How To Set Up a Linux Box as an IOC Boot Server

From EPICSWIKI

Setting Up a Linux Boot Host for VxWorks IOCs

This evolved from a scratchpad I was making notes on when doing this job. Please add or correct things as you find them wrong or out-of-date.

The following instructions are for RedHat Linux (Version 8? I don’t remember). Other distributions (or other Unixes) will have different commands and different places and/or formats for configuration files. The general steps will be the same, though.

Knowledge of general system administration tasks (creating user accounts etc.) is assumed.

Create a system boot area

Do NOT boot the IOCs from your kernel development area in the vxWorks tree. It is far too easy to overwrite something while trying to build a new kernel and all of a sudden your IOCs don’t boot anymore.

Create a directory somewhere to keep the vxWorks boot images and symbol tables. This will be the place where your IOCs boot from.

Depending on your decision how to boot the IOCs (rsh, ftp or tftp access), you may have to place this directory within the tftp or ftp area. Symbolic links pointing from the tftp/ftp areas to the actual might not work (security reasons), so the files have to be there physically.

For rsh access: Make sure that the files themselves and the complete path to the files (!!) are readable (directories executable) for the user whose name the IOCs will use during boot.

Booting using remote shell (rsh)

NOTE: The design of the .rhosts (remote shell) system is INSECURE except on a carefully firewalled private network. Under all other circumstances, rshd should be disabled entirely. (See: man rshd)

Enable remote shell access on the Linux box

Run (as root)

     /sbin/chkconfig --level 2345 rsh on

or change the entry in /etc/xinetd.d/rsh

Create a user account for the IOCs

Create a user account for the user name the IOCs will use. Make the login shell for that epics user a fast shell like bash, not a slow starting one (tcsh or zsh).

Enable password-less access

Place the IOC names in a file .rhosts (one host per line) in that user’s home directory.

Unblock the firewall

If you use the kernel firewall facilities (iptables or the older ipchains), make sure to allow rsh connections from your IOC to the Linux box.

Set up the NVRAM

Create the entries in the IOCs NVRAM (target ip, host ip, user name, target name, file name). You may set the flags to 0x8 for fast startup.

Your IOC should be able to boot now.
Diagnostics

Things like

     Loading... 
     Error loading file: errno = 0x3d.
     Can't load boot file!!

on the IOC console mean the IOC doesn’t get remote shell access. Add another line to the .rhosts file with the name of a machine that you have access to and your user name as second column. After that you can test remote shell access to your LinuxBox from that machine using

     rsh <LinuxBox> -l <IOCusername> date

which will execute the date command on your linux box. You have to provide a command like date or pwd, since otherwise the rsh command will use rlogin instead of rsh to access your Linux box.

Booting using ftp

Do NOT ftp boot using your personal user account. Your password will be visible in the IOC NVRAM and your account will be wide open.

Enable the ftp daemon on the Linux box

Run (as root)

     /sbin/chkconfig --level 2345 wu-ftpd on

or change the entry in /etc/xinetd.d/wu-ftpd

Create a user account for the IOCs

as above

Unblock the firewall

as above

Set up the NVRAM

as above, set the ftp password

Your IOC should be able to boot now.

Booting using tftp

Install the tftpd package

Install the tftpd RPM. This might be disabled by default in the package manager.

Set up tftp boot area

Create /tftpboot and move the vxWorks boot image area into some subdirectory.

Enable the tftp daemon on the Linux box

Run (as root)

     /sbin/chkconfig --level 2345 tftpd on
Create a user account for the IOCs

As above

Unblock the firewall

As above

Set up the NVRAM

As above, do not set the ftp password, set the 0x80 bit in the flag register (with short bootup the flags should be 0x88). Do not include the leading /tftpdir in the file name entry.

Your IOC should be able to boot now.

Note: Some BSPs (e.g. the MV162) do not implement tftp boot for the ASCII symbol table. While tftp is used for the boot image, the symbol table will still be loaded through remote shell access. So you have to do the rsh setup (see above) anyway.

Set up NTP (time) server

You will need an extended NTP server (xntpd) on your boot host so that the IOCs can synchronize their time system. Otherwise you get messages like

  Failed to set time from Unix server
Install xntpd

Replace the ntpd server package with the xntpd package (RPM). This may not be part of the standard installation (RedHat) and might not even be on the disks. Use a search engine (eg. rpm.pbone.net) to locate and download the RPM.

Enable the xntp daemon

Run (as root)

     /sbin/chkconfig --level 2345 ntpd on

or add a link in /etc/rc2.d … /etc/rc5.d of the form

     S55xntpd -> ../init.d/xntpd

and in /etc/rc0.d /etc/rc1.d /etc/rc6.d of the form

     K10xntpd -> ../init.d/xntpd
Configure the xntp daemon

Set up the configuration in /etc/ntp.conf:

The important thing is adding one or two server lines of the form

     server <hostname>

to connect your machine to the time servers in your institute.

Your sysadmin resp. computer center people should be able to tell you which of your machines the main ntp servers are.

Note: On my Linux box there was no manpage for ntpd. Try the locate command to find where the documentation is. On my box it was located in /usr/doc/xntp3-5.93

If your time server is set up correctly, the IOC will print the correct date information when using the date command (after IOCinit), TSreport will say “NTP sync with unix server”.

Good luck!

Ralph Lange (BESSY)

Ralph 12:42, 12 Apr 2005 (CDT)