河豚板でルータを作る ~ アプライアンスの製作例

LiveUSB版を使用

# ftp https://jp2.dl.fuguita.org/SHA256
Trying 160.16.199.59...
Requesting https://jp2.dl.fuguita.org/SHA256
100% |*******************************************************|   640       00:00
640 bytes received in 0.00 seconds (2.65 MB/s)
# ftp https://jp2.dl.fuguita.org/FuguIta-7.2-amd64-202211151.img.gz
Trying 160.16.199.59...
Requesting https://jp2.dl.fuguita.org/FuguIta-7.2-amd64-202211151.img.gz
100% |*******************************************************|   332 MB    00:32
348583114 bytes received in 32.14 seconds (10.34 MB/s)
# sha256 -C SHA256 FuguIta-7.2-amd64-202211151.img.gz
(SHA256) FuguIta-7.2-amd64-202211151.img.gz: OK
# zcat FuguIta-7.2-amd64-nsh_test.img.gz | dd of=/dev/rsdXc bs=1m

初回起ち上げ

システムデバイスの指定

scanning partitions: sd0a sd0d sd0i
FuguIta's operating device(s): sd0a.

Which is FuguIta's operating device? [default: sd0a] ->

MFSサイズの指定

available memory: 2031M

Enter mfs size.
  You can add suffix K, M, or G.
  % is a percentage of memory size.
  and %% is a percentage of the total memory and swap.
  otherwise considered "megabytes"

[default: 1523M] ->
set mfs size to 1523MB

起動モードの指定

Boot modes:
   0: fresh boot - standard mode as a live system
   1: fresh boot - less memory, faster boot
		  (/usr is non-writable, can't pkg_add)
   2: fresh boot - works using only RAM
		  (about 1GB or more of RAM required)
   3: boot with retrieving saved files from storage device
      or enter passphrase for an encrypted volume
   4: boot with retrieving saved files from floppy disk
   5: interactive shell for maintenance
-> 0
Running manual setup.

rootパスワード

Changing password for root.
New password:
Retype new password:
passwd: password updated successfully

ネットワーク関連の設定

ホスト名

Hostname with domain part (FQDN):
only host name without domain part is also OK.
-> nshrouter.local

IPバージョン

IP protocol version(s) to be enabled: 4, 6, 46, 64 or "none"
  4: enable only IPv4
  6: enable only IPv6
  46: give priority to IPv4 name resolution
  64: give priority to IPv6 name resolution
  none: operate as standalone
[64] ->

ネットワークインターフェース

Network Interfaces: Choose one

  NIC	 type	   Name
-------- ----- ------------
    vio0 ether unknown
[vio0] ->

IPアドレス、デフォルトルート

IPv6 - address and routing:
  Enter "auto" or "IPv6_address[/prefixlen] [default_gateway]"
  "auto" is an automatic setting by SLAAC.
  The "/prefixlen" part can be an integer between 0 and 128.
  If there is no default gateway,
  set the second field to "none" or leave it blank.
[auto] ->

IPv4 - address and routing:
  Enter "auto" or "IPv4_address[/mask] [default_gateway]"
  "auto" is an automatic setting by DHCP.
  The "/mask" part can be specified in either format,
  such as "/255.255.255.0" or "/24".
  If there is no default gateway,
  set the second field to "none" or leave it blank.
[auto] -> 100.64.1.3/31 100.64.1.2

ネームサーバ

DNS servers: up to 3 IP addresses, separated by spaces
-> 9.9.9.9

ログイン方法

Do you login with C)onsole or X) Window System?
[default: C] ->

ルートでログイン後の設定

タイムゾーン

nshrouter# ln -sf usr/share/zoneinfo/Asia/Tokyo /etc/localtime

シャットダウン時のファイル自動保存

nshrouter# vi /etc/rc.shutdown

force_umount=No   # set Yes for forced umount /ram at shutdown
force_resync=Yes  # set Yes to re-sync at shutdown

# stop_all_daemons - to eliminate all daemons at umount /ram
#
stop_all_daemons () {
    :
    :

起動時の設定の自動化

nshrouter# mount /dev/sd0d /mnt
nshrouter# vi /mnt/livecd-config/7.2/amd64/noasks

#
# noasks - parameter settings for non-interactive boot
#
# Make statements uncommented
# Then assign real values
#
#
# FuguIta system device
#   - Use one of two lines
#noask_rdev=sd0a  # device name format
noask_rdev=3b5447abd772121d.a  # DUID format  <==アンコメント
#
# mfs size in MB
noask_umem=75%  <==アンコメント
#
# boot mode
noask_setup_rw_mode=3  <==アンコメント
#
# storage device
#   - Use one of two lines
#noask_confdev=sd0d  # device name format
noask_confdev=3b5447abd772121d.d  # DUID format  <==アンコメント
#
# data set name in USB flash drive
noask_confdir=nshrouter  <==アンコメント

nshrouter# umount /mnt

リブートの動作確認

容をUSBメモリに転送

nshrouter# usbfadm

Welcome to usbfadm.
USB flash drive administration tool for FuguIta

 Version/Arch: 7.2/amd64  (FuguIta-7.2-amd64-202211151)
    Boot mode: manual
Target device: not set
Data saved as: not set

readline capability available
TAB to complete the reserved words

Type ? for help.

? : ? ->target

Searching storage device
Please make sure the device inserted.
Then press ENTER ->
sd0a +sd0d
target device->sd0d

sd0d : ? ->saveas
Name of saved data->nshrouter

Your data will be saved as ``nshrouter''.

sd0d : nshrouter ->sync

Sync current mfs as ``nshrouter'' , OK? [y/N] -> y

34.4MiB 0:00:04 [8.57MiB/s] [=================================]105% ETA 0:00:00
waiting for pax to finish ... syncing ... done.

sd0d : nshrouter ->quit

Bye bye...
nshrouter#

リブート

nsh関連の設定

nshのインストール

nshrouter# pkg_add nsh
quirks-6.42(signed) 2022-11-20T19:34:54Z
quirks-6.42:ok
Ambiguous:
a	0: <None>
	1: nsh-1.0.20220919
	2: nsh-1.0.20220919-static
Your choice: 1
nsh-1.0.20220919:ok
nshrouter# nsh
% NSH v1.0
nshrouter.local/quit
% Session terminated.
nshrouter#

nshの実行アカウントを作成

nshrouter# adduser nsh
Couldn't find /etc/adduser.conf: creating a new adduser configuration file
Reading /etc/shells
Enter your default shell: csh ksh nologin nsh sh [ksh]:
Your default shell is: ksh -> /bin/ksh
Default login class: authpf bgpd daemon default pbuild staff unbound vmd xenodm
[default]:
Enter your default HOME partition: [/home]:
Copy dotfiles from: /etc/skel no [/etc/skel]:
Send welcome message?: /path/file default no [no]:
Do not send message(s)
Prompt for passwords by default (y/n) [y]:
Default encryption method for passwords: auto blowfish [auto]:
Use option ``-silent'' if you don't want to see all warnings and questions.

Reading /etc/shells
Check /etc/master.passwd
Check /etc/group

Ok, let's go.
Don't worry about mistakes. There will be a chance later to correct any input.
Enter username []: nsh
Enter full name []: Network SHell
Enter shell csh ksh nologin nsh sh [ksh]:
Uid [1000]:
Login group nsh [nsh]:
Login group is ``nsh''. Invite nsh into other groups: guest no
[no]: wheel
Login class authpf bgpd daemon default pbuild staff unbound vmd xenodm
[default]:
Enter password []:
Enter password again []:

Name:	     nsh
Password:    ****
Fullname:    Network SHell
Uid:	     1000
Gid:	     1000 (nsh)
Groups:	     nsh wheel
Login Class: default
HOME:	     /home/nsh
Shell:	     /bin/ksh
OK? (y/n) [y]: y
Added user ``nsh''
Copy files from /etc/skel to /home/nsh
Add another user? (y/n) [y]: n
Goodbye!
nshrouter# exit

