Netzwerkeinstellungen CentOS 7 unter Hyper-V

[OPSI-TESTER]

Hallo,

ich würde gerne Windows 10 + Programme auf einem Notebook per opsi installieren.
Das soll meine Projektarbeit zum FISI werden.
Notebook und PC (opsi läuft hier unter CentOS in Hyper-V) hängen an einer Fritz!Box 7570.

DHCP ist an der FritzBox noch aktiviert.
Installiert habe ich dnsmasq.
Internet geht. IP ist statisch eingestellt.

Wenn ich getent hosts $(hostname -f) eingebe, erhalte ich:
fe80::215:5dff:feb2: (etc) centos.opsi.service

Hier sollte doch eine IPv4-Adresse, also die meines Interfaces erscheinen, oder?
Das wäre die 192.168.178.250.
Ich komme nicht darauf, was ich ändern muß.

Meine Hosts & dnsmasq-Konfigurationen:
/etc/hosts
192.168.178.250 centos.opsi.service centos
127.0.0.1 localhost
::1 ip6-localhost

vi /etc/dnsmasq.conf
port=0
dhcp-range=192.168.178.20,192.168.178.50,proxy
dhcp-boot=/pxelinux,192.168.178.250,192.168.178.1
pxe-service=x86PC,"Automatic Network boot",pxelinux
enable-tftp
tftp-root=/usr/tftproot

Bitte um Rat. Herzlichen Dank im Voraus.

[SisterOfMercy]

Hier sollte doch eine IPv4-Adresse, also die meines Interfaces erscheinen, oder?

But it's showing an IPv6 address, but hopefully you already knew that.

Perhaps ifconfig is showing both IPv4 and IPv6 addresses?
Ifconfig is not installed by default on CentOS 7, so you might have to run yum install net-tools.
If those addresses match, it might/should work? I tend to uninstall NetworkManager and turn off IPv6 entirely, but that's just my own preference.

Don't forget to set selinux to permissive. Do not disable selinux!
Afterwards you can install setroubleshoot-server and look what errors it gives to see what booleans need to be set. But before you have everything working it can be just another thing in the way.
To change selinux policy edit /etc/selinux/config and set SELINUX=permissive.
With setenforce 0 you do not have to reboot for the config file change to work, you set the current status to permissive. You can always see the status of selinux with sestatus.

With OPSI CentOS 6 the tftp files are in /tftpboot/, I doubt that has changed.
The DHCP options I have added to the isc dhcp config:
filename "linux/pxelinux.0";
next-server ip-of-opsi-server;

[OPSI-TESTER]

Hi,

thank you for your detailed answer.

ifconfig (I did not have to install it) is showing to me:
inet 192.168.178.250 netmask 255.255.255.0 broadcast 192.168.178.255
inet6 fe80::215:5dff:feb2:1501 prefixlen 64
etc

So IPv4 and IPv6 are present.

I've tested the status of NetworkManager:
service NetworkManager status
--> active (running)

I disabled IPv6. Now getent hosts $(hostname -f) is showing:
::1 centos.opsi.service localhost

I set SELINUX=permissive (before it was disabled)
setenforce 0 did not do the job for me, so I rebooted the Centos-VM

sestatus now is (enabled & permissive)

I installed setroubleshoot as you advised to me, with:
yum install setroubleshoot setools

And you're right:
I only see a tftpboot-folder under /
and not under /usr/tftproot (I accidently wrote /tftpboot/ was not right too)
I changed this too.

What I don't understand:
where you mean I should put this in ? :
The DHCP options I have added to the isc dhcp config:
filename "linux/pxelinux.0";
next-server ip-of-opsi-server;

Thanks you!!
Kind Regards.

[OPSI-TESTER]

Entschuldigung,
habe Ihre Signatur erst jetzt gelesen:

Bitte schreiben Sie Deutsch, when I'm responding in the German-speaking part of the forum!

[SisterOfMercy]

I disabled IPv6. Now getent hosts $(hostname -f) is showing:
::1 centos.opsi.service localhost

Well, if it's returning ::1 IPv6 is somewhat still enabled. I think you need to edit /etc/resolv.conf because it should not return localhost, shouldn't it? It's been a while since I read the manual. I also never use static IP addresses, but only static DHCP leases, so I can't tell you how resolv.conf should look.

To really disable IPv6, if you want to:
edit /etc/sysctl.conf and add:
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1

edit /etc/postfix/main.cf
find the line:
inet_interfaces = localhost
change to:
inet_interfaces = 127.0.0.1

I'm still not sure this last part needs to be done, because localhost in an IPv4 environment should not pose any diffculties for postfix. But I'm too lazy to find out. You might also need to tell NetworkManager you do not want IPv6, but I'm not using it, so can't help you with that.

