Diskless booting using PXE and iSCSI using Ubuntu as an example
Hello.
This article will tell you how to gash a server that will boot to PXE when it is turned on, then mount the iSCSI root file system and live quietly on.
To boot the system, you need three components: the kernel, the initramfs and the root filesystem.
We will transmit the kernel and initramfs via TFTP, and the root file system via iSCSI.
')
For Ubuntu, it is possible to use different iSCSI targets. Here is an incomplete list of them:
I will use LIO, but nothing prevents to implement similar functionality on another target or on a proprietary industrial storage, like NetApp or EMC.
The option proposed below consists of two servers: a target, which in addition to the iSCSI target contains a DHCP and a tftp server, which are required for the initial boot and an initiator, which has no disks, but only a network card.
On target it is desirable to use LVM for cutting volumes, but regular files can also be used.
Let's create a 16 GiB volume that will be given over iSCSI (my VolumeGroup is called vg00, the volume will be called client):
I love and respect LVM for its flexibility and ease of use, so I use a setup that does not require a partition table on the client image. Instead, another VolumeGroup is created immediately on the client, which is then cut into lv volumes.
Create a file system and partition the swap partition:
Mount the file system and deploy the minimum image using debootstrap:
It is necessary to slightly tweak the resulting system:
Note that we replaced initiatorname.iscsi. IQN is an iSCSI Qualified Name, it must be unique. IQN of our initiator is iqn.2013-02.org.example.client: default.
Let's bring fstab to the necessary type:
In order not to be in a stupid position, you need to change the password in the new system.
Unmount rootfs and deactivate the volume group so that it doesn’t touch it accidentally:
The image of the system is ready! He does not need a bootloader, the kernel will be launched using pxelinux.
Install userspace utilities to manage the target:
And run the target management utility targetcli :
While in the targetcli console, you must run the following commands:
This will create a backstore for our vg00-client volume.
Create a target:
Assign the previously created backstore to this target:
Assign the target interface to work (without specifying the parameters, all active interfaces will be assigned):
Configure access rights (access rights documentation is available on the official website :
Despite the fact that actions in the targetcli are performed immediately, they are not saved and after a reboot, all targets will not return. In this, LIO's behavior is similar to the behavior of any other nuclear services (iptables, ebtables, ipvsadm, etc.). When you save the settings, targetcli compiles the entire configuration into a shell script that simply feeds the necessary data into the configFS.
Save all settings:
Target ready! Let us proceed to the configuration of DHCP + TFTP.
We assume the following configuration:
The servers live on the network 10.0.0.0/24, the target lives on 10.0.0.2, the client receives the DHCP address 10.0.0.5.
Manuals in the sea, so short:
dhcpd.conf:
Start the demon:
Again, the manuals are in the net of the sea.
Install the package:
Copy pxelinux.0 to / var / lib / tftpboot:
We also need a kernel image (available from the host system). Now I have a kernel from Ubuntu version 3.2.0.37:
Next you need to build the correct initramfs. For this we need an iSCSI module:
Pxelinux will look for the configuration file in the pxelinux.cfg directory relative to the root of the tftp server. Create a configuration for it:
Instead of XX, you need to substitute the MAC address of the client network card, written in lower case through the minuses, and not through the colon.
File contents:
The login and password here must be used the same as those specified when setting up access rights to the target.
Syslinux setup is complete. Now you can enjoy the download :)
My download log looks like this:
You can easily use iSCSI to boot servers that do not have their own disks (relevant for virtualization, self-contained storage systems, servers that do not have to live long, etc.).
There is another option, use the initiator built into the network card. Such an approach is sometimes impossible for various reasons (the most trivial is the lack of necessary functionality in the card itself), and also has somewhat less flexibility.
There is a security-hole, because / proc / cmdline is available to anyone on the system and anyone can access the exported volume. Therefore, it is possible on the target firewall to close all addresses, except for necessary.
The scheme described is for the most part the draft and the basis for network boot infrastructure.
ISCSI on wikipedia
LIO official website
Syslinux official website
This article will tell you how to gash a server that will boot to PXE when it is turned on, then mount the iSCSI root file system and live quietly on.
What is necessary?
To boot the system, you need three components: the kernel, the initramfs and the root filesystem.
We will transmit the kernel and initramfs via TFTP, and the root file system via iSCSI.
')
iSCSI targets
A small educational program on iSCSI
iSCSI - SCSI protocol implementation over TCP. The SCSI protocol itself is very versatile, in theory it can be used to connect any type of device. However, in most cases, SCSI is used to access various storage devices (hard drives, CD and DVD drives, etc.). For the example, the Mass Storage Device used in USB devices is a SCSI implementation over USB. Therefore, by the way, Linux flash drives are recognized as / dev / sdX devices. The SAS bus used on the servers is also an implementation of SCSI (actually, this can be seen from the name - Serial Attached SCSI).
