Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
howtos:network_services:nfs_root [2018/05/28 21:33 (UTC)]
bifferos [Configuring LILO]
howtos:network_services:nfs_root [2018/05/28 22:21 (UTC)] (current)
bifferos [First Boot]
Line 50: Line 50:
 ==== Creating the kernel ==== ==== Creating the kernel ====
  
-The full huge kernel that comes with Slackware is close to providing everything we need, but we still need to recompile it.  I'd recommend doing the compilation on a 32-bit virtual machine if you are targeting a 32-bit thin client, or 64-bit if your thin client is 64-bit. ​ There are ways to avoid this and cross-compile 32->64 bit and visa versa but virtual machines are cheap and life is short:+The full huge kernel that comes with Slackware ​14.2 is close to providing everything we need, but we still need to recompile it.  I'd recommend doing the compilation on a 32-bit virtual machine if you are targeting a 32-bit thin client, or 64-bit if your thin client is 64-bit. ​ There are ways to avoid this and cross-compile ​kernels ​32->64 bit and visa versa but virtual machines are cheap and life is short:
  
 <​code>#​ cd /​usr/​src/​linux <​code>#​ cd /​usr/​src/​linux
Line 71: Line 71:
 <​code>​File Systems -> Network File systems -> Root file system on NFS [*]</​code>​ <​code>​File Systems -> Network File systems -> Root file system on NFS [*]</​code>​
  
-[OPTIONAL] It's pretty useful to append a local version to this kernel release. ​ I'd advise doing this to differentiate it from your standard Slackware huge kernel and avoid clobbering the modules from that by mistake:+[OPTIONAL] It's pretty useful to append a local version to this kernel release. ​ I'd advise doing this to differentiate it from your standard Slackware huge kernel and avoid clobbering the modules from that by mistake.  We can just add '​-nfsroot'​:
  
 <​code>​(-nfsroot) General Setup -> Local version - append to kernel release</​code>​ <​code>​(-nfsroot) General Setup -> Local version - append to kernel release</​code>​
Line 90: Line 90:
   read-only   read-only
   append= "​root=/​dev/​nfs ip=dhcp nfsroot=172.17.0.80:/​nfs_share,​v3 rw"</​code>​   append= "​root=/​dev/​nfs ip=dhcp nfsroot=172.17.0.80:/​nfs_share,​v3 rw"</​code>​
 +
 +If you didn't want to use dhcp you'll now need to have a read of 
 +Documentation/​filesystems/​nfs/​nfsroot.txt in the kernel sources to figure out the many options that you can 
 +include for ip= other than '​dhcp'​.
  
 Obviously keep your default linux kernel in another image= section so you can switch between booting the nfsroot and the normal kernel to play around with this stuff. Obviously keep your default linux kernel in another image= section so you can switch between booting the nfsroot and the normal kernel to play around with this stuff.
  
-You cannot specify a normal root= entry in this section because ​lilo doesn'​t recognise /dev/nfs for root (the device doesn'​t actually exist to LILO). ​ So instead just specify it in the append= line which lilo doesn'​t try to interpret, and lilo will include this extra nfsroot image without error.+You cannot specify a normal root= entry in this section because ​LILO doesn'​t recognise /dev/nfs for root (the device doesn'​t actually exist to LILO). ​ So instead just specify it in the append= line which LILO doesn'​t try to interpret, and LILO will include this extra nfsroot image without error.
  
 The v3 seems to be really important in making anything at all happen on boot.  If that isn't set, no communication seems to occur. The v3 seems to be really important in making anything at all happen on boot.  If that isn't set, no communication seems to occur.
  
-The '​rw'​ is also important. ​ It prevents the fsck of the root fs. because root is NFS and can't be checked. ​ Slackware won't boot properly if we give '​ro'​. ​ Instead of doing this you could optionally hack fsck out of the slackware ​startup scripts on your NFS root, however simply using '​rw'​ is quicker (albeit dirtier).+The '​rw'​ is also important. ​ It prevents the fsck of the root fs. because root is NFS and can't be checked. ​ Slackware won't boot properly if we give '​ro'​. ​ Instead of using '​rw' ​you could optionally hack fsck out of the Slackware ​startup scripts on your NFS root, however simply using '​rw'​ is quicker (albeit dirtier).
  
