This article explains how to setup MANUALLY a netboot image.

Instead of manual operations you can use some config managers such as Puppet or Chef.

Get distribution's content

This step must be perform on the NFS server with a privileged user.

Debian 7.x

cd /nfs/wheezy
debootstrap wheezy /nfs/wheezy

Ubuntu 14.04

cd /nfs/trusty
debootstrap trusty /nfs/trusty

Access distribution

Update note

If you try to update a virtual machine then you should do the following step: Diskless image configuration - manual setup#Set resolv.conf

Chroot access

This step must be perform on the NFS server with a privileged user. You'll "mount" the NFS client system, then all commands will only affect the NFS client until you run "exit".

# Debian 7.x
chroot /nfs/wheezy/

# Ubuntu 14.04
chroot /nfs/trusty/

From here you can perform operation as if you were on a separate machine.

Only the current distribution (= the client one) will be affected.

Setup

Adjust default login/password

First of all, you have to create / adjust the default user.

# Add new user
adduser <username>
# Add user to sudoers group
usermod -a -G sudo <username>

Now you can use that user:

su <username>
sudo -s

You can check that you really are in the "Virtual machine" by checking "/srv/". It should be empty !

- Note -

On Debian distribution you have to install "sudo" manually. It's not in the defaults packages.

Update sources.list and install key packages

Your client need to have some key packages in order to work. Without these package even the NetBoot will fail !!

First of all: edit your sources.list

apt-get install vim nano
vim /etc/apt/sources.list

Put the following:

### Custom repositories list
#
# May 2014 - Guillaume Diaz
# This is an ajdustement of the default "debootstrap" sources.list
# This is required to provided update, security and advanced tools to all our clients
#


#########################
# Debian 7.x [Wheezy]
#########################
deb http://ftp.se.debian.org/debian stable main contrib
deb http://ftp.debian.org/debian/ wheezy-updates main contrib
deb http://security.debian.org/ wheezy/updates main contrib



#########################
# Ubuntu 14.04 LTS [Trusty]
#########################
# Official repositories
deb http://se.archive.ubuntu.com/ubuntu/ trusty main restricted universe multiverse
deb http://se.archive.ubuntu.com/ubuntu/ trusty-updates main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted universe multiverse

# Official updates 
deb http://se.archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse

# Canonical partners
#deb http://archive.canonical.com/ubuntu trusty partner

# Community partners
#deb http://extras.ubuntu.com/ubuntu trusty main

Update your package list:

apt-get update && apt-get upgrade

Now, you can install the basic programs:

# NFS client. This is ABSOLUTELY MANDATORY ! That's the only way to mount the /root
apt-get install nfs-common
apt-get install initramfs-tools

# IPTABLES. This is ABSOLUTELY MANDATORY ! 
apt-get install iptables

# NFS is a bit low, and if you're using many client it might result in time faults. 
# You must install NTP to overcome this !!
apt-get install ntp ntpdate

# Basic set of utilities
apt-get install unzip zip
apt-get install htop
apt-get install python3
apt-get install sysv-rc-conf

# Network tools
apt-get install curl

# Advanced APT manager (require to add repository from command line)
apt-get install software-properties-common python-software-properties

# SSH server
apt-get install openssh-server openssh-client

# Midnight commander
apt-get install mc


# JAVA (that is required for my application)
# Depending on your target usage you might not need it.
# !!! Careful !!! Java + its dependencies will take about 350 Mo !!! 

##### Ubuntu repository
add-apt-repository ppa:webupd8team/java 

##### Debian repository
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu trusty main" | tee -a /etc/apt/sources.list
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys EEA14886

##### Installation
apt-get update && apt-get upgrade
apt-get install oracle-java7-installer

Kernel libraries

You need to download the kernel libraries and modules in order to run correctly all the services. This is very important, otherwise your diskless client will have problems.

Get your current kernel version:

cat /proc/version

Then install the corresponding kernel files:

# you can check the list of available packages
apt-cache search linux-image

# put your kernel version like '3.13.0.32-generic'
apt-get install --reinstall linux-image-...

If asked: do NOT install GRUB.

