The Shoestring Foundation Weblog

Remote Boot and Root for Plan9

Started to play with Plan9 again. First major experiment: Run a bare-metal cpu server without local disks. All configuration can be done from an OpenBSD server supplying the loader, kernel, bootup-config, and filesystem. The Plan9 server runs on an old 1U Pentium 4 server.

Results so far: PXE finds Plan9 loader, that again loads a plan9.ini by TFTP which specifies a kernel, which then mounts its rootfs from a u9fs on OpenBSD. Said rootfs contains cpurc which determines the server's behaviour.

Details

dhcpd.conf on DHCP/TFTP server:
host cpu {
        hardware ethernet 00:11:22:33:44:55;
		fixed-address 192.168.66.99;
		filename "9pxeload";
}
Once the PXE Plan9 bootloader¹ 9pxeload is running it pulls the file /cfg/pxe/001122334455 from the DHCP/TFTP server. This file is used as the plan9.ini.

Example plan9.ini:
bootfile=ether0!9pccpu
bootargs=tcp!192.168.66.11!564
nobootprompt=tcp!192.168.66.11!564
fs=192.168.66.11
console=0 b19200 pn
9pxeload will load 9pccpu from the TFTP server it found on ether0 and supply that kernel with the infomation that its rootfs will be remotely supplied from 192.168.66.11. Console is on first serial interface with 19200bps and no parity.

On 192.168.66.11 the following entry in inetd.conf starts 9legacy's modified u9fs² process on demand:
9fs stream tcp nowait root /mnt/9atom/unix/u9fs u9fs -a none /mnt/9atom
(This implies that the service 9fs is already defined as 567 in /etc/services.)
The u9fs exports the filetree under /mnt/9atom without authorization. This is excusable only in a private network and necessary only because my rootless cpu server does not know the password for the remote fs. A way around that would be to put the password into the kernel itself (which again is totally insecure in an open network where everybody can fake the MAC and pull the kernel...)

The Plan9 server can now be controlled completely from the OpenBSD machine which is nice for testing configurations.
Footnote 1
There are several loaders around, at least the following:

9load loads from disks

9pxeload loads from PXE

iplpxe seems to be a smaller re-implementation of 9pxeload

Footnote 2
The original u9fs found in /sys/src/cmd/unix/u9fs.c exported the whole fs of the server. This led to the custom of chrooting the process, with all the pitfalls included. The 9legacy patch allows to export arbitrary subtrees.

[/plan9] permanent link

The Shoestring Foundation Weblog

	About The Shoestring Foundation Weblog, Miscellaneous Byproducts Matthias Bauer `bauerm (at) shoestringfoundation · org` Subscribe Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.	Sat, 09 Mar 2013 Remote Boot and Root for Plan9 Started to play with Plan9 again. First major experiment: Run a bare-metal cpu server without local disks. All configuration can be done from an OpenBSD server supplying the loader, kernel, bootup-config, and filesystem. The Plan9 server runs on an old 1U Pentium 4 server. Results so far: PXE finds Plan9 loader, that again loads a `plan9.ini` by TFTP which specifies a kernel, which then mounts its rootfs from a `u9fs` on OpenBSD. Said rootfs contains `cpurc` which determines the server's behaviour. Details `dhcpd.conf` on DHCP/TFTP server: host cpu { hardware ethernet 00:11:22:33:44:55; fixed-address 192.168.66.99; filename "9pxeload"; } Once the PXE Plan9 bootloader¹ `9pxeload` is running it pulls the file `/cfg/pxe/001122334455` from the DHCP/TFTP server. This file is used as the `plan9.ini`. Example `plan9.ini`: bootfile=ether0!9pccpu bootargs=tcp!192.168.66.11!564 nobootprompt=tcp!192.168.66.11!564 fs=192.168.66.11 console=0 b19200 pn `9pxeload` will load `9pccpu` from the TFTP server it found on `ether0` and supply that kernel with the infomation that its rootfs will be remotely supplied from `192.168.66.11`. Console is on first serial interface with 19200bps and no parity. On `192.168.66.11` the following entry in `inetd.conf` starts 9legacy's modified `u9fs`² process on demand: 9fs stream tcp nowait root /mnt/9atom/unix/u9fs u9fs -a none /mnt/9atom (This implies that the service `9fs` is already defined as `567` in `/etc/services`.) The `u9fs` exports the filetree under `/mnt/9atom` without authorization. This is excusable only in a private network and necessary only because my rootless cpu server does not know the password for the remote fs. A way around that would be to put the password into the kernel itself (which again is totally insecure in an open network where everybody can fake the MAC and pull the kernel...) The Plan9 server can now be controlled completely from the OpenBSD machine which is nice for testing configurations. Footnote 1 There are several loaders around, at least the following: `9load` loads from disks `9pxeload` loads from PXE `iplpxe` seems to be a smaller re-implementation of `9pxeload` Footnote 2 The original `u9fs` found in /sys/src/cmd/unix/u9fs.c exported the whole fs of the server. This led to the custom of `chroot`ing the process, with all the pitfalls included. The 9legacy patch allows to export arbitrary subtrees. [/plan9] permanent link