Difference between revisions of "Diskless netboot"
| Line 56: | Line 56: | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
| − | /srv/nfsroot 192.168.2.*( | + | /srv/nfsroot 192.168.2.*(ro,no_root_squash,async,insecure,no_subtree_check) |
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 68: | Line 68: | ||
* async : async will speed up transfers. | * async : async will speed up transfers. | ||
* no_root_squash: This phrase allows root to connect to the designated directory. | * no_root_squash: This phrase allows root to connect to the designated directory. | ||
| + | |||
| + | |||
| + | - NOTE - | ||
| + | |||
| + | It's always a good idea to use Read-Only if you plan to share this disk. | ||
| + | |||
| + | That will avoid user to mess with your image! | ||
| + | |||
| Line 131: | Line 139: | ||
The main ones are: | The main ones are: | ||
| − | * | + | * debootstrap |
* copying the install from your server | * copying the install from your server | ||
* Manual install on a client, then, when the system is ready, copy everything to the NFS share | * Manual install on a client, then, when the system is ready, copy everything to the NFS share | ||
| + | |||
| + | |||
| + | |||
| + | ==Debootstrap: setup client distribution== | ||
| + | |||
| + | |||
| + | ===Setup distribution folder=== | ||
| + | |||
| + | You have to create one target for each distribution you want to serve: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | mkdir -p /srv/nfsroot/trusty | ||
| + | chmod -R 777 /srv/nfsroot/trusty | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | - NOTES - | ||
| + | * The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config. | ||
| + | * The folder name should match a Linux (Debian like) distribution name | ||
| + | |||
| + | |||
| + | |||
| + | ==Populate the content== | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | cd /srv/nfsroot/trusty | ||
| + | debootstrap trusty /srv/nfsroot/trusty | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | =Custom NetBoot configuration= | ||
| + | |||
| + | |||
| + | ==Basic configuration== | ||
| + | |||
| + | You can setup your own netboot configuration. | ||
| + | |||
| + | To do so, you can re-use one of the syslinux templates: | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | # Create folders | ||
| + | mkdir /var/lib/tftpboot/custom | ||
| + | mkdir /var/lib/tftpboot/custom/pxelinux.cfg | ||
| + | |||
| + | # Create configuration files | ||
| + | cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot/custom | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | The ''pxelinux.cfg'' folder is mandatory. Inside you can provide: | ||
| + | * configuration for a specific IP @ or hostname | ||
| + | * configuration for a group | ||
| + | * default configuration (required) | ||
| + | |||
| + | |||
| + | Create the default configuration file: | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | vim /var/lib/tftpboot/custom/pxelinux.cfg/default | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | |||
| + | Put the following: | ||
| + | <syntaxhighlight lang="bash"> | ||
| + | # Ubuntu 14.04 | ||
| + | LABEL TRUSTY | ||
| + | kernel trusty/vmlinuz | ||
| + | initrd trusty/initrd.img | ||
| + | # Set NFS share as default root | ||
| + | append root=/dev/nfs nfsroot=172.16.50.2:/srv/nfsroot/trusty | ||
| + | |||
| + | |||
| + | # Prompt user for selection | ||
| + | PROMPT 0 | ||
| + | |||
| + | TIMEOUT 30 | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | * Each LABEL is a specific configuration that will displayed on the NetBoot menu. | ||
| + | * PROMPT 1 = enable user prompt so you can choose the configuration | ||
| + | * TIMEOUT 30 = timeout (in seconds) before the default option is choosen | ||
| + | |||
| + | |||
| + | Note that I used a reference to "trusty/", that's a folder I need to create later on. | ||
| + | |||
| + | |||
| + | |||
| + | ==Create boot files== | ||
| + | |||
| + | <syntaxhighlight lang="bash"> | ||
| + | mkdir /var/lib/tftpboot/custom/trusty | ||
| + | # Copy current boot files | ||
| + | cp /boot/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/ | ||
| + | cp /boot/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/ | ||
| + | # Create symlinks | ||
| + | ln -s /var/lib/tftpboot/custom/trusty/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/vmlinuz | ||
| + | ln -s /var/lib/tftpboot/custom/trusty/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/initrd.img | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | Adjust the ''3.2.0-4'' kernel number to the version you are using | ||
| + | |||
| + | |||
| + | |||
Revision as of 16:29, 22 May 2014
Diskless server / workstation using netboot
NFS is a technology that allow you to share some files and folders over the network. So:
- All the clients will share the installation, configuration files and so on.