You might encounter some errors during installation since you're not running the kernel... No panic ! :-)

apt-get install -f

Samba client

Since SAMBA is a better file-sharing system than NFS it's a good idea to install it!

Actually, this is how we access our common files. We do NOT rely on NFS for the shared files.

apt-get install samba smbclient cifs-utils

Then you can check if the service is working (or not)

modprobe cifs

If you see some error message, then please see #Kernel_libraries

Smartcard drivers

Only install the smartcards driver if:

• Your NFS server has already these driver installed
• The kernel you're gonna used support these drivers

# Smart-card drivers
apt-get install libpcsclite1 pcscd pcsc-tools

For the smart-card drivers you can see Drivers#Smart-card_drivers

Adjust bash and vim configuration

Edit your VIM configuration:

vim /etc/vim/vimrc

Enable dark background + set nu + set ruler

Edit your bash configuration files to adjust the alias and enable auto-completion:

vim /etc/bash.bashrc
vim /home/<username>/.bashrc
vim /root/.bashrc

Edit mount points (/etc/fstab)

Create mount point for the common files:

mkdir -p /nfs/common
chmod -R 777 /nfs/common

You must edit the mount points to get the client working!

vim /etc/fstab

# /etc/fstab: static file system information.
#
# <file system>            <mount point>   <type>  <options>                                      <dump>  <pass>
proc                        /proc           proc    defaults                                        0       0
/dev/nfs                    /               nfs     defaults,ro,noatime                             1       1

### Common NFS share.
# It's better to use SAMBA if you can.
#172.16.50.2:/nfs/common     /nfs/common     nfs     defaults,rw,noatime                             0       0
####

### Samba file-share
//smartcard-gw/file-share   /nfs/common     cifs    guest,uid=1000,iocharset=utf8                   0       0

none                        /tmp            tmpfs   defaults,rw,noexec,nosuid,size=512M             0       0
none                        /var/run        tmpfs   defaults,rw,noatime,noexec,nosuid               0       0
none                        /var/lock       tmpfs   defaults,rw,noatime,noexec,nosuid               0       0
none                        /var/tmp        tmpfs   defaults,rw,noexec,nosuid,size=128M             0       0
none                        /var/log        tmpfs   defaults,rw,noexec,nosuid,size=128M             0       0
none                        /run/shm        tmpfs   nodev,nosuid,noexec,size=256M                   0       0

- Reminder -

For the 2 Go constraints you can adjust some size arguments or even remove them: it will be delegate to the NetBoot client and automatically handled.

- Notes -

• There is no swap as the /tmp is already a RAMdisk and that should be enough.
• Notice the "none" + "tmpfs" for all mount point except the root "/" and "proc"
• ro - For Read Only mount point
• noatime - To speed up things by skipping the file access time registration. That will skip some write operations but it make it harder to know what has been accessed when. That's perfect for /tmp but it should not be set anywhere else.
• realtime - only update file timestamp if the file or directory has been modified since the last atime update. You might choose to use ‘noatime’ on most of your filesystems but leave /var/spool and /tmp as ‘relatime’:
• noexec - To prevent people from running executables in /tmp. Some rootkits do that. This flag might cause trouble for some legitimate applications so be sure to test everything properly after setting this flag.
• nosuid - To prevent the setuid bit from being set on files in /tmp.
• no size on "/var/run" and "/var/lock" : it's better to let the system managed that

As "/var/tmp" is used to preserve temporary data across reboot - and due to the fact that it's a temp RAMdisk - it should not be used! However, to prevent bugs it's safer to allow some little space.

Beware "/var/log" will be reset at each reboot! So you absolutely need to setup some kind of central log solution - using logstash for instance.

For the Samba file-share properties you can check the following article: https://wiki.ubuntu.com/MountWindowsSharesPermanently

Firewall script

Download, adjust and copy the following FW script to your clients: http://www.daxiongmao.eu/wiki_upload_files/firewall/firewall-nfs-client.sh

See Firewall to get more details.

