From Fedora Project Wiki

Revision as of 14:13, 24 May 2008 by fp-wiki>ImportUser (Imported from MoinMoin)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Stateless Linux - Stateless Linux Client Configuration

See Stateless Linux HOWTO

Client Side Setup/Configuration

All stateless clients boot the first time over the network; subsequent boots may also be over the network, or in the case of caching clients, from local storage.

Therefore, you need to instruct the client machine to boot from the network/LAN. The exact method for accomplishing this varies between machines. It is often necessary to enter the BIOS setup and enable network/LAN/PXEBOOT capabilities for the network interface. Once that's accomplished you should be able to either hit a special key during startup to force booting off the LAN, or you may need to edit the boot priority sequencing in the BIOS.

On some machines we have found it necessary to enable LAN/networkPXEBOOT for the network interface, then power cycle the machine before it was possible to configure the boot priorities for booting off the network.

Older machines or old NIC cards may not natively support PXEBOOT.

Once you have configured the client to boot off the network, start the boot sequence and look for a message which indicates the client's network address. It will look something like 00:0c:4f:a1:6f:08. Write down the sequence of hexidecimal digits as we'll use it shortly.

Server Side Setup/Configuration

First we need to create state files for the client under puppet's control on the server. The following commands should be sufficient:

$> mkdir /var/lib/puppet/files/private/myclient
$> mkdir -p /var/lib/puppet/files/private/myclient/etc/ssh
$> cp /export/FC6/etc/ssh/* /var/lib/puppet/files/private/myclient/etc/ssh
$> ssh-keygen -q -t rsa1 -f /var/lib/puppet/files/private/myclient/etc/ssh/ssh_host_key -C '' -N  ''
$> ssh-keygen -q -t rsa -f /var/lib/puppet/files/private/myclient/etc/ssh/ssh_host_rsa_key -C '' -N ''
$> ssh-keygen -q -t dsa -f /var/lib/puppet/files/private/myclient/etc/ssh/ssh_host_dsa_key -C '' -N ''
$> mkdir -p /var/lib/puppet/files/private/myclient/etc/X11
$> touch /var/lib/puppet/files/private/myclient/etc/X11/xorg.conf
$> chown -R puppet.puppet /var/lib/puppet/files/private/myclient

Note that we will explicitly copy the client's /etc/xorg.conf file to the puppet server after the client has booted and X has been configured. The empty file is just a placeholder.

Instantiating a profile for a fully caching client

Given the MAC address for the client, we can register the client with cobbler.

$> cobbler system add --name=<Client MAC Address> --profile=FC6-diskfull --pxe-address=<Client IP Address>
$> cobbler sync

Obviously you need to fill in the client's MAC address and the client's IP address. At this point you should be able to turn on the client and it should automatically image itself. After the client has imaged itself it should reboot and you should proceed to configure X11. Once you have configured X11, log into the client and perform:


scp /etc/X11/xorg.conf root@myserver:/var/lib/puppet/files/myclient/etc/X11/xorg.conf

This moves the canonical copy of the X configuration into puppet's database for the client.


Server Side Setup/Configuration for Diskless Clients

Register the new client with cobbler

$> cobbler system add --name=<Client MAC Address> --profile=FC6-diskless --pxe-address=<Client IP Address>
$> cobbler sync


For NFS clients, you must decide if they will have persistent storage on the NFS server. If they have persistent storage, they can have persistent SSH keys (for example). However, this is inherently insecure as an intruder could sniff NFS traffic off the network and steal the client's private SSH keys.

If you choose to have persistent storage for NFS clients, then issue the following commands on the server to create the persistent storage and export it to the client. Note it is strongly advised that the NFS root directories and the per-client NFS state directories reside in different filesystems on the NFS server. You may get bogus permission denied messages if they reside in the same filesystem. See http://bugzilla.kernel.org/show_bug.cgi?id=7612 for details.

mkdir /export/private/myclient.mydomain
echo "/export/private/myclient.mydomain myclient.mydomain(rw,no_root_squash,async)" >> /etc/exports
service nfs restart

You also need to provide additional parameters to the client via tftpboot so that the client can find its persistent store. Specifically add "CLIENTSTATE=myserver:/export/writable" to the end of the line beginning with APPEND in /tftpboot/pxelinux.cfg/AC1F0080.

Boot the client. You will probably be asked to configure X11. Do so and then copy it to the server. For example:

scp /etc/X11/xorg.conf root@myserver:/var/lib/puppet/files/myclient/etc/X11/xorg.conf

Note that we have not defined any swap space for the client, nor have we mounted any additional filesystems, created users or similar stuff.


Note that you may need to issue the following command on the server if you have not enabled auto-signing for puppet:

puppetca --sign myclient.mydomain