SUSE Linux Enterprise
www.novell.com11
October02,2009 SUSE Linux Enterprise Point of Service Guide
Point of Service
SUSE Linux Enterprise Point of Service Guide
All content is copyright © 2006- 2009 Novell, Inc.
Legal Notice
This manual is protected under Novell intellectual property rights. By reproducing, duplicating or
distributing this manual you explicitly agree to conform to the terms and conditions of this license
agreement.
This manual may be freely reproduced, duplicated and distributed either as such or as part of a bundled
package in electronic and/or printed format, provided however that the following conditions are fullled:
That this copyright notice and the names of authors and contributors appear clearly and distinctively
on all reproduced, duplicated and distributed copies. That this manual, specically for the printed
format, is reproduced and/or distributed for noncommercial use only. The express authorization of
Novell, Inc must be obtained prior to any other use of any manual or part thereof.
For Novell trademarks, see the Novell Trademark and Service Mark list http://www.novell
.com/company/legal/trademarks/tmlist.html. * Linux is a registered trademark of
Linus Torvalds. All other third party trademarks are the property of their respective owners. A trademark
symbol (®, ™ etc.) denotes a Novell trademark; an asterisk (*) denotes a third party trademark.
All information found in this book has been compiled with utmost attention to detail. However, this
does not guarantee completeaccuracy. Neither Novell, Inc.,SUSE LINUX Products GmbH, the authors,
nor the translators shall be held liable for possible errors or the consequences thereof.
Contents
About This Guide vii
1 Product Overview 1
1.1 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . 3
1.3 Server Types . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.5 SUSE Linux Enterprise Point of Service Deployment . . . . . . . . . . 16
2 SUSE Linux Enterprise Point of Service Installation 21
2.1 Installation During the Initial Installation Process . . . . . . . . . . . . 21
2.2 Installation On Top of an Already Installed System . . . . . . . . . . . 22
3 Basic Conguration 25
3.1 Setting Up the Administration Server . . . . . . . . . . . . . . . . . 25
3.2 Setting Up the Branch Server . . . . . . . . . . . . . . . . . . . . 27
3.3 Adding a Point of Service Terminal . . . . . . . . . . . . . . . . . . 30
4 Setting Up the Administration Server 35
4.1 Administration Server Conguration . . . . . . . . . . . . . . . . . 36
4.2 Initializing the LDAP Directory . . . . . . . . . . . . . . . . . . . 38
4.3 Creating An Ofine Installation Package . . . . . . . . . . . . . . . 40
4.4 Creating Point of Service Images . . . . . . . . . . . . . . . . . . 40
4.5 Copying the Boot Image Files . . . . . . . . . . . . . . . . . . . . 41
4.6 Copying the System Image Files . . . . . . . . . . . . . . . . . . . 43
4.7 What's Next . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5 Setting Up a Dedicated Image Building Server 47
6 Setting Up a Branch Server 49
6.1 Conditions to Congure a Branch Server . . . . . . . . . . . . . . . 50
6.2 Online Branch Server Conguration . . . . . . . . . . . . . . . . . 51
6.3 Ofine Branch Server Conguration . . . . . . . . . . . . . . . . . 53
6.4 Creating Branch Server Objects in LDAP . . . . . . . . . . . . . . . 55
6.5 Downloading Images from the Administration Server . . . . . . . . . . 64
6.6 Starting the Core Script . . . . . . . . . . . . . . . . . . . . . . 65
7 Deploying Point of Service Terminals 67
7.1 Operating System . . . . . . . . . . . . . . . . . . . . . . . . . 67
7.2 Conditions to Add a Point of Service Terminal . . . . . . . . . . . . . 68
7.3 Creating Point of Service Images . . . . . . . . . . . . . . . . . . 72
7.4 Creating the Required LDAP Objects . . . . . . . . . . . . . . . . . 72
7.5 Distributing Images to Point of Service Terminals . . . . . . . . . . . . 89
7.6 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
7.7 Point of Service Conguration Files . . . . . . . . . . . . . . . . . 94
7.8 Booting the Point of Service Terminal . . . . . . . . . . . . . . . . 102
8 Securing Your Setup 111
8.1 Physical Server Security . . . . . . . . . . . . . . . . . . . . . . 112
8.2 Network Security . . . . . . . . . . . . . . . . . . . . . . . . 112
8.3 Data Security . . . . . . . . . . . . . . . . . . . . . . . . . . 113
8.4 Application Security . . . . . . . . . . . . . . . . . . . . . . . 115
9 Testing Your SUSE Linux Enterprise Point of Service Environment 117
9.1 Monitoring the Terminal Bootup . . . . . . . . . . . . . . . . . . 117
9.2 Troubleshooting Terminal Bootup Problems . . . . . . . . . . . . . 120
10 The SUSE Linux Enterprise Point of Service LDAP Directory 121
10.1 Logical Structure of the LDAP Directory . . . . . . . . . . . . . . . 122
10.2 Using posAdmin to Manage the LDAP Directory . . . . . . . . . . . 128
10.3 LDAP Objects Reference . . . . . . . . . . . . . . . . . . . . . 136
11 Managing Image Source Files 151
11.1 POSCDTool Command Line Options . . . . . . . . . . . . . . . . . 151
11.2 POSCopyTool Command Line Options . . . . . . . . . . . . . . . . 156
11.3 Managing the Image Source Files . . . . . . . . . . . . . . . . . . 158
12 Building Images with the Image Creator Tool 163
12.1 Creating an Image Based on Template . . . . . . . . . . . . . . . . 165
12.2 Building Network Boot Images . . . . . . . . . . . . . . . . . . . 166
12.3 Building Bootable CD Images with a System Image . . . . . . . . . . 167
12.4 Building Bootable CD Images without a System Image . . . . . . . . . 168
12.5 Building USB Stick Images with a System Image . . . . . . . . . . . . 168
12.6 Adding Installable Documentation in RPM Format . . . . . . . . . . . 169
12.7 Image Conguration Settings . . . . . . . . . . . . . . . . . . . 170
13 Building Images with KIWI 173
13.1 Understanding the KIWI Conguration . . . . . . . . . . . . . . . 174
13.2 Preparing the Image Conguration . . . . . . . . . . . . . . . . . 178
13.3 Creating the KIWI Image . . . . . . . . . . . . . . . . . . . . . 180
13.4 Building Customized SUSE Linux Enterprise Point of Service Images . . . 181
13.5 Deploying KIWI Images . . . . . . . . . . . . . . . . . . . . . . 183
14 Remotely Managing Point of Service Terminals with admind and adminc
185
14.1 admind . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 185
14.2 adminc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
14.3 posGetIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
14.4 Installing admind on a Point of Service Terminal . . . . . . . . . . . 189
14.5 Installing the admind Client on Administration and Branch Servers . . . 191
15 Backup and Restore 193
15.1 Ofine Physical Backup . . . . . . . . . . . . . . . . . . . . . . 193
15.2 Ofine Logical Backup . . . . . . . . . . . . . . . . . . . . . . 194
15.3 Online Backup . . . . . . . . . . . . . . . . . . . . . . . . . . 194
15.4 Restoring Data . . . . . . . . . . . . . . . . . . . . . . . . . . 195
16 Troubleshooting 197
16.1 Server Infrastructure . . . . . . . . . . . . . . . . . . . . . . . 197
16.2 Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
A Changing the Server Language 203
A.1 Changing the Language Selection . . . . . . . . . . . . . . . . . . 203
A.2 Installing a Language RPMs . . . . . . . . . . . . . . . . . . . . 203
B Point of Service Scripts 205
B.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
B.2 Core Script Process . . . . . . . . . . . . . . . . . . . . . . . . 206
B.3 Script Quick Reference . . . . . . . . . . . . . . . . . . . . . . 208
C SUSE Linux Enterprise Point of Service Files and Directory Structure
219
C.1 Administration Server Directory Structure . . . . . . . . . . . . . . 219
C.2 Branch Server Directory Structure . . . . . . . . . . . . . . . . . 223
C.3 KIWI Files and Directory Structure . . . . . . . . . . . . . . . . . 226
About This Guide
This guide contains instructions on how to install, manage and deploy SUSE® Linux
Enterprise Point of Service. Learn which components constitute a SUSE Linux Enterprise
Point of Service environment and how to congure the individual servers and terminals.
The guide is intended mainly for system administrators.
Many chapters in this manual contain links to additional documentation resources.
These include additional documentation that is available on the system, as well as
documentation available on the Internet.
For an overview of the documentation available for your product (and the latest documentation updates), refer to http://www.novell.com/documentation or to
the following section.
1 Available Documentation
We provide HTML and PDF versions of our books in different languages.
Find HTML versions of most product manuals in your installed system under /usr/
share/doc/manual or in the help centers of your desktop. Find the latest documentation updates at http://www.novell.com/documentation where you can
download PDF or HTML versions of the manuals for your product.
For more information on the underlying operating system, refer to the SUSE Linux
Enterprise Server documentation, available from http://www.novell.com/
documentation/sles11/.
For information on securing your applications using AppArmor, refer to the Security
Guide, available from http://www.novell.com/documentation/sles11/.
For an introduction to setting up High Availability environments with SUSE Linux
Enterprise, refer to the High Availability Guide, available from http://www.novell
.com/documentation/sles11/.
2 Feedback
Several feedback channels are available:
• To report bugs for a product component or to submit enhancement requests, please
use https://bugzilla.novell.com/. If you are new to Bugzilla, you
might nd the Bug Writing FAQs helpful, available from the Novell Bugzilla home
page.
• We want to hear your comments and suggestions about this manual and the other
documentation included with this product. Please use the User Comments feature
at the bottom of each page of the online documentation and enter your comments
there.
3 Documentation Conventions
The following typographical conventions are used in this manual:
•
/etc/passwd: directory names and lenames
•
placeholder: replace placeholder with the actual value
•
PATH: the environment variable PATH
•
ls, --help: commands, options, and parameters
•
user: users or groups
•
Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as
on a keyboard
•
File, File > Save As: menu items, buttons
•
Dancing Penguins (Chapter Penguins, ↑Another Manual): This is a reference to a
chapter in another manual.
viii SUSE Linux Enterprise Point of Service Guide
Product Overview
SUSE® Linux Enterprise Point of Service is a secure and reliable Linux platform optimized for enterprise retail organizations. Built on the solid foundation of SUSE® Linux
Enterprise, it is the only enterprise-class Linux operating system tailored specically
for retail Point of Service terminals, kiosks, self-service systems, and reverse-vending
systems.
This section provides an architectural overview of the SUSE Linux Enterprise Point of
Service product, along with an overview of server types, images, and the deployment
process.
1.1 Architecture
The SUSE Linux Enterprise Point of Service architecture consists of one centralized
Administration Server, one or more Branch Servers, and Point of Service terminals.
These can be standard PCs running retail check-out applications or specialized pointof-sale machines such as cash registers and customer kiosks (see Figure 1.1, “SUSE
Linux Enterprise Point of Service System Architecture” (page 2)). Find a list of system
requirements for the individual components in Section 1.2, “System Requirements”
(page 3) and an overview of the different server types and their functions in Section 1.3,
“Server Types” (page 5).
1
Product Overview 1
Figure 1.1
All system information (system structure, image information, the conguration and
deployment method for each Branch Server and Point of Service terminal, etc.) is stored
in an LDAP database on the Administration Server (which may be replicated onBranch
Servers). The Administration Server usually also holds the master repository for the
images required to boot and congure Point of Service terminals and provides the
utilities required to build those images.
SUSE Linux Enterprise Point of Service System Architecture
NOTE: Creating a Dedicated Image Building Server
However, if you have a large system and want to ofoad the image building
function from the Administration Server, you can also set up a dedicated Image
Building Server. For more information, see Chapter 4, Setting Up the Adminis-
tration Server (page 35) or Chapter 5, Setting Up a Dedicated Image Building
Server (page 47).
Triggered by the possyncimages.pl script (see Section B.3.9, “possyncimages.pl”
(page 217), each Branch Server downloads the system information and images required
for its local Point of Service terminals from the Administration Server. The Point of
Service terminals, in turn, download their respective images from the Branch Server
when they boot.
2 SUSE Linux Enterprise Point of Service Guide
WARNING: Protecting the Branch Servers
Because Branch Servers contain sensitive information, they must be secured
against unauthorized access. Close unused ports and allow only the root user
to have access to the server console. Refer to Chapter 8, Securing Your Setup
(page 111) for more details on how to protect your SUSE Linux Enterprise Point
of Service setup.
SUSE Linux Enterprise Point of Service is broadly scalable so that a small shop with
ve Point of Service terminals can be managed just as well as a large chain with a
thousand branches. For organizations with several Branch Servers, the link between
the branch and administrative servers is maintained over WAN. During execution of
administrative tasks, such as the installation of new Point of Service terminals in a
branch, steps must be taken to ensure that the WAN link to the Administration Server
is available.
The SUSE Linux Enterprise Point of Service architecture is highly centralized. However,
administrative tasks can also be performed on subunits for role-based administration.
The Branch Server provides all the services necessary for the operation and management
of the Point of Service terminals and the LDAP database can be replicated on the Branch
Server. Consequently, the Branch Server and Point of Service terminals can function
independently of the Administration Server in the event of server failure or downed
connection.
1.2 System Requirements
This section provides a list of minimal hardware requirements for SUSE Linux Enterprise
Point of Service 11.
1.2.1 Administration Server
The following list identies the system requirements for an Administration Server:
• One server with an x86 or x86-64 processor
• A minimum of 4 GB hard disk space; recommended 15 GB
Product Overview 3
The required space depends on the size of your images.
• A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per
CPU)
• One network card
1.2.2 Image Building Server
The following list identies the system requirements for a dedicated image building
server:
• One server with an x86 or x86-64 processor
• A minimum of 4 GB hard disk space; recommended 25 GB
The required space is dependent on the size of your images.
• A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per
CPU)
• One network card
1.2.3 Branch Server
The following list identies the system requirements for a Branch Server:
• One server with an x86 or x86-64 processor
• A minimum of 4 GB hard disk space; recommended 10 GB
The required space is dependent on the size of the images you distribute to your
Point of Service terminals.
• A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per
CPU)
• At least two network cards per server:
• One network card for the Administration Server's public network
4 SUSE Linux Enterprise Point of Service Guide
• One network card for the Branch Server's private network
1.2.4 Administration/Branch Server
Combination
The following list identies the system requirements for an Administration/Branch
Server combination:
• One server with an x86 or x86-64 processor
• A minimum of 4 GB hard disk space; recommended 25 GB
The required space is dependent on the size of your images.
• A minimum of 512 MB RAM; recommended 512 MB - 3 GB (at least 512 MB per
CPU)
• One network card
1.3 Server Types
SUSE® Linux Enterprise Point of Service is based upon SUSE Linux Enterprise and
is installed as an add-on product. After installation and setup, your SUSE Linux Enterprise Point of Service system includes one centralized Administration Server, one or
more Branch Servers, and Point of Service terminals. This section focuses on the server
types used in SUSE Linux Enterprise Point of Service and gives an overview of the
tasks they run and the services they provide.
1.3.1 Administration Server
The Administration Server is the central administration point for SUSE® Linux Enterprise Point of Service. It is usually located in the main ofce and is used to manage the
Point of Service infrastructure, to host the LDAP database and to create images to send
to the Branch Servers. Whereas the LDAP server running on the Administration Server
stores the conguration of the Point of Service clients, the conguration of new Point
Product Overview 5
of Service terminals (and which images to deploy to the Point of Service terminal)
needs to be accepted in a YaST module.
The Administration Server provides the following functions:
• Maintains the master LDAP directory for the Branch Server systems. For more information on the LDAP directory, see Chapter 10, The SUSE Linux Enterprise
Point of Service LDAP Directory (page 121).
