Difference between revisions of "Diskless netboot"
 
(68 intermediate revisions by the same user not shown)
Line 1: Line 1:
Diskless server / workstation using netboot
+
[[Category:Linux]]
  
  
NFS is a technology that allow you to share some files and folders over the network. So:
+
==Target folder tree (server side)==
* All the clients will share the installation, configuration files and so on.
 
* Each client will run a dedicated instance of the operating system
 
* Logs will be centralized on the common NFS server - so we don't loose data on each reboot.
 
  
You must have a working DHCP server + NetBoot before starting this part.
+
This is how we'll setup our files and folders:
  
 +
<syntaxhighlight lang="bash">
 +
# TFTP root
 +
/tftpboot/                                 
  
Requirements:
+
###############
* [[DHCP server]]
+
# Network bootable image(s) using NFS technology
* [[NetBoot server]]
+
################     
  
 +
#### Boot file           
 +
/tftpboot/pxelinux.0                  # Initial boot file - only use to load the PXE NetBoot manager
 +
/tftpboot/{menu.c32 || vesamenu.c32}  # PXE interactive menu managers (text or graphical)
 +
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
 +
/tftpboot/pxelinux.cfg/default        # default PXE configuration
  
 +
#### Kernel file
  
=Installation=
+
/tftpboot/images/     
  
 +
# Debian 7.x [Wheezy]
 +
/tftpboot/images/wheezy/ 
 +
/tftpboot/images/wheezy/vmlinuz
 +
/tftpboot/images/wheezy/initrd.img
  
'''NFS support'''
+
# [X]Ubuntu 14.04 [Trusty]
<syntaxhighlight lang="bash">
+
/tftpboot/images/trusty/ 
apt-get install nfs-kernel-server nfs-common
+
/tftpboot/images/trusty/vmlinuz
</syntaxhighlight>
+
/tftpboot/images/trusty/initrd.img
  
'''Debootstrap (manage netboot image)'''
 
<syntaxhighlight lang="bash">
 
apt-get install debootstrap
 
</syntaxhighlight>
 
  
 +
#### NFS
 +
# This is where the runnable will be. Each image will be in a dedicated folder.
 +
/nfs/                   
  
 +
# Debian 7.x [Wheezy]
 +
/nfs/wheezy/ 
  
=NFS server setup=
+
# Ubuntu 14.04 [Trusty]
 +
/nfs/trusty/
 +
</syntaxhighlight>
  
  
==Preparation==
 
  
You have to create a dedicated folder on your server where you will host the client image.
+
==Client overview==
  
<syntaxhighlight lang="bash">
+
Each client must have, at least, 4 Go of RAM.
mkdir -p /srv/nfsroot
 
chmod -R 777 /srv/nfsroot
 
</syntaxhighlight>
 
  
  
==Configuration==
+
===4 GO RAM configuration===
  
The NFS configuration is done in the '''/etc/exports''' file
+
This is how we're gonna populate the client:
  
<syntaxhighlight lang="bash">
+
[[File:Client_composition.png|480px|NetBoot client RAM overview - 4Go]]
vim /etc/exports
 
</syntaxhighlight>
 
  
  
Add something like that:
+
As you can see, each client will have some space dedicated for swap + some RAMdisk to allow writing in /var, /tmp and /proc.
  
<syntaxhighlight lang="bash">
 
  /srv/nfsroot      192.168.2.*(ro,no_root_squash,async,insecure,no_subtree_check)
 
</syntaxhighlight>
 
  
 +
Configuration of a '''4Go RAM''' disk:
 +
* No swap
 +
* Local TMPFS (read/write for /dev, /tmp, ...) : 1 Go
 +
** /tmp      = 512 M
 +
** /var/tmp  = 128 M
 +
** /var/log  = 128 M
 +
** /var/run  = 8 M
 +
** /var/lock = 8 M
 +
** /run/shm  = 256 M
 +
* O.S (NFS read only) : all the rest ~ 2.8 Go
 +
* Common share (NFS read write) : ''Remote disk''
  
Adjust "192.168.2.*" to your own network address
 
  
* rw : Allow clients to read as well as write access
 
* ro : Read only access
 
* insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
 
* no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
 
* async : async will speed up transfers.
 
* no_root_squash: This phrase allows root to connect to the designated directory.
 
  
 +
===2 Go===
  
- NOTE -
+
Due to budget restriction we might encounter some low memory machines with only 2 Go...
  
It's always a good idea to use Read-Only if you plan to share this disk.
 
  
That will avoid user to mess with your image!
+
This is how we're gonna populate the client:
  
 +
[[File:Client_mount_points_2Go.png|480px|NetBoot client RAM overview - 2Go]]
  
  
==Security==
+
In case of '''2Go RAM''' then you have to use some tricks:
 +
* No swap
 +
* O.S (NFS read only) : ~ 1.2 Go
 +
* Common share (NFS read write) : ''Remote disk''
 +
* Local TMPFS (read/write for /dev, /tmp, ...) : all the rest
 +
** /tmp      = 372 M
 +
** /var/tmp  = auto
 +
** /var/log  = 128 M
 +
** /var/run  = auto
 +
** /var/lock = auto
 +
** /run/shm  = auto
  
Like TFTP, this part is insecure !
 
  
You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !
 
  
 +
==How big is the client image ?==
  
 +
By default the ''deboostrap'' Ubuntu 14.04 LTS image is 239 Mo. With the applications we're gonna use that size will increase to about 1 or '''1.3 Go''' depending if you copy (or not) the kernel sources. It may even take 1.6 Go if you're using XFCE frontend.
  
NFS is using dynamic ports numbers because it runs over '''rpcbind'''. Making NFS using specifics port is a pain in the ass !! :(
 
  
So, instead of that you should allow your LAN communication.
 
  
 +
=NFS client image=
  
<syntaxhighlight lang="bash">
+
There are different way to setup a NFS client image.  
    IPTABLES=`which iptables`
 
    LAN_ADDRESS="192.168.2.0/24"
 
  
    # Allow LAN communication
+
The main ones are:
    $IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
 
    $IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
 
  
</syntaxhighlight>
+
* Manually
 +
** debootstrap
 +
** copying the install from your server
 +
** Manual install on a client, then, when the system is ready, copy everything to the NFS share
  
 +
* Using script and software like "Puppet" or "Chef"
  
==Management==
 
  
<syntaxhighlight lang="bash">
 
service nfs-kernel-server {status|start|stop|restart}
 
</syntaxhighlight>
 
  
 +
==Setup client distribution==
  
==Test the server==
+
You have to create one target for each distribution you want to serve:
  
 
Install the NFS v4 client:
 
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
apt-get install nfs-common  
+
mkdir -p /nfs/trusty
 +
mkdir -p /nfs/wheezy
 +
mkdir -p /nfs/common
 
</syntaxhighlight>
 
</syntaxhighlight>
  
  
To mount the default path:
+
- NOTES -  
<syntaxhighlight lang="bash">
 
mount -t nfs nfs-server:/ /mnt
 
</syntaxhighlight>
 
  
You'll see: "/mnt/srv/nfsroot"
+
* The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
  
 +
* The folder name should match a Linux (Debian like) distribution name
  
It's better to do:
 
<syntaxhighlight lang="bash">
 
mount -t nfs nfs-server:/srv/nfsroot /mnt
 
</syntaxhighlight>
 
  
  
 +
==Configure client distribution==
  
 +
* Manual configuration: [[Diskless image configuration - manual setup]]
  
=NFS client image=
+
* Automatic [Puppet || Chef] configuration: [[Diskless image configuration - script setup]]
  
There are different way to setup a NFS client image.
 
  
The main ones are:
 
* debootstrap
 
* copying the install from your server
 
* Manual install on a client, then, when the system is ready, copy everything to the NFS share
 
  
  
  
==Debootstrap: setup client distribution==
+
==Backup distribution==
  
 +
You can create an archive of your current distribution for later restore / re-use.
  
===Setup distribution folder===
 
  
You have to create one target for each distribution you want to serve:
+
===Compression===
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
mkdir -p /srv/nfsroot/trusty
+
cd /nfs
chmod -R 777 /srv/nfsroot/trusty
+
tar cvpjf trusty.tar.bz2 ./trusty
 
</syntaxhighlight>
 
</syntaxhighlight>
  
- NOTES -
 
* The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
 
* The folder name should match a Linux (Debian like) distribution name
 
  
 
+
===Restoration===
===Populate the content===
 
  
 
<syntaxhighlight lang="bash">
 
<syntaxhighlight lang="bash">
cd /srv/nfsroot/trusty
+
cd /nfs
debootstrap trusty /srv/nfsroot/trusty
+
tar -xvjf trusty.tar.bz2
 
</syntaxhighlight>
 
</syntaxhighlight>
  
 +
=PXE interactive menu=
  
===Adjust default login/password===
+
You can create interactive NetBoot menus, see:
 +
* [[PXE interactive menu - single level]]
 +
* [[PXE interactive menu - multi level]]
  
You have to create / adjust the default user.
 
  
To do so, we must "mount" the new system and perform operations on it.
 
<syntaxhighlight lang="bash">
 
# "mount" the system
 
chroot /srv/nfsroot/trusty/
 
# Add new user
 
adduser <username>
 
# Add user to sudoers group
 
usermod -a -G sudo <username>
 
# Exit chroot
 
exit
 
</syntaxhighlight>
 
  
  
 +
=Local server monitoring=
  
 +
Install the following services:
 +
* [[SNMP client]]
 +
* [[Zabbix agent setup]]
  
=Custom NetBoot configuration=
 
  
  
==Basic configuration==
 
  
You can setup your own netboot configuration.
+
=Other services=
  
To do so, you can re-use one of the syslinux templates:
 
  
<syntaxhighlight lang="bash">
+
==File sharing==
# Create folders
 
mkdir /var/lib/tftpboot/custom
 
mkdir /var/lib/tftpboot/custom/pxelinux.cfg
 
  
# Create configuration files
+
If you want to expose the NFS common folder as a file-share, you have to install and configure Samba. See: [[Samba server]]
cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftpboot/custom
 
</syntaxhighlight>
 
  
  
The ''pxelinux.cfg'' folder is mandatory. Inside you can provide:
+
''Note''
* configuration for a specific IP @ or hostname
 
* configuration for a group
 
* default configuration (required)
 
  
 +
Samba is actually better than NFS for the file-share. You should remove Common from /etc/exports and use a samba share instead.
  
Create the default configuration file:
 
<syntaxhighlight lang="bash">
 
vim /var/lib/tftpboot/custom/pxelinux.cfg/default
 
</syntaxhighlight>
 
  
  
Put the following:
+
==Management UI (webmin)==
<syntaxhighlight lang="bash">
 
# Ubuntu 14.04
 
LABEL TRUSTY
 
    kernel trusty/vmlinuz
 
    initrd trusty/initrd.img
 
    # Set NFS share as default root
 
    append root=/dev/nfs nfsroot=172.16.50.2:/srv/nfsroot/trusty
 
  
 +
Since there is a lot of services to manage, it's always convenient to use an UI for it. Check [[Webmin]]
  
# Prompt user for selection
 
PROMPT 0
 
  
TIMEOUT 30
 
</syntaxhighlight>
 
  
* Each LABEL is a specific configuration that will displayed on the NetBoot menu.
+
==VPN server==
* PROMPT 1 = enable user prompt so you can choose the configuration
 
* TIMEOUT 30 = timeout (in seconds) before the default option is choosen
 
  
 +
See [[VPN]]
  
Note that I used a reference to "trusty/", that's a folder I need to create later on.
 
  
  
 +
==Apache2 server==
  
==Create boot files==
+
See [[Apache 2]]
  
<syntaxhighlight lang="bash">
 
mkdir /var/lib/tftpboot/custom/trusty
 
# Copy current boot files
 
cp /boot/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/
 
cp /boot/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/
 
# Create symlinks
 
ln -s /var/lib/tftpboot/custom/trusty/vmlinuz-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/vmlinuz
 
ln -s /var/lib/tftpboot/custom/trusty/initrd.img-3.2.0-4-amd64 /var/lib/tftpboot/custom/trusty/initrd.img
 
</syntaxhighlight>
 
  
Adjust the ''3.2.0-4'' kernel number to the version you are using
 
  
  
  
 +
=References=
  
 +
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
  
  
 +
Mind reference: http://mindref.blogspot.se/2011/03/debian-diskless.html
  
=References=
 
  
Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto
 
 
Super video tutorials:  
 
Super video tutorials:  
 
* https://www.youtube.com/watch?v=js9imsrqAMk
 
* https://www.youtube.com/watch?v=js9imsrqAMk
 
* http://www.stepladder-it.com/bivblog/14/ to /16/
 
* http://www.stepladder-it.com/bivblog/14/ to /16/
 +
* https://blog.dlasley.net/2013/01/pxe-server-ubuntu/
 +
 +
 +
Nice explanation of PXE process: http://www.linux.com/learn/docs/ldp/497-Diskless-root-NFS-HOWTO
 +
 +
* How to improved /etc/fstab: http://www.askapache.com/optimize/super-speed-secrets.html

Latest revision as of 15:37, 21 August 2014


Target folder tree (server side)

This is how we'll setup our files and folders: 

# TFTP root
/tftpboot/                                   

###############
# Network bootable image(s) using NFS technology
################       

#### Boot file            
/tftpboot/pxelinux.0                   # Initial boot file - only use to load the PXE NetBoot manager
/tftpboot/{menu.c32 || vesamenu.c32}   # PXE interactive menu managers (text or graphical)
/tftpboot/pxelinux.cfg/                # PXE configuration(s)
/tftpboot/pxelinux.cfg/default         # default PXE configuration

#### Kernel file

/tftpboot/images/      

# Debian 7.x [Wheezy] 
/tftpboot/images/wheezy/   
/tftpboot/images/wheezy/vmlinuz
/tftpboot/images/wheezy/initrd.img

# [X]Ubuntu 14.04 [Trusty] 
/tftpboot/images/trusty/  
/tftpboot/images/trusty/vmlinuz
/tftpboot/images/trusty/initrd.img


#### NFS 
# This is where the runnable will be. Each image will be in a dedicated folder.
/nfs/                    

# Debian 7.x [Wheezy] 
/nfs/wheezy/   

# Ubuntu 14.04 [Trusty] 
/nfs/trusty/


Client overview

Each client must have, at least, 4 Go of RAM.


4 GO RAM configuration

This is how we're gonna populate the client:

NetBoot client RAM overview - 4Go


As you can see, each client will have some space dedicated for swap + some RAMdisk to allow writing in /var, /tmp and /proc.


Configuration of a 4Go RAM disk:

  • No swap
  • Local TMPFS (read/write for /dev, /tmp, ...) : 1 Go
    • /tmp = 512 M
    • /var/tmp = 128 M
    • /var/log = 128 M
    • /var/run = 8 M
    • /var/lock = 8 M
    • /run/shm = 256 M
  • O.S (NFS read only) : all the rest ~ 2.8 Go
  • Common share (NFS read write) : Remote disk


2 Go

Due to budget restriction we might encounter some low memory machines with only 2 Go...


This is how we're gonna populate the client:

NetBoot client RAM overview - 2Go


In case of 2Go RAM then you have to use some tricks:

  • No swap
  • O.S (NFS read only) : ~ 1.2 Go
  • Common share (NFS read write) : Remote disk
  • Local TMPFS (read/write for /dev, /tmp, ...) : all the rest
    • /tmp = 372 M
    • /var/tmp = auto
    • /var/log = 128 M
    • /var/run = auto
    • /var/lock = auto
    • /run/shm = auto


How big is the client image ?

By default the deboostrap Ubuntu 14.04 LTS image is 239 Mo. With the applications we're gonna use that size will increase to about 1 or 1.3 Go depending if you copy (or not) the kernel sources. It may even take 1.6 Go if you're using XFCE frontend.


NFS client image

There are different way to setup a NFS client image.

The main ones are:

  • Manually
    • debootstrap
    • copying the install from your server
    • Manual install on a client, then, when the system is ready, copy everything to the NFS share
  • Using script and software like "Puppet" or "Chef"


Setup client distribution

You have to create one target for each distribution you want to serve: 

mkdir -p /nfs/trusty
mkdir -p /nfs/wheezy
mkdir -p /nfs/common


- NOTES -

  • The folder name should match your NetBoot settings. Folder name = a LABEL in the NetBoot config.
  • The folder name should match a Linux (Debian like) distribution name


Configure client distribution



Backup distribution

You can create an archive of your current distribution for later restore / re-use.


Compression

cd /nfs
tar cvpjf trusty.tar.bz2 ./trusty


Restoration

cd /nfs
tar -xvjf trusty.tar.bz2

PXE interactive menu

You can create interactive NetBoot menus, see:



Local server monitoring

Install the following services:



Other services

File sharing

If you want to expose the NFS common folder as a file-share, you have to install and configure Samba. See: Samba server


Note

Samba is actually better than NFS for the file-share. You should remove Common from /etc/exports and use a samba share instead.


Management UI (webmin)

Since there is a lot of services to manage, it's always convenient to use an UI for it. Check Webmin


VPN server

See VPN


Apache2 server

See Apache 2



References

Ubuntu diskless how-to: https://help.ubuntu.com/community/DisklessUbuntuHowto


Mind reference: http://mindref.blogspot.se/2011/03/debian-diskless.html


Super video tutorials:


Nice explanation of PXE process: http://www.linux.com/learn/docs/ldp/497-Diskless-root-NFS-HOWTO

Retrieved from "http://www.daxiongmao.eu/wiki/index.php?title=Diskless_netboot&oldid=1302"