Booting from the Ether

One of our finalists shows you how to enable the NIC to boot from the network.
Installing a DHCP Server

My home network has a router that functions as a DHCP server and is connected to a cable modem. I was worried about having two DHCP servers on my home network, but so far this hasn't caused any problems.

Now you should set up a DHCP server on a Linux system on your network; I'm using Mandrake Linux 7.2. The name of the RPM to load for this distribution is dhcp. It might be called dhcpd on some distributions.

The configuration file for the DHCP server on my computer is /etc/dhcpd.conf. Below is a listing of my /etc/dhcpd.conf file. The IP addresses have been changed to protect the innocent:

subnet 192.168.1.0 netmask 255.255.255.0 {
}
host nic {
   hardware ethernet 00:e0:06:01:01:01;
   fixed-address 192.168.1.12;
   option subnet-mask 255.255.255.0;
   option broadcast-address 192.168.1.255;
   option routers 192.168.1.1;
   filename "/bpbatch/bpbatch";
}

You should put the MAC address of your ThinkNIC next to hardware Ethernet in the file. Note that each two-digit hexadecimal number is separated by a colon. You should also make sure all the IP addresses are correct for your local network.

You need to start your DHCP server. The Mandrake Linux command to do this is /etc/rc.d/init.d/dhcpd start.

Now, when you boot your ThinkNIC computer, you should see the following on screen:

Intel UNDI, PXE-2.0 (build 068)
Copyright (C) 1997,1998,1999  Intel Corporation
DHCPD MAC ADDR:  00 E0 06 01 01 01
CLIENT IP: 192.168.1.12  MASK:  255.255.255.0
DHCP IP:  192.168.1.x
GATEWAY IP: 192.168.1.1
TFTP.
PXE-T01: File not found
TFTP.
PXE-T01: File not found
PXE-E3B: TFTP Error - File Not found
Please insert boot CD into CDROM drive then
  Press Enter ...

There are plenty of errors, but this is great news overall. It tells you that the ThinkNIC was able to get its IP address, but it wasn't able to load a boot loader. And it shouldn't have been able to load a boot loader, as we haven't set that up yet. If it gives the error message PXE-E51: No DHCP or BOOTP offers received, you should make sure you have started the DHCP server and connected the Ethernet connector on your ThinkNIC. If you received the error message PXE-E53: No boot filename received, the ThinkNIC received an IP address but wasn't told which boot-loader filename to load.

Install a TFTP Server

TFTP (trivial file transfer protocol) server is the protocol that the boot ROM uses to download the boot-loader software. It is similar to FTP but has no security built into the protocol. If you are concerned about others accessing the files you have on your TFTP server, make sure to use TCP wrappers to protect it. I won't go into details on how to do that here; there are many documents that explain it.

The Mandrake Linux RPM package that contains the TFTP server is called tftp-server. Make sure this package is installed on the same server that has your DHCP server. You can make it work spread over different servers, but it's much easier if everything is on the same system. Install the TFTP server package and create the directory /tftpboot. Give it world-readable permissions.

This TFTP server isn't a dæmon that constantly stays in memory. It is run from the inetd dæmon as needed. If you are using inetd on your computer, make sure your /etc/inetd.conf file has the following line in it:

tftp   dgram  upd   wait   root   /usr/sbin/tcpd in.tftpd   -s /tftpboot

If you are using the newer xinetd dæmon (as Mandrake Linux 7.2 does), make sure the /etc/xinetd.d/tftp file on your system contains the following:

service tftp
{
  socket_type         = dgram
  wait                = yes
  user                = root
  log_on_success      += USER
  log_on_failure      += USER
  server              = /usr/sbin/in.tftpd
  server_args         = -s /tftpboot
  disable             = no
}
The important thing is the -s /tftpboot argument because it tells the TFTP server to do a chroot command into the /tftpboot directory. This will protect files on your server because by default, the TFTP server will allow downloads of any world-readable file. When you use this argument, the TFTP server will only allow downloads of world-readable files in the /tftpboot directory.

If you have made changes to any of these files, you will need to restart your inetd or xinetd dæmon. Use this command for the inetd dæmon:

/etc/rc.d/init.d/inetd restart

Use this command for the xinetd dæmon:

/etc/rc.d/init.d/xinetd restart

Install Boot-Loader Software

When I got this far, I decided to put a Linux kernel on the TFTP server for the ThinkNIC system to load. Unfortunately, that didn't work. It seems there is a limit to the size of the file that the ROM will retrieve. I've seen 32K mentioned in newsgroups, but I still haven't seen the specifications for PXE, so I'm not positive if 32K is the limit. As it would be difficult to squeeze a Linux kernel into 32K, I had to look for alternatives. I found out that GNU GRUB (Grand Unified Bootloader) will work with a PXE boot ROM. Unfortunately, it doesn't have a driver for the Ethernet card in the ThinkNIC. GRUB uses the Ethernet drivers from the Etherboot package. Etherboot 5.0.1 supports the card, but GRUB uses the Etherboot 4.5 drivers. So I tried to make GRUB use the new Ethernet drivers, but after spending three or four hours on it, I wasn't successful. If someone is looking for a way to help us all out, it shouldn't be terribly difficult to update the drivers in GRUB.

Another boot-loading program is a program called BpBatch. It is licensed for personal use only. If you want this for your business, you'll have to contact them for pricing. (You could work on GRUB instead so everyone wins.) I'll show you how to use BpBatch, but then I'll give you another, free alternative at the end of the article.

Download a copy of the BpBatch program (see Resources). Be careful when untarring the file as it does not untar into a new subdirectory. This is a pet peeve of mine--all programs should untar into a new subdirectory.

Make a bpbatch subdirectory under the /tftpboot directory. Remember, everything under this directory should be world-readable. Copy the bpbatch.hlp and bpbatch.ovl files into the /tftpboot/bpbatch directory. Rename the bpbatch.P file to bpbatch, and copy it into the /tftpboot/bpbatch directory also. You can read the documentation for an explanation of why we renamed the file. Now we need a script to tell BpBatch which kernel to load and what other parameters are needed. Here are the contents of the file /tftpboot/bpbatch/bpbatch.bpb:

Set CacheNever = "ON"
Set CacheAlways = "OFF"
linuxboot "/bpbatch/bzImage" "rw root=nfs nfsroot=192.168.1.5:/nfsroot/nicroot ip=192.168.1.12:192.168.1.5:192.168.1.1 :255.255.255.0::eth0"

The value of the nfsroot parameter is the IP address of your server and the path to the root filesystem that we will create later. The nfsaddrs parameter has seven parameters separated by colons. The values are the IP address of your ThinkNIC system, the IP address of your server, the IP address of your network router, the subnet mask of your network, the hostname, the device you are configuring and the protocol you are using to get your IP address.

If you boot your ThinkNIC computer now, it should load the BpBatch program and the script but fail when trying to load the Linux kernel. If you have problems, make sure your DHCP and TFTP servers are running and your configuration files are correct.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

pxelinux/gpxelinux

Doug Scoular's picture

Hi Jay,
Good article... but I was surprised that you didn't cover
pxelinux/gpxelinux which offers an amazing amount of functionality
in a PXE bootloader... with many plugin (com32) modules. There's
a complete menuing system too.

With gpxelinux you can even load your kernel/initramfs via HTTP.
There's also the option to boot via iSCSI.

Anyway, I just thought I'd mention that pxelinux and friends are
great tools for diskless booting:

http://syslinux.zytor.com/wiki/index.php/The_Syslinux_Project

Cheers,

Doug

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix