This is a quick HOWTO for those who want to run Debian (Sarge) on Soekris boards. I spent three nights installing mine, I'd rather other people spent their nights in more productive ways. It's not that hard, really, when you avoid stupid mistakes. This page is split into two parts — first, a HOWTO get a working Debian on a Soekris box; second, a HOWTO get it working on a read-only CompactFlash card, to reduce the number of write cycles as much as possible.
Debian installation
This is based on my own net4801, into which I plugged a 256 MB Compactflash card and no hard disk. It may also be valid for other similar products or configurations. If you want to be sure, send one my way, and I'll gladly test and update accordingly; you can never have too many totally silent, low-power, low-heat computers in a cupboard^Wmachine room. Mine has been working fine as my ADSL gateway, firewall and DHCP server for about three weeks. No noise at all, less power, fewer failures, and a watchdog in case of failure too. Plus, it gives you 30 geek points at least.
Overview
- Prepare the Soekris box
- Prepare the installation server
- Netboot debian-installer
- Go through the "normal" debian installation process
- Additional (optional) Soekris-specific configuration
I found the hardest part is getting to boot d-i.
Requirements
- one Soekris net4801 box;
- one Compactflash card (256 MB is enough, you may manage with 128 MB);
- one net-connected computer;
- some LAN equipment between that computer and the Soekris;
- one null-modem cable;
- one toothpick.
Preparing the Soekris box Unscrew the screws, plug the Compactflash card into its socket, screw back. Connect your LAN to the Soekris's eth0 port. Connect one end of the null-modem cable to the Soekris's serial port.
Preparing the installation server Connect the other end of the null-modem cable to your installation server. Mine was running Debian, but you can most probably adapt to other OSes.
Install minicom, configure it to use the serial port into which you
plugged the cable (/dev/ttyS0 or /dev/ttyS1 or /dev/pts/0 or
whatever). At this point, with minicom running, you should power on
your Soekris (well, plug it in, since as far as I can see there's no
power switch). With any luck, you'll see something resembling a BIOS
they call a "monitor". If not, try changing (in minicom) the serial
port speed: it seemed to work for me as "19200 8N1" with no hardware
flow control. At this point, I changed the serial speed to "9600 8N1"
in both minicom and the Soekris BIOS (apparently some later step
wouldn't work at 19200 b/s):
show set ConSpeed=9600
Reboot the Soekris (using the toothpick), you should see the monitor again.
Install a DHCP server, possibly dhcp3-server. Run tail -f
/var/log/syslog, toothpick the Soekris. This time, type boot f0
into the monitor. This tells the box to netboot, so note the
Ethernet/MAC address it uses. Insert the following snippet into
dhcpd.conf:
host foo { hardware ethernet XX:XX:XX:XX:XX:XX ; fixed-address Y.Z.T.U ; filename "pxelinux.0" ; }
You'll need to replace the XXes with the previously noted MAC address, and Y.Z.T.U with the IP address you want to give your Soekris. Restart the DHCP server.
Install tftpd. Download the netboot tarball and the pxelinux
image into /tftpboot. Untar netboot.tar.gz. Edit
pxelinux.cfg/default so that it contains something like:
serial 0,9600 append [...] console=ttyS0,9600 DEBIAN_FRONTEND=text
Netboot debian-installer Toothpick your Soekris, type boot f0
into the monitor. You should see it get an address from the DHCP
server, then download stuff from the TFTP server, then display a
bootloader. With any luck, it'll then proceed to boot into
debian-installer. If you only see garbage, check that everyone agrees
on the serial link speed and parameters (minicom, the Soekris BIOS,
the d-i kernel, and maybe others).
Go through the "normal" debian-installer I'll assume you're big
enough to do that by yourself, so I'll just mention a few things: if
you're on a 256 MB CF card (or even smaller), be sure to choose
"manual selection of packages" and only install what's really
needed. I didn't bother with multiple partitions (/dev/hda1 holds
everything), nor with swap (an ADSL gateway doesn't need swap).
Additional (optional) Soekris-specific configuration A few things you may want to do to make your life easier:
Serial console: make sure one line or the other (depending on kernel,
udev, devfs and so on) is active in your /etc/inittab:
T0:23:respawn:/sbin/getty -L tts/0 9600 vt102 #T0:23:respawn:/sbin/getty -L ttyS0 9600 vt102
Kernel patch: the Soekris net4801 uses a MediaGX/Geode processor which has no "optimisations" inside the mainline kernel. It seems mainline kernel also has a bug related to "PCI bus scan" (although I have no idea what bug exactly). And there's no support for the lovely embedded watchdog device. To fix all that, you'll need to rebuild your kernel using the kernel-patch-soekris package I prepared (from SK-tech). It's currently a work-in-progress and only available on my unofficial apt repository but I'll probably upload it to Sid/Sarge sometime soon. Install the watchdog package and configure it to use the appropriate device (see the SK-tech page for more info: the device needs to be created by hand).
Reference The debian-installer is remarkably well documented, and I wish I had read its doc before the third night, there are quite a lot of very interesting answers to problems in there.
Getting it all to work on a read-only filesystem
The basic trick is: use a tmpfs, put everything that needs to be
read-write onto it, and use symbolic links from the real, read-only
filesystem. So for instance /var/log is a symlink to
/dev/shm/var/log. Of course, since we're dealing with a volatile
filesystem, it starts empty at boot time. So we need an initscript to
create at least a few dirs and files, even if empty. I use the
following for /etc/init.d/ro-root.sh, which is symlinked as
/etc/rcS.d/S03ro-root.sh. It's run just after S02mountvirtfs,
which is very early in the boot process.
#! /bin/sh # # ro-root.sh Setup dirs on the tmpfs to keep the root partition read-only set -e PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DESC="read-only root" PREFIX=/dev/shm case "$1" in start) echo -n "Setting up $DESC... " for i in /var/log /var/run /var/lock /tmp /var/lib/dhcp3 /var/lib/ntp /var/log/exim4 /var/lib/exim4 /var/run/sshd /var/spool/exim4/db /var/spool/exim4/input /var/spool/exim4/msglog /etc /etc/network/run /var/log/news /var/lib/urandom /etc/hotplug/.run /var/cache/locate ; do mkdir -p $PREFIX/$i done for i in $PREFIX/var/lib/dhcp3/dhcpd.leases $PREFIX/var/log/exim4/mainlog ; do touch $i done chown Debian-exim:adm $PREFIX/var/log/exim4/mainlog chown -R Debian-exim:adm $PREFIX/var/spool/exim4 echo "done." ;; stop) echo -n "Stopping $DESC: nothing to do" echo "." ;; *) # echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 echo "Usage: $SCRIPTNAME {start|stop}" >&2 exit 1 ;; esac exit 0
Then for the times when I need to have write access (dist-upgrade, for
instance), I use /usr/local/sbin/remount-ro and -rw, which only
contain mount -oremount,ro / and mount -oremount,rw /.
It seems to work for me.
Notable trick to be aware of: if you remount read-write, then upgrade,
then try to remount read-only, you may find mount telling you that /
is busy. If that happens, make sure no files are open in write mode:
lsof | grep [0-9]w helps (look for things not under /dev/shm).
Sometimes, you'll find nothing relevant. You should then lsof | grep
DEL and look for things not under /dev/shm. The kernel can't
really delete them from the filesystem as long as they're open, so you
have to make sure the files get closed. Killing/restarting the
incriminated processes should work. Hopefully you're not running much
on your Soekris box anyway.
Comments welcome. Hope this helps.
