SUSE Linux Enterprise Desktop 10 SP2 GNOME User Guide

Download

SUSE Linux Enterprise

www.novell.com10 SP2

May08,2008 Deployment Guide

Desktop

Deployment Guide

Legal Notice

This manual is protected under Novell intellectual property rights. By reproducing, duplicating or distributing this manual you explicitly agree to conform to the terms and conditions of this license agreement.

This manual may be freely reproduced, duplicated and distributed either as such or as part of a bundled package in electronic and/or printed format, provided however that the following conditions are fullled:

That this copyright notice and the names of authors and contributors appear clearly and distinctively on all reproduced, duplicated and distributed copies. That this manual, specically for the printed format, is reproduced and/or distributed for noncommercial use only. The express authorization of Novell, Inc must be obtained prior to any other use of any manual or part thereof.

For Novell trademarks, see the Novell Trademark and Service Mark list http://www.novell

.com/company/legal/trademarks/tmlist.html. * Linux is a registered trademark of

Linus Torvalds. All other third party trademarks are the property of their respective owners. A trademark symbol (®, ™ etc.) denotes a Novell trademark; an asterisk (*) denotes a third party trademark.

All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee completeaccuracy. Neither Novell, Inc., SUSE LINUX Products GmbH, the authors, nor the translators shall be held liable for possible errors or the consequences thereof.

Contents

About This Guide xiii

Part I Deployment 1

1 Planning for SUSE Linux Enterprise Desktop 3

1.1 Hardware Requirements . . . . . . . . . . . . . . . . . . . . . . . 4

1.2 Reasons to Use SUSE Linux Enterprise Desktop . . . . . . . . . . . . . 4

2 Deployment Strategies 7

2.1 Deploying up to 10 Workstations . . . . . . . . . . . . . . . . . . . 7

2.2 Deploying up to 100 Workstations . . . . . . . . . . . . . . . . . . 9

2.3 Deploying More than 100 Workstations . . . . . . . . . . . . . . . 16

3 Installation with YaST 17

3.1 System Start-Up for Installation . . . . . . . . . . . . . . . . . . . 17

3.2 The Installation Workow . . . . . . . . . . . . . . . . . . . . . 19

3.3 The Boot Screen . . . . . . . . . . . . . . . . . . . . . . . . . 20

3.4 Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.5 Media Check . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.6 License Agreement . . . . . . . . . . . . . . . . . . . . . . . . 24

3.7 Installation Mode . . . . . . . . . . . . . . . . . . . . . . . . . 24

3.8 Clock and Time Zone . . . . . . . . . . . . . . . . . . . . . . . 25

3.9 Installation Settings . . . . . . . . . . . . . . . . . . . . . . . . 25

3.10 Performing the Installation . . . . . . . . . . . . . . . . . . . . . 30

3.11 Conguration of the Installed System . . . . . . . . . . . . . . . . 31

3.12 Graphical Login . . . . . . . . . . . . . . . . . . . . . . . . . . 38

4 Remote Installation 39

4.1 Installation Scenarios for Remote Installation . . . . . . . . . . . . . 39

4.2 Setting Up the Server Holding the Installation Sources . . . . . . . . . 48

4.3 Preparing the Boot of the Target System . . . . . . . . . . . . . . . 58

4.4 Booting the Target System for Installation . . . . . . . . . . . . . . . 68

4.5 Monitoring the Installation Process . . . . . . . . . . . . . . . . . 73

5 Automated Installation 77

5.1 Simple Mass Installation . . . . . . . . . . . . . . . . . . . . . . 77

5.2 Rule-Based Autoinstallation . . . . . . . . . . . . . . . . . . . . . 89

5.3 For More Information . . . . . . . . . . . . . . . . . . . . . . . 94

6 Deploying Customized Preinstallations 95

6.1 Preparing the Master Machine . . . . . . . . . . . . . . . . . . . 96

6.2 Customizing the Firstboot Installation . . . . . . . . . . . . . . . . 96

6.3 Cloning the Master Installation . . . . . . . . . . . . . . . . . . . 104

6.4 Personalizing the Installation . . . . . . . . . . . . . . . . . . . . 105

7 Advanced Disk Setup 107

7.1 LVM Conguration . . . . . . . . . . . . . . . . . . . . . . . . 107

7.2 Soft RAID Conguration . . . . . . . . . . . . . . . . . . . . . 113

8 System Conguration with YaST 119

8.1 YaST Language . . . . . . . . . . . . . . . . . . . . . . . . . . 120

8.2 The YaST Control Center . . . . . . . . . . . . . . . . . . . . . 120

8.3 Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122

8.4 Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136

8.5 System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

8.6 Network Devices . . . . . . . . . . . . . . . . . . . . . . . . . 155

8.7 Network Services . . . . . . . . . . . . . . . . . . . . . . . . 156

8.8 AppArmor . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

8.9 Security and Users . . . . . . . . . . . . . . . . . . . . . . . . 160

8.10 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . 169

8.11 Miscellaneous . . . . . . . . . . . . . . . . . . . . . . . . . . 170

8.12 YaST in Text Mode . . . . . . . . . . . . . . . . . . . . . . . . 172

8.13 Managing YaST from the Command Line . . . . . . . . . . . . . . . 176

8.14 Update from the Command Line with rug . . . . . . . . . . . . . . 179

8.15 SaX2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 182

8.16 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 188

8.17 For More Information . . . . . . . . . . . . . . . . . . . . . . 189

9 Updating SUSE Linux Enterprise 191

9.1 Updating SUSE Linux Enterprise . . . . . . . . . . . . . . . . . . 191

9.2 Installing Service Packs . . . . . . . . . . . . . . . . . . . . . . 194

9.3 Software Changes from Version 9 to Version 10 . . . . . . . . . . . 204

Part II Administration 217

10 GNOME Conguration for Administrators 219

10.1 Using GConf for Defaults . . . . . . . . . . . . . . . . . . . . . 220

10.2 Customizing Menus . . . . . . . . . . . . . . . . . . . . . . . 244

10.3 Installing Themes . . . . . . . . . . . . . . . . . . . . . . . . 257

10.4 Conguring Fonts . . . . . . . . . . . . . . . . . . . . . . . . 263

10.5 MIME Types . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

10.6 Setting Screensavers . . . . . . . . . . . . . . . . . . . . . . . 266

10.7 Session Management . . . . . . . . . . . . . . . . . . . . . . . 268

10.8 Improving Performance . . . . . . . . . . . . . . . . . . . . . . 269

10.9 Hidden Directories . . . . . . . . . . . . . . . . . . . . . . . . 278

10.10 Security Note on Conguring SMB Printers . . . . . . . . . . . . . 280

10.11 Disabling GNOME Desktop Features . . . . . . . . . . . . . . . . 280

10.12 Starting Applications Automatically . . . . . . . . . . . . . . . . . 283

10.13 Automounting and Managing Media Devices . . . . . . . . . . . . . 284

10.14 Changing Preferred Applications . . . . . . . . . . . . . . . . . . 284

10.15 Managing Proles Using Sabayon . . . . . . . . . . . . . . . . . . 284

10.16 Adding Document Templates . . . . . . . . . . . . . . . . . . . 288

11 KDE Conguration for Administrators 289

11.1 Managing Proles Using the KIOSK Admin Tool . . . . . . . . . . . . 289

11.2 Managing Proles Manually . . . . . . . . . . . . . . . . . . . . 297

12 Active Directory Support 303

12.1 Integrating Linux and AD Environments . . . . . . . . . . . . . . . 303

12.2 Background Information for Linux AD Support . . . . . . . . . . . . 304

12.3 Conguring a Linux Client for Active Directory . . . . . . . . . . . . 309

12.4 Logging In to an AD Domain . . . . . . . . . . . . . . . . . . . . 313

12.5 Changing Passwords . . . . . . . . . . . . . . . . . . . . . . . 314

13 Access Control Lists in Linux 317

13.1 Traditional File Permissions . . . . . . . . . . . . . . . . . . . . 317

13.2 Advantages of ACLs . . . . . . . . . . . . . . . . . . . . . . . 319

13.3 Denitions . . . . . . . . . . . . . . . . . . . . . . . . . . . 319

13.4 Handling ACLs . . . . . . . . . . . . . . . . . . . . . . . . . . 320

13.5 ACL Support in Applications . . . . . . . . . . . . . . . . . . . . 328

13.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 328

14 System Monitoring Utilities 329

14.1 Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . 330

14.2 Files and File Systems . . . . . . . . . . . . . . . . . . . . . . . 332

14.3 Hardware Information . . . . . . . . . . . . . . . . . . . . . . 334

14.4 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . 337

14.5 The /proc File System . . . . . . . . . . . . . . . . . . . . . . 338

14.6 Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341

14.7 System Information . . . . . . . . . . . . . . . . . . . . . . . 345

14.8 User Information . . . . . . . . . . . . . . . . . . . . . . . . 349

14.9 Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . 349

15 Working with the Shell 351

15.1 Getting Started with the Bash Shell . . . . . . . . . . . . . . . . . 352

15.2 Users and Access Permissions . . . . . . . . . . . . . . . . . . . 363

15.3 Important Linux Commands . . . . . . . . . . . . . . . . . . . . 367

15.4 The vi Editor . . . . . . . . . . . . . . . . . . . . . . . . . . 377

Part III System 383

16 32-Bit and 64-Bit Applications in a 64-Bit System Environment 385

16.1 Runtime Support . . . . . . . . . . . . . . . . . . . . . . . . 385

16.2 Software Development . . . . . . . . . . . . . . . . . . . . . . 386

16.3 Software Compilation on Biarch Platforms . . . . . . . . . . . . . . 387

16.4 Kernel Specications . . . . . . . . . . . . . . . . . . . . . . . 388

17 Booting and Conguring a Linux System 389

17.1 The Linux Boot Process . . . . . . . . . . . . . . . . . . . . . . 389

17.2 The init Process . . . . . . . . . . . . . . . . . . . . . . . . . 393

17.3 System Conguration via /etc/syscong . . . . . . . . . . . . . . . 401

18 The Boot Loader 405

18.1 Selecting a Boot Loader . . . . . . . . . . . . . . . . . . . . . . 406

18.2 Booting with GRUB . . . . . . . . . . . . . . . . . . . . . . . . 406

18.3 Conguring the Boot Loader with YaST . . . . . . . . . . . . . . . 416

18.4 Uninstalling the Linux Boot Loader . . . . . . . . . . . . . . . . . 420

18.5 Creating Boot CDs . . . . . . . . . . . . . . . . . . . . . . . . 420

18.6 The Graphical SUSE Screen . . . . . . . . . . . . . . . . . . . . 421

18.7 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 422

18.8 For More Information . . . . . . . . . . . . . . . . . . . . . . 424

19 Special System Features 425

19.1 Information about Special Software Packages . . . . . . . . . . . . 425

19.2 Virtual Consoles . . . . . . . . . . . . . . . . . . . . . . . . . 432

19.3 Keyboard Mapping . . . . . . . . . . . . . . . . . . . . . . . . 432

19.4 Language and Country-Specic Settings . . . . . . . . . . . . . . . 433

20 Printer Operation 439

20.1 The Workow of the Printing System . . . . . . . . . . . . . . . . 441

20.2 Methods and Protocols for Connecting Printers . . . . . . . . . . . . 441

20.3 Installing the Software . . . . . . . . . . . . . . . . . . . . . . 442

20.4 Setting Up a Printer . . . . . . . . . . . . . . . . . . . . . . . 443

20.5 Network Printers . . . . . . . . . . . . . . . . . . . . . . . . . 447

20.6 Graphical Printing Interfaces . . . . . . . . . . . . . . . . . . . . 450

20.7 Printing from the Command Line . . . . . . . . . . . . . . . . . . 450

20.8 Special Features in SUSE Linux Enterprise . . . . . . . . . . . . . . 451

20.9 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 455

21 Dynamic Kernel Device Management with udev 463

21.1 The /dev Directory . . . . . . . . . . . . . . . . . . . . . . . 463

21.2 Kernel uevents and udev . . . . . . . . . . . . . . . . . . . . . 464

21.3 Drivers, Kernel Modules, and Devices . . . . . . . . . . . . . . . . 464

21.4 Booting and Initial Device Setup . . . . . . . . . . . . . . . . . . 465

21.5 Debugging udev Events . . . . . . . . . . . . . . . . . . . . . . 465

21.6 Inuencing Kernel Device Event Handling with udev Rules . . . . . . . 466

21.7 Persistent Device Naming . . . . . . . . . . . . . . . . . . . . . 467

21.8 The Replaced hotplug Package . . . . . . . . . . . . . . . . . . . 468

21.9 For More Information . . . . . . . . . . . . . . . . . . . . . . 469

22 File Systems in Linux 471

22.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 471

22.2 Major File Systems in Linux . . . . . . . . . . . . . . . . . . . . 472

22.3 Some Other Supported File Systems . . . . . . . . . . . . . . . . 477

22.4 Large File Support in Linux . . . . . . . . . . . . . . . . . . . . 478

22.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 479

23 The X Window System 481

23.1 Manually Conguring the X Window System . . . . . . . . . . . . . 481

23.2 Installing and Conguring Fonts . . . . . . . . . . . . . . . . . . 487

23.3 For More Information . . . . . . . . . . . . . . . . . . . . . . 493

24 Authentication with PAM 495

24.1 Structure of a PAM Conguration File . . . . . . . . . . . . . . . . 496

24.2 The PAM Conguration of sshd . . . . . . . . . . . . . . . . . . 497

24.3 Conguration of PAM Modules . . . . . . . . . . . . . . . . . . 500

24.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 502

25 Mobile Computing with Linux 503

25.1 Laptops . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

25.2 Mobile Hardware . . . . . . . . . . . . . . . . . . . . . . . . 511

25.3 Cellular Phones and PDAs . . . . . . . . . . . . . . . . . . . . . 512

25.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 513

26 PCMCIA 515

26.1 Controlling PCMCIA Cards Using pccardctl . . . . . . . . . . . . . . 516

26.2 PCMCIA in Detail . . . . . . . . . . . . . . . . . . . . . . . . 516

26.3 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 519

27 System Conguration Prole Management 523

27.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 524

27.2 Setting Up SCPM . . . . . . . . . . . . . . . . . . . . . . . . . 525

27.3 Conguring SCPM Using a Graphical User Interface . . . . . . . . . . 526

27.4 Conguring SCPM Using the Command Line . . . . . . . . . . . . . 532

27.5 Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . 535

27.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 536

28 Power Management 537

28.1 Power Saving Functions . . . . . . . . . . . . . . . . . . . . . . 537

28.2 APM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539

28.3 ACPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540

28.4 Rest for the Hard Disk . . . . . . . . . . . . . . . . . . . . . . 547

28.5 The powersave Package . . . . . . . . . . . . . . . . . . . . . . 549

28.6 The YaST Power Management Module . . . . . . . . . . . . . . . . 557

29 Wireless Communication 563

29.1 Wireless LAN . . . . . . . . . . . . . . . . . . . . . . . . . . 563

29.2 Bluetooth . . . . . . . . . . . . . . . . . . . . . . . . . . . . 573

29.3 Infrared Data Transmission . . . . . . . . . . . . . . . . . . . . 584

29.4 Managing UMTS/3G Network Connections . . . . . . . . . . . . . . 587

Part IV Services 593

30 Basic Networking 595

30.1 IP Addresses and Routing . . . . . . . . . . . . . . . . . . . . . 598

30.2 IPv6—The Next Generation Internet . . . . . . . . . . . . . . . . 601

30.3 Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . 610

30.4 Conguring a Network Connection with YaST . . . . . . . . . . . . 612

30.5 Managing Network Connections with NetworkManager . . . . . . . . 627

30.6 Conguring a Network Connection Manually . . . . . . . . . . . . . 630

30.7 smpppd as Dial-up Assistant . . . . . . . . . . . . . . . . . . . . 645

31 SLP Services in the Network 649

31.1 Activating SLP . . . . . . . . . . . . . . . . . . . . . . . . . . 649

31.2 SLP Front-Ends in SUSE Linux Enterprise . . . . . . . . . . . . . . . 650

31.3 Providing Services with SLP . . . . . . . . . . . . . . . . . . . . 650

31.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 652

32 Time Synchronization with NTP 653

32.1 Conguring an NTP Client with YaST . . . . . . . . . . . . . . . . 654

32.2 Conguring xntp in the Network . . . . . . . . . . . . . . . . . . 657

32.3 Setting Up a Local Reference Clock . . . . . . . . . . . . . . . . . 657

33 Using NIS 659

33.1 Conguring NIS Clients . . . . . . . . . . . . . . . . . . . . . . 659

34 Conguring eDirectory Authentication 661

34.1 Setting Up Workstations to Use eDirectory Authentication . . . . . . . 662

34.2 Using iManager to Enable Users for eDirectory Authentication . . . . . 666

34.3 Turning Off LUM and eDirectory Authentication . . . . . . . . . . . 669

35 LDAP—A Directory Service 671

35.1 LDAP versus NIS . . . . . . . . . . . . . . . . . . . . . . . . . 672

35.2 Structure of an LDAP Directory Tree . . . . . . . . . . . . . . . . 673

35.3 Conguring an LDAP Client with YaST . . . . . . . . . . . . . . . . 677

35.4 Conguring LDAP Users and Groups in YaST . . . . . . . . . . . . . 685

35.5 Browsing the LDAP Directory Tree . . . . . . . . . . . . . . . . . 687

35.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 688

36 Samba 691

36.1 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . 691

36.2 Starting and Stopping Samba . . . . . . . . . . . . . . . . . . . 693

36.3 Conguring a Samba Server . . . . . . . . . . . . . . . . . . . . 693

36.4 Conguring Clients . . . . . . . . . . . . . . . . . . . . . . . . 699

36.5 Samba as Login Server . . . . . . . . . . . . . . . . . . . . . . 700

36.6 For More Information . . . . . . . . . . . . . . . . . . . . . . 701

37 Sharing File Systems with NFS 703

37.1 Installing the Required Software . . . . . . . . . . . . . . . . . . 703

37.2 Importing File Systems with YaST . . . . . . . . . . . . . . . . . . 704

37.3 Importing File Systems Manually . . . . . . . . . . . . . . . . . . 705

37.4 Exporting File Systems with YaST . . . . . . . . . . . . . . . . . . 707

37.5 Exporting File Systems Manually . . . . . . . . . . . . . . . . . . 712

37.6 NFS with Kerberos . . . . . . . . . . . . . . . . . . . . . . . . 715

37.7 For More Information . . . . . . . . . . . . . . . . . . . . . . 715

38 File Synchronization 717

38.1 Available Data Synchronization Software . . . . . . . . . . . . . . . 717

38.2 Determining Factors for Selecting a Program . . . . . . . . . . . . . 719

38.3 Introduction to CVS . . . . . . . . . . . . . . . . . . . . . . . 722

38.4 Introduction to rsync . . . . . . . . . . . . . . . . . . . . . . . 725

Part V Security 729

39 Masquerading and Firewalls 731

39.1 Packet Filtering with iptables . . . . . . . . . . . . . . . . . . . . 731

39.2 Masquerading Basics . . . . . . . . . . . . . . . . . . . . . . . 734

39.3 Firewalling Basics . . . . . . . . . . . . . . . . . . . . . . . . 736

39.4 SuSErewall2 . . . . . . . . . . . . . . . . . . . . . . . . . . 736

39.5 For More Information . . . . . . . . . . . . . . . . . . . . . . 741

40 SSH: Secure Network Operations 743

40.1 The OpenSSH Package . . . . . . . . . . . . . . . . . . . . . . 743

40.2 The ssh Program . . . . . . . . . . . . . . . . . . . . . . . . . 744

40.3 scp—Secure Copy . . . . . . . . . . . . . . . . . . . . . . . . 744

40.4 sftp—Secure File Transfer . . . . . . . . . . . . . . . . . . . . . 745

40.5 The SSH Daemon (sshd)—Server-Side . . . . . . . . . . . . . . . . 745

40.6 SSH Authentication Mechanisms . . . . . . . . . . . . . . . . . . 746

40.7 X, Authentication, and Forwarding Mechanisms . . . . . . . . . . . . 748

41 Network Authentication—Kerberos 749

41.1 Kerberos Terminology . . . . . . . . . . . . . . . . . . . . . . 749

41.2 How Kerberos Works . . . . . . . . . . . . . . . . . . . . . . . 751

41.3 Users' View of Kerberos . . . . . . . . . . . . . . . . . . . . . . 754

41.4 For More Information . . . . . . . . . . . . . . . . . . . . . . 755

42 Encrypting Partitions and Files 757

42.1 Setting Up an Encrypted File System with YaST . . . . . . . . . . . . 758

42.2 Using Encrypted Home Directories . . . . . . . . . . . . . . . . . 761

42.3 Using vi to Encrypt Single ASCII Text Files . . . . . . . . . . . . . . 762

43 Conning Privileges with AppArmor 763

43.1 Installing Novell AppArmor . . . . . . . . . . . . . . . . . . . . 764

43.2 Enabling and Disabling Novell AppArmor . . . . . . . . . . . . . . 764

43.3 Getting Started with Proling Applications . . . . . . . . . . . . . 766

44 Security and Condentiality 773

44.1 Local Security and Network Security . . . . . . . . . . . . . . . . 774

44.2 Some General Security Tips and Tricks . . . . . . . . . . . . . . . 783

44.3 Using the Central Security Reporting Address . . . . . . . . . . . . 785

Part VI Troubleshooting 787

45 Help and Documentation 789

45.1 Using the SUSE Help Center . . . . . . . . . . . . . . . . . . . . 789

45.2 Man Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

45.3 Info Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . 794

45.4 The Linux Documentation Project . . . . . . . . . . . . . . . . . 794

45.5 Wikipedia: The Free Online Encyclopedia . . . . . . . . . . . . . . 795

45.6 Guides and Books . . . . . . . . . . . . . . . . . . . . . . . . 795

45.7 Package Documentation . . . . . . . . . . . . . . . . . . . . . 796

45.8 Usenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797

45.9 Standards and Specications . . . . . . . . . . . . . . . . . . . . 797

46 Common Problems and Their Solutions 801

46.1 Finding and Gathering Information . . . . . . . . . . . . . . . . . 801

46.2 Installation Problems . . . . . . . . . . . . . . . . . . . . . . . 804

46.3 Boot Problems . . . . . . . . . . . . . . . . . . . . . . . . . 812

46.4 Login Problems . . . . . . . . . . . . . . . . . . . . . . . . . 815

46.5 Network Problems . . . . . . . . . . . . . . . . . . . . . . . . 822

46.6 Data Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 827

Index 841

About This Guide

This guide is intended for use by professional network and system administrators during the actual planning, deployment, conguration, and operation of SUSE Linux Enterprise®. As such, it is solely concerned with ensuring that SUSE Linux Enterprise is properly congured and that the required services on the network are available to allow it to function properly as initially installed. This guide does not cover the process of ensuring that SUSE Linux Enterprise offers proper compatibility with your enterprise's application software or that its core functionality meets those requirements. It assumes that a full requirements audit has been done and the installation has been requested or that a test installation, for the purpose of such an audit, has been requested.

This guide contains the following:

Deployment

Before you install SUSE Linux Enterprise, choose the deployment strategy and disk setup that is best suited for your scenario. Learn how to install your system manually, how to use network installation setups, and how to perform an autoinstallation. Congure the installed system with YaST to adapt it to your requirements.

Administration

SUSE Linux Enterprise offers a wide range of tools to customize various aspects of the system. This part introduces a few of them.

System

Learn more about the underlying operating system by studying this part. SUSE Linux Enterprise supports a number of hardware architectures and you can use this to adapt your own applications to run on SUSE Linux Enterprise. The boot loader and boot procedure information assists you in understanding how your Linux system works and how your own custom scripts and applications may blend in with it.

Services

SUSE Linux Enterprise is designed to be a network operating system. SUSE® Linux Enterprise Desktop includes client support for many network services. It integrates well into heterogeneous environments including MS Windows clients and servers.

Security

This edition of SUSE Linux Enterprise includes several security-related features. It ships with Novell® AppArmor, which enables you to protect your applications by restricting privileges. Secure login, rewalling, and le system encryption are covered as well.

Troubleshooting

SUSE Linux Enterprise includes a wealth of applications, tools, and documentation should you need them in case of trouble. Some of the most common problems that can occur with SUSE Linux Enterprise and their solutions are discussed in detail.

1 Feedback

We want to hear your comments and suggestions about this manual and the other documentation included with this product. Please use the User Comments feature at the bottom of each page of the online documentation and enter your comments there.

2 Documentation Updates

For the latest version of this documentation, see the SUSE Linux Enterprise Desktop Web site [http://www.novell.com/documentation/sled10/index

.html].

3 Additional Documentation

For additional documentation on this product, refer to http://www.novell.com/

documentation/sled10/index.html:

GNOME User Guide

A comprehensive guide to the GNOME desktop and its most important applications.

KDE User Guide

A comprehensive guide to the KDE desktop and its most important applications.

xiv Deployment Guide

Novell AppArmor Administration Guide

An in-depth administration guide to Novell AppArmor that introduces application connement for heightened security in your environment.

For a documentation overview on the SUSE® Linux Enterprise Server product, refer to http://www.novell.com/documentation/sles10/index.html. The following manuals are exclusively available for SUSE Linux Enterprise Server:

Start-Up Guide

Basic information about installation types and work ows.

Architecture-Specic Information

Architecture-specic information needed to prepare a SUSE Linux Enterprise Server target for installation.

Installation and Administration

In-depth installation and administration for SUSE Linux Enterprise Server.

Novell AppArmor Administration Guide

An in-depth administration guide to Novell AppArmor that introduces application connement for heightened security in your environment.

Storage Administration Guide

An introduction to managing various types of storage devices on SUSE Linux Enterprise.

Heartbeat Guide

An in-depth administration guide to setting up high availability scenarios with Heartbeat.

Novell Virtualization Technology User Guide

An introduction to virtualization solutions based on SUSE Linux Enterprise and the Xen* virtualization technology.

Many chapters in this manual contain links to additional documentationresources. This includes additional documentation that is available on the system as well as documentation available on the Internet.

About This Guide xv

4 Documentation Conventions

The following typographical conventions are used in this manual:

• /etc/passwd: lenames and directory names

• placeholder: replace placeholder with the actual value

• PATH: the environment variable PATH

• ls, --help: commands, options, and parameters

• user: users or groups

•

Alt, Alt + F1: a key to press or a key combination; keys are shown in uppercase as

on a keyboard

•

File, File > Save As: menu items, buttons

•

Dancing Penguins (Chapter Penguins, ↑Another Manual): This is a reference to a chapter in another manual.

xvi Deployment Guide

Part I. Deployment

Planning for SUSE Linux Enterprise Desktop

This chapter is addressed mainly to corporate system administrators who face the task of having to deploy SUSE® Linux Enterprise Desktop at their site. Rolling out SUSE Linux Enterprise Desktop to an entire site should involve careful planning and consideration of the following questions:

For which purpose will the SUSE Linux Enterprise Desktop workstations be used?

Determine the purpose for which SUSE Linux Enterprise Desktop should be used and make sure that hardware and software able to match these requirements are used. Consider testing your setup on a single machine before rolling it out to the entire site.

How many workstations should be installed?

Determine the scope of your deployment of SUSE Linux Enterprise Desktop. Depending on the number of installation planned, consider different approaches to the installation or even a mass installation using SUSE Linux Enterprises unique AutoYaST technology. For more information about this subject, refer to Chapter 2,

Deployment Strategies (page 7).

How do you get software updates for your deployment?

All patches provided by Novell for your product are available for download to registered users. Register and nd the patch support database at http://www

.novell.com/suselinuxportal.

Do you need help for your local deployment?

Novell provides training, support, and consulting for all topics around SUSE Linux Enterprise Desktop. Find more information about this at http://www.novell

.com/products/desktop/.

Planning for SUSE Linux Enterprise Desktop 3

1.1 Hardware Requirements

SUSE Linux Enterprise Desktop requires certain minimum hardware requirements to be met before you can successfully install and run SUSE Linux Enterprise Desktop. A minimum installation of SUSE Linux Enterprise Desktop containing the most basic, essential software and a very minimalistic graphical user interface requires at least:

• Intel* Pentium* III, 500 MHz

• 256 MB of physical RAM

• 800 MB of available disk space

• 800 x 600 display resolution

For a standard installation of SUSE Linux Enterprise Desktop including the desktop environment of your choice (GNOME or KDE) and a wealth of applications, the following conguration is recommended:

• Intel Pentium IV, 2.4 GHz or higher or any AMD64 or Intel 64 processor

• 1–2 physical CPUs

• 512 MB physical RAM or higher

• 1024 x 768 display resolution (or higher)

1.2 Reasons to Use SUSE Linux Enterprise Desktop

Let the following items guide you in your selection of SUSE Linux Enterprise Desktop and while determining the purpose of the installed systems:

Wealth of Applications

SUSE Linux Enterprise Desktop's broad offer of software makes it appeal to both professional users in a corporate environment and to home users or users in smaller networks.

4 Deployment Guide

Ease of Use

SUSE Linux Enterprise Desktop comes with two enterprise-ready desktop environments, GNOME and KDE. Both enable users to comfortably adjust to a Linux system while maintaining their efciency and productivity. To explore the desktops in detail, refer to GNOME User Guide and KDE User Guide.

Support for Mobile Users

With the NetworkManager technology fully integrated into SUSE Linux Enterprise Desktop and its two desktop environments, mobile users will enjoy the freedom of easily joining and switching wired and wireless networks.

Seamless Integration into Existing Networks

SUSE Linux Enterprise Desktop was designed to be a versatile network citizen. It cooperates with various different network types:

Pure Linux Networks SUSE Linux Enterprise Desktop is a complete Linux client and supports all the protocols used in traditional Linux and Unix* environments. It integrates well with networks consisting of other SUSE Linux or SUSE Linux Enterprise machines. LDAP, NIS, and local authentication are supported.

Windows Networks SUSE Linux Enterprise Desktop supports Active Directory as an authentication source. It offers you all the advantages of a secure and stable Linux operating system plus convenient interaction with other Windows clients and means to manipulate your Windows user data from a Linux client. Explore this feature in detail in Chapter 12, Active Directory Support (page 303).

