summaryrefslogtreecommitdiffstats
path: root/src/VBox/ValidationKit/docs/TestBoxImaging.html
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/VBox/ValidationKit/docs/TestBoxImaging.html736
1 files changed, 736 insertions, 0 deletions
diff --git a/src/VBox/ValidationKit/docs/TestBoxImaging.html b/src/VBox/ValidationKit/docs/TestBoxImaging.html
new file mode 100644
index 00000000..4064ab99
--- /dev/null
+++ b/src/VBox/ValidationKit/docs/TestBoxImaging.html
@@ -0,0 +1,736 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<meta name="generator" content="Docutils 0.12: http://docutils.sourceforge.net/" />
+<title></title>
+<style type="text/css">
+
+/*
+:Author: David Goodger (goodger@python.org)
+:Id: $Id: TestBoxImaging.html $
+:Copyright: This stylesheet has been placed in the public domain.
+
+Default cascading style sheet for the HTML output of Docutils.
+
+See http://docutils.sf.net/docs/howto/html-stylesheets.html for how to
+customize this style sheet.
+*/
+
+/* used to remove borders from tables and images */
+.borderless, table.borderless td, table.borderless th {
+ border: 0 }
+
+table.borderless td, table.borderless th {
+ /* Override padding for "table.docutils td" with "! important".
+ The right padding separates the table cells. */
+ padding: 0 0.5em 0 0 ! important }
+
+.first {
+ /* Override more specific margin styles with "! important". */
+ margin-top: 0 ! important }
+
+.last, .with-subtitle {
+ margin-bottom: 0 ! important }
+
+.hidden {
+ display: none }
+
+a.toc-backref {
+ text-decoration: none ;
+ color: black }
+
+blockquote.epigraph {
+ margin: 2em 5em ; }
+
+dl.docutils dd {
+ margin-bottom: 0.5em }
+
+object[type="image/svg+xml"], object[type="application/x-shockwave-flash"] {
+ overflow: hidden;
+}
+
+/* Uncomment (and remove this text!) to get bold-faced definition list terms
+dl.docutils dt {
+ font-weight: bold }
+*/
+
+div.abstract {
+ margin: 2em 5em }
+
+div.abstract p.topic-title {
+ font-weight: bold ;
+ text-align: center }
+
+div.admonition, div.attention, div.caution, div.danger, div.error,
+div.hint, div.important, div.note, div.tip, div.warning {
+ margin: 2em ;
+ border: medium outset ;
+ padding: 1em }
+
+div.admonition p.admonition-title, div.hint p.admonition-title,
+div.important p.admonition-title, div.note p.admonition-title,
+div.tip p.admonition-title {
+ font-weight: bold ;
+ font-family: sans-serif }
+
+div.attention p.admonition-title, div.caution p.admonition-title,
+div.danger p.admonition-title, div.error p.admonition-title,
+div.warning p.admonition-title, .code .error {
+ color: red ;
+ font-weight: bold ;
+ font-family: sans-serif }
+
+/* Uncomment (and remove this text!) to get reduced vertical space in
+ compound paragraphs.
+div.compound .compound-first, div.compound .compound-middle {
+ margin-bottom: 0.5em }
+
+div.compound .compound-last, div.compound .compound-middle {
+ margin-top: 0.5em }
+*/
+
+div.dedication {
+ margin: 2em 5em ;
+ text-align: center ;
+ font-style: italic }
+
+div.dedication p.topic-title {
+ font-weight: bold ;
+ font-style: normal }
+
+div.figure {
+ margin-left: 2em ;
+ margin-right: 2em }
+
+div.footer, div.header {
+ clear: both;
+ font-size: smaller }
+
+div.line-block {
+ display: block ;
+ margin-top: 1em ;
+ margin-bottom: 1em }
+
+div.line-block div.line-block {
+ margin-top: 0 ;
+ margin-bottom: 0 ;
+ margin-left: 1.5em }
+
+div.sidebar {
+ margin: 0 0 0.5em 1em ;
+ border: medium outset ;
+ padding: 1em ;
+ background-color: #ffffee ;
+ width: 40% ;
+ float: right ;
+ clear: right }
+
+div.sidebar p.rubric {
+ font-family: sans-serif ;
+ font-size: medium }
+
+div.system-messages {
+ margin: 5em }
+
+div.system-messages h1 {
+ color: red }
+
+div.system-message {
+ border: medium outset ;
+ padding: 1em }
+
+div.system-message p.system-message-title {
+ color: red ;
+ font-weight: bold }
+
+div.topic {
+ margin: 2em }
+
+h1.section-subtitle, h2.section-subtitle, h3.section-subtitle,
+h4.section-subtitle, h5.section-subtitle, h6.section-subtitle {
+ margin-top: 0.4em }
+
+h1.title {
+ text-align: center }
+
+h2.subtitle {
+ text-align: center }
+
+hr.docutils {
+ width: 75% }
+
+img.align-left, .figure.align-left, object.align-left {
+ clear: left ;
+ float: left ;
+ margin-right: 1em }
+
+img.align-right, .figure.align-right, object.align-right {
+ clear: right ;
+ float: right ;
+ margin-left: 1em }
+
+img.align-center, .figure.align-center, object.align-center {
+ display: block;
+ margin-left: auto;
+ margin-right: auto;
+}
+
+.align-left {
+ text-align: left }
+
+.align-center {
+ clear: both ;
+ text-align: center }
+
+.align-right {
+ text-align: right }
+
+/* reset inner alignment in figures */
+div.align-right {
+ text-align: inherit }
+
+/* div.align-center * { */
+/* text-align: left } */
+
+ol.simple, ul.simple {
+ margin-bottom: 1em }
+
+ol.arabic {
+ list-style: decimal }
+
+ol.loweralpha {
+ list-style: lower-alpha }
+
+ol.upperalpha {
+ list-style: upper-alpha }
+
+ol.lowerroman {
+ list-style: lower-roman }
+
+ol.upperroman {
+ list-style: upper-roman }
+
+p.attribution {
+ text-align: right ;
+ margin-left: 50% }
+
+p.caption {
+ font-style: italic }
+
+p.credits {
+ font-style: italic ;
+ font-size: smaller }
+
+p.label {
+ white-space: nowrap }
+
+p.rubric {
+ font-weight: bold ;
+ font-size: larger ;
+ color: maroon ;
+ text-align: center }
+
+p.sidebar-title {
+ font-family: sans-serif ;
+ font-weight: bold ;
+ font-size: larger }
+
+p.sidebar-subtitle {
+ font-family: sans-serif ;
+ font-weight: bold }
+
+p.topic-title {
+ font-weight: bold }
+
+pre.address {
+ margin-bottom: 0 ;
+ margin-top: 0 ;
+ font: inherit }
+
+pre.literal-block, pre.doctest-block, pre.math, pre.code {
+ margin-left: 2em ;
+ margin-right: 2em }
+
+pre.code .ln { color: grey; } /* line numbers */
+pre.code, code { background-color: #eeeeee }
+pre.code .comment, code .comment { color: #5C6576 }
+pre.code .keyword, code .keyword { color: #3B0D06; font-weight: bold }
+pre.code .literal.string, code .literal.string { color: #0C5404 }
+pre.code .name.builtin, code .name.builtin { color: #352B84 }
+pre.code .deleted, code .deleted { background-color: #DEB0A1}
+pre.code .inserted, code .inserted { background-color: #A3D289}
+
+span.classifier {
+ font-family: sans-serif ;
+ font-style: oblique }
+
+span.classifier-delimiter {
+ font-family: sans-serif ;
+ font-weight: bold }
+
+span.interpreted {
+ font-family: sans-serif }
+
+span.option {
+ white-space: nowrap }
+
+span.pre {
+ white-space: pre }
+
+span.problematic {
+ color: red }
+
+span.section-subtitle {
+ /* font-size relative to parent (h1..h6 element) */
+ font-size: 80% }
+
+table.citation {
+ border-left: solid 1px gray;
+ margin-left: 1px }
+
+table.docinfo {
+ margin: 2em 4em }
+
+table.docutils {
+ margin-top: 0.5em ;
+ margin-bottom: 0.5em }
+
+table.footnote {
+ border-left: solid 1px black;
+ margin-left: 1px }
+
+table.docutils td, table.docutils th,
+table.docinfo td, table.docinfo th {
+ padding-left: 0.5em ;
+ padding-right: 0.5em ;
+ vertical-align: top }
+
+table.docutils th.field-name, table.docinfo th.docinfo-name {
+ font-weight: bold ;
+ text-align: left ;
+ white-space: nowrap ;
+ padding-left: 0 }
+
+/* "booktabs" style (no vertical lines) */
+table.docutils.booktabs {
+ border: 0px;
+ border-top: 2px solid;
+ border-bottom: 2px solid;
+ border-collapse: collapse;
+}
+table.docutils.booktabs * {
+ border: 0px;
+}
+table.docutils.booktabs th {
+ border-bottom: thin solid;
+ text-align: left;
+}
+
+h1 tt.docutils, h2 tt.docutils, h3 tt.docutils,
+h4 tt.docutils, h5 tt.docutils, h6 tt.docutils {
+ font-size: 100% }
+
+ul.auto-toc {
+ list-style-type: none }
+
+</style>
+</head>
+<body>
+<div class="document">
+
+
+<div class="section" id="testbox-imaging-backup-restore">
+<h1>Testbox Imaging (Backup / Restore)</h1>
+<div class="section" id="introduction">
+<h2>Introduction</h2>
+<p>This document is explores deloying a very simple drive imaging solution to help
+avoid needing to manually reinstall testboxes when a disk goes bust or the OS
+install seems to be corrupted.</p>
+</div>
+</div>
+<div class="section" id="definitions-glossary">
+<h1>Definitions / Glossary</h1>
+<p>See AutomaticTestingRevamp.txt.</p>
+</div>
+<div class="section" id="objectives">
+<h1>Objectives</h1>
+<blockquote>
+<ul class="simple">
+<li>Off site, no admin interaction (no need for ILOM or similar).</li>
+<li>OS independent.</li>
+<li>Space and bandwidth efficient.</li>
+<li>As automatic as possible.</li>
+<li>Logging.</li>
+</ul>
+</blockquote>
+</div>
+<div class="section" id="overview-of-the-solution">
+<h1>Overview of the Solution</h1>
+<p>Here is a brief summary:</p>
+<blockquote>
+<ul class="simple">
+<li>Always boot testboxes via PXE using PXELINUX.</li>
+<li>Default configuration is local boot (hard disk / SSD)</li>
+<li>Restore/backup action triggered by machine specific PXE config.</li>
+<li>Boots special debian maintenance install off NFS.</li>
+<li>A maintenance service (systemd style) does the work.</li>
+<li>The service reads action from TFTP location and performs it.</li>
+<li>When done the service removes the TFTP machine specific config
+and reboots the system.</li>
+</ul>
+</blockquote>
+<dl class="docutils">
+<dt>Maintenance actions are:</dt>
+<dd><ul class="first last simple">
+<li>backup</li>
+<li>backup-again</li>
+<li>restore</li>
+<li>refresh-info</li>
+<li>rescue</li>
+</ul>
+</dd>
+</dl>
+<p>Possible modifier that indicates a subset of disk on testboxes with other OSes
+installed. Support for partition level backup/restore is not explored here.</p>
+<div class="section" id="how-to-use">
+<h2>How to use</h2>
+<p>To perform one of the above maintenance actions on a testbox, run the
+<tt class="docutils literal"><span class="pre">testbox-pxe-conf.sh</span></tt> script:</p>
+<pre class="literal-block">
+/mnt/testbox-tftp/pxeclient.cfg/testbox-pxe-conf.sh 10.165.98.220 rescue
+</pre>
+<p>Then trigger a reboot. The box will then boot the NFS rooted debian image and
+execute the maintenance action. On success, it will remove the testbox hex-IP
+config file and reboot again.</p>
+</div>
+</div>
+<div class="section" id="storage-server">
+<h1>Storage Server</h1>
+<p>The storage server will have three areas used here. Using NFS for all three
+avoids extra work getting CIFS sharing right too (NFS is already a pain).</p>
+<blockquote>
+<ol class="arabic simple">
+<li>/export/testbox-tftp - TFTP config area. Read-write.</li>
+<li>/export/testbox-backup - Images and logs. Read-write.</li>
+<li>/export/testbox-nfsroot - Custom debian. Read-only, no root squash.</li>
+</ol>
+</blockquote>
+</div>
+<div class="section" id="tftp-export-testbox-tftp">
+<h1>TFTP (/export/testbox-tftp)</h1>
+<p>The testbox-tftp share needs to be writable, root squashing is okay.</p>
+<p>We need files from both PXELINUX and SYSLINUX to make this work now. On a
+debian system, the <tt class="docutils literal">pxelinux</tt> and <tt class="docutils literal">syslinux</tt> packages needs to be
+installed. We actually do this further down when setting up the nfsroot, so
+it's possible to get them from there by postponing this step a little. On
+debian 8.6.0 the PXELINUX files are found in <tt class="docutils literal">/usr/lib/PXELINUX</tt> and the
+SYSLINUX ones in <tt class="docutils literal">/usr/lib/syslinux</tt>.</p>
+<p>The initial PXE image as well as associated modules comes in three variants,
+BIOS, 32-bit EFI and 64-bit EFI. We'll only need the BIOS one for now.
