Diskless FreeBSD (PXE/NFS)

Configure the client system

by ross at 18:03:03 on March 20, 2014

Read rc.initdiskless to better understand the boot process.

Chroot to the client system first:

# chroot /share/lanboot/FreeBSD-9.0

Initialize the installation:

# cd /
# ln -s usr/home
# mkdir -p /conf/base/etc
# echo "15M" > /conf/base/etc/md_size
# echo "/etc" > /conf/base/etc/diskless_remount
# echo 'autoboot_delay="3"' > /boot/loader.conf

Create default /etc/fstab (remove sec=krb5i if you haven't setup the Kerberized NFS):

# Device                Mountpoint      FStype  Options         Dump    Pass# / nfs   ro              0       0     /share          nfs     ro              0       0
coffin.lan:/usr/home    /usr/home       nfs     rw,late,sec=krb5i 0     0
/dev/cd0                /media/cdrom    cd9660  ro,noauto       0       0
/dev/da0s1              /media/flash    msdosfs rw,sync,noauto,longnames,-Lru_RU.UTF-8 0 0
proc                    /proc           procfs  rw              0       0

Note that I use hostname for sec=krb5i filesystem (this is required). Root filesystem must be specified by an ip address as name resolution won't work that early.

# mkdir /media/cdrom /media/flash /share /usr/home

Set timezone:

# ln -s /usr/share/zoneinfo/Europe/Kiev /etc/localtime

Enable NTP daemon on the host. Create clients configuration (/etc/ntp.conf) by commenting out present server's and adding:

server coffin.lan

Add to /etc/rc.conf:

# Allow running programs from /usr/local/[s]bin
export PATH=/root/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin

# This fixes ntpd, had to list all possible interfaces
# of all the clients
ifconfig_re0_ipv6="inet6 auto_linklocal"
ifconfig_nfe0_ipv6="inet6 auto_linklocal"

# Enable NTP

# Enable SSH

Edit /etc/ssh/sshd_config:

PermitRootLogin yes

Enable other daemons you might need on the clients.

Invent a separate root's password for client systems because anyone can mount the NFS share with master.passwd and try to pick the password.

# passwd root

Add your users now or better yet use my Secure Unix LAN howto to setup central user management and secure access to server's /usr/home NFS share from clients.