sysadmin

PXE : making your admins life easier

By abhishek

Need to setup a lab/office with 200+ computers, very tiring job but look if you have machines identical in configuration why are you installing each of them why not install one and replicate it to others this will save a lot of time, But how will i do this?????????? Its very very simple you can do a dd of the source to all destination but this would be even difficult and a bit geeky, hey dont worry we have a solution for it use PXE. 

Now what is this PXE??

Wikipedia "The Preboot eXecution Environment (PXE, also known as Pre-Execution Environment, or 'pixie') is an environment to boot computers using a network interface independently of available data storage devices (like hard disks) or installed operating systems."

But how does it help?? :)

there can be different situations of installation for eg u only need to install one operating system on a machine this can be easily dome by using an image which is already stored on PXE server as i call it. or u might have a whole list of OS and other softwares which are  required to be installed/configured on every machine in the environment now how do i achieve this. The solution is configure once machine with all the required softwares into it and replicate this using pxe. its very simple just setup a PXE server which provides a sender-receiver mechanism i.e which can make once machine as sender and others receiver once its done you can relax and have your whole environment setup within 30mins or so, time would very on various issues including Network and Disk Size.

But how to design a PXE Server??

I would not write a how to as its already available on Internet i just don't want to duplicate things so you can now move to http://udpcast.linux.lu (this is really a gr8 open-source project) or https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install and configure your own PXE server just for an hint u need to install the following on services 1) tftp-hpa 2) dhcp3-server (u can use another machine as a dhcp server as well) 3) netkit-inetd 4) You might need to recompile the kernel to suit your requirements in case of any problems you can write to me :) this PXE system has helped me a lot many times, i have configured one such system today which worked on fine so i strongly recommend this but use it on your own risk a single mistake can wipe out your entire data or do something which you have never expected so it on your own risk

Network File System

By abhishek

Network File System

Share files in a linux network

 

Software Details:

Operating System: LINUX

Packages required: nfs server and nfs client

Version used : nfs client: 1.1.0-8 -i586

nfs server: 1.3.2 -7 -i586

Download source for nfs server package: http://pkgsrc.se/wip/linux-nfs-utils 

Scenario :

Server 192.168.0.1

Clients : 192.168.0.2 & 192.168.0.3

 

CONFIGURING NFS SERVER AND CLIENT:

There are three main configuration files you will need to edit to set up an NFS server: /etc/exports, /etc/hosts.allow, and /etc/hosts.deny .

Strictly speaking, you only need to edit /etc/exports to get NFS to work, but this would lead to an extremely insecure setup.

>>/etc/exports>>

The exports file contains a list of entries that are to be shared and how it is to be shared . For a nfs setup

this is the most important file.

SERVER SIDE:

Step 1:

Open the file using the following comand as root user:

vi /etc/exports.

Make the following entry:

/home 192.168.0.2(RW) 192.168.0.3(RO)

Then save and exit the file.

Step 2:

start the nfs server service on the server machine , use the following command as root:

service nfs start

if it is already running then :

service nfs restart

Step 3:

check if the following demons are running:

portmapper: tells requesting clients how to find all nfs services on server.

mountd: handles mounting functionality.

nfs:the network file sharing daemon.

Use the command rpcinfo -p

Step 4:

Ensure that firewalls are not running as this may restrict the clients from accessing the server.

CLIENT SIDE:

Step 1. start nfs service by using the following command:

service nfs start

Step2: Check if the following daemons are running

portmapper

nfs

At least port mapper should be running in order for nfs to work .

Use command rpcinfo -p

Step 3: create mount point on client where the nfs directory will be mounted from server.

e.g mkdir nfs

check for shared files using the following command:

showmount -e serverip

e.g showmount -e 192.168.0.1

this will show a list of directories or files that are being shared over nfs.

Step4. Finally we need to mount the shared directory on the client machine by using the following command:

mount ip adrress of server:/shared directories /mountpoint on client machine

e.g mount 192.168.0.1:/home /nfs

once mounted all contents of the shared directory will be accessible by the client.

TESTING THE SETUP:

1.> Run the rpcinfo -p command on both server and client to check whether all required services for NFS are running.

2.> Once setup is done run the showmount -e command from the client side to ensure which NFS files/directories are shared.

ADDING SECURITY TO NFS:

The basic setup of nfs does not add any kind of security to the files being shared over the network thus these

files can be accessed by an unwanted person. In order to add security to the above nfs setup there are two other files that need to be

configured :

/etc/hosts.allow and /etc/hosts.deny

These two files specify which computers on the network can use services on your machine. Each line of the file contains a single entry

listing a service and a set of machines. When the server gets a request from a machine, it does the following:

1. It first checks hosts.allow to see if the machine matches a rule listed here. If it does, then the machine is allowed access.

2. If the machine does not match an entry in hosts.allow the server then checks hosts.deny to see if the client matches a rule listed

there. If it does then the machine is denied access.

3. If the client matches no listings in either file, then it is allowed access.

The first step in doing this is to add the following entry to / etc/hosts.deny :

By adding the above entry we ensure that the portmapper daemon cannot be accesssed by any other client other than those specified in the

/etc/hosts.allow

Or we can also specify the ip addresses or hostnames of the clients whose access needs to be restriced .

N ext, we need to add an entry to h osts.allow to give any hosts access that we want to have access. (If we just leave the above lines in

h osts.deny then nobody will have access to NFS.)

portmap:all

service:hostname

e.g portmap: 192.168.0.2 , 192.168.0.3

Subscribe to sysadmin