Scribd
Upload
55 views

Network Booted Openbsd Workstations: Jan Klemkow

The document discusses setting up a network booted OpenBSD workstation environment. Key points include: - DHCP, TFTP, and NFS are configured to PXE boot OpenBSD installations from a centralized root filesystem stored on a server. - The root filesystem is created by extracting packages and configuring devices, filesystems, users, and services. It takes up around 34MB per workstation. - Additional filesystems like /usr and package databases are also provided via NFS. - LDAP integration is configured for centralized user and group authentication. - Benefits include easy maintenance and upgrades by managing the root filesystem from one location, while potential issues addressed are slower performance and lack of

Uploaded by

Nb A Dung
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
55 views

Network Booted Openbsd Workstations: Jan Klemkow

The document discusses setting up a network booted OpenBSD workstation environment. Key points include: - DHCP, TFTP, and NFS are configured to PXE boot OpenBSD installations from a centralized root filesystem stored on a server. - The root filesystem is created by extracting packages and configuring devices, filesystems, users, and services. It takes up around 34MB per workstation. - Additional filesystems like /usr and package databases are also provided via NFS. - LDAP integration is configured for centralized user and group authentication. - Benefits include easy maintenance and upgrades by managing the root filesystem from one location, while potential issues addressed are slower performance and lack of

Uploaded by

Nb A Dung
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Network booted

OpenBSD Workstations

Jan Klemkow
<jan@openbsd.org>

BSDCan
May 17th 2019
whoami

Profession OpenBSD
Master of Engineering User since 3.9
Software Developer Contributor since 5.0
Developer since 6.6
The given Environment.
Given Environment

Linux Workstations

/home via NFS

LDAP Server

PXE booted GRUB bootloader


default disk
optional Linux Netinstall
Given Environment

Linux Workstations

/home via NFS

LDAP Server

PXE booted GRUB bootloader


default disk
optional OpenBSD Live Boot
optional Linux Netinstall
Needed Environment
Needed Environment

# cat /etc/dhcpd.conf
...
host client {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 10.0.0.2;
next-server 10.0.0.1;
filename “pxeboot“;
}
...

# rcctl enable dhcpd


# rcctl start dhcpd
Needed Environment

# mkdir /tftpboot
# cp /usr/mdec/pxeboot /tftpboot

# cat /etc/rc.conf.local
...
tftpd_flags=-l 10.0.0.1 /tftpboot
...

# rcctl start tftpd


Needed Environment

# cp /bsd /tftpboot
Needed Environment

# cat /etc/ethers
...
xx:xx:xx:xx:xx:xx client
...

# cat /etc/hosts
...
10.0.0.2 client
...

# rcctl enable rarpd


# rcctl start rarpd
Needed Environment

# cat /etc/ethers
...
xx:xx:xx:xx:xx:xx client
...

# cat /etc/hosts
...
10.0.0.2 client
...

# rcctl enable rarpd


# rcctl start rarpd
Needed Environment

# cat /etc/ethers
...
xx:xx:xx:xx:xx:xx client
...

# cat /etc/hosts
...
10.0.0.2 client
...

# rcctl enable rarpd


# rcctl start rarpd
Needed Environment

# cat /etc/bootparams
...
client root=10.0.0.1:/exports/client
...

# rcctl enable bootparamd


# rcctl start bootparamd
How to create a root filesystem?
Create a root filesystem
# mkdir -p /export/client
# tar xzphf *.tgz -C /export/client

# cd /export/client/var/sysmerge/
# tar xzphf etc.tgz -C /export/client/
# tar xzphf xetc.tgz -C /export/client/

# cd /export/client
# (cd dev; ./MAKEDEV all)

# cat > etc/fstab <<-EOF


10.0.0.1:/export/client / nfs rw 0 0
10.0.0.1:/usr /usr nfs ro 0 0
swap /tmp mfs rw,-s512M 0 0
EOF

# echo “client“ > etc/myname


# echo “dhcp“ > etc/hostname.em0
# echo “portmap_flags=“ >> etc/rc.conf.local
# echo “ypbind_flags=“ >> etc/rc.conf.local
# echo “xendom_flags=“ >> etc/rc.conf.local

# echo “genua.de“ > etc/defaultdomain


# echo '+:*::::::::' >> etc/master.passwd
# echo '+:*::' >> etc/group
# pwd_mkdb -d etc -p etc/master.passwd
# cap_mkdb -f etc/login.conf /etc/login.conf
How big is a default root
filesystem?
Size of all root filesystems of all
Workstations?

# du -sh /export/client
922M /export/client

~1 GiByte/WS × 250 WS = 250 GiByte


Breakdown the size of a default
installation
Size of all root filesystems of all
Workstations?

# rm -r /export/client/usr/*

# du -sh /export/client
34M /export/client

~34 MiByte/WS × 250 WS = 8.5 GiByte


Needed Environment

# cat /etc/exports
/usr -ro -network=10.0.0.0 -mask=255.255.255.0
/var/db/pkg -ro -network=10.0.0.0 -mask=255...
...
/export/client -maproot=root -alldirs 10.0.0.2
...

# rcctl enable mountd nfsd portmap


# rcctl start mountd nfsd portmap
Needed Environment

# cat /etc/ethers
...
xx:xx:xx:xx:xx:xx client
...

# cat /etc/hosts
...
10.0.0.2 client
...

# rcctl enable rarpd


# rcctl start rarpd
Needed Environment

# cat /etc/ypldap.conf

domain “genua.de“

provide map “passwd.byname“


provide map “passwd.byid“
provide map “group.byname“
provide map “group.byid“
provide map “netid.byname“

directory “ldap.genua.de“ tls {


...
passwd filter “(objectClass=posixAccount)“
...
}

# rcctl enable ypldap


# rcctl start ypldap
Some hints

# cat /export/client/etc/fstab
...
swap /tmp mfs rw,-s512M
10.0.0.1:/var/db/pkg /var/db/pkg nfs ro
Used Hardware

Workstation vServer
CPU Intel Core i5-4590 Intel Xeon
RAM 8 GiByte 43xx
Net 100 MBit/s 4 GiByte
Disk 1 GBit/s
GFX Intel integrated 128 GiByte
GFX
User Experience

system starts a bit slower


programs starts a bit slower

no local storage

Rollout of 250 Workstations in 12min


Problems.
User Experience Problems: NVIDIA GFX
User Experience Problems

sharing ~/.* between Linux and OpenBSD


switching OpenBSD <-> Linux shifts the Clock
no swap
non-persistent /tmp
/etc/sshd/known_hosts
Administration

All rootfs at /export/...


Offline Maintainance
Easy Upgrade
End

Questions?

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy