DHCP server: Difference between revisions

From CLONWiki
Jump to navigation Jump to search
← Older editNewer edit →
Boiarino (talk | contribs)
jpeople, Administrators
4,356 edits
No edit summary
Boiarino (talk | contribs)
jpeople, Administrators
4,356 edits
No edit summary
Line 1: Line 1:
'''Configure DHCP server on RHEL7'''


'''How to add new client to the system'''
yum install dhcp


Add new record to:
Config file ''/etc/dhcp/dhcpd.conf'' should looks like this:
/var/named/10.168.192.in-addr.arpa.db
#
  /var/named/clontest.com
# DHCP Server Configuration file.
/etc/dhcp/dhcpd.conf
  #  see /usr/share/doc/dhcp*/dhcpd.conf.example
 
  #  see dhcpd.conf(5) man page
Restart corresponding services:
  #
systemctl restart dhcpd
systemctl restart named
 
Check services status:
  systemctl status dhcpd
systemctl status named
 
 
'''IPTABLES'''
 
Do not forget:
chattr +i /etc/resolv.conf
 
Show tables:
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
  iptables -vL -t security
   
   
Only first two seems relevant. Clear them:
iptables -t filter -F
iptables -t nat -F
 
Set needed settings (we assumes loval network port is 'enp_bond', and uplink port is 'em1'):
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i enp_bond -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o em1 -j MASQUERADE
iptables -A FORWARD -i em1 -o enp_bond -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp_bond -o em1 -j ACCEPT
Save rules and restart service:
iptables-save > /etc/sysconfig/iptables
systemctl enable iptables
systemctl start iptables
'''MODIFY /diskless/CentOS7/x86_64/root/etc/sysconfig/readonly-root''':
...
CLIENTSTATE=192.168.10.1:/diskless/CentOS7/x86_64/snapshot
...
'''In root area, /etc/ssh/sshd_config must have following setting (to allow remote ssh)'''
#UsePAM yes
it will be propagated to the controller's snapshot area on the first boot.
Not sure about others:
HostbasedAuthentication yes
#HostbasedAuthentication no
IgnoreRhosts no
#IgnoreRhosts yes
PasswordAuthentication yes
#PasswordAuthentication yes
PasswordAuthentication yes
#UsePrivilegeSeparation sandbox # Default for new installations.
UsePrivilegeSeparation sandbox # Default for new installations.
'''old gefvme removal'''
yum remove kmod-gefvme gefvme-library
If failed on 'gefvme-library', do
rpm -e --noscripts gefvme-library
If file ''/etc/modules-load.d/gefvme.conf'' was not removed by above commands, remove it manually (if working from ''chroot ...'' then everything is done in ''root'' area, but ''gefvme.conf'' may survive in ''snapshot'' area, in that case remove it on controller and not in ''chroot'').
File ''/etc/modules-load.d/vme.conf'' with contents
cmem_rcc
jvme
vme_vivo
vme_ca91cx42
vme_tsi148
vme
may not be needed (if modules already in kernel ?).
'''new jvme (not sure if module installation is needed, maybe in kernel already ?) '''
'''On VME controller in BIOS, make sure VME memry size is set to 512M'''
Project git link: https://code.jlab.org/fedaq/drivers/jvme/-/tree/release-3.0
On vme controller as ''boiarino'', copy ''jvme-release-3.0.tar'' to ''$CODA/src'' and  untar it.
Create two environment scripts:
jvme_bash:
#!/bin/bash
export LINUXVME=${CODA}/src/jvme-release-3.0/linuxvme
export LINUXVME_INC=${LINUXVME}/include
export LINUXVME_LIB=${LINUXVME}/Linux_`uname -m`_vme/lib