+Perform the following copy operations:</p>
+<pre class="literal-block">
+cp /usr/lib/PXELINUX/pxelinux.0 /mnt/testbox-tftp/
+cp /usr/lib/syslinux/modules/*/ldlinux.* /mnt/testbox-tftp/
+cp -R /usr/lib/syslinux/modules/bios /mnt/testbox-tftp/
+cp -R /usr/lib/syslinux/modules/efi32 /mnt/testbox-tftp/
+cp -R /usr/lib/syslinux/modules/efi64 /mnt/testbox-tftp/
+</pre>
+<p>For simplicitly, all the testboxes boot using good old fashioned BIOS, no EFI.
+However, it doesn't really hurt to be prepared.</p>
+<p>The PXELINUX related files goes in the root of the testbox-tftp share. (As
+mentioned further down, these can be installed on a debian system by running
+<tt class="docutils literal"><span class="pre">apt-get</span> install pxelinux syslinux</tt>.) We need the <tt class="docutils literal">*pxelinux.0</tt> files
+typically found in <tt class="docutils literal">/usr/lib/PXELINUX/</tt> on debian systems (recent ones
+anyway). It is possible we may need one ore more fo the modules <a class="footnote-reference" href="#id6" id="id1">[1]</a> that
+ships with PXELINUX/SYSLINUX, so do copy <tt class="docutils literal">/usr/lib/syslinux/modules</tt> to
+<tt class="docutils literal"><span class="pre">testbox-tftp/modules</span></tt> as well.</p>
+<p>The directory layout related to the configuration files is dictated by the
+PXELINUX configuration file searching algorithm <a class="footnote-reference" href="#id7" id="id2">[2]</a>. Create a subdirectory
+<tt class="docutils literal">pxelinux.cfg/</tt> under <tt class="docutils literal"><span class="pre">testbox-tftp</span></tt> and create the world readable file
+<tt class="docutils literal">default</tt> with the following content:</p>
+<pre class="literal-block">
+PATH bios
+DEFAULT local-boot
+LABEL local-boot
+LOCALBOOT
+</pre>
+<p>This will make the default behavior to boot the local disk system.</p>
+<p>Copy the <tt class="docutils literal"><span class="pre">testbox-pxe-conf.sh</span></tt> script file found in the same directory as
+this document to <tt class="docutils literal"><span class="pre">/mnt/testbox-tftp/pxelinux.cfg/</span></tt>. Edit the copy to correct
+the IP addresses near the top, as well as any linux, TFTP and PXE details near
+the bottom of the file. This script will generate the PXE configuration file
+when performing maintenance on a testbox.</p>
+</div>
+<div class="section" id="images-and-logs-export-testbox-backup">
+<h1>Images and logs (/export/testbox-backup)</h1>
+<p>The testbox-backup share needs to be writable, root squashing is okay.</p>
+<p>In the root there must be a file <tt class="docutils literal"><span class="pre">testbox-backup</span></tt> so we can easily tell
+whether we've actually mounted the share or are just staring at an empty mount
+point directory.</p>
+<p>The <tt class="docutils literal"><span class="pre">testbox-maintenance.sh</span></tt> script maintains a global log in the root
+directory that's called <tt class="docutils literal">maintenance.log</tt>. Errors will be logged there as
+well as a ping and the action.</p>
+<p>We use a directory layout based on dotted decimal IP addresses here, so for a
+server with the IP 10.40.41.42 all its file will be under <tt class="docutils literal">10.40.41.42/</tt>:</p>
+<dl class="docutils">
+<dt><tt class="docutils literal">&lt;hostname&gt;</tt></dt>
+<dd>The name of the testbox (empty file). Help finding a testbox by name.</dd>
