SUSE Linux Enterprise Server

Full text

(1)SUSE Linux Enterprise Server 10 August 04, 2006. www.novell.com Installation and Administration.

(2) Installation and Administration List of Authors: Jörg Arndt, Steve Bearnson, Stefan Behlert, Frank Bodammer, James Branam, Volker Buzek, Klara Cihlarova, Catherine Craft, Olaf Dabrunz, Stefan Dirsch, Olaf Donjak, Roman Drahtmüller, Thorsten Dubiel, Torsten Duwe, Thomas Fehr, Stefan Fent, Werner Fink, Jakub Friedl, Kurt Garloff, Joachim Gleißner, Todd Grant, Carsten Groß, Andreas Grünbacher, Berthold Gunreben, Franz Hassels, Andreas Jaeger, Jana Jaeger, Denise Jewkes, Klaus Kämpf, Andi Kleen, Hubert Mantel, Lars Marowsky-Bree, Chris Mason, Johannes Meixner, Lars Müller, Matthias Nagorni, Anas Nashif, Siegfried Olschner, Edith Parzefall, Peter Pöml, Thomas Renninger, Hannes Reinecke, Scott Rhoades, Thomas Rölz, Heiko Rommel, Tanja Roth, Marcus Schäfer, Thomas Schraitle, Kay Sievers, Klaus Singvogel, Frank Sundermeyer, Elisabeth Tobiasson, Hendrik Vogelsang, Klaus G. Wagner, Rebecca Walter, Christian Zoz This publication is intellectual property of Novell Inc. Its contents can be duplicated, either in part or in whole, provided that a copyright label is visibly located on each copy. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LINUX GmbH, the authors, nor the translators shall be held liable for possible errors or the consequences thereof. Novell, the Novell logo, the N logo and SUSE are registered trademarks of Novell, Inc. in the United States and other countries. * Linux is a registered trademark of Linus Torvalds. All other third party trademarks are the property of their respective owners..

(3) Contents. About This Guide. xv. Part I Deployment. 19. 1 Planning for SUSE Linux Enterprise. 21. 1.1 1.2 1.3. Considerations for Deployment of a SUSE Linux Enterprise Server . . . . Deployment of SUSE Linux Enterprise Server . . . . . . . . . . . . . Running SUSE Linux Enterprise Server . . . . . . . . . . . . . . . .. 2 Deployment Strategies 2.1 2.2 2.3. Deploying up to 10 Workstations . . . . . . . . . . . . . . . . . . Deploying up to 100 Workstations . . . . . . . . . . . . . . . . . . Deploying More than 100 Workstations . . . . . . . . . . . . . . .. 3 Installation with YaST 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.9 3.10 3.11. IBM System z: System Start-Up for Installation . . . . . . . . . . . . . System Start-Up for Installation . . . . . . . . . . . . . . . . . . . The Boot Screen . . . . . . . . . . . . . . . . . . . . . . . . . Language Selection . . . . . . . . . . . . . . . . . . . . . . . . IBM System z: Hard Disk Configuration . . . . . . . . . . . . . . . . License Agreement . . . . . . . . . . . . . . . . . . . . . . . . System Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . Time Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . Installation Summary . . . . . . . . . . . . . . . . . . . . . . . Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . Graphical Login . . . . . . . . . . . . . . . . . . . . . . . . . .. 23 23 24. 25 25 27 34. 35 35 36 38 40 40 42 43 43 43 57 67.

(4) 4 Remote Installation 4.1 4.2 4.3 4.4 4.5. 69. Installation Scenarios for Remote Installation . . . . . . . . . . . . . Setting Up the Server Holding the Installation Sources . . . . . . . . . Preparing the Boot of the Target System . . . . . . . . . . . . . . . Booting the Target System for Installation . . . . . . . . . . . . . . . Monitoring the Installation Process . . . . . . . . . . . . . . . . .. 5 Automated Installation 5.1 5.2 5.3. 105. Simple Mass Installation . . . . . . . . . . . . . . . . . . . . . . Rule-Based Autoinstallation . . . . . . . . . . . . . . . . . . . . For More Information . . . . . . . . . . . . . . . . . . . . . .. 6 Advanced Disk Setup 6.1 6.2. LVM Configuration . . . . . . . . . . . . . . . . . . . . . . . . Soft RAID Configuration . . . . . . . . . . . . . . . . . . . . .. YaST Language . . . . . . . . . The YaST Control Center . . . . Software . . . . . . . . . . . Hardware . . . . . . . . . . . System . . . . . . . . . . . . Network Devices . . . . . . . . Network Services . . . . . . . AppArmor . . . . . . . . . . Security and Users . . . . . . . Miscellaneous . . . . . . . . . YaST in Text Mode . . . . . . . Update from the Command Line . SaX2 . . . . . . . . . . . . . Troubleshooting . . . . . . . . For More Information . . . . .. 123 131. 137 . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . .. 8 Updating SUSE Linux Enterprise 8.1 8.2 8.3. 105 116 122. 123. 7 System Configuration with YaST 7.1 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 7.12 7.13 7.14 7.15. 69 78 86 97 101. Updating SUSE Linux Enterprise . . . . . . . . . . . . . . . . . . Installing Service Packs . . . . . . . . . . . . . . . . . . . . . . Software Changes from Version 9 to Version 10 . . . . . . . . . . .. 138 138 139 152 158 169 170 176 177 181 184 187 190 196 197. 199 199 201 208.

(5) Part II Administration. 221. 9 OpenWBEM. 223. 9.1 9.2 9.3. Setting Up OpenWBEM . . . . . . . . . . . . . . . . . . . . . . Changing the OpenWBEM CIMOM Configuration . . . . . . . . . . . For More Information . . . . . . . . . . . . . . . . . . . . . .. 1 0 Multipath IO 10.1 10.2 10.3 10.4. Supported Hardware . System Configuration . Software Configuration Using the Devices . .. 251 . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. 1 1 Mass Storage over IP Networks—iSCSI 11.1 11.2. Setting Up an iSCSI Target . . . . . . . . . . . . . . . . . . . . . Configuring iSCSI Initiator . . . . . . . . . . . . . . . . . . . . .. Important Terms . . . . . . . . . . . . A Sample Minimum Scenario . . . . . . Components of a High Availability Solution The Software Side of High Availability . . . Clustering . . . . . . . . . . . . . . . For More Information . . . . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. Hardware Requirements . . . . Software Requirements . . . . . Shared Disk System Requirements Installing Heartbeat 2 . . . . . . Additional Information . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. Overview of OCFS2 . . . . Creating an OCFS2 Volume Mounting an OCFS2 Volume Additional Information . .. . . . .. 269 271 272 273 275 276. 279 . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . .. 1 4 Oracle Cluster File System 2 14.1 14.2 14.3 14.4. 259 264. 269. 1 3 Installing a Heartbeat 2 Cluster Using YaST 13.1 13.2 13.3 13.4 13.5. 252 253 253 256. 259. 1 2 High Availability under Linux 12.1 12.2 12.3 12.4 12.5 12.6. 225 230 250. 279 280 280 280 283. 285 . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. 285 292 296 297.