Setup network interfaces

Even though you're using the NetBoot process you still have to register some interfaces! More important, the NetBoot disable the loopback "lo" - so you should better add that one back!

# Adjust "xxxx" by your distribution name
vim /etc/network/interfaces

Add:

auto lo
iface lo inet loopback

# Ethernet default interface
auto eth0
iface eth0 inet dhcp

# Intel NUC ethernet interface is named em1
auto em1
iface em1 inet dhcp

Even though you're using a NetBoot configuration you need to tell the client to use DHCP and retrieve its network settings (DNS, IP, GW, ...) dynamically. That's why you have to enable your ethernet interface.

Clear hostname

By default your client will have the same hostname as the server due to the "deboostrap" installation. :(

You MUST clean that in order to retrieve the name from your DNS.

vim /etc/hostname

That file must be empty.

Setup correct DNS

Your network configuration might change in the future, therefore you don't want to save any hard DNS reference in the client!

You have to edit resolv.conf configuration and make it clean.

Both following files should be empty - if not then you have to clean them !

• /etc/resolvconf/resolv.conf.d/base
• /etc/resolvconf/resolv.conf.d/orginal

You can also clean the resolv.conf that was generated by deboostrap:

vim /etc/resolv.conf

You can delete all DNS references from that file.

Keyboard configuration

You have to set your keyboard configuration to use something else than the US layout as default.

vim /etc/default/keyboard

Adjust the lang and keyboard size:

XKBMODEL="pc105"
XKBLAYOUT="se"
XKBVARIANT=""
XKBOPTIONS=""

Now you can run the configuration utility:

dpkg-reconfigure keyboard-configuration

Monitoring client

I'm using Zabbix as a monitoring solution. See Zabbix agent setup.

I also advise you to install a SNMP client.

Exit client distro

Update status cleaning

If you've been updating the virtual machine, don't forget to clean your mess ! see #Clean resolv.conf

Exit virtual machine

Exit until your reach your starting point.

exit

NFS virtual machine update

Set resolv.conf

Before chrooting, from the NFS server, you need to reset the "/etc/resolv.conf":

echo /etc/resolv.conf > /nfs/trust/etc/resolv.conf

Where "/nfs/trusty/" is the name of the target virtual machine.

Apply update

Now you can CHROOT and use APT-GET or any other applications.

Clean resolv.conf

Before leaving don't forget to clean the resolv.conf !

echo "" > /etc/resolv.conf

Optional: XFCE frontend

Installation

If you'd like to setup a graphical environment as a rescue | alternative, then I recommend you XFCE :)

apt-get install --no-install-recommends xubuntu-desktop 
apt-get install xfce4 xubuntu-icon-theme xubuntu-default-settings
apt-get install xfce4-terminal xfce4-taskmanager libxfce4ui-utils thunar

## It's always useful to have a default Internet browser
apt-get install firefox

## Text editors
apt-get install mousepad  

## Screenshot application - very useful to produce nice documentation
apt-get install xfce4-screenshooter xfce4-screenshooter-plugin

## You should also install guake - that's pretty useful too !
apt-get install guake

This will install XFCE without the default - none required - Ubuntu applications.

>> You still need about 430 Mo, but that's the minimal setup.

How to setup XFCE for NetBoot use?

You have to mount the XFCE in read / write mode for configuration.

• Adjust your NFS configuration in "/etc/exports" + reload NFS server
• Adjust your client "/etc/fstab"

Boot on your Xubuntu O.S and setup it as you like it to be :)

• Add desktop launchers
• Update the panel to add the "applications menu" + "show desktop"
• etc.

Then, once everything is setup you must reboot to ensure your settings are correct!

-Note-

XFCE doesn't work in read-only mode!! ... At least I didn't managed to achieve that.

So, you MUST let the image in RW mode to NetBoot on it. As a result, you might encounter some concurrency issues if many users are logged at the same time.