1997-08-16 23:59:29 +00:00
|
|
|
.\" Copyright (c) 1994 Gordon W. Ross, Theo de Raadt
|
2001-05-10 20:45:46 +00:00
|
|
|
.\" Updated by Luigi Rizzo
|
1997-08-16 23:59:29 +00:00
|
|
|
.\" All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\" 3. The name of the author may not be used to endorse or promote products
|
|
|
|
.\" derived from this software without specific prior written permission.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
2000-11-22 18:00:50 +00:00
|
|
|
.\"
|
1999-08-28 00:22:10 +00:00
|
|
|
.\" $FreeBSD$
|
1997-08-16 23:59:29 +00:00
|
|
|
.\"
|
2001-05-10 20:45:46 +00:00
|
|
|
.Dd April 18, 2001
|
1997-08-16 23:59:29 +00:00
|
|
|
.Dt DISKLESS 8
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm diskless
|
|
|
|
.Nd booting a system over the network
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
The ability to boot a machine over the network is useful for
|
2000-11-22 18:00:50 +00:00
|
|
|
.Em diskless
|
1997-08-16 23:59:29 +00:00
|
|
|
or
|
2000-11-22 18:00:50 +00:00
|
|
|
.Em dataless
|
1997-08-16 23:59:29 +00:00
|
|
|
machines, or as a temporary measure while repairing or
|
|
|
|
re-installing filesystems on a local disk.
|
|
|
|
This file provides a general description of the interactions between
|
|
|
|
a client and its server when a client is booting over the network.
|
|
|
|
.Sh OPERATION
|
|
|
|
When booting a system over the network, there are three
|
|
|
|
phases of interaction between client and server:
|
|
|
|
.Pp
|
2000-12-29 09:18:45 +00:00
|
|
|
.Bl -enum -compact
|
|
|
|
.It
|
2001-05-10 20:45:46 +00:00
|
|
|
The stage-1 bootstrap loads a boot program, from
|
2000-12-29 09:18:45 +00:00
|
|
|
.It
|
1997-08-16 23:59:29 +00:00
|
|
|
The boot program loads a kernel.
|
2000-12-29 09:18:45 +00:00
|
|
|
.It
|
1997-08-16 23:59:29 +00:00
|
|
|
The kernel does NFS mounts for root.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
Each of these phases are described in further detail below.
|
|
|
|
.Pp
|
2001-05-10 20:45:46 +00:00
|
|
|
In phase 1, the stage-1 bootstrap code loads a boot program,
|
|
|
|
which is typically able to control the network card.
|
|
|
|
The boot program can be stored in the BIOS, in a BOOT ROM
|
|
|
|
located on the network card (PXE, etherboot, netboot),
|
|
|
|
or come from a disk unit (e.g. etherboot or netboot).
|
1997-08-16 23:59:29 +00:00
|
|
|
.Pp
|
2001-12-07 10:36:38 +00:00
|
|
|
In phase 2, the boot program loads a kernel.
|
|
|
|
Operation in
|
1997-08-16 23:59:29 +00:00
|
|
|
this phase depends on the design of the boot program.
|
2001-05-10 20:45:46 +00:00
|
|
|
Typically, the boot program uses the
|
|
|
|
.Tn BOOTP
|
|
|
|
or
|
|
|
|
.Tn DHCP
|
|
|
|
protocol to get the client's IP address and other boot
|
|
|
|
information, including but not limited to
|
|
|
|
the IP addresses of the NFS server, router and nameserver,
|
|
|
|
and the name of the kernel to load.
|
|
|
|
Then the kernel is loaded, either directly using NFS
|
|
|
|
(as it is the case for etherboot and netboot),
|
|
|
|
or through an intermediate loader called pxeboot and
|
|
|
|
loaded using TFTP or NFS.
|
|
|
|
.Pp
|
|
|
|
In phase 3, the kernel uses again DHCP or BOOTP to acquire
|
|
|
|
configuration information, and proceeds to mount the
|
|
|
|
root filesystem and start operation.
|
|
|
|
Some specific actions performed during the startup
|
|
|
|
of a diskless system are listed in
|
|
|
|
.Pa /etc/rc.diskless1
|
|
|
|
and
|
|
|
|
.Pa /etc/rc.diskless2
|
1997-08-16 23:59:29 +00:00
|
|
|
.Sh CONFIGURATION
|
2001-05-10 20:45:46 +00:00
|
|
|
In order to run a diskless client, you need the following:
|
|
|
|
.Bl -bullet
|
2000-12-29 09:18:45 +00:00
|
|
|
.It
|
2001-05-10 20:45:46 +00:00
|
|
|
an NFS server which exports a root and /usr partition with
|
|
|
|
appropriate permissions.
