Difference between revisions of "Diskless netboot"

 
(59 intermediate revisions by the same user not shown)
Line 1: Line 1:
Diskless server / workstation using netboot
+
[[Category:Linux]]
  
  
NFS is a technology that allow you to share some files and folders over the network. So:
+
==Target folder tree (server side)==
* All the clients will share the installation, configuration files and so on.
 
* Each client will run a dedicated instance of the operating system
 
* Logs will be centralized on the common NFS server - so we don't loose data on each reboot.
 
  
You must have a working DHCP server + NetBoot before starting this part.
+
This is how we'll setup our files and folders:
  
 
Requirements:
 
* [[DHCP server]]
 
* [[NetBoot server]]
 
 
 
 
 
=Aim=
 
 
In order to be super effective:
 
* Each client distribution will have its own kernel support (''vmlinuz'' + ''initrd.img'' files)
 
* All the distributions will be under the same root
 
* Both NFS and TFTP will share the same root folder
 
* The user will be able to choose the O.S to use using a PXE menu
 
 
 
Target folder tree:
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
/pxe-boot/                                # TFTP + NFS root
+
# TFTP root
/pxe-boot/pxelinux.0                      # Initial boot file - only use to load the PXE NetBoot manager
+
/tftpboot/                                  
/pxe-boot/{menu.c32 || vesamenu.c32}      # PXE interactive menu managers (text or graphical)
 
 
 
/pxe-boot/pxelinux.cfg/                    # PXE configuration(s)
 
/pxe-boot/pxelinux.cfg/default            # default PXE configuration
 
 
 
/pxe-boot/images/                          # This is where the distributions will be.
 
                                          # Each distribution [configuration] will be in a dedicated folder.
 
 
 
/pxe-boot/images/trusty/                  # Ubuntu 14.04 [Trusty] distribution - ready to be used
 
 
 
 
 
/pxe-boot/images/trusty/vmlinuz            # specific kernel for ubuntu 14.04 distrubution
 
/pxe-boot/images/trusty/initrd.img        # specific initrd for ubuntu 14.04 distribution
 
</syntaxhighlight>
 
 
 
 
 
 
 
 
 
=Installation=
 
 
 
 
 
'''NFS support'''
 
<syntaxhighlight lang="bash">
 
apt-get install nfs-kernel-server nfs-common
 
</syntaxhighlight>
 
 
 
'''Debootstrap (manage netboot image)'''
 
<syntaxhighlight lang="bash">
 
apt-get install debootstrap
 
</syntaxhighlight>
 
 
 
 
 
'''Initramfs (to manage "virtual disks")'''
 
<syntaxhighlight lang="bash">
 
apt-get install initramfs-tools
 
</syntaxhighlight>
 
 
 
 
 
 
 
  
 +
###############
 +
# Network bootable image(s) using NFS technology
 +
################     
  
=NFS server setup=
+
#### Boot file           
 +
/tftpboot/pxelinux.0                  # Initial boot file - only use to load the PXE NetBoot manager
 +
/tftpboot/{menu.c32 || vesamenu.c32}  # PXE interactive menu managers (text or graphical)
 +
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
 +
/tftpboot/pxelinux.cfg/default        # default PXE configuration
  
 +
#### Kernel file
  
==Preparation==
+
/tftpboot/images/     
  
You have to create a dedicated folder on your server where you will host the client image.  
+
# Debian 7.x [Wheezy]
 +
/tftpboot/images/wheezy/ 
 +
/tftpboot/images/wheezy/vmlinuz
 +
/tftpboot/images/wheezy/initrd.img
  
<syntaxhighlight lang="bash">
+
# [X]Ubuntu 14.04 [Trusty]
mkdir -p /pxe-boot/pxelinux.cfg
+
/tftpboot/images/trusty/
mkdir /pxe-boot/images
+
/tftpboot/images/trusty/vmlinuz
chmod -R 777 /pxe-boot
+
/tftpboot/images/trusty/initrd.img
</syntaxhighlight>
 
  
  
