Re: OT: Read-Only NFS-mounted Debian System for Library Kiosk PCs, using KACE K2000 as PXE?

To: debian-user@lists.debian.org

Subject: Re: OT: Read-Only NFS-mounted Debian System for Library Kiosk PCs, using KACE K2000 as PXE?

From: Kent West <westk@acu.edu>

Date: Mon, 13 Feb 2017 16:42:57 -0600

Message-id: <[🔎] 093de35c-9871-9e9b-2427-700ee8258585@acu.edu>

Reply-to: kent.west@acu.edu

In-reply-to: <CAByJ6DHvgdoKdG-SdA6++ScF8ZQUX9iB1JaTM=MxacrVObceAA@mail.gmail.com>

References: <CAByJ6DHvgdoKdG-SdA6++ScF8ZQUX9iB1JaTM=MxacrVObceAA@mail.gmail.com>

On 12/05/2016 09:44 AM, Kent West wrote:

I've been tasked with replacing a few library kiosks in a university library. They currently run Windows with a kiosk-product named SiteKiosk to restrict them to just a few apps (web-browser, printing, MS-Word) and prevent tampering. It works pretty well.

But I have a philosophical distaste of Windows; I'm not in favor of maintaining more third-party products (SiteKiosk) than is necessary; I like the idea of disk-less workstations; I like the idea of configure-in-one-place-for-all-machines; and I just like Debian; and I think it might serve as a foot-hold in the door to converting other Windows PCs across campus to Debian.

But I have no real experience in PXE booting, and only vaguely understand the depths of Debian booting, and know very little about setting up a KACE (now Quest) K2000 Systems Deployment Appliance for network-booting a computer, and much less for booting a Linux image, and much less for pointing those Linux boxes to remote read-only NFS mounted systems (and I know little NFS at all).

So, does anyone have enough experience with this combination of stuff, and willingness, to guide me in this process? Or even subsets of the process that might get me closer to the whole? I can't help but think there might be others in a similar situation that would benefit from finding this process detailed on-line.

I haven't gotten the process entirely figured out, but I'm getting pretty close, and in case some other Quest/KACE K2000 Debianista wants to do this, I thought I'd document it:

Setting up a KACE Boot Environment (KBE) That Boots memtest86

(that will eventually boot a Debian read-only NFS-mounted kiosk)

Introductory Notes

This document assumes you have a working K2000 ("K2") box, and you're an administrator thereof.

The version with which I'm working is Quest/Dell KACE K2000 version 4.0.695.

I normally prefer to access the K2's web interface from my Linux box, but for most of the following to work, I'm using a Windows 10 PC (actually, a VirtualBox setup on my Debian GNU/Linux box; if it matters, my Win10 Enterprise Edition has been updated to the Anniversary ("Version 1607") version).

Do This From a Windows Computer

Because the Quest/KACE tools are Windows-centric, you have to have a Windows computer. So I used VirtualBox on my Debian computer, but I think almost any recent WIndows computer should work for you.

Get the Windows Assessment and Deployment Kit (ADK)

On your Windows computer, web-browse to microsoft.com, then Support, and search for “ADK 10”. (If you have Windows 7 or 8, etc, you’ll need the ADK 7 or 8, etc.) Since my Windows Enterprise virtual machine had been upgraded to the 1607 “Anniversary Version”, I had to get the 1607 version of the ADK.

Get Media Manager

On your Windows computer, log into your K2, and browse to Library/Source Media/Choose Action/Download Media Manager....

Download for Windows

Save the file and run it, to install the Quest / KACE Media Manager onto your Windows computer.

Get KBE Manipulator (KBEM)

Go to quest.com / Support. You'll likely have to log into their support site (which means creating an account if you haven't already done so. Why?!!)

In the Search field for the web site (I couldn't find it browsing/searching the Download Software section), search for "kbe manipulator". Find a link that looks promising for your setup. In my case, it's the link that says "KBE Manipulator 3.7.1.25".

Add to Downloads / Download Now. Run the installer. I was presented with four checkboxes; I only left "Launch KBE Manipulator" checked.

I was given the offer to download an upgrade. I downloaded the upgrade, and then repeated the above step, to finish installing the KBE Manipulator (KBEM) onto my Windows computer.

Get the memtest86.iso

On your Windows computer, search for and download memtest86. Make sure to get it from the official memtest86.com site, so you don’t have to worry about malware/trojans/etc. Unzip the file if necessary so that it's just a .ISO file.

Use the KBEM to Create a KBE That Boots memtest86 (or other)

When you start the KBE Manipulator on your Windows computer, you'll be brought to a configuration panel, which configures the KBE you’re building. Normally it'll build either a 32-bit or a 64-bit Windows KBE, but when you select an .ISO from the File menu, you get that ISO's OS instead of a Windows OS. For a regular Windows KBE, the process might take an hour or so; for something small like memtest86, half a minute or so.

The IP address is the IP address of your K2000 box; the Samba password should be the password in your K2000's Samba share control panel setting; the name to call the KBE is whatever name you want to show up in your K2's Deployments/Boot Environments listing. I called my KBE "memtest86", and made sure to select File / Choose an .ISO to upload, and pointed it to my memtest86.iso that I had downloaded/unzipped in the previous step.

Click "Create KBE" to create your memtest86 KBE.

Make sure the new memtest86 KBE shows up in the K2000 / Deployments / Boot Environments, and then try booting a PC from it.

For me, it works! Yea!

Trying to Boot a Linux LiveCD

Well, if I can boot memtest86, maybe I can boot a LiveCD in the same manner.

I tried Puppy Linux (<200MB), and Damn Small Linux 4.11 RC2 (<50 MB). Both partially booted, and then failed to find more of the system, dropping me into a limited blackbox type of shell.

That’s okay; I’m making progress.

I then tried SliTaz Linux (had never heard of it; < 50MB), and it works. It’s got an X graphical display, with the Midori web browser, which plays YouTube videos, with audio. Very impressive.

I also uploaded NT Password Reset, which is handy for getting into Windows boxes when you’ve forgotten the Administrator password.

Moving on to the Ultimate Goal - Booting into a read-only NFS-mounted Debian system

I believe this is the last piece of the puzzle. So I'm off to go see if I can figure this part out.

-- 
Kent West     <*)))><
http://kentwest.blogspot.com
Praise Yah! \o/

Reply to: