Installing RedHat 9.0 on a Soekris 4801 SBC.
A Soekris 4801 Singe Board
Computer makes a perfect firewall / router. But as all my systems run
some kind of RedHat based linux
versions, I preferred to get RedHat running on the soekris box too,
instead of a special linux or *BSD version. In the following I will
explain the steps I took to get my system installed.
- Install a minimal Redhat 9.0 on a spare system.
- Configure that system that it can run with only a serial console
- Make it as small as possible, removing unneeded files.
- Copy that system over to an NFS server, to be exported as NFS
- Configure a PXEboot configuration for the Soekris system, using
the new tree as NFS root.
- Boot the soekris over PXE, using NFS root.
- Partition the CF disk, and make a filesystem on it, then copy the
FS from the NFS server to the CF disk.
- Boot over PXE, but now using the CF disk as root.
- Install the GRUB bootloader, and reboot from CF disk.
- Tune your config in a way that you can run with a read-only
mounted CF disk.
1. Install a spare system
Install RedHat on a spare system. It is much easier to install with a
graphical console. Choose 'Custom Install', and then select a minimal
configuration. Don't use a /boot partition, only a root partition. No
swap, because we will not be swapping to the CF disk in the soekris.
This should be a straightforward installation.
2. Configure the minimal system
Connect a laptop (or any system with a serial terminal emulator) to the
spare system, using the serial line, and then configure the new system
to use the serial line as console. Therefore theses files must be
Don't run gettys on VT's
Use the serial port as console
s1:2345:respawn:/sbin/agetty -L 19200 ttyS0
In /boot/grub/grub.conf add:
serial --unit=0 --speed=19200 --word=8
Now try rebooting the system using only the serial port.
3. Remove unneeded files
A standard RedHat install will install all doc's and man-pages of all
packages selected. These can be easely removed. For a minimal system, I
also remove all native language support. Here is my list to remove:
You can also remove the vim-common
package, although it will complain about dependancies.
4. Copy the FS over to a server
I will not go into the details of setting up a NFS root server, because
that is not soekris specific, and there are lot's of pages containing
this information. I assume that server:/export/soekris is exported, and
accessible from the soekris and the spare system.
spare# cd /
spare# tar clSf - . | (cd /mnt; tar xpSf -)
spare# umount /mnt
The S options to
tar are to ensure efficient handling of sparse files like libraries.
5. Configure PXE-Boot server
Using a standard PXE Boot server setup, here are the relevant parts of
the config files:
hardware ethernet <mac of your soekris here>;
option root-path "/export/soekris";
0 19200 0
ip=dhcp panic=10 ramdisk_size=16384 rw
This assumes a usable kernel image in /tftpboot/soekris-2.4.26.
You can compile a customized kernel for the soekris, or use the redhat
kernel. We still have all the redhat modules on the NFS-root image. The
Ramdisk parameter is not yet needed, but will be in the next steps. In
order to boot over NFS-root, we have to temporary modify the /etc/init.d/network
script: it should not mess with the eth0 interface (don't try get a new
DHCP lease on boot, don't shutdown eth0 on shutdown or reboot). Just
comment the relevant lines out.
Also modify the /etc/fstab (on the server: /export/soekris/etc/fstab):
defaults 1 1
devpts gid=5,mode=620 0 0
defaults 0 0
tmpfs defaults 0 0
6. Boot the soekris diskless
Now we connect a terminal emulator to the soekris, connect it to
your network, and power it up. If you have a CF card installed, you
must use <CTRL-P> to get to the bios prompt. Then try PXE booting
with the 'boot F0'
command. If it doesn't work, try tcpdump on your server to find
out what is missing. Also watch /var/log/messages
on your server. If you get in trouble during multiuser startup, you can
add the keyword 'single' to the pxelinux.cfg/<ip-in-hex> file.
This should give you at least a single user prompt.
