Running Diskless
If you manage many computers, you probably understand that moving parts cause trouble. Spinning hard drives, in particular, are just a very bad idea.
Try this: If you have a roomful of identical machines, try simplifying maintenance by running them without hard drives. Each machine in this group will use a root directory and filesystem mounted via NFS rather than stored locally. You’ll still need data storage, but you can use a central high-availability disk array, flash drives, or some other mechanism with better reliability than lowest-common-denominator hard drives.
You can extend the diskless installation process to run OpenBSD in full multiuser mode without a local hard drive. Your server will need three additional services to support fully diskless clients: rarpd(8), bootparamd(8), and NFS. (Only diskless clients need rarpd and bootparamd.)
Using rarpd(8) for Reverse ARP
In a standard ARP request, a client knows an IP address and wants to get the corresponding MAC address. For reverse ARP, a client knows a MAC address and wants to know the corresponding IP address. OpenBSD needs to get reverse ARP during the diskless boot process, and it uses rarpd(8) to provide reverse ARP services to other hosts.
rarpd uses /etc/ethers as a table of Ethernet addresses and hostnames. Each diskless client needs an /etc/ethers entry much like this:
00:50:56:00:01:01 gill.blackhelicopters.org
This entry means that the host with MAC address 00:50:56:00:01:01 has the hostname gill.blackhelicopters.org. The rarpd server must be able to resolve the hostname to an IP address, either in DNS or in /etc/hosts.
Now decide which network interfaces you want to run rarpd on. If your server has only one network interface, that’s the one to use. If you have multiple network interfaces, however, it might make sense to listen on only a single interface.
To use a specific interface, use the interface name as a command-line argument; otherwise, use -a to listen on all network interfaces. For example, this rc.conf.local entry tells rarpd to listen on only interface em0:
rarpd_flags="em0"
Start rarpd with /etc/rc.d/rarpd, and go on to bootparamd.
Running bootparamd(8)
The boot parameter daemon bootparamd tells a diskless OpenBSD machine where to find its root filesystem. When a boot parameter request arrives at the server, bootparamd checks the file /etc/bootparams for a matching configuration and returns that to the client.
Entries in /etc/bootparams give a hostname, followed by the string root=, an NFS server, and the directory where the client’s root directory is stored.
gill.blackhelicopters.org root=192.0.2.34:/var/diskless/client1
In this example, the host gill.blackhelicopters.org will use an NFS root directory from a server at 192.0.2.34, in the directory /var/diskless/client1.
For almost all environments, you can run bootparamd without any command-line options. Enable it in rc.conf.local like so:
bootparamd_flags=""
Start bootparamd. Now it’s time to deal with your NFS server.
Setting Up the NFS Root Directory
A multiuser OpenBSD system needs a userland. Without a local disk, you’ll need to create an OpenBSD userland. It is possible to export the NFS server’s root directory for use as the diskless client’s root directory, but this isn’t merely insecure, it’s also a good way to damage the NFS server itself. Create a separate userland for your diskless machine.
Exporting the Root Directory
You must export the userland’s root directory to the diskless machine. For example, here’s an /etc/exports line that shares the directory /var/diskless/client1 to the IP address 192.0.2.37:
/var/diskless/client1 -maproot=root 192.0.2.37
Note the -maproot option here. The diskless client will expect to be able to write and own files as the root user. This -maproot entry maps UID 0 (root) on the client to the root account on the NFS server. You can also set up a separate user for the diskless client’s root account, map the client’s root account to that new account, and change the ownership of all files in the diskless userland to that root account. As this is your first diskless host, however, we’ll start off basic.
Populating the Diskless Userland
The easy way to install a minimal userland is to extract the etcXX.tgz and baseXX.tgz file sets from your chosen OpenBSD release into the NFS root directory. In the following example, I’ve copied these file sets into /tmp, and I’m using them to create a userland in /var/diskless/client1.
# cd /var/diskless/client1 # tar -xzpf /tmp/etc53.tgz # tar -xzpf /tmp/base53.tgz
Note the use of the -p flag in the tar command, preserving the original permissions on extracted files.
The diskless client also needs device nodes. Go into the new userland’s dev directory and create them.
# cd dev # ./MAKEDEV all
While bootparamd told the kernel where to find the root of the filesystem, userland programs expect to read /etc/fstab for that information. Create an /etc/fstab file that points the root directory to your NFS share.
192.0.2.34:/var/diskless/client1 / nfs rw 0 0
You can also add any other NFS-mounted directories you desire here.
This should be everything you need.
Power On!
Once you have a basic userland, device nodes, and a filesystem table, you can power on your diskless node, and it should boot. If it doesn’t boot to a login prompt, read the console error messages. Usually, they’re pretty clear.
Because you’ve bypassed the OpenBSD installer, there are no root password or user accounts yet. Immediately, log in as root and change the root password, and then set up a regular user account.
For your first diskless setup, once you have a working userland, back it up right away. Even a tar file containing the entire userland will prove useful. You’ll muck up the diskless userland more than once as you’re trying to get things working exactly as you wish, and being able to blow the entire userland away and restore it from the backup file is invaluable.
Once you have a basic system working, expand it. Add additional file sets as needed, set up more users, add packages, and deploy for your users.
Congratulations, you’re now on the cutting edge of OpenBSD users.