|  |     | 
| (12 intermediate revisions by the same user not shown) | 
| Line 1: | Line 1: | 
|  | '''IPTABLES'''
 |  | == Configure DHCP server on RHEL9 == | 
|  | 
 |  | 
 | 
|  | Do not forget:
 |  |   yum install dhcp-server | 
|  |   chattr +i /etc/resolv.conf |  | 
|  | 
 |  | 
 | 
|  | Show tables:
 |  | In this example, server on subnet 167 (129.57.167.139), and client on subnet 86. | 
|  |  iptables -vL -t filter
 |  | 
|  |  iptables -vL -t nat
 |  | 
|  |  iptables -vL -t mangle
 |  | 
|  |  iptables -vL -t raw
 |  | 
|  |  iptables -vL -t security
 |  | 
|  |  
 |  | 
|  | Only first two seems relevant.Clear them:
 |  | 
|  |  iptables -t filter -F
 |  | 
|  |  iptables -t nat -F
 |  | 
|  |   
 |  | 
|  | Set needed settings (we assumes loval network port is 'enp_bond', anduplink port is 'em1'):
 |  | 
|  |  iptables -A INPUT -i lo -j ACCEPT
 |  | 
|  |  iptables -A INPUT -i enp_bond -j ACCEPT
 |  | 
|  |  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 |  | 
|  |  iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
 |  | 
|  |  iptables -A FORWARD -i em1 -o enp_bond -m state --state RELATED,ESTABLISHED -j ACCEPT
 |  | 
|  |  iptables -A FORWARD -i enp_bond -o em1 -j ACCEPT
 |  | 
|  | 
 |  | 
 | 
|  | Save rules and restart service:
 |  | Config file /etc/dhcp/dhcpd.conf should looks like this (replace 129.57.167.139 with the server address): | 
|  |  iptables-save > /etc/sysconfig/iptables
 |  | 
|  |  systemctl enable iptables
 |  | 
|  |  systemctl start iptables
 |  | 
|  | 
 |  | 
 | 
|  | '''MODIFY /diskless/CentOS7/x86_64/root/etc/sysconfig/readonly-root''':
 |  |  # | 
|  |   ... |  |  # DHCP Server Configuration file. | 
|  |   CLIENTSTATE=192.168.10.1:/diskless/CentOS7/x86_64/snapshot |  |  #   see /usr/share/doc/dhcp-server/dhcpd.conf.example | 
|  |   ... |  |  #   see dhcpd.conf(5) man page | 
|  |  |  # | 
|  |  |   | 
|  |  |  option domain-name "jlab.org"; | 
|  |  |  option domain-name-servers 129.57.90.255, 129.57.32.101; | 
|  |  |  default-lease-time 600; | 
|  |  |  max-lease-time 7200; | 
|  |  |   | 
|  |  |  # subnet 167 | 
|  |  |   subnet 129.57.167.0 netmask 255.255.255.0 { | 
|  |  |        option routers 129.57.167.99; | 
|  |  |        deny unknown-clients; | 
|  |  |  } | 
|  |  |   | 
|  |  |   # subnet 86 | 
|  |  |  subnet 129.57.86.0 netmask 255.255.255.0 { | 
|  |  |        option broadcast-address 129.57.86.255; | 
|  |  |        option subnet-mask 255.255.255.0; | 
|  |  |        option routers 129.57.86.1; | 
|  |  |        deny unknown-clients; | 
|  |  |        allow declines; | 
|  |  |  } | 
|  |  |   | 
|  |  |  # important settings to recognize PXE boot from UEFI boot controllers | 
|  |  |  set vendorclass = option vendor-class-identifier; | 
|  |  |  option pxe-system-type code 93 = unsigned integer 16; | 
|  |  |  set pxetype = option pxe-system-type; | 
|  |  |   | 
|  |  |  # DISKLESS Clients in here | 