7. Install on the CF disk
Now we have a running system, running from NFS-root, but with a local
/dev/hda on the CF card. We can proceed partitioning the CF disk, using
fdisk, creating one single partition. Create a (ext2) filesystem on
that partition with mk2efs. Then mount the CF disk on the NFS root, and
copy the FS over to the CF disk:
soekris# mke2fs /dev/hda1
soekris# tune2fs -c -1 /dev/hda1
soekris# mount /dev/hda1 /mnt
soekris# cd /
soekris# tar clSf - . | (cd /mnt; tar xpSf -)
Now change the fstab on the CF disk (/mnt/etc/fstab) to
reflect the correct location of the root:
ext2 noatime 1 1
We also change defaults into noatime, to reduce the amount of
writing to the flash.
Now shutdown the soekris, and proceed to the next step.
8. Boot over the net, using the CF disk as root
Change in the /tftpboot/pxelinux.cfg/<ip-in-hex> the append line
console=ttyS0,19200n81 root=/dev/hda1 ip=dhcp panic=10
Now you should boot the soekris again, and it should boot over the net,
but using the local CF disk as root.
9. Install the GRUB bootloader on the CF disk
If this boot is successfull, you can now install the bootloader on the
CF disk, in order to be able to boot directly from the CF disk.
grub> root (hd0,0)
grub> setup (hd0)
You should now undo the changes to /etc/init.d/network,
because we now have to startup eth0 ourselves. Now we can reboot, and
the soekris should boot from the local CF disk.
10. Tune your config to run with a read-only mounted root FS.
The first thing you need to run with a read-only root FS is a ramdisk
to store all the things that normally would go to the root fs.
Depending on your applications, a 16Mb ramdisk should be
sufficient. I have modified the startup scripts a lot, and made
changes to the filesystem to run read-only. Here is a brief overview of
the things involved:
This should give you the general idea. Depending on the functions you
want your Soekris to perform, your solutions may vary from mine. If you
have any comment, suggestions, or questions regarding this web page,
please contact firstname.lastname@example.org.
- Create a RAMDisk in the rc.sysinit. I added it instead of the
remount of the root fs to read-write.
-F -q -m 0 /dev/ram0 2>/dev/null
-n -t ext2 /dev/ram0 /rd
- Create the directory tree on the ramdisk that is needed to hold
the read-write files:
-p /rd/var/run/netreport /rd/var/log /rd/var/lock/subsys /rd/tmp
/rd/dev /rd/mqueue /rd/clientmqueue /rd/mail /rd/var/net-snmp
Correct the modes/ownerships for the tree:
-rp /etc/ntp.static/* /rd/etc/ntp
(put these commands in rc.sysinit too).
- Rename some directories to a 'static' version, and create a
symlink from the original location to the ramdisk version:
-s /rd/etc/ntp /etc
- Remove some directories in /var, and replace them with symlinks
to the ramdisk:
-s /rd/var/run /var
-s /rd/var/log /var
-s /rd/var/lock /var
-s /rd/mail /var/spool
-s /rd/mqueue /var/spool
-s /rd/anacron /var/spool
- As we cannot use a /etc/mtab (on a read-only filesystem), we
create a dummy mtab file with the correct contents, and place it in
/etc/mtab.static. Then we add a cp command to rc.sysinit to copy it to
the ramdisk, and add a symlink to /etc. In this way, we assure the
correct contents of /etc/mtab, even if the system is shut-down with a
writable root fs:
-s /rd/etc/mtab /etc
- Add mount commands for
special filesystems to rc.sysinit: Those filesystems must be mounted
before you issue the cp command for the mtab in the previous step
(otherwise it will think those filesystems are already mounted).
mount -n -t
usbdevfs usbdevfs /proc/bus/usb
- Comment out the lines in the rc.sysinit where the root fs is
- Reboot the system, and check the output of the shutdown and boot
for any error messages. That indicates other open issues. Things I had
- Comment out the rebuilding ot the sendmail tables in the
- Change the rc script for the random generator, because it
cannot save it's state in /var/lib/random-seed.
- The depmod -a command cannot write to the dependency file. If
you don't change modules often, just keep a static dependency file
(c) Karel van Houten 2004