1 .\" Copyright (c) 1994 Gordon W. Ross, Theo de Raadt
2 .\" Updated by Luigi Rizzo, Robert Watson
3 .\" All rights reserved.
5 .\" Redistribution and use in source and binary forms, with or without
6 .\" modification, are permitted provided that the following conditions
8 .\" 1. Redistributions of source code must retain the above copyright
9 .\" notice, this list of conditions and the following disclaimer.
10 .\" 2. Redistributions in binary form must reproduce the above copyright
11 .\" notice, this list of conditions and the following disclaimer in the
12 .\" documentation and/or other materials provided with the distribution.
13 .\" 3. The name of the author may not be used to endorse or promote products
14 .\" derived from this software without specific prior written permission.
16 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 .Nd booting a system over the network
36 The ability to boot a machine over the network is useful for
40 machines, or as a temporary measure while repairing or
41 re-installing file systems on a local disk.
42 This file provides a general description of the interactions between
43 a client and its server when a client is booting over the network.
45 When booting a system over the network, there are three
46 phases of interaction between client and server:
49 The stage-1 bootstrap, typically PXE built into your Ethernet
50 card, loads a second-stage boot program.
52 The second-stage boot program, typically
55 the kernel, and boots the kernel.
59 mounts the root directory and continues from there.
62 Each of these phases are described in further detail below.
64 First, the stage-1 bootstrap loads the stage-2 boot program over
66 The stage-1 bootstrap typically uses
70 to obtain the filename to load, then uses
73 This file is typically called
75 and should be copied from
79 directory on the server, which is typically
82 The stage-2 boot program then loads additional modules and the kernel.
83 These files may not exist on the
92 configurations to specify the server holding
93 the second stage boot files and kernel.
94 The stage-2 program uses
98 to obtain these files.
104 you can install a version that uses
107 .Li LOADER_TFTP_SUPPORT=YES
110 then recompiling and reinstalling
112 via the command listed below.
113 It is often necessary to use
115 here so you can place a custom kernel
120 and do not have a custom root file system for the
122 client, the stage-2 boot will load your server's kernel as the kernel for
125 machine, which may not be what you want to have happen.
126 .Bd -literal -offset indent
127 cd /usr/src/sys/boot/i386
128 make clean; make; make install
129 cp /boot/pxeboot /tftpdir/
132 In phase 3, the kernel acquires IP networking configuration in one
133 of two ways, and then proceeds to mount the root file system and start
135 If the phase 2 loader supports passing network configuration to the
136 kernel using the kernel environment, then the kernel will configure
137 the network interface using that information.
138 Otherwise, it must use
143 configuration information.
149 .Pa /etc/rc.d/initdiskless ,
150 .Pa /etc/rc.d/resolv ,
154 On early 5.x releases, the functions of latter three scripts where
156 .Pa /etc/rc.d/diskless .
157 On older systems, the scripts are located in
158 .Pa /etc/rc.diskless1
160 .Pa /etc/rc.diskless2 .
164 client, you need the following:
169 server which exports a root and
171 partitions with appropriate permissions.
174 scripts work with read-only partitions, as long as root is exported with
176 so that some system files can be accessed.
179 can contain the following lines:
180 .Bd -literal -offset indent
181 <ROOT> -ro -maproot=0 -alldirs <list of diskless clients>
182 /usr -ro -alldirs <list of diskless clients>
187 is the mount point on the server of the root partition.
189 .Pa /usr/share/examples/diskless/clone_root
190 can be used to create a shared read-only root partition,
191 but in many cases you may decide to export
192 (again as read-only) the root directory used by
205 .Pa /etc/inetd.conf .
208 can be the following:
209 .Bd -literal -offset indent
211 hn:ht=1:vm=rfc1048:\\
215 :rp="<SERVER>:<ROOT>":
217 <CLIENT>:ha=0123456789ab:tc=.default
225 have the obvious meanings.
227 A properly initialized root partition.
229 .Pa /usr/share/examples/diskless/clone_root
230 can help in creating it, using the server's root partition
232 If you are just starting out, you should
233 simply use the server's own root directory,
235 and not try to clone it.
237 You often do not want to use the same
243 boot as you do on the server.
247 scripts provide a mechanism through which you can override various files
250 (as well as other subdirectories of root).
252 One difference that you should pay particular attention to is
256 .Pa /etc/defaults/rc.conf .