|  |  |  group | 
|  |  |  { | 
|  |  |      if substring(vendorclass, 0, 9)="PXEClient" { | 
|  |  |          if pxetype=00:06 or pxetype=00:07 { | 
|  |  |              filename   "efi/boot/grub2/x86_64-efi/core.efi"; | 
|  |  |          } else { | 
|  |  |              filename "linux-install/pxelinux.0"; | 
|  |  |          } | 
|  |  |      } | 
|  |  |   | 
|  |  |      next-server 129.57.167.4; | 
|  |  |     | 
|  |  |      host test333 { | 
|  |  |          hardware ethernet 00:20:38:04:3a:8a; | 
|  |  |          fixed-address 129.57.86.7; | 
|  |  |      } | 
|  |  |       | 
|  |  |      host test444 { | 
|  |  |          hardware ethernet 00:20:38:10:15:03; | 
|  |  |          fixed-address 129.57.86.5; | 
|  |  |      } | 
|  |  |   | 
|  |  |  } # Diskless clients group | 
|  | 
 |  | 
 | 
|  | '''In controller's snapshot area, sshd_config (to allow remote ssh)'''
 |  | 
|  | 
 |  | 
 | 
|  |  HostbasedAuthentication yes
 |  | Enable and start service: | 
|  |  #HostbasedAuthentication no
 |  | 
|  | 
 |  | 
 | 
|  |   IgnoreRhosts no |  |   systemctl enable dhcpd | 
|  |   #IgnoreRhosts yes |  |   systemctl start dhcpd | 
|  |   |  | 
|  |  PasswordAuthentication yes
 |  | 
|  |  #PasswordAuthentication yes
 |  | 
|  |  PasswordAuthentication yes
 |  | 
|  |   |  | 
|  |  #UsePAM yes
 |  | 
|  |  UsePAM yes
 |  | 
|  |   |  | 
|  |  #UsePrivilegeSeparation sandbox		# Default for new installations.
 |  | 
|  |  UsePrivilegeSeparation sandbox		# Default for new installations.
 |  | 
|  |   |  | 
|  |   |  | 
|  |   |  | 
|  | '''jvme'''
 |  | 
|  |   |  | 
|  | '''On VME controller in BIOS, make sure VME memry size is set to 512M'''
 |  | 
|  |   |  | 
|  | Project git link: https://code.jlab.org/fedaq/drivers/jvme/-/tree/release-3.0
 |  | 
|  |   |  | 
|  | On vme controller as ''boiarino'', copy ''jvme-release-3.0.tar'' to ''$CODA/src'' and  untar it.
 |  | 
|  |   |  | 
|  | Create two environment scripts:
 |  | 
|  |   |  | 
|  | jvme_bash:
 |  | 
|  |  #!/bin/bash
 |  | 
|  |  export LINUXVME=${CODA}/src/jvme-release-3.0/linuxvme
 |  | 
|  |  export LINUXVME_INC=${LINUXVME}/include
 |  | 
|  |  export LINUXVME_LIB=${LINUXVME}/Linux_`uname -m`_vme/lib
 |  | 
|  |  export LINUXVME_BIN=${LINUXVME}/Linux_`uname -m`_vme/bin
 |  | 
|  |  export LD_LIBRARY_PATH=${LINUXVME_LIB}:${LD_LIBRARY_PATH}
 |  | 
|  |  export KERNELRELEASE=3.10.0-1062.9.1.el7.x86_64
 |  | 
|  |   |  | 
|  | jvme_tcsh:
 |  | 
|  |  #!/bin/tcsh
 |  | 
|  |  setenv LINUXVME ${CODA}/src/jvme-release-3.0/linuxvme
 |  | 
|  |  setenv LINUXVME_INC ${LINUXVME}/include
 |  | 
|  |  setenv LINUXVME_LIB ${LINUXVME}/Linux_`uname -m`_vme/lib
 |  | 
|  |  setenv LINUXVME_BIN ${LINUXVME}/Linux_`uname -m`_vme/bin
 |  | 
|  |  setenv LD_LIBRARY_PATH ${LINUXVME_LIB}:${LD_LIBRARY_PATH}
 |  | 
|  |  setenv KERNELRELEASE 3.10.0-1062.9.1.el7.x86_64
 |  | 
|  |   |  | 
|  | Run ''source jvme_tcsh''.
 |  | 
|  | Go inside ''jvme-release-3.0''.
 |  | 
|  | In two files ''CMakeLists.txt'' and ''src/CMakeLists.txt'', change
 |  | 
|  |  set(libpath Linux-${CMAKE_SYSTEM_PROCESSOR}/lib)
 |  | 
|  |  set(libpath Linux-${CMAKE_SYSTEM_PROCESSOR}/bin)
 |  | 
|  | to
 |  | 
|  |  set(libpath Linux_${CMAKE_SYSTEM_PROCESSOR}_vme/lib)
 |  | 
|  |  set(libpath Linux_${CMAKE_SYSTEM_PROCESSOR}_vme/bin)
 |  | 
|  |   |  | 
|  | Type ''cmake -B build -S . -DCMAKE_INSTALL_PREFIX=$LINUXVME''
 |  | 
|  |   |  | 
|  | Fix Makefile in ''kernel_driver'' and three it's subdirectories, it must have following in the beginning:
 |  | 
|  |  KVERSION := $(KERNELRELEASE)
 |  | 
|  |  ifeq ($(origin KERNELRELEASE), undefined)
 |  | 
|  |  KVERSION := $(shell uname -r)
 |  | 
|  |  endif
 |  | 
|  |   |  | 
|  | In directory ''jvme-release-3.0'', type ''make'' and ''make install'', 
 |  | 
|  |   |  | 
|  | Do ''cd kernel_driver'' and ''make'' (do NOT do ''make install'').
 |  | 
|  |   |  | 
|  | On the server, do
 |  | 
|  |   |  | 
|  |  mount -o bind /usr/clas12 /diskless/CentOS7/x86_64/root/usr/clas12
 |  | 
|  |  mount -o bind /usr/local /diskless/CentOS7/x86_64/root/usr/local
 |  | 
|  |  mount -o bind /home /diskless/CentOS7/x86_64/root/home
 |  | 
|  |  chroot /diskless/CentOS7/x86_64/root
 |  | 
|  |  cd /usr/clas12/release/2.0.0/coda/src
 |  | 
|  |  source jvme_bash
 |  | 
|  |  cd jvme-release-3.0/kernel_driver
 |  | 
|  |  make install
 |  | 
|  |   |  | 
|  | Still on server, add two files to ''/etc/udev/rules.d'' directory:
 |  | 
|  |   |  | 
|  | 99-cmem.rules:
 |  | 
|  |  KERNEL=="cmem_rcc", MODE="0666"
 |  | 
|  |   |  | 
|  | 99-vme.rules:
 |  | 
|  |  KERNEL=="bus/vme/ctl", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/m_a16", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/m_a24", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/m_a32", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/m_crcsr", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/s_a32", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/s_rsvd1", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/s_rsvd2", MODE="0666"
 |  | 
|  |  KERNEL=="bus/vme/s_rsvd3", MODE="0666"
 |  | 
|  |   |  | 
|  | Reboot controller, check if everything is good.
 |  | 
|  |   |  | 
|  | '''NOTE''': if changing something in kernel module(s), it is not needed to reboot every time after make/make install is done in ''jvme-release-3.0/kernel_driver'' directory. Just run ''./load_driver.sh'' as root on controller, and all modules will be reloaded.
 |  | 
|  |   |  | 
|  |   |  | 
|  | '''NOTE''': to add ''/et'' to snapshot area: on server, create /et directories in both root and snapshot areas, then add line '/et' to /etc/statetab file in root area, then reboot controller.
