Installing Linux over NFS
The How's and Why's
Copyright (C) 2003 by Steve Litt, All rights
reserved. Material provided as-is, use at your own risk.
Contents:
Executive Summary:
If you already have the proper installation materials on one of your computer,
and if the client to be has a network card that the installer can probe,
an NFS installation is much faster than a CD install. It also removes the
need for switching CD's, so once you've answered the questions, it can install
unattended. Subjectively, I think that NFS installs might be more reliable
than CD installs, because a network is more reliable than a CD reader.
Best of all, if you're installing multiple machines, you save time aplenty.
NFS installs aren't for everyone. They're more complex than a CD install.
You must place the iso images in a directory on a server, make sure those
iso images are accurate, export that directory via nfs, create a boot floppy,
and answer unaccustomed questions on the client. You'll have a harder time
finding help with NFS installs, because less people are aware of them.
If you perform lots of installs of the same distros, NFS installations can
save time and trouble.
This document covers Red Hat 8.0 and Mandrake 9.0 installations. With other
distros, your mileage may vary.
One last note. An NFS install doesn't relieve you from the question answering
process. If you want an install so automatic that you answer no questions,
you need to investigate kickstart, which is beyond the scope of this document.
Overview of the NFS Install Process
Note the description of the Directories
and IP addresses used in these examples. The following comprises the
NFS installation process:
- Place the Installation files
in a directory on the server. This step differs radically with distribution.
- Export that directory via
NFS.
- Check that you're not blocked by iptables
- Create one or more NFS aware
boot floppies.
- Insert a boot floppy in the computer
to be installed.
- Shutdown and reboot the
computer.
- Remove the floppy when the question about
what language to use appears.
- Answer the questions
about the network.
- Conduct a normal install from this
point forward.
Directories and IP addresses
used in these examples
The following settings are used in examples on this page:
- Server Settings
- FQDN hostname = myserver.domain.cxm
- IP address = 192.168.100.2
- Netmask = 255.255.255.0
- RedHat ISO container directory = /scratch/rh8iso
- Mandrake RPM container directory = /scratch/mand9iso
- Client (computer to be installed) settings
- FDQN hostname = newbox.domain.cxm
- IP address = 192.168.100.3
- Netmask = 255.255.255.0
Please make note of these settings so that you're not confused in the examples.
Place the Installation
files in a directory on the server.
When it comes to loading the software into the installation directory, Red
Hat allows either loading of the CD ISO image files, or loading the actual
files and directories. Mandrake allows only the latter. The ISO method is
MUCH simpler.
The Red Hat method
Choose a directory in which to place the CD ISO images. For example's sake,
we'll call the directory /scratch/rh8iso. That directory needs to
be world readable, and it needs to be executable all the way up the tree.
Place the CD ISO files inside that directory. You can name the files anything
you want -- as long as they have a filetype of .iso (perhaps you could even
get away with other filetypes -- I didn't check). The ISO files must be world
readable.
If you need to dd off of /dev/cdrom to obtain the ISO images, be sure you
follow the instructions on the Coasterless CD Burning
page.
The Mandrake method
Choose a directory in which to place the CD ISO images. For example's sake,
we'll call the directory /scratch/mand9iso. That directory needs
to be world readable, and it needs to be executable all the way up the tree.
Now copy the entire contents of CD 1 into that directory:
cp -R -p /mnt/cdrom/* /scratch/mand9iso
Now, for each additional CD in the install set, do the following:
chmod u+w /scratch/mand9iso/Mandrake
cp -R -p /mnt/cdrom/Mandrake /scratch/mand9iso
Export that directory via
NFS
Do all this as user root. Once the install CD's are properly loaded in the
directory, that directory must be made available on the local network. Add
the following to /etc/exports:
/scratch/rh8iso 192.168.100.0/24(ro)
/scratch/mand9iso 192.168.100.0/24(ro)
Save the file and then restart NFS with the following command:
service nfs restart
Assuming you have an existing /mnt/temp directory, you can verify
success with the following commands:
mount -t nfs 192.168.100.2:/scratch/rh8iso /mnt/temp
or
mount -t nfs 192.168.100.2:/scratch/mand9iso /mnt/temp
If that command fails, or if you can't see the files and directories inside
/mnt/temp, then something's wrong and you need to troubleshoot before
moving on to the next step.