+<dt><tt class="docutils literal"><span class="pre">testbox-info.txt</span></tt></dt>
+<dd>Information about the testbox. Starting off with the name, decimal IP,
+PXELINUX style hexadecimal IP, and more.</dd>
+<dt><tt class="docutils literal">maintenance.log</tt></dt>
+<dd>Maintenance log file recording what the maintenance service does.</dd>
+<dt><tt class="docutils literal"><span class="pre">disk-devices.lst</span></tt></dt>
+<dd>Optional list of disk devices to consider backuping up or restoring. This is
+intended for testboxes with additional disks that are used for other purposes
+and should touched.</dd>
+<dt><tt class="docutils literal">sda.raw.gz</tt></dt>
+<dd>The gzipped raw copy of the sda device of the testbox.</dd>
+<dt><tt class="docutils literal"><span class="pre">sd[bcdefgh].raw.gz</span></tt></dt>
+<dd>The gzipped raw copy sdb, sdc, sde, sdf, sdg, sdh, etc if any of them exists
+and are disks/SSDs.</dd>
+<dt>Note! If it turns out we can be certain to get a valid host name, we might just</dt>
+<dd>switch to use the hostname as the directory name instead of the IP.</dd>
+</dl>
+</div>
+<div class="section" id="debian-nfs-root-export-testbox-nfsroot">
+<h1>Debian NFS root (/export/testbox-nfsroot)</h1>
+<p>The testbox-nfsroot share should be read-only and must <strong>not</strong> have root
+squashing enabled. Also, make sure setting the set-uid-bit is allowed by the
+server, or <tt class="docutils literal">su` and ``sudo</tt> won't work</p>
+<p>There are several ways of creating a debian nfsroot, but since we've got a
+tool like VirtualBox around we've just installed it in a VM, prepared it,
+and copied it onto the NFS server share.</p>
+<p>As of writing debian 8.6.0 is current, so a minimal 64-bit install of it was
+done in a VM. After installation the following modifications was done:</p>
+<blockquote>
+<ul>
+<li><p class="first"><tt class="docutils literal"><span class="pre">apt-get</span> install pxelinux syslinux <span class="pre">initramfs-tools</span> zip gddrescue sudo joe</tt>
+and optionally <tt class="docutils literal"><span class="pre">apt-get</span> install smbclient <span class="pre">cifs-utils</span></tt>.</p>
+</li>
+<li><p class="first"><tt class="docutils literal">/etc/default/grub</tt> was modified to set <tt class="docutils literal">GRUB_CMDLINE_LINUX_DEFAULT</tt> to
+<tt class="docutils literal">&quot;&quot;</tt> instead of <tt class="docutils literal">&quot;quiet&quot;</tt>. This allows us to see messages during boot
+and perhaps spot why something doesn't work on a testbox. Regenerate the
+grub configuration file by running <tt class="docutils literal"><span class="pre">update-grub</span></tt> afterwards.</p>
+</li>
+<li><p class="first"><tt class="docutils literal">/etc/sudoers</tt> was modified to allow the <tt class="docutils literal">vbox</tt> user use sudo without
+requring any password.</p>
+</li>
+<li><p class="first">Create the directory <tt class="docutils literal">/etc/systemd/system/getty&#64;tty1.service.d</tt> and create
+the file <tt class="docutils literal">noclear.conf</tt> in it with the following content:</p>
+<pre class="literal-block">
+[Service]
+TTYVTDisallocate=no
+</pre>
+<p>This stops getty from clearing VT1 and let us see the tail of the boot up
+messages, which includes messages from the testbox-maintenance service.</p>
+</li>
+<li><p class="first">Mount the testbox-nfsroot under <tt class="docutils literal">/mnt/</tt> with write privileges. (The write