OpenBSD/amd64 (nshrouter.local) (tty00)

login: nsh
Password:

nsh/.profileの編集

nshrouter# echo permit nopass nsh cmd /usr/local/bin/nsh

/etc/doas.confの編集

nshrouter$ vi ~/.profile
exec doas /usr/local/bin/nsh
exit  # for fail safe

トラブルシューティング

OpenNTPDの設定で警告が出る

% NSH v1.0
nshrouter.local/enable
nshrouter.local(p)/ntp edit
servers ntp.nict.jp
configuration OK
nshrouter.local(p)/ntp disable
-s option no longer works and will be removed soon.      <== これ。
Please reconfigure to use constraints or trusted servers.    ntpd -sはobsolete
nshrouter.local(p)/ntp enable
-s option no longer works and will be removed soon.
Please reconfigure to use constraints or trusted servers.
nshrouter.local(p)/!ntpctl -s all
0/5 peers valid, clock unsynced

peer
   wt tl st  next  poll		 offset	      delay	 jitter
133.243.238.163 from pool ntp.nict.jp
    1  3  1    2s    5s		    ---- peer not valid ----
133.243.238.164 from pool ntp.nict.jp
    1  3  1    4s    7s		    ---- peer not valid ----
61.205.120.130 from pool ntp.nict.jp
    1  3  1    2s    5s		    ---- peer not valid ----
133.243.238.243 from pool ntp.nict.jp
    1  3  1    2s    5s		    ---- peer not valid ----
133.243.238.244 from pool ntp.nict.jp
    1  3  1    3s    6s		    ---- peer not valid ----
nshrouter.local(p)/

設定変更は反映されている。

nshからreboot/haltでファイルが自動保存されない

nshrouter.local(p)/reboot  <= nshの特権モードでrebootを実行
% Reboot initiated
syncing disks... done  <= ファイルが自動保存されず、いきなりreboot
vmmci0: powerdown        (/etc/rc.shutdownが実行されない)
rebooting...

Using drive 0, partition 3.
Loading......
probing: pc0 com0 mem[638K 2046M a20=on]
disk: hd0+
>> OpenBSD/amd64 BOOT 3.55/*

nshのソースで該当部分を見てみる

/*
 * Reboot
 */
int
nreboot(void)
{
        printf ("%% Reboot initiated\n");
        if (reboot (RB_AUTOBOOT) == -1)  <== reboot(2)が呼び出されている
                printf("%% reboot: RB_AUTOBOOT: %s\n", strerror(errno));
        return(0);
}
               
int
halt(void)
{
        printf ("%% Shutdown initiated\n");
        if (reboot (RB_HALT) == -1)  <== reboot(2)が呼び出されている
                printf("%% reboot: RB_HALT: %s\n", strerror(errno));
        return(0);
}

/etc/rc.shutdownが呼び出されないのは、nshがreboot(2)を直接呼出してOSの停止処理を行っているため。

改修

ports treeを展開し、/usr/ports/shells/nsh 内にパッチファイルを追加

/usr/ports/shell/nsh/patches/patch-commands_c

--- commands.c.orig	Tue Sep 20 04:18:55 2022
+++ commands.c	Tue Nov 22 09:37:12 2022
@@ -1962,7 +1962,7 @@
 nreboot(void)
 {
 	printf ("%% Reboot initiated\n");
-	if (reboot (RB_AUTOBOOT) == -1)
+	if (system("/sbin/reboot") == -1)
 		printf("%% reboot: RB_AUTOBOOT: %s\n", strerror(errno));
 	return(0);
 }
@@ -1971,7 +1971,7 @@
 halt(void)
 {
 	printf ("%% Shutdown initiated\n");
-	if (reboot (RB_HALT) == -1)
+	if (system("/sbin/halt -p")  == -1)
 		printf("%% reboot: RB_HALT: %s\n", strerror(errno));
 	return(0);
 }

/usr/ports/shell/nsh/patches/patch-ctl_c

--- ctl.c.orig	Tue Sep 20 04:18:55 2022
+++ ctl.c	Tue Nov 22 09:37:12 2022
@@ -412,7 +412,7 @@
 char *ctl_ntp_test[] = { NTPD, "-nf", REQTEMP, NULL };
 struct ctl ctl_ntp[] = {
 	{ "enable",     "enable service",
-	    { NTPD, "-sf", REQTEMP, NULL }, NULL, DB_X_ENABLE, T_EXEC },
+	    { NTPD, "-f", REQTEMP, NULL }, NULL, DB_X_ENABLE, T_EXEC },
 	{ "disable",    "disable service",
 	    { PKILL, table, "ntpd", NULL }, NULL, DB_X_DISABLE, T_EXEC },
 	{ "edit",       "edit configuration",

portsにてパッチを適用し、ビルド

nshrouter# pkg_delete nsh
nshrouter# cd /usr/ports/shells/nsh
nshrouter# make install

まとめ

Front page   New Page list Search Recent changes   Help   RSS of recent changes