Difference between revisions of "DVDless install"
(Created page with "{{RightTOC}} The (local) network is an additional choice to install Slackware from when your hardware has this capability. Installing from the local network is particularly f...") |
(→Slackware setup) |
||
| Line 241: | Line 241: | ||
A few pieces of advice to make your Slackware setup from network easier : | A few pieces of advice to make your Slackware setup from network easier : | ||
| − | * For some reason Slackare might use an interface other than eth0. Just move the cable to the right slot. | + | * For some reason Slackare might use an interface other than eth0. Just move the cable to the right slot or update (or remove) /etc/udev/rules.d/70-persistent-net.rules. |
* Slackware network setup uses NFS version 3 meaning that directory paths are absolute. | * Slackware network setup uses NFS version 3 meaning that directory paths are absolute. | ||
Latest revision as of 07:58, 4 August 2018
The (local) network is an additional choice to install Slackware from when your hardware has this capability. Installing from the local network is particularly fast and is a good choice when playing around with the installation. This page explains how to configure a Slackware server for this usage. It was inspired by the AlienBob's blog page on the same topic. To install Slackware over the network we need :
- A service to download the Slackware files during the Slackware setup. HTTP, FTP, or NFS can be used. In the example below we show how to use the NFS and FTP services included with Slackware.
- A service implementing the TFTP protocol. TFTP is used to effectively download the bootstrap code from the server identified. We will use the TFTP protocol included with Slackware.
- A service implementing the BOOTP protocol. BOOTP is used by the PXE firmware to identify on the network a server to download the bootloader code from. The DHCP server included with the Slackware distribution has this capability.
Configuring NFS
NFS is SUN's Network File System. It is fast and can be used as a mount point, but depending on configuration may be unsecure and must be used locally only. Also, it uses some random port numbers that need to be fixed if firewalling. The directories used are defined in /etc/exports. Copy the content of the slackware DVD to a directory, for instance /var/pub/slackware64-14.2, then edit /etc/exports as below. ro means read-only, sync makes sure that no asynchronous requests are made, insecure affords using different NFS ports from other NFS implementations, all_squash maps all uids and gids to the anonymous user for public access, no_subtree_check improves reliability in some circumstances. See man exports for more details.
# See exports(5) for a description. # This file contains a list of all directories exported to other computers. # It is used by rpc.nfsd and rpc.mountd. /var/pub 192.168.0.1/24(ro,sync,insecure,all_squash,no_subtree_check)
The NFS server is launched using /etc/rc.d/rc.nfsd. Make this script executable so as to use it on every boot. You can also start it to test it immediately. The NFS client is launched using /etc/rc.d/rc.rpc and affords using NFS mount points from other NFS servers. Make this script executable if you want to use it and have it started on every reboot. This can be handy to cross-test NFS machines. Otherwise it should not be necessary.
# chmod u+x /etc/rc.d/rc.nfsd # chmod u+x /etc/rc.d/rc.rpc
Configuring FTP
As SSH affords encrypted authentication and transfers, FTP will be used on our site only for anonymous public downloads. FTP uses fixed port numbers so it is easy to firewall, but it is much slower than NFS. Slackware includes two FTPs : ProFTPd and vsFTP. We will use the latter. Using vsFTP requires very little configuration : setting the home directory of the ftp user to where we want our files to be downloaded from, uncommenting the correct ftp line in /etc/inetd.conf and /etc/rc.d/rc.inetd restart, updating the firewall rules. For more details man vsftpd.conf.
# usermod --home /var/pub ftp . . . # Very Secure File Transfer Protocol (FTP) server. ftp stream tcp nowait root /usr/sbin/tcpd vsftpd . . . # /etc/rc.d/rc.inetd restart . . . # services on local network FTP BOOTP HTTP NNTP IMAP HTTPS SUBMIT VNC VOIP iptables -A INPUT -p tcp -j ACCEPT --dport 20 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW -s 192.168.0.0/24
Configuring TFTPBOOT
TFTP is the trivial ftp protocol (for use on a local network). Let's create the tftp bootp file structure under the default /tftpboot directory. The directory where we store the bootloader files is /tftpboot/slackware64-14.2 :
# mkdir /tftpboot # mkdir /tftpboot/slackware64-14.2 # mkdir /tftpboot/slackware64-14.2/pxelinux.cfg # cp /usr/share/syslinux/pxelinux.0 /tftpboot/slackware64-14.2/ # cp /var/pub/slackware64-14.2/isolinux/message.txt /tftpboot/slackware64-14.2/ # cp /var/pub/slackware64-14.2/isolinux/f2.txt /tftpboot/slackware64-14.2/ # cp -a /var/pub/slackware64-14.2/kernels /tftpboot/slackware64-14.2/ # cp /var/pub/slackware64-14.2/usb-and-pxe-installers/pxelinux.cfg_default /tftpboot/slackware64-14.2/pxelinux.cfg/default # cp /var/pub/slackware64-14.2/isolinux/initrd.img /tftpboot/slackware64-14.2/
Tftpboot is handled by inetd. To activate it, uncomment the tftp line in /etc/inetd.conf then /etc/rc.d/rc.inetd restart or reboot.
tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot -r blksize
Configuring DHCP
We configure /etc/dhcpd.conf as follows. Our subnet is 192.168.0.0, our network mask 255.255.255.0, our IP address is 192.168.0.1, our router address 192.168.0.254. The IP DHCP range is 192.168.0.3 to 192.168.0.253. For more details on other configuration possbilities, man dhcpd.conf.
