User Tools
Site Tools
Site Tools
Table of Contents
Cluster network
DHCP Server
External resources :
First part is to configure the DHCP server for Ethernet network. The DHCP server will provide ip for nodes, DNS, location for pxe boot, etc.
Set ip to static :
cat /etc/sysconfig/network-scripts/ifcfg-enp0s8
localhost:~# cat /etc/sysconfig/network-scripts/ifcfg-enp0s8 TYPE="Ethernet" BOOTPROTO="static" NAME="enp0s8" NETMASK=255.255.255.0 NM_CONTROLLED=no ONBOOT="yes" IPADDR0="172.16.0.1" HWADDR=08:00:27:50:76:ac
yum install dhcp -y
Since recent CentOS, there is no need to add interface in /etc/sysconfig/dhcpd file. Let's edit configuration file immediately.
localhost:~# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
option domain-name "sphen.fr";
option domain-name-servers server.sphen.fr;
authoritative;
# A slightly different configuration for an internal subnet.
subnet 172.16.0.0 netmask 255.255.255.0 {
range 172.16.0.2 172.16.0.30;
option domain-name-servers server.sphen.fr;
option domain-name "sphen.fr";
option routers 172.16.0.1;
option broadcast-address 172.16.0.255;
default-lease-time 600;
max-lease-time 7200;
host client1 {
hardware ethernet 08:00:27:96:79:db;
fixed-address 172.16.0.2;
}
}
Now start dhcp server and enable it on startup, then watch logs :
systemctl start dhcpd.service systemctl enable dhcpd.service tail -f /var/log/messages
Try to launch client with mac address 08:00:27:96:79:db :
May 20 16:19:13 localhost dhcpd: DHCPDISCOVER from 08:00:27:96:79:db via enp0s8 May 20 16:19:23 localhost dhcpd: server.sphen.fr: host unknown. May 20 16:19:23 localhost dhcpd: DHCPOFFER on 172.16.0.2 to 08:00:27:96:79:db via enp0s8 May 20 16:19:23 localhost dhcpd: DHCPDISCOVER from 08:00:27:96:79:db via enp0s8 May 20 16:19:23 localhost dhcpd: DHCPOFFER on 172.16.0.2 to 08:00:27:96:79:db via enp0s8 May 20 16:19:23 localhost dhcpd: Dynamic and static leases present for 172.16.0.2. May 20 16:19:23 localhost dhcpd: Remove host declaration client1 or remove 172.16.0.2 May 20 16:19:23 localhost dhcpd: from the dynamic address pool for 172.16.0.0/24 May 20 16:19:23 localhost dhcpd: DHCPREQUEST for 172.16.0.2 (172.16.0.1) from 08:00:27:96:79:db via enp0s8 May 20 16:19:23 localhost dhcpd: DHCPACK on 172.16.0.2 to 08:00:27:96:79:db via enp0s8
In client side, there will be no need for specific configuration, just to remove any file for the interface in network-scripts.
PXE server
External resources :
I used CentOS-7-x86_64-Minimal-1503-01.iso image.
