Simply Linux 10.1 (it’s free to use too)

The post is a gratitude to the community that it shares useful information with us, and we share our own in return.

My interest in SL10.1 arose in early autumn when I learned that it is free for commercial use, and is mainly due to this important point (because my favorite is Xubuntu). A very relieving (rather psychologically) moment was the fact that this free edition is based on the same “rat” environment.

Now about the painful (and by no means in technical terms!) Or why specifically I immediately turned my attention to SL (in March 2022, I lost sight of the announcements, because I didn’t look at Russian distributions at all).

Linux (or at least a huge percentage of common distributions)
is free, but it won’t save you from people who may just want to trip your small or medium-sized business out of harm’s way with the words: “Yes, yes, yes, everything is fine, but show us the license agreement … Oh, but we’re okay we don’t understand English… Aaaah, why are you showing us some foreign site…”

Moreover, for sure, even knowing that almost everything is real – open source software, they can blackmail office equipment with a fence for, allegedly, an examination. And, three years ago, even an accountant, never a lawyer, the first thing he asked about Ubuntu was: “where is it written in Russian here that this is all for us for free …”

Therefore, I immediately printed out the license agreement for SL10.1, inserted it into a wooden frame (and yes, it is in Russian, and on the site is also Russian).

The post has three sub-points:

  1. PXE server

  2. webmin

  3. Pxe-diskless client (or rather, something that CAN help its implementation in this distribution version)

It so happened that the last sub-item was the first chronologically.

PXE server (or – long live LTSP)

The LTSP server was in SL8 and earlier (I’m judging because trying to add a p8 repository instead of p10 for the sake of testing leads to the possibility of downloading older versions of packages). In Ubuntu, LTSP does almost EVERYTHING for us during the initial setup. I never used its very ability to create a bootable (over-the-network) NBD-image, but only used its bootable pxe-module. Therefore, I tried to simply identify and repeat the actions of LTSP with this setup.

a) Install dnsmasq and nfs-server
b) configure /etc/exports
c) set up dhcp proxying (well… or all dhcp)
d) for SL – in /etc/sysconfig – rpcbind and dnsmasq (for me, most of the fuss was related to this item – I did NOT know that this place exists and affects the functioning)
e) copy squash/NBD archives to nfs
f) create/copy tftp structure
g) set up a firewall

(There is also a problem behind the last line – almost all the how-to on the Internet
suggest for nfs under firewalld: firewall‑cmd ‑add‑service=mountd which didn’t work on SL for some reason. There was a feeling that some of these spreaders do not even try to check their tips in the work themselves. Several flashed a completely different set of ports above 30,000. This showed that the service was opening a dynamic set of ports there.

As a result, I wrote a one-line script that selects all listening ports above 30000 from rpc.mountd and opens them in firewalld).

Webmin (yes, pop, yes non-hardcore)

Webmin in (for) SL, unlike LTSP, was never dragged, in a couple of places I saw (and I admit, true) excuses like: it’s full of holes-barley-porridge-under-root or there is an alterator-and-therefore-this You don’t need to.

For myself, I assume only 1 scenario (and it is the only one from the very beginning
use of this package): adding or removing OpenVPN-server certificates in the web interface (by the way, the OpenVPN module has not been in the official Webmin distribution for 2 or 3 years, and even that one was clumsy at the very least …).

Therefore, you can do this (well, relatively safe):

logon-by-ssh
systemctl start webmin
to-do-something-in-browser (very-rapidly)
systemctl stop webmin
log-off

So, bypassing the stage of the story about the experiments:

a) install perl packages necessary for Webmin, perl-Net-SSLeya, perl-DBM

b) take the Webmin 2.000 rpm package and using mc unzip it into /usr/libexec/webmin (and throw one PAM module in the right place in etc) – the structure is perfectly visible in the archive package.

c) run (this is the beauty of version 2.000) /usr/libexec/webmin/setup.sh, answer prompts-questions (I said that I have Ubuntu-version-20, while being guided by the fact that in Ubuntu, as well as in SL10, root is inactive, and therefore Webmin asks us for a pair of login- password to create an internal user), the script itself creates and activates everything. (https://help.ubuntu.com/community/WebminWithoutARootAccount)

d) open port 10000 in your firewall.

Voila… (don’t forget to start the service if needed).

On the possibility of “typical” diskless client implementations

In general, it is incredibly fertile, bottomless theme for Linux. And that is why I will be relatively brief.

SL internally uses the make-initrd bootstrap imaging system developed by Alexey Gladkov.

I didn’t get to know her, because. used mostly mkinitramfs (Ubuntu native), not-mostly :))) - dracut

Luckily for me (or yours, whatever) dracut is also in the SL repository.
(By the way, the work of make-initrd, judging by the docks, is being tested in Alt, Ubuntu, Fedora).

Here, I’ll just point out two points that caused me some serious hitches (and just say how I sidestepped rather than solved these issues).

My version of a diskless system is a symbiosis of these two options:
(https://habr.com/ru/post/253 759/) and (https://habr.com/ru/post/164 147/).

Post 253 759 is, frankly, a variation of some a very old English-language article.

And I wouldn’t be surprised if there are even older versions of hint-to-implementation (rather than implementation).

The backbone of my version is as follows (I hang squash images on the virtual tree at the right points, in a typical implementation, the image of modules and the firmware image are hung on the root image, but the total number of such images, as if hung on the tree, is limited only by the amount of RAM):

...
let "imgCount= imgCount + 1"
mkdir -p ${NEWROOT}/mnt/                       # rootmnt --> /mnt ---> /lib${i}cow
mkdir -p ${NEWROOT}/mnt/lib${imgCount}cow      #             |           |
                                               #             |           +---------->/up
                                               #             |           +---------->/work
mkdir -p ${NEWROOT}/mnt/lib${imgCount}cow1     #             +-------> /lib${i}cow1
#
# but ...lib${imgCount}cow/up - must be in tmpfs!!! - so   DO IT AFTER   mount!!!!
mount -t tmpfs -o size=100% none ${NEWROOT}/mnt/lib${imgCount}cow
mkdir -p ${NEWROOT}/mnt/lib${imgCount}cow/up
mkdir -p ${NEWROOT}/mnt/lib${imgCount}cow/work
mount ${realFullFileName} ${NEWROOT}/mnt/lib${imgCount}cow1 -t squashfs -o loop
mount -t overlay -o \
  lowerdir=${NEWROOT}/mnt/lib${imgCount}cow1,\
  upperdir=${NEWROOT}/mnt/lib${imgCount}cow/up,\
  workdir=${NEWROOT}/mnt/lib${imgCount}cow/work overlay ${NEWROOT}${pathName}
...

(This is a relatively flexible and modular option, it allows you to implement different options for loading diskless stations. For example, you can load some stations with a minimum wage kernel‑modules‑x.xx.xxand others already with the addition kernel‑extra‑modules‑x.xx.xx. Well, etc., etc.)

So, back to our topic – to problems. Both hitches were associated with
network initialization.

a) busy box

It turns out that in SL it is located at /lib/initrd/bin/busybox (there it is taken by their initial boot image system, and it is not needed there for anything else, apparently).

Further, their arping utility in this distribution (or maybe this particular version), encapsulated in initrd – at the boot stage prevented from getting the address via dhcp normally.

Therefore, in module-setup.sh we ignore arping of our dracut addon, makes a sim link to busybox (checking if this is the implementation of busybox-a with arping):

    for _i in $($_busybox --list); do
        if [[ ${_i} == arping ]] ; then
          _path=$(find_binary "arping")
          [ -n "$_path" ] && ln_r /usr/bin/busybox "$_path"
        fi
    done

For fun: at the testing stage, I first (not yet figured out where what was) took busybox from Ubuntu-22 and renamed it to arping (it also worked).

b) network initialization

Despite the fact that the main (almost all) piece of my code works in the pre-mount hook (it can also be done in mount) (and in Fedora it behaved normally during the tests), in the initrd version generated by the dracut system in SL, at this stage of boot for some reason, the network had not yet had time to rise and the nfs-root-directory was not visible / accessible.

Immediately after inserting “sleep 20”, everything seemed to work. Ugly…

An IP address waiting loop was inserted on the boot interface (we find the interface by matching adapters with the poppy address taken in the kernel-cmdline-BOOTIF parameter).

This is, in fact, the body of the waiting loop itself:

            ifName=$(ip -o l | grep ${macAdr} | cut -f2 -d" " | sed "s/://")
            if [ -n "${ifName}" ] ; then
              Ip4Adr=$(ip -4 -o a s ${ifName} | awk "{print \$4}" | cut -f1 -d"/")
              [ -n "${Ip4Adr}" ] && break || ulog_msg "\n${macAdr} ${ifName} Waiting for IP4...\n"
            else
              ulog_msg "\nWaiting for network interface...\n"
            fi
            sleep 1

Anyway, it looks like uglybut I have a real waiting period from 1 to 3 seconds, and now there is no long pause (I admit that with several adapters in the system the feint may not work).

One way or another, the 2 and a half services we needed were smoothly transferred under the wing of the domestic distribution kit (fortunately, the directories / files with the service configurations were copied without changes).

That’s all (your continuing to conduct careful observations Cap).

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *