1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
|
.\" Copyright (c) 1994 Gordon W. Ross, Theo de Raadt
.\" Updated by Luigi Rizzo
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\" derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd April 18, 2001
.Dt DISKLESS 8
.Os
.Sh NAME
.Nm diskless
.Nd booting a system over the network
.Sh DESCRIPTION
The ability to boot a machine over the network is useful for
.Em diskless
or
.Em dataless
machines, or as a temporary measure while repairing or
re-installing filesystems on a local disk.
This file provides a general description of the interactions between
a client and its server when a client is booting over the network.
.Sh OPERATION
When booting a system over the network, there are three
phases of interaction between client and server:
.Pp
.Bl -enum -compact
.It
The stage-1 bootstrap, typically PXE built into your ethernet
card, loads a second-stage boot program.
.It
The second-stage boot program, typically 'pxeboot', loads modules and
the kernel and boots the kernel.
.It
The kernel NFS mounts the root directory and continues from there.
.El
.Pp
Each of these phases are described in further detail below.
.Pp
First the stage-1 bootstrap loads the stage-2 boot program over
the network. The stage-1 bootstrap typically uses BOOTP or DHCP
to obtain the filename to load, then uses TFTP to load the file.
This file is typically called "pxeboot" and should be copied from
.Pa /boot/pxeboot
into the tftp directory on the server, which is typically
.Pa /tftpdir .
.Pp
The stage-2 boot program then loads additional modules and the kernel.
These files may not exist on the DHCP or BOOTP server. You can use the
.Sy next-server
option available in DHCP configurations to specify the server holding
the second stage boot files and kernel. The stage-2 program uses
NFS or TFTP to obtain these files. By default, NFS is used.
If you are using pxeboot you can install a version that uses
TFTP by setting LOADER_TFTP_SUPPORT=YES
in your
.Pa /etc/make.conf ,
then recompiling and reinstalling pxeboot via the command listed below.
It is often necessary to use TFTP here so you can place a custom kernel
in /tftpdir/.
If you use NFS and do not have a custom root filesystem for the diskless
client, the stage-2 boot will load your server's kernel as the kernel for
the diskless machine, which may not be what you want to have happen.
.Bd -literal -offset indent
cd /usr/src/sys/i386/boot
make clean; make; make install
cp /boot/pxeboot /tftpdir/
.Ed
.Pp
In phase 3, the kernel again uses DHCP or BOOTP to acquire
configuration information, and proceeds to mount the
root filesystem and start operation. The boot
scripts recognize a diskless startup and peform
the actions found in
.Pa /etc/rc.d/initdiskless
and
.Pa /etc/rc.d/diskless .
In older systems the scripts are located in
.Pa /etc/rc.diskless1
and
.Pa /etc/rc.diskless2 .
.Sh CONFIGURATION
In order to run a diskless client, you need the following:
.Bl -bullet
.It
An NFS server which exports a root and /usr partition with
appropriate permissions.
The diskless
scripts work with readonly partitions, as long as root is exported with
.Fl maproot Ns =0
so that some system files can be accessed.
As an example,
.Pa /etc/exports
can contain the following lines:
.Bd -literal -offset indent
<ROOT> -ro -maproot=0 -alldirs <list of diskless clients>
/usr -ro -alldirs <list of diskless clients>
.Ed
.Pp
where
.Aq ROOT
is the mountpoint on the server of the root partition.
The script
.Pa /usr/share/examples/diskless/clone_root
can be used to create a shared readonly root partition,
but in many cases you may decide to export
(again as readonly) the root directory used by
the server itself.
.It
a
.Tn BOOTP
or
.Tn DHCP
server.
.Xr bootpd 8
can be enabled by
uncommenting the
.Em bootps
line in
.Pa /etc/inetd.conf .
A sample
.Pa /etc/bootptab
can be the following:
.Bd -literal -offset indent
.default:\\
hn:ht=1:vm=rfc1048:\\
:sm=255.255.255.0:\\
:sa=<SERVER>:\\
:gw=<GATEWAY>:\\
:rp="<SERVER>:<ROOT>":
<CLIENT>:ha=0123456789ab:tc=.default
.Ed
.Pp
where
.Aq SERVER ,
.Aq GATEWAY
and
.Aq ROOT
have the obvious meanings.
.It
A properly initialized root partition.
The script
.Pa /usr/share/examples/diskless/clone_root
can help in creating it, using the server's root partition
as a reference. If you are just starting out you should
simply use the server's own root directory,
.Pa / ,
and not try to clone it.