- Each client will run a dedicated instance of the operating system
- Logs will be centralized on the common NFS server - so we don't loose data on each reboot.
You must have a working DHCP server + NetBoot before starting this part.
Requirements:
Contents
Installation
NFS support
apt-get install nfs-kernel-server nfs-commonDebootstrap (manage netboot image)
apt-get install debootstrap
NFS server setup
Preparation
You have to create a dedicated folder on your server where you will host the client image.
mkdir -p /srv/nfsroot
chmod -R 777 /srv/nfsroot
Configuration
The NFS configuration is done in the /etc/exports file
vim /etc/exports
Add something like that:
/srv/nfsroot 192.168.2.*(ro,no_root_squash,async,insecure,no_subtree_check)
Adjust "192.168.2.*" to your own network address
- rw : Allow clients to read as well as write access
- ro : Read only access
- insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
- no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
- async : async will speed up transfers.
- no_root_squash: This phrase allows root to connect to the designated directory.
- NOTE -
It's always a good idea to use Read-Only if you plan to share this disk.
That will avoid user to mess with your image!
Security
Like TFTP, this part is insecure !
You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !
NFS is using dynamic ports numbers because it runs over rpcbind. Making NFS using specifics port is a pain in the ass !! :(
So, instead of that you should allow your LAN communication.
IPTABLES=`which iptables`
LAN_ADDRESS="192.168.2.0/24"
# Allow LAN communication
$IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
$IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
Management
service nfs-kernel-server {status|start|stop|restart}
Test the server
Install the NFS v4 client:
apt-get install nfs-common
To mount the default path:
mount -t nfs nfs-server:/ /mntYou'll see: "/mnt/srv/nfsroot"
It's better to do:
mount -t nfs nfs-server:/srv/nfsroot /mnt
NFS client image
There are different way to setup a NFS client image.
The main ones are:
- debootstrap
- copying the install from your server
- Manual install on a client, then, when the system is ready, copy everything to the NFS share
Debootstrap: setup client distribution
Setup distribution folder
You have to create one target for each distribution you want to serve:
mkdir -p /srv/nfsroot/trusty
chmod -R 777 /srv/nfsroot/trusty- NOTES -
- The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
- The folder name should match a Linux (Debian like) distribution name
Populate the content
cd /srv/nfsroot/trusty
debootstrap trusty /srv/nfsroot/trusty
Custom NetBoot configuration
Basic configuration
You can setup your own netboot configuration.
To do so, you can re-use one of the syslinux templates:
# Create folders
mkdir /var/lib/tftpboot/custom
mkdir /var/lib/tftpboot/custom/pxelinux.cfg
# Create configuration files
cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot/custom
The pxelinux.cfg folder is mandatory. Inside you can provide:
- configuration for a specific IP @ or hostname
- configuration for a group
- default configuration (required)
Create the default configuration file:
vim /var/lib/tftpboot/custom/pxelinux.cfg/default
Put the following:
# Ubuntu 14.04
LABEL TRUSTY
kernel trusty/vmlinuz
initrd trusty/initrd.img
# Set NFS share as default root
append root=/dev/nfs nfsroot=172.16.50.2:/srv/nfsroot/trusty
# Prompt user for selection
PROMPT 0
TIMEOUT 30- Each LABEL is a specific configuration that will displayed on the NetBoot menu.
- PROMPT 1 = enable user prompt so you can choose the configuration
- TIMEOUT 30 = timeout (in seconds) before the default option is choosen
Note that I used a reference to "trusty/", that's a folder I need to create later on.
Create boot files
mkdir /var/lib/tftpboot/custom/trusty
# Copy current boot files
cp /boot/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/
cp /boot/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/
# Create symlinks
ln -s /var/lib/tftpboot/custom/trusty/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/vmlinuz
ln -s /var/lib/tftpboot/custom/trusty/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/initrd.imgAdjust the 3.2.0-4 kernel number to the version you are using
References
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
