著手安裝cvsupd server and ftpd install server



贊助商連結


repsol
2002-11-08, 05:28 PM
著手安裝cvsupd server and ftpd install server



::::::::::::::: 架設 ftpd install server ::::::::::::::::

安裝 FreeBSD 的方法有很多種
大家最常用的方法就是抓 ISO 檔回來 , 把他燒成可開機的光碟

不過如果新版的 FreeBSD 一出 , 那舊版的光碟片就沒用了( 除非是用可重複抹寫的片子 , 那令當別論 )

FreeBSD 有另外一種的安裝方法 , 那就是透過 ftp 去安裝
以下是原廠的說明 , 請原諒我的偷懶 :)

1. 先做好開機的 floppy

Floppy Disk Image Instructions

Depending on how you choose to install FreeBSD, you may need to create a
set of floppy disks (usually two) to begin the installation process. This
section briefly describes how to create these disks, either from a CDROM
installation or from the Internet. Note that in the common case of
installing FreeBSD from CDROM, on a machine that supports bootable CDROMs,
the steps outlined in this section will not be needed and can be skipped.

For a normal CDROM or network installation, all you need to copy onto
actual floppies from the floppies/ directory are the kern.flp and
mfsroot.flp images (for 1.44MB floppies).

Getting these images over the network is easy. Simply fetch the
release/floppies/kern.flp and release/floppies/mfsroot.flp files from
ftp://ftp.FreeBSD.org/ or one of the many mirrors listed at FTP Sites
section of the Handbook, or on the http://www.freebsdmirrors.org/ Web
pages.

Get two blank, freshly formatted floppies and image copy kern.flp onto one
and mfsroot.flp onto the other. These images are not DOS files. You cannot
simply copy them to a DOS or UFS floppy as regular files, you need to
``image'' copy them to the floppy with fdimage.exe under DOS (see the
tools directory on your CDROM or FreeBSD FTP mirror) or the dd(1) command
in UNIX.

For example, to create the kernel floppy image from DOS, you'd do
something like this:

C> fdimage kern.flp a:


共兩片 Floppy
一片為 kern.flp (第一片開機片)
一片為 mfsroot.flp

這些 File 要去哪抓呢 ?

以下為 ftp.freebsd.org , 版本為 4.7 Release 的例子
相關的路徑為

/pub/FreeBSD/releases/i386/4.7-RELEASE/tools
這邊有 fdimage.exe

/pub/FreeBSD/releases/i386/4.7-RELEASE/floppies

這邊有
kern.flp
mfsroot.flp


2. 著手準備 ftpd install server

先 mirror 最新的一份 FreeBSD 版本

這邊有提供很多的 mirror site
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html

要 mirror 的路徑 , 本次的例子 ftp.freebsd.org , 要 mirror 的版本(4.7 Release)
要 mirror 的路徑為下
"/pub/FreeBSD/releases/i386/4.7-RELEASE"


建議使用 mirror 這個 tool
http://sunsite.org.uk/packages/mirror/


相關的使用方法
http://sunsite.org.uk/packages/mirror/mirror.html

mirror 完的 list 如下:

home.repsol.com:repsol[/home/ftp/FreeBSD]>ls -la


drwxr-xr-x 20 ftp ftp 1024 Nov 2 12:33 .
drwxr-xr-x 4 ftp ftp 512 Nov 2 12:34 ..
lrwxrwxrwx 1 ftp ftp 1 Nov 2 03:39 4.7-RELEASE -> .
-r--r--r-- 1 ftp ftp 4382 Oct 8 14:24 ERRATA.HTM
-r--r--r-- 1 ftp ftp 2892 Oct 8 14:24 ERRATA.TXT
-r--r--r-- 1 ftp ftp 115541 Oct 8 14:24 HARDWARE.HTM
-r--r--r-- 1 ftp ftp 41294 Oct 8 14:24 HARDWARE.TXT
-r--r--r-- 1 ftp ftp 102611 Oct 8 14:24 INSTALL.HTM
-r--r--r-- 1 ftp ftp 59091 Oct 8 14:24 INSTALL.TXT
-r--r--r-- 1 ftp ftp 22462 Oct 8 14:24 README.HTM
-r--r--r-- 1 ftp ftp 13801 Oct 8 14:24 README.TXT
-r--r--r-- 1 ftp ftp 53277 Oct 8 14:24 RELNOTES.HTM
-r--r--r-- 1 ftp ftp 20896 Oct 8 14:24 RELNOTES.TXT
drwxr-xr-x 2 ftp ftp 2560 Nov 2 02:54 bin
drwxr-xr-x 2 ftp ftp 1024 Nov 2 03:39 catpages
-r--r--r-- 1 ftp ftp 25 Oct 8 14:24 cdrom.inf
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:36 compat1x
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:35 compat20
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:35 compat21
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:35 compat22
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:34 compat3x
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:33 compat4x
drwxr-xr-x 2 ftp ftp 1536 Nov 2 03:33 crypto
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:25 dict
drwxr-xr-x 2 ftp ftp 1536 Nov 2 03:25 doc
-r--r--r-- 1 ftp ftp 2963 Oct 8 14:24 docbook.css
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:13 floppies
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:10 games
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:08 info
drwxr-xr-x 2 ftp ftp 1024 Nov 2 03:07 manpages
drwxr-xr-x 2 ftp ftp 512 Nov 2 03:02 ports
drwxr-xr-x 2 ftp ftp 512 Nov 2 02:55 proflibs
drwxr-xr-x 2 ftp ftp 6144 Nov 2 02:31 src


3. 架設 ftpd server

這個敘述看一下 , 應該就會很清楚 ftpd server 要如何架了 :)

----------------------------------------------------------------------

FTP Installation tips

FTP installation may be done from any mirror site containing a reasonably
up-to-date version of FreeBSD. A full menu of reasonable choices for
almost any location in the world is provided in the FTP site menu during
installation.

If you are installing from some other FTP site not listed in this menu, or
you are having troubles getting your name server configured properly, you
can also specify your own URL by selecting the ``URL'' choice in that
menu. A URL can contain a hostname or an IP address, so something like the
following would work in the absence of a name server:

ftp://216.66.64.162/pub/FreeBSD/releases/i386/4.2-RELEASE

There are three FTP installation modes you can use:

* FTP: This method uses the standard ``Active'' mode for transfers, in
which the server initiates a connection to the client. This will not
work through most firewalls but will often work best with older FTP
servers that do not support passive mode. If your connection hangs
with passive mode, try this one.

* FTP Passive: This sets the FTP "Passive" mode which prevents the
server from opening connections to the client. This option is best for
users to pass through firewalls that do not allow incoming connections
on random port addresses.

* FTP via an HTTP proxy: This option instructs FreeBSD to use HTTP to
connect to a proxy for all FTP operations. The proxy will translate
the requests and send them to the FTP server. This allows the user to
pass through firewalls that do not allow FTP at all, but offer an HTTP
proxy. You must specify the hostname of the proxy in addition to the
FTP server.

In the rare case that you have an FTP proxy that does not go through
HTTP, you can specify the URL as something like:

ftp://foo.bar.com:port/pub/FreeBSD

In the URL above, port is the port number of the proxy FTP server.

----------------------------------------------------------------------

接下來就可以準備一台全新的電腦 , 不需要 cd rom , 只要有一台 Floppy 就可以開始安裝


安裝過程中 , 沒有什麼不一樣的 , 切 slice , 選擇要安裝的東西等 blan blan
只是到最後 , 選擇 install media 的時後 , 選 ftp , 然後指定好 ftp 的 URL 和 PATH
把自己的網路組態設定好 , 例如ip & netmask & hostname blah blah !!


選澤 ftp 的安裝方式
設定 FTP 的 URL , 以本次我的機器為例:
ftp://home.repsol.com/FreeBSD/


就可以透過 ftp 進行安裝了




:::::::::::::::::::::: 架設 cvsupd server ::::::::::::::::::::::::::::::::::::::


如果各位手上有很多台的 FreeBSD server .. 每當新的版本 release 出來 , 就要做 make
world 一次來升級 FreeBSD 的版本 , 在 make world 之前 , 要先 Synchronizing source
更新 source 就是要到各個 cvsupd server去更新


ex :

USA site

cvsup1.FreeBSD.org (maintainer <[email protected]>), Washington state
cvsup2.FreeBSD.org (maintainers <[email protected]> and Jacques Vidrine <[email protected]>), Virginia
cvsup3.FreeBSD.org (maintainer Garrett Wollman <[email protected]>), Massachusetts
blan blah ....


