Linux Boot Server: Difference between revisions

From CLONWiki
Jump to navigation Jump to search
← Older editNewer edit →
Boiarino (talk | contribs)
jpeople, Administrators
4,356 edits
No edit summary
Boiarino (talk | contribs)
jpeople, Administrators
4,356 edits
No edit summary
Line 71: Line 71:




== Configuring snapshot area ==
The list of files and directories which suppose to be in snapshot area (which has RW permissions) should be set in config file ''/diskless/.../root/etc/statetab''. In particular, ''/et'' has to be added there, and also directory ''/diskless/.../root/et'' should be created.
== After Linux boot server is ready and operational, VME controllers can be booted. On the first boot, ''/diskless/.../snapshot/<controller name>'' directory will be created. For VME controller specific information see [[VME]] ==




Revision as of 10:21, 16 May 2025

Setting of the Linux server to be used for PXE and EFI boot of the VME controllers

Login to the server as root. Copy two files to the root directory and untar them: 

cd /
cp /usr/downloads/tftpboot.tar.gz_clondaq15 tftpboot.tar.gz
cp /usr/downloads/diskless.tar.gz_clondaq15 diskless.tar.gz
gunzip tftpboot.tar.gz
gunzip diskless.tar.gz
tar xvf tftpboot.tar
tar xvf diskless.tar
rm tftpboot.tar diskless.tar


Make sure correct snapshot location in root area /diskless/CentOS7/x86_64/root/etc/sysconfig/readonly-root: 

CLIENTSTATE=192.168.10.1:/diskless/CentOS7/x86_64/snapshot

In /diskless/CentOS7/x86_64/root area, /etc/ssh/sshd_config must have following setting (to allow remote ssh): 

#UsePAM yes

it will be propagated to the controller's snapshot area on the first boot when corresponding snapshot/<vme_controller_name> directory will be created. Not sure about other settings: 

HostbasedAuthentication yes
#HostbasedAuthentication no

IgnoreRhosts no
#IgnoreRhosts yes

PasswordAuthentication yes
#PasswordAuthentication yes
PasswordAuthentication yes

#UsePrivilegeSeparation sandbox		# Default for new installations.
UsePrivilegeSeparation sandbox		# Default for new installations.


To add or remove VME controllers, modify following files: 

/var/named/10.168.192.in-addr.arpa.db
/var/named/clontest.com
/etc/dhcp/dhcpd.conf

restart corresponding services: 

systemctl restart dhcpd
systemctl restart named

and check services status: 

systemctl status dhcpd
systemctl status named

To set gateway, add 

net.ipv4.ip_forward=1

to /etc/sysctl.conf and execute 

sysctl -p

Configure NFS

Configure DHCP server

Configure DNS server

Configure Tftp and Tftpboot

Configure Iptables

Do not forget (is it for controllers ?): 

chattr +i /etc/resolv.conf



yum install ypbind (????)


Configuring snapshot area

The list of files and directories which suppose to be in snapshot area (which has RW permissions) should be set in config file /diskless/.../root/etc/statetab. In particular, /et has to be added there, and also directory /diskless/.../root/et should be created.

After Linux boot server is ready and operational, VME controllers can be booted. On the first boot, /diskless/.../snapshot/<controller name> directory will be created. For VME controller specific information see VME

yum

On server where vme is loading from (as root; /zzz will be needed for mysqltcl installation below): 

mkdir /diskless/CentOS7/x86_64/root/zzz
#mount -o bind /usr/local/src /diskless/CentOS7/x86_64/root/zzz
mount -o bind /usr/local /diskless/CentOS7/x86_64/root/usr/local
mount -o bind /usr/clas12 /diskless/CentOS7/x86_64/root/usr/clas12
chroot /diskless/CentOS7/x86_64/root

Add multilib_policy=all to /etc/yum.conf.

Add (and remove the rest ?) following to /etc/yum.repos.d/CentOS-Base.repo: 

[base]
name=CentOS-$releasever - Base
baseurl=http://archive.kernel.org/centos-vault/centos/$releasever/os/$basearch/

Clean yum database: 

rm /var/lib/rpm/__db.*

Install following using yum: 

yum install motif-devel tcl-devel tk-devel libXpm-devel apr-devel libXaw-devel ncurses-devel

Install following for dbedit: 

yum install tix itcl itk

Install remaining tcl stuff from /usr/local/src, mounted as /zzz above: 

cd /zzz/mysqltcl-3.052
make install
ln -s /usr/lib/mysqltcl-3.052 /usr/lib64/tcl8.5/mysqltcl-3.052







Login from console may not work because of file /etc/securetty permissions, it must be 644.


THere is a service PAM, it may prevent login from console if some required services did not start. To work around, comment out some lines in /etc/pam.d/system-auth-ac file: 

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
#auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
#auth        requisite     pam_succeed_if.so uid >= 1000 quiet_success
#auth        required      pam_deny.so

#account     required      pam_unix.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 1000 quiet
#account     required      pam_permit.so

password    requisite     pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
#password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
#session     required      pam_limits.so
-session     optional      pam_systemd.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
#session     required      pam_unix.so
Retrieved from "https://clonwiki0.jlab.org/wiki/index.php?title=Linux_Boot_Server&oldid=8288"