(6) 1 5 Access Control Lists in Linux 15.1 15.2 15.3 15.4 15.5 15.6. Traditional File Permissions Advantages of ACLs . . . Definitions . . . . . . . Handling ACLs . . . . . . ACL Support in Applications For More Information . .. 299. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .. 1 6 RPM—the Package Manager 16.1 16.2 16.3 16.4 16.5 16.6 16.7 16.8. 311. Verifying Package Authenticity . . . . . . . . . Managing Packages: Install, Update, and Uninstall . RPM and Patches . . . . . . . . . . . . . . Delta RPM Packages . . . . . . . . . . . . . RPM Queries . . . . . . . . . . . . . . . . Installing and Compiling Source Packages . . . . Compiling RPM Packages with build . . . . . . . Tools for RPM Archives and the RPM Database . .. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . .. 1 7 System Monitoring Utilities 17.1 17.2 17.3 17.4 17.5 17.6 17.7 17.8 17.9. Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . Files and File Systems . . . . . . . . . . . . . . . . . . . . . . . Hardware Information . . . . . . . . . . . . . . . . . . . . . . Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . The /proc File System . . . . . . . . . . . . . . . . . . . . . . Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Information . . . . . . . . . . . . . . . . . . . . . . . User Information . . . . . . . . . . . . . . . . . . . . . . . . Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . .. Getting Started with the Bash Shell Users and Access Permissions . . Important Linux Commands . . . The vi Editor . . . . . . . . .. 312 312 313 315 316 319 321 322. 323. 1 8 Working with the Shell 18.1 18.2 18.3 18.4. 299 301 301 302 310 310. 324 326 328 330 332 335 338 342 343. 345 . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. 346 358 361 372. Part III System. 377. 1 9 32-Bit and 64-Bit Applications in a 64-Bit System Environment. 379. 19.1 19.2. Runtime Support . . . . . . . . . . . . . . . . . . . . . . . . Software Development . . . . . . . . . . . . . . . . . . . . . .. 380 380.

(7) 19.3 19.4. Software Compilation on Biarch Platforms . . . . . . . . . . . . . . Kernel Specifications . . . . . . . . . . . . . . . . . . . . . . .. 2 0 Booting and Configuring a Linux System 20.1 20.2 20.3. 385. The Linux Boot Process . . . . . . . . . . . . . . . . . . . . . . The init Process . . . . . . . . . . . . . . . . . . . . . . . . . System Configuration via /etc/sysconfig . . . . . . . . . . . . . . .. 2 1 The Boot Loader 21.1 21.2 21.3 21.4 21.5 21.6 21.7 21.8. Selecting a Boot Loader . . . . . . . Booting with GRUB . . . . . . . . . Configuring the Boot Loader with YaST Uninstalling the Linux Boot Loader . . Creating Boot CDs . . . . . . . . . The Graphical SUSE Screen . . . . . Troubleshooting . . . . . . . . . . For More Information . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. Information about Special Software Packages Virtual Consoles . . . . . . . . . . . . . Keyboard Mapping . . . . . . . . . . . . Language and Country-Specific Settings . . .. System Requirements . . . . Benefits of Virtual Machines . Terminology . . . . . . . . Virtual Machine Modes . . . Virtual Machine Server . . . Setting up the Virtual Machine Creating Virtual Machines . . Managing Virtual Machines .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. 421 428 428 429. 435 . . . . . . . . . . . . . . . Server . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. 2 4 Printer Operation 24.1 24.2 24.3 24.4 24.5. 402 402 411 416 416 417 418 420. 421. 2 3 Virtual Machine Server 23.1 23.2 23.3 23.4 23.5 23.6 23.7 23.8. 385 389 398. 401. 2 2 Special Features of SUSE Linux Enterprise 22.1 22.2 22.3 22.4. 381 383. Workflow of the Printing System . . . . . . Methods and Protocols for Connecting Printers Installing the Software . . . . . . . . . . Configuring the Printer . . . . . . . . . . Configuration for Applications . . . . . . .. 436 437 438 439 439 442 446 447. 451 . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. 452 453 454 454 461.

(8) 24.6 24.7. Special Features in SUSE Linux Enterprise . . . . . . . . . . . . . . Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . .. 2 5 Dynamic Kernel Device Management with udev 25.1 25.2 25.3 25.4 25.5 25.6 25.7 25.8 25.9. The /dev Directory . . . . . . . . . . . Kernel uevents and udev . . . . . . . . . Drivers, Kernel Modules, and Devices . . . . Booting and Initial Device Setup . . . . . . Debugging udev Events . . . . . . . . . . Influencing Kernel Device Event Handling with Persistent Device Naming . . . . . . . . . The Replaced hotplug Package . . . . . . . For More Information . . . . . . . . . .. 475. . . . . . . . . . . . . . . . . . . . . . . . . . udev Rules . . . . . . . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. 2 6 File Systems in Linux 26.1 26.2 26.3 26.4 26.5. Terminology . . . . . . . Major File Systems in Linux Some Other Supported File Large File Support in Linux For More Information . .. . . . . . . . . Systems . . . . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. X11 Setup with SaX2 . . . . . Optimizing the X Configuration Installing and Configuring Fonts OpenGL—3D Configuration . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. Structure of a PAM Configuration File . The PAM Configuration of sshd . . . Configuration of PAM Modules . . . For More Information . . . . . . .. Power Saving Functions . . . . . . APM . . . . . . . . . . . . . . ACPI . . . . . . . . . . . . . . Rest for the Hard Disk . . . . . . The powersave Package . . . . . . The YaST Power Management Module. 495 497 503 508. 513 . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . .. . . . . . . . . . . . .. 2 9 Power Management 29.1 29.2 29.3 29.4 29.5 29.6. 483 484 490 491 492. 495. 2 8 Authentication with PAM 28.1 28.2 28.3 28.4. 475 476 476 477 477 478 479 480 481. 483. 2 7 The X Window System 27.1 27.2 27.3 27.4. 461 466. 514 515 518 520. 521 . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. . . . . . .. 522 523 524 532 533 541.

(9) 3 0 Wireless Communication 30.1. 547. Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . .. 547. Part IV Services. 559. 3 1 Basic Networking. 561. 31.1 31.2 31.3 31.4 31.5 31.6 31.7. IP Addresses and Routing . . . . . . . . . . . . . IPv6—The Next Generation Internet . . . . . . . . Name Resolution . . . . . . . . . . . . . . . . Configuring a Network Connection with YaST . . . . Managing Network Connections with NetworkManager Configuring a Network Connection Manually . . . . . smpppd as Dial-up Assistant . . . . . . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. . . . . . . .. 3 2 SLP Services in the Network 32.1 32.2 32.3 32.4 32.5. Installation over SLP . . . . . . . . Registering Your Own Services . . . . SLP Front-Ends in SUSE Linux Enterprise Activating SLP . . . . . . . . . . . For More Information . . . . . . .. 619 . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. 3 3 Time Synchronization with NTP 33.1 33.2 33.3. Configuring an NTP Client with YaST . . . . . . . . . . . . . . . . Configuring xntp in the Network . . . . . . . . . . . . . . . . . . Setting Up a Local Reference Clock . . . . . . . . . . . . . . . . .. 3 4 The Domain Name System 34.1 34.2 34.3 34.4 34.5 34.6 34.7 34.8 34.9. 565 568 577 578 597 600 615. DNS Terminology . . . . . . . . . . . . . . . . . . . . . . . . Configuration with YaST . . . . . . . . . . . . . . . . . . . . . . Starting the Name Server BIND . . . . . . . . . . . . . . . . . . The Configuration File /etc/named.conf . . . . . . . . . . . . . . . Zone Files . . . . . . . . . . . . . . . . . . . . . . . . . . . Dynamic Update of Zone Data . . . . . . . . . . . . . . . . . . . Secure Transactions . . . . . . . . . . . . . . . . . . . . . . . DNS Security . . . . . . . . . . . . . . . . . . . . . . . . . . For More Information . . . . . . . . . . . . . . . . . . . . . .. 619 620 621 622 622. 623 623 626 627. 629 629 630 640 642 646 651 651 652 653. 3 5 DHCP. 655. 35.1. 656. Configuring a DHCP Server with YaST . . . . . . . . . . . . . . . ..