Windows and Novell Networks Being backed by Novell and their networking expertise, SUSE Linux Enterprise Desktop naturally offers you support for Novell technologies, like GroupWise, Novell Client for Linux, and iPrint, and it also offers authentication support for Novell eDirectory services.

Application Security with Novell AppArmor

SUSE Linux Enterprise Desktop enables you to secure your applications by enforcing security proles tailor-made for your applications. To learn more about Novell AppArmor, refer to http://www.novell.com/documentation/

apparmor/.

Planning for SUSE Linux Enterprise Desktop 5

Deployment Strategies

There are several different ways to deploy SUSE® Linux Enterprise. Choose from various approaches ranging from a local installation using physical media or a network installation server to a mass deployment using a remote-controlled, highly-customized, and automated installation technique. Select the method that best matches your requirements.

TIP: Using Xen Virtualization with SLED

You may use the Xen virtualization technology to test virtual instances of SUSE Linux Enterprise Desktop prior to rolling it out to real hardware. You could also experiment with basic Windows*-in-SLED setups. For more information about the virtualization technology available with SUSE Linux Enterprise, refer to

http://www.novell.com/documentation/vmserver/index.html.

2.1 Deploying up to 10 Workstations

If your deployment of SUSE Linux Enterprise only involves 1 to 10 workstations, the easiest and least complex way of deploying SUSE Linux Enterprise is a plain manual installation as featured in Chapter 3, Installation with YaST (page 17). Manual installa- tion can be done in several different ways depending on your requirements:

Installing from the SUSE Linux Enterprise Media (page 8)

Consider this approach if you want to install a single, disconnected workstation.

Deployment Strategies 7

Installing from a Network Server Using SLP (page 8)

Consider this approach if you have a single workstation or a small number of workstations and if a network installation server announced via SLP is available.

Installing from a Network Server (page 9)

Consider this approach if you have a single workstation or a small number of workstations and if a network installation server is available.

Table 2.1

Tasks Requiring Manual Interaction

Details

Table 2.2

Installation Source

Installing from the SUSE Linux Enterprise Media

Installing from a Network Server Using SLP

SUSE Linux Enterprise media kitInstallation Source

• Inserting the installation media

• Booting the installation target

• Changing media

• Determining the YaST installation scope

• Conguring the system with YaST system

NoneRemotely Controlled Tasks

Section 3.1.2, “Installing from the SUSE Linux Enterprise Media” (page 18)

Network installation server holding the SUSE Linux Enterprise installation media

Tasks Requiring Manual Interaction

8 Deployment Guide

• Inserting the boot disk

• Booting installation target

• Determining the YaST installation scope

• Conguring the system with YaST

None, but this method can be combined with VNCRemotely Controlled Tasks

Details

Table 2.3

Installation Source

Tasks Requiring Manual Interaction

Details

Installing from a Network Server

Section 3.1.3, “Installing from a Network Server Using SLP” (page 19)

Network installation server holding the SUSE Linux Enterprise installation media

• Inserting the boot disk

• Providing boot options

• Booting the installation target

• Determining the YaST installation scope

• Conguring the system with YaST

None, but method can be combined with VNCRemotely Controlled Tasks

Section 3.1.4, “Installing from a Network Source without SLP” (page 19)

2.2 Deploying up to 100 Workstations

With a growing numbers of workstations to install, you certainly do not want to install and congure each one of them manually. There are many automated or semiautomated approaches as well as several options to perform an installation with minimal to no physical user interaction.

Before considering a fully-automated approach, take into account that the more complex the scenario gets the longer it takes to set up. If a time limit is associated with your deployment, it might be a good idea to select a less complex approach that can be carried out much more quickly. Automation makes sense for huge deployments and those that need to be carried out remotely.

Deployment Strategies 9

Choose from the following options:

Simple Remote Installation via VNC—Static Network Conguration (page 11)

Consider this approach in a small to medium scenario with a static network setup. A network, network installation server, and VNC viewer application are required.

Simple Remote Installation via VNC—Dynamic Network Conguration (page 11)

Consider this approach in a small to medium scenario with dynamic network setup through DHCP. A network, network installation server, and VNC viewer application are required.

Remote Installation via VNC—PXE Boot and Wake on LAN (page 12)

Consider this approach in a small to medium scenario that should be installed via network and without physical interaction with the installation targets. A network, a network installation server, network boot images, network bootable target hardware, and a VNC viewer application are required.

Simple Remote Installation via SSH—Static Network Conguration (page 12)

Consider this approach in a small to medium scenario with static network setup. A network, network installation server, and SSH client application are required.

Remote Installation via SSH—Dynamic Network Conguration (page 13)

Consider this approach in a small to medium scenario with dynamic network setup through DHCP. A network, network installation server, and SSH client application are required.

Remote Installation via SSH—PXE Boot and Wake on LAN (page 14)

Simple Mass Installation (page 14)

Consider this approach for large deployments to identical machines. If congured to use network booting, physical interaction with the target systems is not needed at all. A network, a network installation server, a remote controlling application such as a VNC viewer or an SSH client, and an AutoYaST conguration prole are required. If using network boot, a network boot image and network bootable hardware are required as well.

10 Deployment Guide

Rule-Based Autoinstallation (page 15)

Consider this approach for large deployments to various types of hardware. If congured to use network booting, physical interaction with the target systems is not needed at all. A network, a network installation server, a remote controlling application such as a VNC viewer or an SSH client, and several AutoYaST conguration proles as well as a rule setup for AutoYaST are required. If using network boot, a network boot image and network bootable hardware are required as well.

Table 2.4

Preparations • Setting up an installation source

Drawbacks • Each machine must be set up individually

Details

Table 2.5

Simple Remote Installation via VNC—Static Network Conguration

NetworkInstallation Source

• Booting from the installation media

Remote: VNCControl and Monitoring

small to medium scenarios with varying hardwareBest Suited For

• Physical access is needed for booting

Section 4.1.1, “Simple Remote Installation via VNC—Static Network Conguration” (page 40)

Simple Remote Installation via VNC—Dynamic Network Conguration

NetworkInstallation Source

Preparations • Setting up the installation source

• Booting from the installation media

Remote: VNCControl and Monitoring

Deployment Strategies 11

Small to medium scenarios with varying hardwareBest Suited For

Drawbacks • Each machine must be set up individually

• Physical access is needed for booting

Details

Table 2.6

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Details

Remote Installation via VNC—PXE Boot and Wake on LAN

Section 4.1.2, “Simple Remote Installation via VNC—Dynamic Network Conguration” (page 41)

NetworkInstallation Source

• Conguring DHCP, TFTP, PXE boot, and WOL

• Booting from the network

Remote: VNCControl and Monitoring

• Completely remote installs; cross-site deployment

Each machine must be set up manuallyDrawbacks

Section 4.1.3, “Remote Installation via VNC—PXE Boot and Wake on LAN” (page 43)

Table 2.7

Preparations • Setting up the installation source

12 Deployment Guide

Simple Remote Installation via SSH—Static Network Conguration

NetworkInstallation Source

• Booting from the installation media

Remote: SSHControl and Monitoring

Best Suited For • Small to medium scenarios with varying hardware

• Low bandwidth connections to target

Drawbacks • Each machine must be set up individually

• Physical access is needed for booting

Details

Table 2.8

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Drawbacks • Each machine must be set up individually

Remote Installation via SSH—Dynamic Network Conguration

Section 4.1.4, “Simple Remote Installation via SSH—Static Network Conguration” (page 44)

NetworkInstallation Source

• Booting from installation media

Remote: SSHControl and Monitoring

• Low bandwidth connections to target

• Physical access is needed for booting

Deployment Strategies 13

Details

Section 4.1.5, “Simple Remote Installation via SSH—Dynamic Network Conguration” (page 45)

Table 2.9

Preparations • Setting up the installation source

Best Suited For • Small to medium scenarios with varying hardware

Details

Remote Installation via SSH—PXE Boot and Wake on LAN

NetworkInstallation Source

• Conguring DHCP, TFTP, PXE boot, and WOL

• Booting from the network

Remote: SSHControl and Monitoring

• Completely remote installs; cross-site deployment

• Low bandwidth connections to target

Each machine must be set up individuallyDrawbacks

Section 4.1.6, “Remote Installation via SSH—PXE Boot and Wake on LAN” (page 47)

Table 2.10

Preparations • Gathering hardware information

14 Deployment Guide

Simple Mass Installation

Preferably networkInstallation Source

• Creating AutoYaST prole

• Setting up the installation server

• Distributing the prole

• Setting up network boot (DHCP, TFTP, PXE, WOL)

Booting the target from installation media

Local or remote through VNC or SSHControl and Monitoring

Best Suited For • Large scenarios

• Identical hardware

• No access to system (network boot)

Applies only to machines with identical hardwareDrawbacks

Section 5.1, “Simple Mass Installation” (page 77)Details

Table 2.11

Preparations • Gathering hardware information

Rule-Based Autoinstallation

Preferably networkInstallation Source

• Creating AutoYaST proles

• Creating AutoYaST rules

• Setting up the installation server

• Distributing the prole

• Setting up network boot (DHCP, TFTP, PXE, WOL)

Booting the target from installation media

Deployment Strategies 15

Local or remote through SSH or VNCControl and Monitoring

Best Suited For • Varying hardware

• Cross-site deployments

Complex rule setupDrawbacks

Section 5.2, “Rule-Based Autoinstallation” (page 89)Details

2.3 Deploying More than 100 Workstations

Most of the considerations brought up for medium installation scenarios in Section 2.1,

“Deploying up to 10 Workstations” (page 7) still hold true for large scale deployments.

However, with a growing number of installation targets, the benets of a fully automated installation method outweigh its disadvantages.

It pays off to invest a considerable amount of time to create a sophisticated rule and class framework in AutoYaST to match the requirements of a huge deployment site. Not having to touch each target separately can save you a tremendous amount of time depending on the scope of your installation project.

16 Deployment Guide

Installation with YaST

Install your SUSE Linux Enterprise® system with YaST, the central tool for installation and conguration of your system. YaST guides you through the installation process and the basic conguration of your system. During the installation and conguration process, YaST analyzes both, your current system settings and your hardware components and proposes installation settings based on this analysis. By default, YaST displays an overview of all installation steps on the left hand side of the window and provides online help texts for each step. Click Help to view the help text and Steps to switch back to the overview.

If you are a rst-time user of SUSE Linux Enterprise, you might want to follow the default YaST proposals in most parts, but you can also adjust the settings as described here to ne-tune your system according to your needs and wishes. Many parts of the basic system conguration, such as user accounts or system language, can also be modied after the installation process.

3.1 System Start-Up for Installation

You can install SUSE Linux Enterprise from local installation sources, such as the SUSE Linux Enterprise CDs or DVD, or from the network source of an FTP, HTTP, SLP, or NFS server. Any of these approaches requires physical access to the system to install and user interaction during the installation. The installation procedure is basically the same regardless of the installation source.

Installation with YaST 17

3.1.1 Boot Options

Boot options other than CD or DVD exist and can be used if problems arise booting from CD or DVD. These options are described in Table 3.1, “Boot Options” (page 18).

Table 3.1

DVD/CD-ROM

Floppy

PXE or BOOTP

Hard Disk

Boot Options

DescriptionBoot Option

This is the easiest boot option. This option can be used if the system has a local CD/DVD-ROM drive that is supported by Linux.

The images for generating boot oppies are located on CD/DVD 1 in the /boot directory. A README is available in the same directory.

This must be supported by the system's BIOS or rmware and a boot server must be available in the network. This task can also be handled by another SUSE Linux Enterprise system.

SUSE Linux Enterprise can also be booted from the hard disk. To do this, copy the kernel (linux) and the installation system (initrd) from the directory /boot/loader on CD/DVD 1 to the hard disk and add the appropriate entry to the boot loader.

3.1.2 Installing from the SUSE Linux

Enterprise Media

To install from the media, insert the rst CD or DVD into the appropriate drive of the system to install. Reboot the system to boot from the media and open the boot screen.

18 Deployment Guide

3.1.3 Installing from a Network Server Using SLP

If your network setup supports OpenSLP and your network installation source has been congured to announce itself via OpenSLP , boot the system from the media or with another boot option. In the boot screen, select the desired installation option. Press F3 and F4 then select SLP.

The installation program retrieves the location of the network installation source using OpenSLP and congures the network connection with DHCP. If the DHCP network conguration fails, you are prompted to enter the appropriate parameters manually. The installation then proceeds as described below.

3.1.4 Installing from a Network Source without SLP

If your network setup does not support OpenSLP for the retrieval of network installation sources, boot the system from the media or with another boot option. In the boot screen, select the desired installation option. Press F3 and F4 then select the desired network protocol (NFS, HTTP, FTP, or SMB). Provide the server's address and the path to the installation media.

3.2 The Installation Workow

The SUSE Linux Enterprise installation is split into three main parts: preparation, installation, conguration. During the preparation phase you congure some basic parameters such as language, time, and desktop type. In the installation phase you decide which software to install, where to install it and how to boot the installed system. Upon nishing the installation the machine reboots into the newly installed system and starts

Installation with YaST 19

the conguration. In this stage you set up users and passwords, and congure network and Internet access as well as hardware components such as printers.

3.3 The Boot Screen

The boot screen displays a number of options for the installation procedure. Boot from Hard Disk boots the installed system and is selected default, because the CD/DVD is

often left in the drive. To install the system, select one of the installation options with the arrow keys. The relevant options are:

Installation

The normal installation mode. All modern hardware functions are enabled. All modern hardware functions are enabled.

Installation—ACPI Disabled

If the normal installation fails, this might be due to the system hardware not supporting ACPI (advanced conguration and power interface). If this seems to be the case, use this option to install without ACPI support.

Installation—Local APIC Disabled

If the normal installation fails, this might be due to the system hardware not supporting local APIC (Advanced Programmable Interrupt Controllers). If this seems to be the case, use this option to install without local APIC support.

If you are not sure, try one of the following options rst: Installation—ACPI Dis-

abled or Installation—Safe Settings.

Installation—Safe Settings

Boots the system with the DMA mode (for CD-ROM drives) and power management functions disabled.

Rescue System

Starts a minimal Linux system without a graphical user interface. For more information, see Section “Using the Rescue System” (page 834).

Memory Test

Tests your system RAM using repeated read and write cycles. Terminate the test by rebooting. For more information, see Section 46.2.5, “Fails to Boot” (page 808).

20 Deployment Guide

Installation options from the menu disable only the most problematic functions. If you need to disable or set other functions, use the Boot Options prompt. Find detailed information about kernel parameters at http://en.opensuse.org/Linuxrc.

Use the function keys indicated in the bar at the bottom of the screen to change the language, resolution of the monitor, or installation source or to add an additional driver from your hardware vendor:

F1 Help

Get context-sensitive help for the active element of the boot screen.

F2 Language

Select the display language for the installation. The default language is English.

F3 Other Options

Enables further options that can be set for installation.

After you press F3, additional options can be set:

F3 Video Mode

Select various graphical display modes for the installation. Select Text Mode if the graphical installation causes problems.

F4 Source

Normally, the installation is performed from the inserted installation medium. Here, select other sources, like FTP or NFS servers. If the installation is carried out in a network with an SLP server, select one of the installation sources available on the server with this option. Find information about SLP in Chapter 31, SLP Services

in the Network (page 649).

