Difference between revisions of "Diskless network boot NBD root"

From ArchWiki
Jump to: navigation, search
m (Fixed double redirect)
(21 intermediate revisions by 8 users not shown)
Line 1: Line 1:
[[Category:Boot process (English)]]
+
#REDIRECT [[Diskless System]]
[[Category:Networking (English)]]
+
==Boot from a NBD root device==
+
This article will explain how to boot an ArchLinux Installation from a Network Block Device (NBD).
+
 
+
Much of the work to be done is based on the article [[Diskless network boot NFS root]], so this will be referenced several times within the article.
+
 
+
==Advantages over NFS==
+
The main advantages are that NBD is faster and that you can boot from an [[LUKS|encrypted]] or [[LVM]]-based NBD root device. One disadvantage is that you cannot easily update your kernel from within the running diskless client, although there is a [[Diskless network boot NBD root#Kernel Updates|workaround]] for this.
+
 
+
==Server-Side Setup==
+
===Create the NBD File and Boot Directory===
+
Create a directory that will hold the boot directory and the NBD file.
+
<pre>
+
mkdir -p /nbd/boot/
+
</pre>
+
Next, create the actual file that will be shared via NBD. Of course you can also use an actual block device (a hard drive) instead of creating a file on your filesystem. Just replace /nbd/root with the block device.
+
In this example we are going to create a file with a size of 5GB.
+
<pre>
+
dd if=/dev/zero of=/nbd/root bs=1M count=5000
+
</pre>
+
Now you can create a filesystem on the file.
+
<pre>
+
mkfs.ext4 /nbd/root
+
</pre>
+
mkfs will show you warning about the fact that the file is no actual block device. You can ignore this and simply press y to continue.
+
 
+
Alternatively, if you want to create an encrypted NBD device:
+
<pre>
+
cryptsetup luksFormat -s 256 /nbd/root
+
cryptsetup luksOpen /nbd/root nbdcrypt
+
mkfs.ext4 /dev/mapper/nbdcrypt
+
</pre>
+
{{note|Be aware that the rest of the article will use /nbd/root. If your NBD file is encrypted,
+
replace it with /dev/mapper/nbdcrypt, if you use an actual block device, with /dev/sdX.}}
+
 
+
===Install ArchLinux on the NBD filesystem===
+
Mount the filesystem:
+
<pre>
+
mount /nbd/root /mnt
+
</pre>
+
Now follow the instructions [[Diskless network boot NFS root#Create Client Root Directory|here]], but be aware of three things:
+
# make sure you use /mnt instead of /disklessroot
+
# you are going to have to install the mkinitcpio-nbd package from AUR before recreating the kernel image (see below)
+
# the editing of /mnt/etc/mkinitcpio.conf is different for NBD (see below)
+
====Installing mkinitcpio-nbd====
+
Download [http://aur.archlinux.org/packages.php?ID=50479 mkinitcpio-nbd] from the AUR, move the package to /mnt and install it with:
+
<pre>
+
chroot /mnt
+
pacman -U mkinitcpio-nbd-[...].tar.xz
+
exit
+
</pre>
+
====Editing mkinitcpio.conf====
+
Set the following hook list in /mnt/etc/mkinitcpio.conf:
+
<pre>
+
HOOKS="base udev net nbd filesystems"
+
</pre>
+
If you use an encrypted NBD device, use this:
+
<pre>
+
HOOKS="base udev net nbd usbinput keymap encrypt filesystems"
+
</pre>
+
Then continue with the instructions about recreating the kernel image in the NFS article.
+
 
+
After leaving the chroot, the kernel image will be in /mnt/boot/. We are going to need it in /nbd/boot:
+
<pre>
+
cp /mnt/boot/vmlinuz26 /nbd/boot/
+
cp /mnt/boot/kernel26.img /nbd/boot/
+
</pre>
+
====Editing rc.conf====
+
Make sure you set NETWORK_PERSIST="yes" and your own settings in /mnt/etc/rc.conf. You will also have to remove/disable the network daemon. The net hook will set the IP on boot, so there is no point in using it. Additionaly, if you would change your IP with the network daemon, the connection to the root device would break. If you want a static IP, use the ip kernel parameter (see [[Diskless network boot NBD root#Boot Configuration|Boot Configuration]]).
+
 
+
You should also edit /mnt/etc/locale.gen and make sure your locales are enabled.
+
===Configuring the NBD server===
+
nbd-server is supposed to be configured with the config file /etc/nbd-server/config, but [https://bbs.archlinux.org/viewtopic.php?id=121956 this doesn't seem to work] at the moment. Instead, you have to start NBD manually:
+
<pre>
+
nbd-server -C " " 10809 /nbd/root
+
</pre>
+
You can choose whatever port number you want, you will just have to set it right in the [[Diskless network boot NBD root#Boot Configuration|Boot Configuration]].
+
By default, nbd-server will start the share with read/write support. If you have more than one client you want to boot from, this will break your filesystem (see [[Diskless network boot NBD root#Updating the Client System|Updating the Client System]] for details).
+
 