• Unless your SUSE Linux Enterprise Point of Service system includes a dedicated
Image Building Server, the Administration Server usually provides the tools to
create and customize system images and stores the system images for distribution
to the Branch Servers and Point of Service terminals. For more information, see
Chapter 12, Building Images with the Image Creator Tool (page 163) and Chapter 13,
Building Images with KIWI (page 173).
• Stores the conguration parameters for the Branch Servers.
• Provides an RSYNC server to distribute the system images and software updates
to the Branch Server systems.
• Supports NTP time synchronization for the Branch Servers.
• Consolidates the syslog output from the Branch Servers (optional).
For information on installing and conguring the Administration Server, see Chapter 4,
Setting Up the Administration Server (page 35). Find out more about the Administration
Server structure and functions in the following sections.
Services
The Administration Server provides two important services in your SUSE Linux Enterprise Point of Service system:
• LDAP is the protocol for accessing the SUSE Linux Enterprise Point of Service
directory, which stores all system information.
• RSYNC is a remote data synchronization service that is used to transfer images
from the Administration Server to the Branch Servers.
6 SUSE Linux Enterprise Point of Service Guide
In order to provide services of the Administration Server, the rewall running on the
Administration Server needs to allow trafc on the ldap or ldaps ports (389 TCP/UDP
and 636 TCP/UDP, respectively) and the rsync port ((TCP/UDP 873). For more information, refer to Section 4.2, “Initializing the LDAP Directory” (page 38).
1.3.2 Branch Server
The Branch Server provides the network boot and system management infrastructure
for the Point of Service terminals. It can also serve as a generic system platform for instore applications such as database systems and back-ends for Point of Service applications.
In your system, the Branch Server provides the following functions:
• Runs DNS services for the local network.
• May run DHCP to control the network boot process. Conversely, instead of setting
up the DHCP service on the Branch Server, an external DHCP server can be used.
For more information, refer to the list of attributes for scLocation elements in
Section 10.3.8, “scLocation” (page 142).
• Provides a multicast boot infrastructure for Point of Service terminals.
• Transfers system images from the Administration Server to the Point of Service
terminals.
The Branch Server uses a software distribution mechanism based on RSYNC to
pull new system images from the Administration Server. It then uses TFTP to
download system images and conguration les to the Point of Service terminals.
• Manages diskless and disk-based Point of Service terminals. Conguration data is
taken from the LDAP directory on the Administration Server.
• Provides system redundancy and failover. A pair of Branch Servers can be congured as a two-node high availability cluster with replicated data.
• Supports NTP for time synchronization from the Administration Server.
• Supports SNMP. Standard MIB2 monitoring is set up with net-snmp (optional).
Product Overview 7
• Logs syslog output from the Point of Service terminals (optional).
For information on installing and conguring the Branch Server, see Chapter 6, Setting
Up a Branch Server (page 49). Find out more about the Branch Server structure and
functions in the following sections.
LDAP Branch Server Object
Each Branch Server has a corresponding Branch Server object (scBranchServer)
in the LDAP directory. This object stores conguration information that is specic to
each Branch Server.
For more information on the scBranchServer object, see Chapter 10, The SUSE
Linux Enterprise Point of Service LDAP Directory (page 121).
LDAP Access
To complete its initial conguration and perform basic functions (such as registering
Point of Service terminals and downloading system images and conguration les),
the Branch Server must have administrator level access to the LDAP directory. This
admin account and password are created by the posInitAdminserver.sh script
during the initial conguration of the Administration Server. Once created, this account
is not accessible in the LDAP tree.
LDAP communications can be secured with SSL. When you run the
posInitAdminserver.sh script, you can enable or disable SSL communication.
Note that the rewall running on the Administration Server must allow trafc on the
ldap and ldaps ports, 389 TCP/UDP and 636 TCP/UDP, respectively. For more information, refer to Section 4.2, “Initializing the LDAP Directory” (page 38).
Administrative Tasks
Other than emergency handling, no system administration is necessary on the Branch
Server. All administrative tasks are controlled from the central Administration Server
or are regularly executed by daemons running on the Branch Server. For emergencies
and debugging, all administrative functions can be triggered locally or via SSH login
by calling scripts with few or no command line parameters.
8 SUSE Linux Enterprise Point of Service Guide
If you need to update the Point of Service images stored on the Branch Server, you can
run possyncimages.pl to manually trigger the RSYNC update process and
download new image les from the Administration Server. For more information, see
Section B.3.9, “possyncimages.pl” (page 217).
Similarly, if you need to update the Point of Service hardware conguration information
stored on the Branch Server, run either posldap2crconfig.pl --dumpall or
posAdmin --updateconfig. These commands regenerate the hardware conguration and config.MAC les for all Point of Service terminals found in LDAP.
For more information on the posldap2crconfig.pl script, see Section B.3.4,
“posldap2crcong.pl” (page 212).
Services
In SUSE Linux Enterprise Point of Service, Branch Servers provide the services listed
in Table 1.1, “Branch Server Services” (page 9).
Table 1.1
DNS
DHCP
NTP
TFTP
Branch Server Services
DescriptionService
Every Branch Server runs a DNS master for that branch. The
posldap2dns script generates the zone les for the BIND name server
from the data in the LDAP directory and then reloads the zone les
on each Branch Server.
A DHCP server can be installed on the Branch Server. The
posldap2dhcp script generates the dhcpd.conf le from branch
data in the LDAP directory.
The NTP service for the Branch Servers synchronizes with the Administration Server NTP, which must be congured to get the time from
a reliable source.
The TFTP service on the Branch Server is structured with boot, image,
Point of Service, and upload directories. There is a PXE default conguration with which all the Point of Service terminals rst load the
Product Overview 9
DescriptionService
same initial initrd and the same kernel. For more information, see
Section “TFTP Server Directory Structure” (page 10).
If there is an error with a TFTP action, the service waits 60 seconds,
then restarts.
Syslog
The Branch Server can dene syslog logging services for Point of
Service terminals. This service must be manually dened; the con-
guration information is stored in the /etc/syslog-ng.conf le,
not in LDAP.
High Availability Conguration
For high availability, Branch Servers can be congured in two-node pairs. The primary
node runs all of the scripts and services required to download Branch Server conguration information, synchronize time, and download system images from the Administration Server. The secondary node stays synchronized with the primary, ready to take
over and run the scripts and services if the primary fails.
For information on installing a high availability environment, refer to the general High
AvailabilityGuide, available from http://www.novell.com/documentation/
sles11/.
TFTP Server Directory Structure
SUSE Linux Enterprise Point of Service uses /srv/tftpboot as the tftp_root
path for the TFTP server on the Branch Server. Table 1.2, “TFTP Directory Structure
on the Branch Server” (page 11) outlines the main areas into which the directory
structure is divided under the TFTP root directory.
10 SUSE Linux Enterprise Point of Service Guide
Table 1.2
TFTP Directory Structure on the Branch Server
ContentsDirectory
/tftpboot/CR/
/tftpboot/
CR/MAC/
/tftpboot/
boot/
/tftpboot/
image/
/tftpboot/
upload/
Contains config.MAC image conguration les for every
registered Point of Service terminal on the current Branch
Server.
Contains system conguration les, such as xorg.conf, for
the individual Point of Service terminals.
Contains the following boot images and conguration les
for Point of Service terminals: initrd.gz, linux, the PXE
loader (pxelinux.0), and the PXE conguration folder
(pxelinux.cfg).
Contains system image les and their checksums.
Serves as the destination directory to upload hwtype.MAC
les for newly registered Point of Service terminals. These
les are used to create the Point of Service terminal's workstation object in LDAP.
This directory also stores the bootversion.MAC les that
the posleases2ldap daemon uses to provide image install notication. When an image is successfully installed on a Point
of Service terminal, the linuxrc script creates a bootversion
.MAC le in the /tftpboot/upload directory on the
Branch Server. posleases2ldap then transfers the information
to the scNotifiedimage attribute in the
scWorkstation object in LDAP and deletes the
bootversion.MAC le.
An example of a Branch Server TFTP structure is shown below:
/tftpboot/CR
00:02:55:E8:FA:C9 config.00:02:55:E8:FA:C9
00:03:56:01:D5:5F config.00:03:56:01:D5:5F
Product Overview 11
00:09:6B:3B:01:07 config.00:09:6B:3B:01:07
00:02:55:23:F3:93 config.00:02:55:23:F3:93
/tftpboot/CR/00:02:55:E8:FA:C9
XF86Config
/tftpboot/CR/00:03:56:01:D5:5F
XF86Config
/tftpboot/CR/00:09:6B:3B:01:07
/tftpboot/boot
initrd.gz
linux
pxelinux.0
pxelinux.cfg
/tftpboot/boot/pxelinux.cfg
default
/tftpboot/image
minimal-2.0.4 minimal-2.0.4.md5
graphical-2.0.4 graphical-2.0.4.md5
/tftpboot/upload
hwtype.00:02:55:E8:FA:C9
NOTE: Deletion of Point of Service Control File
The Point of Service control le hwtype.00:02:55:E8:FA:C9 is deleted
after successful registration in LDAP. For more information, see Section 7.7.3,
“The hwtype.MAC File” (page 100).
1.3.3 Special Server Types
Apart from the default implementation shown in Figure 1.1, “SUSE Linux Enterprise
Point of Service System Architecture” (page 2), SUSE Linux Enterprise Point of
Service allows for a variety of different setups to match your individual requirements.
You can create special types of servers, like a dedicated Image Building Server taking
load from the Administration Server, or implement POSBranch Servers instead of fullyedged Branch Servers as described in the following sections.
12 SUSE Linux Enterprise Point of Service Guide
Image Building Server
If your system needs to manage a large number of Point of Service images, you can
outsource the image building task to a dedicated Image Building Server. This ofoads
the processor and memory load required to generate images from the Administration
Server, and protects the Administration Server and LDAP directory from any possible
corruption or user errors that might occur while building Point of Service images.
For information on installing and conguring the Image Building Server, see Chapter 5,
Setting Up a Dedicated Image Building Server (page 47).
POSBranch Server
For small stores where the Branch Server runs only the Point of Service infrastructure,
the Branch Server can be deployed as a control terminal running on Point of Service
hardware. This POSBranch Server conguration is designed for systems that do not
run Point of Service applications. However, if the terminal has sufcient memory and
disk space, it can run some applications, if required.
In the NLPOS9, the POSBranch Server installation required a special POSBranch image.
There is no need for such a specialized POSBranch image any more. Branch servers
on Point of Service hardware can be installed as a standard Branch Server, by installing
SUSE Linux Enterprise Server 11 and the SUSE Linux Enterprise Point of Service 11
add-on directly on a Point of Service Machine.
NOTE: Access Rights
This implementation of the POSBranch Server allows the Point of Service applications to run under a non-root account.
1.4 Images
SUSE Linux Enterprise Point of Service is designed to automate the rollout of Point of
Service terminals as much as possible. To assist this automation, the product makes
extensive use of image building technology. For each type of terminal, whether it is a
non-graphical system or a graphical environment, you can create customized images
to be downloaded automatically from the Branch Server when the terminal boots.
Product Overview 13
1.4.1 Types of Images
To help get you started, SUSE Linux Enterprise Point of Service comes with a set of
pre-built image les that you can customize to set up your own system. Every Point of
Service terminal requires two images: a boot image and a system image. You can also
create your own images using Image Creator or KIWI. For more information, refer to
Chapter 12, Building Images with the Image Creator Tool (page 163) and Chapter 13,
Building Images with KIWI (page 173).
The boot images contain the kernel and a bootstrap image (initrd), providing the
minimum your Point of Service terminals need to initially start up from a bootable CD
or USB stick, or from the network (via remote boot technology). The following boot
images templates are available for SUSE Linux Enterprise Point of Service 10:
isoboot
This boot image template creates all the les and directories required to boot
diskless and preinstalled disk-equipped systems from CD. This boot image must
be combined with a system image to create a CD that can be used to boot the Point
of Service terminal.
usbboot
This boot image template creates all the les and directories required to boot
diskless and pre-installed disk-equipped systems from a USB stick.
netboot
This boot image template creates all the les and directories (including partitioning
and boot loader installation) required to boot diskful and diskless terminals from
the network over Preboot Execution Environment (PXE) and DHCP. The kernel
and the initrd are stored at the Branch Servers and they are downloaded to the
terminals using TFTP.
The following system image templates are specially designed for the most common
types of retail Point of Service terminals:
Minimal
The Minimal image contains only the runtime environment for native-code applications (C and C++) and the ncurses library for non-graphical user interface support.
The Minimal image supports only console-based applications.
14 SUSE Linux Enterprise Point of Service Guide
Maximum image size: 128 MB (compressed), minimum size of RAM required to
boot the image: 64 MB
Graphical
The Graphical image includes the features of the Minimal image and essential
graphical interface capabilities (the X Window System and a lightweight Window
Manager), as well as the ability to run Java programs. It supports console-based
C/C++ applications, Java programs in a Java2 runtime environment, X11 applications, and basic browser-based applications.
Maximum size: 120 MB (compressed), minimum size of RAM required to boot
the image: 256 MB
All system images are based on SUSE Linux Enterprise Server. You can extend Point
of Service system images to include add-on features such as:
• Advanced Linux Sound Architecture (ALSA) library for audio support
• additional device drivers
• GNOME or KDE desktop environments
• IBM™ Java technology support
• Firefox and other Web browsers
• Samba 3 Client for SMB/CIFS connectivity to Microsoft™ Windows™ servers
• VNC 4 Remote Control Client to allow other computers to remotely control the
terminal
System images that you create are initially stored on the Administration Server (or on
the Image Building Server, if you have chosen to set up a dedicated Image Building
Server). Before you deploy your Point of Service terminals, you run a script to transmit
the system images via the RSYNC to specic directories on the Branch Server where,
in turn, they can be downloaded to Point of Service terminals at boot time.
When a Point of Service terminal is started for the rst time, it performs a PXE boot
(or boots from CD or USB stick) and then registers with the Branch Server to obtain
the information it needs to download its system image. The TFTP service on the Branch
Server automatically delivers the matching system image to the Point of Service terminal.
Product Overview 15
To make this work as designed, you must create reference objects in the LDAP directory
for the types of Point of Service terminals you intend to deploy in your system. For
detailed information, refer to Section 7.4, “Creating the Required LDAP Objects”
(page 72). Taking the time to correctly create and congure these objects on install of
the Branch Servers saves you from separately managing the startup of each Point of
Service terminal.
1.4.2 KIWI and Image Creator
To create the images for the Point of Service terminals, SUSE Linux Enterprise Point
of Service includes both a command line tool (KIWI) and a graphical front-end for
KIWI: Image Creator. Install the image building tools by selecting the SLEPOS Image
Server and the SLEPOS Images software patterns in YaST.
When you build images for the Point of Service terminals, all the information required
to run a Point of Service terminal—the Linux operating system, drivers, conguration
settings, application les, and so forth—can be compiled into a single image le. This
le can then be electronically distributed to Point of Service terminals over the network.
Additionally, you can generate an ISO version of the image le that can be burned to
a CD or copied to a USB stick for manual distribution.
For detailed information on KIWI and Image Creator, refer to Chapter 13, Building
Images with KIWI (page 173) and Chapter 12, Building Images with the Image Creator
Tool (page 163).
1.5 SUSE Linux Enterprise Point of Service Deployment
SUSE Linux Enterprise Point of Service requires the following components for a
functional system:
• Administration Server
• Image Building Server
• Branch Servers
16 SUSE Linux Enterprise Point of Service Guide
• Point of Service terminals
The way in which these components are deployed depends on your system requirements.
For example, systems that maintain hundreds of system images might require a dedicated
Image Building Server, whereas smaller systems can have the image building utilities
installed on the Administration Server. Similarly, some customers might install the
Administration and Branch Servers on a single box, while others deploy the Branch
Server on a Point of Service terminal.