F5 Driver

Press this key to tell the system that you have an optional disk with a driver update for SUSE Linux Enterprise. With File, load drivers directly from CD before the installation starts. If you select Yes, you are prompted to insert the update disk at the appropriate point in the installation process. The default option is No—not to load a driver update.

After starting the installation, SUSE Linux Enterprise loads and congures a minimal Linux system to run the installation procedure. To view the boot messages and copyright notices during this process, press Esc. On completion of this process, the YaST installation program starts and displays the graphical installer.

Installation with YaST 21

TIP: Installation without a Mouse

If the installer does not detect your mouse correctly, use Tab for navigation, arrow keys to scroll, and Enter to conrm a selection.

3.3.1 Providing Data to Access a SMT Server

If your network provides a SMT server to provide a local update source, you need to equip the client with the server's URL. Client and server communicate solely via HTTPS protocol, therefore you also need to enter a path to the server's certicate if the certicate was not issued by a certicate authority. This information has to be entered at the boot prompt.

smturl

URL of the SMT server. The URL has a xed format https://FQN/center/regsvc/ FQN has to be full qualied hostname of the SMT server. Example:

smturl=https://smt.example.com/center/regsvc/

smtcert

Location of the SMT server's certicate. Specify one of the following locations:

URL

Remote location (http, https or ftp) from which the certicate can be downloaded. Example:

smtcert=http://smt.example.com/smt-ca.crt

Floppy

Species a location on a oppy. The oppy has to be inserted at boot time, you will not be prompted to insert it if it is missing. The value has to start with the string floppy followed by the path to the certicate. Example:

smtcert=floppy/smt/smt-ca.crt

local path

Absolute path to the certicate on the local machine. Example:

smtcert=/data/inst/smt/smt-ca.cert

22 Deployment Guide

Interactive

Use ask to open a pop-up menu during the installation where you can specify the path to the certicate. Do not use this option with AutoYaST. Example

smtcert=ask

Deactivate certicate installation

Use done if either the certicate will be installed by an add-on product, or if you are using a certicate issued by an ofcial certicate authority. Example:

smtcert=done

WARNING: Beware of typing errors

Make sure the values you enter are correct. If smturl has not been specied correctly, the registration of the update source will fail. If a wrong value for smtcert has been entered, you will be prompted for a local path to the certicate.

In case smtcert is not specied, it will default to http://FQN/smt.crt with FQN being the name of the SMT server.

3.4 Language

YaST and SUSE Linux Enterprise in general can be congured to use different languages according to your needs. The language selected here is also used for the keyboard layout. In addition, YaST uses the language setting to guess a time zone for the system clock. These settings can be modied later along with the selection of secondary languages to install on your system.

You can change the language later during installation as described in Section 3.9, “In-

stallation Settings” (page 25). For information about language settings in the installed

system, see Section 8.1, “YaST Language” (page 120).

3.5 Media Check

The media check dialog appears only if you install from media created from downloaded ISOs. If you install from the original media set, the dialog is skipped.

Installation with YaST 23

The media check examines the integrity of a medium. To start the media check, select the drive in that contains the installation medium and click Start Check. The check can take some time.

To test multiple media, wait until a result message appears in the dialog before changing the medium. If the last medium checked is not the one with which you started the installation, YaST prompts for the appropriate medium before continuing with the installation.

WARNING: Failure of Media Check

If the media check fails, your medium is damaged. Do not continue the installation because installation may fail or you may lose your data. Replace the broken medium and restart the installation process.

If the result of the media check is positive, click Next to continue the installation.

3.6 License Agreement

Read the license agreement that is displayed on screen thoroughly. If you agree to the terms, choose Yes, I Agree to the License Agreement and click Next to conrm your selection. If you do not agree to the license agreement, you cannot install SUSE Linux Enterprise and the installation terminates.

3.7 Installation Mode

After a system analysis where YaST tries to nd other installed systems or an already existing SUSE Linux Enterprise system on your machine, YaST displays the installation modes available:

New installation

Select this option to start a new installation from scratch.

Update an existing system

Select this option to update to a newer version. For more information about system update, see Chapter 9, Updating SUSE Linux Enterprise (page 191).

24 Deployment Guide

Other Options

This option provides an opportunity to abort installation and boot or repair an installed system instead. To boot an already installed SUSE Linux Enterprise, select Boot Installed System. If you have problems booting an already installed SUSE Linux Enterprise, see Section 46.3, “Boot Problems” (page 812).

To repair an installed system that fails to boot, select Repair Installed System. Find a description of the system repair options in Section “Using YaST System Repair” (page 829).

NOTE: Updating an Installed System

Updating is only possible if an older SUSE Linux Enterprise system is already installed. If no SUSE Linux Enterprise system is installed, you can only perform a new installation.

3.8 Clock and Time Zone

In this dialog, select your region and time zone from the lists. During installation, both are preselected according to the selected installation language. Choose between Local Time and UTC (GMT) for Hardware Clock Set To. The selection depends on how the BIOS hardware clock is set on your machine. If it is set to GMT, which corresponds to UTC, your system can rely on SUSE Linux Enterprise to switch from standard time to daylight saving time and back automatically. Click Change to set the current date and time. When nished, click Next to continue the installation.

3.9 Installation Settings

After a thorough system analysis, YaST presents reasonable suggestions for all installation settings. Basic settings can be changed in the Overview tab, advanced options are available on the Experts tab. To modify the suggestions, either click Change and select the category to change or click on one of the headlines. After conguring any of the items presented in these dialogs, you are always returned to the summary window, which is updated accordingly.

Installation with YaST 25

TIP: Resetting the changes to default values

You can reset all changes to the defaults by clicking Change > Reset to Defaults. YaST then shows the original proposal again.

3.9.1 Overview

The options that sometimes need manual intervention in common installation situations are presented in the Overview tab. Modify Partitioning, Software selection and Locale settings here.

Partitioning

In most cases, YaST proposes a reasonable partitioning scheme that can be accepted without change. YaST can also be used to customize the partitioning, but only experienced users should change partitioning.

When you select the Partitioning for the rst time, the YaST partitioning dialog displays the proposed partition settings. To accept these settings, click Accept Proposal.

To make small changes in the proposal, select Base Partition Setup on This Proposal and adjust partitioning in the next dialog. For a completely different partitioning, select Create Custom Partition Setup. In the next dialog, choose a specic disk to partition or Custom Partitioning if you want to have access to all disks. For more information about custom partitioning, refer to Section 8.5.5, “Using the YaST Partitioner” (page 146)the SUSE Linux Enterprise Server documentation.

The partitioning scheme proposed should have sufcient disk space. If implementing your own partitioning scheme, consider an absolute minimum of 5 GB for the system partition. At least 10 GB are recommended. Personal data, such as documents, music les, and images, require additional space.

Resizing a Windows Partition

If a hard disk containing a Windows FAT or NTFS partition is selected as the installation target, YaST offers to delete or shrink this partition. This functionality is especially useful if the selected hard disk contains only one Windows partition that covers the entire hard disk (see Figure 3.1, “Possible Options for Windows Partitions” (page 27)).

26 Deployment Guide

Figure 3.1

If you select Delete Windows Completely, the Windows partition is marked for deletion and the space is used for the installation of SUSE Linux Enterprise.

WARNING: Deleting Windows

Possible Options for Windows Partitions

If you delete Windows, all data will be lost beyond recovery as soon as the formatting starts.

To Shrink the Windows partition, you need to interrupt the installation and boot Windows to prepare before shrinking it. For all Windows le systems, proceed as follows:

1. Deactivate a Virtual Memory le, if there is one.

2. Run scandisk.

3. Run defrag.

After these preparations, restart the SUSE Linux Enterprise installation. When you turn to the Linux partitioning setup, select Shrink Windows Partition. After a quick check of the partition, YaST opens a dialog with a suggestion for resizing the Windows partition.

Installation with YaST 27

Figure 3.2

The rst bar graph shows how much disk space is currently occupied by Windows and how much space is still available. The second bar graph shows how the space would be distributed after the resizing, according to YaST's current proposal. See Figure 3.2,

“Resizing the Windows Partition” (page 28). To change the proposed settings use the

slider or the input elds to change the partition sizing.

Resizing the Windows Partition

If you leave this dialog by selecting Next, the settings are stored and you are returned to the previous dialog. The actual resizing takes place later, before the hard disk is formatted.

IMPORTANT: Writing to NTFS Partitions

By default, the Windows versions NT, 2000, and XP use the NTFS le system. SUSE Linux Enterprise includes basic write access support to the NTFS le system, but this feature has limited functionality. This means you can read your Windows les from Linux or overwrite them, but you cannot extend or remove them.

28 Deployment Guide

Software

SUSE Linux Enterprise contains a number of software packages for various application purposes. Click Software in the suggestion window to start the software selection and modify the installation scope according to your needs. Select your pattern from the list in the middle and see the description in the right part of the window. Each pattern contains a number of software packages needed for specic functions (e.g. Multimedia or Ofce software). For a more detailed selection based on software packages to install, select Details to switch to the YaST Software Manager. See Figure 3.3, “Installing and

Removing Software with the YaST Software Manager” (page 29).

Figure 3.3

You can also install additional software packages or remove software packages from your system at any time later. For more information, refer to Section 8.3.1, “Installing

and Removing Software” (page 122).

Installing and Removing Software with the YaST Software Manager

Language

To change the system language or to congure support for secondary languages, select Language. Select a language from the list. The primary language is used as the system language. Choose a secondary languages to be able to switch to one of these languages at any time without having to install additional packages. .

Installation with YaST 29

3.9.2 Expert

If you are an advanced user and want to congure booting or change the time zone or default runlevel, select the Expert tab. It shows the following additional entries not contained on the Overview tab:

System

This dialog presents all the hardware information YaST could obtain about your computer. Select any item in the list and click Details to see detailed information about the selected item. Advanced users can also change the PCI ID setup and Kernel Settings by choosing System Settings.

Add-On Products

The added source for add-on media appears in the overview. Before you start the installation of the SUSE Linux Enterprise, add, remove, or modify add-on products here if needed.

Booting

YaST proposes a boot conguration for your system. Normally, you can leave these settings unchanged. However, if you need a custom setup, modify the proposal for your system. For information, see Section 18.3, “Conguring the Boot Loader

with YaST” (page 416).

Time Zone

This is the same as the conguration shown earlier in Section 3.8, “Clock and Time

Zone” (page 25).

Default Runlevel

SUSE Linux Enterprise can boot to different runlevels. Normally there should be no need to change anything here, but if necessary, set the default runlevel with this dialog. Refer to Section 17.2.3, “Conguring System Services (Runlevel) with

YaST” (page 400) for information about runlevel conguration.

3.10 Performing the Installation

After making all installation settings, click Accept in the suggestion window to begin the installation. Conrm with Install. Some software may require a license conrmation. If your software selection includes such software, license conrmation dialogs are

30 Deployment Guide

displayed. Click Accept to install the software. When not agreeing to the license, click I Disagree and the software will not be installed.

The installation usually takes between 15 and 30 minutes, depending on the system performance and the software selected. During this procedure a slide show introduces the features of SUSE Linux Enterprise. Choose Details to switch to the installation log. As soon as all packages are installed, YaST boots into the new Linux system, after which you can congure the hardware and set up system services.

3.11 Conguration of the Installed

System

The system is installed now but not congured for use. No users, hardware, or services are congured, yet. If the conguration fails at one of the steps of this stage, it restarts and continues from the last successful step.

First, provide a password for the account of the system administrator (the root user). Congure your Internet access and network connection. With a working Internet connection, you can perform an update of the system as part of the installation. You can also connect to an authentication server for centralized user administration in a local network. Finally, congure the hardware devices connected to the machine.

3.11.1 Password for the System

Administrator “root”

root is the name of the superuser, the administrator of the system. Unlike regular users, who may or may not have permission to do certain things on the system, root has unlimited power to do anything: change the system conguration, install programs, and set up new hardware. If users forget their passwords or have other problems with the system, root can help. The root account should only be used for system administration, maintenance, and repair. Logging in as root for daily work is rather risky: a single mistake could lead to irretrievable loss of system les.

For verication purposes, the password for root must be entered twice. Do not forget the root password. Once entered, this password cannot be retrieved.

Installation with YaST 31

When typing passwords, the characters are replaced by dots, so you do not see the string you are typing. If you are unsure whether you typed the correct string, use the Test Keyboard Layout eld for testing purposes.

SUSE Linux Enterprise can use the DES, MD5, or Blowsh encryption algorithms for passwords. The default encryption type is Blowsh. To change the encryption type, click Expert Options > Encryption Type and select the new type.

The root can be changed any time later in the installed system. To do so run YaST and start Security and Users > User Management.

3.11.2 Hostname and Domain Name

The hostname is the computer's name in the network. The domain name is the name of the network. A hostname and domain are proposed by default. If your system is part of a network, the hostname has to be unique in this network whereas the domain name has to be common to all hosts on the network.

In many networks, the system receives its name over DHCP. In this case it is not necessary to modify the hostname and domain name. Select Change Hostname via DHCP instead. To be able to access your system using this hostname, even when it is not connected to the network, select Write Hostname to /etc/hosts. If you often change networks without restarting the desktop environment (e.g. when switching between different WLANs), do not enable this option, because the desktop system may get confused when the hostname in /etc/hosts changes.

To change hostname settings at any time after installation, use YaST Network Devices > Network Card. For more information, see Section 30.4.1, “Conguring the Network

Card with YaST” (page 612).

3.11.3 Network Conguration

By default, User-Controlled Interface with NetworkManager Applet is enabled. Net- workManager is a tool that enables automatic connection with minimal user intervention. It is ideal for mobile computing. If you want to use the traditional method without NetworkManager, click Disable NetworkManager. Find detailed information about NetworkManager in Section 30.5, “Managing Network Connections with NetworkMan-

ager” (page 627).

32 Deployment Guide

This conguration step also lets you congure the network devices of your system and make security settings, for example, for a rewall or proxy. To congure your network connection later, select Skip Conguration and click Next. Network hardware can also be congured after the system installation has been completed. If you skip the network device conguration, your system is left ofine and is unable to retrieve any available updates.

Apart from the device conguration, the following network settings can be congured in this step:

Network Mode

Enable or disable the use of NetworkManager as described above.

Firewall

By default SuSErewall2 is enabled on all congured network interfaces. To globally disable the rewall for this computer, click on disable. If the rewall is enabled, you may open the SSH port in order to allow remote connections via secure shell. To open the detailed rewall conguration dialog, click on Firewall. See

Section 39.4.1, “Conguring the Firewall with YaST” (page 737) for detailed infor-

mation.

IPv6

By default, the IPv6 support is enabled. To disable it, click Disable IPv6. For more information about IPv6, see Section 30.2, “IPv6—The Next Generation Internet” (page 601).

VNC Remote Administration

To administer your machine remotely by VNC, click Change > VNC Remote Administration, enable remote administration, and open the port in the rewall. If you

have multiple network devices and want to select on which to open the port, click Firewall Details and select the network device. You can also use SSH, a more secure option, for remote administration.

Proxy

If you have a proxy server controlling the Internet access in your network, congure the proxy URLs and authentication details in this dialog.

Installation with YaST 33

TIP: Resetting the Network Conguration to the Defaults

Reset the network settings to the original proposed values by clicking Change > Reset to Defaults. This discards any changes made.

Test Internet Connection

After having congured a network connection, you can test it. For this purpose, YaST establishes a connection to the SUSE Linux Enterprise server and downloads the latest release notes. Read them at the end of the installation process. A successful test is also a prerequisite for registering and updating online.

If you have multiple network interfaces, verify that the desired card is used to connect to the Internet. If not, click Change Device.

To start the test, select Yes, Test Connection to the Internet and click Next. In the next dialog, view the progress of the test and the results. Detailed information about the test process is available via View Logs. If the test fails, click Back to return to the network conguration to correct your entries.

If you do not want to test the connection at this point, select No, Skip This Test then Next. This also skips downloading the release notes, conguring the customer center, and updating online. These steps can be performed any time after the system has been initially congured.

3.11.4 Novell Customer Center

To get technical support and product updates, rst register and activate your product. Novell Customer Center Conguration provides assistance for doing so.

If you are ofine or want to skip this step, select Congure Later. This also skips SUSE Linux Enterprise online update.

In Include for Convenience, select whether to send unsolicited additional information when registering. This simplies the registration process. Click on Details to obtain in-depth information about data privacy and the data collected.

34 Deployment Guide

Conguration

Apart from activating and registering your product, this module also adds the ofcial update catalog to your conguration. This catalog provides xes for known bugs or security issues which can be installed via an online update.

In addition to the update catalog, two more catalogs with ofcial drivers for ATI and NVidia graphics cards are added. SUSE Linux Enterprise ships with open source drivers for these cards, but the ofcial drivers, provided directly by the graphics cards manufacturers, offer additional functionality. In order to add these catalogs, you need to import their public GnuPG keys—these keys are used to ensure the catalog is provided by the owner of the catalog. Click Trust Key and then Import to add the catalog. Click Skip package and then Abort to prevent this specic catalog from being added to your conguration.

To keep your catalogs valid, select Regularly Synchronize with Customer Center. This option checks your catalogs and adds newly available catalogs or removes obsolete ones. It does not touch manually added catalogs.

TIP: Technical Support

Find more information about the technical support at http://www.novell

.com/support/products/desktop/.

3.11.5 Online Update

If the Novell Customer Center Conguration was successful, select whether to perform a YaST online update. If there are any patched packages available on the servers, download and install them now to x known bugs or security issues. Directives on how to perform an online update in the installed system are available at Section 8.3.5, “YaST

Online Update” (page 130)

IMPORTANT: Downloading Software Updates

The download of updates might take quite some time, depending on the bandwidth of the Internet connection and the size of the update les. In case the patch system itself is updated, the online update will restart and download more patches after the restart. If the kernel was updated, the system will reboot before completing the conguration.

Installation with YaST 35

3.11.6 Users

If network access was congured successfully during the previous steps of the installation, you can now choose from several user management options. If a network connection has not been congured, create local user accounts. For detailed information about user management, see Section 8.9.1, “User Management” (page 161)the SUSE Linux Enterprise Server documentation.

Local (/etc/passwd)

Users are administered locally on the installed host. This is a suitable option for stand-alone workstations. User data is managed by the local le /etc/passwd. All users who are entered in this le can log in to the system even if no network is available.

If YaST found a former version of SUSE Linux Enterprise or another system using

/etc/passwd, it offers to import local users. To do so, check Read User Data from a Previous Installation and click Choose. In the next dialog, select the users

to import and click OK.

LDAP

Users are administered centrally on an LDAP server for all systems in the network. More information is available in Section 35.3, “Conguring an LDAP Client with

YaST” (page 677).

NIS

Users are administered centrally on a NIS server for all systems in the network. See Section 33.1, “Conguring NIS Clients” (page 659) for more information.

Windows Domain

SMB authentication is often used in mixed Linux and Windows networks. Detailed information is available in Section 12.3, “Conguring a Linux Client for Active

Directory” (page 309).

eDirectory LDAP

eDirectory authentication is used in Novell networks.

36 Deployment Guide

NOTE: Content of the Authentication Menu

If you use the custom package selection and one or more authentication methods are missing from the menu, the required packages probably are not installed.

Along with the selected user administration method, you can use Kerberos authentication. This is essential for integrating your SUSE Linux Enterprise to an Active Directory domain, which is described in Chapter 12, Active Directory Support (page 303). To use Kerberos authentication, select Set Up Kerberos Authentication.

3.11.7 Release Notes

After completing the user authentication setup, YaST displays the release notes. Reading them is recommended, because they contain important up-to-date information which was not available when the manuals were printed. If you tested the Internet connection, read the most recent version of the release notes, as fetched from SUSE Linux Enterprise's servers. Use Miscellaneous > Release Notes to view the release notes after installation.

3.11.8 Hardware Conguration

At the end of the installation, YaST opens a dialog for the conguration of the graphics card and other hardware components connected to the system. Click the individual components to start the hardware conguration. For the most part, YaST detects and congures the devices automatically.

You can skip any peripheral devices and congure them later, as described in Section 8.4,

“Hardware” (page 136) . To skip the conguration, select Skip Conguration and click

Next.

However, you should congure the graphics card right away. Although the display settings as congured by YaST should be generally acceptable, most users have very strong preferences as far as resolution, color depth, and other graphics features are concerned. To change these settings, select the respective item and set the values as desired. To test your new conguration, click Test the Conguration.

Installation with YaST 37

TIP: Resetting Hardware Conguration to Defaults

You can cancel changes by clicking Change > Reset to Defaults. YaST then shows the original proposal again.

3.11.9 Completing the Installation

After a successful installation, YaST shows the Installation Completed dialog. In this dialog, select whether to clone your newly installed system forAutoYaST. To do so, select Clone This System for AutoYaST. The prole of the current system is stored in /root/autoyast.xml.

AutoYaST is a system for installing one or more SUSE Linux Enterprise systems automatically without user intervention. AutoYaST installations are performed using a control le with installation and conguration data. Finish the installation of SUSE Linux Enterprise with Finish in the nal dialog.

3.12 Graphical Login

SUSE Linux Enterprise is now installed and congured. Unless you enabled the automatic login function or customized the default runlevel, you should see the graphical login on your screen in which to enter a username and password to log in to the system. If automatic login is activated, the desktop starts automatically.

For a short introduction to the KDE or GNOME desktop environments, refer to KDE Quick Start and GNOME Quick Start. Find detailed information about both desktop environments and about the applications to run on KDE or GNOME in KDE User Guide and GNOME User Guide.

38 Deployment Guide

Remote Installation

SUSE Linux Enterprise® can be installed in several different ways. As well as the usual media installation covered in Chapter 3, Installation with YaST (page 17), you can choose from various network-based approaches or even take a completely handsoff approach to the installation of SUSE Linux Enterprise.

Each method is introduced by means of two short check lists: one listing the prerequisites for this method and the other illustrating the basic procedure. More detail is then provided for all the techniques used in these installation scenarios.

NOTE

In the following sections, the system to hold your new SUSE Linux Enterprise installation is referred to as target system or installation target. The term instal- lation source is used for all sources of installation data. This includes physical media, such as CD and DVD, and network servers distributing the installation data in your network.

4.1 Installation Scenarios for Remote

Installation

This section introduces the most common installation scenarios for remote installations. For each scenario, carefully check the list of prerequisites and follow the procedure outlined for this scenario. If in need of detailed instructions for a particular step, follow the links provided for each one of them.

Remote Installation 39

IMPORTANT

The conguration of the X Window System is not part of any remote installation process. After the installation has nished, log in to the target system as root, enter telinit 3, and start SaX2 to congure the graphics hardware.

4.1.1 Simple Remote Installation via VNC—Static Network Conguration

This type of installation still requires some degree of physical access to the target system to boot for installation. The installation itself is entirely controlled by a remote workstation using VNC to connect to the installation program. User interaction is required as with the manual installation in Chapter 3, Installation with YaST (page 17).

For this type of installation, make sure that the following requirements are met:

• Remote installation source: NFS, HTTP, FTP, or SMB with working network connection

• Target system with working network connection

• Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera)

• Physical boot medium (CD or DVD) for booting the target system

• Valid static IP addresses already assigned to the installation source and the controlling system

• Valid static IP address to assign to the target system

To perform this kind of installation, proceed as follows:

Set up the installation source as described in Section 4.2, “Setting Up the Server

Holding the Installation Sources” (page 48). Choose an NFS, HTTP, or FTP

network server. For an SMB installation source, refer to Section 4.2.5, “Managing

an SMB Installation Source” (page 56).

40 Deployment Guide

Boot the target system using the rst CD or DVD of the SUSE Linux Enterprise

media kit.

When the boot screen of the target system appears, use the boot options prompt

to set the appropriate VNC options and the address of the installation source. This is described in detail in Section 4.4, “Booting the Target System for Instal-

lation” (page 68).

The target system boots to a text-based environment, giving the network address and display number under which the graphical installation environment can be addressed by any VNC viewer application or browser. VNC installations announce themselves over OpenSLP and can be found using Konqueror in service:/ or slp:/ mode.

On the controlling workstation, open a VNC viewing application or Web

browser and connect to the target system as described in Section 4.5.1, “VNC

Installation” (page 73).

Perform the installation as described in Chapter 3, Installation with YaST

(page 17). Reconnect to the target system after it reboots for the nal part of the installation.

Finish the installation.

4.1.2 Simple Remote Installation via VNC—Dynamic Network Conguration

This type of installation still requires some degree of physical access to the target system to boot for installation. The network conguration is made with DHCP. The installation itself is entirely controlled from a remote workstation using VNC to connect to the installer, but still requires user interaction for the actual conguration efforts.

For this type of installation, make sure that the following requirements are met:

• Remote installation source: NFS, HTTP, FTP, or SMB with working network connection

• Target system with working network connection

Remote Installation 41

• Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera)

• Physical boot medium (CD, DVD, or custom boot disk) for booting the target system

• Running DHCP server providing IP addresses

To perform this kind of installation, proceed as follows:

Set up the installation source as described in Section 4.2, “Setting Up the Server

Holding the Installation Sources” (page 48). Choose an NFS, HTTP, or FTP

network server. For an SMB installation source, refer to Section 4.2.5, “Managing

an SMB Installation Source” (page 56).

Boot the target system using the rst CD or DVD of the SUSE Linux Enterprise

media kit.

When the boot screen of the target system appears, use the boot options prompt

to set the appropriate VNC options and the address of the installation source. This is described in detail in Section 4.4, “Booting the Target System for Instal-

lation” (page 68).

On the controlling workstation, open a VNC viewing application or Web

browser and connect to the target system as described in Section 4.5.1, “VNC

Installation” (page 73).

Perform the installation as described in Chapter 3, Installation with YaST

(page 17). Reconnect to the target system after it reboots for the nal part of the installation.

Finish the installation.

42 Deployment Guide

4.1.3 Remote Installation via VNC—PXE Boot and Wake on LAN

This type of installation is completely hands-off. The target machine is started and booted remotely. User interaction is only needed for the actual installation. This approach is suitable for cross-site deployments.

To perform this type of installation, make sure that the following requirements are met:

• Remote installation source: NFS, HTTP, FTP, or SMB with working network connection

• TFTP server

• Running DHCP server for your network

• Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network

• Controlling system with working network connection and VNC viewer software or Java-enabled browser (Firefox, Konqueror, Internet Explorer, or Opera)

To perform this type of installation, proceed as follows:

Set up the installation source as described in Section 4.2, “Setting Up the Server

Holding the Installation Sources” (page 48). Choose an NFS, HTTP, or FTP

network server or congure an SMB installation source as described in Sec-

tion 4.2.5, “Managing an SMB Installation Source” (page 56).

Set up a TFTP server to hold a boot image that can be pulled by the target system.

This is described in Section 4.3.2, “Setting Up a TFTP Server” (page 60).

Set up a DHCP server to provide IP addresses to all machines and reveal the lo-

cation of the TFTP server to the target system. This is described in Section 4.3.1,

“Setting Up a DHCP Server” (page 58).

Prepare the target system for PXE boot. This is described in further detail in

Section 4.3.5, “Preparing the Target System for PXE Boot” (page 67).

Remote Installation 43

Initiate the boot process of the target system using Wake on LAN. This is de-

scribed in Section 4.3.7, “Wake on LAN” (page 67).

On the controlling workstation, open a VNC viewing application or Web

browser and connect to the target system as described in Section 4.5.1, “VNC

Installation” (page 73).

Perform the installation as described in Chapter 3, Installation with YaST

(page 17). Reconnect to the target system after it reboots for the nal part of the installation.

Finish the installation.

4.1.4 Simple Remote Installation via SSH—Static Network Conguration

This type of installation still requires some degree of physical access to the target system to boot for installation and to determine the IP address of the installation target. The installation itself is entirely controlled from a remote workstation using SSH to connect to the installer. User interaction is required as with the regular installation described in

Chapter 3, Installation with YaST (page 17).

For this type of installation, make sure that the following requirements are met:

• Remote installation source: NFS, HTTP, FTP, or SMB with working network connection

• Target system with working network connection

• Controlling system with working network connection and working SSH client software

• Physical boot medium (CD, DVD, or custom boot disk) for the target system

• Valid static IP addresses already assigned to the installation source and the controlling system

• Valid static IP address to assign to the target system

44 Deployment Guide

To perform this kind of installation, proceed as follows:

Set up the installation source as described in Section 4.2, “Setting Up the Server

Holding the Installation Sources” (page 48). Choose an NFS, HTTP, or FTP

network server. For an SMB installation source, refer to Section 4.2.5, “Managing

an SMB Installation Source” (page 56).

Boot the target system using the rst CD or DVD of the SUSE Linux Enterprise

media kit.

When the boot screen of the target system appears, use the boot options prompt

to set the appropriate parameters for network connection, address of the installation source, and SSH enablement. This is described in detail in Section 4.4.3,

“Using Custom Boot Options” (page 70).

The target system boots to a text-based environment, giving the network address under which the graphical installation environment can be addressed by any SSH client.

On the controlling workstation, open a terminal window and connect to the target

system as described in Section “Connecting to the Installation Program” (page 75).

Perform the installation as described in Chapter 3, Installation with YaST

(page 17). Reconnect to the target system after it reboots for the nal part of the installation.

Finish the installation.

4.1.5 Simple Remote Installation via SSH—Dynamic Network Conguration

This type of installation still requires some degree of physical access to the target system to boot for installation and determine the IP address of the installation target. The installation itself is entirely controlled from a remote workstation using VNC to connect to the installer, but still requires user interaction for the actual conguration efforts.

Remote Installation 45

For this type of installation, make sure that the following requirements are met:

• Remote installation source: NFS, HTTP, FTP, or SMB with working network connection

• Target system with working network connection

• Controlling system with working network connection and working SSH client software

• Physical boot medium (CD or DVD) for booting the target system

• Running DHCP server providing IP addresses

To perform this kind of installation, proceed as follows:

Set up the installation source as described in Section 4.2, “Setting Up the Server

Holding the Installation Sources” (page 48). Choose an NFS, HTTP, or FTP

network server. For an SMB installation source, refer to Section 4.2.5, “Managing

an SMB Installation Source” (page 56).