Taiwan site

cvsup.tw.FreeBSD.org (maintainer <[email protected]>)
cvsup2.tw.FreeBSD.org (maintainer <[email protected]>)
cvsup3.tw.FreeBSD.org (maintainer <[email protected]>)
blah blah ....


如果手上管理的 server 一多 , 而每一台都要做 sync source 的動作
會浪費掉一些網路的頻寬


這時候可以考慮自己架設一台 cvsupd 的 server 來讓自己使用
或是你的頻寬夠用或是機器夠強 , 也是可以考慮開放給大家使用

當這台 cvsupd server 機器架起來 , 每次只要這台機器去 sync source 就可以了
然後這台機器提供自己手上機器去做 cvsup , 也就是 sync source
這樣就可以節省掉一些頻寬 , 而且 sync source 的速度也會快上許多( 因為
是 Local LAN ) , 也可以減輕各個 cvsupd server 的 loading.



開始架設 cvsupd server


1. 安裝 cvsup-mirror
用 ports 安裝 , 方便又快:)

home.repsol.com:repsol[/usr/ports/net/cvsup-mirror]#make install
===> Installing for cvsup-mirror-1.2
===> cvsup-mirror-1.2 depends on file: /usr/local/sbin/cvsupd - found
Installing files
===> Generating temporary packing list

You already have a group "cvsup", so I will use it.
You already have a user "cvsup", so I will use it.
You already have a group "cvsupin", so I will use it.
You already have a user "cvsupin", so I will use it.
Would you like me to create cvsupin's home directory (/home/cvsupin) [y]?
Fixing ownerships and modes in "/usr/local/etc/cvsup".
Setting up links and directories for distributions.
Linking distrib.self -> ..
Linking FreeBSD.cvs -> /home/repositories
Fixing ownerships and modes in /home/repositories ... done.
Linking FreeBSD-www.current -> SKIP
Linking FreeBSD-gnats.current -> SKIP
Linking FreeBSD-mail.current -> SKIP

Would you like me to set up the syslog logging [y]?
Setting up server logging in "/etc/syslog.conf".
Creating "/var/log/cvsupd.log".
Giving syslogd a kick in the pants.
Adding cvsupd log entry to "/etc/newsyslog.conf".
Done.

Would you like me to set up your crontab for updates every 24 hours [y]?
Scheduling updates every 24 hours in "/etc/crontab".
Done. The first update will be 5 minutes from now, at 17:06.
The cvsupd server will be started automatically after the first update,
and whenever you reboot.

You are now a FreeBSD mirror site.
===> Registering installation for cvsup-mirror-1.2
===> SECURITY NOTE:
This port has installed the following startup scripts which may cause
network services to be started at boot time.
/usr/local/etc/rc.d/cvsupd.sh

If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.

For more information, and contact details about the security
status of this software, see the following webpage:
http://www.cvsup.org/
home.repsol.com:repsol[/usr/ports/net/cvsup-mirror]#



2. mirror source tree

可以直接執行 /usr/local/etc/rc.d/cvsupd.sh 這隻 shell
他會 mirror 一份 source , 等待 mirror 完 source 會執行 cvsupd

會 listen 一個 5999 port

系統會出現這樣的訊息

Oct 25 11:24:42 repsol cvsupd[27828]: CVSup server started
Oct 25 11:24:42 repsol cvsupd[27828]: Software version: SNAP_16_1e
Oct 25 11:24:42 repsol cvsupd[27828]: Protocol version: 17.0
Oct 25 11:24:42 repsol cvsupd[27828]: Ready to service requests

這樣就表示 cvsupd 已經架起來了 , 等待 clinet 端的 cvsup 要求

開始測試

1. local 端自己 cvsup 自己


先編輯一個 supfile
編輯 supfile 可參考下面 URL , 有詳細的解說

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html


*default host=localhost
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_4_7
*default delete use-rel-suffix
*default compress
src-all


2. 存檔後 , 開始 run , sync source tree

home.repsol.com:repsol[/usr/share/examples/cvsup]#cvsup -g -L 2 repsol.cvsup
Parsing supfile "repsol.cvsup"
Connecting to localhost
Connected to localhost
Server software version: SNAP_16_1f
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection src-all/cvs
.......

sync source tree ... 開始一大堆 , 略過 ..