 |  | 
|  | 
 |  | 
 | 
|  |  | Check service status, fix errors if any: | 
|  | 
 |  | 
 | 
|  |  |  systemctl status dhcpd | 
|  | 
 |  | 
 | 
|  |  | == Configure local DHCP server on RHEL7 == | 
|  | 
 |  | 
 | 
|  | '''Enable systemd log persistency (remember all reboots, not only last one)'''
 |  |  yum install dhcp | 
|  | 
 |  | 
 | 
|  | Run ''emacs /etc/systemd/journald.conf'', set
 |  | Config file ''/etc/dhcp/dhcpd.conf'' should looks like this: | 
|  |   |  |   # | 
|  |  Storage=persistent
 |  |   # DHCP Server Configuration file. | 
|  |   |  |   #   see /usr/share/doc/dhcp*/dhcpd.conf.example | 
|  | Do following:
 |  |   #   see dhcpd.conf(5) man page | 
|  |   |  |   # | 
|  |   mkdir /var/log/journal |  | 
|  |   systemd-tmpfiles --create --prefix /var/log/journal |  | 
|  |  systemctl restart systemd-journald
 |  | 
|  |   |  | 
|  | '''yum'''
 |  | 
|  |   |  | 
|  | On server where vme is loading from (as root; ''/zzz'' will be needed for mysqltcl installation below):
 |  | 
|  |   |  | 
|  |  mkdir /diskless/CentOS7/x86_64/root/zzz
 |  | 
|  |   #mount -o bind /usr/local/src /diskless/CentOS7/x86_64/root/zzz |  | 
|  |   mount -o bind /usr/local /diskless/CentOS7/x86_64/root/usr/local |  | 
|  |  mount -o bind /usr/clas12 /diskless/CentOS7/x86_64/root/usr/clas12
 |  | 
|  |  chroot /diskless/CentOS7/x86_64/root
 |  | 
|  |   |  | 
|  | Add ''multilib_policy=all'' to ''/etc/yum.conf''.
 |  | 
|  |   |  | 
|  | Add (and remove the rest ?)following to ''/etc/yum.repos.d/CentOS-Base.repo'':
 |  | 
|  |   |  | 
|  |   [base] |  | 
|  |  name=CentOS-$releasever - Base
 |  | 
|  |  baseurl=http://archive.kernel.org/centos-vault/centos/$releasever/os/$basearch/
 |  | 
|  |   |  | 
|  | Clean yum database:
 |  | 
|  |   |  | 
|  |  rm /var/lib/rpm/__db.*
 |  | 
|  |   |  | 
|  | Install following using yum:
 |  | 
|  |   |  | 
|  |  yum install motif-devel tcl-devel tk-devel libXpm-devel apr-devel libXaw-devel ncurses-devel 
 |  | 
|  |   |  | 
|  | Install following for ''dbedit'':
 |  | 
|  |   |  | 
|  |  yum install tix itcl itk
 |  | 
|  |   |  | 
|  | Install remaining tcl stuff from ''/usr/local/src'', mounted as ''/zzz'' above:
 |  | 
|  |     |  |     | 
|  |  cd /zzz/mysqltcl-3.052
 |  | 
|  |  make install
 |  | 
|  |  ln -s /usr/lib/mysqltcl-3.052 /usr/lib64/tcl8.5/mysqltcl-3.052
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | '''To enable remove ssh login, in 'sshd_config comment out this: #UsePAM yes'''
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | ''' Gateway'''
 |  | 
|  | 
 |  | 
|  | Add
 |  | 
|  |  net.ipv4.ip_forward=1
 |  | 
|  | to ''/etc/sysctl.conf'' and execute
 |  | 
|  |  sysctl -p
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | ''' NIS server'''
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  |  yum install ypserv rpcbind
 |  | 
|  | 
 |  | 
|  |  systemctl start ypserv
 |  | 
|  | 
 |  | 
|  | ''/etc/hosts'':
 |  | 
|  | 
 |  | 
|  |  192.168.10.1           clondaq15daq1.clontest.com    clondaq15daq1
 |  | 
|  |  192.168.10.5           test5.clontest.com    test5
 |  | 
|  |  192.168.10.6           test6.clontest.com    test6
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | On clondaq15:
 |  | 
|  |  route add -net 192.168.10.0 netmask 255.255.255.0 gw 129.57.86.1
 |  | 
|  | ''route'':
 |  | 
|  |   Kernel IP routing table
 |  | 
|  |  Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 |  | 
|  |  default         gw-86.jlab.org  0.0.0.0         UG    101    0        0 em1
 |  | 
|  |  129.57.86.0     0.0.0.0         255.255.255.0   U     101    0        0 em1
 |  | 
|  |  192.168.10.0    gw-86.jlab.org  255.255.255.0   UG    0      0        0 em1
 |  | 
|  |  192.168.10.0    0.0.0.0         255.255.255.0   U     102    0        0 p2p1
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | '''Setting DHCP server on clon10new (RHEL7)'''
 |  | 
|  | 
 |  | 
|  |  yum install dhcp tftp tftp-server
 |  | 
|  | 
 |  | 
|  | Bryan:
 |  | 
|  | 
 |  | 
|  |  yum install nfs-utils tftp-server syslinux-tftpboot syslinux
 |  | 
|  | 
 |  | 
|  |  yum install dnsmasq
 |  | 
|  | 
 |  | 
|  |  mkdir /tftpboot
 |  | 
|  | 
 |  | 
|  |  grub2-mknetdir --net-directory=/tftpboot/efi
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | Create file ''/etc/systemd/system/tftp.service'':
 |  | 
|  | 
 |  | 
|  |  [Unit]
 |  | 
|  |  Description=Tftp Server
 |  | 
|  |  Requires=tftp.socket
 |  | 
|  |  Documentation=man:in.tftpd
 |  | 
|  | 
 |  | 
|  |  [Service]
 |  | 
|  |  #ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
 |  | 
|  |  ExecStart=/usr/sbin/in.tftpd -s /tftpboot
 |  | 
|  |  StandardInput=socket
 |  | 
|  | 
 |  | 
|  |  [Install]
 |  | 
|  |  Also=tftp.socket
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  | Start tftp:
 |  | 
|  | 
 |  | 
|  |  systemctl start tftp
 |  | 
|  |  #systemctl start tftp.socket ??
 |  | 
|  | 
 |  | 
|  | Create file ''/tftpboot/efi/boot/grub2/grub.cfg'' with following contents:
 |  | 
|  | 
 |  | 
|  | 
 |  | 
|  |  function load_video {
 |  | 
|  |  insmod efi_gop
 |  | 
|  |  insmod efi_uga
 |  | 
|  |  insmod video_bochs
 |  | 
|  |  insmod video_cirrus
 |  | 
|  |  insmod all_video
 |  | 
|  |  }
 |  | 
|  | 
 |  | 
|  |  load_video
 |  | 
|  |  set gfxpayload=keep
 |  | 
|  |  insmod gzio
 |  | 
|  |  set timeout=2
 |  | 
|  |  menuentry 'Diskless CentOS7 x86_64, any network device'  --class redhat --class gnu-linux --class gnu --class os {
 |  | 
|  |  linuxefi linux-install/CentOS7-x86_64-Diskless/vmlinuz-3.10.0-1062.9.1.el7.x86_64 zram=1 ip=::::::dhcp root=nfs:192.168.10.1:/diskless/CentOS7-devel/x86_64/root ro vga=0x305 module_blacklist=ipmi_si,ipmi_msghandler,ipmi_devintf,w83977f_wdt
 |  | 
|  |  initrdefi linux-install/CentOS7-x86_64-Diskless/initramfs-jvme-3.10.0-1062.9.1.el7.x86_64.img
 |  | 
|  |  }
 |  | 
|  | 
 |  | 
|  | Edit file ''/etc/dhcp/dhcpd.conf'':
 |  | 
|  | 
 |  | 
|  |   subnet 192.168.10.0 netmask 255.255.255.0 { |  |   subnet 192.168.10.0 netmask 255.255.255.0 { | 
|  |         option domain-name "jlab.org";
 |  |          option domain-name "clontest.com jlab.org"; | 
|  |         option domain-name-servers129.57.32.100, 129.57.32.101;
 |  |          option domain-name-servers 192.168.10.1; | 
|  |         option routers 192.168.10.1;
 |  |          option routers 192.168.10.1; | 
|  |         use-host-decl-names true;
 |  |          use-host-decl-names true; | 
|  |   	pool { |  |   	pool { | 
|  |   	     range 192.168.10.2 192.168.10.20; |  |   	     range 192.168.10.2 192.168.10.20; | 
| Line 298: | Line 95: | 
|  |   	     } |  |   	     } | 
|  |   } |  |   } | 
|  |   |  |   | 
|  |   set vendorclass = option vendor-class-identifier; |  |   set vendorclass = option vendor-class-identifier; | 
|  |   option pxe-system-type code 93 = unsigned integer 16; |  |   option pxe-system-type code 93 = unsigned integer 16; | 
|  |   set pxetype = option pxe-system-type; |  |   set pxetype = option pxe-system-type; | 
|  |   |  |   | 
|  |   # DISKLESS Clients in here |  |   # DISKLESS Clients in here | 
|  |   group |  |   group | 
| Line 314: | Line 111: | 
|  |   	} |  |   	} | 
|  |     	next-server 192.168.10.1; |  |     	next-server 192.168.10.1; | 
|  |  	host test1 {
 |  |   | 
|  |  	 hardware ethernet 00:20:38:03:10:34;
 |  |   	host test5 { | 
|  |  	 fixed-address 192.168.10.4;
 |  | 
|  |  	}
 |  | 
|  |   	host test4 { |  | 
|  |   	 hardware ethernet 00:20:38:10:14:f7; |  |   	 hardware ethernet 00:20:38:10:14:f7; | 
|  |   	 fixed-address 192.168.10.5; |  |   	 fixed-address 192.168.10.5; | 
|  |   	} |  |   	} | 
|  |  |   | 
|  |  |  	host test6 { | 
|  |  |  	 hardware ethernet 00:20:38:0A:07:D7; | 
|  |  |  	 fixed-address 192.168.10.6; | 
|  |  |  	} | 
|  |  |   | 
|  |  |  	host test7 { | 
|  |  |  	 hardware ethernet 00:20:38:0F:2C:0D; | 
|  |  |  	 fixed-address 192.168.10.7; | 
|  |  |  	} | 
|  |  |   | 
|  |   } # Diskless clients group |  |   } # Diskless clients group | 
|  |  
 |  | 
|  | 
 |  | 
|  | Start dhcp:
 |  | 
|  | 
 |  | 
 | 
|  |  | Enable and start service: | 
|  |  |  systemctl enable dhcpd | 
|  |   systemctl start dhcpd |  |   systemctl start dhcpd | 
|  | 
 |  | 
 | 
|  |   |  | Check service status, fix errors if any: | 
|  | Install nfs:
 |  |   systemctl status dhcpd | 
|  |   |  | 
|  |  yum install nfs-utils
 |  | 
|  |   |  | 
|  | Configure file ''/etc/exports'':
 |  | 
|  |   |  | 
|  |  /diskless 192.168.10.0/24(rw,no_root_squash,sync)
 |  | 
|  |   |  | 
|  | Start NFS server:
 |  | 
|  |   |  | 
|  |  systemctl status nfs-server
 |  | 
|  |   |  | 
|  | Check that NFS is exporting. Command |  | 
|  |   |  | 
|  |  showmount -e
 |  | 
|  |   |  | 
|  | have to show following:
 |  | 
|  |   |  | 
|  |  Export list for clondaq15.jlab.org:
 |  | 
|  |  /diskless 192.168.10.0/24
 |  | 
|  |   |  | 
|  |   |  | 
|  | To use local name server, install bind:
 |  | 
|  |   |  | 
|  |  yum install bind
 |  | 
|  |   |  | 
|  |   |  | 
|  |   |  | 
|  | Login from console may not work because of file ''/etc/securetty'' permissions, it must be 644.
 |  | 
|  |   |  | 
|  |   |  | 
|  | THere is a servicePAM,it may prevent login from console ifsome required services did not start. To work around, comment out some lines in ''/etc/pam.d/system-auth-ac'' file:
 |  | 
|  |   |  | 
|  |   #%PAM-1.0 |  | 
|  |  # This file is auto-generated.
 |  | 
|  |  # User changes will be destroyed the next time authconfig is run.
 |  | 
|  |  #auth        required      pam_env.so
 |  | 
|  |  auth        sufficient    pam_unix.so nullok try_first_pass
 |  | 
|  |  #auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
 |  | 
|  |  #auth        required      pam_deny.so
 |  | 
|  |  
 |  | 
|  |  #account     required      pam_unix.so
 |  | 
|  |  account     sufficient    pam_localuser.so
 |  | 
|  |  account     sufficient    pam_succeed_if.so uid < 1000 quiet
 |  | 
|  |  #account     required      pam_permit.so
 |  | 
|  |  
 |  | 
|  |  password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
 |  | 
|  |  password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
 |  | 
|  |  #password    required      pam_deny.so
 |  | 
|  |  
 |  | 
|  |  session     optional      pam_keyinit.so revoke
 |  | 
|  |  #session     required      pam_limits.so
 |  | 
|  |  -session     optional      pam_systemd.so
 |  | 
|  |  session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
 |  | 
|  |  #session     required      pam_unix.so
 |  | 
Configure DHCP server on RHEL9
yum install dhcp-server
In this example, server on subnet 167 (129.57.167.139), and client on subnet 86.
Config file /etc/dhcp/dhcpd.conf should looks like this (replace 129.57.167.139 with the server address):
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp-server/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
option domain-name "jlab.org";
option domain-name-servers 129.57.90.255, 129.57.32.101;
default-lease-time 600;
max-lease-time 7200;
# subnet 167
subnet 129.57.167.0 netmask 255.255.255.0 {
      option routers 129.57.167.99;
      deny unknown-clients;
}
# subnet 86
subnet 129.57.86.0 netmask 255.255.255.0 {
      option broadcast-address 129.57.86.255;
      option subnet-mask 255.255.255.0;
      option routers 129.57.86.1;
      deny unknown-clients;
      allow declines;
}
# important settings to recognize PXE boot from UEFI boot controllers
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
set pxetype = option pxe-system-type;
# DISKLESS Clients in here
group
{
    if substring(vendorclass, 0, 9)="PXEClient" {
        if pxetype=00:06 or pxetype=00:07 {
            filename   "efi/boot/grub2/x86_64-efi/core.efi";
        } else {
            filename "linux-install/pxelinux.0";
        }
    }
    next-server 129.57.167.4;
    host test333 {
        hardware ethernet 00:20:38:04:3a:8a;
        fixed-address 129.57.86.7;
    }
    
    host test444 {
        hardware ethernet 00:20:38:10:15:03;
        fixed-address 129.57.86.5;
    }
} # Diskless clients group
Enable and start service:
systemctl enable dhcpd
systemctl start dhcpd
Check service status, fix errors if any:
systemctl status dhcpd
Configure local DHCP server on RHEL7
yum install dhcp
Config file /etc/dhcp/dhcpd.conf should looks like this:
#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#
subnet 192.168.10.0 netmask 255.255.255.0 {
        option domain-name "clontest.com jlab.org";
        option domain-name-servers 192.168.10.1;
        option routers 192.168.10.1;
        use-host-decl-names true;
	pool {
	     range 192.168.10.2 192.168.10.20;
	     deny dynamic bootp clients;
	     allow unknown clients;
	     }
}
set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
set pxetype = option pxe-system-type;
# DISKLESS Clients in here
group
{
	if substring(vendorclass, 0, 9)="PXEClient" {
	   if pxetype=00:06 or pxetype=00:07 {
	      filename   "efi/boot/grub2/x86_64-efi/core.efi";
	   } else {
	      filename "linux-install/pxelinux.0";
	   }
	}
  	next-server 192.168.10.1;
	host test5 {
	 hardware ethernet 00:20:38:10:14:f7;
	 fixed-address 192.168.10.5;
	}
	host test6 {
	 hardware ethernet 00:20:38:0A:07:D7;
	 fixed-address 192.168.10.6;
	}
	host test7 {
	 hardware ethernet 00:20:38:0F:2C:0D;
	 fixed-address 192.168.10.7;
	}
} # Diskless clients group
Enable and start service:
systemctl enable dhcpd
systemctl start dhcpd
Check service status, fix errors if any:
systemctl status dhcpd