The Shœstring Foundation Weblog
   


About
The Shœstring Foundation Weblog, Miscellaneous Byproducts

Matthias Bauer
bauerm (at) shoestringfoundation · org
reop pubkey
Vignettes by George Herriman and a small program

Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS.


Blosxom Logo

       
Thu, 11 Apr 2013

Remote Boot and Root for Plan9


Started to play with Plan9 again. First major experiment: Run a bare-metal cpu server without local disks. All configuration can be done from an OpenBSD server supplying the loader, kernel, bootup-config, and filesystem. The Plan9 server runs on an old 1U Pentium 4 server.

Results so far: PXE finds Plan9 loader, that again loads a plan9.ini by TFTP which specifies a kernel, which then mounts its rootfs from a u9fs on OpenBSD. Said rootfs contains cpurc which determines the server's behaviour.

Details

dhcpd.conf on DHCP/TFTP server:

host cpu {
        hardware ethernet 00:11:22:33:44:55;
		fixed-address 192.168.66.99;
		filename "9pxeload";
}
Once the PXE Plan9 bootloader1 9pxeload is running it pulls the file /cfg/pxe/001122334455 from the DHCP/TFTP server. This file is used as the plan9.ini.

Example plan9.ini:

bootfile=ether0!9pccpu
bootargs=tcp!192.168.66.11!564
nobootprompt=tcp!192.168.66.11!564
fs=192.168.66.11
console=0 b19200 pn
9pxeload will load 9pccpu from the TFTP server it found on ether0 and supply that kernel with the infomation that its rootfs will be remotely supplied from 192.168.66.11. Console is on first serial interface with 19200bps and no parity.

On 192.168.66.11 the following entry in inetd.conf starts 9legacy's modified u9fs2 process on demand:

9fs stream tcp nowait root /mnt/9atom/unix/u9fs u9fs -a none /mnt/9atom
(This implies that the service 9fs is already defined as 567 in /etc/services.)
The u9fs exports the filetree under /mnt/9atom without authorization. This is excusable only in a private network and necessary only because my rootless cpu server does not know the password for the remote fs. A way around that would be to put the password into the kernel itself (which again is totally insecure in an open network where everybody can fake the MAC and pull the kernel...)

The Plan9 server can now be controlled completely from the OpenBSD machine which is nice for testing configurations.


Footnote 1

There are several loaders around, at least the following:

  • 9load loads from disks
  • 9pxeload loads from PXE
  • iplpxe seems to be a smaller re-implementation of 9pxeload

Footnote 2

The original u9fs found in /sys/src/cmd/unix/u9fs.c exported the whole fs of the server. This led to the custom of chrooting the process, with all the pitfalls included. The 9legacy patch allows to export arbitrary subtrees.

[/plan9] permanent link