Closed HarvsG closed 5 years ago
You can have a different OS image for each Pi (if you compile piserver from source, there is a "clone" button in the Piserver GUI you could use to make a copy) And can then change /etc/exports so read/write NFS access is given.
However do be aware that this is NOT secure. Anyone in your network, will have write access to any OS image. No authentication whatsover.
Thank you so much for your quick reply
Ok so I did the following
sudo nano /etc/exports
/var/lib/piserver/os *(ro,no_subtree_check,no_root_squash,fsid=1055)
changed ro
to rw
sudo exportfs -ra
nano /etc/sudoers
, added my user HarvsG
as a sudo.Then network booted, logged in as HarvsG
and ran sudo apt-get update
. However I get read-only filesystem errors.
Does it work better if you also add rw
to /boot/cmdline.txt (on the same line as existing options) inside the OS image?
Think the Linux kernel otherwise mounts as ro by default, even though rw is allowed by server.
I added rw
to the end of cmdline.txt adding ,rw
caused a kernal panic.
~However now I can't log in. It just keeps telling the password is wrong. Could this have affected the authentication?~
This apears to be a separate issue
This apears to be a separate issue
Do keep in mind that most of Linux is CaSe-SeNsItive. So try to keep things lower case and avoid usernames like HarvsG.
You have multiple options regarding authentication. Can use piserver's user management, in which the home folder will be central, and shared with all images. Avoid logging in with same username on multiple Pi at the same time. As not all applications will be expecting that.
Or you can have home folders specific to each image. In that case do not use Piserver's (ldap) user management, but create users with adduser and similar command line commands in the shell.
Or you can have home folders specific to each image. In that case do not use Piserver's (ldap) user management, but create users with adduser and similar command line commands in the shell.
I think this is the best option as my use case, how would I got about doing this?
Thank you so much for your help
I think this is the best option as my use case, how would I got about doing this?
Can also set a root password with "passwd". Login on the client as root, and add other users there.
Thank you. I got this working - this could be game changing! Thank you for all your help. I'm gonna write up a tutorial.
Good to hear it works for you.
I'm gonna write up a tutorial.
Do make sure you mention the security implications of setups like this. It is fine to do it like this in your private home network, but this kind of configuration is not suitable for say schools.
Both because of everything being read-write through NFS for every computer in the network. And because when you create local users like this, the password hash of the user ends up in /etc/shadow, which is shared publicly over NFS.
(When using Piserver's LDAP authentication this is not the case. Server has a healthy distrust of clients. Only gives access to a user's home folder, after client sends password to server)
Thank you for this, I wonder if there is a way to overcome some of these security issues. I would have thought that specifing a more secure address range /var/lib/piserver/os *(ro,no_subtree_check,no_root_squash,fsid=1055)
here or adding some sort of user authentication for the nfs.
Not sure how to solve the /etc/shadow issue.
Developing my tutorial here: https://gist.github.com/HarvsG/7d1674e7aadc719d4a82da26731a1501
one last question @maxnet will I be able to run piserver host on a raspberry pi 4 rather than using a x86 device?
one last question @maxnet will I be able to run piserver host on a raspberry pi 4 rather than using a x86 device?
Technically yes. (Although using x86 is typically better storage wise)
Great I'm going to slap a USB 3 SSD onto a raspi 4 a use it as a master pi dishing out gigabit NFS filesytems! This is so much nicer than messing around with berryboot and iSCSI.
Hi when I read the PiServer blog post I got very excited by this:
My vision was this - to host all my images/OSs on a central piserver host and then dish them out to a rack of RaspberryPis. I could then use piserver to control which pi boots which OS. This much I can do with piserver. However it is hard to do any projects of consequence as I only have write access to
/home/user
.Is there an experimental way to allow write access to the root/image (I would make sure each image is only booted by one client at a time). Or better still for piserver to store changes in
/var/lib/piserver/nfs/<pi's-mac-addr>/<os-name>/
then load these changes/files on boot.