The exibility of the architecture provides broad saleability so that in large environments
components can be distributed to improve system performance, while in smaller environments components can be consolidated to maximize the use of system resources.
1.5.1 Design Guidelines for Large
Environments
Every retail environment is different in terms of network speed, server hardware, Point
of Service terminal hardware, size of images, frequency of updates, etc. This section
presents some design guidelines for large environments.
The recommended maximum number of Point of Service terminals being serviced by
a single Branch Server is 100. You can adjust this number up or down depending on
how frequently the Point of Service terminals are reimaged and whether you can control
when the terminals come online.
NOTE: Time for Booting
For every 100 terminals coming online at the same time, it can take up to 10
minutes for the terminals to download larger graphical images. If the terminals
are simply booting from an existing image, it can take 2-3 minutes per 100
terminals.
1.5.2 Installation and Setup
The following summary outlines the general steps required to deploy a SUSE Linux
Enterprise Point of Service system. It also identies the conguration options for each
system component and notes where you can go to nd detailed instructions.
Product Overview 17
Install the Administration Server using one of the following congurations:
1
• Install an Administration Server that includes the image building utilities
(KIWI and Image Creator) and all the les and directories required to create
Point of Service images. For detailed instructions, see Chapter 4, Setting Up
the Administration Server (page 35).
• Install an Administration Server and a dedicated Image Building Server. For
detailed instructions, see Chapter 5, Setting Up a Dedicated Image Building
Server (page 47).
• Install an Admin/Branch Server combination.
Create the LDAP directory on your Administration Server. For detailed instruc-
2
tions, see Section 4.2, “Initializing the LDAP Directory” (page 38).
Create the Point of Service images required to deploy your Point of Service ter-
3
minals.
Copy the image les you have created to the appropriate directories on the Ad-
4
ministration Server so they will be ready for the Branch Servers to download.
IMPORTANT: Location of the System Images
System images must be located in /srv/SLEPOS/image/ and boot
images must be located in /srv/SLEPOS/boot/ on the Administration
Server before the rsync can transmit the images to the Branch Server.
Create the required LDAP objects for each Branch Server and its Point of Service
5
terminals in the LDAP tree. For detailed instructions, see Section 6.4, “Creating
Branch Server Objects in LDAP” (page 55).
Install the Branch Servers using one of the following congurations:
6
NOTE: Conguring Admin/Branch Server Combinations
If you install an Admin/Branch Server combination, this step is already
completed.
18 SUSE Linux Enterprise Point of Service Guide
• Install a standard Branch Server. For detailed instructions, see Chapter 6,
Setting Up a Branch Server (page 49).
• Install a high availability Branch Server cluster of two nodes in an active/passive setup. For general information on how to set up a high availability envi-
ronment, refer to the High Availability Guide, available from http://www
.novell.com/documentation/sles11/.
• For stores where the Branch Server is only running the Point of Service infrastructure (i.e. the Branch Server is running no additional applications),
the Branch Server can be installed as a control terminal running on Point of
Service hardware.
After a Branch Server is installed, you must complete the following steps to ini-
7
tialize the Branch Server, before attempting to boot its Point of Service terminals:
7a
Run the posInitBranchserver.sh script to initialize and congure
the Branch Server.
7b
Run possyncimages.pl to download the Point of Service images from
the Administration Server to the /srv/tftpboot directories on the Branch
Server. For detailed instructions, see Section 6.5, “Downloading Images
from the Administration Server” (page 64).
7c
Start the core script (posleases2ldap) as a daemon process on the Branch
Server. This script controls all other scripts. For more information, see Section 6.6, “Starting the Core Script” (page 65).
Deploy the Point of Service terminals, following the general instructions in
8
Chapter 7, Deploying Point of Service Terminals (page 67).
Depending on your network conguration and terminal hardware, you must
prepare the Point of Service terminals to boot using one of the following procedures:
• If the Point of Service terminals have access to the network, the terminals
can PXE boot and download their image les from the Branch Server. This
method is typically used for workstations that aren't equipped with a hard
Product Overview 19
disk. For more information on this process, see Section 7.8.1, “Network PXE
Boot” (page 103).
• If the Point of Service terminals do not have access to the network, create
an isoboot or a usbboot image and deploy the image at the terminal. This
method can be used for workstations that either are or aren't equipped with
a hard disk, and have a CD drive or a USB port. For information on the isoboot process, see Section 7.8.2, “Booting from CD (isoboot)” (page 108) .
• If a Point of Service terminal cannot boot from the network or from a CD,
it attempts to boot from the hard drive. For more information, see Section 7.8,
“Booting the Point of Service Terminal” (page 102).
Test your SUSE Linux Enterprise Point of Service installation to ensure that it
9
is functioning correctly. For detailed instructions, see Chapter 9, Testing Your
SUSE Linux Enterprise Point of Service Environment (page 117).
20 SUSE Linux Enterprise Point of Service Guide
SUSE Linux Enterprise Point of Service Installation
SUSE Linux Enterprise Point of Service is distributed as an add-on product for SUSE
Linux Enterprise Server 11 system. To install SUSE Linux Enterprise Point of Service
11 server, install the SUSE Linux Enterprise Server 11 base system rst. You can
choose to install the SUSE Linux Enterprise Point of Service add-on together with your
base system during the initial installation process, or you can install the SUSE Linux
Enterprise Point of Service add-on on top of an already-installed base system at any
later time.
2.1 Installation During the Initial Installation Process
To install SUSE Linux Enterprise Point of Service add-on together with your base
system during the initial installation process, follow these steps:
Start SUSE Linux Enterprise Server 11 installation as usual. For more information,
1
see the SUSE Linux Enterprise Server documentation.
To include the SUSE Linux Enterprise Point of Service add-on product, check
2
the Include Add-On Products from Separate Media option in the Installation
Mode dialog in the System Analysis step and click Next.
2
Click Add and, if you are installing SUSE Linux EnterprisePoint of Service from
3
a CD medium, select CD as the source type. If you are installing from a different
source, such as NFS or HTTP, choose the appropriate source type. Click Next.
SUSE Linux Enterprise Point of Service Installation 21
If you are installing from CD, insert the SUSE Linux Enterprise Point of Service
4
add-on product CD. If you are installing from a different source, provide the
necessary source. Click Continue.
Conrm the SUSE Linux Enterprise Point of Service license agreement and click
5
Next.
The SUSE Linux Enterprise Point of Service add-on product is displayed in the
6
overview. Click Next and continue with the installation as usual.
In the Software Selection and System Tasks dialog, select the SUSE Linux Enter-
7
prise Point of Service patterns appropriate for the type of server you are installing.
For Administration Server, select the SLEPOS Admin Server pattern. For Image
Building Server, select the SLEPOS Image Server and SLEPOS Image Descrip-
tions patterns. For Branch Server, select the SLEPOS Branch Server pattern. You
can combine the patterns to install a server with multiple functions (for example
an Administration Server with image building capabilities).
Continue with installation as usual. Make sure to uncheck the Clone This System
8
for AutoYaST option before clicking Finish at the end of the installation procedure.
WARNING: Cloning the System for AutoYaST Must Be Disabled
When installing SUSE Linux Enterprise Point of Service, cloning the system
for AutoYaST at the end of the installation procedure must be disabled.
2.2 Installation On Top of an Already Installed System
To install SUSE Linux Enterprise Point of Service on top of an already installed base
system, follow these steps:
Start YaST and select Software > Add-On Products > Add.
1
Select media type to be used for installation. If you are installing SUSE Linux
2
Enterprise Point of Service from a CD medium, select CD as the source type. If
you are installing from a different source, such as NFS or HTTP, choose the appropriate source type. Click Next.
22 SUSE Linux Enterprise Point of Service Guide
If you are installing from CD, insert the SUSE Linux Enterprise Point of Service
3
add-on product CD. If you are installing from a different source, provide the
necessary source. Click Continue.
Conrm the SUSE Linux Enterprise Point of Service license agreement and click
4
Next.
Select the type of server to be installed or Detailed Selection to choose any
5
combination of patterns or packages you need. Click Accept to perform the installation.
SUSE Linux Enterprise Point of Service Installation 23
Basic Conguration
This chapter describes the basic conguration of a SUSE Linux Enterprise Point of
Service system. More details are covered in the following chapters.
3.1 Setting Up the Administration Server
The following procedure describes the installation process of the SLEPOS11 Administration Server:
1
Make sure the SLEPOS Admin Server pattern is installed on the machine
that is to be congured. For more information about installation, see Chapter 2,
SUSE Linux Enterprise Point of Service Installation (page 21).
Initialize the LDAP server on Administration Server with the
2
posInitAdminserver.sh command. Follow the on-screen instructions.
Initialize the LDAP database on the Administration Server:
3
3a
Use the posAdmin.pl script to add an organizational Unit object
as described in Section 6.4.1, “Creating organizationalUnit Objects”
(page 55).
3
3b
Use the posAdmin.pl script to add a scLocation object as described
in Section 6.4.2, “Adding an scLocation Object” (page 56).
Basic Conguration 25
IMPORTANT: The New --userPassword Attribute
The new mandatory attribute --userPassword was introduced in
SLEPOS11. This password is needed when conguring a Branch
Server.
3c
Use the posAdmin.pl script to add a scServerContainer object as
described in Section 6.4.3, “Adding an scServerContainer and
scBranchServer Object” (page 60).
3d
Use the posAdmin.pl script to add a scBranchServer object as described in Section 6.4.3, “Adding an scServerContainer and
scBranchServer Object” (page 60).
3.1.1 Creating An Ofine Installation
Package
The basic conguration of the Administration Server is now nished. If you want to
initialize an ofine Branch Server without any internet connection, create an ofine
installation package:
1
To create an ofine installation package, use the posAdmin.pl --user
adminserveradmin --password adminserverpass --base
scLocationDN --generate command.
For example, for the Boston organizational unit of mycorp company, located
in the East district, use: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=east,ou=boston,o=mycorp,c=us --generate
2
The generated ofine installation package is located in the /var/share/
SLEPOS/OIF/scLocation.tgz le. For the company mentioned earlier,
the le name is /usr/share/SLEPOS/OIF/east.boston.mycorp.us.
26 SUSE Linux Enterprise Point of Service Guide
3.2 Setting Up the Branch Server
The following procedure describes the basic conguration of a SLEPOS11 Branch
Server. The Branch Server conguration can be performed in online or ofine mode.
Before conguring a Branch Server, check if the following conditions are met:
•
The Branch server pattern must be installed on the machine to be congured.
If it is missing, install it. For more information about SLEPOS11 installation, see
Chapter 2, SUSE Linux Enterprise Point of Service Installation (page 21).
• The Administration Server and its LDAP database must be congured and initialized
as described in Section 3.1, “Setting Up the Administration Server” (page 25). For
more information about LDAP database conguration and initialization, see Section 4.2, “Initializing the LDAP Directory” (page 38).
• An internet connection to the Administration Server or the ofine installation
package must be available. If the internet connection is available, follow the procedure described in Section 3.2.1, “Online Branch Server Installation” (page 27). If
the ofine installation package is available, follow the procedure described in
Section 3.2.2, “Ofine Branch Server Installation” (page 29).
3.2.1 Online Branch Server Installation
The following procedure describes the installation process of an SUSE Linux Enterprise
Point of Service11 Branch Server if an internet connection to the Administration
Server is used:
1
Execute the posInitBranchserver.sh script.
The posInitBranchserver.sh script asks for the installation mode to be
used. For the default online installation enter 1 or just press Enter.
2
Provide the required information. Enter the company name (organization),
organizational unit (organizationalUnit) and branch name (scLocation)
as initialized on the Administration Server (and as specied in the LDAP
database). Enter the resolvable and connectible name or the IP address of the
Administration Server. Enter the Branch Server password dened when the
Basic Conguration 27
scLocation object was created using posAdmin.pl on the Administration
Server.
The script checks the resolvability of the Administration Server IP address and
3
tries to download Administration Server certicates. The certicates are then
used for the automatic establishment of encrypted SSL communication. If no
certicates are found, unencrypted communication is used.
If an Administration Server certicate is found, you are asked to acknowledge
its ngerprint and validate it.
The script asks if you want to create and use a local branch LDAP database on
4
the Branch Server. It is a separate LDAP database. It contains a copy of the
subtree from the Administration Server LDAP database which corresponds to
this Branch Server. This is a part of the SUSE Linux Enterprise Point of Service11
ofine functionality feature. The recommended default setting is yes.
If your choice is yes, the script initializes a local branch LDAP database. If your
choice is no, enter hostname or IP address of an already initialized LDAP
database.
The script issues a command to start LDAP SyncRelp replication to create a copy
5
of the branch subtree from the Administration Server LDAP database.
If everything is in order, the script nds the branch server domain in the Admin-
6
istration Server LDAP database and prints information about the found domain.
The script asks for a nal conrmation before it congures and starts the core
7
Branch Server services.
If everything is in order, the script nishes successfully. If any error is encountered
8
it is reported and logged in syslog.
NOTE: Aborting the Script
If you select no in any conguration step, except when selecting not to
use a local branch LDAP, script deletes all its intermediate data and exits.
28 SUSE Linux Enterprise Point of Service Guide
3.2.2 Ofine Branch Server Installation
The following procedure describes the installation process of an SUSE Linux Enterprise
Point of Service11 Branch Server without internet connection:
1
Preferably, execute posInitBranchserver.sh -f
pathToOfflineInstallationFile. You can also execute the
posInitBranchserver.sh script without options and select 2 when asked
for the installation mode to be used.
2
Provide the required information. Enter the company name (organization),
organizational unit (organizationalUnit) and branch name (scLocation)
as initialized on the Administration Server (and as specied in the LDAP
database). Enter the resolvable and connectible name or the IP address of the
Administration Server. Enter the Branch Server password dened when the
scLocation object was created using posAdmin.pl on the Administration
Server.
If an ofine installation le was provided in the rst step, the default values from
the le are used.
In the ofine installation mode, the script does not check resolvability of the
3
Administration Server IP address. Server certicates are copied from the ofine
installation le, if present.
If an Administration Server certicate is found, you are asked to acknowledge
its ngerprint and validate it. SSL communication is then automatically established. If no certicate is found, unencrypted communication is used.
The script asks if you want to create and use a local branch LDAP database on
4
the Branch Server. This local database contains a copy of the subtree from the
Administration Server LDAP database, which corresponds to this Branch Server.
This is a part of the SUSE Linux Enterprise Point of Service11 ofine function-
ality feature. The recommended default setting is yes.
If you select yes, the script initializes a local branch LDAP database. If you select
no, enter hostname or IP address of an already initialized LDAP database.
Basic Conguration 29
5
The script initializes the local branch LDAP database using the ldapadd command from the ofine installation le.
In the ofine installation mode, it is not yet possible to nd the branch server
6
domain. Therefore, if there is no internet connection, the attempt fails and the
script terminates. However if there is a connection to the Administration Server,
the script nds the branch server domain in the Administration Server LDAP
database and prints information about the found domain.
The script asks for a nal conrmation before it congures and starts the core
7
Branch Server services.
If everything is OK the script nishes successfully. If an error is encountered it
8
is reported and logged in syslog.
NOTE: Aborting the Script
If you select no in any conguration step (except when you select not
to use a local branch LDAP), the script deletes all its intermediate data
and exits.
NOTE: Administration and Branch Server Combination
If the administration and branch servers are being congured on a single machine, no certicates are used and the SSL communication is disabled. Also,
there is no local branch LDAP database created, as the ofine functionality is
not needed.
3.3 Adding a Point of Service Terminal
The process of adding a Point of Service terminal to SUSE Linux Enterprise Point of
Service system consists of the following steps:
The POS machine, connected to the Branch Server, is started. The POS machine
1
downloads the booting image.