==Configuration==
+
#### NFS
 +
# This is where the runnable will be. Each image will be in a dedicated folder.
 +
/nfs/                   
  
The NFS configuration is done in the '''/etc/exports''' file
+
# Debian 7.x [Wheezy]
 +
/nfs/wheezy/ 
  
<syntaxhighlight lang="bash">
+
# Ubuntu 14.04 [Trusty]
vim /etc/exports
+
/nfs/trusty/
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
Add something like that:
 
  
<syntaxhighlight lang="bash">
+
==Client overview==
  /pxe-boot      192.168.2.0/24(ro,no_root_squash,no_subtree_check,async,insecure)
 
</syntaxhighlight>
 
  
 +
Each client must have, at least, 4 Go of RAM.
  
Adjust "192.168.2.0/24" to your own network address
 
  
* rw : Allow clients to read as well as write access
+
===4 GO RAM configuration===
* ro : Read only access
 
* insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
 
* no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
 
* async : async will speed up transfers.
 
* no_root_squash: This phrase allows root to connect to the designated directory.
 
  
 +
This is how we're gonna populate the client:
  
- NOTE -
+
[[File:Client_composition.png|480px|NetBoot client RAM overview - 4Go]]
  
It's always a good idea to use Read-Only if you plan to share this disk.
 
  
That will avoid user to mess with your image!
+
As you can see, each client will have some space dedicated for swap + some RAMdisk to allow writing in /var, /tmp and /proc.
  
  
 +
Configuration of a '''4Go RAM''' disk:
 +
* No swap
 +
* Local TMPFS (read/write for /dev, /tmp, ...) : 1 Go
 +
** /tmp      = 512 M
 +
** /var/tmp  = 128 M
 +
** /var/log  = 128 M
 +
** /var/run  = 8 M
 +
** /var/lock = 8 M
 +
** /run/shm  = 256 M
 +
* O.S (NFS read only) : all the rest ~ 2.8 Go
 +
* Common share (NFS read write) : ''Remote disk''
  
==Security==
 
  
Like TFTP, this part is insecure !
 
  
You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !
+
===2 Go===
  
 +
Due to budget restriction we might encounter some low memory machines with only 2 Go...
  
  
NFS is using dynamic ports numbers because it runs over '''rpcbind'''. Making NFS using specifics port is a pain in the ass !! :(
+
This is how we're gonna populate the client:
  
So, instead of that you should allow your LAN communication.  
+
[[File:Client_mount_points_2Go.png|480px|NetBoot client RAM overview - 2Go]]
  
  
<syntaxhighlight lang="bash">
+
In case of '''2Go RAM''' then you have to use some tricks:
    IPTABLES=`which iptables`
+
* No swap
    LAN_ADDRESS="192.168.2.0/24"
+
* O.S (NFS read only) : ~ 1.2 Go
 
+
* Common share (NFS read write) : ''Remote disk''
    # Allow LAN communication
+
* Local TMPFS (read/write for /dev, /tmp, ...) : all the rest
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
+
** /tmp      = 372 M
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
+
** /var/tmp  = auto
 
+
** /var/log  = 128 M
</syntaxhighlight>
+
** /var/run  = auto
 +
** /var/lock = auto
 +
** /run/shm  = auto
  
  
==Management==
 
  
<syntaxhighlight lang="bash">
+
==How big is the client image ?==
service nfs-kernel-server {status|start|stop|restart}
 
</syntaxhighlight>
 
 
 
 
 
==Test the server==
 
 
 
 
 
Install the NFS v4 client:
 
<syntaxhighlight lang="bash">
 
apt-get install nfs-common
 
</syntaxhighlight>
 
 
 
 
 
To mount the default path:
 
<syntaxhighlight lang="bash">
 
mount -t nfs nfs-server:/ /mnt
 
</syntaxhighlight>
 
 
 
You'll see: "/mnt/pxe-boot"
 
 
 
 
 
It's better to do:
 
<syntaxhighlight lang="bash">
 
mount -t nfs nfs-server:/pxe-boot /mnt
 
</syntaxhighlight>
 
  
 +
By default the ''deboostrap'' Ubuntu 14.04 LTS image is 239 Mo. With the applications we're gonna use that size will increase to about 1 or '''1.3 Go''' depending if you copy (or not) the kernel sources. It may even take 1.6 Go if you're using XFCE frontend.
  