(10) 35.2 35.3 35.4. DHCP Software Packages . . . . . . . . . . . . . . . . . . . . . The DHCP Server dhcpd . . . . . . . . . . . . . . . . . . . . . For More Information . . . . . . . . . . . . . . . . . . . . . .. 3 6 Using NIS 36.1 36.2. 673. Configuring NIS Servers . . . . . . . . . . . . . . . . . . . . . . Configuring NIS Clients . . . . . . . . . . . . . . . . . . . . . .. 3 7 LDAP—A Directory Service 37.1 37.2 37.3 37.4 37.5 37.6 37.7 37.8. LDAP versus NIS . . . . . . . . . . . . Structure of an LDAP Directory Tree . . . Server Configuration with slapd.conf . . . Data Handling in the LDAP Directory . . . Configuring an LDAP Server with YaST . . . Configuring an LDAP Client with YaST . . . Configuring LDAP Users and Groups in YaST For More Information . . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. Terminology . . . . . . . . . . . . . . . . . Starting and Stopping Samba . . . . . . . . . Configuring a Samba Server . . . . . . . . . . Configuring Clients . . . . . . . . . . . . . . Samba as Login Server . . . . . . . . . . . . Samba Server in the Network with Active Directory Migrating a Windows NT Server to Samba . . . . For More Information . . . . . . . . . . . .. Importing File Systems with YaST Importing File Systems Manually Exporting File Systems with YaST For More Information . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. 709 711 711 717 718 719 721 723. 725 . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. . . . .. 4 0 File Synchronization 40.1 40.2 40.3 40.4 40.5. 682 683 686 691 695 698 706 707. 709. 3 9 Sharing File Systems with NFS 39.1 39.2 39.3 39.4. 673 679. 681. 3 8 Samba 38.1 38.2 38.3 38.4 38.5 38.6 38.7 38.8. 667 668 671. Available Data Synchronization Software . . Determining Factors for Selecting a Program Introduction to Unison . . . . . . . . . Introduction to CVS . . . . . . . . . . Introduction to Subversion . . . . . . .. 725 726 726 728. 729 . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. . . . . .. 729 732 736 738 741.

(11) 40.6 40.7. Introduction to rsync . . . . . . . . . . . . . . . . . . . . . . . Introduction to mailsync . . . . . . . . . . . . . . . . . . . . .. 4 1 The Apache HTTP Server 41.1 41.2 41.3 41.4 41.5 41.6 41.7 41.8 41.9. 751. Quick Start . . . . . . . . . . . . . . . Configuring Apache . . . . . . . . . . . Starting and Stopping Apache . . . . . . . Installing, Activating, and Configuring Modules Getting CGI Scripts to Work . . . . . . . . Setting Up a Secure Web Server with SSL . . Avoiding Security Problems . . . . . . . . Troubleshooting . . . . . . . . . . . . . For More Information . . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. 4 2 The Proxy Server Squid 42.1 42.2 42.3 42.4 42.5 42.6 42.7 42.8 42.9. 744 746. 751 753 767 769 776 779 784 786 787. 791. Some Facts about Proxy Caches . . . . . System Requirements . . . . . . . . . . Starting Squid . . . . . . . . . . . . . The Configuration File /etc/squid/squid.conf Configuring a Transparent Proxy . . . . . cachemgr.cgi . . . . . . . . . . . . . squidGuard . . . . . . . . . . . . . . Cache Report Generation with Calamaris . For More Information . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. 792 793 795 797 802 805 807 809 810. Part V Security. 811. 4 3 Managing X.509 Certification. 813. 43.1 43.2. The Principles of Digital Certification . . . . . . . . . . . . . . . . YaST Modules for CA Management . . . . . . . . . . . . . . . . .. 4 4 Masquerading and Firewalls 44.1 44.2 44.3 44.4 44.5. Packet Filtering with iptables . Masquerading Basics . . . . Firewalling Basics . . . . . SuSEfirewall2 . . . . . . . For More Information . . .. 813 818. 829 . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . . . . . . .. . . . . .. 829 831 832 833 838.

(12) 4 5 SSH: Secure Network Operations 45.1 45.2 45.3 45.4 45.5 45.6 45.7. 839. The OpenSSH Package . . . . . . . . . . The ssh Program . . . . . . . . . . . . . scp—Secure Copy . . . . . . . . . . . . sftp—Secure File Transfer . . . . . . . . . The SSH Daemon (sshd)—Server-Side . . . . SSH Authentication Mechanisms . . . . . . X, Authentication, and Forwarding Mechanisms. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. 4 6 Network Authentication—Kerberos 46.1 46.2 46.3 46.4. Kerberos Terminology . How Kerberos Works . . Users' View of Kerberos . For More Information .. . . . . . . . .. . . . . . . . .. . . . . . . . .. 845 . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . . . . . .. . . . .. 4 7 Installing and Administering Kerberos 47.1 47.2 47.3 47.4 47.5 47.6 47.7 47.8 47.9 47.10 47.11. Choosing the Kerberos Realms . . . . . . . Setting Up the KDC Hardware . . . . . . . Clock Synchronization . . . . . . . . . . Configuring the KDC . . . . . . . . . . . Manually Configuring Kerberos Clients . . . Configuring a Kerberos Client with YaST . . . Remote Kerberos Administration . . . . . . Creating Kerberos Host Principals . . . . . Enabling PAM Support for Kerberos . . . . Configuring SSH for Kerberos Authentication . Using LDAP and Kerberos . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. Setting Up a Crypto File System with YaST . . . . . . . . . . . . . . Using vi to Encrypt Single Files . . . . . . . . . . . . . . . . . . .. 4 9 Confining Privileges with AppArmor 49.1 49.2 49.3. Installing Novell AppArmor . . . . . . . . . . . . . . . . . . . . Enabling and Disabling Novell AppArmor . . . . . . . . . . . . . . Getting Started with Profiling Applications . . . . . . . . . . . . .. 5 0 Security and Confidentiality 50.1. 845 847 850 851. 853. 4 8 Encrypting Partitions and Files 48.1 48.2. 839 840 840 841 841 842 843. Local Security and Network Security . . . . . . . . . . . . . . . .. 853 854 855 855 858 861 863 865 866 867 868. 873 874 876. 879 880 880 882. 889 889.

(13) 50.2 50.3. Some General Security Tips and Tricks . . . . . . . . . . . . . . . Using the Central Security Reporting Address . . . . . . . . . . . .. 898 901. Part VI Troubleshooting. 903. 5 1 Help and Documentation. 905. 51.1 51.2 51.3 51.4 51.5 51.6 51.7 51.8 51.9. Using the SUSE Help Center . . . . . . Man Pages . . . . . . . . . . . . . Info Pages . . . . . . . . . . . . . The Linux Documentation Project . . . Wikipedia: The Free Online Encyclopedia Guides and Books . . . . . . . . . . Package Documentation . . . . . . . Usenet . . . . . . . . . . . . . . . Standards and Specifications . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. . . . . . . . . .. 5 2 Common Problems and Their Solutions 52.1 52.2 52.3 52.4 52.5 52.6 52.7. Index. Finding Information . . . . . . . . . . . Installation Problems . . . . . . . . . . . Boot Problems . . . . . . . . . . . . . Login Problems . . . . . . . . . . . . . Network Problems . . . . . . . . . . . . Data Problems . . . . . . . . . . . . . . IBM System z: Using initrd as a Rescue System. 905 909 910 910 911 911 912 913 913. 917 . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. . . . . . . . . . . . . . .. 917 918 926 928 935 939 951. 955.

(14)

(15) About This Guide This guide is intended for use by professional network and system administrators during the actual planning, deployment, configuration, and operation of SUSE® Linux Enterprise. As such, it is solely concerned with ensuring that SUSE Linux Enterprise is properly configured and that the required services on the network are available to allow it to function properly as initially installed. This guide does not cover the process of ensuring that SUSE Linux Enterprise offers proper compatibility with your enterprise's application software or that its core functionality meets those requirements. It assumes that a full requirements audit has been done and the installation has been requested or that a test installation, for the purpose of such an audit, has been requested. This guide contains the following: Deployment Before you install SUSE Linux Enterprise, choose the deployment strategy and disk setup that is best suited for your scenario. Learn how to install your system manually, how to use network installation setups, and how to perform an autoinstallation. Configure the installed system with YaST to adapt it to your requirements. Administration SUSE Linux Enterprise offers a wide range of tools to customize various aspects of the system. This part introduces a few of them. A breakdown of available device technologies, high availability configurations, and advanced administration possibilities introduces the system to the administrator. System Learn more about the underlying operating system by studying this part. SUSE Linux Enterprise supports a number of hardware architectures and you can use this to adapt your own applications to run on SUSE Linux Enterprise. The boot loader and boot procedure information assists you in understanding how your Linux system works and how your own custom scripts and applications may blend in with it. Services SUSE Linux Enterprise is designed to be a network operating system. It offers a wide range of network services, such as DNS, DHCP, Web, proxy, and authentication services, and integrates well into heterogeneous environments including MS Windows clients and servers..

(16) Security This edition of SUSE Linux Enterprise includes several security-related features. It ships with Novell® AppArmor, which enables you to protect your applications by restricting privileges. Secure login, firewalling, and file system encryption are covered as well. Troubleshooting SUSE Linux Enterprise includes a wealth of applications, tools, and documentation should you need them in case of trouble. Some of the most common problems that can occur with SUSE Linux Enterprise and their solutions are discussed in detail.. 1 Feedback We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation and enter your comments there.. 2 Documentation Updates For the latest version of this documentation, see the SUSE Linux Enterprise Server Web site [http://www.novell.com/documentation/sles10/index .html].. 3 Additional Documentation For additional documentation on this product, refer to http://www.novell.com/ documentation/sles10/index.html: Start-Up Guide Basic information about installation types and work flows. Architecture-Specific Information Architecture-specific information needed to prepare a SUSE Linux Enterprise Server target for installation.. xvi. Installation and Administration.

(17) Installation and Administration In-depth installation and administration for SUSE Linux Enterprise Server. For a documentation overview on the SUSE® Linux Enterprise Desktop product, refer to http://www.novell.com/documentation/sled10/index.html. The following manuals are exclusively available for SUSE Linux Enterprise Desktop: GNOME User Guide A comprehensive guide to the GNOME desktop and its most important applications. KDE User Guide A comprehensive guide to the KDE desktop and its most important applications. Network Connectivity Guide An in-depth introduction to networking using NetworkManager. Novell AppArmor 2.0 Administration Guide An in-depth administration guide to Novell AppArmor that introduces you to application confinement for heightened security in your environment. Many chapters in this manual contain links to additional documentation resources. This includes additional documentation that is available on the system as well as documentation available on the Internet.. 4 Documentation Conventions The following typographical conventions are used in this manual: • /etc/passwd: filenames and directory names • placeholder: replace placeholder with the actual value • PATH: the environment variable PATH • ls, --help: commands, options, and parameters • user: users or groups •. Alt , Alt + F1 : a key to press or a key combination; keys are shown in uppercase as on a keyboard. About This Guide. xvii.

(18) • File, File → Save As: menu items, buttons • ►amd64 em64t ipf: This paragraph is only relevant for the specified architectures. The arrows mark the beginning and the end of the text block.◄ ►ipseries s390 zseries: This paragraph is only relevant for the specified architectures. The arrows mark the beginning and the end of the text block.◄ • Dancing Penguins (Chapter Penguins, ↑Reference): This is a reference to a chapter in another book.. xviii. Installation and Administration.

(19) Part I. Deployment.

(20)

(21) Planning for SUSE Linux Enterprise. 1. The implementation of an operating system either in an existing IT environment or as a completely new rollout must be carefully prepared. With SUSE Linux Enterprise Server 10, get a variety of new features. It is impossible to describe all the new features here. The following is just a list of major enhancements that might be of interest. Xen 3.0 Virtualization Runs many virtual machines on a single server, each with its own instance of an operating system. For more information, see Chapter 23, Virtual Machine Server (page 435). YaST Several new configuration options have been developed for YaST. These are normally described in the chapters about the technology involved. CIM Management with openWBEM The Common Information Model Object Manager (CIMON) is a Web-based enterprise management utility. It provides a mature management framework. See also Chapter 9, OpenWBEM (page 223). SPident The management utility SPident gives an overview of the installed software base and clarifies the current service pack level of the system. Directory Services Several LDAP-compliant directory services are available: • Microsoft Active Directory. Planning for SUSE Linux Enterprise. 21.

(22) • OpenLDAP Novell AppArmor Harden your System with the Novell AppArmor technology. This service is described in depth in Novell AppArmor 2.0 Administration Guide (↑Novell AppArmor 2.0 Administration Guide). iSCSI iSCSI provides an easy and reasonably inexpensive solution for connecting Linux computers to central storage systems. Find more information about iSCSI in Chapter 11, Mass Storage over IP Networks—iSCSI (page 259). Network File System v4 Starting with version 10, SUSE Linux Enterprise Server supports NFS also in version 4. This gives you performance improvements, strong security, and a “stateful” protocol. Oracle Cluster File System 2 OCFS2 is a general-purpose journaling file system that is fully integrated in the Linux 2.6 kernel and later. Find an overview of OCFS2 in Chapter 14, Oracle Cluster File System 2 (page 285). Heartbeat 2 Heartbeat 2 provides a cluster membership and messaging infrastructure. The setup of such a cluster is described in Chapter 13, Installing a Heartbeat 2 Cluster Using YaST (page 279). Multipath I/O Device mapping multipath IO features automatic configuration of the subsystem for a large variety of setups. See also Chapter 10, Multipath IO (page 251). Linux Kernel Crash Dump Debugging kernel-related problems is now much more comfortable when using Kexec and Kdump. This technology is available on x86, AMD64, Intel EM64T, and POWER platforms.. 22. Installation and Administration.

(23) 1.1 Considerations for Deployment of a SUSE Linux Enterprise Server At the beginning of the planning process, you should try to define the project goals and needed features. This must be done individually for each project, but the questions to answer should include the following: • How many installations should be done? Depending on this, the best deployment method differs. See also Chapter 2, Deployment Strategies (page 25). • Will the system be in a hostile environment? Have a look at Chapter 50, Security and Confidentiality (page 889) to get an overview of consequences. • How will you get regular updates? All patches are provided online for registered users. Find the registration and patch support database at http://www.novell .com/suselinuxportal. • Do you need help for your local installation? Novell provides training, support, and consulting for all topics around SUSE Linux Enterprise Server. Find more information about this at http://www.novell.com/products/ linuxenterpriseserver/. • Do you need third-party products? Make sure that the required product is also supported on the desired platform. Novell can also provide help to port software to different platforms when needed.. 1.2 Deployment of SUSE Linux Enterprise Server To make sure that your system will run flawlessly, always try to use certified hardware. The hardware certification process is an ongoing process and the database of certified hardware is updated regularly. Find the search form for certified hardware at http:// developer.novell.com/yessearch/Search.jsp. Depending on the number of desired installations, it is beneficial to use installation servers or even completely automatic installations. Have a look at Chapter 2, Deployment. Planning for SUSE Linux Enterprise. 23.

(24) Strategies (page 25) for more information. When using the Xen virtualization technologies, network root file systems or network storage solutions like iSCSI should be considered. See also Chapter 11, Mass Storage over IP Networks—iSCSI (page 259). SUSE Linux Enterprise Server provides you with a broad variety of services. Find an overview of the documentation in this book in About This Guide (page xv). Most of the needed configurations can be made with YaST, the SUSE configuration utility. In addition to that, many manual configurations are described in the corresponding chapters. In addition to the plain software installation, you should consider training the end users of the systems as well as help desk staff.. 1.3 Running SUSE Linux Enterprise Server The SUSE Linux Enterprise Server operating system is a well-tested and stable system. Unfortunately, this does not prevent hardware failures or other causes for downtime or data loss. For any serious computing task where data loss could occur, a regular backup should be done. For optimal security and safe work, you should make regular updates of all the operated machines. If you have a mission critical server, you should probably run a second identical machine where you can apply all changes for testing purposes before doing so on the real system. This also gives you the possibility to switch machines in case of hardware failure.. 24. Installation and Administration.

(25) 2. Deployment Strategies There are several different ways to deploy SUSE® Linux Enterprise. Choose from various approaches ranging from a local installation using physical media or a network installation server to a mass deployment using a remote-controlled, highly-customized, and automated installation technique. Select the method that best matches your requirements.. 2.1 Deploying up to 10 Workstations If your deployment of SUSE Linux Enterprise only involves 1 to 10 workstations, the easiest and least complex way of deploying SUSE Linux Enterprise is a plain manual installation as featured in Chapter 3, Installation with YaST (page 35). Manual installation can be done in several different ways depending on your requirements: Installing from the SUSE Linux Enterprise Media (page 26) Consider this approach if you want to install a single, disconnected workstation. Installing from a Network Server Using SLP (page 26) Consider this approach if you have a single workstation or a small number of workstations and if a network installation server announced via SLP is available. Installing from a Network Server (page 27) Consider this approach if you have a single workstation or a small number of workstations and if a network installation server is available.. Deployment Strategies. 25.

(26) Table 2.1. Installing from the SUSE Linux Enterprise Media. Installation Source Tasks Requiring Manual Interaction. SUSE Linux Enterprise media kit • Inserting the installation media • Booting the installation target • Changing media • Determining the YaST installation scope • Configuring the system with YaST system. Remotely Controlled Tasks. None. Details. Section “Installing from the SUSE Linux Enterprise Media” (page 37). Table 2.2. Installing from a Network Server Using SLP. Installation Source. Tasks Requiring Manual Interaction. Network installation server holding the SUSE Linux Enterprise installation media • Inserting the boot disk • Booting installation target • Determining the YaST installation scope • Configuring the system with YaST. 26. Remotely Controlled Tasks. None, but this method can be combined with VNC. Details. Section “Installing from a Network Server Using SLP” (page 37). Installation and Administration.

(27) Table 2.3. Installing from a Network Server. Installation Source. Tasks Requiring Manual Interaction. Network installation server holding the SUSE Linux Enterprise installation media • Inserting the boot disk • Providing boot options • Booting the installation target • Determining the YaST installation scope • Configuring the system with YaST. Remotely Controlled Tasks None, but method can be combined with VNC Details. Section “Installing from a Network Server” (page 37). 2.2 Deploying up to 100 Workstations With a growing numbers of workstations to install, you certainly do not want to install and configure each one of them manually. There are many automated or semiautomated approaches as well as several options to perform an installation with minimal to no physical user interaction. Before considering a fully-automated approach, take into account that the more complex the scenario gets the longer it takes to set up. If a time limit is associated with your deployment, it might be a good idea to select a less complex approach that can be carried out much more quickly. Automation makes sense for huge deployments and those that need to be carried out remotely. Choose from the following options: Simple Remote Installation via VNC—Static Network Configuration (page 29) Consider this approach in a small to medium scenario with a static network setup. A network, network installation server, and VNC viewer application are required.. Deployment Strategies. 27.

(28) Simple Remote Installation via VNC—Dynamic Network Configuration (page 29) Consider this approach in a small to medium scenario with dynamic network setup through DHCP. A network, network installation server, and VNC viewer application are required. Remote Installation via VNC—PXE Boot and Wake on LAN (page 30) Consider this approach in a small to medium scenario that should be installed via network and without physical interaction with the installation targets. A network, a network installation server, network boot images, network bootable target hardware, and a VNC viewer application are required. Simple Remote Installation via SSH—Static Network Configuration (page 30) Consider this approach in a small to medium scenario with static network setup. A network, network installation server, and SSH client application are required. Remote Installation via SSH—Dynamic Network Configuration (page 31) Consider this approach in a small to medium scenario with dynamic network setup through DHCP. A network, network installation server, and SSH client application are required. Remote Installation via SSH—PXE Boot and Wake on LAN (page 31) Consider this approach in a small to medium scenario that should be installed via network and without physical interaction with the installation targets. A network, a network installation server, network boot images, network bootable target hardware, and an SSH client application are required. Simple Mass Installation (page 32) Consider this approach for large deployments to identical machines. If configured to use network booting, physical interaction with the target systems is not needed at all. A network, a network installation server, a remote controlling application such as a VNC viewer or an SSH client, and an AutoYaST configuration profile are required. If using network boot, a network boot image and network bootable hardware are required as well. Rule-Based Autoinstallation (page 33) Consider this approach for large deployments to various types of hardware. If configured to use network booting, physical interaction with the target systems is not needed at all. A network, a network installation server, a remote controlling application such as a VNC viewer or an SSH client, and several AutoYaST configuration profiles as well as a rule setup for AutoYaST are required. If using network boot, a network boot image and network bootable hardware are required as well. 28. Installation and Administration.

(29) Table 2.4. Simple Remote Installation via VNC—Static Network Configuration. Installation Source Preparations. Network • Setting up an installation source • Booting from the installation media. Control and Monitoring. Remote: VNC. Best Suited For. small to medium scenarios with varying hardware. Drawbacks. • Each machine must be set up individually • Physical access is needed for booting. Details. Table 2.5. Section 4.1.1, “Simple Remote Installation via VNC—Static Network Configuration” (page 70) Simple Remote Installation via VNC—Dynamic Network Configuration. Installation Source Preparations. Network • Setting up the installation source • Booting from the installation media. Control and Monitoring. Remote: VNC. Best Suited For. Small to medium scenarios with varying hardware. Drawbacks. • Each machine must be set up individually • Physical access is needed for booting. Deployment Strategies. 29.

(30) Details. Table 2.6. Section 4.1.2, “Simple Remote Installation via VNC—Dynamic Network Configuration” (page 71) Remote Installation via VNC—PXE Boot and Wake on LAN. Installation Source Preparations. Network • Setting up the installation source • Configuring DHCP, TFTP, PXE boot, and WOL • Booting from the network. Control and Monitoring Best Suited For. Remote: VNC • Small to medium scenarios with varying hardware • Completely remote installs; cross-site deployment. Drawbacks. Each machine must be set up manually. Details. Section 4.1.3, “Remote Installation via VNC—PXE Boot and Wake on LAN” (page 73). Table 2.7. Simple Remote Installation via SSH—Static Network Configuration. Installation Source Preparations. Network • Setting up the installation source • Booting from the installation media. Control and Monitoring Best Suited For. 30. Installation and Administration. Remote: SSH • Small to medium scenarios with varying hardware.

