HOWTO_network_boot_without_write_access_on_server

This article is part of the HOWTO series.

Installation • Kernel & Hardware • Networks • Portage • Software • System • X Server • Gaming • Non-x86 • Emulators • Misc

1 Network booting without write access on the server

Network booting without write access on the server

Why?

The first question you might ask is: why would I want to do this?

There can be several reasons.

Maybe the most important one is to allow multiple computers to boot from the same Linux. This way you have some sort of "master".

You can use it as a OS for maintenance duties, like HDD Backups to an external (USB-)Drive or for virus-scans of infected windows installations.

Some people also call this diskless Linux.

Client environment

Disk preparation

First you need to make a directory for your new network bootable Gentoo installation (this will be /var/gentoo-netboot/ in this example). Unpack your stage-* tarball into this directory like normal and go on as outlined in the official Gentoo Documentation. When you have chrooted into your new installation, synced your portage-tree and adapted your make.conf, checkback here to see what comes next.

Kernel

In the kernel you will need:

Linux Kernel Configuration: NFS

 File systems  --->
  Network File Systems  --->
   <*> NFS file system suppor
   [*]   Provide NFSv3 client support
   ...
   [*] Root file system on NFS

Also include a lot of network card supports. You'll also need DHCP support in the kernel:

Linux Kernel Configuration: DHCP

 Networking  --->
  Networking options  --->
   [*] TCP/IP networking
   ...
   [*]   IP: kernel level autoconfiguration
   [*]     IP: DHCP support
   [*]     IP: BOOTP support

You can statically compile all needed modules for startup in your kernel to circumvent the need for an inital ramdisk.

Now compile the Kernel and install the modules (if needed):

make
make modules_install
cp arch/i386/boot/bzImage /boot/vmlinuz-x.x.x-gentoo-rx
cp System.map /boot/System.map-x.x.x-gentoo-rx
cp .config /boot/config-x.x.x-gentoo-rx

Init

Next you need to add an additional startup script to mount some ramdisks to different locations that need write access.

File: /linuxrc

 #!/bin/bash
 ### create ramdisks ###
 echo "creating ramdisk for /tmp"
 mount -n -t tmpfs tmpfs /tmp

 echo "creating ramdisk for /var/lib/init.d"
 mount -n -t tmpfs tmpfs /var/lib/init.d

 echo "creating ramdisk for /var/log"
 mount -n -t tmpfs tmpfs /var/log

 echo "creating ramdisk for /var/run"
 mount -n -t tmpfs tmpfs /var/run

 echo "creating ramdisk for /var/lock"
 mount -n -t tmpfs tmpfs /var/lock

 echo "creating ramdisk for /root"
 mount -n -t tmpfs tmpfs /root
 ### / ###

 ### create ramdisk for /etc ###
 echo "saving /etc from NFS-Mount"
 cd /etc && tar cfj /tmp/etc.tar.bz2 *

 echo "creating ramdisk for /etc"
 mount -n -t tmpfs tmpfs /etc

 echo "populating /etc"
 tar xfj /tmp/etc.tar.bz2 -C /etc
 rm /tmp/etc.tar.bz2
 ### / ###
 
 exec /sbin/init </dev/console >/dev/console 2>&1

fstab

Your /etc/fstab should look like this:

File: /etc/fstab

192.168.1.2:/var/gentoo-netboot  /               nfs     ro,noauto            0 0
proc                             /proc           proc    nodev,nosuid,noexec  0 0
shm                              /dev/shm        tmpfs   nodev,nosuid,noexec  0 0

ssh

If you want to use sshd in your diskless-system you need to create the sshd keys. Normally sshd creates them at the first start, but since the root is read-only, we need to create them beforehand:

ssh-keygen -t rsa1 -b 1024 -f /etc/ssh/ssh_host_key -N 
ssh-keygen -d -f /etc/ssh/ssh_host_dsa_key -N 
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N

/etc/init.d

Normally it is desired that the init-scripts start-up your network interface. In your diskless-installation this will be done by the kernel at boot-time. Since the network-init scripts are always started (to resolve dependencies), even when executing rc-update del net.eth0 default to prevent the execution of net.eth0, you should rm /etc/init.d/net.eth0. Without doing this, the network init-script tries to reconfigure your network connection and will bite the hand that feeds it.

As an alternative you can modify /etc/conf.d/rc:

File: /etc/conf.d/rc

RC_PLUG_SERVICES="!net.*"

The client environment is now configured.
You can leave your chrooted environment. We will now go on with the server configuration.

Server environment

Installation

You will need the following ebuilds:

net-misc/dhcp
net-ftp/tftp-hpa
net-fs/nfs-utils
sys-boot/syslinux

emerge dhcp tftp-hpa nfs-utils syslinux

Configuration

DHCP

The DHCP server is necessary for telling the client what to boot and where.

File: /etc/dhcp/dhcpd.conf

 ddns-update-style none;

 subnet 192.168.1.0 netmask 255.255.255.0 {
        max-lease-time 3600;
        default-lease-time 3600;
        authoritative;

        range 192.168.1.50 192.168.1.99;
        option domain-name-servers 192.168.1.1;
        option routers 192.168.1.254;
        filename "pxelinux.0";
        next-server  192.168.1.2;
 }

Don't forget to modify the IP-Addresses to fit your installation.

TFTP

TFTP will be used by PXEBOOT to get the pxelinux binary.

File: /etc/conf.d/in.tftpd

 # Path to server files from
 INTFTPD_PATH="/var/tftp"
 
 # For more options, see in.tftpd(8)
 # -R 4096:32767 solves problems with ARC firmware, and obsoletes
 # the /proc/sys/net/ipv4/ip_local_port_range hack.
 # -s causes $INTFTPD_PATH to be the root of the TFTP tree.
 # -l is passed by the init script in addition to these options.
 INTFTPD_OPTS="-R 4096:32767 -s ${INTFTPD_PATH}"

NFS exports

To make the root filesystem available to the client you need to add it to /etc/exports:

File: /etc/exports

/var/gentoo-netboot        192.168.1.0/24(ro,sync,no_root_squash)

PXE

The DHCP-server tells the client to fetch the PXE-bootloader from "pxelinux.0". This file is part of the syslinux package and has to be placed in the TFTP-servers root directory:

cp /usr/share/syslinux/pxelinux.0 /var/tftp

This PXE-bootloader expects the default configuration file in "pxelinux.cfg/default". You will create this file now:

cd /var/tftp
mkdir pxelinux.cfg

File: /var/tftp/pxelinux.cfg/default

 DEFAULT diskless
 TIMEOUT 100
 PROMPT 1
 
 LABEL diskless
   KERNEL diskless
   APPEND ip=dhcp root=/dev/nfs nfsroot=192.168.1.2:/var/gentoo-netboot init=/linuxrc

In the default config file you told the bootloader to boot the kernel named "diskless". You will copy this file now from your client environment to the appropriate location:

cp /var/gentoo-netboot/boot/vmlinuz-x.x.x-gentoo-rx /var/tftp/diskless

Issues

If you get something like

nfs warning: server not responding

when the kernel tries to mount the NFS-filesystem you probably want to read http://wiki.ltsp.org/twiki/bin/view/Ltsp/NFS#NFS_Server_not_responding.

Using TCP as transport-protocol for NFS helped me to work around this problem. To use TCP you just pass one extra option to the kernel:

File: /var/tftp/pxelinux.cfg/default

 LABEL diskless
   KERNEL diskless
   APPEND ip=dhcp root=/dev/nfs nfsroot=192.168.1.2:/var/gentoo-netboot,tcp init=/linuxrc

References

http://syslinux.zytor.com/pxe.php#config

Retrieved from "http://www.gentoo-wiki.info/HOWTO_network_boot_without_write_access_on_server"

Category: Boot

Last modified: Mon, 13 Oct 2008 08:38:00 +1100 Hits: 18,084

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should be using interactive floor plans and real estate agent tools.

Gentoo Wiki