wiki:FreeBSDOnEmbeddedDevice

Version 13 (modified by Rick van der Zwet, 12 years ago) ( diff )

--

"Table of Content"

  1. Initial disk configuration
  2. Disk population
  3. Disk configuration
    1. Accounting & access control
    2. Networking
    3. Package install
      1. Package Install Pre-Req
      2. dnsmasq
      3. ntp
      4. motd
      5. Flash disk protection
      6. various
  4. Initial boot
  5. Production Maintenance
    1. Adding packages

This guide will tell you how-to put FreeBSD 9.x on an (ALIX) embedded device. For FreeBSD 8.x see the archived guide for hints Archive/FreeBSDOnEmbeddedDevice

TODO: This is NOT complete yet.

Initial disk configuration

Please do mind I create a 6G image to be used at a 8G CF disk as making it exactly fit, causes issues if sectors are wearing out. I create 2 x 2G partitions for the OS (and backup OS) and 1 x 1G partition for various configuration files and other shared stuff.

Hack to reload the usb card reader to reread partition tables: build# usbconfig -d usbconfig | awk -F : '/Mass/ {print $1}' reset

build# truncate -s 6GB embedded.img build# MD=mdconfig embedded.img

build# gpart create -s MBR md0 build# gpart add -t freebsd -s 2G build# gpart add -t freebsd -s 2G build# gpart add -t freebsd -s 1G build# newfs md0s1 md0s2 md0s3

Disk population

build# setenv RELEASE 9.0-RELEASE build# mkdir -p /usr/data/$RELEASE

build# cd /usr/data/$RELEASE

build# fetch ftp://ftp.nl.freebsd.org/pub/FreeBSD/releases/i386/$RELEASE/base.txz build# fetch ftp://ftp.nl.freebsd.org/pub/FreeBSD/releases/i386/$RELEASE/kernel.txz build# fetch ftp://ftp.nl.freebsd.org/pub/FreeBSD/releases/i386/$RELEASE/docs.txz

More sophisticated approach (rsync not in base): build# rsync -vaz ftp.nl.freebsd.org::FreeBSD/releases/i386/$RELEASE/ .

build# setenv DESTDIR /mnt

build# xzcat base.txz | tar --unlink -xpzf - -C $DESTDIR build# xzcat kernel.txz | tar --unlink -xpzf - -C $DESTDIR build# xzcat docs.txz | tar --unlink -xpzf - -C $DESTDIR

Tip: Soekris 2521 requires CPU_ELAN which is not included into the kernel by default. For optimal performance compile the kernel yourself

Disk configuration

Need resolving power at later stage inside chroot: build# cp /etc/resolv.conf /mnt/etc/

Need ssh-keygen to work, so need access to /dev/urandom build# mount -t devfs devfs /mnt/dev

build# chroot /mnt Important: if you FAIL to chroot and continue you will now start destroying your build system

Tip: Having your flash living in read-only gives you added security and increases the live-time of your (older) Flash cards. read-write is more convenient But you will need to do some tricks as some programs need rw on first boot for ssh keys and such.

chroot# echo "/dev/ada0s1 / ufs ro,noatime 0 1" > /etc/fstab

Make sure to continue to check the disks on reboot, instead of waiting for user input: chroot# echo "fsck_y_enable=YES" >> /etc/rc.conf 

chroot# cat <<EOF > /boot/loader.conf
console=comconsole
autoboot_delay=3

hw.ata.ata_dma=0   # Soekris boot failure
EOF

Serial console boot only: chroot# echo "-h" > /boot.config

Enable serial console: chroot# sed -I '/ttyu0/ s/off/on /' /etc/ttys

Cosmetic: disable all vidconsoles as a soekris embedded device does not have any: chroot# sed -I '/ttyv[0-7]/ s/on /off/g' /etc/ttys

Accounting & access control

chroot# echo "sshd_enable=YES" >> /etc/rc.conf chroot# service sshd keygen

chroot# pw usermod root -w random

Administive user (admin for example): chroot# pkg_add -r sudo chroot# pw useradd admin -G wheel -c 'Admin User' -s /bin/csh -m -w random chroot# echo '%wheel ALL=(ALL) ALL' >> /usr/local/etc/sudoers

Networking

chroot# hostname riff.vanderzwet.net chroot# echo hostname=hostname >> /etc/rc.conf

Package install

Package Install Pre-Req

chroot# setenv FTP_PASSIVE_MODE yes chroot# setenv PACKAGEROOT=ftp://ftp.nl.FreeBSD.org

dnsmasq

dnsmasq used for local network dns and dhcp:

chroot# pkg_add -r dnsmasq chroot# echo "dnsmasq_enable=YES" >> /etc/rc.conf chroot# setenv DOMAIN hostname | sed 's/^[^.]*.//' 

node# cat <<EOF > /usr/local/etc/dnsmasq.conf
interface=bridge0
no-dhcp-interface=vr1
cache-size=10000

localise-queries
domain=${DOMAIN}.

dhcp-range=bridge0,192.168.42.100,192.168.42.200
dhcp-host=00:00:24:c1:1d:d0,192.168.42.130
dhcp-host=00:13:d3:a7:24:51,192.168.42.165
dhcp-option=option:router,192.168.42.1

server=/wleiden.net/172.20.145.129
`jot 16 16 | xargs -n 1 -I % echo server=/%.172.in-addr.arpa/172.20.145.129`
EOF

ntp

node# echo "ntpd_enable=YES" >> /etc/rc.conf 

node# cat <<EOF > /etc/ntp.conf
server 0.nl.pool.ntp.org
server 1.nl.pool.ntp.org
server 2.nl.pool.ntp.org

driftfile /var/db/ntp.drift
EOF

motd

node# (sed '3,$ d' /etc/motd; echo "WWW: riff.vanderzwet.net - http://rickvanderzwet.nl" ) > /etc/motd.new; mv /etc/motd.new /etc/motd

Flash disk protection

chroot# echo "update_motd=NO" >> /etc/rc.conf chroot# echo "tmpmfs=YES" >> /etc/rc.conf chroot# echo "varmfs=YES" >> /etc/rc.conf

Tip: I hate the details like package management details getting lost. Flash cards these days are cheap anyways, mine lived for 1 year after extensive use. Of course with read-only this will be _much_ longer.

chroot# sed '/1a/ s/rw/ro/' /etc/fstab > /etc/fstab.new; mv /etc/fstab.new /etc/fstab

various

node# pkg_add -r tinyproxy sudo vim-lite

Initial boot

Note: NOT READY YET: Insert card into your embedded device and get yourself a prompt, using serial of ssh login.

Production Maintenance

Adding packages

Tip: As space is limited unpacking packages can result in I/O errors due to (memory) disks which run out of space. Installing for example the package apache22 goes as follows: node# mkdir /usr/local/tmp node# setenv PKG_TMPDIR /usr/local/tmp node# pkg_add -r -t /usr/local/tmp/instmp.XXXXXX apache22

Make any other optional changes before first boot inside chroot(8): chroot# vi /etc/rc.conf

chroot# exit build# umount /mnt

Note: See TracWiki for help on using the wiki.