Using FAI to install a root Server: Difference between revisions

Note: This is work in progress. Follow my current progress on the linux-fai mailing list.

A root server is a dedicated piece of server hardware which is rented by a web hosting company. A root server is usually placed in some remote data centre that you do not have physical access to. The monthly rental fee covers the hardware rental, power, the Internet connection and a public IP address. You are given the root password and you are entirely responsibe for setting up, maintaining and managing the server.

Many organizations hosting services on the Internet rent root servers rather than using colocation offers or even run their own data centre because root servers are very cost effective; starting at 49,00 EUR month all inclusive while just maintaining a SDSL line to your office alone would cost you at least ten times this amount.

Why use FAI for your root Server?

The server rental company usually offers a choice of images with popular Linux distros to stage the server you rented. Because you are provided with root privileges, you can install whatever piece of software you would like on top of that base image or manually remove pieces you don't want.

Nevertheless, there might be good reasons why you'd rather want to use FAI to install your root server(s):

• You want to have a fully automated installation of your server in a working state, compared to being able to stage it with a default image and having to take it manually from there, which can be a quite cumbersome task.
• You way want to use a different kernel than the one contained in the server rental company's image (for example, a Xen kernel)
• You way want to use your own harddisk partition layout which is different from the layout that comes with the standard image.
• You want to be sure what you install only the software you want to use, not whatever someone felt might be useful for you.

What to keep in mind

You might ask what makes a root server different from any other server you might install with FAI. It's some subtle things which might come in your way and their combination might make it difficult for you to find the problem.

• You may or may not have console access to your server. Some server rental companies provide a serial console via SSH, which might indeed be very helpful, but some don't. If you don't even have a serial console, the whole process is kind of a blind flight. The good news is: There are techniques to diag installations problems even in that situation.
• You either don't have DHCP or BOOTP at all or at least it will be doing only half of the job for you. Because you won't have access to parameters on the DHCP server in a foreign data centre, you can use DHCP to configure your server's network settings but you cannot use it to tell your server to boot the FAI installation kernel, unfortunately.

Instead, you will hopefully have two things you might not be used to having in your local infrastructure:

• A rescue system that you can boot your server into.
• A remote reset system.

Before starting any work on FAI on a root server, make sure you are familliar with the automatic remote reset and the rescue system. Also make sure that you are not charged for resets and that they work automatically. Otherwise you may not make yourself friends with the support staff in the data centre.

The modified installation process

To install a root server using FAI you at least need to have a second server which can be reached on the public Internet that will become your FAI install server. It might be doable to use a server in your premises for that with a combination of a DMZ and dynamic DNS. Keep in mind though that NFS does not work well through NAT. I have not taken that route, so you milage may vary. I used a 2nd server on the public Internet (in a different data centre) as an install server.

Note: When exporting filesystems on your install server via NFS onto the public Internet, keep any eye on security. Either understand firewall configurations or consider starting the NFS daemon only on-demand, when you plan to do an installation. Also make sure that no sensitive information is located on your install server.

The installation process as such remains the same as usually when using FAI: You boot an install kernel which mounts a root filesystem via NFS from your FAI install server and executes installation scripts.

What's different is:

• The technique you use to boot the install kernel on the install client.
• The extra care you need to apply to network interface configuration and DNS name resolution on the install client in case you don't have DHCP.

DHCP or not

We are renting servers from five different companies and none of them uses or even offers DHCP at all, which comes as a surprise. In case the company where you rent your root server allows you to use DHCP for your server configuration, things will be a lot easier for you because you don't have to worry about two problem:

• Providing the eth0 of your server with a valid IP address, netmask, broadcast and default gateway address.
• Providing DNS servers to resolve hostnames.

As this seems to be a luxory you cannot expect to enjoy, we assume you don't have DHCP available at all.

What to prepare in your /srv/fai/nfsroot for non-DHCP install clients

How to boot the install kernel on your root server

How to monitor your installation and find problems

How to recover from a failed installation attempt