Saturday, October 14, 2006

Soekris NET4801-60

Having a firewall, mail server, file server, web server, ... all on the same box is just a bad idea. Every sysadmin knows that. I run my firewall on OpenBSD which makes me feel better, but not comfortable. OpenBSD's software RAID (RAIDframe) scares me every time the machine crashes (which happens seldomly, actually only once so far, but that's another story), or loses power (which used to happen more often. Thanks to my UPS that's no longer an issue). I like my firewall to run OpenBSD, but I just don't need yet another computer sucking up power in my living room.

When a co-worker was looking for some more people to join in a bulk-oder for Soekris NET4801 boxes I got in. A few weeks later it was on my desk. Nice box, metal case, AMD Geode 266, 256MB main memory. I have a 1GB CF card (specs as displayed by comBIOS: "SAMSUNG CF/ATA LBA Xlt 1012-32-63 1020 Mbyte"), and a 256MB CF card ("Hitachi XXM2.3.0 LBA 695-15-48 250 Mbyte"). Originally, I wanted to run even my Web server from the Soekris box, but then realized that the photo collection on the Web site alone eats up 3.2GB already. Whoops. Oh well, don't have that much storage, so I put the 1GB CF card into our Canon Rebel Digital SLR, and use the 256MB card for the soekris box.

I replaced FreeBSD on Sneezy with the latest OpenBSD built (and will upgrade again, come 4.0 in November) and started to investigate flashdist.sh, a snazzy shell script that builds an OpenBSD distribution on flash media. Oh, I need a flash reader? ... Our Nikon Coolpix 2100 shows up as a regular flash media when plugged in to USB:


umass0 at uhub0 port 1 configuration 1 interface 0
umass0: NIKON NIKON DSC E2100, rev 1.10/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct removable
sd0: 244MB, 244 cyl, 64 head, 32 sec, 512 bytes/sec, 500400 sec total


ok. that was easy.

I built a NET4801 kernel with the config from the flashdist archive and ran


flashdist.sh sd0 flashsmall.txt bsd-4801 /tmp/openbsd39/ bsd-4801 /tmp/openbsd39/


disklabel comes back with:

Total size of media: 500400 sectors (256204800 bytes)
Bytes/Sector: 512
Sectors/Track: 48
Sectors/Cylinder: 720
Tracks/Cylinder (heads): 15
Cylinders: 695


Once everything is on the flash, I reboot the Soekris box and it just works. Nice.

Now on to configuring things they way I actually want them.

distflash.sh pulls the default configurations from a staging area on Sneezy. For now I'm configuring stuff directly on the Soekris box, now affectionately named "gw". Once I'm done I'm planning to run a find accross the whole file system looking for files that are newer than today 18:07, and save all my changes back to the staging area on sneezy.

Here's the service split between gw and chef:

gw:

  • three ethernet legs - working
  • PF - working
  • dhcpd - working
  • named - working
  • sshd - working
  • ntpd - done, not thoroughly tested yet
  • smb service to wireless network - working (see the long story)
  • httpd - redirect working
  • email proxy - redirect working
  • apcupsd - not done (stays on chef for now)
  • snmpd - not done (not critical)
  • sensorsd - not done (not critical)


chef:

  • email - postfix (working)
  • email - dovecot (working, to be replaced with courier)
  • email - spamassassin (working)
  • email - squirrelmail (won't fix)
  • media files - nfs (working)
  • media files - smb (working)
  • httpd - apache (working)
  • httpd - authenticated proxying to grumpy/mythweb (not done, not critical)
  • HD stats - smartd (working)
  • network monitoring - mrtg (working, needs gw added)
  • monitoring - nagios (not done, not critical)


I my current setup the music files on chef are exported via smb both to the wireless and the wired LAN, so I actually don't have to worry about anything. In the new setup chef is only connected to the wired LAN. smb broadcasts from the Audiotron won't be sufficient to find chef. This link at O'Reilly seems to indicate that I need to run Samba as a wins server. However, funny enough, right now when the Audiotron probes the network for music files, it will show babybaer which is only connected to the wired network. Why is that? I suspect chef is browse master and responds with the host lists for both the wired and wireless segments, so I either need a WINS server on chef, and point the Audiotron at that, or, if the Audiotron doesn't support WINS, run a smbd on gw and force it to try to acquire browse master.
Posted by at

No comments:

Post a Comment