Centos 7 ro nfsroot DPO desktop

Overview

This is intended as a braindump of the steps I’ve taken to correctly configure a Centos 7 server and client machine to allow the latter to nfs mount it’s root partition ro from the former.  It’s currently evolving as I discover how to redo things I’ve done before with Centos 6.

Generating the initrd

Generate an initrd image with dracut.

--add

adds modules we need plus which are useful for debugging

--add-drivers

does what you might expect and will need to be expanded to cover all the network cards in the machines we have.  e1000e sufficies for the 760 I’m using to test with.

Sep 2017 – it seems that dracut now by default creates an initrd which is two cpio archives glued together.  What the purpose of the first microcode cpio archive is is unclear, but to get an initrd without one we now need to add the argument:

--no-early-microcode

• dracut <initrd.img> --add "nfs network base ifcfg ssh-client debug" --add-drivers "e1000e" --no-early-microcode

Unpack that initrd

• mkdir /tmp/initrd; cd /tmp/initrd; gunzip -c <initrd.img> | cpio -i

Create usr/lib/dracut/hooks/pre-pivot/98-cued.sh (the filename must fit the pattern NNtext.sh or it won’t get run)

• find . | cpio --quiet -H newc -o | gzip -9 -n > <../newinitrd.img>

PXE configuration

label dpocentos7
kernel dpo/centos7/c7dpok
append initrd=dpo/centos7/c7dpoi root=nfs:129.169.10.180:/ ro rd.info rd.debug rd.shell

Where c7dpok is a link to a vmlinuz kernel and c7dpoi is the corresponding initrd

Server configuration.

Set up /etc/exports

edit /etc/sysconfig/nfs to fix the TCP/UDP ports for rpc.lockd (to 32803 which was the commented default for lockd/tcp)

• systemctl enable nfs-server

Enable firewall holes:

• firewall-cmd –permanent –add-service nfs
• firewall-cmd –permanent –add-service rpc-bind
• firewall-cmd –permanent –add-service mount
• firewall-cmd –permanent –add-port=32803/udp
• firewall-cmd –permanent –add-port=32803/tcp

Set up /etc/cued-prerotate (called from 98-cued.sh)

• Preserving network config written by dracut into the /var and /etc partitions is necessary so that the dhcp lease doesn’t time out and lose network (causing the root partition to vanish and the client to hang completely)

Set up /etc/systemd/system/cued-postrotate.service (which gets enabled by cued-prerotate)

Set up /etc/cued-postrotate (called by systemd as defined by the service file above)

GDM configuration

Disable user list with:

• /etc/dconf/db/gdm.d/01-login-screen

Desktop configuration I have decided to detail in a separate blog post.