Physics Glue Docs: Netbooting Suns from Linux

Physics Dept Glue Documentation Library

The information on this page is quite out of date. It is only provided because some information in it may be useful in performing these operations on more current situations.

Netbooting a Sun Box using a Linux box as Boot server

This document outlines the procedure to be followed in booting a Sun over the network with a Linux based boot server. It is inteneded to show how to do a Glue network install on a Sun box without an existing Sun box on the local net, using a Linux box instead.

This has been tested in practice using a Redhat Linux 6.2 and 7.1 machine as the boot server. No guarantees on anything, however. Only tried with Solaris 2.7 on an 220R box. The procedure isn't terribly hard, but is not really for the faint-hearted either.

See the Glue Solaris 2.7 installation guide. This document will mainly discuss where the procedure deviates from the aforementioned.
Enable tftp on the linux box. The procedure for this changes in RH7.1 due to use of xinetd instead of inetd. For 6.2, the issues were:
1. The standard tftpd distributed with RH6 did not seem to be able to deal with a default directory for use by tftp requests not specifying a directory. I do not believe there was a -s option, so I think would have needed to chroot before starting the server in order to use the standard tftpd coming with RH6. I opted to download and install the yale-tftpd package, which allowed for a default directory.
2. RH6.2 used inetd, not xinetd, so add the following line to /etc/inetd.conf
  tftp dgram udp wait root /usr/sbin/tftpd /etc/tftpd.conf
3. The configuration file /etc/tftpd.conf should contain something like
  defaultDirectory /tftpboot rootDirectory /tftpboot accessList 1 permit 129.2.40.0 0.0.3.255 accessList 1 deny 0.0.0.0 255.255.255.255 defaultAccessList 1
4. Replace 129.2.40.0 0.0.3.255with your network address and the complement of your netmask. The above file requires anything to be tftp'd to be in /tftpboot, and will default to that directory. Read access is allowed to your network, and denied everyone else.
5. Remember to SIGHUP inetd to read new config file.
For 7.1, the issues are:
1. The tftpd daemon in 7.1 has a -s option that will allow for a default directory. It uses xinetd, and assuming is setup to use the /etc/xinetd.d directory, you should make sure you have a /etc/xinetd.d/tftp file containing:
  service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /tftpboot disable = no } Most likely, all that needs be done is change disable pararmeter from yes to no.
2. Send the USR1 signal to xinetd to re-read config.
3. If firewalling, you may need to punch through for tftpd service. Assuming using iptables and have a rule like
  -m state --state RELATED,ESTABLISHED -j ACCEPT somewhere, you need to add a rule like
  --source 129.2.40.0/255.255.252.0 --protocol udp --destination-port tftp -j ACCEPT replacing the network and netmask with your own.
You will also need to create /tftpboot if not there already, and copy a bootloader from Glue into /tftpboot and rename according to the IP address of machine to netboot. E.g.
ftp ftp.glue.umd.edu get /:/system/common/tftpboot/inetboot.7.sun4u /tftpboot/inetboot.7.sun4u bye cp /tftpboot/inetboot.7.sun4u /tftpboot/81022A01 replacing 81022A01 with the IP address (converted to hex) of the machine to net boot.
Set up rarpd. You will need to crate an /etc/ethers file, e.g.
08:00:20:ed:ca:7d benfranklin.physics.umd.edu and run /usr/sbin/rarpd -e -a.
Set up bootparamd. Create the /etc/bootparams file, e.g.
benfranklin.physics.umd.edu root=nicholas.umd.edu:/export/software/upgrade/57 \ type=:manual domain=physics.umd.edu ns=drdude:none (255.255.252.0) The ns flag is probably not used, trying to set proper netmask, however. Not sure if domain is used. Then run bootparamd, e.g.
/usr/sbin/rpc.bootparamd -r 129.2.40.1
replacing 129.2.40.1 with the appropriate gateway. You will need to have portmap running for bootparamd and/or rarpd, e.g. /etc/init.d/portmap start.
Miscellaneous issues
- Firewalls. May need to poke holes in firewalls for this. Assuming running iptables on the boot server linux box as a personal firewall. Also assuming have an rule like:
  -m state --state RELATED,ESTABLISHED -j ACCEPT to allow existing connections to continue. You may need to add stuff like:
  --source 129.2.40.0/255.255.252.0 --protocol udp --destination-port tftp -j ACCEPT for tftpd, and
  --source 129.2.40.0/255.255.252.0 --protocol tcp --destination-port sunrpc -m state --state NEW -j ACCEPT --source 129.2.40.0/255.255.252.0 --protocol udp --destination-port sunrpc -m state --state NEW -j ACCEPT for portmap, and --source 129.2.40.0/255.255.252.0 --protocol tcp --destination-port 876 -m state --state NEW -j ACCEPT --source 129.2.40.0/255.255.252.0 --protocol udp --destination-port 876 -m state --state NEW -j ACCEPT for bootparamd (not sure if need both udp and tcp, and think that the actual port number may vary, so may need to either run in debug mode (-d/-s) and read log for port number, or use lsof -i to find what port listening on).
- One final problem I encountered is that after doing the rarpd, and connecting to nicholas, is does another bootparams request, but this time using the default 255.255.0.0 netmask, not our subnets correct 255.255.252.0 netmask. Because of this, the linux box did not see the bootparams request broadcast, and it timed out. I have hacked around this by either:
  - Adding the alias 129.2.255.255 to my NIC card, or
  - Temporarily setting the linux box to also use the incorrect 255.255.0.0 netmask.
  Neither is very elegant, and be sure to remember to set back after done. But work.

You should now be able to type boot net on the Sun box' openboot prompt and the GLue install stuff should eventually come up. (I have had problems with that, so sometimes need to manually run it from SU prompt, /sbin/glueinstall manual).

A network sniffer on at least the Linux box can be helpful in tracking down problems.