add next-server in DHCP configuration
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
option domain-name "sphen.fr";
option domain-name-servers server.sphen.fr;
authoritative;
subnet 172.16.0.0 netmask 255.255.255.0 {
range 172.16.0.2 172.16.0.30;
option domain-name-servers server.sphen.fr;
option domain-name "sphen.fr";
option routers 172.16.0.1;
option broadcast-address 172.16.0.255;
default-lease-time 600;
max-lease-time 7200;
next-server 172.16.0.2; # pxe server ip
filename "pxelinux.0";
host client1 {
hardware ethernet 08:00:27:A5:CD:D7;
fixed-address 172.16.0.3;
}
}
yum install tftp tftp-server xinetd -y
vi /etc/xinetd.d/tftp
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
chmod 777 /var/lib/tftpboot
19 setsebool -P tftp_anon_write 1 IPtables 28 systemctl start xinetd
yum install syslinux wget vsftpd
39 cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot 40 cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot 41 cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot 42 cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot 43 cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot
45 mkdir /var/lib/tftpboot/pxelinux.cfg 46 mkdir -p /var/lib/tftpboot/netboot/ 55 mkdir /var/ftp/pub/iso 56 mount CentOS-7-x86_64-Minimal-1503-01.iso /var/ftp/pub/iso/ 57 cp /var/ftp/pub/iso/images/pxeboot/vmlinuz /var/lib/tftpboot/netboot/ 58 cp /var/ftp/pub/iso/images/pxeboot/initrd.img /var/lib/tftpboot/netboot/
60 vim /var/ftp/pub/ks.cfg
#version=RHEL7 # System authorization information auth --enableshadow --passalgo=sha512 # Use network installation url --url="http://mirrors.sonic.net/centos/7/os/x86_64/" # Use graphical install graphical # Run the Setup Agent on first boot firstboot --enable ignoredisk --only-use=sda # Keyboard layouts keyboard --vckeymap=fr --xlayouts='fr' # System language lang en_US.UTF-8 # Network information network --bootproto=dhcp --device=enp0s3 --ipv6=auto --activate network --hostname=localhost.localdomain # Root password rootpw --iscrypted $6$RpI6GoKThfq1sVgx$j1p7R7q9YEltgrHAlKwjYz3HNtPtTrlRJOZi2ZGaEVaIjQAXbxVhfbi0Puyebd7Ke5vzROh33wwc08yesm08e1 # System services services --enabled="chronyd" # System timezone timezone Europe/Paris --isUtc user --name=sphen --password=$6$3/q7MhkzKtgrWHLq$3Kf7w0bG7yVIh6QI8UCLxK/q/L7CPYVCzmlQJPSgAEB4rAPgQlqFSKltqCxgYsyxyQrcapJaxHlljn5I1STFU1 --iscrypted --gecos="sphen" # System bootloader configuration bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda autopart --type=lvm # Partition clearing information clearpart --all --initlabel --drives=sda # Reboot after installation? reboot %packages @core chrony kexec-tools %end %addon com_redhat_kdump --enable --reserve-mb='auto' %end
vi /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32 prompt 0 timeout 30 MENU TITLE unixme.com PXE Menu LABEL centos7_x64 MENU LABEL CentOS 7 X64 KERNEL /netboot/vmlinuz APPEND initrd=/netboot/initrd.img inst.repo=ftp://172.16.0.2/pub/iso ks=ftp://172.16.0.2/pub/ks.cfg
108 systemctl start xinetd 109 systemctl start vsftpd 110 systemctl | grep vft 111 systemctl | grep vs 112 systemctl restart vsftpd 113 systemctl restart xinetd
VRAC VRAC VRAC
Global sphen.local
Master generate root password ssh key
Vital Pets
First of all, we will install vital pets, i.e. minimal services needed to deploy and run the cluster. In this first part, we will assume that you already have done os minimal installations with static ip, so that the following hosts (without any configuration) are listenning on ssh :
- 10.0.0.20 (will be repository)
- 10.0.0.30 (will be dhcp)
- 10.0.0.40 (will be pxe/kickstart)
- 10.0.0.50 (will be dns)
- 10.0.0.60 (will be slurmctld)
Other servers will be deploy next, but these are the absolute minimal to be able to run parallel runs.
Repository server
The repository server offer to all other systems needed packages for soft installation. This local repository will host a copy of Centos 7 Everything DVD, but also other home made packages (slurm, munge), and/or any other repository you will need (centos update, epel, etc).
First, let's push root master key :
cat .ssh/id_rsa.pub | ssh 10.0.0.20 " mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600 ~/.ssh/* ; restorecon -R -v ~/.ssh "
Now, ssh to the node and set local hostname and configure red color for root shell, then reboot :
ssh 10.0.0.20
ssh 10.0.0.20 " hostnamectl set-hostname repo0 echo 'PS1="\[\e[01;31m\]\h:\w#\[\e[00;m\] "' >> /root/.bashrc reboot
When node is ready again (ping it if impatient), push the Centos 7 Everything DVD using scp (adapt to yout centos version) :
scp /root/iso/CentOS-7-x86_64-Everything-1503-01.iso root@10.0.0.20:/root
When done, ssh on the node. Now, we will mount the DVD and install manually few packages (still no repository available, manually required), and start the vsftpd server (ftp server to share packages with the others) :
mkdir /mnt mount ???????????????? cd /mnt/Packages/ rpm -ivh vsftpd-3.0.2-9.el7.x86_64.rpm systemctl enable vsftpd systemctl start vsftpd rpm -ivh libxml2-python-2.9.1-5.el7_0.1.x86_64.rpm rpm -ivh deltarpm-3.6-3.el7.x86_64.rpm rpm -ivh python-deltarpm-3.6-3.el7.x86_64.rpm rpm -ivh createrepo-0.9.9-23.el7.noarch.rpm
Lets copy centos packages from ISO, and create the repository database. It may takes some time depending of your computer performances. Note that in the future, if you need to add packages to a repository, you can update the database using the same commande, but adding –update ???????
mkdir /var/ftp/pub/localrepo chmod -R 0755 /var/ftp/pub/localrepo cp -ar /mnt/Packages/*.* /var/ftp/pub/localrepo/ createrepo -v /var/ftp/pub/localrepo/ restorecon -R /var/ftp
Packages are available and repository ready, we now need to add the repository file, so that the local system know where packages are.
vi /etc/yum.repos.d/localrepo.repo
And add the following in the file :
[localrepo] name=Sphen Local Repo baseurl=file:///var/ftp/pub/localrepo gpgcheck=0 enabled=1
Save, and set file rights :
chown root:root /etc/yum.repos.d/localrepo.repo chmod 0640 /etc/yum.repos.d/localrepo.repo
We will remove CentOs original repository files, but for safety, let's backup them, and update yum :
mkdir /etc/yum.repos.d.old/ mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d.old yum clean all yum update
To finish, we will do something not recommanded, but the security part will be covered later, and for this tutorial it will makes things easyer : we will deactivate firewall and set selinux in permissive mode (do not disable it). First, edit /etc/selinux/config file and replace enforcing by permissive, like this :
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=permissive # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
And disable firewalld service (we will replace it by iptables in the security part of this tutorial) :
systemctl disable firewalld systemctl stop firewalld
Remmeber these last actions, we will do the same on other servers.
Umount Centos 7 Evrything iso, and remove if if you want to save disk.
umount /mnt rm /root/CentOS-7-x86_64-Everything-1503-01.iso
Now reboot the host, it is ready for production.
Dhcp server
DHCP server is used to assign ip adresses to computes nodes and logins nodes. It is the first server seen by a new node booting in pxe for installation. It will indicate to this node where pxe server is, and where dns server is. In this configuration, we assume you now the MAC adresses of your nodes (should be provided by the manufacturer). Now that we have setup the repository server, things should be easyer.
Like for repository, push the root key, set localhostname, and red root, and reboot :
cat .ssh/id_rsa.pub | ssh 10.0.0.30 " mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 600 ~/.ssh/* ; restorecon -R -v ~/.ssh "
ssh 10.0.0.30
ssh 10.0.0.30 " hostnamectl set-hostname dhcp0 echo 'PS1="\[\e[01;31m\]\h:\w#\[\e[00;m\] "' >> /root/.bashrc reboot
Now, like for repository, set SELinux to permissive, and disable firewalld (see repository server just in the upper section).
Then, add the repository file so that this server can use repository server to get needed packages :
vi /etc/yum.repos.d/localrepo.repo <code> The file is slightly different than before, because now files are not local but on the ftp : <code> [localrepo] name=Sphen Local Repo baseurl=ftp://10.0.0.20/pub/localrepo gpgcheck=0 enabled=1
Then set rights to the file, and remove/backup CentOS default repository :
chown root:root /etc/yum.repos.d/localrepo.repo chmod 0640 /etc/yum.repos.d/localrepo.repo mkdir /etc/yum.repos.d.old/ mv /etc/yum.repos.d/CentOS-* /etc/yum.repos.d.old yum clean all yum update
Time to install dhcp server :
yum install dhcpd ??????
Do not start it now, let's configure it first. The configuration file is /etc/dhcp/dhcpd.conf . Copy past the following :
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp*/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
authoritative;
subnet 10.0.0.0 netmask 255.255.0.0 {
# range 10.0.1.0 10.0.1.254; # storage, should be static
range 10.0.2.0 10.0.2.254; # login
range 10.0.3.0 10.0.4.254; # compute
option domain-name "sphen.local";
option domain-name-servers 10.0.0.50; # dns ip
option routers 10.0.0.30; # dhcp ip
option broadcast-address 10.0.255.255;
default-lease-time 600;
max-lease-time 7200;
next-server 10.0.0.40; # pxe server ip
filename "pxelinux.0";
# List of logins nodes
host login0 {
hardware ethernet 08:00:27:18:68:BC;
fixed-address 10.0.2.0;
}
# List of compute nodes
host node0 {
hardware ethernet 08:00:27:05:7F:C5;
fixed-address 10.0.3.0;
}
}
You can refer to online documentation for further explainations. The important part here are the servers ip, the ranges covered by the dhcp, and the list of hosts MAC covered by the DHCP server with their assigned ip. ?????? Do not accept if MAC not set ????? When booting in pxe mode, the node will get all servers ip.
Now, you can start and enable the dhcp service :
systemctl enable dhcpd.service systemctl start dhcpd.service
Reboot the node, it is ready for production.
Pxe server
The pxe server host the minimal kernel for pxe booting, the kickstart file for remote hosts to know how they should be installed, and the minimal centos 7 iso for minimal packages distribution.
As for all servers, push root ssh key, set hostname manually (pxe0), set red shell, and reboot. Then, as for dhcp server, set SELinux into permissive mode, disable firewalld, and add local repository.
Now, from master host, push the centos 7 minimal iso on this server :
scp /root/iso/CentOS-7-x86_64-Minimal-1503-01.iso root@10.0.0.40:/root
Ssh on the host, and mount the iso :
mkdir /mnt mount ???????????????
Install needed services :
yum install tftp yum install tftp-server yum install xinetd
Let's configure tftp server, the file is /etc/xinetd.d/tftp. The only change is the add on line server_args :
# default: off
# description: The tftp server serves files using the trivial file transfer \
# protocol. The tftp protocol is often used to boot diskless \
# workstations, download configuration files to network-aware printers, \
# and to start the installation process for some operating systems.
service tftp
{
socket_type = dgram
protocol = udp
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -c -s /var/lib/tftpboot
disable = no
per_source = 11
cps = 100 2
flags = IPv4
}
Now, resorecon in case of, and start service :
restorecon /etc/xinetd.d/tftp systemctl start xinetd systemctl enable xinetd
Now, let's install pxe files part :
yum install syslinux yum install wget yum install vsftpd
Copy needed files into desired locations :
cp -v /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot cp -v /usr/share/syslinux/menu.c32 /var/lib/tftpboot cp -v /usr/share/syslinux/memdisk /var/lib/tftpboot cp -v /usr/share/syslinux/mboot.c32 /var/lib/tftpboot cp -v /usr/share/syslinux/chain.c32 /var/lib/tftpboot mkdir /var/lib/tftpboot/pxelinux.cfg mkdir /var/lib/tftpboot/netboot/ mkdir /var/ftp/pub/iso cp /mnt/images/pxeboot/vmlinuz /var/lib/tftpboot/netboot/ cp /mnt/images/pxeboot/initrd.img /var/lib/tftpboot/netboot/ restorecon -R /var/lib/tftpboot cp -Rv /mnt/* /var/ftp/pub/iso/ restorecon -R /var/ftp/pub/
Now add kickstart and pxelinux files as following :
vi /var/ftp/pub/ks.cfg
And add :
#version=RHEL7 # System authorization information auth --enableshadow --passalgo=sha512 # Do not use graphical install text # Run the Setup Agent on first boot firstboot --enable ignoredisk --only-use=sda # Keyboard layouts keyboard --vckeymap=fr --xlayouts='fr' # System language lang en_US.UTF-8 # Network information network --bootproto=dhcp --device=enp0s3 --ipv6=auto --activate network --hostname=localhost.localdomain ???????? # Root password rootpw --iscrypted $6$rJ2xMRxbzIk6pBjL$fSClcUjfftsd7WLdilG6FVgjtcN1y5g3Dpl0Z2NQVHcNgWNgQmI1xU5L8ullHv59sLsmbRQAGj8KMP1H1Sg3Q. # System timezone timezone Europe/Paris --isUtc # System bootloader configuration bootloader --append=" crashkernel=auto" --location=mbr --boot-drive=sda autopart --type=lvm # Partition clearing information clearpart --all --initlabel --drives=sda # Reboot after installation? reboot %packages @core %end %post mkdir /root/.ssh cat << xxEOFxx >> /root/.ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDd/D8djP1pi56KQokGb3V2KWU7sEFP4oHNh7MlKPp4ZdkQUa7wfR3xbsDYiEN+UrF9AEHGqUF3DHhJMhj+soXuBysIIimZyDLPn5GoHanQ/FtjKPVpiRpTcxprDVtuhcDOKbl58aSXCsfDM3cahUm0Y0Jk+Dp84NDWc7Ve0SOtCgWchYmgJUExYNBDWFPcZSRs20nQZ2aShFZemqzkKY2cgIR5PYvdwr+A9ZCrjNkmW02K2gk+qRdIYW2sVmMictmY6KrrbtYIiucsSpC805wGk+V4+DkDOJek9a9EH0/6n0CShXVjpXjsbJ9/Y4xA/qIBl7oizEImsZ8rYCT4pkz/ root@ansiblemaster.sphen xxEOFxx restorecon -R -v /root/.ssh echo 'PS1="\[\e[01;31m\]\h:\w#\[\e[00;m\] "' >> /root/.bashrc %end
Few important comments :
- This file is important and should be setup according to your needs.
- Replace “rootpw –iscrypted $6$rJ2xMRxbzIk6p…” by the root password you wish to set on nodes. Refer to master installation part of this tutorial for how to generate this password.
- Replace “ssh-rsa AAAAB3NzaC…” by the public ssh root key we already pushed on each servers.
- Replace keyboard keymap by your needs. Here it's fr/azerty, if using qwerty keyboard, choose “us” for both.
- Replace time zone by yours.
- Adjust partitions to your need, here its automatic lvm.
Now set rights :
chmod 0644 /var/ftp/pub/ks.cfg restorecon /var/ftp/pub/ks.cfg
Now the pxelinux file, edit :
vi /var/lib/tftpboot/pxelinux.cfg/default
And add :
default menu.c32 prompt 0 timeout 30 MENU TITLE sphen PXE Menu LABEL centos7_x64 MENU LABEL CentOS 7 X64 KERNEL /netboot/vmlinuz APPEND initrd=/netboot/initrd.img inst.repo=ftp://10.0.40.0/pub/iso ks=ftp://10.0.40.0/pub/ks.cfg ??????? DNS
Set rights :
chmod 0644 /var/lib/tftpboot/pxelinux.cfg/default restorecon /var/lib/tftpboot/pxelinux.cfg/default
Now start servers :
systemctl start vsftpd systemctl enable vsftpd systemctl restart xinetd
Adjust rights on tftpboot :
chmod -R 766 /var/lib/tftpboot
Reboot the server, it is ready for production.
Note : you can now check this part by booting the node0 or login0 on pxe. This should works without DNS because ip are manually set.
Dns server
DNS server provides on the network :
- ip for corresponding hostname
- hostname for corresponding ip
DNS is important as it clearly simplify systems configuration, and provides flexibility (using hostname instead of static ip, you can change the ip of a server, for maintenance purposes for example, and just adjust dns settings, the others nodes will not see differences and production can continue).
First, like for other servers, set ssh root key, adjust hostname (dns0), set red shell for root, set selinux into permissive mode, disable firewalld, and add local repository, then reboot.
Install dns server package :
yum install bind bind-utils
Now the configuration. It includes 3 files : main configuration file, forward file, and reverse file. (you can separate files into more if you wish, not needed in this tutorial).
Main configuration file : /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 10.0.0.50;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.0.0.0/16;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion no;
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone"sphen.local" IN {
type master;
file "forward";
allow-update { none; };
};
zone"0.10.in-addr.arpa" IN {
type master;
file "reverse";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Recursion is disable because no internet acess is available. The server listen on 10.0.0.50, and allow queries from 10.0.0.0/16. What contains our names and ip are the 2 last zone parts. They refer to two files : forward and reverse. These files are located in /var/named/. First one is /var/named/forward :
$TTL 86400
@ IN SOA dns0.sphen.local. root.sphen.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS dns0.sphen.local.
@ IN A 10.0.0.50
ansiblemaster IN A 10.0.0.10
repo0 IN A 10.0.0.20
dhcp0 IN A 10.0.0.30
pxe0 IN A 10.0.0.40
dns0 IN A 10.0.0.50
slurmctld0 IN A 10.0.0.60
nfs1 IN A 10.0.1.1
login1 IN A 10.0.2.1
node1 IN A 10.0.3.1
Second one is /var/named/reverse :
$TTL 86400
@ IN SOA dns0.sphen.local. root.sphen.local. (
2011071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
@ IN NS dns0.sphen.local.
@ IN PTR sphen.local.
dns0 IN A 10.0.0.50
0.10 IN PTR ansiblemaster.sphen.local.
0.20 IN PTR repo0.sphen.local.
0.30 IN PTR dhcp0.sphen.local.
0.40 IN PTR pxe0.sphen.local.
0.50 IN PTR dns0.sphen.local.
0.60 IN PTR slurmctld0.sphen.local.
1.1 IN PTR nfs1.sphen.local.
2.1 IN PTR login1.sphen.local.
3.1 IN PTR node1.sphen.local.
You can observe the presence of local domaine name, sphen.local, and that all hosts are delared here in forward and reverse order. Important : when using tools like dig or nslookup, you need to use full domaine name of hosts. For example, dig repo0.sphen.local . When using ping or ssh or other tools, only repo0 is enough.
Set rights on files :
chgrp named -R /var/named chown -v root:named /etc/named.conf restorecon -rv /var/named restorecon /etc/named.conf
Time now to start service :
systemctl enable named systemctl start named
Reboot the node, it is ready for production. To makes other hosts to use the DNS, ssh on them, disable network manager (if active, it will erase file), and edit resolv file :
systemctl disable NetworkManager systemctl stop NetworkManager
Then edit /etc/resolv.conf as following :
search sphen.local nameserver 10.0.0.50
Ldap server
yum install -y openldap-servers openldap-clients cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG chown ldap. /var/lib/ldap/DB_CONFIG systemctl start slapd systemctl status slapd slappasswd
- chrootpw.ldif
dn: olcDatabase={0}config,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}9I3Jrx9puLpX+8IuG9b13+G/oERcVdbC
- chdomain.ldif
dn: olcDatabase={1}monitor,cn=config changetype: modify replace: olcAccess olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read by dn.base="cn=Manager,dc=server,dc=world" read by * none dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcSuffix olcSuffix: dc=server,dc=world dn: olcDatabase={2}hdb,cn=config changetype: modify replace: olcRootDN olcRootDN: cn=Manager,dc=server,dc=world dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcRootPW olcRootPW: {SSHA}9I3Jrx9puLpX+8IuG9b13+G/oERcVdbC dn: olcDatabase={2}hdb,cn=config changetype: modify add: olcAccess olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=Manager,dc=server,dc=world" write by anonymous auth by self write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by dn="cn=Manager,dc=server,dc=world" write by * read
- basedomain.ldif
dn: dc=server,dc=world objectClass: top objectClass: dcObject objectclass: organization o: Server World dc: Server dn: cn=Manager,dc=server,dc=world objectClass: organizationalRole cn: Manager description: Directory Manager dn: ou=People,dc=server,dc=world objectClass: organizationalUnit ou: People dn: ou=Group,dc=server,dc=world objectClass: organizationalUnit ou: Group
- ldapuser.ldif
dn: uid=hohoho,ou=People,dc=server,dc=world objectClass: inetOrgPerson objectClass: posixAccount objectClass: shadowAccount cn: hohoho sn: Linux userPassword: {SSHA}nrOWUqd64lbklA2HH73QJ3EE8yoQabId loginShell: /bin/bash uidNumber: 1011 gidNumber: 1011 homeDirectory: /home/hohoho dn: cn=hohoho,ou=Group,dc=server,dc=world objectClass: posixGroup cn: hohoho gidNumber: 1011 memberUid: hohoho
- mod_ssl.ldif
dn: cn=config changetype: modify add: olcTLSCACertificateFile olcTLSCACertificateFile: /etc/openldap/certs/ca-bundle.crt - replace: olcTLSCertificateFile olcTLSCertificateFile: /etc/openldap/certs/server.crt - replace: olcTLSCertificateKeyFile olcTLSCertificateKeyFile: /etc/openldap/certs/server.key
484 ldapadd -Y EXTERNAL -H ldapi:/// -f chrootpw.ldif 485 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/cosine.ldif 486 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/nis.ldif 487 ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif 488 ldapmodify -Y EXTERNAL -H ldapi:/// -f chdomain.ldif
489 ldapadd -x -D cn=Manager,dc=server,dc=world -W -f basedomain.ldif 490 slappasswd 491 vi ldapuser.ldif 492 ldapadd -x -D cn=Manager,dc=server,dc=world -W -f ldapuser.ldif
497 cd /etc/pki/tls/certs 498 make server.key 499 openssl rsa -in server.key -out server.key 500 make server.csr 501 openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 502 cd 503 cp /etc/pki/tls/certs/server.key /etc/pki/tls/certs/server.crt /etc/pki/tls/certs/ca-bundle.crt /etc/openldap/certs/ 504 mkdir /etc/openldap/certs/ 505 cp /etc/pki/tls/certs/server.key /etc/pki/tls/certs/server.crt /etc/pki/tls/certs/ca-bundle.crt /etc/openldap/certs/ 506 chown ldap. /etc/openldap/certs/server.key /etc/openldap/certs/server.crt /etc/openldap/certs/ca-bundle.crt 507 vi mod_ssl.ldif 508 ldapmodify -Y EXTERNAL -H ldapi:/// -f mod_ssl.ldif 509 vi /etc/sysconfig/slapd 510 systemctl restart slapd
client side
708 yum -y install openldap-clients nss-pam-ldapd 709 setenforce 0 710 authconfig --enableldap --enableldapauth --ldapserver=10.0.0.70 --ldapbasedn="dc=server,dc=world" --enablemkhomedir --update 711 exit 712 echo "TLS_REQCERT allow" >> /etc/openldap/ldap.conf 713 echo "tls_reqcert allow" >> /etc/nslcd.conf 714 authconfig --enableldaptls --update 715 exit
Slurm server
Autre page :
nfs storage
In this tutorial, a simple nfsv4 storage will be used, to store /home for users, /soft for softwares and libraries, and /scratch for calculations. Of course, using a single nfs server for /scratch is absurd, but enough for this tutorial. Distributed files systems will be discussed later.
Page Tools
This work is licensed under Creative Commons Attribution 4.0 International (CC BY 4.0).