  
Line 180: Line 112:
  
 
The main ones are:
 
The main ones are:
* debootstrap
 
* copying the install from your server
 
* Manual install on a client, then, when the system is ready, copy everything to the NFS share
 
  
 +
* Manually
 +
** debootstrap
 +
** copying the install from your server
 +
** Manual install on a client, then, when the system is ready, copy everything to the NFS share
  
 +
* Using script and software like "Puppet" or "Chef"
  
==Debootstrap: setup client distribution==
 
  
  
===Setup distribution folder===
+
==Setup client distribution==
  
 
You have to create one target for each distribution you want to serve:
 
You have to create one target for each distribution you want to serve:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
mkdir -p /pxe-boot/images/trusty
+
mkdir -p /nfs/trusty
 +
mkdir -p /nfs/wheezy
 +
mkdir -p /nfs/common
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
  
 
- NOTES -  
 
- NOTES -  
 +
 
* The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
 
* The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
 +
 
* The folder name should match a Linux (Debian like) distribution name
 
* The folder name should match a Linux (Debian like) distribution name
 
 
===Populate the content===
 
 
<syntaxhighlight lang="bash">
 
cd /pxe-boot/images/trusty
 
debootstrap trusty /pxe-boot/images/trusty
 
</syntaxhighlight>
 
  
  
Line 213: Line 143:
 
==Configure client distribution==
 
==Configure client distribution==
  
 +
* Manual configuration: [[Diskless image configuration - manual setup]]
  
===Access distribution===
+
* Automatic [Puppet || Chef] configuration: [[Diskless image configuration - script setup]]
  
<syntaxhighlight lang="bash">
 
# "mount" the system
 
chroot /pxe-boot/images/trusty/
 
</syntaxhighlight>
 
  
From here you can perform operation as if you were on a separate machine.
 
  
Only the current distribution (= the client one) will be affected.
 
  
  
 +
==Backup distribution==
  
===Adjust default login/password===
+
You can create an archive of your current distribution for later restore / re-use.
  
First of all, you have to create / adjust the default user.
 
  
<syntaxhighlight lang="bash">
+
===Compression===
# Add new user
 
adduser <username>
 
# Add user to sudoers group
 
usermod -a -G sudo <username>
 
</syntaxhighlight>
 
  
 
Now you can use that user:
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
su <username>
+
cd /nfs
sudo -s
+
tar cvpjf trusty.tar.bz2 ./trusty
</syntaxhighlight>
 
 
 
You can check that you really are in the "Virtual machine" by checking "/srv/". It should be empty !
 
 
 
 
 
 
 
===Update sources.list and install key packages===
 
 
 
Your client need to have some key packages in order to work. Without these package even the NetBoot will fail !!
 
 
 
 
 
First of all: edit your sources.list
 
 
 
<syntaxhighlight lang="bash">
 
apt-get install vim
 
vim /etc/apt/sources.list
 
</syntaxhighlight>
 
 
 
 
 
Put the following:
 
 
 
<syntaxhighlight lang="bash">
 
### Custom repositories list
 
#
 
# May 2014 - Guillaume Diaz
 
# This is an ajdustement of the default "debootstrap" sources.list
 
# This is required to provided update, security and advanced tools to all our clients
 
#
 
 
 
# Official repositories
 
deb http://se.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
 
deb http://se.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
 
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
 
 
 
# Official updates
 
deb http://se.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
 
 
 
# Canonical partners
 
deb http://archive.canonical.com/ubuntu trusty partner
 
 
 
# Community partners
 
deb http://extras.ubuntu.com/ubuntu trusty main
 
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
Update your package list:
+
===Restoration===
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
apt-get update && apt-get upgrade
+
cd /nfs
 +
tar -xvjf trusty.tar.bz2
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
=PXE interactive menu=
  