# dhcpd.conf
#
# Configuration file for ISC dhcpd (see 'man dhcpd.conf')
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
ddns-update-style none;
# Allow bootp requests
allow bootp;
# Point to the TFTP server:
next-server 192.168.0.1;
# Default lease is 1 week (604800 sec.)
default-lease-time 604800;
# Max lease is 4 weeks (2419200 sec.)
max-lease-time 2419200;
subnet 192.168.0.0 netmask 255.255.255.0 {
option domain-name "studioware.com";
option broadcast-address 192.168.0.255;
option subnet-mask 255.255.255.0;
option domain-name-servers 192.168.0.1;
option routers 192.168.0.254;
range dynamic-bootp 192.168.0.3 192.168.0.253;
use-host-decl-names on;
if substring (option vendor-class-identifier, 0, 9) = "PXEClient" {
filename "/slackware64-14.2/pxelinux.0";
}
}
Next is to create a script /etc/rc.d/rc.dhcpd to launch dhcp. Our bridged interface is br0 :
#!/bin/sh
#
# /etc/rc.d/rc.dhcpd
# This shell script takes care of starting and stopping
# the ISC DHCPD service
#
# Put the command line options here that you want to pass to dhcpd:
DHCPD_OPTIONS="-q br0"
[ -x /usr/sbin/dhcpd ] || exit 0
[ -f /etc/dhcpd.conf ] || exit 0
start() {
# Start daemons.
echo -n "Starting dhcpd: /usr/sbin/dhcpd $DHCPD_OPTIONS "
/usr/sbin/dhcpd $DHCPD_OPTIONS
echo
}
stop() {
# Stop daemons.
echo -n "Shutting down dhcpd: "
killall -TERM dhcpd
echo
}
status() {
PIDS=$(pidof dhcpd)
if [ "$PIDS" == "" ]; then
echo "dhcpd is not running!"
else
echo "dhcpd is running at pid(s) ${PIDS}."
fi
}
restart() {
stop
start
}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
status)
status
;;
*)
echo "Usage: $0 {start|stop|status|restart}"
;;
esac
exit 0
Next is to make /etc/rc.d/rc.dhcpd executable, launch it from /etc/rc.d/rc.local and stop it from /etc/rc.d/rc.local_shutdown :
# chmod u+x rc.dhcpd
. . .
# start dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd start
fi
. . .
# stop dhcpd
if [ -x /etc/rc.d/rc.dhcpd ]; then
/etc/rc.d/rc.dhcpd stop
fi
Firewalling NFS
Refer to IPTables for an introduction on packet filtering. NFS uses some random ports by defaults, that we need to fix if we want to be able to do proper packet filtering. To be precise, NFS uses sunrpc/111 and nfsd/2049, and random port numbers are used by other NFS daemons but it is possible to specify alternative port numbers on the command line or in the /etc/services file, to which we add :
rpc.nfs-cb 32764/tcp # RPC nfs callback rpc.nfs-cb 32764/udp # RPC nfs callback status 32765/udp # NFS status (listen) status 32765/tcp # NFS status (listen) status 32766/udp # NFS status (send) status 32766/tcp # NFS status (send) mountd 32767/udp # NFS mountd mountd 32767/tcp # NFS mountd lockd 32768/udp # NFS lock daemon/manager lockd 32768/tcp # NFS lock daemon/manager rquotad 32769/udp # NFS rquotad rquotad 32769/tcp # NFS rquotad
The /etc/rc.d/rc.nfsd and /etc/rc.d/rc.rpc scripts are modified to specify port numbers on the command lines :
if [ -x /usr/sbin/rpc.rquotad ]; then echo " /usr/sbin/rpc.rquotad -p 32769" /usr/sbin/rpc.rquotad -p 32769 fi if [ -x /usr/sbin/rpc.mountd ]; then echo " /usr/sbin/rpc.mountd -p 32767" /usr/sbin/rpc.mountd -p 32767 fi if ! ps axc | grep -q rpc.statd ; then echo "Starting RPC NSM (Network Status Monitor): /sbin/rpc.statd -p 32765 -o 32766" /sbin/rpc.statd -p 32765 -o 32766 fi
To make the lock daemon listen on port 32768 only and set the nfs callback port to 32764 we need to create file /etc/sysctl.d/nfs.conf :
fs.nfs.nlm_udpport=32768 fs.nfs.nlm_tcpport=32768 fs.nfs.nfs_callback_tcpport=32764
Last BOOTP and the NFS ports must be added to /etc/rc.d/rc.firewall :
# by default no local traffic is allowed for network 192.168.0.0/24 on br0 interface # iptables -A INPUT -i br0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT # iptables -A OUTPUT -o br0 -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT # BOOTP iptables -A INPUT -p udp -j ACCEPT --dport 69 -s 192.168.0.0/24 # NFS ports iptables -A INPUT -p udp -j ACCEPT --dport 111 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 111 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 2049 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 2049 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 32764 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 32764 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 32765 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 32765 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 32766 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 32766 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 32767 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 32767 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 32768 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 32768 -m state --state NEW -s 192.168.0.0/24 iptables -A INPUT -p udp -j ACCEPT --dport 32769 -s 192.168.0.0/24 iptables -A INPUT -p tcp -j ACCEPT --dport 32769 -m state --state NEW -s 192.168.0.0/24
Slackware setup
A few pieces of advice to make your Slackware setup from network easier :
- For some reason Slackare might use an interface other than eth0. Just move the cable to the right slot or update (or remove) /etc/udev/rules.d/70-persistent-net.rules.
- Slackware network setup uses NFS version 3 meaning that directory paths are absolute.
- The FTP directory paths are instead relative to the ftp user home directory.
| Managing partitions | Main Page | Installing Slackware |
