[2024-feb-29] Sad news: Eric Layton aka Nocturnal Slacker aka vtel57 passed away on Feb 26th, shortly after hospitalization. He was one of our Wiki's most prominent admins. He will be missed.

Welcome to the Slackware Documentation Project

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
howtos:network_services:nfs_root [2018/05/28 21:38 (UTC)] – [Configuring LILO] bifferoshowtos:network_services:nfs_root [2018/05/28 22:04 (UTC)] bifferos
Line 112: Line 112:
  
 <code># lilo</code> <code># lilo</code>
 +
 +==== First Boot ====
 +
 +The above is enough to get you a booting Slackware system, or should be.  There are some additional steps that you may wish to now do.
 +
 +=== Modules ===
 +
 +None of the modules have been installed, let's add them.  Shutting down the nfsroot system and booting back into the Slackware kernel compilation virtual machine we can now compile the missing modules.  First we will mount the rootfs, just as we did from the installer virtual machine:
 +
 +<code>mount -o rw,nolock slack-nfs-server:/nfs_share /mnt</code>
 +
 +Then we can compile and install the modules:
 +
 +<code># cd /usr/src/linux
 +# make modules
 +# make modules_install INSTALL_MOD_PATH=/mnt</code>
 +
 +For the last command, try to avoid adding a trailing slash to /mnt, and try not to forget the INSTALL_MOD_PATH, otherwise you've just clobbered your system modules.  If you gave your kernel a local suffix (e.g. -nfsroot) you'd have been protected against that.
 +
 +=== Swap on NFS ===
 +
 +You can create a swap file on your NFS share somewhere like this:
 +
 +<code># dd if=/dev/zero of=/nfs_share/swapfile bs=1024 count=64k</code>
 +
 +Then format it for swap:
 +
 +<code># mkswap /nfs_share/swapfile</code>
 +
 +Then on the client you associate a loopback device with the file:
 +
 +<code># losetup /dev/loop0 /swapfile</code>
 +
 +Then start using the loopback device for swap:
 +
 +<code># swapon /dev/loop0</code>
 +
 +Obviously you need to add the last two commands to /etc/rc.d/rc.local or another startup script to run on each boot.
 +
 +=== Locking down /etc/exports ===
 +
 +Assuming your thin client connects from a predictable address, now that we've installed the modules we can finally lock down access to only the thin client (/etc/exports on the server):
 +
 +<code>/nfs_share 172.17.0.81/32(rw,sync,no_root_squash,no_subtree_check)</code>
 +
 +And we presumably don't want all-and-sundry using our newly prepared rootfs directory, so drop it down a level and qualify it by IP address:
 +
 +<code># cd /
 +# mv nfs_share 172.17.0.81
 +# mkdir nfs_share
 +# mv 172.17.0.81 nfs_share</code>
 +
 +Now over on the client machine, having booted into the kernel compilation machine, configure lilo so nfsroot
 +requests the nfs share based on the client's IP address with '%s':
 +
 +<code>image=/boot/vmlinuz-nfsroot
 +  label = nfs
 +  read-only
 +  append= "root=/dev/nfs ip=dhcp nfsroot=172.17.0.80:/nfs_share/%s,v3 rw"</code>
 +
 +NFS Root is never going to be considered secure, but at least this makes cross-contamination of nfsroots less likely.
 +
 +
  
 ====== Sources ====== ====== Sources ======

Trace:

howtos:network_services:nfs_root ()