A diskless server needs a copy of the operating system files, served from an NFS server. The Ubuntu docs have a general-purpose tutorial on diskless systems, which suggests copying the files from your NFS server. My NFS servers are not Ubuntu boxes. Also, I don’t want to copy from a live system; too many things can happen. I want a set of Ubuntu server files that I can use to deploy a functional server in a known good state, that complies with the requirements of my environment. And I need to script it, so I can boot and update my “golden image” server and easily reproduce the same file set. And I want all the routine changes taken care of automatically.
This problem isn’t hard, but I’ve spent a fair amount of time building and rebuilding diskless systems lately, so you get to hear about it.
Install an actual Ubuntu system. I prefer to install on a virtual machine. This will become your “golden image.” When the Ubuntu installer asks for a machine profile, choose OpenSSH server.
- apt-get update && apt-get upgrade
- Install required software, such as emacs, tcsh, and configure .
- install portmap and nfs-common.
- Install and configure LDAP auth and sudo against LDAP
- Install and configure ufw. I’ve seen many attacks against Ubuntu boxes lately, and highly recommend very restrictive firewall rules. Do not let the world talk to your Ubuntu servers!
- Make a VM snapshot of your base image, so you can revert to this core functionality
- Install anything else required to make this a nice clean template for the purpose of this server.
Now mount a directory on another server on the clean server’s /mnt via NFS and tar up the server.
# cd /
# tar -cvpf /mnt/ubuntu1004.tar --one-file-system .
Wait.
The resulting tarball has a few problems. I don’t want the diskless hosts to all have the same SSH keys, so those files need to be removed. Ubuntu caches the MAC address of attached NICs to maintain consistent interface names across reboots. This cached MAC address will be wrong for the diskless machine. The existing interface configuration will not work on a diskless machine (see below). Finally, the fstab is wrong for any diskless machine. The machine will get its hostname from DHCP, rather than from a file. I therefore remove the troublesome files from the tarball.
# tar --delete -f /mnt/ubuntu1004.tar ./etc/ssh/ssh_host_rsa_key ./etc/ssh/ssh_host_rsa_key.pub ./etc/ssh/ssh_host_dsa_key ./etc/ssh/ssh_host_dsa_key.pub ./etc/udev/rules.d/70-persistent-net.rules ./etc/fstab ./etc/network/interfaces ./etc/hostname
The difficult file is /etc/network/interfaces. I don’t want to use the server’s network configuration. My test server boots from either DHCP or with a static IP, and neither will work for a diskless server. A diskless server needs an /etc/network/interfaces like this:
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
I want to replace the existing ./etc/network/interfaces with one of my own choosing. Tar won’t let you replace a file in an existing archive, but it will let you add another file of the same name. I change to a config directory and add this file to my tarball. Similarly, I need a blank etc/fstab. I create a fake etc directory in another location, touch etc/fstab, and create a suitable etc/network/interfaces.
# tar --append -f /mnt/ubuntu1004.tar etc/network/interfaces etc/fstab
To use this file, log into NFS server, go to the mount point for the diskless system, and run:
# tar -xpf /path/ubuntu1004.tar
The machine will then boot, is easily cloned, built to my standards, and the only customization needed is to run dpkg-reconfigure openssh-server.
As I installed on a virtual server I can snapshot the golden image and build custom filesystems for different purposes.
Lots of long commands? Yep. This basically screams “8-line shell script, please.” It’s a pretty trivial script, but if you’ve made it this far, you’re either interested in what I’m doing or astonished at my inanity. In either case, you should get the script too.
#!/bin/sh
mount nfs1:/tmpmount /mnt
cd /
tar -cvpf /mnt/ubuntu1004.tar –one-file-system .
tar –delete -vf /mnt/ubuntu1004.tar ./etc/ssh/ssh_host_rsa_key ./etc/ssh/ssh_host_rsa_key.pub ./etc/ssh/ssh_host_dsa_key ./etc/ssh/ssh_host_dsa_key.pub ./etc/udev/rules.d/70-persistent-net.rules ./etc/fstab ./etc/network/interfaces ./etc/hostname
cd /home/mwlucas/fakeroot
tar –append -f /mnt/ubuntu1004.tar etc/network/interfaces etc/fstab
Yes, this shell script is a good example of fault-oblivious computing. But it suits my minimal needs, and performs the same task the same way every time.