30 SUSE Linux Enterprise Point of Service Guide
2
The POS machine uploads the hwtype.MAC le (for example hwtype.00:
11:25:A7:D6:0D) into the /srv/tftpboot/upload directory.
3
The posleases2ldap.pl script uses this le and the information in the
LDAP database to create the config.MAC le (for example config.00:
11:25:A7:D6:0D) in the /srv/tftpboot/CR directory.
4
The POS machine uses the information in the config.MAC le to load the
correct image, and boots up.
The third step is the most important part of this process. The following conditions must
be met to complete it successfully:
•
The hwtype.MAC le must be present in the/srv/tftpboot/upload directory.
NOTE: Conguration Without an External DHCP Server
If an external DHCP server is not used, the terminal must get the IP address
from the Branch Server (its MAC address must be listed in the /var/lib/
dhcp/db/dhcpd.leases le).
This occurs when the system was set by posInitBranchserver.sh
with EXT_DHCP=FALSE in the LDAP database under scLocation corresponding to this Branch Server. POS terminal then gets its IP address from
the DHCP server on the Branch Server.
• The correct image le and its checksum le must be located on the Branch Server
in the in the /srv/tftpboot/image directory. These les should be download-
ed before from the Administration Server. For more information, see chapters
Section 6.5, “Downloading Images from the Administration Server” (page 64).
Example 3.1
/srv/tftpboot/image/myGraphical_test.i686-3.1.4
/srv/tftpboot/image/myGraphical_test.i686-3.1.4.md5
Example Image and Checksum Files
• An associated object representing the used image le must exist in the LDAP
database.
Basic Conguration 31
Image objects are typically located in the global container under the default
scDisributionContainer. To add the image to the default
scDisributionContainer use the command: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=default,cn=global,o=mycorp,c=us --add --scPosImage
--cn myGraphical --scImageName myTestGraphical
--scPosImageVersion "3.1.4;active" --scDhcpOptionsRemote
/boot/pxelinux.0 --scDhcpOptionsLocal LOCALBOOT
--scImageFile myGraphical_test.i686 --scBsize 8192
• An associated object representing the cash register must exist in the LDAP database.
This scCashRegister object can represent either a specic machine or a
generic machine. The generic object is used if a specic image is not found for the
given machine. In either case, the scCashRegister must have a hardware
subobject like scRamDisk or scHarddisk which species where and how the
image should be deployed.
The name of a machine is located in the uploaded hwtype.MAC le under a
HWTYPE entry.
To add a scCashRegister object for a specic machine (with
HWTYPE=cshr4152), use the command: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=global,o=mycorp,c=us --add --scCashRegister --cn
cr-test --scCashRegisterName cshr4152 --scPosImageDn
cn=myGraphical,cn=default,cn=global,o=mycorp,c=us (note
the scCashRegisterName name and an image reference according to the previous example in --scPosImageDn).
When deploying to a harddisk (detected on terminal as /dev/sda device) of our
specic machine, use the command: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=cshr4152,cn=global,o=mycorp,c=us --add --scHarddisk
--cn sda --scDevice /dev/sda --scHdSize 9000
--scPartitionsTable "1000 82 x;8000 83 /" (remark: the specic
choice of --cn name is not important)
32 SUSE Linux Enterprise Point of Service Guide
When deploying to a ramdisk of our specic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=cshr4152,cn=global,o=mycorp,c=us --add
--scRamDisk --cn ram --scDevice /dev/ram1
To add a scCashRegister object for a generic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=global,o=mycorp,c=us --add
--scCashRegister --cn cr-test-default
--scCashRegisterName default --scPosImageDn
cn=myGraphical,cn=default,cn=global,o=mycorp,c=us (note
the scCashRegisterName name ).
When deploying to a harddisk of our generic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=cr-test-default,cn=global,o=mycorp,c=us
--add --scHarddisk --cn sda --scDevice /dev/sda
--scHdSize 9000 --scPartitionsTable "1000 82 x;8000 83
/"
When deploying to a ramdisk of our generic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=cr-test-default,cn=global,o=mycorp,c=us
--add --scRamDisk --cn ram --scDevice /dev/ram1
•
The posleases2ldap.pl process is started and running.
If all the conditions are satised, at the time the posleases2ldap.pl checks the
upload directory, the new config.MAC is created or overwritten and the uploaded
le hwinfo.MAC deleted.
The generated config.MAC le should contain lines reecting values in the LDAP
database (the IP address is the address of the tftp service specied in ipHostNumber
under tftp scService object in the scBranchserver in the relevant
scLocation).
If deploying to a hard drive, assuming the tftp server has IP address 192.168.90.1, the
following lines should be present :
Basic Conguration 33
IMAGE=/dev/sda2;myGraphical_test;3.1.4;192.168.90.1;8192
PART=1000;82;x,8000;83;/
DISK=/dev/sda
If deploying to a ram disk, the following line should be present:
IMAGE=/dev/ram1;myGraphical_test;3.1.4;192.168.90.1;8192
34 SUSE Linux Enterprise Point of Service Guide
Setting Up the Administration Server
The Administration Server is the central administration point for SUSE® Linux Enterprise Point of Service. All system information (system structure, the conguration and
deployment method for each Branch Server and Point of Service terminal, image information, and so forth) is stored in an LDAP directory on the Administration Server. The
Administration Server is also the central distribution point for the images required to
boot and congure Point of Service terminals, and can run the utilities required to build
those images. Set up an Administration Server either with or without the image building
software.
NOTE: Creating an Image Building Server
The utilities required to build Point of Service images can be installed with the
Administration Server or on a dedicated image building server. For more information on creating a dedicated image building server, see Chapter 5, Setting
Up a Dedicated Image Building Server (page 47).
NOTE: Meeting the System Requirements
For a list of system requirements to set up an Administration Server, refer to
Section 1.2.1, “Administration Server” (page 3).
4
Setting Up the Administration Server 35
4.1 Administration Server
Conguration
To congure the Administration Server, follow these steps:
1
Check if the SLEPOS Admin Server pattern is installed on the machine to
be congured. If it is missing, install it. For more information about installation,
see Chapter 2, SUSE Linux Enterprise Point of Service Installation (page 21).
If you want to use Administration Server to build Point of Service images, select
also the Image server and Images patterns. If you want to use a standalone
Image Building Server, these patterns are not needed.
Initialize the LDAP server on Administration Server with the
2
posInitAdminserver.sh command. Follow the on-screen instructions.
For more information about the LDAP initialization, see Section 4.2, “Initializing
the LDAP Directory” (page 38).
Initialize the LDAP database on the Administration Server:
3
3a
Use the posAdmin.pl script to add an organizationalUnit object
as described in Section 6.4.1, “Creating organizationalUnit Objects”
(page 55).
3b
Use the posAdmin.pl script to add a scLocation object as described
in Section 6.4.2, “Adding an scLocation Object” (page 56).
IMPORTANT: The New --userPassword Attribute
The new mandatory attribute --userPassword was introduced in
SLEPOS11. This password is needed when conguring a Branch
Server.
3c
Use the posAdmin.pl script to add a scServerContainer and
scBranchServer objects as described in Section 6.4.3, “Adding an
scServerContainer and scBranchServer Object” (page 60).
36 SUSE Linux Enterprise Point of Service Guide
Make sure the rsync port (usually 873) is open on the Administration Server.
4
The rsync port is not open in the default SLES11 installation. You have to add
it by adding its number in the YaST Firewall module under Allowed Services >
Advanced > TCP Ports.
The basic conguration of the Administration Server is now nished. If you want
5
to initialize an ofine Branch Server without any internet connection, create an
ofine installation package, as described in Section 4.3, “Creating An Ofine
Installation Package” (page 40).
4.1.1 Changing Admin server password
To change Admin server password, you need to edit /etc/openldap/slapd.conf
and replace both lines containing rootpw old_hashed_password with a new
hashed password. You can get the new hashed password with the slappasswd com-
mand. You can change the password by entering the following commands in the command line:
1
rcldap stop
2
sed -i -e 's;rootpw.*$;rootpw '`slappasswd -c
"new_password"`';' /etc/openldap/slapd.conf:x
3
rcldap start
The password stored in /etc/SLEPOS/adminserver.conf needs to be changed
and reencoded as well. Enter the following command in the command line to change
it:
sed -i -e 's;POS_ADMIN_PASSWORD=.*$;POS_ADMIN_PASSWORD='`echo
"new_password" | openssl enc -aes128 -kfile "/etc/SLEPOS/salt
.key" -a`';' /etc/SLESPOS/adminserver.conf
Setting Up the Administration Server 37
4.2 Initializing the LDAP Directory
All system information (system structure, the conguration and deployment method
for each Branch Server, available system images, and Point of Service terminal types)
is stored in an LDAP directory on the Administration Server.
SUSE Linux Enterprise Point of Service uses the OpenLDAP directory service. The
posInitLdap script denes the LDAP directory schema and the initial records for
OpenLDAP. It cannot add a SUSE Linux Enterprise Point of Service LDAP directory
to an existing OpenLDAP tree; it creates an entirely new LDAP directory tree.
To create the SUSE Linux Enterprise Point of Service LDAP directory for OpenLDAP:
After you have installed the SUSE Linux Enterprise Point of Service Administra-
1
tion Server, log in as root on the Administration Server.
Congure the rewall running on the Administration Server to allow trafc on
2
the ldap and ldaps ports, 389 TCP/UDP and 636 TCP/UDP, respectively. Do this
by using the YaST Firewall module (yast2 firewall).
3
Run posInitAdminserver.sh.
Specify your company name without spaces or special characters.
4
Specify the two-letter code of your country.
5
Use de for Germany, us for United States, uk for United Kingdom, and so forth.
Specify the LDAP administrator password. The password must be alphanumeric.
6
You are assigning the password for the LDAP directory administrator account.
The Branch Server uses this account to access the LDAP directory and this ac-
count is required to use posAdmin to add objects to the LDAP directory.
Determine if you want to use SSL when the Branch Server connects to the LDAP
7
directory on the Administration Server. The default is to not use SSL.
•
Select Y to use an SSL connection when the Branch Server connects to the
LDAP Directory.
38 SUSE Linux Enterprise Point of Service Guide
•
Select N to disable SSL.
IMPORTANT: Securing Your Server Communication
Using SSL/TLS to secure the connections between Administration Server
and Branch Servers is highly recommended.
posInitLdap creates the certicates and keys required to run SSL regardless
of whether or not SSL is enabled. This allows you to switch to SSL at a later
time.
IMPORTANT: Regenerating SSL Certicates
If you need to regenerate your SSL certicates at a later point in time,
use the posInitAdminserver.sh --r command. This command
generates new certicates and deletes old ones.
The keys and certicates are located in the /etc/SLEPOS/keys directory on
both the Administration and Branch Servers.
8
posInitLdap provides a summary of the LDAP directory data based on your
input. If all data is correct, press Enter.
If there is something wrong with the input data, abort the installation by pressing
Ctrl + C.
The script initializes the basic LDAP database structure and performs some tests,
9
then displays a summary of the conguration and test results. When the tests are
successfully completed, the script displays a conrmation alert.
After you run posInitLdap, the LDAP directory is initialized on the Administration
Server, and the LDAP service is available. At this point, you should have a basic tree
structure with a root, a Country container, and an Organization container.
You can verify that the LDAP structure is accessible using an ldapsearch command.
Use a syntax similar to the rst example when using SSL. For setups without SSL, use
a syntax similar to the second example.
ldapsearch -x -H ldaps://administration_server_name -b o=mycorp,c=us -s base
-D cn=admin,o=mycorp,c=us -w password
Setting Up the Administration Server 39
ldapsearch -x -H ldap://administration_server_name -b o=mycorp,c=us -s base
-D cn=admin,o=mycorp,c=us -w password
TIP: Setting the LDAP Debugging Level
Turn on a more verbose output for the ldapsearch command by enabling
the debug option with -d1.
4.3 Creating An Ofine Installation
Package
If you want to initialize an ofine Branch Server without any internet connection, create
an ofine installation package:
To create an ofine installation package, use:
1
posAdmin.pl --user adminserveradmin
--password adminserverpass
--base scLocationDN
--generate
For example, for the Boston organizational unit of mycorp company, located
in the East district, use:
posAdmin.pl --user cn=admin,o=mycorp,c=us
--password secret
--base cn=east,ou=boston,o=mycorp,c=us
--generate
2
The generated ofine installation package is located in the /var/share/
SLEPOS/OIF/scLocationDN.tgz le. For thecompany mentioned earlier,
the le name would be /usr/share/SLEPOS/OIF/east.boston
.mycorp.us.
4.4 Creating Point of Service Images
Before you can deploy Point of Service terminals, you must rst create image les that
contain the operating system and application les required to boot the terminals.
40 SUSE Linux Enterprise Point of Service Guide
SUSE Linux Enterprise Point of Service provides image templates that can be customized
and generated using the Image Creator tool. When you select the Image Server during
the Administration Server installation, the image creation utilities (Image Creator and
KIWI ) are installed on the Administration Server along with all the les and directories
required to create Point of Service images. For a detailed, step-by-step introduction to
building SUSE Linux Enterprise Point of Service images using Image Creator, refer to
Chapter 12, Building Images with the Image Creator Tool (page 163).
After you have created the images required for your Point of Service terminals, you
must copy the images to the appropriate directories on the Administration Server so
that the RSYNC service can transmit the images to the Branch Server. Depending on
whether the Administration Server and the Image Building Server are on the same
machine (or whether the images are built on a dedicated Image Building Server), use
the different copy procedures outlined in Section 4.6, “Copying the System Image Files”
(page 43).
To deploy a new image version, for example an image with updated packages from
online repositories, follow these steps:
Build new images as described in Chapter 12, Building Images with the Image
1
Creator Tool (page 163).
Deploy boot images as decribed in Section 4.5, “Copying the Boot Image Files”
2
(page 41).
Deploy system images as decribed in Section 4.6, “Copying the System Image
3
Files” (page 43).
4
Synchronize with the Branch Server with the possyncimages.pl and
posldap2crconfig.pl --dumpall command (see Section 7.4.7, “Acti-
vating Images” (page 86) for more information).
4.5 Copying the Boot Image Files
This section explains how to copy the default boot images (initrd and the Linux kernel
le) to the appropriate directories on the Administration Server, so they are ready to
be transferred to the Branch Servers. If the images have been built on the same machine,
use the following cp command or your favorite le browser :
Setting Up the Administration Server 41
1
Use the following command to copy the initrd le to the /srv/SLEPOS/boot
directory as initrd.gz (type the command all on one line):
cp
/var/lib/SLEPOS/system/images/image_name/initrd-netboot-image_name.architecture-version.gz
/srv/SLEPOS/boot/initrd.gz
2
Use the following command to copy the kernel le to the /srv/SLEPOS/boot
directory as linux (type the command all on one line):
cp
/var/lib/SLEPOS/system/images/image_name/initrd-netboot-image_name.architecture-version.kernel.kernel_version
/srv/SLEPOS/boot/linux
If the images have been built on a dedicated Image Building Server, use the scp command or the remote copy option of your le browser:
1
Use the following command to copy the initrd le to the /srv/SLEPOS/boot
directory as initrd.gz (type the command all on one line):
scp
/var/lib/SLEPOS/system/images/image_name/initrd-netboot-image_name.architecture-version.gz
adminserver_address:/srv/SLEPOS/boot/initrd.gz
2
Use the following command to copy the kernel le to the /srv/SLEPOS/boot
directory as linux (type the command all on one line):
scp
/var/lib/SLEPOS/system/images/image_name/initrd-netboot-image_name.architecture-version.kernel.kernel_version
adminserver_address:/srv/SLEPOS/boot/linux
4.5.1 Deploying Boot Images with a New
Kernel Version
If you build images with a new kernel version, you can preserve old le names and
overwrite existing images. In such a case, there is no need to update objects in LDAP
database.