 +
You can create interactive NetBoot menus, see:
 +
* [[PXE interactive menu - single level]]
 +
* [[PXE interactive menu - multi level]]
  
Now, you can install the basic programs:
 
  
<syntaxhighlight lang="bash">
 
# NFS client. This is ABSOLUTELY MANDATORY ! That's the only way to mount the /root
 
apt-get install nfs-common
 
apt-get install initramfs-tools
 
  
# NFS is a bit low, and if you're using many client it might result in time faults.
 
# You must install NTP to overcome this !!
 
apt-get install ntp ntpdate
 
  
# Basic set of utilities
+
=Local server monitoring=
apt-get install unzip zip
 
apt-get install make autoconf automake cpp gcc build-essential
 
apt-get install htop
 
apt-get install python3
 
  
# Advanced APT manager (require to add repository from command line)
+
Install the following services:
apt-get install software-properties-common python-software-properties
+
* [[SNMP client]]
 +
* [[Zabbix agent setup]]
  
  
# JAVA (that is required for my application)
 
# Depending on your target usage you might not need it.
 
add-apt-repository ppa:webupd8team/java
 
apt-get update && apt-get upgrade
 
apt-get install oracle-java7-installer oracle-jdk7-installer
 
</syntaxhighlight>
 
  
  
===Adjust bash and vim configuration===
+
=Other services=
  
Edit your VIM configuration:
 
<syntaxhighlight lang="bash">
 
vim /etc/vim/vimrc
 
</syntaxhighlight>
 
  
Enable dark background, set nu, set ruler
+
==File sharing==
  
 +
If you want to expose the NFS common folder as a file-share, you have to install and configure Samba. See: [[Samba server]]
  
  
Edit your bash configuration files to adjust the alias and enable auto-completion:
+
''Note''
<syntaxhighlight lang="bash">
 
vim /etc/bash.bashrc
 
vim /home/<username>/.bashrc
 
vim /root/.bashrc
 
</syntaxhighlight>
 
  
 +
Samba is actually better than NFS for the file-share. You should remove Common from /etc/exports and use a samba share instead.
  
  
===Install a local kernel===
 
  
To install a local kernel, you have to:
+
==Management UI (webmin)==
* mount /proc
 
* unpack linux-headers-generic
 
* unpack linux-image-generic
 
  
 +
Since there is a lot of services to manage, it's always convenient to use an UI for it. Check [[Webmin]]
  
<syntaxhighlight lang="bash">
 
mount /proc
 
apt-get install -y linux-headers-generic
 
apt-get install -y linux-image-generic
 
</syntaxhighlight>
 
  
  
Check that you have some symlinks in /, either create them:
+
==VPN server==
<syntaxhighlight lang="bash">
 
ln -s /boot/vmlinuz-3.5.0-21-generic /vmlinuz       
 
ln -s /boot/initrd.img-3.5.0-21-generic /initrd.img
 
</syntaxhighlight>
 
  
!! Don't forget to adjust the number to your actual version !!
+
See [[VPN]]
  
  
  
===Edit mount points (/etc/fstab)===
+
==Apache2 server==
  
You must edit the mount points to get the client working!
+
See [[Apache 2]]
  
<syntaxhighlight lang="bash">
 
vim /etc/fstab
 
</syntaxhighlight>
 
  
  
<syntaxhighlight lang="bash">
 
/proc    /proc    proc    defaults  0 0
 
/sys    /sys    sysfs  defaults  0 0
 
/dev/nfs /        nfs    defaults  1 1
 
</syntaxhighlight>
 
  
  
 +
=References=
  
 +
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
  
===Adjust network configuration===
 
  
Up to this point the client will already have got a DHCP address through the NetBoot process.  
+
Mind reference: http://mindref.blogspot.se/2011/03/debian-diskless.html
  
Therefore, you should prevent users / services from changing that automatic configuration.
 
