Want to boot a (possibly minimal) installation of Debian off the network using a read-only NFS share as the root filesystem, such that each netbooted machine has / mounted read-only over NFS and all writes are done to memory? Read on!
This assumes you are using a Linux computer as your router, which will be running Debian and hosting the local version of Debian we will be serving to clients which are PXE booting. This could be seen as a second part of my tutorial on making a Debian box a router , as it assumes your local network is still 10.0.0.0/24 and the dhcp/nfs/tftp server’s IP is 10.0.0.1
First off, we’ll need deboostrap, nfs, tftpd, and syslinux. Install them:
apt-get install tftp-hpa nfs-kernel-server debootstrap syslinux
We will store our initrd and boot loader under /srv/tftp and our NFS root filesystem under /srv/nfsroot
mkdir -p /srv/tftp /srv/nfsroot
Our nfsroot needs to be mountable via NFS. Export it read-only to our local network by putting the following in /etc/exports
/srv/nfsroot 10.0.0.0/24(ro,no_root_squash,no_subtree_check)
We will be booting to a custom Debian install. Install it in /srv/nfsroot using Debootstrap:
debootstrap stable /srv/nfsroot http://ftp.us.debian.org/debian
Now we need to install some packages in the NFS installation of Debian:
chroot /srv/nfsroot apt-get update chroot /srv/nfsroot apt-get install initramfs-tools linux-image-2.6.32-5-amd64
Configure its initramfs to generate NFS-booting initrd’s
sed 's/BOOT=local/BOOT=nfs/' -i /srv/nfsroot/etc/initramfs-tools/initramfs.conf
We’ll need the aufs module
echo aufs >> /srv/nfsroot/etc/initramfs-tools/modules
Create the file /srv/nfsroot/etc/initramfs-tools/scripts/init-bottom/aufs give it executable permissions and fill it with the following
modprobe aufs mkdir /ro /rw /aufs mount -t tmpfs tmpfs /rw -o noatime,mode=0755 mount --move $rootmnt /ro mount -t aufs aufs /aufs -o noatime,dirs=/rw:/ro=ro mkdir -p /aufs/rw /aufs/ro mount --move /ro /aufs/ro mount --move /rw /aufs/rw mount --move /aufs /root exit 0
Generate initrd
update-initramfs -k
Copy generated initrd, kernel image, and pxe bootloader to tftp root and create folder for pxe config
cp /srv/nfsroot/boot/initrd.img-2.6.32-5-amd64 /srv/tftp/ cp /srv/nfsroot/boot/vmlinuz-2.6.32-5-amd64 /srv/tftp/ cp /usr/lib/syslinux/pxelinux.0 /srv/tftp mkdir /srv/tftp/pxelinux.cfg
Configure boot loader. Put the following into /srv/tftp/pxelinux.cfg/default
default Debian prompt 1 timeout 10 label Debian kernel vmlinuz-2.6.32-5-amd64 append ro initrd=initrd.img-2.6.32-5-amd64 root=/dev/nfs ip=dhcp nfsroot=10.0.0.1:/srv/nfsroot
Configure tftp’s /etc/default/tftpd-hpa
TFTP_USERNAME="tftp" TFTP_DIRECTORY="/srv/tftp" TFTP_ADDRESS="0.0.0.0:69" TFTP_OPTIONS="--secure"
Add these lines to your dhcp config file /etc/dhcp/dhcpd.conf
next-server 10.0.0.1; allow bootp; allow booting;
Restart some services:
/etc/init.d/isc-dhcp-server restart /etc/init.d/tftpd-hpa restart exportfs -ra
At this point, configuration is done and you should be good to go. You might want to reset the root password on the nfs debian install:
chroot /srv/nfsroot passwd root