42 SUSE Linux Enterprise Point of Service Guide
Alternatively, you can copy the new kernel and initrd to /srv/SLEPOS/boot with
new le names (for example initrd-2.6.27.25.gz and linux-2.6.27.25).
In such a case, you must create a new scDistributionContainer object (see
Section 10.3.5, “scDistributionContainer” (page 140) and add a new scPosImage
object to it (see Section 4.6.1, “Deploying New Versions of System Images” (page 44)).
4.6 Copying the System Image Files
System images must be located in the /srv/SLEPOS/image directory on the Administration Server. The boot image must be located in /srv/SLEPOS/boot. The
Branch Servers can then download the image les and deploy them on Point of Service
terminals. If the images have been built on the same machine, use the following cp
command or your favorite le browser :
1
Use the following command to copy the system images to the /srv/SLEPOS/
image directory (type the command all on one line):
cp
/var/lib/SLEPOS/system/images/image_name/image_name.architecture-version
/srv/SLEPOS/image/image_name.architecture-version
Use the following command to copy the corresponding MD5 checksum les to
2
the /srv/SLEPOS/image directory (type the command all on one line):
cp
/var/lib/SLEPOS/system/images/image_name/image_name.architecture-version.md5
/srv/SLEPOS/image/image_name.architecture-version.md5
3
You can compress the images with the gzip compression utility. Run the following command on Administration Server:
gzip /srv/SLEPOS/image/image_name.architecture-version
The compressed image is identied by the sufx .gz and handled accordingly,
no further actions are required. The POS scripts detect the .gz sufx and add a
“compressed” ag during config.MAC le generation (see also Section 7.7.1,
“The cong.MAC File” (page 94)).
Setting Up the Administration Server 43
If the images have been built on a dedicated Image Building Server, use the scp command or the remote copy option of your le browser:
1
Use the following command to copy the system images to the /srv/SLEPOS/
image directory (type the command all on one line):
scp
/var/lib/SLEPOS/system/images/image_name/image_name.architecture-version
adminserver_address:/srv/SLEPOS/image/image_name.architecture-version
Use the following command to copy the corresponding MD5 checksum les to
2
the /srv/SLEPOS/image directory (type the command all on one line):
scp
/var/lib/SLEPOS/system/images/image_name/image_name.architecture-version.md5
adminserver_address:/srv/SLEPOS/image/image_name.architecture-version.md5
4.6.1 Deploying New Versions of System
Images
If you build new system images, you can preserve old le names and overwrite existing
images. In such a case, there is no need to update objects in LDAP database.
Alternatively, you can copy the new image to a le with new version number. You
must add the new version (scPosImageVersion) to the related scPosImage
object (see Section 7.4.7, “Activating Images” (page 86)).
You can also use a new name and version number. In such a case, you must create a
new scPosImage (see Section 7.4.6, “Adding an scPosImage Object” (page 84)).
If the new image uses a different kernel version, the new scPosImage must be added
to the corresponding scDistributionContainer.
44 SUSE Linux Enterprise Point of Service Guide
4.7 What's Next
If you need to install a dedicated Image Building Server, follow the instructions in
Chapter 5, Setting Up a Dedicated Image Building Server (page 47) before you install
your Branch Servers.
The next step is to set up your Branch Servers. For information about setting a Branch
Server, refer to Chapter 6, Setting Up a Branch Server (page 49).
Setting Up the Administration Server 45
Setting Up a Dedicated Image Building Server
Although a dedicated image building server requires an additional server on your
SUSE® Linux Enterprise Point of Service network, it provides several advantages,
(particularly for large systems that manage a large number of Point of Service images).
Providing a dedicated image building server ofoads the processor and memory load
required to generate images from the Administration Server. It also protects the Administration Server and LDAP directory from any possible corruption or user errors that
might occur while building Point of Service images.
NOTE: Meeting System Requirements
For a list of system requirements to set up an Image Building Server, refer to
Section 1.2.2, “Image Building Server” (page 4).
To congure the Image Building Server, follow these steps:
Check if the following patterns are installed on the machine to be congured. If
1
they are missing, install them. For more information about installation, see
Chapter 2, SUSE Linux Enterprise Point of Service Installation (page 21).
SLEPOS Image Server
This pattern installs all the packages needed for image building.
5
SLEPOS Images
This pattern installs the basic image templates for SLEPOS.
Copy the image source les from the CDs to the image building server and dene
2
their location. SUSE Linux Enterprise Point of Service provides the
Setting Up a Dedicated Image Building Server 47
poscopytool.pl to simplify the process of managing the source les required
to build system images. For detailed information, refer to Section 11.2,
“POSCopyTool Command Line Options” (page 156).
Create system images required for your Point of Service terminals. For a detailed,
3
step-by-step introduction to building SUSE Linux Enterprise Point of Service
images using Image Creator, refer to Chapter 12, Building Images with the Image
Creator Tool (page 163).
Copy the image les and their corresponding MD5 checksums from the image
4
server to the /srv/SLEPOS/image directory on the Administration Server.
For detailed instructions, see Section 4.6, “Copying the System Image Files”
(page 43).
48 SUSE Linux Enterprise Point of Service Guide
Setting Up a Branch Server
The Branch Server provides the network boot and system management infrastructure
for the SUSE® Linux Enterprise Point of Service terminals as well as a generic system
platform for in-store applications, such as database systems and back-ends for the Point
of Service applications.
The Branch Server can be installed in two modes, online or ofine. The online installation mode requires an internet connection to the Administration Server. If no internet
connection to the Administration Server is available, the ofine installation mode can
be used.
If you intend to set up a high-availability Branch Server, check out the High Availabil-
ity Guide, available from http://www.novell.com/documentation/
sles11/. for general information.
NOTE: Setting Up a POSBranch Server
In the NLPOS9, a specialized POSBranch image was needed to setup a Branch
Server running on Point of Service hardware. There is no need for such a specialized POSBranch image now. Branch server on POS hardware can be installed
as a standard Branch Server.
6
NOTE: Meeting System Requirements
For a list of system requirements to set up an Branch Server, refer to Section 1.2.3, “Branch Server” (page 4).
Setting Up a Branch Server 49
6.1 Conditions to Congure a Branch
Server
Before conguring a Branch Server, check if the following conditions are met:
•
The Branch server pattern must be installed on the machine to be congured.
If it is missing, install it. For more information about SLEPOS11 installation, see
Chapter 2, SUSE Linux Enterprise Point of Service Installation (page 21).
• The Administration Server and its LDAP database must be congured and initialized
as described in Chapter 4, Setting Up the Administration Server (page 35). For
more information about LDAP database conguration and initialization, see Section 4.2, “Initializing the LDAP Directory” (page 38).
• Either internet connection to the Administration Server or the ofine installation
package must be available. If the internet connection is available, follow the procedure described in Section 6.2, “Online Branch Server Conguration” (page 51).
If the ofine installation package is available, follow the procedure described in
Section 6.3, “Ofine Branch Server Conguration” (page 53).
6.1.1 Branch Server Network Conguration
When conguring the network on a Branch Server, make sure the Write Hostname to
/etc/hosts option in the YaST Network Settings > Hostname/DNS dialog is not active.
If this option is active, the entry for the IP address 127.0.0.2 is written to /etc/
hosts. This entry breaks some SLEPOS scripts.
If you set a Branch Server with a static IP:
1.
Make sure, the Write Hostname to /etc/hosts option in the YaST Network Settings
> Hostname/DNS dialog option is not active.
2.
Enter manually Hostname in the Network Card Setup dialog to ensure the correct
hostname entry is written to /etc/hosts. Otherwise, the hostname may not be
resolvable.
50 SUSE Linux Enterprise Point of Service Guide
6.1.2 Changing Branch Server Password
On Admin server, change the password in ldap database. Enter the following command
in the command line. Replace $BRANCHNAME, $ORGUNIT, $COMPANY and
$COUNTRY variable with your congured values:
ldappasswd -x -d localhost -D
"cn=admin,o=$COMPANY>,c=$COUNTRY" -w "admin_password"
"cn=$BRANCHNAME,ou=$ORGUNIT,o=$COMPANY,c=$COUNTRY" -s
"new_branch_password"
On a Branch server, follow the same procedures as in Section 4.1.1, “Changing Admin
server password” (page 37), but with new Branch server password and Branch server
conguration le /etc/SLEPOS/branchserver.conf.
6.2 Online Branch Server
Conguration
The following procedure describes the installation process of an SUSE Linux Enterprise
Point of Service11 Branch Server if an internet connection to the Administration
Server is used:
1
Execute the posInitBranchserver.sh script.
The posInitBranchserver.sh script asks for the installation mode to be
used. For the default online installation enter 1 or just press Enter.
2
Provide the required information. Enter the company name (organization),
organizational unit (organizationalUnit) and branch name (scLocation)
as initialized on the Administration Server (and as specied in the LDAP
database). Enter the resolvable and connectible name or the IP address of the
Administration Server. Enter the Branch Server password dened when the
scLocation object was created using posAdmin.pl on the Administration
Server.
Setting Up a Branch Server 51
The script checks resolvability of the Administration Server IP address and tries
3
to download Administration Server certicates. The certicates are then used
for automatic establishment of encrypted SSL communication. If no certicates
are found, an unencrypted communication is used.
IMPORTANT: Administration Server's rsync Port Must Be Open
Make sure the rsync port (usually 873) is open on the Administration
Server. The rsync port is not open in the default SLES11 installation. You
have to add it by adding its number in the YaST Firewall module under
Allowed Services > Advanced > TCP Ports.
IMPORTANT: Branch Server's tftp Port Must Be Open
Make sure the tftp port (usually 69) is open on the Branch Server. This
port is not open in the default SLES11 installation. You have to add it by
adding its number in the YaST Firewall module under Allowed Services
> Advanced > TCP Ports.
If an Administration Server certicate is found, you are asked to acknowledge
its ngerprint and validate it.
The script asks if you want to create and use a local branch LDAP database on
4
the Branch Server. It contains a copy of the subtree from the Administration
Server LDAP database which corresponds to this Branch Server. This is a part
of the SUSE Linux Enterprise Point of Service11 ofine functionality feature.
The recommended default setting is yes.
If your choice is yes, the script initializes a local branch LDAP database. If your
choice is no, enter the hostname or IP address of an already-initialized LDAP
database.
The script issues a command to start LDAP SyncRelp replication to create a copy
5
of the branch subtree from the Administration Server LDAP database.
If everything is in order, the script nds the branch server domain in the Admin-
6
istration Server LDAP database and prints information about the found domain.
The script asks for a nal conrmation before it congures and starts the core
7
Branch Server services.
52 SUSE Linux Enterprise Point of Service Guide
If everything is in order, the script nishes successfully. If any error is encountered
8
it is reported and logged in syslog.
NOTE: Aborting the Script
If you select no in any conguration step (except when selecting not to
use a local branch LDAP), the script deletes all its intermediate data and
exits.
6.3 Ofine Branch Server
Conguration
The following procedure describes the installation process of a SUSE Linux Enterprise
Point of Service11 Branch Server in the case that an internet connection to the Administration Server is not used:
1
Preferably, execute posInitBranchserver.sh -f
pathToOfflineInstallationFile. You can also execute the
posInitBranchserver.sh script without options and select 2 when asked
for the installation mode to be used.
2
Provide the required information. Enter the company name (organization),
organizational unit (organizationalUnit) and branch name (scLocation)
as initialized on the Administration Server (and as specied in the LDAP
database). Enter the resolvable and connectible name or the IP address of the
Administration Server. Enter the Branch Server password dened when the
scLocation object was created using posAdmin.pl on the Administration
Server.
If an ofine installation le was provided in the rst step, the default values from
the le are used.
In the ofine installation mode, the script does not check resolvability of the
3
Administration Server IP address. Server certicates are copied from the ofine
installation le, if present.
Setting Up a Branch Server 53
If an Administration Server certicate is found, you are asked to acknowledge
its ngerprint and validate it. SSL communication is then automatically established. If no certicate is found, unencrypted communication is used.
The script asks if you want to create and use a local branch LDAP database on
4
the Branch Server. It contains a copy of the subtree from the Administration
Server LDAP database which corresponds to this Branch Server. This is a part
of the SUSE Linux Enterprise Point of Service11 ofine functionality feature.
The recommended default setting is yes.
If you select yes, the script initializes a local branch LDAP database. If you select
no, enter the hostname or IP address of an already-initialized LDAP database.
5
The script initializes the local branch LDAP database using the ldapadd command from the ofine installation le.
In ofine installation mode, it is not yet possible to nd the branch server domain.
6
Therefore, if there is no internet connection, the attempt fails and the script terminates. However if there is a connection to the Administration Server, the script
nds the branch server domain in the Administration Server LDAP database and
prints information about the found domain.
The script asks for a nal conrmation before it congures and starts the core
7
Branch Server services.
If everything is in order, the script nishes successfully. If any error is encountered
8
it is reported and logged in syslog.
NOTE: Aborting the Script
If you select no in any conguration step (except when you select not
to use a local branch LDAP), script deletes all its intermediate data and
exits.
NOTE: Administration and Branch Server Combination
If the administration and branch servers are being congured on a single machine, no certicates are used and the SSL communication is disabled. Also,
there is no local branch LDAP database created, as the ofine functionality is
not needed.
54 SUSE Linux Enterprise Point of Service Guide
6.4 Creating Branch Server Objects in LDAP
Before you can congure and deploy a Branch Server, you must rst create the necessary
objects in the LDAP directory stored on the Administration Server. All posAdmin.pl
calls must be executed on the Administration Server. These objects include:
•
One or more organizationalUnit objects (Section 6.4.1, “Creating organizationalUnit
Objects” (page 55)) to represent your organizational structure.
•
An scLocation object (Section 6.4.2, “Adding an scLocation Object” (page 56))
for each site where a Branch Server is located.
•
An scServerContainer (Step 1 (page 60)) to contain all the Branch Server objects
for a given site.
•
An scBranchServer object (Section 6.4.3, “Adding an scServerContainer
and scBranchServer Object” (page 60)) and its associated conguration objects
for each Branch Server in your system.
• Additional objects (Section 6.4.4, “Creating Point of Service Terminal Objects”
(page 63)) for the Point of Service terminals associated with each Branch Server.
NOTE: LDAP Object Attributes
Each LDAP object has two types of attributes: must and may attributes. The
must attributes are required for an object; the may attributes are optional. The
tables in this section list only those may attributes that are relevant to SUSE
Linux Enterprise Point of Service.
6.4.1 Creating organizationalUnit Objects
In a SUSE Linux Enterprise Point of Service system, Organizational Unit
(organizationalUnit) objects are containers that typically represent regions, di-
visions, or branches within a company. These objects can be nested to visually represent
the structure and organization of your company. Branch location objects are created in
Setting Up a Branch Server 55
organizationalUnit containers within the LDAP directory. Use only alphanumeric characters for ou objects.
Here is the posAdmin command syntax for adding an organizationalUnit object in
LDAP (type the command all on one line):
posAdmin.pl --user dn_of_admin_user --password password --base base_context
--add --organizationalUnit --ou ou_name [--description `string´]
Table 6.1, “Attributes for organizationalUnit Objects” (page 56) summarizes the organizationalUnit object attributes.
Table 6.1
--ou ou_name
--description
`string´
For example, the following command adds the boston organizational unit to the LDAP
directory and gives it the description “main headquarters”:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base
o=mycorp,c=us --add --organizationalUnit --ou boston --description 'main
headquarters'
The LDAP context of the newly created organizationalUnit is the
ou=boston,o=mycorp,c=us directory.
