Difference between revisions of "Diskless netboot"
 
(71 intermediate revisions by the same user not shown)
Line 1: Line 1:
Diskless server / workstation using netboot
+
[[Category:Linux]]
  
  
NFS is a technology that allow you to share some files and folders over the network. So:
+
==Target folder tree (server side)==
* All the clients will share the installation, configuration files and so on.
 
* Each client will run a dedicated instance of the operating system
 
* Logs will be centralized on the common NFS server - so we don't loose data on each reboot.
 
  
You must have a working DHCP server + NetBoot before starting this part.
+
This is how we'll setup our files and folders:
  
 +
<syntaxhighlight lang="bash">
 +
# TFTP root
 +
/tftpboot/                                 
  
Requirements:
+
###############
* [[DHCP server]]
+
# Network bootable image(s) using NFS technology
* [[NetBoot server]]
+
################     
  
 +
#### Boot file           
 +
/tftpboot/pxelinux.0                  # Initial boot file - only use to load the PXE NetBoot manager
 +
/tftpboot/{menu.c32 || vesamenu.c32}  # PXE interactive menu managers (text or graphical)
 +
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
 +
/tftpboot/pxelinux.cfg/default        # default PXE configuration
  
 +
#### Kernel file
  
=Installation=
+
/tftpboot/images/     
  
 +
# Debian 7.x [Wheezy]
 +
/tftpboot/images/wheezy/ 
 +
/tftpboot/images/wheezy/vmlinuz
 +
/tftpboot/images/wheezy/initrd.img
  
'''NFS support'''
+
# [X]Ubuntu 14.04 [Trusty]
<syntaxhighlight lang="bash">
+
/tftpboot/images/trusty/ 
apt-get install nfs-kernel-server nfs-common
+
/tftpboot/images/trusty/vmlinuz
 +
/tftpboot/images/trusty/initrd.img
 +
 
 +
 
 +
#### NFS  
 +
# This is where the runnable will be. Each image will be in a dedicated folder.
 +
/nfs/                   
 +
 
 +
# Debian 7.x [Wheezy]
 +
/nfs/wheezy/ 
 +
 
 +
# Ubuntu 14.04 [Trusty]
 +
/nfs/trusty/
 
</syntaxhighlight>
 
</syntaxhighlight>
  
'''Debootstrap (manage netboot image)'''
 
<syntaxhighlight lang="bash">
 
apt-get install debootstrap
 
</syntaxhighlight>
 
  
 +
 +
==Client overview==
 +
 +
Each client must have, at least, 4 Go of RAM.
  
  
=NFS server setup=
+
===4 GO RAM configuration===
  
 +
This is how we're gonna populate the client:
  
==Preparation==
+
[[File:Client_composition.png|480px|NetBoot client RAM overview - 4Go]]
  
You have to create a dedicated folder on your server where you will host the client image.
 
  
<syntaxhighlight lang="bash">
+
As you can see, each client will have some space dedicated for swap + some RAMdisk to allow writing in /var, /tmp and /proc.
mkdir -p /srv/nfsroot
 
chmod -R 777 /srv/nfsroot
 
</syntaxhighlight>
 
  
  
==Configuration==
+
Configuration of a '''4Go RAM''' disk:
 +
* No swap
 +
* Local TMPFS (read/write for /dev, /tmp, ...) : 1 Go
 +
** /tmp      = 512 M
 +
** /var/tmp  = 128 M
 +
** /var/log  = 128 M
 +
** /var/run  = 8 M
 +
** /var/lock = 8 M
 +
** /run/shm  = 256 M
 +
* O.S (NFS read only) : all the rest ~ 2.8 Go
 +
* Common share (NFS read write) : ''Remote disk''
  
The NFS configuration is done in the '''/etc/exports''' file
 
  
<syntaxhighlight lang="bash">
 
vim /etc/exports
 
</syntaxhighlight>
 
  
 +
===2 Go===
  
Add something like that:
+
Due to budget restriction we might encounter some low memory machines with only 2 Go...
  
<syntaxhighlight lang="bash">
 
  /srv/nfsroot      192.168.2.*(rw,async,insecure,no_subtree_check)
 
</syntaxhighlight>
 
  
 +
This is how we're gonna populate the client:
  
Adjust "192.168.2.*" to your own network address
+
[[File:Client_mount_points_2Go.png|480px|NetBoot client RAM overview - 2Go]]
  
* rw : Allow clients to read as well as write access
 
* ro : Read only access
 
* insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
 
* no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
 
* async : async will speed up transfers.
 
* no_root_squash: This phrase allows root to connect to the designated directory.
 
