¡Esta es una revisión vieja del documento!
Tabla de Contenidos
NFS Root
Introducción
Este CÓMO trata de ejecutar su sistema Slackware Linux sin ningún disco duro, o quizás con un disco duro muy pequeño, accediendo a la red para recuperar todos los archivos excepto el kernel. Si desea ir por todo, también puede arrancar con PXE el kernel, sin embargo, este CÓMO espera que tenga un lugar local para almacenar el kernel. Vamos a utilizar máquinas virtuales (VirtualBox) para simular un cliente sin disco. Seguiremos usando una instalación completa de Linux junto con nuestro confiable LILO para preparar y luego arrancar ese kernel.Esto puede parecer un poco inútil, ya que no hay un caso de uso para exactamente lo que estoy haciendo aquí, pero al menos debería informar sobre cómo se obtiene la raíz NFS, y algunos de los escollos y soluciones alternativas.
Ejecutando un servidor NFS
Por supuesto, necesita un servidor NFS para servir los archivos raíz. Voy a llamar a esto slack-nfs-server . La dirección IP es 172.17.0.80 . Hay un gran artículo sobre la configuración de un servidor NFS. A continuación, cree su servidor con Virtual Box (con redes puenteadas) y luego vuelva aquí para el siguiente paso.
El /etc/exports que estoy usando se ve así:
/nfs_share 172.17.0.1/24(rw,sync,no_root_squash,no_subtree_check)
Eso es inseguro pero lo suficientemente bueno para la configuración, podemos refinarlo más tarde. Además de esa guía vale la pena hacer:
chmod 777 /nfs_share
Para que podamos estar seguros de que podemos escribir en la raíz de nuestro recurso compartido NFS una vez que esté montado.
Creando los rootfs
Ahora cree otra máquina virtual para realizar la instalación (redes puenteadas nuevamente). Monte el disco de instalación de Slackware en esta máquina virtual. Si desea un rootfs de 32 bits, obviamente use el DVD de instalación de 32 bits, si desea un rootfs de 64 bits, use Slackware64. Si desea 32 bits (muy probablemente para un cliente sin disco) puede que necesite habilitar PAE en VirtualBox en Sistema → Procesador para que Slack32 arranque.
Suponiendo que ahora haya arrancado el instalador de Slackware con el gran kernel predeterminado, ahora puede iniciar la instalación. Inicie sesión como root y obtenga su dirección IP:
# dhcpcd eth0
Monte el nfs que creó previamente en /mnt:
# mount -o rw,nolock slack-nfs-server:/nfs_server /mnt
Si no tiene una configuración de DNS que esté bien, simplemente sustituya la dirección IP de su servidor por el servidor slack-nfs, es decir, 172.17.0.80.
Ahora necesitamos manipular algo para el instalador de Slackware. Con fdisk, cree una sola partición en su disco duro (/dev/sda1). Desafortunadamente, una partición válida en una unidad conectada al sistema es un requisito para que el instalador se ejecute. No se preocupe, solo eliminaremos toda esta máquina virtual cuando hayamos terminado, así que no hay problema.
Ahora ejecuta 'setup'.
- Mapea el teclado como quieras
- No configurar ningún swap.
- En la pantalla 'Select Linux installation partition' no seleccione /dev/sda1 solo la flecha hacia abajo y seleccione '(done adding partitions, continue with setup)'.
- Instalar desde el slackware cd / dvd
- Seleccione sus paquetes como normal
- No cree un bootdisk
- No instale LILO.
Cuando termine, ahora debería encontrar una raíz fs 'instalada' en el directorio del servidor. Si planea usarlo con más de un thin client, entonces sería un buen momento para realizar una copia de respaldo antes de iniciarlo.
Creating the kernel
The full huge kernel that comes with Slackware 14.2 is close to providing everything we need, but we still need to recompile it. I'd recommend doing the compilation on a 32-bit virtual machine if you are targeting a 32-bit thin client, or 64-bit if your thin client is 64-bit. There are ways to avoid this and cross-compile kernels 32→64 bit and visa versa but virtual machines are cheap and life is short:
# cd /usr/src/linux # zcat /proc/config.gz > .config # make menuconfig
Configuration order is important, as selecting certain options makes others available. First off we will need a network driver compiled into the kernel for the NIC we're going to use. For VirtualBox the default NIC is PCnet32, an lspci will probably tell you yours:
Device Drivers -> Network Device Support -> Ethernet driver support -> AMD PCnet32 PCI support <*>
Make sure this is compiled into the kernel (e.g. hitting 'y').