Boot the target system using the rst CD or DVD of the SUSE Linux Enterprise

media kit.

When the boot screen of the target system appears, use the boot options prompt

to pass the appropriate parameters for network connection, location of the installation source, and SSH enablement. See Section 4.4.3, “Using Custom Boot

Options” (page 70) for detailed instructions on the use of these parameters.

The target system boots to a text-based environment, giving you the network address under which the graphical installation environment can be addressed by any SSH client.

On the controlling workstation, open a terminal window and connect to the target

system as described in Section “Connecting to the Installation Program” (page 75).

Perform the installation as described in Chapter 3, Installation with YaST

(page 17). Reconnect to the target system after it reboots for the nal part of the installation.

Finish the installation.

46 Deployment Guide

4.1.6 Remote Installation via SSH—PXE Boot and Wake on LAN

This type of installation is completely hands-off. The target machine is started and booted remotely.

To perform this type of installation, make sure that the following requirements are met:

• Remote installation source: NFS, HTTP, FTP, or SMB with working network connection

• TFTP server

• Running DHCP server for your network, providing a static IP to the host to install

• Target system capable of PXE boot, networking, and Wake on LAN, plugged in and connected to the network

• Controlling system with working network connection and SSH client software

To perform this type of installation, proceed as follows:

Set up the installation source as described in Section 4.2, “Setting Up the Server

Holding the Installation Sources” (page 48). Choose an NFS, HTTP, or FTP

network server. For the conguration of an SMB installation source, refer to

Section 4.2.5, “Managing an SMB Installation Source” (page 56).

Set up a TFTP server to hold a boot image that can be pulled by the target system.

This is described in Section 4.3.2, “Setting Up a TFTP Server” (page 60).

Set up a DHCP server to provide IP addresses to all machines and reveal the lo-

cation of the TFTP server to the target system. This is described in Section 4.3.1,

“Setting Up a DHCP Server” (page 58).

Prepare the target system for PXE boot. This is described in further detail in

Section 4.3.5, “Preparing the Target System for PXE Boot” (page 67).

Initiate the boot process of the target system using Wake on LAN. This is de-

scribed in Section 4.3.7, “Wake on LAN” (page 67).

Remote Installation 47

On the controlling workstation, start an SSH client and connect to the target

system as described in Section 4.5.2, “SSH Installation” (page 75).

Perform the installation as described in Chapter 3, Installation with YaST

(page 17). Reconnect to the target system after it reboots for the nal part of the installation.

Finish the installation.

4.2 Setting Up the Server Holding the Installation Sources

Depending on the operating system running on the machine to use as network installation source for SUSE Linux Enterprise, there are several options for the server conguration. The easiest way to set up an installation server is to use YaST on SUSE Linux Enterprise Server 9 or 10 orSUSE Linux 9.3 and higher. On other versions of SUSE Linux Enterprise Server or SUSE Linux Enterprise, set up the installation source manually.

TIP

You can even use a Microsoft Windows machine as installation server for your Linux deployment. See Section 4.2.5, “Managing an SMB Installation Source” (page 56) for details.

4.2.1 Setting Up an Installation Server Using

YaST

YaST offers a graphical tool for creating network installation sources. It supports HTTP, FTP, and NFS network installation servers.

Start YaST > Miscellaneous > Installation Server.

48 Deployment Guide

Select the server type (HTTP, FTP, or NFS). The selected server service is

started automatically every time the system starts. If a service of the selected type is already running on your system and you want to congure it manually for the server, deactivate the automatic conguration of the server service with Do Not Congure Any Network Services. In both cases, dene the directory in which the installation data should be made available on the server.

Congure the required server type. This step relates to the automatic conguration

of server services. It is skipped when automatic conguration is deactivated.

Dene an alias for the root directory of the FTP or HTTP server on which the installation data should be found. The installation source will later be located under ftp://Server-IP/Alias/Name (FTP) or under http://Server-IP/Alias/Name (HTTP). Name stands for the name of the installation source, which is dened in the following step. If you selected NFS in the previous step, dene wild cards and export options. The NFS server will be accessible under nfs://Server-IP/Name.

TIP: Firewall Settings

Make sure that the rewall settings of your server system allow trafc on the ports for HTTP, NFS, and FTP. If they currently do not, start the YaST rewall module and open the respective ports.

Congure the installation source. Before the installation media are copied to their

destination, dene the name of the installation source (ideally, an easily remembered abbreviation of the product and version). YaST allows providing ISO images of the media instead of copies of the installation CDs. If you want this, activate the relevant check box and specify the directory path under which the ISO les can be found locally. Depending on the product to distribute using this installation server, it might be that more add-on CDs or service pack CDs are required and should be added as extra installation sources. To announce your installation server in the network via OpenSLP, activate the appropriate option.

Remote Installation 49

TIP

Consider announcing your installation source via OpenSLP if your network setup supports this option. This saves you from entering the network installation path on every target machine. The target systems are just booted using the SLP boot option and nd the network installation source without any further conguration. For details on this option, refer to

Section 4.4, “Booting the Target System for Installation” (page 68).

Upload the installation data. The most lengthy step in conguring an installation

server is copying the actual installation CDs. Insert the media in the sequence requested by YaST and wait for the copying procedure to end. When the sources have been fully copied, return to the overview of existing information sources and close the conguration by selecting Finish.

Your installation server is now fully congured and ready for service. It is automatically started every time the system is started. No further intervention is required. You only need to congure and start this service correctly by hand if you have deactivated the automatic conguration of the selected network service with YaST as an initial step.

To deactivate an installation source, select the installation source to remove then select Delete. The installation data are removed from the system. To deactivate the network service, use the respective YaST module.

If your installation server should provide the installation data for more than one product of product version, start the YaST installation server module and select Add in the overview of existing installation sources to congure the new installation source.

4.2.2 Setting Up an NFS Installation Source

Manually

IMPORTANT

This assumes that are using any kind of SUSE Linux-based operating system on the machine that will serve as installation server. If this is not the case, turn to the others vendor's documentation on NFS instead of following these directions.

50 Deployment Guide

Setting up an NFS source for installation is basically done in two steps. In the rst step, create the directory structure holding the installation data and copy the installation media over to this structure. Second, export the directory holding the installation data to the network.

To create a directory holding the installation data, proceed as follows:

Create a directory that should later hold all installation data and change into this

directory. For example:

mkdir install/product/productversion

cd install/product/productversion

Replace product with an abbreviation of the product name and productversion with a string that contains the product name and version.

For each CD contained in the media kit execute the following commands:

Copy the entire content of the installation CD into the installation server di-

rectory:

cp -a /media/path_to_your_CD-ROM_drive .

Replace path_to_your_CD-ROM_drive with the actual path under which your CD or DVD drive is addressed. Depending on the type of drive used in your system, this can be cdrom, cdrecorder, dvd, or dvdrecorder.

Rename the directory to the CD number:

mv path_to_your_CD-ROM_drive CDx

Replace x with the actual number of your CD.

On SUSE Linux Enterprise Server, you can export the installation sources with NFS using YaST. Proceed as follows:

Start YaST > Network Services > NFS Server.

Remote Installation 51

Select Start and Open Port in Firewall and click Next.

Select Add Directory and browse for the directory containing the installation

sources, in this case, productversion.

Select Add Host and enter the hostnames of the machines to which to export the

installation data. Instead of specifying hostnames here, you could also use wild cards, ranges of network addresses, or just the domain name of your network. Enter the appropriate export options or leave the default, which works ne in most setups. For more information about the syntax used in exporting NFS shares, read the exports man page.

Click Finish. The NFS server holding the SUSE Linux Enterprise installation

sources is automatically started and integrated into the boot process.

If you prefer manually exporting the installation sources via NFS instead of using the YaST NFS Server module, proceed as follows:

Open the le /etc/exports and enter the following line:

/productversion *(ro,root_squash,sync)

This exports the directory //productversion to any host that is part of this network or to any host that can connect to this server. To limit the access to this server, use netmasks or domain names instead of the general wild card *. Refer to the export man page for details. Save and exit this conguration le.

To add the NFS service to the list of servers started during system boot, execute

the following commands:

insserv /etc/init.d/nfsserver insserv /etc/init.d/portmap

Start the NFS server with rcnfsserver start. If you need to change the

conguration of your NFS server later, modify the conguration le and restart the NFS daemon with rcnfsserver restart.

Announcing the NFS server via OpenSLP makes its address known to all clients in your network.

52 Deployment Guide

Enter the directory /etc/slp.reg.d/.

Create a conguration le called install.suse.nfs.reg containing the

following lines:

# Register the NFS Installation Server service:install.suse:nfs://$HOSTNAME/path_to_instsource/CD1,en,65535 description=NFS Installation Source

Replace path_to_instsource with the actual path to the installation source on your server.

Save this conguration le and start the OpenSLP daemon with rcslpd start.

For more information about OpenSLP, refer to the package documentation located under

/usr/share/doc/packages/openslp/ or refer to Chapter 31, SLP Services

in the Network (page 649).

4.2.3 Setting Up an FTP Installation Source Manually

Creating an FTP installation source is very similar to creating an NFS installation source. FTP installation sources can be announced over the network using OpenSLP as well.

Create a directory holding the installation sources as described in Section 4.2.2,

“Setting Up an NFS Installation Source Manually” (page 50).

Congure the FTP server to distribute the contents of your installation directory:

manager.

Enter the FTP server root directory:

cd /srv/ftp

Remote Installation 53

Create a subdirectory holding the installation sources in the FTP root direc-

tory:

mkdir instsource

Replace instsource with the product name.

Mount the contents of the installation repository into the change root envi-

ronment of the FTP server:

mount --bind path_to_instsource /srv/ftp/instsource

Replace path_to_instsource and instsource with values matching your setup. If you need to make this permanent, add it to /etc/fstab.

Start vsftpd with vsftpd.

Announce the installation source via OpenSLP, if this is supported by your net-

work setup:

Create aconguration le called install.suse.ftp.reg under /etc/

slp.reg.d/ that contains the following lines:

# Register the FTP Installation Server service:install.suse:ftp://$HOSTNAME/srv/ftp/instsource/CD1,en,65535 description=FTP Installation Source

Replace instsource with the actual name to the installation source directory on your server. The service: line should be entered as one continuous line.

Save this conguration le and start the OpenSLP daemon with rcslpd

start.

4.2.4 Setting Up an HTTP Installation Source Manually

Creating an HTTP installation source is very similar to creating an NFS installation source. HTTP installation sources can be announced over the network using OpenSLP as well.

54 Deployment Guide

Create a directory holding the installation sources as described in Section 4.2.2,

“Setting Up an NFS Installation Source Manually” (page 50).

Congure the HTTP server to distribute the contents of your installation directory:

Install the Web server Apache.

Enter the root directory of the HTTP server (/srv/www/htdocs) and

create a subdirectory that will hold the installation sources:

mkdir instsource

Replace instsource with the product name.

Create a symbolic link from the location of the installation sources to the

root directory of the Web server (/srv/www/htdocs):

ln -s /path_instsource /srv/www/htdocs/instsource

Modify the conguration le of the HTTP server (/etc/apache2/

default-server.conf) to make it follow symbolic links. Replace the following line:

Options None

with

Options Indexes FollowSymLinks

Reload the HTTP server conguration using rcapache2 reload.

Announce the installation source via OpenSLP, if this is supported by your net-

work setup:

Create a conguration le called install.suse.http.reg under

/etc/slp.reg.d/ that contains the following lines:

# Register the HTTP Installation Server service:install.suse:http://$HOSTNAME/srv/www/htdocs/instsource/CD1/,en,65535 description=HTTP Installation Source

Remote Installation 55

Replace instsource with the actual path to the installation source on your server. The service: line should be entered as one continuous line.

Save this conguration le and start the OpenSLP daemon using rcslpd

restart.

4.2.5 Managing an SMB Installation Source

Using SMB, you can import the installation sources from a Microsoft Windows server and start your Linux deployment even with no Linux machine around.

To set up an exported Windows Share holding your SUSE Linux Enterprise installation sources, proceed as follows:

Start Explorer and create a new folder that will hold the entire installation tree

and name it INSTALL, for example.

Export this share according the procedure outlined in your Windows documenta-

tion.

Enter this share and create a subfolder, called product. Replace product

with the actual product name.

Enter the INSTALL/product folder and copy each CD or DVD to a separate

folder, such as CD1 and CD2.

To use a SMB mounted share as installation source, proceed as follows:

Boot the installation target.

Select Installation.

Press F4 for a selection of installation sources.

Choose SMB and enter the Windows machine's name or IP address, the share

name (INSTALL/product/CD1, in this example), username, and password.

56 Deployment Guide

After you hit Enter, YaST starts and you can perform the installation.

4.2.6 Using ISO Images of the Installation Media on the Server

Instead of copying physical media into your server directory manually, you can also mount the ISO images of the installation media into your installation server and use them as installation source. To set up an HTTP, NFS or FTP server that uses ISO images instead of media copies, proceed as follows:

Download the ISO images and save them to the machine to use as the installation

server.

Choose and create an appropriate location for the installation data, as described

in Section 4.2.2, “Setting Up an NFS Installation Source Manually” (page 50),

Section 4.2.3, “Setting Up an FTP Installation Source Manually” (page 53), or Section 4.2.4, “Setting Up an HTTP Installation Source Manually” (page 54).

Create subdirectories for each CD or DVD.

To mount and unpack each ISO image to the nal location, issue the following

command:

mount -o loop path_to_iso path_to_instsource/product/mediumx

Replace path_to_iso with the path to your local copy of the ISO image, path_to_instsource with the source directory of your server, product

with the product name, and mediumx with the type (CD or DVD) and number of media you are using.

Repeat the previous step to mount all ISO images needed for your product.

Start your installation server as usual, as described in Section 4.2.2, “Setting Up

an NFS Installation Source Manually” (page 50), Section 4.2.3, “Setting Up an FTP Installation Source Manually” (page 53), or Section 4.2.4, “Setting Up an HTTP Installation Source Manually” (page 54).

Remote Installation 57

4.3 Preparing the Boot of the Target System

This section covers the conguration tasks needed in complex boot scenarios. It contains ready-to-apply conguration examples for DHCP, PXE boot, TFTP, and Wake on LAN.

4.3.1 Setting Up a DHCP Server

There are two ways to set up a DHCP server. For SUSE Linux Enterprise Server 9 and higher, YaST provides a graphical interface to the process. Users of any other SUSE Linux-based products and non-SUSE Linux users should manually edit the conguration les or use the front-end provided by their operating system vendors.

IMPORTANT

The following sections just cover the conguration changes needed to make your DHCP server ready for PXE boot. For more information about the conguration of DHCP, turn to the manuals of your operating system vendor.

Setting Up a DHCP Server with YaST

To announce the TFTP server's location to the network clients and specify the boot image le the installation target should use, add two declarations to your DHCP server conguration.

Start YaST > Network Services > DHCP Server.

Complete the setup wizard for basic DHCP server setup.

Select Expert Settings and select Yes when warned about leaving the start-up di-

alog.

58 Deployment Guide

In the Congured Declarations dialog, select thesubnet in which the new system

should be located and click Edit.

In the Subnet Conguration dialog select Add to add a new option to the subnet's

conguration.

Select filename and enter pxelinux.0 as the value.

Add another option (next-server) and set its value to the address of the TFTP

server.

Select OK and Finish to complete the DHCP server conguration.

To congure DHCP to provide a static IP address to a specic host, enter the Expert Settings of the DHCP server conguration module (Step 4 (page 58)) and add a new

declaration of the host type. Add the options hardware and fixed-address to this host declaration and provide the appropriate values.

Setting Up a DHCP Server Manually

All the DHCP server needs to do, apart from providing automatic address allocation to your network clients, is to announce the IP address of the TFTP server and the le that should be pulled in by the installation routines on the target machine.

Append the following lines to your DHCP server's conguration le located

under /etc/dhcpd.conf:

group { # PXE related stuff # # "next server" defines the tftp server that will be used next server ip_tftp_server: # # "filename" specifies the pxelinux image on the tftp server # the server runs in chroot under /srv/tftpboot filename "pxelinux.0"; }

Replace ip_of_the_tftp_server with the actual IP address of the TFTP server. For more information about the options available in dhcpd.conf, refer to the dhcpd.conf manual page.

Remote Installation 59

Restart the DHCP server by executing rcdhcpd restart.

If you plan on using SSH for the remote control of a PXE and Wake on LAN installation, explicitly specify the IP address DHCP should provide to the installation target. To achieve this, modify the above-mentioned DHCP conguration according to the following example:

The host statement introduces the hostname of the installation target. To bind the hostname and IP address to a specic host, you must know and specify the system's hardware (MAC) address. Replace all the variables used in this example with the actual values that match your environment.

After restarting the DHCP server, it provides a static IP to the host specied, enabling you to connect to the system via SSH.

4.3.2 Setting Up a TFTP Server

Set up a TFTP server with YaST on SUSE Linux Enterprise Server and SUSE Linux Enterprise or set it up manually on any other Linux operating system that supports xinetd and tftp. The TFTP server delivers the boot image to the target system once it boots and sends a request for it.

Setting Up a TFTP Server Using YaST

Start YaST > Network Services > TFTP Server and install the requested package.

60 Deployment Guide

Click Enable to make sure that the server is started and included in the boot

routines. No further action from your side is required to secure this. xinetd starts tftpd at boot time.

Click Open Port in Firewall to open the appropriate port in the rewall running

on your machine. If there is no rewall running on your server, this option is not available.

Click Browse to browse for the boot image directory. The default directory

/tftpboot is created and selected automatically.

Click Finish to apply your settings and start the server.

Setting Up a TFTP Server Manually

If unavailable, create /srv/tftpboot and /srv/tftpboot/pxelinux

.cfg directories.

Add the appropriate les needed for the boot image as described in Section 4.3.3,

“Using PXE Boot” (page 62).

Modify the conguration of xinetd located under /etc/xinetd.d/ to make

sure that the TFTP server is started on boot:

If it does not exist, create a le called tftp under this directory with touch

tftp. Then run chmod 755 tftp.

Open the le tftp and add the following lines:

service tftp { socket_type = dgram protocol = udp wait = yes user = root server = /usr/sbin/in.tftpd server_args = -s /srv/tftpboot disable = no }

Remote Installation 61

Save the le and restart xinetd with rcxinetd restart.

4.3.3 Using PXE Boot

Some technical background information as well as PXE's complete specications are available in the Preboot Execution Environment (PXE) Specication (http://www

.pix.net/software/pxeboot/archive/pxespec.pdf).

Change to the directory of your installation repository and copy the linux,

initrd, message, and memtest les to the /srv/tftpboot directory by entering the following:

cp -a boot/loader/linux boot/loader/initrd boot/loader/message boot/loader/memtest /srv/tftpboot

Install the syslinux package directly from your installation CDs or DVDs

with YaST.

Copy the /usr/share/syslinux/pxelinux.0 le to the /srv/

tftpboot directory by entering the following:

cp -a /usr/share/syslinux/pxelinux.0 /srv/tftpboot

Change to the directory of your installation repository and copy the isolinux

.cfg le to /srv/tftpboot/pxelinux.cfg/default by entering the following:

cp -a boot/loader/isolinux.cfg /srv/tftpboot/pxelinux.cfg/default

Edit the /srv/tftpboot/pxelinux.cfg/default le and remove the

lines beginning with gfxboot, readinfo, and framebuffer.

Insert the following entries in the append lines of the default failsafe and

apic labels:

62 Deployment Guide

insmod=kernel module

By means of this entry, enter the network kernel module needed to support network installation on the PXE client. Replace kernel module with the appropriate module name for your network device.

netdevice=interface

This entry denes the client's network interface that must be used for the network installation. It is only necessary if the client is equipped with several network cards and must be adapted accordingly. In case of a single network card, this entry can be omitted.

install=nfs://ip_instserver/path_instsource/CD1

This entry denes the NFS server and the installation source for the client installation. Replace ip_instserver with the actual IP address of your installation server. path_instsource should be replaced with the actual path to the installation sources. HTTP, FTP, or SMB sources are addressed in a similar manner, except for the protocol prex, which should read http, ftp, or smb.

IMPORTANT

If you need to pass other boot options to the installation routines, such as SSH or VNC boot parameters, append them to the install entry. An overview of parameters and some examples are given in

Section 4.4, “Booting the Target System for Installation” (page 68).

An example /srv/tftpboot/pxelinux.cfg/default le follows. Adjust the protocol prex for the installation source to match your network setup and specify your preferred method of connecting to the installer by adding the

vnc and vncpassword or the usessh and sshpassword options to the install entry. The lines separated by \ must be entered as one continuous line without a line break and without the \.

default linux

# default label linux kernel linux append initrd=initrd ramdisk_size=65536 insmod=e100 \ install=nfs://ip_instserver/path_instsource/product/CD1

Remote Installation 63

# failsafe label failsafe kernel linux append initrd=initrd ramdisk_size=65536 ide=nodma apm=off acpi=off \ insmod=e100 install=nfs://ip_instserver/path_instsource/product/CD1

# apic label apic kernel linux append initrd=initrd ramdisk_size=65536 apic insmod=e100 \ install=nfs://ip_instserver/path_instsource/product/CD1

# manual label manual kernel linux append initrd=initrd ramdisk_size=65536 manual=1

# rescue label rescue kernel linux append initrd=initrd ramdisk_size=65536 rescue=1

# memory test label memtest kernel memtest

# hard disk label harddisk localboot 0

implicit 0 display message prompt 1 timeout 100

Replace ip_instserver and path_instsource with the values used in your setup.

The following section serves as a short reference to the PXELINUX options used in this setup. Find more information about the options available in the documentation of the syslinux package located under /usr/share/doc/ packages/syslinux/.

4.3.4 PXELINUX Conguration Options

The options listed here are a subset of all the options available for the PXELINUX conguration le.

64 Deployment Guide

DEFAULT kernel options...

Sets the default kernel command line. If PXELINUX boots automatically, it acts as if the entries after DEFAULT had been typed in at the boot prompt, except the auto option is automatically added, indicating an automatic boot.

If no conguration le is present or no DEFAULT entry is present in the conguration le, the default is the kernel name “linux” with no options.

APPEND options...

Add one or more options to the kernel command line. These are added for both automatic and manual boots. The options are added at the very beginning of the kernel command line, usually permitting explicitly entered kernel options to override them.

LABEL label KERNEL image APPEND options...

Indicates that if label is entered as the kernel to boot, PXELINUX should instead boot image and the specied APPEND options should be used instead of the ones specied in the global section of the le (before the rst LABEL command). The default for image is the same as label and, if no APPEND is given, the default is to use the global entry (if any). Up to 128 LABEL entries are permitted.

Note that GRUB uses the following syntax:

title mytitle kernel my_kernel my_kernel_options initrd myinitrd

PXELINUX uses the following syntax:

label mylabel kernel mykernel append myoptions

Labels are mangled as if they were lenames and they must be unique after mangling. For example, the two labels “v2.1.30” and “v2.1.31” would not be distinguishable under PXELINUX because both mangle to the same DOS lename.

The kernel does not have to be a Linux kernel; it can be a boot sector or a COMBOOT le.

Remote Installation 65

APPEND -

Append nothing. APPEND with a single hyphen as argument in a LABEL section can be used to override a global APPEND.

LOCALBOOT type

On PXELINUX, specifying LOCALBOOT 0 instead of a KERNEL option means invoking this particular label and causes a local disk boot instead of a kernel boot.

DescriptionArgument

Perform a normal boot0

Perform a local boot with the Universal Network Driver Interface (UNDI) driver still resident in memory

Perform a local boot with the entire PXE stack, including the UNDI driver, still resident in memory

All other values are undened. If you do not know what the UNDI or PXE stacks are, specify 0.

TIMEOUT time-out

Indicates how long to wait at the boot prompt until booting automatically, in units of 1/10 second. The time-out is canceled as soon as the user types anything on the keyboard, assuming the user will complete the command begun. A time-out of zero disables the time-out completely (this is also the default). The maximum possible time-out value is 35996 (just less than one hour).

PROMPT flag_val

If flag_val is 0, displays the boot prompt only if Shift or Alt is pressed or Caps

Lock or Scroll Lock is set (this is the default). If flag_val is 1, always displays

the boot prompt.

F2 filename F1 filename ..etc... F9 filename F10 filename

66 Deployment Guide

Displays the indicated le on the screen when a function key is pressed at the boot prompt. This can be used to implement preboot online help (presumably for the kernel command line options). For backward compatibility with earlier releases,

F10 can be also entered as F0. Note that there is currently no way to bind lenames

to F11 and F12.

4.3.5 Preparing the Target System for PXE Boot

Prepare the system's BIOS for PXE boot by including the PXE option in the BIOS boot order.

WARNING: BIOS Boot Order

Do not place the PXE option ahead of the hard disk boot option in the BIOS. Otherwise this system would try to reinstall itself every time you boot it.

4.3.6 Preparing the Target System for Wake on LAN

Wake on LAN (WOL) requires the appropriate BIOS option to be enabled prior to the installation. Also, note down the MAC address of the target system. This data is needed to initiate Wake on LAN.

4.3.7 Wake on LAN

Wake on LAN allows a machine to be turned on by a special network packet containing the machine's MAC address. Because every machine in the world has a unique MAC identier, you do not need to worry about accidentally turning on the wrong machine.

IMPORTANT: Wake on LAN across Different Network Segments

If the controlling machine is not located in the same network segment as the installation target that should be awakened, either congure the WOL requests

Remote Installation 67

to be sent as multicasts or remotely control a machine on that network segment to act as the sender of these requests.

Users of SUSE Linux Enterprise Server 9 and higher can use a YaST module called WOL to easily congure Wake on LAN. Users of other versions of SUSE Linux-based operating systems can use a command line tool.

4.3.8 Wake on LAN with YaST

Start YaST > Network Services > WOL.

Click Add and enter the hostname and MAC address of the target system.

To turn on this machine, select the appropriate entry and click Wake up.

4.3.9 Manual Wake on LAN

Start YaST > Software Management and install the package netdiag.

Open a terminal and enter the following command as root to wake the target:

ether-wake mac_of_target

Replace mac_of_target with the actual MAC address of the target.

4.4 Booting the Target System for Installation

Basically, there are two different ways to customize the boot process for installation apart from those mentioned under Section 4.3.7, “Wake on LAN” (page 67) and Sec-

tion 4.3.3, “Using PXE Boot” (page 62). You can either use the default boot options

68 Deployment Guide

and function keys or use the boot options prompt of the installation boot screen to pass any boot options that the installation kernel might need on this particular hardware.

4.4.1 Using the Default Boot Options

The boot options are described in detail in Chapter 3, Installation with YaST (page 17). Generally, just selecting Installation starts the installation boot process.

If problems occur, use Installation—ACPI Disabled or Installation—Safe Settings. For more information about troubleshooting the installation process, refer to Section 46.2,

“Installation Problems” (page 804).

4.4.2 Using the F Keys

The menu bar at the bottom screen offers some advanced functionality needed in some setups. Using the F keys, you can specify additional options to pass to the installation routines without having to know the detailed syntax of these parameters (see Sec-

tion 4.4.3, “Using Custom Boot Options” (page 70)).

See the table below for a complete set of the options available. To access the complete set of F keys available, rst press F3.

Table 4.1

F Keys During Installation

language

Change screen resolution for installation

• VESA

• resolution #1

• resolution #2

Default ValueAvailable OptionsPurposeKey

NoneNoneProvide help

EnglishAll supported languagesSelect the installation

•• Text mode Default value depends on your graphics hardware

Remote Installation 69

• ...

Default ValueAvailable OptionsPurposeKey

• CD-ROM or DVD

source

• SLP

• FTP

• HTTP

• NFS

• SMB

• Hard Disk

disk

CD-ROM or DVDSelect the installation

NoneDriverApply driver update

4.4.3 Using Custom Boot Options

Using the appropriate set of boot options helps facilitate your installation procedure. Many parameters can also be congured later using the linuxrc routines, but using the boot options is easier. In some automated setups, the boot options can be provided with initrd or an info le.

The following table lists all installation scenarios mentioned in this chapter with the required parameters for booting and the corresponding boot options. Just append all of them in the order they appear in this table to get one boot option string that is handed to the installation routines. For example (all in one line):

install=... netdevice=... hostip=...netmask=... vnc=... vncpassword=...

Replace all the values (...) in this string with the values appropriate for your setup.

70 Deployment Guide

Table 4.2

Installation (Boot) Scenarios Used in This Chapter

Installation Scenario

Chapter 3, Installation with YaST (page 17)

Section 4.1.1, “Simple Remote Installation via VNC—Static Network Conguration” (page 40)

Section 4.1.2, “Simple Remote Installation via VNC—Dynamic Network Conguration”

(page 41)

for Booting

tomatically

• Location of the installation server

• Network device

• IP address

• Netmask

• Gateway

• VNC enablement

• VNC password

• Location of the installation server

• VNC enablement

• VNC password

Boot OptionsParameters Needed

None neededNone: system boots au-

• install=(nfs,http,

ftp,smb):///path _to_instmedia

• netdevice=some _netdevice (only need-

ed if several network devices are available)

• hostip=some_ip

• netmask=some

_netmask

• gateway=ip_gateway

• vnc=1

• vncpassword=some

_password

• install=(nfs,http, ftp,smb):///path

_to_instmedia

• vnc=1

• vncpassword=some

_password

Section 4.1.3, “Remote Installation via VNC—PXE Boot and • Location of the

(page 43) • VNC enablement

• Location of the installation server

TFTP serverWake on LAN”

• VNC password

Not applicable; process managed through PXE and DHCP

Remote Installation 71

Installation Scenario

Boot OptionsParameters Needed

for Booting

Section 4.1.4, “Simple Remote Installation via SSH—Static Network Conguration” (page 44)

Section 4.1.5, “Simple Remote Installation via SSH—Dynamic Network Conguration” (page 45)

• Location of the installation server

• Network device

• IP address

• Netmask

• Gateway

• SSH enablement

• SSH password

• Location of the installation server

• SSH enablement

• SSH password

• install=(nfs,http,

ftp,smb):///path _to_instmedia

• netdevice=some _netdevice (only need-

ed if several network devices are available)

• hostip=some_ip

• netmask=some

_netmask

• gateway=ip_gateway

• usessh=1

• sshpassword=some

_password

• install=(nfs,http, ftp,smb):///path

_to_instmedia

• usessh=1

• sshpassword=some

_password

Section 4.1.6, “Remote Installation via SSH—PXE Boot and • Location of the

(page 47) • SSH enablement

72 Deployment Guide

• Location of the installation server

TFTP serverWake on LAN”

• SSH password

Not applicable; process managed through PXE and DHCP

TIP: More Information about linuxrc Boot Options

Find more information about the linuxrc boot options used for booting a Linux system in /usr/share/doc/packages/linuxrc/linuxrc.html.