  
 
+
Super video tutorials:
Edit the config file:
+
* https://www.youtube.com/watch?v=js9imsrqAMk
 
+
* http://www.stepladder-it.com/bivblog/14/ to /16/
<syntaxhighlight lang="bash">
+
* https://blog.dlasley.net/2013/01/pxe-server-ubuntu/
vim /etc/network/interfaces
 
</syntaxhighlight>
 
  
  
Put:
+
Nice explanation of PXE process: http://www.linux.com/learn/docs/ldp/497-Diskless-root-NFS-HOWTO
  
<syntaxhighlight lang="bash">
+
* How to improved /etc/fstab: http://www.askapache.com/optimize/super-speed-secrets.html
## Manual override of the debootstrap shipped configuration
 
#
 
# Version 1.0 - May 2014 - Guillaume Diaz
 
#
 
 
 
# Loopback
 
auto lo
 
iface lo inet loopback
 
 
 
# Keep the NetBoot configuration
 
iface eth0 inet manual
 
 
 
# Intel NUC trick - as the NUC uses "em1" instead of "eth0"
 
iface em1 inet manual
 
</syntaxhighlight>
 
 
 
 
 
 
 
===Run clients in diskless NFS mode===
 
 
 
Now you are (finally) ready to tell the client to run in diskless mode!
 
Edit the config file:
 
 
 
<syntaxhighlight lang="bash">
 
vim /etc/initramfs-tools/initramfs.conf
 
</syntaxhighlight>
 
 
 
 
 
Set the following values:
 
 
 
<syntaxhighlight lang="bash">
 
MODULES = netboot
 
BOOT    = nfs
 
</syntaxhighlight>
 
 
 
 
 
Apply changes:
 
 
 
<syntaxhighlight lang="bash">
 
update-initramfs -u
 
</syntaxhighlight>
 
 
 
 
 
 
 
===Exit client distro===
 
 
 
 
 
<syntaxhighlight lang="bash">
 
umount /proc
 
exit
 
</syntaxhighlight>
 
 
 
 
 
 
 
 
 
=Adjust TFTP root=
 
 
 
You must adjust the TFTP root to match the NFS root !!
 
 
 
<syntaxhighlight lang="bash">
 
vim /etc/default/tftpd-hpa
 
</syntaxhighlight>
 
 
 
 
 
Adjust the file like that:
 
<syntaxhighlight lang="bash">
 
RUN_DAEMON="yes"
 
OPTIONS="--secure"
 
TFTP_ADDRESS="0.0.0.0:69"
 
TFTP_USERNAME="tftp"
 
TFTP_DIRECTORY="/pxe-boot/"
 
</syntaxhighlight>
 
 
 
 
 
Notice the RUN_DAEMON instruction + the new TFTP_DIRECTORY
 
 
 
 
 
 
 
=Custom NetBoot configuration=
 
 
 
 
 
==Basic configuration==
 
 
 
You can setup your own netboot configuration.
 
 
 
To do so, you can re-use one of the syslinux templates:
 
 
 
<syntaxhighlight lang="bash">
 
# Create folders
 
mkdir /pxe-boot/pxelinux.cfg/
 
 
 
# Create configuration files
 
cp /usr/lib/syslinux/pxelinux.0 /pxe-boot/
 
</syntaxhighlight>
 
 
 
 
 
The ''pxelinux.cfg'' folder is mandatory. Inside you can provide:
 
* configuration for a specific IP @ or hostname
 
* configuration for a group
 
* default configuration (required)
 
 
 
 
 
Create the default configuration file:
 
<syntaxhighlight lang="bash">
 
vim /pxe-boot/pxelinux.cfg/default
 
</syntaxhighlight>
 
 
 
 
 
Put the following:
 
<syntaxhighlight lang="bash">
 
# Ubuntu 14.04
 
LABEL TRUSTY
 
    kernel images/trusty/vmlinuz
 
    # Set NFS share as default root
 
    append boot=nfs root=/dev/nfs initrd=images/trusty/initrd.img nfsroot=192.168.2.2:/pxe-boot/images/trusty
 
 
 
# Prompt user for selection
 
PROMPT 0
 
 
 
TIMEOUT 30
 
</syntaxhighlight>
 
 
 
* Each LABEL is a specific configuration that will displayed on the NetBoot menu.
 
* PROMPT 1 = enable user prompt so you can choose the configuration
 
* TIMEOUT 30 = timeout (in seconds) before the default option is choosen
 
 
 
 
 
Note that I used a reference to "trusty/", that's a folder I need to create later on.
 
 
 
 
 
 
 
==Advanced menu==
 
 
 
===Install menu manager===
 
 
 
Text menu:
 
 
 
<syntaxhighlight lang="bash">
 
cp /usr/lib/syslinux/menu.c32 /pxe-boot/
 
</syntaxhighlight>
 
 
 
 
 
Graphic menu:
 
 
 
<syntaxhighlight lang="bash">
 
cp /usr/lib/syslinux/vesamenu.c32 /pxe-boot/
 
cp /mySuperPicture/logo.png /pxe-boot/pxelinux.cfg/
 
</syntaxhighlight>
 
 
 
The associate picture must be a '''PNG 800x600''' picture.
 
 
 
 
 
===Configure boot options===
 
 
 
Then edit the PXE boot file:
 
 
 
<syntaxhighlight lang="bash">
 
vim /pxe-boot/pxelinux.cfg/default
 
</syntaxhighlight>
 
 
 
 
 
Put:
 
 
 
<syntaxhighlight lang="bash">
 
#### GENERIC OPTIONS #####
 
# Enable text menu
 
#DEFAULT menu.c32
 
# Enable graphical menu
 
DEFAULT vesamenu.c32
 
# Prompt for user input? (0 = choose from menu, 1 = you can type anything)
 
PROMPT 0
 
# Allow or not the user to left the menu (1 = user is locked to the menu)
 
NOESCAPE 1
 
# Time before using default option
 
TIMEOUT 50
 
 
 
 
 
#### Menu settings #####
 
MENU TITLE my super netboot menu
 
MENU BACKGROUND pxelinux.cfg/logo.png
 
MENU WIDTH 80
 
MENU ROWS 14
 
MENU MARGIN 10
 
 
 
 
 
#### Distributions #####
 
# Ubuntu 14.04
 
LABEL trusty
 
    MENU LABEL Ubuntu 14.04 (trusty)
 
    MENU DEFAULT
 
    # Kernel and boot files
 
    KERNEL images/trusty/vmlinuz
 
    ### Boot options
 
    # Set NFS share as default root
 
    append boot=nfs root=/dev/nfs initrd=images/trusty/initrd.img nfsroot=192.168.2.2:/pxe-boot/images/trusty
 
 
 
# Debian wheezy
 
    MENU LABEL Debian Wheezy
 
    # Kernel and boot files
 
    KERNEL images/wheezy/vmlinuz
 
    append boot=nfs root=/dev/nfs initrd=images/wheezy/initrd.img nfsroot=192.168.2.2:/pxe-boot/images/wheezy
 
</syntaxhighlight>
 
 
 
 
 
Note all the "MENU" commands + PROMPT 0
 
 
 
 
 
=Security notes=
 
 
 
in order to work you must adjust the rights of your "/var/lib/tftpboot/".
 
 
 
<syntaxhighlight lang="bash">
 
chmod 777 /pxe-boot
 
chmod 777 /pxe-boot/pxelinux.cfg
 
</syntaxhighlight>
 
 
 
 
 
 
 
 
 
 
 
=References=
 
 
 
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
 
Super video tutorials:
 
* https://www.youtube.com/watch?v=js9imsrqAMk
 
* http://www.stepladder-it.com/bivblog/14/ to /16/
 

Latest revision as of 14:37, 21 August 2014


Target folder tree (server side)

This is how we'll setup our files and folders:

# TFTP root
/tftpboot/                                   

###############
# Network bootable image(s) using NFS technology
################       