6.4.2
An scLocation object is typically used to represent a branch ofce (a site where a
Branch Server and Point of Service terminals are located). scLocation containers
are used to store information about the deployed Branch Servers and Point of Service
terminals. This and all other information that can be modied at the Branch Server
Attributes for organizationalUnit Objects
ExplanationTypeAttribute
must
may
Species the name of the organizational
unit. For example, --ou boston.
Contains a human-readable description
of the object.
Adding an scLocation Object
56 SUSE Linux Enterprise Point of Service Guide
should be stored or referenced in the Location containers to limit the need to grant write
privileges to subtrees.
Table 6.2, “posAdmin Options for Creating scLocation Objects” (page 57) summarizes the posAdmin command options for scLocation object attributes.
Here is the posAdmin command syntax to add an scLocation object in LDAP (type
the command all on one line):
posAdmin.pl --user dn_of_admin_user
--password password --base
base_context --add --scLocation --cn
location_name --ipNetworkNumber
network_address --ipNetmaskNumber
subnet_mask --scDhcpRange
ip_address,ip_address
--scDhcpFixedRange
ip_address,ip_address
--scDefaultGw ip_address --scDynamicIp TRUE |
FALSE --scDhcpExtern TRUE | FALSE --scWorkstationBaseName
string --scEnumerationMask
number --userPassword
branchpassword
Table 6.2
posAdmin Options for Creating scLocation Objects
--cn
--ipNetworkNumber
--ipNetmaskNumber
--scDhcpRange
must
must
must
DescriptionTypeOption
The common name of the location.must
The network address of the subnet of
the branch; for example,
192.168.1.0.
The netmask of the subnet of the
branch; for example,
255.255.255.0.
The dynamic IP address range of the
DHCP server of the subnet. This is
needed to register the Point of Service
terminals. It is a comma-separated val-
Setting Up a Branch Server 57
DescriptionTypeOption
ue pair; for example,
192.168.1.10, 192.168.1.54.
--scDhcpFixedRange
--scDhcpExtern
--scDefaultGw
--scDynamicIp
--scWorkstationBaseName
must
must
must
must
must
The xed IP address range of the
DHCP server reserved for the Point of
Service terminals. It is also a commaseparated value pair, such as
192.168.1.55, 192.168.1.88.
Allow an external DHCP server to be
used instead of setting up your own on
the Branch Server (TRUE or FALSE).
The default gateway for this location.
This is normally a router to the corporate wide area network.
This ag is used to enable or disable
registration of new terminals on the
branchserver when scDhcpExtern
is set to FALSE. Allowed values are
TRUE to enable or FALSE to disable
the registration mechanism.
The base name of the Point of Service
terminals of a branch used to create a
unique name for each terminal. It is
used in combination with the
scDhcpFixedRange attribute and
scEnumerationMask. For example,
using scWorkstationBaseName
CR, an scEnumerationMask of
000, and the above-mentioned
scDhcpFixedRange to build the
name of the Point of Service terminals
and their corresponding IP addresses,
58 SUSE Linux Enterprise Point of Service Guide
DescriptionTypeOption
the rst newly registered terminal gets
the name CR001 and the IP address
192.168.1.55. The next terminal
is named CR002 and gets the IP address 192.168.1.56, and so on. The
IP addresses are taken from the range
specied by scDhcpFixedRange.
--scEnumerationMask
must
Refers to
scWorkstationBaseName.
--associatedDomain
may
This optional entry congures the DNS
domain and the domain part of the
hostnames of the Point of Service terminals to be in the stated domain. If
this entry is left empty, the domain
consists of the LDAP structure of the
scLocation entry DN. With this
entry, a different domain can be chosen.
--userPassword
must
This mandatory entry congures the
Branch Server password for security
purposes. This password must be used
when installing a Branch Server using
the posInitBranchserver.sh
script.
The following command adds an scLocation named harbor to the LDAP directory
(type the command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base ou=boston,o=mycorp,c=us --add --scLocation --cn harbor
--ipNetworkNumber 192.168.1.0 --ipNetmaskNumber 255.255.255.0
--scDhcpRange 192.168.1.10,192.168.1.54
--scDhcpFixedRange 192.168.1.55,192.168.1.88
--scDefaultGw 192.168.1.254
--scDynamicIp TRUE --scDhcpExtern FALSE
--scWorkstationBaseName CR --scEnumerationMask 000
--userPassword branchpassword
Setting Up a Branch Server 59
6.4.3
Adding an scServerContainer and scBranchServer Object
There must be an scBranchServer object for every Branch Server in the system.
These objects store conguration information that is specic to each Branch Server.
An scBranchServer object contains information about hardware, at least one dened
network card, and services like TFTP, DNS, and DHCP. It is located with an
scLocation object in the LDAP tree.
IMPORTANT: Dening the Branch Server Hostname
The location of the scBranchServer object in the LDAP directory must
correspond to the hostname dened for the Admin/Branch Server during installation. For example, if the hostname is bs.east.boston.mycorp.us,
the dn of the scBranchServer object would be cn=bs,cn=server,
cn=east,ou=boston,o=mycorp,c=us. .
To add an scBranchServer object to the LDAP directory with posAdmin, proceed
as follows:
1
Before you can add the scBranchServer to an scLocation object, you
must dene an scServerContainer, using the --scServerContainer
and common name (--cn) options. For example (type the command all on one
line):
posAdmin.pl --user cn=admin,o=mycorp,c=us
--password secret
--base cn=east,ou=boston,o=mycorp,c=us
--add --scServerContainer --cn server
2
In the new scServerContainer, add a Branch Server object, using the
--scBranchServer and common name (--cn) options. For example (type
the command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=server,cn=east,ou=boston,o=mycorp,c=us
--add --scBranchServer --cn bs
60 SUSE Linux Enterprise Point of Service Guide
You can also dene the reference hardware with the --scRefServerDn option,
a pointer (Distinguished Name) to the global directory.
Add a network interface card (with a static IP address from the subnet dened
3
in the scLocation object) using the --scNetworkcard option and the
--scDevice and --scIpHostNumber attributes. For example (type the
command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us
--add --scNetworkcard --scDevice eth0 --ipHostNumber 192.168.1.1
Table 6.3, “posAdmin Options for Creating scNetworkcard Objects”
(page 61) summarizes the posAdmin command options for scNetworkcard
attributes.
Table 6.3
--scDevice
--ipHostNumber
--macAddress
--scModul
--scModulOption
--ipNetmaskNumber
posAdmin Options for Creating scNetworkcard Objects
DescriptionTypeOption
must
The name of the network device of
the card; for example, eth0 or eth1.
must
The IP address; for example,
192.168.1.1.
may
The MAC address of the network interface card.
may
The name of the Linux kernel module
for the network interface card.
may
The module options of the Linux
kernel module for the network interface card.
may
If the ipHostNumber is not inside
the dened subnet of the location, add
the netmask which belongs to the IP
Setting Up a Branch Server 61
DescriptionTypeOption
address assigned to the network interface card.
Set up the Branch Server services. At a minimum, dene the required DNS,
4
TFTP and DHCP services.
The following examples demonstrate how to add the DNS, DHCP, and TFTP
services.
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us
--add --scService --cn dns --ipHostNumber 192.168.1.1
--scDnsName dns --scServiceName dns --scServiceStartScript named
--scServiceStatus TRUE
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us
--add --scService --cn dhcp --ipHostNumber 192.168.1.1
--scDnsName dhcp --scServiceName dhcp
--scServiceStartScript dhcpd --scServiceStatus TRUE
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=bs,cn=server,cn=east,ou=boston,o=mycorp,c=us
--add - scService --cn tftp --ipHostNumber 192.168.1.1
--scDnsName tftp --scServiceName tftp
--scServiceStartScript atftpd --scServiceStatus TRUE
Table 6.4, “posAdmin Options for Creating scService Objects” (page 62)
summarizes the posAdmin command options for the scService object at-
tributes.
Table 6.4
posAdmin Options for Creating scService Objects
--cn
--ipHostNumber
62 SUSE Linux Enterprise Point of Service Guide
must
must
DescriptionTypeOption
The common name of the service.
The virtual IP address of the
HA Service.
DescriptionTypeOption
--scDnsName
--scServiceName
--scServiceStartScript
--scServiceStatus
must
must
must
must
The name of entry in the DNS
table under which the service
will be available.
The name of the service; for
example, dns, dhcp, tftp.
The name of the init script in
/etc/init.d; for example,
atftp for the TFTP service.
The status of the service
(TRUE or FALSE). FALSE
disables the service.
6.4.4 Creating Point of Service Terminal
Objects
Before you can boot the Point of Service terminals associated with a Branch Server,
you must create additional objects in the branch portion of the LDAP directory. These
include an scCashRegister object and its associated conguration objects for each
type of Point of Service terminal in your system, and scPosImage objects for the
system image les you want the Branch Server to distribute to Point of Service terminals.
For instructions on how to create these objects, see Section 7.4, “Creating the Required
LDAP Objects” (page 72).
Setting Up a Branch Server 63
6.5 Downloading Images from the Administration Server
After the Branch Server is up and running, you can run the possyncimages.pl
script to download the Point of Service images that have been created from the Admin-
istration Server to the /srv/tftpboot directories on the Branch Server.
1
Verify the scPosImage object settings for the Point of Service images in the
/srv/tftpboot/image directory.
Create the scPosImage objects and set the scPosImageVersion attribute
to Active before you boot the Point of Service terminals, so you can keep track
of the most recent image version before the images are copied. Manually remove
old images from the Administration Server to avoid pulling the same image twice.
For more information on setting the scPosImageVersion attribute to
Active, see Section 7.4.7, “Activating Images” (page 86).
2
Run possyncimages.pl at the Branch Server console to download the Point
of Service images.
The possyncimages.pl script can also be used to update Point of Service
images on the Branch Server. However, to implement image version changes,
you should also activate the version changes inside the corresponding
scPosImage objects in the LDAP directory, keeping track of the most recent
image versions and manually removing old images from the Administration
Server. This will help to avoid pulling the same image twice.
3
Verify the result of the possyncimages.pl command by checking the contents
of the following Branch Server directories:
•
/srv/tftpboot/boot
•
/srv/tftpboot/image
For more information on the Administration and Branch Server directory structure, see
Appendix C, SUSE Linux Enterprise Point of Service Files and Directory Structure
(page 219).
64 SUSE Linux Enterprise Point of Service Guide
6.6 Starting the Core Script
Start the core script (posleases2ldap) as a daemon process on the Branch Server.
The core script is responsible for registering any new Point of Service terminals at the
LDAP directory and transferring image install notication data to the LDAP directory
on the Administration Server.
•
To verify that posleases2ldap is currently running, execute the following
command:
rcposleases2ldap status
•
To manually start the posleases2ldap service, execute the following command:
rcposleases2ldap start
• To ensure the Branch Server automatically starts the core script at boot time, execute
the following command:
insserv posleases2ldap
The posASWatch script checks if the Administration server is available. It also checks
the status of LDAP Sync-replication and posleases2ldap core service. The service
is started with the rcposASWatch start command, and stopped with the
rcposASWatch stop command. To check the service status, use the
rcposASWatch status command.
IMPORTANT: Start the service manually
To ensure that local LDAP contains valid data, you need to start the service
after the Branch server is restarted. The service is NOT congured to start automatically by default.
To ensure that the Branch server starts the posASWatch script automatically
at boot time, execute the insserv posASWatch command.
Setting Up a Branch Server 65
NOTE: When the posASWatch service is not required.
If the Administration server is not used, or the Administration server and the
Branch server is a combo machine, this service is not required. When the
combo machine is congured and an attempt to start the service is made, the
service will exit with an error message.
You are now ready to deploy the Point of Service terminals. For more information on
this process, see Chapter 7, Deploying Point of Service Terminals (page 67).
66 SUSE Linux Enterprise Point of Service Guide
Deploying Point of Service Terminals
Point of Service terminals are the end point in the SUSE® Linux Enterprise Point of
Service architecture. They provide customer service functions such as Point of Service
terminals or bank teller workstations.
7.1 Operating System
The Point of Service terminal operating system is a minimal operating environment for
specialized Point of Service applications. There are different levels of Point of Service
operating environments, ranging from an extremely small console-based system to a
feature-rich Java™ and browser-capable graphical systems.
The type of operating system that can be installed on a Point of Service terminal is determined by the type of hardware that is available. For example, diskless systems can
support only a minimal operating environment such as a console-based system, while
Point of Service terminals that have a hard drive can support graphical environments.
Point of Service operating systems are downloaded to Point of Service terminals in
system image les. Each Point of Service terminal gets a system image based on its
associated hardware type conguration dened in the scCashRegister object of
the central LDAP directory—see Section 7.4, “Creating the Required LDAP Objects”
(page 72).
7
Deploying Point of Service Terminals 67
NOTE: The Default scCashRegister Object
If a Point of Service does not have an scCashRegister object for its specic
hardware type, it uses the conguration for the default scCashRegister
object. For more information on dening a default scCashRegister object,
see Section 7.4.1, “Adding an scCashRegister Object” (page 74).
A set of system image templates are provided with SUSE Linux Enterprise Point of
Service. Using Image Creator, you can customize these templates to provide additional
features, software packages, and conguration settings within the image. For a description of the system image templates provided with SUSE Linux Enterprise Point of
Service, see Section 1.4.1, “Types of Images” (page 14).
All system images have a common operating system base comprised of the following
components:
• Kernel modules for hardware, le system, and network support
•
GNU C and the standard C++ library (glibc and libstdc++)
• Bash and base le handling utility
• NTP client for time synchronization
• Multicast TFTP-capable TFTP client (atftp)
These components are created from SUSE Linux Enterprise Server 11 sources, along
with SUSE Linux Enterprise Point of Service 11 software packages.
7.2 Conditions to Add a Point of Service Terminal
The process of adding a Point of Service terminal to SUSE Linux Enterprise Point of
Service system consists of these four steps:
The POS machine, connected to the Branch Server, is started. The POS machine
1
downloads the booting image.
68 SUSE Linux Enterprise Point of Service Guide
2
The POS machine uploads the hwtype.MAC le (for example hwtype.00:
11:25:A7:D6:0D) into the /srv/tftpboot/upload directory.
3
The posleases2ldap.pl script uses this le and the information in the
LDAP database to create the config.MAC le (for example config.00:
11:25:A7:D6:0D) in the /srv/tftpboot/CR directory.
4
The POS machine uses the information in the config.MAC le to load the
correct image in a correct way and boots up.
The third step is the most important part of this process. The following conditions must
be met to complete it successfully:
•
The hwtype.MAC le must be present in the/srv/tftpboot/upload directory.
NOTE: Conguration Without an External DHCP Server
If an external DHCP server is not used, the terminal must get the IP address
from the Branch Server (its MAC address must be listed in the /var/lib/
dhcp/db/dhcpd.leases le).
This occurs when the system was set by posInitBranchserver.sh
with EXT_DHCP=FALSE in the LDAP database under scLocation corresponding to this Branch Server. POS terminal then gets its IP address from
the DHCP server on the Branch Server.
• The correct image le and its checksum le must be located on the Branch Server
in the in the /srv/tftpboot/image directory. These les should be download-
ed before from the Administration Server. For more information, see Section 6.5,
“Downloading Images from the Administration Server” (page 64).
Example 7.1
/srv/tftpboot/image/myGraphical_test.i686-3.1.4
/srv/tftpboot/image/myGraphical_test.i686-3.1.4.md5
Example Image and Checksum Files
• An associated object representing the used image le must exist in the LDAP
database.
