Revision as of 21:00, 3 June 2014

Diskless server / workstation using netboot

NFS is a technology that allow you to share some files and folders over the network. So:

All the clients will share the installation, configuration files and so on.
Each client will run a dedicated instance of the operating system
Logs will be centralized on the common NFS server - so we don't loose data on each reboot.

You must have a working DHCP server + NetBoot before starting this part.

Requirements:

Optional:

DNS server

Aim

In order to be super effective:

Each client distribution will have its own kernel support (vmlinuz + initrd.img files)
All the distributions will be under the same root
Both NFS and TFTP will share the same root folder
The user will be able to choose the O.S to use using a PXE menu

Target folder tree:

# TFTP root
/tftpboot/                                 

# Ubuntu installation NetBoot disk
/tftpboot/rescue/                          

###############
# Network bootable image(s) using NFS technology
################       

#### Boot file            
/tftpboot/pxelinux.0                   # Initial boot file - only use to load the PXE NetBoot manager
/tftpboot/{menu.c32 || vesamenu.c32}   # PXE interactive menu managers (text or graphical)
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
/tftpboot/pxelinux.cfg/default         # default PXE configuration

#### Kernel file

/tftpboot/images/      

# Debian 7.x [Wheezy] 
/tftpboot/images/wheezy/   
/tftpboot/images/wheezy/vmlinuz
/tftpboot/images/wheezy/initrd.img

# Ubuntu 14.04 [Trusty] 
/tftpboot/images/trusty/  
/tftpboot/images/trusty/vmlinuz
/tftpboot/images/trusty/initrd.img


#### NFS 
# This is where the runnable will be. Each image will be in a dedicated folder.
/nfs/                    

# Debian 7.x [Wheezy] 
/nfs/wheezy/   

# Ubuntu 14.04 [Trusty] 
/nfs/trusty/

Installation

NFS support

apt-get install nfs-kernel-server nfs-common

Debootstrap (manage netboot image)

apt-get install debootstrap

Initramfs (to manage "virtual disks")

apt-get install initramfs-tools

Preparation

You have to create a dedicated folder on your server where you will host the client image.

mkdir -p /tftpboot/pxelinux.cfg
chmod -R 777 /tftpboot/pxelinux.cfg

mkdir -p /tftpboot/images
chmod -R 777 /tftpboot/images

The pxelinux.cfg/ folder is mandatory. Inside you can provide:

configuration for a specific IP @ or hostname
configuration for a group
default configuration (required)

Boot menu and Kernel setup

The first thing to do is to setup a booting kernel. To do so we'll use the "syslinux" files.

Root file: pxelinux.0

The pxelinux.0 is the root file. That's the file that allows the netboot. It MUST be at the root of our NFS server.

cp /usr/lib/syslinux/pxelinux.0 /tftpboot/

Create NetBoot menu | defaults

Now, we have to specify which kernel to use and which distributions are available for NetBoot.

Create the default configuration file:

vim /tftpboot/pxelinux.cfg/default

Put the following:

# Debian 7.x
LABEL wheezy
    kernel images/wheezy/vmlinuz
    initrd images/wheezy/initrd.img

# Ubuntu 14.04
LABEL trusty
    kernel images/trusty/vmlinuz
    initrd images/trusty/initrd.img


# Prompt user for selection
PROMPT 1
# No timeout
TIMEOUT 0

Each LABEL is a specific configuration that will displayed on the NetBoot menu.
PROMPT 0 = enable user prompt so you can choose the configuration
TIMEOUT 0 = timeout (in seconds) before the default option is chosen. 0 == no timeout

Note that I used a reference to "trusty/", that's a folder I need to create later on.

Init Kernel files

Create the target kernel folders. You should create 1 folder for each distribution you'd like to provide in NetBoot.

# Debian 7.x
mkdir -p /tftpboot/images/wheezy

# Ubuntu 14.04
mkdir -p /tftpboot/images/trusty

You have to copy your current kernel files to the boot folder:

# Debian 7.x
cp /boot/vmlinuz-3.13.0-24-generic /tftpboot/images/wheezy/vmlinuz
cp /boot/initrd.img-3.13.0-24-generic /tftpboot/images/wheezy/initrd.img

# Ubuntu 14.04
cp /boot/vmlinuz-3.13.0-24-generic /tftpboot/images/trusty/vmlinuz
cp /boot/initrd.img-3.13.0-24-generic /tftpboot/images/trusty/initrd.img

Notes:

Do NOT use some symlink for "vmlinuz" and "initrd.img" !! It won't work.

Adjust the values to your kernel number + target architecture

NFS server setup

Configuration

The NFS configuration is done in the /etc/exports file

vim /etc/exports

Add something like that:

  /nfs     192.168.2.0/24(ro,no_root_squash,no_subtree_check,async,insecure)

Adjust "192.168.2.0/24" to your own network address

rw : Allow clients to read as well as write access
ro : Read only access
insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
async : async will speed up transfers.
no_root_squash: This phrase allows root to connect to the designated directory.

- NOTE -

It's always a good idea to use Read-Only if you plan to share this disk.

That will avoid user to mess with your image!

Security

Like TFTP, this part is insecure !

You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !

NFS is using dynamic ports numbers because it runs over rpcbind. Making NFS using specifics port is a pain in the ass !! :(

So, instead of that you should allow your LAN communication.

    IPTABLES=`which iptables`
    LAN_ADDRESS="192.168.2.0/24"

    # Allow LAN communication
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT

Management

service nfs-kernel-server {status|start|stop|restart}

Test the server

Install the NFS v4 client:

apt-get install nfs-common

To mount the default path:

mount -t nfs nfs-server:/ /mnt

You'll see: "/nfs"

It's better to do:

mount -t nfs nfs-server:/nfs /mnt

NFS client image

There are different way to setup a NFS client image.

The main ones are:

debootstrap

copying the install from your server

Manual install on a client, then, when the system is ready, copy everything to the NFS share

Setup client distribution

Setup distribution folder

You have to create one target for each distribution you want to serve:

mkdir -p /nfs/trusty
mkdir -p /nfs/wheezy

- NOTES -

The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.

The folder name should match a Linux (Debian like) distribution name

Populate the content

Debian 7.x

cd /nfs/wheezy
debootstrap wheezy /nfs/wheezy

Ubuntu 14.04

cd /nfs/trusty
debootstrap trusty /nfs/trusty

Configure client distribution

Manual configuration: Diskless image configuration - manual setup

Automatic [Puppet || Chef] configuration: Diskless image configuration - script setup

Backup distribution

You can create an archive of your current distribution for later restore / re-use.

Compression

cd /tftpboot/nfs/images
tar cvpjf trusty.tar.bz2 ./trusty

Restoration

cd /tftpboot/nfs/images
tar -xvjf trusty.tar.bz2

Adjust TFTP root

You must adjust the TFTP root to match the NFS root !!

vim /etc/default/tftpd-hpa

Adjust the file like that:

RUN_DAEMON="yes"
OPTIONS="--secure"
TFTP_ADDRESS="0.0.0.0:69"
TFTP_USERNAME="tftp"
TFTP_DIRECTORY="/tftpboot/nfs"

Notice the RUN_DAEMON instruction + the new TFTP_DIRECTORY

Custom NetBoot configuration

Basic configuration

You can setup your own netboot configuration.

To do so, you can re-use one of the syslinux templates:

# Create folders
mkdir /tftpboot/nfs/pxelinux.cfg/

# Create configuration files
cp /usr/lib/syslinux/pxelinux.0 /pxe-boot/

Advanced menu

Install menu manager

Text menu:

cp /usr/lib/syslinux/menu.c32 /pxe-boot/

Graphic menu:

cp /usr/lib/syslinux/vesamenu.c32 /pxe-boot/
cp /mySuperPicture/logo.png /pxe-boot/pxelinux.cfg/

The associate picture must be a PNG 800x600 picture.

Configure boot options

Then edit the PXE boot file:

vim /pxe-boot/pxelinux.cfg/default

Put:

#### GENERIC OPTIONS #####
# Enable text menu
#DEFAULT menu.c32
# Enable graphical menu
DEFAULT vesamenu.c32
# Prompt for user input? (0 = choose from menu, 1 = you can type anything)
PROMPT 0
# Allow or not the user to left the menu (1 = user is locked to the menu)
NOESCAPE 1
# Time before using default option
TIMEOUT 50


#### Menu settings #####
MENU TITLE my super netboot menu
MENU BACKGROUND pxelinux.cfg/logo.png
MENU WIDTH 80
MENU ROWS 14
MENU MARGIN 10


#### Distributions #####
# Ubuntu 14.04
LABEL trusty
    MENU LABEL Ubuntu 14.04 (trusty)
    MENU DEFAULT
    # Kernel and boot files
    KERNEL images/trusty/vmlinuz
    ### Boot options
    # Set NFS share as default root 
    append boot=nfs root=/dev/nfs initrd=images/trusty/initrd.img nfsroot=192.168.2.2:/pxe-boot/images/trusty

# Debian wheezy
    MENU LABEL Debian Wheezy
    # Kernel and boot files
    KERNEL images/wheezy/vmlinuz
    append boot=nfs root=/dev/nfs initrd=images/wheezy/initrd.img nfsroot=192.168.2.2:/pxe-boot/images/wheezy

Note all the "MENU" commands + PROMPT 0

Security notes

in order to work you must adjust the rights of your "/var/lib/tftpboot/".

chmod 777 /pxe-boot/*
chmod 777 /pxe-boot/pxelinux.cfg/*

DHCP note

Don't forget to adjust your DHCP configuration if you plan to serve a specific file for a client!

vim /etc/dhcp/dhcp.conf

References

Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto Super video tutorials:

Anonymous

Search

Navigation

Wiki tools

Page tools

Categories

Difference between revisions of "Diskless netboot"