(31) • Low bandwidth connections to target Drawbacks. • Each machine must be set up individually • Physical access is needed for booting. Details. Table 2.8. Section 4.1.4, “Simple Remote Installation via SSH—Static Network Configuration” (page 74) Remote Installation via SSH—Dynamic Network Configuration. Installation Source Preparations. Network • Setting up the installation source • Booting from installation media. Control and Monitoring Best Suited For. Remote: SSH • Small to medium scenarios with varying hardware • Low bandwidth connections to target. Drawbacks. • Each machine must be set up individually • Physical access is needed for booting. Details. Table 2.9. Section 4.1.5, “Simple Remote Installation via SSH—Dynamic Network Configuration” (page 75) Remote Installation via SSH—PXE Boot and Wake on LAN. Installation Source Preparations. Network • Setting up the installation source. Deployment Strategies. 31.

(32) • Configuring DHCP, TFTP, PXE boot, and WOL • Booting from the network Control and Monitoring Best Suited For. Remote: SSH • Small to medium scenarios with varying hardware • Completely remote installs; cross-site deployment • Low bandwidth connections to target. Drawbacks. Each machine must be set up individually. Details. Section 4.1.6, “Remote Installation via SSH—PXE Boot and Wake on LAN” (page 77). Table 2.10. Simple Mass Installation. Installation Source Preparations. Preferably network • Gathering hardware information • Creating AutoYaST profile • Setting up the installation server • Distributing the profile • Setting up network boot (DHCP, TFTP, PXE, WOL) or Booting the target from installation media. Control and Monitoring. 32. Installation and Administration. Local or remote through VNC or SSH.

(33) Best Suited For. • Large scenarios • Identical hardware • No access to system (network boot). Drawbacks. Applies only to machines with identical hardware. Details. Section 5.1, “Simple Mass Installation” (page 105). Table 2.11. Rule-Based Autoinstallation. Installation Source Preparations. Preferably network • Gathering hardware information • Creating AutoYaST profiles • Creating AutoYaST rules • Setting up the installation server • Distributing the profile • Setting up network boot (DHCP, TFTP, PXE, WOL) or Booting the target from installation media. Control and Monitoring Best Suited For. Local or remote through SSH or VNC • Varying hardware • Cross-site deployments. Drawbacks. Complex rule setup. Deployment Strategies. 33.

(34) Details. Section 5.2, “Rule-Based Autoinstallation” (page 116). 2.3 Deploying More than 100 Workstations Most of the considerations brought up for medium installation scenarios in Section 2.1, “Deploying up to 10 Workstations” (page 25) still hold true for large scale deployments. However, with a growing number of installation targets, the benefits of a fully automated installation method outweigh its disadvantages. It pays off to invest a considerable amount of time to create a sophisticated rule and class framework in AutoYaST to match the requirements of a huge deployment site. Not having to touch each target separately can save you a tremendous amount of time depending on the scope of your installation project.. 34. Installation and Administration.

(35) 3. Installation with YaST After your hardware has been prepared for the installation of SUSE Linux Enterprise Server as described in the Architecture-Specific Information manual and after the connection with the installation system has been established, you are presented with the interface of SUSE Linux Enterprise's system assistant YaST. YaST takes care of all the following steps to set up the system, guiding you through the entire installation and configuration procedure.. 3.1 IBM System z: System Start-Up for Installation For IBM System z platforms, the system is initialized (IPL) as described in the Architecture-Specific Information manual. SUSE Linux Enterprise Server does not show a splash screen on these systems. During the installation, load the kernel, initrd, and parmfile manually. YaST starts with its installation screen as soon as a connection has been established to the installation system via VNC, X, or SSH. Because there is no splash screen, kernel or boot parameters cannot be entered on screen, but must be specified in a parmfile (see the parmfile chapter in the Architecture-Specific Information manual for a description). TIP: IBM System z: The Next Steps To install, follow the description of the installation procedure with YaST starting from Section 3.4, “Language Selection” (page 40).. Installation with YaST. 35.

(36) 3.2 System Start-Up for Installation Insert the first SUSE Linux Enterprise CD or the DVD into the drive. Then reboot the computer to start the installation program from the medium in the drive.. 3.2.1 Boot Options Boot options other than CD or DVD exist and can be used if problems arise booting from CD or DVD. These options are described in Table 3.1, “Boot Options” (page 36). Table 3.1. Boot Options. Boot Option. Description. CD-ROM. This is the easiest boot option. This option can be used if the system has a local CD-ROM drive that is supported by Linux.. Floppy. The images for generating boot floppies are located on CD 1 in the /boot directory. A README is available in the same directory.. PXE or BOOTP. This must be supported by the system's BIOS or firmware and a boot server must be available in the network. This task can also be handled by another SUSE Linux Enterprise system.. Hard Disk. SUSE Linux Enterprise can also be booted from the hard disk. To do this, copy the kernel (linux) and the installation system (initrd) from the directory /boot/loader on CD 1 to the hard disk and add the appropriate entry to the boot loader.. 3.2.2 Selecting the Source of the Installation Data You can install from a local installation source, such as the SUSE Linux Enterprise CDs or DVD or get the installation sources from an FTP, HTTP, or NFS server. Any of these approaches require physical access to the system to install and user interaction 36. Installation and Administration.

(37) during the installation. The installation procedure is basically the same, no matter which installation source or method you prefer.. Installing from the SUSE Linux Enterprise Media Install from physical boot media (your SUSE Linux Enterprise media kit) as follows: 1 Insert the media into your CD or DVD drive. 2 Reboot the system. 3 At the boot screen, select Installation and follow the instructions given in Section 3.3, “The Boot Screen” (page 38) and the following sections.. Installing from a Network Server Using SLP If your network setup supports OpenSLP and your network installation source has been configured to announce itself via OpenSLP (see Section 4.2, “Setting Up the Server Holding the Installation Sources” (page 78)), proceed as follows to install SUSE Linux Enterprise. 1 Set up an installation server as described in Section 4.2, “Setting Up the Server Holding the Installation Sources” (page 78). 2 Insert the first CD of the media kit into the CD-ROM drive an reboot the machine. 3 At the boot screen, select Installation, press. F4. then select SLP.. The installation program retrieves the location of the network installation source using OpenSLP and configures the network connection with DHCP. If the DHCP network configuration fails, you are prompted to enter the appropriate parameters manually. The installation then proceeds normally. 4 Finish the installation as if you had chosen to install from physical media.. Installing from a Network Server To perform a manual installation using a network installation source, proceed as follows:. Installation with YaST. 37.

(38) 1 Set up an installation server as described in Section 4.2, “Setting Up the Server Holding the Installation Sources” (page 78). 2 Insert the first CD or DVD of the media kit into the corresponding drive then reboot the machine. 3 At the boot screen, select Installation and use the boot options prompt to pass additional information, such as: • Location of the installation server: install=protocol:inst_source. Replace protocol with the protocol prefix for the service used by the installation server (nfs, http, or ftp). Replace inst_source with the IP address of the installation server. • Network configuration parameters if your setup does not support DHCP configuration (see Section 4.4.3, “Using Custom Boot Options” (page 99) for reference). 4 Press Enter to boot for installation. If no network parameters have been specified at the boot options prompt, the installation routines try to set up the network using DHCP. If this fails, you are prompted for these parameters. After you have provided them, the installation proceeds. 5 Finish the installation as if you had chosen to install from the physical media.. 3.3 The Boot Screen The boot screen displays a number of options for the installation procedure. Boot from Hard Disk boots the installed system. This item is selected by default, because the CD is often left in the drive. To install the system, select one of the installation options with the arrow keys. The relevant options are: Installation The normal installation mode. All modern hardware functions are enabled.. 38. Installation and Administration.