.Pp
You often do not want to use the same
.Pa rc.conf
or
.Pa rc.local
files for the diskless boot as you do on the server. The diskless boot
scripts provide a mechanism through which you can override various files
in
.Pa /etc
(as well as other subdirectories of root). The scripts provide four
overriding directories situated in
.Pa /conf/base ,
.Pa /conf/default ,
.Pa /conf/<broadcast-ip> ,
and
.Pa /conf/<machine-ip> .
You should always create
.Pa /conf/base/etc ,
which will entirely replace the server's
.Pa /etc
on the diskless machine.
You can clone the server's
.Pa /etc
here or you can create a special file which tells the diskless boot scripts
to remount the server's
.Pa /etc
onto
.Pa /conf/base/etc .
You do this by creating the file
.Pa /conf/base/etc/diskless_remount
containing the mount point to use as a basis of the diskless machine's
.Pa /etc .
For example, the file might contain:
.Bd -literal -offset 4n
10.0.0.1:/etc
.Ed
.Pp
The diskless scripts create memory filesystems to hold the overriden
directories. Only a 2MB partition is created by default, which may not
be sufficient for your purposes. To override this you can create the
file
.Pa /conf/base/etc/md_size
containing the size, in 512 byte sectors, of the memory disk to create
for that directory.
.Pp
You then typically provide file-by-file overrides in the
.Pa /conf/default/etc
directory. At a minimum you must provides overrides for
.Pa /etc/fstab ,
.Pa /etc/rc.conf ,
and
.Pa /etc/rc.local
via
.Pa /conf/default/etc/fstab ,
.Pa /conf/default/etc/rc.conf ,
and
.Pa /conf/default/etc/rc.local .
.Pp
Overrides are hierarchical. You can supply network-specific defaults
in the
.Pa /conf/<BROADCASTIP>/etc
directory, where <BROADCASTIP> represents the broadcast IP address of
the diskless system as given to it via
.Tn BOOTP .
The
.Pa diskless_remount
and
.Pa md_size
features work in any of these directories.
The configuration feature works on directories other then
.Pa /etc ,
you simply create the directory you wish to replace or override in
.Pa /conf/{base,default,<broadcast>,<ip>}/*
and work it in the same way that you work
.Pa /etc .
.Pp
Since you normally clone the server's
.Pa /etc
using the
.Pa /conf/base/etc/diskless_remount ,
you might wish to remove unneeded files from the memory filesystem. For
example, if the server has a firewall but you do not, you might wish
to remove
.Pa /etc/ipfw.conf .
You can do this by creating a
.Pa /conf/base/<DIRECTORY>.remove
file. For example,
.Pa /conf/base/etc.remove ,
which contains a list of relative paths that the boot scripts should remove
from the memory file systems.
.Pp
As a minimum, you normally need to have the following in
.Pa /conf/default/etc/fstab
.Bd -literal -offset indent
<SERVER>:<ROOT> / nfs ro 0 0
<SERVER>:/usr /usr nfs ro 0 0
proc /proc procfs rw 0 0
.Ed
.Pp
You also need to create a customized version of
.Pa /conf/default/etc/rc.conf
which should contain
the startup options for the diskless client, and
.Pa /conf/default/etc/rc.local
which could be empty but prevents the server's own
.Pa /etc/rc.local
from leaking onto the diskless system.
.Pp
In
.Pa rc.conf ,
most likely
you will not need to set
.Va hostname
and
.Va ifconfig_*
because these will be already set by the startup code.
Finally, it might be convenient to use a
.Ic case
statement using
.Li `hostname`
as the switch variable to do machine-specific configuration
in case a number of diskless clients share the same configuration
files.
.It
The kernel for the diskless clients, which will be loaded using
NFS or TFTP, should be built with at least the following options:
.Bd -literal -offset indent
options BOOTP
options BOOTP_NFSROOT
options BOOTP_COMPAT
.Ed
.Pp
In the devices section add:
.Bd -literal -offset indent
device md
.Ed
.Pp
If you use the firewall, remember to default to open or your kernel
will not be able to send/receive the bootp packets.
.El
.Sh SECURITY ISSUES
Be warned that using unencrypted NFS to mount root and user
partitions may expose information such as
encryption keys.
.Sh BUGS
This manpage is probably incomplete.
.Pp
.Fx
sometimes requires to write onto
the root partition, so the startup scripts mount MFS
filesystems on some locations (e.g.\&
.Pa /etc
and
.Pa /var ) ,
while
trying to preserve the original content.
The process might not handle all cases.
.Sh SEE ALSO
.Xr ethers 5 ,
.Xr exports 5 ,
.Xr bootpd 8 ,
.Xr mountd 8 ,
.Xr nfsd 8 ,
.Xr pxeboot 8 ,
.Xr reboot 8 ,
.Xr tftpd 8 ,
.Xr ports/net/etherboot
|
