Difference between revisions of "Diskless netboot"
| Line 67: | Line 67: | ||
* no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers. | * no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers. | ||
* async : async will speed up transfers. | * async : async will speed up transfers. | ||
| − | + | * no_root_squash: This phrase allows root to connect to the designated directory. | |
Revision as of 15:44, 22 May 2014
Diskless server / workstation using netboot
NFS is a technology that allow you to share some files and folders over the network. So:
- All the clients will share the installation, configuration files and so on.
- Each client will run a dedicated instance of the operating system
- Logs will be centralized on the common NFS server - so we don't loose data on each reboot.
You must have a working DHCP server + NetBoot before starting this part.
Requirements:
Contents
Installation
NFS support
apt-get install nfs-kernel-server nfs-commonDebootstrap (manage netboot image)
apt-get install debootstrap
NFS server setup
Preparation
You have to create a dedicated folder on your server where you will host the client image.
mkdir -p /srv/nfsroot
chmod -R 777 /srv/nfsroot
Configuration
The NFS configuration is done in the /etc/exports file
vim /etc/exports
Add something like that:
/srv/nfsroot 192.168.2.*(rw,async,insecure,no_subtree_check)
Adjust "192.168.2.*" to your own network address
- rw : Allow clients to read as well as write access
- ro : Read only access
- insecure : Tells the NFS server to use unpriveledged ports (ports > 1024).
- no_subtree_check : If the entire volume (/users) is exported, disabling this check will speed up transfers.
- async : async will speed up transfers.
- no_root_squash: This phrase allows root to connect to the designated directory.
Security
Like TFTP, this part is insecure !
You must restrict the access to your NFS server by a firewall script and filtering BEFORE reaching the LAN !
NFS is using dynamic ports numbers because it runs over rpcbind. Making NFS using specifics port is a pain in the ass !! :(
So, instead of that you should allow your LAN communication.
IPTABLES=`which iptables`
LAN_ADDRESS="192.168.2.0/24"
# Allow LAN communication
$IPTABLES -A INPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
$IPTABLES -A OUTPUT -s $LAN_ADDRESS -d $LAN_ADDRESS -m state ! --state INVALID -j ACCEPT
Management
service nfs-kernel-server {status|start|stop|restart}
Test the server
Install the NFS v4 client:
apt-get install nfs-common
To mount the default path:
mount -t nfs nfs-server:/ /mntYou'll see: "/mnt/srv/nfsroot"
It's better to do:
mount -t nfs nfs-server:/srv/nfsroot /mnt