What I don't understand:
where you mean I should put this in ? :
The DHCP options I have added to the isc dhcp config:
filename "linux/pxelinux.0";
next-server ip-of-opsi-server;

You are using dnsmasq, this is a dhcp and dns server in one, right? I think one would need to have similar settings to enable pxe boot. The file you want to boot is /tftpboot/linux/pxelinux.0 isn't it? Sending clients to boot of off /tftpboot/linux/pxelinux won't do much good then
So I think it needs to be somewhat like this:
dhcp-boot=/linux/pxelinux.0
tftp-root=/tftpboot
See the man page of dnsmasq, or any other website about this subject, such as this one: http://etherboot.org/wiki/dnsmasq
You are booting off localhost and do not need to state dhcp-boot=/linux/pxelinux.0,localhost,192.168.178.250

However, I'm not entirely sure if you can use the internal tftp server of dnsmasq instead of xinetd.

[OPSI-TESTER]

Ich habe jetzt Einiges geändert:

1
bearbeitet
/etc/sysctl.conf u. hinzugefügt:
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
bearbeitet
/etc/postfix/main.cf
die Zeile: inet_interfaces = localhost
ist geändert zu: inet_interfaces = 127.0.0.1

getent hosts $(hostname -f) --> Ergebnis ist immer noch ::1 centos.opsi.service localhost

2
isc dhcp config --> diese conf Datei habe ich nicht, isc dhcp habe ich bisher gar nicht installiert per "yum install dhcp"
Ich dachte ich kann das weglassen, da ich bereits dnsmasq installiert habe.
Korrekt? Oder benötige ich isc-dhcp auch in jedem Fall ???

Weitere Fragen:
3
Und ja, dnsmasq ist ein DNS- u. DHCP-Server.
Die dnsmasq.conf habe ich jetzt ebenso komplett abgeändert (nach anderer Anleitung aus dem www):

/etc/dnsmasq.conf
port=0
log-dhcp
domain-needed
bogus-priv
resolv-file=/etc/resolv.conf.dnsmasq
interface=eth0
# listen-address=192.168.178.1,127.0.0.1
dhcp-range=192.168.178.0,proxy
dhcp-boot=/pxelinux,centos.opsi.service,192.168.178.250,192.168.178.0
pxe-service=x86PC,"Automatic Network Boot",pxelinux
enable-tftp
tftp-root=/tftpboot

4)
Stimmen nachfolgende Einstellungen so? Soll NetworkManager genutzt werden oder nicht?
(NM_CONTROLLED=no or yes ??)

/etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
Name="eth0"
# DEFROUTE="yes"
# PEERDNS="no"
# IPV4_FAILURE_FATAL="no"
# IPV6INIT="yes"
# IPV6_AUTOCONF="yes"
# IPV6_DEFROUTE="yes"
# IPV6_FAILURE_FATAL="no"
# IPV6_PEERDNS="yes"
# IPV6_PEERROUTES="yes"
UUID="fbd511f9-321d-484d-9dc4-3b00d59f64e1"
DEVICE="eth0"
ONBOOT=yes
HWADDR=00:15:5D:B2:15:01
IPADDR=192.168.178.250
PREFIX=24
GATEWAY=192.168.178.1
NM_CONTROLLED=no

Danke !!!

[SisterOfMercy]

isc dhcp config --> diese conf Datei habe ich nicht, isc dhcp habe ich bisher gar nicht installiert per "yum install dhcp"
Ich dachte ich kann das weglassen, da ich bereits dnsmasq installiert habe.
Korrekt? Oder benötige ich isc-dhcp auch in jedem Fall ???

No, you are correct. You already have a dhcp server in dnsmasq.
I was only giving the settings that worked for me, which had to be translated to dnsmasq settings.

Ich habe jetzt Einiges geändert:
getent hosts $(hostname -f) --> Ergebnis ist immer noch ::1 centos.opsi.service localhost

Can you run cat /etc/hosts and cat /etc/resolv.conf ?

/etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="static"
Name="eth0"
# DEFROUTE="yes"
# PEERDNS="no"
# IPV4_FAILURE_FATAL="no"
# IPV6INIT="yes"
# IPV6_AUTOCONF="yes"
# IPV6_DEFROUTE="yes"
# IPV6_FAILURE_FATAL="no"
# IPV6_PEERDNS="yes"
# IPV6_PEERROUTES="yes"
UUID="fbd511f9-321d-484d-9dc4-3b00d59f64e1"
DEVICE="eth0"
ONBOOT=yes
HWADDR=00:15:5D:B2:15:01
IPADDR=192.168.178.250
PREFIX=24
GATEWAY=192.168.178.1
NM_CONTROLLED=no

I'm not sure if NetworkManager would get used. I always uninstall the whole thing.
# yum remove NetworkManager firewalld
# yum install iptables
# vi /etc/sysconfig/iptables

Code: Alles auswählen

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 69 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 137 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 138 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4441 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 4447 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

# systemctl enable iptables
# systemctl start iptables

Don't get me wrong, NetworkManager and firewalld are probably great for laptops and stuff, but I was looking for a quick solution the way CentOS 6 was working.
Does ifconfig already show eth0? Well, then you got there a whole lot quicker than me