#### Boot file            
/tftpboot/pxelinux.0                   # Initial boot file - only use to load the PXE NetBoot manager
/tftpboot/{menu.c32 || vesamenu.c32}   # PXE interactive menu managers (text or graphical)
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
/tftpboot/pxelinux.cfg/default         # default PXE configuration

#### Kernel file

/tftpboot/images/      

# Debian 7.x [Wheezy] 
/tftpboot/images/wheezy/   
/tftpboot/images/wheezy/vmlinuz
/tftpboot/images/wheezy/initrd.img

# [X]Ubuntu 14.04 [Trusty] 
/tftpboot/images/trusty/  
/tftpboot/images/trusty/vmlinuz
/tftpboot/images/trusty/initrd.img


#### NFS 
# This is where the runnable will be. Each image will be in a dedicated folder.
/nfs/                    

# Debian 7.x [Wheezy] 
/nfs/wheezy/   

# Ubuntu 14.04 [Trusty] 
/nfs/trusty/


Client overview

Each client must have, at least, 4 Go of RAM.


4 GO RAM configuration

This is how we're gonna populate the client:

NetBoot client RAM overview - 4Go


As you can see, each client will have some space dedicated for swap + some RAMdisk to allow writing in /var, /tmp and /proc.


Configuration of a 4Go RAM disk:

  • No swap
  • Local TMPFS (read/write for /dev, /tmp, ...) : 1 Go
    • /tmp = 512 M
    • /var/tmp = 128 M
    • /var/log = 128 M
    • /var/run = 8 M
    • /var/lock = 8 M
    • /run/shm = 256 M
  • O.S (NFS read only) : all the rest ~ 2.8 Go
  • Common share (NFS read write) : Remote disk


2 Go

Due to budget restriction we might encounter some low memory machines with only 2 Go...


This is how we're gonna populate the client:

NetBoot client RAM overview - 2Go


In case of 2Go RAM then you have to use some tricks:

  • No swap
  • O.S (NFS read only) : ~ 1.2 Go
  • Common share (NFS read write) : Remote disk
  • Local TMPFS (read/write for /dev, /tmp, ...) : all the rest
    • /tmp = 372 M
    • /var/tmp = auto
    • /var/log = 128 M
    • /var/run = auto
    • /var/lock = auto
    • /run/shm = auto


How big is the client image ?

By default the deboostrap Ubuntu 14.04 LTS image is 239 Mo. With the applications we're gonna use that size will increase to about 1 or 1.3 Go depending if you copy (or not) the kernel sources. It may even take 1.6 Go if you're using XFCE frontend.


NFS client image

There are different way to setup a NFS client image.

The main ones are:

  • Manually
    • debootstrap
    • copying the install from your server
    • Manual install on a client, then, when the system is ready, copy everything to the NFS share
  • Using script and software like "Puppet" or "Chef"


Setup client distribution

You have to create one target for each distribution you want to serve:

mkdir -p /nfs/trusty
mkdir -p /nfs/wheezy
mkdir -p /nfs/common


- NOTES -

  • The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
  • The folder name should match a Linux (Debian like) distribution name


Configure client distribution



Backup distribution

You can create an archive of your current distribution for later restore / re-use.


Compression

cd /nfs
tar cvpjf trusty.tar.bz2 ./trusty


Restoration

cd /nfs
tar -xvjf trusty.tar.bz2

PXE interactive menu

You can create interactive NetBoot menus, see:



Local server monitoring

Install the following services:



Other services

File sharing

If you want to expose the NFS common folder as a file-share, you have to install and configure Samba. See: Samba server


Note

Samba is actually better than NFS for the file-share. You should remove Common from /etc/exports and use a samba share instead.


Management UI (webmin)

Since there is a lot of services to manage, it's always convenient to use an UI for it. Check Webmin


VPN server

See VPN


Apache2 server

See Apache 2



References

Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto


Mind reference: http://mindref.blogspot.se/2011/03/debian-diskless.html


Super video tutorials:


Nice explanation of PXE process: http://www.linux.com/learn/docs/ldp/497-Diskless-root-NFS-HOWTO