14 steps to a better you

home / admin / setup

setting up a web machine using radmind:

You need a machine with a console ( be sure to add the machine to /etc/remote when attaching it to the console server ), a properly run and labelled ethernet cable, power, and a bootable system cd. You will not be installing from the cd so it doesn't matter if it is the OS you plan to install.

You are expected to understand what you are doing. It is okay to ask for help. It is okay to admit you don't understand something. It is not okay to hose one of our servers or create an insecure mess.

Files marked below with bold need to be checked in/out of RCS.

as user radmind on the radmind server:

1. add the host to /var/radmind/config

2. create the hosts' directory in /var/radmind/special
cp -r some.existing.host fullname.of.new.machine
( change host specific files ( these are listed in the machine's command file ))

3. generate a host.pem file for this machine using our ca and put it in /usr/local/etc/host.pem ( this is a host-specific special file ) and have the contents available to put in /tmp/host.pem during setup

4. add the host to: /etc/inet/hosts
in the appropriate transcript, be sure to lcksum

At console on the new machine:

5. setup the bootprom or BIOS ( disable autoboot & secure the console )

if this is an AX1105, fix the disk alias:
nvalias disk /pci@1f,0/pci@1/scsi@6,1/disk@0,0:a

setenv auto-boot? false
password ( type the appropriate password twice )
setenv security-mode command

boot cdrom -s

6. partition the disk with 'format':

Slice  Mount Point              Size (MB)
0   /                                 256
1   swap                             2048
2   overlap                          1749
3   /usr                              768
4   /var                             2048
5                                       0
6   /usr/local/projects              8192
7   /usr/local                       ????

( you can make projects a lot smaller on some of our machines if you feel you need the space elsewhere. use your judgment )

7. bring up the network:
ifconfig eri0 plumb
ifconfig eri0 up 141.211.144.XXX netmask 255.255.255.0 \
     broadcast 141.211.144.255
 
or
ifconfig hme0 plumb
ifconfig hme0 up 141.211.144.XXX netmask 255.255.255.0 \
     broadcast 141.211.144.255
 
 
route add default 141.211.144.1

8. edit nsswitch.conf to use dns for hosts and then:

cat > /etc/resolv.conf
umich.edu
nameserver 141.211.144.17

9. anonymously ftp the radmind tarball and expand it in tmp:
cd /tmp
ftp 141.213.231.10
bin
get pub/users/clunis/radmind.tar /tmp/radmind.tar
tar xpvf radmind.tar  
 
cksum /tmp/radmind.tar should give:
1590290820 3470336 radmind.tar

10. run the setup script:
/tmp/setup-os.sh /path/to/something [ disk ]
( where 'os' is solaris, linux, or whatever and '/path/to/something is a path to any large file on the cd. 'disk' is optional and can be used to override c1t0d0 as the disk device we'll newfs, make bootable, & mount )

11. change the root password appropriately
setup user accounts ( see /var/radmind/accounts on the console server )
Using /usr/ucb/vipw, make 'nobody' the last entry in /etc/passwd in case this machine will run genpasswd.

12. write a thoughtful, entertaining, and informative /etc/motd :)

13. reboot the machine ( don't boot -r or touch /reconfigure )
init 6 ( see man init( 1M ) for states )

14. make sure the machine does what it is supposed to, is monitored by nefu, and passes tripwire.