Warning Livedoc is no longer being updated and will be deprecated shortly. Please refer to https://documentation.tjhsst.edu.

Netroot

From Livedoc - The Documentation Repository
Revision as of 00:41, 27 February 2016 by 2016fwilson (talk | contribs) (SSH Keys: categorize)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Netroot is netbootable Gentoo environment that is used for most server installations and emergency maintenance in the CSL. It is run from Steeltoe.

Summary

Netroot is comprised of two main components, a kernel and initramfs are served via PXEBoot/TFTP. They then mount the main netroot environment over NFS. This system provides many advantages over traditional USB or optical medium by being always available and easily updated.

Setup

Server Configuration

For details on how to setup the netroot PXE setup, please see Netroot/Configuration.

Client Configuration

Any client that wishes to have netroot available via PXEBoot must be added to DHCP. In addition, the following two options need to be set to allow PXE to find steeltoe and begin the PXE process:

filename "pxelinux.0";
next-server 198.38.16.144;

These options are automatically set on for any DHCP entry in our server or workstation subnets. For other subnets, they may need to be added to the individual client configuration.

Once DHCP is configured, the system needs to be PXEBooted, on almost any modern system, this can be accomplished by pressing F12 while the system is POSTing. On HP servers, it can be triggered through VSP by using <ESC> + @ when prompted.

The system will use DHCP to pick up its network configuration. It will then use TFTP to download pxelinux.0 from Steeltoe and execute it. The pxelinux configuration is currently set to default booting to netroot if no input is provided so you can just let it sit (or hit enter). Finally, pxelinux will then download the netroot kernel and initramfs and execute the kernel using the configured arguments.

The kernel will go through a fairly normal boot process and finally, towards the end, will re-run DHCP to configure its own networking:

[   19.860255] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
[   19.880262] Sending DHCP requests .., OK
[   24.507954] IP-Config: Got DHCP answer from 198.38.16.144, my address is 198.38.17.43
[   25.248521] IP-Config: Complete:
[   25.249246]      device=eth0, addr=198.38.17.43, mask=255.255.254.0, gw=198.38.17.254
[   25.250914]      host=chatham, domain=csl.tjhsst.edu dev.csl.tjhsst.edu sun.tjhsst.edu tjhsst.edu, nis-domain=(none)
[   25.253137]      bootserver=198.38.16.144, rootserver=198.38.16.144, rootpath=
[   25.254604]      nameserver0=198.38.16.40, nameserver1=198.38.16.41
[   25.255938] , nameserver2=198.38.31.9

and shortly thereafter will mount its root filesystem via NFS and proceed with a fairly normal Gentoo init sequence.

>> Determining root device...
>> Mounting /dev/nfs as root...
>> Attempting to mount NFS root on 198.38.16.144:/srv/netroot with options ro,nolock,rsize=1024,wsize=1024
>> Booting (initramfs)..
INIT: version 2.88 booting

Caveats

There are a few minor notes about using the netroot environment.

Read-only

The biggest is that the root filesystem is largely read-only meaning changes need to be made on steeltoe. While a read-write nfs root is possible, keeping it read-only allows multiple systems to be booted to netroot at the same time.

SSH Keys

Netroot has its own set of SSH keys which is uses to run sshd. This means that you will need to clear out the server's SSH keys from .ssh/authorized_keys before sshing to the server while it is in netroot and will then need to clear netroot's ssh keys before sshing to the server once it is back running its own OS.