BIVBlog #14: Setting up a PXE based diskless rescue system

10 Replies

Setting up a diskless boot rescue system may appear complex, but it is a valuable tool in any Unix-centric environment as well as a prerequirement for network installation.

Table of Contents

00:00:25 What to do with a diskless rescue server
00:00:40 Using XEN as a test client
00:00:55 Setting up an ISC DHCP server
00:01:42 Making the DHCP server start on-demand only
00:04:10 Configuring the DHCP server to assign addresses
00:06:15 Setting up TFTP and PXElinux
00:09:50 Configuring PXElinux
00:11:52 Providing a kernel and initrd image
00:13:50 Setting up an NFS server and root file system
00:17:00 Making the kernel find the NFS root file system
00:19:25 Fixing the root account on the root file system
00:20:36 What’s this all good for, and what else can we do with this?

References and Further Reading

PXElinux
The project documentation to the PXElinux boot loader used in this video.

About

Long term IPv6 evangelist/book author/trainer/consultant and generic Unix guy (*BSD, Linux, Solaris, and about a dozen more).

10 Comments

  1. Hi,

    Thanks for your video ! That was really helpful.

    However, I had to change few things to get it working using Ubuntu 14.04 LTS (server + clients) with physical netboot.

    These are my changes:

    ##
    ## 1. the Ubuntu LTS kernel is not ready for NFS. so I update it!
    ##
    ## ... my TFTP root is /tftpboot
    ## ... I'll put the Ubuntu Trusty kernel in /tftpboot/trusty
    ##

    ## >> Adjust PXE boot configuration
    vim /etc/initramfs-tools/initramfs.conf

    ## Set following options:
    BOOT=nfs
    MODULE=netboot

    ## Copy and prepare kernel
    cp /boot/vmlinuz-`uname -r` /tftpboot/trusty/vmlinuz
    cp /boot/initrd.img-`uname -r` /tftpboot/trusty/initrd.img

    ## Enable NFS boot on target kernel
    mkinitramfs -d /etc/initramfs-tools -o /tftpboot/trusty/initrd.img

    ## Adjust rights
    chmod -R 755 /tftpboot/trusty/

    ##
    ## 2. On the client distribution I had to adjust the /etc/fstab
    ##

    vim /etc/fstab

    ## FSTAB content

    # /etc/fstab: static file system information.
    #
    proc /proc proc defaults 0 0
    /dev/nfs / nfs defaults 1 1
    none /tmp tmpfs defaults 0 0
    none /var/run tmpfs defaults 0 0
    none /var/lock tmpfs defaults 0 0
    none /var/tmp tmpfs defaults 0 0

    ##
    ## 3. Copy kernel modules and sources from server to client distro
    ##
    ## ... my client distribution is in /nfs/trusty/
    ##

    ## Copy kernel modules
    cp -r /lib/modules/`uname -r` /nfs/trusty/lib/modules

    # Copy kernel sources
    cp -r /usr/src/linux-headers-`uname -r` /nfs/trusty/usr/src

    You can see the detailed operations and steps on my blog:
    http://www.daxiongmao.eu/wiki/index.php?title=Diskless_netboot

    That is more or less the video content step by step + more details. So: THANKS a lot for your work !

    /Guillaume

    Reply

    • Benedikt Stockebrand

      Hi Guillaume,

      glad you liked (and linked:-) it—especially because you managed to modify it for a purpose that is different than what I had in mind when I recorded the videos.

      In return, a couple suggestions on your approach to setting up diskless clients:

      • As you mentioned in your blog/wiki, security at the subnet level is an issue here. You might find it possible to improve security if you use IEEE 802.1Q tagged VLANs and hook up every client in its own subnet, using the approach I’ve explained in BIVBlog #13 on your servers and switches.
      • Diskless clients normally become notoriously slow as soon as they have to use NFS based swap space. If that happens and adding RAM isn’t an option, using a local disk/SSD for swap space can be tremendously useful while still keeping the clients stateless for all practical purposes.
      • Beyond that it is sometimes reasonable to put a client file system in a file and mount that through a loopback device on the client. This allows the client to do much more aggressive caching, which speeds up access to frequently read data while reducing network traffic, and even provides the requirements for block device level encryption. The downside here however is that a central backup will become trickier while the clients are using that file system.
      • If that’s still not enough, the next step would be iSCSI. This is even more trouble (and probably worth another video some time) but it does win you even more speed.
      • If you run this in a somewhat larger setup, using Linux for the NFS server may be less than optimal. I’d personally prefer FreeBSD (or FreeNAS) or possibly even good old Solaris for the job because of ZFS, at least until BtrFS becomes stable, because its snapshot capabilities are tremendously useful for doing backups of a running system. That said, if you only have serious Linux know-how around, this involves some extra work that may be overkill for the job at hand.
      • Beyond that the next options are dedicated NFS storage devices like various NetApp devices and/or some iSCSI based equipment. This is rather serious datacenter class stuff, however.

      Cheers,

      Benedikt

      Reply

  2. Thanks for your help. I’ll check it out and come back to you.

    In our case, due to our hosting provider, we cannot setup new VLAN and change our routers settings. That requires privileges we don’t have – or it will cost some extra money ^-^

    Instead I’ll try to set a dedicated RAMdisk in “rw” mode for /dev & /tmp + reserve some space for Swap before adding a real HDD.
    We plan to setup about 50 clients : so it’s cheaper to buy 4 or 8 Go of RAM than a small HDD (even a low one).

    I’ll check deeper the FreeBSD & FreeNAS solutions you’ve mentioned. That may exactly be our use-case.

    I’ll post our results in a next post.
    Thanks for your suggestions

    Reply

    • Benedikt Stockebrand

      Hi Guillaume,

      always glad to help:-)

      I didn’t realize you were doing this at a hosting provider, so yes, additional VLANs may cost you extra in that case; in a company environment however, VLANs are frequently available, so like all the suggestions I made, you’ll have to decide which ones are applicable to your particular needs (and skill sets).

      Using a local disk for swap space is another one of those things; it depends on the hardware you have (especially the amount of RAM it can handle) and the amount of swap your applications may actually need. If you find you have a performance issue there, you definitely want to take some serious measurements before you decide how to handle the situation; all I can provide at this point is some hints at potential options you might have.

      Cheers,

      Benedikt

      Reply

  3. Roselyn Domingo

    Hi Benedikt Stockebrand,

    I’m trying to create a diskless pxe boot in debian(jessie), i followed your video. But i’m getting a “no disk drive found” error, and it is asking for a driver installer.

    I’m not sure what am i doing wrong, this is my first time creating a pxe server. I’m hoping you would know what it is.

    Thanks,
    Rose

    Reply

    • Benedikt Stockebrand

      Hi Rose,

      oooooooops, that really went unnoticed by me for some time—sorry!

      I’m not exactly sure where that error occurred in your setup, but if I understand correctly, then the client needs some specific driver for the disk controller you use. The easiest way to deal with that is to actually take a plain vanilla machine that can do PXE boot as a client and see if the installer works with that.

      So far I’ve never personally needed to use a driver for a disk controller, so I’m not entirely sure how exactly to proceed. My best guess is to add a “modprobe ” early on in the install script and ensuring that that driver is actually installed in the system, but that’s really just an educated guess.

      Cheers,

      Benedikt

      Reply

  4. Richard

    Hi

    Is it possible to email you for some info please, I have a 12 blade microcloud server that I’m trying to setup pxe boot from another local server but I am struggling to complete the final configuration. I really appreciate any help you can offer.

    Thanks.

    Reply

    • Benedikt Stockebrand

      Hi Richard,

      yes of course, you can reach me at me/AT/stepladder-it.com (with /AT/ being replaced accordingly, to keep the spambots away). Looks like I have to find a way to make sure this winds up on every page somehow.

      Cheers,

      Benedikt

      Reply

  5. Eugene

    Hi. Thank you for great video.
    The one more thing many of us would like to know is how to randomly generate root password of rescue system for each boot (like Hetzner or OVH do).

    Reply

    • Benedikt Stockebrand

      Hi Eugene,

      generating a root password as such isn’t too difficult; on most Unix systems you could do something along the lines of

      # dd if=/dev/urandom bs=12 count=1 status=none \
      | openssl base64

      or similar. But if all the rescue systems work from the same NFS mount, then this get decidedly tricky because you need to ensure that users get their specific root password installed somehow. Beyond that you also need to communicate the password to the correct user(s).

      A possible approach if you can keep the boot system small enough is to actually create specific root filesystems, or Linux initrds, for every client and possibly every installation run. I wouldn’t be surprised if that’s what the various hosters generally do.

      Anyway, there is no one-size-fits-all solution to this problem, much like the PXE based boot is only one possible approach to network booting systems (using IPMI and a remote ISO image as a virtual boot disk is another common one). The best approach is to first decide on what you really want to achieve, and only then start to look for, or build you own, suitable solution.

      Cheers,

      Benedikt

      Reply

Leave a Reply

Your email address will not be published.

«
»