xref: /freebsd/share/man/man8/diskless.8 (revision 99253b64fbe4cf216438f09be7c8b6f39ab23a78)

.\" Copyright (c) 1994 Gordon W. Ross, Theo de Raadt
.\" Updated by Luigi Rizzo
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. The name of the author may not be used to endorse or promote products
.\"    derived from this software without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $FreeBSD$
.\"
.Dd April 18, 2001
.Dt DISKLESS 8
.Os
.Sh NAME
.Nm diskless
.Nd booting a system over the network
.Sh DESCRIPTION
The ability to boot a machine over the network is useful for
.Em diskless
or
.Em dataless
machines, or as a temporary measure while repairing or
re-installing filesystems on a local disk.
This file provides a general description of the interactions between
a client and its server when a client is booting over the network.
.Sh OPERATION
When booting a system over the network, there are three
phases of interaction between client and server:
.Pp
.Bl -enum -compact
.It
The stage-1 bootstrap loads a boot program, from
.It
The boot program loads a kernel.
.It
The kernel does NFS mounts for root.
.El
.Pp
Each of these phases are described in further detail below.
.Pp
In phase 1, the stage-1 bootstrap code loads a boot program,
which is typically able to control the network card.
The boot program can be stored in the BIOS, in a BOOT ROM
located on the network card (PXE, etherboot, netboot),
or come from a disk unit (e.g. etherboot or netboot).
.Pp
In phase 2, the boot program loads a kernel.
Operation in
this phase depends on the design of the boot program.
Typically, the boot program uses the
.Tn BOOTP
or
.Tn DHCP
protocol to get the client's IP address and other boot
information, including but not limited to
the IP addresses of the NFS server, router and nameserver,
and the name of the kernel to load.
Then the kernel is loaded, either directly using NFS
(as it is the case for etherboot and netboot),
or through an intermediate loader called pxeboot and
loaded using TFTP or NFS.
.Pp
In phase 3, the kernel uses again DHCP or BOOTP to acquire
configuration information, and proceeds to mount the
root filesystem and start operation.
Some specific actions performed during the startup
of a diskless system are listed in
.Pa /etc/rc.diskless1
and
.Pa /etc/rc.diskless2
.Sh CONFIGURATION
In order to run a diskless client, you need the following:
.Bl -bullet
.It
an NFS server which exports a root and /usr partition with
appropriate permissions.
The
.Pa rc.diskless{1,2}
scripts work with readonly partitions, as long as root is exported with
.Fl maproot Ns =0
so that some system files can be accessed.
As an example,
.Pa /etc/exports
can contain the following lines:
.Bd -literal -offset indent
<ROOT> -ro -maproot=0 -alldirs <list of diskless clients>
/usr -ro -alldirs <list of diskless clients>
.Ed
.Pp
where
.Aq ROOT
is the mountpoint on the server of the root partition.
The script
.Pa /usr/share/examples/diskless/clone_root
can be used to create a shared readonly root partition,
but in same cases you can also decide to export
(again as readonly) the root directory used by
the server itself.
.It
a
.Tn BOOTP
or
.Tn DHCP
server.
.Xr bootpd 8
can be enabled by
uncommenting the
.Em bootps
line in
.Pa /etc/inetd.conf .
A sample
.Pa /etc/bootptab
can be the following:
.Bd -literal -offset indent
 .default:\\
    hn:ht=1:vm=rfc1048:\\
    :sm=255.255.255.0:\\
    :sa=<SERVER>:\\
    :gw=<GATEWAY>:\\
    :rp="<SERVER>:<ROOT>":

<CLIENT>:ha=0123456789ab:tc=.default
.Ed
.Pp
where
.Aq SERVER ,
.Aq GATEWAY
and
.Aq ROOT
have the obvious meanings.
.It
On the root partition, create the directory
.Pa /conf/default/etc ,
and populate it with a copy of the contents of
.Pa /etc .
The files and subdirectories within
.Pa /conf/default/etc
are used to bootstrap the diskless environment's
.Pa /etc
memory filesystem.
Be sure and copy the entirety of
.Pa /etc ,
and not just overrides.
.It
Additionally, one may supply per-network or per-host overrides for
files in
.Pa /etc
by creating and populating the directories
.Pa /conf/${i}/etc ,
where
.Va i
can be either the subnet broadcast address for the client, or the IP
address of the client.
.Pp
Files are copied from the above directories into
.Pa /etc
(overriding the previous content of
.Pa /etc )
starting from the most generic one by
.Pa /etc/rc.diskless1 ,
before the main part of
.Pa /etc/rc
(including reading
.Pa rc.conf )
is run.
.Pp
As a minimum, you normally need to have the following in
.Pa /conf/default/etc/fstab
.Bd -literal -offset indent
<SERVER>:<ROOT> /     nfs    ro 0 0
<SERVER>:/usr   /usr  nfs    ro 0 0
proc            /proc procfs rw 0 0
.Ed
.Pp
and also a customized version of
.Pa /conf/default/etc/rc.conf
which should contain
the startup options for the diskless client.
.Pp
Most likely
you will not need to set
.Va hostname
and
.Va ifconfig_*
because these will be already set by the startup code.
You will also probably need to set
.Va local_startup Ns = Ns Qq
so that the server's
local startup files will not be used.
.Pp
While an
.Xr md 4 Ns -backed
filesystem is mounted on
.Pa /var
by the startup scripts,
some sites may want to disable the saving of entropy by setting
.Va entropy_dir Ns = Ns Qq Li NO
in
.Pa /etc/defaults/rc.conf .
.Pp
Finally, it might be convenient to use a
.Ic case
statement using
.Li `hostname`
as the switch variable to do machine-specific configuration
in case a number of diskless clients share the same configuration
files.
.It
build a kernel whose config file (e.g.\&
.Pa /sys/i386/conf/DISKLESS )
has at least the following options and devices:
.Bd -literal -offset indent
device md
options BOOTP
options BOOTP_NFSROOT
options BOOTP_COMPAT
.Ed
.Pp
If you use the firewall, remember to default to open or your kernel
will not be able to send/receive the bootp packets.
.El
.Sh SECURITY ISSUES
Be warned that using unencrypted NFS to mount root and user
partitions may expose information such as
encryption keys.
.Sh BUGS
This manpage is probably incomplete.
.Pp
.Fx
sometimes requires to write onto
the root partition, so the startup scripts create and mount
.Xr md 4 Ns -backed
filesystems on some locations (e.g.\&
.Pa /etc
and
.Pa /var ) ,
while
trying to preserve the original content.
The process might not handle all cases.
.Sh SEE ALSO
.Xr md 4 ,
.Xr ethers 5 ,
.Xr exports 5 ,
.Xr bootpd 8 ,
.Xr mountd 8 ,
.Xr nfsd 8 ,
.Xr pxeboot 8 ,
.Xr reboot 8 ,
.Xr tftpd 8 ,
.Xr ports/net/etherboot