The Ignorant Hack

One pxeboot to find them and in the darkness bind them

Irritatingly, I couldn’t find a decent cut-n-paste how to on the Internet for using a much loved and mostly overlooked FreeBSD installation and boot up process using a fully cooked diskless image fetched via TFTP instead of the really well documented and fantastic howto on NFS booting.

Primarily, I wanted to switch off of NFS booting as it tends to be really troublesome if one is doing development or debugging of the FreeBSD network stack or Ethernet drivers. I couldn’t reliably screw around with the network interfaces without disturbing the NFS root mount and inflicting relatively long timeouts on my tests. I decided to try and switch to MFS root based testing so that I didn’t run into these types of problems, however I didn’t realize that the boot loader had gone through some overhauls recently and the documentation that *is* floating around on the Internet, is a bit out of date. So, here is the beginning of what I hope will be the inception of a new FreeBSD handbook entry before version 12 is released.

I want to cover the actual construction of the entire process, so I will not be hand copying binaries from a release and all files will be constructed from source where possible.  This means that I can fully automate a build and regression from source to ensure that this document stays relatively up to date.  I’m an active FreeBSD contributor, so I have many checkouts of FreeBSD lying around.  If you’re a sysadmin, you probably use /usr/src for most of the projects like this, which is fine for our purposes.

Assuming that you have a fresh checkout of FreeBSD somewhere, lets start by crafting a “src.conf” and a “make.conf” to minimize a bit of build time and a bit of space.

I turn a lot of stuff off in the build here.  Since I’m running the same major revision of FreeBSD that I’ll be building, I can get away with some shenanigans regarding not building toolchains.  If you are trying to build 12-CURRENT on 11-STABLE, you may have to play around with the knobs a bit in src.conf:

WITHOUT_BLUETOOTH=”YES”
WITHOUT_BSNMP=”YES”
WITHOUT_CAPSICUM=”YES”
WITHOUT_CDDL=”YES”
WITHOUT_COMPAT32=”YES”
WITHOUT_CTM=”YES”
WITHOUT_DEBUG_FILES=”YES”
WITHOUT_EXAMPLES=”YES
WITHOUT_FLOPPY=”YES”
WITHOUT_FREEBSD_UPDATE=”YES”
WITHOUT_GAMES=”YES”
WITHOUT_ICONV=”YES”
WITHOUT_JAIL=”YES”
WITHOUT_LIB32=”YES”
WITHOUT_LOCALES=”YES”
WITHOUT_LPR=”YES”
WITHOUT_MAKE=”YES”
WITHOUT_MAN=”YES”
WITHOUT_PORTSNAP=”YES”
WITHOUT_TESTS=”YES”
WITHOUT_PC_SYSINSTALL=”YES”
WITHOUT_RESCUE=”YES”
WITHOUT_SVNLITE=”YES”
WITHOUT_TEXTPROC=”YES”
WITHOUT_TOOLCHAIN=”YES”
WITHOUT_WIRELESS=”YES”
WITHOUT_KERBEROS=”YES”
WITHOUT_MAIL=”YES”
WTTHOUT_EFI=”YES”
WITHOUT_NTP=”YES”

My make.conf is much shorter, and only set’s a few things to make life easier:

BOOT_PXELDR_ALWAYS_SERIAL=y
NO_MODULES=y
MALLOC_PRODUCTION=y

Set/export a couple of variables to your local shell to use these:

setenv SRCCONF /path/to/src.conf
setenv __MAKE_CONF /path/to/make.conf

Since I’m not building as root here, I set one more variable:

setenv MAKEOBJDIRPREFIX /var/tmp/mfsroot

Execute a buildworld and turn some electrons into heat for a while.  You’ll probably note a big difference in build times here.  Also note that you’re building a much smaller FreeBSD system with a lot of missing pieces.  No local mail agent, no ntp services, no compilers/debuggers, no wireless bits … etc.  Your mileage may vary here, but I needed a small world as I’m debugging/testing kernel/network drivers, not userland.