257 A typical value for a
260 .Va mountcritremote ,
261 however your needs may be different.
263 The scripts provide four
264 overriding directories situated in
267 .Pa /conf/<broadcast-ip> ,
269 .Pa /conf/<machine-ip> .
270 You should always create
272 which will entirely replace the server's
277 You can clone the server's
279 here or you can create a special file which tells the
282 to remount the server's
286 You do this by creating the file
287 .Pa /conf/base/etc/diskless_remount
288 containing the mount point to use as a basis of the
292 For example, the file might contain:
296 Alternatively, if the server contains several independent roots, the file
299 .Dl 10.0.0.1:/usr/diskless/4.7-RELEASE/etc
301 This would work, but if you copied
302 .Pa /usr/diskless/4.7-RELEASE
304 .Pa /usr/diskless/4.8-RELEASE
305 and upgraded the installation, you would need to modify the
307 files to reflect that move.
308 To avoid that, paths in
312 have the actual path of the client's root prepended to them so the file
313 could instead contain:
319 scripts create memory file systems to hold the overridden
321 Only a 2MB partition is created by default, which may not
322 be sufficient for your purposes.
323 To override this, you can create the
325 .Pa /conf/base/etc/md_size
326 containing the size, in 512 byte sectors, of the memory disk to create
329 You then typically provide file-by-file overrides in the
330 .Pa /conf/default/etc
332 At a minimum, you must provide overrides for
333 .Pa /etc/fstab , /etc/rc.conf ,
337 .Pa /conf/default/etc/fstab , /conf/default/etc/rc.conf ,
339 .Pa /conf/default/etc/rc.local .
341 Overrides are hierarchical.
342 You can supply network-specific defaults
344 .Pa /conf/ Ns Ao Ar BROADCASTIP Ac Ns Pa /etc
347 represents the broadcast IP address of
350 system as given to it via
356 features work in any of these directories.
357 The configuration feature works on directories other then
359 you simply create the directory you wish to replace or override in
360 .Pa /conf/{base,default,<broadcast>,<ip>}/*
361 and work it in the same way that you work
364 Since you normally clone the server's
367 .Pa /conf/base/etc/diskless_remount ,
368 you might wish to remove unneeded files from the memory file system.
370 if the server has a firewall but you do not, you might wish
373 You can do this by creating a
374 .Pa /conf/base/ Ns Ao Ar DIRECTORY Ac Ns Pa .remove
377 .Pa /conf/base/etc.remove ,
378 which contains a list of relative paths that the boot scripts should remove
379 from the memory file systems.
381 As a minimum, you normally need to have the following in
382 .Pa /conf/default/etc/fstab
383 .Bd -literal -offset indent
384 <SERVER>:<ROOT> / nfs ro 0 0
385 <SERVER>:/usr /usr nfs ro 0 0
386 proc /proc procfs rw 0 0
389 You also need to create a customized version of
390 .Pa /conf/default/etc/rc.conf
392 the startup options for the
395 .Pa /conf/default/etc/rc.local
396 which could be empty but prevents the server's own
398 from leaking onto the
405 you will not need to set
409 because these will be already set by the startup code.
410 Finally, it might be convenient to use a
414 as the switch variable to do machine-specific configuration
417 clients share the same configuration
422 clients, which will be loaded using
426 must include support for the NFS client:
428 .D1 Cd "options NFSCLIENT"
429 .D1 Cd "options NFS_ROOT"
431 If you are using a boot mechanism that does not pass network configuration
432 to the kernel using the kernel environment, you will also need to include
433 the following options:
435 .D1 Cd "options BOOTP"
436 .D1 Cd "options BOOTP_NFSROOT"
437 .D1 Cd "options BOOTP_COMPAT"
440 the PXE environment does not require these options.
444 booting environment relies on memory-backed file systems to
445 support temporary local storage in the event that the root file system
446 is mounted read-only; as such, it is necessary to add the following
447 to the device section of the kernel configuration:
451 If you use the firewall, remember to default to
454 will not be able to send/receive the
459 Be warned that using unencrypted
461 to mount root and user
462 partitions may expose information such as
475 .Pa ports/net/etherboot
477 This manpage is probably incomplete.
480 sometimes requires to write onto
481 the root partition, so the startup scripts mount MFS
482 file systems on some locations (e.g.\&
487 trying to preserve the original content.
488 The process might not handle all cases.