[Soekris] What's the difference between OpenSoekris and flashrd?

Bayard Bell buffer.g.overflow at googlemail.com
Fri Apr 15 22:58:24 UTC 2011

On 15 Apr 2011, at 21:23, Ed Flecko wrote:

> Hi folks,
> As I look at the various ways of setting up my 4501, some of you
> (thank you!) pointed me to the flashrd website.
> I'm trying to "wrap my head around":
> 1.) What's the difference between the OpenSoekris and flashrd?
> I "think" they're basically just scripts that you run on an existing
> OpenBSD install to create an image that can then be written to your
> CF, is that right? I found the following instructions at:
> http://www.nmedia.net/flashrd/install.html
>    cd ~
>    tar xzf flashrd-YYYYMMDD.tar.gz
>    cd flashrd-YYYYMMDD
>    ./flashrd -disk sd2 /tmp/openbsd
>    ./cfgflashrd -disk sd2 -rdroot szez-ARCH.DATE

You can either use the build Chris, flashrd's maintainer, offers (see http://www.nmedia.net/flashrd/images/20110303/) or choose which OpenBSD to run, do the usual steps from the release man page, and then perform flashrd magic at the end.

My practice is to pick a release in CVS, build it on a virtual machine, sort out the upgrade process for the VM first, test the results, then build a release off of that (that's what's in /tmp/openbsd) and derive a flashrd image (which is pretty much a matter of deciding which tarballs you need from the release set and expanding them into a directory [don't forget to tell tar to preserve permissions, as it's one of the first things flashrd will check], which is what /tmp/openbsd is in the example), building it to a file rather than a disk, as in the example you've cited.

(I use a virtual machine because I find it much easier than having to thrash out upgrades on my primary system or what's supposed to be an embedded device providing services like Internet connectivity. I also find it easier to add ports where I need them by building on the VM and then passing them over to the Soekris as packages.)

Because flashrd needs to build a kernel to finalise the release tree you provide, it's a very good idea to have /usr/src be what you used to build the expanded release tree for the image. Flashrd uses a kernel with ramdisk support, which isn't in the generic kernel, so it needs to do a further kernel build after you've built a release. Other than kernel itself, flashrd also modifies the rc files to vnconfig the devices used for the filesystem and expand/save any tarball'ed filesystems (/var by default). If you get your images from the URL given previously, all that's already sorted out for you, all you have to do is change the disk (e.g. sd0 vs. the default wd0) and set the baud rate for the console.

After putting the image on flash from my primary system the first time, I've used flashrd's well-documented upgrade system to bring over changes, making upgrades easy and supported by a very simple backout, meaning you don't have to open the chassis and reflash.

> 2.) Am I right so far?
> Once you've written the image to your CF, you just plug it back into
> your Soekris (I'm guessing), but how do you actually configure the
> Soekris (i.e., set up NIC interfaces, configure PF, etc.)?
> 3.) Do you, somehow, configure your image in advance of writing it to
> the CF or you do that after you've written it to the flash???

It's your choice, really. You can prep all your host and site config files and fold those in when you build the image for the first time. You can tweak things on the Soekris, but I always make sure I copy updates back to the system I use to maintain the images. I do this for a few reasons: I retain everything I need to rebuild or back out, and I can also do sysmerge updates and validate things like pf.conf (at least syntactically) before shipping them over to the Soekris when I upgrade, rolling merged version of the config files into the new images. There are certainly other ways to do this (e.g. as part of an upgrade, you can always copy the etc tarball over and use that to do a sysmerge). If you're backing up key material, you can keep the back-up images on encrypted storage (e.g. encrypted svnd).

I also found that building on a VM first helped me identify which config files to use and to prepare their contents, so I didn't have to go through an install the second time, just build an image, clean up a few bits after the first boot, and bring back the final contents to keep the system reproducible.

> I'm confused about this process, so if someone could shed a little
> light on the steps that need to be taken, that would be great!
> Thank you,
> Ed
> _______________________________________________
> Soekris-tech mailing list
> Soekris-tech at lists.soekris.com
> http://lists.soekris.com/mailman/listinfo/soekris-tech

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.soekris.com/pipermail/soekris-tech/attachments/20110415/4ae6e311/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1515 bytes
Desc: not available
Url : http://lists.soekris.com/pipermail/soekris-tech/attachments/20110415/4ae6e311/smime.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 841 bytes
Desc: This is a digitally signed message part
Url : http://lists.soekris.com/pipermail/soekris-tech/attachments/20110415/4ae6e311/PGP.bin

More information about the Soekris-tech mailing list