You can make a choice here of kernels to build.  Most folks will want GENERIC-NODEBUG, but if you want, you can base a customized kernel configuration from MINIMAL that will do the trick.  You’ll need to include drivers specific to your systems and this will void all your warantees if you were given one.  Here is an example that I’m using to build and test various bits and things.  Note that I’ve added em(4) to my configuration as that’s the network interface I’m using.

include MINIMAL
ident MFS_NETBOOT

nomakeoptions DEBUG # Build kernel with gdb(1) debug symbols
nomakeoptions WITH_CTF # Run ctfconvert(1) for DTrace support

nooptions COMPAT_FREEBSD32
nooptions COMPAT_FREEBSD4
nooptions COMPAT_FREEBSD5
nooptions COMPAT_FREEBSD6
nooptions COMPAT_FREEBSD7
nooptions COMPAT_FREEBSD9
nooptions COMPAT_FREEBSD10
nooptions COMPAT_FREEBSD11
nooptions KTRACE
nooptions AUDIT
nooptions CAPABILITY_MODE
nooptions CAPABILITIES
nooptions MAC
nooptions KDTRACE_FRAME
nooptions KDTRACE_HOOKS
nooptions DDB_CTF

# Debugging support. Always need this:
nooptions KDB
nooptions KDB_TRACE
# For full debugger support use (turn off in stable branch):
nooptions DDB
nooptions GDB
nooptions DEADLKRES
nooptions INVARIANTS
nooptions INVARIANT_SUPPORT
nooptions WITNESS
nooptions WITNESS_SKIPSPIN
# Xen HVM Guest Optimizations
# NOTE: XENHVM depends on xenpci. They must be added or removed together.
nooptions XENHVM # Xen HVM kernel infrastructure
nodevice xenpci # Xen HVM Hypervisor services driver

options GEOM_PART_GPT
options GEOM_RAID
options GEOM_LABEL
options GEOM_UZIP

options IFLIB
device em

# Serial (COM) ports
device uart # Generic UART driver

# Needed to actually boot from an MFS root
device md # Memory “disks”

This will do the bare minimum and give you a functioning system, at least it does for me on my 2core Atom box.  There’s little to no debugging enabled here, so if you chose to go this route remember that all of the facilities to debug are deactivated.

Allow me a short digression here.  One should NEVER create their own kernel configs from scratch and not derive them from one of the base kernel configs (GENERIC for example).  When you hand craft a kernel config, you allow yourself to get into situations where new options and devices can be added or removed.  This can lead to scenarios where your systems can be unusable and cost you many hours of hair pulling and gnashing of teeth.  It is far simpler to include a base configuration and unset the devices and options you don’t want.  Judicious use of noptions, nodevice and nomakeoptions can be used to remove things that you don’t want.  Use them, please.

Anywho, back to the task at hand.

FreeBSD has shipped a directory to disk image creation tool for quite some time.  makefs(8) does a great job of turning a directory tree into a disk image without all the the magical hand waving of creating a file backed md(4) device.  Its a shortcut and you should use it.  Embedded folks have been using it to boot up their MIPS and ARM devices for a while now.

We’ll need to install the build somewhere that we can then access with makefs.  I tend to just put it in a throw-away directory in /var/tmp, e.g. /var/tmp/netboot_mfs

So, something like ‘make installworld DESTDIR=/var/tmp/netboot_mfs’ should do the trick here.  At this point, we can modify this installed directory with whatever configuration changes needed for your system boot up.  At a minimum, I modify /boot/loader.conf and /boot.config.  These may not be needed for your environment, but I make the following changes:

loader.conf:
console=”comconsole”

boot.config:
-D

You can now build your disk image:
makefs -M 192m /var/tmp/mfs_root.img /var/tmp/netboot_mfs
Calculated size of `mfs_root.img’: 201326592 bytes, 3800 inodes
Extent size set to 8192
mfs_root.img: 192.0MB (393216 sectors) block size 8192, fragment size 1024
using 4 cylinder groups of 54.38MB, 6960 blks, 1152 inodes.
super-block backups (for fsck -b #) at:
32, 111392, 222752, 334112,
Populating `mfs_root.img’
Image `mfs_root.img’ complete

I add the “-M 192m” to the command line here to give my image a bit of space to do stuff and things on the running system without running out of space.  makefs(8) will create an image big enough to fit the files regardless of the command line arguments, but the -M will “pad” the image to 192MB if its smaller.