export LINUXVME_BIN=${LINUXVME}/Linux_`uname -m`_vme/bin
export LD_LIBRARY_PATH=${LINUXVME_LIB}:${LD_LIBRARY_PATH}
export KERNELRELEASE=3.10.0-1062.9.1.el7.x86_64
jvme_tcsh:
#!/bin/tcsh
setenv LINUXVME ${CODA}/src/jvme-release-3.0/linuxvme
setenv LINUXVME_INC ${LINUXVME}/include
setenv LINUXVME_LIB ${LINUXVME}/Linux_`uname -m`_vme/lib
setenv LINUXVME_BIN ${LINUXVME}/Linux_`uname -m`_vme/bin
setenv LD_LIBRARY_PATH ${LINUXVME_LIB}:${LD_LIBRARY_PATH}
setenv KERNELRELEASE 3.10.0-1062.9.1.el7.x86_64
Run ''source jvme_tcsh''.
Go inside ''jvme-release-3.0''.
In two files ''CMakeLists.txt'' and ''src/CMakeLists.txt'', change
set(libpath Linux-${CMAKE_SYSTEM_PROCESSOR}/lib)
set(libpath Linux-${CMAKE_SYSTEM_PROCESSOR}/bin)
to
set(libpath Linux_${CMAKE_SYSTEM_PROCESSOR}_vme/lib)
set(libpath Linux_${CMAKE_SYSTEM_PROCESSOR}_vme/bin)
Type ''cmake -B build -S . -DCMAKE_INSTALL_PREFIX=$LINUXVME''
Fix Makefile in ''kernel_driver'' and three it's subdirectories, it must have following in the beginning:
KVERSION := $(KERNELRELEASE)
ifeq ($(origin KERNELRELEASE), undefined)
KVERSION := $(shell uname -r)
endif
In directory ''jvme-release-3.0'', type ''make'' and ''make install'',
Do ''cd kernel_driver'' and ''make'' (do NOT do ''make install'').
On the server, do
mount -o bind /usr/clas12 /diskless/CentOS7/x86_64/root/usr/clas12
mount -o bind /usr/local /diskless/CentOS7/x86_64/root/usr/local
mount -o bind /home /diskless/CentOS7/x86_64/root/home
chroot /diskless/CentOS7/x86_64/root
cd /usr/clas12/release/2.0.0/coda/src
source jvme_bash
cd jvme-release-3.0/kernel_driver
make install
Still on server, add two files to ''/etc/udev/rules.d'' directory:
99-cmem.rules:
KERNEL=="cmem_rcc", MODE="0666"
99-vme.rules:
KERNEL=="bus/vme/ctl", MODE="0666"
KERNEL=="bus/vme/m_a16", MODE="0666"
KERNEL=="bus/vme/m_a24", MODE="0666"
KERNEL=="bus/vme/m_a32", MODE="0666"
KERNEL=="bus/vme/m_crcsr", MODE="0666"
KERNEL=="bus/vme/s_a32", MODE="0666"
KERNEL=="bus/vme/s_rsvd1", MODE="0666"
KERNEL=="bus/vme/s_rsvd2", MODE="0666"
KERNEL=="bus/vme/s_rsvd3", MODE="0666"
Reboot controller, check if everything is good.
'''NOTE''': if changing something in kernel module(s), it is not needed to reboot every time after make/make install is done in ''jvme-release-3.0/kernel_driver'' directory. Just run ''./load_driver.sh'' as root on controller, and all modules will be reloaded.
'''NOTE''': to add ''/et'' to snapshot area: on server, create /et directories in both root and snapshot areas, then add line '/et' to /etc/statetab file in root area, then reboot controller.
'''Enable systemd log persistency (remember all reboots, not only last one)'''
Run ''emacs /etc/systemd/journald.conf'', set
Storage=persistent
Do following:
mkdir /var/log/journal
systemd-tmpfiles --create --prefix /var/log/journal
systemctl restart systemd-journald
'''yum'''
On server where vme is loading from (as root; ''/zzz'' will be needed for mysqltcl installation below):
mkdir /diskless/CentOS7/x86_64/root/zzz
#mount -o bind /usr/local/src /diskless/CentOS7/x86_64/root/zzz
mount -o bind /usr/local /diskless/CentOS7/x86_64/root/usr/local
mount -o bind /usr/clas12 /diskless/CentOS7/x86_64/root/usr/clas12
chroot /diskless/CentOS7/x86_64/root
Add ''multilib_policy=all'' to ''/etc/yum.conf''.
Add (and remove the rest ?) following to ''/etc/yum.repos.d/CentOS-Base.repo'':
[base]
name=CentOS-$releasever - Base
baseurl=http://archive.kernel.org/centos-vault/centos/$releasever/os/$basearch/
Clean yum database:
rm /var/lib/rpm/__db.*
Install following using yum:
yum install motif-devel tcl-devel tk-devel libXpm-devel apr-devel libXaw-devel ncurses-devel
Install following for ''dbedit'':
yum install tix itcl itk
Install remaining tcl stuff from ''/usr/local/src'', mounted as ''/zzz'' above:
cd /zzz/mysqltcl-3.052
make install
ln -s /usr/lib/mysqltcl-3.052 /usr/lib64/tcl8.5/mysqltcl-3.052
'''To enable remove ssh login, in 'sshd_config comment out this: #UsePAM yes'''
''' Gateway'''
Add
net.ipv4.ip_forward=1
to ''/etc/sysctl.conf'' and execute
sysctl -p
''' NIS server'''
yum install ypserv rpcbind
systemctl start ypserv
''/etc/hosts'':
192.168.10.1          clondaq15daq1.clontest.com    clondaq15daq1
192.168.10.5          test5.clontest.com    test5
192.168.10.6          test6.clontest.com    test6
On clondaq15:
route add -net 192.168.10.0 netmask 255.255.255.0 gw 129.57.86.1
''route'':
  Kernel IP routing table
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
default        gw-86.jlab.org  0.0.0.0        UG    101    0        0 em1
129.57.86.0    0.0.0.0        255.255.255.0  U    101    0        0 em1
192.168.10.0    gw-86.jlab.org  255.255.255.0  UG    0      0        0 em1
192.168.10.0    0.0.0.0        255.255.255.0  U    102    0        0 p2p1
'''Setting DHCP server on clon10new (RHEL7)'''
yum install dhcp tftp tftp-server
Bryan:
yum install nfs-utils tftp-server syslinux-tftpboot syslinux
yum install dnsmasq
mkdir /tftpboot
grub2-mknetdir --net-directory=/tftpboot/efi
Create file ''/etc/systemd/system/tftp.service'':
[Unit]
Description=Tftp Server
Requires=tftp.socket
Documentation=man:in.tftpd
[Service]
#ExecStart=/usr/sbin/in.tftpd -s /var/lib/tftpboot
ExecStart=/usr/sbin/in.tftpd -s /tftpboot
StandardInput=socket
[Install]
Also=tftp.socket
Start tftp:
systemctl start tftp
#systemctl start tftp.socket ??
Create file ''/tftpboot/efi/boot/grub2/grub.cfg'' with following contents:
function load_video {
insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus
insmod all_video
}
load_video
set gfxpayload=keep
insmod gzio
set timeout=2
menuentry 'Diskless CentOS7 x86_64, any network device'  --class redhat --class gnu-linux --class gnu --class os {
linuxefi linux-install/CentOS7-x86_64-Diskless/vmlinuz-3.10.0-1062.9.1.el7.x86_64 zram=1 ip=::::::dhcp root=nfs:192.168.10.1:/diskless/CentOS7-devel/x86_64/root ro vga=0x305 module_blacklist=ipmi_si,ipmi_msghandler,ipmi_devintf,w83977f_wdt
initrdefi linux-install/CentOS7-x86_64-Diskless/initramfs-jvme-3.10.0-1062.9.1.el7.x86_64.img
}
Edit file ''/etc/dhcp/dhcpd.conf'':
  subnet 192.168.10.0 netmask 255.255.255.0 {
  subnet 192.168.10.0 netmask 255.255.255.0 {
        option domain-name "jlab.org";
        option domain-name "clontest.com jlab.org";
        option domain-name-servers 129.57.32.100, 129.57.32.101;
        option domain-name-servers 192.168.10.1;
        option routers 192.168.10.1;
        option routers 192.168.10.1;
        use-host-decl-names true;
        use-host-decl-names true;
  pool {
  pool {
      range 192.168.10.2 192.168.10.20;
      range 192.168.10.2 192.168.10.20;
Line 335: Line 21:
      }
      }
  }
  }
 
  set vendorclass = option vendor-class-identifier;
  set vendorclass = option vendor-class-identifier;
  option pxe-system-type code 93 = unsigned integer 16;
  option pxe-system-type code 93 = unsigned integer 16;
  set pxetype = option pxe-system-type;
  set pxetype = option pxe-system-type;
 
  # DISKLESS Clients in here
  # DISKLESS Clients in here
  group
  group
Line 351: Line 37:
  }
  }
   next-server 192.168.10.1;
   next-server 192.168.10.1;
host test1 {
hardware ethernet 00:20:38:03:10:34;
  host test5 {
fixed-address 192.168.10.4;
}
  host test4 {
  hardware ethernet 00:20:38:10:14:f7;
  hardware ethernet 00:20:38:10:14:f7;
  fixed-address 192.168.10.5;
  fixed-address 192.168.10.5;
  }
  }
} # Diskless clients group
   
   
 
host test6 {
Start dhcp:
hardware ethernet 00:20:38:0A:07:D7;
 
fixed-address 192.168.10.6;
systemctl start dhcpd
}
 
 
Install nfs:
 
yum install nfs-utils
 
Configure file ''/etc/exports'':
 
/diskless 192.168.10.0/24(rw,no_root_squash,sync)
 
Start NFS server:
 
systemctl status nfs-server
 
Check that NFS is exporting. Command
 
showmount -e
 
have to show following:
 
Export list for clondaq15.jlab.org:
/diskless 192.168.10.0/24
 
 
To use local name server, install bind:
 
yum install bind
 
 
 
Login from console may not work because of file ''/etc/securetty'' permissions, it must be 644.
 
 
THere is a service PAM, it may prevent login from console if some required services did not start. To work around, comment out some lines in ''/etc/pam.d/system-auth-ac'' file:
 
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
#auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
#auth        requisite    pam_succeed_if.so uid >= 1000 quiet_success
#auth        required      pam_deny.so
   
   
#account    required      pam_unix.so
host test7 {
account    sufficient    pam_localuser.so
hardware ethernet 00:20:38:0F:2C:0D;
account    sufficient    pam_succeed_if.so uid < 1000 quiet
fixed-address 192.168.10.7;
#account    required      pam_permit.so
}
   
   
  password    requisite    pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
  } # Diskless clients group
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
#password    required      pam_deny.so
session    optional      pam_keyinit.so revoke
#session    required      pam_limits.so
-session    optional      pam_systemd.so
session    [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
#session    required      pam_unix.so

Revision as of 15:21, 15 May 2025

Configure DHCP server on RHEL7 

yum install dhcp

Config file /etc/dhcp/dhcpd.conf should looks like this: 

#
# DHCP Server Configuration file.
#   see /usr/share/doc/dhcp*/dhcpd.conf.example
#   see dhcpd.conf(5) man page
#

subnet 192.168.10.0 netmask 255.255.255.0 {
        option domain-name "clontest.com jlab.org";
        option domain-name-servers 192.168.10.1;
        option routers 192.168.10.1;
        use-host-decl-names true;
	pool {
	     range 192.168.10.2 192.168.10.20;
	     deny dynamic bootp clients;
	     allow unknown clients;
	     }
}

set vendorclass = option vendor-class-identifier;
option pxe-system-type code 93 = unsigned integer 16;
set pxetype = option pxe-system-type;

# DISKLESS Clients in here
group
{
	if substring(vendorclass, 0, 9)="PXEClient" {
	   if pxetype=00:06 or pxetype=00:07 {
	      filename   "efi/boot/grub2/x86_64-efi/core.efi";
	   } else {
	      filename "linux-install/pxelinux.0";
	   }
	}
  	next-server 192.168.10.1;

	host test5 {
	 hardware ethernet 00:20:38:10:14:f7;
	 fixed-address 192.168.10.5;
	}

	host test6 {
	 hardware ethernet 00:20:38:0A:07:D7;
	 fixed-address 192.168.10.6;
	}

	host test7 {
	 hardware ethernet 00:20:38:0F:2C:0D;
	 fixed-address 192.168.10.7;
	}

} # Diskless clients group
Retrieved from "https://clonwiki0.jlab.org/wiki/index.php?title=DHCP_server&oldid=8264"