[9fans] yet another installation guide

[9fans] yet another installation guide

[Corey]

I finished the first draft of a cpu/auth server installation/configuration howto:

http://www.p9dp.org/plan9-cpu-auth-server-howto.html

It would be great if whoever's interested, and has a bit of time could check
it out, try it, and offer any suggestions/comments.


Thanks,

Corey

Re: [9fans] yet another installation guide

[erik quanstrom]

On Tue Aug 11 01:02:13 EDT 2009, corey@bitworthy.net wrote:
>
> I finished the first draft of a cpu/auth server installation/configuration howto:
>
> http://www.p9dp.org/plan9-cpu-auth-server-howto.html
>
> It would be great if whoever's interested, and has a bit of time could check
> it out, try it, and offer any suggestions/comments.

step 3.
you really don't want rwm on.  use dmaon script instead of doing
it by hand.  also ip/ipconfig with no args is recommended if you already have
a dhcp server.  also, this should be in your cpurc.local.

step 5.
these devices you suggest binding are already bound
* #S	/lib/namespace

it's probablly not a good idea to suggest that everyone bind
these:
* #m, #i

since not everyone is interested in starting rio on their cpu server.
likewise aux/vga, aux/mouse and rio don't belong in everyone's /cfg/$s/cpustart.
(it's really difficult to use the serial console remotely if you've started
rio!)

step 8.
don't invalidate the host keys after you've set them!  do that first.
also set the hostowner's keys here.

step 11.
refreshing cs is not required for ndb/query to work.  ndb/query doesn't
care what cs thinks.

step 14.
setting host key can be omitted.  you should have done that in step 8.

step 17.
it's a good idea to always leave a 9fat menu around on your auth server.
if you screw a kernel up, you'll really be proud of your self for it!

- erik

Re: [9fans] yet another installation guide

[John Floren]

On Mon, Aug 10, 2009 at 10:34 PM, erik quanstrom<quanstro@quanstro.net> wrote:
> step 17.
> it's a good idea to always leave a 9fat menu around on your auth server.
> if you screw a kernel up, you'll really be proud of your self for it!
>
> - erik

To add to this, a quick reading of the plan9.ini man page will show
you how to set timeouts so you can automatically boot into the 9pccpuf
kernel, but still have a backup around in case things go pear-shaped.
It only costs a couple extra seconds at boot but it can make life so
much easier.


John
--
"Object-oriented design is the roman numerals of computing" -- Rob Pike

Re: [9fans] yet another installation guide

[Corey]

On Monday 10 August 2009 22:37:38 John Floren wrote:
> On Mon, Aug 10, 2009 at 10:34 PM, erik quanstrom<quanstro@quanstro.net>
wrote:
> > step 17.
> > it's a good idea to always leave a 9fat menu around on your auth server.
> > if you screw a kernel up, you'll really be proud of your self for it!
> >
> > - erik
>
> To add to this, a quick reading of the plan9.ini man page will show
> you how to set timeouts so you can automatically boot into the 9pccpuf
> kernel, but still have a backup around in case things go pear-shaped.
> It only costs a couple extra seconds at boot but it can make life so
> much easier.
>

Thanks for the heads-up, John - I've included a timeout value on the
plan9.ini menu in the next draft version of the howto.


Cheers,

Corey

Re: [9fans] yet another installation guide

[John Floren]

On Tue, Aug 11, 2009 at 5:32 PM, Corey<corey@bitworthy.net> wrote:
> On Monday 10 August 2009 22:37:38 John Floren wrote:
>> On Mon, Aug 10, 2009 at 10:34 PM, erik quanstrom<quanstro@quanstro.net>
> wrote:
>> > step 17.
>> > it's a good idea to always leave a 9fat menu around on your auth server.
>> > if you screw a kernel up, you'll really be proud of your self for it!
>> >
>> > - erik
>>
>> To add to this, a quick reading of the plan9.ini man page will show
>> you how to set timeouts so you can automatically boot into the 9pccpuf
>> kernel, but still have a backup around in case things go pear-shaped.
>> It only costs a couple extra seconds at boot but it can make life so
>> much easier.
>>
>
> Thanks for the heads-up, John - I've included a timeout value on the
> plan9.ini menu in the next draft version of the howto.
>
>
> Cheers,
>
> Corey
>

You're welcome, but I do think we'd all be better served if you
located specific portions of the wiki page that need work and clarify
them, rather than forking off another very similar page. Or update the
wiki page and put a link to your document at the bottom.

Just a thought

John
--
"Object-oriented design is the roman numerals of computing" -- Rob Pike

Re: [9fans] yet another installation guide

[Bruce Ellis]

Cinap and Brucee's guide ...

Arrive back home to find a fried Auth server. Curse. A standard here,
due to HST, is four (and only four) F*cks, in quick succesion, getting
louder and higher in pitch.

Drag the bastard into the workshop and completely butcher it and a
standby clunker and rebuild it. Curse at the difficulty of finding
bits and pieces and cables. Break out the soldering iron. Soldering
iron (nice old temperature controlled Weller) breaks down (never heard
of)!

Curse. Another good one is seven (and only seven) Sh*ts. Unevenly
timed and at varying pitches - a pause before the seventh which has to
be the highest pitched and loudest.

Call Paul. Arrange a camping trip (it's 10pm). Jerry it up with nick
nacks and do the standard install before he arrives. Restore vital
crap from backup. Go camping while venti and fossil play games. Get
lost. Find ourselves.

Go home to a nice coffee and a working machine.

Actually no technical information at all here. Just waiting on da man.

brucee

Re: [9fans] yet another installation guide

[Charles Forsyth]

>Soldering iron (nice old temperature controlled Weller) breaks down (never heard of)!

that's amazing.

Re: [9fans] yet another installation guide

[Bruce Ellis]

there are photos ... don't know where. it was lucky that it was
warmish winter night.

built a nice fire and slept for a few hours around it in t-shirt,
shorts, sandals.

we did have my travel lapdog but it was obvious that coffee was in
order ... and no work in a national park!

brucee

On Wed, Aug 12, 2009 at 1:10 PM, Charles Forsyth<forsyth@terzarima.net> wrote:
>>Soldering iron (nice old temperature controlled Weller) breaks down (never heard of)!
>
> that's amazing.

Re: [9fans] yet another installation guide

[Corey]

On Tuesday 11 August 2009 17:40:59 John Floren wrote:
> On Tue, Aug 11, 2009 at 5:32 PM, Corey<corey@bitworthy.net> wrote:
<snip>
> > Thanks for the heads-up, John - I've included a timeout value on the
> > plan9.ini menu in the next draft version of the howto.
> >
>
> You're welcome, but I do think we'd all be better served if you
> located specific portions of the wiki page that need work and clarify
> them, rather than forking off another very similar page. Or update the
> wiki page and put a link to your document at the bottom.
>
> Just a thought
>

I'd like to revisit this a little bit later, after the document has been put
through the paces and confirmed as reliable by a few other folks aside
from myself.


Cheers,

Corey

Re: [9fans] yet another installation guide

[erik quanstrom]

> <authdomain>  - The authentication domain name used for the auth services your
> server will be supplying.

it's not a domain name.  often people make the authentication domain
the same as their dns domain, since we now live in an ip world.
but it's just a text token.  no heirarchy.  no partial matches.
no dns.  (ah, it's the small things.)

>
> <machinekey>  - A secret key assigned to the machine.

it's actually the hostowner's p9sk1 key.  typically one has just
a few hostowners per domain.  i use one at home, but since
we need a bit more involved security needs at coraid, there are a
few hostowners.

> <secstorekey>  - ???: summarize what the secstore key is.

this is the hostowner's secstore(1) password.  secstore is a
server that can be used to store a large number of secrets.
factotum automaticly contacts secstore and downloads
the file "factotum" from secstore on boot.  this allows one
to automaticly load big ssh or tls keys on boot.  very helpful
for serving tls-encrypted imap4 or smtp.

- erik

Re: [9fans] yet another installation guide

[Corey]

Thank you Erik for your review - very much appreciated!

I have integrated your suggestions (plus some further general enhancements
and optimizations) into another draft version that I will upload shortly.

May I solicit just one more bit of feedback from you?

In the 'Conventions' section, I have summarized the variables used throughout
the howto; however there a few that I feel I have not accurately described, or
that they could use more idiomatic nomenclature - could you help out with the
following:


<authdomain>  - The authentication domain name used for the auth services your
server will be supplying.

<machinekey>  - A secret key assigned to the machine.

<secstorekey>  - ???: summarize what the secstore key is.


I'm not satisfied with my descriptions for authdomain and machinekey, and I
simply was not even able to come up with a terse/succinct way of summarizing
the secstore key.


Many thanks!



On Monday 10 August 2009 22:34:00 erik quanstrom wrote:
> On Tue Aug 11 01:02:13 EDT 2009, corey@bitworthy.net wrote:
> > I finished the first draft of a cpu/auth server
> > installation/configuration howto:
> >
> > http://www.p9dp.org/plan9-cpu-auth-server-howto.html
> >
> > It would be great if whoever's interested, and has a bit of time could
> > check it out, try it, and offer any suggestions/comments.
>
> step 3.
> you really don't want rwm on.  use dmaon script instead of doing
> it by hand.  also ip/ipconfig with no args is recommended if you already
> have a dhcp server.  also, this should be in your cpurc.local.
>
> step 5.
> these devices you suggest binding are already bound
> * #S	/lib/namespace
>
> it's probablly not a good idea to suggest that everyone bind
> these:
> * #m, #i
>
> since not everyone is interested in starting rio on their cpu server.
> likewise aux/vga, aux/mouse and rio don't belong in everyone's
> /cfg/$s/cpustart. (it's really difficult to use the serial console remotely
> if you've started rio!)
>
> step 8.
> don't invalidate the host keys after you've set them!  do that first.
> also set the hostowner's keys here.
>
> step 11.
> refreshing cs is not required for ndb/query to work.  ndb/query doesn't
> care what cs thinks.
>
> step 14.
> setting host key can be omitted.  you should have done that in step 8.
>
> step 17.
> it's a good idea to always leave a 9fat menu around on your auth server.
> if you screw a kernel up, you'll really be proud of your self for it!
>
> - erik