+privileges are temporary - don't forget to remove them later on.):</p>
+<pre class="literal-block">
+mount -t nfs myserver.com:/export/testbox-nfsroot
+</pre>
+<p>Note! Adding <tt class="docutils literal"><span class="pre">-o</span> nfsvers=3</tt> may help with some NTFv4 servers.</p>
+</li>
+<li><p class="first">Copy the debian root and dev file system onto nfsroot. If you have ssh
+access to the NFS server, the quickest way to do it is to use <tt class="docutils literal">tar</tt>:</p>
+<pre class="literal-block">
+tar -cz --one-file-system -f /mnt/testbox-maintenance-nfsroot.tar.gz . dev/
+</pre>
+<p>An alternative is <tt class="docutils literal">cp <span class="pre">-ax</span> . /mnt/. &amp;&amp;&nbsp; cp <span class="pre">-ax</span> dev/. /mnt/dev/.</tt> but this
+is quite a bit slower, obviously.</p>
+</li>
+<li><p class="first">Edit <tt class="docutils literal">/etc/ssh/sshd_config</tt> setting <tt class="docutils literal">PermitRootLogin</tt> to <tt class="docutils literal">yes</tt> so we can ssh
+in as root later on.</p>
+</li>
+<li><p class="first">chroot into the nfsroot: <tt class="docutils literal">chroot /mnt/</tt></p>
+<blockquote>
+<ul>
+<li><p class="first"><tt class="docutils literal">mount <span class="pre">-o</span> proc proc /proc</tt></p>
+</li>
+<li><p class="first"><tt class="docutils literal">mount <span class="pre">-o</span> sysfs sysfs /sys</tt></p>
+</li>
+<li><p class="first"><tt class="docutils literal">mkdir <span class="pre">/mnt/testbox-tftp</span> <span class="pre">/mnt/testbox-backup</span></tt></p>
+</li>
+<li><p class="first">Recreate <tt class="docutils literal">/etc/fstab</tt> with:</p>
+<pre class="literal-block">
+proc /proc proc defaults 0 0
+/dev/nfs / nfs defaults 1 1
+10.42.1.1:/export/testbox-tftp /mnt/testbox-tftp nfs tcp,nfsvers=3,noauto 2 2
+10.42.1.1:/export/testbox-backup /mnt/testbox-backup nfs tcp,nfsvers=3,noauto 3 3
+</pre>
+<p>We use NFS version 3 as that works better for our NFS server and client,
+remove if not necessary. The <tt class="docutils literal">noauto</tt> option is to work around mount
+trouble during early bootup on some of our boxes.</p>
+</li>
+<li><p class="first">Do <tt class="docutils literal">mount <span class="pre">/mnt/testbox-tftp</span> &amp;&amp; mount <span class="pre">/mnt/testbox-backup</span></tt> to mount the
+two shares. This may be a good time to execute the instructions in the
+sections above relating to these two shares.</p>
+</li>
+<li><p class="first">Edit <tt class="docutils literal"><span class="pre">/etc/initramfs-tools/initramfs.conf</span></tt> and change the <tt class="docutils literal">MODULES</tt>
+value from <tt class="docutils literal">most</tt> to <tt class="docutils literal">netboot</tt>.</p>
+</li>
+<li><p class="first">Append <tt class="docutils literal">aufs</tt> to <tt class="docutils literal"><span class="pre">/etc/initramfs-tools/modules</span></tt>. The advanced
+multi-layered unification filesystem (aufs) enables us to use a
+read-only NFS root. <a class="footnote-reference" href="#id8" id="id3">[3]</a> <a class="footnote-reference" href="#id9" id="id4">[4]</a> <a class="footnote-reference" href="#id10" id="id5">[5]</a></p>
+</li>
+<li><p class="first">Create <tt class="docutils literal"><span class="pre">/etc/initramfs-tools/scripts/init-bottom/00_aufs_init</span></tt> as
+an executable file with the following content:</p>
+<pre class="literal-block">
+#!/bin/sh
+# Don't run during update-initramfs:
+case &quot;$1&quot; in
+ prereqs)
+ exit 0;
+ ;;
+esac
+
+modprobe aufs
+mkdir -p /ro /rw /aufs
+mount -t tmpfs tmpfs /rw -o noatime,mode=0755
+mount --move $rootmnt /ro
+mount -t aufs aufs /aufs -o noatime,dirs=/rw:/ro=ro
+mkdir -p /aufs/rw /aufs/ro
+mount --move /ro /aufs/ro
+mount --move /rw /aufs/rw
+mount --move /aufs /root
+exit 0
+</pre>
+</li>
+<li><p class="first">Update the init ramdisk: <tt class="docutils literal"><span class="pre">update-initramfs</span> <span class="pre">-u</span> <span class="pre">-k</span> all</tt></p>
+<dl class="docutils">
+<dt>Note! It may be necessary to do <tt class="docutils literal">mount <span class="pre">-t</span> tmpfs tmpfs /var/tmp</tt> to help</dt>
+<dd><p class="first last">this operation succeed.</p>
+</dd>
+</dl>
+</li>
+<li><p class="first">Copy <tt class="docutils literal">/boot</tt> to <tt class="docutils literal"><span class="pre">/mnt/testbox-tftp/maintenance-boot/</span></tt>.</p>
+</li>
+<li><p class="first">Copy the <tt class="docutils literal"><span class="pre">testbox-maintenance.sh</span></tt> file found in the same directory as this
+document to <tt class="docutils literal">/root/scripts/</tt> (need to create the dir) and make it
+executable.</p>
+</li>
+<li><p class="first">Create the systemd service file for the maintenance service as
+<tt class="docutils literal"><span class="pre">/etc/systemd/system/testbox-maintenance.service</span></tt> with the content:</p>
+<pre class="literal-block">
+[Unit]
+Description=Testbox Maintenance
+After=network.target
+Before=getty&#64;tty1.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=True
+ExecStart=/root/scripts/testbox-maintenance.sh
+ExecStartPre=/bin/echo -e \033%G
+ExecReload=/bin/kill -HUP $MAINPID
+WorkingDirectory=/tmp
+Environment=TERM=xterm
+StandardOutput=journal+console
+
+[Install]
+WantedBy=multi-user.target
+</pre>
+</li>
+<li><p class="first">Enable our service: <tt class="docutils literal">systemctl enable <span class="pre">/etc/systemd/system/testbox-maintenance.service</span></tt></p>
+</li>
+<li><p class="first">xxxx ... more ???</p>
+</li>
+<li><p class="first">Before leaving the chroot, do <tt class="docutils literal">mount /proc /sys <span class="pre">/mnt/testbox-*</span></tt>.</p>
+</li>
+</ul>
+</blockquote>
+</li>
+<li><p class="first">Testing the setup from a VM is kind of useful (if the nfs server can be
+convinced to accept root nfs mounts from non-privileged clinet ports):</p>
+<blockquote>
+<ul>
+<li><p class="first">Create a VM using the 64-bit debian profile. Let's call it &quot;pxe-vm&quot;.</p>
+</li>
+<li><p class="first">Mount the TFTP share somewhere, like M: or /mnt/testbox-tftp.</p>
+</li>
+<li><p class="first">Reconfigure the NAT DHCP and TFTP bits:</p>
+<pre class="literal-block">
+VBoxManage setextradata pxe-vm VBoxInternal/PDM/DriverTransformations/pxe/AboveDriver NAT
+VBoxManage setextradata pxe-vm VBoxInternal/PDM/DriverTransformations/pxe/Action mergeconfig
+VBoxManage setextradata pxe-vm VBoxInternal/PDM/DriverTransformations/pxe/Config/TFTPPrefix M:/
+VBoxManage setextradata pxe-vm VBoxInternal/PDM/DriverTransformations/pxe/Config/BootFile pxelinux.0
+</pre>
+</li>
+<li><p class="first">Create the file <tt class="docutils literal"><span class="pre">testbox-tftp/pxelinux.cfg/0A00020F</span></tt> containing:</p>
+<pre class="literal-block">
+PATH bios
+DEFAULT maintenance
+LABEL maintenance
+ MENU LABEL Maintenance (NFS)