  
 +
In case of '''2Go RAM''' then you have to use some tricks:
 +
* No swap
 +
* O.S (NFS read only) : ~ 1.2 Go
 +
* Common share (NFS read write) : ''Remote disk''
 +
* Local TMPFS (read/write for /dev, /tmp, ...) : all the rest
 +
** /tmp      = 372 M
 +
** /var/tmp  = auto
 +
** /var/log  = 128 M
 +
** /var/run  = auto
 +
** /var/lock = auto
 +
** /run/shm  = auto
  
==Security==
 
  
Like TFTP, this part is insecure !
 
  
You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !
+
==How big is the client image ?==
  
 +
By default the ''deboostrap'' Ubuntu 14.04 LTS image is 239 Mo. With the applications we're gonna use that size will increase to about 1 or '''1.3 Go''' depending if you copy (or not) the kernel sources. It may even take 1.6 Go if you're using XFCE frontend.
  
  
NFS is using dynamic ports numbers because it runs over '''rpcbind'''. Making NFS using specifics port is a pain in the ass !! :(
 
  
So, instead of that you should allow your LAN communication.
+
=NFS client image=
  
 +
There are different way to setup a NFS client image.
  
<syntaxhighlight lang="bash">
+
The main ones are:
    IPTABLES=`which iptables`
+
 
    LAN_ADDRESS="192.168.2.0/24"
+
* Manually
 +
** debootstrap
 +
** copying the install from your server
 +
** Manual install on a client, then, when the system is ready, copy everything to the NFS share
 +
 
 +
* Using script and software like "Puppet" or "Chef"
  
    # Allow LAN communication
 
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
 
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
 
  
</syntaxhighlight>
 
  
 +
==Setup client distribution==
  
==Management==
+
You have to create one target for each distribution you want to serve:
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
service nfs-kernel-server {status|start|stop|restart}
+
mkdir -p /nfs/trusty
 +
mkdir -p /nfs/wheezy
 +
mkdir -p /nfs/common
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
==Test the server==
+
- NOTES -
 +
 
 +
* The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
 +
 
 +
* The folder name should match a Linux (Debian like) distribution name
 +
 
 +
 
 +
 
 +
==Configure client distribution==
 +
 
 +
* Manual configuration: [[Diskless image configuration - manual setup]]
 +
 
 +
* Automatic [Puppet || Chef] configuration: [[Diskless image configuration - script setup]]
 +
 
 +
 
 +
 
 +
 
 +
 
 +
==Backup distribution==
 +
 
 +
You can create an archive of your current distribution for later restore / re-use.
  
  
Install the NFS v4 client:
+
===Compression===
 +
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
apt-get install nfs-common
+
cd /nfs
 +
tar cvpjf trusty.tar.bz2 ./trusty
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
To mount the default path:
+
===Restoration===
 +
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
mount -t nfs nfs-server:/ /mnt
+
cd /nfs
 +
tar -xvjf trusty.tar.bz2
 
</syntaxhighlight>
 
</syntaxhighlight>
  
You'll see: "/mnt/srv/nfsroot"
+
=PXE interactive menu=
 +
 
 +
You can create interactive NetBoot menus, see:
 +
* [[PXE interactive menu - single level]]
 +
* [[PXE interactive menu - multi level]]
 +
 
 +
 
 +
 
 +
 
 +
=Local server monitoring=
 +
 
 +
Install the following services:
 +
* [[SNMP client]]
 +
* [[Zabbix agent setup]]
 +
 
 +
 
 +
 
 +
 
 +
=Other services=
 +
 
 +
 
 +
==File sharing==
 +
 
 +
If you want to expose the NFS common folder as a file-share, you have to install and configure Samba. See: [[Samba server]]
 +
 
 +
 
 +
''Note''
 +
 
 +
Samba is actually better than NFS for the file-share. You should remove Common from /etc/exports and use a samba share instead.
 +
 
 +
 
 +
 
 +
==Management UI (webmin)==
 +
 
 +
Since there is a lot of services to manage, it's always convenient to use an UI for it. Check [[Webmin]]
  
  
It's better to do:
 
<syntaxhighlight lang="bash">
 
mount -t nfs nfs-server:/srv/nfsroot /mnt
 
</syntaxhighlight>
 
  
 +
==VPN server==
  
 +
See [[VPN]]
  
  
=NFS client image=
 
  
There are different way to setup a NFS client image.
+
==Apache2 server==
  
The main ones are:
+
See [[Apache 2]]
* debbootstrap
 
* copying the install from your server
 
* Manual install on a client, then, when the system is ready, copy everything to the NFS share
 
  
  
Line 142: Line 226:
  
 
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
 
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
 +
 +
 +
Mind reference: http://mindref.blogspot.se/2011/03/debian-diskless.html
 +
 +
 +
Super video tutorials:
 +
* https://www.youtube.com/watch?v=js9imsrqAMk
 +
* http://www.stepladder-it.com/bivblog/14/ to /16/
 +
* https://blog.dlasley.net/2013/01/pxe-server-ubuntu/
 +
 +
 +
Nice explanation of PXE process: http://www.linux.com/learn/docs/ldp/497-Diskless-root-NFS-HOWTO
 +
 +
* How to improved /etc/fstab: http://www.askapache.com/optimize/super-speed-secrets.html

Latest revision as of 15:37, 21 August 2014


Target folder tree (server side)

This is how we'll setup our files and folders: 

# TFTP root
/tftpboot/                                   

###############
# Network bootable image(s) using NFS technology
################       

#### Boot file            
/tftpboot/pxelinux.0                   # Initial boot file - only use to load the PXE NetBoot manager
/tftpboot/{menu.c32 || vesamenu.c32}   # PXE interactive menu managers (text or graphical)
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
/tftpboot/pxelinux.cfg/default         # default PXE configuration

#### Kernel file

/tftpboot/images/      

# Debian 7.x [Wheezy] 
/tftpboot/images/wheezy/   
/tftpboot/images/wheezy/vmlinuz
/tftpboot/images/wheezy/initrd.img

# [X]Ubuntu 14.04 [Trusty] 
/tftpboot/images/trusty/  
/tftpboot/images/trusty/vmlinuz
/tftpboot/images/trusty/initrd.img


#### NFS 
# This is where the runnable will be. Each image will be in a dedicated folder.
/nfs/                    

# Debian 7.x [Wheezy] 
/nfs/wheezy/   

# Ubuntu 14.04 [Trusty] 
/nfs/trusty/


Client overview

Each client must have, at least, 4 Go of RAM.


4 GO RAM configuration

This is how we're gonna populate the client:

NetBoot client RAM overview - 4Go


As you can see, each client will have some space dedicated for swap + some RAMdisk to allow writing in /var, /tmp and /proc.


Configuration of a 4Go RAM disk:

  • No swap
  • Local TMPFS (read/write for /dev, /tmp, ...) : 1 Go
    • /tmp = 512 M
    • /var/tmp = 128 M
    • /var/log = 128 M
    • /var/run = 8 M
    • /var/lock = 8 M
    • /run/shm = 256 M
  • O.S (NFS read only) : all the rest ~ 2.8 Go
  • Common share (NFS read write) : Remote disk


2 Go

Due to budget restriction we might encounter some low memory machines with only 2 Go...


This is how we're gonna populate the client:

NetBoot client RAM overview - 2Go


In case of 2Go RAM then you have to use some tricks:

  • No swap
  • O.S (NFS read only) : ~ 1.2 Go
  • Common share (NFS read write) : Remote disk
  • Local TMPFS (read/write for /dev, /tmp, ...) : all the rest
    • /tmp = 372 M
    • /var/tmp = auto
    • /var/log = 128 M
    • /var/run = auto
    • /var/lock = auto
    • /run/shm = auto


How big is the client image ?

By default the deboostrap Ubuntu 14.04 LTS image is 239 Mo. With the applications we're gonna use that size will increase to about 1 or 1.3 Go depending if you copy (or not) the kernel sources. It may even take 1.6 Go if you're using XFCE frontend.


NFS client image

There are different way to setup a NFS client image.

The main ones are:

  • Manually
    • debootstrap
    • copying the install from your server
    • Manual install on a client, then, when the system is ready, copy everything to the NFS share
  • Using script and software like "Puppet" or "Chef"


Setup client distribution

You have to create one target for each distribution you want to serve: 

mkdir -p /nfs/trusty
mkdir -p /nfs/wheezy
mkdir -p /nfs/common


- NOTES -

  • The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
  • The folder name should match a Linux (Debian like) distribution name


Configure client distribution



Backup distribution

You can create an archive of your current distribution for later restore / re-use.


Compression

cd /nfs
tar cvpjf trusty.tar.bz2 ./trusty


Restoration

cd /nfs
tar -xvjf trusty.tar.bz2

PXE interactive menu

You can create interactive NetBoot menus, see:



Local server monitoring

Install the following services:



Other services

File sharing

If you want to expose the NFS common folder as a file-share, you have to install and configure Samba. See: Samba server


Note

Samba is actually better than NFS for the file-share. You should remove Common from /etc/exports and use a samba share instead.


Management UI (webmin)

Since there is a lot of services to manage, it's always convenient to use an UI for it. Check Webmin


VPN server

See VPN


Apache2 server

See Apache 2



References

Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto


Mind reference: http://mindref.blogspot.se/2011/03/debian-diskless.html


Super video tutorials:


Nice explanation of PXE process: http://www.linux.com/learn/docs/ldp/497-Diskless-root-NFS-HOWTO

Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Diskless_netboot&oldid=1302"