+
You could enable read-only mode (-r) but this is not recommended because there are just too many things that want to write to /var, /etc or other directories. You could partially work around this with tmpfs, but some things might still break.
+
 
+
Another interesting option is NBD's "copy on write"-mode (-c). From the [http://linux.die.net/man/1/nbd-server manual]:
+
<pre>
+
"When this option is provided, write-operations are not done to the exported file, but to a separate file.
+
This separate file is removed when the connection is closed, which means that serving this way will make
+
nbd-server slow down (especially on large block devices with lots of writes), and that after disconnecting
+
and reconnecting the client or the server, all changes are lost."
+
</pre>
+
It has not been tested yet how much this really affects performance, but if you want to boot from multiple clients, this is probably your best option.
+
===PXE/TFTP Setup===
+
Follow the instructions [[Diskless network boot NFS root#PXE/TFTP Setup|here]]. Just make sure you use /nbd/boot/ instead of /disklessroot/boot/ for the TFTP-Root.
+
==Boot Configuration==
+
Copy the pxelinux.0 boot file from syslinux to /nbd/boot and create the pxelinux.cfg directory:
+
<pre>
+
cp /usr/lib/syslinux/pxelinux.0 /nbd/boot/
+
mkdir /nbd/boot/pxelinux.cfg/
+
</pre>
+
Now create and edit /nbd/boot/pxelinux.cfg/default, which contains the boot configuration for the client. Replace the value for nbd_server with the IP and Port your NBD server will be running on.
+
<pre>
+
default linux
+
 
+
label linux
+
kernel vmlinuz26
+
append initrd=kernel26.img ip=::::::dhcp nbd_server=192.168.0.1:10809 root=/dev/nbd0
+
</pre>
+
See [[Mkinitcpio#Using net|here]] for details about the ip option.
+
 
+
If your NBD device is encrypted, use the following append line instead:
+
<pre>
+
append initrd=kernel26.img ip=::::::dhcp nbd_server=192.168.0.1:10809 cryptdevice=/dev/nbd0:nbdcrypt root=/dev/mapper/nbdcrypt
+
</pre>
+
==Testing==
+
Before you boot your client, make sure you unmount everything on the server:
+
<pre>
+
umount /mnt/proc /mnt/sys /mnt/dev /mnt
+
</pre>
+
If your NBD device is encrypted, close the LUKS device as well:
+
<pre>
+
cryptsetup luksClose nbdcrypt
+
</pre>
+
==Using a Swap Partition==
+
Although this has not been tested yet, you should be able to do this by creating a [[LVM]] volume group on /dev/nbd0 that contains the root and swap partition and adding lvm2 before the filesystems hook in /mnt/etc/mkinitcpio.conf.
+
==Updating the Client System==
+
Quote from the [http://nbd.sourceforge.net/ NBD homepage]:
+
<pre>
+
"[...] if someone has mounted NBD read/write, you must assure that no one else will have it mounted."
+
</pre>
+
In other words, if you want to be able to update from your client system, you have to make sure that the NBD device is not mounted on any other system, not even read-only. If your NBD device is encrypted, make sure to not just unmount it, but also close it with 'cryptsetup luksClose'. Otherwise, you may break your filesystem. If you keep that in mind, everything except kernel updates should work fine.
+
 
+
Alternatively you can mount the NBD device on the server and then update it (again, make sure it is not mounted anywhere else!):
+
<pre>
+
mount /nbd/root /mnt
+
# proc, dev and sys should only neccessary for kernel upgrades, but just in case...
+
mount -t proc none /mnt/proc
+
mount -t sysfs none /mnt/sys
+
mount -o bind /dev /mnt/dev
+
chroot /mnt
+
pacman -Syu
+
exit
+
umount /mnt/proc /mnt/sys /mnt/dev /mnt
+
</pre>
+
===Kernel Updates===
+
Since the kernel the client system boots from is on the server and not in the NBD device itself, you will not be able to simply update your kernel with pacman. There are several other ways to do this:
+
* If you update from the client system:
+
**share /nbd/boot on the server via NFS, mount it to /boot and then update your kernel
+
**copy vmlinuz26 and kernel26.img from /boot back to the server to /nbd/boot after the kernel update
+
* if you update from the server:
+
**copy vmlinuz26 and kernel26.img from /mnt/boot to /nbd/boot after the kernel update
+

Revision as of 02:27, 12 February 2013

Redirect to: