Difference between revisions of "NFS image configuration"
(One intermediate revision by the same user not shown) | |||
Line 105: | Line 105: | ||
# Ubuntu 14.04 LTS [Trusty] | # Ubuntu 14.04 LTS [Trusty] | ||
######################### | ######################### | ||
− | # | + | ## Ubuntu official repos |
− | deb | + | deb mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse |
− | deb | + | deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse |
− | deb | + | deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse |
− | + | ## Backports. Community repos approved by Canonical | |
− | # | + | deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse |
− | deb | + | |
− | + | ## Canonical (Ubuntu) partners | |
− | # Canonical partners | + | deb http://archive.canonical.com/ubuntu trusty partner |
− | + | ||
− | + | ## 3rd parties libraries | |
− | # | ||
#deb http://extras.ubuntu.com/ubuntu trusty main | #deb http://extras.ubuntu.com/ubuntu trusty main | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 237: | Line 236: | ||
* Your NFS server has already these driver installed | * Your NFS server has already these driver installed | ||
* The kernel you're gonna used support these drivers | * The kernel you're gonna used support these drivers | ||
+ | |||
+ | |||
+ | !!! If required you can compile and install the drivers manually. NOT RECOMMENDED !!! See [[Smartcard drivers manual installation]] | ||
Latest revision as of 16:50, 10 April 2015
This article explains how to get inside a new NFS image and configure it.
Contents
- 1 Access NFS image
- 2 Setup
- 2.1 Adjust default login/password
- 2.2 Update sources.list and install key packages
- 2.3 Kernel libraries
- 2.4 Samba client
- 2.5 Smartcard drivers
- 2.6 Adjust bash and vim configuration
- 2.7 Edit mount points (/etc/fstab)
- 2.8 Firewall script
- 2.9 Setup network interfaces
- 2.10 Keyboard configuration
- 2.11 Monitoring client
- 3 Exit client distro
Access NFS image
Chroot access
This step must be perform on the NFS server with a privileged user.
You'll "mount" the NFS system as your root (/).
Then, from now on, all commands will only affect the NFS image until you run "exit".
chroot /nfs/qa/
Where /nfs/qa is the NFS image to manage
User authentication
By default you'll be "root" meaning all the operations will be done with UID / GID 0.
Therefore, it's better to log-in as an user so you have a nice UID / GID.
su <username>
sudo -s
Note on the 1st run you'll need to create the user first! see below...
Setup
Adjust default login/password
First of all, you have to create / adjust the default user.
# Add new user
adduser <username>
# Add user to sudoers group
usermod -a -G sudo <username>
Now you can use that user:
su <username>
sudo -s
You can check that you really are in the "Virtual machine" by checking "/srv/". It should be empty !
- Note -
On Debian distribution you have to install "sudo" manually. It's not in the defaults packages.
Update sources.list and install key packages
Your client need to have some key packages in order to work. Without these package even the NetBoot will fail !!
First of all: edit your sources.list
apt-get install vim nano
vim /etc/apt/sources.list
Put the following:
### Custom repositories list
#
# May 2014 - Guillaume Diaz
# This is an ajdustement of the default "debootstrap" sources.list
# This is required to provided update, security and advanced tools to all our clients
#
#########################
# Debian 7.x [Wheezy]
#########################
deb http://ftp.se.debian.org/debian stable main contrib
deb http://ftp.debian.org/debian/ wheezy-updates main contrib
deb http://security.debian.org/ wheezy/updates main contrib
#########################
# Ubuntu 14.04 LTS [Trusty]
#########################
## Ubuntu official repos
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-updates main restricted universe multiverse
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-security main restricted universe multiverse
## Backports. Community repos approved by Canonical
deb mirror://mirrors.ubuntu.com/mirrors.txt trusty-backports main restricted universe multiverse
## Canonical (Ubuntu) partners
deb http://archive.canonical.com/ubuntu trusty partner
## 3rd parties libraries
#deb http://extras.ubuntu.com/ubuntu trusty main
Update your package list:
apt-get update && apt-get upgrade
Now, you can install the basic programs:
# NFS client. This is ABSOLUTELY MANDATORY ! That's the only way to mount the /root
apt-get install nfs-common
apt-get install initramfs-tools
# IPTABLES. This is ABSOLUTELY MANDATORY !
apt-get install iptables
# NFS is a bit low, and if you're using many client it might result in time faults.
# You must install NTP to overcome this !!
apt-get install ntp ntpdate
# Basic set of utilities
apt-get install unzip zip
apt-get install htop
apt-get install python3
apt-get install sysv-rc-conf
# Network tools
apt-get install curl
# Advanced APT manager (require to add repository from command line)
apt-get install software-properties-common python-software-properties
# SSH server
apt-get install openssh-server openssh-client
# Midnight commander
apt-get install mc
# JAVA (that is required for my application)
# Depending on your target usage you might not need it.
# !!! Careful !!! Java + its dependencies will take about 350 Mo !!!
##### Ubuntu repository
add-apt-repository ppa:webupd8team/java
##### Debian repository
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
##### Installation
apt-get update && apt-get upgrade
apt-get install oracle-java7-installer oracle-java8-installer oracle-java8-set-default
Kernel libraries
You need to download the kernel libraries and modules in order to run correctly all the services.
