Troubleshooters.Com and T.C Linux Library Present

Installing Linux over NFS
The How's and Why's

Copyright (C) 2003 by Steve Litt, All rights reserved. Material provided as-is, use at your own risk.


Steve Litt is the author of Troubleshooting Techniques of the Successful TechnologistRapid Learning: Secret Weapon of the Successful Technologist, and Samba Unleashed.

Contents:

Executive Summary:

If you already have the proper installation materials on one of your computer, and if the client to be has a network card that the installer can probe, an NFS installation is much faster than a CD install. It also removes the need for switching CD's, so once you've answered the questions, it can install unattended. Subjectively, I think that NFS installs might be more reliable than CD installs, because a network is more reliable than a CD reader.

Best of all, if you're installing multiple machines, you save time aplenty.

NFS installs aren't for everyone. They're more complex than a CD install. You must place the iso images in a directory on a server, make sure those iso images are accurate, export that directory via nfs, create a boot floppy, and answer unaccustomed questions on the client. You'll have a harder time finding help with NFS installs, because less people are aware of them.

If you perform lots of installs of the same distros, NFS installations can save time and trouble.

This document covers Red Hat 8.0 and Mandrake 9.0 installations. With other distros, your mileage may vary.

One last note. An NFS install doesn't relieve you from the question answering process. If you want an install so automatic that you answer no questions, you need to investigate kickstart, which is beyond the scope of this document.

Overview of the NFS Install Process

Note the description of the Directories and IP addresses used in these examples. The following comprises the NFS installation process:
  1. Place the Installation files in a directory on the server. This step differs radically with distribution.
  2. Export that directory via NFS.
  3. Check that you're not blocked by iptables
  4. Create one or more NFS aware boot floppies.
  5. Insert a boot floppy in the computer to be installed.
  6. Shutdown and reboot the computer.
  7. Remove the floppy when the question about what language to use appears.
  8. Answer the questions about the network.
  9. Conduct a normal install from this point forward.

Directories and IP addresses used in these examples

The following settings are used in examples on this page:
Please make note of these settings so that you're not confused in the examples.

Place the Installation files in a directory on the server.

When it comes to loading the software into the installation directory, Red Hat allows either loading of the CD ISO image files, or loading the actual files and directories. Mandrake allows only the latter. The ISO method is MUCH simpler.

The Red Hat method

Choose a directory in which to place the CD ISO images. For example's sake, we'll call the directory /scratch/rh8iso. That directory needs to be world readable, and it needs to be executable all the way up the tree. Place the CD ISO files inside that directory. You can name the files anything you want -- as long as they have a filetype of .iso (perhaps you could even get away with other filetypes -- I didn't check). The ISO files must be world readable.

If you need to dd off of /dev/cdrom to obtain the ISO images, be sure you follow the instructions on the Coasterless CD Burning page.

The Mandrake method

Choose a directory in which to place the CD ISO images. For example's sake, we'll call the directory /scratch/mand9iso. That directory needs to be world readable, and it needs to be executable all the way up the tree. Now copy the entire contents of CD 1 into that directory:
cp -R -p /mnt/cdrom/* /scratch/mand9iso
Now, for each additional CD in the install set, do the following:
chmod u+w /scratch/mand9iso/Mandrake
cp -R -p /mnt/cdrom/Mandrake /scratch/mand9iso

Export that directory via NFS

Do all this as user root. Once the install CD's are properly loaded in the directory, that directory must be made available on the local network. Add the following to /etc/exports:
/scratch/rh8iso 192.168.100.0/24(ro)
/scratch/mand9iso 192.168.100.0/24(ro)
Save the file and then restart NFS with the following command:
service nfs restart
Assuming you have an existing /mnt/temp directory, you can verify success with the following commands:
mount -t nfs 192.168.100.2:/scratch/rh8iso /mnt/temp
or
mount -t nfs 192.168.100.2:/scratch/mand9iso /mnt/temp
If that command fails, or if you can't see the files and directories inside /mnt/temp, then something's wrong and you need to troubleshoot before moving on to the next step.

Check that you're not blocked by iptables

The iptables software relies on portmap to map some ports at high addresses. These high ports can change each time iptables is restarted. Therefore, these high ports can be blocked by the client machine's firewall, preventing NFS access. The solution is:
  1. Force the high port to be known
  2. Fix the firewall to pass these ports
This article discusses how to solve the problem with Red Hat 8.0. Other distros will differ, naturally.

Diagnosing the Problem

If you can't mount NFS shares and can't figure out why, try mounting them from localhost on the share host:
mount -t nfs -o ro localhost:/scratch/iso /mnt/test
If the preceding works whereas mounts from other hosts do not, it's an excellent indication that you're firewall blocking your NFS. To really make sure, *very temporarily* create an overly permissive firewall. If the NFS mounting problem goes away, you have an iptables problem that can be fixed with iptables configuration.

Creation of an overly permissive firewall is described later in this article.

Finding or Creating Your iptables Configuration File

The usual config file for iptables is /etc/sysconfig/iptables., but it could be elsewhere. To find the location of the iptables configuration file, look in  /etc/rc.d/init.d/iptables at the code in save(). This code contains an environment variable set to the intended location of the config file. On Mandy 9 boxes this is called $IPTABLES_CONFIG. Next look through /etc/rc.d/init.d/iptables  to determine how that variable is set. In Mandy 9.0 it's set near the top of the file. Once you know the intended config file, you can look for it, and if it doesn't exist, you can create it.


A default Red Hat 8 box does not contain this file. Instead, the boot process builds up iptablescommand by command. In my opinion having the config file is much easier for troubleshooting. So if you don't have /etc/sysconfig/iptables, your first step is to create it.

WARNING

ALWAYS make absolutely sure there's no existing iptables config file before creating one, because overwriting your existing firewall is a terrible thing.

If you're sure you don't have a config file (look elsewhere besides /etc/sysconfig/iptables), use the following command to create one:
service iptables restart
service iptables save
The first command restarts iptables, putting it in a known state. The second writes the config file. Here's how it looks on my Mandy 9.0 box:
[root@mydesk sysconfig]# service iptables save
Saving current rules to /etc/sysconfig/iptables: [ OK ]
[root@mydesk sysconfig]#
Now you have a configuration file to work with.

Creating an Overly Permissive Firewall

WARNING

Don't create an overly permissive firewall if you're in an extremely hostile environment. Either disconnect the machine from the main network and test it with a small one not connected to the Internet (i.e. null modem cable or equivalent), or perform more troubleshooting steps to determine the nature of the problem without undue exposure to crackers.

Edit your firewall config file (probably /etc/sysconfig/iptables). Go to the filter chain, which starts with the string *filter. Right above the first -Aline in the filter chain, insert the following line:
[0:0] -A INPUT -j ACCEPT
The preceding line tells the filter chain to accept all packets from everywhere. Restart iptables and try your mount again. If it succeeds, you've toggled the symptom with the client firewall, so now you know where to troubleshoot.

To foil script kiddies, IMMEDIATELY remove the line you just inserted.

Allowing NFS Through Your Client Firewall

Your first step is to view the output of rpcinfo to see what ports you're using. The session might look something like this:

[root@mydesk root]# rpcinfo -p 192.168.100.2
program vers proto port
100000 2 tcp 111 portmapper
100000 2 udp 111 portmapper
100021 1 udp 32886 nlockmgr
100021 3 udp 32886 nlockmgr
100021 4 udp 32886 nlockmgr
100011 1 udp 808 rquotad
100011 2 udp 808 rquotad
100011 1 tcp 811 rquotad
100011 2 tcp 811 rquotad
100003 2 udp 2049 nfs
100003 3 udp 2049 nfs
100005 1 udp 32888 mountd
100005 1 tcp 33448 mountd
100005 2 udp 32888 mountd
100005 2 tcp 33448 mountd
100005 3 udp 32888 mountd
100005 3 tcp 33448 mountd
[root@mydesk root]#

In the preceding notice that the mountd daemon is assigned two different ports. Restart nfs, run rpcinfo again, and you'll likely see the ports change. The changes are due to the actions of the portmapper program. I think you'll agree that makes firewalling somewhat challenging.

The simplest solution is to hard code the mountd ports to a specific value. To do this, ON THE NFS SERVERedit the /etc/rc.d/init.d/nfsscript.

One solution is to create a script that grep's the output of the rpcinfo command, turns the mountd lines into iptables commands, and updates iptables. Workable, but a challenge, especially because each time you rerun the command you must remove the iptables lines from the previous run. An

Create one or more NFS aware boot floppies

WARNING

When using the dd command to write to device /dev/fd0, always wait until the command finishes AND the floppy light goes out before removing the floppy.

NOTE

If you have trouble finding reliable floppy media, you can Use the floppy image to create a bootable CD equivalent to the bootable floppy.

On most distros, the first CD contains a directory called images. This directory contains various images to make bootable floppies. Place a known good, write enabled floppy in the server's drive, and make your boot floppies:
umount /mnt/temp
mount -o loop,ro /scratch/rh8iso /mnt/temp
dd if=/mnt/temp/images/bootnet.img of=/dev/fd0

umount /mnt/temp
dd if=/scratch/mand9iso/images/network.img of=/dev/fd0
Depending on the number of machines needing installation, and the number of people doing installations, you might want to make several boot floppies.

Insert a boot floppy in the computer to be installed

Be sure to write protect the floppy in case of a boot virus. Be sure the floppy is fully inserted and ready for action.

If you've elected to burn a CD equivalent to the bootable floppy, insert the CD, and make sure the bios is set to boot from CD.

Shutdown and reboot the computer

It's probably better to do an orderly shutdown before rebooting the computer. Yes, you'll be reinstalling and reformatting, but it's always best practice not to trash your partitions. Format them in an orderly fashion.

When you turn the power back on or otherwise reboot, at the lilo or grub prompt hit Enter. The floppy based kernel and ramdisk image will load, and then the installation program will begin to ask you questions.

Remove the floppy when the question about what language to use appears.

By the time the install program is far enough along to ask you whether to use English or some other language, everything from the floppy or CD equivalent is in RAM and you don't need the floppy anymore. Unlike Windows 9x, Linux installs don't continually reboot. Now that the floppy is out of the computer, you can use it to boot the next box to install. Installfests and other mass installs are fun, aren't they?

Answer the questions about the network.

Because the computer being installed must have IP connectivity with the installation server, you must either select automatic IP configuration or configure the new computer's network to be in the same subnet as the installation server. Note that automatic IP configuration works only if there's a DHCP server on the local network.

Whatever you configure at this point, you can change the network setup post installation, or you can even change it later in the installation process.

Conduct a normal install from this point forward

A few tips.

Summary


NFS installs are SO kewl. They're fast, reliable, and require much less operator intervention (CD swapping). And they're like greased lightning when performing multiple installs. And in situations where there aren't enough install CD's to go around (like installfests), they eliminate the bottleneck and let everyone get installed.

They're a little more complicated, but not much. This document tells you exactly how to perform an NFS installation. Use it!

Back to Troubleshooters.Com * Back to Linux Library