Deploying Point of Service Terminals 69
Image objects are typically located in the global container under the default
scDisributionContainer. To add the image to the default
scDisributionContainer use the command: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=default,cn=global,o=mycorp,c=us --add --scPosImage
--cn myGraphical --scImageName myTestGraphical
--scPosImageVersion "3.1.4;active" --scDhcpOptionsRemote
/boot/pxelinux.0 --scDhcpOptionsLocal LOCALBOOT
--scImageFile myGraphical_test.i686 --scBsize 8192
• An associated object representing the cash register must exist in the LDAP database.
This scCashRegister object can either represent a specic machine or a
generic machine. The generic object is used if a specic image is not found for the
given machine. In both cases, the scCashRegister must have a hardware subobject like scRamDisk or scHarddisk which species where and how the
image should be deployed.
The name of a machine is located in the uploaded hwtype.MAC le under a
HWTYPE entry.
To add a scCashRegister object for a specic machine (with
HWTYPE=cshr4152) use command: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=global,o=mycorp,c=us --add --scCashRegister --cn
cr-test --scCashRegisterName cshr4152 --scPosImageDn
cn=myGraphical,cn=default,cn=global,o=mycorp,c=us (note
the scCashRegisterName name and image reference in --scPosImageDn).
When deploying to a harddisk (detected on terminal as /dev/sda device) of our
specic machine, use the command: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=cshr4152,cn=global,o=mycorp,c=us --add --scHarddisk
--cn sda --scDevice /dev/sda --scHdSize 9000
--scPartitionsTable "1000 82 x;8000 83 /"
When deploying to a ramdisk of our specic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
70 SUSE Linux Enterprise Point of Service Guide
secret --base cn=cshr4152,cn=global,o=mycorp,c=us --add
--scRamDisk --cn ram --scDevice /dev/ram1
To add a scCashRegister object for a generic machine use command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=global,o=mycorp,c=us --add
--scCashRegister --cn cr-test-default
--scCashRegisterName default --scPosImageDn
cn=myGraphical,cn=default,cn=global,o=mycorp,c=us (note
the scCashRegisterName name ).
When deploying to a harddisk of our generic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=cr-test-default,cn=global,o=mycorp,c=us
--add --scHarddisk --cn sda --scDevice /dev/sda
--scHdSize 9000 --scPartitionsTable "1000 82 x;8000 83
/"
When deploying to a ramdisk of our generic machine, use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password
secret --base cn=cr-test-default,cn=global,o=mycorp,c=us
--add --scRamDisk --cn ram --scDevice /dev/ram1
•
The posleases2ldap.pl process is started and running.
If all the conditions are satised, at the time the posleases2ldap.pl checks the
upload directory, the new config.MAC is created or overwritten and the uploaded
le hwinfo.MAC deleted.
The generated config.MAC le should contain lines reecting values in the LDAP
database (the IP address is the address of the tftp service specied in ipHostNumber
under tftp scService object in the scBranchserver in the relevant
scLocation).
If deploying to a hard drive, the following lines should be present:
IMAGE=/dev/sda2;myGraphical_test;3.1.4;192.168.90.1;8192
PART=1000;82;x,8000;83;/
DISK=/dev/sda
Deploying Point of Service Terminals 71
If deploying to a ram disk, the following line should be present:
IMAGE=/dev/ram1;myGraphical_test;3.1.4;192.168.90.1;8192
7.3 Creating Point of Service Images
Before you can deploy Point of Service terminals, you must rst create the image les
containing the operating system, application les, and system settings required to boot
the terminals.
SUSE Linux Enterprise Point of Service provides image templates that can be customized
and generated on an Administration Server or a dedicated Image Building Server using
Image Creator. For information on the available image templates, see Section 1.4.1,
“Types of Images” (page 14).
To create the Point of Service images required to deploy your Point of Service terminals,
you must do the following:
Copy the image source les to your Image Building Server. For detailed instruc-
1
tions, see Section 11.3.1, “Copying the SUSE Linux Enterprise Point of Service
CDs” (page 159).
Dene the location of the image source les. For detailed instructions, see Sec-
2
tion 11.3.4, “Generating AdminServer.conf or Distribution.xml” (page 161).
Build the Point of Service image les.
3
7.4 Creating the Required LDAP Objects
The conguration parameters for each Point of Service terminal are stored in the central
LDAP directory on the Administration Server. Every Point of Service terminal has its
own Workstation object (scWorkstation) in the LDAP tree. The Workstation object
is automatically created when a Point of Service terminal registers on the Branch
Server. posldap2crconfig.pl uses information from the Hardware Reference
object (scCashRegister) and Image Reference object (scPosImage) to create
72 SUSE Linux Enterprise Point of Service Guide
the Workstation object. For more information on this process, see Section 7.7.3, “The
hwtype.MAC File” (page 100).
Before you can boot the Point of Service terminals, use posAdmin.pl to create the
following objects in the LDAP directory (see also Section 10.2, “Using posAdmin to
Manage the LDAP Directory” (page 128)):
•
An scCashRegister object and its associated conguration objects for each
type of Point of Service terminal in your system:
•
scHarddisk or scRamDisk
•
scConfigFileTemplate (optional)
•
scConfigFileSyncTemplate (optional)
•
An scPosImage object for each client image le that you want the Branch
Server to distribute to Point of Service terminals.
Create the scPosImage objects and set the scPosImageVersion attribute to
Active before you boot the Point of Service terminals. The Point of Service terminals require an scPosImage object with an active scPosImageVersion
attribute before they can download the corresponding physical image from the
Branch Server at boot time. For more information on setting the
scPosImageVersion attribute to Active, see Section 7.4.7, “Activating Images” (page 86).
With posAdmin.pl, you can add, remove, and modify Point of Service terminal
hardware assets such as Point of Service terminals, hard disks, network interface cards,
and conguration les with the use of reference objects in the LDAP directory. Hardware
reference objects are typically located in the global container in the LDAP directory.
NOTE: LDAP Attributes
Each LDAP object has two types of attributes: must and may attributes. The
must attributes are the minimum requirements for an object; the may attributes
are optional.
Deploying Point of Service Terminals 73
7.4.1
An associated object representing the cash register must exist in the LDAP database.
This scCashRegister object can either represent a specic machine or a generic
machine. The generic object is used if a specic image is not found for the given machine. In both cases, the scCashRegister must have a hardware subobject like
scRamDisk or scHarddisk which species where and how the image should be
deployed.
The name of a machine is located in the uploaded hwtype.MAC le under a HWTYPE
entry. For more information, see Section B.2, “Core Script Process” (page 206).
NOTE: Creating Default scCashRegister Objects
To create a default scCashRegister object, dene the object’s
scCashRegisterName attribute as default as described in Table 7.1,
“posAdmin Options for Creating scCashRegister Objects” (page 75).
Dene only one default scCashRegister object in the Global container.
The scCashRegister objects are stored in the Global container so they can be accessed by all Branch Servers.
Adding an scCashRegister Object
NOTE: Dening a System Image for a Point of Service Terminal
A specic system image can be dened in the scWorkstation object. The
setting in the scWorkstation object overrides the default image dened in
the scCashRegister object. For information on this procedure, see Section 7.4.8, “Assigning an Image to a Point of Service Terminal” (page 88).
Table 7.1, “posAdmin Options for Creating scCashRegister Objects” (page 75)
summarizes the posAdmin command options for scCashRegister object attributes.
74 SUSE Linux Enterprise Point of Service Guide
Table 7.1
posAdmin Options for Creating scCashRegister Objects
DescriptionTypeOption
--cn
--scCashRegisterName
--scPosImageDn
--scDiskJournal
must
must
may
may
The common name of the Point of Service
terminal.
The model type of the Point of Service
terminal.
If this eld is set to default the current
scCashRegister object is used as the
default Point of Service conguration. If
a Point of Service terminal does not have
an scCashRegister object for its
specic hardware type, it will use the
conguration dened in the default
scCashRegister object.
The distinguished name of the default
system image dened for this Point of
Service terminal type.
This boolean eld is set to TRUE if journaling should be enabled. Journaling is
only added on disk-based machines.
To add a scCashRegister object fora specicmachine (with HWTYPE=cshr4152)
use the command: posAdmin.pl --user cn=admin,o=mycorp,c=us
--password secret --base cn=global,o=mycorp,c=us --add
--scCashRegister --cn cr-test --scCashRegisterName cshr4152
--scPosImageDn
cn=myGraphical_test,cn=default,cn=global,o=mycorp,c=us (note
the scCashRegisterName name and image reference in --scPosImageDn).
To add a scCashRegister object for a generic machine use the command:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=global,o=mycorp,c=us --add --scCashRegister --cn
Deploying Point of Service Terminals 75
cr-test-default --scCashRegisterName default --scPosImageDn
cn=myGraphical_test,cn=default,cn=global,o=mycorp,c=us
7.4.2
The scRamDisk object stores conguration information for a Point of Service terminal
RAM disk. If no hard disk is available, you must congure a RAM disk for the Point
of Service terminal.
Table 7.2, “posAdmin Options for scRamDisk Objects” (page 76) summarizes the
posAdmin command options for scRamDisk object attributes.
Table 7.2
--base
--cn
--scDevice
Adding an scRamDisk Object
posAdmin Options for scRamDisk Objects
DescriptionTypeOption
must
must
The base distinguished name of the Hardware Reference object. For example, cn=crtype3,
cn=global,o=mycorp,c=us.
The common name of the device. For example, ram.
The RAM disk device.must
The device /dev/ram0 cannot be used because it
is used for the initial RAM disk. Therefore, we rec-
ommend using /dev/ram1.
The RAM device should not be confused with the
hard disk device, which uses a partition table.
When deploying to the ramdisk of a specic machine, use: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=cshr4152,cn=global,o=mycorp,c=us --add --scRamDisk --cn
ram --scDevice /dev/ram1
When deploying to the ramdisk of the generic machine of the previous section, use:
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
76 SUSE Linux Enterprise Point of Service Guide
--base cn=cr-test-default,cn=global,o=mycorp,c=us --add
--scRamDisk --cn ram --scDevice /dev/ram1
7.4.3
The scHarddisk object stores conguration information for a Point of Service terminal hard disk.
Table 7.3, “posAdmin Options for scHarddisk Objects” (page 77) summarizes the
posAdmin command options for scHarddisk object attributes.
Table 7.3
--base
--cn
--scDevice
Adding an scHarddisk Object
posAdmin Options for scHarddisk Objects
DescriptionTypeOption
must
must
must
The base distinguished name of the Hardware Reference object. For example,
cn=crtype3,
cn=global,o=mycorp,c=us.
The common name of the device. For example, sda.
The device of the hard disk. For example,
/dev/sda.
--scHdSize
--scPartitionsTable
must
The size of the hard disk in MB.must
A semicolon-separated (;) list of partition
entries. Each entry consists of three spaceseparated parameters: the size in
megabytes, the partition type ID (82 or
Sfor swap, 83 or Lfor a Linux partition),
and the mount point. If the mountpoint
equals /, the partition is assumed to be the
root partition, and x means no mountpoint
(for example for swap). For the last parti-
Deploying Point of Service Terminals 77
DescriptionTypeOption
tion, size can be specied as x which results in all remaining available space to be
used.
When deploying to the harddisk of a specic machine, use: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=cshr4152,cn=global,o=mycorp,c=us --add --scHarddisk --cn
sda --scDevice /dev/sda --scHdSize 9000 --scPartitionsTable
"1000 82 x;8000 83 /"
When deploying to the harddisk of a generic machine (using example from Section 7.4.1,
“Adding an scCashRegister Object” (page 74)), enter: posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret --base
cn=cr-test-default,cn=global,o=mycorp,c=us --add
--scHarddisk --cn sda --scDevice /dev/sda --scHdSize 9000
--scPartitionsTable "1000 82 x;8000 83 /"
7.4.4
Adding an scConfigFileTemplate Object
scConfigFileTemplate objects are used when you run services, such as the X
Window service, that require hardware-dependent conguration les. An
scConfigFileTemplate object contains the conguration le data that a Point
of Service terminal needs in order to run a given service.
To dene the scConfigFileTemplate object with the posAdmin script, you
designate the le containing the conguration data as the --scConfigFileData
parameter. posAdmin then extracts the conguration data from the source le and
stores the content under scConfigFileData entry of the
scConfigFileTemplate object.
When a Point of Service terminal registers with a Branch Server (or when you run
posAdmin.pl --updateconfig or posldap2crconfig.pl --dumpall),
the Branch Server retrieves the conguration data in the scConfigFileTemplate
78 SUSE Linux Enterprise Point of Service Guide
object to create a conguration le in /srv/tftpboot/CR/MAC/ directories on
the Branch Server. The conguration le name is the same as the cn name of the re-
spective LDAP entry.
Using TFTP, the conguration le is then distributed from the Branch Server to the
appropriate Point of Services terminals at boot time.
NOTE: Assigning Conguration Files to Point of Services
The scCashRegister or scPosImage object under which the
scConfigFileTemplate object is created determines which Point of Service
terminals receive the conguration le.
If the scConfigFileTemplate object is dened under an scCashRegister
object, all terminals that correspond to the type dened in the
scCashRegister object receive the conguration le dened in the
scConfigFileTemplate object.
If the scConfigFileTemplate object is dened under an scPosImage
object, all terminals that load the system image that corresponds to the
scPosImage object receive the conguration le dened in the
scConfigFileTemplate object.
Be aware that in this case, the posAdmin script does more than just literal insertion of the data specied on the commandline. If you want to use some
other tool (e.g. GQ) to dene the scConfigFileTemplate object, you must
directly add the conguration data themselves as the scConfigFileData
attribute, not the path to the le containing them. Also keep on mind that the
created conguration le name is the cn entry of the respective
scConfigFileTemplate object, so ensure that they are named differently
(this can be the issue when e.g., one conguration object is assigned to the
scCashRegister and the other with the same name to the scPosImage object)
Table 7.4, “posAdmin Options for scConfigFileTemplate Objects” (page 80)
summarizes the posAdmin command options for scConfigFileTemplate object
attributes.
Deploying Point of Service Terminals 79
Table 7.4
posAdmin Options for scCongFileTemplate Objects
DescriptionTypeOption
--cn
--scMust
--scConfigFile
--scBsize
--scConfigFileData
must
must
must
must
must
The common name of the conguration le, also name of the resulting conguration le created on
the Branch Server.
This ag is used to enable or disable the conguration le. Allowed values are TRUE to enable
or FALSE to disable the conguration le.
Species the path where the conguration le is installed on the
Point of Service terminal. For ex-
ample, /etc/ntp.conf or
/etc/X11/xorg.conf.
Species the block size for the
TFTP download. Due to internal
limitations of atftp, the maximum
block size is 65464 Bytes.
The source path of the conguration le. For example, /tmp/
xorg.conf.mydata.
--description
--scConfigFileparser
--scConfigMd5
80 SUSE Linux Enterprise Point of Service Guide
may
may
may
A description of the conguration
le.
The name of the parserFunction
to apply.
The MD5 checksum value of the
conguration le.
DescriptionTypeOption
--scConfigFileUpdateModel
The following example adds a scConfigFileTemplate object below the Hardware
Reference object, crtype3 (type the command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us
--password secret --base cn=crtype3,cn=global,o=mycorp,c=us
--add --scConfigFileTemplate --cn xorg.conf
--scConfigFile /etc/X11/xorg.conf --scMust TRUE
--scBsize 1024 --scConfigFileData /mydata/xorg.conf.1234567
may
The update model for synchronizing conguration les. Allowed
values are pulled and
changed.
7.4.5 Adding an
scConfigFileSyncTemplate Object
scConfigFileSyncTemplate objects are used when you run services, such as
the X Window service, that require hardware-dependent conguration les. The
scConfigFileSyncTemplate object points to the conguration le that a Point
of Service terminal needs to run a given service. This object differs from
scConfigFileTemplate objects because the conguration data is not stored in
the object; rather, the object points to a conguration le outside the LDAP directory.
