Re: Diskless boot NFS server image
> I have been developing perl scripts that enable easy to configure and
> maintain NFS images for diskless clients. I have packaged these into
> a debian package, and I can provide my current version on request if
> anybody is interested. Currently they allow setting up different groups
> of clients, each with there own settings. Multiple architectures should
> be supported, but I cannot test this. For extra security and less
> diskspace usage, / is mounted read-only from a shared mount point,
> and /etc, /var, and /tmp are mounted as read-write on boot.
yes, I think it would be a nice idea to provide a debian package
for this purpose.
> There are some difficult issues I have with it:
> - I would like to be able calculate MD5sums for certain files, in order
> to be able to check if the contents have changed or not (eg similar to
> how dpkg handles configuration files). How do I do this from perl? Do
> perl packages already exist to do this?
> - as / is mounted R/O, this means /lib/modules is also R/O, and the
> boot process cannot calculate the module dependancies. ARRRGGGGHHHH!!!
> I do not know how to get around this, other then to mount / as R/W
> for the first boot. Is it possible to get module dependancy information
> written to some other directory??? Is there another better way? IMHO,
> it should be possible to mount /lib, /bin, /sbin, /usr, /boot, as
> read only (and possibly /etc too), but FSSTND only seems to mention /usr.
One could boot from an initial ram disk ("initrd", cf. kernel docs)
set up all necessary things and then remount / from nfs.
Another problem could be /dev. Usually login changes ownership
and permission of the tty devices for security reasons.
> - Linux defaults to mounting root from "/tftpboot/<IPaddress>", however,
> I don't think that this is allowed by FSSTND. Hence I have used symlinks
> from /tftpboot/<ipaddress> into and under /var/lib/diskless/. This
> allows booting Linux without giving it command line arguments, but it
> still breaks FSSTND.
I think you can change this by a DHCP parameter. In principle this
is also possible with BOOTP but the limited size of BOOTP packages
may truncate this boot option.
We use diskless clients for two purposes:
1. As a robust "internet point" for our students. There is no login,
fvwm95 and netscape is started directly from inittab.
2. As a comfortable maintainance option for our server: Just
boot from disk, mount a nfs root filesystem and you can
repair the disks, or restore a backup even from remote.
There are some error messages during the boot process
that complain that several files are readonly. But it works
and after a disaster you surely avoid nitpicking,