3. make world

make world 的部分 , 網路上已經有很多的文件可以參考
強烈建議先看過這兩篇 handbook , 裡面所教 make world 的方法與做法最為標準

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html


make world 結束之後 , 版本已從 FreeBSD 4.7-RELEASE 升級到 FreeBSD 4.7-RELEASE-p1

home.repsol.com:repsol:[/]#uname -a
FreeBSD home.repsol.com 4.7-RELEASE-p1 FreeBSD 4.7-RELEASE-p1 #0: Mon Nov 4 01:05:07 CST 2002 [email protected]:/usr/src/sys/compile/GENERIC i386


ok , 我們現在朝 stable 的版本進行 cvsup
將 supfile 的 tag 的部分改成 RELENG_4 , 然後重新 sync source tree 一次


*default host=localhost
*default base=/usr
*default prefix=/usr
*default release=cvs tag=RELENG_4
*default delete use-rel-suffix
*default compress
src-all


home.repsol.com:repsol[/usr/share/examples/cvsup]#cvsup -g -L 2 repsol.cvsup
Parsing supfile "repsol.cvsup"
Connecting to localhost
Connected to localhost
Server software version: SNAP_16_1f
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection src-all/cvs


blah blah ....

Shutting down connection to server
Finished successfully

make world 繼續下去:P

reboot 之後 , 已經成為 FreeBSD 4.7-STABLE 了

home.repsol.com:repsol[~]>uname -a
FreeBSD home.repsol.com 4.7-STABLE FreeBSD 4.7-STABLE #1: Fri Nov 8 14:24:08 CST 2002 [email protected]:/usr/obj/usr/src/sys/GENERIC i386

大概測試就這樣就可以了


4. cvsupd server 的 cron 設定( 更新 source )

不要太過於頻繁即可 , 每小時真的太誇張了 , 請自行斟酌
架過 cvsupd server 才知提供 cvsupd sevices 太操硬碟:P


如果文章中有誤 , 煩請不吝指教 .... 謝謝

贊助商連結


repsol
2002-12-26, 05:54 PM
cvsupd access control

man cvsupd


ACCESS CONTROL
Access to the server is unrestricted by default, but there is a reason-
ably flexible mechanism for limiting access based on the IP addresses of
connecting clients. It is enabled by placing a set of rules into the
access file base/cvsupd.access. The access file is a text file with one
rule per line. Comments begin with `#' and extend to the end of the
line. White space is ignored except where it is needed to separate adja-
cent tokens. Blank lines are ignored.


試試最簡單的access control rule

符號的代表意義:

`+' means permit, `*' means authenticate, and `-' means deny.

先知道 cvsup 的 base 路徑
/usr/local/etc/cvsup
在這各目錄下編輯一各 cvsupd.access 的 file


:::::: 開始試驗

試著修改看看cvsupd.access

-127.0.0.1 #Deny localhost

存檔


然後執行 cvsup 更新看看


home.repsol.com:repsol:[/usr/share/examples/cvsup]#cvsup -g -L 2 ./new-ports
Parsing supfile "./new-ports"
Connecting to localhost
Connected to localhost
Rejected by server: Access denied
Will retry at 16:31:16

果然被deny掉了



重新修改一下
更改一下cvsupd.access


+127.0.0.1 # Allow localhost

存檔


然後執行 cvsup 更新看看


home.repsol.com:repsol[/usr/share/examples/cvsup]#cvsup -g -L 2 ./new-ports
Parsing supfile "./new-ports"
Connecting to localhost
Connected to localhost
Server software version: SNAP_16_1e
Negotiating file attribute support
Exchanging collection information
Establishing multiplexed-mode data connection
Running
Updating collection ports-all/cvs

.........blah blah


果然可以 allow 更新 localhost 的 ports tree 了


這個是簡單的 cvsupd access control
還有很多比較 detail 的 rule 寫法
詳情可以 man cvsupd , 看 ACCESS CONTROL 的那一段


對了
改了 cvsupd.access 這個 file 後 , 不用重新啟動 cvsupd
, access control 馬上就可以生效囉