分类: BSD
2005-04-02 00:29:09
The final target for an OpenBSD install on the net4521 is a card. However during development it would be inefficient to continually update the image, plus CF has a limited number of writes per sector. A better solution is to boot over the network.
The network boot sequence is documented in which is a good starting point. However the process described there is geared towards booting Unix servers, booting on Intel machines is potentially a bit different:
From that point the system boots as usual.
i386 compatible PCs have a very primitive firmware, the BIOS, which usually doesn't support advanced features like network booting. However Intel developed a proprietary booting solution called PXE. Some network cards come with a PXE loader in ROM and those cards can boot an operating system from the network. Naturally, the Soekris also supports PXE and so will load the boot loader from the network
Since version 3.5 OpenBSD has come with a PXE boot loader called . Prior to that you needed a third party boot loader like , an of this page describes how to use it.
In order to find an operating system's boot loader the PXE loader consults a DHCP server. The DHCP server must be configured to not only give out an IP address but also the boot loader. This is done simply by adding a "filename" option to :
shared-network WIRED-NET {
option domain-name-servers 192.168.1.1;
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
filename "pxeboot";
range 192.168.1.100 192.168.1.254;
}
The PXE loader will retrieve the specified filename via TFTP and execute it.
The server that served up the DHCP response also needs to be running TFTP so that the "pxeboot" file can be download and later the kernel as well. It is possible to offload this task to another server with the dhcpd.conf next-server option but in this example one server will handle the entire boot process. The TFTP server should be chroot'd to a directory with the boot loader and the OpenBSD kernel:
ls -al /home/tftp
-rwxr-xr-x 1 root wheel 939090 Jan 5 16:44 bsd.gz
-rw-r--r-- 1 root wheel 71 Jan 4 20:08 menu.lst
-rw-r--r-- 1 root wheel 127040 Jan 5 02:06 pxeboot
drwxr-xr-x 1 root wheel 127040 Jan 5 02:06 etc
Now when the PXE loader executes it will download and launch pxeboot which will look for a file named 'etc/boot.conf' on the same TFTP server. This is a standard configuration file:
set tty com0
boot bsd.gz
The GENERIC kernel does not support diskless booting, for that you need the DISKLESS configuration which will load the root and swap filesystems from NFS. The following extra kernel options are also useful:
option PCCOMCONSOLE
option CONSPEED=19200
When a *BSD diskless kernel is booted it consults:
OpenBSD is quite secure upon default install. The following steps will open the system up to many new attacks via TFTP, RPC, NFS, and likely others. It would be wise to make sure the server is inaccessible outside of the local network during this vulnerable phase.
:
00:01:02:03:04:05 bootclient
:
192.168.1.1 server
192.168.1.100 bootclient
:
bootclient root=192.168.1.1:/export/root
swap=192.168.1.1:/export/swap
:
/export -maproot=root -alldirs bootclient
/usr -ro bootclient
/export contains a swap file and a root filesystem
ls -al /export
drwxr-xr-x 8 root wheel 512 Jan 5 14:00 root
-rw-r--r-- 1 root wheel 16777216 Jan 5 16:45 swap
After completing the configuration it is time to load all of the daemons. Starting them from the command line makes sense since this is a temporary configuration for bootstrapping. Order matters because some daemons depend on services provide by others ala RPC.
# rarpd
# portmap
# rpc.bootparamd
# mountd
# nfsd -t -u
At this point the target machine can be started. The PXE loader should load pxeboot and the OpenBSD kernel will be downloaded and executed. If the root filesystem is set up properly then a diskless OpenBSD system should soon be up and running.
/usr/src/sys/i386/conf/DISKLESS
------------------------------------------
machine i386
cpu I486_CPU
ident DISKLESS
maxusers 0
options INET #InterNETworking
options FAST_IPSEC #new IPsec
options FFS #Berkeley Fast Filesystem
options FFS_ROOT #FFS usable as root device [keep
this!]
options SOFTUPDATES #Enable FFS soft updates support
options UFS_DIRHASH #Improve performance on big
directories
options MFS #Memory Filesystem
#options MD_ROOT #MD is a potential root device
options PROCFS #Process filesystem
options COMPAT_43 #Compatible with BSD 4.3 [KEEP
THIS!]
options KTRACE #ktrace(1) support
options SYSVSHM #SYSV-style shared memory
options SYSVMSG #SYSV-style message queues
options SYSVSEM #SYSV-style semaphores
options P1003_1B #Posix P1003_1B real-time extensions
options _KPOSIX_PRIORITY_SCHEDULING
options ICMP_BANDLIM #Rate limit bad replies
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options NO_SWAPPING # Disable swapping
# Debugging options
options DDB # Enable the kernel debugger.
# Options for pxe booting
options BOOTP
options BOOTP_NFSROOT
options BOOTP_COMPAT
options NFS
options NFS_ROOT
options IPFILTER #ipfilter support
options IPFILTER_LOG #ipfilter logging
options CLK_USE_I8254_CALIBRATION
options CPU_ELAN
options HZ=250
device isa
device pci
# ATA and ATAPI devices
device ata0 at isa? port IO_WD1 irq 14
device ata1 at isa? port IO_WD2 irq 15
device ata
device atadisk # ATA disk drives
options ATA_STATIC_ID #Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc0 at isa? port IO_KBD
device atkbd0 at atkbdc? irq 1 flags 0x1
device vga0 at isa?
device sc0 at isa? flags 0x100
# splash screen/screen saver
pseudo-device splash
# Floating point support - do not disable.
device npx0 at nexus? port IO_NPX irq 13
# Power management support (see LINT for more options)
#device apm0 at nexus? disable flags 0x20 # Advanced Power
Management
# PCCARD (PCMCIA) support
#device card
#device pcic0 at isa? irq 0 port 0x3e0 iomem 0xd0000
#device pcic1 at isa? irq 0 port 0x3e2 iomem 0xd4000 disable
# Serial (COM) ports
device sio0 at isa? port IO_COM1 flags 0x10 irq 4
device sio1 at isa? port IO_COM2 irq 3
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device sis # Silicon Integrated Systems SiS 900/SiS
7016
# Pseudo devices - the number indicates how many units to allocate.
pseudo-device loop # Network loopback
pseudo-device ether # Ethernet support
pseudo-device tun # Packet tunnel.
pseudo-device pty # Pseudo-ttys (telnet etc)
#pseudo-device md # Memory "disks"
pseudo-device gif # IPv6 and IPv4 tunneling
# The `bpf' pseudo-device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
pseudo-device bpf #Berkeley packet filter
#####################################################################
# crypto subsystem
#
# This is a port of the openbsd crypto framework. Include this when
# configuring IPsec and when you have a h/w crypto device to accelerate
# user applications that link to openssl.
#
# Drivers are ports from openbsd with some simple enhancements that have
# been fed back to openbsd (and hopefully will be included).
pseudo-device crypto # core crypto support