(39) Installation—ACPI Disabled If the normal installation fails, this might be due to the system hardware not supporting ACPI (advanced configuration and power interface). If this seems to be the case, use this option to install without ACPI support. Installation—Safe Settings Boots the system with the DMA mode (for CD-ROM drives) and power management functions disabled. Experts can also use the command line to enter or change kernel parameters. Use the function keys indicated in the bar at the bottom of the screen to change a number of installation settings. F1. Get context-sensitive help for the active element of the boot screen. F2. Select the display language for the installation. F3. Select various graphical display modes for the installation. Select the text mode if the graphical installation causes problems. F4. Normally, the installation is performed from the inserted installation medium. Here, select other sources, like FTP or NFS servers. If the installation is carried out in a network with an SLP server, select one of the installation sources available on the server with this option. Information about SLP is available in Chapter 32, SLP Services in the Network (page 619). F5. Use this to tell the system that you have an optional disk with a driver update for SUSE Linux Enterprise Server. You will be asked to insert the update disk at the appropriate point in the installation process. A few seconds after starting the installation, SUSE Linux Enterprise loads a minimal Linux system to run the installation procedure. If you want to know what is going on during the boot process, press Esc to see messages and copyright notices scroll by. At the end of the loading process, the YaST installation program starts. After a few more seconds, the screen should display the graphical installer.. Installation with YaST. 39.

(40) The actual installation of SUSE Linux Enterprise begins at this point. All YaST screens have a common layout. All buttons, entry fields, and lists can be accessed with the mouse or the keyboard. If your mouse pointer does not move, the mouse has not been detected automatically. In this case, use the keyboard for the time being. Navigation with the keyboard is similar to the description in Section 7.11.1, “Navigation in Modules” (page 185).. 3.4 Language Selection YaST and SUSE Linux Enterprise in general can be configured to use different languages according to your needs. The language selected here is also used for the keyboard layout. In addition, YaST uses the language setting to guess a time zone for the system clock. These settings can be modified later along with the selection of secondary languages to install on your system. If your mouse does not work, select the language with the arrow keys and press Tab until Next is highlighted. Then press Enter to confirm your language selection.. 3.5 IBM System z: Hard Disk Configuration When installing on IBM System z platforms, the language selection dialog is followed by a dialog to configure the attached hard disks. Select DASD, Fibre Channel Attached SCSI Disks (ZFCP), or iSCSI for installation of SUSE Linux Enterprise Server. After selecting Configure DASD Disks, you are presented with an overview listing all available DASDs. To get a clearer picture of the available devices, use the entry field located above the list to specify a range of channels to display. To filter the list according to such a range, select Filter. See Figure 3.1, “IBM System z: Selecting a DASD” (page 41).. 40. Installation and Administration.

(41) Figure 3.1 IBM System z: Selecting a DASD. Now specify the DASDs to use for the installation by selecting the corresponding entries in the list then clicking Select or Deselect. After that, activate and make the DASDs available for the installation by selecting Perform Action → Activate (see Figure 3.2, “IBM System z: Activating a DASD” (page 41)). To format the DASDs, select Perform Action → Format right away or use the YaST partitioner later as described in Section “Partitioning with YaST” (page 46). Figure 3.2 IBM System z: Activating a DASD. Installation with YaST. 41.

(42) Figure 3.3 IBM System z: Overview of Available ZFCP Disks. To use ZFCP disks for the SUSE Linux Enterprise Server installation, select Configure ZFCP Disks in the selection dialog. This opens a dialog with a list of the ZFCP disks available on the system. In this dialog, select Add to open another dialog in which to enter ZFCP parameters (see Figure 3.3, “IBM System z: Overview of Available ZFCP Disks” (page 42)). To make a ZFCP disk available for the SUSE Linux Enterprise Server installation, use the entry fields Channel Number, WWPN (World Wide Port Number), and FCP-LUN to specify the parameters identifying the corresponding disk. When you are done, exit the ZFCP dialog with Next and the general hard disk configuration dialog with Finish to continue with the rest of the configuration.. 3.6 License Agreement Read the license agreement that is displayed on screen thoroughly. If you agree to the terms, choose Yes, I Agree to the License Agreement and click Next to confirm your selection. If you do not agree to the license agreement, you are not allowed to install SUSE Linux Enterprise and the installation terminates.. 42. Installation and Administration.

(43) 3.7 System Analysis Select New installation or Update an existing system. Updating is only possible if a SUSE Linux Enterprise system is already installed. When a SUSE Linux Enterprise system is already installed, use Other to access two advanced options: boot the installed system with Boot installed system or, if the installed system fails to boot, you can try to fix the problem with Repair installed system. If no SUSE Linux Enterprise system is installed, you can only perform a new installation. The following sections describe the procedure of installing a new system. Find detailed instructions for a system update in Section 7.3.7, “Updating the System” (page 149). Find a description of the system repair options in Section “Using YaST System Repair” (page 942). To install an add-on product, an extension for your SUSE Linux Enterprise, together with system, select Include Add-On Products from Separate Media and click Next. In the next dialog, use Add to add an additional media.. 3.8 Time Zone In this dialog, select your region and time zone from the lists. During installation, both are preselected according to the selected installation language. Choose between Local Time and UTC (GMT) under Hardware Clock Set To. The selection depends on how the BIOS hardware clock is set on your machine. If it is set to GMT, which corresponds to UTC, your system can rely on SUSE Linux Enterprise to switch from standard time to daylight saving time and back automatically. Click Change to set the current date and time. When finished, click Next to continue the installation.. 3.9 Installation Summary After a thorough system analysis, YaST presents reasonable suggestions for all installation settings. The options that sometimes need manual intervention in common installation situations are presented under the Overview tab. Find more special options in the Expert tab. After configuring any of the items presented in these dialogs, you are always returned to the summary window, which is updated accordingly. The individual settings are discussed in the following sections.. Installation with YaST. 43.

(44) Figure 3.4 Installation Settings. 3.9.1 Partitioning In most cases, YaST proposes a reasonable partitioning scheme that can be accepted without change. YaST can also be used to customize the partitioning. This section describes the necessary steps.. Partition Types TIP: IBM System z: Hard Disks On the IBM System z platforms, SUSE Linux Enterprise Server supports SCSI hard disks as well as DASDs (direct access storage devices). While SCSI disks can be partitioned as described below, DASDs can have no more than three partition entries in their partition tables. Every hard disk has a partition table with space for four entries. An entry in the partition table can correspond to a primary partition or an extended partition. Only one extended partition entry is allowed, however.. 44. Installation and Administration.

(45) A primary partition simply consists of a continuous range of cylinders (physical disk areas) assigned to a particular operating system. With primary partitions only, you would be limited to four partitions per hard disk, because more do not fit in the partition table. This is why extended partitions are used. Extended partitions are also continuous ranges of disk cylinders, but an extended partition may itself be subdivided into logical partitions. Logical partitions do not require entries in the partition table. In other words, an extended partition is a container for logical partitions. If you need more than four partitions, create an extended partition as the fourth partition or earlier. This extended partition should span the entire remaining free cylinder range. Then create multiple logical partitions within the extended partition. The maximum number of logical partitions is 15 on SCSI, SATA, and Firewire disks and 63 on (E)IDE disks. It does not matter which types of partitions are used for Linux. Primary and logical partitions both work fine. TIP: Hard Disks with a GPT Disk Label For architectures using the GPT disk label, the number of primary partitions is not restricted. Consequently, there are no logical partitions.. Required Disk Space YaST normally proposes a reasonable partitioning scheme with sufficient disk space. If you want to implement your own partitioning scheme, consider the following recommendations concerning the requirements for different system types. Minimal System: 500 MB No graphical interface (X Window System) is installed, which means that only console applications can be used. Also, only a very basic selection of software is installed. Minimal System with Graphical Interface: 700 MB This includes the X Window System and some applications. Default System: 1.5 GB This includes a modern desktop environment, like KDE or GNOME, and also provides enough space for large application suites like Netscape or Mozilla. Full Installation: 2.5 GB All the packages included with SUSE Linux Enterprise are installed. Installation with YaST. 45.

(46) The partitions to create depend on the available space. The following are some basic partitioning guidelines: Up to 4 GB: One partition for the swap space and one root partition (/). In this case, the root partition must allow for those directories that often reside on their own partitions if more space is available. 4 GB or More: A swap partition, a root partition (1 GB), and one partition each for the following directories as needed: /usr (4 GB or more), /opt (4 GB or more), and /var (1 GB). If you do not want to have separate partitions for these directories, add the suggested disk space to the root partition. The rest of the available space can be used for /home. Depending on the hardware, it might also be useful to create a boot partition (/boot) to hold the boot mechanism and the Linux kernel. This partition should be located at the start of the disk and should be at least 8 MB or one cylinder. As a rule of thumb, always create such a partition if it was included in YaST's original proposal. If you are unsure about this, create a boot partition to be on the safe side. You should also be aware that some (mostly commercial) programs install their data in /opt. Therefore, either create a separate partition for /opt or make the root partition large enough.. Partitioning with YaST When you select the partitioning item in the suggestion window for the first time, the YaST partitioning dialog displays the proposed partition settings. Accept these current settings as they are or change them before continuing. Alternatively, discard all the settings and start over from scratch. Nothing in the partitioning setup is changed if you select Accept Proposal. If you select Base Partition Setup on This Proposal, the Expert Partitioner opens. It allows tweaking the partition setup in every detail. This dialog is explained in Section 7.5.8, “Partitioner” (page 161). The original setup as proposed by YaST is offered there as a starting point. Selecting Create Custom Partition Setup opens the dialog for hard disk selection. Use the list to choose among the existing hard disks on your system. SUSE Linux Enterprise will be installed on the disk selected in this dialog.. 46. Installation and Administration.

(47) The next step is to determine whether the entire disk should be used (Use Entire Hard Disk) or whether to use any existing partitions (if available) for the installation. If a Windows operating system was found on the disk, you are asked whether to delete or resize the partition. Before doing so, read Section “Resizing a Windows Partition” (page 47). If desired, go to the Expert Partitioner dialog to create a custom partition setup as described in Section 7.5.8, “Partitioner” (page 161). WARNING: Using the Entire Hard Disk for Installation If you choose Use Entire Hard Disk, all existing data on that disk is completely erased later in the installation process and is then lost. YaST checks during the installation whether the disk space is sufficient for the software selection made. If not, YaST automatically changes the software selection. The proposal dialog displays a notice to inform you about this. As long as there is sufficient disk space available, YaST simply accepts your settings and partitions the hard disk accordingly.. Resizing a Windows Partition If a hard disk containing a Windows FAT or NTFS partition is selected as the installation target, YaST offers to delete or shrink this partition. In this way, you can install SUSE® Linux Enterprise even if there is currently not enough space on the hard disk. This functionality is especially useful if the selected hard disk contains only one Windows partition that covers the entire hard disk. This is sometimes the case on computers where Windows comes preinstalled. If YaST sees that there is not enough space on the selected hard disk, but that space could be made available by deleting or shrinking a Windows partition, it presents a dialog in which to choose one of these two options.. Installation with YaST. 47.

(48) Figure 3.5 Possible Options for Windows Partitions. If you select Delete Windows Completely, the Windows partition is marked for deletion and the space is used for the installation of SUSE Linux Enterprise. WARNING: Deleting Windows If you delete Windows, all data will be lost beyond recovery as soon as the formatting starts. To shrink the Windows partition, interrupt the installation and boot Windows to prepare the partition from there. Although this step is not strictly required for FAT partitions, it speeds up the resizing process and also makes it safer. These steps are vital for NTFS partitions. FAT File System In Windows, first run scandisk to make sure that the FAT partition is free of lost file fragments and crosslinks. After that, run defrag to move files to the beginning of the partition. This accelerates the resizing procedure in Linux. If you have optimized virtual memory settings for Windows so a contiguous swap file is used with the same initial (minimum) and maximum size limit, consider another step. With these Windows settings, the resizing might split the swap file into. 48. Installation and Administration.

(49) many small parts scattered all over the FAT partition. Also, the entire swap file would need to be moved during the resizing, which makes the process rather slow. It is therefore useful to disable these Windows optimizations for the time being and reenable them after the resizing has been completed. NTFS File System In Windows, run scandisk and defrag to move the files to the beginning of the hard disk. In contrast to the FAT file system, you must perform these steps. Otherwise the NTFS partition cannot be resized. IMPORTANT: Disabling the Windows Swap File If you operate your system with a permanent swap file on an NTFS file system, this file may be located at the end of the hard disk and remain there despite defrag. Therefore, it may be impossible to shrink the partition sufficiently. In this case, temporarily deactivate the swap file (the virtual memory in Windows). After the partition has been resized, reconfigure the virtual memory. After these preparations, return to the Linux partitioning setup and select Shrink Windows Partition. After a quick check of the partition, YaST opens a dialog with a suggestion for resizing the Windows partition. Figure 3.6 Resizing the Windows Partition. Installation with YaST. 49.

(50) The first bar graph shows how much disk space is currently occupied by Windows and how much space is still available. The second bar graph shows how the space would be distributed after the resizing, according to YaST's current proposal. See Figure 3.6, “Resizing the Windows Partition” (page 49). Accept the proposed settings or use the slider to change the partition sizing (within certain limits). If you leave this dialog by selecting Next, the settings are stored and you are returned to the previous dialog. The actual resizing takes place later, before the hard disk is formatted. IMPORTANT: Windows Systems Installed on NTFS Partitions By default, the Windows versions NT, 2000, and XP use the NTFS file system. Unlike FAT file systems, NTFS file systems can only be read from Linux. This means you can read your Windows files from Linux, but you cannot edit them. If you want write access to your Windows data and do not need the NTFS file system, reinstall Windows on a FAT32 file system. In this case, you will have full access to your Windows data from SUSE Linux Enterprise.. 3.9.2 Software SUSE Linux Enterprise contains a number of software packages for various application purposes. Click Software in the suggestion window to start the software selection and modify the installation scope according to your needs. Select your categories from the list in the middle and see the description in the right window. Each category contains a number of software packages that meet most requirements for that category. For more detailed selection of software packages to install, select Details to switch to the YaST Package Manager. See Figure 3.7, “Installing and Removing Software with the YaST Package Manager” (page 51). NOTE: Default Desktop The default desktop of SUSE Linux Enterprise is GNOME. To install KDE, click Software and select KDE Desktop Environment from Graphical Environments.. 50. Installation and Administration.

(51) Figure 3.7 Installing and Removing Software with the YaST Package Manager. Changing the Installation Scope If you have specific software needs, modify the current selection with the package manager, which greatly eases this task. The package manager offers various filter criteria to simplify selection from the numerous packages in SUSE Linux Enterprise. The filter selection box is located at the top left under the menu bar. The default filter is Patterns. Patterns install packages based on the intended use or task of your system. For example, select File Server to set up your system as an NFS server or Web and LAMP Server to install the Apache Web server. The groups included in the current system type are preselected. Click the check boxes to select or deselect groups for installation. The right part of the window displays a table listing the individual packages included in the current group. The table column furthest to the left shows the current status of each package. Two status flags are especially relevant for the installation: Install (the box in front of the package name is checked) and Do Not Install (the box is empty). To select or deselect individual software packages, click the status box until the desired status is displayed. Alternatively, right-click the package line to access a pop-up menu. Installation with YaST. 51.

No results found