Check that you're
not blocked by iptables
The iptables software relies
on portmap to map some ports
at high addresses. These high ports can change each time iptables is restarted. Therefore,
these high ports can be blocked by the
client machine's firewall, preventing NFS access. The solution is:
- Force the high port to be known
- Fix the firewall to pass these ports
This article discusses how to solve the problem with Red Hat 8.0. Other distros
will differ, naturally.
Diagnosing the Problem
If you can't mount NFS shares and can't figure out why, try mounting them
from localhost on the share host:
mount -t nfs -o ro localhost:/scratch/iso /mnt/test
If the preceding works whereas mounts from other hosts do not, it's an excellent
indication that you're firewall blocking your NFS. To really make sure, *very
temporarily* create an overly permissive firewall. If the NFS mounting problem
goes away, you have an iptables
problem that can be fixed with iptables
configuration.
Creation of an overly permissive firewall is described later in this article.
Finding or Creating Your iptables Configuration File
The usual config file for iptables
is /etc/sysconfig/iptables.,
but it could be elsewhere. To find the location of the iptables configuration file, look
in /etc/rc.d/init.d/iptables
at the code in save(). This
code contains an environment variable set to the intended location of the
config file. On Mandy 9 boxes this is called $IPTABLES_CONFIG. Next look through
/etc/rc.d/init.d/iptables
to determine how that variable is set. In Mandy 9.0 it's set near the top
of the file. Once you know the intended config file, you can look for it,
and if it doesn't exist, you can create it.
A default Red Hat 8 box does not contain this file. Instead, the boot process
builds up iptablescommand by
command. In my opinion having the config file is much easier for troubleshooting.
So if you don't have /etc/sysconfig/iptables,
your first step is to create it.
WARNING
ALWAYS make absolutely sure there's no existing iptables config file before creating
one, because overwriting your existing firewall is a terrible thing.
|
If you're sure you don't have a config file (look elsewhere besides /etc/sysconfig/iptables), use the
following command to create one:
service iptables restart
service iptables save
The first command restarts iptables,
putting it in a known state. The second writes the config file. Here's how
it looks on my Mandy 9.0 box:
[root@mydesk sysconfig]# service iptables save
Saving current rules to /etc/sysconfig/iptables: [ OK ]
[root@mydesk sysconfig]#
Now you have a configuration file to work with.
Creating an Overly Permissive Firewall
WARNING
Don't create an overly permissive firewall if you're in an extremely hostile
environment. Either disconnect the machine from the main network and test
it with a small one not connected to the Internet (i.e. null modem cable
or equivalent), or perform more troubleshooting steps to determine the nature
of the problem without undue exposure to crackers. |
Edit your firewall config file (probably /etc/sysconfig/iptables). Go to the
filter chain, which starts with
the string *filter. Right above
the first -Aline in the filter chain, insert the following
line:
[0:0] -A INPUT -j ACCEPT
The preceding line tells the filter chain to accept all packets from everywhere.
Restart iptables and try your mount again. If it succeeds, you've toggled
the symptom with the client firewall, so now you know where to troubleshoot.
To foil script kiddies, IMMEDIATELY remove the line you just inserted.
Allowing NFS Through Your Client Firewall
Your first step is to view the output of rpcinfo to see what ports you're using.
The session might look something like this:
[root@mydesk root]# rpcinfo -p 192.168.100.2 program vers proto port 100000 2 tcp 111 portmapper 100000 2 udp 111 portmapper 100021 1 udp 32886 nlockmgr 100021 3 udp 32886 nlockmgr 100021 4 udp 32886 nlockmgr 100011 1 udp 808 rquotad 100011 2 udp 808 rquotad 100011 1 tcp 811 rquotad 100011 2 tcp 811 rquotad 100003 2 udp 2049 nfs 100003 3 udp 2049 nfs 100005 1 udp 32888 mountd 100005 1 tcp 33448 mountd 100005 2 udp 32888 mountd 100005 2 tcp 33448 mountd 100005 3 udp 32888 mountd 100005 3 tcp 33448 mountd [root@mydesk root]#
|
In the preceding notice that the mountd
daemon is assigned two different ports. Restart nfs, run rpcinfo again, and you'll likely see
the ports change. The changes are due to the actions of the portmapper program.
I think you'll agree that makes
firewalling somewhat challenging.