4.5 Monitoring the Installation Process

There are several options for remotely monitoring the installation process. If the proper boot options have been specied while booting for installation, either VNC or SSH can be used to control the installation and system conguration from a remote workstation.

4.5.1 VNC Installation

Using any VNC viewer software, you can remotely control the installation of SUSE Linux Enterprise from virtually any operating system. This section introduces the setup using a VNC viewer application or a Web browser.

Preparing for VNC Installation

All you need to do on the installation target to prepare for a VNC installation is to provide the appropriate boot options at the initial boot for installation (see Section 4.4.3,

“Using Custom Boot Options” (page 70)). The target system boots into a text-based

environment and waits for a VNC client to connect to the installation program.

The installation program announces the IP address and display number needed to connect for installation. If you have physical access to the target system, this information is provided right after the system booted for installation. Enter this data when your VNC client software prompts for it and provide your VNC password.

Because the installation target announces itself via OpenSLP, you can retrieve the address information of the installation target via an SLP browser without the need for any physical contact to the installation itself provided your network setup and all machines support OpenSLP:

Remote Installation 73

Start the KDE le and Web browser Konqueror.

Enter service://yast.installation.suse in the location bar. The

target system then appears as an icon in the Konqueror screen. Clicking this icon launches the KDE VNC viewer in which to perform the installation. Alternatively, run your VNC viewer software with the IP address provided and add :1 at the end of the IP address for the display the installation is running on.

Connecting to the Installation Program

Basically, there are two ways to connect to a VNC server (the installation target in this case). You can either start an independent VNC viewer application on any operating system or connect using a Java-enabled Web browser.

Using VNC, you can control the installation of a Linux system from any other operating system, including other Linux avors, Windows, or Mac OS.

On a Linux machine, make sure that the package tightvnc is installed. On a Windows machine, install the Windows port of this application, which can be obtained at the TightVNC home page (http://www.tightvnc.com/download.html).

To connect to the installation program running on the target machine, proceed as follows:

Start the VNC viewer.

Enter the IP address and display number of the installation target as provided by

the SLP browser or the installation program itself:

ip_address:display_number

A window opens on your desktop displaying the YaST screens as in a normal local installation.

Using a Web browser to connect to the installation program makes you totally independent of any VNC software or the underlying operating system. As long as the browser application has Java support enabled, you can use any browser (Firefox, Internet Explorer, Konqueror, Opera, etc.) to perform the installation of your Linux system.

To perform a VNC installation, proceed as follows:

74 Deployment Guide

Launch your preferred Web browser.

Enter the following at the address prompt:

http://ip_address_of_target:5801

Enter your VNC password when prompted to do so. The browser window now

displays the YaST screens as in a normal local installation.

4.5.2 SSH Installation

Using SSH, you can remotely control the installation of your Linux machine using any SSH client software.

Preparing for SSH Installation

Apart from installing the appropriate software package (OpenSSH for Linux and PuTTY for Windows), you just need to pass the appropriate boot options to enable SSH for installation. See Section 4.4.3, “Using Custom Boot Options” (page 70) for details. OpenSSH is installed by default on any SUSE Linux–based operating system.

Connecting to the Installation Program

Retrieve the installation target's IP address. If you have physical access to the

target machine, just take the IP address the installation routine provides at the console after the initial boot. Otherwise take the IP address that has been assigned to this particular host in the DHCP server conguration.

At a command line, enter the following command:

ssh -X root@ip_address_of_target

Replace ip_address_of_target with the actual IP address of the installation target.

When prompted for a username, enter root.

Remote Installation 75

When prompted for the password, enter the password that has been set with the

SSH boot option. After you have successfully authenticated, a command line prompt for the installation target appears.

Enter yast to launch the installation program. A window opens showing the

normal YaST screens as described in Chapter 3, Installation with YaST (page 17).

76 Deployment Guide

Automated Installation

AutoYaST allows you to install SUSE® Linux Enterprise on a large number of machines in parallel. The AutoYaST technology offers great exibility to adjust deployments to heterogeneous hardware. This chapter tells you how to prepare a simple automated installation and lay out an advanced scenario involving different hardware types and installation purposes.

5.1 Simple Mass Installation

IMPORTANT: Identical Hardware

This scenario assumes you are rolling out SUSE Linux Enterprise to a set of machines with exactly the same hardware conguration.

To prepare for an AutoYaST mass installation, proceed as follows:

Create an AutoYaST prole that contains the installation details needed for your

deployment as described in Section 5.1.1, “Creating an AutoYaST Prole” (page 78).

Determine the source of the AutoYaST prole and the parameter to pass to the

installation routines as described in Section 5.1.2, “Distributing the Prole and

Determining the autoyast Parameter” (page 80).

Determine the source of the SUSE Linux Enterprise installation data as described

in Section 5.1.3, “Providing the Installation Data” (page 83).

Automated Installation 77

Determine and set up the boot scenario for autoinstallation as described in Sec-

tion 5.1.4, “Setting Up the Boot Scenario” (page 83).

Pass the command line to the installation routines by adding the parameters

manually or by creating an info le as described in Section 5.1.5, “Creating

the info File” (page 85).

Start the autoinstallation process as described in Section 5.1.6, “Initiating and

Monitoring the Autoinstallation” (page 88).

5.1.1 Creating an AutoYaST Prole

An AutoYaST prole tells AutoYaST what to install and how to congure the installed system to get a completely ready-to-use system in the end. It can be created in several different ways:

• Clone a fresh installation from a reference machine to a set of identical machines

• Use the AutoYaST GUI to create and modify a prole to meet your requirements

• Use an XML editor and create a prole from scratch

To clone a fresh reference installation, proceed as follows:

Perform a normal installation.

After you complete the hardware conguration and read the release notes, check

Clone This Installation for AutoYaST, if it is not yet checked by default. This creates a ready-to-use prole as /root/autoinst.xml that can be used to create clones of this particular installation.

To use the AutoYaST GUI to create a prole from an existing system conguration and modify it to your needs, proceed as follows:

As root, start YaST.

Select Miscellaneous > Autoinstallation to start the graphical AutoYaST front-

end.

78 Deployment Guide

Select Tools > Create Reference Control File to prepare AutoYaST to mirror the

current system conguration into an AutoYaST prole.

As well as the default resources, like boot loader, partitioning, and software se-

lection, you can add various other aspects of your system to the prole by checking the items in the list in Create a Reference Control File.

Click Create to have YaST gather all the system information and write it to a

new prole.

To proceed, choose one of the following:

•

If the prole is complete and matches your requirements, select File > Save as and enter a lename for the prole, such as autoinst.xml.

• Modify the reference prole by selecting the appropriate conguration aspects (such as “Hardware/Printer”) from the tree view to the left and clicking Congure. The respective YaST module starts but your settings are written to the AutoYaST prole instead of applied to your system. When done, select File > Save as and enter a suitable name for the prole.

Leave the AutoYaST module with File > Exit.

Automated Installation 79

Figure 5.1

Editing an AutoYaST Prole with the AutoYaST Front-End

5.1.2 Distributing the Prole and Determining the autoyast Parameter

The AutoYaST prole can be distributed in several different ways. Depending on the protocol used to distribute the prole data, different AutoYaST parameters are used to make the prole location known to the installation routines on the client. The location of the prole is passed to the installation routines by means of the boot prompt or an info le that is loaded upon boot. The following options are available:

cation

File

80 Deployment Guide

autoyast=file:// /path

DescriptionParameterProle Lo-

Makes the installation routines look for the control le in specied path (relative to source root directory—file:/// autoinst.xml if in the top directory of a CD-ROM).

cation

DescriptionParameterProle Lo-

Device

Floppy

USB (Flash) Disk

NFS

HTTP

autoyast=device:// /path

autoyast=floppy:// /path

autoyast=usb:// /path

autoyast=nfs:// /server/path

autoyast=http:// /server/path

Makes the installation routines look for the control le on a storage device. Only the devicename is needed—/dev/sda1 is wrong, use sda1 instead.

Makes the installation routines look for the control le on a oppy in the oppy drive. This option is especially useful, if you want to boot from CD-ROM.

If a control le cannot be retrieved from the oppy disk, AutoYaST automatically scans any USB device attached to your machine.

This option triggers a search for the control le on any USB attached device.

Has the installation routines retrieve the control le from an NFS server.

Has the installation routines retrieve the control le from an HTTP server.

HTTPS

TFTP

FTP

Replace the server and path placeholders with values matching your actual setup.

autoyast=https:// /server/path

autoyast=tftp:// /server/path

autoyast=ftp:// /server/path

Has the installation routines retrieve the control le from an HTTPS server.

Has the installation routines retrieve the control le from a TFTP server.

Has the installation routines retrieve the control le from an FTP server.

Automated Installation 81

AutoYaST includes a feature that allows binding certain proles to the client's MAC address. Without having to alter the autoyast= parameter, you can have the same setup install several different instances using different proles.

To use this, proceed as follows:

Create separate proles with the MAC address of the client as the lename and

put them on the HTTP server that holds your AutoYaST proles.

Omit the exact path including the lename when creating the autoyast= pa-

rameter, for example:

autoyast=http://192.0.2.91/

Start the autoinstallation.

YaST tries to determine the location of the prole in the following way:

1. YaST searches for the prole using its own IP address in uppercase hexadecimal, for example, 192.0.2.91 is C000025B.

2. If this le is not found, YaST removes one hex digit and tries again. This action is repeated eight times until the le with the correct name is found.

3. If that still fails, it tries looking for a le with the MAC address of the clients as the lename. The MAC address of the example client is 0080C8F6484C.

4. If the MAC address–named le cannot be found, YaST searches for a le named default (in lowercase). An example sequence of addresses where YaST searches for the AutoYaST prole looks as follows:

C000025B C000025 C00002 C0000 C000 C00 C0 C 0080C8F6484C default

82 Deployment Guide

5.1.3 Providing the Installation Data

The installation data can be provided by means of the product CDs or DVDs or using a network installation source. If the product CDs are used as the installation source, physical access to the client to install is needed, because the boot process needs to be initiated manually and the CDs need to be changed.

To provide the installation sources over the network, set up a network installation server (HTTP, NFS, FTP) as described in Section 4.2.1, “Setting Up an Installation

Server Using YaST” (page 48). Use an info le to pass the server's location to the

installation routines.

5.1.4 Setting Up the Boot Scenario

The client can be booted in several different ways:

Network Boot

As for a normal remote installation, autoinstallation can be initiated with Wake on LAN and PXE, the boot image and control le can be pulled in via TFTP, and the installation sources from any network installation server.

Bootable CD-ROM

You can use the original SUSE Linux Enterprise media to boot the system for autoinstallation and pull in the control le from a network location or a oppy. Alternatively, create your own custom CD-ROM holding both the installation sources and the AutoYaST prole.

The following sections provide a basic outline of the procedures for network boot or boot from CD-ROM.

Preparing for Network Boot

Network booting with Wake on LAN, PXE, and TFTP is discussed in Section 4.1.3,

“Remote Installation via VNC—PXE Boot and Wake on LAN” (page 43). To make

the setup introduced there work for autoinstallation, modify the featured PXE Linux conguration le (/srv/tftp/pxelinux.cfg/default) to contain the autoyast parameter pointing to the location of the AutoYaST prole. An example entry for a standard installation looks like this:

Automated Installation 83

default linux

# default label linux kernel linux append initrd=initrd ramdisk_size=65536 insmod=e100 \ install=http://192.168.0.22/install/suse-enterprise/

The same example for autoinstallation looks like this:

default linux

# default label linux kernel linux append initrd=initrd ramdisk_size=65536 insmod=e100 \ install=http://192.168.0.22/install/suse-enterprise/ \ autoyast=nfs://192.168.0.23/profiles/autoinst.xml

Replace the example IP addresses and paths with the data used in your setup.

Preparing to Boot from CD-ROM

There are several ways in which booting from CD-ROM can come into play in AutoYaST installations. Choose from the following scenarios:

Boot from SUSE Linux Enterprise Media, Get the Prole over the Network

Use this approach if a totally network-based scenario is not possible (for example, if your hardware does not support PXE) and you have physical access to system to install during most of the process.

You need:

• The SUSE Linux Enterprise media

• A network server providing the prole data (see Section 5.1.2, “Distributing the

Prole and Determining the autoyast Parameter” (page 80) for details)

• A oppy containing the info le that tells the installation routines where to nd the prole

84 Deployment Guide

SUSE Linux Enterprise Desktop 10 SP2 GNOME User Guide

Specifications and Main Features

Frequently Asked Questions

User Manual

About This Guide

1 Feedback

2 Documentation Updates

3 Additional Documentation

4 Documentation Conventions

Part I. Deployment

1.1 Hardware Requirements

1.2 Reasons to Use SUSE Linux Enterprise Desktop

2.1 Deploying up to 10 Workstations

2.2 Deploying up to 100 Workstations

2.3 Deploying More than 100 Workstations

3.1 System Start-Up for Installation

3.1.1 Boot Options

3.3 The Boot Screen

3.3.1 Providing Data to Access a SMT Server

3.4 Language

3.5 Media Check

3.6 License Agreement

3.7 Installation Mode

3.8 Clock and Time Zone

3.9 Installation Settings

3.9.1 Overview

Partitioning

Resizing a Windows Partition

Software

Language

3.9.2 Expert

3.10 Performing the Installation

3.11.2 Hostname and Domain Name

Test Internet Connection

3.11.5 Online Update

3.11.6 Users

3.11.7 Release Notes

3.11.9 Completing the Installation

3.12 Graphical Login

4.2 Setting Up the Server Holding the Installation Sources

4.2.5 Managing an SMB Installation Source

4.3 Preparing the Boot of the Target System

4.3.1 Setting Up a DHCP Server

Setting Up a DHCP Server with YaST

Setting Up a DHCP Server Manually

4.3.2 Setting Up a TFTP Server

Setting Up a TFTP Server Using YaST

Setting Up a TFTP Server Manually

4.3.3 Using PXE Boot

4.3.7 Wake on LAN

4.3.8 Wake on LAN with YaST

4.3.9 Manual Wake on LAN

4.4 Booting the Target System for Installation

4.4.1 Using the Default Boot Options

4.4.2 Using the F Keys

4.4.3 Using Custom Boot Options

4.5 Monitoring the Installation Process

4.5.1 VNC Installation

Preparing for VNC Installation

Connecting to the Installation Program

4.5.2 SSH Installation

Preparing for SSH Installation

Connecting to the Installation Program

5.1 Simple Mass Installation

5.1.3 Providing the Installation Data

5.1.4 Setting Up the Boot Scenario

Preparing for Network Boot

Preparing to Boot from CD-ROM