Difference between revisions of "Diskless netboot"

(NFS client image)
Line 210: Line 210:
 
===Update sources.list and install key packages===
 
===Update sources.list and install key packages===
  
Your client need to have some key packages in order to work.
+
Your client need to have some key packages in order to work. Without these package even the NetBoot will fail !!
 
 
Without these package even the NetBoot will fail !!
 
  
  
Line 258: Line 256:
  
 
Now, you can install the basic programs:
 
Now, you can install the basic programs:
 
<syntaxhighlight lang="bash">
 
apt-get update && apt-get upgrade
 
</syntaxhighlight>
 
 
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
Line 277: Line 270:
 
apt-get install htop
 
apt-get install htop
 
apt-get install python3
 
apt-get install python3
 +
 +
# Advanced APT manager (require to add repository from command line)
 +
apt-get install software-properties-common python-software-properties
 +
  
 
# JAVA (that is required for my application)
 
# JAVA (that is required for my application)
Line 284: Line 281:
 
apt-get install oracle-java7-installer oracle-jdk7-installer
 
apt-get install oracle-java7-installer oracle-jdk7-installer
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
 +
 +
===Adjust bash and vim configuration===
 +
 +
Edit your VIM configuration:
 +
<syntaxhighlight lang="bash">
 +
vim /etc/vim/vimrc
 +
</syntaxhighlight>
 +
 +
Enable dark background, set nu, set ruler
 +
 +
 +
 +
Edit your bash configuration files to adjust the alias and enable auto-completion:
 +
<syntaxhighlight lang="bash">
 +
vim /etc/bash.bashrc
 +
vim /home/<username>/.bashrc
 +
vim /root/.bashrc
 +
</syntaxhighlight>
 +
 +
 +
 +
 +
  
 
=Custom NetBoot configuration=
 
=Custom NetBoot configuration=

Revision as of 11:45, 23 May 2014

Diskless server / workstation using netboot


NFS is a technology that allow you to share some files and folders over the network. So:

  • All the clients will share the installation, configuration files and so on.
  • Each client will run a dedicated instance of the operating system
  • Logs will be centralized on the common NFS server - so we don't loose data on each reboot.

You must have a working DHCP server + NetBoot before starting this part.


Requirements:


Installation

NFS support 

apt-get install nfs-kernel-server nfs-common

Debootstrap (manage netboot image) 

apt-get install debootstrap


NFS server setup

Preparation

You have to create a dedicated folder on your server where you will host the client image. 

mkdir -p /srv/nfsroot
chmod -R 777 /srv/nfsroot


Configuration

The NFS configuration is done in the /etc/exports file 

vim /etc/exports


Add something like that: 

  /srv/nfsroot      192.168.2.0/24(ro,no_root_squash,async,insecure,no_subtree_check)


Adjust "192.168.2.0/24" to your own network address

  • rw : Allow clients to read as well as write access
  • ro : Read only access
  • insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
  • no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
  • async : async will speed up transfers.
  • no_root_squash: This phrase allows root to connect to the designated directory.


- NOTE -

It's always a good idea to use Read-Only if you plan to share this disk.

That will avoid user to mess with your image!


Security

Like TFTP, this part is insecure !

You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !


NFS is using dynamic ports numbers because it runs over rpcbind. Making NFS using specifics port is a pain in the ass !! :(

So, instead of that you should allow your LAN communication. 


    IPTABLES=`which iptables`
    LAN_ADDRESS="192.168.2.0/24"

    # Allow LAN communication
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT


Management

service nfs-kernel-server {status|start|stop|restart}


Test the server

Install the NFS v4 client: 

apt-get install nfs-common


To mount the default path: 

mount -t nfs nfs-server:/ /mnt

You'll see: "/mnt/srv/nfsroot"


It's better to do: 

mount -t nfs nfs-server:/srv/nfsroot /mnt



NFS client image

There are different way to setup a NFS client image.

The main ones are:

  • debootstrap
  • copying the install from your server
  • Manual install on a client, then, when the system is ready, copy everything to the NFS share


Debootstrap: setup client distribution

Setup distribution folder

You have to create one target for each distribution you want to serve: 

mkdir -p /srv/nfsroot/trusty
chmod -R 777 /srv/nfsroot/trusty

- NOTES -

  • The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
  • The folder name should match a Linux (Debian like) distribution name


Populate the content

cd /srv/nfsroot/trusty
debootstrap trusty /srv/nfsroot/trusty


Configure client distribution

Access distribution

# "mount" the system
chroot /srv/nfsroot/trusty/

From here you can perform operation as if you were on a separate machine.

Only the current distribution (= the client one) will be affected.


Adjust default login/password

First of all, you have to create / adjust the default user. 

# Add new user
adduser <username>
# Add user to sudoers group
usermod -a -G sudo <username>


Now you can use that user: 

su <username>
sudo -s

You can check that you really are in the "Virtual machine" by checking "/srv/". It should be empty !


Update sources.list and install key packages

Your client need to have some key packages in order to work. Without these package even the NetBoot will fail !!


First of all: edit your sources.list 

apt-get install vim
vim /etc/apt/sources.list


Put the following: 

### Custom repositories list
#
# May 2014 - Guillaume Diaz
# This is an ajdustement of the default "debootstrap" sources.list
# This is required to provided update, security and advanced tools to all our clients
#

# Official repositories
deb http://se.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb http://se.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse

# Official updates 
deb http://se.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

# Canonical partners
deb http://archive.canonical.com/ubuntu trusty partner

# Community partners
deb http://extras.ubuntu.com/ubuntu trusty main


Update your package list: 

apt-get update && apt-get upgrade


Now, you can install the basic programs: 

# NFS client. This is ABSOLUTELY MANDATORY ! That's the only way to mount the /root
apt-get install nfs-common

# NFS is a bit low, and if you're using many client it might result in time faults. 
# You must install NTP to overcome this !!
apt-get install ntp ntpdate

# Basic set of utilities
apt-get install unzip zip
apt-get install make autoconf automake cpp gcc build-essential
apt-get install htop
apt-get install python3

# Advanced APT manager (require to add repository from command line)
apt-get install software-properties-common python-software-properties


# JAVA (that is required for my application)
# Depending on your target usage you might not need it.
add-apt-repository ppa:webupd8team/java 
apt-get update && apt-get upgrade
apt-get install oracle-java7-installer oracle-jdk7-installer


Adjust bash and vim configuration

Edit your VIM configuration: 

vim /etc/vim/vimrc

Enable dark background, set nu, set ruler


Edit your bash configuration files to adjust the alias and enable auto-completion: 

vim /etc/bash.bashrc
vim /home/<username>/.bashrc
vim /root/.bashrc




Custom NetBoot configuration

Basic configuration

You can setup your own netboot configuration.

To do so, you can re-use one of the syslinux templates: 

# Create folders
mkdir /var/lib/tftpboot/custom
mkdir /var/lib/tftpboot/custom/pxelinux.cfg

# Create configuration files
cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot/custom


The pxelinux.cfg folder is mandatory. Inside you can provide:

  • configuration for a specific IP @ or hostname
  • configuration for a group
  • default configuration (required)


Create the default configuration file: 

vim /var/lib/tftpboot/custom/pxelinux.cfg/default


Put the following: 

# Ubuntu 14.04
LABEL TRUSTY
    kernel trusty/vmlinuz
    initrd trusty/initrd.img
    # Set NFS share as default root 
    append root=/dev/nfs nfsroot=192.168.2.2:/srv/nfsroot/trusty


# Prompt user for selection
PROMPT 0

TIMEOUT 30
  • Each LABEL is a specific configuration that will displayed on the NetBoot menu.
  • PROMPT 1 = enable user prompt so you can choose the configuration
  • TIMEOUT 30 = timeout (in seconds) before the default option is choosen


Note that I used a reference to "trusty/", that's a folder I need to create later on.


Create boot files

mkdir /var/lib/tftpboot/custom/trusty
# Copy current boot files
cp /boot/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/
cp /boot/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/
# Create symlinks
ln -s /var/lib/tftpboot/custom/trusty/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/vmlinuz
ln -s /var/lib/tftpboot/custom/trusty/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/initrd.img


- NOTES -

  • Adjust the 3.2.0-4 kernel number to the version you are using
  • Do NOT use symlinks !! It won't work !!
  • Don't forget to set all the rights ("chmod 777"). See the Security section below.


Advanced menu

Install menu manager

Text menu: 

cp /usr/lib/syslinux/menu.c32 /var/lib/tftpboot/custom/


Graphic menu: 

cp /usr/lib/syslinux/vesamenu.c32 /var/lib/tftpboot/custom/
cp /mySuperPicture/logo.png /var/lib/tftpboot/custom/pxelinux.cfg/

The associate picture must be a PNG 800x600 picture and MUST be named logo.png.


Configure boot options

Then edit the PXE boot file: 

vim /var/lib/tftpboot/custom/pxelinux.cfg/default


Put: 

#### GENERIC OPTIONS #####
# Enable text menu
#DEFAULT menu.c32
# Enable graphical menu
DEFAULT vesamenu.c32
# Prompt for user input? (0 = choose from menu, 1 = you can type anything)
PROMPT 0
# Allow or not the user to left the menu (1 = user is locked to the menu)
NOESCAPE 1
# Time before using default option
TIMEOUT 50


#### Menu settings #####
MENU TITLE my super netboot menu
MENU BACKGROUND pxelinux.cfg/logo.png
MENU WIDTH 80
MENU ROWS 14
MENU MARGIN 10


#### Distributions #####
# Ubuntu 14.04
LABEL trusty
    MENU LABEL Ubuntu 14.04 (trusty)
    MENU DEFAULT
    # Kernel and boot files
    KERNEL trusty/vmlinuz
    initrd trusty/initrd.img
    ### Boot options
    # Set NFS share as default root 
    APPEND root=/dev/nfs nfsroot=192.168.2.2:/srv/nfsroot/trusty

# Installation disk
    MENU LABEL rescue disk
    # Kernel and boot files
    KERNEL trusty/vmlinuz
    initrd rescue/amd64/initrd.img


Note all the "MENU" commands + PROMPT 0


Security notes

in order to work you must adjust the rights of your "/var/lib/tftpboot/". 

chmod -R 777 /var/lib/tftpboot



References

Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto Super video tutorials:

Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Diskless_netboot&oldid=313"