[OPTIONAL] We also need to tell the kernel which IP address to use, which can be set statically, but DHCP is much easier, so generally you will want to include these options:
Networking support -> Networking options -> IP: kernel level autoconfiguration [*]
IP: DHCP support [*]
Finally, we absolutely need the support for Root FS on NFS:
File Systems -> Network File systems -> Root file system on NFS [*]
[OPTIONAL] It's pretty useful to append a local version to this kernel release. I'd advise doing this to differentiate it from your standard Slackware huge kernel and avoid clobbering the modules from that by mistake. We can just add '-nfsroot':
(-nfsroot) General Setup -> Local version - append to kernel release
Save the configuration and then do a:
# make bzImage
While that build is running, it's time to configure LILO.
Configuring LILO
Let's call the kernel /boot/vmlinuz-nfsroot. Add a section to the lilo.conf file:
image=/boot/vmlinuz-nfsroot label = nfs read-only append= "root=/dev/nfs ip=dhcp nfsroot=172.17.0.80:/nfs_share,v3 rw"
If you didn't want to use dhcp you'll now need to have a read of Documentation/filesystems/nfs/nfsroot.txt in the kernel sources to figure out the many options that you can include for ip= other than 'dhcp'.
Obviously keep your default linux kernel in another image= section so you can switch between booting the nfsroot and the normal kernel to play around with this stuff.
You cannot specify a normal root= entry in this section because LILO doesn't recognise /dev/nfs for root (the device doesn't actually exist to LILO). So instead just specify it in the append= line which LILO doesn't try to interpret, and LILO will include this extra nfsroot image without error.
The v3 seems to be really important in making anything at all happen on boot. If that isn't set, no communication seems to occur.
The 'rw' is also important. It prevents the fsck of the root fs. because root is NFS and can't be checked. Slackware won't boot properly if we give 'ro'. Instead of using 'rw' you could optionally hack fsck out of the Slackware startup scripts on your NFS root, however simply using 'rw' is quicker (albeit dirtier).
With the kernel compilation finished, copy the kernel into the /boot directory and rename it:
cp /usr/src/linux/arch/x86/boot/bzImage /boot/vmlinuz-nfsroot
It may be created elsewhere than arch/x86 depending on your architecture, e.g. x64, arm.
Don't forget to run LILO:
# lilo
First Boot
The above is enough to get you a booting Slackware system, or should be. There are some additional steps that you may wish to now do.
Modules
None of the modules have been installed, let's add them. Shutting down the nfsroot system and booting back into the Slackware kernel compilation virtual machine we can now compile the missing modules. First we will mount the rootfs, just as we did from the installer virtual machine:
mount -o rw,nolock slack-nfs-server:/nfs_share /mnt/tmp
Then we can compile and install the modules:
# cd /usr/src/linux # make modules # make modules_install INSTALL_MOD_PATH=/mnt/tmp
For the last command, avoid adding a trailing slash to /mnt/tmp, and try not to forget the INSTALL_MOD_PATH, otherwise you may have just clobbered your system modules. If you gave your kernel a local suffix (e.g. -nfsroot) you'd have been protected against that.
Swap on NFS
You can create a swap file on your NFS share somewhere like this:
# dd if=/dev/zero of=/nfs_share/swapfile bs=1024 count=64k
Then format it for swap:
# mkswap /nfs_share/swapfile
Then on the client you associate a loopback device with the file:
# losetup /dev/loop0 /swapfile
Then start using the loopback device for swap:
# swapon /dev/loop0
Obviously you need to add the last two commands to /etc/rc.d/rc.local or another startup script to run on each boot.
Locking down /etc/exports
Assuming your thin client connects from a predictable address, now that we've installed the modules we can finally lock down access to only the thin client (/etc/exports on the server):
/nfs_share 172.17.0.81/32(rw,sync,no_root_squash,no_subtree_check)
And we presumably don't want all-and-sundry using our newly prepared rootfs directory, so drop it down a level and qualify it by IP address (on the server):
# cd / # mv nfs_share 172.17.0.81 # mkdir nfs_share # mv 172.17.0.81 nfs_share
Now over on the client machine, configure LILO so nfsroot requests the nfs share based on the client's IP address with '%s':
image=/boot/vmlinuz-nfsroot label = nfs read-only append= "root=/dev/nfs ip=dhcp nfsroot=172.17.0.80:/nfs_share/%s,v3 rw"
NFS Root is never going to be considered secure, but at least this makes cross-contamination of nfsroots less likely.
Note that I am using dhcp in the above example, but I've added an entry to /etc/dnsmasq.conf on my router mapping the thin client MAC address to the IP address 172.17.0.81 so the client always gets that address.
Sources
- Originally written by User bifferos