+ KERNEL maintenance-boot/vmlinuz-3.16.0-4-amd64
+ APPEND initrd=maintenance-boot/initrd.img-3.16.0-4-amd64 ro ip=dhcp aufs=tmpfs \
+ boot=nfs root=/dev/nfs nfsroot=10.42.1.1:/export/testbox-nfsroot
+LABEL local-boot
+LOCALBOOT
+</pre>
+</li>
+</ul>
+</blockquote>
+</li>
+</ul>
+</blockquote>
+</div>
+<div class="section" id="troubleshooting">
+<h1>Troubleshooting</h1>
+<dl class="docutils">
+<dt><tt class="docutils literal"><span class="pre">PXE-E11</span></tt> or something like <tt class="docutils literal">No ARP reply</tt></dt>
+<dd>You probably got the TFTP and DHCP on different machines. Try move the TFTP
+to the same machine as the DHCP, then the PXE stack won't have to do any
+additional ARP resolving. Google results suggest that a congested network
+could use the ARP reply to get lost. Our suspicion is that it might also be
+related to the PXE stack shipping with the NIC.</dd>
+</dl>
+<hr class="docutils" />
+<table class="docutils footnote" frame="void" id="id6" rules="none">
+<colgroup><col class="label" /><col /></colgroup>
+<tbody valign="top">
+<tr><td class="label"><a class="fn-backref" href="#id1">[1]</a></td><td>See <a class="reference external" href="http://www.syslinux.org/wiki/index.php?title=Category:Modules">http://www.syslinux.org/wiki/index.php?title=Category:Modules</a></td></tr>
+</tbody>
+</table>
+<table class="docutils footnote" frame="void" id="id7" rules="none">
+<colgroup><col class="label" /><col /></colgroup>
+<tbody valign="top">
+<tr><td class="label"><a class="fn-backref" href="#id2">[2]</a></td><td>See <a class="reference external" href="http://www.syslinux.org/wiki/index.php?title=PXELINUX#Configuration">http://www.syslinux.org/wiki/index.php?title=PXELINUX#Configuration</a></td></tr>
+</tbody>
+</table>
+<table class="docutils footnote" frame="void" id="id8" rules="none">
+<colgroup><col class="label" /><col /></colgroup>
+<tbody valign="top">
+<tr><td class="label"><a class="fn-backref" href="#id3">[3]</a></td><td>See <a class="reference external" href="https://en.wikipedia.org/wiki/Aufs">https://en.wikipedia.org/wiki/Aufs</a></td></tr>
+</tbody>
+</table>
+<table class="docutils footnote" frame="void" id="id9" rules="none">
+<colgroup><col class="label" /><col /></colgroup>
+<tbody valign="top">
+<tr><td class="label"><a class="fn-backref" href="#id4">[4]</a></td><td>See <a class="reference external" href="http://shitwefoundout.com/wiki/Diskless_ubuntu">http://shitwefoundout.com/wiki/Diskless_ubuntu</a></td></tr>
+</tbody>
+</table>
+<table class="docutils footnote" frame="void" id="id10" rules="none">
+<colgroup><col class="label" /><col /></colgroup>
+<tbody valign="top">
+<tr><td class="label"><a class="fn-backref" href="#id5">[5]</a></td><td>See <a class="reference external" href="http://debianaddict.com/2012/06/19/diskless-debian-linux-booting-via-dhcppxenfstftp/">http://debianaddict.com/2012/06/19/diskless-debian-linux-booting-via-dhcppxenfstftp/</a></td></tr>
+</tbody>
+</table>
+<hr class="docutils" />
+<table class="docutils field-list" frame="void" rules="none">
+<col class="field-name" />
+<col class="field-body" />
+<tbody valign="top">
+<tr class="field"><th class="field-name">Status:</th><td class="field-body">$Id: TestBoxImaging.html $</td>
+</tr>
+<tr class="field"><th class="field-name">Copyright:</th><td class="field-body">Copyright (C) 2010-2017 Oracle Corporation.</td>
+</tr>
+</tbody>
+</table>
+</div>
+</div>
+</body>
+</html>