The simplest solution is to hard code the mountd ports to a specific value.
To do this, ON THE NFS SERVERedit
the /etc/rc.d/init.d/nfsscript.
One solution is to create a script that grep's the output of the rpcinfo command, turns the mountd lines into iptables commands, and updates iptables. Workable, but a challenge,
especially because each time you rerun the command you must remove the iptables lines from the previous
run. An
Create one or more NFS aware
boot floppies
WARNING
When using the dd command to write to device /dev/fd0, always
wait until the command finishes AND the floppy light goes out before removing
the floppy.
|
On most distros, the first CD contains a directory called images.
This directory contains various images to make bootable floppies. Place a
known good, write enabled floppy in the server's drive, and make your boot
floppies:
umount /mnt/temp
mount -o loop,ro /scratch/rh8iso /mnt/temp
dd if=/mnt/temp/images/bootnet.img of=/dev/fd0
umount /mnt/temp
dd if=/scratch/mand9iso/images/network.img of=/dev/fd0
Depending on the number of machines needing installation, and the number
of people doing installations, you might want to make several boot floppies.
Insert a boot floppy in the computer
to be installed
Be sure to write protect the floppy in case of a boot virus. Be sure the
floppy is fully inserted and ready for action.
If you've elected to burn a CD
equivalent to the bootable floppy, insert the CD, and make sure the
bios is set to boot from CD.
Shutdown and reboot the
computer
It's probably better to do an orderly shutdown before rebooting the computer.
Yes, you'll be reinstalling and reformatting, but it's always best practice
not to trash your partitions. Format them in an orderly fashion.
When you turn the power back on or otherwise reboot, at the lilo or grub
prompt hit Enter. The floppy based kernel and ramdisk image will load, and
then the installation program will begin to ask you questions.
Remove the floppy when the question about
what language to use appears.
By the time the install program is far enough along to ask you whether to
use English or some other language, everything from the floppy
or CD equivalent
is in RAM
and you don't need the floppy anymore. Unlike Windows 9x, Linux installs
don't continually reboot. Now that the floppy is out of the computer, you
can use it to boot the next box to install. Installfests and other mass installs
are fun, aren't they?
Answer the questions
about the network.
Because the computer being installed must have IP connectivity with the installation
server, you must either select automatic IP configuration or configure the
new computer's network to be in the same subnet as the installation server.
Note that automatic IP configuration works only if there's a DHCP server
on the local network.
Whatever you configure at this point, you can change the network setup post
installation, or you can even change it later in the installation process.
Conduct a normal install from
this point forward
A few tips.
- If installing Mandrake, don't install too much at one time. Although
it's rock solid once installed, Mandrake installations can be glitchy, intermittent,
and frustrating. Install a reasonably sized system now, and use rpmdrake
to install more later. The only disadvantage of postinstallation use of rpmdrake
is that the installed software doesn't go in the menu system.
- When asked whether you'd like it to boot to graphics mode or text mode,
choose text mode (runlevel 3). That prevents a catch22 where if only you
could see your screen you could fix the graphics, and if only you could fix
the graphics you could see the screen.
- If you fail to follow the preceding tip and get yourself a nasty catch
22, fix it with the following process:
- Reboot however you can
- At the boot prompt, type linux single or append a space
the word "single" or the number "1" to whatever your normal boot label is
called. This puts you in single user mode, which is always text.
- Log in as root.
- Edit /etc/inittab, and change this line:
id:5:initdefault:
to this:
id:3:initdefault:
- Save and perform a three-finger salute (Ctrl+Alt+Del), and you'll
boot to runlevel 3. Typing exit at the command prompt is not sufficient,
because you'll simply return to runlevel 5, which isn't what you want.
- During installation, don't test your video setup -- it might hang and
trash an hour of install labor. You can configure your video post-installation
with /usr/bin/redhat-config-xfree86 (Red Hat) or /usr/sbin/XFdrake
(Mandrake), and if it bombs it won't take an entire installation with it.
Summary
NFS installs are SO kewl. They're fast, reliable, and require much less operator
intervention (CD swapping). And they're like greased lightning when performing
multiple installs. And in situations where there aren't enough install CD's
to go around (like installfests), they eliminate the bottleneck and let everyone
get installed.
They're a little more complicated, but not much. This document tells you
exactly how to perform an NFS installation. Use it!