When a Point of Service terminal registers with a Branch Server (or when you run
posAdmin.pl --updateconfig or posldap2crconfig.pl --dumpall),
the Branch Server rst uses rsync to synchronize the conguration les in the /srv/
SLEPOS/config directory on the Administration Server into the same directory on
the Branch Server, and then copies relevant conguration les, as specied in the
scConfigFileSyncTemplate objects from the /srv/SLEPOS/config directory to the /srv/tftpboot/CR/MAC/ directory. The lenames are changed to the
respective cn names of the corresponding scConfigFileSyncTemplate LDAP
entries.
Deploying Point of Service Terminals 81
IMPORTANT: Location Of Conguration Files
Any conguration les referenced in the scConfigFileSyncTemplate
object must be located in the /srv/SLEPOS/config/ directory on the Administration Server, otherwise they will not be transferred to the Branch Server.
Using TFTP, the conguration le is then distributed from the Branch Server to the
appropriate Point of Service terminals at boot time.
NOTE: Assigning Conguration Files to Point of Service Terminals
The scCashRegister or scPosImage object under which the
scConfigFileSyncTemplate object is created determines which Point of
Service terminals receive the conguration le.
If the scConfigFileSyncTemplate object is dened under an
scCashRegister object, all terminals that correspond to the type dened
in the scCashRegister object receive the conguration le designated in
the scConfigFileSyncTemplate object.
If the scConfigFileSyncTemplate object is dened under an scPosImage
object, all terminals that load the system image that corresponds to the
scPosImage object receive the conguration le designated in the
scConfigFileSyncTemplate object.
Also keep on mind that the created conguration le name is the cn entry of
the respective scConfigFileTemplate object, so ensure that they are
named differently (this can be an issue when e.g., one conguration object is
assigned to the scCashRegister and the other with the same name to the scPosImage object).
Table 7.5, “posAdmin Options for scConfigFileSyncTemplate Objects”
(page 83) summarizes the posAdmin command options for
scConfigFileSyncTemplate object attributes.
82 SUSE Linux Enterprise Point of Service Guide
Table 7.5
posAdmin Options for scCongFileSyncTemplate Objects
DescriptionTypeOption
--cn
--scMust
--scConfigFile
--scBsize
--scConfigFileLocalPath
must
must
must
must
must
The common name of the conguration le, also name of the resulting
conguration le on the Branch
Server.
The ag used to enable or disable the
conguration le. Allowed values
are TRUE to enable or FALSE to
disable.
Species the path where the conguration le is installed on the Point of
Service terminal. For example,
/etc/ntp.conf or /etc/X11/
xorg.conf.
Species the block size for the TFTP
download. Due to internal limitations
of atftp, the maximum block size is
65464 Bytes.
The local source path of the conguration le on the Administration
Server. For example, /srv/
SLEPOS/config/X11/xorg
.conf.mydata.
--description
--scConfigMd5
may
may
A description of the conguration
le.
The MD5 checksum value of the
conguration le, is automatically
generated by the posAdmin.pl.
Deploying Point of Service Terminals 83
The following example adds an scConfigFileSyncTemplate object below the
Hardware Reference object, crtype3 (type the command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=crtype3 ,cn=global,o=mycorp,c=us
--add --scConfigFileSyncTemplate --cn xorg.conf
--scConfigFile /etc/X11/xorg.conf --scMust TRUE --scBsize 1024
--scConfigFileLocalPath /srv/SLEPOS/config/xorg.conf.cr3
7.4.6
All system images that you want to distribute to Point of Service terminals must have
a corresponding scPosImage object in the LDAP directory. These objects are typi-
cally organized within Distribution Container objects under the Global container in the
LDAP tree.
NOTE: Referring to Boot Images
Boot images do not have scPosImage objects; they are referenced in the
scInitrdName attribute in the scDistributionContainer object.
After the installation and conguration of SUSE Linux Enterprise Point of Service, an
scPosImage object is automatically added to the Default Distribution Container for
the Minimal image. However, this LDAP entry is only intended to serve as an example.
You must manually add an scPosImage object for each system image you want to
distribute to Point of Service terminals.
IMPORTANT
The reference objects for SUSE Linux Enterprise Point of Service images should
be created in the Default Distribution Container. It references the current
kernel version included and the default booting image in the product and
therefore, should store all the scPosImage objects for SUSE Linux Enterprise
Point of Service images.
Adding an scPosImage Object
Table 7.6, “posAdmin Options for scPosImage Objects” (page 85) summarizes the
posAdmin command options for scPosImage object attributes.
84 SUSE Linux Enterprise Point of Service Guide
Table 7.6
posAdmin Options for scPosImage Objects
DescriptionTypeOption
--base
--cn
--scImageName
--scPosImageVersion
--scDhcpOptionsRemote
--scDhcpOptionsLocal
must
must
must
must
must
must
The base distinguished name of the scPosImage
object; for example,
cn=default,cn=global,o=mycorp,c=us.
The common name of the system image; for example,
mydesktop.
The name of the system image; for example,
mydesktop.
The version number of the system image, followed
by the ag passive or active; for example, 2.0.4; active. The version number and the ag are semicolonseparated (’;’). There are several possible combinations of this attribute, which are described in Ta-
ble 7.7, “Possible Values for the scPosImageVersion Attribute” (page 87).
The boot option of the Point of Service terminal. The
mandatory value is /boot/pxelinux.0.
This attribute is reserved for future extension of
SUSE Linux Enterprise Point of Service and is not
used at this time.
--scImageFile
--scBsize
must
must
The name of the image le which the terminal will
download from the Branch Server. For example,
mydesktop.arch.
Species the block size for the TFTP download of
the system image. There is a limitation of the block
counter of 32768 and, therefore, the minimal possible
value increases with the image size. For example,
for image sizes less than 128 MB the size 4096 (4
KB) can be used, 8192 (8 KB) for image sizes of
Deploying Point of Service Terminals 85
DescriptionTypeOption
less than 256MB, 16384 (16 KB) for image sizes
of less than 512 MB and 32768 (32 KB) for image
sizes less than 1GB. Also, the image block size cannot exceed 65464 Bytes, which together also limits
the maximum image size to 2GB. If you insert too
small of a value, it is automatically raised to the
minimal sufcient value.
The following example adds a scPosImage object into the default container (type
the command all on one line):
posAdmin.pl --user
cn=admin,o=mycorp,c=us --password secret
--base cn=default,cn=global,o=mycorp,c=us --add --scPosImage --cn myMinimal
--scImageName myTestMinimal --scPosImageVersion "2.0.4;active"
--scDhcpOptionsRemote /boot/pxelinux.0 --scDhcpOptionsLocal LOCALBOOT
--scImageFile myMinimal.i686 --scBsize 8192
If you already have specied another container as scDistributionContainer,
you can also add an scPosImage object to this other container (anothercontainer
in this case):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--base cn=anothercontainer,cn=global,o=mycorp,c=us --add --scPosImage --cn
myMinimal
--scImageName myTestMinimal --scPosImageVersion "2.0.4;active"
--scDhcpOptionsRemote /boot/pxelinux.0 --scDhcpOptionsLocal LOCALBOOT
--scImageFile myMinimal.i686 --scBsize 8192
If you want to add a new image version to an existing scPosImage object, see Section 7.4.7, “Activating Images” (page 86).
7.4.7 Activating Images
Each image can be available in several versions, as shown in Table 7.7, “Possible Values
for the scPosImageVersion Attribute” (page 87). The scPosImageVersion attribute in each scPosImage object must be set to either active or passive. After
images have been downloaded by the Branch Server, the Branch Server selects the
86 SUSE Linux Enterprise Point of Service Guide
highest active version, according to the rules in Table 7.7, “Possible Values for the
scPosImageVersion Attribute” (page 87).
Table 7.7
1.1.2
1.1.2;active
1.1.2;active
1.1.3;active
1.1.5;active
1.1.2;passive
1.1.3;active
1.1.5;passive
Possible Values for the scPosImageVersion Attribute
DescriptionValue
The version number is set to 1.1.2, but this system image is
disabled in LDAP and cannot be used for a new Point of Service
terminal, even when the scCashRegister object that corresponds to the Point of Service terminal matches the
scPosImageDn attribute entry.
Same behavior as above.1.1.2;passive
This system image (with version 1.1.2) is enabled and downloaded to the Point of Service terminals.
All image versions are enabled, but only the latest image version
is downloaded to the Point of Service terminals.
Only image version 1.1.3 is enabled and downloaded to the Point
of Service terminals.
To activate a registered image, set its scPosImageVersion attribute to active. This
is done with posAdmin using the --modify keyword and the --multival (multi-
value) option as follows (type the command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--modify --scPosImage --multival
--scPosImageVersion '3.1.4;passive=>3.1.5;active'
--DN cn=myGraphical,cn=default,cn=global,o=mycorp,c=us
To activate the new image version on a Branch Server, use possyncimages.pl
and posldap2crconfig.pl with the --dumpall option.
possyncimages.pl; posldap2crconfig.pl --dumpall
Deploying Point of Service Terminals 87
7.4.8 Assigning an Image to a Point of
Service Terminal
You can manually assign a specic image to a Point of Service terminal through its
scWorkstation object.
The following command assigns 'myMinimal' image 2.0.4 to the CR001
scWorkstation object in the east-boston location (type the command all on one
line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--modify --scWorkstation
--scPosImageDn cn=myMinimal,cn=default,cn=global,o=mycorp,c=us
--scPosImageVersion 2.0.4
--DN cn=CR001,cn=east,ou=boston,o=mycorp,c=us
When you explicitly assign an image name (scPosImageDn) and its version
(scPosImageVersion) in the scWorkstation entry, the version and active/passive status information in the corresponding scPosImage image object in the global
container is ignored. However, if you only assign the image name, the version information in the scPosImage image object is used.
The scWorkstation object is automatically created in the LDAP directory the rst
time you boot a Point of Service terminal. The posleases2ldap daemon automatically
triggers posldap2crconfig.pl which then creates an scWorkstation object
and hardware conguration les for each Point of Service terminal that registers on the
Branch Server.
7.4.9 Removing Images
To remove the image assigned to a workstation, run the following command (type the
command all on one line):
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret
--modify --scWorkstation --scPosImageDn --scPosImageVersion
--DN cn=CR001,cn=east,ou=boston,o=mycorp,c=us
88 SUSE Linux Enterprise Point of Service Guide
7.5 Distributing Images to Point of Service Terminals
To distribute new or updated system images, you must rst copy the images into the
central RSYNC directory of the Administration Server and then transfer the images to
the Branch Servers. From there the images are distributed to the Point of Service terminals when they boot.
NOTE: Manual Distribution of ISOBoot Images
If you are unable to electronically distribute Point of Service images over your
network, you must manually distribute the images uses ISOBoot images.
7.5.1 Copying Images to the Administration
Server RSYNC Directory
The rst step to distribute new system images is to copy the images from the /srv/
SLEPOS/image directory to the RSYNC directory, /srv/SLEPOS. Before the
RSYNC service can transmit the images to the Branch Server, client images must be
located in the /srv/SLEPOS/image directory on the Administration Server, and
the boot image must be located in /srv/SLEPOS/boot.
NOTE: Manually Copying System Images
Copying the system images to the RSYNC directory is done manually to control
which system image types and versions are distributed to the Branch Servers.
Copying System Images to the Administration Server’s
RSYNC Directory
The following example demonstrates how to put a previously-extended Graphical system
image in the Administration Server’s RSYNC directory so it can be received, on request,
by the Branch Server:
Deploying Point of Service Terminals 89
Copy the extended Graphical system image:
1
cp /srv/SLEPOS/image/Graphical-2.0.4-2004-12-05 \
/srv/SLEPOS/image/graphical-2.0.4
Copy the corresponding Graphical image MD5 checksum le:
2
cp /srv/SLEPOS/image/Graphical-2.0.4-2004-12-05.md5 \
/srv/SLEPOS/image/graphical-2.0.4.md5
Copying Boot Images to the Administration Server’s
RSYNC Directory
The following example demonstrates how to copy the rst and second stage boot images
to the Administration Server’s RSYNC directory so they can be received, on request,
by the Branch Server:
NOTE
Point of Service terminals boot two images, a rst stage image (initrd.gz)
and a second stage image (linux). For more information, see Section 7.8,
“Booting the Point of Service Terminal” (page 102).
1
Copy the initrd-disknetboot image as initrd.gz:
cp /srv/SLEPOS/image/initrd-disknetboot-version-date.gz \
/srv/SLEPOS/boot/initrd.gz
2
Copy the kernel image as linux:
cp
/srv/SLEPOS/image/initrd-disknetboot-version-date.kernel.kernel_version
/srv/SLEPOS/boot/linux
7.5.2 Distributing Images to the Branch
Server
If you create a new image or change an image version, you can run the
possyncimages.pl command at the Branch Server. This transfers new or updated
90 SUSE Linux Enterprise Point of Service Guide
images to the Branch Server after the images are in the Administration Server’s RSYNC
directory.
IMPORTANT: RSYNC Service and LDAP Objects
The RSYNC service must be properly congured and running on the Administration Server for the possynimages.pl script to run. For more information,
see Section 6.4.3, “Adding an scServerContainer and scBranchServer
Object” (page 60).
Additionally, each system image has an associated scPosImage object in
LDAP. The object’s scPosImageVersion attribute should be set to active to
keep track of the most recent image version and state before possyncimages
.pl transfers the images to the Branch Server. For more information, see
Section 7.4.7, “Activating Images” (page 86).
The basic process is as follows:
1
The possyncimages.pl script initially checks via the PID le to determine
if an instance is already running.
The image les are then copied from the Administration Server to the Branch
2
Server. Boot images are copied from the /srv/SLEPOS/boot/ directory on
the Administration Server to the /srv/tftpboot/boot/ directory on the
Branch Server. System images and their associated MD5 checksum les are
copied from /srv/SLEPOS/image/ to /srv/tftpboot/image.
During this process, the TFTP server must be stopped or otherwise prevented
from transmitting the image les to clients.
For more information on the possyncimages.pl script, see Section B.3.9, “possyncimages.pl” (page 217).
After executing the possyncimages.pl script, verify the result by checking the
contents of the following directories:
•
/srv/tftpboot/image
•
/srv/tftpboot/boot
Deploying Point of Service Terminals 91
7.5.3 Distributing Images to Point of Service
Terminals
New or updated images are distributed to Point of Service terminals at boot time. For
information on this process, see Section 7.8, “Booting the Point of Service Terminal”
(page 102).
7.5.4 Image Install Notication
When the Branch Server distributes a new image to a Point of Service terminal, the
system provides notication that the image was successfully installed on the Point of
Service terminal. The notication is stored in the scWorkstation object in the
LDAP directory on the Administration Server.
When the image is successfully installed on the Point of Service terminal, the linuxrc
script running on the Point of Service terminal creates the bootversion.MAC le
in the /srv/tftpboot/upload directory on the Branch Server. The posleases2ldap
process then transfers the information to the scNotifiedimage attribute in the
scWorkstation object in LDAP and deletes the bootversion.MAC le.
7.6 Hardware
Point of Service terminals are implemented in a variety of hardware forms. The primary
difference in Point of Service hardware is whether the terminal has an internal hard
drive or other persistent media (such as a ash drive), or whether the terminal is diskless.
A system that has a hard disk can be congured to store the image on a disk partition
instead of a RAM disk so it can boot from the hard disk if it cannot boot over the network.
7.6.1 Hardware Conguration Files
Point of Service terminal hardware conguration information is either stored in LDAP
as scConfigFileTemplate objects, or on the Administration Server as a le and
distributed over rsync. Hardware conguration les that are distributed by the Admin-
92 SUSE Linux Enterprise Point of Service Guide
Loading...