NetBoot target configuration

Revision as of 12:28, 22 June 2015 by WikiFreak (talk | contribs) (Redirections)


This article presents the NetBoot configuration we are using in my company.



Aim

I want to achieve the following configuration:

Target network diskless configuration


I'll be using a local network 172.16.50.0/24 with 172.16.50.2 as main server (gateway).


Key points

  • Each client is a diskless station.
  • I want to use the same distribution everywhere.


What means "diskless"?

Diskless station means:

The clients don't need any hard drive to run, they will retrieve the file system from the TFTP server and use a NFS share as hard drive. The system will only run in RAM disk. So:

  • All the clients will share the installation, configuration files and so on.
  • Each client will run a dedicated instance of the operating system in his own RAM disk
  • Logs will be centralized on the common NFS server - so we don't loose data on each reboot.
  • The user will be able to choose the O.S to run on boot - thanks to a PXE menu


Network monitoring

Monitoring is done using Zabbix:

  • Each client will have a local a dedicated zabbix agent to send back its status.
  • Each server will also have a dedicated zabbix agent so I can monitor them too.


File access

  • All the thin client will use a NFS root image ;
  • They will all access a common file-share managed by Samba, anyone will be able to access, browse and update that share folder.


Redirections

Web access and redirections

Target network diskless configuration - web redirections


  • The "smartcard-gw" will act as the unique entry point: security GW + Apache 2 proxy
  • RabbitMQ AMPQ messages will be forward to "smartcard-mq" on port 5672
  • RabbitMQ UI will be redirect from port 15672 to "/rabbitmq/"
  • The zabbix monitoring server will be accessible on "/zabbix/"
  • The ElasticSearch server will be accessible on port 9200 + “/_plugin/HQ | head”
  • HTTP will be redirect to HTTPS - using an auto-generate certificate

All the port redirections are done using IpTables forwarding (TCP 5672, 15672, 3030, 9200 ...) ; All the URL redirections are done using Apache2 mod_proxy