Building Diskless Clients with FreeBSD 5.2
Pages: 1, 2

By placing the required files in the /diskless_rw/workstation-IP address/etc and editing the file rc2 there, we can configure each station by its IP address. To continue booting, the station will need the following files in this directory:

auth.conf
disktab
fstab
gettytab
group
hosts
login.access
login.conf
login.conf.db
master.passwd
netconfig
protocols
pwd.db
rc
rc2
services
spwd.db
syslog.conf
termcap -> /usr/share/misc/termcap
ttys

You can copy almost all of these files from the server directory /etc to /diskless_rw/192.168.1.101/etc without changes. There are only a few exceptions:

• fstab will need editing, as all the client's filesystems will use NFS.
• rc is already written and must come from /diskless_ro/etc.
• rc2 will contain commands and daemons particular to each diskless station.
• syslog.conf will configure the system logs.
• ttys will need changing if you want to use internationalization on the system.

Let's begin with fstab for the station with IP address 192.168.1.101.

The script /etc/rc is in the root filesystem of the diskless client, so:

server# cp /diskless_ro/etc/rc /diskless_rw/192.168.1.101/etc 

Then edit rc2:

#!/bin/sh

mount -a /sbin/ldconfig -elf /usr/lib/compat /usr/X11R6/lib /usr/local/lib

syslogd

exit 0

This script executes the following actions when booting diskless clients:

1. mounts all the unmounted filesystems, in our case only /usr
2. sets the path to ELF-format shared libraries
3. starts the syslogd daemon

Now create the configuration for syslogd. To this effect, edit /etc/syslog.conf of the diskless client. For example, the test workstation will use the file /diskless_rw/192.168.1.101/etc/syslog.conf. There are plenty of alternatives. In one, syslogd will send all system logs to the server 192.168.1.2:

*.*                                @server

If you do this, make sure to load the daemon with the -a option pointing to the server 192.168.1.2. For example:

syslogd -a 192.168.1.0/24

Another option is to have syslogd send all logs to /var/log/all.log on its own filesystem:

*.*                                /var/log/all.log

If you choose this approach, be sure to create the file /var/log/all.log with proper permissions beforehand:

server# touch /diskless_rw/192.168.1.101/var/log/all.log
server# chmod 600 /diskless_rw/192.168.1.101/var/log/all.log

If you need to enable localization on the system, you must add a few lines to rc2 and edit ttys. To enable the Russian language (koi8-r), add the following commands to rc2:

kbdcontrol < /dev/ttyv0 -l "ru.koi8-r"
vidcontrol < /dev/ttyv0 -l "koi8-r2cp866"
vidcontrol < /dev/ttyv0 -f 8x16 "cp866-8x16"
vidcontrol < /dev/ttyv0 -f 8x14 "cp866-8x14"
vidcontrol < /dev/ttyv0 -f 8x8 "cp866-8x8"

and edit ttys to change all entries of cons25 to cons25r for each virtual terminal. For example, for ttyv0 the line will become:

ttyv0 "/usr/libexec/getty Pc" cons25r on secure

You must perform this operation on all diskless workstations. Then you can turn on your workstations and they will boot and work. There can be some hidden traps, though.

Authentication files come from the server. Now all the usernames and their password on the server and stations are identical. If this doesn't suit you, edit master.passwd for each workstation to remove all the spare users. Then give root a new password and home directory. For example:

root::0:0::0:0:Charlie &:/root:/bin/csh
toor:*:0:0::0:0:Bourne-again Superuser:/root:
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/sbin/nologin
smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/sbin/nologin
mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
test:$1$nkgb9jxT$a5ZgR4DUgOIUJGBg3.gJr.:1001:1001::0:0:test:/home/test:/bin/sh

Remember to rebuild the password database:

pwd_mkdb -d /diskless_rw/192.168.1.101/etc /diskless_rw/192.168.1.101/etc/master.passwd

Edit the file etc/group (for example, /diskless_rw/192.168.1.101/etc/group), and then create home directories for the rest of the users in the directory var/home (/diskless_rw/192.168.1.101/var/home).

Now, as we have configured our system to keep user home directories in the filesystem of each diskless station (directory /var/home and soft link /home to /var/home), a user who has changed stations can't access his files from his previous computer. To solve the problem, export the server's /home to all the diskless stations. For example, add this line to the server's /etc/exports:

/home -network 192.168.1.0 -mask 255.255.255.0 

Thus, add this line to fstab on each station:

192.168.1.2:/home /home nfs rw 0 0 

Finally, don't forget to change the link from /home to /var/home for the real directory /home:

server# cd /diskless_ro
server# rm home
server# mkdir home

Remember, though, that exporting the home directories of all users can be dangerous.

X Window System

If you need the X Window system, you have two options:

• Use the script startx and run X on the diskless station only.
• Configure xdm and use the server resources.

Both alternatives will require you to load the moused daemon to enable the mouse. For a test workstation with a mouse connected to the COM2 port, invoke moused with:

/usr/sbin/moused -p /dev/cuaa1 -t auto 

As mice can connect to different COM ports on different stations, you need to change this command for each diskless client and put it into /etc/rc2 in order to load it at boot time.

The startx Approach

The first alternative installs X on the server in a common way. Every diskless client has its own XF86Config file (in the /etc/X11 directory). Thus the test station with IP address 192.168.1.101 has a file on the server in /diskless_rw/192.168.1.101/etc/X11. In this case, running startx on the client starts X.

If you also need access to a Microsoft Windows Terminal Server, install rdesktop on the server in order to support the RDP protocol:

server# cd /usr/ports/net/rdesktop
server# make install clean

To start rdesktop automatically when loading the X Window System, create the file .xsession or .xinitrc in the home directory of all users on all diskless stations. Add to it this line:

rdesktop -f mswinserver 

Here the key -f specifies the use of full-screen mode. mswinserver is a hostname or an IP address of the Microsoft Windows Terminal Server.

The xdm Approach

The second way to configure X uses the XDMCP protocol. It's more suitable when many users need access to the Unix server to run graphical programs. This approach also uses the XF86Config file, but it requires additional server configuration.

Create the file /usr/X11R6/lib/X11/xdm/xdm-config similar to:

DisplayManager.errorLogFile: /var/log/xdm.log
DisplayManager.pidFile: /var/run/xdm.pid
DisplayManager.keyFile: /usr/X11R6/lib/X11/xdm/xdm-keys
DisplayManager.servers: /usr/X11R6/lib/X11/xdm/Xservers
DisplayManager.accessFile: /usr/X11R6/lib/X11/xdm/Xaccess
DisplayManager.willing: su -m nobody -c /usr/X11R6/lib/X11/xdm/Xwilling
DisplayManager*authorize: true
DisplayManager*resources: /usr/X11R6/lib/X11/xdm/Xresources
DisplayManager*session: /usr/X11R6/lib/X11/xdm/Xsession
DisplayManager*authComplain: true

The Xservers file will be empty; Xaccess will contain only a single *, which permits all hosts to connect to xdm to receive the log-in screen. Finally, load xdm with the command:

server# xdm

To start xdm at boot time, place this call in a script named xdm.sh and place it in the server's /usr/local/etc/rc.d directory.

After xdm has successfully started on the server, you can run X server on the clients. For example:

diskless-101# X -query 192.168.1.2 

If you need to load X at boot time, place this command in the rc2 script for each diskless client:

X -query 192.168.1.2 &

Mikhail Zakharov is presently the senior UNIX Administrator in a Moscow banks where he administers a wide spectrum of servers running various UNIX-like operating systems.

---

Return to the BSD DevCenter