Go ahead and compress your diskimage with either bzip2 or gzip. I won’t judge.

-rw-r–r– 1 root sbruno 35235255 Feb 7 16:14 mfs_root.img.bz2
-rw-r–r– 1 root sbruno 39516593 Feb 7 16:17 mfs_root.img.gz
(use bzip2).

Don’t think that I haven’t forgotten about the kernel either.  We’ll compress that beastie directly.  One does not install it however, one does not need it, one does not simply install a kernel into Mordor.  Recall that we set a MAKEOBJDIRPREFIX when doing out kernel and world builds.

/var/tmp/sbruno % find . -name kernel
./home/sbruno/bsd/fbsd_head/sys/GENERIC-NODEBUG/kernel
./home/sbruno/bsd/fbsd_head/sys/NETBOOT/kernel

In this example, I’ve built both so you kind of have an idea of what you’re looking for, it can be a bit strange to *not* install a kernel, but as we are fond of saying these days, EVERYTHING IS FINE. 

You’re also going to need the pxeboot binary.  On 12-CURRENT nowadays you don’t have to recompile it for TFTP installations as it’ll do the right thing depending on DHCP options.

/var/tmp/sbruno % find . -name pxeboot
./home/sbruno/bsd/fbsd_head/sys/boot/i386/pxeldr/pxeboot

Speaking of DHCP and TFTP, we should probably set those up now.  Remember when I linked you to The Outstanding FreeBSD Handbook?  It has the correct setting for the setup of inetd(8) and tftp(8) on your sever.  Ignore all the NFS bits, those don’t apply.

Install your dhcp server, you can use the same one from The Outstanding FreeBSD Handbook as I did.

The dhcpd.conf settings are a little different here.  We don’t need to pass in a root-path option, but need a custom dhcp option code 150:

option tftp-server code 150 = { ip-address };

subnet 192.168.100.0 netmask 255.255.255.0 {
option routers 192.168.100.1;
option domain-name-servers 192.168.0.1;
host router {
hardware ethernet xx:xx:xx:xx:xx:xx;
fixed-address 192.168.100.52;
option tftp-server 192.168.100.1;
next-server 192.168.100.1;
filename “/boot/pxeboot”;
}

Now we can populate /tftpboot with the files we’ve created and add *one* last configuration file, this time with FORTH to ensure we’ve done the right thing.

/tftpboot/boot # ls -l /tftpboot/boot
total 34844
drwxr-xr-x 2 root wheel 3 Feb 7 16:45 kernel
-rw-r–r– 1 root wheel 21 Feb 7 12:45 loader.conf
-r–r–r– 1 root wheel 174 Feb 7 09:47 loader.rc
-rw-r–r– 1 root wheel 35234122 Feb 7 12:04 netboot.img.bz2
-r–r–r– 1 root wheel 337920 Feb 7 08:34 pxeboot

/tftpboot/boot # ls -l /tftpboot/boot/kernel
total 2564
-rwxr-xr-x 1 root wheel 2565979 Feb 7 15:36 kernel.bz2

loader.rc:
echo Loading kernel
load /boot/kernel/kernel
echo Loading md_image …
load -t md_image /boot/netboot.img
set vfs.root.mountfrom=”ufs:/dev/md0″
set console=”comconsole”
boot

Here dear readers, is where I leave you.  If you’ve done all the right things … you should end up booting up into your newly built MFS root.  If you haven’t done all the right things or I’ve omitted something, then the Nazgul will find you.

Sean