Installing Scientific Linux 5 on a 586 Laptop
Well, sorta. It is working, and it is mostly SL5.
I use an old 233!MHz Pentium MMX laptop as my firewall. SL5, !CentOS5, and RHEL5 only support 686 and x86-64 processors out of the box - for at least one reason I will explain. The "586" processor will not boot with a 686 kernel; it fails during kernel load, too quickly to get the error messages.
What I ended up doing, on an SL5 work machine (not the server):
=== First, the kernel build:
1-1) Do a yum install unifdef. You will need this later.
1-2) Download the vendor kernel source at:
1-2a) while you are there, download the rpms for glibc.i386 and openssl.i386 . you will need these later. They are in the distro, but you can't use them. Go figure.
1-3) do an rpm -ivh of the kernel src rpm. (into /usr/src/redhat ).
1-4) cd /usr/src/redhat/SPECS, then rpmbuild -bp kernel-2.6.spec, which grinds away making sources in /usr/src/redhat/BUILD/kernel-2.6.18/
1-5) cd /usr/src/redhat/BUILD/kernel-2.6.18/linux-2.6.18.i386
1-6) cd/boot/config-2.6.18-8.1.3.el5 .config
1-7) make menuconfig
1-7a) select General setup --->
1-7b) select () Local version - append to kernel release
1-7c) enter: -i586mmx
1-7e) select Processor type and features --->
1-7f) select Processor family (386) --->
1-7g) select ( ) Pentium-MMX # You may have problems with "386"
The basic SL kernel and module set is huge; for my firewall machine, I trimmed off 90% of the modules and options on a second attempt.
1-8) make # this can take hours; cringe at warnings but ignore
1-9) make modules_install # yes, install on the work machine
1-10) make install # more ugly WARNINGS
All that work left me with -prep-i586mmx kernel files in /boot and modules in /lib/modules installed on the work machine.
Next, I installed a 2.5inch hard drive (that I would eventually use on the firewall) on a different 686 laptop. SL5 won't install directly on the 586mmx machine, and I did not want to take my firewall machine down for very long anyway.
My outward facing services are on an offsite virtual machine, so all I need is an openvpn tunnel from the firewall to the offsite, and routing of services outbound through the firewall. I am on Comcast, with a TOS that does not permit inbound services; everything inbound comes through the offsite machine and up the tunnel.
2-1) Install SL5 on the firewall laptop. In my case, I stripped off most of the stuff (X, gnome, etc.) and added bind (named), and dhcpd .
2-2) scp over the kernel, the modules, and the .i386 rpms for openssl and glibc from the work machine to the working laptop . The kernel and associated files goes into /boot, the modules into /lib/modules, and the rpms into /tmp .
2-3) Do a rpm --force -ivh on the rpms; this is the only way to get .i386 versions on a running machine. Don't worry, the machine will still run.
2-4) edit /boot/grub/grub-menu and add a boot set for the new kernel. While you are in there, remove rhgb and hiddenmenu. Those options are for _wusses_ .
2-5) Try booting from the new kernel. If it doesn't work, fiddle with it under the old kernel and try again.
2-6) edit /etc/yum.d/yum.cron.excludes . add a second line under the exclude line, with a leading space in front:
kernel openssl glibc
2-7) yum install more packages: openvpn, bind, dhcpd, and whatever else you need for your firewall.
2-8) copy over the rest of your config files from your old firewall.
2-9) chkconfig bind on, chkconfig dhcpd on, etc. 2-10) for a firewall machine, edit 2-11) bring down work laptop and firewall laptop, move the new drive to the firewall, and boot (pray hard). 2-12) debug frantically for an hour or so. 2-13) enjoy, nervously. I had to do one more thing on my firewall machine. I use a couple of 3Com 3CCFEM556 LAN+56K network cards for the firewall (one has the magic 48 bit MAC address that Comcast wants to talk to) and SL5(butchered) won't talk to them without one more step: 3-1) go to rpmfind and get an rpm for That's all for now. I will be posting this to my wiki at http://wiki.keithl.com/ Keith
2-10) for a firewall machine, edit/etc/inittab and set the default run level to 3.
2-11) bring down work laptop and firewall laptop, move the new drive to the firewall, and boot (pray hard).
2-12) debug frantically for an hour or so.
2-13) enjoy, nervously.
I had to do one more thing on my firewall machine. I use a couple of 3Com 3CCFEM556 LAN+56K network cards for the firewall (one has the magic 48 bit MAC address that Comcast wants to talk to) and SL5(butchered) won't talk to them without one more step:
3-1) go to rpmfind and get an rpm forpcmcia-cis-firmware. I got the Mandriva 2007.1 version; it is architecture independent. rpm install that; it goes into /lib/firmware . SL5 (and upstream) has CONFIG_PCMCIA_LOAD_CIS=y set, which means the kernel will look for firmware for the 3Com card, but will not be able to find it, because it is not part of the distro (but should be, or that option should be turned off). Anybody want to submit a bug to the upstream vendor?
That's all for now. I will be posting this to my wiki at http://wiki.keithl.com/