 With the kernel compilation finished, copy the kernel into the /boot directory and rename it: With the kernel compilation finished, copy the kernel into the /boot directory and rename it:
Line 103: Line 107:
 <​code>​cp /​usr/​src/​linux/​arch/​x86/​boot/​bzImage /​boot/​vmlinuz-nfsroot</​code>​ <​code>​cp /​usr/​src/​linux/​arch/​x86/​boot/​bzImage /​boot/​vmlinuz-nfsroot</​code>​
  
-It may be elsewhere depending on your architecture. ​ +It may be created ​elsewhere ​than arch/​x86 ​depending on your architecture, e.g. x64, arm.
  
 Don't forget to run LILO: Don't forget to run LILO:
  
 <​code>#​ lilo</​code>​ <​code>#​ lilo</​code>​
 +
 +==== First Boot ====
 +
 +The above is enough to get you a booting Slackware system, or should be.  There are some additional steps that you may wish to now do.
 +
 +=== Modules ===
 +
 +None of the modules have been installed, let's add them.  Shutting down the nfsroot system and booting back into the Slackware kernel compilation virtual machine we can now compile the missing modules. ​ First we will mount the rootfs, just as we did from the installer virtual machine:
 +
 +<​code>​mount -o rw,nolock slack-nfs-server:/​nfs_share /​mnt/​tmp</​code>​
 +
 +Then we can compile and install the modules:
 +
 +<​code>#​ cd /​usr/​src/​linux
 +# make modules
 +# make modules_install INSTALL_MOD_PATH=/​mnt/​tmp</​code>​
 +
 +For the last command, avoid adding a trailing slash to /mnt/tmp, and try not to forget the INSTALL_MOD_PATH,​ otherwise you may have just clobbered your system modules. ​ If you gave your kernel a local suffix (e.g. -nfsroot) you'd have been protected against that.
 +
 +=== Swap on NFS ===
 +
 +You can create a swap file on your NFS share somewhere like this:
 +
 +<​code>#​ dd if=/​dev/​zero of=/​nfs_share/​swapfile bs=1024 count=64k</​code>​
 +
 +Then format it for swap:
 +
 +<​code>#​ mkswap /​nfs_share/​swapfile</​code>​
 +
 +Then on the client you associate a loopback device with the file:
 +
 +<​code>#​ losetup /dev/loop0 /​swapfile</​code>​
 +
 +Then start using the loopback device for swap:
 +
 +<​code>#​ swapon /​dev/​loop0</​code>​
 +
 +Obviously you need to add the last two commands to /​etc/​rc.d/​rc.local or another startup script to run on each boot.
 +
 +=== Locking down /​etc/​exports ===
 +
 +Assuming your thin client connects from a predictable address, now that we've installed the modules we can finally lock down access to only the thin client (/​etc/​exports on the server):
 +
 +<​code>/​nfs_share 172.17.0.81/​32(rw,​sync,​no_root_squash,​no_subtree_check)</​code>​
 +
 +And we presumably don't want all-and-sundry using our newly prepared rootfs directory, so drop it down a level and qualify it by IP address (on the server):
 +
 +<​code>#​ cd /
 +# mv nfs_share 172.17.0.81
 +# mkdir nfs_share
 +# mv 172.17.0.81 nfs_share</​code>​
 +
 +Now over on the client machine, configure LILO so nfsroot
 +requests the nfs share based on the client'​s IP address with '​%s':​
 +
 +<​code>​image=/​boot/​vmlinuz-nfsroot
 +  label = nfs
 +  read-only
 +  append= "​root=/​dev/​nfs ip=dhcp nfsroot=172.17.0.80:/​nfs_share/​%s,​v3 rw"</​code>​
 +
 +NFS Root is never going to be considered secure, but at least this makes cross-contamination of nfsroots less likely.
 +
 +Note that I am using dhcp in the above example, but I've added an entry to /​etc/​dnsmasq.conf on my router mapping the thin client MAC address to the IP address 172.17.0.81 so the client always gets that address.
 +
  
 ====== Sources ====== ====== Sources ======

In Other Languages
QR Code
QR Code howtos:network_services:nfs_root (generated for current page)