Root on NFS High Security level Linux server Configuration "multiple graphs"

System Introduction

Imagine a Linux server in which the root partition is read-only and very secure, even if the root account is helpless, because it is read-only. This read-only root partition (or an operating system called customization), an operating system image that is actually mounted by a stand-alone client server from a central control node over the network, so that the operating system can be centrally controlled, and any modification takes effect in real time and, of course, allows the client server to have feature files, such as etc, some of the configuration files, this system is with our familiar bootp,tftp,nfs,dhcp these services built up.

Core single Point

The medium-control node is a single point that preserves one or more custom operating systems, providing services as described above, which can cause the entire cluster to be paralyzed if there is a single point of failure. So need to have a standby real-time synchronization data, and use virtual IP to provide services, where the use of open source linux-ha under the heartbeat and DRBD services to avoid a single point of failure, the main standby automatic switching start service, realize the second level of automatic migration, the data is DRBD real-time synchronization.

Feature advantages

Centralized, maintaining only one operating system

Real-time, any modifications are immediately effective.

Security, root accounts are helpless.

Exceptions allow attribute files to exist

Applicable scenarios

MMORPG Similar Services

The server side only provides compute and database services

Security level is high.

Root User login machine can not do bad things, very safe.

Other occasions

There's always something else to do with an ancient psychic system.

Build steps

Deployment of DRBD and Heartbeat

Re-compiling the kernel

Custom Operating System

TFTP service

DHCP service

NFS Services

PXE network card

Step by step ...

Detailed steps omitted, the official website of these kinds of services can find the relevant details.

"Key Tips"

I. Compiling the kernel:

The module parameter is compiled to work only after the kernel is started, so we need to select Y.

Compile NFS into kernel, support Root file system on NFS, etc.

How to make var tmp normal, otherwise many of the system's own services failed to start.

Ramdisk: Put the var tmp directory in memory

Ii. Start-up System:

Take the MAC address and go!

Boot, network card guide; Automatic search for DHCP service;

2. Download the kernel file we compiled.

Download custom kernel files through DHCP and TFTP.

3. Locate your own IP and start the operating system.

4. Put the var,tmp in memory.

5. Log in to the operating system

After the smooth start, you can log in!

6. Look at the Root on NFS is how to mount the method.

7. Try RM–RF/bar!