This is very important, otherwise your diskless client will have problems. You must put the same version as the kernel you're using, see TFTP server manage netboot kernels
Get your current kernel version:
cat /proc/version
Then install the corresponding kernel files:
# you can check the list of available packages
apt-cache search linux-image
# put your kernel version like '3.13.0.32-generic'
apt-get install --reinstall linux-image-...
If asked: do NOT install GRUB.
You might encounter some errors during installation since you're not running the kernel... No panic ! :-)
apt-get install -f
Samba client
Since SAMBA is a better file-sharing system than NFS it's a good idea to install it!
Actually, this is how we access our common files. We do NOT rely on NFS for the shared files.
apt-get install samba smbclient cifs-utils
Smartcard drivers
Only install the smartcards driver if:
- Your NFS server has already these driver installed
- The kernel you're gonna used support these drivers
!!! If required you can compile and install the drivers manually. NOT RECOMMENDED !!! See Smartcard drivers manual installation
# Smart-card drivers
apt-get install libpcsclite1 pcscd pcsc-tools
For the smart-card drivers you can see Drivers#Smart-card_drivers
Adjust bash and vim configuration
Edit your VIM configuration:
vim /etc/vim/vimrc
Enable dark background + set nu + set ruler
Edit your bash configuration files to adjust the alias and enable auto-completion:
vim /etc/bash.bashrc
vim /home/<username>/.bashrc
vim /root/.bashrc
Edit mount points (/etc/fstab)
Create mount point for the common files:
mkdir -p /nfs/common
chmod -R 777 /nfs/common
You must edit the mount points to get the client working!
vim /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/nfs / nfs defaults,ro,noatime 1 1
### Common NFS share.
# It's better to use SAMBA if you can.
#172.16.50.2:/nfs/common /nfs/common nfs defaults,rw,noatime 0 0
####
### Samba file-share
//smartcard-gw/file-share /nfs/common cifs guest,uid=1000,iocharset=utf8 0 0
none /tmp tmpfs defaults,rw,noexec,nosuid,size=512M 0 0
none /var/run tmpfs defaults,rw,noatime,noexec,nosuid 0 0
none /var/lock tmpfs defaults,rw,noatime,noexec,nosuid 0 0
none /var/tmp tmpfs defaults,rw,noexec,nosuid,size=128M 0 0
none /var/log tmpfs defaults,rw,noexec,nosuid,size=128M 0 0
none /run/shm tmpfs nodev,nosuid,noexec,size=256M 0 0
- Reminder -
For the 2 Go constraints you can adjust some size arguments or even remove them: it will be delegate to the NetBoot client and automatically handled.
- Notes -
- There is no swap as the /tmp is already a RAMdisk and that should be enough.
- Notice the "none" + "tmpfs" for all mount point except the root "/" and "proc"
- ro - For Read Only mount point
- noatime - To speed up things by skipping the file access time registration. That will skip some write operations but it make it harder to know what has been accessed when. That's perfect for /tmp but it should not be set anywhere else.
- realtime - only update file timestamp if the file or directory has been modified since the last atime update. You might choose to use ‘noatime’ on most of your filesystems but leave /var/spool and /tmp as ‘relatime’:
- noexec - To prevent people from running executables in /tmp. Some rootkits do that. This flag might cause trouble for some legitimate applications so be sure to test everything properly after setting this flag.
- nosuid - To prevent the setuid bit from being set on files in /tmp.
- no size on "/var/run" and "/var/lock" : it's better to let the system managed that
As "/var/tmp" is used to preserve temporary data across reboot - and due to the fact that it's a temp RAMdisk - it should not be used! However, to prevent bugs it's safer to allow some little space.
Beware "/var/log" will be reset at each reboot! So you absolutely need to setup some kind of central log solution - using logstash for instance.
For the Samba file-share properties you can check the following article: https://wiki.ubuntu.com/MountWindowsSharesPermanently
Firewall script
Download, adjust and copy the following FW script to your clients: http://www.daxiongmao.eu/wiki_upload_files/firewall/firewall-nfs-client.sh
See Firewall to get more details.
Setup network interfaces
Even though you're using the NetBoot process you still have to register some interfaces! More important, the NetBoot disable the loopback "lo" - so you should better add that one back!
# Adjust "xxxx" by your distribution name
vim /etc/network/interfaces
Add:
auto lo
iface lo inet loopback
# Ethernet default interface
auto eth0
iface eth0 inet dhcp
# Intel NUC ethernet interface is named em1
auto em1
iface em1 inet dhcp
Even though you're using a NetBoot configuration you need to tell the client to use DHCP and retrieve its network settings (DNS, IP, GW, ...) dynamically. That's why you have to enable your ethernet interface.
Keyboard configuration
You have to set your keyboard configuration to use something else than the US layout as default.
vim /etc/default/keyboard
Adjust the lang and keyboard size:
XKBMODEL="pc105"
XKBLAYOUT="se"
XKBVARIANT=""
XKBOPTIONS=""
Now you can run the configuration utility:
dpkg-reconfigure keyboard-configuration
Monitoring client
I'm using Zabbix as a monitoring solution. See Zabbix agent setup.
I also advise you to install a SNMP client.
Exit client distro
Exit until your reach your starting point. Check with `pwd`
exit