Tuesday, May 6, 2014

Netboot OpenBSD on a Soekris

This post is a reminder for me on how to do this. This is the second time I spend two entire evenings to achieve this, and I seem to remember both time I succeeded using different methods. This time I decided to dump what I have in mind because in 2014, this is just silly how backward and complicated it is :). By the way, I know some people more experienced than me in OpenBSD who may read this, feel free to comment and tell me what I'm doing wrong to end up with something so convoluted :).

I'm using a Debian machine as a server. There is a direct Ethernet cable from the Soekris to the server (10.0.0.1), nothing else is on the network.

  1. Download the OpenBSD release and extract it to /openbsd.
  2. Install the following packages on the Debian server:
    • udhcpd, because it's way simpler than ISC dhcpd
    • atftpd, do NOT use the tftpd package, which is the implementation from NetKit, this is really broken and althrough supposed to be very simple I wasted hours on this
    • rarpd
    • bootparamd
    • nfs-kernel-server
  3. Here are the relevant bits for /etc/udhcpd.conf:
    start     10.0.0.100
end       10.0.0.110
interface eth2
siaddr    10.0.0.1
sname     debian
bootfile  /tftpboot/pxeboot
option    dns      8.8.8.8 8.8.4.4
option    router   10.0.0.1
option    domain   domain.local
option    subnet   255.255.255.0
option    lease    864000
option    rootpath /openbsd
  4. Start it:
    udhcpd -f /etc/udhcpd.conf
  5. atftpd probably added a similar line to /etc/inetd.conf; keep everything as-is and change the serving path (last argument):
    tftp            dgram   udp4    wait    nobody /usr/sbin/tcpd /usr/sbin/in.tftpd --tftpd-timeout 300 --retry-timeout 5 --mcast-port 1758 --mcast-addr 239.239.239.0-255 --mcast-ttl 1 --maxthread 100 --verbose=5 /openbsd
  6. Start or reload inetd.
  7. Now I advise to start a
    tcpdump -ev
     in one terminal t    o see what's going on on the wire, and
    tail -f /var/log/daemon.log
     in an other. You can give a try to the Soekris: provided you have a serial cable on it (otherwise I don't even know why you're reading this), hit Ctrl-P at the boot and type:
    boot f0
     This won't work, but note the Soekris MAC address and the IP address which has been distributed to it.
  8. Now fill up /etc/ethers for rarpd (that's oldschool, isn't it? :)):
    00:00:24:14:11:80   10.0.0.102
  9. Now let's configure bootparamd by first telling the Soekris name in /etc/hosts:
    10.0.0.102   soekris
     and then giving NFS root in /etc/bootparams.conf (!)
    soekris root=10.0.0.1:/openbsd
  10. Export /openbsd in NFS in /etc/exports:
    /openbsd   10.0.0.0/24(rw,no_root_squash)
     and reload the list of exported filesystems:
    /etc/init.d/nfs-kernel-server restart
  11. Now configure a bit OpenBSD before booting it:
    1. /openbsd/etc/boot.conf (set the console to see the kernel boot and tell pxeboot where to find the kernel):
      stty com0 19200
set tty com0
boot tftp:/tftpboot/bsd
    2. /openbsd/etc/ttys (enable getty on the console and set the correct speed):
      console "/usr/libexec/getty std.19200"  vt220   on  secure
  12. Verify that everything is running: inetd, udhcpd, rarpd, all RPC daemons (rpcbind should be start before all of them), including rpc.bootparamd.
  13. You should now be able to boot, with root having no password!

Posted by at No comments:
Labels: , ,
Subscribe to: Posts (Atom)