Chinaunix

标题: An other article about DISKLESS [打印本页]

作者: wenzk 时间: 2005-04-02 00:29
标题: An other article about DISKLESS
OpenBSD diskless
   The final target for an OpenBSD install on the net4521 is a
CompactFlash
card.
   However during development it would be inefficient to
   continually update the image, plus CF has a limited number of
   writes per sector.  A better solution is to boot over the
   network.

   The network boot sequence is documented in
   diskless(8) which is a good starting point.  However the
   process described there is geared towards booting Unix servers,
   booting on Intel machines is potentially a bit different:

The network card loads a built in PXE loader

The PXE loader gets an IP address and boot loader from DHCP

The boot loader downloads the OpenBSD kernel via TFTP

The kernel boots and mounts its root and swap on NFS

From that point the system boots as usual.
Firmware and the Boot Loader

   i386 compatible PCs have a very primitive firmware, the BIOS,
   which usually doesn't support advanced features like network
   booting.  However Intel developed a proprietary booting solution
   called PXE.  Some network cards come with a PXE loader in ROM
   and those cards can boot an operating system from the network.
   Naturally, the Soekris also supports PXE and so will load the
   boot loader from the network

   Since version 3.5 OpenBSD has come with a PXE boot loader called

pxeboot
.
   Prior to that you needed a third party boot loader like
grub
, an
older version
of this page
   describes how to use it.

pxeboot

   In order to find an operating system's boot loader the PXE
   loader consults a DHCP server.  The DHCP server must be
   configured to not only give out an IP address but also the boot
   loader.  This is done simply by adding a "filename" option to
dhcpd.conf
:

      shared-network WIRED-NET {
   option domain-name-servers 192.168.1.1;
   subnet 192.168.1.0 netmask 255.255.255.0 {
      option routers 192.168.1.1;

      filename "pxeboot";

      range 192.168.1.100 192.168.1.254;
   }

   The PXE loader will retrieve the specified filename via TFTP and
   execute it.

   The server that served up the DHCP response also needs to be
   running TFTP so that the "pxeboot" file can be download and
   later the kernel as well.  It is possible to offload this task
   to another server with the dhcpd.conf next-server option but in
   this example one server will handle the entire boot process.
   The TFTP server should be chroot'd to a directory with the boot
   loader and the OpenBSD kernel:

      ls -al /home/tftp

   -rwxr-xr-x  1 root  wheel 939090 Jan  5 16:44 bsd.gz
   -rw-r--r--  1 root  wheel    71 Jan  4 20:08 menu.lst
   -rw-r--r--  1 root  wheel 127040 Jan  5 02:06 pxeboot
   drwxr-xr-x  1 root  wheel 127040 Jan  5 02:06 etc

   Now when the PXE loader executes it will download and launch
   pxeboot which will look for a file named 'etc/boot.conf' on the
   same TFTP server.  This is a standard
boot.conf
configuration file:

      set tty com0
   boot bsd.gz

Booting OpenBSD

   The GENERIC kernel does not support diskless booting, for that
   you need the DISKLESS configuration which will load the root and
   swap filesystems from NFS.  The following extra kernel options are
   also useful:

      option    PCCOMCONSOLE
   option    CONSPEED=19200

When a *BSD diskless kernel is booted it consults:

rarpd
- for the system's IP address

rpc.bootparamd
- for the root and swap NFS share names

mountd
to connect to the NFS shares

   OpenBSD is quite secure upon default install.  The following
   steps will open the system up to many new attacks via TFTP, RPC,
   NFS, and likely others.  It would be wise to make sure the
   server is inaccessible outside of the local network during this
   vulnerable phase.


/etc/ethers
:

      00:01:02:03:04:05    bootclient


/etc/hosts
:

      192.168.1.1          server
   192.168.1.100       bootclient


/etc/bootparams
:

      bootclient  root=192.168.1.1:/export/root
   swap=192.168.1.1:/export/swap


/etc/exports
:

      /export  -maproot=root -alldirs bootclient
   /usr    -ro                   bootclient

   /export contains a swap file and a root filesystem

      ls -al /export
   drwxr-xr-x 8 root  wheel    512 Jan  5 14:00 root
   -rw-r--r-- 1 root  wheel  16777216 Jan  5 16:45 swap

   After completing the configuration it is time to load all of the
   daemons.  Starting them from the command line makes sense since
   this is a temporary configuration for bootstrapping.  Order
   matters because some daemons depend on services provide by
   others ala RPC.

