to work, and i am not using it on my network at all. |
| also note that you dont necessarily have to run rio on the server console but i find that it makes things a bit more pleasant. if you are using a usb mouse, pay careful attention to the bind statement in my cpurc file; you need to bind m before U, and then run usbd and usbmouse to get the cursor to work in rio. |
| modern hardware note: if you are having trouble running rio on the server console after having built the 9pccpuf kernel from the source included with the 9atom distribution, you likely missed a device and will need to rebuild the kernel again. i have found that the best way to go is to refer to the included pcf kernel configuration file. be sure to add all devices shown in the pcf kernel configuration file to the pccpuf kernel configuration file before building. assuming all the requisite devices are there, the console should work with the ICH9 integrated video with no problems. |
| modern hardware note: if you get an error like "mkvbe: /dev/realmode file does not exist" when attempting to run rio on the server console, add the line "bind -a '#P' /dev" to the cpurc file. |
| once you have finished editing the cpurc file, save it and exit the editor. now run the command, |
mv /rc/bin/service.auth/authsrv.tcp567 /rc/bin/service.auth/tcp567 |
| interesting note: when you see a file prefixed with "!" or "authsrv." in the /rc/bin/service or /rc/bin/service.auth directories it means that the service is disabled. you can enable it by renaming it without the "!" or "authsrv." |
| now, use the following commands to create the bootes user in the fileserver, |
con /srv/fscons prompt: uname bootes bootes prompt: uname adm +bootes prompt: uname sys +bootes prompt: fsys main main: create /active/cron/bootes bootes bootes d775 main: create /active/sys/log/cron bootes bootes a664 |
| exit fscons by hitting ctrl-backslash, then set up keyfs and provide a password for this machine with the command, |
auth/keyfs |
| the next step is to edit the network database files in /lib/ndb. the plan 9 wiki is a little bit unclear on what exactly needs to be in them, so refer to my examples below to get the general idea. |
| be sure you specify the authdom in /lib/ndb/local for your network or else all accounts will be locked out of the system, since it will not be able to locate itself as the authentication server. a good way to diagnose this problem is to check and see if you get the error, |
| authentication failure:auth server protocol botch |
|
when attempting to log in via telnet or ftp.
so, here is my /lib/ndb/auth file, set up exactly per the wiki. no need to do anything different here. |
hostid=bootes uid=!sys uid=!adm uid=* |
| and here is my /lib/ndb/local file. note that i have am running dns servers elsewhere on my network that will resolve the name of this plan 9 server (primrose). if you are going to be running dns on your plan 9 server too, you will probably need to do some additional configuration. |
database= file=/lib/ndb/local file=/lib/ndb/common file=/lib/ndb/auth auth=sources.cs.bell-labs.com authdom=outside.plan9.bell-labs.com ipnet=diablonet ip=172.16.1.0 ipmask=255.255.255.0 dnsdomain=diablonet.net authdom=diablonet.net ipgw=172.16.1.1 dns=75.144.70.42 dns=75.144.70.43 ntp=128.105.37.11 auth=primrose.diablonet.net cpu=primrose.diablonet.net fs=primrose.diablonet.net ip=172.16.1.10 sys=primrose.diablonet.net ip=172.16.1.11 sys=juniper.diablonet.net # # because the public demands the name localsource # ip=127.0.0.1 sys=localhost dom=localhost |
| once you've got your ndb files configured you can use the commands |
ndb/ipquery ip [your-ip-address] auth ndb/ipquery ip [your-ip-address] cpu ndb/ipquery ip [your-ip-address] ntp |
| at the server console to test out resolution. you will also want to add the line, |
sysname=YOURHOSTNAME |
| to the plan9.ini file in 9fat when you get around to editing it later. |
| now you need to build the 9pccpuf kernel because it is not included in the distribution. they dont come right out and mention this in the wiki directions for setting up a standalone cpu server, so dont be surprised when you find that it hasnt been installed by default. |
cd /sys/src/9/pc mk 'CONF=pccpuf' cp 9pccpuf /386 9fat: cp 9pccpuf /n/9fat/ |
| it took less than 15 minutes to do the build on a pentium III 733 mhz system. on any kind of modern hardware the build will complete in a few minutes. |
| now we will edit plan9.ini in the 9fat partition to add the new kernel and configure the hostname of the system. rather than totally replacing the existing bootfile entry in there, you will probably just want to add the new kernel as another choice, so we can boot back to the terminal kernel if something goes wrong. you can just add multiple bootfile lines, for example, |
bootfile=sdE0!9fat!9pcf bootfile=sdE0!9fat!9pccpuf |
| and plan9 will give you a menu when it boots and ask you which kernel you want to use. refer to my plan9.ini file below as an example of what yours should generally look like. |
bootfile=sdE0!9fat!9pccpuf bootfile=sdE0!9fat!9pcf bootargs=local!#S/sdE0/fossil *nomp = 1 *nodumpstack = 1 partition = new dmamode = ask *nobiosload = 1 *debugload = 1 mouseport=ps2 monitor=xga vgasize=1024x768x8 sysname = primrose |
| modern hardware note: fairly recent to the time of this writing there is a bug in the 9load supplied with the 9atom distribution that will cause it to hang when attempting to load any kernel that is not option 1. to get around this, basically just specify the 9pccpuf kernel as the first option in the plan9.ini file. i reported this bug to erik and he fixed it but in case you happen to have an old iso on hand and you get this behavior, this is most likely the issue. |
| if you make a mistake in editing the plan9.ini file and it is causing the system to hang or crash on boot, you can recover things by booting with the plan 9 installation disk and running 9fat: from the live cd. go to /n/9fat as usual and edit plan9.ini. it seems kind of counterintuitive since the system was booted from cd, but this is actually the plan9.ini file on the hard disk. when done, save the file then fshalt -r to reboot and try again to boot from disk with the updated plan9.ini file. |
| that should do it as far as configuring the system to run as a cpu and authentication server. now we will set up the file service by configuring the machine to listen on the fossil ports. the example below assumes your hard disc is /dev/sdE0. |
cd /tmp fossil/conf /dev/sdE0/fossil >flproto.bak cp flproto.bak flproto cat >> flproto <<EOF listen tcp!*!564 EOF fossil/conf -w /dev/sdE0/fossil flproto |
| the plan 9 wiki is rather vague on this, but i believe this is what they mean when they tell you to "run some commands in flproto" on the page regarding fossil server configuration. |
| note we are excluding "listen il!*!17008" because il is not enabled by default and thus i am not using it at all. |
| now, reboot the machine and select the 9pccpuf kernel. when the system comes up, you will be prompted for some security related information (authid, authdom, secstore key, and password). for the authid, enter the server administrator name, which should be "bootes" if you have been following these directions. for the authdom, enter the same authdom that you configured for your network in /lib/ndb/local. next, youll be prompted to enter the secstore key and a password; both will need to be 8 characters or more in length. |
| if you ever want to reset these parameters, you can do so by writing garbage over the nvram portion of the system boot disk using a command like "echo blah > /dev/sdE0/nvram" and then rebooting the system. you will be prompted to enter the information again the next time the system is booted. |
| after this is all finished, the initial boot process will be finished and you will land at the fileserver console prompt. first thing to do is set the password for bootes using auth(8) and the password you just entered during bootup. |
auth/changeuser bootes |
| set a password for the bootes user. you can enter an inferno/pop secret if you want; it doesnt matter for our purposes here. the rest of it you can just leave blank. once you have gotten the password set for the bootes user, you will want to perform a few follow up tasks: checking the permissions on the /tmp directory and setting the system time zone. |
chmod 777 /tmp cd /adm/timezone rm local cp US_Michigan local |
| now we are ready to create user accounts. every time we create a user the procedure is that we will first add them to the authentication system with auth/changeuser, and then add them to the fileserver with the commands, |
con -l /srv/fscons uname [user] [user] uname sys +[user] |
| now users should be able to log in to the server. the first time any user logs in to the system, the should run the command, |
| /sys/lib/newuser |
| which will set up a basic environment for them. |
| now, download drawterm and you should be able to test things out. for example, |
| ./drawterm -a 172.16.1.10 -c 172.16.1.10 -u [user] |
| at this point you should have a fully functioning plan 9 combined cpu, file, and authentication server. further information may be found in the references below. |
general plan 9 configuration: http://www.magma.com.ni/moin/Plan9Tutorial 9fans mailing list archive: http://9fans.net/archive plan 9 wiki: http://www.plan9.bell-labs.com/wiki/plan9/plan_9_wiki/ |
| home |