Diskless image configuration - manual setup
This article explains how to setup MANUALLY a netboot image.
Instead of manual operations you can use some config managers such as Puppet or Chef.
Get distribution's content
Debian 7.x
cd /nfs/wheezy
debootstrap wheezy /nfs/wheezy
Ubuntu 14.04
cd /nfs/trusty
debootstrap trusty /nfs/trusty
Access distribution
This will "mount" the system:
# Debian 7.x
chroot /nfs/wheezy/
# Ubuntu 14.04
chroot /nfs/trusty/
From here you can perform operation as if you were on a separate machine.
Only the current distribution (= the client one) will be affected.
Setup
Adjust default login/password
First of all, you have to create / adjust the default user.
# Add new user
adduser <username>
# Add user to sudoers group
usermod -a -G sudo <username>
Now you can use that user:
su <username>
sudo -s
You can check that you really are in the "Virtual machine" by checking "/srv/". It should be empty !
- Note -
On Debian distribution you have to install "sudo" manually. It's not in the defaults packages.
Update sources.list and install key packages
Your client need to have some key packages in order to work. Without these package even the NetBoot will fail !!
First of all: edit your sources.list
apt-get install vim
vim /etc/apt/sources.list
Put the following:
### Custom repositories list
#
# May 2014 - Guillaume Diaz
# This is an ajdustement of the default "debootstrap" sources.list
# This is required to provided update, security and advanced tools to all our clients
#
#########################
# Debian 7.x [Wheezy]
#########################
deb http://ftp.se.debian.org/debian stable main contrib
deb http://ftp.debian.org/debian/ wheezy-updates main contrib
deb http://security.debian.org/ wheezy/updates main contrib
#########################
# Ubuntu 14.04 LTS [Trusty]
#########################
# Official repositories
deb http://se.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb http://se.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse
# Official updates
deb http://se.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse
# Canonical partners
#deb http://archive.canonical.com/ubuntu trusty partner
# Community partners
#deb http://extras.ubuntu.com/ubuntu trusty main
Update your package list:
apt-get update && apt-get upgrade
Now, you can install the basic programs:
# NFS client. This is ABSOLUTELY MANDATORY ! That's the only way to mount the /root
apt-get install nfs-common
apt-get install initramfs-tools
# NFS is a bit low, and if you're using many client it might result in time faults.
# You must install NTP to overcome this !!
apt-get install ntp ntpdate
# Basic set of utilities
apt-get install unzip zip
apt-get install make autoconf automake cpp gcc build-essential
apt-get install htop
apt-get install python3
# Advanced APT manager (require to add repository from command line)
apt-get install software-properties-common python-software-properties
# JAVA (that is required for my application)
# Depending on your target usage you might not need it.
##### Ubuntu repository
add-apt-repository ppa:webupd8team/java
##### Debian repository
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886
##### Installation
apt-get update && apt-get upgrade
apt-get install oracle-java7-installer oracle-jdk7-installer
Adjust bash and vim configuration
Edit your VIM configuration:
vim /etc/vim/vimrc
Enable dark background + set nu + set ruler
Edit your bash configuration files to adjust the alias and enable auto-completion:
vim /etc/bash.bashrc
vim /home/<username>/.bashrc
vim /root/.bashrc
Edit mount points (/etc/fstab)
You must edit the mount points to get the client working!
vim /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point> <type> <options> <dump> <pass>
proc /proc proc defaults 0 0
/dev/nfs / nfs defaults,ro,noatime 1 1
none /tmp tmpfs defaults,rw,noexec,nosuid,size=512M 0 0
none /var/run tmpfs defaults,rw,noatime,noexec,nosuid 0 0
none /var/lock tmpfs defaults,rw,noatime,noexec,nosuid 0 0
none /var/tmp tmpfs defaults,rw,noexec,nosuid,size=128M 0 0
none /var/log tmpfs defaults,rw,noexec,nosuid,size=128M 0 0
none /run/shm tmpfs nodev,nosuid,noexec,size=256M 0 0
- Notes -
- There is no swap as the /tmp is already a RAMdisk and that should be enough.
- Notice the "none" + "tmpfs" for all mount point except the root "/" and "proc"
- ro - For Read Only mount point
- noatime - To speed up things by skipping the file access time registration. That will skip some write operations but it make it harder to know what has been accessed when. That's perfect for /tmp but it should not be set anywhere else.
- realtime - only update file timestamp if the file or directory has been modified since the last atime update. You might choose to use ‘noatime’ on most of your filesystems but leave /var/spool and /tmp as ‘relatime’:
- noexec - To prevent people from running executables in /tmp. Some rootkits do that. This flag might cause trouble for some legitimate applications so be sure to test everything properly after setting this flag.
- nosuid - To prevent the setuid bit from being set on files in /tmp.
- no size on "/var/run" and "/var/lock" : it's better to let the system managed that
As "/var/tmp" is used to preserve temporary data across reboot - and due to the fact that it's a temp RAMdisk - it should not be used! However, to prevent bugs it's safer to allow some little space.
Beware "/var/log" will be reset at each reboot! So you absolutely need to setup some kind of central log solution - using logstash for instance.
Setup network interfaces
Even though you're using the NetBoot process you still have to register some interfaces! More important, the NetBoot disable the loopback "lo" - so you should better add that one back!
# Adjust "xxxx" by your distribution name
vim /nfs/xxxx/etc/network/interfaces
Add:
auto lo
iface lo inet loopback
Clear hostname
By default your client will have the same hostname as the server due to the "deboostrap" installation. :(
You MUST clean that in order to retrieve the name from your DNS.
vim /nfs/xxxx/etc/hostname
That file must be empty.
Setup correct DNS
Your network configuration might change in the future, therefore you don't want to save any hard DNS reference in the client!
You have to edit resolv.conf configuration and make it clean.
Both following files should be empty - if not then you have to clean them !
- /nfs/xxxx/etc/resolvconf/resolv.conf.d/base
- /nfs/xxxx/etc/resolvconf/resolv.conf.d/orginal
You can also clean the resolv.conf that was generated by deboostrap:
vim /nfs/xxxx/etc/resolv.conf
You can delete all DNS references from that file.
Keyboard configuration
You have to set your keyboard configuration to use something else than the US layout as default.
vim /etc/default/keyboard
Adjust the lang and keyboard size:
XKBMODEL="pc105"
XKBLAYOUT="se"
XKBVARIANT=""
XKBOPTIONS=""
Now you can run the configuration utility:
dpkg-reconfigure keyboard-configuration
Exit client distro
Exit until your reach your starting point.
exit