      # rarpd
   # portmap
   # rpc.bootparamd
   # mountd
   # nfsd -t -u

Thats it!

   At this point the target machine can be started.  The PXE loader
   should load pxeboot and the OpenBSD kernel will be
   downloaded and executed.  If the root filesystem is set up
   properly then a diskless OpenBSD system should soon be up and
   running.


   Next: CompactFlash Installation

Introduction

OpenBSD Configuration

Diskless Booting

CompactFlash Installation

Mac OS X IPSec

Errata

/usr/src/sys/i386/conf/DISKLESS
------------------------------------------
machine       i386
cpu          I486_CPU
ident          DISKLESS
maxusers       0
options       INET                   #InterNETworking
options       FAST_IPSEC             #new IPsec
options       FFS                   #Berkeley Fast Filesystem
options       FFS_ROOT             #FFS usable as root device [keep
this!]
options       SOFTUPDATES          #Enable FFS soft updates support
options       UFS_DIRHASH          #Improve performance on big
directories
options       MFS                   #Memory Filesystem
#options       MD_ROOT                #MD is a potential root device
options       PROCFS                #Process filesystem
options       COMPAT_43             #Compatible with BSD 4.3 [KEEP
THIS!]
options       KTRACE                #ktrace(1) support
options       SYSVSHM                #SYSV-style shared memory
options       SYSVMSG                #SYSV-style message queues
options       SYSVSEM                #SYSV-style semaphores
options       P1003_1B             #Posix P1003_1B real-time extensions
options       _KPOSIX_PRIORITY_SCHEDULING
options       ICMP_BANDLIM          #Rate limit bad replies
options       KBD_INSTALL_CDEV       # install a CDEV entry in /dev
options       NO_SWAPPING          # Disable swapping
# Debugging options
options       DDB                   # Enable the kernel debugger.
# Options for pxe booting
options       BOOTP
options       BOOTP_NFSROOT
options       BOOTP_COMPAT
options       NFS
options       NFS_ROOT
options       IPFILTER             #ipfilter support
options       IPFILTER_LOG          #ipfilter logging
options       CLK_USE_I8254_CALIBRATION
options       CPU_ELAN
options       HZ=250
device       isa
device       pci
# ATA and ATAPI devices
device       ata0 at isa? port IO_WD1 irq 14
device       ata1 at isa? port IO_WD2 irq 15
device       ata
device       atadisk                # ATA disk drives
options       ATA_STATIC_ID          #Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device       atkbdc0 at isa? port IO_KBD
device       atkbd0  at atkbdc? irq 1 flags 0x1
device       vga0 at isa?
device       sc0    at isa? flags 0x100
# splash screen/screen saver
pseudo-device splash
# Floating point support - do not disable.
device       npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
#device       apm0 at nexus? disable flags 0x20 # Advanced Power
Management
# PCCARD (PCMCIA) support
#device       card
#device       pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
#device       pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
# Serial (COM) ports
device       sio0 at isa? port IO_COM1 flags 0x10 irq 4
device       sio1 at isa? port IO_COM2 irq 3
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device       miibus       # MII bus support
device       sis          # Silicon Integrated Systems SiS 900/SiS
7016
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop          # Network loopback
pseudo-device ether          # Ethernet support
pseudo-device tun          # Packet tunnel.
pseudo-device pty          # Pseudo-ttys (telnet etc)
#pseudo-device  md             # Memory "disks"
pseudo-device gif          # IPv6 and IPv4 tunneling
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf          #Berkeley packet filter
#####################################################################
# crypto subsystem
#
# This is a port of the openbsd crypto framework.  Include this when
# configuring IPsec and when you have a h/w crypto device to accelerate
# user applications that link to openssl.
#
# Drivers are ports from openbsd with some simple enhancements that have
# been fed back to openbsd (and hopefully will be included).
pseudo-device crypto       # core crypto support

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u/2389/showart_19009.html

欢迎光临 Chinaunix (http://bbs.chinaunix.net/)