|
|
|
|
The
|
|
|
|
.Pa rc.diskless{1,2}
|
|
|
|
scripts work with readonly partitions, as long as root is exported with
|
|
|
|
.Fl maproot Ns =0
|
|
|
|
so that some system files can be accessed.
|
|
|
|
As an example,
|
|
|
|
.Pa /etc/exports
|
|
|
|
can contain the following lines:
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
<ROOT> -maproot=0 -alldirs <list of diskless clients>
|
|
|
|
/usr -alldirs <list of diskless clients>
|
1997-08-16 23:59:29 +00:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2001-05-10 20:45:46 +00:00
|
|
|
where
|
|
|
|
.Aq ROOT
|
|
|
|
is the mountpoint on the server of the root partition.
|
|
|
|
The script
|
|
|
|
.Pa /usr/share/examples/diskless/clone_root
|
|
|
|
can be used to create a shared readonly root partition,
|
|
|
|
but in same cases you can also decide to export
|
|
|
|
(again as readonly) the root directory used by
|
|
|
|
the server itself.
|
2000-12-29 09:18:45 +00:00
|
|
|
.It
|
2001-05-10 20:45:46 +00:00
|
|
|
a
|
|
|
|
.Tn BOOTP
|
|
|
|
or
|
|
|
|
.Tn DHCP
|
|
|
|
server.
|
|
|
|
.Xr bootpd 8
|
|
|
|
can be enabled by
|
|
|
|
uncommenting the
|
|
|
|
.Em bootps
|
|
|
|
line in
|
|
|
|
.Pa /etc/inetd.conf .
|
|
|
|
A sample
|
|
|
|
.Pa /etc/bootptab
|
|
|
|
can be the following:
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
.default:\\
|
|
|
|
hn:ht=1:vm=rfc1048:\\
|
|
|
|
:sm=255.255.255.0:\\
|
|
|
|
:sa=<SERVER>:\\
|
|
|
|
:gw=<GATEWAY>:\\
|
|
|
|
:rp="<SERVER>:<ROOT>":
|
|
|
|
|
|
|
|
<CLIENT>:ha=0123456789ab:tc=.default
|
1997-08-16 23:59:29 +00:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2001-05-10 20:45:46 +00:00
|
|
|
where
|
|
|
|
.Aq SERVER ,
|
|
|
|
.Aq GATEWAY
|
|
|
|
and
|
|
|
|
.Aq ROOT
|
|
|
|
have the obvious meanings.
|
2000-12-29 09:18:45 +00:00
|
|
|
.It
|
2001-05-10 20:50:54 +00:00
|
|
|
On the root partition, create the directory
|
|
|
|
.Pa /conf/default/etc ,
|
|
|
|
and populate it with a copy of the contents of
|
|
|
|
.Pa /etc .
|
|
|
|
The files and subdirectories within
|
|
|
|
.Pa /conf/default/etc
|
|
|
|
are used to bootstrap the diskless environment's
|
|
|
|
.Pa /etc
|
|
|
|
memory filesystem.
|
|
|
|
Be sure and copy the entirety of
|
|
|
|
.Pa /etc ,
|
|
|
|
and not just overrides.
|
|
|
|
.It
|
|
|
|
Additionally, one may supply per-network or per-host overrides for
|
|
|
|
files in
|
|
|
|
.Pa /etc
|
|
|
|
by creating and populating the directories
|
2001-05-10 20:45:46 +00:00
|
|
|
.Pa /conf/${i}/etc ,
|
|
|
|
where
|
|
|
|
.Va i
|
2001-05-10 20:50:54 +00:00
|
|
|
can be either the subnet broadcast address for the client, or the IP
|
|
|
|
address of the client.
|
2001-05-10 20:45:46 +00:00
|
|
|
.Pp
|
|
|
|
Files are copied from the above directories into
|
|
|
|
.Pa /etc
|
|
|
|
(overriding the previous content of
|
|
|
|
.Pa /etc )
|
|
|
|
starting from the most generic one by
|
|
|
|
.Pa /etc/rc.diskless1 ,
|
|
|
|
before the main part of
|
|
|
|
.Pa /etc/rc
|
|
|
|
(including reading
|
|
|
|
.Pa rc.conf )
|
|
|
|
is run.
|
|
|
|
.Pp
|
|
|
|
As a minimum, you normally need to have the following in
|
|
|
|
.Pa /conf/default/etc/fstab
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
<SERVER>:<ROOT> / nfs ro 0 0
|
|
|
|
<SERVER>:/usr /usr nfs ro 0 0
|
|
|
|
proc /proc procfs rw 0 0
|
1997-08-16 23:59:29 +00:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2001-05-10 20:45:46 +00:00
|
|
|
and also a customized version of
|
|
|
|
.Pa /conf/default/etc/rc.conf
|
|
|
|
which should contain
|
|
|
|
the startup options for the diskless client.
|
|
|
|
.Pp
|
|
|
|
Most likely
|
|
|
|
you will not need to set
|
|
|
|
.Va hostname
|
|
|
|
and
|
|
|
|
.Va ifconfig_*
|
|
|
|
because these will be already set by the startup code.
|
|
|
|
You will also probably need to set
|
|
|
|
.Va local_startup Ns = Ns Qq
|
|
|
|
so that the server's
|
|
|
|
local startup files will not be used.
|
2001-11-27 21:35:47 +00:00
|
|
|
.Pp
|
2001-12-07 10:36:38 +00:00
|
|
|
While an
|
|
|
|
.Xr md 4 Ns -backed
|
2002-05-16 05:21:58 +00:00
|
|
|
filesystem is mounted on
|
2001-12-07 10:36:38 +00:00
|
|
|
.Pa /var
|
|
|
|
by the startup scripts,
|
2001-11-27 21:35:47 +00:00
|
|
|
some sites may want to disable the saving of entropy by setting
|
2001-12-07 10:36:38 +00:00
|
|
|
.Va entropy_dir Ns = Ns Qq Li NO
|
2001-11-27 21:35:47 +00:00
|
|
|
in
|
|
|
|
.Pa /etc/defaults/rc.conf .
|
|
|
|
.Pp
|
2001-05-10 20:45:46 +00:00
|
|
|
Finally, it might be convenient to use a
|
|
|
|
.Ic case
|
|
|
|
statement using
|
|
|
|
.Li `hostname`
|
|
|
|
as the switch variable to do machine-specific configuration
|
|
|
|
in case a number of diskless clients share the same configuration
|
|
|
|
files.
|
2000-12-29 09:18:45 +00:00
|
|
|
.It
|
2001-05-10 20:45:46 +00:00
|
|
|
build a kernel whose config file (e.g.\&
|
|
|
|
.Pa /sys/i386/conf/DISKLESS )
|
2001-11-27 20:47:38 +00:00
|
|
|
has at least the following options and devices:
|
2001-05-10 20:45:46 +00:00
|
|
|
.Bd -literal -offset indent
|
2001-11-27 20:47:38 +00:00
|
|
|
device md
|
2001-05-10 20:45:46 +00:00
|
|
|
options BOOTP
|
|
|
|
options BOOTP_NFSROOT
|
|
|
|
options BOOTP_COMPAT
|
1997-08-16 23:59:29 +00:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2001-05-10 20:45:46 +00:00
|
|
|
If you use the firewall, remember to default to open or your kernel
|
|
|
|
will not be able to send/receive the bootp packets.
|
1997-08-16 23:59:29 +00:00
|
|
|
.El
|
2001-05-10 20:45:46 +00:00
|
|
|
.Sh SECURITY ISSUES
|
|
|
|
Be warned that using unencrypted NFS to mount root and user
|
|
|
|
partitions may expose information such as
|
|
|
|
encryption keys.
|
|
|
|
.Sh BUGS
|
|
|
|
This manpage is probably incomplete.
|
|
|
|
.Pp
|
|
|
|
.Fx
|
|
|
|
sometimes requires to write onto
|
2001-12-07 10:36:38 +00:00
|
|
|
the root partition, so the startup scripts create and mount
|
|
|
|
.Xr md 4 Ns -backed
|
2001-05-10 20:45:46 +00:00
|
|
|
filesystems on some locations (e.g.\&
|
|
|
|
.Pa /etc
|
|
|
|
and
|
|
|
|
.Pa /var ) ,
|
|
|
|
while
|
|
|
|
trying to preserve the original content.
|
|
|
|
The process might not handle all cases.
|
2000-11-22 18:00:50 +00:00
|
|
|
.Sh SEE ALSO
|
2001-12-07 10:36:38 +00:00
|
|
|
.Xr md 4 ,
|
1997-08-16 23:59:29 +00:00
|
|
|
.Xr ethers 5 ,
|
1997-09-29 10:11:02 +00:00
|
|
|
.Xr exports 5 ,
|
2001-05-10 20:45:46 +00:00
|
|
|
.Xr bootpd 8 ,
|
1997-08-16 23:59:29 +00:00
|
|
|
.Xr mountd 8 ,
|
|
|
|
.Xr nfsd 8 ,
|
2001-05-10 20:45:46 +00:00
|
|
|
.Xr pxeboot 8 ,
|
1997-09-29 10:11:02 +00:00
|
|
|
.Xr reboot 8 ,
|
2001-05-10 20:45:46 +00:00
|
|
|
.Xr tftpd 8 ,
|
|
|
|
.Xr ports/net/etherboot
|