Overview
This is intended as a braindump of the steps I’ve taken to correctly configure a Centos 7 server and client machine to allow the latter to nfs mount it’s root partition ro from the former. It’s currently evolving as I discover how to redo things I’ve done before with Centos 6.
Generating the initrd
Generate an initrd image with dracut.
--add
adds modules we need plus which are useful for debugging
--add-drivers
does what you might expect and will need to be expanded to cover all the network cards in the machines we have. e1000e sufficies for the 760 I’m using to test with.
Sep 2017 – it seems that dracut now by default creates an initrd which is two cpio archives glued together. What the purpose of the first microcode cpio archive is is unclear, but to get an initrd without one we now need to add the argument:
--no-early-microcode
-
dracut <initrd.img> --add "nfs network base ifcfg ssh-client debug" --add-drivers "e1000e" --no-early-microcode
Unpack that initrd
-
mkdir /tmp/initrd; cd /tmp/initrd; gunzip -c <initrd.img> | cpio -i
Create usr/lib/dracut/hooks/pre-pivot/98-cued.sh (the filename must fit the pattern NNtext.sh or it won’t get run)
-
find . | cpio --quiet -H newc -o | gzip -9 -n > <../newinitrd.img>
PXE configuration
label dpocentos7
kernel dpo/centos7/c7dpok
append initrd=dpo/centos7/c7dpoi root=nfs:129.169.10.180:/ ro rd.info rd.debug rd.shell
Where c7dpok is a link to a vmlinuz kernel and c7dpoi is the corresponding initrd
Server configuration.
Set up /etc/exports
edit /etc/sysconfig/nfs to fix the TCP/UDP ports for rpc.lockd (to 32803 which was the commented default for lockd/tcp)
- systemctl enable nfs-server
Enable firewall holes:
- firewall-cmd –permanent –add-service nfs
- firewall-cmd –permanent –add-service rpc-bind
- firewall-cmd –permanent –add-service mount
- firewall-cmd –permanent –add-port=32803/udp
- firewall-cmd –permanent –add-port=32803/tcp
Set up /etc/cued-prerotate (called from 98-cued.sh)
- Preserving network config written by dracut into the /var and /etc partitions is necessary so that the dhcp lease doesn’t time out and lose network (causing the root partition to vanish and the client to hang completely)
Set up /etc/systemd/system/cued-postrotate.service (which gets enabled by cued-prerotate)
Set up /etc/cued-postrotate (called by systemd as defined by the service file above)
GDM configuration
Disable user list with:
- /etc/dconf/db/gdm.d/01-login-screen
Desktop configuration I have decided to detail in a separate blog post.
Leave a Reply
You must be logged in to post a comment.