In iSCSI, the concepts of target (target, target device, accepts and executes requests) and initiator (initiator, generates requests) are different. In more familiar terms, the target is the server, and the initiator is the client.
Targets and initiators are of different types. An iSCSI target can be a regular computer, server or storage system. The initiators are usually network cards (the necessary code is flashed into their ROM) or software implementation.
In iSCSI, the concepts of target (target, target device, accepts and executes requests) and initiator (initiator, generates requests) are different. In more familiar terms, the target is the server, and the initiator is the client.
Targets and initiators are of different types. An iSCSI target can be a regular computer, server or storage system. The initiators are usually network cards (the necessary code is flashed into their ROM) or software implementation.
For Ubuntu, it is possible to use different iSCSI targets. Here is an incomplete list of them:
- ISCSI Enterprise Target is one of the oldest implementations of Linux iSCSI target. As far as I know, it is alive and well, but it requires installation (in Ubuntu) through DKMS and a very light tinkling sound of tambourines. On opennet.ru there is a working HOWTO , applicable to later versions of the OS (Precise)
- SCSI Target Framework (STGT / TGT) is an iSCSI target implementation ported from BSD systems. Unlike IET, it allows using not only iSCSI, but also other related technologies (such as, for example, SRP ). Unfortunately, the STGT code in iSCSI part in Linux works in userspace. As a result, the performance is obtained somewhere in the area of the plinth.
- SCST is a new implementation of the universal target for Linux. According to the developers has a lot of advantages and chips. It is not included in the core, it requires patches of the source code of the kernel and long-lasting furious sex to install. According to rumors, sweet, beautiful and similar to sakura. Once upon a time it was used, for example, in Oversan-Scalaxi (their experience is briefly described in Habré ). Packages for Ubuntu ceased to be supported about a year and a half ago, there is some activity in SVN, that is, the project is alive and well. By the way, the developers are Russian guys :)
- LIO - Linux Unified Target, a universal system that implements iSCSI, SRP, FCoE and several other options for exporting devices to the network. Officially included in the kernel and is a standard target, starting with version 2.6.38. There are certain claims to it in terms of the fact that the official site is actively promoting a proprietary assembly, which has more functionality, but leave the RMS yell.
I will use LIO, but nothing prevents to implement similar functionality on another target or on a proprietary industrial storage, like NetApp or EMC.
The option proposed below consists of two servers: a target, which in addition to the iSCSI target contains a DHCP and a tftp server, which are required for the initial boot and an initiator, which has no disks, but only a network card.
On target it is desirable to use LVM for cutting volumes, but regular files can also be used.
1. Image of the target system
Let's create a 16 GiB volume that will be given over iSCSI (my VolumeGroup is called vg00, the volume will be called client):
root@target:~# lvcreate -L 16G -n client vg00 Logical volume "client" created 1.1. Partitions and file systems
I love and respect LVM for its flexibility and ease of use, so I use a setup that does not require a partition table on the client image. Instead, another VolumeGroup is created immediately on the client, which is then cut into lv volumes.
root@target:~# pvcreate /dev/mapper/vg00-client Physical volume "/dev/mapper/vg00-client" successfully created root@target:~# vgcreate client /dev/mapper/vg00-client Volume group "client" successfully created root@target:~# lvcreate -L 12G -n rootfs client Logical volume "rootfs" created root@target:~# lvcreate -l 100%FREE swap client Logical volume "swap" created Create a file system and partition the swap partition:
root@target:~# mkfs.ext4 /dev/mapper/client-rootfs root@target:~# mkswap /dev/mapper/client-swap 1.2 The very image of the system
Mount the file system and deploy the minimum image using debootstrap:
root@target:~# mount /dev/mapper/client-rootfs /mnt root@target:~# debootstrap --include=openssh-server,language-pack-ru,aptitude,nano,vim,bash-completion,wget,curl,open-iscsi,initramfs-tools precise /mnt/ http://mirror.yandex.ru/ubuntu/ It is necessary to slightly tweak the resulting system:
root@target:~# echo "client" > /mnt/etc/hostname root@target:~# echo -e "\nauto eth0\niface eth0 inet manual" >> /mnt/etc/network/interfaces root@target:~# echo "InitiatorName=iqn.2013-02.org.example.client:default" > /mnt/etc/iscsi/initiatorname.iscsi Note that we replaced initiatorname.iscsi. IQN is an iSCSI Qualified Name, it must be unique. IQN of our initiator is iqn.2013-02.org.example.client: default.
Let's bring fstab to the necessary type:
root@target:~# editor /mnt/etc/fstab proc /proc proc nodev,noexec,nosuid 0 0 /dev/mapper/client-rootfs / ext4 errors=remount-ro 0 1 /dev/mapper/client-swap none swap sw 0 0 In order not to be in a stupid position, you need to change the password in the new system.
root@target:~# chroot /mnt/ /bin/bash root@target:~# passwd root@target:~# exit Unmount rootfs and deactivate the volume group so that it doesn’t touch it accidentally:
root@target:~# umount /mnt/ root@target:~# vgchange -an client The image of the system is ready! He does not need a bootloader, the kernel will be launched using pxelinux.
2. iSCSI target
Install userspace utilities to manage the target:
root@target:~# aptitude install -y targetcli python-urwid And run the target management utility targetcli :
root@target:~# targetcli 2.1. Backstore
While in the targetcli console, you must run the following commands:
set global auto_cd_after_create=false cd /backstores/iblock/ create dev=/dev/mapper/vg00-client name=client This will create a backstore for our vg00-client volume.
2.2. iSCSI
Create a target:
cd /iscsi create wwn=iqn.2013-02.org.example.target:client cd iqn.2013-02.org.example.target:client/tpgt1/ Assign the previously created backstore to this target:
luns/ create /backstores/iblock/client Assign the target interface to work (without specifying the parameters, all active interfaces will be assigned):
portals/ create Configure access rights (access rights documentation is available on the official website :
cd acls create iqn.2013-02.org.example.client:default cd iqn.2013-02.org.example.client:default set auth userid=client password=secret 2.3. Saving settings
Despite the fact that actions in the targetcli are performed immediately, they are not saved and after a reboot, all targets will not return. In this, LIO's behavior is similar to the behavior of any other nuclear services (iptables, ebtables, ipvsadm, etc.). When you save the settings, targetcli compiles the entire configuration into a shell script that simply feeds the necessary data into the configFS.
Save all settings:
cd / saveconfig Target ready! Let us proceed to the configuration of DHCP + TFTP.
3. DHCP server
We assume the following configuration:
The servers live on the network 10.0.0.0/24, the target lives on 10.0.0.2, the client receives the DHCP address 10.0.0.5.
Manuals in the sea, so short:
root@target:~# aptitude install -y isc-dhcp-server dhcpd.conf:
allow booting; allow bootp; subnet 10.0.0.0 netmask 255.255.255.0 { range 10.0.0.10 10.0.0.254; option broadcast-address 10.0.0.255; option routers 10.0.0.1; option domain-name-servers 8.8.8.8; filename "/pxelinux.0"; } host client { hardware ethernet XX:XX:XX:XX:XX:XX; # MAC- client' fixed-address 10.0.0.5; } Start the demon:
root@target:~# /etc/init.d/isc-dhcp-server start 4. TFTP server
Again, the manuals are in the net of the sea.
root@target:~# aptitude install -y tftpd-hpa root@target:~# /etc/init.d/tftpd-hpa start 5. Syslinux
Install the package:
root@target:~# aptitude install -y syslinux syslinux-common Copy pxelinux.0 to / var / lib / tftpboot:
root@target:~# cp /usr/lib/syslinux/pxelinux.0 /var/lib/tftboot We also need a kernel image (available from the host system). Now I have a kernel from Ubuntu version 3.2.0.37:
root@target:~# cp /vmlinuz /var/lib/tftboot/vmlinuz-3.2.0-37-generic Next you need to build the correct initramfs. For this we need an iSCSI module:
root@target:~# echo "iscsi" >> /etc/initramfs-tools/modules root@target:~# touch /etc/iscsi/iscsi.initramfs root@target:~# mkinitramfs -o /var/lib/tftpboot/initrd.img-3.2.0-37-generic Pxelinux will look for the configuration file in the pxelinux.cfg directory relative to the root of the tftp server. Create a configuration for it:
root@target:~# mkdir /var/lib/tftpboot/pxelinux.cfg root@target:~# editor /var/lib/tftpboot/pxelinux.cfg/01-XX-XX-XX-XX-XX-XX Instead of XX, you need to substitute the MAC address of the client network card, written in lower case through the minuses, and not through the colon.
File contents:
DEFAULT linux label linux kernel vmlinuz-3.2.0-37-generic append initrd=initrd.img-3.2.0-37-generic root=/dev/mapper/client-rootfs ip=dhcp iscsi_initiator=iqn.2013-02.org.example.client:default iscsi_target_name=iqn.2013-02.org.example.target:client iscsi_target_ip=10.0.0.2 iscsi_target_port=3260 console=tty0 iscsi_username=client iscsi_password=secret ipappend 2 The login and password here must be used the same as those specified when setting up access rights to the target.
Syslinux setup is complete. Now you can enjoy the download :)
My download log looks like this:
Many letters
[ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Linux version 3.2.0-37-generic (buildd@allspice) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) ) #58-Ubuntu SMP Thu Jan 24 15:28:10 UTC 2013 (Ubuntu 3.2.0-37.58-generic 3.2.35) [ 0.000000] Command line: initrd=initrd.img-3.2.0-37-generic root=/dev/mapper/client-rootfs ip=dhcp iscsi_initiator=iqn.2013-02.org.example.client:default iscsi_target_name=iqn.2013-02.org.example.target:client iscsi_target_ip=10.0.0.5 iscsi_target_port=3260 console=ttyS0 iscsi_username=client iscsi_password=secret BOOT_IMAGE=vmlinuz-3.2.0-37-generic BOOTIF=01-XX-XX-XX-XX-XX-XX [ 0.000000] KERNEL supported cpus: [ 0.000000] Intel GenuineIntel [ 0.000000] AMD AuthenticAMD [ 0.000000] Centaur CentaurHauls [ 0.000000] BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009f400 (usable) [ 0.000000] BIOS-e820: 000000000009f400 - 00000000000a0000 (reserved) [ 0.000000] BIOS-e820: 00000000000f0000 - 0000000000100000 (reserved) [ 0.000000] BIOS-e820: 0000000000100000 - 00000000dfffd000 (usable) [ 0.000000] BIOS-e820: 00000000dfffd000 - 00000000e0000000 (reserved) [ 0.000000] BIOS-e820: 00000000feffc000 - 00000000ff000000 (reserved) [ 0.000000] BIOS-e820: 00000000fffc0000 - 0000000100000000 (reserved) [ 0.000000] BIOS-e820: 0000000100000000 - 0000000120000000 (usable) [ 0.000000] NX (Execute Disable) protection: active [ 0.000000] DMI 2.4 present. [ 0.000000] No AGP bridge found [ 0.000000] last_pfn = 0x120000 max_arch_pfn = 0x400000000 [ 0.000000] PAT not supported by CPU. [ 0.000000] last_pfn = 0xdfffd max_arch_pfn = 0x400000000 [ 0.000000] found SMP MP-table at [ffff8800000fdaf0] fdaf0 [ 0.000000] init_memory_mapping: 0000000000000000-00000000dfffd000 [ 0.000000] init_memory_mapping: 0000000100000000-0000000120000000 [ 0.000000] RAMDISK: 7f16e000 - 7ffff000 [ 0.000000] ACPI: RSDP 00000000000fd970 00014 (v00 BOCHS ) [ 0.000000] ACPI: RSDT 00000000dfffd7b0 00034 (v01 BOCHS BXPCRSDT 00000001 BXPC 00000001) [ 0.000000] ACPI: FACP 00000000dfffff80 00074 (v01 BOCHS BXPCFACP 00000001 BXPC 00000001) [ 0.000000] ACPI: DSDT 00000000dfffd9b0 02589 (v01 BXPC BXDSDT 00000001 INTL 20100528) [ 0.000000] ACPI: FACS 00000000dfffff40 00040 [ 0.000000] ACPI: SSDT 00000000dfffd910 0009E (v01 BOCHS BXPCSSDT 00000001 BXPC 00000001) [ 0.000000] ACPI: APIC 00000000dfffd830 00072 (v01 BOCHS BXPCAPIC 00000001 BXPC 00000001) [ 0.000000] ACPI: HPET 00000000dfffd7f0 00038 (v01 BOCHS BXPCHPET 00000001 BXPC 00000001) [ 0.000000] No NUMA configuration found [ 0.000000] Faking a node at 0000000000000000-0000000120000000 [ 0.000000] Initmem setup node 0 0000000000000000-0000000120000000 [ 0.000000] NODE_DATA [000000011fffb000 - 000000011fffffff] [ 0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000000] kvm-clock: cpu 0, msr 0:1cfa741, boot clock [ 0.000000] Zone PFN ranges: [ 0.000000] DMA 0x00000010 -> 0x00001000 [ 0.000000] DMA32 0x00001000 -> 0x00100000 [ 0.000000] Normal 0x00100000 -> 0x00120000 [ 0.000000] Movable zone start PFN for each node [ 0.000000] early_node_map[3] active PFN ranges [ 0.000000] 0: 0x00000010 -> 0x0000009f [ 0.000000] 0: 0x00000100 -> 0x000dfffd [ 0.000000] 0: 0x00100000 -> 0x00120000 [ 0.000000] ACPI: PM-Timer IO Port: 0xb008 [ 0.000000] ACPI: LAPIC (acpi_id[0x00] lapic_id[0x00] enabled) [ 0.000000] ACPI: IOAPIC (id[0x01] address[0xfec00000] gsi_base[0]) [ 0.000000] IOAPIC[0]: apic_id 1, version 17, address 0xfec00000, GSI 0-23 [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 0.000000] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 0.000000] Using ACPI (MADT) for SMP configuration information [ 0.000000] ACPI: HPET id: 0x8086a201 base: 0xfed00000 [ 0.000000] SMP: Allowing 1 CPUs, 0 hotplug CPUs [ 0.000000] PM: Registered nosave memory: 000000000009f000 - 00000000000a0000 [ 0.000000] PM: Registered nosave memory: 00000000000a0000 - 00000000000f0000 [ 0.000000] PM: Registered nosave memory: 00000000000f0000 - 0000000000100000 [ 0.000000] PM: Registered nosave memory: 00000000dfffd000 - 00000000e0000000 [ 0.000000] PM: Registered nosave memory: 00000000e0000000 - 00000000feffc000 [ 0.000000] PM: Registered nosave memory: 00000000feffc000 - 00000000ff000000 [ 0.000000] PM: Registered nosave memory: 00000000ff000000 - 00000000fffc0000 [ 0.000000] PM: Registered nosave memory: 00000000fffc0000 - 0000000100000000 [ 0.000000] Allocating PCI resources starting at e0000000 (gap: e0000000:1effc000) [ 0.000000] Booting paravirtualized kernel on KVM [ 0.000000] setup_percpu: NR_CPUS:256 nr_cpumask_bits:256 nr_cpu_ids:1 nr_node_ids:1 [ 0.000000] PERCPU: Embedded 28 pages/cpu @ffff88011fc00000 s83136 r8192 d23360 u2097152 [ 0.000000] kvm-clock: cpu 0, msr 1:1fc13741, primary cpu clock [ 0.000000] KVM setup async PF for cpu 0 [ 0.000000] kvm-stealtime: cpu 0, msr 11fc0ddc0 [ 0.000000] Built 1 zonelists in Node order, mobility grouping on. Total pages: 1030023 [ 0.000000] Policy zone: Normal [ 0.000000] Kernel command line: initrd=initrd.img-3.2.0-37-generic root=/dev/mapper/client-rootfs ip=dhcp iscsi_initiator=iqn.2013-02.org.example.client:default iscsi_target_name=iqn.2013.org.example.target:client iscsi_target_ip=10.0.0.2 iscsi_target_port=3260 console=ttyS0 iscsi_username=client iscsi_password=secret BOOT_IMAGE=vmlinuz-3.2.0-37-generic BOOTIF=01-52-54-00-f9-94-84 [ 0.000000] PID hash table entries: 4096 (order: 3, 32768 bytes) [ 0.000000] Checking aperture... [ 0.000000] No AGP bridge found [ 0.000000] Memory: 4031384k/4718592k available (6569k kernel code, 524752k absent, 162456k reserved, 6634k data, 924k init) [ 0.000000] SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=1, Nodes=1 [ 0.000000] Hierarchical RCU implementation. [ 0.000000] RCU dyntick-idle grace-period acceleration is enabled. [ 0.000000] NR_IRQS:16640 nr_irqs:256 16 [ 0.000000] Console: colour VGA+ 80x25 [ 0.000000] console [ttyS0] enabled [ 0.000000] allocated 33554432 bytes of page_cgroup [ 0.000000] please try 'cgroup_disable=memory' option if you don't want memory cgroups [ 0.000000] Detected 2266.734 MHz processor. [ 0.008000] Calibrating delay loop (skipped) preset value.. 4533.46 BogoMIPS (lpj=9066936) [ 0.008000] pid_max: default: 32768 minimum: 301 [ 0.008000] Security Framework initialized [ 0.008000] AppArmor: AppArmor initialized [ 0.008006] Yama: becoming mindful. [ 0.008938] Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes) [ 0.014373] Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes) [ 0.017441] Mount-cache hash table entries: 256 [ 0.018407] Initializing cgroup subsys cpuacct [ 0.019156] Initializing cgroup subsys memory [ 0.019862] Initializing cgroup subsys devices [ 0.020009] Initializing cgroup subsys freezer [ 0.020729] Initializing cgroup subsys blkio [ 0.021438] Initializing cgroup subsys perf_event [ 0.022310] mce: CPU supports 10 MCE banks [ 0.023163] SMP alternatives: switching to UP code [ 0.046402] Freeing SMP alternatives: 24k freed [ 0.047197] ACPI: Core revision 20110623 [ 0.049052] ftrace: allocating 27033 entries in 107 pages [ 0.053445] ..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1 [ 0.056008] CPU0: Intel QEMU Virtual CPU version 1.0 stepping 03 [ 0.060003] Performance Events: unsupported p6 CPU model 2 no PMU driver, software events only. [ 0.060003] NMI watchdog disabled (cpu0): hardware events not enabled [ 0.060003] Brought up 1 CPUs [ 0.060003] Total of 1 processors activated (4533.46 BogoMIPS). [ 0.060949] devtmpfs: initialized [ 0.062513] EVM: security.selinux [ 0.063081] EVM: security.SMACK64 [ 0.064008] EVM: security.capability [ 0.065558] print_constraints: dummy: [ 0.066254] RTC time: 8:35:28, date: 02/13/13 [ 0.067076] NET: Registered protocol family 16 [ 0.068142] ACPI: bus type pci registered [ 0.068984] PCI: Using configuration type 1 for base access [ 0.071152] bio: create slab <bio-0> at 0 [ 0.072068] ACPI: Added _OSI(Module Device) [ 0.072749] ACPI: Added _OSI(Processor Device) [ 0.073440] ACPI: Added _OSI(3.0 _SCP Extensions) [ 0.074209] ACPI: Added _OSI(Processor Aggregator Device) [ 0.077515] ACPI: Interpreter enabled [ 0.078121] ACPI: (supports S0 S3 S4 S5) [ 0.078821] ACPI: Using IOAPIC for interrupt routing [ 0.084201] ACPI: No dock devices found. [ 0.084895] HEST: Table not found. [ 0.085425] PCI: Ignoring host bridge windows from ACPI; if necessary, use "pci=use_crs" and report a bug [ 0.086946] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 0.090705] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI [ 0.091834] pci 0000:00:01.3: quirk: [io 0xb100-0xb10f] claimed by PIIX4 SMB [ 0.106317] pci0000:00: Unable to request _OSC control (_OSC support mask: 0x1e) [ 0.111437] ACPI: PCI Interrupt Link [LNKA] (IRQs 5 *10 11) [ 0.112353] ACPI: PCI Interrupt Link [LNKB] (IRQs 5 *10 11) [ 0.113383] ACPI: PCI Interrupt Link [LNKC] (IRQs 5 10 *11) [ 0.114405] ACPI: PCI Interrupt Link [LNKD] (IRQs 5 10 *11) [ 0.115445] ACPI: PCI Interrupt Link [LNKS] (IRQs 9) *0 [ 0.116580] vgaarb: device added: PCI:0000:00:02.0,decodes=io+mem,owns=io+mem,locks=none [ 0.117820] vgaarb: loaded [ 0.118246] vgaarb: bridge control possible 0000:00:02.0 [ 0.119255] i2c-core: driver [aat2870] using legacy suspend method [ 0.120010] i2c-core: driver [aat2870] using legacy resume method [ 0.121145] SCSI subsystem initialized [ 0.122065] usbcore: registered new interface driver usbfs [ 0.123105] usbcore: registered new interface driver hub [ 0.124097] usbcore: registered new device driver usb [ 0.125155] PCI: Using ACPI for IRQ routing [ 0.126210] NetLabel: Initializing [ 0.126763] NetLabel: domain hash size = 128 [ 0.127433] NetLabel: protocols = UNLABELED CIPSOv4 [ 0.128032] NetLabel: unlabeled traffic allowed by default [ 0.128990] HPET: 3 timers in total, 0 timers will be used for per-cpu timer [ 0.130101] hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0 [ 0.130934] hpet0: 3 comparators, 64-bit 100.000000 MHz counter [ 0.136107] Switching to clocksource kvm-clock [ 0.148989] AppArmor: AppArmor Filesystem Enabled [ 0.149895] pnp: PnP ACPI init [ 0.150435] ACPI: bus type pnp registered [ 0.151988] pnp: PnP ACPI: found 7 devices [ 0.152654] ACPI: ACPI bus type pnp unregistered [ 0.160397] NET: Registered protocol family 2 [ 0.161303] IP route cache hash table entries: 131072 (order: 8, 1048576 bytes) [ 0.164047] TCP established hash table entries: 524288 (order: 11, 8388608 bytes) [ 0.172712] TCP bind hash table entries: 65536 (order: 8, 1048576 bytes) [ 0.174734] TCP: Hash tables configured (established 524288 bind 65536) [ 0.175833] TCP reno registered [ 0.176352] UDP hash table entries: 2048 (order: 4, 65536 bytes) [ 0.177370] UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes) [ 0.178544] NET: Registered protocol family 1 [ 0.179266] pci 0000:00:00.0: Limiting direct PCI/PCI transfers [ 0.180202] pci 0000:00:01.0: PIIX3: Enabling Passive Release [ 0.181110] pci 0000:00:01.0: Activating ISA DMA hang workarounds [ 0.182264] ACPI: PCI Interrupt Link [LNKD] enabled at IRQ 11 [ 0.183173] pci 0000:00:01.2: PCI INT D -> Link[LNKD] -> GSI 11 (level, high) -> IRQ 11 [ 0.184481] pci 0000:00:01.2: PCI INT D disabled [ 0.185283] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 0.186279] Placing 64MB software IO TLB between ffff8800dbffb000 - ffff8800dfffb000 [ 0.187449] software IO TLB at phys 0xdbffb000 - 0xdfffb000 [ 0.188792] audit: initializing netlink socket (disabled) [ 0.189648] type=2000 audit(1360744529.188:1): initialized [ 0.214809] Trying to unpack rootfs image as initramfs... [ 0.252156] HugeTLB registered 2 MB page size, pre-allocated 0 pages [ 0.260222] VFS: Disk quotas dquot_6.5.2 [ 0.260991] Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 0.262670] fuse init (API version 7.17) [ 0.263431] msgmni has been set to 7873 [ 0.276232] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 253) [ 0.284047] io scheduler noop registered [ 0.284669] io scheduler deadline registered [ 0.285369] io scheduler cfq registered (default) [ 0.286292] pci_hotplug: PCI Hot Plug PCI Core version: 0.5 [ 0.287194] pciehp: PCI Express Hot Plug Controller Driver version: 0.4 [ 0.288463] input: Power Button as /devices/LNXSYSTM:00/LNXPWRBN:00/input/input0 [ 0.289622] ACPI: Power Button [PWRF] [ 0.291210] ERST: Table is not found! [ 0.291840] GHES: HEST is not enabled! [ 0.292657] ACPI: PCI Interrupt Link [LNKC] enabled at IRQ 10 [ 0.293566] virtio-pci 0000:00:03.0: PCI INT A -> Link[LNKC] -> GSI 10 (level, high) -> IRQ 10 [ 0.294992] virtio-pci 0000:00:04.0: PCI INT A -> Link[LNKD] -> GSI 11 (level, high) -> IRQ 11 [ 0.300282] Serial: 8250/16550 driver, 32 ports, IRQ sharing enabled [ 0.322807] serial8250: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 0.370917] 00:05: ttyS0 at I/O 0x3f8 (irq = 4) is a 16550A [ 0.396364] Linux agpgart interface v0.103 [ 0.404625] brd: module loaded [ 0.406062] loop: module loaded [ 0.407646] scsi0 : ata_piix [ 0.412224] scsi1 : ata_piix [ 0.412760] ata1: PATA max MWDMA2 cmd 0x1f0 ctl 0x3f6 bmdma 0xc060 irq 14 [ 0.413870] ata2: PATA max MWDMA2 cmd 0x170 ctl 0x376 bmdma 0xc068 irq 15 [ 0.415327] Fixed MDIO Bus: probed [ 0.415894] tun: Universal TUN/TAP device driver, 1.6 [ 0.416711] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> [ 0.572940] ata2.00: ATAPI: QEMU DVD-ROM, 1.0, max UDMA/100 [ 0.574318] ata2.00: configured for MWDMA2 [ 0.575529] scsi 1:0:0:0: CD-ROM QEMU QEMU DVD-ROM 1.0 PQ: 0 ANSI: 5 [ 0.577384] sr0: scsi3-mmc drive: 4x/4x cd/rw xa/form2 tray [ 0.578271] cdrom: Uniform CD-ROM driver Revision: 3.20 [ 0.584399] sr 1:0:0:0: Attached scsi generic sg0 type 5 [ 0.764882] PPP generic driver version 2.4.2 [ 0.765884] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver [ 0.767044] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver [ 0.768872] uhci_hcd: USB Universal Host Controller Interface driver [ 0.770469] uhci_hcd 0000:00:01.2: PCI INT D -> Link[LNKD] -> GSI 11 (level, high) -> IRQ 11 [ 0.771983] uhci_hcd 0000:00:01.2: UHCI Host Controller [ 0.780181] uhci_hcd 0000:00:01.2: new USB bus registered, assigned bus number 1 [ 0.781627] uhci_hcd 0000:00:01.2: irq 11, io base 0x0000c000 [ 0.788310] hub 1-0:1.0: USB hub found [ 0.788988] hub 1-0:1.0: 2 ports detected [ 0.789892] usbcore: registered new interface driver libusual [ 0.796086] i8042: PNP: PS/2 Controller [PNP0303:KBD,PNP0f13:MOU] at 0x60,0x64 irq 1,12 [ 0.798327] serio: i8042 KBD port at 0x60,0x64 irq 1 [ 0.799173] serio: i8042 AUX port at 0x60,0x64 irq 12 [ 0.800181] mousedev: PS/2 mouse device common for all mice [ 0.808438] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input1 [ 0.810127] rtc_cmos 00:01: RTC can wake from S4 [ 0.811082] rtc_cmos 00:01: rtc core: registered rtc_cmos as rtc0 [ 0.812269] rtc0: alarms up to one day, 114 bytes nvram, hpet irqs [ 0.852166] device-mapper: uevent: version 1.0.3 [ 0.853068] device-mapper: ioctl: 4.22.0-ioctl (2011-10-19) initialised: dm-devel@redhat.com [ 0.854488] cpuidle: using governor ladder [ 0.855317] cpuidle: using governor menu [ 0.856009] EFI Variables Facility v0.08 2004-May-17 [ 0.860271] TCP cubic registered [ 0.861037] NET: Registered protocol family 10 [ 0.862519] NET: Registered protocol family 17 [ 0.863370] Registering the dns_resolver key type [ 0.868387] registered taskstats version 1 [ 0.884234] Freeing initrd memory: 14916k freed [ 0.893880] Magic number: 1:826:573 [ 0.894711] rtc_cmos 00:01: setting system clock to 2013-02-13 08:35:29 UTC (1360744529) [ 0.896231] BIOS EDD facility v0.16 2004-Jun-25, 0 devices found [ 0.897221] EDD information not available. [ 0.899804] Freeing unused kernel memory: 924k freed [ 0.901119] Write protecting the kernel read-only data: 12288k [ 0.907811] Freeing unused kernel memory: 1604k freed [ 0.913511] Freeing unused kernel memory: 1196k freed Loading, please wait... Begin: Loading essential drivers ... [ 0.934990] udevd[83]: starting version 175 done. Begin: Running /scripts/init-premount ... done. Begin: Mounting root file system ... Begin: Running /scripts/local-top ... [ 1.068409] FDC 0 is a S82078B IP-Config: eth0 hardware address XX:XX:XX:XX:XX:XX mtu 1500 DHCP IP-Config: eth0 complete (from 10.0.0.2): address: 10.0.0.5 broadcast: 10.0.0.255 netmask: 255.255.255.0 gateway: 10.0.0.1 dns0 : 8.8.8.8 dns1 : 0.0.0.0 rootserver: 10.0.0.2 rootpath: filename : /pxelinux.0 [ 1.129942] Loading iSCSI transport class v2.0-870. [ 1.133710] iscsi: registered transport (tcp) iscsistart: transport class version 2.0-870. iscsid version 2.0-871 iscsistart: Logging into iqn.2013.org.example.target:client 10.0.0.2:3260,1 iscsistart: can not connect to iSCSI daemon (111)! iscsistart: version 2.0-871 [ 1.139165] iscsistart (197): /proc/197/oom_adj is deprecated, please use /proc/197/oom_score_adj instead. [ 1.188142] Refined TSC clocksource calibration: 2266.747 MHz. [ 2.389685] scsi2 : iSCSI Initiator over TCP/IP iscsistart: connection1:0 is operational now [ 2.647364] scsi 2:0:0:0: Direct-Access LIO-ORG IBLOCK 4.0 PQ: 0 ANSI: 5 [ 2.653118] sd 2:0:0:0: Attached scsi generic sg1 type 0 [ 2.655615] sd 2:0:0:0: [sda] 33554432 512-byte logical blocks: (17.1 GB/16.0 GiB) done. [ 2.660695] sd 2:0:0:0: [sda] Write Protect is off [ 2.662585] sd 2:0:0:0: [sda] Write cache: disabled, read cache: enabled, doesn't support DPO or FUA [ 2.684956] sda: unknown partition table [ 2.691252] sd 2:0:0:0: [sda] Attached SCSI disk Begin: Running /scripts/local-premount ... done. [ 7.955458] EXT4-fs (dm-0): mounted filesystem with ordered data mode. Opts: (null) Begin: Running /scripts/local-bottom ... done. done. Begin: Running /scripts/init-bottom ... done. Results:
You can easily use iSCSI to boot servers that do not have their own disks (relevant for virtualization, self-contained storage systems, servers that do not have to live long, etc.).
There is another option, use the initiator built into the network card. Such an approach is sometimes impossible for various reasons (the most trivial is the lack of necessary functionality in the card itself), and also has somewhat less flexibility.
There is a security-hole, because / proc / cmdline is available to anyone on the system and anyone can access the exported volume. Therefore, it is possible on the target firewall to close all addresses, except for necessary.
The scheme described is for the most part the draft and the basis for network boot infrastructure.
Related Links:
ISCSI on wikipedia
LIO official website
Syslinux official website
Source: https://habr.com/ru/post/169251/
All Articles