Bootprofile
for Linux
Rajeev Kumar
When I switch my Linux laptop between home and office networking
environments, I often need to reconfigure the laptop with different
IP address, X display settings, DNS, DHCP, NIS settings, etc. To
address this problem, I began by singling out which configuration
files had to be changed and writing simple shell scripts for the
onsite and homenet (offsite) networked environments. The scripts
would run before I shut down my laptop to define the next boot mode
(offsite or onsite). This was easy for me, but when we started deploying
laptops for common users, I started searching for better tools.
Some tools, such as Mobile IP from Sun Microsystems:
http://playground.sun.com/pub/mobile-ip
or Dynamic Hut Mobile IP:
http://www.cs.hut.fi/Research/Dynamics/index.html
are either in the early stages of development or are centered around
just changing the IP address. I wanted a way to change IP addresses
as well as many configuration files based on the selected networked
environment.
"Bootprofile for Linux" achieves this task by manipulating
configuration files at very early stage of the Linux boot process
-- before even configuring the IP address of the machine. The
bootprofile tool is written in Perl and is ideal for roaming Linux
laptops and for desktops/servers that need to be booted in changing
networked environments.
How Does It Work?
Currently, bootprofile has been tested on Red Hat 6.x and Red
Hat 7.x, but the idea is simple enough to also apply to other Linux
distributions. Bootprofile runs as root early in the Linux boot
process. Be extremely careful before changing critical bootscripts
and applying bootprofile to your system. Standard disclaimers apply.
I modified the boot script (in Red Hat /etc/rc.d/rc.sysinit) such
that it would mount the root file system in read/write mode in the
first few steps. This is a very critical and risky step. (Normally,
Red Hat rc.sysinit script mounts the root file system in read/write
mode late in the boot process.) Just after mounting the root file
system in read/write mode, bootprofile (/sbin/bootprofile) presents
a user dialog box (see Figure 1) with which to select the desired
bootprofile (set up earlier as a part of configuration). Based on
user selection, it takes action for a particular bootprofile (e.g.,
running commands, copying configuration files, etc.). After that,
it boots up the machine for the selected bootprofile. There will
be a separate configuration file (<profilename>.profile) for
each networked profile defined under bootprofile. See Listing 1
for sample "homenet.profile" configuration file for "homenet"
profile.
There are five major sections defined in bootprofile configuration
file(s), as follows:
[ch kconfig] -- Runs the /sbin/chkconfig command to activate/deactivate
services registered under chkconfig. See the chkconfig(1) man page
on how to register any new service under chkconfig.
[fil es] -- Copies (overwrite) files from source to target
defined in this section.
[links] -- Creates symbolic links based on defined target
symlink here.
[remove] -- Removes any mentioned file, directory, or link.
[scripts] -- Runs your scripts defined under this section.
This is a very powerful section where you can define your own scripts
to run at an early stage of the Linux boot.
When bootprofile is executed at boot time based on the configuration
shown in Listing 1, it takes the actions shown in Listing 2. After
that, it runs the remaining boot process based on changes made by
bootprofile. So, in Listing 2 bootprofile is shutting down NIS,
sendmail, etc., changing files like /etc/fstab, IP address file,
linking /usr/local to desired directory designed for offsite (i.e.,
/usr/local.offsite), removing a few bootscripts, and finally running
the user-defined script /root/myscript.
Prerequisites
1. Perl binary located in /usr/bin/perl. If you have another location
for Perl, it is recommended to copy (not link) at least the Perl
binary to this location. Bootprofile uses a simple Perl interpreter;
it doesn't require any Perl module. If you have /usr as a separate
partition, it may not be mounted at a very early stage of the boot
process. In such cases, put Perl in /bin/perl (and modify the bootprofile
script for your Perl path). The idea is that Perl must be available
on the (root) file system at a very early stage of the boot process.
2. The Linux dialog(1) command must be present on your
Linux distribution by default. Run:
dialog --msgbox "Hello World" 20 60
and if it shows a dialog box, that's a good sign. dialog(1)
may not be installed by default, so you can find it on your Linux
CD or download it from:
http://www.rpmfind.net
for your Linux distribution.
3. chkconfig(1) -- Red Hat and Mandrake use this program (/sbin/chkconfig)
to switch off/on services from various run levels. It is good to
have this.
4. You need to modify the initial boot script (/etc/rc.d/rc.sysinit
in Red Hat) and be sure you mount the root (and other system partition)
file system at a very early stage and put in /sbin/bootprofile just
after that. For a few tested systems (Red Hat/Mandrake) the bootprofile
distribution includes edited rc.sysinit under contrib/ directory.
Installation and Configuration
1. Download the latest version of bootprofile from the "bootprofile"
home page:
http://www.rajeevnet.com/linux/bootprofile/index.html
This mainly includes the bootprofile Perl script. The contrib section
includes rc.sysinit for tested platforms, the bootprofile template
directory, and documentation. Untar it and copy the bootprofile Perl
script as /sbin/bootprofile.
2. Back up your current /etc/rc.d/rc.sysinit as /etc/rc.d/rc.sysinit.orig.
Replace this with the downloaded version or manually edit the file
/etc/rc.d/rc.sysinit, such that you mount root filesystem as read/write
at a very early stage of the Linux boot. The first time, it is wise
to comment out the bootprofile line. Reboot the system and be sure
you didn't break your boot process. This is a very important
and risky step, so be careful!
3. Create bootprofile configuration file /etc/sysconfig/bootprofile
with the following parameters. This will switch off/on the bootprofile
system.
BOOTPROFILE="ON"
TIMEOUT="0"
4. Now create a directory for each <profilename> as per the
template included in the bootprofile distribution under contrib/.
Also create a configuration file for each <profilename> as <profilename>.profile,
(the .profile extension is mandatory here). For example, if you want
to create <profilename> as "homenet", do the following
steps:
#cd /etc/bootprofile
#mkdir -p /etc/bootprofile/homenet
#touch /etc/bootprofile/onsite/homenet.profile ;Extension must be .profile.
5. Put the following five section lines in the "<profilename>.profile"
file. Add actions for each section based on your requirement for this
network profile:
[chkconfig]
[files]
[links]
[remove]
[scripts]
Copy all the configuration files mentioned in the [files] section
under the directory /etc/bootprofile/homenet for the homenet profile.
In a similar way, you can create many profiles and modify all these
config files appropriately. Listing 3 shows a directory tree structure
for two networked profiles named "homenet" and "onsite"
under bootprofile. See Listing 4 for the detailed explanation of each
section.
6. After creating bootprofile, test (dry run) the profile(s) and
be sure the commands shown as an output were desired commands for
bootprofile. This won't change anything on the system:
#/sbin/bootprofile --test
Select desired profile and hit OK. You should see something similar
to the output shown in Listing 2. Be sure these are desired actions
for you in the corresponding bootprofile.
7. Once you are satisfied with the bootprofile setup, it is time
to run bootprofile in execute mode. This will actually change files
and configuration on running systems based on the bootprofile. It
is best to keep a backup copy of the current configuration files
you are overwriting, especially files defined in the [files] section:
#/sbin/bootprofile --execute
.
8. Reboot the system and check whether the next reboot brings you
the new profile. If the reboot was okay, then it is time to uncomment
the bootprofile entry in rc.sysinit script.
9. Uncomment the bootprofile entry (/sbin/bootprofile --execute)
in the /etc/rc.d/rc.sysinit script. Reboot the system and be sure
everything is okay. You can now create as many networked profiles
as desired with the above steps.
10. Every time you create any directory (/etc/bootprofile/<newprofilename>)
and create a profile filename (/etc/bootprofile/ \
<newprofilename>/<newprofilename>.profile), bootprofile
will automatically pick up that profile the next time.
Limitations
1. Whenever "bootprofile --execute" is run, changes
made by that instance are permanent. So be sure any change done
in one networked profile (<profilename>.profile) has a corresponding
entry in all other networked profiles you create under bootprofile.
For example, suppose you have two boot profiles: onsite and homenet.
<homenet> has ypbind turned off. So if you go into <homenet>
profile, it will turn off ypbind service. After that, if you go
into the <onsite> profile at the next reboot, ypbind will
remain turned off unless you added an action to specifically turn
on ypbind in the <onsite> bootprofile.
2. Currently, bootprofile may not work with Linux systems that
have separate filesystems for /usr, /var, /etc. Bootprofile assumes
that Linux system files are installed on a single partition (i.e.,
root filesystem).
3. This will work with Red Hat and Red Hat-like Linux systems.
Conclusion
Bootprofile for Linux is a very simple but beneficial feature
for Linux machines, especially for roaming laptops. The current
implementation of bootprofile is an easy and quick solution that
works well for changing networked environments. Automating configuration
with bootprofile is preferable to manually changing files, which
generally requires root access and single user mode access.
The bootprofile Web site contains the following warning, which
makes a useful ending for this article: "This software runs
as root at a very early stage of Linux boot. Improper use of this
software may cause boot problems or other possible damage to your
system. Use this software at your own risk..." Be sure to experiment
with bootprofile on a test system before implementing it in a production
capacity.
Rajeev Kumar is currently working as Senior Systems & Security
Administrator for Fluent Inc. He has more than six years of UNIX/Linux
and systems security experience. He maintains the Web site www.rajeevnet.com,
where he publishes freeware code and systems/security documents.
Rajeev can be reached by email at: rajeev@rajeevnet.com or
rxk@fluent.com.
|